[qemu.git] / ui / vnc-ws.c

/*
 * QEMU VNC display driver: Websockets support
 *
 * Copyright (C) 2010 Joel Martin
 * Copyright (C) 2012 Tim Hardeck
 *
 * This is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This software is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this software; if not, see <http://www.gnu.org/licenses/>.
 */

#include "vnc.h"
#include "qemu/main-loop.h"
#include "crypto/hash.h"

static int vncws_start_tls_handshake(VncState *vs)
{
    Error *err = NULL;

    if (qcrypto_tls_session_handshake(vs->tls, &err) < 0) {
        goto error;
    }

    switch (qcrypto_tls_session_get_handshake_status(vs->tls)) {
    case QCRYPTO_TLS_HANDSHAKE_COMPLETE:
        VNC_DEBUG("Handshake done, checking credentials\n");
        if (qcrypto_tls_session_check_credentials(vs->tls, &err) < 0) {
            goto error;
        }
        VNC_DEBUG("Client verification passed, starting TLS I/O\n");
        qemu_set_fd_handler(vs->csock, vncws_handshake_read, NULL, vs);
        break;

    case QCRYPTO_TLS_HANDSHAKE_RECVING:
        VNC_DEBUG("Handshake interrupted (blocking read)\n");
        qemu_set_fd_handler(vs->csock, vncws_tls_handshake_io, NULL, vs);
        break;

    case QCRYPTO_TLS_HANDSHAKE_SENDING:
        VNC_DEBUG("Handshake interrupted (blocking write)\n");
        qemu_set_fd_handler(vs->csock, NULL, vncws_tls_handshake_io, vs);
        break;
    }

    return 0;

 error:
    VNC_DEBUG("Handshake failed %s\n", error_get_pretty(err));
    error_free(err);
    vnc_client_error(vs);
    return -1;
}

void vncws_tls_handshake_io(void *opaque)
{
    VncState *vs = (VncState *)opaque;
    Error *err = NULL;

    vs->tls = qcrypto_tls_session_new(vs->vd->tlscreds,
                                      NULL,
                                      vs->vd->tlsaclname,
                                      QCRYPTO_TLS_CREDS_ENDPOINT_SERVER,
                                      &err);
    if (!vs->tls) {
        VNC_DEBUG("Failed to setup TLS %s\n",
                  error_get_pretty(err));
        error_free(err);
        vnc_client_error(vs);
        return;
    }

    qcrypto_tls_session_set_callbacks(vs->tls,
                                      vnc_tls_push,
                                      vnc_tls_pull,
                                      vs);

    VNC_DEBUG("Start TLS WS handshake process\n");
    vncws_start_tls_handshake(vs);
}

void vncws_handshake_read(void *opaque)
{
    VncState *vs = opaque;
    uint8_t *handshake_end;
    long ret;
    /* Typical HTTP headers from novnc are 512 bytes, so limiting
     * total header size to 4096 is easily enough. */
    size_t want = 4096 - vs->ws_input.offset;
    buffer_reserve(&vs->ws_input, want);
    ret = vnc_client_read_buf(vs, buffer_end(&vs->ws_input), want);

    if (!ret) {
        if (vs->csock == -1) {
            vnc_disconnect_finish(vs);
        }
        return;
    }
    vs->ws_input.offset += ret;

    handshake_end = (uint8_t *)g_strstr_len((char *)vs->ws_input.buffer,
            vs->ws_input.offset, WS_HANDSHAKE_END);
    if (handshake_end) {
        qemu_set_fd_handler(vs->csock, vnc_client_read, NULL, vs);
        vncws_process_handshake(vs, vs->ws_input.buffer, vs->ws_input.offset);
        buffer_advance(&vs->ws_input, handshake_end - vs->ws_input.buffer +
                strlen(WS_HANDSHAKE_END));
    } else if (vs->ws_input.offset >= 4096) {
        VNC_DEBUG("End of headers not found in first 4096 bytes\n");
        vnc_client_error(vs);
    }
}


