Prepare codebase for the implementation of Extended ORPort auth.

src/or/connection.c

@@ -170,6 +170,12 @@ conn_state_to_string(int type, int state)
       break;
     case CONN_TYPE_EXT_OR:
       switch (state) {
+        case EXT_OR_CONN_STATE_AUTH_WAIT_AUTH_TYPE:
+          return "waiting for authentication type";
+        case EXT_OR_CONN_STATE_AUTH_WAIT_CLIENT_NONCE:
+          return "waiting for client nonce";
+        case EXT_OR_CONN_STATE_AUTH_WAIT_CLIENT_HASH:
+          return "waiting for client hash";
         case EXT_OR_CONN_STATE_OPEN: return "open";
         case EXT_OR_CONN_STATE_FLUSHING: return "flushing final OKAY";
       }
@@ -1398,8 +1404,7 @@ connection_init_accepted_conn(connection_t *conn,
 
   switch (conn->type) {
     case CONN_TYPE_EXT_OR:
-      conn->state = EXT_OR_CONN_STATE_OPEN;
-      break;
+      return connection_ext_or_start_auth(TO_OR_CONN(conn));
     case CONN_TYPE_OR:
       control_event_or_conn_status(TO_OR_CONN(conn), OR_CONN_EVENT_NEW, 0);
       rv = connection_tls_start_handshake(TO_OR_CONN(conn), 1);
@@ -4450,6 +4455,7 @@ assert_connection_ok(connection_t *conn, time_t now)
     case CONN_TYPE_OR:
       tor_assert(conn->state >= OR_CONN_STATE_MIN_);
       tor_assert(conn->state <= OR_CONN_STATE_MAX_);
+      break;
     case CONN_TYPE_EXT_OR:
       tor_assert(conn->state >= EXT_OR_CONN_STATE_MIN_);
       tor_assert(conn->state <= EXT_OR_CONN_STATE_MAX_);

src/or/or.h

@@ -315,14 +315,24 @@ typedef enum {
 #define OR_CONN_STATE_OPEN 8
 #define OR_CONN_STATE_MAX_ 8
 
-/** States of Extended ORPort. */
+/** States of the Extended ORPort protocol. Be careful before changing
+ *  the numbers: they matter. */
 #define EXT_OR_CONN_STATE_MIN_ 1
-/** Extended ORPort just launched, and is accepting connections. */
-#define EXT_OR_CONN_STATE_OPEN 1
+/** Extended ORPort authentication is waiting for the authentication
+ *  type selected by the client. */
+#define EXT_OR_CONN_STATE_AUTH_WAIT_AUTH_TYPE 1
+/** Extended ORPort authentication is waiting for the client nonce. */
+#define EXT_OR_CONN_STATE_AUTH_WAIT_CLIENT_NONCE 2
+/** Extended ORPort authentication is waiting for the client hash. */
+#define EXT_OR_CONN_STATE_AUTH_WAIT_CLIENT_HASH 3
+#define EXT_OR_CONN_STATE_AUTH_MAX 3
+/** Authentication finished and the Extended ORPort is now accepting
+ *  traffic. */
+#define EXT_OR_CONN_STATE_OPEN 4
 /** Extended ORPort is flushing its last messages and preparing to
  *  start accepting OR connections. */
-#define EXT_OR_CONN_STATE_FLUSHING 2
-#define EXT_OR_CONN_STATE_MAX_ 2
+#define EXT_OR_CONN_STATE_FLUSHING 5
+#define EXT_OR_CONN_STATE_MAX_ 5
 
 #define EXIT_CONN_STATE_MIN_ 1
 /** State for an exit connection: waiting for response from DNS farm. */
@@ -1440,6 +1450,9 @@ typedef struct or_connection_t {
   char identity_digest[DIGEST_LEN];
   /** Extended ORPort connection identifier. */
   char *ext_or_conn_id;
+  /** Client hash of the Extended ORPort authentication scheme */
+  char *ext_or_auth_correct_client_hash;
+
   char *nickname; /**< Nickname of OR on other side (if any). */
 
   tor_tls_t *tls; /**< TLS connection state. */
@@ -3771,7 +3784,10 @@ typedef struct {
 
   int CookieAuthentication; /**< Boolean: do we enable cookie-based auth for
                              * the control system? */
-  char *CookieAuthFile; /**< Location of a cookie authentication file. */
+  char *CookieAuthFile; /**< Filesystem location of a ControlPort
+                         *   authentication cookie. */
+  char *ExtORPortCookieAuthFile; /**< Filesystem location of Extended
+                                 *   ORPort authentication cookie. */
   int CookieAuthFileGroupReadable; /**< Boolean: Is the CookieAuthFile g+r? */
   int LeaveStreamsUnattached; /**< Boolean: Does Tor attach new streams to
                           * circuits itself (0), or does it expect a controller