/
dtls.c
893 lines (775 loc) · 27.2 KB
1
/*
2
* OpenConnect (SSL + DTLS) VPN client
3
*
4
* Copyright © 2008-2012 Intel Corporation.
5
*
6
7
8
* Author: David Woodhouse <dwmw2@infradead.org>
*
* This program is free software; you can redistribute it and/or
9
* modify it under the terms of the GNU Lesser General Public License
10
* version 2.1, as published by the Free Software Foundation.
11
*
12
* This program is distributed in the hope that it will be useful, but
13
14
15
16
17
18
19
20
21
22
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to:
*
* Free Software Foundation, Inc.
* 51 Franklin Street, Fifth Floor,
* Boston, MA 02110-1301 USA
23
24
25
*/
#include <errno.h>
26
27
28
29
#include <sys/types.h>
#include <sys/socket.h>
#include <netdb.h>
#include <unistd.h>
30
#include <netinet/in.h>
31
#include <fcntl.h>
32
#include <string.h>
33
34
35
#include <errno.h>
#include <stdlib.h>
#include <stdio.h>
36
37
#include "openconnect-internal.h"
38
39
40
41
42
43
44
45
46
47
48
49
50
51
static unsigned char nybble(unsigned char n)
{
if (n >= '0' && n <= '9') return n - '0';
else if (n >= 'A' && n <= 'F') return n - ('A' - 10);
else if (n >= 'a' && n <= 'f') return n - ('a' - 10);
return 0;
}
unsigned char unhex(const char *data)
{
return (nybble(data[0]) << 4) | nybble(data[1]);
}
52
53
#ifdef HAVE_DTLS
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
#if 0
/*
* Useful for catching test cases, where we want everything to be
* reproducible. *NEVER* do this in the wild.
*/
time_t time(time_t *t)
{
time_t x = 0x3ab2d948;
if (t) *t = x;
return x;
}
int RAND_pseudo_bytes(char *buf, int len)
{
memset(buf, 0x5a, len);
printf("FAKE PSEUDO RANDOM!\n");
return 1;
71
72
73
74
75
76
77
78
79
80
81
}
int RAND_bytes(char *buf, int len)
{
static int foo = 0x5b;
printf("FAKE RANDOM!\n");
memset(buf, foo, len);
return 1;
}
#endif
82
83
84
85
86
87
/*
* The master-secret is generated randomly by the client. The server
* responds with a DTLS Session-ID. These, done over the HTTPS
* connection, are enough to 'resume' a DTLS session, bypassing all
* the normal setup of a normal DTLS connection.
*
88
89
90
91
* Cisco use a version of the protocol which predates RFC4347, but
* isn't quite the same as the pre-RFC version of the protocol which
* was in OpenSSL 0.9.8e -- it includes backports of some later
* OpenSSL patches.
92
*
93
94
* The openssl/ directory of this source tree should contain both a
* small patch against OpenSSL 0.9.8e to make it support Cisco's
95
96
* snapshot of the protocol, and a larger patch against newer OpenSSL
* which gives us an option to use the old protocol again.
97
*
98
99
100
101
102
103
* Cisco's server also seems to respond to the official version of the
* protocol, with a change in the ChangeCipherSpec packet which implies
* that it does know the difference and isn't just repeating the version
* number seen in the ClientHello. But although I can make the handshake
* complete by hacking tls1_mac() to use the _old_ protocol version
* number when calculating the MAC, the server still seems to be ignoring
104
105
* my subsequent data packets. So we use the old protocol, which is what
* their clients use anyway.
106
*/
107
108
#if defined (DTLS_OPENSSL)
109
110
#define DTLS_SEND SSL_write
#define DTLS_RECV SSL_read
111
112
113
114
115
116
117
#ifdef HAVE_DTLS1_STOP_TIMER
/* OpenSSL doesn't deliberately export this, but we need it to
workaround a DTLS bug in versions < 1.0.0e */
extern void dtls1_stop_timer (SSL *);
#endif
118
119
120
121
122
123
124
125
126
127
128
129
#if (OPENSSL_VERSION_NUMBER >= 0x100000b0L && OPENSSL_VERSION_NUMBER <= 0x100000c0L) || \
(OPENSSL_VERSION_NUMBER >= 0x10001040L && OPENSSL_VERSION_NUMBER <= 0x10001060L) || \
OPENSSL_VERSION_NUMBER == 0x10002000L
/*
* If you've fixed the bug in your version of OpenSSL by applying the patch from
* http://rt.openssl.org/Ticket/Display.html?id=2984&user=guest&pass=guest then
* you can happily remove this #error. Note that GnuTLS from 3.0.21 onwards has
* DTLS support so perhaps you should be using that instead?
*/
#error This version of OpenSSL is known to be broken with Cisco DTLS.