long vnc_client_read_ws(VncState *vs)
{
    int ret, err;
    uint8_t *payload;
    size_t payload_size, header_size;
    VNC_DEBUG("Read websocket %p size %zd offset %zd\n", vs->ws_input.buffer,
            vs->ws_input.capacity, vs->ws_input.offset);
    buffer_reserve(&vs->ws_input, 4096);
    ret = vnc_client_read_buf(vs, buffer_end(&vs->ws_input), 4096);
    if (!ret) {
        return 0;
    }
    vs->ws_input.offset += ret;

    ret = 0;
    /* consume as much of ws_input buffer as possible */
    do {
        if (vs->ws_payload_remain == 0) {
            err = vncws_decode_frame_header(&vs->ws_input,
                                            &header_size,
                                            &vs->ws_payload_remain,
                                            &vs->ws_payload_mask);
            if (err <= 0) {
                return err;
            }

            buffer_advance(&vs->ws_input, header_size);
        }
        if (vs->ws_payload_remain != 0) {
            err = vncws_decode_frame_payload(&vs->ws_input,
                                             &vs->ws_payload_remain,
                                             &vs->ws_payload_mask,
                                             &payload,
                                             &payload_size);
            if (err < 0) {
                return err;
            }
            if (err == 0) {
                return ret;
            }
            ret += err;

            buffer_reserve(&vs->input, payload_size);
            buffer_append(&vs->input, payload, payload_size);

            buffer_advance(&vs->ws_input, payload_size);
        }
    } while (vs->ws_input.offset > 0);

    return ret;
}

long vnc_client_write_ws(VncState *vs)
{
    long ret;
    VNC_DEBUG("Write WS: Pending output %p size %zd offset %zd\n",
              vs->output.buffer, vs->output.capacity, vs->output.offset);
    vncws_encode_frame(&vs->ws_output, vs->output.buffer, vs->output.offset);
    buffer_reset(&vs->output);
    ret = vnc_client_write_buf(vs, vs->ws_output.buffer, vs->ws_output.offset);
    if (!ret) {
        return 0;
    }

    buffer_advance(&vs->ws_output, ret);

    if (vs->ws_output.offset == 0) {
        qemu_set_fd_handler(vs->csock, vnc_client_read, NULL, vs);
    }

    return ret;
}

static char *vncws_extract_handshake_entry(const char *handshake,
        size_t handshake_len, const char *name)
{
    char *begin, *end, *ret = NULL;
    char *line = g_strdup_printf("%s%s: ", WS_HANDSHAKE_DELIM, name);
    begin = g_strstr_len(handshake, handshake_len, line);
    if (begin != NULL) {
        begin += strlen(line);
        end = g_strstr_len(begin, handshake_len - (begin - handshake),
                WS_HANDSHAKE_DELIM);
        if (end != NULL) {
            ret = g_strndup(begin, end - begin);
        }
    }
    g_free(line);
    return ret;
}

static void vncws_send_handshake_response(VncState *vs, const char* key)
{
    char combined_key[WS_CLIENT_KEY_LEN + WS_GUID_LEN + 1];
    char *accept = NULL, *response = NULL;
    Error *err = NULL;

    g_strlcpy(combined_key, key, WS_CLIENT_KEY_LEN + 1);
    g_strlcat(combined_key, WS_GUID, WS_CLIENT_KEY_LEN + WS_GUID_LEN + 1);

    /* hash and encode it */
    if (qcrypto_hash_base64(QCRYPTO_HASH_ALG_SHA1,
                            combined_key,
                            WS_CLIENT_KEY_LEN + WS_GUID_LEN,
                            &accept,
                            &err) < 0) {
        VNC_DEBUG("Hashing Websocket combined key failed %s\n",
                  error_get_pretty(err));
        error_free(err);
        vnc_client_error(vs);
        return;
    }

    response = g_strdup_printf(WS_HANDSHAKE, accept);
    vnc_client_write_buf(vs, (const uint8_t *)response, strlen(response));

    g_free(accept);
    g_free(response);

    vs->encode_ws = 1;
    vnc_init_state(vs);
}

void vncws_process_handshake(VncState *vs, uint8_t *line, size_t size)
{
    char *protocols = vncws_extract_handshake_entry((const char *)line, size,
            "Sec-WebSocket-Protocol");
    char *version = vncws_extract_handshake_entry((const char *)line, size,
            "Sec-WebSocket-Version");
    char *key = vncws_extract_handshake_entry((const char *)line, size,
            "Sec-WebSocket-Key");

