mirror of
https://github.com/lxsang/ant-http
synced 2024-11-13 23:38:21 +01:00
564 lines
14 KiB
C
564 lines
14 KiB
C
|
|
#include <stdio.h>
|
|
#include <unistd.h>
|
|
#include <string.h>
|
|
#include <errno.h>
|
|
#ifdef USE_OPENSSL
|
|
#include <openssl/ssl.h>
|
|
#include <openssl/err.h>
|
|
#endif
|
|
#include <sys/time.h>
|
|
#include <ifaddrs.h>
|
|
#include <arpa/inet.h>
|
|
|
|
#include "utils.h"
|
|
#include "handle.h"
|
|
|
|
#include "ws.h"
|
|
#define CONN_TIME_OUT_S 3
|
|
#define BITV(v, i) ((v & (1 << i)) >> i)
|
|
#define MAX_BUFF 1024
|
|
#define PREFERRED_WS_CIPHERS "HIGH:!aNULL:!kRSA:!SRP:!PSK:!CAMELLIA:!RC4:!MD5:!DSS"
|
|
#define CLIENT_RQ "GET /%s HTTP/1.1\r\nHost: %s\r\nUpgrade: websocket\r\nConnection: Upgrade\r\nSec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\nSec-WebSocket-Version: 13\r\n\r\n"
|
|
#define SERVER_WS_KEY "s3pPLMBiTxaQ9kYGzzhZRbK+xOo="
|
|
|
|
static void ws_gen_mask_key(ws_msg_header_t *header)
|
|
{
|
|
int r = rand();
|
|
header->mask_key[0] = (r >> 24) & 0xFF;
|
|
header->mask_key[1] = (r >> 16) & 0xFF;
|
|
header->mask_key[2] = (r >> 8) & 0xFF;
|
|
header->mask_key[3] = r & 0xFF;
|
|
}
|
|
/**
|
|
* Read a frame header
|
|
* based on this header, we'll decide
|
|
* the appropriate handle for frame data
|
|
*/
|
|
ws_msg_header_t *ws_read_header(void *client)
|
|
{
|
|
|
|
uint8_t byte = 0;
|
|
uint8_t bytes[8];
|
|
ws_msg_header_t *header = (ws_msg_header_t *)malloc(sizeof(*header));
|
|
|
|
// get first byte
|
|
if (antd_recv(client, &byte, sizeof(byte)) <= 0)
|
|
goto fail;
|
|
if (BITV(byte, 6) || BITV(byte, 5) || BITV(byte, 4))
|
|
goto fail; // all RSV bit must be 0
|
|
|
|
// printf("FIN: %d, RSV1: %d, RSV2: %d, RSV3:%d, opcode:%d\n", BITV(byte,7), BITV(byte,6), BITV(byte,5), BITV(byte,4),(byte & 0x0F) );
|
|
// find and opcode
|
|
header->fin = BITV(byte, 7);
|
|
header->opcode = (byte & 0x0F);
|
|
|
|
// get next byte
|
|
if (antd_recv(client, &byte, sizeof(byte)) <= 0)
|
|
goto fail;
|
|
|
|
// printf("MASK: %d paylen:%d\n", BITV(byte,7), (byte & 0x7F));
|
|
// check mask bit, should be 1
|
|
header->mask = BITV(byte, 7);
|
|
/*if(!BITV(byte,7))
|
|
{
|
|
// close the connection with protocol error
|
|
ws_close(client, 1002);
|
|
goto fail;
|
|
}*/
|
|
// get the data length of the frame
|
|
int len = (byte & 0x7F);
|
|
if (len <= 125)
|
|
{
|
|
header->plen = len;
|
|
}
|
|
else if (len == 126)
|
|
{
|
|
if (antd_recv(client, bytes, 2 * sizeof(uint8_t)) <= 0)
|
|
goto fail;
|
|
header->plen = (bytes[0] << 8) + bytes[1];
|
|
}
|
|
else
|
|
{
|
|
// read only last 4 byte
|
|
if (antd_recv(client, bytes, 8 * sizeof(uint8_t)) <= 0)
|
|
