vnc: added initial websocket protocol support

This patch adds basic Websocket Protocol version 13 - RFC 6455 - support
to QEMU VNC. Binary encoding support on the client side is mandatory.

Because of the GnuTLS requirement the Websockets implementation is
optional (--enable-vnc-ws).

To activate Websocket support the VNC option "websocket"is used, for
example "-vnc :0,websocket".
The listen port for Websocket connections is (5700 + display) so if
QEMU VNC is started with :0 the Websocket port would be 5700.
As an alternative the Websocket port could be manually specified by
using ",websocket=<port>" instead.

Parts of the implementation base on Anthony Liguori's QEMU Websocket
patch from 2010 and on Joel Martin's LibVNC Websocket implementation.

Signed-off-by: Tim Hardeck <thardeck@suse.de>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>

1 files changed, 284 insertions, 0 deletions

diff --git a/ui/vnc-ws.c b/ui/vnc-ws.c
new file mode 100644
index 0000000000..9ccdc1971c
--- /dev/null
+++ b/ui/vnc-ws.c
@@ -0,0 +1,284 @@
+/*
+ * QEMU VNC display driver: Websockets support
+ *
+ * Copyright (C) 2010 Joel Martin
+ * Copyright (C) 2012 Tim Hardeck
+ *
+ * This is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this software; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "vnc.h"
+
+void vncws_handshake_read(void *opaque)
+{
+    VncState *vs = opaque;
+    uint8_t *handshake_end;
+    long ret;
+    buffer_reserve(&vs->ws_input, 4096);
+    ret = vnc_client_read_buf(vs, buffer_end(&vs->ws_input), 4096);
+
+    if (!ret) {
+        if (vs->csock == -1) {
+            vnc_disconnect_finish(vs);
+        }
+        return;
+    }
+    vs->ws_input.offset += ret;
+
+    handshake_end = (uint8_t *)g_strstr_len((char *)vs->ws_input.buffer,
+            vs->ws_input.offset, WS_HANDSHAKE_END);
+    if (handshake_end) {
+        qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
+        vncws_process_handshake(vs, vs->ws_input.buffer, vs->ws_input.offset);
+        buffer_advance(&vs->ws_input, handshake_end - vs->ws_input.buffer +
+                strlen(WS_HANDSHAKE_END));
+    }
+}
+
+
+long vnc_client_read_ws(VncState *vs)
+{
+    int ret, err;
+    uint8_t *payload;
+    size_t payload_size, frame_size;
+    VNC_DEBUG("Read websocket %p size %zd offset %zd\n", vs->ws_input.buffer,
+            vs->ws_input.capacity, vs->ws_input.offset);
+    buffer_reserve(&vs->ws_input, 4096);
+    ret = vnc_client_read_buf(vs, buffer_end(&vs->ws_input), 4096);
+    if (!ret) {
+        return 0;
+    }
+    vs->ws_input.offset += ret;
+
+    /* make sure that nothing is left in the ws_input buffer */
+    do {
+        err = vncws_decode_frame(&vs->ws_input, &payload,
+                              &payload_size, &frame_size);
+        if (err <= 0) {
+            return err;
+        }
+
+        buffer_reserve(&vs->input, payload_size);
+        buffer_append(&vs->input, payload, payload_size);
+
+        buffer_advance(&vs->ws_input, frame_size);
+    } while (vs->ws_input.offset > 0);
+
+    return ret;
+}
+
+long vnc_client_write_ws(VncState *vs)
+{
+    long ret;
+    VNC_DEBUG("Write WS: Pending output %p size %zd offset %zd\n",
+              vs->output.buffer, vs->output.capacity, vs->output.offset);
+    vncws_encode_frame(&vs->ws_output, vs->output.buffer, vs->output.offset);
+    buffer_reset(&vs->output);
+    ret = vnc_client_write_buf(vs, vs->ws_output.buffer, vs->ws_output.offset);
+    if (!ret) {
+        return 0;
+    }
+
+    buffer_advance(&vs->ws_output, ret);
+
+    if (vs->ws_output.offset == 0) {
+        qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
+    }
+
+    return ret;
+}
+
+static char *vncws_extract_handshake_entry(const char *handshake,
+        size_t handshake_len, const char *name)
+{
+    char *begin, *end, *ret = NULL;
+    char *line = g_strdup_printf("%s%s: ", WS_HANDSHAKE_DELIM, name);
+    begin = g_strstr_len(handshake, handshake_len, line);
+    if (begin != NULL) {
+        begin += strlen(line);
+        end = g_strstr_len(begin, handshake_len - (begin - handshake),
+                WS_HANDSHAKE_DELIM);
+        if (end != NULL) {
+            ret = g_strndup(begin, end - begin);
+        }
+    }
+    g_free(line);
+    return ret;
+}
+
+static void vncws_send_handshake_response(VncState *vs, const char* key)
+{
+    char combined_key[WS_CLIENT_KEY_LEN + WS_GUID_LEN + 1];
+    char hash[SHA1_DIGEST_LEN];
+    size_t hash_size = SHA1_DIGEST_LEN;
+    char *accept = NULL, *response = NULL;
+    gnutls_datum_t in;
+
+    g_strlcpy(combined_key, key, WS_CLIENT_KEY_LEN + 1);
