net/server/web_socket.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "net/server/web_socket.h"
   6
   7 #include <limits>
   8
   9 #include "base/base64.h"
  10 #include "base/rand_util.h"
  11 #include "base/logging.h"
  12 #include "base/md5.h"
  13 #include "base/sha1.h"
  14 #include "base/strings/string_number_conversions.h"
  15 #include "base/strings/stringprintf.h"
  16 #include "base/sys_byteorder.h"
  17 #include "net/server/http_connection.h"
  18 #include "net/server/http_server_request_info.h"
  19 #include "net/server/http_server_response_info.h"
  20
  21 namespace net {
  22
  23 namespace {
  24
  25 static uint32 WebSocketKeyFingerprint(const std::string& str) {
  26   std::string result;
  27   const char* p_char = str.c_str();
  28   int length = str.length();
  29   int spaces = 0;
  30   for (int i = 0; i < length; ++i) {
  31     if (p_char[i] >= '0' && p_char[i] <= '9')
  32       result.append(&p_char[i], 1);
  33     else if (p_char[i] == ' ')
  34       spaces++;
  35   }
  36   if (spaces == 0)
  37     return 0;
  38   int64 number = 0;
  39   if (!base::StringToInt64(result, &number))
  40     return 0;
  41   return base::HostToNet32(static_cast<uint32>(number / spaces));
  42 }
  43
  44 class WebSocketHixie76 : public net::WebSocket {
  45  public:
  46   static net::WebSocket* Create(HttpConnection* connection,
  47                                 const HttpServerRequestInfo& request,
  48                                 size_t* pos) {
  49     if (connection->recv_data().length() < *pos + kWebSocketHandshakeBodyLen)
  50       return NULL;
  51     return new WebSocketHixie76(connection, request, pos);
  52   }
  53
  54   virtual void Accept(const HttpServerRequestInfo& request) OVERRIDE {
  55     std::string key1 = request.GetHeaderValue("sec-websocket-key1");
  56     std::string key2 = request.GetHeaderValue("sec-websocket-key2");
  57
  58     uint32 fp1 = WebSocketKeyFingerprint(key1);
  59     uint32 fp2 = WebSocketKeyFingerprint(key2);
  60
  61     char data[16];
  62     memcpy(data, &fp1, 4);
  63     memcpy(data + 4, &fp2, 4);
  64     memcpy(data + 8, &key3_[0], 8);
  65
  66     base::MD5Digest digest;
  67     base::MD5Sum(data, 16, &digest);
  68
  69     std::string origin = request.GetHeaderValue("origin");
  70     std::string host = request.GetHeaderValue("host");
  71     std::string location = "ws://" + host + request.path;
  72     connection_->Send(base::StringPrintf(
  73         "HTTP/1.1 101 WebSocket Protocol Handshake\r\n"
  74         "Upgrade: WebSocket\r\n"
  75         "Connection: Upgrade\r\n"
  76         "Sec-WebSocket-Origin: %s\r\n"
  77         "Sec-WebSocket-Location: %s\r\n"
  78         "\r\n",
  79         origin.c_str(),
  80         location.c_str()));
  81     connection_->Send(reinterpret_cast<char*>(digest.a), 16);
  82   }
  83
  84   virtual ParseResult Read(std::string* message) OVERRIDE {
  85     DCHECK(message);
  86     const std::string& data = connection_->recv_data();
  87     if (data[0])
  88       return FRAME_ERROR;
  89
  90     size_t pos = data.find('\377', 1);
  91     if (pos == std::string::npos)
  92       return FRAME_INCOMPLETE;
  93
  94     std::string buffer(data.begin() + 1, data.begin() + pos);
  95     message->swap(buffer);
  96     connection_->Shift(pos + 1);
  97
  98     return FRAME_OK;
  99   }
 100
 101   virtual void Send(const std::string& message) OVERRIDE {
 102     char message_start = 0;
 103     char message_end = -1;
 104     connection_->Send(&message_start, 1);
 105     connection_->Send(message);
 106     connection_->Send(&message_end, 1);
 107   }