    if (protocols && version && key
            && g_strrstr(protocols, "binary")
            && !strcmp(version, WS_SUPPORTED_VERSION)
            && strlen(key) == WS_CLIENT_KEY_LEN) {
        vncws_send_handshake_response(vs, key);
    } else {
        VNC_DEBUG("Defective Websockets header or unsupported protocol\n");
        vnc_client_error(vs);
    }

    g_free(protocols);
    g_free(version);
    g_free(key);
}

void vncws_encode_frame(Buffer *output, const void *payload,
        const size_t payload_size)
{
    size_t header_size = 0;
    unsigned char opcode = WS_OPCODE_BINARY_FRAME;
    union {
        char buf[WS_HEAD_MAX_LEN];
        WsHeader ws;
    } header;

    if (!payload_size) {
        return;
    }

    header.ws.b0 = 0x80 | (opcode & 0x0f);
    if (payload_size <= 125) {
        header.ws.b1 = (uint8_t)payload_size;
        header_size = 2;
    } else if (payload_size < 65536) {
        header.ws.b1 = 0x7e;
        header.ws.u.s16.l16 = cpu_to_be16((uint16_t)payload_size);
        header_size = 4;
    } else {
        header.ws.b1 = 0x7f;
        header.ws.u.s64.l64 = cpu_to_be64(payload_size);
        header_size = 10;
    }

    buffer_reserve(output, header_size + payload_size);
    buffer_append(output, header.buf, header_size);
    buffer_append(output, payload, payload_size);
}

int vncws_decode_frame_header(Buffer *input,
                              size_t *header_size,
                              size_t *payload_remain,
                              WsMask *payload_mask)
{
    unsigned char opcode = 0, fin = 0, has_mask = 0;
    size_t payload_len;
    WsHeader *header = (WsHeader *)input->buffer;

    if (input->offset < WS_HEAD_MIN_LEN + 4) {
        /* header not complete */
        return 0;
    }

    fin = (header->b0 & 0x80) >> 7;
    opcode = header->b0 & 0x0f;
    has_mask = (header->b1 & 0x80) >> 7;
    payload_len = header->b1 & 0x7f;

    if (opcode == WS_OPCODE_CLOSE) {
        /* disconnect */
        return -1;
    }

    /* Websocket frame sanity check:
     * * Websocket fragmentation is not supported.
     * * All  websockets frames sent by a client have to be masked.
     * * Only binary encoding is supported.
     */
    if (!fin || !has_mask || opcode != WS_OPCODE_BINARY_FRAME) {
        VNC_DEBUG("Received faulty/unsupported Websocket frame\n");
        return -2;
    }

    if (payload_len < 126) {
        *payload_remain = payload_len;
        *header_size = 6;
        *payload_mask = header->u.m;
    } else if (payload_len == 126 && input->offset >= 8) {
        *payload_remain = be16_to_cpu(header->u.s16.l16);
        *header_size = 8;
        *payload_mask = header->u.s16.m16;
    } else if (payload_len == 127 && input->offset >= 14) {
        *payload_remain = be64_to_cpu(header->u.s64.l64);
        *header_size = 14;
        *payload_mask = header->u.s64.m64;
    } else {
        /* header not complete */
        return 0;
    }

    return 1;
}

int vncws_decode_frame_payload(Buffer *input,
                               size_t *payload_remain, WsMask *payload_mask,
                               uint8_t **payload, size_t *payload_size)
{
    size_t i;
    uint32_t *payload32;

    *payload = input->buffer;
    /* If we aren't at the end of the payload, then drop
     * off the last bytes, so we're always multiple of 4
     * for purpose of unmasking, except at end of payload
     */
    if (input->offset < *payload_remain) {
        *payload_size = input->offset - (input->offset % 4);
    } else {
        *payload_size = *payload_remain;
    }
    if (*payload_size == 0) {
        return 0;
    }
    *payload_remain -= *payload_size;