goto fail;
|
|
header->plen = (bytes[4] << 24) + (bytes[5] << 16) + (bytes[6] << 8) + bytes[7];
|
|
}
|
|
// printf("len: %d\n", header->plen);
|
|
// last step is to get the maskey
|
|
if (header->mask)
|
|
if (antd_recv(client, header->mask_key, 4 * sizeof(uint8_t)) <= 0)
|
|
goto fail;
|
|
// printf("key 0: %d key 1: %d key2:%d, key3: %d\n",header->mask_key[0],header->mask_key[1],header->mask_key[2], header->mask_key[3] );
|
|
|
|
// check wheather it is a ping or a close message
|
|
// process it and return NULL
|
|
// otherwise return the header
|
|
// return the header
|
|
switch (header->opcode)
|
|
{
|
|
case WS_CLOSE: // client requests to close the connection
|
|
// send back a close message
|
|
UNUSED(ws_send_close(client, 1000, header->mask ? 0 : 1));
|
|
// goto fail;
|
|
break;
|
|
|
|
case WS_PING: // client send a ping
|
|
// send back a pong message
|
|
UNUSED(ws_pong(client, header, header->mask ? 0 : 1));
|
|
break;
|
|
|
|
default:
|
|
break;
|
|
}
|
|
return header;
|
|
|
|
fail:
|
|
free(header);
|
|
return NULL;
|
|
}
|
|
/**
|
|
* Read data from client
|
|
* and unmask data using the key
|
|
*/
|
|
int ws_read_data(void *client, ws_msg_header_t *header, int len, uint8_t *data)
|
|
{
|
|
// if len == -1 ==> read all remaining data to 'data';
|
|
if (header->plen == 0)
|
|
return 0;
|
|
int dlen = (len == -1 || len > (int)header->plen) ? (int)header->plen : len;
|
|
if ((dlen = antd_recv(client, data, dlen)) <= 0)
|
|
return -1;
|
|
header->plen = header->plen - dlen;
|
|
// unmask received data
|
|
if (header->mask)
|
|
for (int i = 0; i < dlen; ++i)
|
|
data[i] = data[i] ^ header->mask_key[i % 4];
|
|
data[dlen] = '\0';
|
|
return dlen;
|
|
}
|
|
int _send_header(void *client, ws_msg_header_t header)
|
|
{
|
|
uint8_t byte = 0;
|
|
uint8_t bytes[8];
|
|
for (int i = 0; i < 8; i++)
|
|
bytes[i] = 0;
|
|
// first byte |FIN|000|opcode|
|
|
byte = (header.fin << 7) + header.opcode;
|
|
// printf("BYTE: %d\n", byte);
|
|
if (antd_send(client, &byte, 1) != 1)
|
|
return -1;
|
|
// second byte, payload length
|
|
// mask may be 0 or 1
|
|
// if(header.mask == 1)
|
|
// printf("Data is masked\n");
|
|
if (header.plen <= 125)
|
|
{
|
|
byte = (header.mask << 7) + header.plen;
|
|
if (antd_send(client, &byte, 1) != 1)
|
|
return -1;
|
|
}
|
|
else if (header.plen < 65536) // 16 bits
|
|
{
|
|
byte = (header.mask << 7) + 126;
|
|
bytes[0] = (header.plen) >> 8;
|
|
bytes[1] = (header.plen) & 0x00FF;
|
|
if (antd_send(client, &byte, 1) != 1)
|
|
return -1;
|
|
if (antd_send(client, bytes, 2) != 2)
|
|
return -1;
|
|
}
|
|
else // > 16 bits
|
|
{
|
|
byte = (header.mask << 7) + 127;
|
|