+    g_strlcat(combined_key, WS_GUID, WS_CLIENT_KEY_LEN + WS_GUID_LEN + 1);
+
+    /* hash and encode it */
+    in.data = (void *)combined_key;
+    in.size = WS_CLIENT_KEY_LEN + WS_GUID_LEN;
+    if (gnutls_fingerprint(GNUTLS_DIG_SHA1, &in, hash, &hash_size)
+            == GNUTLS_E_SUCCESS) {
+        accept = g_base64_encode((guchar *)hash, SHA1_DIGEST_LEN);
+    }
+    if (accept == NULL) {
+        VNC_DEBUG("Hashing Websocket combined key failed\n");
+        vnc_client_error(vs);
+        return;
+    }
+
+    response = g_strdup_printf(WS_HANDSHAKE, accept);
+    vnc_write(vs, response, strlen(response));
+    vnc_flush(vs);
+
+    g_free(accept);
+    g_free(response);
+
+    vs->encode_ws = 1;
+    vnc_init_state(vs);
+}
+
+void vncws_process_handshake(VncState *vs, uint8_t *line, size_t size)
+{
+    char *protocols = vncws_extract_handshake_entry((const char *)line, size,
+            "Sec-WebSocket-Protocol");
+    char *version = vncws_extract_handshake_entry((const char *)line, size,
+            "Sec-WebSocket-Version");
+    char *key = vncws_extract_handshake_entry((const char *)line, size,
+            "Sec-WebSocket-Key");
+
+    if (protocols && version && key
+            && g_strrstr(protocols, "binary")
+            && !strcmp(version, WS_SUPPORTED_VERSION)
+            && strlen(key) == WS_CLIENT_KEY_LEN) {
+        vncws_send_handshake_response(vs, key);
+    } else {
+        VNC_DEBUG("Defective Websockets header or unsupported protocol\n");
+        vnc_client_error(vs);
+    }
+
+    g_free(protocols);
+    g_free(version);
+    g_free(key);
+}
+
+void vncws_encode_frame(Buffer *output, const void *payload,
+        const size_t payload_size)
+{
+    size_t header_size = 0;
+    unsigned char opcode = WS_OPCODE_BINARY_FRAME;
+    union {
+        char buf[WS_HEAD_MAX_LEN];
+        WsHeader ws;
+    } header;
+
+    if (!payload_size) {
+        return;
+    }
+
+    header.ws.b0 = 0x80 | (opcode & 0x0f);
+    if (payload_size <= 125) {
+        header.ws.b1 = (uint8_t)payload_size;
+        header_size = 2;
+    } else if (payload_size < 65536) {
+        header.ws.b1 = 0x7e;
+        header.ws.u.s16.l16 = cpu_to_be16((uint16_t)payload_size);
+        header_size = 4;
+    } else {
+        header.ws.b1 = 0x7f;
+        header.ws.u.s64.l64 = cpu_to_be64(payload_size);
+        header_size = 10;
+    }
+
+    buffer_reserve(output, header_size + payload_size);
+    buffer_append(output, header.buf, header_size);
+    buffer_append(output, payload, payload_size);
+}
+
+int vncws_decode_frame(Buffer *input, uint8_t **payload,
+                           size_t *payload_size, size_t *frame_size)
+{
+    unsigned char opcode = 0, fin = 0, has_mask = 0;
+    size_t header_size = 0;
+    uint32_t *payload32;
+    WsHeader *header = (WsHeader *)input->buffer;
+    WsMask mask;
+    int i;
+
+    if (input->offset < WS_HEAD_MIN_LEN + 4) {
+        /* header not complete */
+        return 0;
+    }
+
+    fin = (header->b0 & 0x80) >> 7;
+    opcode = header->b0 & 0x0f;
+    has_mask = (header->b1 & 0x80) >> 7;
+    *payload_size = header->b1 & 0x7f;
+
+    if (opcode == WS_OPCODE_CLOSE) {
+        /* disconnect */
+        return -1;
+    }
+
+    /* Websocket frame sanity check:
+     * * Websocket fragmentation is not supported.
+     * * All  websockets frames sent by a client have to be masked.
+     * * Only binary encoding is supported.
+     */
+    if (!fin || !has_mask || opcode != WS_OPCODE_BINARY_FRAME) {
+        VNC_DEBUG("Received faulty/unsupported Websocket frame\n");
+        return -2;
+    }
+
+    if (*payload_size < 126) {
+        header_size = 6;
+        mask = header->u.m;
+    } else if (*payload_size == 126 && input->offset >= 8) {
+        *payload_size = be16_to_cpu(header->u.s16.l16);
+        header_size = 8;
+        mask = header->u.s16.m16;
+    } else if (*payload_size == 127 && input->offset >= 14) {
+        *payload_size = be64_to_cpu(header->u.s64.l64);
+        header_size = 14;
+        mask = header->u.s64.m64;
+    } else {
+        /* header not complete */
+        return 0;
+    }
+
+    *frame_size = header_size + *payload_size;
+
+    if (input->offset < *frame_size) {
+        /* frame not complete */
+        return 0;
+    }
+
+    *payload = input->buffer + header_size;
+
+    /* unmask frame */
+    /* process 1 frame (32 bit op) */
+    payload32 = (uint32_t *)(*payload);
+    for (i = 0; i < *payload_size / 4; i++) {
+        payload32[i] ^= mask.u;
+    }
+    /* process the remaining bytes (if any) */
+    for (i *= 4; i < *payload_size; i++) {
+        (*payload)[i] ^= mask.c[i % 4];
+    }
+
+    return 1;
+}