1 // Copyright 2012 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/websockets/websocket_frame.h"
6
7 #include <stddef.h>
8 #include <string.h>
9
10 #include <ostream>
11
12 #include "base/big_endian.h"
13 #include "base/check.h"
14 #include "base/check_op.h"
15 #include "base/rand_util.h"
16 #include "base/ranges/algorithm.h"
17 #include "build/build_config.h"
18 #include "net/base/net_errors.h"
19
20 namespace net {
21
22 namespace {
23
24 // GCC (and Clang) can transparently use vector ops. Only try to do this on
25 // architectures where we know it works, otherwise gcc will attempt to emulate
26 // the vector ops, which is unlikely to be efficient.
27 #if defined(COMPILER_GCC) && \
28 (defined(ARCH_CPU_X86_FAMILY) || defined(ARCH_CPU_ARM_FAMILY))
29
30 using PackedMaskType = uint32_t __attribute__((vector_size(16)));
31
32 #else
33
34 using PackedMaskType = size_t;
35
36 #endif // defined(COMPILER_GCC) &&
37 // (defined(ARCH_CPU_X86_FAMILY) || defined(ARCH_CPU_ARM_FAMILY))
38
39 const uint8_t kFinalBit = 0x80;
40 const uint8_t kReserved1Bit = 0x40;
41 const uint8_t kReserved2Bit = 0x20;
42 const uint8_t kReserved3Bit = 0x10;
43 const uint8_t kOpCodeMask = 0xF;
44 const uint8_t kMaskBit = 0x80;
45 const uint64_t kMaxPayloadLengthWithoutExtendedLengthField = 125;
46 const uint64_t kPayloadLengthWithTwoByteExtendedLengthField = 126;
47 const uint64_t kPayloadLengthWithEightByteExtendedLengthField = 127;
48
MaskWebSocketFramePayloadByBytes(const WebSocketMaskingKey & masking_key,size_t masking_key_offset,char * const begin,char * const end)49 inline void MaskWebSocketFramePayloadByBytes(
50 const WebSocketMaskingKey& masking_key,
51 size_t masking_key_offset,
52 char* const begin,
53 char* const end) {
54 for (char* masked = begin; masked != end; ++masked) {
55 *masked ^= masking_key.key[masking_key_offset++ %
56 WebSocketFrameHeader::kMaskingKeyLength];
57 }
58 }
59
60 } // namespace
61
Clone() const62 std::unique_ptr<WebSocketFrameHeader> WebSocketFrameHeader::Clone() const {
63 auto ret = std::make_unique<WebSocketFrameHeader>(opcode);
64 ret->CopyFrom(*this);
65 return ret;
66 }
67
CopyFrom(const WebSocketFrameHeader & source)68 void WebSocketFrameHeader::CopyFrom(const WebSocketFrameHeader& source) {
69 final = source.final;
70 reserved1 = source.reserved1;
71 reserved2 = source.reserved2;
72 reserved3 = source.reserved3;
73 opcode = source.opcode;
74 masked = source.masked;
75 masking_key = source.masking_key;
76 payload_length = source.payload_length;
77 }
78
WebSocketFrame(WebSocketFrameHeader::OpCode opcode)79 WebSocketFrame::WebSocketFrame(WebSocketFrameHeader::OpCode opcode)
80 : header(opcode) {}
81
82 WebSocketFrame::~WebSocketFrame() = default;
83
84 WebSocketFrameChunk::WebSocketFrameChunk() = default;
85
86 WebSocketFrameChunk::~WebSocketFrameChunk() = default;
87
GetWebSocketFrameHeaderSize(const WebSocketFrameHeader & header)88 int GetWebSocketFrameHeaderSize(const WebSocketFrameHeader& header) {
89 int extended_length_size = 0;
90 if (header.payload_length > kMaxPayloadLengthWithoutExtendedLengthField &&
91 header.payload_length <= UINT16_MAX) {
92 extended_length_size = 2;
93 } else if (header.payload_length > UINT16_MAX) {
94 extended_length_size = 8;
95 }
96
97 return (WebSocketFrameHeader::kBaseHeaderSize + extended_length_size +