bytes[4] = (header.plen) >> 24;
|
|
bytes[5] = ((header.plen) >> 16) & 0x00FF;
|
|
bytes[6] = ((header.plen) >> 8) & 0x00FF;
|
|
bytes[7] = (header.plen) & 0x00FF;
|
|
if (antd_send(client, &byte, 1) != 1)
|
|
return -1;
|
|
if (antd_send(client, bytes, 8) != 8)
|
|
return -1;
|
|
}
|
|
// send mask key
|
|
if (header.mask)
|
|
{
|
|
if (antd_send(client, header.mask_key, 4) != 4)
|
|
return -1;
|
|
}
|
|
return 0;
|
|
}
|
|
/**
|
|
* Send a frame to client
|
|
*/
|
|
int ws_send_frame(void *client, uint8_t *data, ws_msg_header_t header)
|
|
{
|
|
uint8_t *masked;
|
|
masked = data;
|
|
int ret;
|
|
if (header.mask)
|
|
{
|
|
ws_gen_mask_key(&header);
|
|
masked = (uint8_t *)malloc(header.plen);
|
|
for (int i = 0; i < (int)header.plen; ++i)
|
|
masked[i] = data[i] ^ header.mask_key[i % 4];
|
|
}
|
|
if (_send_header(client, header) != 0)
|
|
return -1;
|
|
if (header.opcode == WS_TEXT)
|
|
ret = antd_send(client, (char *)masked, header.plen);
|
|
else
|
|
ret = antd_send(client, (uint8_t *)masked, header.plen);
|
|
if (masked && header.mask)
|
|
free(masked);
|
|
if (ret != (int)header.plen)
|
|
{
|
|
return -1;
|
|
}
|
|
return 0;
|
|
}
|
|
/**
|
|
* send a text data frame to client
|
|
*/
|
|
int ws_send_text(void *client, const char *data, int mask)
|
|
{
|
|
ws_msg_header_t header;
|
|
header.fin = 1;
|
|
header.opcode = WS_TEXT;
|
|
header.mask = mask;
|
|
header.plen = strlen(data);
|
|
//_send_header(client,header);
|
|
// send(client, data, header.plen,0);
|
|
return ws_send_frame(client, (uint8_t *)data, header);
|
|
}
|
|
/**
|
|
* send a single binary data fram to client
|
|
* not tested yet, but should work
|
|
*/
|
|
int ws_send_binary(void *client, uint8_t *data, int l, int mask)
|
|
{
|
|
ws_msg_header_t header;
|
|
header.fin = 1;
|
|
header.opcode = WS_BIN;
|
|
header.plen = l;
|
|
header.mask = mask;
|
|
return ws_send_frame(client, data, header);
|
|
//_send_header(client,header);
|
|
// send(client, data, header.plen,0);
|
|
}
|
|
/*
|
|
* send a file as binary data
|
|
*/
|
|
int ws_send_file(void *client, const char *file, int mask)
|
|
{
|
|
uint8_t buff[1024];
|
|
FILE *ptr;
|
|
ptr = fopen(file, "rb");
|
|
if (!ptr)
|
|
{
|
|
return ws_send_close(client, 1011, mask);
|
|
}
|
|
|
|
ws_msg_header_t header;
|
|
size_t size;
|
|
int first_frame = 1;
|
|
int ret = 0;
|
|
// ws_send_frame(client,buff,header);
|
|
header.mask = mask;
|
|
while (!feof(ptr))
|
|
{
|
|
size = fread(buff, 1, 1024, ptr);
|
|
if (feof(ptr))
|
|
header.fin = 1;
|
|
else
|
|
header.fin = 0;
|
|
// clear opcode
|
|
if (first_frame)
|
|
{
|
|
header.opcode = WS_BIN;
|
|
first_frame = 0;
|
|
}
|
|
else
