Remove configure option to disable curve25519

By now, support in the network is widespread and it's time to require
more modern crypto on all Tor instances, whether they're clients or
servers. By doing this early in 0.2.6, we can be sure that at some point
all clients will have reasonable support.

1 files changed, 0 insertions, 22 deletions

diff --git a/src/or/router.c b/src/or/router.c
index bbbf9c4b84..2a21b81a23 100644
--- a/src/or/router.c
+++ b/src/or/router.c
@@ -55,13 +55,11 @@ static crypto_pk_t *onionkey=NULL;
 /** Previous private onionskin decryption key: used to decode CREATE cells
  * generated by clients that have an older version of our descriptor. */
 static crypto_pk_t *lastonionkey=NULL;
-#ifdef CURVE25519_ENABLED
 /** Current private ntor secret key: used to perform the ntor handshake. */
 static curve25519_keypair_t curve25519_onion_key;
 /** Previous private ntor secret key: used to perform the ntor handshake
  * with clients that have an older version of our descriptor. */
 static curve25519_keypair_t last_curve25519_onion_key;
-#endif
 /** Private server "identity key": used to sign directory info and TLS
  * certificates. Never changes. */
 static crypto_pk_t *server_identitykey=NULL;
@@ -134,7 +132,6 @@ dup_onion_keys(crypto_pk_t **key, crypto_pk_t **last)
   tor_mutex_release(key_lock);
 }
 
-#ifdef CURVE25519_ENABLED
 /** Return the current secret onion key for the ntor handshake. Must only
  * be called from the main thread. */
 static const curve25519_keypair_t *
@@ -181,7 +178,6 @@ ntor_key_map_free(di_digest256_map_t *map)
     return;
   dimap_free(map, ntor_key_map_free_helper);
 }
-#endif
 
 /** Return the time when the onion key was last set.  This is either the time
  * when the process launched, or the time of the most recent key rotation since
@@ -313,9 +309,7 @@ rotate_onion_key(void)
   char *fname, *fname_prev;
   crypto_pk_t *prkey = NULL;
   or_state_t *state = get_or_state();
-#ifdef CURVE25519_ENABLED
   curve25519_keypair_t new_curve25519_keypair;
-#endif
   time_t now;
   fname = get_datadir_fname2("keys", "secret_onion_key");
   fname_prev = get_datadir_fname2("keys", "secret_onion_key.old");
@@ -335,7 +329,6 @@ rotate_onion_key(void)
     log_err(LD_FS,"Couldn't write generated onion key to \"%s\".", fname);
     goto error;
   }
-#ifdef CURVE25519_ENABLED
   tor_free(fname);
   tor_free(fname_prev);
   fname = get_datadir_fname2("keys", "secret_onion_key_ntor");
@@ -351,18 +344,15 @@ rotate_onion_key(void)
     log_err(LD_FS,"Couldn't write curve25519 onion key to \"%s\".",fname);
     goto error;
   }
-#endif
   log_info(LD_GENERAL, "Rotating onion key");
   tor_mutex_acquire(key_lock);
   crypto_pk_free(lastonionkey);
   lastonionkey = onionkey;
   onionkey = prkey;
-#ifdef CURVE25519_ENABLED
   memcpy(&last_curve25519_onion_key, &curve25519_onion_key,
          sizeof(curve25519_keypair_t));
   memcpy(&curve25519_onion_key, &new_curve25519_keypair,
          sizeof(curve25519_keypair_t));
-#endif
   now = time(NULL);
   state->LastRotatedOnionKey = onionkey_set_at = now;
   tor_mutex_release(key_lock);
@@ -374,9 +364,7 @@ rotate_onion_key(void)
   if (prkey)
     crypto_pk_free(prkey);
  done:
-#ifdef CURVE25519_ENABLED
   memwipe(&new_curve25519_keypair, 0, sizeof(new_curve25519_keypair));
-#endif
   tor_free(fname);
   tor_free(fname_prev);
 }
@@ -450,7 +438,6 @@ init_key_from_file(const char *fname, int generate, int severity)
   return NULL;
 }
 
-#ifdef CURVE25519_ENABLED
 /** Load a curve25519 keypair from the file <b>fname</b>, writing it into
  * <b>keys_out</b>.  If the file isn't found and <b>generate</b> is true,
  * create a new keypair and write it into the file.  If there are errors, log
@@ -519,7 +506,6 @@ init_curve25519_keypair_from_file(curve25519_keypair_t *keys_out,
  error:
   return -1;
 }
-#endif
 
 /** Try to load the vote-signing private key and certificate for being a v3
  * directory authority, and make sure they match.  If <b>legacy</b>, load a
@@ -875,7 +861,6 @@ init_keys(void)
   }
   tor_free(keydir);
 
-#ifdef CURVE25519_ENABLED
   {
     /* 2b. Load curve25519 onion keys. */
     int r;
@@ -896,7 +881,6 @@ init_keys(void)
     }
     tor_free(keydir);
   }
-#endif
 
   /* 3. Initialize link key and TLS context. */
   if (router_initialize_tls_context() < 0) {
@@ -1806,11 +1790,9 @@ router_rebuild_descriptor(int force)
   ri->cache_info.published_on = time(NULL);
   ri->onion_pkey = crypto_pk_dup_key(get_onion_key()); /* must invoke from
                                                         * main thread */
-#ifdef CURVE25519_ENABLED
   ri->onion_curve25519_pkey =
     tor_memdup(&get_current_curve25519_keypair()->pubkey,
                sizeof(curve25519_public_key_t));
-#endif
 
   /* For now, at most one IPv6 or-address is being advertised. */
   {
@@ -2389,7 +2371,6 @@ router_dump_router_to_string(routerinfo_t *router,
     smartlist_add_asprintf(chunks, "contact %s\n", ci);
   }
 
-#ifdef CURVE25519_ENABLED
   if (router->onion_curve25519_pkey) {
     char kbuf[128];
     base64_encode(kbuf, sizeof(kbuf),
@@ -2397,7 +2378,6 @@ router_dump_router_to_string(routerinfo_t *router,
                   CURVE25519_PUBKEY_LEN);
     smartlist_add_asprintf(chunks, "ntor-onion-key %s", kbuf);
   }
-#endif
 
   /* Write the exit policy to the end of 's'. */
   if (!router->exit_policy || !smartlist_len(router->exit_policy)) {
@@ -3073,10 +3053,8 @@ router_free_all(void)
   crypto_pk_free(legacy_signing_key);
   authority_cert_free(legacy_key_certificate);
 
-#ifdef CURVE25519_ENABLED
   memwipe(&curve25519_onion_key, 0, sizeof(curve25519_onion_key));
   memwipe(&last_curve25519_onion_key, 0, sizeof(last_curve25519_onion_key));
-#endif
 
   if (warned_nonexistent_family) {
     SMARTLIST_FOREACH(warned_nonexistent_family, char *, cp, tor_free(cp));