diff options
Diffstat (limited to 'src/or')
| -rw-r--r-- | src/or/circuitbuild.c | 20 | ||||
| -rw-r--r-- | src/or/include.am | 8 | ||||
| -rw-r--r-- | src/or/onion.c | 22 | ||||
| -rw-r--r-- | src/or/onion.h | 2 | ||||
| -rw-r--r-- | src/or/onion_ntor.h | 3 | ||||
| -rw-r--r-- | src/or/or.h | 2 | ||||
| -rw-r--r-- | src/or/router.c | 22 | ||||
| -rw-r--r-- | src/or/router.h | 2 |
8 files changed, 1 insertions, 80 deletions
diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index edf7d2863e..c345ef1da0 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -59,9 +59,7 @@ static crypt_path_t *onion_next_hop_in_cpath(crypt_path_t *cpath); static int onion_extend_cpath(origin_circuit_t *circ); static int count_acceptable_nodes(smartlist_t *routers); static int onion_append_hop(crypt_path_t **head_ptr, extend_info_t *choice); -#ifdef CURVE25519_ENABLED static int circuits_can_use_ntor(void); -#endif /** This function tries to get a channel to the specified endpoint, * and then calls command_setup_channel() to give it the right @@ -368,7 +366,6 @@ circuit_rep_hist_note_result(origin_circuit_t *circ) } while (hop!=circ->cpath); } -#ifdef CURVE25519_ENABLED /** Return 1 iff at least one node in circ's cpath supports ntor. */ static int circuit_cpath_supports_ntor(const origin_circuit_t *circ) @@ -388,9 +385,6 @@ circuit_cpath_supports_ntor(const origin_circuit_t *circ) return 0; } -#else -#define circuit_cpath_supports_ntor(circ) 0 -#endif /** Pick all the entries in our cpath. Stop and return 0 when we're * happy, or return -1 if an error occurs. */ @@ -398,11 +392,7 @@ static int onion_populate_cpath(origin_circuit_t *circ) { int n_tries = 0; -#ifdef CURVE25519_ENABLED const int using_ntor = circuits_can_use_ntor(); -#else - const int using_ntor = 0; -#endif #define MAX_POPULATE_ATTEMPTS 32 @@ -772,7 +762,6 @@ circuit_timeout_want_to_count_circ(origin_circuit_t *circ) && circ->build_state->desired_path_len == DEFAULT_ROUTE_LEN; } -#ifdef CURVE25519_ENABLED /** Return true if the ntor handshake is enabled in the configuration, or if * it's been set to "auto" in the configuration and it's enabled in the * consensus. */ @@ -784,7 +773,6 @@ circuits_can_use_ntor(void) return options->UseNTorHandshake; return networkstatus_get_param(NULL, "UseNTorHandshake", 0, 0, 1); } -#endif /** Decide whether to use a TAP or ntor handshake for connecting to <b>ei</b> * directly, and set *<b>cell_type_out</b> and *<b>handshake_type_out</b> @@ -794,7 +782,6 @@ circuit_pick_create_handshake(uint8_t *cell_type_out, uint16_t *handshake_type_out, const extend_info_t *ei) { -#ifdef CURVE25519_ENABLED if (!tor_mem_is_zero((const char*)ei->curve25519_onion_key.public_key, CURVE25519_PUBKEY_LEN) && circuits_can_use_ntor()) { @@ -802,9 +789,6 @@ circuit_pick_create_handshake(uint8_t *cell_type_out, *handshake_type_out = ONION_HANDSHAKE_TYPE_NTOR; return; } -#else - (void) ei; -#endif *cell_type_out = CELL_CREATE; *handshake_type_out = ONION_HANDSHAKE_TYPE_TAP; @@ -2198,13 +2182,9 @@ extend_info_new(const char *nickname, const char *digest, strlcpy(info->nickname, nickname, sizeof(info->nickname)); if (onion_key) info->onion_key = crypto_pk_dup_key(onion_key); -#ifdef CURVE25519_ENABLED if (curve25519_key) memcpy(&info->curve25519_onion_key, curve25519_key, sizeof(curve25519_public_key_t)); -#else - (void)curve25519_key; -#endif tor_addr_copy(&info->addr, addr); info->port = port; return info; diff --git a/src/or/include.am b/src/or/include.am index 47bdd09901..0f53f007f0 100644 --- a/src/or/include.am +++ b/src/or/include.am @@ -23,12 +23,6 @@ else evdns_source=src/ext/eventdns.c