Merge remote-tracking branch 'sebastian/bug13286'

changes/bug13286

@@ -0,0 +1,2 @@
+  o Removed features:
+    Remove the --disable-curve25519 configure option.

configure.ac

@@ -39,8 +39,6 @@ AC_ARG_ENABLE(static-zlib,
    AS_HELP_STRING(--enable-static-zlib, Link against a static zlib library. Requires --with-zlib-dir))
 AC_ARG_ENABLE(static-tor,
    AS_HELP_STRING(--enable-static-tor, Create an entirely static Tor binary. Requires --with-openssl-dir and --with-libevent-dir and --with-zlib-dir))
-AC_ARG_ENABLE(curve25519,
-   AS_HELP_STRING(--disable-curve25519, Build Tor with no curve25519 elliptic-curve crypto support))
 AC_ARG_ENABLE(unittests,
    AS_HELP_STRING(--disable-unittests, [Don't build unit tests for Tor. Risky!]))
 AC_ARG_ENABLE(coverage,
@@ -765,101 +763,92 @@ dnl ============================================================
 dnl We need an implementation of curve25519.
 
 dnl set these defaults.
-have_a_curve25519=no
 build_curve25519_donna=no
 build_curve25519_donna_c64=no
 use_curve25519_donna=no
 use_curve25519_nacl=no
 CURVE25519_LIBS=
 
