Remove configure option to disable curve25519

By now, support in the network is widespread and it's time to require
more modern crypto on all Tor instances, whether they're clients or
servers. By doing this early in 0.2.6, we can be sure that at some point
all clients will have reasonable support.

changes/bug13286

@@ -0,0 +1,2 @@
+  o Removed features:
+    Remove the --disable-curve25519 configure option.

configure.ac

@@ -39,8 +39,6 @@ AC_ARG_ENABLE(static-zlib,
    AS_HELP_STRING(--enable-static-zlib, Link against a static zlib library. Requires --with-zlib-dir))
 AC_ARG_ENABLE(static-tor,
    AS_HELP_STRING(--enable-static-tor, Create an entirely static Tor binary. Requires --with-openssl-dir and --with-libevent-dir and --with-zlib-dir))
-AC_ARG_ENABLE(curve25519,
-   AS_HELP_STRING(--disable-curve25519, Build Tor with no curve25519 elliptic-curve crypto support))
 AC_ARG_ENABLE(unittests,
    AS_HELP_STRING(--disable-unittests, [Don't build unit tests for Tor. Risky!]))
 AC_ARG_ENABLE(coverage,
@@ -765,101 +763,92 @@ dnl ============================================================
 dnl We need an implementation of curve25519.
 
 dnl set these defaults.
-have_a_curve25519=no
 build_curve25519_donna=no
 build_curve25519_donna_c64=no
 use_curve25519_donna=no
 use_curve25519_nacl=no
 CURVE25519_LIBS=
 
-if test x$enable_curve25519 != xno; then
+dnl The best choice is using curve25519-donna-c64, but that requires
+dnl that we
+AC_CACHE_CHECK([whether we can use curve25519-donna-c64],
+  tor_cv_can_use_curve25519_donna_c64,
+  [AC_RUN_IFELSE(
+    [AC_LANG_PROGRAM([dnl
+      #include <stdint.h>
+      typedef unsigned uint128_t __attribute__((mode(TI)));
+  int func(uint64_t a, uint64_t b) {
+           uint128_t c = ((uint128_t)a) * b;
+           int ok = ((uint64_t)(c>>96)) == 522859 &&
+             (((uint64_t)(c>>64))&0xffffffffL) == 3604448702L &&
+                 (((uint64_t)(c>>32))&0xffffffffL) == 2351960064L &&
+                 (((uint64_t)(c))&0xffffffffL) == 0;
+           return ok;
+      }
+  ], [dnl
+    int ok = func( ((uint64_t)2000000000) * 1000000000,
+                   ((uint64_t)1234567890) << 24);
+        return !ok;
+      ])],
+  [tor_cv_can_use_curve25519_donna_c64=yes],
+      [tor_cv_can_use_curve25519_donna_c64=no],
+  [AC_LINK_IFELSE(
+        [AC_LANG_PROGRAM([dnl
+      #include <stdint.h>
+      typedef unsigned uint128_t __attribute__((mode(TI)));
+  int func(uint64_t a, uint64_t b) {
+           uint128_t c = ((uint128_t)a) * b;
+           int ok = ((uint64_t)(c>>96)) == 522859 &&
+             (((uint64_t)(c>>64))&0xffffffffL) == 3604448702L &&
+                 (((uint64_t)(c>>32))&0xffffffffL) == 2351960064L &&
+                 (((uint64_t)(c))&0xffffffffL) == 0;
+           return ok;
+      }
+  ], [dnl
+    int ok = func( ((uint64_t)2000000000) * 1000000000,
+    	         ((uint64_t)1234567890) << 24);
+        return !ok;
+      ])],
+          [tor_cv_can_use_curve25519_donna_c64=cross],
+      [tor_cv_can_use_curve25519_donna_c64=no])])])
 
-  dnl The best choice is using curve25519-donna-c64, but that requires
+AC_CHECK_HEADERS([crypto_scalarmult_curve25519.h \
-  dnl that we
+                  nacl/crypto_scalarmult_curve25519.h])
-  AC_CACHE_CHECK([whether we can use curve25519-donna-c64],
-    tor_cv_can_use_curve25519_donna_c64,
-    [AC_RUN_IFELSE(
-      [AC_LANG_PROGRAM([dnl
-        #include <stdint.h>
-        typedef unsigned uint128_t __attribute__((mode(TI)));
-	int func(uint64_t a, uint64_t b) {
-  	     uint128_t c = ((uint128_t)a) * b;
-             int ok = ((uint64_t)(c>>96)) == 522859 &&
-	           (((uint64_t)(c>>64))&0xffffffffL) == 3604448702L &&
-                   (((uint64_t)(c>>32))&0xffffffffL) == 2351960064L &&
-                   (((uint64_t)(c))&0xffffffffL) == 0;
-             return ok;
-        }
-	], [dnl
-	  int ok = func( ((uint64_t)2000000000) * 1000000000,
-	  	         ((uint64_t)1234567890) << 24);
-          return !ok;
-        ])],
-	[tor_cv_can_use_curve25519_donna_c64=yes],
-        [tor_cv_can_use_curve25519_donna_c64=no],
-	[AC_LINK_IFELSE(
-          [AC_LANG_PROGRAM([dnl
-        #include <stdint.h>
-        typedef unsigned uint128_t __attribute__((mode(TI)));
-	int func(uint64_t a, uint64_t b) {
-  	     uint128_t c = ((uint128_t)a) * b;
-             int ok = ((uint64_t)(c>>96)) == 522859 &&
-	           (((uint64_t)(c>>64))&0xffffffffL) == 3604448702L &&
-                   (((uint64_t)(c>>32))&0xffffffffL) == 2351960064L &&
-                   (((uint64_t)(c))&0xffffffffL) == 0;
-             return ok;
-        }
-	], [dnl
-	  int ok = func( ((uint64_t)2000000000) * 1000000000,
-	  	         ((uint64_t)1234567890) << 24);
-          return !ok;
-        ])],
-            [tor_cv_can_use_curve25519_donna_c64=cross],
-	    [tor_cv_can_use_curve25519_donna_c64=no])])])
 
