projects / platform / upstream / openconnect.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Fix compiler warnings with OpenSSL 1.0.0
[platform/upstream/openconnect.git] / dtls.c
1 /*
2  * OpenConnect (SSL + DTLS) VPN client
3  *
4  * Copyright © 2008 Intel Corporation.
5  *
6  * Author: David Woodhouse <dwmw2@infradead.org>
7  *
8  * This program is free software; you can redistribute it and/or
9  * modify it under the terms of the GNU Lesser General Public License
10  * version 2.1, as published by the Free Software Foundation.
11  *
12  * This program is distributed in the hope that it will be useful, but
13  * WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
15  * Lesser General Public License for more details.
16  *
17  * You should have received a copy of the GNU Lesser General Public
18  * License along with this library; if not, write to:
19  *
20  *   Free Software Foundation, Inc.
21  *   51 Franklin Street, Fifth Floor,
22  *   Boston, MA 02110-1301 USA
23  */
24
25 #include <errno.h>
26 #include <sys/types.h>
27 #include <sys/socket.h>
28 #include <netdb.h>
29 #include <unistd.h>
30 #include <netinet/in.h>
31 #include <openssl/err.h>
32 #include <openssl/ssl.h>
33 #include <fcntl.h>
34 #include <string.h>
35
36 #include "openconnect.h"
37
38 #ifdef SSL_F_DTLS1_CONNECT
39 #if 0
40 /*
41  * Useful for catching test cases, where we want everything to be
42  * reproducible.  *NEVER* do this in the wild.
43  */
44 time_t time(time_t *t)
45 {
46         time_t x = 0x3ab2d948;
47         if (t) *t = x;
48         return x;
49 }
50
51 int RAND_pseudo_bytes(char *buf, int len)
52 {
53         memset(buf, 0x5a, len);
54         printf("FAKE PSEUDO RANDOM!\n");
55         return 1;
56
57 }
58 int RAND_bytes(char *buf, int len)
59 {
60         static int foo = 0x5b;
61         printf("FAKE RANDOM!\n");
62         memset(buf, foo, len);
63         return 1;
64 }
65 #endif
66
67 /*
68  * The master-secret is generated randomly by the client. The server
69  * responds with a DTLS Session-ID. These, done over the HTTPS
70  * connection, are enough to 'resume' a DTLS session, bypassing all
71  * the normal setup of a normal DTLS connection.
72  *
73  * Cisco use a version of the protocol which predates RFC4347, but
74  * isn't quite the same as the pre-RFC version of the protocol which
75  * was in OpenSSL 0.9.8e -- it includes backports of some later
76  * OpenSSL patches.
77  *
78  * The openssl/ directory of this source tree should contain both a
79  * small patch against OpenSSL 0.9.8e to make it support Cisco's
80  * snapshot of the protocol, and a larger patch against newer OpenSSL
81  * which gives us an option to use the old protocol again.
82  *
83  * Cisco's server also seems to respond to the official version of the
84  * protocol, with a change in the ChangeCipherSpec packet which implies
85  * that it does know the difference and isn't just repeating the version
86  * number seen in the ClientHello. But although I can make the handshake
87  * complete by hacking tls1_mac() to use the _old_ protocol version
88  * number when calculating the MAC, the server still seems to be ignoring
89  * my subsequent data packets. So we use the old protocol, which is what
90  * their clients use anyway.