-if test x$enable_curve25519 != xno; then
-
-  dnl The best choice is using curve25519-donna-c64, but that requires
-  dnl that we
-  AC_CACHE_CHECK([whether we can use curve25519-donna-c64],
-    tor_cv_can_use_curve25519_donna_c64,
-    [AC_RUN_IFELSE(
-      [AC_LANG_PROGRAM([dnl
-        #include <stdint.h>
-        typedef unsigned uint128_t __attribute__((mode(TI)));
-	int func(uint64_t a, uint64_t b) {
-  	     uint128_t c = ((uint128_t)a) * b;
-             int ok = ((uint64_t)(c>>96)) == 522859 &&
-	           (((uint64_t)(c>>64))&0xffffffffL) == 3604448702L &&
-                   (((uint64_t)(c>>32))&0xffffffffL) == 2351960064L &&
-                   (((uint64_t)(c))&0xffffffffL) == 0;
-             return ok;
-        }
-	], [dnl
-	  int ok = func( ((uint64_t)2000000000) * 1000000000,
-	  	         ((uint64_t)1234567890) << 24);
-          return !ok;
-        ])],
-	[tor_cv_can_use_curve25519_donna_c64=yes],
-        [tor_cv_can_use_curve25519_donna_c64=no],
-	[AC_LINK_IFELSE(
-          [AC_LANG_PROGRAM([dnl
-        #include <stdint.h>
-        typedef unsigned uint128_t __attribute__((mode(TI)));
-	int func(uint64_t a, uint64_t b) {
-  	     uint128_t c = ((uint128_t)a) * b;
-             int ok = ((uint64_t)(c>>96)) == 522859 &&
-	           (((uint64_t)(c>>64))&0xffffffffL) == 3604448702L &&
-                   (((uint64_t)(c>>32))&0xffffffffL) == 2351960064L &&
-                   (((uint64_t)(c))&0xffffffffL) == 0;
-             return ok;
-        }
-	], [dnl
-	  int ok = func( ((uint64_t)2000000000) * 1000000000,
-	  	         ((uint64_t)1234567890) << 24);
-          return !ok;
-        ])],
-            [tor_cv_can_use_curve25519_donna_c64=cross],
-	    [tor_cv_can_use_curve25519_donna_c64=no])])])
-
-  AC_CHECK_HEADERS([crypto_scalarmult_curve25519.h \
-                    nacl/crypto_scalarmult_curve25519.h])
-
-  AC_CACHE_CHECK([for nacl compiled with a fast curve25519 implementation],
-    tor_cv_can_use_curve25519_nacl,
-    [tor_saved_LIBS="$LIBS"
-     LIBS="$LIBS -lnacl"
-     AC_LINK_IFELSE(
-       [AC_LANG_PROGRAM([dnl
-         #ifdef HAVE_CRYPTO_SCALARMULT_CURVE25519_H
-         #include <crypto_scalarmult_curve25519.h>
-	 #elif defined(HAVE_NACL_CRYPTO_SCALARMULT_CURVE25519_H)
-	 #include <nacl/crypto_scalarmult_curve25519.h>
-	 #endif
-         #ifdef crypto_scalarmult_curve25519_ref_BYTES
-	 #error Hey, this is the reference implementation! That's not fast.
-	 #endif
-       ], [
-	 unsigned char *a, *b, *c; crypto_scalarmult_curve25519(a,b,c);
-       ])], [tor_cv_can_use_curve25519_nacl=yes],
-       [tor_cv_can_use_curve25519_nacl=no])
-     LIBS="$tor_saved_LIBS" ])
-
-   dnl Okay, now we need to figure out which one to actually use. Fall back
-   dnl to curve25519-donna.c
-
-   if test x$tor_cv_can_use_curve25519_donna_c64 != xno; then
-     build_curve25519_donna_c64=yes
-     use_curve25519_donna=yes
-   elif test x$tor_cv_can_use_curve25519_nacl = xyes; then
-     use_curve25519_nacl=yes
-     CURVE25519_LIBS=-lnacl
-   else
-     build_curve25519_donna=yes
-     use_curve25519_donna=yes
-   fi
-   have_a_curve25519=yes
-fi
+dnl The best choice is using curve25519-donna-c64, but that requires
+dnl that we
+AC_CACHE_CHECK([whether we can use curve25519-donna-c64],
+  tor_cv_can_use_curve25519_donna_c64,
+  [AC_RUN_IFELSE(
+    [AC_LANG_PROGRAM([dnl
+      #include <stdint.h>
+      typedef unsigned uint128_t __attribute__((mode(TI)));
+  int func(uint64_t a, uint64_t b) {
+           uint128_t c = ((uint128_t)a) * b;
+           int ok = ((uint64_t)(c>>96)) == 522859 &&
+             (((uint64_t)(c>>64))&0xffffffffL) == 3604448702L &&
+                 (((uint64_t)(c>>32))&0xffffffffL) == 2351960064L &&
+                 (((uint64_t)(c))&0xffffffffL) == 0;
+           return ok;
+      }
+  ], [dnl
+    int ok = func( ((uint64_t)2000000000) * 1000000000,
+                   ((uint64_t)1234567890) << 24);
+        return !ok;
+      ])],
+  [tor_cv_can_use_curve25519_donna_c64=yes],
+      [tor_cv_can_use_curve25519_donna_c64=no],
+  [AC_LINK_IFELSE(
+        [AC_LANG_PROGRAM([dnl
+      #include <stdint.h>
+      typedef unsigned uint128_t __attribute__((mode(TI)));
+  int func(uint64_t a, uint64_t b) {
+           uint128_t c = ((uint128_t)a) * b;
+           int ok = ((uint64_t)(c>>96)) == 522859 &&
+             (((uint64_t)(c>>64))&0xffffffffL) == 3604448702L &&
+                 (((uint64_t)(c>>32))&0xffffffffL) == 2351960064L &&
+                 (((uint64_t)(c))&0xffffffffL) == 0;
+           return ok;
+      }
+  ], [dnl
+    int ok = func( ((uint64_t)2000000000) * 1000000000,
+    	         ((uint64_t)1234567890) << 24);
+        return !ok;
+      ])],
+          [tor_cv_can_use_curve25519_donna_c64=cross],
+      [tor_cv_can_use_curve25519_donna_c64=no])])])
+
+AC_CHECK_HEADERS([crypto_scalarmult_curve25519.h \
+                  nacl/crypto_scalarmult_curve25519.h])
+
+AC_CACHE_CHECK([for nacl compiled with a fast curve25519 implementation],
+  tor_cv_can_use_curve25519_nacl,
+  [tor_saved_LIBS="$LIBS"
+   LIBS="$LIBS -lnacl"
+   AC_LINK_IFELSE(
+     [AC_LANG_PROGRAM([dnl
+       #ifdef HAVE_CRYPTO_SCALARMULT_CURVE25519_H
+       #include <crypto_scalarmult_curve25519.h>
+   #elif defined(HAVE_NACL_CRYPTO_SCALARMULT_CURVE25519_H)
+   #include <nacl/crypto_scalarmult_curve25519.h>
+   #endif
+       #ifdef crypto_scalarmult_curve25519_ref_BYTES
+   #error Hey, this is the reference implementation! That's not fast.
+   #endif
+     ], [
+   unsigned char *a, *b, *c; crypto_scalarmult_curve25519(a,b,c);
+     ])], [tor_cv_can_use_curve25519_nacl=yes],
+     [tor_cv_can_use_curve25519_nacl=no])
+   LIBS="$tor_saved_LIBS" ])
+
+ dnl Okay, now we need to figure out which one to actually use. Fall back
+ dnl to curve25519-donna.c
+
+ if test x$tor_cv_can_use_curve25519_donna_c64 != xno; then
+   build_curve25519_donna_c64=yes
+   use_curve25519_donna=yes
+ elif test x$tor_cv_can_use_curve25519_nacl = xyes; then
+   use_curve25519_nacl=yes
+   CURVE25519_LIBS=-lnacl
+ else
+   build_curve25519_donna=yes
+   use_curve25519_donna=yes
+ fi
 
-if test x$have_a_curve25519 = xyes; then
-  AC_DEFINE(CURVE25519_ENABLED, 1,
-            [Defined if we have a curve25519 implementation])
-fi
 if test x$use_curve25519_donna = xyes; then
   AC_DEFINE(USE_CURVE25519_DONNA, 1,
             [Defined if we should use an internal curve25519_donna{,_c64} implementation])
@@ -870,7 +859,6 @@ if test x$use_curve25519_nacl = xyes; then
 fi
 AM_CONDITIONAL(BUILD_CURVE25519_DONNA, test x$build_curve25519_donna = xyes)
 AM_CONDITIONAL(BUILD_CURVE25519_DONNA_C64, test x$build_curve25519_donna_c64 = xyes)
-AM_CONDITIONAL(CURVE25519_ENABLED, test x$have_a_curve25519 = xyes)
 AC_SUBST(CURVE25519_LIBS)
 
 dnl Make sure to enable support for large off_t if available.

src/common/crypto_curve25519.h

@@ -30,7 +30,6 @@ typedef struct curve25519_keypair_t {
   curve25519_secret_key_t seckey;
 } curve25519_keypair_t;
 
