2 * Open AnyConnect (SSL + DTLS) client
4 * © 2008 David Woodhouse <dwmw2@infradead.org>
6 * Permission to use, copy, modify, and/or distribute this software
7 * for any purpose with or without fee is hereby granted, provided
8 * that the above copyright notice and this permission notice appear
11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
12 * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
13 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
14 * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
15 * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
16 * OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
17 * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
18 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22 #include <sys/types.h>
23 #include <sys/socket.h>
26 #include <openssl/err.h>
29 #include "anyconnect.h"
32 * The master-secret is generated randomly by the client. The server
33 * responds with a DTLS Session-ID. These, done over the HTTPS
34 * connection, are enough to 'resume' a DTLS session, bypassing all
35 * the normal setup of a normal DTLS connection.
37 * This code works when run against Cisco's own libssl.so.0.9.8, but
38 * fails (Bad Record MAC on receipt of the Server Hello) when run
39 * against my own build of OpenSSL-0.9.8f.
41 * It lookslike they've reverted _some_ of the changes beween 0.9.8e
42 * and 0.9.8f, but not all of them. In particular, they use
43 * DTLS1_BAD_VER for the protocol version.
45 * Using OpenSSL-0.9.8e, which was the last release of OpenSSL to use
46 * DTLS1_BAD_VER, also fails similarly.
48 * Hopefully they're just using something equivalent to a snapshot
49 * between 0.9.8e and 0.9.8f, and they don't have their own "special"
53 static unsigned char nybble(unsigned char n)
55 if (n >= '0' && n <= '9') return n - '0';
56 else if (n >= 'A' && n <= 'F') return n - ('A' - 10);
57 else if (n >= 'a' && n <= 'f') return n - ('a' - 10);
61 static unsigned char hex(const char *data)
63 return (nybble(data[0]) << 4) | nybble(data[1]);
66 static int connect_dtls_socket(struct anyconnect_info *vpninfo, int dtls_port)
68 SSL_METHOD *dtls_method;
70 SSL_SESSION *dtls_session;
71 SSL_CIPHER *https_cipher;
77 if (vpninfo->peer_addr->sa_family == AF_INET) {
78 struct sockaddr_in *sin = (void *)vpninfo->peer_addr;
79 sin->sin_port = htons(dtls_port);
80 } else if (vpninfo->peer_addr->sa_family == AF_INET6) {
81 struct sockaddr_in6 *sin = (void *)vpninfo->peer_addr;
82 sin->sin6_port = htons(dtls_port);
84 fprintf(stderr, "Unknown protocol family %d. Cannot do DTLS\n",
85 vpninfo->peer_addr->sa_family);
89 dtls_fd = socket(vpninfo->peer_addr->sa_family, SOCK_DGRAM, IPPROTO_UDP);
91 perror("Open UDP socket for DTLS:");
95 if (connect(dtls_fd, vpninfo->peer_addr, vpninfo->peer_addrlen)) {
96 perror("UDP (DTLS) connect:\n");
101 dtls_method = DTLSv1_client_method();
102 dtls_ctx = SSL_CTX_new(dtls_method);
103 SSL_CTX_set_read_ahead(dtls_ctx, 1);
104 https_cipher = SSL_get_current_cipher(vpninfo->https_ssl);
106 dtls_ssl = SSL_new(dtls_ctx);
107 SSL_set_connect_state(dtls_ssl);
108 SSL_set_cipher_list(dtls_ssl, SSL_CIPHER_get_name(https_cipher));
111 printf("SSL_SESSION is %zd bytes\n", sizeof(*dtls_session));
112 /* We're going to "resume" a session which never existed. Fake it... */
113 dtls_session = SSL_SESSION_new();
115 dtls_session->ssl_version = DTLS1_BAD_VER;
117 dtls_session->master_key_length = sizeof(vpninfo->dtls_secret);
118 memcpy(dtls_session->master_key, vpninfo->dtls_secret,
119 sizeof(vpninfo->dtls_secret));
121 dtls_session->session_id_length = sizeof(vpninfo->dtls_session_id);
122 memcpy(dtls_session->session_id, vpninfo->dtls_session_id,
123 sizeof(vpninfo->dtls_session_id));
125 dtls_session->cipher = https_cipher;
126 dtls_session->cipher_id = https_cipher->id;
128 /* Having faked a session, add it to the CTX and the SSL */
129 if (!SSL_set_session(dtls_ssl, dtls_session)) {
130 printf("SSL_set_session() failed with old protocol version 0x%x\n", dtls_session->ssl_version);
131 printf("Trying the official version %x\n", DTLS1_VERSION);
132 dtls_session->ssl_version = DTLS1_VERSION;
133 if (!SSL_set_session(dtls_ssl, dtls_session)) {
134 printf("SSL_set_session() failed still. Is your build ABI-compatible with your libssl?\n");
138 if (!SSL_CTX_add_session(dtls_ctx, dtls_session))
139 printf("SSL_CTX_add_session() failed\n");
143 dtls_bio = BIO_new_socket(dtls_fd, BIO_NOCLOSE);