91  */
92
93 static unsigned char nybble(unsigned char n)
94 {
95         if      (n >= '0' && n <= '9') return n - '0';
96         else if (n >= 'A' && n <= 'F') return n - ('A' - 10);
97         else if (n >= 'a' && n <= 'f') return n - ('a' - 10);
98         return 0;
99 }
100
101 static unsigned char hex(const char *data)
102 {
103         return (nybble(data[0]) << 4) | nybble(data[1]);
104 }
105
106 int connect_dtls_socket(struct openconnect_info *vpninfo)
107 {
108         STACK_OF(SSL_CIPHER) *ciphers;
109         method_const SSL_METHOD *dtls_method;
110         SSL_CIPHER *dtls_cipher;
111         SSL *dtls_ssl;
112         BIO *dtls_bio;
113         int dtls_fd;
114
115         if (!vpninfo->dtls_cipher) {
116                 /* We probably didn't offer it any ciphers it liked */
117                 vpninfo->progress(vpninfo, PRG_ERR, "Server offered no DTLS cipher option\n");
118                 vpninfo->dtls_attempt_period = 0;
119                 return -EINVAL;
120         }
121                 
122         dtls_fd = socket(vpninfo->peer_addr->sa_family, SOCK_DGRAM, IPPROTO_UDP);
123         if (dtls_fd < 0) {
124                 perror("Open UDP socket for DTLS:");
125                 return -EINVAL;
126         }
127
128         if (connect(dtls_fd, vpninfo->peer_addr, vpninfo->peer_addrlen)) {
129                 perror("UDP (DTLS) connect:\n");
130                 close(dtls_fd);
131                 return -EINVAL;
132         }
133
134         fcntl(dtls_fd, F_SETFD, FD_CLOEXEC);
135
136         if (!vpninfo->dtls_ctx) {
137                 dtls_method = DTLSv1_client_method();
138                 vpninfo->dtls_ctx = SSL_CTX_new(dtls_method);
139                 if (!vpninfo->dtls_ctx) {
140                         vpninfo->progress(vpninfo, PRG_ERR, "Initialise DTLSv1 CTX failed\n");
141                         vpninfo->dtls_attempt_period = 0;
142                         return -EINVAL;
143                 }
144
145                 /* If we don't readahead, then we do short reads and throw
146                    away the tail of data packets. */
147                 SSL_CTX_set_read_ahead(vpninfo->dtls_ctx, 1);
148
149                 if (!SSL_CTX_set_cipher_list(vpninfo->dtls_ctx, vpninfo->dtls_cipher)) {
150                         vpninfo->progress(vpninfo, PRG_ERR, "Set DTLS cipher list failed\n");
151                         SSL_CTX_free(vpninfo->dtls_ctx);
152                         vpninfo->dtls_ctx = NULL;
153                         vpninfo->dtls_attempt_period = 0;
154                         return -EINVAL;
155                 }
156         }
157
158         if (!vpninfo->dtls_session) {
159                 /* We're going to "resume" a session which never existed. Fake it... */
160                 vpninfo->dtls_session = SSL_SESSION_new();
161                 if (!vpninfo->dtls_session) {
162                         vpninfo->progress(vpninfo, PRG_ERR, "Initialise DTLSv1 session failed\n");
163                         vpninfo->dtls_attempt_period = 0;
164                         return -EINVAL;
165                 }
166                 vpninfo->dtls_session->ssl_version = 0x0100; // DTLS1_BAD_VER
167
168                 vpninfo->dtls_session->master_key_length = sizeof(vpninfo->dtls_secret);
169                 memcpy(vpninfo->dtls_session->master_key, vpninfo->dtls_secret,
170                        sizeof(vpninfo->dtls_secret));
171
172                 vpninfo->dtls_session->session_id_length = sizeof(vpninfo->dtls_session_id);
173                 memcpy(vpninfo->dtls_session->session_id, vpninfo->dtls_session_id,
174                        sizeof(vpninfo->dtls_session_id));
175         }
176
177         dtls_ssl = SSL_new(vpninfo->dtls_ctx);
178         SSL_set_connect_state(dtls_ssl);
179
180         ciphers = SSL_get_ciphers(dtls_ssl);