-  AC_CHECK_HEADERS([crypto_scalarmult_curve25519.h \
+AC_CACHE_CHECK([for nacl compiled with a fast curve25519 implementation],
-                    nacl/crypto_scalarmult_curve25519.h])
+  tor_cv_can_use_curve25519_nacl,
+  [tor_saved_LIBS="$LIBS"
+   LIBS="$LIBS -lnacl"
+   AC_LINK_IFELSE(
+     [AC_LANG_PROGRAM([dnl
+       #ifdef HAVE_CRYPTO_SCALARMULT_CURVE25519_H
+       #include <crypto_scalarmult_curve25519.h>
+   #elif defined(HAVE_NACL_CRYPTO_SCALARMULT_CURVE25519_H)
+   #include <nacl/crypto_scalarmult_curve25519.h>
+   #endif
+       #ifdef crypto_scalarmult_curve25519_ref_BYTES
+   #error Hey, this is the reference implementation! That's not fast.
+   #endif
+     ], [
+   unsigned char *a, *b, *c; crypto_scalarmult_curve25519(a,b,c);
+     ])], [tor_cv_can_use_curve25519_nacl=yes],
+     [tor_cv_can_use_curve25519_nacl=no])
+   LIBS="$tor_saved_LIBS" ])
 
-  AC_CACHE_CHECK([for nacl compiled with a fast curve25519 implementation],
+ dnl Okay, now we need to figure out which one to actually use. Fall back
-    tor_cv_can_use_curve25519_nacl,
+ dnl to curve25519-donna.c
-    [tor_saved_LIBS="$LIBS"
-     LIBS="$LIBS -lnacl"
-     AC_LINK_IFELSE(
-       [AC_LANG_PROGRAM([dnl
-         #ifdef HAVE_CRYPTO_SCALARMULT_CURVE25519_H
-         #include <crypto_scalarmult_curve25519.h>
-	 #elif defined(HAVE_NACL_CRYPTO_SCALARMULT_CURVE25519_H)
-	 #include <nacl/crypto_scalarmult_curve25519.h>
-	 #endif
-         #ifdef crypto_scalarmult_curve25519_ref_BYTES
-	 #error Hey, this is the reference implementation! That's not fast.
-	 #endif
-       ], [
-	 unsigned char *a, *b, *c; crypto_scalarmult_curve25519(a,b,c);
-       ])], [tor_cv_can_use_curve25519_nacl=yes],
-       [tor_cv_can_use_curve25519_nacl=no])
-     LIBS="$tor_saved_LIBS" ])
 
-   dnl Okay, now we need to figure out which one to actually use. Fall back
+ if test x$tor_cv_can_use_curve25519_donna_c64 != xno; then
-   dnl to curve25519-donna.c
+   build_curve25519_donna_c64=yes
+   use_curve25519_donna=yes
+ elif test x$tor_cv_can_use_curve25519_nacl = xyes; then
+   use_curve25519_nacl=yes
+   CURVE25519_LIBS=-lnacl
+ else
+   build_curve25519_donna=yes
+   use_curve25519_donna=yes
+ fi
 
-   if test x$tor_cv_can_use_curve25519_donna_c64 != xno; then
-     build_curve25519_donna_c64=yes
-     use_curve25519_donna=yes
-   elif test x$tor_cv_can_use_curve25519_nacl = xyes; then
-     use_curve25519_nacl=yes
-     CURVE25519_LIBS=-lnacl
-   else
-     build_curve25519_donna=yes
-     use_curve25519_donna=yes
-   fi
-   have_a_curve25519=yes
-fi
-
-if test x$have_a_curve25519 = xyes; then
-  AC_DEFINE(CURVE25519_ENABLED, 1,
-            [Defined if we have a curve25519 implementation])
-fi
 if test x$use_curve25519_donna = xyes; then
   AC_DEFINE(USE_CURVE25519_DONNA, 1,
             [Defined if we should use an internal curve25519_donna{,_c64} implementation])
@@ -870,7 +859,6 @@ if test x$use_curve25519_nacl = xyes; then
 fi
 AM_CONDITIONAL(BUILD_CURVE25519_DONNA, test x$build_curve25519_donna = xyes)
 AM_CONDITIONAL(BUILD_CURVE25519_DONNA_C64, test x$build_curve25519_donna_c64 = xyes)
-AM_CONDITIONAL(CURVE25519_ENABLED, test x$have_a_curve25519 = xyes)
 AC_SUBST(CURVE25519_LIBS)
 
 dnl Make sure to enable support for large off_t if available.

