1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/websockets/websocket_frame.h"
6
7 #include <algorithm>
8
9 #include "base/basictypes.h"
10 #include "base/big_endian.h"
11 #include "base/logging.h"
12 #include "base/rand_util.h"
13 #include "net/base/io_buffer.h"
14 #include "net/base/net_errors.h"
15
16 namespace {
17
18 const uint8 kFinalBit = 0x80;
19 const uint8 kReserved1Bit = 0x40;
20 const uint8 kReserved2Bit = 0x20;
21 const uint8 kReserved3Bit = 0x10;
22 const uint8 kOpCodeMask = 0xF;
23 const uint8 kMaskBit = 0x80;
24 const uint64 kMaxPayloadLengthWithoutExtendedLengthField = 125;
25 const uint64 kPayloadLengthWithTwoByteExtendedLengthField = 126;
26 const uint64 kPayloadLengthWithEightByteExtendedLengthField = 127;
27
MaskWebSocketFramePayloadByBytes(const net::WebSocketMaskingKey & masking_key,size_t masking_key_offset,char * const begin,char * const end)28 inline void MaskWebSocketFramePayloadByBytes(
29 const net::WebSocketMaskingKey& masking_key,
30 size_t masking_key_offset,
31 char* const begin,
32 char* const end) {
33 for (char* masked = begin; masked != end; ++masked) {
34 *masked ^= masking_key.key[masking_key_offset++];
35 if (masking_key_offset == net::WebSocketFrameHeader::kMaskingKeyLength)
36 masking_key_offset = 0;
37 }
38 }
39
40 } // Unnamed namespace.
41
42 namespace net {
43
Clone() const44 scoped_ptr<WebSocketFrameHeader> WebSocketFrameHeader::Clone() const {
45 scoped_ptr<WebSocketFrameHeader> ret(new WebSocketFrameHeader(opcode));
46 ret->CopyFrom(*this);
47 return ret.Pass();
48 }
49
CopyFrom(const WebSocketFrameHeader & source)50 void WebSocketFrameHeader::CopyFrom(const WebSocketFrameHeader& source) {
51 final = source.final;
52 reserved1 = source.reserved1;
53 reserved2 = source.reserved2;
54 reserved3 = source.reserved3;
55 opcode = source.opcode;
56 masked = source.masked;
57 payload_length = source.payload_length;
58 }
59
WebSocketFrame(WebSocketFrameHeader::OpCode opcode)60 WebSocketFrame::WebSocketFrame(WebSocketFrameHeader::OpCode opcode)
61 : header(opcode) {}
62
~WebSocketFrame()63 WebSocketFrame::~WebSocketFrame() {}
64
WebSocketFrameChunk()65 WebSocketFrameChunk::WebSocketFrameChunk() : final_chunk(false) {}
66
~WebSocketFrameChunk()67 WebSocketFrameChunk::~WebSocketFrameChunk() {}
68
GetWebSocketFrameHeaderSize(const WebSocketFrameHeader & header)69 int GetWebSocketFrameHeaderSize(const WebSocketFrameHeader& header) {
70 int extended_length_size = 0;
71 if (header.payload_length > kMaxPayloadLengthWithoutExtendedLengthField &&
72 header.payload_length <= kuint16max) {
73 extended_length_size = 2;
74 } else if (header.payload_length > kuint16max) {
75 extended_length_size = 8;
76 }
77
78 return (WebSocketFrameHeader::kBaseHeaderSize + extended_length_size +
79 (header.masked ? WebSocketFrameHeader::kMaskingKeyLength : 0));
80 }
81
WriteWebSocketFrameHeader(const WebSocketFrameHeader & header,const WebSocketMaskingKey * masking_key,char * buffer,int buffer_size)82 int WriteWebSocketFrameHeader(const WebSocketFrameHeader& header,
83 const WebSocketMaskingKey* masking_key,
84 char* buffer,
85 int buffer_size) {
86 DCHECK((header.opcode & kOpCodeMask) == header.opcode)
87 << "header.opcode must fit to kOpCodeMask.";
88 DCHECK(header.payload_length <= static_cast<uint64>(kint64max))
89 << "WebSocket specification doesn't allow a frame longer than "
90 << "kint64max (0x7FFFFFFFFFFFFFFF) bytes.";
91 DCHECK_GE(buffer_size, 0);
92
93 // WebSocket frame format is as follows:
94 // - Common header (2 bytes)
95 // - Optional extended payload length
96 // (2 or 8 bytes, present if actual payload length is more than 125 bytes)
97 // - Optional masking key (4 bytes, present if MASK bit is on)
98 // - Actual payload (XOR masked with masking key if MASK bit is on)
99 //
100 // This function constructs frame header (the first three in the list
101 // above).
102
103 int header_size = GetWebSocketFrameHeaderSize(header);
104 if (header_size > buffer_size)
105 return ERR_INVALID_ARGUMENT;
106
107 int buffer_index = 0;
108
109 uint8 first_byte = 0u;
110 first_byte |= header.final ? kFinalBit : 0u;
111 first_byte |= header.reserved1 ? kReserved1Bit : 0u;
112 first_byte |= header.reserved2 ? kReserved2Bit : 0u;
113 first_byte |= header.reserved3 ? kReserved3Bit : 0u;
114 first_byte |= header.opcode & kOpCodeMask;
115 buffer[buffer_index++] = first_byte;
116
117 int extended_length_size = 0;
118 uint8 second_byte = 0u;
119 second_byte |= header.masked ? kMaskBit : 0u;
120 if (header.payload_length <= kMaxPayloadLengthWithoutExtendedLengthField) {
121 second_byte |= header.payload_length;
122 } else if (header.payload_length <= kuint16max) {
123 second_byte |= kPayloadLengthWithTwoByteExtendedLengthField;
124 extended_length_size = 2;
125 } else {
126 second_byte |= kPayloadLengthWithEightByteExtendedLengthField;
127 extended_length_size = 8;
128 }
129 buffer[buffer_index++] = second_byte;
130
131 // Writes "extended payload length" field.
