2 * QEMU VNC display driver: Websockets support
4 * Copyright (C) 2010 Joel Martin
5 * Copyright (C) 2012 Tim Hardeck
7 * This is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
12 * This software is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this software; if not, see <http://www.gnu.org/licenses/>.
22 #include "qemu/main-loop.h"
25 #include "qemu/sockets.h"
27 static void vncws_tls_handshake_io(void *opaque
);
29 static int vncws_start_tls_handshake(struct VncState
*vs
)
31 int ret
= gnutls_handshake(vs
->ws_tls
.session
);
34 if (!gnutls_error_is_fatal(ret
)) {
35 VNC_DEBUG("Handshake interrupted (blocking)\n");
36 if (!gnutls_record_get_direction(vs
->ws_tls
.session
)) {
37 qemu_set_fd_handler(vs
->csock
, vncws_tls_handshake_io
,
40 qemu_set_fd_handler(vs
->csock
, NULL
, vncws_tls_handshake_io
,
45 VNC_DEBUG("Handshake failed %s\n", gnutls_strerror(ret
));
50 VNC_DEBUG("Handshake done, switching to TLS data mode\n");
51 qemu_set_fd_handler2(vs
->csock
, NULL
, vncws_handshake_read
, NULL
, vs
);
56 static void vncws_tls_handshake_io(void *opaque
)
58 struct VncState
*vs
= (struct VncState
*)opaque
;
60 VNC_DEBUG("Handshake IO continue\n");
61 vncws_start_tls_handshake(vs
);
64 void vncws_tls_handshake_peek(void *opaque
)
66 VncState
*vs
= opaque
;
69 if (!vs
->ws_tls
.session
) {
71 ret
= qemu_recv(vs
->csock
, peek
, sizeof(peek
), MSG_PEEK
);
72 if (ret
&& (strncmp(peek
, "\x16", 1) == 0
73 || strncmp(peek
, "\x80", 1) == 0)) {
74 VNC_DEBUG("TLS Websocket connection recognized");
75 vnc_tls_client_setup(vs
, 1);
76 vncws_start_tls_handshake(vs
);
78 vncws_handshake_read(vs
);
81 qemu_set_fd_handler2(vs
->csock
, NULL
, vncws_handshake_read
, NULL
, vs
);
84 #endif /* CONFIG_VNC_TLS */
86 void vncws_handshake_read(void *opaque
)
88 VncState
*vs
= opaque
;
89 uint8_t *handshake_end
;
91 buffer_reserve(&vs
->ws_input
, 4096);
92 ret
= vnc_client_read_buf(vs
, buffer_end(&vs
->ws_input
), 4096);
95 if (vs
->csock
== -1) {
96 vnc_disconnect_finish(vs
);
100 vs
->ws_input
.offset
+= ret
;
102 handshake_end
= (uint8_t *)g_strstr_len((char *)vs
->ws_input
.buffer
,
103 vs
->ws_input
.offset
, WS_HANDSHAKE_END
);
105 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, NULL
, vs
);
106 vncws_process_handshake(vs
, vs
->ws_input
.buffer
, vs
->ws_input
.offset
);
107 buffer_advance(&vs
->ws_input
, handshake_end
- vs
->ws_input
.buffer
+
108 strlen(WS_HANDSHAKE_END
));
113 long vnc_client_read_ws(VncState
*vs
)
117 size_t payload_size
, frame_size
;
118 VNC_DEBUG("Read websocket %p size %zd offset %zd\n", vs
->ws_input
.buffer
,
119 vs
->ws_input
.capacity
, vs
->ws_input
.offset
);
120 buffer_reserve(&vs
->ws_input
, 4096);
121 ret
= vnc_client_read_buf(vs
, buffer_end(&vs
->ws_input
), 4096);
125 vs
->ws_input
.offset
+= ret
;
127 /* make sure that nothing is left in the ws_input buffer */
129 err
= vncws_decode_frame(&vs
->ws_input
, &payload
,
130 &payload_size
, &frame_size
);
135 buffer_reserve(&vs
->input
, payload_size
);
136 buffer_append(&vs
->input
, payload
, payload_size
);
138 buffer_advance(&vs
->ws_input
, frame_size
);
139 } while (vs
->ws_input
.offset
> 0);
144 long vnc_client_write_ws(VncState
*vs
)
147 VNC_DEBUG("Write WS: Pending output %p size %zd offset %zd\n",
148 vs
->output
.buffer
, vs
->output
.capacity
, vs
->output
.offset
);
149 vncws_encode_frame(&vs
->ws_output
, vs
->output
.buffer
, vs
->output
.offset
);
150 buffer_reset(&vs
->output
);
151 ret
= vnc_client_write_buf(vs
, vs
->ws_output
.buffer
, vs
->ws_output
.offset
);
156 buffer_advance(&vs
->ws_output
, ret
);
158 if (vs
->ws_output
.offset
== 0) {
159 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, NULL
, vs
);
165 static char *vncws_extract_handshake_entry(const char *handshake
,
166 size_t handshake_len
, const char *name
)
168 char *begin
, *end
, *ret
= NULL
;
169 char *line
= g_strdup_printf("%s%s: ", WS_HANDSHAKE_DELIM
, name
);
170 begin
= g_strstr_len(handshake
, handshake_len
, line
);
172 begin
+= strlen(line
);
173 end
= g_strstr_len(begin
, handshake_len
