diff options
| -rw-r--r-- | src/or/ext_orport.c | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/src/or/ext_orport.c b/src/or/ext_orport.c index b1bb11bd46..9b4db73c39 100644 --- a/src/or/ext_orport.c +++ b/src/or/ext_orport.c @@ -225,8 +225,12 @@ connection_ext_or_auth_handle_client_nonce(connection_t *conn) EXT_OR_PORT_AUTH_NONCE_LEN, conn) < 0) return -1; - /* DOCDOC comment this function more, with comments about what the - * protocol is. */ + /* We extract the ClientNonce from the received data, and use it to + calculate ServerHash and ServerNonce according to proposal 217. + + We also calculate our own ClientHash value and save it in the + connection state. We validate it later against the ClientHash + sent by the client. */ /* Get our nonce */ if (crypto_rand(server_nonce, EXT_OR_PORT_AUTH_NONCE_LEN) < 0) @@ -375,7 +379,16 @@ connection_ext_or_auth_process_inbuf(or_connection_t *or_conn) { connection_t *conn = TO_CONN(or_conn); - /* DOCDOC Document the state machine here! */ + /* State transitions of the Extended ORPort authentication protocol: + + EXT_OR_CONN_STATE_AUTH_WAIT_AUTH_TYPE (start state) -> + EXT_OR_CONN_STATE_AUTH_WAIT_CLIENT_NONCE -> + EXT_OR_CONN_STATE_AUTH_WAIT_CLIENT_HASH -> + EXT_OR_CONN_STATE_OPEN + + During EXT_OR_CONN_STATE_OPEN, data is handled by + connection_ext_or_process_inbuf(). + */ switch (conn->state) { /* Functionify */ case EXT_OR_CONN_STATE_AUTH_WAIT_AUTH_TYPE: |