-#ifdef CURVE25519_ENABLED
 /* These functions require that we actually know how to use curve25519 keys.
  * The other data structures and functions in this header let us parse them,
  * store them, and move them around.
@@ -63,7 +62,6 @@ int curve25519_rand_seckey_bytes(uint8_t *out, int extra_strong);
 STATIC int curve25519_impl(uint8_t *output, const uint8_t *secret,
                            const uint8_t *basepoint);
 #endif
-#endif
 
 #define CURVE25519_BASE64_PADDED_LEN 44
 

src/common/crypto_ed25519.h

@@ -39,7 +39,6 @@ typedef struct {
   ed25519_secret_key_t seckey;
 } ed25519_keypair_t;
 
-#ifdef CURVE25519_ENABLED
 int ed25519_secret_key_generate(ed25519_secret_key_t *seckey_out,
                             int extra_strong);
 int ed25519_secret_key_from_seed(ed25519_secret_key_t *seckey_out,
@@ -88,8 +87,6 @@ int ed25519_public_blind(ed25519_public_key_t *out,
                          const ed25519_public_key_t *inp,
                          const uint8_t *param);
 
-#endif
-
 #define ED25519_BASE64_LEN 43
 
 int ed25519_public_from_base64(ed25519_public_key_t *pkey,

src/common/include.am

@@ -54,12 +54,6 @@ endif
 
 LIBDONNA += $(LIBED25519_REF10)
 
-if CURVE25519_ENABLED
-libcrypto_extra_source = \
-	src/common/crypto_curve25519.c \
-	src/common/crypto_ed25519.c
-endif
-
 LIBOR_A_SOURCES = \
   src/common/address.c					\
   src/common/backtrace.c				\
@@ -85,8 +79,9 @@ LIBOR_CRYPTO_A_SOURCES = \
   src/common/crypto_format.c	\
   src/common/torgzip.c		\
   src/common/tortls.c		\
-  src/trunnel/pwbox.c	 	\
-  $(libcrypto_extra_source)
+  src/trunnel/pwbox.c		\
+  src/common/crypto_curve25519.c \
+  src/common/crypto_ed25519.c
 
 LIBOR_EVENT_A_SOURCES = \
 	src/common/compat_libevent.c \

src/or/circuitbuild.c

@@ -59,9 +59,7 @@ static crypt_path_t *onion_next_hop_in_cpath(crypt_path_t *cpath);
 static int onion_extend_cpath(origin_circuit_t *circ);
 static int count_acceptable_nodes(smartlist_t *routers);
 static int onion_append_hop(crypt_path_t **head_ptr, extend_info_t *choice);
-#ifdef CURVE25519_ENABLED
 static int circuits_can_use_ntor(void);
-#endif
 
 /** This function tries to get a channel to the specified endpoint,
  * and then calls command_setup_channel() to give it the right
@@ -368,7 +366,6 @@ circuit_rep_hist_note_result(origin_circuit_t *circ)
   } while (hop!=circ->cpath);
 }
 
-#ifdef CURVE25519_ENABLED
 /** Return 1 iff at least one node in circ's cpath supports ntor. */
 static int
 circuit_cpath_supports_ntor(const origin_circuit_t *circ)
@@ -388,9 +385,6 @@ circuit_cpath_supports_ntor(const origin_circuit_t *circ)
 
   return 0;
 }
-#else
-#define circuit_cpath_supports_ntor(circ) 0
-#endif
 
 /** Pick all the entries in our cpath. Stop and return 0 when we're
  * happy, or return -1 if an error occurs. */
@@ -398,11 +392,7 @@ static int
 onion_populate_cpath(origin_circuit_t *circ)
 {
   int n_tries = 0;
-#ifdef CURVE25519_ENABLED
   const int using_ntor = circuits_can_use_ntor();
-#else
-  const int using_ntor = 0;
-#endif
 
 #define MAX_POPULATE_ATTEMPTS 32
 
@@ -772,7 +762,6 @@ circuit_timeout_want_to_count_circ(origin_circuit_t *circ)
           && circ->build_state->desired_path_len == DEFAULT_ROUTE_LEN;
 }
 
-#ifdef CURVE25519_ENABLED
 /** Return true if the ntor handshake is enabled in the configuration, or if
  * it's been set to "auto" in the configuration and it's enabled in the
  * consensus. */
@@ -784,7 +773,6 @@ circuits_can_use_ntor(void)
     return options->UseNTorHandshake;
   return networkstatus_get_param(NULL, "UseNTorHandshake", 0, 0, 1);
 }
-#endif
 
 /** Decide whether to use a TAP or ntor handshake for connecting to <b>ei</b>
  * directly, and set *<b>cell_type_out</b> and *<b>handshake_type_out</b>
@@ -794,7 +782,6 @@ circuit_pick_create_handshake(uint8_t *cell_type_out,
                               uint16_t *handshake_type_out,
                               const extend_info_t *ei)
 {
-#ifdef CURVE25519_ENABLED
   if (!tor_mem_is_zero((const char*)ei->curve25519_onion_key.public_key,
                        CURVE25519_PUBKEY_LEN) &&
       circuits_can_use_ntor()) {
@@ -802,9 +789,6 @@ circuit_pick_create_handshake(uint8_t *cell_type_out,
     *handshake_type_out = ONION_HANDSHAKE_TYPE_NTOR;
     return;
   }
-#else
-  (void) ei;
-#endif
 