src/common/crypto_curve25519.h

@@ -30,7 +30,6 @@ typedef struct curve25519_keypair_t {
   curve25519_secret_key_t seckey;
 } curve25519_keypair_t;
 
-#ifdef CURVE25519_ENABLED
 /* These functions require that we actually know how to use curve25519 keys.
  * The other data structures and functions in this header let us parse them,
  * store them, and move them around.
@@ -63,7 +62,6 @@ int curve25519_rand_seckey_bytes(uint8_t *out, int extra_strong);
 STATIC int curve25519_impl(uint8_t *output, const uint8_t *secret,
                            const uint8_t *basepoint);
 #endif
-#endif
 
 #define CURVE25519_BASE64_PADDED_LEN 44
 

src/common/crypto_ed25519.h

@@ -39,7 +39,6 @@ typedef struct {
   ed25519_secret_key_t seckey;
 } ed25519_keypair_t;
 
-#ifdef CURVE25519_ENABLED
 int ed25519_secret_key_generate(ed25519_secret_key_t *seckey_out,
                             int extra_strong);
 int ed25519_secret_key_from_seed(ed25519_secret_key_t *seckey_out,
@@ -88,8 +87,6 @@ int ed25519_public_blind(ed25519_public_key_t *out,
                          const ed25519_public_key_t *inp,
                          const uint8_t *param);
 
-#endif
-
 #define ED25519_BASE64_LEN 43
 
 int ed25519_public_from_base64(ed25519_public_key_t *pkey,

src/common/include.am

@@ -54,12 +54,6 @@ endif
 
 LIBDONNA += $(LIBED25519_REF10)
 
-if CURVE25519_ENABLED
-libcrypto_extra_source = \
-	src/common/crypto_curve25519.c \
-	src/common/crypto_ed25519.c
-endif
-
 LIBOR_A_SOURCES = \
   src/common/address.c					\
   src/common/backtrace.c				\
@@ -85,8 +79,9 @@ LIBOR_CRYPTO_A_SOURCES = \
   src/common/crypto_format.c	\
   src/common/torgzip.c		\
   src/common/tortls.c		\
-  src/trunnel/pwbox.c	 	\
+  src/trunnel/pwbox.c		\
-  $(libcrypto_extra_source)
+  src/common/crypto_curve25519.c \
+  src/common/crypto_ed25519.c
 
 LIBOR_EVENT_A_SOURCES = \
 	src/common/compat_libevent.c \

src/or/circuitbuild.c

@@ -59,9 +59,7 @@ static crypt_path_t *onion_next_hop_in_cpath(crypt_path_t *cpath);
 static int onion_extend_cpath(origin_circuit_t *circ);
 static int count_acceptable_nodes(smartlist_t *routers);
 static int onion_append_hop(crypt_path_t **head_ptr, extend_info_t *choice);
-#ifdef CURVE25519_ENABLED
 static int circuits_can_use_ntor(void);
-#endif
 
 /** This function tries to get a channel to the specified endpoint,
  * and then calls command_setup_channel() to give it the right
@@ -368,7 +366,6 @@ circuit_rep_hist_note_result(origin_circuit_t *circ)
   } while (hop!=circ->cpath);
 }
 
-#ifdef CURVE25519_ENABLED
 /** Return 1 iff at least one node in circ's cpath supports ntor. */
 static int
 circuit_cpath_supports_ntor(const origin_circuit_t *circ)
@@ -388,9 +385,6 @@ circuit_cpath_supports_ntor(const origin_circuit_t *circ)
 
   return 0;
 }
-#else
-#define circuit_cpath_supports_ntor(circ) 0
-#endif
 
 /** Pick all the entries in our cpath. Stop and return 0 when we're
  * happy, or return -1 if an error occurs. */
@@ -398,11 +392,7 @@ static int
 onion_populate_cpath(origin_circuit_t *circ)
 {
   int n_tries = 0;
-#ifdef CURVE25519_ENABLED
   const int using_ntor = circuits_can_use_ntor();
-#else
-  const int using_ntor = 0;
-#endif
 
 #define MAX_POPULATE_ATTEMPTS 32
 
@@ -772,7 +762,6 @@ circuit_timeout_want_to_count_circ(origin_circuit_t *circ)
           && circ->build_state->desired_path_len == DEFAULT_ROUTE_LEN;
 }
 
-#ifdef CURVE25519_ENABLED
 /** Return true if the ntor handshake is enabled in the configuration, or if
  * it's been set to "auto" in the configuration and it's enabled in the
  * consensus. */
@@ -784,7 +773,6 @@ circuits_can_use_ntor(void)
     return options->UseNTorHandshake;
   return networkstatus_get_param(NULL, "UseNTorHandshake", 0, 0, 1);
 }
-#endif
 
 /** Decide whether to use a TAP or ntor handshake for connecting to <b>ei</b>
  * directly, and set *<b>cell_type_out</b> and *<b>handshake_type_out</b>
@@ -794,7 +782,6 @@ circuit_pick_create_handshake(uint8_t *cell_type_out,
                               uint16_t *handshake_type_out,
                               const extend_info_t *ei)
 {
-#ifdef CURVE25519_ENABLED
   if (!tor_mem_is_zero((const char*)ei->curve25519_onion_key.public_key,
                        CURVE25519_PUBKEY_LEN) &&
       circuits_can_use_ntor()) {
@@ -802,9 +789,6 @@ circuit_pick_create_handshake(uint8_t *cell_type_out,
     *handshake_type_out = ONION_HANDSHAKE_TYPE_NTOR;
     return;
   }
-#else
-  (void) ei;
-#endif
 
