aboutsummaryrefslogtreecommitdiff
path: root/src/or/circuitbuild.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/or/circuitbuild.c')
-rw-r--r--src/or/circuitbuild.c21
1 files changed, 18 insertions, 3 deletions
diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c
index 887b8ecb7f..e833fcba7c 100644
--- a/src/or/circuitbuild.c
+++ b/src/or/circuitbuild.c
@@ -1175,6 +1175,16 @@ circuit_extend(cell_t *cell, circuit_t *circ)
return -1;
}
+ /* Fill in ed_pubkey if it was not provided and we can infer it from
+ * our networkstatus */
+ if (ed25519_public_key_is_zero(&ec.ed_pubkey)) {
+ const node_t *node = node_get_by_id((const char*)ec.node_id);
+ const ed25519_public_key_t *node_ed_id = NULL;
+ if (node && (node_ed_id = node_get_ed25519_id(node))) {
+ memcpy(ec.ed_pubkey.pubkey, node_ed_id->pubkey, ED25519_PUBKEY_LEN);
+ }
+ }
+
/* Next, check if we're being asked to connect to the hop that the
* extend cell came from. There isn't any reason for that, and it can
* assist circular-path attacks. */
@@ -1185,10 +1195,15 @@ circuit_extend(cell_t *cell, circuit_t *circ)
"Client asked me to extend back to the previous hop.");
return -1;
}
- // XXX 15056 check prev-hop Ed ID too
- // XXX 15056 Fill in ed_pubkey if it was not provided and we can infer
- // XXX 15056 it from the networkstatus.
+ /* Check the previous hop Ed25519 ID too */
+ if (! ed25519_public_key_is_zero(&ec.ed_pubkey) &&
+ ed25519_pubkey_eq(&ec.ed_pubkey,
+ &TO_OR_CIRCUIT(circ)->p_chan->ed25519_identity)) {
+ log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
+ "Client asked me to extend back to the previous hop "
+ "(by Ed25519 ID).");
+ }
n_chan = channel_get_for_extend((const char*)ec.node_id,
&ec.ed_pubkey,