Remove configure option to disable curve25519

By now, support in the network is widespread and it's time to require
more modern crypto on all Tor instances, whether they're clients or
servers. By doing this early in 0.2.6, we can be sure that at some point
all clients will have reasonable support.
This commit is contained in:
Sebastian Hahn 2014-10-27 14:37:50 +01:00
parent ac4dd248e1
commit 909aa51b3f
21 changed files with 82 additions and 221 deletions

2
changes/bug13286 Normal file
View File

@ -0,0 +1,2 @@
o Removed features:
Remove the --disable-curve25519 configure option.

View File

@ -39,8 +39,6 @@ AC_ARG_ENABLE(static-zlib,
AS_HELP_STRING(--enable-static-zlib, Link against a static zlib library. Requires --with-zlib-dir))
AC_ARG_ENABLE(static-tor,
AS_HELP_STRING(--enable-static-tor, Create an entirely static Tor binary. Requires --with-openssl-dir and --with-libevent-dir and --with-zlib-dir))
AC_ARG_ENABLE(curve25519,
AS_HELP_STRING(--disable-curve25519, Build Tor with no curve25519 elliptic-curve crypto support))
AC_ARG_ENABLE(unittests,
AS_HELP_STRING(--disable-unittests, [Don't build unit tests for Tor. Risky!]))
AC_ARG_ENABLE(coverage,
@ -765,15 +763,12 @@ dnl ============================================================
dnl We need an implementation of curve25519.
dnl set these defaults.
have_a_curve25519=no
build_curve25519_donna=no
build_curve25519_donna_c64=no
use_curve25519_donna=no
use_curve25519_nacl=no
CURVE25519_LIBS=
if test x$enable_curve25519 != xno; then
dnl The best choice is using curve25519-donna-c64, but that requires
dnl that we
AC_CACHE_CHECK([whether we can use curve25519-donna-c64],
@ -853,13 +848,7 @@ if test x$enable_curve25519 != xno; then
build_curve25519_donna=yes
use_curve25519_donna=yes
fi
have_a_curve25519=yes
fi
if test x$have_a_curve25519 = xyes; then
AC_DEFINE(CURVE25519_ENABLED, 1,
[Defined if we have a curve25519 implementation])
fi
if test x$use_curve25519_donna = xyes; then
AC_DEFINE(USE_CURVE25519_DONNA, 1,
[Defined if we should use an internal curve25519_donna{,_c64} implementation])
@ -870,7 +859,6 @@ if test x$use_curve25519_nacl = xyes; then
fi
AM_CONDITIONAL(BUILD_CURVE25519_DONNA, test x$build_curve25519_donna = xyes)
AM_CONDITIONAL(BUILD_CURVE25519_DONNA_C64, test x$build_curve25519_donna_c64 = xyes)
AM_CONDITIONAL(CURVE25519_ENABLED, test x$have_a_curve25519 = xyes)
AC_SUBST(CURVE25519_LIBS)
dnl Make sure to enable support for large off_t if available.

View File

@ -30,7 +30,6 @@ typedef struct curve25519_keypair_t {
curve25519_secret_key_t seckey;
} curve25519_keypair_t;
#ifdef CURVE25519_ENABLED
/* These functions require that we actually know how to use curve25519 keys.
* The other data structures and functions in this header let us parse them,
* store them, and move them around.
@ -63,7 +62,6 @@ int curve25519_rand_seckey_bytes(uint8_t *out, int extra_strong);
STATIC int curve25519_impl(uint8_t *output, const uint8_t *secret,
const uint8_t *basepoint);
#endif
#endif
#define CURVE25519_BASE64_PADDED_LEN 44

View File

@ -39,7 +39,6 @@ typedef struct {
ed25519_secret_key_t seckey;
} ed25519_keypair_t;
#ifdef CURVE25519_ENABLED
int ed25519_secret_key_generate(ed25519_secret_key_t *seckey_out,
int extra_strong);
int ed25519_secret_key_from_seed(ed25519_secret_key_t *seckey_out,
@ -88,8 +87,6 @@ int ed25519_public_blind(ed25519_public_key_t *out,
const ed25519_public_key_t *inp,
const uint8_t *param);
#endif
#define ED25519_BASE64_LEN 43
int ed25519_public_from_base64(ed25519_public_key_t *pkey,

