|
@@ -56,8 +56,10 @@ static crypto_pk_t *onionkey=NULL;
|
|
|
* generated by clients that have an older version of our descriptor. */
|
|
|
static crypto_pk_t *lastonionkey=NULL;
|
|
|
#ifdef CURVE25519_ENABLED
|
|
|
-/**DOCDOC*/
|
|
|
+/** Current private ntor secret key: used to perform the ntor handshake. */
|
|
|
static curve25519_keypair_t curve25519_onion_key;
|
|
|
+/** Previous private ntor secret key: used to perform the ntor handshake
|
|
|
+ * with clients that have an older version of our descriptor. */
|
|
|
static curve25519_keypair_t last_curve25519_onion_key;
|
|
|
#endif
|
|
|
/** Private server "identity key": used to sign directory info and TLS
|
|
@@ -105,20 +107,6 @@ set_onion_key(crypto_pk_t *k)
|
|
|
mark_my_descriptor_dirty("set onion key");
|
|
|
}
|
|
|
|
|
|
-#if 0
|
|
|
-/**DOCDOC*/
|
|
|
-static void
|
|
|
-set_curve25519_onion_key(const curve25519_keypair_t *kp)
|
|
|
-{
|
|
|
- if (tor_memeq(&curve25519_onion_key, kp, sizeof(curve25519_keypair_t)))
|
|
|
- return;
|
|
|
-
|
|
|
- tor_mutex_acquire(key_lock);
|
|
|
- memcpy(&curve25519_onion_key, kp, sizeof(curve25519_keypair_t));
|
|
|
- tor_mutex_release(key_lock);
|
|
|
-}
|
|
|
-#endif
|
|
|
-
|
|
|
/** Return the current onion key. Requires that the onion key has been
|
|
|
* loaded or generated. */
|
|
|
crypto_pk_t *
|
|
@@ -147,12 +135,15 @@ dup_onion_keys(crypto_pk_t **key, crypto_pk_t **last)
|
|
|
}
|
|
|
|
|
|
#ifdef CURVE25519_ENABLED
|
|
|
-/**DOCDOC only in main thread*/
|
|
|
+/** Return the current secret onion key for the ntor handshake. Must only
|
|
|
+ * be called from the main thread. */
|
|
|
static const curve25519_keypair_t *
|
|
|
get_current_curve25519_keypair(void)
|
|
|
{
|
|
|
return &curve25519_onion_key;
|
|
|
}
|
|
|
+/** Return a map from KEYID (the key itself) to keypairs for use in the ntor
|
|
|
+ * handshake. Must only be called from the main thread. */
|
|
|
di_digest256_map_t *
|
|
|
construct_ntor_key_map(void)
|
|
|
{
|
|
@@ -173,6 +164,8 @@ construct_ntor_key_map(void)
|
|
|
|
|
|
return m;
|
|
|
}
|
|
|
+/** Helper used to deallocate a di_digest256_map_t returned by
|
|
|
+ * construct_ntor_key_map. */
|
|
|
static void
|
|
|
ntor_key_map_free_helper(void *arg)
|
|
|
{
|
|
@@ -180,9 +173,12 @@ ntor_key_map_free_helper(void *arg)
|
|
|
memwipe(k, 0, sizeof(*k));
|
|
|
tor_free(k);
|
|
|
}
|
|
|
+/** Release all storage from a keymap returned by construct_ntor_key_map. */
|
|
|
void
|
|
|
ntor_key_map_free(di_digest256_map_t *map)
|
|
|
{
|
|
|
+ if (!map)
|
|
|
+ return;
|
|
|
dimap_free(map, ntor_key_map_free_helper);
|
|
|
}
|
|
|
#endif
|
|
@@ -453,7 +449,11 @@ init_key_from_file(const char *fname, int generate, int severity)
|
|
|
}
|
|
|
|
|
|
#ifdef CURVE25519_ENABLED
|
|
|
-/** DOCDOC */
|
|
|
+/** Load a curve25519 keypair from the file <b>fname</b>, writing it into
|
|
|
+ * <b>keys_out</b>. If the file isn't found and <b>generate</b> is true,
|
|
|
+ * create a new keypair and write it into the file. If there are errors, log
|
|
|
+ * them at level <b>severity</b>. Generate files using <b>tag</b> in their
|
|
|
+ * ASCII wrapper. */
|
|
|
static int
|
|
|
init_curve25519_keypair_from_file(curve25519_keypair_t *keys_out,
|
|
|
const char *fname,
|
|
@@ -1599,7 +1599,7 @@ router_digest_is_me(const char *digest)
|
|
|
tor_memeq(server_identitykey_digest, digest, DIGEST_LEN));
|
|
|
}
|
|
|
|
|
|
-/** DOCDOC */
|
|
|
+/** Return my identity digest. */
|
|
|
const uint8_t *
|
|
|
router_get_my_id_digest(void)
|
|
|
{
|