« back to all changes in this revision
Viewing changes to dtls.c
- browse files at revision 1
- compare with another revision
- download diff
- download tarball
- view history from revision 1
- Committer: Bazaar Package Importer
- Author(s): Ross Burton
- Date: 2009-01-15 13:26:25 UTC
- Revision ID: james.westby@ubuntu.com-20090115132625-p7a4di5gbq9aevfw
Tags: upstream-0.99
Import upstream version 0.99
added
removed
dtls.c
1
/*
2
* OpenConnect (SSL + DTLS) VPN client
3
*
4
* Copyright © 2008 Intel Corporation.
5
*
6
* Author: David Woodhouse <dwmw2@infradead.org>
7
*
8
* This program is free software; you can redistribute it and/or
9
* modify it under the terms of the GNU Lesser General Public License
10
* version 2.1, as published by the Free Software Foundation.
11
*
12
* This program is distributed in the hope that it will be useful, but
13
* WITHOUT ANY WARRANTY; without even the implied warranty of
14
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15
* Lesser General Public License for more details.
16
*
17
* You should have received a copy of the GNU Lesser General Public
18
* License along with this library; if not, write to:
19
*
20
* Free Software Foundation, Inc.
21
* 51 Franklin Street, Fifth Floor,
22
* Boston, MA 02110-1301 USA
23
*/
24
25
#include <errno.h>
26
#include <sys/types.h>
27
#include <sys/socket.h>
28
#include <netdb.h>
29
#include <unistd.h>
30
#include <netinet/in.h>
31
#include <openssl/err.h>
32
#include <fcntl.h>
33
#include <string.h>
34
35
#include "openconnect.h"
36
37
#if 0
38
/*
39
* Useful for catching test cases, where we want everything to be
40
* reproducible. *NEVER* do this in the wild.
41
*/
42
time_t time(time_t *t)
43
{
44
time_t x = 0x3ab2d948;
45
if (t) *t = x;
46
return x;
47
}
48
49
int RAND_pseudo_bytes(char *buf, int len)
50
{
51
memset(buf, 0x5a, len);
52
printf("FAKE PSEUDO RANDOM!\n");
53
return 1;
54
55
}
56
int RAND_bytes(char *buf, int len)
57
{
58
static int foo = 0x5b;
59
printf("FAKE RANDOM!\n");
60
memset(buf, foo, len);
61
return 1;
62
}
63
#endif
64
65
/*
66
* The master-secret is generated randomly by the client. The server
67
* responds with a DTLS Session-ID. These, done over the HTTPS
68
* connection, are enough to 'resume' a DTLS session, bypassing all
69
* the normal setup of a normal DTLS connection.
70
*
71
* Cisco use a version of the protocol which predates RFC4347, but
72
* isn't quite the same as the pre-RFC version of the protocol which
73
* was in OpenSSL 0.9.8e -- it includes backports of some later
74
* OpenSSL patches.
75
*
76
* The openssl/ directory of this source tree should contain both a
77
* small patch against OpenSSL 0.9.8e to make it support Cisco's
78
* snapshot of the protocol, and a larger patch against newer OpenSSL
79
* which gives us an option to use the old protocol again.
80
*
81
* Cisco's server also seems to respond to the official version of the
82
* protocol, with a change in the ChangeCipherSpec packet which implies
83
* that it does know the difference and isn't just repeating the version
84
* number seen in the ClientHello. But although I can make the handshake
85
* complete by hacking tls1_mac() to use the _old_ protocol version
86
* number when calculating the MAC, the server still seems to be ignoring
87
* my subsequent data packets. So we use the old protocol, which is what
88
* their clients use anyway.