- (begin
- handshake
),
176 ret
= g_strndup(begin
, end
- begin
);
183 static void vncws_send_handshake_response(VncState
*vs
, const char* key
)
185 char combined_key
[WS_CLIENT_KEY_LEN
+ WS_GUID_LEN
+ 1];
186 unsigned char hash
[SHA1_DIGEST_LEN
];
187 size_t hash_size
= sizeof(hash
);
188 char *accept
= NULL
, *response
= NULL
;
192 g_strlcpy(combined_key
, key
, WS_CLIENT_KEY_LEN
+ 1);
193 g_strlcat(combined_key
, WS_GUID
, WS_CLIENT_KEY_LEN
+ WS_GUID_LEN
+ 1);
195 /* hash and encode it */
196 in
.data
= (void *)combined_key
;
197 in
.size
= WS_CLIENT_KEY_LEN
+ WS_GUID_LEN
;
198 ret
= gnutls_fingerprint(GNUTLS_DIG_SHA1
, &in
, hash
, &hash_size
);
199 if (ret
== GNUTLS_E_SUCCESS
&& hash_size
<= SHA1_DIGEST_LEN
) {
200 accept
= g_base64_encode(hash
, hash_size
);
202 if (accept
== NULL
) {
203 VNC_DEBUG("Hashing Websocket combined key failed\n");
204 vnc_client_error(vs
);
208 response
= g_strdup_printf(WS_HANDSHAKE
, accept
);
209 vnc_client_write_buf(vs
, (const uint8_t *)response
, strlen(response
));
218 void vncws_process_handshake(VncState
*vs
, uint8_t *line
, size_t size
)
220 char *protocols
= vncws_extract_handshake_entry((const char *)line
, size
,
221 "Sec-WebSocket-Protocol");
222 char *version
= vncws_extract_handshake_entry((const char *)line
, size
,
223 "Sec-WebSocket-Version");
224 char *key
= vncws_extract_handshake_entry((const char *)line
, size
,
225 "Sec-WebSocket-Key");
227 if (protocols
&& version
&& key
228 && g_strrstr(protocols
, "binary")
229 && !strcmp(version
, WS_SUPPORTED_VERSION
)
230 && strlen(key
) == WS_CLIENT_KEY_LEN
) {
231 vncws_send_handshake_response(vs
, key
);
233 VNC_DEBUG("Defective Websockets header or unsupported protocol\n");
234 vnc_client_error(vs
);
242 void vncws_encode_frame(Buffer
*output
, const void *payload
,
243 const size_t payload_size
)
245 size_t header_size
= 0;
246 unsigned char opcode
= WS_OPCODE_BINARY_FRAME
;
248 char buf
[WS_HEAD_MAX_LEN
];
256 header
.ws
.b0
= 0x80 | (opcode
& 0x0f);
257 if (payload_size
<= 125) {
258 header
.ws
.b1
= (uint8_t)payload_size
;
260 } else if (payload_size
< 65536) {
262 header
.ws
.u
.s16
.l16
= cpu_to_be16((uint16_t)payload_size
);
266 header
.ws
.u
.s64
.l64
= cpu_to_be64(payload_size
);
270 buffer_reserve(output
, header_size
+ payload_size
);
271 buffer_append(output
, header
.buf
, header_size
);
272 buffer_append(output
, payload
, payload_size
);
275 int vncws_decode_frame(Buffer
*input
, uint8_t **payload
,
276 size_t *payload_size
, size_t *frame_size
)
278 unsigned char opcode
= 0, fin
= 0, has_mask
= 0;
279 size_t header_size
= 0;
281 WsHeader
*header
= (WsHeader
*)input
->buffer
;
285 if (input
->offset
< WS_HEAD_MIN_LEN
+ 4) {
286 /* header not complete */
290 fin
= (header
->b0
& 0x80) >> 7;
291 opcode
= header
->b0
& 0x0f;
292 has_mask
= (header
->b1
& 0x80) >> 7;
293 *payload_size
= header
->b1
& 0x7f;
295 if (opcode
== WS_OPCODE_CLOSE
) {
300 /* Websocket frame sanity check:
301 * * Websocket fragmentation is not supported.
302 * * All websockets frames sent by a client have to be masked.
303 * * Only binary encoding is supported.
305 if (!fin
|| !has_mask
|| opcode
!= WS_OPCODE_BINARY_FRAME
) {
306 VNC_DEBUG("Received faulty/unsupported Websocket frame\n");
310 if (*payload_size
< 126) {
313 } else if (*payload_size
== 126 && input
->offset
>= 8) {
314 *payload_size
= be16_to_cpu(header
->u
.s16
.l16
);
316 mask
= header
->u
.s16
.m16
;
317 } else if (*payload_size
== 127 && input
->offset
>= 14) {
318 *payload_size
= be64_to_cpu(header
->u
.s64
.l64
);
320 mask
= header
->u
.s64
.m64
;
322 /* header not complete */
326 *frame_size
= header_size
+ *payload_size
;
328 if (input
->offset
< *frame_size
) {
329 /* frame not complete */
333 *payload
= input
->buffer
+ header_size
;
336 /* process 1 frame (32 bit op) */
337 payload32
= (uint32_t *)(*payload
);
338 for (i
= 0; i
< *payload_size
/ 4; i
++) {
339 payload32
[i
] ^= mask
.u
;
341 /* process the remaining bytes (if any) */
342 for (i
*= 4; i
< *payload_size
; i
++) {
343 (*payload
)[i
] ^= mask
.c
[i
% 4];