commit c83778686839c4596504ea392854e9e95884fcfa Author: Nick Mathewson nickm@torproject.org Date: Sat Sep 24 11:04:47 2016 -0700

Teach circuit_extend() more about Ed25519 identities.

- forbid extending to the previous hop by Ed25519 ID. - If we know the Ed25519 ID for the next hop and the client doesn't, insist on the one from the consensus. --- src/or/circuitbuild.c | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index 887b8ec..e833fcb 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -1175,6 +1175,16 @@ circuit_extend(cell_t *cell, circuit_t *circ) return -1; }

+ /* Fill in ed_pubkey if it was not provided and we can infer it from + * our networkstatus */ + if (ed25519_public_key_is_zero(&ec.ed_pubkey)) { + const node_t *node = node_get_by_id((const char*)ec.node_id); + const ed25519_public_key_t *node_ed_id = NULL; + if (node && (node_ed_id = node_get_ed25519_id(node))) { + memcpy(ec.ed_pubkey.pubkey, node_ed_id->pubkey, ED25519_PUBKEY_LEN); + } + } + /* Next, check if we're being asked to connect to the hop that the * extend cell came from. There isn't any reason for that, and it can * assist circular-path attacks. */ @@ -1185,10 +1195,15 @@ circuit_extend(cell_t *cell, circuit_t *circ) "Client asked me to extend back to the previous hop."); return -1; } - // XXX 15056 check prev-hop Ed ID too

- // XXX 15056 Fill in ed_pubkey if it was not provided and we can infer - // XXX 15056 it from the networkstatus. + /* Check the previous hop Ed25519 ID too */ + if (! ed25519_public_key_is_zero(&ec.ed_pubkey) && + ed25519_pubkey_eq(&ec.ed_pubkey, + &TO_OR_CIRCUIT(circ)->p_chan->ed25519_identity)) { + log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, + "Client asked me to extend back to the previous hop " + "(by Ed25519 ID)."); + }

n_chan = channel_get_for_extend((const char*)ec.node_id, &ec.ed_pubkey,