   *cell_type_out = CELL_CREATE;
   *handshake_type_out = ONION_HANDSHAKE_TYPE_TAP;
@@ -2198,13 +2182,9 @@ extend_info_new(const char *nickname, const char *digest,
     strlcpy(info->nickname, nickname, sizeof(info->nickname));
   if (onion_key)
     info->onion_key = crypto_pk_dup_key(onion_key);
-#ifdef CURVE25519_ENABLED
   if (curve25519_key)
     memcpy(&info->curve25519_onion_key, curve25519_key,
            sizeof(curve25519_public_key_t));
-#else
-  (void)curve25519_key;
-#endif
   tor_addr_copy(&info->addr, addr);
   info->port = port;
   return info;

src/or/include.am

@@ -23,12 +23,6 @@ else
 evdns_source=src/ext/eventdns.c
 endif
 
-if CURVE25519_ENABLED
-onion_ntor_source=src/or/onion_ntor.c
-else
-onion_ntor_source=
-endif
-
 LIBTOR_A_SOURCES = \
 	src/or/addressmap.c				\
 	src/or/buffers.c				\
@@ -82,9 +76,9 @@ LIBTOR_A_SOURCES = \
 	src/or/routerset.c				\
 	src/or/statefile.c				\
 	src/or/status.c					\
+	src/or/onion_ntor.c				\
 	$(evdns_source)					\
 	$(tor_platform_source)				\
-	$(onion_ntor_source)				\
 	src/or/config_codedigest.c
 
 src_or_libtor_a_SOURCES = $(LIBTOR_A_SOURCES)

src/or/onion.c

@@ -111,15 +111,11 @@ have_room_for_onionskin(uint16_t type)
        (uint64_t)options->MaxOnionQueueDelay)
     return 0;
 
-#ifdef CURVE25519_ENABLED
   /* If we support the ntor handshake, then don't let TAP handshakes use
    * more than 2/3 of the space on the queue. */
   if (type == ONION_HANDSHAKE_TYPE_TAP &&
       tap_usec / 1000 > (uint64_t)options->MaxOnionQueueDelay * 2 / 3)
     return 0;
-#else
-  (void) type;
-#endif
 
   return 1;
 }
@@ -353,11 +349,9 @@ setup_server_onion_keys(server_onion_keys_t *keys)
   memset(keys, 0, sizeof(server_onion_keys_t));
   memcpy(keys->my_identity, router_get_my_id_digest(), DIGEST_LEN);
   dup_onion_keys(&keys->onion_key, &keys->last_onion_key);
-#ifdef CURVE25519_ENABLED
   keys->curve25519_key_map = construct_ntor_key_map();
   keys->junk_keypair = tor_malloc_zero(sizeof(curve25519_keypair_t));
   curve25519_keypair_generate(keys->junk_keypair, 0);
-#endif
 }
 
 /** Release all storage held in <b>keys</b>, but do not free <b>keys</b>
@@ -370,10 +364,8 @@ release_server_onion_keys(server_onion_keys_t *keys)
 
   crypto_pk_free(keys->onion_key);
   crypto_pk_free(keys->last_onion_key);
-#ifdef CURVE25519_ENABLED
   ntor_key_map_free(keys->curve25519_key_map);
   tor_free(keys->junk_keypair);
-#endif
   memset(keys, 0, sizeof(server_onion_keys_t));
 }
 
@@ -391,12 +383,10 @@ onion_handshake_state_release(onion_handshake_state_t *state)
     fast_handshake_state_free(state->u.fast);
     state->u.fast = NULL;
     break;
-#ifdef CURVE25519_ENABLED
   case ONION_HANDSHAKE_TYPE_NTOR:
     ntor_handshake_state_free(state->u.ntor);
     state->u.ntor = NULL;
     break;
-#endif
   default:
     log_warn(LD_BUG, "called with unknown handshake state type %d",
              (int)state->tag);
@@ -436,7 +426,6 @@ onion_skin_create(int type,
     r = CREATE_FAST_LEN;
     break;
   case ONION_HANDSHAKE_TYPE_NTOR:
-#ifdef CURVE25519_ENABLED
     if (tor_mem_is_zero((const char*)node->curve25519_onion_key.public_key,
                         CURVE25519_PUBKEY_LEN))
       return -1;
@@ -447,9 +436,6 @@ onion_skin_create(int type,
       return -1;
 
     r = NTOR_ONIONSKIN_LEN;
-#else
-    return -1;
-#endif
     break;
   default:
     log_warn(LD_BUG, "called with unknown handshake state type %d", type);
@@ -501,7 +487,6 @@ onion_skin_server_handshake(int type,
     memcpy(rend_nonce_out, reply_out+DIGEST_LEN, DIGEST_LEN);
     break;
   case ONION_HANDSHAKE_TYPE_NTOR:
-#ifdef CURVE25519_ENABLED
     if (onionskin_len < NTOR_ONIONSKIN_LEN)
       return -1;
     {
@@ -522,9 +507,6 @@ onion_skin_server_handshake(int type,
       tor_free(keys_tmp);
       r = NTOR_REPLY_LEN;
     }
-#else
-    return -1;
-#endif
     break;
   default:
     log_warn(LD_BUG, "called with unknown handshake state type %d", type);
@@ -577,7 +559,6 @@ onion_skin_client_handshake(int type,
 