View File

@ -54,12 +54,6 @@ endif
LIBDONNA += $(LIBED25519_REF10)
if CURVE25519_ENABLED
libcrypto_extra_source = \
src/common/crypto_curve25519.c \
src/common/crypto_ed25519.c
endif
LIBOR_A_SOURCES = \
src/common/address.c \
src/common/backtrace.c \
@ -86,7 +80,8 @@ LIBOR_CRYPTO_A_SOURCES = \
src/common/torgzip.c \
src/common/tortls.c \
src/trunnel/pwbox.c \
$(libcrypto_extra_source)
src/common/crypto_curve25519.c \
src/common/crypto_ed25519.c
LIBOR_EVENT_A_SOURCES = \
src/common/compat_libevent.c \

View File

@ -59,9 +59,7 @@ static crypt_path_t *onion_next_hop_in_cpath(crypt_path_t *cpath);
static int onion_extend_cpath(origin_circuit_t *circ);
static int count_acceptable_nodes(smartlist_t *routers);
static int onion_append_hop(crypt_path_t **head_ptr, extend_info_t *choice);
#ifdef CURVE25519_ENABLED
static int circuits_can_use_ntor(void);
#endif
/** This function tries to get a channel to the specified endpoint,
* and then calls command_setup_channel() to give it the right
@ -368,7 +366,6 @@ circuit_rep_hist_note_result(origin_circuit_t *circ)
} while (hop!=circ->cpath);
}
#ifdef CURVE25519_ENABLED
/** Return 1 iff at least one node in circ's cpath supports ntor. */
static int
circuit_cpath_supports_ntor(const origin_circuit_t *circ)
@ -388,9 +385,6 @@ circuit_cpath_supports_ntor(const origin_circuit_t *circ)
return 0;
}
#else
#define circuit_cpath_supports_ntor(circ) 0
#endif
/** Pick all the entries in our cpath. Stop and return 0 when we're
* happy, or return -1 if an error occurs. */
@ -398,11 +392,7 @@ static int
onion_populate_cpath(origin_circuit_t *circ)
{
int n_tries = 0;
#ifdef CURVE25519_ENABLED
const int using_ntor = circuits_can_use_ntor();
#else
const int using_ntor = 0;
#endif
#define MAX_POPULATE_ATTEMPTS 32
@ -772,7 +762,6 @@ circuit_timeout_want_to_count_circ(origin_circuit_t *circ)
&& circ->build_state->desired_path_len == DEFAULT_ROUTE_LEN;
}
#ifdef CURVE25519_ENABLED
/** Return true if the ntor handshake is enabled in the configuration, or if
* it's been set to "auto" in the configuration and it's enabled in the
* consensus. */
@ -784,7 +773,6 @@ circuits_can_use_ntor(void)
return options->UseNTorHandshake;
return networkstatus_get_param(NULL, "UseNTorHandshake", 0, 0, 1);
}
#endif
/** Decide whether to use a TAP or ntor handshake for connecting to <b>ei</b>
* directly, and set *<b>cell_type_out</b> and *<b>handshake_type_out</b>
@ -794,7 +782,6 @@ circuit_pick_create_handshake(uint8_t *cell_type_out,
uint16_t *handshake_type_out,
const extend_info_t *ei)
{
#ifdef CURVE25519_ENABLED
if (!tor_mem_is_zero((const char*)ei->curve25519_onion_key.public_key,
CURVE25519_PUBKEY_LEN) &&
circuits_can_use_ntor()) {
@ -802,9 +789,6 @@ circuit_pick_create_handshake(uint8_t *cell_type_out,
*handshake_type_out = ONION_HANDSHAKE_TYPE_NTOR;
return;
}
#else
(void) ei;
#endif
*cell_type_out = CELL_CREATE;
*handshake_type_out = ONION_HANDSHAKE_TYPE_TAP;
@ -2198,13 +2182,9 @@ extend_info_new(const char *nickname, const char *digest,
strlcpy(info->nickname, nickname, sizeof(info->nickname));
if (onion_key)
info->onion_key = crypto_pk_dup_key(onion_key);
#ifdef CURVE25519_ENABLED
if (curve25519_key)
memcpy(&info->curve25519_onion_key, curve25519_key,
sizeof(curve25519_public_key_t));
#else
(void)curve25519_key;
#endif
tor_addr_copy(&info->addr, addr);
info->port = port;
return info;