   *cell_type_out = CELL_CREATE;
   *handshake_type_out = ONION_HANDSHAKE_TYPE_TAP;
@@ -2198,13 +2182,9 @@ extend_info_new(const char *nickname, const char *digest,
     strlcpy(info->nickname, nickname, sizeof(info->nickname));
   if (onion_key)
     info->onion_key = crypto_pk_dup_key(onion_key);
-#ifdef CURVE25519_ENABLED
   if (curve25519_key)
     memcpy(&info->curve25519_onion_key, curve25519_key,
            sizeof(curve25519_public_key_t));
-#else
-  (void)curve25519_key;
-#endif
   tor_addr_copy(&info->addr, addr);
   info->port = port;
   return info;

src/or/include.am

@@ -23,12 +23,6 @@ else
 evdns_source=src/ext/eventdns.c
 endif
 
-if CURVE25519_ENABLED
-onion_ntor_source=src/or/onion_ntor.c
-else
-onion_ntor_source=
-endif
-
 LIBTOR_A_SOURCES = \
 	src/or/addressmap.c				\
 	src/or/buffers.c				\
@@ -82,9 +76,9 @@ LIBTOR_A_SOURCES = \
 	src/or/routerset.c				\
 	src/or/statefile.c				\
 	src/or/status.c					\
+	src/or/onion_ntor.c				\
 	$(evdns_source)					\
 	$(tor_platform_source)				\
-	$(onion_ntor_source)				\
 	src/or/config_codedigest.c
 
 src_or_libtor_a_SOURCES = $(LIBTOR_A_SOURCES)

src/or/onion.c

@@ -111,15 +111,11 @@ have_room_for_onionskin(uint16_t type)
        (uint64_t)options->MaxOnionQueueDelay)
     return 0;
 
-#ifdef CURVE25519_ENABLED
   /* If we support the ntor handshake, then don't let TAP handshakes use
    * more than 2/3 of the space on the queue. */
   if (type == ONION_HANDSHAKE_TYPE_TAP &&
       tap_usec / 1000 > (uint64_t)options->MaxOnionQueueDelay * 2 / 3)
     return 0;
-#else
-  (void) type;
-#endif
 
   return 1;
 }
@@ -353,11 +349,9 @@ setup_server_onion_keys(server_onion_keys_t *keys)
   memset(keys, 0, sizeof(server_onion_keys_t));
   memcpy(keys->my_identity, router_get_my_id_digest(), DIGEST_LEN);
   dup_onion_keys(&keys->onion_key, &keys->last_onion_key);
-#ifdef CURVE25519_ENABLED
   keys->curve25519_key_map = construct_ntor_key_map();
   keys->junk_keypair = tor_malloc_zero(sizeof(curve25519_keypair_t));
   curve25519_keypair_generate(keys->junk_keypair, 0);
-#endif
 }
 
 /** Release all storage held in <b>keys</b>, but do not free <b>keys</b>
@@ -370,10 +364,8 @@ release_server_onion_keys(server_onion_keys_t *keys)
 
   crypto_pk_free(keys->onion_key);
   crypto_pk_free(keys->last_onion_key);
-#ifdef CURVE25519_ENABLED
   ntor_key_map_free(keys->curve25519_key_map);
   tor_free(keys->junk_keypair);
-#endif
   memset(keys, 0, sizeof(server_onion_keys_t));
 }
 
@@ -391,12 +383,10 @@ onion_handshake_state_release(onion_handshake_state_t *state)
     fast_handshake_state_free(state->u.fast);
     state->u.fast = NULL;
     break;
-#ifdef CURVE25519_ENABLED
   case ONION_HANDSHAKE_TYPE_NTOR:
     ntor_handshake_state_free(state->u.ntor);
     state->u.ntor = NULL;
     break;
-#endif
   default:
     log_warn(LD_BUG, "called with unknown handshake state type %d",
              (int)state->tag);
@@ -436,7 +426,6 @@ onion_skin_create(int type,
     r = CREATE_FAST_LEN;
     break;
   case ONION_HANDSHAKE_TYPE_NTOR:
-#ifdef CURVE25519_ENABLED
     if (tor_mem_is_zero((const char*)node->curve25519_onion_key.public_key,
                         CURVE25519_PUBKEY_LEN))
       return -1;
@@ -447,9 +436,6 @@ onion_skin_create(int type,
       return -1;
 
     r = NTOR_ONIONSKIN_LEN;
-#else
-    return -1;
-#endif
     break;
   default:
     log_warn(LD_BUG, "called with unknown handshake state type %d", type);
@@ -501,7 +487,6 @@ onion_skin_server_handshake(int type,
     memcpy(rend_nonce_out, reply_out+DIGEST_LEN, DIGEST_LEN);
     break;
   case ONION_HANDSHAKE_TYPE_NTOR:
-#ifdef CURVE25519_ENABLED
     if (onionskin_len < NTOR_ONIONSKIN_LEN)
       return -1;
     {
@@ -522,9 +507,6 @@ onion_skin_server_handshake(int type,
       tor_free(keys_tmp);
       r = NTOR_REPLY_LEN;
     }
-#else
-    return -1;
-#endif
     break;
   default:
     log_warn(LD_BUG, "called with unknown handshake state type %d", type);
@@ -577,7 +559,6 @@ onion_skin_client_handshake(int type,
 
