]> git.proxmox.com Git - mirror_qemu.git/blob - ui/vnc-ws.c
projects / mirror_qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging
[mirror_qemu.git] / ui / vnc-ws.c
1 /*
2 * QEMU VNC display driver: Websockets support
3 *
4 * Copyright (C) 2010 Joel Martin
5 * Copyright (C) 2012 Tim Hardeck
6 *
7 * This is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * This software is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this software; if not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include "vnc.h"
22 #include "qemu/main-loop.h"
23
24 #ifdef CONFIG_VNC_TLS
25 #include "qemu/sockets.h"
26
27 static int vncws_start_tls_handshake(struct VncState *vs)
28 {
29 int ret = gnutls_handshake(vs->tls.session);
30
31 if (ret < 0) {
32 if (!gnutls_error_is_fatal(ret)) {
33 VNC_DEBUG("Handshake interrupted (blocking)\n");
34 if (!gnutls_record_get_direction(vs->tls.session)) {
35 qemu_set_fd_handler(vs->csock, vncws_tls_handshake_io,
36 NULL, vs);
37 } else {
38 qemu_set_fd_handler(vs->csock, NULL, vncws_tls_handshake_io,
39 vs);
40 }
41 return 0;
42 }
43 VNC_DEBUG("Handshake failed %s\n", gnutls_strerror(ret));
44 vnc_client_error(vs);
45 return -1;
46 }
47
48 if (vs->vd->tls.x509verify) {
49 if (vnc_tls_validate_certificate(vs) < 0) {
50 VNC_DEBUG("Client verification failed\n");
51 vnc_client_error(vs);
52 return -1;
53 } else {
54 VNC_DEBUG("Client verification passed\n");
55 }
56 }
57
58 VNC_DEBUG("Handshake done, switching to TLS data mode\n");
59 qemu_set_fd_handler2(vs->csock, NULL, vncws_handshake_read, NULL, vs);
60
61 return 0;
62 }
63
64 void vncws_tls_handshake_io(void *opaque)
65 {
66 struct VncState *vs = (struct VncState *)opaque;
67
68 if (!vs->tls.session) {
69 VNC_DEBUG("TLS Websocket setup\n");
70 if (vnc_tls_client_setup(vs, vs->vd->tls.x509cert != NULL) < 0) {
71 return;
72 }
73 }
74 VNC_DEBUG("Handshake IO continue\n");
75 vncws_start_tls_handshake(vs);
76 }
77 #endif /* CONFIG_VNC_TLS */
78
79 void vncws_handshake_read(void *opaque)
80 {
81 VncState *vs = opaque;
82 uint8_t *handshake_end;
83 long ret;
84 buffer_reserve(&vs->ws_input, 4096);
85 ret = vnc_client_read_buf(vs, buffer_end(&vs->ws_input), 4096);
86
87 if (!ret) {
88 if (vs->csock == -1) {
89 vnc_disconnect_finish(vs);
90 }
91 return;
92 }
93 vs->ws_input.offset += ret;
94
95 handshake_end = (uint8_t *)g_strstr_len((char *)vs->ws_input.buffer,
96 vs->ws_input.offset, WS_HANDSHAKE_END);
97 if (handshake_end) {
98 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
99 vncws_process_handshake(vs, vs->ws_input.buffer, vs->ws_input.offset);
100 buffer_advance(&vs->ws_input, handshake_end - vs->ws_input.buffer +
101 strlen(WS_HANDSHAKE_END));
102 }
103 }
104
105
106 long vnc_client_read_ws(VncState *vs)
107 {
108 int ret, err;
109 uint8_t *payload;
110 size_t payload_size, frame_size;
111 VNC_DEBUG("Read websocket %p size %zd offset %zd\n", vs->ws_input.buffer,
112 vs->ws_input.capacity, vs->ws_input.offset);
113 buffer_reserve(&vs->ws_input, 4096);
114 ret = vnc_client_read_buf(vs, buffer_end(&vs->ws_input), 4096);
115 if (!ret) {
116 return 0;
117 }
118 vs->ws_input.offset += ret;
119
120 /* make sure that nothing is left in the ws_input buffer */
