initial commit

.gitignore

@@ -0,0 +1,2 @@
+bin/
+reports/

LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2017 Sergey Kamardin
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

Makefile

@@ -0,0 +1,47 @@
+BENCH     ?=.
+BENCH_BASE?=master
+
+autobahn:
+	go build -o ./bin/autobahn ./example/autobahn
+
+test:
+	go test -cover ./...
+
+testrfc: PID:=$(shell mktemp -t autobahn.XXXX)
+testrfc: autobahn
+	./bin/autobahn & echo $$! > $(PID)
+	if [ -z "$$(ps | grep $$(cat $(PID)) | grep autobahn)" ]; then\
+		echo "could not start autobahn";\
+		exit 1;\
+	fi;\
+	wstest -m fuzzingclient -s ./example/autobahn/fuzzingclient.json
+	pkill -9 -F $(PID)
+
+rfc: testrfc
+	open ./example/autobahn/reports/servers/index.html
+
+bench:
+	go test -run=none -bench=$(BENCH) -benchmem
+
+benchcmp: BENCH_BRANCH=$(shell git rev-parse --abbrev-ref HEAD)
+benchcmp: BENCH_OLD:=$(shell mktemp -t old.XXXX)
+benchcmp: BENCH_NEW:=$(shell mktemp -t new.XXXX)
+benchcmp:
+	if [ ! -z "$(shell git status -s)" ]; then\
+		echo "could not compare with $(BENCH_BASE) – found unstaged changes";\
+		exit 1;\
+	fi;\
+	if [ "$(BENCH_BRANCH)" == "$(BENCH_BASE)" ]; then\
+		echo "comparing the same branches";\
+		exit 1;\
+	fi;\
+	echo "benchmarking $(BENCH_BRANCH)...";\
+	go test -run=none -bench=$(BENCH) -benchmem > $(BENCH_NEW);\
+	echo "benchmarking $(BENCH_BASE)...";\
+	git checkout -q $(BENCH_BASE);\
+	go test -run=none -bench=$(BENCH) -benchmem > $(BENCH_OLD);\
+	git checkout -q $(BENCH_BRANCH);\
+	echo "\nresults:";\
+	echo "========\n";\
+	benchcmp $(BENCH_OLD) $(BENCH_NEW);\
+