View File

@ -23,12 +23,6 @@ else
evdns_source=src/ext/eventdns.c
endif
if CURVE25519_ENABLED
onion_ntor_source=src/or/onion_ntor.c
else
onion_ntor_source=
endif
LIBTOR_A_SOURCES = \
src/or/addressmap.c \
src/or/buffers.c \
@ -82,9 +76,9 @@ LIBTOR_A_SOURCES = \
src/or/routerset.c \
src/or/statefile.c \
src/or/status.c \
src/or/onion_ntor.c \
$(evdns_source) \
$(tor_platform_source) \
$(onion_ntor_source) \
src/or/config_codedigest.c
src_or_libtor_a_SOURCES = $(LIBTOR_A_SOURCES)

View File

@ -111,15 +111,11 @@ have_room_for_onionskin(uint16_t type)
(uint64_t)options->MaxOnionQueueDelay)
return 0;
#ifdef CURVE25519_ENABLED
/* If we support the ntor handshake, then don't let TAP handshakes use
* more than 2/3 of the space on the queue. */
if (type == ONION_HANDSHAKE_TYPE_TAP &&
tap_usec / 1000 > (uint64_t)options->MaxOnionQueueDelay * 2 / 3)
return 0;
#else
(void) type;
#endif
return 1;
}
@ -353,11 +349,9 @@ setup_server_onion_keys(server_onion_keys_t *keys)
memset(keys, 0, sizeof(server_onion_keys_t));
memcpy(keys->my_identity, router_get_my_id_digest(), DIGEST_LEN);
dup_onion_keys(&keys->onion_key, &keys->last_onion_key);
#ifdef CURVE25519_ENABLED
keys->curve25519_key_map = construct_ntor_key_map();
keys->junk_keypair = tor_malloc_zero(sizeof(curve25519_keypair_t));
curve25519_keypair_generate(keys->junk_keypair, 0);
#endif
}
/** Release all storage held in <b>keys</b>, but do not free <b>keys</b>
@ -370,10 +364,8 @@ release_server_onion_keys(server_onion_keys_t *keys)
crypto_pk_free(keys->onion_key);
crypto_pk_free(keys->last_onion_key);
#ifdef CURVE25519_ENABLED
ntor_key_map_free(keys->curve25519_key_map);
tor_free(keys->junk_keypair);
#endif
memset(keys, 0, sizeof(server_onion_keys_t));
}
@ -391,12 +383,10 @@ onion_handshake_state_release(onion_handshake_state_t *state)
fast_handshake_state_free(state->u.fast);
state->u.fast = NULL;
break;
#ifdef CURVE25519_ENABLED
case ONION_HANDSHAKE_TYPE_NTOR:
ntor_handshake_state_free(state->u.ntor);
state->u.ntor = NULL;
break;
#endif
default:
log_warn(LD_BUG, "called with unknown handshake state type %d",
(int)state->tag);
@ -436,7 +426,6 @@ onion_skin_create(int type,
r = CREATE_FAST_LEN;
break;
case ONION_HANDSHAKE_TYPE_NTOR:
#ifdef CURVE25519_ENABLED
if (tor_mem_is_zero((const char*)node->curve25519_onion_key.public_key,
CURVE25519_PUBKEY_LEN))
return -1;
@ -447,9 +436,6 @@ onion_skin_create(int type,
return -1;
r = NTOR_ONIONSKIN_LEN;
#else
return -1;
#endif
break;
default:
log_warn(LD_BUG, "called with unknown handshake state type %d", type);
@ -501,7 +487,6 @@ onion_skin_server_handshake(int type,
memcpy(rend_nonce_out, reply_out+DIGEST_LEN, DIGEST_LEN);
break;
case ONION_HANDSHAKE_TYPE_NTOR:
#ifdef CURVE25519_ENABLED
if (onionskin_len < NTOR_ONIONSKIN_LEN)
return -1;
{
@ -522,9 +507,6 @@ onion_skin_server_handshake(int type,
tor_free(keys_tmp);
r = NTOR_REPLY_LEN;
}
#else
return -1;
#endif
break;
default:
log_warn(LD_BUG, "called with unknown handshake state type %d", type);
@ -577,7 +559,6 @@ onion_skin_client_handshake(int type,
memcpy(rend_authenticator_out, reply+DIGEST_LEN, DIGEST_LEN);
return 0;
#ifdef CURVE25519_ENABLED
case ONION_HANDSHAKE_TYPE_NTOR:
if (reply_len < NTOR_REPLY_LEN) {
log_warn(LD_CIRC, "ntor reply was not of the correct length.");
@ -598,7 +579,6 @@ onion_skin_client_handshake(int type,
tor_free(keys_tmp);
}
return 0;
#endif
default:
log_warn(LD_BUG, "called with unknown handshake state type %d", type);
tor_fragile_assert();
@ -637,12 +617,10 @@ check_create_cell(const create_cell_t *cell, int unknown_ok)
if (cell->handshake_len != CREATE_FAST_LEN)
return -1;
break;
#ifdef CURVE25519_ENABLED
case ONION_HANDSHAKE_TYPE_NTOR:
if (cell->handshake_len != NTOR_ONIONSKIN_LEN)
return -1;
break;
#endif
default:
if (! unknown_ok)
return -1;