181         if (sk_SSL_CIPHER_num(ciphers) != 1) {
182                 vpninfo->progress(vpninfo, PRG_ERR, "Not precisely one DTLS cipher\n");
183                 SSL_CTX_free(vpninfo->dtls_ctx);
184                 SSL_free(dtls_ssl);
185                 SSL_SESSION_free(vpninfo->dtls_session);
186                 vpninfo->dtls_ctx = NULL;
187                 vpninfo->dtls_session = NULL;
188                 vpninfo->dtls_attempt_period = 0;
189                 return -EINVAL;
190         }
191         dtls_cipher = sk_SSL_CIPHER_value(ciphers, 0);
192
193         /* Set the appropriate cipher on our session to be resumed */
194         vpninfo->dtls_session->cipher = dtls_cipher;
195         vpninfo->dtls_session->cipher_id = dtls_cipher->id;
196
197         /* Add the generated session to the SSL */
198         if (!SSL_set_session(dtls_ssl, vpninfo->dtls_session)) {
199                 vpninfo->progress(vpninfo, PRG_ERR,
200                                   "SSL_set_session() failed with old protocol version 0x%x\n"
201                                   "Your OpenSSL may lack Cisco compatibility support\n"
202                                   "See http://rt.openssl.org/Ticket/Display.html?id=1751\n"
203                                   "Use the --no-dtls command line option to avoid this message\n",
204                                   vpninfo->dtls_session->ssl_version);
205                 vpninfo->dtls_attempt_period = 0;
206                 return -EINVAL;
207         }
208
209         /* Go Go Go! */
210         dtls_bio = BIO_new_socket(dtls_fd, BIO_NOCLOSE);
211         SSL_set_bio(dtls_ssl, dtls_bio, dtls_bio);
212
213 #ifndef SSL_OP_CISCO_ANYCONNECT
214 #define SSL_OP_CISCO_ANYCONNECT 0x8000
215 #endif
216         SSL_set_options(dtls_ssl, SSL_OP_CISCO_ANYCONNECT);
217
218         /* Set non-blocking */
219         BIO_set_nbio(SSL_get_rbio(dtls_ssl), 1);
220         BIO_set_nbio(SSL_get_wbio(dtls_ssl), 1);
221
222         fcntl(dtls_fd, F_SETFL, fcntl(dtls_fd, F_GETFL) | O_NONBLOCK);
223
224         vpninfo->new_dtls_fd = dtls_fd;
225         vpninfo->new_dtls_ssl = dtls_ssl;
226
227         if (vpninfo->select_nfds <= dtls_fd)
228                 vpninfo->select_nfds = dtls_fd + 1;
229
230         FD_SET(dtls_fd, &vpninfo->select_rfds);
231         FD_SET(dtls_fd, &vpninfo->select_efds);
232
233         time(&vpninfo->new_dtls_started);
234         return dtls_try_handshake(vpninfo);
235 }
236
237 int dtls_try_handshake(struct openconnect_info *vpninfo)
238 {
239         int ret = SSL_do_handshake(vpninfo->new_dtls_ssl);
240
241         if (ret == 1) {
242                 vpninfo->progress(vpninfo, PRG_INFO, "Established DTLS connection\n");
243
244                 if (vpninfo->dtls_ssl) {
245                         /* We are replacing an old connection */
246                         SSL_free(vpninfo->dtls_ssl);
247                         close(vpninfo->dtls_fd);
248                         FD_CLR(vpninfo->dtls_fd, &vpninfo->select_rfds);
249                         FD_CLR(vpninfo->dtls_fd, &vpninfo->select_wfds);
250                         FD_CLR(vpninfo->dtls_fd, &vpninfo->select_efds);
251                 }
252                 vpninfo->dtls_ssl = vpninfo->new_dtls_ssl;
253                 vpninfo->dtls_fd = vpninfo->new_dtls_fd;
254
255                 vpninfo->new_dtls_ssl = NULL;
256                 vpninfo->new_dtls_fd = -1;
257
258                 vpninfo->dtls_times.last_rekey = vpninfo->dtls_times.last_rx =
259                         vpninfo->dtls_times.last_tx = time(NULL);
260
261                 return 0;
262         }
263
264         ret = SSL_get_error(vpninfo->new_dtls_ssl, ret);
265         if (ret == SSL_ERROR_WANT_WRITE || ret == SSL_ERROR_WANT_READ) {
266                 if (time(NULL) < vpninfo->new_dtls_started + 5)
267                         return 0;