 108
 109  private:
 110   static const int kWebSocketHandshakeBodyLen;
 111
 112   WebSocketHixie76(HttpConnection* connection,
 113                    const HttpServerRequestInfo& request,
 114                    size_t* pos) : WebSocket(connection) {
 115     std::string key1 = request.GetHeaderValue("sec-websocket-key1");
 116     std::string key2 = request.GetHeaderValue("sec-websocket-key2");
 117
 118     if (key1.empty()) {
 119       connection->Send(HttpServerResponseInfo::CreateFor500(
 120           "Invalid request format. Sec-WebSocket-Key1 is empty or isn't "
 121           "specified."));
 122       return;
 123     }
 124
 125     if (key2.empty()) {
 126       connection->Send(HttpServerResponseInfo::CreateFor500(
 127           "Invalid request format. Sec-WebSocket-Key2 is empty or isn't "
 128           "specified."));
 129       return;
 130     }
 131
 132     key3_ = connection->recv_data().substr(
 133         *pos,
 134         *pos + kWebSocketHandshakeBodyLen);
 135     *pos += kWebSocketHandshakeBodyLen;
 136   }
 137
 138   std::string key3_;
 139
 140   DISALLOW_COPY_AND_ASSIGN(WebSocketHixie76);
 141 };
 142
 143 const int WebSocketHixie76::kWebSocketHandshakeBodyLen = 8;
 144
 145
 146 // Constants for hybi-10 frame format.
 147
 148 typedef int OpCode;
 149
 150 const OpCode kOpCodeContinuation = 0x0;
 151 const OpCode kOpCodeText = 0x1;
 152 const OpCode kOpCodeBinary = 0x2;
 153 const OpCode kOpCodeClose = 0x8;
 154 const OpCode kOpCodePing = 0x9;
 155 const OpCode kOpCodePong = 0xA;
 156
 157 const unsigned char kFinalBit = 0x80;
 158 const unsigned char kReserved1Bit = 0x40;
 159 const unsigned char kReserved2Bit = 0x20;
 160 const unsigned char kReserved3Bit = 0x10;
 161 const unsigned char kOpCodeMask = 0xF;
 162 const unsigned char kMaskBit = 0x80;
 163 const unsigned char kPayloadLengthMask = 0x7F;
 164
 165 const size_t kMaxSingleBytePayloadLength = 125;
 166 const size_t kTwoBytePayloadLengthField = 126;
 167 const size_t kEightBytePayloadLengthField = 127;
 168 const size_t kMaskingKeyWidthInBytes = 4;
 169
 170 class WebSocketHybi17 : public WebSocket {
 171  public:
 172   static WebSocket* Create(HttpConnection* connection,
 173                            const HttpServerRequestInfo& request,
 174                            size_t* pos) {
 175     std::string version = request.GetHeaderValue("sec-websocket-version");
 176     if (version != "8" && version != "13")
 177       return NULL;
 178
 179     std::string key = request.GetHeaderValue("sec-websocket-key");
 180     if (key.empty()) {
 181       connection->Send(HttpServerResponseInfo::CreateFor500(
 182           "Invalid request format. Sec-WebSocket-Key is empty or isn't "
 183           "specified."));
 184       return NULL;
 185     }
 186     return new WebSocketHybi17(connection, request, pos);
 187   }
 188
 189   virtual void Accept(const HttpServerRequestInfo& request) OVERRIDE {
 190     static const char* const kWebSocketGuid =
 191         "258EAFA5-E914-47DA-95CA-C5AB0DC85B11";
 192     std::string key = request.GetHeaderValue("sec-websocket-key");
 193     std::string data = base::StringPrintf("%s%s", key.c_str(), kWebSocketGuid);
 194     std::string encoded_hash;
 195     base::Base64Encode(base::SHA1HashString(data), &encoded_hash);
 196
 197     std::string response = base::StringPrintf(
 198         "HTTP/1.1 101 WebSocket Protocol Handshake\r\n"
 199         "Upgrade: WebSocket\r\n"
 200         "Connection: Upgrade\r\n"
 201         "Sec-WebSocket-Accept: %s\r\n"
 202         "\r\n",
 203         encoded_hash.c_str());
 204     connection_->Send(response);