#endif
130
static int start_dtls_handshake(struct openconnect_info *vpninfo, int dtls_fd)
131
{
132
STACK_OF(SSL_CIPHER) *ciphers;
133
method_const SSL_METHOD *dtls_method;
134
SSL_CIPHER *dtls_cipher;
135
136
SSL *dtls_ssl;
BIO *dtls_bio;
137
138
139
140
141
if (!vpninfo->dtls_ctx) {
dtls_method = DTLSv1_client_method();
vpninfo->dtls_ctx = SSL_CTX_new(dtls_method);
if (!vpninfo->dtls_ctx) {
142
143
vpn_progress(vpninfo, PRG_ERR,
_("Initialise DTLSv1 CTX failed\n"));
144
openconnect_report_ssl_errors(vpninfo);
145
vpninfo->dtls_attempt_period = 0;
146
147
return -EINVAL;
}
148
149
150
151
/* If we don't readahead, then we do short reads and throw
away the tail of data packets. */
SSL_CTX_set_read_ahead(vpninfo->dtls_ctx, 1);
152
153
if (!SSL_CTX_set_cipher_list(vpninfo->dtls_ctx, vpninfo->dtls_cipher)) {
154
155
vpn_progress(vpninfo, PRG_ERR,
_("Set DTLS cipher list failed\n"));
156
157
158
159
160
SSL_CTX_free(vpninfo->dtls_ctx);
vpninfo->dtls_ctx = NULL;
vpninfo->dtls_attempt_period = 0;
return -EINVAL;
}
161
}
162
163
164
165
166
if (!vpninfo->dtls_session) {
/* We're going to "resume" a session which never existed. Fake it... */
vpninfo->dtls_session = SSL_SESSION_new();
if (!vpninfo->dtls_session) {
167
168
vpn_progress(vpninfo, PRG_ERR,
_("Initialise DTLSv1 session failed\n"));
169
vpninfo->dtls_attempt_period = 0;
170
return -EINVAL;
171
}
172
vpninfo->dtls_session->ssl_version = 0x0100; /* DTLS1_BAD_VER */
173
}
174
175
176
177
178
/* Do this every time; it may have changed due to a rekey */
vpninfo->dtls_session->master_key_length = sizeof(vpninfo->dtls_secret);
memcpy(vpninfo->dtls_session->master_key, vpninfo->dtls_secret,
sizeof(vpninfo->dtls_secret));
179
180
181
182
vpninfo->dtls_session->session_id_length = sizeof(vpninfo->dtls_session_id);
memcpy(vpninfo->dtls_session->session_id, vpninfo->dtls_session_id,
sizeof(vpninfo->dtls_session_id));
183
184
185
dtls_ssl = SSL_new(vpninfo->dtls_ctx);
SSL_set_connect_state(dtls_ssl);
186
187
188
ciphers = SSL_get_ciphers(dtls_ssl);
if (sk_SSL_CIPHER_num(ciphers) != 1) {
189
vpn_progress(vpninfo, PRG_ERR, _("Not precisely one DTLS cipher\n"));
190
191
192
193
194
195
196
197
198
199
200
201
202
SSL_CTX_free(vpninfo->dtls_ctx);
SSL_free(dtls_ssl);
SSL_SESSION_free(vpninfo->dtls_session);
vpninfo->dtls_ctx = NULL;
vpninfo->dtls_session = NULL;
vpninfo->dtls_attempt_period = 0;
return -EINVAL;
}
dtls_cipher = sk_SSL_CIPHER_value(ciphers, 0);
/* Set the appropriate cipher on our session to be resumed */
vpninfo->dtls_session->cipher = dtls_cipher;
vpninfo->dtls_session->cipher_id = dtls_cipher->id;
203
204
/* Add the generated session to the SSL */
205
if (!SSL_set_session(dtls_ssl, vpninfo->dtls_session)) {
206
vpn_progress(vpninfo, PRG_ERR,
207
208
209
210
211
_("SSL_set_session() failed with old protocol version 0x%x\n"
"Are you using a version of OpenSSL older than 0.9.8m?\n"
"See http://rt.openssl.org/Ticket/Display.html?id=1751\n"
"Use the --no-dtls command line option to avoid this message\n"),
vpninfo->dtls_session->ssl_version);
212
vpninfo->dtls_attempt_period = 0;
213
return -EINVAL;
214
}
215
216
dtls_bio = BIO_new_socket(dtls_fd, BIO_NOCLOSE);
217
218
/* Set non-blocking */
BIO_set_nbio(dtls_bio, 1);
219
220
SSL_set_bio(dtls_ssl, dtls_bio, dtls_bio);
221
SSL_set_options(dtls_ssl, SSL_OP_CISCO_ANYCONNECT);
222
223
vpninfo->new_dtls_ssl = dtls_ssl;
224
225
return 0;
226
227
}
228
int dtls_try_handshake(struct openconnect_info *vpninfo)
229
{
230
int ret = SSL_do_handshake(vpninfo->new_dtls_ssl);
231
232
if (ret == 1) {
233
vpn_progress(vpninfo, PRG_INFO, _("Established DTLS connection (using OpenSSL)\n"));
234
235
236
237
238
if (vpninfo->dtls_ssl) {
/* We are replacing an old connection */
SSL_free(vpninfo->dtls_ssl);
close(vpninfo->dtls_fd);
239
240
241
FD_CLR(vpninfo->dtls_fd, &vpninfo->select_rfds);
FD_CLR(vpninfo->dtls_fd, &vpninfo->select_wfds);
FD_CLR(vpninfo->dtls_fd, &vpninfo->select_efds);
242
243
244
245
246
247
248
}
vpninfo->dtls_ssl = vpninfo->new_dtls_ssl;
vpninfo->dtls_fd = vpninfo->new_dtls_fd;
vpninfo->new_dtls_ssl = NULL;
vpninfo->new_dtls_fd = -1;
249
vpninfo->dtls_times.last_rx = vpninfo->dtls_times.last_tx = time(NULL);
250
251
/* From about 8.4.1(11) onwards, the ASA seems to get
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
very unhappy if we resend ChangeCipherSpec messages
after the initial setup. This was "fixed" in OpenSSL
1.0.0e for RT#2505, but it's not clear if that was
the right fix. What happens if the original packet
*does* get lost? Surely we *wanted* the retransmits,
because without them the server will never be able
to decrypt anything we send?