View File

@ -23,10 +23,8 @@ typedef struct server_onion_keys_t {
uint8_t my_identity[DIGEST_LEN];
crypto_pk_t *onion_key;
crypto_pk_t *last_onion_key;
#ifdef CURVE25519_ENABLED
di_digest256_map_t *curve25519_key_map;
curve25519_keypair_t *junk_keypair;
#endif
} server_onion_keys_t;
#define MAX_ONIONSKIN_CHALLENGE_LEN 255

View File

@ -17,7 +17,6 @@ typedef struct ntor_handshake_state_t ntor_handshake_state_t;
/** Length of an ntor reply, as sent from server to client. */
#define NTOR_REPLY_LEN 64
#ifdef CURVE25519_ENABLED
void ntor_handshake_state_free(ntor_handshake_state_t *state);
int onion_skin_ntor_create(const uint8_t *router_id,
@ -59,5 +58,3 @@ struct ntor_handshake_state_t {
#endif
#endif

View File

@ -2554,9 +2554,7 @@ typedef struct extend_info_t {
uint16_t port; /**< OR port. */
tor_addr_t addr; /**< IP address. */
crypto_pk_t *onion_key; /**< Current onionskin key. */
#ifdef CURVE25519_ENABLED
curve25519_public_key_t curve25519_onion_key;
#endif
} extend_info_t;
/** Certificate for v3 directory protocol: binds long-term authority identity