132 if (extended_length_size == 2) {
133 uint16 payload_length_16 = static_cast<uint16>(header.payload_length);
134 base::WriteBigEndian(buffer + buffer_index, payload_length_16);
135 buffer_index += sizeof(payload_length_16);
136 } else if (extended_length_size == 8) {
137 base::WriteBigEndian(buffer + buffer_index, header.payload_length);
138 buffer_index += sizeof(header.payload_length);
139 }
140
141 // Writes "masking key" field, if needed.
142 if (header.masked) {
143 DCHECK(masking_key);
144 std::copy(masking_key->key,
145 masking_key->key + WebSocketFrameHeader::kMaskingKeyLength,
146 buffer + buffer_index);
147 buffer_index += WebSocketFrameHeader::kMaskingKeyLength;
148 } else {
149 DCHECK(!masking_key);
150 }
151
152 DCHECK_EQ(header_size, buffer_index);
153 return header_size;
154 }
155
GenerateWebSocketMaskingKey()156 WebSocketMaskingKey GenerateWebSocketMaskingKey() {
157 // Masking keys should be generated from a cryptographically secure random
158 // number generator, which means web application authors should not be able
159 // to guess the next value of masking key.
160 WebSocketMaskingKey masking_key;
161 base::RandBytes(masking_key.key, WebSocketFrameHeader::kMaskingKeyLength);
162 return masking_key;
163 }
164
MaskWebSocketFramePayload(const WebSocketMaskingKey & masking_key,uint64 frame_offset,char * const data,int data_size)165 void MaskWebSocketFramePayload(const WebSocketMaskingKey& masking_key,
166 uint64 frame_offset,
167 char* const data,
168 int data_size) {
169 static const size_t kMaskingKeyLength =
170 WebSocketFrameHeader::kMaskingKeyLength;
171
172 DCHECK_GE(data_size, 0);
173
174 // Most of the masking is done one word at a time, except for the beginning
175 // and the end of the buffer which may be unaligned. We use size_t to get the
176 // word size for this architecture. We require it be a multiple of
177 // kMaskingKeyLength in size.
178 typedef size_t PackedMaskType;
179 PackedMaskType packed_mask_key = 0;
180 static const size_t kPackedMaskKeySize = sizeof(packed_mask_key);
181 COMPILE_ASSERT((kPackedMaskKeySize >= kMaskingKeyLength &&
182 kPackedMaskKeySize % kMaskingKeyLength == 0),
183 word_size_is_not_multiple_of_mask_length);
184 char* const end = data + data_size;
185 // If the buffer is too small for the vectorised version to be useful, revert
186 // to the byte-at-a-time implementation early.
187 if (data_size <= static_cast<int>(kPackedMaskKeySize * 2)) {
188 MaskWebSocketFramePayloadByBytes(
189 masking_key, frame_offset % kMaskingKeyLength, data, end);
190 return;
191 }
192 const size_t data_modulus =
193 reinterpret_cast<size_t>(data) % kPackedMaskKeySize;
194 char* const aligned_begin =
195 data_modulus == 0 ? data : (data + kPackedMaskKeySize - data_modulus);
196 // Guaranteed by the above check for small data_size.
197 DCHECK(aligned_begin < end);
198 MaskWebSocketFramePayloadByBytes(
199 masking_key, frame_offset % kMaskingKeyLength, data, aligned_begin);
200 const size_t end_modulus = reinterpret_cast<size_t>(end) % kPackedMaskKeySize;
201 char* const aligned_end = end - end_modulus;
202 // Guaranteed by the above check for small data_size.
203 DCHECK(aligned_end > aligned_begin);
204 // Create a version of the mask which is rotated by the appropriate offset
205 // for our alignment. The "trick" here is that 0 XORed with the mask will
206 // give the value of the mask for the appropriate byte.
207 char realigned_mask[kMaskingKeyLength] = {};
208 MaskWebSocketFramePayloadByBytes(
209 masking_key,
210 (frame_offset + aligned_begin - data) % kMaskingKeyLength,
211 realigned_mask,
212 realigned_mask + kMaskingKeyLength);
213
214 for (size_t i = 0; i < kPackedMaskKeySize; i += kMaskingKeyLength) {
215 // memcpy() is allegedly blessed by the C++ standard for type-punning.
216 memcpy(reinterpret_cast<char*>(&packed_mask_key) + i,
217 realigned_mask,
218 kMaskingKeyLength);
219 }
220
221 // The main loop.
222 for (char* merged = aligned_begin; merged != aligned_end;
223 merged += kPackedMaskKeySize) {
224 // This is not quite standard-compliant C++. However, the standard-compliant
225 // equivalent (using memcpy()) compiles to slower code using g++. In
226 // practice, this will work for the compilers and architectures currently
227 // supported by Chromium, and the tests are extremely unlikely to pass if a
228 // future compiler/architecture breaks it.
229 *reinterpret_cast<PackedMaskType*>(merged) ^= packed_mask_key;
230 }
231
232 MaskWebSocketFramePayloadByBytes(
233 masking_key,
234 (frame_offset + (aligned_end - data)) % kMaskingKeyLength,
235 aligned_end,
236 end);
237 }
238
239 } // namespace net
240