    /* unmask frame */
    /* process 1 frame (32 bit op) */
    payload32 = (uint32_t *)(*payload);
    for (i = 0; i < *payload_size / 4; i++) {
        payload32[i] ^= payload_mask->u;
    }
    /* process the remaining bytes (if any) */
    for (i *= 4; i < *payload_size; i++) {
        (*payload)[i] ^= payload_mask->c[i % 4];
    }

    return 1;
}
Commit	Line	Data
7536ee4b TH	1	/*
	2	* QEMU VNC display driver: Websockets support
	3	*
	4	* Copyright (C) 2010 Joel Martin
	5	* Copyright (C) 2012 Tim Hardeck
	6	*
	7	* This is free software; you can redistribute it and/or modify
	8	* it under the terms of the GNU General Public License as published by
	9	* the Free Software Foundation; either version 2 of the License, or
	10	* (at your option) any later version.
	11	*
	12	* This software is distributed in the hope that it will be useful,
	13	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	14	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	15	* GNU General Public License for more details.
	16	*
	17	* You should have received a copy of the GNU General Public License
	18	* along with this software; if not, see <http://www.gnu.org/licenses/>.
	19	*/
	20
	21	#include "vnc.h"
6a1751b7	22	#include "qemu/main-loop.h"
8e9b0d24	23	#include "crypto/hash.h"
7536ee4b	24
4769a881	25	static int vncws_start_tls_handshake(VncState *vs)
0057a0d5	26	{
3e305e4a	27	Error *err = NULL;
0057a0d5	28
3e305e4a DB	29	if (qcrypto_tls_session_handshake(vs->tls, &err) < 0) {
3e305e4a DB	30	goto error;
0057a0d5 TH	31	}
0057a0d5 TH	32
3e305e4a DB	33	switch (qcrypto_tls_session_get_handshake_status(vs->tls)) {
	34	case QCRYPTO_TLS_HANDSHAKE_COMPLETE:
	35	VNC_DEBUG("Handshake done, checking credentials\n");
	36	if (qcrypto_tls_session_check_credentials(vs->tls, &err) < 0) {
	37	goto error;
4a48aaa9	38	}
3e305e4a DB	39	VNC_DEBUG("Client verification passed, starting TLS I/O\n");
	40	qemu_set_fd_handler(vs->csock, vncws_handshake_read, NULL, vs);
	41	break;
	42
	43	case QCRYPTO_TLS_HANDSHAKE_RECVING:
	44	VNC_DEBUG("Handshake interrupted (blocking read)\n");
	45	qemu_set_fd_handler(vs->csock, vncws_tls_handshake_io, NULL, vs);
	46	break;
4a48aaa9	47
3e305e4a DB	48	case QCRYPTO_TLS_HANDSHAKE_SENDING:
	49	VNC_DEBUG("Handshake interrupted (blocking write)\n");
	50	qemu_set_fd_handler(vs->csock, NULL, vncws_tls_handshake_io, vs);
	51	break;
	52	}
0057a0d5 TH	53
0057a0d5 TH	54	return 0;
3e305e4a DB	55
	56	error:
	57	VNC_DEBUG("Handshake failed %s\n", error_get_pretty(err));
	58	error_free(err);
	59	vnc_client_error(vs);
	60	return -1;
0057a0d5 TH	61	}
0057a0d5 TH	62
51941e46	63	void vncws_tls_handshake_io(void *opaque)
0057a0d5	64	{
4769a881	65	VncState vs = (VncState )opaque;
3e305e4a	66	Error *err = NULL;
0057a0d5	67
3e305e4a DB	68	vs->tls = qcrypto_tls_session_new(vs->vd->tlscreds,
	69	NULL,
	70	vs->vd->tlsaclname,
	71	QCRYPTO_TLS_CREDS_ENDPOINT_SERVER,
	72	&err);
	73	if (!vs->tls) {
	74	VNC_DEBUG("Failed to setup TLS %s\n",
	75	error_get_pretty(err));
	76	error_free(err);
	77	vnc_client_error(vs);
	78	return;
0057a0d5	79	}
3e305e4a DB	80
	81	qcrypto_tls_session_set_callbacks(vs->tls,
	82	vnc_tls_push,
	83	vnc_tls_pull,
	84	vs);
	85