View File

@ -55,13 +55,11 @@ static crypto_pk_t *onionkey=NULL;
/** Previous private onionskin decryption key: used to decode CREATE cells
* generated by clients that have an older version of our descriptor. */
static crypto_pk_t *lastonionkey=NULL;
#ifdef CURVE25519_ENABLED
/** Current private ntor secret key: used to perform the ntor handshake. */
static curve25519_keypair_t curve25519_onion_key;
/** Previous private ntor secret key: used to perform the ntor handshake
* with clients that have an older version of our descriptor. */
static curve25519_keypair_t last_curve25519_onion_key;
#endif
/** Private server "identity key": used to sign directory info and TLS
* certificates. Never changes. */
static crypto_pk_t *server_identitykey=NULL;
@ -134,7 +132,6 @@ dup_onion_keys(crypto_pk_t **key, crypto_pk_t **last)
tor_mutex_release(key_lock);
}
#ifdef CURVE25519_ENABLED
/** Return the current secret onion key for the ntor handshake. Must only
* be called from the main thread. */
static const curve25519_keypair_t *
@ -181,7 +178,6 @@ ntor_key_map_free(di_digest256_map_t *map)
return;
dimap_free(map, ntor_key_map_free_helper);
}
#endif
/** Return the time when the onion key was last set. This is either the time
* when the process launched, or the time of the most recent key rotation since
@ -313,9 +309,7 @@ rotate_onion_key(void)
char *fname, *fname_prev;
crypto_pk_t *prkey = NULL;
or_state_t *state = get_or_state();
#ifdef CURVE25519_ENABLED
curve25519_keypair_t new_curve25519_keypair;
#endif
time_t now;
fname = get_datadir_fname2("keys", "secret_onion_key");
fname_prev = get_datadir_fname2("keys", "secret_onion_key.old");
@ -335,7 +329,6 @@ rotate_onion_key(void)
log_err(LD_FS,"Couldn't write generated onion key to \"%s\".", fname);
goto error;
}
#ifdef CURVE25519_ENABLED
tor_free(fname);
tor_free(fname_prev);
fname = get_datadir_fname2("keys", "secret_onion_key_ntor");
@ -351,18 +344,15 @@ rotate_onion_key(void)
log_err(LD_FS,"Couldn't write curve25519 onion key to \"%s\".",fname);
goto error;
}
#endif
log_info(LD_GENERAL, "Rotating onion key");
tor_mutex_acquire(key_lock);
crypto_pk_free(lastonionkey);
lastonionkey = onionkey;
onionkey = prkey;
#ifdef CURVE25519_ENABLED
memcpy(&last_curve25519_onion_key, &curve25519_onion_key,
sizeof(curve25519_keypair_t));
memcpy(&curve25519_onion_key, &new_curve25519_keypair,
sizeof(curve25519_keypair_t));
#endif
now = time(NULL);
state->LastRotatedOnionKey = onionkey_set_at = now;
tor_mutex_release(key_lock);
@ -374,9 +364,7 @@ rotate_onion_key(void)
if (prkey)
crypto_pk_free(prkey);
done:
#ifdef CURVE25519_ENABLED
memwipe(&new_curve25519_keypair, 0, sizeof(new_curve25519_keypair));
#endif
tor_free(fname);
tor_free(fname_prev);
}
@ -450,7 +438,6 @@ init_key_from_file(const char *fname, int generate, int severity)
return NULL;
}
#ifdef CURVE25519_ENABLED
/** Load a curve25519 keypair from the file <b>fname</b>, writing it into
* <b>keys_out</b>. If the file isn't found and <b>generate</b> is true,
* create a new keypair and write it into the file. If there are errors, log
@ -519,7 +506,6 @@ init_curve25519_keypair_from_file(curve25519_keypair_t *keys_out,
error:
return -1;
}
#endif
/** Try to load the vote-signing private key and certificate for being a v3
* directory authority, and make sure they match. If <b>legacy</b>, load a
@ -875,7 +861,6 @@ init_keys(void)
}
tor_free(keydir);
#ifdef CURVE25519_ENABLED
{
/* 2b. Load curve25519 onion keys. */
int r;
@ -896,7 +881,6 @@ init_keys(void)
}
tor_free(keydir);
}
#endif
/* 3. Initialize link key and TLS context. */
if (router_initialize_tls_context() < 0) {
@ -1806,11 +1790,9 @@ router_rebuild_descriptor(int force)
ri->cache_info.published_on = time(NULL);
ri->onion_pkey = crypto_pk_dup_key(get_onion_key()); /* must invoke from
* main thread */
#ifdef CURVE25519_ENABLED
ri->onion_curve25519_pkey =
tor_memdup(&get_current_curve25519_keypair()->pubkey,
sizeof(curve25519_public_key_t));
#endif
/* For now, at most one IPv6 or-address is being advertised. */
{
@ -2389,7 +2371,6 @@ router_dump_router_to_string(routerinfo_t *router,
smartlist_add_asprintf(chunks, "contact %s\n", ci);
}
#ifdef CURVE25519_ENABLED
if (router->onion_curve25519_pkey) {
char kbuf[128];
base64_encode(kbuf, sizeof(kbuf),
@ -2397,7 +2378,6 @@ router_dump_router_to_string(routerinfo_t *router,
CURVE25519_PUBKEY_LEN);
smartlist_add_asprintf(chunks, "ntor-onion-key %s", kbuf);
}
#endif
/* Write the exit policy to the end of 's'. */
if (!router->exit_policy || !smartlist_len(router->exit_policy)) {
@ -3073,10 +3053,8 @@ router_free_all(void)
crypto_pk_free(legacy_signing_key);
authority_cert_free(legacy_key_certificate);
#ifdef CURVE25519_ENABLED
memwipe(&curve25519_onion_key, 0, sizeof(curve25519_onion_key));
memwipe(&last_curve25519_onion_key, 0, sizeof(last_curve25519_onion_key));
#endif
if (warned_nonexistent_family) {
SMARTLIST_FOREACH(warned_nonexistent_family, char *, cp, tor_free(cp));