     memcpy(rend_authenticator_out, reply+DIGEST_LEN, DIGEST_LEN);
     return 0;
-#ifdef CURVE25519_ENABLED
   case ONION_HANDSHAKE_TYPE_NTOR:
     if (reply_len < NTOR_REPLY_LEN) {
       log_warn(LD_CIRC, "ntor reply was not of the correct length.");
@@ -598,7 +579,6 @@ onion_skin_client_handshake(int type,
       tor_free(keys_tmp);
     }
     return 0;
-#endif
   default:
     log_warn(LD_BUG, "called with unknown handshake state type %d", type);
     tor_fragile_assert();
@@ -637,12 +617,10 @@ check_create_cell(const create_cell_t *cell, int unknown_ok)
     if (cell->handshake_len != CREATE_FAST_LEN)
       return -1;
     break;
-#ifdef CURVE25519_ENABLED
   case ONION_HANDSHAKE_TYPE_NTOR:
     if (cell->handshake_len != NTOR_ONIONSKIN_LEN)
       return -1;
     break;
-#endif
   default:
     if (! unknown_ok)
       return -1;

src/or/onion.h

@@ -23,10 +23,8 @@ typedef struct server_onion_keys_t {
   uint8_t my_identity[DIGEST_LEN];
   crypto_pk_t *onion_key;
   crypto_pk_t *last_onion_key;
-#ifdef CURVE25519_ENABLED
   di_digest256_map_t *curve25519_key_map;
   curve25519_keypair_t *junk_keypair;
-#endif
 } server_onion_keys_t;
 
 #define MAX_ONIONSKIN_CHALLENGE_LEN 255

src/or/onion_ntor.h

@@ -17,7 +17,6 @@ typedef struct ntor_handshake_state_t ntor_handshake_state_t;
 /** Length of an ntor reply, as sent from server to client. */
 #define NTOR_REPLY_LEN 64
 
-#ifdef CURVE25519_ENABLED
 void ntor_handshake_state_free(ntor_handshake_state_t *state);
 
 int onion_skin_ntor_create(const uint8_t *router_id,
@@ -59,5 +58,3 @@ struct ntor_handshake_state_t {
 
 #endif
 
-#endif
-

src/or/or.h

@@ -2554,9 +2554,7 @@ typedef struct extend_info_t {
   uint16_t port; /**< OR port. */
   tor_addr_t addr; /**< IP address. */
   crypto_pk_t *onion_key; /**< Current onionskin key. */
-#ifdef CURVE25519_ENABLED
   curve25519_public_key_t curve25519_onion_key;
-#endif
 } extend_info_t;
 
 /** Certificate for v3 directory protocol: binds long-term authority identity

src/or/router.c

@@ -55,13 +55,11 @@ static crypto_pk_t *onionkey=NULL;
 /** Previous private onionskin decryption key: used to decode CREATE cells
  * generated by clients that have an older version of our descriptor. */
 static crypto_pk_t *lastonionkey=NULL;
-#ifdef CURVE25519_ENABLED
 /** Current private ntor secret key: used to perform the ntor handshake. */
 static curve25519_keypair_t curve25519_onion_key;
 /** Previous private ntor secret key: used to perform the ntor handshake
  * with clients that have an older version of our descriptor. */
 static curve25519_keypair_t last_curve25519_onion_key;
-#endif
 /** Private server "identity key": used to sign directory info and TLS
  * certificates. Never changes. */
 static crypto_pk_t *server_identitykey=NULL;
@@ -134,7 +132,6 @@ dup_onion_keys(crypto_pk_t **key, crypto_pk_t **last)
   tor_mutex_release(key_lock);
 }
 
-#ifdef CURVE25519_ENABLED
 /** Return the current secret onion key for the ntor handshake. Must only
  * be called from the main thread. */
 static const curve25519_keypair_t *
@@ -181,7 +178,6 @@ ntor_key_map_free(di_digest256_map_t *map)
     return;
   dimap_free(map, ntor_key_map_free_helper);
 }
-#endif
 