	86	VNC_DEBUG("Start TLS WS handshake process\n");
51941e46	87	vncws_start_tls_handshake(vs);
0057a0d5	88	}
0057a0d5	89
7536ee4b TH	90	void vncws_handshake_read(void *opaque)
	91	{
	92	VncState *vs = opaque;
	93	uint8_t *handshake_end;
	94	long ret;
2cdb5e14 DB	95	/* Typical HTTP headers from novnc are 512 bytes, so limiting
	96	* total header size to 4096 is easily enough. */
	97	size_t want = 4096 - vs->ws_input.offset;
	98	buffer_reserve(&vs->ws_input, want);
	99	ret = vnc_client_read_buf(vs, buffer_end(&vs->ws_input), want);
7536ee4b TH	100
	101	if (!ret) {
	102	if (vs->csock == -1) {
	103	vnc_disconnect_finish(vs);
	104	}
	105	return;
	106	}
	107	vs->ws_input.offset += ret;
	108
	109	handshake_end = (uint8_t )g_strstr_len((char )vs->ws_input.buffer,
	110	vs->ws_input.offset, WS_HANDSHAKE_END);
	111	if (handshake_end) {
82e1cc4b	112	qemu_set_fd_handler(vs->csock, vnc_client_read, NULL, vs);
7536ee4b TH	113	vncws_process_handshake(vs, vs->ws_input.buffer, vs->ws_input.offset);
	114	buffer_advance(&vs->ws_input, handshake_end - vs->ws_input.buffer +
	115	strlen(WS_HANDSHAKE_END));
2cdb5e14 DB	116	} else if (vs->ws_input.offset >= 4096) {
	117	VNC_DEBUG("End of headers not found in first 4096 bytes\n");
	118	vnc_client_error(vs);
7536ee4b TH	119	}
	120	}
	121
	122
	123	long vnc_client_read_ws(VncState *vs)
	124	{
	125	int ret, err;
	126	uint8_t *payload;
a2bebfd6	127	size_t payload_size, header_size;
7536ee4b TH	128	VNC_DEBUG("Read websocket %p size %zd offset %zd\n", vs->ws_input.buffer,
	129	vs->ws_input.capacity, vs->ws_input.offset);
	130	buffer_reserve(&vs->ws_input, 4096);
	131	ret = vnc_client_read_buf(vs, buffer_end(&vs->ws_input), 4096);
	132	if (!ret) {
	133	return 0;
	134	}
	135	vs->ws_input.offset += ret;
	136
a2bebfd6 DB	137	ret = 0;
a2bebfd6 DB	138	/* consume as much of ws_input buffer as possible */
7536ee4b	139	do {
a2bebfd6 DB	140	if (vs->ws_payload_remain == 0) {
	141	err = vncws_decode_frame_header(&vs->ws_input,
	142	&header_size,
	143	&vs->ws_payload_remain,
	144	&vs->ws_payload_mask);
	145	if (err <= 0) {
	146	return err;
	147	}
	148
	149	buffer_advance(&vs->ws_input, header_size);
7536ee4b	150	}
a2bebfd6 DB	151	if (vs->ws_payload_remain != 0) {
	152	err = vncws_decode_frame_payload(&vs->ws_input,
	153	&vs->ws_payload_remain,
	154	&vs->ws_payload_mask,
	155	&payload,
	156	&payload_size);
	157	if (err < 0) {
	158	return err;
	159	}
	160	if (err == 0) {
	161	return ret;
	162	}
	163	ret += err;
7536ee4b	164
a2bebfd6 DB	165	buffer_reserve(&vs->input, payload_size);
a2bebfd6 DB	166	buffer_append(&vs->input, payload, payload_size);
7536ee4b	167
a2bebfd6 DB	168	buffer_advance(&vs->ws_input, payload_size);
a2bebfd6 DB	169	}
7536ee4b TH	170	} while (vs->ws_input.offset > 0);
	171
	172	return ret;
	173	}
	174
	175	long vnc_client_write_ws(VncState *vs)
	176	{
	177	long ret;
	178	VNC_DEBUG("Write WS: Pending output %p size %zd offset %zd\n",
	179	vs->output.buffer, vs->output.capacity, vs->output.offset);
	180	vncws_encode_frame(&vs->ws_output, vs->output.buffer, vs->output.offset);
	181	buffer_reset(&vs->output);
	182	ret = vnc_client_write_buf(vs, vs->ws_output.buffer, vs->ws_output.offset);
	183	if (!ret) {
