|
@@ -55,13 +55,11 @@ static crypto_pk_t *onionkey=NULL;
|
|
/** Previous private onionskin decryption key: used to decode CREATE cells
|
|
/** Previous private onionskin decryption key: used to decode CREATE cells
|
|
* generated by clients that have an older version of our descriptor. */
|
|
* generated by clients that have an older version of our descriptor. */
|
|
static crypto_pk_t *lastonionkey=NULL;
|
|
static crypto_pk_t *lastonionkey=NULL;
|
|
-#ifdef CURVE25519_ENABLED
|
|
|
|
/** Current private ntor secret key: used to perform the ntor handshake. */
|
|
/** Current private ntor secret key: used to perform the ntor handshake. */
|
|
static curve25519_keypair_t curve25519_onion_key;
|
|
static curve25519_keypair_t curve25519_onion_key;
|
|
/** Previous private ntor secret key: used to perform the ntor handshake
|
|
/** Previous private ntor secret key: used to perform the ntor handshake
|
|
* with clients that have an older version of our descriptor. */
|
|
* with clients that have an older version of our descriptor. */
|
|
static curve25519_keypair_t last_curve25519_onion_key;
|
|
static curve25519_keypair_t last_curve25519_onion_key;
|
|
-#endif
|
|
|
|
/** Private server "identity key": used to sign directory info and TLS
|
|
/** Private server "identity key": used to sign directory info and TLS
|
|
* certificates. Never changes. */
|
|
* certificates. Never changes. */
|
|
static crypto_pk_t *server_identitykey=NULL;
|
|
static crypto_pk_t *server_identitykey=NULL;
|
|
@@ -134,7 +132,6 @@ dup_onion_keys(crypto_pk_t **key, crypto_pk_t **last)
|
|
tor_mutex_release(key_lock);
|
|
tor_mutex_release(key_lock);
|
|
}
|
|
}
|
|
|
|
|
|
-#ifdef CURVE25519_ENABLED
|
|
|
|
/** Return the current secret onion key for the ntor handshake. Must only
|
|
/** Return the current secret onion key for the ntor handshake. Must only
|
|
* be called from the main thread. */
|
|
* be called from the main thread. */
|
|
static const curve25519_keypair_t *
|
|
static const curve25519_keypair_t *
|
|
@@ -181,7 +178,6 @@ ntor_key_map_free(di_digest256_map_t *map)
|
|
return;
|
|
return;
|
|
dimap_free(map, ntor_key_map_free_helper);
|
|
dimap_free(map, ntor_key_map_free_helper);
|
|
}
|
|
}
|
|
-#endif
|
|
|
|
|
|
|
|
/** Return the time when the onion key was last set. This is either the time
|
|
/** Return the time when the onion key was last set. This is either the time
|
|
* when the process launched, or the time of the most recent key rotation since
|
|
* when the process launched, or the time of the most recent key rotation since
|
|
@@ -313,9 +309,7 @@ rotate_onion_key(void)
|
|
char *fname, *fname_prev;
|
|
char *fname, *fname_prev;
|
|
crypto_pk_t *prkey = NULL;
|
|
crypto_pk_t *prkey = NULL;
|
|
or_state_t *state = get_or_state();
|
|
or_state_t *state = get_or_state();
|
|
-#ifdef CURVE25519_ENABLED
|
|
|
|
curve25519_keypair_t new_curve25519_keypair;
|
|
curve25519_keypair_t new_curve25519_keypair;
|
|
-#endif
|
|
|
|
time_t now;
|
|
time_t now;
|
|
fname = get_datadir_fname2("keys", "secret_onion_key");
|
|
fname = get_datadir_fname2("keys", "secret_onion_key");
|
|
fname_prev = get_datadir_fname2("keys", "secret_onion_key.old");
|
|
fname_prev = get_datadir_fname2("keys", "secret_onion_key.old");
|
|