 /** Return the time when the onion key was last set.  This is either the time
  * when the process launched, or the time of the most recent key rotation since
@@ -313,9 +309,7 @@ rotate_onion_key(void)
   char *fname, *fname_prev;
   crypto_pk_t *prkey = NULL;
   or_state_t *state = get_or_state();
-#ifdef CURVE25519_ENABLED
   curve25519_keypair_t new_curve25519_keypair;
-#endif
   time_t now;
   fname = get_datadir_fname2("keys", "secret_onion_key");
   fname_prev = get_datadir_fname2("keys", "secret_onion_key.old");
@@ -335,7 +329,6 @@ rotate_onion_key(void)
     log_err(LD_FS,"Couldn't write generated onion key to \"%s\".", fname);
     goto error;
   }
-#ifdef CURVE25519_ENABLED
   tor_free(fname);
   tor_free(fname_prev);
   fname = get_datadir_fname2("keys", "secret_onion_key_ntor");
@@ -351,18 +344,15 @@ rotate_onion_key(void)
     log_err(LD_FS,"Couldn't write curve25519 onion key to \"%s\".",fname);
     goto error;
   }
-#endif
   log_info(LD_GENERAL, "Rotating onion key");
   tor_mutex_acquire(key_lock);
   crypto_pk_free(lastonionkey);
   lastonionkey = onionkey;
   onionkey = prkey;
-#ifdef CURVE25519_ENABLED
   memcpy(&last_curve25519_onion_key, &curve25519_onion_key,
          sizeof(curve25519_keypair_t));
   memcpy(&curve25519_onion_key, &new_curve25519_keypair,
          sizeof(curve25519_keypair_t));
-#endif
   now = time(NULL);
   state->LastRotatedOnionKey = onionkey_set_at = now;
   tor_mutex_release(key_lock);
@@ -374,9 +364,7 @@ rotate_onion_key(void)
   if (prkey)
     crypto_pk_free(prkey);
  done:
-#ifdef CURVE25519_ENABLED
   memwipe(&new_curve25519_keypair, 0, sizeof(new_curve25519_keypair));
-#endif
   tor_free(fname);
   tor_free(fname_prev);
 }
@@ -450,7 +438,6 @@ init_key_from_file(const char *fname, int generate, int severity)
   return NULL;
 }
 
-#ifdef CURVE25519_ENABLED
 /** Load a curve25519 keypair from the file <b>fname</b>, writing it into
  * <b>keys_out</b>.  If the file isn't found and <b>generate</b> is true,
  * create a new keypair and write it into the file.  If there are errors, log
@@ -519,7 +506,6 @@ init_curve25519_keypair_from_file(curve25519_keypair_t *keys_out,
  error:
   return -1;
 }
-#endif
 
 /** Try to load the vote-signing private key and certificate for being a v3
  * directory authority, and make sure they match.  If <b>legacy</b>, load a
@@ -875,7 +861,6 @@ init_keys(void)
   }
   tor_free(keydir);
 
-#ifdef CURVE25519_ENABLED
   {
     /* 2b. Load curve25519 onion keys. */
     int r;
@@ -896,7 +881,6 @@ init_keys(void)
     }
     tor_free(keydir);
   }
-#endif
 
   /* 3. Initialize link key and TLS context. */
   if (router_initialize_tls_context() < 0) {
@@ -1806,11 +1790,9 @@ router_rebuild_descriptor(int force)
   ri->cache_info.published_on = time(NULL);
   ri->onion_pkey = crypto_pk_dup_key(get_onion_key()); /* must invoke from
                                                         * main thread */
-#ifdef CURVE25519_ENABLED
   ri->onion_curve25519_pkey =
     tor_memdup(&get_current_curve25519_keypair()->pubkey,
                sizeof(curve25519_public_key_t));
-#endif
 
   /* For now, at most one IPv6 or-address is being advertised. */
   {
@@ -2389,7 +2371,6 @@ router_dump_router_to_string(routerinfo_t *router,
     smartlist_add_asprintf(chunks, "contact %s\n", ci);
   }
 
-#ifdef CURVE25519_ENABLED
   if (router->onion_curve25519_pkey) {
     char kbuf[128];
     base64_encode(kbuf, sizeof(kbuf),
@@ -2397,7 +2378,6 @@ router_dump_router_to_string(routerinfo_t *router,
                   CURVE25519_PUBKEY_LEN);
     smartlist_add_asprintf(chunks, "ntor-onion-key %s", kbuf);
   }
-#endif
 
   /* Write the exit policy to the end of 's'. */
   if (!router->exit_policy || !smartlist_len(router->exit_policy)) {
@@ -3073,10 +3053,8 @@ router_free_all(void)
   crypto_pk_free(legacy_signing_key);
   authority_cert_free(legacy_key_certificate);
 
-#ifdef CURVE25519_ENABLED
   memwipe(&curve25519_onion_key, 0, sizeof(curve25519_onion_key));
   memwipe(&last_curve25519_onion_key, 0, sizeof(last_curve25519_onion_key));
-#endif
 
   if (warned_nonexistent_family) {
     SMARTLIST_FOREACH(warned_nonexistent_family, char *, cp, tor_free(cp));

src/or/router.h

@@ -32,10 +32,8 @@ crypto_pk_t *init_key_from_file(const char *fname, int generate,
                                     int severity);
 void v3_authority_check_key_expiry(void);
 
-#ifdef CURVE25519_ENABLED
 di_digest256_map_t *construct_ntor_key_map(void);
 void ntor_key_map_free(di_digest256_map_t *map);
-#endif
 
 int router_initialize_tls_context(void);
 int init_keys(void);

src/test/bench.c

@@ -26,10 +26,8 @@ const char tor_git_revision[] = "";
 #endif
 
 #include "config.h"
-#ifdef CURVE25519_ENABLED
 #include "crypto_curve25519.h"
 #include "onion_ntor.h"
-#endif
 #include "crypto_ed25519.h"
 
 #if defined(HAVE_CLOCK_GETTIME) && defined(CLOCK_PROCESS_CPUTIME_ID)
@@ -179,7 +177,6 @@ bench_onion_TAP(void)
   crypto_pk_free(key2);
 }
 