121 do {
122 err = vncws_decode_frame(&vs->ws_input, &payload,
123 &payload_size, &frame_size);
124 if (err <= 0) {
125 return err;
126 }
127
128 buffer_reserve(&vs->input, payload_size);
129 buffer_append(&vs->input, payload, payload_size);
130
131 buffer_advance(&vs->ws_input, frame_size);
132 } while (vs->ws_input.offset > 0);
133
134 return ret;
135 }
136
137 long vnc_client_write_ws(VncState *vs)
138 {
139 long ret;
140 VNC_DEBUG("Write WS: Pending output %p size %zd offset %zd\n",
141 vs->output.buffer, vs->output.capacity, vs->output.offset);
142 vncws_encode_frame(&vs->ws_output, vs->output.buffer, vs->output.offset);
143 buffer_reset(&vs->output);
144 ret = vnc_client_write_buf(vs, vs->ws_output.buffer, vs->ws_output.offset);
145 if (!ret) {
146 return 0;
147 }
148
149 buffer_advance(&vs->ws_output, ret);
150
151 if (vs->ws_output.offset == 0) {
152 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
153 }
154
155 return ret;
156 }
157
158 static char *vncws_extract_handshake_entry(const char *handshake,
159 size_t handshake_len, const char *name)
160 {
161 char *begin, *end, *ret = NULL;
162 char *line = g_strdup_printf("%s%s: ", WS_HANDSHAKE_DELIM, name);
163 begin = g_strstr_len(handshake, handshake_len, line);
164 if (begin != NULL) {
165 begin += strlen(line);
166 end = g_strstr_len(begin, handshake_len - (begin - handshake),
167 WS_HANDSHAKE_DELIM);
168 if (end != NULL) {
169 ret = g_strndup(begin, end - begin);
170 }
171 }
172 g_free(line);
173 return ret;
174 }
175
176 static void vncws_send_handshake_response(VncState *vs, const char* key)
177 {
178 char combined_key[WS_CLIENT_KEY_LEN + WS_GUID_LEN + 1];
179 unsigned char hash[SHA1_DIGEST_LEN];
180 size_t hash_size = sizeof(hash);
181 char *accept = NULL, *response = NULL;
182 gnutls_datum_t in;
183 int ret;
184
185 g_strlcpy(combined_key, key, WS_CLIENT_KEY_LEN + 1);
186 g_strlcat(combined_key, WS_GUID, WS_CLIENT_KEY_LEN + WS_GUID_LEN + 1);
187
188 /* hash and encode it */
189 in.data = (void *)combined_key;
190 in.size = WS_CLIENT_KEY_LEN + WS_GUID_LEN;
191 ret = gnutls_fingerprint(GNUTLS_DIG_SHA1, &in, hash, &hash_size);
192 if (ret == GNUTLS_E_SUCCESS && hash_size <= SHA1_DIGEST_LEN) {
193 accept = g_base64_encode(hash, hash_size);
194 }
195 if (accept == NULL) {
196 VNC_DEBUG("Hashing Websocket combined key failed\n");
197 vnc_client_error(vs);
198 return;
199 }
200
201 response = g_strdup_printf(WS_HANDSHAKE, accept);
202 vnc_client_write_buf(vs, (const uint8_t *)response, strlen(response));
203
204 g_free(accept);
205 g_free(response);
206
207 vs->encode_ws = 1;
208 vnc_init_state(vs);
209 }
210
211 void vncws_process_handshake(VncState *vs, uint8_t *line, size_t size)
212 {
213 char *protocols = vncws_extract_handshake_entry((const char *)line, size,
214 "Sec-WebSocket-Protocol");
215 char *version = vncws_extract_handshake_entry((const char *)line, size,
216 "Sec-WebSocket-Version");
217 char *key = vncws_extract_handshake_entry((const char *)line, size,
218 "Sec-WebSocket-Key");
219
220 if (protocols && version && key
221 && g_strrstr(protocols, "binary")
222 && !strcmp(version, WS_SUPPORTED_VERSION)