Oh well, our retransmitted packets upset the server
because we don't get the Cisco-compatibility right
(this is one of the areas in which Cisco's DTLS differs
from the RFC4347 spec), and DPD should help us notice
if *nothing* is getting through. */
#if OPENSSL_VERSION_NUMBER >= 0x1000005fL
/* OpenSSL 1.0.0e or above doesn't resend anyway; do nothing.
However, if we were *built* against 1.0.0e or newer, but at
runtime we find that we are being run against an older
version, warn about it. */
if (SSLeay() < 0x1000005fL) {
270
vpn_progress(vpninfo, PRG_ERR,
271
_("Your OpenSSL is older than the one you built against, so DTLS may fail!"));
272
273
}
#elif defined (HAVE_DTLS1_STOP_TIMER)
274
275
276
277
278
/*
* This works for any normal OpenSSL that supports
* Cisco DTLS compatibility (0.9.8m to 1.0.0d inclusive,
* and even later versions although it isn't needed there.
*/
279
dtls1_stop_timer(vpninfo->dtls_ssl);
280
281
282
283
284
285
#elif defined (BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT)
/*
* Debian restricts visibility of dtls1_stop_timer()
* so do it manually. This version also works on all
* sane versions of OpenSSL:
*/
286
287
288
289
290
291
memset (&(vpninfo->dtls_ssl->d1->next_timeout), 0,
sizeof((vpninfo->dtls_ssl->d1->next_timeout)));
vpninfo->dtls_ssl->d1->timeout_duration = 1;
BIO_ctrl(SSL_get_rbio(vpninfo->dtls_ssl),
BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0,
&(vpninfo->dtls_ssl->d1->next_timeout));
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
#elif defined (BIO_CTRL_DGRAM_SET_TIMEOUT)
/*
* OK, here it gets more fun... this shoul handle the case
* of older OpenSSL which has the Cisco DTLS compatibility
* backported, but *not* the fix for RT#1922.
*/
BIO_ctrl(SSL_get_rbio(vpninfo->dtls_ssl),
BIO_CTRL_DGRAM_SET_TIMEOUT, 0, NULL);
#else
/*
* And if they don't have any of the above, they probably
* don't have RT#1829 fixed either, but that's OK because
* that's the "fix" that *introduces* the timeout we're
* trying to disable. So do nothing...