 205   }
 206
 207   virtual ParseResult Read(std::string* message) OVERRIDE {
 208     const std::string& frame = connection_->recv_data();
 209     int bytes_consumed = 0;
 210
 211     ParseResult result =
 212         WebSocket::DecodeFrameHybi17(frame, true, &bytes_consumed, message);
 213     if (result == FRAME_OK)
 214       connection_->Shift(bytes_consumed);
 215     if (result == FRAME_CLOSE)
 216       closed_ = true;
 217     return result;
 218   }
 219
 220   virtual void Send(const std::string& message) OVERRIDE {
 221     if (closed_)
 222       return;
 223     std::string data = WebSocket::EncodeFrameHybi17(message, 0);
 224     connection_->Send(data);
 225   }
 226
 227  private:
 228   WebSocketHybi17(HttpConnection* connection,
 229                   const HttpServerRequestInfo& request,
 230                   size_t* pos)
 231     : WebSocket(connection),
 232       op_code_(0),
 233       final_(false),
 234       reserved1_(false),
 235       reserved2_(false),
 236       reserved3_(false),
 237       masked_(false),
 238       payload_(0),
 239       payload_length_(0),
 240       frame_end_(0),
 241       closed_(false) {
 242   }
 243
 244   OpCode op_code_;
 245   bool final_;
 246   bool reserved1_;
 247   bool reserved2_;
 248   bool reserved3_;
 249   bool masked_;
 250   const char* payload_;
 251   size_t payload_length_;
 252   const char* frame_end_;
 253   bool closed_;
 254
 255   DISALLOW_COPY_AND_ASSIGN(WebSocketHybi17);
 256 };
 257
 258 }  // anonymous namespace
 259
 260 WebSocket* WebSocket::CreateWebSocket(HttpConnection* connection,
 261                                       const HttpServerRequestInfo& request,
 262                                       size_t* pos) {
 263   WebSocket* socket = WebSocketHybi17::Create(connection, request, pos);
 264   if (socket)
 265     return socket;
 266
 267   return WebSocketHixie76::Create(connection, request, pos);
 268 }
 269
 270 // static
 271 WebSocket::ParseResult WebSocket::DecodeFrameHybi17(const std::string& frame,
 272                                                     bool client_frame,
 273                                                     int* bytes_consumed,
 274                                                     std::string* output) {
 275   size_t data_length = frame.length();
 276   if (data_length < 2)
 277     return FRAME_INCOMPLETE;
 278
 279   const char* buffer_begin = const_cast<char*>(frame.data());
 280   const char* p = buffer_begin;
 281   const char* buffer_end = p + data_length;
 282
 283   unsigned char first_byte = *p++;
 284   unsigned char second_byte = *p++;
 285
 286   bool final = (first_byte & kFinalBit) != 0;
 287   bool reserved1 = (first_byte & kReserved1Bit) != 0;
 288   bool reserved2 = (first_byte & kReserved2Bit) != 0;
 289   bool reserved3 = (first_byte & kReserved3Bit) != 0;
 290   int op_code = first_byte & kOpCodeMask;
 291   bool masked = (second_byte & kMaskBit) != 0;
 292   if (!final || reserved1 || reserved2 || reserved3)
 293     return FRAME_ERROR;  // Extensions and not supported.
 294
 295   bool closed = false;
 296   switch (op_code) {
 297   case kOpCodeClose:
 298     closed = true;
 299     break;
 300   case kOpCodeText:
 301     break;
 302   case kOpCodeBinary: // We don't support binary frames yet.
 303   case kOpCodeContinuation: // We don't support binary frames yet.
 304   case kOpCodePing: // We don't support binary frames yet.
 305   case kOpCodePong: // We don't support binary frames yet.
 306   default:
 307     return FRAME_ERROR;
 308   }
 309
 310   if (client_frame && !masked) // In Hybi-17 spec client MUST mask his frame.