     memcpy(rend_authenticator_out, reply+DIGEST_LEN, DIGEST_LEN);
     return 0;
-#ifdef CURVE25519_ENABLED
   case ONION_HANDSHAKE_TYPE_NTOR:
     if (reply_len < NTOR_REPLY_LEN) {
       log_warn(LD_CIRC, "ntor reply was not of the correct length.");
@@ -598,7 +579,6 @@ onion_skin_client_handshake(int type,
       tor_free(keys_tmp);
     }
     return 0;
-#endif
   default:
     log_warn(LD_BUG, "called with unknown handshake state type %d", type);
     tor_fragile_assert();
@@ -637,12 +617,10 @@ check_create_cell(const create_cell_t *cell, int unknown_ok)
     if (cell->handshake_len != CREATE_FAST_LEN)
       return -1;
     break;
-#ifdef CURVE25519_ENABLED
   case ONION_HANDSHAKE_TYPE_NTOR:
     if (cell->handshake_len != NTOR_ONIONSKIN_LEN)
       return -1;
     break;
-#endif
   default:
     if (! unknown_ok)
       return -1;

src/or/onion.h

@@ -23,10 +23,8 @@ typedef struct server_onion_keys_t {
   uint8_t my_identity[DIGEST_LEN];
   crypto_pk_t *onion_key;
   crypto_pk_t *last_onion_key;
-#ifdef CURVE25519_ENABLED
   di_digest256_map_t *curve25519_key_map;
   curve25519_keypair_t *junk_keypair;
-#endif
 } server_onion_keys_t;
 
 #define MAX_ONIONSKIN_CHALLENGE_LEN 255

src/or/onion_ntor.h

@@ -17,7 +17,6 @@ typedef struct ntor_handshake_state_t ntor_handshake_state_t;
 /** Length of an ntor reply, as sent from server to client. */
 #define NTOR_REPLY_LEN 64
 
-#ifdef CURVE25519_ENABLED
 void ntor_handshake_state_free(ntor_handshake_state_t *state);
 
 int onion_skin_ntor_create(const uint8_t *router_id,
@@ -59,5 +58,3 @@ struct ntor_handshake_state_t {
 
 #endif
 
-#endif
-

src/or/or.h

@@ -2554,9 +2554,7 @@ typedef struct extend_info_t {
   uint16_t port; /**< OR port. */
   tor_addr_t addr; /**< IP address. */
   crypto_pk_t *onion_key; /**< Current onionskin key. */
-#ifdef CURVE25519_ENABLED
   curve25519_public_key_t curve25519_onion_key;
-#endif
 } extend_info_t;
 
 /** Certificate for v3 directory protocol: binds long-term authority identity

src/or/router.c

@@ -55,13 +55,11 @@ static crypto_pk_t *onionkey=NULL;
 /** Previous private onionskin decryption key: used to decode CREATE cells
  * generated by clients that have an older version of our descriptor. */
 static crypto_pk_t *lastonionkey=NULL;
-#ifdef CURVE25519_ENABLED
 /** Current private ntor secret key: used to perform the ntor handshake. */
 static curve25519_keypair_t curve25519_onion_key;
 /** Previous private ntor secret key: used to perform the ntor handshake
  * with clients that have an older version of our descriptor. */
 static curve25519_keypair_t last_curve25519_onion_key;
-#endif
 /** Private server "identity key": used to sign directory info and TLS
  * certificates. Never changes. */
 static crypto_pk_t *server_identitykey=NULL;
@@ -134,7 +132,6 @@ dup_onion_keys(crypto_pk_t **key, crypto_pk_t **last)
   tor_mutex_release(key_lock);
 }
 
-#ifdef CURVE25519_ENABLED
 /** Return the current secret onion key for the ntor handshake. Must only
  * be called from the main thread. */
 static const curve25519_keypair_t *
@@ -181,7 +178,6 @@ ntor_key_map_free(di_digest256_map_t *map)
     return;
   dimap_free(map, ntor_key_map_free_helper);
 }
-#endif
 