-#ifdef CURVE25519_ENABLED
 static void
 bench_onion_ntor(void)
 {
@@ -293,7 +290,6 @@ bench_ed25519(void)
   printf("Blind a public key: %.2f usec\n",
          MICROCOUNT(start, end, iters));
 }
-#endif
 
 static void
 bench_cell_aes(void)
@@ -573,10 +569,9 @@ static struct benchmark_t benchmarks[] = {
   ENT(siphash),
   ENT(aes),
   ENT(onion_TAP),
-#ifdef CURVE25519_ENABLED
   ENT(onion_ntor),
   ENT(ed25519),
-#endif
+
   ENT(cell_aes),
   ENT(cell_ops),
   ENT(dh),

src/test/include.am

@@ -80,7 +80,6 @@ noinst_HEADERS+= \
 	src/test/failing_routerdescs.inc \
 	src/test/ed25519_vectors.inc
 
-if CURVE25519_ENABLED
 noinst_PROGRAMS+= src/test/test-ntor-cl
 src_test_test_ntor_cl_SOURCES  = src/test/test_ntor_cl.c
 src_test_test_ntor_cl_LDFLAGS = @TOR_LDFLAGS_zlib@ @TOR_LDFLAGS_openssl@
@@ -91,9 +90,6 @@ src_test_test_ntor_cl_LDADD = src/or/libtor.a src/common/libor.a \
 src_test_test_ntor_cl_AM_CPPFLAGS =	       \
 	-I"$(top_srcdir)/src/or"
 NTOR_TEST_DEPS=src/test/test-ntor-cl
-else
-NTOR_TEST_DEPS=
-endif
 
 if COVERAGE_ENABLED
 CMDLINE_TEST_TOR = ./src/or/tor-cov
@@ -113,10 +109,8 @@ src_test_test_bt_cl_CPPFLAGS= $(src_test_AM_CPPFLAGS)
 check-local: $(NTOR_TEST_DEPS) $(CMDLINE_TEST_TOR)
 if USEPYTHON
 	$(PYTHON) $(top_srcdir)/src/test/test_cmdline_args.py $(CMDLINE_TEST_TOR) "${top_srcdir}"
-if CURVE25519_ENABLED
 	$(PYTHON) $(top_srcdir)/src/test/ntor_ref.py test-tor
 	$(PYTHON) $(top_srcdir)/src/test/ntor_ref.py self-test
-endif
 	./src/test/test-bt-cl assert | $(PYTHON) $(top_srcdir)/src/test/bt_test.py
 	./src/test/test-bt-cl crash | $(PYTHON) $(top_srcdir)/src/test/bt_test.py
 endif

src/test/test.c

@@ -64,10 +64,8 @@ double fabs(double x);
 #include "rephist.h"
 #include "routerparse.h"
 #include "statefile.h"
-#ifdef CURVE25519_ENABLED
 #include "crypto_curve25519.h"
 #include "onion_ntor.h"
-#endif
 
 #ifdef USE_DMALLOC
 #include <dmalloc.h>
@@ -365,7 +363,6 @@ test_bad_onion_handshake(void *arg)
   crypto_pk_free(pk2);
 }
 
-#ifdef CURVE25519_ENABLED
 static void
 test_ntor_handshake(void *arg)
 {
@@ -417,7 +414,6 @@ test_ntor_handshake(void *arg)
   ntor_handshake_state_free(c_state);
   dimap_free(s_keymap, NULL);
 }
-#endif
 
 /** Run unit tests for the onion queues. */
 static void
@@ -1267,9 +1263,7 @@ static struct testcase_t test_array[] = {
   ENT(onion_handshake),
   { "bad_onion_handshake", test_bad_onion_handshake, 0, NULL, NULL },
   ENT(onion_queues),
-#ifdef CURVE25519_ENABLED
   { "ntor_handshake", test_ntor_handshake, 0, NULL, NULL },
-#endif
   ENT(circuit_timeout),
   ENT(rend_fns),
   ENT(geoip),

src/test/test_cell_formats.c

@@ -445,7 +445,6 @@ test_cfmt_create_cells(void *arg)
   cell.command = CELL_CREATE2;
   memcpy(cell.payload, "\x00\x02\x00\x54", 4); /* ntor, 84 bytes long */
   memcpy(cell.payload+4, b, NTOR_ONIONSKIN_LEN);
-#ifdef CURVE25519_ENABLED
   tt_int_op(0, ==, create_cell_parse(&cc, &cell));
   tt_int_op(CELL_CREATE2, ==, cc.cell_type);
   tt_int_op(ONION_HANDSHAKE_TYPE_NTOR, ==, cc.handshake_type);
@@ -454,9 +453,6 @@ test_cfmt_create_cells(void *arg)
   tt_int_op(0, ==, create_cell_format(&cell2, &cc));
   tt_int_op(cell.command, ==, cell2.command);
   tt_mem_op(cell.payload,==, cell2.payload, CELL_PAYLOAD_SIZE);
-#else
-  tt_int_op(-1, ==, create_cell_parse(&cc, &cell));
-#endif
 