 311     return FRAME_ERROR;
 312
 313   uint64 payload_length64 = second_byte & kPayloadLengthMask;
 314   if (payload_length64 > kMaxSingleBytePayloadLength) {
 315     int extended_payload_length_size;
 316     if (payload_length64 == kTwoBytePayloadLengthField)
 317       extended_payload_length_size = 2;
 318     else {
 319       DCHECK(payload_length64 == kEightBytePayloadLengthField);
 320       extended_payload_length_size = 8;
 321     }
 322     if (buffer_end - p < extended_payload_length_size)
 323       return FRAME_INCOMPLETE;
 324     payload_length64 = 0;
 325     for (int i = 0; i < extended_payload_length_size; ++i) {
 326       payload_length64 <<= 8;
 327       payload_length64 |= static_cast<unsigned char>(*p++);
 328     }
 329   }
 330
 331   size_t actual_masking_key_length = masked ? kMaskingKeyWidthInBytes : 0;
 332   static const uint64 max_payload_length = 0x7FFFFFFFFFFFFFFFull;
 333   static size_t max_length = std::numeric_limits<size_t>::max();
 334   if (payload_length64 > max_payload_length ||
 335       payload_length64 + actual_masking_key_length > max_length) {
 336     // WebSocket frame length too large.
 337     return FRAME_ERROR;
 338   }
 339   size_t payload_length = static_cast<size_t>(payload_length64);
 340
 341   size_t total_length = actual_masking_key_length + payload_length;
 342   if (static_cast<size_t>(buffer_end - p) < total_length)
 343     return FRAME_INCOMPLETE;
 344
 345   if (masked) {
 346     output->resize(payload_length);
 347     const char* masking_key = p;
 348     char* payload = const_cast<char*>(p + kMaskingKeyWidthInBytes);
 349     for (size_t i = 0; i < payload_length; ++i)  // Unmask the payload.
 350       (*output)[i] = payload[i] ^ masking_key[i % kMaskingKeyWidthInBytes];
 351   } else {
 352     std::string buffer(p, p + payload_length);
 353     output->swap(buffer);
 354   }
 355
 356   size_t pos = p + actual_masking_key_length + payload_length - buffer_begin;
 357   *bytes_consumed = pos;
 358   return closed ? FRAME_CLOSE : FRAME_OK;
 359 }
 360
 361 // static
 362 std::string WebSocket::EncodeFrameHybi17(const std::string& message,
 363                                          int masking_key) {
 364   std::vector<char> frame;
 365   OpCode op_code = kOpCodeText;
 366   size_t data_length = message.length();
 367
 368   frame.push_back(kFinalBit | op_code);
 369   char mask_key_bit = masking_key != 0 ? kMaskBit : 0;
 370   if (data_length <= kMaxSingleBytePayloadLength)
 371     frame.push_back(data_length | mask_key_bit);
 372   else if (data_length <= 0xFFFF) {
 373     frame.push_back(kTwoBytePayloadLengthField | mask_key_bit);
 374     frame.push_back((data_length & 0xFF00) >> 8);
 375     frame.push_back(data_length & 0xFF);
 376   } else {
 377     frame.push_back(kEightBytePayloadLengthField | mask_key_bit);
 378     char extended_payload_length[8];
 379     size_t remaining = data_length;
 380     // Fill the length into extended_payload_length in the network byte order.
 381     for (int i = 0; i < 8; ++i) {
 382       extended_payload_length[7 - i] = remaining & 0xFF;
 383       remaining >>= 8;
 384     }
 385     frame.insert(frame.end(),
 386                  extended_payload_length,
 387                  extended_payload_length + 8);
 388     DCHECK(!remaining);
 389   }
 390
 391   const char* data = const_cast<char*>(message.data());
 392   if (masking_key != 0) {
 393     const char* mask_bytes = reinterpret_cast<char*>(&masking_key);
 394     frame.insert(frame.end(), mask_bytes, mask_bytes + 4);
 395     for (size_t i = 0; i < data_length; ++i)  // Mask the payload.
 396       frame.push_back(data[i] ^ mask_bytes[i % kMaskingKeyWidthInBytes]);
 397   } else {
 398     frame.insert(frame.end(), data, data + data_length);
 399   }
 400   return std::string(&frame[0], frame.size());
 401 }
 402
 403 WebSocket::WebSocket(HttpConnection* connection) : connection_(connection) {
 404 }
 405
 406 }  // namespace net