*/
307
#endif
308
309
310
311
312
return 0;
}
ret = SSL_get_error(vpninfo->new_dtls_ssl, ret);
if (ret == SSL_ERROR_WANT_WRITE || ret == SSL_ERROR_WANT_READ) {
313
static int badossl_bitched = 0;
314
315
if (time(NULL) < vpninfo->new_dtls_started + 5)
return 0;
316
317
318
319
320
321
322
323
324
325
if (((OPENSSL_VERSION_NUMBER >= 0x100000b0L && OPENSSL_VERSION_NUMBER <= 0x100000c0L) || \
(OPENSSL_VERSION_NUMBER >= 0x10001040L && OPENSSL_VERSION_NUMBER <= 0x10001060L) || \
OPENSSL_VERSION_NUMBER == 0x10002000L) && !badossl_bitched) {
badossl_bitched = 1;
vpn_progress(vpninfo, PRG_ERR, _("DTLS handshake timed out\n"));
vpn_progress(vpninfo, PRG_ERR, _("This is probably because your OpenSSL is broken\n"
"See http://rt.openssl.org/Ticket/Display.html?id=2984\n"));
} else {
vpn_progress(vpninfo, PRG_TRACE, _("DTLS handshake timed out\n"));
}
326
327
}
328
vpn_progress(vpninfo, PRG_ERR, _("DTLS handshake failed: %d\n"), ret);
329
openconnect_report_ssl_errors(vpninfo);
330
331
332
/* Kill the new (failed) connection... */
SSL_free(vpninfo->new_dtls_ssl);
333
334
FD_CLR(vpninfo->new_dtls_fd, &vpninfo->select_rfds);
FD_CLR(vpninfo->new_dtls_fd, &vpninfo->select_efds);
335
336
337
338
339
340
341
342
close(vpninfo->new_dtls_fd);
vpninfo->new_dtls_ssl = NULL;
vpninfo->new_dtls_fd = -1;
/* ... and kill the old one too. The only time there'll be a valid
existing session is when it was a rekey, and in that case it's
time for the old one to die. */
if (vpninfo->dtls_ssl) {
343
344
SSL_free(vpninfo->dtls_ssl);
close(vpninfo->dtls_fd);
345
346
347
FD_CLR(vpninfo->dtls_fd, &vpninfo->select_rfds);
FD_CLR(vpninfo->dtls_fd, &vpninfo->select_wfds);
FD_CLR(vpninfo->dtls_fd, &vpninfo->select_efds);
348
349
350
vpninfo->dtls_ssl = NULL;
vpninfo->dtls_fd = -1;
}
351
352
353
354
time(&vpninfo->new_dtls_started);
return -EINVAL;
}
355
356
#elif defined (DTLS_GNUTLS)
357
358
#include <gnutls/dtls.h>
359
360
361
362
363
364
365
366
367
368
369
370
struct {
const char *name;
gnutls_cipher_algorithm_t cipher;
gnutls_mac_algorithm_t mac;
const char *prio;
} gnutls_dtls_ciphers[] = {
{ "AES128-SHA", GNUTLS_CIPHER_AES_128_CBC, GNUTLS_MAC_SHA1,
"NONE:+VERS-DTLS0.9:+COMP-NULL:+AES-128-CBC:+SHA1:+RSA:%COMPAT:%DISABLE_SAFE_RENEGOTIATION" },
{ "DES-CBC3-SHA", GNUTLS_CIPHER_3DES_CBC, GNUTLS_MAC_SHA1,
"NONE:+VERS-DTLS0.9:+COMP-NULL:+3DES-CBC:+SHA1:+RSA:%COMPAT:%DISABLE_SAFE_RENEGOTIATION" },
};
371
372
373
374
375
376
377
#define DTLS_SEND gnutls_record_send
#define DTLS_RECV gnutls_record_recv
static int start_dtls_handshake(struct openconnect_info *vpninfo, int dtls_fd)
{
gnutls_session_t dtls_ssl;
gnutls_datum_t master_secret, session_id;
int err;
378
379
380
381
382
383
384
385
386
387
388
int cipher;
for (cipher = 0; cipher < sizeof(gnutls_dtls_ciphers)/sizeof(gnutls_dtls_ciphers[0]); cipher++) {
if (!strcmp(vpninfo->dtls_cipher, gnutls_dtls_ciphers[cipher].name))
goto found_cipher;
}
vpn_progress(vpninfo, PRG_ERR, _("Unknown DTLS parameters for requested CipherSuite '%s'\n"),
vpninfo->dtls_cipher);
vpninfo->dtls_attempt_period = 0;
return -EINVAL;
389
390
found_cipher:
391
392
gnutls_init(&dtls_ssl, GNUTLS_CLIENT|GNUTLS_DATAGRAM|GNUTLS_NONBLOCK);
err = gnutls_priority_set_direct(dtls_ssl,
393
gnutls_dtls_ciphers[cipher].prio,
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
NULL);
if (err) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to set DTLS priority: %s\n"),
gnutls_strerror(err));
gnutls_deinit(dtls_ssl);
vpninfo->dtls_attempt_period = 0;
return -EINVAL;
}
gnutls_transport_set_ptr(dtls_ssl,
(gnutls_transport_ptr_t)(long) dtls_fd);
gnutls_record_disable_padding(dtls_ssl);
master_secret.data = vpninfo->dtls_secret;
master_secret.size = sizeof(vpninfo->dtls_secret);
session_id.data = vpninfo->dtls_session_id;
session_id.size = sizeof(vpninfo->dtls_session_id);
410
err = gnutls_session_set_premaster(dtls_ssl, GNUTLS_CLIENT, GNUTLS_DTLS0_9,
411
412
GNUTLS_KX_RSA, gnutls_dtls_ciphers[cipher].cipher,
gnutls_dtls_ciphers[cipher].mac, GNUTLS_COMP_NULL,
413
&master_secret, &session_id);
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
if (err) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to set DTLS session parameters: %s\n"),
gnutls_strerror(err));
gnutls_deinit(dtls_ssl);
vpninfo->dtls_attempt_period = 0;
return -EINVAL;
}
vpninfo->new_dtls_ssl = dtls_ssl;
return 0;
}
int dtls_try_handshake(struct openconnect_info *vpninfo)
{
int err = gnutls_handshake(vpninfo->new_dtls_ssl);
if (!err) {
432
433
434
#ifdef HAVE_GNUTLS_DTLS_SET_DATA_MTU
/* Make sure GnuTLS's idea of the MTU is sufficient to take
a full VPN MTU (with 1-byte header) in a data record. */
435
err = gnutls_dtls_set_data_mtu(vpninfo->new_dtls_ssl, vpninfo->actual_mtu + 1);
436
437
438
439
440
441
442
443
444
445
446
447
if (err) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to set DTLS MTU: %s\n"),
gnutls_strerror(err));
goto error;
}
#else
/* If we don't have gnutls_dtls_set_data_mtu() then make sure
we leave enough headroom by adding the worst-case overhead.