View File

@ -32,10 +32,8 @@ crypto_pk_t *init_key_from_file(const char *fname, int generate,
int severity);
void v3_authority_check_key_expiry(void);
#ifdef CURVE25519_ENABLED
di_digest256_map_t *construct_ntor_key_map(void);
void ntor_key_map_free(di_digest256_map_t *map);
#endif
int router_initialize_tls_context(void);
int init_keys(void);

View File

@ -26,10 +26,8 @@ const char tor_git_revision[] = "";
#endif
#include "config.h"
#ifdef CURVE25519_ENABLED
#include "crypto_curve25519.h"
#include "onion_ntor.h"
#endif
#include "crypto_ed25519.h"
#if defined(HAVE_CLOCK_GETTIME) && defined(CLOCK_PROCESS_CPUTIME_ID)
@ -179,7 +177,6 @@ bench_onion_TAP(void)
crypto_pk_free(key2);
}
#ifdef CURVE25519_ENABLED
static void
bench_onion_ntor(void)
{
@ -293,7 +290,6 @@ bench_ed25519(void)
printf("Blind a public key: %.2f usec\n",
MICROCOUNT(start, end, iters));
}
#endif
static void
bench_cell_aes(void)
@ -573,10 +569,9 @@ static struct benchmark_t benchmarks[] = {
ENT(siphash),
ENT(aes),
ENT(onion_TAP),
#ifdef CURVE25519_ENABLED
ENT(onion_ntor),
ENT(ed25519),
#endif
ENT(cell_aes),
ENT(cell_ops),
ENT(dh),

View File

@ -80,7 +80,6 @@ noinst_HEADERS+= \
src/test/failing_routerdescs.inc \
src/test/ed25519_vectors.inc
if CURVE25519_ENABLED
noinst_PROGRAMS+= src/test/test-ntor-cl
src_test_test_ntor_cl_SOURCES = src/test/test_ntor_cl.c
src_test_test_ntor_cl_LDFLAGS = @TOR_LDFLAGS_zlib@ @TOR_LDFLAGS_openssl@
@ -91,9 +90,6 @@ src_test_test_ntor_cl_LDADD = src/or/libtor.a src/common/libor.a \
src_test_test_ntor_cl_AM_CPPFLAGS = \
-I"$(top_srcdir)/src/or"
NTOR_TEST_DEPS=src/test/test-ntor-cl
else
NTOR_TEST_DEPS=
endif
if COVERAGE_ENABLED
CMDLINE_TEST_TOR = ./src/or/tor-cov
@ -113,10 +109,8 @@ src_test_test_bt_cl_CPPFLAGS= $(src_test_AM_CPPFLAGS)
check-local: $(NTOR_TEST_DEPS) $(CMDLINE_TEST_TOR)
if USEPYTHON
$(PYTHON) $(top_srcdir)/src/test/test_cmdline_args.py $(CMDLINE_TEST_TOR) "${top_srcdir}"
if CURVE25519_ENABLED
$(PYTHON) $(top_srcdir)/src/test/ntor_ref.py test-tor
$(PYTHON) $(top_srcdir)/src/test/ntor_ref.py self-test
endif
./src/test/test-bt-cl assert | $(PYTHON) $(top_srcdir)/src/test/bt_test.py
./src/test/test-bt-cl crash | $(PYTHON) $(top_srcdir)/src/test/bt_test.py
endif