endif -if CURVE25519_ENABLED -onion_ntor_source=src/or/onion_ntor.c -else -onion_ntor_source= -endif - LIBTOR_A_SOURCES = \ src/or/addressmap.c \ src/or/buffers.c \ @@ -82,9 +76,9 @@ LIBTOR_A_SOURCES = \ src/or/routerset.c \ src/or/statefile.c \ src/or/status.c \ + src/or/onion_ntor.c \ $(evdns_source) \ $(tor_platform_source) \ - $(onion_ntor_source) \ src/or/config_codedigest.c src_or_libtor_a_SOURCES = $(LIBTOR_A_SOURCES) diff --git a/src/or/onion.c b/src/or/onion.c index ae39f451f4..fb0044886b 100644 --- a/src/or/onion.c +++ b/src/or/onion.c @@ -111,15 +111,11 @@ have_room_for_onionskin(uint16_t type) (uint64_t)options->MaxOnionQueueDelay) return 0; -#ifdef CURVE25519_ENABLED /* If we support the ntor handshake, then don't let TAP handshakes use * more than 2/3 of the space on the queue. */ if (type == ONION_HANDSHAKE_TYPE_TAP && tap_usec / 1000 > (uint64_t)options->MaxOnionQueueDelay * 2 / 3) return 0; -#else - (void) type; -#endif return 1; } @@ -353,11 +349,9 @@ setup_server_onion_keys(server_onion_keys_t *keys) memset(keys, 0, sizeof(server_onion_keys_t)); memcpy(keys->my_identity, router_get_my_id_digest(), DIGEST_LEN); dup_onion_keys(&keys->onion_key, &keys->last_onion_key); -#ifdef CURVE25519_ENABLED keys->curve25519_key_map = construct_ntor_key_map(); keys->junk_keypair = tor_malloc_zero(sizeof(curve25519_keypair_t)); curve25519_keypair_generate(keys->junk_keypair, 0); -#endif } /** Release all storage held in <b>keys</b>, but do not free <b>keys</b> @@ -370,10 +364,8 @@ release_server_onion_keys(server_onion_keys_t *keys) crypto_pk_free(keys->onion_key); crypto_pk_free(keys->last_onion_key); -#ifdef CURVE25519_ENABLED ntor_key_map_free(keys->curve25519_key_map); tor_free(keys->junk_keypair); -#endif memset(keys, 0, sizeof(server_onion_keys_t)); } @@ -391,12 +383,10 @@ onion_handshake_state_release(onion_handshake_state_t *state) fast_handshake_state_free(state->u.fast); state->u.fast = NULL; break; -#ifdef CURVE25519_ENABLED case ONION_HANDSHAKE_TYPE_NTOR: ntor_handshake_state_free(state->u.ntor); state->u.ntor = NULL; break; -#endif default: log_warn(LD_BUG, "called with unknown handshake state type %d", (int)state->tag); @@ -436,7 +426,6 @@ onion_skin_create(int type, r = CREATE_FAST_LEN; break; case ONION_HANDSHAKE_TYPE_NTOR: -#ifdef CURVE25519_ENABLED if (tor_mem_is_zero((const char*)node->curve25519_onion_key.public_key, CURVE25519_PUBKEY_LEN)) return -1; @@ -447,9 +436,6 @@ onion_skin_create(int type, return -1; r = NTOR_ONIONSKIN_LEN; -#else - return -1; -#endif break; default: log_warn(LD_BUG, "called with unknown handshake state type %d", type); @@ -501,7 +487,6 @@ onion_skin_server_handshake(int type, memcpy(rend_nonce_out, reply_out+DIGEST_LEN, DIGEST_LEN); break; case ONION_HANDSHAKE_TYPE_NTOR: -#ifdef CURVE25519_ENABLED if (onionskin_len < NTOR_ONIONSKIN_LEN) return -1; { @@ -522,9 +507,6 @@ onion_skin_server_handshake(int type, tor_free(keys_tmp); r = NTOR_REPLY_LEN; } -#else - return -1; -#endif break; default: log_warn(LD_BUG, "called with unknown handshake state type %d", type); @@ -577,7 +559,6 @@ onion_skin_client_handshake(int type, memcpy(rend_authenticator_out, reply+DIGEST_LEN, DIGEST_LEN); return 0; -#ifdef CURVE25519_ENABLED case ONION_HANDSHAKE_TYPE_NTOR: if (reply_len < NTOR_REPLY_LEN) { log_warn(LD_CIRC, "ntor reply was not of the correct length."); @@ -598,7 +579,6 @@ onion_skin_client_handshake(int type, tor_free(keys_tmp); } return 0; -#endif default: log_warn(LD_BUG, "called with unknown handshake state type %d", type); tor_fragile_assert(); @@ -637,12 +617,10 @@ check_create_cell(const create_cell_t *cell, int unknown_ok) if (cell->handshake_len != CREATE_FAST_LEN) return -1; break; -#ifdef CURVE25519_ENABLED case ONION_HANDSHAKE_TYPE_NTOR: if (cell->handshake_len != NTOR_ONIONSKIN_LEN) return -1; break; -#endif default: if (! unknown_ok) return -1; diff --git a/src/or/onion.h b/src/or/onion.h index d62f032b87..362001929d 100644 --- a/src/or/onion.h +++ b/src/or/onion.h @@ -23,10 +23,8 @@ typedef struct server_onion_keys_t { uint8_t my_identity[DIGEST_LEN]; crypto_pk_t *onion_key; crypto_pk_t *last_onion_key; -#ifdef CURVE25519_ENABLED di_digest256_map_t *curve25519_key_map; curve25519_keypair_t *junk_keypair; -#endif } server_onion_keys_t; #define MAX_ONIONSKIN_CHALLENGE_LEN 255 diff --git a/src/or/onion_ntor.h b/src/or/onion_ntor.h index c942e6e0f0..349c944124 100644 --- a/src/or/onion_ntor.h +++ b/src/or/onion_ntor.h @@ -17,7 +17,6 @@ typedef struct ntor_handshake_state_t ntor_handshake_state_t; /** Length of an ntor reply, as sent from server to client. */ #define NTOR_REPLY_LEN 64 -#ifdef CURVE25519_ENABLED void ntor_handshake_state_free(ntor_handshake_state_t *state); int onion_skin_ntor_create(const uint8_t *router_id, @@ -59,5 +58,3 @@ struct ntor_handshake_state_t { #endif -#endif - diff --git a/src/or/or.h b/src/or/or.h index 3adec7a961..115b92dc94 100644 --- a/src/or/or.h +++ b/src/or/or.h @@ -2554,9 +2554,7 @@ typedef struct extend_info_t { uint16_t port; /**< OR port. */ tor_addr_t addr; /**< IP address. */ crypto_pk_t *onion_key; /**< Current onionskin key. */ -#ifdef CURVE25519_ENABLED curve25519_public_key_t curve25519_onion_key; -#endif } extend_info_t; /** Certificate for v3 directory protocol: binds long-term authority identity diff --git a/src/or/router.c b/src/or/router.c index bbbf9c4b84..2a21b81a23 100644 --- a/src/or/router.c +++ b/src/or/router.c @@ -55,13 +55,11 @@ static crypto_pk_t *onionkey=NULL; /** Previous private onionskin decryption key: used to decode CREATE cells * generated by clients that have an older version of our descriptor. */ static crypto_pk_t *lastonionkey=NULL; -#ifdef CURVE25519_ENABLED /** Current private ntor secret key: used to perform the ntor handshake. */ static curve25519_keypair_t curve25519_onion_key; /** Previous private ntor secret key: used to perform the ntor handshake * with clients that have an older version of our descriptor. */ static curve25519_keypair_t last_curve25519_onion_key; -#endif /** Private server "identity key": used to sign directory info and TLS * certificates. Never changes. */ static crypto_pk_t *server_identitykey=NULL; @@ -134,7 +132,6 @@ dup_onion_keys(crypto_pk_t **key, crypto_pk_t **last) tor_mutex_release(key_lock); } -#ifdef CURVE25519_ENABLED /** Return the current secret onion key for the ntor handshake. Must only * be called from the main thread. */ static const curve25519_keypair_t * @@ -181,7 +178,6 @@ ntor_key_map_free(di_digest256_map_t *map) return; dimap_free(map, ntor_key_map_free_helper); } -#endif /** Return the time when the onion key was last set. This is either the time * when the process launched, or the time of the most recent key rotation since @@ -313,9 +309,7 @@ rotate_onion_key(void) char *fname, *fname_prev; crypto_pk_t *prkey = NULL; or_state_t *state = get_or_state(); -#ifdef CURVE25519_ENABLED curve25519_keypair_t new_curve25519_keypair; -#endif time_t now; fname = get_datadir_fname2("keys", "secret_onion_key"); fname_prev = get_datadir_fname2("keys", "secret_onion_key.old"); @@ -335,7 +329,6 @@ rotate_onion_key(void) log_err(LD_FS,"Couldn't write generated onion key to \"%s\".", fname); goto error; } -#ifdef CURVE25519_ENABLED