144 SSL_set_bio(dtls_ssl, dtls_bio, dtls_bio);
146 ret = SSL_do_handshake(dtls_ssl);
149 fprintf(stderr, "DTLS connection returned %d\n", ret);
151 fprintf(stderr, "DTLS handshake error: %d\n", SSL_get_error(dtls_ssl, ret));
152 ERR_print_errors_fp(stderr);
154 SSL_CTX_free(dtls_ctx);
159 vpninfo->dtls_fd = dtls_fd;
160 vpninfo->dtls_ssl = dtls_ssl;
165 int setup_dtls(struct anyconnect_info *vpninfo)
167 struct vpn_option *dtls_opt = vpninfo->dtls_options;
168 int sessid_found = 0;
174 printf("DTLS option %s : %s\n", dtls_opt->option, dtls_opt->value);
176 if (!strcmp(dtls_opt->option, "X-DTLS-Session-ID")) {
177 if (strlen(dtls_opt->value) != 64) {
178 fprintf(stderr, "X-DTLS-Session-ID not 64 characters\n");
179 fprintf(stderr, "Is: %s\n", dtls_opt->value);
182 for (i = 0; i < 64; i += 2)
183 vpninfo->dtls_session_id[i/2] = hex(dtls_opt->value + i);
185 } else if (!strcmp(dtls_opt->option + 7, "Port")) {
186 dtls_port = atol(dtls_opt->value);
187 } else if (!strcmp(dtls_opt->option + 7, "Keepalive")) {
188 vpninfo->dtls_keepalive = atol(dtls_opt->value);
189 } else if (!strcmp(dtls_opt->option + 7, "DPD")) {
190 vpninfo->dtls_dpd = atol(dtls_opt->value);
193 dtls_opt = dtls_opt->next;
195 if (!sessid_found || !dtls_port)
198 if (connect_dtls_socket(vpninfo, dtls_port))
201 BIO_set_nbio(SSL_get_rbio(vpninfo->dtls_ssl),1);
202 BIO_set_nbio(SSL_get_wbio(vpninfo->dtls_ssl),1);
204 fcntl(vpninfo->dtls_fd, F_SETFL, fcntl(vpninfo->dtls_fd, F_GETFL) | O_NONBLOCK);
206 vpn_add_pollfd(vpninfo, vpninfo->ssl_fd, POLLIN|POLLHUP|POLLERR);
207 vpninfo->last_dtls_rx = vpninfo->last_dtls_tx = time(NULL);
210 printf("DTLS connected. DPD %d, Keepalive %d\n",
211 vpninfo->dtls_dpd, vpninfo->dtls_keepalive);
216 int dtls_mainloop(struct anyconnect_info *vpninfo, int *timeout)
222 while ( (len = SSL_read(vpninfo->dtls_ssl, buf, sizeof(buf))) > 0 ) {
224 printf("Received DTLS packet of %d bytes\n", len);
225 printf("Packet starts %02x %02x %02x %02x %02x %02x %02x %02x\n",
226 buf[0], buf[1], buf[2], buf[3], buf[4], buf[5], buf[6], buf[7]);
228 vpninfo->last_dtls_rx = time(NULL);
231 queue_new_packet(&vpninfo->incoming_queue, AF_INET, buf+1, len-1);
235 case 4: /* DPD response */
237 printf("Got DTLS DPD response\n");
241 fprintf(stderr, "Unknown DTLS packet type %02x\n", buf[0]);
242 vpninfo->quit_reason = "Unknown packet received";
246 while (vpninfo->outgoing_queue) {
247 struct pkt *this = vpninfo->outgoing_queue;
250 vpninfo->outgoing_queue = this->next;
253 memcpy(buf + 1, this->data, this->len);
255 ret = SSL_write(vpninfo->dtls_ssl, buf, this->len + 1);
256 vpninfo->last_dtls_tx = time(NULL);
258 printf("Sent DTLS packet of %d bytes; SSL_write() returned %d\n",
263 /* DPD is bidirectional -- PKT 3 out, PKT 4 back */
264 if (vpninfo->dtls_dpd) {
265 time_t now = time(NULL);
266 time_t due = vpninfo->last_dtls_rx + vpninfo->dtls_dpd;
267 time_t overdue = vpninfo->last_dtls_rx + (5 * vpninfo->dtls_dpd);
269 /* If we already have DPD outstanding, don't flood */
270 if (vpninfo->last_dtls_dpd > vpninfo->last_dtls_rx)
271 due = vpninfo->last_dtls_dpd + vpninfo->dtls_dpd;
274 fprintf(stderr, "DTLS Dead Peer Detection detected dead peer!\n");
275 /* FIXME: Can we call fack to SSL instead? */
276 SSL_free(vpninfo->dtls_ssl);
277 close(vpninfo->dtls_fd);
278 vpninfo->dtls_ssl = NULL;
279 vpninfo->dtls_fd = -1;
283 static unsigned char dtls_dpd_pkt[1] = { 3 };
284 /* Haven't heard anything from the other end for a while.
285 Check if it's still there */
286 /* FIXME: If isn't, we should act on that */
287 SSL_write(vpninfo->dtls_ssl, dtls_dpd_pkt, 1);
288 vpninfo->last_dtls_tx = now;
290 due = now + vpninfo->dtls_dpd;
292 printf("Sent DTLS DPD\n");
296 printf("Next DTLS DPD due in %ld seconds\n", (due - now));
297 if (*timeout > (due - now) * 1000)
298 *timeout = (due - now) * 1000;
301 /* Keepalive is just client -> server */
302 if (vpninfo->dtls_keepalive) {
303 time_t now = time(NULL);
304 time_t due = vpninfo->last_dtls_tx + vpninfo->dtls_keepalive;
307 static unsigned char dtls_keepalive_pkt[1] = { 7 };
309 /* Send something (which is discarded), to keep
310 the connection alive. */
311 SSL_write(vpninfo->dtls_ssl, dtls_keepalive_pkt, 1);
312 vpninfo->last_dtls_tx = now;
314 due = now + vpninfo->dtls_keepalive;
316 printf("Sent DTLS Keepalive\n");
320 printf("Next DTLS Keepalive due in %ld seconds\n", (due - now));
321 if (*timeout > (due - now) * 1000)
322 *timeout = (due - now) * 1000;
326 /* FIXME: Keepalive */