	184	return 0;
	185	}
	186
	187	buffer_advance(&vs->ws_output, ret);
	188
	189	if (vs->ws_output.offset == 0) {
82e1cc4b	190	qemu_set_fd_handler(vs->csock, vnc_client_read, NULL, vs);
7536ee4b TH	191	}
	192
	193	return ret;
	194	}
	195
	196	static char vncws_extract_handshake_entry(const char handshake,
	197	size_t handshake_len, const char *name)
	198	{
	199	char begin, end, *ret = NULL;
	200	char *line = g_strdup_printf("%s%s: ", WS_HANDSHAKE_DELIM, name);
	201	begin = g_strstr_len(handshake, handshake_len, line);
	202	if (begin != NULL) {
	203	begin += strlen(line);
	204	end = g_strstr_len(begin, handshake_len - (begin - handshake),
	205	WS_HANDSHAKE_DELIM);
	206	if (end != NULL) {
	207	ret = g_strndup(begin, end - begin);
	208	}
	209	}
	210	g_free(line);
	211	return ret;
	212	}
	213
	214	static void vncws_send_handshake_response(VncState vs, const char key)
	215	{
	216	char combined_key[WS_CLIENT_KEY_LEN + WS_GUID_LEN + 1];
7536ee4b	217	char accept = NULL, response = NULL;
8e9b0d24	218	Error *err = NULL;
7536ee4b TH	219
	220	g_strlcpy(combined_key, key, WS_CLIENT_KEY_LEN + 1);
	221	g_strlcat(combined_key, WS_GUID, WS_CLIENT_KEY_LEN + WS_GUID_LEN + 1);
	222
	223	/* hash and encode it */
8e9b0d24 DB	224	if (qcrypto_hash_base64(QCRYPTO_HASH_ALG_SHA1,
	225	combined_key,
	226	WS_CLIENT_KEY_LEN + WS_GUID_LEN,
	227	&accept,
	228	&err) < 0) {
	229	VNC_DEBUG("Hashing Websocket combined key failed %s\n",
	230	error_get_pretty(err));
	231	error_free(err);
7536ee4b TH	232	vnc_client_error(vs);
	233	return;
	234	}
	235
	236	response = g_strdup_printf(WS_HANDSHAKE, accept);
b57489cf	237	vnc_client_write_buf(vs, (const uint8_t *)response, strlen(response));
7536ee4b TH	238
	239	g_free(accept);
	240	g_free(response);
	241
	242	vs->encode_ws = 1;
	243	vnc_init_state(vs);
	244	}
	245
	246	void vncws_process_handshake(VncState vs, uint8_t line, size_t size)
	247	{
	248	char protocols = vncws_extract_handshake_entry((const char )line, size,
	249	"Sec-WebSocket-Protocol");
	250	char version = vncws_extract_handshake_entry((const char )line, size,
	251	"Sec-WebSocket-Version");
	252	char key = vncws_extract_handshake_entry((const char )line, size,
	253	"Sec-WebSocket-Key");
	254
	255	if (protocols && version && key
	256	&& g_strrstr(protocols, "binary")
	257	&& !strcmp(version, WS_SUPPORTED_VERSION)
	258	&& strlen(key) == WS_CLIENT_KEY_LEN) {
	259	vncws_send_handshake_response(vs, key);
	260	} else {
	261	VNC_DEBUG("Defective Websockets header or unsupported protocol\n");
	262	vnc_client_error(vs);
	263	}
	264
	265	g_free(protocols);
	266	g_free(version);
	267	g_free(key);
	268	}
	269
	270	void vncws_encode_frame(Buffer output, const void payload,
	271	const size_t payload_size)
	272	{
	273	size_t header_size = 0;
	274	unsigned char opcode = WS_OPCODE_BINARY_FRAME;
	275	union {
	276	char buf[WS_HEAD_MAX_LEN];
	277	WsHeader ws;
	278	} header;
	279
	280	if (!payload_size) {
	281	return;
	282	}
	283
	284	header.ws.b0 = 0x80 \| (opcode & 0x0f);
	285	if (payload_size <= 125) {
	286	header.ws.b1 = (uint8_t)payload_size;
	287	header_size = 2;
	288	} else if (payload_size < 65536) {
	289	header.ws.b1 = 0x7e;