268                 vpninfo->progress(vpninfo, PRG_TRACE, "DTLS handshake timed out\n");
269         }
270
271         vpninfo->progress(vpninfo, PRG_ERR, "DTLS handshake failed: %d\n", ret);
272         report_ssl_errors(vpninfo);
273
274         /* Kill the new (failed) connection... */
275         SSL_free(vpninfo->new_dtls_ssl);
276         FD_CLR(vpninfo->new_dtls_fd, &vpninfo->select_rfds);
277         FD_CLR(vpninfo->new_dtls_fd, &vpninfo->select_efds);
278         close(vpninfo->new_dtls_fd);
279         vpninfo->new_dtls_ssl = NULL;
280         vpninfo->new_dtls_fd = -1;
281
282         /* ... and kill the old one too. The only time there'll be a valid
283            existing session is when it was a rekey, and in that case it's
284            time for the old one to die. */
285         if (vpninfo->dtls_ssl) {
286                 SSL_free(vpninfo->dtls_ssl);
287                 close(vpninfo->dtls_fd);
288                 FD_CLR(vpninfo->dtls_fd, &vpninfo->select_rfds);
289                 FD_CLR(vpninfo->dtls_fd, &vpninfo->select_wfds);
290                 FD_CLR(vpninfo->dtls_fd, &vpninfo->select_efds);
291                 vpninfo->dtls_ssl = NULL;
292                 vpninfo->dtls_fd = -1;
293         }
294
295         time(&vpninfo->new_dtls_started);
296         return -EINVAL;
297 }
298
299 static int dtls_restart(struct openconnect_info *vpninfo)
300 {
301         if (vpninfo->dtls_ssl) {
302                 SSL_free(vpninfo->dtls_ssl);
303                 close(vpninfo->dtls_fd);
304                 FD_CLR(vpninfo->dtls_fd, &vpninfo->select_rfds);
305                 FD_CLR(vpninfo->dtls_fd, &vpninfo->select_wfds);
306                 FD_CLR(vpninfo->dtls_fd, &vpninfo->select_efds);
307                 vpninfo->dtls_ssl = NULL;
308                 vpninfo->dtls_fd = -1;
309         }
310
311         return connect_dtls_socket(vpninfo);
312 }
313
314
315 int setup_dtls(struct openconnect_info *vpninfo)
316 {
317         struct vpn_option *dtls_opt = vpninfo->dtls_options;
318         int sessid_found = 0;
319         int dtls_port = 0;
320         int i;
321
322         while (dtls_opt) {
323                 vpninfo->progress(vpninfo, PRG_TRACE,
324                                   "DTLS option %s : %s\n",
325                                   dtls_opt->option, dtls_opt->value);
326
327                 if (!strcmp(dtls_opt->option, "X-DTLS-Session-ID")) {
328                         if (strlen(dtls_opt->value) != 64) {
329                                 vpninfo->progress(vpninfo, PRG_ERR, "X-DTLS-Session-ID not 64 characters\n");
330                                 vpninfo->progress(vpninfo, PRG_ERR, "Is: %s\n", dtls_opt->value);
331                                 return -EINVAL;
332                         }
333                         for (i = 0; i < 64; i += 2)
334                                 vpninfo->dtls_session_id[i/2] = hex(dtls_opt->value + i);
335                         sessid_found = 1;
336                 } else if (!strcmp(dtls_opt->option + 7, "Port")) {
337                         dtls_port = atol(dtls_opt->value);
338                 } else if (!strcmp(dtls_opt->option + 7, "Keepalive")) {
339                         vpninfo->dtls_times.keepalive = atol(dtls_opt->value);
340                 } else if (!strcmp(dtls_opt->option + 7, "DPD")) {
341                         vpninfo->dtls_times.dpd = atol(dtls_opt->value);
342                 } else if (!strcmp(dtls_opt->option + 7, "Rekey-Time")) {
343                         vpninfo->dtls_times.rekey = atol(dtls_opt->value);
344                 } else if (!strcmp(dtls_opt->option + 7, "CipherSuite")) {
345                         vpninfo->dtls_cipher = strdup(dtls_opt->value);
346                 }
347
348                 dtls_opt = dtls_opt->next;
349         }
350         if (!sessid_found || !dtls_port)