We only support AES128-CBC and DES-CBC3-SHA anyway, so
working out the worst case isn't hard. */
gnutls_dtls_set_mtu(vpninfo->new_dtls_ssl,
448
vpninfo->actual_mtu + 1 /* packet + header */
449
450
451
452
453
454
+ 13 /* DTLS header */
+ 20 /* biggest supported MAC (SHA1) */
+ 16 /* biggest supported IV (AES-128) */
+ 16 /* max padding */);
#endif
455
vpn_progress(vpninfo, PRG_INFO, _("Established DTLS connection (using GnuTLS)\n"));
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
if (vpninfo->dtls_ssl) {
/* We are replacing an old connection */
gnutls_deinit(vpninfo->dtls_ssl);
close(vpninfo->dtls_fd);
FD_CLR(vpninfo->dtls_fd, &vpninfo->select_rfds);
FD_CLR(vpninfo->dtls_fd, &vpninfo->select_wfds);
FD_CLR(vpninfo->dtls_fd, &vpninfo->select_efds);
}
vpninfo->dtls_ssl = vpninfo->new_dtls_ssl;
vpninfo->dtls_fd = vpninfo->new_dtls_fd;
vpninfo->new_dtls_ssl = NULL;
vpninfo->new_dtls_fd = -1;
vpninfo->dtls_times.last_rx = vpninfo->dtls_times.last_tx = time(NULL);
/* XXX: For OpenSSL we explicitly prevent retransmits here. */
return 0;
}
if (err == GNUTLS_E_AGAIN) {
if (time(NULL) < vpninfo->new_dtls_started + 5)
return 0;
vpn_progress(vpninfo, PRG_TRACE, _("DTLS handshake timed out\n"));
}
vpn_progress(vpninfo, PRG_ERR, _("DTLS handshake failed: %s\n"),
gnutls_strerror(err));
486
487
goto error;
error:
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
/* Kill the new (failed) connection... */
gnutls_deinit(vpninfo->new_dtls_ssl);
FD_CLR(vpninfo->new_dtls_fd, &vpninfo->select_rfds);
FD_CLR(vpninfo->new_dtls_fd, &vpninfo->select_efds);
close(vpninfo->new_dtls_fd);
vpninfo->new_dtls_ssl = NULL;
vpninfo->new_dtls_fd = -1;
/* ... and kill the old one too. The only time there'll be a valid
existing session is when it was a rekey, and in that case it's
time for the old one to die. */
if (vpninfo->dtls_ssl) {
gnutls_deinit(vpninfo->dtls_ssl);
close(vpninfo->dtls_fd);
FD_CLR(vpninfo->dtls_fd, &vpninfo->select_rfds);
FD_CLR(vpninfo->dtls_fd, &vpninfo->select_wfds);
FD_CLR(vpninfo->dtls_fd, &vpninfo->select_efds);
vpninfo->dtls_ssl = NULL;
vpninfo->dtls_fd = -1;
}
time(&vpninfo->new_dtls_started);
return -EINVAL;
}
#endif
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
int connect_dtls_socket(struct openconnect_info *vpninfo)
{
int dtls_fd, ret;
if (!vpninfo->dtls_addr) {
vpn_progress(vpninfo, PRG_ERR, _("No DTLS address\n"));
vpninfo->dtls_attempt_period = 0;
return -EINVAL;
}
if (!vpninfo->dtls_cipher) {
/* We probably didn't offer it any ciphers it liked */
vpn_progress(vpninfo, PRG_ERR, _("Server offered no DTLS cipher option\n"));
vpninfo->dtls_attempt_period = 0;
return -EINVAL;
}
if (vpninfo->proxy) {
/* XXX: Theoretically, SOCKS5 proxies can do UDP too */
vpn_progress(vpninfo, PRG_ERR, _("No DTLS when connected via proxy\n"));
vpninfo->dtls_attempt_period = 0;
return -EINVAL;
}
dtls_fd = socket(vpninfo->peer_addr->sa_family, SOCK_DGRAM, IPPROTO_UDP);
if (dtls_fd < 0) {
perror(_("Open UDP socket for DTLS:"));
return -EINVAL;
}
544
if (vpninfo->dtls_local_port) {
545
546
547
548
union {
struct sockaddr_in in;
struct sockaddr_in6 in6;
} dtls_bind_addr;
549
550
551
552
int dtls_bind_addrlen;
memset(&dtls_bind_addr, 0, sizeof(dtls_bind_addr));
if (vpninfo->peer_addr->sa_family == AF_INET) {
553
struct sockaddr_in *addr = &dtls_bind_addr.in;
554
555
556
557
558