89
*/
90
91
static unsigned char nybble(unsigned char n)
92
{
93
if (n >= '0' && n <= '9') return n - '0';
94
else if (n >= 'A' && n <= 'F') return n - ('A' - 10);
95
else if (n >= 'a' && n <= 'f') return n - ('a' - 10);
96
return 0;
97
}
98
99
static unsigned char hex(const char *data)
100
{
101
return (nybble(data[0]) << 4) | nybble(data[1]);
102
}
103
104
int connect_dtls_socket(struct openconnect_info *vpninfo)
105
{
106
SSL_METHOD *dtls_method;
107
SSL_CIPHER *https_cipher;
108
SSL *dtls_ssl;
109
BIO *dtls_bio;
110
int dtls_fd;
111
112
dtls_fd = socket(vpninfo->peer_addr->sa_family, SOCK_DGRAM, IPPROTO_UDP);
113
if (dtls_fd < 0) {
114
perror("Open UDP socket for DTLS:");
115
return -EINVAL;
116
}
117
118
if (connect(dtls_fd, vpninfo->peer_addr, vpninfo->peer_addrlen)) {
119
perror("UDP (DTLS) connect:\n");
120
close(dtls_fd);
121
return -EINVAL;
122
}
123
124
fcntl(dtls_fd, F_SETFD, FD_CLOEXEC);
125
126
https_cipher = SSL_get_current_cipher(vpninfo->https_ssl);
127
128
if (!vpninfo->dtls_ctx) {
129
dtls_method = DTLSv1_client_method();
130
vpninfo->dtls_ctx = SSL_CTX_new(dtls_method);
131
if (!vpninfo->dtls_ctx) {
132
vpninfo->progress(vpninfo, PRG_ERR, "Initialise DTLSv1 CTX failed\n");
133
return -EINVAL;
134
}
135
136
/* If we don't readahead, then we do short reads and throw
137
away the tail of data packets. */
138
SSL_CTX_set_read_ahead(vpninfo->dtls_ctx, 1);
139
}
140
141
if (!vpninfo->dtls_session) {
142
/* We're going to "resume" a session which never existed. Fake it... */
143
vpninfo->dtls_session = SSL_SESSION_new();
144
if (!vpninfo->dtls_session) {
145
vpninfo->progress(vpninfo, PRG_ERR, "Initialise DTLSv1 session failed\n");
146
return -EINVAL;
147
}
148
vpninfo->dtls_session->ssl_version = 0x0100; // DTLS1_BAD_VER
149
150
vpninfo->dtls_session->master_key_length = sizeof(vpninfo->dtls_secret);
151
memcpy(vpninfo->dtls_session->master_key, vpninfo->dtls_secret,
152
sizeof(vpninfo->dtls_secret));
153
154
vpninfo->dtls_session->session_id_length = sizeof(vpninfo->dtls_session_id);
155
memcpy(vpninfo->dtls_session->session_id, vpninfo->dtls_session_id,
156
sizeof(vpninfo->dtls_session_id));
157
158
vpninfo->dtls_session->cipher = https_cipher;
159
vpninfo->dtls_session->cipher_id = https_cipher->id;
160
}
161
162
dtls_ssl = SSL_new(vpninfo->dtls_ctx);
163
SSL_set_connect_state(dtls_ssl);
164
SSL_set_cipher_list(dtls_ssl, SSL_CIPHER_get_name(https_cipher));
165
166
/* Add the generated session to the SSL */
167
if (!SSL_set_session(dtls_ssl, vpninfo->dtls_session)) {
168
vpninfo->progress(vpninfo, PRG_ERR,
169
"SSL_set_session() failed with old protocol version 0x%x\n"
170
"Your OpenSSL may lack Cisco compatibility support\n"
171
"See http://rt.openssl.org/Ticket/Display.html?id=1751\n"
172
"Use the --no-dtls command line option to avoid this message\n",
173
vpninfo->dtls_session->ssl_version);
174
vpninfo->dtls_attempt_period = 0;
175
return -EINVAL;
176
}
177
178
/* Go Go Go! */
179
dtls_bio = BIO_new_socket(dtls_fd, BIO_NOCLOSE);
180
SSL_set_bio(dtls_ssl, dtls_bio, dtls_bio);
181
182
#ifndef SSL_OP_CISCO_ANYCONNECT