@@ -335,7 +329,6 @@ rotate_onion_key(void)
|
|
log_err(LD_FS,"Couldn't write generated onion key to \"%s\".", fname);
|
|
log_err(LD_FS,"Couldn't write generated onion key to \"%s\".", fname);
|
|
goto error;
|
|
goto error;
|
|
}
|
|
}
|
|
-#ifdef CURVE25519_ENABLED
|
|
|
|
tor_free(fname);
|
|
tor_free(fname);
|
|
tor_free(fname_prev);
|
|
tor_free(fname_prev);
|
|
fname = get_datadir_fname2("keys", "secret_onion_key_ntor");
|
|
fname = get_datadir_fname2("keys", "secret_onion_key_ntor");
|
|
@@ -351,18 +344,15 @@ rotate_onion_key(void)
|
|
log_err(LD_FS,"Couldn't write curve25519 onion key to \"%s\".",fname);
|
|
log_err(LD_FS,"Couldn't write curve25519 onion key to \"%s\".",fname);
|
|
goto error;
|
|
goto error;
|
|
}
|
|
}
|
|
-#endif
|
|
|
|
log_info(LD_GENERAL, "Rotating onion key");
|
|
log_info(LD_GENERAL, "Rotating onion key");
|
|
tor_mutex_acquire(key_lock);
|
|
tor_mutex_acquire(key_lock);
|
|
crypto_pk_free(lastonionkey);
|
|
crypto_pk_free(lastonionkey);
|
|
lastonionkey = onionkey;
|
|
lastonionkey = onionkey;
|
|
onionkey = prkey;
|
|
onionkey = prkey;
|
|
-#ifdef CURVE25519_ENABLED
|
|
|
|
memcpy(&last_curve25519_onion_key, &curve25519_onion_key,
|
|
memcpy(&last_curve25519_onion_key, &curve25519_onion_key,
|
|
sizeof(curve25519_keypair_t));
|
|
sizeof(curve25519_keypair_t));
|
|
memcpy(&curve25519_onion_key, &new_curve25519_keypair,
|
|
memcpy(&curve25519_onion_key, &new_curve25519_keypair,
|
|
sizeof(curve25519_keypair_t));
|
|
sizeof(curve25519_keypair_t));
|
|
-#endif
|
|
|
|
now = time(NULL);
|
|
now = time(NULL);
|
|
state->LastRotatedOnionKey = onionkey_set_at = now;
|
|
state->LastRotatedOnionKey = onionkey_set_at = now;
|
|
tor_mutex_release(key_lock);
|
|
tor_mutex_release(key_lock);
|
|
@@ -374,9 +364,7 @@ rotate_onion_key(void)
|
|
if (prkey)
|
|
if (prkey)
|
|
crypto_pk_free(prkey);
|
|
crypto_pk_free(prkey);
|
|
done:
|
|
done:
|
|
-#ifdef CURVE25519_ENABLED
|
|
|
|
memwipe(&new_curve25519_keypair, 0, sizeof(new_curve25519_keypair));
|
|
memwipe(&new_curve25519_keypair, 0, sizeof(new_curve25519_keypair));
|
|
-#endif
|
|
|
|
tor_free(fname);
|
|
tor_free(fname);
|
|
tor_free(fname_prev);
|
|
tor_free(fname_prev);
|
|
}
|
|
}
|
|
@@ -450,7 +438,6 @@ init_key_from_file(const char *fname, int generate, int severity)
|
|
return NULL;
|
|
return NULL;
|
|
}
|
|
}
|
|
|
|
|
|
-#ifdef CURVE25519_ENABLED
|
|
|
|
/** Load a curve25519 keypair from the file <b>fname</b>, writing it into
|
|
/** Load a curve25519 keypair from the file <b>fname</b>, writing it into
|
|
* <b>keys_out</b>. If the file isn't found and <b>generate</b> is true,
|
|
* <b>keys_out</b>. If the file isn't found and <b>generate</b> is true,
|
|
* create a new keypair and write it into the file. If there are errors, log
|
|
* create a new keypair and write it into the file. If there are errors, log
|
|
@@ -519,7 +506,6 @@ init_curve25519_keypair_from_file(curve25519_keypair_t *keys_out,
|
|
error:
|
|
error:
|
|
return -1;
|
|
return -1;
|
|
}
|
|
}
|
|
-#endif
|
|
|
|
|
|
|
|
/** Try to load the vote-signing private key and certificate for being a v3
|
|
/** Try to load the vote-signing private key and certificate for being a v3
|
|
* directory authority, and make sure they match. If <b>legacy</b>, load a
|
|