dtls_bind_addrlen = sizeof(*addr);
addr->sin_family = AF_INET;
addr->sin_addr.s_addr = INADDR_ANY;
addr->sin_port = htons(vpninfo->dtls_local_port);
} else if (vpninfo->peer_addr->sa_family == AF_INET6) {
559
struct sockaddr_in6 *addr = &dtls_bind_addr.in6;
560
561
562
563
564
565
566
567
568
dtls_bind_addrlen = sizeof(*addr);
addr->sin6_family = AF_INET6;
addr->sin6_addr = in6addr_any;
addr->sin6_port = htons(vpninfo->dtls_local_port);
} else {
vpn_progress(vpninfo, PRG_ERR,
_("Unknown protocol family %d. Cannot do DTLS\n"),
vpninfo->peer_addr->sa_family);
vpninfo->dtls_attempt_period = 0;
569
close(dtls_fd);
570
571
572
573
574
return -EINVAL;
}
if (bind(dtls_fd, (struct sockaddr *)&dtls_bind_addr, dtls_bind_addrlen)) {
perror(_("Bind UDP socket for DTLS"));
575
close(dtls_fd);
576
577
578
579
return -EINVAL;
}
}
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
if (connect(dtls_fd, vpninfo->dtls_addr, vpninfo->peer_addrlen)) {
perror(_("UDP (DTLS) connect:\n"));
close(dtls_fd);
return -EINVAL;
}
fcntl(dtls_fd, F_SETFD, FD_CLOEXEC);
fcntl(dtls_fd, F_SETFL, fcntl(dtls_fd, F_GETFL) | O_NONBLOCK);
ret = start_dtls_handshake(vpninfo, dtls_fd);
if (ret) {
close(dtls_fd);
return ret;
}
vpninfo->new_dtls_fd = dtls_fd;
if (vpninfo->select_nfds <= dtls_fd)
vpninfo->select_nfds = dtls_fd + 1;
FD_SET(dtls_fd, &vpninfo->select_rfds);
FD_SET(dtls_fd, &vpninfo->select_efds);
time(&vpninfo->new_dtls_started);
return dtls_try_handshake(vpninfo);
}
607
static int dtls_restart(struct openconnect_info *vpninfo)
608
609
{
if (vpninfo->dtls_ssl) {
610
#if defined (DTLS_OPENSSL)
611
SSL_free(vpninfo->dtls_ssl);
612
#elif defined (DTLS_GNUTLS)
613
614
gnutls_deinit(vpninfo->dtls_ssl);
#endif
615
close(vpninfo->dtls_fd);
616
617
618
FD_CLR(vpninfo->dtls_fd, &vpninfo->select_rfds);
FD_CLR(vpninfo->dtls_fd, &vpninfo->select_wfds);
FD_CLR(vpninfo->dtls_fd, &vpninfo->select_efds);
619
620
621
vpninfo->dtls_ssl = NULL;
vpninfo->dtls_fd = -1;
}
622
623
return connect_dtls_socket(vpninfo);
624
625
}
626
627
int setup_dtls(struct openconnect_info *vpninfo)
628
629
{
struct vpn_option *dtls_opt = vpninfo->dtls_options;
630
int dtls_port = 0;
631
632
633
634
635
636
637
638
639
640
#if defined (OPENCONNECT_GNUTLS) && defined (DTLS_OPENSSL)
/* If we're using GnuTLS for authentication but OpenSSL for DTLS,
we'll need to initialise OpenSSL now... */
SSL_library_init ();
ERR_clear_error ();
SSL_load_error_strings ();
OpenSSL_add_all_algorithms ();
#endif
641
while (dtls_opt) {
642
vpn_progress(vpninfo, PRG_TRACE,
643
644
_("DTLS option %s : %s\n"),
dtls_opt->option, dtls_opt->value);
645
646
if (!strcmp(dtls_opt->option + 7, "Port")) {
647
dtls_port = atol(dtls_opt->value);
648
} else if (!strcmp(dtls_opt->option + 7, "Keepalive")) {
649
vpninfo->dtls_times.keepalive = atol(dtls_opt->value);
650
} else if (!strcmp(dtls_opt->option + 7, "DPD")) {
651
652
653
int j = atol(dtls_opt->value);
if (j && (!vpninfo->dtls_times.dpd || j < vpninfo->dtls_times.dpd))
vpninfo->dtls_times.dpd = j;
654
} else if (!strcmp(dtls_opt->option + 7, "Rekey-Time")) {
655
vpninfo->dtls_times.rekey = atol(dtls_opt->value);
656
} else if (!strcmp(dtls_opt->option + 7, "CipherSuite")) {
657
vpninfo->dtls_cipher = strdup(dtls_opt->value);
658
}
659
660
661
dtls_opt = dtls_opt->next;
}
662
if (!dtls_port) {
663