183
#define SSL_OP_CISCO_ANYCONNECT 0x8000
184
#endif
185
SSL_set_options(dtls_ssl, SSL_OP_CISCO_ANYCONNECT);
186
187
/* Set non-blocking */
188
BIO_set_nbio(SSL_get_rbio(dtls_ssl),1);
189
BIO_set_nbio(SSL_get_wbio(dtls_ssl),1);
190
191
fcntl(dtls_fd, F_SETFL, fcntl(dtls_fd, F_GETFL) | O_NONBLOCK);
192
193
vpninfo->new_dtls_fd = dtls_fd;
194
vpninfo->new_dtls_ssl = dtls_ssl;
195
196
if (vpninfo->select_nfds <= dtls_fd)
197
vpninfo->select_nfds = dtls_fd + 1;
198
199
FD_SET(dtls_fd, &vpninfo->select_rfds);
200
FD_SET(dtls_fd, &vpninfo->select_efds);
201
202
time(&vpninfo->new_dtls_started);
203
return dtls_try_handshake(vpninfo);
204
}
205
206
int dtls_try_handshake(struct openconnect_info *vpninfo)
207
{
208
int ret = SSL_do_handshake(vpninfo->new_dtls_ssl);
209
210
if (ret == 1) {
211
vpninfo->progress(vpninfo, PRG_INFO, "Established DTLS connection\n");
212
213
if (vpninfo->dtls_ssl) {
214
/* We are replacing an old connection */
215
SSL_free(vpninfo->dtls_ssl);
216
close(vpninfo->dtls_fd);
217
FD_CLR(vpninfo->dtls_fd, &vpninfo->select_rfds);
218
FD_CLR(vpninfo->dtls_fd, &vpninfo->select_wfds);
219
FD_CLR(vpninfo->dtls_fd, &vpninfo->select_efds);
220
}
221
vpninfo->dtls_ssl = vpninfo->new_dtls_ssl;
222
vpninfo->dtls_fd = vpninfo->new_dtls_fd;
223
224
vpninfo->new_dtls_ssl = NULL;
225
vpninfo->new_dtls_fd = -1;
226
227
vpninfo->dtls_times.last_rekey = vpninfo->dtls_times.last_rx =
228
vpninfo->dtls_times.last_tx = time(NULL);
229
230
return 0;
231
}
232
233
ret = SSL_get_error(vpninfo->new_dtls_ssl, ret);
234
if (ret == SSL_ERROR_WANT_WRITE || ret == SSL_ERROR_WANT_READ) {
235
if (time(NULL) < vpninfo->new_dtls_started + 5)
236
return 0;
237
vpninfo->progress(vpninfo, PRG_TRACE, "DTLS handshake timed out\n");
238
}
239
240
vpninfo->progress(vpninfo, PRG_ERR, "DTLS handshake failed: %d\n", ret);
241
ERR_print_errors_fp(stderr);
242
243
/* Kill the new (failed) connection... */
244
SSL_free(vpninfo->new_dtls_ssl);
245
FD_CLR(vpninfo->new_dtls_fd, &vpninfo->select_rfds);
246
FD_CLR(vpninfo->new_dtls_fd, &vpninfo->select_efds);
247
close(vpninfo->new_dtls_fd);
248
vpninfo->new_dtls_ssl = NULL;
249
vpninfo->new_dtls_fd = -1;
250
251
/* ... and kill the old one too. The only time there'll be a valid
252
existing session is when it was a rekey, and in that case it's
253
time for the old one to die. */
254
if (vpninfo->dtls_ssl) {
255
SSL_free(vpninfo->dtls_ssl);
256
close(vpninfo->dtls_fd);
257
FD_CLR(vpninfo->dtls_fd, &vpninfo->select_rfds);
258
FD_CLR(vpninfo->dtls_fd, &vpninfo->select_wfds);
259
FD_CLR(vpninfo->dtls_fd, &vpninfo->select_efds);
260
vpninfo->dtls_ssl = NULL;
261
vpninfo->dtls_fd = -1;
262
}
263
264
time(&vpninfo->new_dtls_started);
265
return -EINVAL;
266
}
267
268
static int dtls_restart(struct openconnect_info *vpninfo)
269
{
270
if (vpninfo->dtls_ssl) {
271
SSL_free(vpninfo->dtls_ssl);
272
close(vpninfo->dtls_fd);
273
FD_CLR(vpninfo->dtls_fd, &vpninfo->select_rfds);
274
FD_CLR(vpninfo->dtls_fd, &vpninfo->select_wfds);
275
FD_CLR(vpninfo->dtls_fd, &vpninfo->select_efds);
276
vpninfo->dtls_ssl = NULL;
277
vpninfo->dtls_fd = -1;