* directory authority, and make sure they match. If <b>legacy</b>, load a
|
|
@@ -875,7 +861,6 @@ init_keys(void)
|
|
}
|
|
}
|
|
tor_free(keydir);
|
|
tor_free(keydir);
|
|
|
|
|
|
-#ifdef CURVE25519_ENABLED
|
|
|
|
{
|
|
{
|
|
/* 2b. Load curve25519 onion keys. */
|
|
/* 2b. Load curve25519 onion keys. */
|
|
int r;
|
|
int r;
|
|
@@ -896,7 +881,6 @@ init_keys(void)
|
|
}
|
|
}
|
|
tor_free(keydir);
|
|
tor_free(keydir);
|
|
}
|
|
}
|
|
-#endif
|
|
|
|
|
|
|
|
/* 3. Initialize link key and TLS context. */
|
|
/* 3. Initialize link key and TLS context. */
|
|
if (router_initialize_tls_context() < 0) {
|
|
if (router_initialize_tls_context() < 0) {
|
|
@@ -1806,11 +1790,9 @@ router_rebuild_descriptor(int force)
|
|
ri->cache_info.published_on = time(NULL);
|
|
ri->cache_info.published_on = time(NULL);
|
|
ri->onion_pkey = crypto_pk_dup_key(get_onion_key()); /* must invoke from
|
|
ri->onion_pkey = crypto_pk_dup_key(get_onion_key()); /* must invoke from
|
|
* main thread */
|
|
* main thread */
|
|
-#ifdef CURVE25519_ENABLED
|
|
|
|
ri->onion_curve25519_pkey =
|
|
ri->onion_curve25519_pkey =
|
|
tor_memdup(&get_current_curve25519_keypair()->pubkey,
|
|
tor_memdup(&get_current_curve25519_keypair()->pubkey,
|
|
sizeof(curve25519_public_key_t));
|
|
sizeof(curve25519_public_key_t));
|
|
-#endif
|
|
|
|
|
|
|
|
/* For now, at most one IPv6 or-address is being advertised. */
|
|
/* For now, at most one IPv6 or-address is being advertised. */
|
|
{
|
|
{
|
|
@@ -2389,7 +2371,6 @@ router_dump_router_to_string(routerinfo_t *router,
|
|
smartlist_add_asprintf(chunks, "contact %s\n", ci);
|
|
smartlist_add_asprintf(chunks, "contact %s\n", ci);
|
|
}
|
|
}
|
|
|
|
|
|
-#ifdef CURVE25519_ENABLED
|
|
|
|
if (router->onion_curve25519_pkey) {
|
|
if (router->onion_curve25519_pkey) {
|
|
char kbuf[128];
|
|
char kbuf[128];
|
|
base64_encode(kbuf, sizeof(kbuf),
|
|
base64_encode(kbuf, sizeof(kbuf),
|
|
@@ -2397,7 +2378,6 @@ router_dump_router_to_string(routerinfo_t *router,
|
|
CURVE25519_PUBKEY_LEN);
|
|
CURVE25519_PUBKEY_LEN);
|
|
smartlist_add_asprintf(chunks, "ntor-onion-key %s", kbuf);
|
|
smartlist_add_asprintf(chunks, "ntor-onion-key %s", kbuf);
|
|
}
|
|
}
|
|
-#endif
|
|
|
|
|
|
|
|
/* Write the exit policy to the end of 's'. */
|
|
/* Write the exit policy to the end of 's'. */
|
|
if (!router->exit_policy || !smartlist_len(router->exit_policy)) {
|
|
if (!router->exit_policy || !smartlist_len(router->exit_policy)) {
|
|
@@ -3073,10 +3053,8 @@ router_free_all(void)
|
|
crypto_pk_free(legacy_signing_key);
|
|
crypto_pk_free(legacy_signing_key);
|
|
authority_cert_free(legacy_key_certificate);
|
|
authority_cert_free(legacy_key_certificate);
|
|
|
|
|
|
-#ifdef CURVE25519_ENABLED
|
|
|
|
memwipe(&curve25519_onion_key, 0, sizeof(curve25519_onion_key));
|
|
memwipe(&curve25519_onion_key, 0, sizeof(curve25519_onion_key));
|
|
memwipe(&last_curve25519_onion_key, 0, sizeof(last_curve25519_onion_key));
|
|
memwipe(&last_curve25519_onion_key, 0, sizeof(last_curve25519_onion_key));
|
|
-#endif
|
|
|
|
|
|
|
|
if (warned_nonexistent_family) {
|
|
if (warned_nonexistent_family) {
|
|
SMARTLIST_FOREACH(warned_nonexistent_family, char *, cp, tor_free(cp));
|
|
SMARTLIST_FOREACH(warned_nonexistent_family, char *, cp, tor_free(cp));
|