]>
git.proxmox.com Git - mirror_qemu.git/blob - ui/vnc-ws.c
2 * QEMU VNC display driver: Websockets support
4 * Copyright (C) 2010 Joel Martin
5 * Copyright (C) 2012 Tim Hardeck
7 * This is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
12 * This software is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License
18 * along with this software; if not, see <http://www.gnu.org/licenses/>.
22 #include "qemu/main-loop.h"
25 #include "qemu/sockets.h"
27 static int vncws_start_tls_handshake(struct VncState
*vs
)
29 int ret
= gnutls_handshake(vs
->tls
.session
);
32 if (!gnutls_error_is_fatal(ret
)) {
33 VNC_DEBUG("Handshake interrupted (blocking)\n");
34 if (!gnutls_record_get_direction(vs
->tls
.session
)) {
35 qemu_set_fd_handler(vs
->csock
, vncws_tls_handshake_io
,
38 qemu_set_fd_handler(vs
->csock
, NULL
, vncws_tls_handshake_io
,
43 VNC_DEBUG("Handshake failed %s\n", gnutls_strerror(ret
));
48 if (vs
->vd
->tls
.x509verify
) {
49 if (vnc_tls_validate_certificate(vs
) < 0) {
50 VNC_DEBUG("Client verification failed\n");
54 VNC_DEBUG("Client verification passed\n");
58 VNC_DEBUG("Handshake done, switching to TLS data mode\n");
59 qemu_set_fd_handler2(vs
->csock
, NULL
, vncws_handshake_read
, NULL
, vs
);
64 void vncws_tls_handshake_io(void *opaque
)
66 struct VncState
*vs
= (struct VncState
*)opaque
;
68 if (!vs
->tls
.session
) {
69 VNC_DEBUG("TLS Websocket setup\n");
70 if (vnc_tls_client_setup(vs
, vs
->vd
->tls
.x509cert
!= NULL
) < 0) {
74 VNC_DEBUG("Handshake IO continue\n");
75 vncws_start_tls_handshake(vs
);
77 #endif /* CONFIG_VNC_TLS */
79 void vncws_handshake_read(void *opaque
)
81 VncState
*vs
= opaque
;
82 uint8_t *handshake_end
;
84 buffer_reserve(&vs
->ws_input
, 4096);
85 ret
= vnc_client_read_buf(vs
, buffer_end(&vs
->ws_input
), 4096);
88 if (vs
->csock
== -1) {
89 vnc_disconnect_finish(vs
);
93 vs
->ws_input
.offset
+= ret
;
95 handshake_end
= (uint8_t *)g_strstr_len((char *)vs
->ws_input
.buffer
,
96 vs
->ws_input
.offset
, WS_HANDSHAKE_END
);
98 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, NULL
, vs
);
99 vncws_process_handshake(vs
, vs
->ws_input
.buffer
, vs
->ws_input
.offset
);
100 buffer_advance(&vs
->ws_input
, handshake_end
- vs
->ws_input
.buffer
+
101 strlen(WS_HANDSHAKE_END
));
106 long vnc_client_read_ws(VncState
*vs
)
110 size_t payload_size
, frame_size
;
111 VNC_DEBUG("Read websocket %p size %zd offset %zd\n", vs
->ws_input
.buffer
,
112 vs
->ws_input
.capacity
, vs
->ws_input
.offset
);
113 buffer_reserve(&vs
->ws_input
, 4096);
114 ret
= vnc_client_read_buf(vs
, buffer_end(&vs
->ws_input
), 4096);
118 vs
->ws_input
.offset
+= ret
;
120 /* make sure that nothing is left in the ws_input buffer */
122 err
= vncws_decode_frame(&vs
->ws_input
, &payload
,
123 &payload_size
, &frame_size
);
128 buffer_reserve(&vs
->input
, payload_size
);
129 buffer_append(&vs
->input
, payload
, payload_size
);
131 buffer_advance(&vs
->ws_input
, frame_size
);
132 } while (vs
->ws_input
.offset
> 0);
137 long vnc_client_write_ws(VncState
*vs
)
140 VNC_DEBUG("Write WS: Pending output %p size %zd offset %zd\n",
141 vs
->output
.buffer
, vs
->output
.capacity
, vs
->output
.offset
);
142 vncws_encode_frame(&vs
->ws_output
, vs
->output
.buffer
, vs
->output
.offset
);
143 buffer_reset(&vs
->output
);
144 ret
= vnc_client_write_buf(vs
, vs
->ws_output
.buffer
, vs
->ws_output
.offset
);
149 buffer_advance(&vs
->ws_output
, ret
);
151 if (vs
->ws_output
.offset
== 0) {
152 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, NULL
, vs
);
158 static char *vncws_extract_handshake_entry(const char *handshake
,
159 size_t handshake_len
, const char *name
)
161 char *begin
, *end
, *ret
= NULL
;
162 char *line
= g_strdup_printf("%s%s: ", WS_HANDSHAKE_DELIM
, name
);
163 begin
= g_strstr_len(handshake
, handshake_len
, line
);
165 begin
+= strlen(line
);
166 end
= g_strstr_len(begin
, handshake_len
- (begin
- handshake
),
169 ret
= g_strndup(begin
, end
- begin
);