vpninfo->dtls_attempt_period = 0;
664
return -EINVAL;
665
666
667
668
669
670
671
672
}
vpninfo->dtls_addr = malloc(vpninfo->peer_addrlen);
if (!vpninfo->dtls_addr) {
vpninfo->dtls_attempt_period = 0;
return -ENOMEM;
}
memcpy(vpninfo->dtls_addr, vpninfo->peer_addr, vpninfo->peer_addrlen);
673
674
if (vpninfo->peer_addr->sa_family == AF_INET) {
675
struct sockaddr_in *sin = (void *)vpninfo->dtls_addr;
676
677
sin->sin_port = htons(dtls_port);
} else if (vpninfo->peer_addr->sa_family == AF_INET6) {
678
struct sockaddr_in6 *sin = (void *)vpninfo->dtls_addr;
679
680
sin->sin6_port = htons(dtls_port);
} else {
681
682
683
vpn_progress(vpninfo, PRG_ERR,
_("Unknown protocol family %d. Cannot do DTLS\n"),
vpninfo->peer_addr->sa_family);
684
vpninfo->dtls_attempt_period = 0;
685
686
687
return -EINVAL;
}
688
689
if (connect_dtls_socket(vpninfo))
return -EINVAL;
690
691
vpn_progress(vpninfo, PRG_TRACE,
692
_("DTLS initialised. DPD %d, Keepalive %d\n"),
693
vpninfo->dtls_times.dpd, vpninfo->dtls_times.keepalive);
694
695
return 0;
696
697
}
698
699
static struct pkt *dtls_pkt;
700
int dtls_mainloop(struct openconnect_info *vpninfo, int *timeout)
701
{
702
int work_done = 0;
703
char magic_pkt;
704
705
while (1) {
706
int len = vpninfo->actual_mtu;
707
708
709
710
711
712
713
714
715
716
717
unsigned char *buf;
if (!dtls_pkt) {
dtls_pkt = malloc(sizeof(struct pkt) + len);
if (!dtls_pkt) {
vpn_progress(vpninfo, PRG_ERR, "Allocation failed\n");
break;
}
}
buf = dtls_pkt->data - 1;
718
len = DTLS_RECV(vpninfo->dtls_ssl, buf, len + 1);
719
720
if (len <= 0)
break;
721
722
vpn_progress(vpninfo, PRG_TRACE,
723
724
_("Received DTLS packet 0x%02x of %d bytes\n"),
buf[0], len);
725
726
vpninfo->dtls_times.last_rx = time(NULL);
727
728
switch(buf[0]) {
729
case AC_PKT_DATA:
730
731
732
dtls_pkt->len = len - 1;
queue_packet(&vpninfo->incoming_queue, dtls_pkt);
dtls_pkt = NULL;
733
734
735
work_done = 1;
break;
736
case AC_PKT_DPD_OUT:
737
vpn_progress(vpninfo, PRG_TRACE, _("Got DTLS DPD request\n"));
738
739
740
/* FIXME: What if the packet doesn't get through? */
magic_pkt = AC_PKT_DPD_RESP;
741
if (DTLS_SEND(vpninfo->dtls_ssl, &magic_pkt, 1) != 1)
742
743
vpn_progress(vpninfo, PRG_ERR,
_("Failed to send DPD response. Expect disconnect\n"));
744
745
continue;
746
case AC_PKT_DPD_RESP:
747
vpn_progress(vpninfo, PRG_TRACE, _("Got DTLS DPD response\n"));
748
749
break;
750
case AC_PKT_KEEPALIVE:
751
vpn_progress(vpninfo, PRG_TRACE, _("Got DTLS Keepalive\n"));
752
753
break;
754
default:
755
vpn_progress(vpninfo, PRG_ERR,
756
757
_("Unknown DTLS packet type %02x, len %d\n"),
buf[0], len);
758
759
if (1) {
/* Some versions of OpenSSL have bugs with receiving out-of-order
760
* packets. Not only do they wrongly decide to drop packets if
761
762
763
764
765
766
767
768
769
* two packets get swapped in transit, but they also _fail_ to
* drop the packet in non-blocking mode; instead they return
* the appropriate length of garbage. So don't abort... for now. */
break;
} else {
vpninfo->quit_reason = "Unknown packet received";
return 1;
}
770
}
771
}
772
773
774
switch (keepalive_action(&vpninfo->dtls_times, timeout)) {
case KA_REKEY:
775
vpn_progress(vpninfo, PRG_INFO, _("DTLS rekey due\n"));
776
777
778
779
/* There ought to be a method of rekeying DTLS without tearing down
the CSTP session and restarting, but we don't (yet) know it */