278
}
279
280
return connect_dtls_socket(vpninfo);
281
}
282
283
284
int setup_dtls(struct openconnect_info *vpninfo)
285
{
286
struct vpn_option *dtls_opt = vpninfo->dtls_options;
287
int sessid_found = 0;
288
int dtls_port = 0;
289
int i;
290
291
while (dtls_opt) {
292
vpninfo->progress(vpninfo, PRG_TRACE,
293
"DTLS option %s : %s\n",
294
dtls_opt->option, dtls_opt->value);
295
296
if (!strcmp(dtls_opt->option, "X-DTLS-Session-ID")) {
297
if (strlen(dtls_opt->value) != 64) {
298
vpninfo->progress(vpninfo, PRG_ERR, "X-DTLS-Session-ID not 64 characters\n");
299
vpninfo->progress(vpninfo, PRG_ERR, "Is: %s\n", dtls_opt->value);
300
return -EINVAL;
301
}
302
for (i = 0; i < 64; i += 2)
303
vpninfo->dtls_session_id[i/2] = hex(dtls_opt->value + i);
304
sessid_found = 1;
305
} else if (!strcmp(dtls_opt->option + 7, "Port")) {
306
dtls_port = atol(dtls_opt->value);
307
} else if (!strcmp(dtls_opt->option + 7, "Keepalive")) {
308
vpninfo->dtls_times.keepalive = atol(dtls_opt->value);
309
} else if (!strcmp(dtls_opt->option + 7, "DPD")) {
310
vpninfo->dtls_times.dpd = atol(dtls_opt->value);
311
} else if (!strcmp(dtls_opt->option + 7, "Rekey-Time")) {
312
vpninfo->dtls_times.rekey = atol(dtls_opt->value);
313
}
314
315
dtls_opt = dtls_opt->next;
316
}
317
if (!sessid_found || !dtls_port)
318
return -EINVAL;
319
320
if (vpninfo->peer_addr->sa_family == AF_INET) {
321
struct sockaddr_in *sin = (void *)vpninfo->peer_addr;
322
sin->sin_port = htons(dtls_port);
323
} else if (vpninfo->peer_addr->sa_family == AF_INET6) {
324
struct sockaddr_in6 *sin = (void *)vpninfo->peer_addr;
325
sin->sin6_port = htons(dtls_port);
326
} else {
327
vpninfo->progress(vpninfo, PRG_ERR, "Unknown protocol family %d. Cannot do DTLS\n",
328
vpninfo->peer_addr->sa_family);
329
return -EINVAL;
330
}
331
332
333
if (connect_dtls_socket(vpninfo))
334
return -EINVAL;
335
336
vpninfo->progress(vpninfo, PRG_TRACE,
337
"DTLS connected. DPD %d, Keepalive %d\n",
338
vpninfo->dtls_times.dpd, vpninfo->dtls_times.keepalive);
339
340
return 0;
341
}
342
343
int dtls_mainloop(struct openconnect_info *vpninfo, int *timeout)
344
{
345
unsigned char buf[2000];
346
int len;
347
int work_done = 0;
348
char magic_pkt;
349
350
while ( (len = SSL_read(vpninfo->dtls_ssl, buf, sizeof(buf))) > 0 ) {
351
352
vpninfo->progress(vpninfo, PRG_TRACE,
353
"Received DTLS packet 0x%02x of %d bytes\n",
354
buf[0], len);
355
356
vpninfo->dtls_times.last_rx = time(NULL);
357
358
switch(buf[0]) {
359
case AC_PKT_DATA:
360
queue_new_packet(&vpninfo->incoming_queue, AF_INET, buf+1, len-1);
361
work_done = 1;
362
break;
363
364
case AC_PKT_DPD_OUT:
365
vpninfo->progress(vpninfo, PRG_TRACE, "Got DTLS DPD request\n");
366
367
/* FIXME: What if the packet doesn't get through? */
368
magic_pkt = AC_PKT_DPD_RESP;
369
if (SSL_write(vpninfo->dtls_ssl, &magic_pkt, 1) != 1)
370
vpninfo->progress(vpninfo, PRG_ERR, "Failed to send DPD response. Expect disconnect\n");
371
continue;
372
373
case AC_PKT_DPD_RESP:
374
vpninfo->progress(vpninfo, PRG_TRACE, "Got DTLS DPD response\n");
375
break;
376
377
case AC_PKT_KEEPALIVE:
378
vpninfo->progress(vpninfo, PRG_TRACE, "Got DTLS Keepalive\n");
379
break;
380
381
default:
382
vpninfo->progress(vpninfo, PRG_ERR,
383
"Unknown DTLS packet type %02x, len %d\n", buf[0], len);
384
if (1) {
385
/* Some versions of OpenSSL have bugs with receiving out-of-order
386
* packets. Not only do they wrongly decide to drop packets if
387
* two packets get swapped in transit, but they also _fail_ to
388
* drop the packet in non-blocking mode; instead they return
389
* the appropriate length of garbage. So don't abort... for now. */
390
break;
391
} else {
392
vpninfo->quit_reason = "Unknown packet received";
393
return 1;
394
}
395
396
}
397
}
398
399
switch (keepalive_action(&vpninfo->dtls_times, timeout)) {
400
case KA_REKEY:
401
time(&vpninfo->dtls_times.last_rekey);
402
vpninfo->progress(vpninfo, PRG_TRACE, "DTLS rekey due\n");
403
if (connect_dtls_socket(vpninfo)) {
404
vpninfo->progress(vpninfo, PRG_ERR, "DTLS rekey failed\n");
405
return 1;
406
}
407
work_done = 1;
408
break;
409
410
411
case KA_DPD_DEAD:
412
vpninfo->progress(vpninfo, PRG_ERR, "DTLS Dead Peer Detection detected dead peer!\n");
413
/* Fall back to SSL, and start a new DTLS connection */
414
dtls_restart(vpninfo);
415
return 1;
416
417
case KA_DPD:
418
vpninfo->progress(vpninfo, PRG_TRACE, "Send DTLS DPD\n");
419
420
magic_pkt = AC_PKT_DPD_OUT;
421
SSL_write(vpninfo->dtls_ssl, &magic_pkt, 1);
422
/* last_dpd will just have been set */
423
vpninfo->dtls_times.last_tx = vpninfo->dtls_times.last_dpd;
424
work_done = 1;
425
break;
426
427
case KA_KEEPALIVE:
428
/* No need to send an explicit keepalive
429
if we have real data to send */
430
if (vpninfo->outgoing_queue)
431
break;
432
433
vpninfo->progress(vpninfo, PRG_TRACE, "Send DTLS Keepalive\n");
434
435
magic_pkt = AC_PKT_KEEPALIVE;
436
SSL_write(vpninfo->dtls_ssl, &magic_pkt, 1);
437
time(&vpninfo->dtls_times.last_tx);
438
work_done = 1;
439
break;
440
441
case KA_NONE:
442
;
443
}
444
445
/* Service outgoing packet queue */
446
while (vpninfo->outgoing_queue) {
447
struct pkt *this = vpninfo->outgoing_queue;
448
int ret;
449
450
vpninfo->outgoing_queue = this->next;
451
vpninfo->outgoing_qlen--;
452
453
/* One byte of header */
454
this->hdr[7] = AC_PKT_DATA;
455
456
ret = SSL_write(vpninfo->dtls_ssl, &this->hdr[7], this->len + 1);
457
if (ret <= 0) {
458
ret = SSL_get_error(vpninfo->dtls_ssl, ret);
459
460
/* If it's a real error, kill the DTLS connection and
461
requeue the packet to be sent over SSL */
462
if (ret != SSL_ERROR_WANT_READ && ret != SSL_ERROR_WANT_WRITE) {
463
vpninfo->progress(vpninfo, PRG_ERR,
464
"DTLS got write error %d. Falling back to SSL\n", ret);
465
ERR_print_errors_fp(stderr);
466
dtls_restart(vpninfo);
467
vpninfo->outgoing_queue = this;
468
vpninfo->outgoing_qlen++;
469
}
470
return 1;
471
}
472
time(&vpninfo->dtls_times.last_tx);
473
vpninfo->progress(vpninfo, PRG_TRACE,
474
"Sent DTLS packet of %d bytes; SSL_write() returned %d\n",
475
this->len, ret);
476
}
477
478
return work_done;
479
}
480
481
Loggerhead is a web-based interface for Breezy
Version: 2.0.1