View File

@ -64,10 +64,8 @@ double fabs(double x);
#include "rephist.h"
#include "routerparse.h"
#include "statefile.h"
#ifdef CURVE25519_ENABLED
#include "crypto_curve25519.h"
#include "onion_ntor.h"
#endif
#ifdef USE_DMALLOC
#include <dmalloc.h>
@ -365,7 +363,6 @@ test_bad_onion_handshake(void *arg)
crypto_pk_free(pk2);
}
#ifdef CURVE25519_ENABLED
static void
test_ntor_handshake(void *arg)
{
@ -417,7 +414,6 @@ test_ntor_handshake(void *arg)
ntor_handshake_state_free(c_state);
dimap_free(s_keymap, NULL);
}
#endif
/** Run unit tests for the onion queues. */
static void
@ -1267,9 +1263,7 @@ static struct testcase_t test_array[] = {
ENT(onion_handshake),
{ "bad_onion_handshake", test_bad_onion_handshake, 0, NULL, NULL },
ENT(onion_queues),
#ifdef CURVE25519_ENABLED
{ "ntor_handshake", test_ntor_handshake, 0, NULL, NULL },
#endif
ENT(circuit_timeout),
ENT(rend_fns),
ENT(geoip),

View File

@ -445,7 +445,6 @@ test_cfmt_create_cells(void *arg)
cell.command = CELL_CREATE2;
memcpy(cell.payload, "\x00\x02\x00\x54", 4); /* ntor, 84 bytes long */
memcpy(cell.payload+4, b, NTOR_ONIONSKIN_LEN);
#ifdef CURVE25519_ENABLED
tt_int_op(0, ==, create_cell_parse(&cc, &cell));
tt_int_op(CELL_CREATE2, ==, cc.cell_type);
tt_int_op(ONION_HANDSHAKE_TYPE_NTOR, ==, cc.handshake_type);
@ -454,9 +453,6 @@ test_cfmt_create_cells(void *arg)
tt_int_op(0, ==, create_cell_format(&cell2, &cc));
tt_int_op(cell.command, ==, cell2.command);
tt_mem_op(cell.payload,==, cell2.payload, CELL_PAYLOAD_SIZE);
#else
tt_int_op(-1, ==, create_cell_parse(&cc, &cell));
#endif
/* A valid create cell with an ntor payload, in legacy format. */
memset(&cell, 0, sizeof(cell));
@ -465,7 +461,6 @@ test_cfmt_create_cells(void *arg)
cell.command = CELL_CREATE;
memcpy(cell.payload, "ntorNTORntorNTOR", 16);
memcpy(cell.payload+16, b, NTOR_ONIONSKIN_LEN);
#ifdef CURVE25519_ENABLED
tt_int_op(0, ==, create_cell_parse(&cc, &cell));
tt_int_op(CELL_CREATE, ==, cc.cell_type);
tt_int_op(ONION_HANDSHAKE_TYPE_NTOR, ==, cc.handshake_type);
@ -474,9 +469,6 @@ test_cfmt_create_cells(void *arg)
tt_int_op(0, ==, create_cell_format(&cell2, &cc));
tt_int_op(cell.command, ==, cell2.command);
tt_mem_op(cell.payload,==, cell2.payload, CELL_PAYLOAD_SIZE);
#else
tt_int_op(-1, ==, create_cell_parse(&cc, &cell));
#endif
/* == Okay, now let's try to parse some impossible stuff. */