if (cstp_reconnect(vpninfo)) {
780
vpn_progress(vpninfo, PRG_ERR, _("Reconnect failed\n"));
781
782
783
784
785
vpninfo->quit_reason = "CSTP reconnect failed";
return 1;
}
if (dtls_restart(vpninfo)) {
786
vpn_progress(vpninfo, PRG_ERR, _("DTLS rekey failed\n"));
787
788
return 1;
}
789
790
791
792
793
work_done = 1;
break;
case KA_DPD_DEAD:
794
vpn_progress(vpninfo, PRG_ERR, _("DTLS Dead Peer Detection detected dead peer!\n"));
795
796
797
/* Fall back to SSL, and start a new DTLS connection */
dtls_restart(vpninfo);
return 1;
798
799
case KA_DPD:
800
vpn_progress(vpninfo, PRG_TRACE, _("Send DTLS DPD\n"));
801
802
magic_pkt = AC_PKT_DPD_OUT;
803
804
805
806
if (DTLS_SEND(vpninfo->dtls_ssl, &magic_pkt, 1) != 1)
vpn_progress(vpninfo, PRG_ERR,
_("Failed to send DPD request. Expect disconnect\n"));
807
808
809
810
/* last_dpd will just have been set */
vpninfo->dtls_times.last_tx = vpninfo->dtls_times.last_dpd;
work_done = 1;
break;
811
812
813
814
815
816
case KA_KEEPALIVE:
/* No need to send an explicit keepalive
if we have real data to send */
if (vpninfo->outgoing_queue)
break;
817
818
vpn_progress(vpninfo, PRG_TRACE, _("Send DTLS Keepalive\n"));
819
820
magic_pkt = AC_PKT_KEEPALIVE;
821
822
823
if (DTLS_SEND(vpninfo->dtls_ssl, &magic_pkt, 1) != 1)
vpn_progress(vpninfo, PRG_ERR,
_("Failed to send keepalive request. Expect disconnect\n"));
824
825
826
time(&vpninfo->dtls_times.last_tx);
work_done = 1;
break;
827
828
829
case KA_NONE:
;
830
831
}
832
/* Service outgoing packet queue */
833
834
835
while (vpninfo->outgoing_queue) {
struct pkt *this = vpninfo->outgoing_queue;
int ret;
836
837
vpninfo->outgoing_queue = this->next;
838
vpninfo->outgoing_qlen--;
839
840
841
/* One byte of header */
this->hdr[7] = AC_PKT_DATA;
842
843
#if defined(DTLS_OPENSSL)
844
ret = SSL_write(vpninfo->dtls_ssl, &this->hdr[7], this->len + 1);
845
846
847
848
849
850
if (ret <= 0) {
ret = SSL_get_error(vpninfo->dtls_ssl, ret);
/* If it's a real error, kill the DTLS connection and
requeue the packet to be sent over SSL */
if (ret != SSL_ERROR_WANT_READ && ret != SSL_ERROR_WANT_WRITE) {
851
vpn_progress(vpninfo, PRG_ERR,
852
853
_("DTLS got write error %d. Falling back to SSL\n"),
ret);
854
openconnect_report_ssl_errors(vpninfo);
855
856
dtls_restart(vpninfo);
vpninfo->outgoing_queue = this;
857
vpninfo->outgoing_qlen++;
858
859
860
}
return 1;
}
861
#elif defined (DTLS_GNUTLS)
862
863
864
865
866
867
868
869
870
871
872
873
874
ret = gnutls_record_send(vpninfo->dtls_ssl, &this->hdr[7], this->len + 1);
if (ret <= 0) {
if (ret != GNUTLS_E_AGAIN) {
vpn_progress(vpninfo, PRG_ERR,
_("DTLS got write error: %s. Falling back to SSL\n"),
gnutls_strerror(ret));
dtls_restart(vpninfo);
vpninfo->outgoing_queue = this;
vpninfo->outgoing_qlen++;
}
return 1;
}
#endif
875
time(&vpninfo->dtls_times.last_tx);
876
vpn_progress(vpninfo, PRG_TRACE,
877
_("Sent DTLS packet of %d bytes; DTLS send returned %d\n"),
878
this->len, ret);
879
free(this);
880
}
881
882
return work_done;
883
}
884
885
#else /* !HAVE_DTLS */
#warning Your SSL library does not seem to support Cisco DTLS compatibility
886
int setup_dtls(struct openconnect_info *vpninfo)
887
{
888
vpn_progress(vpninfo, PRG_ERR,
889
_("Built against SSL library with no Cisco DTLS support\n"));
890
891
892
return -EINVAL;
}
#endif