 /** Return the time when the onion key was last set.  This is either the time
  * when the process launched, or the time of the most recent key rotation since
@@ -313,9 +309,7 @@ rotate_onion_key(void)
   char *fname, *fname_prev;
   crypto_pk_t *prkey = NULL;
   or_state_t *state = get_or_state();
-#ifdef CURVE25519_ENABLED
   curve25519_keypair_t new_curve25519_keypair;
-#endif
   time_t now;
   fname = get_datadir_fname2("keys", "secret_onion_key");
   fname_prev = get_datadir_fname2("keys", "secret_onion_key.old");
@@ -335,7 +329,6 @@ rotate_onion_key(void)
     log_err(LD_FS,"Couldn't write generated onion key to \"%s\".", fname);
     goto error;
   }
-#ifdef CURVE25519_ENABLED
   tor_free(fname);
   tor_free(fname_prev);
   fname = get_datadir_fname2("keys", "secret_onion_key_ntor");
@@ -351,18 +344,15 @@ rotate_onion_key(void)
     log_err(LD_FS,"Couldn't write curve25519 onion key to \"%s\".",fname);
     goto error;
   }
-#endif
   log_info(LD_GENERAL, "Rotating onion key");
   tor_mutex_acquire(key_lock);
   crypto_pk_free(lastonionkey);
   lastonionkey = onionkey;
   onionkey = prkey;
-#ifdef CURVE25519_ENABLED
   memcpy(&last_curve25519_onion_key, &curve25519_onion_key,
          sizeof(curve25519_keypair_t));
   memcpy(&curve25519_onion_key, &new_curve25519_keypair,
          sizeof(curve25519_keypair_t));
-#endif
   now = time(NULL);
   state->LastRotatedOnionKey = onionkey_set_at = now;
   tor_mutex_release(key_lock);
@@ -374,9 +364,7 @@ rotate_onion_key(void)
   if (prkey)
     crypto_pk_free(prkey);
  done:
-#ifdef CURVE25519_ENABLED
   memwipe(&new_curve25519_keypair, 0, sizeof(new_curve25519_keypair));
-#endif
   tor_free(fname);
   tor_free(fname_prev);
 }
@@ -450,7 +438,6 @@ init_key_from_file(const char *fname, int generate, int severity)
   return NULL;
 }
 
-#ifdef CURVE25519_ENABLED
 /** Load a curve25519 keypair from the file <b>fname</b>, writing it into
  * <b>keys_out</b>.  If the file isn't found and <b>generate</b> is true,
  * create a new keypair and write it into the file.  If there are errors, log
@@ -519,7 +506,6 @@ init_curve25519_keypair_from_file(curve25519_keypair_t *keys_out,
  error:
   return -1;
 }
-#endif
 
 /** Try to load the vote-signing private key and certificate for being a v3
  * directory authority, and make sure they match.  If <b>legacy</b>, load a
@@ -875,7 +861,6 @@ init_keys(void)
   }
   tor_free(keydir);
 
-#ifdef CURVE25519_ENABLED
   {
     /* 2b. Load curve25519 onion keys. */
     int r;
@@ -896,7 +881,6 @@ init_keys(void)
     }
     tor_free(keydir);
   }
-#endif
 
   /* 3. Initialize link key and TLS context. */
   if (router_initialize_tls_context() < 0) {
@@ -1806,11 +1790,9 @@ router_rebuild_descriptor(int force)
   ri->cache_info.published_on = time(NULL);
   ri->onion_pkey = crypto_pk_dup_key(get_onion_key()); /* must invoke from
                                                         * main thread */
-#ifdef CURVE25519_ENABLED
   ri->onion_curve25519_pkey =
     tor_memdup(&get_current_curve25519_keypair()->pubkey,
                sizeof(curve25519_public_key_t));
-#endif
 
   /* For now, at most one IPv6 or-address is being advertised. */
   {
@@ -2389,7 +2371,6 @@ router_dump_router_to_string(routerinfo_t *router,
     smartlist_add_asprintf(chunks, "contact %s\n", ci);
   }
 
-#ifdef CURVE25519_ENABLED
   if (router->onion_curve25519_pkey) {
     char kbuf[128];
     base64_encode(kbuf, sizeof(kbuf),
@@ -2397,7 +2378,6 @@ router_dump_router_to_string(routerinfo_t *router,
                   CURVE25519_PUBKEY_LEN);
     smartlist_add_asprintf(chunks, "ntor-onion-key %s", kbuf);
   }
-#endif
 
   /* Write the exit policy to the end of 's'. */
   if (!router->exit_policy || !smartlist_len(router->exit_policy)) {
@@ -3073,10 +3053,8 @@ router_free_all(void)
   crypto_pk_free(legacy_signing_key);
   authority_cert_free(legacy_key_certificate);
 
-#ifdef CURVE25519_ENABLED
   memwipe(&curve25519_onion_key, 0, sizeof(curve25519_onion_key));
   memwipe(&last_curve25519_onion_key, 0, sizeof(last_curve25519_onion_key));
-#endif
 
   if (warned_nonexistent_family) {
     SMARTLIST_FOREACH(warned_nonexistent_family, char *, cp, tor_free(cp));

src/or/router.h

@@ -32,10 +32,8 @@ crypto_pk_t *init_key_from_file(const char *fname, int generate,
                                     int severity);
 void v3_authority_check_key_expiry(void);
 
-#ifdef CURVE25519_ENABLED
 di_digest256_map_t *construct_ntor_key_map(void);
 void ntor_key_map_free(di_digest256_map_t *map);
-#endif
 
 int router_initialize_tls_context(void);
 int init_keys(void);

src/test/bench.c

@@ -26,10 +26,8 @@ const char tor_git_revision[] = "";
 #endif
 
 #include "config.h"
-#ifdef CURVE25519_ENABLED
 #include "crypto_curve25519.h"
 #include "onion_ntor.h"
-#endif
 #include "crypto_ed25519.h"
 
 #if defined(HAVE_CLOCK_GETTIME) && defined(CLOCK_PROCESS_CPUTIME_ID)
@@ -179,7 +177,6 @@ bench_onion_TAP(void)
   crypto_pk_free(key2);
 }
 
