diff --git a/CommandDistributor.cpp b/CommandDistributor.cpp index 6770e7a..aef461c 100644 --- a/CommandDistributor.cpp +++ b/CommandDistributor.cpp @@ -31,6 +31,7 @@ #include "DCC.h" #include "TrackManager.h" #include "StringFormatter.h" +#include "Websockets.h" // variables to hold clock time int16_t lastclocktime; @@ -72,6 +73,11 @@ void CommandDistributor::parse(byte clientId,byte * buffer, RingStream * stream // client is using the DCC++ protocol where all commands start // with '<' if (clients[clientId] == NONE_TYPE) { + auto websock=Websockets::checkConnectionString(clientId,buffer,stream); + if (websock) { + clients[clientId]=COMMAND_TYPE; + return; + } if (buffer[0] == '<') clients[clientId]=COMMAND_TYPE; else diff --git a/Websockets.cpp b/Websockets.cpp new file mode 100644 index 0000000..97e8f4c --- /dev/null +++ b/Websockets.cpp @@ -0,0 +1,86 @@ +#include +#include "FSH.h" +#include "RingStream.h" +#include "libsha1.h" +#include "Websockets.h" +#include "DIAG.h" +static const char b64_table[] = { + 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', + 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', + 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', + 'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f', + 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', + 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', + 'w', 'x', 'y', 'z', '0', '1', '2', '3', + '4', '5', '6', '7', '8', '9', '+', '/' +}; + +bool Websockets::checkConnectionString(byte clientId,byte * cmd, RingStream * outbound ) { + // returns true if this input is a websocket connect + DIAG(F("In websock check")); + /* Heuristic suppose this is a websocket GET + typically looking like this: + + GET / HTTP/1.1 + Host: 192.168.1.242:2560 + Connection: Upgrade + Pragma: no-cache + Cache-Control: no-cache + User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Edg/119.0.0.0 + Upgrade: websocket + Origin: null + Sec-WebSocket-Version: 13 + Accept-Encoding: gzip, deflate + Accept-Language: en-US,en;q=0.9 + Sec-WebSocket-Key: SpRkQKPPNZcO62pYf1X6Yg== + Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits + */ + + // check contents to find Sec-WebSocket-Key: and get key up to \n + if (strlen((char*)cmd)<200) return false; + auto keyPos=strstr((char*)cmd,"Sec-WebSocket-Key: "); + if (!keyPos) return false; + keyPos+=19; // length of Sec-Websocket-Key: + auto endkeypos=strstr(keyPos,"\r"); + if (!endkeypos) return false; + *endkeypos=0; + + DIAG(F("websock key=\"%s\""),keyPos); +// generate the reply key + uint8_t sha1HashBin[21] = { 0 }; // 21 to make it base64 div 3 + char replyKey[100]; + strlcpy(replyKey,keyPos, sizeof(replyKey)); + strlcat(replyKey,"258EAFA5-E914-47DA-95CA-C5AB0DC85B11", sizeof(replyKey)); + + DIAG(F("websock replykey=%s"),replyKey); + + SHA1_CTX ctx; + SHA1Init(&ctx); + SHA1Update(&ctx, (unsigned char *)replyKey, strlen(replyKey)); + SHA1Final(sha1HashBin, &ctx); + + // ghenerate the response and embed the base64 encode + // of the key + outbound->mark(clientId); + outbound->print("HTTP/1.1 101 Switching Protocols\r\n" + "Server: DCCEX-WebSocketsServer\r\n" + "Upgrade: websocket\r\n" + "Connection: Upgrade\r\n" + "Origin: null\r\n" + "Sec-WebSocket-Version: 13\r\n" + "Sec-WebSocket-Protocol: DCCEX\r\n" + "Sec-WebSocket-Accept: "); +// encode and emit the reply key as base 64 + auto * tmp=sha1HashBin; + for (int i=0;i<7;i++) { + outbound->print(b64_table[(tmp[0] & 0xfc) >> 2]); + outbound->print(b64_table[((tmp[0] & 0x03) << 4) + ((tmp[1] & 0xf0) >> 4)]); + outbound->print(b64_table[((tmp[1] & 0x0f) << 2) + ((tmp[2] & 0xc0) >> 6)]); + if (i<6) outbound->print(b64_table[tmp[2] & 0x3f]); + tmp+=3; + } + outbound->print("=\r\n\r\n"); // because we have padded 1 byte + outbound->commit(); + return true; +} + diff --git a/Websockets.h b/Websockets.h new file mode 100644 