tor_free(fname); tor_free(fname_prev); fname = get_datadir_fname2("keys", "secret_onion_key_ntor"); @@ -351,18 +344,15 @@ rotate_onion_key(void) log_err(LD_FS,"Couldn't write curve25519 onion key to \"%s\".",fname); goto error; } -#endif log_info(LD_GENERAL, "Rotating onion key"); tor_mutex_acquire(key_lock); crypto_pk_free(lastonionkey); lastonionkey = onionkey; onionkey = prkey; -#ifdef CURVE25519_ENABLED memcpy(&last_curve25519_onion_key, &curve25519_onion_key, sizeof(curve25519_keypair_t)); memcpy(&curve25519_onion_key, &new_curve25519_keypair, sizeof(curve25519_keypair_t)); -#endif now = time(NULL); state->LastRotatedOnionKey = onionkey_set_at = now; tor_mutex_release(key_lock); @@ -374,9 +364,7 @@ rotate_onion_key(void) if (prkey) crypto_pk_free(prkey); done: -#ifdef CURVE25519_ENABLED memwipe(&new_curve25519_keypair, 0, sizeof(new_curve25519_keypair)); -#endif tor_free(fname); tor_free(fname_prev); } @@ -450,7 +438,6 @@ init_key_from_file(const char *fname, int generate, int severity) return NULL; } -#ifdef CURVE25519_ENABLED /** Load a curve25519 keypair from the file <b>fname</b>, writing it into * <b>keys_out</b>. If the file isn't found and <b>generate</b> is true, * create a new keypair and write it into the file. If there are errors, log @@ -519,7 +506,6 @@ init_curve25519_keypair_from_file(curve25519_keypair_t *keys_out, error: return -1; } -#endif /** Try to load the vote-signing private key and certificate for being a v3 * directory authority, and make sure they match. If <b>legacy</b>, load a @@ -875,7 +861,6 @@ init_keys(void) } tor_free(keydir); -#ifdef CURVE25519_ENABLED { /* 2b. Load curve25519 onion keys. */ int r; @@ -896,7 +881,6 @@ init_keys(void) } tor_free(keydir); } -#endif /* 3. Initialize link key and TLS context. */ if (router_initialize_tls_context() < 0) { @@ -1806,11 +1790,9 @@ router_rebuild_descriptor(int force) ri->cache_info.published_on = time(NULL); ri->onion_pkey = crypto_pk_dup_key(get_onion_key()); /* must invoke from * main thread */ -#ifdef CURVE25519_ENABLED ri->onion_curve25519_pkey = tor_memdup(&get_current_curve25519_keypair()->pubkey, sizeof(curve25519_public_key_t)); -#endif /* For now, at most one IPv6 or-address is being advertised. */ { @@ -2389,7 +2371,6 @@ router_dump_router_to_string(routerinfo_t *router, smartlist_add_asprintf(chunks, "contact %s\n", ci); } -#ifdef CURVE25519_ENABLED if (router->onion_curve25519_pkey) { char kbuf[128]; base64_encode(kbuf, sizeof(kbuf), @@ -2397,7 +2378,6 @@ router_dump_router_to_string(routerinfo_t *router, CURVE25519_PUBKEY_LEN); smartlist_add_asprintf(chunks, "ntor-onion-key %s", kbuf); } -#endif /* Write the exit policy to the end of 's'. */ if (!router->exit_policy || !smartlist_len(router->exit_policy)) { @@ -3073,10 +3053,8 @@ router_free_all(void) crypto_pk_free(legacy_signing_key); authority_cert_free(legacy_key_certificate); -#ifdef CURVE25519_ENABLED memwipe(&curve25519_onion_key, 0, sizeof(curve25519_onion_key)); memwipe(&last_curve25519_onion_key, 0, sizeof(last_curve25519_onion_key)); -#endif if (warned_nonexistent_family) { SMARTLIST_FOREACH(warned_nonexistent_family, char *, cp, tor_free(cp)); diff --git a/src/or/router.h b/src/or/router.h index d18ff065ea..cedbc08914 100644 --- a/src/or/router.h +++ b/src/or/router.h @@ -32,10 +32,8 @@ crypto_pk_t *init_key_from_file(const char *fname, int generate, int severity); void v3_authority_check_key_expiry(void); -#ifdef CURVE25519_ENABLED di_digest256_map_t *construct_ntor_key_map(void); void ntor_key_map_free(di_digest256_map_t *map); -#endif int router_initialize_tls_context(void); int init_keys(void); |