-#ifdef CURVE25519_ENABLED
 static void
 bench_onion_ntor(void)
 {
@@ -293,7 +290,6 @@ bench_ed25519(void)
   printf("Blind a public key: %.2f usec\n",
          MICROCOUNT(start, end, iters));
 }
-#endif
 
 static void
 bench_cell_aes(void)
@@ -573,10 +569,9 @@ static struct benchmark_t benchmarks[] = {
   ENT(siphash),
   ENT(aes),
   ENT(onion_TAP),
-#ifdef CURVE25519_ENABLED
   ENT(onion_ntor),
   ENT(ed25519),
-#endif
+
   ENT(cell_aes),
   ENT(cell_ops),
   ENT(dh),

src/test/include.am

@@ -80,7 +80,6 @@ noinst_HEADERS+= \
 	src/test/failing_routerdescs.inc \
 	src/test/ed25519_vectors.inc
 
-if CURVE25519_ENABLED
 noinst_PROGRAMS+= src/test/test-ntor-cl
 src_test_test_ntor_cl_SOURCES  = src/test/test_ntor_cl.c
 src_test_test_ntor_cl_LDFLAGS = @TOR_LDFLAGS_zlib@ @TOR_LDFLAGS_openssl@
@@ -91,9 +90,6 @@ src_test_test_ntor_cl_LDADD = src/or/libtor.a src/common/libor.a \
 src_test_test_ntor_cl_AM_CPPFLAGS =	       \
 	-I"$(top_srcdir)/src/or"
 NTOR_TEST_DEPS=src/test/test-ntor-cl
-else
-NTOR_TEST_DEPS=
-endif
 
 if COVERAGE_ENABLED
 CMDLINE_TEST_TOR = ./src/or/tor-cov
@@ -113,10 +109,8 @@ src_test_test_bt_cl_CPPFLAGS= $(src_test_AM_CPPFLAGS)
 check-local: $(NTOR_TEST_DEPS) $(CMDLINE_TEST_TOR)
 if USEPYTHON
 	$(PYTHON) $(top_srcdir)/src/test/test_cmdline_args.py $(CMDLINE_TEST_TOR) "${top_srcdir}"
-if CURVE25519_ENABLED
 	$(PYTHON) $(top_srcdir)/src/test/ntor_ref.py test-tor
 	$(PYTHON) $(top_srcdir)/src/test/ntor_ref.py self-test
-endif
 	./src/test/test-bt-cl assert | $(PYTHON) $(top_srcdir)/src/test/bt_test.py
 	./src/test/test-bt-cl crash | $(PYTHON) $(top_srcdir)/src/test/bt_test.py
 endif

src/test/test.c

@@ -64,10 +64,8 @@ double fabs(double x);
 #include "rephist.h"
 #include "routerparse.h"
 #include "statefile.h"
-#ifdef CURVE25519_ENABLED
 #include "crypto_curve25519.h"
 #include "onion_ntor.h"
-#endif
 
 #ifdef USE_DMALLOC
 #include <dmalloc.h>
@@ -365,7 +363,6 @@ test_bad_onion_handshake(void *arg)
   crypto_pk_free(pk2);
 }
 
-#ifdef CURVE25519_ENABLED
 static void
 test_ntor_handshake(void *arg)
 {
@@ -417,7 +414,6 @@ test_ntor_handshake(void *arg)
   ntor_handshake_state_free(c_state);
   dimap_free(s_keymap, NULL);
 }
-#endif
 
 /** Run unit tests for the onion queues. */
 static void
@@ -1267,9 +1263,7 @@ static struct testcase_t test_array[] = {
   ENT(onion_handshake),
   { "bad_onion_handshake", test_bad_onion_handshake, 0, NULL, NULL },
   ENT(onion_queues),
-#ifdef CURVE25519_ENABLED
   { "ntor_handshake", test_ntor_handshake, 0, NULL, NULL },
-#endif
   ENT(circuit_timeout),
   ENT(rend_fns),
   ENT(geoip),

src/test/test_cell_formats.c

@@ -445,7 +445,6 @@ test_cfmt_create_cells(void *arg)
   cell.command = CELL_CREATE2;
   memcpy(cell.payload, "\x00\x02\x00\x54", 4); /* ntor, 84 bytes long */
   memcpy(cell.payload+4, b, NTOR_ONIONSKIN_LEN);
-#ifdef CURVE25519_ENABLED
   tt_int_op(0, ==, create_cell_parse(&cc, &cell));
   tt_int_op(CELL_CREATE2, ==, cc.cell_type);
   tt_int_op(ONION_HANDSHAKE_TYPE_NTOR, ==, cc.handshake_type);
@@ -454,9 +453,6 @@ test_cfmt_create_cells(void *arg)
   tt_int_op(0, ==, create_cell_format(&cell2, &cc));
   tt_int_op(cell.command, ==, cell2.command);
   tt_mem_op(cell.payload,==, cell2.payload, CELL_PAYLOAD_SIZE);
-#else
-  tt_int_op(-1, ==, create_cell_parse(&cc, &cell));
-#endif
 