	290	header.ws.u.s16.l16 = cpu_to_be16((uint16_t)payload_size);
	291	header_size = 4;
	292	} else {
	293	header.ws.b1 = 0x7f;
	294	header.ws.u.s64.l64 = cpu_to_be64(payload_size);
	295	header_size = 10;
	296	}
	297
	298	buffer_reserve(output, header_size + payload_size);
	299	buffer_append(output, header.buf, header_size);
	300	buffer_append(output, payload, payload_size);
	301	}
302
a2bebfd6 DB	303	int vncws_decode_frame_header(Buffer *input,
	304	size_t *header_size,
	305	size_t *payload_remain,
	306	WsMask *payload_mask)
7536ee4b TH	307	{
7536ee4b TH	308	unsigned char opcode = 0, fin = 0, has_mask = 0;
a2bebfd6	309	size_t payload_len;
7536ee4b	310	WsHeader header = (WsHeader )input->buffer;
7536ee4b TH	311
	312	if (input->offset < WS_HEAD_MIN_LEN + 4) {
	313	/* header not complete */
	314	return 0;
	315	}
	316
	317	fin = (header->b0 & 0x80) >> 7;
	318	opcode = header->b0 & 0x0f;
	319	has_mask = (header->b1 & 0x80) >> 7;
a2bebfd6	320	payload_len = header->b1 & 0x7f;
7536ee4b TH	321
	322	if (opcode == WS_OPCODE_CLOSE) {
	323	/* disconnect */
	324	return -1;
	325	}
	326
	327	/* Websocket frame sanity check:
	328	* * Websocket fragmentation is not supported.
	329	* * All websockets frames sent by a client have to be masked.
	330	* * Only binary encoding is supported.
	331	*/
	332	if (!fin \|\| !has_mask \|\| opcode != WS_OPCODE_BINARY_FRAME) {
	333	VNC_DEBUG("Received faulty/unsupported Websocket frame\n");
	334	return -2;
	335	}
	336
a2bebfd6 DB	337	if (payload_len < 126) {
	338	*payload_remain = payload_len;
	339	*header_size = 6;
	340	*payload_mask = header->u.m;
	341	} else if (payload_len == 126 && input->offset >= 8) {
	342	*payload_remain = be16_to_cpu(header->u.s16.l16);
	343	*header_size = 8;
	344	*payload_mask = header->u.s16.m16;
	345	} else if (payload_len == 127 && input->offset >= 14) {
	346	*payload_remain = be64_to_cpu(header->u.s64.l64);
	347	*header_size = 14;
	348	*payload_mask = header->u.s64.m64;
7536ee4b TH	349	} else {
	350	/* header not complete */
	351	return 0;
	352	}
	353
a2bebfd6 DB	354	return 1;
	355	}
	356
	357	int vncws_decode_frame_payload(Buffer *input,
	358	size_t payload_remain, WsMask payload_mask,
	359	uint8_t *payload, size_t payload_size)
	360	{
	361	size_t i;
	362	uint32_t *payload32;
7536ee4b	363
a2bebfd6 DB	364	*payload = input->buffer;
	365	/* If we aren't at the end of the payload, then drop
	366	* off the last bytes, so we're always multiple of 4
	367	* for purpose of unmasking, except at end of payload
	368	*/
	369	if (input->offset < *payload_remain) {
	370	*payload_size = input->offset - (input->offset % 4);
	371	} else {
	372	payload_size = payload_remain;
	373	}
	374	if (*payload_size == 0) {
7536ee4b TH	375	return 0;
7536ee4b TH	376	}
a2bebfd6	377	payload_remain -= payload_size;
7536ee4b TH	378
	379	/* unmask frame */
	380	/* process 1 frame (32 bit op) */
	381	payload32 = (uint32_t )(payload);
	382	for (i = 0; i < *payload_size / 4; i++) {
a2bebfd6	383	payload32[i] ^= payload_mask->u;
7536ee4b TH	384	}
	385	/* process the remaining bytes (if any) */
	386	for (i = 4; i < payload_size; i++) {
a2bebfd6	387	(*payload)[i] ^= payload_mask->c[i % 4];
7536ee4b TH	388	}
	389
	390	return 1;
	391	}