* Author: David Woodhouse <dwmw2@infradead.org>

*

* This program is free software; you can redistribute it and/or

* WITHOUT ANY WARRANTY; without even the implied warranty of

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

* Lesser General Public License for more details.

*/

#include <config.h>

#include "openconnect-internal.h"

#ifndef _WIN32

#include <netinet/in.h>

#include <sys/socket.h>

#endif

#include <errno.h>

#include <string.h>

#include <stdlib.h>

#include <stdio.h>

/*

* The master-secret is generated randomly by the client. The server

* responds with a DTLS Session-ID. These, done over the HTTPS

* connection, are enough to 'resume' a DTLS session, bypassing all

* the normal setup of a normal DTLS connection.

*

* Cisco use a version of the protocol which predates RFC4347, but

* isn't quite the same as the pre-RFC version of the protocol which

* was in OpenSSL 0.9.8e -- it includes backports of some later

* OpenSSL patches.

* The openssl/ directory of this source tree should contain both a

* small patch against OpenSSL 0.9.8e to make it support Cisco's

* snapshot of the protocol, and a larger patch against newer OpenSSL

* which gives us an option to use the old protocol again.

* Cisco's server also seems to respond to the official version of the

* protocol, with a change in the ChangeCipherSpec packet which implies

* that it does know the difference and isn't just repeating the version

* number seen in the ClientHello. But although I can make the handshake

* complete by hacking tls1_mac() to use the _old_ protocol version

* number when calculating the MAC, the server still seems to be ignoring

* my subsequent data packets. So we use the old protocol, which is what

* their clients use anyway.

char *openconnect_bin2hex(const char *prefix, const uint8_t *data, unsigned len)

{

struct oc_text_buf *buf;

char *p = NULL;

if (prefix)

buf_append(buf, "%s", prefix);

buf_append_hex(buf, data, len);

if (!buf_error(buf)) {

p = buf->data;

buf->data = NULL;

buf_free(buf);

return p;

}

char *openconnect_bin2base64(const char *prefix, const uint8_t *data, unsigned len)

{

struct oc_text_buf *buf;

char *p = NULL;

buf = buf_alloc();

if (prefix)

buf_append(buf, "%s", prefix);

if (!buf_error(buf)) {

p = buf->data;

buf->data = NULL;

}

buf_free(buf);

return p;

}

/* Sanity check for the removal of new_dtls_{fd,ssl} */

if (vpninfo->dtls_fd != -1) {

vpn_progress(vpninfo, PRG_ERR, _("DTLS connection attempted with an existing fd\n"));

vpninfo->dtls_attempt_period = 0;

return -EINVAL;

}

if (!vpninfo->dtls_addr) {

vpn_progress(vpninfo, PRG_ERR, _("No DTLS address\n"));

vpninfo->dtls_attempt_period = 0;

return -EINVAL;

}

/* We probably didn't offer it any ciphers it liked */

vpn_progress(vpninfo, PRG_ERR, _("Server offered no DTLS cipher option\n"));

vpninfo->dtls_attempt_period = 0;

return -EINVAL;

}

if (vpninfo->proxy) {

/* XXX: Theoretically, SOCKS5 proxies can do UDP too */

vpn_progress(vpninfo, PRG_ERR, _("No DTLS when connected via proxy\n"));

vpninfo->dtls_attempt_period = 0;

return -EINVAL;

}

dtls_fd = udp_connect(vpninfo);

if (dtls_fd < 0)

return -EINVAL;

ret = start_dtls_handshake(vpninfo, dtls_fd);

if (ret) {

return ret;

}

vpninfo->dtls_state = DTLS_CONNECTING;

monitor_fd_new(vpninfo, dtls);

monitor_read_fd(vpninfo, dtls);

monitor_except_fd(vpninfo, dtls);

time(&vpninfo->new_dtls_started);

}

{

if (vpninfo->dtls_ssl) {

vpninfo->dtls_ssl = NULL;

vpninfo->dtls_fd = -1;

}

if (vpninfo->dtls_state == DTLS_DISABLED)

return -EINVAL;

}

if (vpninfo->dtls_state == DTLS_DISABLED ||

vpninfo->dtls_state == DTLS_NOSECRET)

return -EINVAL;

return 0;

if (vpninfo->dtls_times.rekey <= 0)

vpninfo->dtls_times.rekey_method = REKEY_NONE;

return 0;

}

int udp_tos_update(struct openconnect_info *vpninfo, struct pkt *pkt)

{

int tos;

/* Extract TOS field from IP header (IPv4 and IPv6 differ) */

switch(pkt->data[0] >> 4) {

case 4:

tos = pkt->data[1];

break;

case 6:

tos = (load_be16(pkt->data) >> 4) & 0xff;

break;

default:

vpn_progress(vpninfo, PRG_ERR,

_("Unknown packet (len %d) received: %02x %02x %02x %02x...\n"),

pkt->len, pkt->data[0], pkt->data[1], pkt->data[2], pkt->data[3]);

return -EINVAL;