   /* A valid create cell with an ntor payload, in legacy format. */
   memset(&cell, 0, sizeof(cell));
@@ -465,7 +461,6 @@ test_cfmt_create_cells(void *arg)
   cell.command = CELL_CREATE;
   memcpy(cell.payload, "ntorNTORntorNTOR", 16);
   memcpy(cell.payload+16, b, NTOR_ONIONSKIN_LEN);
-#ifdef CURVE25519_ENABLED
   tt_int_op(0, ==, create_cell_parse(&cc, &cell));
   tt_int_op(CELL_CREATE, ==, cc.cell_type);
   tt_int_op(ONION_HANDSHAKE_TYPE_NTOR, ==, cc.handshake_type);
@@ -474,9 +469,6 @@ test_cfmt_create_cells(void *arg)
   tt_int_op(0, ==, create_cell_format(&cell2, &cc));
   tt_int_op(cell.command, ==, cell2.command);
   tt_mem_op(cell.payload,==, cell2.payload, CELL_PAYLOAD_SIZE);
-#else
-  tt_int_op(-1, ==, create_cell_parse(&cc, &cell));
-#endif
 
   /* == Okay, now let's try to parse some impossible stuff. */
 

src/test/test_crypto.c

@@ -11,9 +11,7 @@
 #include "aes.h"
 #include "util.h"
 #include "siphash.h"
-#ifdef CURVE25519_ENABLED
 #include "crypto_curve25519.h"
-#endif
 #include "crypto_ed25519.h"
 #include "ed25519_vectors.inc"
 #include "crypto_s2k.h"
@@ -1332,7 +1330,6 @@ test_crypto_hkdf_sha256(void *arg)
 #undef EXPAND
 }
 
-#ifdef CURVE25519_ENABLED
 static void
 test_crypto_curve25519_impl(void *arg)
 {
@@ -1876,7 +1873,6 @@ test_crypto_ed25519_testvectors(void *arg)
  done:
   tor_free(mem_op_hex_tmp);
 }
-#endif /* CURVE25519_ENABLED */
 
 static void
 test_crypto_siphash(void *arg)
@@ -2025,7 +2021,6 @@ struct testcase_t crypto_tests[] = {
   CRYPTO_LEGACY(base32_decode),
   { "kdf_TAP", test_crypto_kdf_TAP, 0, NULL, NULL },
   { "hkdf_sha256", test_crypto_hkdf_sha256, 0, NULL, NULL },
-#ifdef CURVE25519_ENABLED
   { "curve25519_impl", test_crypto_curve25519_impl, 0, NULL, NULL },
   { "curve25519_impl_hibit", test_crypto_curve25519_impl, 0, NULL, (void*)"y"},
   { "curve25519_wrappers", test_crypto_curve25519_wrappers, 0, NULL, NULL },
@@ -2037,7 +2032,6 @@ struct testcase_t crypto_tests[] = {
   { "ed25519_convert", test_crypto_ed25519_convert, 0, NULL, NULL },
   { "ed25519_blinding", test_crypto_ed25519_blinding, 0, NULL, NULL },
   { "ed25519_testvectors", test_crypto_ed25519_testvectors, 0, NULL, NULL },
-#endif
   { "siphash", test_crypto_siphash, 0, NULL, NULL },
   END_OF_TESTCASES
 };

src/test/test_dir.c

@@ -216,10 +216,8 @@ test_dir_formats(void *arg)
   strlcat(buf2, "signing-key\n", sizeof(buf2));
   strlcat(buf2, pk1_str, sizeof(buf2));
   strlcat(buf2, "hidden-service-dir\n", sizeof(buf2));
-#ifdef CURVE25519_ENABLED
   strlcat(buf2, "ntor-onion-key "
           "skyinAnvardNostarsNomoonNowindormistsorsnow=\n", sizeof(buf2));
-#endif
   strlcat(buf2, "accept *:80\nreject 18.0.0.0/8:24\n", sizeof(buf2));
   strlcat(buf2, "router-signature\n", sizeof(buf2));
 
@@ -239,11 +237,9 @@ test_dir_formats(void *arg)
   tt_int_op(rp2->bandwidthrate,==, r2->bandwidthrate);
   tt_int_op(rp2->bandwidthburst,==, r2->bandwidthburst);
   tt_int_op(rp2->bandwidthcapacity,==, r2->bandwidthcapacity);
-#ifdef CURVE25519_ENABLED
   tt_mem_op(rp2->onion_curve25519_pkey->public_key,==,
              r2->onion_curve25519_pkey->public_key,
              CURVE25519_PUBKEY_LEN);
-#endif
   tt_assert(crypto_pk_cmp_keys(rp2->onion_pkey, pk2) == 0);
   tt_assert(crypto_pk_cmp_keys(rp2->identity_pkey, pk1) == 0);
 

src/test/test_ntor_cl.c

@@ -13,10 +13,6 @@
 #include "crypto_curve25519.h"
 #include "onion_ntor.h"
 
-#ifndef CURVE25519_ENABLED
-#error "This isn't going to work without curve25519."
-#endif
-
 #define N_ARGS(n) STMT_BEGIN {                                  \
     if (argc < (n)) {                                           \
       fprintf(stderr, "%s needs %d arguments.\n",argv[1],n);    \

src/win32/orconfig.h

@@ -244,7 +244,6 @@
 #define SHARE_DATADIR ""
 #define HAVE_EVENT2_DNS_H
 #define HAVE_EVENT_BASE_LOOPEXIT
-#define CURVE25519_ENABLED
 #define USE_CURVE25519_DONNA
 
 #define ENUM_VALS_ARE_SIGNED 1