351                 return -EINVAL;
352
353         if (vpninfo->peer_addr->sa_family == AF_INET) {
354                 struct sockaddr_in *sin = (void *)vpninfo->peer_addr;
355                 sin->sin_port = htons(dtls_port);
356         } else if (vpninfo->peer_addr->sa_family == AF_INET6) {
357                 struct sockaddr_in6 *sin = (void *)vpninfo->peer_addr;
358                 sin->sin6_port = htons(dtls_port);
359         } else {
360                 vpninfo->progress(vpninfo, PRG_ERR, "Unknown protocol family %d. Cannot do DTLS\n",
361                         vpninfo->peer_addr->sa_family);
362                 return -EINVAL;
363         }
364
365
366         if (connect_dtls_socket(vpninfo))
367                 return -EINVAL;
368
369         vpninfo->progress(vpninfo, PRG_TRACE,
370                           "DTLS connected. DPD %d, Keepalive %d\n",
371                           vpninfo->dtls_times.dpd, vpninfo->dtls_times.keepalive);
372
373         return 0;
374 }
375
376 int dtls_mainloop(struct openconnect_info *vpninfo, int *timeout)
377 {
378         unsigned char buf[2000];
379         int len;
380         int work_done = 0;
381         char magic_pkt;
382
383         while ( (len = SSL_read(vpninfo->dtls_ssl, buf, sizeof(buf))) > 0 ) {
384
385                 vpninfo->progress(vpninfo, PRG_TRACE,
386                                   "Received DTLS packet 0x%02x of %d bytes\n",
387                                   buf[0], len);
388
389                 vpninfo->dtls_times.last_rx = time(NULL);
390
391                 switch(buf[0]) {
392                 case AC_PKT_DATA:
393                         queue_new_packet(&vpninfo->incoming_queue, AF_INET, buf+1, len-1);
394                         work_done = 1;
395                         break;
396
397                 case AC_PKT_DPD_OUT:
398                         vpninfo->progress(vpninfo, PRG_TRACE, "Got DTLS DPD request\n");
399
400                         /* FIXME: What if the packet doesn't get through? */
401                         magic_pkt = AC_PKT_DPD_RESP;
402                         if (SSL_write(vpninfo->dtls_ssl, &magic_pkt, 1) != 1)
403                                 vpninfo->progress(vpninfo, PRG_ERR, "Failed to send DPD response. Expect disconnect\n");
404                         continue;
405
406                 case AC_PKT_DPD_RESP:
407                         vpninfo->progress(vpninfo, PRG_TRACE, "Got DTLS DPD response\n");
408                         break;
409
410                 case AC_PKT_KEEPALIVE:
411                         vpninfo->progress(vpninfo, PRG_TRACE, "Got DTLS Keepalive\n");
412                         break;
413
414                 default:
415                         vpninfo->progress(vpninfo, PRG_ERR,
416                                           "Unknown DTLS packet type %02x, len %d\n", buf[0], len);
417                         if (1) {
418                                 /* Some versions of OpenSSL have bugs with receiving out-of-order
419                                  * packets. Not only do they wrongly decide to drop packets if
420                                  * two packets get swapped in transit, but they also _fail_ to
421                                  * drop the packet in non-blocking mode; instead they return
422                                  * the appropriate length of garbage. So don't abort... for now. */
423                                 break;
424                         } else {
425                                 vpninfo->quit_reason = "Unknown packet received";
426                                 return 1;
427                         }
428
429                 }
430         }
431
432         switch (keepalive_action(&vpninfo->dtls_times, timeout)) {
433         case KA_REKEY:
434                 time(&vpninfo->dtls_times.last_rekey);