|
|
header.opcode = 0;
|
|
header.plen = size;
|
|
// printf("FIN: %d OC:%d\n", header.fin, header.opcode);
|
|
ret += ws_send_frame(client, buff, header);
|
|
}
|
|
fclose(ptr);
|
|
if (ret != 0)
|
|
{
|
|
return -1;
|
|
}
|
|
return 0;
|
|
}
|
|
/**
|
|
* Not tested yet
|
|
* but should work
|
|
*/
|
|
int ws_pong(void *client, ws_msg_header_t *oheader, int mask)
|
|
{
|
|
ws_msg_header_t pheader;
|
|
int ret;
|
|
pheader.fin = 1;
|
|
pheader.opcode = WS_PONG;
|
|
pheader.plen = oheader->plen;
|
|
pheader.mask = mask;
|
|
uint8_t *data = (uint8_t *)malloc(oheader->plen);
|
|
if (!data)
|
|
return -1;
|
|
|
|
if (ws_read_data(client, oheader, pheader.plen, data) == -1)
|
|
{
|
|
ERROR("Cannot read ping data %d", pheader.plen);
|
|
free(data);
|
|
return -1;
|
|
}
|
|
ret = ws_send_frame(client, data, pheader);
|
|
free(data);
|
|
//_send_header(client, pheader);
|
|
// send(client, data, len, 0);
|
|
return ret;
|
|
}
|
|
int ws_ping(void *client, const char *echo, int mask)
|
|
{
|
|
ws_msg_header_t pheader;
|
|
pheader.fin = 1;
|
|
pheader.opcode = WS_PING;
|
|
pheader.plen = strlen(echo);
|
|
pheader.mask = mask;
|
|
return ws_send_frame(client, (uint8_t *)echo, pheader);
|
|
}
|
|
/*
|
|
* Not tested yet, but should work
|
|
*/
|
|
int ws_send_close(void *client, unsigned int status, int mask)
|
|
{
|
|
// printf("CLOSED\n");
|
|
ws_msg_header_t header;
|
|
header.fin = 1;
|
|
header.opcode = WS_CLOSE;
|
|
header.plen = 2;
|
|
header.mask = mask;
|
|
uint8_t bytes[2];
|
|
bytes[0] = status >> 8;
|
|
bytes[1] = status & 0xFF;
|
|
/*if(mask)
|
|
{
|
|
// XOR itself
|
|
header.mask_key[0] = bytes[0];
|
|
header.mask_key[1] = bytes[1];
|
|
bytes[0] = bytes[1] ^ bytes[1];
|
|
}*/
|
|
return ws_send_frame(client, bytes, header);
|
|
//_send_header(client, header);
|
|
// send(client,bytes,2,0);
|
|
}
|
|
|
|
void ws_client_close(ws_client_t *wsclient)
|
|
{
|
|
antd_close(wsclient->antdsock);
|
|
|
|
#ifdef USE_OPENSSL
|
|
if (wsclient->ssl_ctx)
|
|
{
|
|
SSL_CTX_free(wsclient->ssl_ctx);
|
|
// DEPRECATED: FIPS_mode_set(0);
|
|
// DEPRECATED: CONF_modules_unload(1);
|
|
EVP_cleanup();
|
|
EVP_PBE_cleanup();
|
|
// DEPRECATED:ENGINE_cleanup();
|
|
CRYPTO_cleanup_all_ex_data();
|
|
// DEPRECATED: ERR_remove_state(0);
|
|
ERR_free_strings();
|
|
}
|
|
#endif
|
|
}
|
|
|
|
// this is for the client side, not use for now
|
|
int ws_client_connect(ws_client_t *wsclient, ws_port_config_t pcnf)
|
|
{
|
|
char *ip = ip_from_hostname(wsclient->host);
|
|
if (ip == NULL)
|
|
return -1;
|
|
int sock = antd_request_socket(ip, pcnf.port);
|
|
if (sock <= 0)
|
|
{
|
|
ERROR("Cannot request socket");
|
|
return -1;
