1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/websockets/websocket_frame.h"
6
7 #include <stddef.h>
8 #include <algorithm>
9
10 #include "base/big_endian.h"
11 #include "base/logging.h"
12 #include "base/rand_util.h"
13 #include "net/base/net_errors.h"
14
15 namespace net {
16
17 namespace {
18
19 // GCC (and Clang) can transparently use vector ops. Only try to do this on
20 // architectures where we know it works, otherwise gcc will attempt to emulate
21 // the vector ops, which is unlikely to be efficient.
22 #if defined(COMPILER_GCC) && \
23 (defined(ARCH_CPU_X86_FAMILY) || defined(ARCH_CPU_ARM_FAMILY)) && \
24 !defined(OS_NACL)
25
26 using PackedMaskType = uint32_t __attribute__((vector_size(16)));
27
28 #else
29
30 using PackedMaskType = size_t;
31
32 #endif // defined(COMPILER_GCC) &&
33 // (defined(ARCH_CPU_X86_FAMILY) || defined(ARCH_CPU_ARM_FAMILY)) &&
34 // !defined(OS_NACL)
35
36 const uint8_t kFinalBit = 0x80;
37 const uint8_t kReserved1Bit = 0x40;
38 const uint8_t kReserved2Bit = 0x20;
39 const uint8_t kReserved3Bit = 0x10;
40 const uint8_t kOpCodeMask = 0xF;
41 const uint8_t kMaskBit = 0x80;
42 const uint64_t kMaxPayloadLengthWithoutExtendedLengthField = 125;
43 const uint64_t kPayloadLengthWithTwoByteExtendedLengthField = 126;
44 const uint64_t kPayloadLengthWithEightByteExtendedLengthField = 127;
45
MaskWebSocketFramePayloadByBytes(const WebSocketMaskingKey & masking_key,size_t masking_key_offset,char * const begin,char * const end)46 inline void MaskWebSocketFramePayloadByBytes(
47 const WebSocketMaskingKey& masking_key,
48 size_t masking_key_offset,
49 char* const begin,
50 char* const end) {
51 for (char* masked = begin; masked != end; ++masked) {
52 *masked ^= masking_key.key[masking_key_offset++ %
53 WebSocketFrameHeader::kMaskingKeyLength];
54 }
55 }
56
57 } // namespace
58
Clone() const59 std::unique_ptr<WebSocketFrameHeader> WebSocketFrameHeader::Clone() const {
60 auto ret = std::make_unique<WebSocketFrameHeader>(opcode);
61 ret->CopyFrom(*this);
62 return ret;
63 }
64
CopyFrom(const WebSocketFrameHeader & source)65 void WebSocketFrameHeader::CopyFrom(const WebSocketFrameHeader& source) {
66 final = source.final;
67 reserved1 = source.reserved1;
68 reserved2 = source.reserved2;
69 reserved3 = source.reserved3;
70 opcode = source.opcode;
71 masked = source.masked;
72 masking_key = source.masking_key;
73 payload_length = source.payload_length;
74 }
75
WebSocketFrame(WebSocketFrameHeader::OpCode opcode)76 WebSocketFrame::WebSocketFrame(WebSocketFrameHeader::OpCode opcode)
77 : header(opcode) {}
78
79 WebSocketFrame::~WebSocketFrame() = default;
80
WebSocketFrameChunk()81 WebSocketFrameChunk::WebSocketFrameChunk() : final_chunk(false) {}
82
83 WebSocketFrameChunk::~WebSocketFrameChunk() = default;
84
GetWebSocketFrameHeaderSize(const WebSocketFrameHeader & header)85 int GetWebSocketFrameHeaderSize(const WebSocketFrameHeader& header) {
86 int extended_length_size = 0;
87 if (header.payload_length > kMaxPayloadLengthWithoutExtendedLengthField &&
88 header.payload_length <= UINT16_MAX) {
89 extended_length_size = 2;
90 } else if (header.payload_length > UINT16_MAX) {
91 extended_length_size = 8;
92 }
93
94 return (WebSocketFrameHeader::kBaseHeaderSize + extended_length_size +