}

/* set the actual value */

if (tos != vpninfo->dtls_tos_current) {

vpn_progress(vpninfo, PRG_DEBUG, _("TOS this: %d, TOS last: %d\n"),

tos, vpninfo->dtls_tos_current);

if (setsockopt(vpninfo->dtls_fd, vpninfo->dtls_tos_proto,

vpninfo->dtls_tos_optname, (void *)&tos, sizeof(tos)))

vpn_perror(vpninfo, _("UDP setsockopt"));

else

vpninfo->dtls_tos_current = tos;

}

return 0;

}

if (vpninfo->dtls_need_reconnect) {

vpninfo->dtls_need_reconnect = 0;

return 1;

}

if (vpninfo->dtls_state != DTLS_CONNECTED) {

vpninfo->delay_tunnel_reason = "DTLS MTU detection";

return 0;

}

return 1;

if (vpninfo->dtls_state == DTLS_SLEEPING) {

int when = vpninfo->new_dtls_started + vpninfo->dtls_attempt_period - time(NULL);

if (when <= 0) {

} else if ((when * 1000) < *timeout) {

*timeout = when * 1000;

}

/* Nothing to do here for Cisco DTLS as it is preauthenticated */

if (vpninfo->dtls_state == DTLS_CONNECTED)

vpninfo->dtls_state = DTLS_ESTABLISHED;

unsigned char *buf;

if (vpninfo->incoming_queue.count >= vpninfo->max_qlen) {

work_done = 1;

break;

}

break;

}

}

if (len <= 0)

break;

_("Received DTLS packet 0x%02x of %d bytes\n"),

buf[0], len);

vpninfo->dtls_pkt->len = len - 1;

queue_packet(&vpninfo->incoming_queue, vpninfo->dtls_pkt);

vpninfo->dtls_pkt = NULL;

work_done = 1;

break;

/* FIXME: What if the packet doesn't get through? */

magic_pkt = AC_PKT_DPD_RESP;

vpn_progress(vpninfo, PRG_ERR,

_("Failed to send DPD response. Expect disconnect\n"));

continue;

break;

break;

case AC_PKT_COMPRESSED:

if (!vpninfo->dtls_compr) {

vpn_progress(vpninfo, PRG_ERR,

_("Compressed DTLS packet received when compression not enabled\n"));

goto unknown_pkt;

}

decompress_and_queue_packet(vpninfo, vpninfo->dtls_compr,

vpninfo->dtls_pkt->data, len - 1);

_("Unknown DTLS packet type %02x, len %d\n"),

buf[0], len);

if (1) {

/* Some versions of OpenSSL have bugs with receiving out-of-order

* two packets get swapped in transit, but they also _fail_ to

* drop the packet in non-blocking mode; instead they return

* the appropriate length of garbage. So don't abort... for now. */

break;

} else {

vpninfo->quit_reason = "Unknown packet received";

return 1;

}

case KA_REKEY: {

int ret;

if (vpninfo->dtls_times.rekey_method == REKEY_SSL) {

time(&vpninfo->new_dtls_started);

vpninfo->dtls_state = DTLS_CONNECTING;

}

case KA_DPD_DEAD:

case KA_DPD:

vpn_progress(vpninfo, PRG_ERR,

_("Failed to send DPD request. Expect disconnect\n"));

/* last_dpd will just have been set */

vpninfo->dtls_times.last_tx = vpninfo->dtls_times.last_dpd;

work_done = 1;

break;

case KA_KEEPALIVE:

/* No need to send an explicit keepalive

if we have real data to send */

vpn_progress(vpninfo, PRG_ERR,

_("Failed to send keepalive request. Expect disconnect\n"));

time(&vpninfo->dtls_times.last_tx);

work_done = 1;

break;

case KA_NONE:

;

}

while (vpninfo->outgoing_queue.head) {

struct pkt *this = dequeue_packet(&vpninfo->outgoing_queue);

/* If TOS optname is set, we want to copy the TOS/TCLASS header

to the outer UDP packet */

if (vpninfo->dtls_tos_optname)

udp_tos_update(vpninfo, this);

/* We can compress into vpninfo->deflate_pkt unless CSTP

* currently has a compressed packet pending — which it

* shouldn't if DTLS is active. */

if (vpninfo->dtls_compr &&

vpninfo->current_ssl_pkt != vpninfo->deflate_pkt &&

!compress_packet(vpninfo, vpninfo->dtls_compr, this)) {

}

/* Zero is -EAGAIN; just requeue. dtls_nonblock_write()

* will have added the socket to the poll wfd list. */

requeue_packet(&vpninfo->outgoing_queue, this);

if (ret < 0) {

/* If it's a real error, kill the DTLS connection so

the requeued packet will be sent over SSL */

/* This symbol is missing in glibc < 2.22 (bug 18643). */

#if defined(__linux__) && !defined(HAVE_IPV6_PATHMTU)

# define HAVE_IPV6_PATHMTU 1

# define IPV6_PATHMTU 61

#endif

#define PKT_INTERVAL_MS 50

/* Performs a binary search to detect MTU.

* @buf: is preallocated with MTU size

*

* Returns: new MTU or 0

*/

uint32_t id, id_len;

struct timeval start_tv, now_tv, last_tv;