176 static void vncws_send_handshake_response(VncState
*vs
, const char* key
)
178 char combined_key
[WS_CLIENT_KEY_LEN
+ WS_GUID_LEN
+ 1];
179 unsigned char hash
[SHA1_DIGEST_LEN
];
180 size_t hash_size
= sizeof(hash
);
181 char *accept
= NULL
, *response
= NULL
;
185 g_strlcpy(combined_key
, key
, WS_CLIENT_KEY_LEN
+ 1);
186 g_strlcat(combined_key
, WS_GUID
, WS_CLIENT_KEY_LEN
+ WS_GUID_LEN
+ 1);
188 /* hash and encode it */
189 in
.data
= (void *)combined_key
;
190 in
.size
= WS_CLIENT_KEY_LEN
+ WS_GUID_LEN
;
191 ret
= gnutls_fingerprint(GNUTLS_DIG_SHA1
, &in
, hash
, &hash_size
);
192 if (ret
== GNUTLS_E_SUCCESS
&& hash_size
<= SHA1_DIGEST_LEN
) {
193 accept
= g_base64_encode(hash
, hash_size
);
195 if (accept
== NULL
) {
196 VNC_DEBUG("Hashing Websocket combined key failed\n");
197 vnc_client_error(vs
);
201 response
= g_strdup_printf(WS_HANDSHAKE
, accept
);
202 vnc_client_write_buf(vs
, (const uint8_t *)response
, strlen(response
));
211 void vncws_process_handshake(VncState
*vs
, uint8_t *line
, size_t size
)
213 char *protocols
= vncws_extract_handshake_entry((const char *)line
, size
,
214 "Sec-WebSocket-Protocol");
215 char *version
= vncws_extract_handshake_entry((const char *)line
, size
,
216 "Sec-WebSocket-Version");
217 char *key
= vncws_extract_handshake_entry((const char *)line
, size
,
218 "Sec-WebSocket-Key");
220 if (protocols
&& version
&& key
221 && g_strrstr(protocols
, "binary")
222 && !strcmp(version
, WS_SUPPORTED_VERSION
)
223 && strlen(key
) == WS_CLIENT_KEY_LEN
) {
224 vncws_send_handshake_response(vs
, key
);
226 VNC_DEBUG("Defective Websockets header or unsupported protocol\n");
227 vnc_client_error(vs
);
235 void vncws_encode_frame(Buffer
*output
, const void *payload
,
236 const size_t payload_size
)
238 size_t header_size
= 0;
239 unsigned char opcode
= WS_OPCODE_BINARY_FRAME
;
241 char buf
[WS_HEAD_MAX_LEN
];
249 header
.ws
.b0
= 0x80 | (opcode
& 0x0f);
250 if (payload_size
<= 125) {
251 header
.ws
.b1
= (uint8_t)payload_size
;
253 } else if (payload_size
< 65536) {
255 header
.ws
.u
.s16
.l16
= cpu_to_be16((uint16_t)payload_size
);
259 header
.ws
.u
.s64
.l64
= cpu_to_be64(payload_size
);
263 buffer_reserve(output
, header_size
+ payload_size
);
264 buffer_append(output
, header
.buf
, header_size
);
265 buffer_append(output
, payload
, payload_size
);
268 int vncws_decode_frame(Buffer
*input
, uint8_t **payload
,
269 size_t *payload_size
, size_t *frame_size
)
271 unsigned char opcode
= 0, fin
= 0, has_mask
= 0;
272 size_t header_size
= 0;
274 WsHeader
*header
= (WsHeader
*)input
->buffer
;
278 if (input
->offset
< WS_HEAD_MIN_LEN
+ 4) {
279 /* header not complete */
283 fin
= (header
->b0
& 0x80) >> 7;
284 opcode
= header
->b0
& 0x0f;
285 has_mask
= (header
->b1
& 0x80) >> 7;
286 *payload_size
= header
->b1
& 0x7f;
288 if (opcode
== WS_OPCODE_CLOSE
) {
293 /* Websocket frame sanity check:
294 * * Websocket fragmentation is not supported.
295 * * All websockets frames sent by a client have to be masked.
296 * * Only binary encoding is supported.
298 if (!fin
|| !has_mask
|| opcode
!= WS_OPCODE_BINARY_FRAME
) {
299 VNC_DEBUG("Received faulty/unsupported Websocket frame\n");
303 if (*payload_size
< 126) {
306 } else if (*payload_size
== 126 && input
->offset
>= 8) {
307 *payload_size
= be16_to_cpu(header
->u
.s16
.l16
);
309 mask
= header
->u
.s16
.m16
;
310 } else if (*payload_size
== 127 && input
->offset
>= 14) {
311 *payload_size
= be64_to_cpu(header
->u
.s64
.l64
);
313 mask
= header
->u
.s64
.m64
;
315 /* header not complete */
319 *frame_size
= header_size
+ *payload_size
;
321 if (input
->offset
< *frame_size
) {
322 /* frame not complete */
326 *payload
= input
->buffer
+ header_size
;
329 /* process 1 frame (32 bit op) */
330 payload32
= (uint32_t *)(*payload
);
331 for (i
= 0; i
< *payload_size
/ 4; i
++) {
332 payload32
[i
] ^= mask
.u
;
334 /* process the remaining bytes (if any) */
335 for (i
*= 4; i
< *payload_size
; i
++) {
336 (*payload
)[i
] ^= mask
.c
[i
% 4];