|
|
}
|
|
// time out setting
|
|
struct timeval timeout;
|
|
timeout.tv_sec = CONN_TIME_OUT_S;
|
|
timeout.tv_usec = 0; // 3 s
|
|
if (setsockopt(sock, SOL_SOCKET, SO_RCVTIMEO, (char *)&timeout, sizeof(timeout)) < 0)
|
|
ERROR("setsockopt failed:%s", strerror(errno));
|
|
|
|
if (setsockopt(sock, SOL_SOCKET, SO_SNDTIMEO, (char *)&timeout, sizeof(timeout)) < 0)
|
|
ERROR("setsockopt failed:%s", strerror(errno));
|
|
|
|
// will be free
|
|
wsclient->antdsock->sock = sock;
|
|
wsclient->antdsock->z_status = 0;
|
|
wsclient->antdsock->last_io = time(NULL);
|
|
wsclient->antdsock->zstream = NULL;
|
|
#ifdef USE_OPENSSL
|
|
if (pcnf.usessl)
|
|
{
|
|
SSL_library_init();
|
|
SSL_load_error_strings();
|
|
ERR_load_crypto_strings();
|
|
OpenSSL_add_ssl_algorithms();
|
|
const SSL_METHOD *method;
|
|
unsigned long ssl_err = 0;
|
|
method = SSLv23_client_method();
|
|
ssl_err = ERR_get_error();
|
|
if (!method)
|
|
{
|
|
ERROR("SSLv23_method: %s", ERR_error_string(ssl_err, NULL));
|
|
return -1;
|
|
}
|
|
wsclient->ssl_ctx = SSL_CTX_new(method);
|
|
ssl_err = ERR_get_error();
|
|
if (!wsclient->ssl_ctx)
|
|
{
|
|
ERROR("SSL_CTX_new: %s", ERR_error_string(ssl_err, NULL));
|
|
return -1;
|
|
}
|
|
// configure the context
|
|
#if defined(SSL_CTX_set_ecdh_auto)
|
|
SSL_CTX_set_ecdh_auto(wsclient->ssl_ctx, 1);
|
|
#else
|
|
SSL_CTX_set_tmp_ecdh(wsclient->ssl_ctx, EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
|
|
#endif
|
|
SSL_CTX_set_options(wsclient->ssl_ctx, SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_SSLv2 | SSL_OP_NO_TICKET);
|
|
// set the cipher suit
|
|
const char *suit = wsclient->ciphersuit ? wsclient->ciphersuit : PREFERRED_WS_CIPHERS;
|
|
// const char* suit = "AES128-SHA";
|
|
if (SSL_CTX_set_cipher_list(wsclient->ssl_ctx, suit) != 1)
|
|
{
|
|
ssl_err = ERR_get_error();
|
|
// TODO Close the context
|
|
ERROR("SSL_CTX_set_cipher_list: %s", ERR_error_string(ssl_err, NULL));
|
|
return -1;
|
|
}
|
|
|
|
if (wsclient->sslcert && wsclient->sslkey)
|
|
{
|
|
if (SSL_CTX_use_certificate_file(wsclient->ssl_ctx, wsclient->sslcert, SSL_FILETYPE_PEM) <= 0)
|
|
{
|
|
ssl_err = ERR_get_error();
|
|
ERROR("SSL_CTX_use_certificate_file: %s", ERR_error_string(ssl_err, NULL));
|
|
return -1;
|
|
}
|
|
if (wsclient->sslpasswd)
|
|
SSL_CTX_set_default_passwd_cb_userdata(wsclient->ssl_ctx, (void *)wsclient->sslpasswd);
|
|
if (SSL_CTX_use_PrivateKey_file(wsclient->ssl_ctx, wsclient->sslkey, SSL_FILETYPE_PEM) <= 0)
|
|
{
|
|
ssl_err = ERR_get_error();
|
|
ERROR("SSL_CTX_use_PrivateKey_file: %s", ERR_error_string(ssl_err, NULL));
|
|
return -1;
|
|
}
|
|
if (SSL_CTX_check_private_key(wsclient->ssl_ctx) == 0)