435                 vpninfo->progress(vpninfo, PRG_TRACE, "DTLS rekey due\n");
436                 if (connect_dtls_socket(vpninfo)) {
437                         vpninfo->progress(vpninfo, PRG_ERR, "DTLS rekey failed\n");
438                         return 1;
439                 }
440                 work_done = 1;
441                 break;
442
443
444         case KA_DPD_DEAD:
445                 vpninfo->progress(vpninfo, PRG_ERR, "DTLS Dead Peer Detection detected dead peer!\n");
446                 /* Fall back to SSL, and start a new DTLS connection */
447                 dtls_restart(vpninfo);
448                 return 1;
449
450         case KA_DPD:
451                 vpninfo->progress(vpninfo, PRG_TRACE, "Send DTLS DPD\n");
452
453                 magic_pkt = AC_PKT_DPD_OUT;
454                 SSL_write(vpninfo->dtls_ssl, &magic_pkt, 1);
455                 /* last_dpd will just have been set */
456                 vpninfo->dtls_times.last_tx = vpninfo->dtls_times.last_dpd;
457                 work_done = 1;
458                 break;
459
460         case KA_KEEPALIVE:
461                 /* No need to send an explicit keepalive
462                    if we have real data to send */
463                 if (vpninfo->outgoing_queue)
464                         break;
465
466                 vpninfo->progress(vpninfo, PRG_TRACE, "Send DTLS Keepalive\n");
467
468                 magic_pkt = AC_PKT_KEEPALIVE;
469                 SSL_write(vpninfo->dtls_ssl, &magic_pkt, 1);
470                 time(&vpninfo->dtls_times.last_tx);
471                 work_done = 1;
472                 break;
473
474         case KA_NONE:
475                 ;
476         }
477
478         /* Service outgoing packet queue */
479         while (vpninfo->outgoing_queue) {
480                 struct pkt *this = vpninfo->outgoing_queue;
481                 int ret;
482
483                 vpninfo->outgoing_queue = this->next;
484                 vpninfo->outgoing_qlen--;
485
486                 /* FIXME: Don't know how to handle IPv6 yet */
487                 if (this->type != AF_INET)
488                         continue;
489
490                 /* One byte of header */
491                 this->hdr[7] = AC_PKT_DATA;
492
493                 ret = SSL_write(vpninfo->dtls_ssl, &this->hdr[7], this->len + 1);
494                 if (ret <= 0) {
495                         ret = SSL_get_error(vpninfo->dtls_ssl, ret);
496
497                         /* If it's a real error, kill the DTLS connection and
498                            requeue the packet to be sent over SSL */
499                         if (ret != SSL_ERROR_WANT_READ && ret != SSL_ERROR_WANT_WRITE) {
500                                 vpninfo->progress(vpninfo, PRG_ERR,
501                                                   "DTLS got write error %d. Falling back to SSL\n", ret);
502                                 report_ssl_errors(vpninfo);
503                                 dtls_restart(vpninfo);
504                                 vpninfo->outgoing_queue = this;
505                                 vpninfo->outgoing_qlen++;
506                         }
507                         return 1;
508                 }
509                 time(&vpninfo->dtls_times.last_tx);
510                 vpninfo->progress(vpninfo, PRG_TRACE,
511                                   "Sent DTLS packet of %d bytes; SSL_write() returned %d\n",
512                                   this->len, ret);
513                 free(this);
514         }
515
516         return work_done;
517 }
518 #else /* No DTLS support in OpenSSL */
519 int setup_dtls(struct openconnect_info *vpninfo)
520 {
521         vpninfo->progress(vpninfo, PRG_ERR, "Built against OpenSSL with no DTLS support\n");
522         return -EINVAL;
523 }
524 #endif
525
Domain: Network & Connectivity / Data Network; Licenses: LGPL-2.1+;