95 (header.masked ? WebSocketFrameHeader::kMaskingKeyLength : 0));
96 }
97
WriteWebSocketFrameHeader(const WebSocketFrameHeader & header,const WebSocketMaskingKey * masking_key,char * buffer,int buffer_size)98 int WriteWebSocketFrameHeader(const WebSocketFrameHeader& header,
99 const WebSocketMaskingKey* masking_key,
100 char* buffer,
101 int buffer_size) {
102 DCHECK((header.opcode & kOpCodeMask) == header.opcode)
103 << "header.opcode must fit to kOpCodeMask.";
104 DCHECK(header.payload_length <= static_cast<uint64_t>(INT64_MAX))
105 << "WebSocket specification doesn't allow a frame longer than "
106 << "INT64_MAX (0x7FFFFFFFFFFFFFFF) bytes.";
107 DCHECK_GE(buffer_size, 0);
108
109 // WebSocket frame format is as follows:
110 // - Common header (2 bytes)
111 // - Optional extended payload length
112 // (2 or 8 bytes, present if actual payload length is more than 125 bytes)
113 // - Optional masking key (4 bytes, present if MASK bit is on)
114 // - Actual payload (XOR masked with masking key if MASK bit is on)
115 //
116 // This function constructs frame header (the first three in the list
117 // above).
118
119 int header_size = GetWebSocketFrameHeaderSize(header);
120 if (header_size > buffer_size)
121 return ERR_INVALID_ARGUMENT;
122
123 int buffer_index = 0;
124
125 uint8_t first_byte = 0u;
126 first_byte |= header.final ? kFinalBit : 0u;
127 first_byte |= header.reserved1 ? kReserved1Bit : 0u;
128 first_byte |= header.reserved2 ? kReserved2Bit : 0u;
129 first_byte |= header.reserved3 ? kReserved3Bit : 0u;
130 first_byte |= header.opcode & kOpCodeMask;
131 buffer[buffer_index++] = first_byte;
132
133 int extended_length_size = 0;
134 uint8_t second_byte = 0u;
135 second_byte |= header.masked ? kMaskBit : 0u;
136 if (header.payload_length <= kMaxPayloadLengthWithoutExtendedLengthField) {
137 second_byte |= header.payload_length;
138 } else if (header.payload_length <= UINT16_MAX) {
139 second_byte |= kPayloadLengthWithTwoByteExtendedLengthField;
140 extended_length_size = 2;
141 } else {
142 second_byte |= kPayloadLengthWithEightByteExtendedLengthField;
143 extended_length_size = 8;
144 }
145 buffer[buffer_index++] = second_byte;
146
147 // Writes "extended payload length" field.
148 if (extended_length_size == 2) {
149 uint16_t payload_length_16 = static_cast<uint16_t>(header.payload_length);
150 base::WriteBigEndian(buffer + buffer_index, payload_length_16);
151 buffer_index += sizeof(payload_length_16);
152 } else if (extended_length_size == 8) {
153 base::WriteBigEndian(buffer + buffer_index, header.payload_length);
154 buffer_index += sizeof(header.payload_length);
155 }
156
157 // Writes "masking key" field, if needed.
158 if (header.masked) {
159 DCHECK(masking_key);
160 std::copy(masking_key->key,
161 masking_key->key + WebSocketFrameHeader::kMaskingKeyLength,
162 buffer + buffer_index);
163 buffer_index += WebSocketFrameHeader::kMaskingKeyLength;
164 } else {
165 DCHECK(!masking_key);
166 }
167
168 DCHECK_EQ(header_size, buffer_index);
169 return header_size;
170 }
171
GenerateWebSocketMaskingKey()172 WebSocketMaskingKey GenerateWebSocketMaskingKey() {
173 // Masking keys should be generated from a cryptographically secure random
174 // number generator, which means web application authors should not be able
175 // to guess the next value of masking key.