98 (header.masked ? WebSocketFrameHeader::kMaskingKeyLength : 0));
99 }
100
WriteWebSocketFrameHeader(const WebSocketFrameHeader & header,const WebSocketMaskingKey * masking_key,char * buffer,int buffer_size)101 int WriteWebSocketFrameHeader(const WebSocketFrameHeader& header,
102 const WebSocketMaskingKey* masking_key,
103 char* buffer,
104 int buffer_size) {
105 DCHECK((header.opcode & kOpCodeMask) == header.opcode)
106 << "header.opcode must fit to kOpCodeMask.";
107 DCHECK(header.payload_length <= static_cast<uint64_t>(INT64_MAX))
108 << "WebSocket specification doesn't allow a frame longer than "
109 << "INT64_MAX (0x7FFFFFFFFFFFFFFF) bytes.";
110 DCHECK_GE(buffer_size, 0);
111
112 // WebSocket frame format is as follows:
113 // - Common header (2 bytes)
114 // - Optional extended payload length
115 // (2 or 8 bytes, present if actual payload length is more than 125 bytes)
116 // - Optional masking key (4 bytes, present if MASK bit is on)
117 // - Actual payload (XOR masked with masking key if MASK bit is on)
118 //
119 // This function constructs frame header (the first three in the list
120 // above).
121
122 int header_size = GetWebSocketFrameHeaderSize(header);
123 if (header_size > buffer_size)
124 return ERR_INVALID_ARGUMENT;
125
126 int buffer_index = 0;
127
128 uint8_t first_byte = 0u;
129 first_byte |= header.final ? kFinalBit : 0u;
130 first_byte |= header.reserved1 ? kReserved1Bit : 0u;
131 first_byte |= header.reserved2 ? kReserved2Bit : 0u;
132 first_byte |= header.reserved3 ? kReserved3Bit : 0u;
133 first_byte |= header.opcode & kOpCodeMask;
134 buffer[buffer_index++] = first_byte;
135
136 int extended_length_size = 0;
137 uint8_t second_byte = 0u;
138 second_byte |= header.masked ? kMaskBit : 0u;
139 if (header.payload_length <= kMaxPayloadLengthWithoutExtendedLengthField) {
140 second_byte |= header.payload_length;
141 } else if (header.payload_length <= UINT16_MAX) {
142 second_byte |= kPayloadLengthWithTwoByteExtendedLengthField;
143 extended_length_size = 2;
144 } else {
145 second_byte |= kPayloadLengthWithEightByteExtendedLengthField;
146 extended_length_size = 8;
147 }
148 buffer[buffer_index++] = second_byte;
149
150 // Writes "extended payload length" field.
151 if (extended_length_size == 2) {
152 uint16_t payload_length_16 = static_cast<uint16_t>(header.payload_length);
153 base::WriteBigEndian(buffer + buffer_index, payload_length_16);
154 buffer_index += sizeof(payload_length_16);
155 } else if (extended_length_size == 8) {
156 base::WriteBigEndian(buffer + buffer_index, header.payload_length);
157 buffer_index += sizeof(header.payload_length);
158 }
159
160 // Writes "masking key" field, if needed.
161 if (header.masked) {
162 DCHECK(masking_key);
163 base::ranges::copy(masking_key->key, buffer + buffer_index);
164 buffer_index += WebSocketFrameHeader::kMaskingKeyLength;
165 } else {
166 DCHECK(!masking_key);
167 }
168
169 DCHECK_EQ(header_size, buffer_index);
170 return header_size;
171 }
172
GenerateWebSocketMaskingKey()173 WebSocketMaskingKey GenerateWebSocketMaskingKey() {
174 // Masking keys should be generated from a cryptographically secure random
175 // number generator, which means web application authors should not be able
176 // to guess the next value of masking key.