check.go

@@ -0,0 +1,141 @@
+package ws
+
+import (
+	"fmt"
+	"unicode/utf8"
+)
+
+// State represents state of websocket endpoint.
+// It used by some functions to be more strict when checking compatibility with RFC6455.
+type State uint8
+
+const (
+	// StateServerSide means that endpoint (caller) is a server.
+	StateServerSide State = 0x1 << iota
+	// StateServerSide means that endpoint (caller) is a client.
+	StateClientSide
+	// StateExtended means that extension was negotiated during handshake.
+	StateExtended
+	// StateFragmented means that endpoint (caller) has received fragmented
+	// frame and waits for continuation parts.
+	StateFragmented
+)
+
+// Is checks whether the s has v enabled.
+func (s State) Is(v State) bool {
+	return uint8(s)&uint8(v) != 0
+}
+
+// Set enables v state on s.
+func (s State) Set(v State) State {
+	return s | v
+}
+
+// Clear disables v state on s.
+func (s State) Clear(v State) State {
+	return s & (^v)
+}
+
+// SetOrClearIf enables or disables v state on s depending on cond.
+func (s State) SetOrClearIf(cond bool, v State) (ret State) {
+	if cond {
+		ret = s.Set(v)
+	} else {
+		ret = s.Clear(v)
+	}
+	return
+}
+
+// ProtocolError describes error during checking/parsing websocket frames or headers.
+type ProtocolError error
+
+// Errors used by the protocol checkers.
+var (
+	ErrProtocolOpCodeReserved             = ProtocolError(fmt.Errorf("use of reserved op code"))
+	ErrProtocolControlPayloadOverflow     = ProtocolError(fmt.Errorf("control frame payload limit exceeded"))
+	ErrProtocolControlNotFinal            = ProtocolError(fmt.Errorf("control frame is not final"))
+	ErrProtocolNonZeroRsv                 = ProtocolError(fmt.Errorf("non-zero rsv bits with no extension negotiated"))
+	ErrProtocolMaskRequired               = ProtocolError(fmt.Errorf("frames from client to server must be masked"))
+	ErrProtocolMaskUnexpected             = ProtocolError(fmt.Errorf("frames from server to client must be not masked"))
+	ErrProtocolContinuationExpected       = ProtocolError(fmt.Errorf("unexpected non-continuation data frame"))
+	ErrProtocolContinuationUnexpected     = ProtocolError(fmt.Errorf("unexpected continuation data frame"))
+	ErrProtocolStatusCodeNotInUse         = ProtocolError(fmt.Errorf("status code is not in use"))
+	ErrProtocolStatusCodeApplicationLevel = ProtocolError(fmt.Errorf("status code is only application level"))
+	ErrProtocolStatusCodeNoMeaning        = ProtocolError(fmt.Errorf("status code has no meaning yet"))
+	ErrProtocolStatusCodeUnknown          = ProtocolError(fmt.Errorf("status code is not defined in spec"))
+	ErrProtocolInvalidUTF8                = ProtocolError(fmt.Errorf("invalid utf8 sequence in close reason"))
+)
+
+// CheckHeader checks h to contain valid header data for given state s.
+//
+// Note that zero state (0) means that state is clean,
+// neither server or client side, nor fragmented, nor extended.
+func CheckHeader(h Header, s State) error {
+	if h.OpCode.IsReserved() {
+		return ErrProtocolOpCodeReserved
+	}
+	if h.OpCode.IsControl() {
+		if h.Length > MaxControlFramePayloadSize {
+			return ErrProtocolControlPayloadOverflow
+		}
+		if !h.Fin {
+			return ErrProtocolControlNotFinal
+		}
+	}
+
+	switch {
+	// [RFC6455]: MUST be 0 unless an extension is negotiated that defines meanings for
+	// non-zero values. If a nonzero value is received and none of the
+	// negotiated extensions defines the meaning of such a nonzero value, the
+	// receiving endpoint MUST _Fail the WebSocket Connection_.
+	case h.Rsv != 0 && !s.Is(StateExtended):
+		return ErrProtocolNonZeroRsv
+
+	// [RFC6455]: The server MUST close the connection upon receiving a frame that is not masked.
+	// In this case, a server MAY send a Close frame with a status code of 1002 (protocol error)
+	// as defined in Section 7.4.1. A server MUST NOT mask any frames that it sends to the client.
+	// A client MUST close a connection if it detects a masked frame. In this case, it MAY use the
+	// status code 1002 (protocol error) as defined in Section 7.4.1.
+	case s.Is(StateServerSide) && h.Mask == nil:
+		return ErrProtocolMaskRequired
+	case s.Is(StateClientSide) && h.Mask != nil:
+		return ErrProtocolMaskUnexpected
+
+	// [RFC6455]: See detailed explanation in 5.4 section.
+	case s.Is(StateFragmented) && !h.OpCode.IsControl() && h.OpCode != OpContinuation:
+		return ErrProtocolContinuationExpected
+	case !s.Is(StateFragmented) && h.OpCode == OpContinuation:
+		return ErrProtocolContinuationUnexpected
+	}
+
+	return nil
+}
+
+// CheckCloseFrameData checks received close information
+// to be valid RFC6455 compatible clsoe info.
+//
+// Note that code.Empty() or code.IsAppLevel() will raise error.
+//
+// If endpoint sends close frame without status code (with frame.Length = 0),
+// application should not check its payload.
+func CheckCloseFrameData(code StatusCode, reason string) error {
+	switch {
+	case code.IsNotUsed():
+		return ErrProtocolStatusCodeNotInUse
+
+	case code.IsProtocolReserved():
+		return ErrProtocolStatusCodeApplicationLevel
+
+	case code == StatusNoMeaningYet:
+		return ErrProtocolStatusCodeNoMeaning
+
+	case code.IsProtocolSpec() && !code.IsProtocolDefined():
+		return ErrProtocolStatusCodeUnknown
+
+	case !utf8.ValidString(reason):
+		return ErrProtocolInvalidUTF8
+
+	default:
+		return nil
+	}
+}

cipher.go

@@ -0,0 +1,55 @@
+package ws
+
+import (
+	"reflect"
+	"unsafe"
+)
+
+// Cipher applies XOR cipher to the payload using mask.
+// Offset is used to cipher chunked data (e.g. in io.Reader implementations).
+//
+// To convert masked data into unmasked data, or vice versa, the following
+// algorithm is applied.  The same algorithm applies regardless of the
+// direction of the translation, e.g., the same steps are applied to
+// mask the data as to unmask the data.
+func Cipher(payload, mask []byte, offset int) {
+	if len(mask) != 4 {
+		return
+	}
+
+	n := len(payload)
+	if n < 8 {
+		for i := 0; i < n; i++ {
+			payload[i] ^= mask[(offset+i)%4]
+		}
+		return
+	}
+
+	// Calculate position in mask due to previously processed bytes number.
+	mpos := offset % 4
+	// Count number of bytes will processed one by one from the begining of payload.
+	// Bitwise used to avoid additional if.
+	ln := (4 - mpos) & 0x0b
+	// Count number of bytes will processed one by one from the end of payload.
+	// This is done to process payload by 8 bytes in each iteration of main loop.
+	rn := (n - ln) % 8
+
+	for i := 0; i < ln; i++ {
+		payload[i] ^= mask[(mpos+i)%4]
+	}
+	for i := n - rn; i < n; i++ {
+		payload[i] ^= mask[(mpos+i)%4]
+	}
+
+	ph := *(*reflect.SliceHeader)(unsafe.Pointer(&payload))
+	mh := *(*reflect.SliceHeader)(unsafe.Pointer(&mask))
+
+	m := *(*uint32)(unsafe.Pointer(mh.Data))
+	m2 := uint64(m)<<32 | uint64(m)
+
+	// Process the rest of bytes as uint64.
+	for i := ln; i+8 <= n-rn; i += 8 {
+		v := (*uint64)(unsafe.Pointer(ph.Data + uintptr(i)))
+		*v = *v ^ m2
+	}
+}