176 WebSocketMaskingKey masking_key;
177 base::RandBytes(masking_key.key, WebSocketFrameHeader::kMaskingKeyLength);
178 return masking_key;
179 }
180
MaskWebSocketFramePayload(const WebSocketMaskingKey & masking_key,uint64_t frame_offset,char * const data,int data_size)181 void MaskWebSocketFramePayload(const WebSocketMaskingKey& masking_key,
182 uint64_t frame_offset,
183 char* const data,
184 int data_size) {
185 static const size_t kMaskingKeyLength =
186 WebSocketFrameHeader::kMaskingKeyLength;
187
188 DCHECK_GE(data_size, 0);
189
190 // Most of the masking is done in chunks of sizeof(PackedMaskType), except for
191 // the beginning and the end of the buffer which may be unaligned.
192 // PackedMaskType must be a multiple of kMaskingKeyLength in size.
193 PackedMaskType packed_mask_key;
194 static const size_t kPackedMaskKeySize = sizeof(packed_mask_key);
195 static_assert((kPackedMaskKeySize >= kMaskingKeyLength &&
196 kPackedMaskKeySize % kMaskingKeyLength == 0),
197 "PackedMaskType size is not a multiple of mask length");
198 char* const end = data + data_size;
199 // If the buffer is too small for the vectorised version to be useful, revert
200 // to the byte-at-a-time implementation early.
201 if (data_size <= static_cast<int>(kPackedMaskKeySize * 2)) {
202 MaskWebSocketFramePayloadByBytes(
203 masking_key, frame_offset % kMaskingKeyLength, data, end);
204 return;
205 }
206 const size_t data_modulus =
207 reinterpret_cast<size_t>(data) % kPackedMaskKeySize;
208 char* const aligned_begin =
209 data_modulus == 0 ? data : (data + kPackedMaskKeySize - data_modulus);
210 // Guaranteed by the above check for small data_size.
211 DCHECK(aligned_begin < end);
212 MaskWebSocketFramePayloadByBytes(
213 masking_key, frame_offset % kMaskingKeyLength, data, aligned_begin);
214 const size_t end_modulus = reinterpret_cast<size_t>(end) % kPackedMaskKeySize;
215 char* const aligned_end = end - end_modulus;
216 // Guaranteed by the above check for small data_size.
217 DCHECK(aligned_end > aligned_begin);
218 // Create a version of the mask which is rotated by the appropriate offset
219 // for our alignment. The "trick" here is that 0 XORed with the mask will
220 // give the value of the mask for the appropriate byte.
221 char realigned_mask[kMaskingKeyLength] = {};
222 MaskWebSocketFramePayloadByBytes(
223 masking_key,
224 (frame_offset + aligned_begin - data) % kMaskingKeyLength,
225 realigned_mask,
226 realigned_mask + kMaskingKeyLength);
227
228 for (size_t i = 0; i < kPackedMaskKeySize; i += kMaskingKeyLength) {
229 // memcpy() is allegedly blessed by the C++ standard for type-punning.
230 memcpy(reinterpret_cast<char*>(&packed_mask_key) + i,
231 realigned_mask,
232 kMaskingKeyLength);
233 }
234
235 // The main loop.
236 for (char* merged = aligned_begin; merged != aligned_end;
237 merged += kPackedMaskKeySize) {
238 // This is not quite standard-compliant C++. However, the standard-compliant
239 // equivalent (using memcpy()) compiles to slower code using g++. In
240 // practice, this will work for the compilers and architectures currently
241 // supported by Chromium, and the tests are extremely unlikely to pass if a
242 // future compiler/architecture breaks it.
243 *reinterpret_cast<PackedMaskType*>(merged) ^= packed_mask_key;
244 }
245
246 MaskWebSocketFramePayloadByBytes(
247 masking_key,
248 (frame_offset + (aligned_end - data)) % kMaskingKeyLength,
249 aligned_end,
250 end);
251 }
252
253 } // namespace net
254