View File

@ -11,9 +11,7 @@
#include "aes.h"
#include "util.h"
#include "siphash.h"
#ifdef CURVE25519_ENABLED
#include "crypto_curve25519.h"
#endif
#include "crypto_ed25519.h"
#include "ed25519_vectors.inc"
#include "crypto_s2k.h"
@ -1332,7 +1330,6 @@ test_crypto_hkdf_sha256(void *arg)
#undef EXPAND
}
#ifdef CURVE25519_ENABLED
static void
test_crypto_curve25519_impl(void *arg)
{
@ -1876,7 +1873,6 @@ test_crypto_ed25519_testvectors(void *arg)
done:
tor_free(mem_op_hex_tmp);
}
#endif /* CURVE25519_ENABLED */
static void
test_crypto_siphash(void *arg)
@ -2025,7 +2021,6 @@ struct testcase_t crypto_tests[] = {
CRYPTO_LEGACY(base32_decode),
{ "kdf_TAP", test_crypto_kdf_TAP, 0, NULL, NULL },
{ "hkdf_sha256", test_crypto_hkdf_sha256, 0, NULL, NULL },
#ifdef CURVE25519_ENABLED
{ "curve25519_impl", test_crypto_curve25519_impl, 0, NULL, NULL },
{ "curve25519_impl_hibit", test_crypto_curve25519_impl, 0, NULL, (void*)"y"},
{ "curve25519_wrappers", test_crypto_curve25519_wrappers, 0, NULL, NULL },
@ -2037,7 +2032,6 @@ struct testcase_t crypto_tests[] = {
{ "ed25519_convert", test_crypto_ed25519_convert, 0, NULL, NULL },
{ "ed25519_blinding", test_crypto_ed25519_blinding, 0, NULL, NULL },
{ "ed25519_testvectors", test_crypto_ed25519_testvectors, 0, NULL, NULL },
#endif
{ "siphash", test_crypto_siphash, 0, NULL, NULL },
END_OF_TESTCASES
};

View File

@ -216,10 +216,8 @@ test_dir_formats(void *arg)
strlcat(buf2, "signing-key\n", sizeof(buf2));
strlcat(buf2, pk1_str, sizeof(buf2));
strlcat(buf2, "hidden-service-dir\n", sizeof(buf2));
#ifdef CURVE25519_ENABLED
strlcat(buf2, "ntor-onion-key "
"skyinAnvardNostarsNomoonNowindormistsorsnow=\n", sizeof(buf2));
#endif
strlcat(buf2, "accept *:80\nreject 18.0.0.0/8:24\n", sizeof(buf2));
strlcat(buf2, "router-signature\n", sizeof(buf2));
@ -239,11 +237,9 @@ test_dir_formats(void *arg)
tt_int_op(rp2->bandwidthrate,==, r2->bandwidthrate);
tt_int_op(rp2->bandwidthburst,==, r2->bandwidthburst);
tt_int_op(rp2->bandwidthcapacity,==, r2->bandwidthcapacity);
#ifdef CURVE25519_ENABLED
tt_mem_op(rp2->onion_curve25519_pkey->public_key,==,
r2->onion_curve25519_pkey->public_key,
CURVE25519_PUBKEY_LEN);
#endif
tt_assert(crypto_pk_cmp_keys(rp2->onion_pkey, pk2) == 0);
tt_assert(crypto_pk_cmp_keys(rp2->identity_pkey, pk1) == 0);

View File

@ -13,10 +13,6 @@
#include "crypto_curve25519.h"
#include "onion_ntor.h"
#ifndef CURVE25519_ENABLED
#error "This isn't going to work without curve25519."
#endif
#define N_ARGS(n) STMT_BEGIN { \
if (argc < (n)) { \
fprintf(stderr, "%s needs %d arguments.\n",argv[1],n); \

View File

@ -244,7 +244,6 @@
#define SHARE_DATADIR ""
#define HAVE_EVENT2_DNS_H
#define HAVE_EVENT_BASE_LOOPEXIT
#define CURVE25519_ENABLED
#define USE_CURVE25519_DONNA
#define ENUM_VALS_ARE_SIGNED 1