223 && strlen(key) == WS_CLIENT_KEY_LEN) {
224 vncws_send_handshake_response(vs, key);
225 } else {
226 VNC_DEBUG("Defective Websockets header or unsupported protocol\n");
227 vnc_client_error(vs);
228 }
229
230 g_free(protocols);
231 g_free(version);
232 g_free(key);
233 }
234
235 void vncws_encode_frame(Buffer *output, const void *payload,
236 const size_t payload_size)
237 {
238 size_t header_size = 0;
239 unsigned char opcode = WS_OPCODE_BINARY_FRAME;
240 union {
241 char buf[WS_HEAD_MAX_LEN];
242 WsHeader ws;
243 } header;
244
245 if (!payload_size) {
246 return;
247 }
248
249 header.ws.b0 = 0x80 | (opcode & 0x0f);
250 if (payload_size <= 125) {
251 header.ws.b1 = (uint8_t)payload_size;
252 header_size = 2;
253 } else if (payload_size < 65536) {
254 header.ws.b1 = 0x7e;
255 header.ws.u.s16.l16 = cpu_to_be16((uint16_t)payload_size);
256 header_size = 4;
257 } else {
258 header.ws.b1 = 0x7f;
259 header.ws.u.s64.l64 = cpu_to_be64(payload_size);
260 header_size = 10;
261 }
262
263 buffer_reserve(output, header_size + payload_size);
264 buffer_append(output, header.buf, header_size);
265 buffer_append(output, payload, payload_size);
266 }
267
268 int vncws_decode_frame(Buffer *input, uint8_t **payload,
269 size_t *payload_size, size_t *frame_size)
270 {
271 unsigned char opcode = 0, fin = 0, has_mask = 0;
272 size_t header_size = 0;
273 uint32_t *payload32;
274 WsHeader *header = (WsHeader *)input->buffer;
275 WsMask mask;
276 int i;
277
278 if (input->offset < WS_HEAD_MIN_LEN + 4) {
279 /* header not complete */
280 return 0;
281 }
282
283 fin = (header->b0 & 0x80) >> 7;
284 opcode = header->b0 & 0x0f;
285 has_mask = (header->b1 & 0x80) >> 7;
286 *payload_size = header->b1 & 0x7f;
287
288 if (opcode == WS_OPCODE_CLOSE) {
289 /* disconnect */
290 return -1;
291 }
292
293 /* Websocket frame sanity check:
294 * * Websocket fragmentation is not supported.
295 * * All websockets frames sent by a client have to be masked.
296 * * Only binary encoding is supported.
297 */
298 if (!fin || !has_mask || opcode != WS_OPCODE_BINARY_FRAME) {
299 VNC_DEBUG("Received faulty/unsupported Websocket frame\n");
300 return -2;
301 }
302
303 if (*payload_size < 126) {
304 header_size = 6;
305 mask = header->u.m;
306 } else if (*payload_size == 126 && input->offset >= 8) {
307 *payload_size = be16_to_cpu(header->u.s16.l16);
308 header_size = 8;
309 mask = header->u.s16.m16;
310 } else if (*payload_size == 127 && input->offset >= 14) {
311 *payload_size = be64_to_cpu(header->u.s64.l64);
312 header_size = 14;
313 mask = header->u.s64.m64;
314 } else {
315 /* header not complete */
316 return 0;
317 }
318
319 *frame_size = header_size + *payload_size;
320
321 if (input->offset < *frame_size) {
322 /* frame not complete */
323 return 0;
324 }
325
326 *payload = input->buffer + header_size;
327
328 /* unmask frame */
329 /* process 1 frame (32 bit op) */
330 payload32 = (uint32_t *)(*payload);
331 for (i = 0; i < *payload_size / 4; i++) {
332 payload32[i] ^= mask.u;
333 }
334 /* process the remaining bytes (if any) */
335 for (i *= 4; i < *payload_size; i++) {
336 (*payload)[i] ^= mask.c[i % 4];
337 }
338
339 return 1;
340 }
QEMU mirror