index 0000000..0f8be04 --- /dev/null +++ b/Websockets.h @@ -0,0 +1,10 @@ +#ifndef Websockets_h +#define Websockets_h +#include +#include "RingStream.h" +class Websockets { + public: + static bool checkConnectionString(byte clientId,byte * cmd, RingStream * outbound ); +}; + +#endif \ No newline at end of file diff --git a/WifiInboundHandler.h b/WifiInboundHandler.h index 08f6789..c53173d 100644 --- a/WifiInboundHandler.h +++ b/WifiInboundHandler.h @@ -67,7 +67,7 @@ class WifiInboundHandler { void purgeCurrentCIPSEND(); Stream * wifiStream; - static const int INBOUND_RING = 512; + static const int INBOUND_RING = 1024; static const int OUTBOUND_RING = sizeof(void*)==2?2048:8192; static const int CIPSENDgap=100; // millis() between retries of cipsend. diff --git a/libsha1.cpp b/libsha1.cpp new file mode 100644 index 0000000..1ce2d58 --- /dev/null +++ b/libsha1.cpp @@ -0,0 +1,202 @@ +/* from valgrind tests */ + +/* ================ sha1.c ================ */ +/* +SHA-1 in C +By Steve Reid +100% Public Domain + +Test Vectors (from FIPS PUB 180-1) +"abc" + A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D +"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" + 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1 +A million repetitions of "a" + 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F +*/ + +/* #define LITTLE_ENDIAN * This should be #define'd already, if true. */ +/* #define SHA1HANDSOFF * Copies data before messing with it. */ + +#if !defined(ESP8266) && !defined(ESP32) + +#define SHA1HANDSOFF + +#include +#include +#include + +#include "libsha1.h" + + +#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits)))) + +/* blk0() and blk() perform the initial expand. */ +/* I got the idea of expanding during the round function from SSLeay */ +#if BYTE_ORDER == LITTLE_ENDIAN +#define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \ + |(rol(block->l[i],8)&0x00FF00FF)) +#elif BYTE_ORDER == BIG_ENDIAN +#define blk0(i) block->l[i] +#else +#error "Endianness not defined!" +#endif +#define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \ + ^block->l[(i+2)&15]^block->l[i&15],1)) + +/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */ +#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30); +#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30); +#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30); +#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30); +#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30); + + +/* Hash a single 512-bit block. This is the core of the algorithm. */ + +void SHA1Transform(uint32_t state[5], const unsigned char buffer[64]) +{ + uint32_t a, b, c, d, e; + typedef union { + unsigned char c[64]; + uint32_t l[16]; + } CHAR64LONG16; +#ifdef SHA1HANDSOFF + CHAR64LONG16 block[1]; /* use array to appear as a pointer */ + memcpy(block, buffer, 64); +#else + /* The following had better never be used because it causes the + * pointer-to-const buffer to be cast into a pointer to non-const. + * And the result is written through. I threw a "const" in, hoping + * this will cause a diagnostic. + */ + CHAR64LONG16* block = (const CHAR64LONG16*)buffer; +#endif + /* Copy context->state[] to working vars */ + a = state[0]; + b = state[1]; + c = state[2]; + d = state[3]; + e = state[4]; + /* 4 rounds of 20 operations each. Loop unrolled. */ + R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3); + R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7); + R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11); + R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15); + R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19); + R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23); + R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27); + R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31); + R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35); + R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39); + R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43); + R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47); + R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51); + R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55); + R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59); + R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63); + R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67); + R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71); + R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75); + R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79); + /* Add the working vars back into context.state[] */ + state[0] += a; + state[1] += b; + state[2] += c; + state[3] += d; + state[4] += e; + /* Wipe variables */ + a = b = c = d = e = 0; +#ifdef SHA1HANDSOFF + memset(block, '\0', sizeof(block)); +#endif +} + + +/* SHA1Init - Initialize new context */ + +void SHA1Init(SHA1_CTX* context) +{ + /* SHA1 initialization constants */ + context->state[0] = 0x67452301; + context->state[1] = 0xEFCDAB89; + context->state[2] = 0x98BADCFE; + context->state[3] = 0x10325476; + context->state[4] = 0xC3D2E1F0; + context->count[0] = context->count[1] = 0; +} + + +/* Run your data through this. */ + +void SHA1Update(SHA1_CTX* context, const unsigned char* data, uint32_t len) +{ + uint32_t i, j; + + j = context->count[0]; + if ((context->count[0] += len << 3) < j) + context->count[1]++; + context->count[1] += (len>>29); + j = (j >> 3) & 63; + if ((j + len) > 63) { + memcpy(&context->buffer[j], data, (i = 64-j)); + SHA1Transform(context->state, context->buffer); + for ( ; i + 63 < len; i += 64) { + SHA1Transform(context->state, &data[i]); + } + j = 0; + } + else i = 0; + memcpy(&context->buffer[j], &data[i], len - i); +} + + +/* Add padding and return the message digest. */ + +void SHA1Final(unsigned char digest[20], SHA1_CTX* context) +{ + unsigned i; + unsigned char finalcount[8]; + unsigned char c; + +#if 0 /* untested "improvement" by DHR */ + /* Convert context->count to a sequence of bytes + * in finalcount. Second element first, but + * big-endian order within element. + * But we do it all backwards. + */ + unsigned char *fcp = &finalcount[8]; + + for (i = 0; i < 2; i++) + { + uint32_t t = context->count[i]; + int j; + + for (j = 0; j < 4; t >>= 8, j++) + *--fcp = (unsigned char) t; + } +#else + for (i = 0; i < 8; i++) { + finalcount[i] = (unsigned char)((context->count[(i >= 4 ? 0 : 1)] + >> ((3-(i & 3)) * 8) ) & 255); /* Endian independent */ + } +#endif + c = 0200; + SHA1Update(context, &c, 1); + while ((context->count[0] & 504) != 448) { + c = 0000; + SHA1Update(context, &c, 1); + } + SHA1Update(context, finalcount, 8); /* Should cause a SHA1Transform() */ + for (i = 0; i < 20; i++) { + digest[i] = (unsigned char) + ((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255); + } + /* Wipe variables */ + memset(context, '\0', sizeof(*context)); + memset(&finalcount, '\0', sizeof(finalcount)); +} +/* ================ end of sha1.c ================ */ + + +#endif \ No newline at end of file diff --git a/libsha1.h b/libsha1.h new file mode 100644 index 0000000..0dfc7d5 --- /dev/null +++ b/libsha1.h @@ -0,0 +1,21 @@ +/* ================ sha1.h ================ */ +/* +SHA-1 in C +By Steve Reid +100% Public Domain +*/ + +#if !defined(ESP8266) && !defined(ESP32) + +typedef struct { + uint32_t state[5]; + uint32_t count[2]; + unsigned char buffer[64]; +} SHA1_CTX; + +void SHA1Transform(uint32_t state[5], const unsigned char buffer[64]); +void SHA1Init(SHA1_CTX* context); +void SHA1Update(SHA1_CTX* context, const unsigned char* data, uint32_t len); +void SHA1Final(unsigned char digest[20], SHA1_CTX* context); + +#endif \ No newline at end of file