177 WebSocketMaskingKey masking_key;
178 base::RandBytes(masking_key.key, WebSocketFrameHeader::kMaskingKeyLength);
179 return masking_key;
180 }
181
MaskWebSocketFramePayload(const WebSocketMaskingKey & masking_key,uint64_t frame_offset,char * const data,int data_size)182 void MaskWebSocketFramePayload(const WebSocketMaskingKey& masking_key,
183 uint64_t frame_offset,
184 char* const data,
185 int data_size) {
186 static const size_t kMaskingKeyLength =
187 WebSocketFrameHeader::kMaskingKeyLength;
188
189 DCHECK_GE(data_size, 0);
190
191 // Most of the masking is done in chunks of sizeof(PackedMaskType), except for
192 // the beginning and the end of the buffer which may be unaligned.
193 // PackedMaskType must be a multiple of kMaskingKeyLength in size.
194 PackedMaskType packed_mask_key;
195 static const size_t kPackedMaskKeySize = sizeof(packed_mask_key);
196 static_assert((kPackedMaskKeySize >= kMaskingKeyLength &&
197 kPackedMaskKeySize % kMaskingKeyLength == 0),
198 "PackedMaskType size is not a multiple of mask length");
199 char* const end = data + data_size;
200 // If the buffer is too small for the vectorised version to be useful, revert
201 // to the byte-at-a-time implementation early.
202 if (data_size <= static_cast<int>(kPackedMaskKeySize * 2)) {
203 MaskWebSocketFramePayloadByBytes(
204 masking_key, frame_offset % kMaskingKeyLength, data, end);
205 return;
206 }
207 const size_t data_modulus =
208 reinterpret_cast<size_t>(data) % kPackedMaskKeySize;
209 char* const aligned_begin =
210 data_modulus == 0 ? data : (data + kPackedMaskKeySize - data_modulus);
211 // Guaranteed by the above check for small data_size.
212 DCHECK(aligned_begin < end);
213 MaskWebSocketFramePayloadByBytes(
214 masking_key, frame_offset % kMaskingKeyLength, data, aligned_begin);
215 const size_t end_modulus = reinterpret_cast<size_t>(end) % kPackedMaskKeySize;
216 char* const aligned_end = end - end_modulus;
217 // Guaranteed by the above check for small data_size.
218 DCHECK(aligned_end > aligned_begin);
219 // Create a version of the mask which is rotated by the appropriate offset
220 // for our alignment. The "trick" here is that 0 XORed with the mask will
221 // give the value of the mask for the appropriate byte.
222 char realigned_mask[kMaskingKeyLength] = {};
223 MaskWebSocketFramePayloadByBytes(
224 masking_key,
225 (frame_offset + aligned_begin - data) % kMaskingKeyLength,
226 realigned_mask,
227 realigned_mask + kMaskingKeyLength);
228
229 for (size_t i = 0; i < kPackedMaskKeySize; i += kMaskingKeyLength) {
230 // memcpy() is allegedly blessed by the C++ standard for type-punning.
231 memcpy(reinterpret_cast<char*>(&packed_mask_key) + i,
232 realigned_mask,
233 kMaskingKeyLength);
234 }
235
236 // The main loop.
237 for (char* merged = aligned_begin; merged != aligned_end;
238 merged += kPackedMaskKeySize) {
239 // This is not quite standard-compliant C++. However, the standard-compliant
240 // equivalent (using memcpy()) compiles to slower code using g++. In
241 // practice, this will work for the compilers and architectures currently
242 // supported by Chromium, and the tests are extremely unlikely to pass if a
243 // future compiler/architecture breaks it.
244 *reinterpret_cast<PackedMaskType*>(merged) ^= packed_mask_key;
245 }
246
247 MaskWebSocketFramePayloadByBytes(
248 masking_key,
249 (frame_offset + (aligned_end - data)) % kMaskingKeyLength,
250 aligned_end,
251 end);
252 }
253
254 } // namespace net
255