|
|
{
|
|
ssl_err = ERR_get_error();
|
|
ERROR("SSL_CTX_check_private_key: %s", ERR_error_string(ssl_err, NULL));
|
|
return -1;
|
|
}
|
|
}
|
|
//
|
|
|
|
// validate
|
|
if (wsclient->verify_location)
|
|
{
|
|
SSL_CTX_set_verify(wsclient->ssl_ctx, SSL_VERIFY_PEER, NULL);
|
|
SSL_CTX_set_verify_depth(wsclient->ssl_ctx, 5);
|
|
if (!SSL_CTX_load_verify_locations(wsclient->ssl_ctx, wsclient->verify_location, NULL))
|
|
{
|
|
ssl_err = ERR_get_error();
|
|
// TODO Close the context
|
|
ERROR("SSL_CTX_load_verify_locations: %s", ERR_error_string(ssl_err, NULL));
|
|
return -1;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
SSL_CTX_set_verify(wsclient->ssl_ctx, SSL_VERIFY_NONE, NULL);
|
|
}
|
|
|
|
wsclient->antdsock->ssl = (void *)SSL_new(wsclient->ssl_ctx);
|
|
if (!wsclient->antdsock->ssl)
|
|
{
|
|
ssl_err = ERR_get_error();
|
|
ERROR("SSL_new: %s", ERR_error_string(ssl_err, NULL));
|
|
return -1;
|
|
}
|
|
SSL_set_fd((SSL *)wsclient->antdsock->ssl, wsclient->antdsock->sock);
|
|
int stat, ret;
|
|
ERR_clear_error();
|
|
while ((ret = SSL_connect(wsclient->antdsock->ssl)) <= 0)
|
|
{
|
|
stat = SSL_get_error(wsclient->antdsock->ssl, ret);
|
|
switch (stat)
|
|
{
|
|
case SSL_ERROR_WANT_READ:
|
|
case SSL_ERROR_WANT_WRITE:
|
|
case SSL_ERROR_NONE:
|
|
continue;
|
|
default:
|
|
ERR_print_errors_fp(stderr);
|
|
ERROR("Error performing SSL handshake %d", stat);
|
|
return -1;
|
|
}
|
|
}
|
|
}
|
|
#endif
|
|
return 0;
|
|
}
|
|
|
|
int ws_open_handshake(ws_client_t *client)
|
|
{
|
|
char buf[MAX_BUFF];
|
|
// now send ws request handshake
|
|
sprintf(buf, CLIENT_RQ, client->resource, client->host);
|
|
// printf("Send %s\n", buf);
|
|
int size = antd_send(client->antdsock, buf, strlen(buf));
|
|
if (size != (int)strlen(buf))
|
|
{
|
|
ERROR("Cannot send request \n");
|
|
return -1;
|
|
}
|
|
// now verify if server accept the socket
|
|
size = read_buf(client->antdsock, buf, MAX_BUFF);
|
|
char *token;
|
|
int done = 0;
|
|
while (size > 0 && strcmp("\r\n", buf))
|
|
{
|
|
char *line = buf;
|
|
token = strsep(&line, ":");
|
|
trim(token, ' ');
|
|
if (token != NULL && strcasecmp(token, "Sec-WebSocket-Accept") == 0)
|
|
{
|
|
token = strsep(&line, ":");
|
|
trim(token, ' ');
|
|
trim(token, '\n');
|
|
trim(token, '\r');
|
|
if (strcasecmp(token, SERVER_WS_KEY) == 0)
|
|
{
|
|
// LOG("Handshake sucessfull\n");
|
|
done = 1;
|
|
}
|
|
else
|
|
{
|
|
ERROR("WS handshake, Wrong key %s vs %s", token, SERVER_WS_KEY);
|
|
return -1;
|
|
}
|
|
}
|
|
// if(line) free(line);
|
|
size = read_buf(client->antdsock, buf, MAX_BUFF);
|
|
}
|
|
if (done)
|
|
return 0;
|
|
return -1;
|
|
}
|