   /* A valid create cell with an ntor payload, in legacy format. */
   memset(&cell, 0, sizeof(cell));
@@ -465,7 +461,6 @@ test_cfmt_create_cells(void *arg)
   cell.command = CELL_CREATE;
   memcpy(cell.payload, "ntorNTORntorNTOR", 16);
   memcpy(cell.payload+16, b, NTOR_ONIONSKIN_LEN);
-#ifdef CURVE25519_ENABLED
   tt_int_op(0, ==, create_cell_parse(&cc, &cell));
   tt_int_op(CELL_CREATE, ==, cc.cell_type);
   tt_int_op(ONION_HANDSHAKE_TYPE_NTOR, ==, cc.handshake_type);
@@ -474,9 +469,6 @@ test_cfmt_create_cells(void *arg)
   tt_int_op(0, ==, create_cell_format(&cell2, &cc));
   tt_int_op(cell.command, ==, cell2.command);
   tt_mem_op(cell.payload,==, cell2.payload, CELL_PAYLOAD_SIZE);
-#else
-  tt_int_op(-1, ==, create_cell_parse(&cc, &cell));
-#endif
 
   /* == Okay, now let's try to parse some impossible stuff. */
 

src/test/test_crypto.c

@@ -11,9 +11,7 @@
 #include "aes.h"
 #include "util.h"
 #include "siphash.h"
-#ifdef CURVE25519_ENABLED
 #include "crypto_curve25519.h"
-#endif
 #include "crypto_ed25519.h"
 #include "ed25519_vectors.inc"
 #include "crypto_s2k.h"
@@ -1332,7 +1330,6 @@ test_crypto_hkdf_sha256(void *arg)
 #undef EXPAND
 }
 
-#ifdef CURVE25519_ENABLED
 static void
 test_crypto_curve25519_impl(void *arg)
 {
@@ -1876,7 +1873,6 @@ test_crypto_ed25519_testvectors(void *arg)
  done:
   tor_free(mem_op_hex_tmp);
 }
-#endif /* CURVE25519_ENABLED */
 
 static void
 test_crypto_siphash(void *arg)
@@ -2025,7 +2021,6 @@ struct testcase_t crypto_tests[] = {
   CRYPTO_LEGACY(base32_decode),
   { "kdf_TAP", test_crypto_kdf_TAP, 0, NULL, NULL },
   { "hkdf_sha256", test_crypto_hkdf_sha256, 0, NULL, NULL },
-#ifdef CURVE25519_ENABLED
   { "curve25519_impl", test_crypto_curve25519_impl, 0, NULL, NULL },
   { "curve25519_impl_hibit", test_crypto_curve25519_impl, 0, NULL, (void*)"y"},
   { "curve25519_wrappers", test_crypto_curve25519_wrappers, 0, NULL, NULL },
@@ -2037,7 +2032,6 @@ struct testcase_t crypto_tests[] = {
   { "ed25519_convert", test_crypto_ed25519_convert, 0, NULL, NULL },
   { "ed25519_blinding", test_crypto_ed25519_blinding, 0, NULL, NULL },
   { "ed25519_testvectors", test_crypto_ed25519_testvectors, 0, NULL, NULL },
-#endif
   { "siphash", test_crypto_siphash, 0, NULL, NULL },
   END_OF_TESTCASES
 };

src/test/test_dir.c

@@ -216,10 +216,8 @@ test_dir_formats(void *arg)
   strlcat(buf2, "signing-key\n", sizeof(buf2));
   strlcat(buf2, pk1_str, sizeof(buf2));
   strlcat(buf2, "hidden-service-dir\n", sizeof(buf2));
-#ifdef CURVE25519_ENABLED
   strlcat(buf2, "ntor-onion-key "
           "skyinAnvardNostarsNomoonNowindormistsorsnow=\n", sizeof(buf2));
-#endif
   strlcat(buf2, "accept *:80\nreject 18.0.0.0/8:24\n", sizeof(buf2));
   strlcat(buf2, "router-signature\n", sizeof(buf2));
 
@@ -239,11 +237,9 @@ test_dir_formats(void *arg)
   tt_int_op(rp2->bandwidthrate,==, r2->bandwidthrate);
   tt_int_op(rp2->bandwidthburst,==, r2->bandwidthburst);
   tt_int_op(rp2->bandwidthcapacity,==, r2->bandwidthcapacity);
-#ifdef CURVE25519_ENABLED
   tt_mem_op(rp2->onion_curve25519_pkey->public_key,==,
              r2->onion_curve25519_pkey->public_key,
              CURVE25519_PUBKEY_LEN);
-#endif
   tt_assert(crypto_pk_cmp_keys(rp2->onion_pkey, pk2) == 0);
   tt_assert(crypto_pk_cmp_keys(rp2->identity_pkey, pk1) == 0);
 

src/test/test_ntor_cl.c

@@ -13,10 +13,6 @@
 #include "crypto_curve25519.h"
 #include "onion_ntor.h"
 
-#ifndef CURVE25519_ENABLED
-#error "This isn't going to work without curve25519."
-#endif
-
 #define N_ARGS(n) STMT_BEGIN {                                  \
     if (argc < (n)) {                                           \
       fprintf(stderr, "%s needs %d arguments.\n",argv[1],n);    \

src/win32/orconfig.h

@@ -244,7 +244,6 @@
 #define SHARE_DATADIR ""
 #define HAVE_EVENT2_DNS_H
 #define HAVE_EVENT_BASE_LOOPEXIT
-#define CURVE25519_ENABLED
 #define USE_CURVE25519_DONNA
 
 #define ENUM_VALS_ARE_SIGNED 1