commit aad333a9fceb3247a503d15c140aa1d7c2193a3c
author Amaury Denoyelle <adenoyelle@haproxy.com> Fri Dec 11 17:53:07 2020 +0100
committer Christopher Faulet <cfaulet@haproxy.com> Thu Jan 28 16:37:14 2021 +0100
tree 95e1d6b57d8f1db4d06921edcca1c95b4f8d62d6
parent 9bf957335e2c385b74901481f7a89c9565dfce53

MEDIUM: h1: add a WebSocket key on handshake if needed

Add the header Sec-Websocket-Key when generating a h1 handshake websocket
without this header. This is the case when doing h2-h1 conversion.

The key is randomly generated and base64 encoded. It is stored on the session
side to be able to verify response key and reject it if not valid.

src/h1.c

diff --git a/src/h1.c b/src/h1.c
index 95bcc1f..3a6c1c3 100644
--- a/src/h1.c
+++ b/src/h1.c
@@ -18,6 +18,7 @@
 #include <haproxy/base64.h>
 #include <haproxy/h1.h>
 #include <haproxy/http-hdr.h>
+#include <haproxy/tools.h>
 
 /* Parse the Content-Length header field of an HTTP/1 request. The function
  * checks all possible occurrences of a comma-delimited value, and verifies
@@ -1056,6 +1057,21 @@
 	return count - ofs;
 }
 
+/* Generate a random key for a WebSocket Handshake in respect with rfc6455
+ * The key is 128-bits long encoded as a base64 string in <key_out> parameter
+ * (25 bytes long).
+ */
+void h1_generate_random_ws_input_key(char key_out[25])
+{
+	/* generate a random websocket key */
+	const uint64_t rand1 = ha_random64(), rand2 = ha_random64();
+	char key[16];
+
+	memcpy(key, &rand1, 8);
+	memcpy(&key[8], &rand2, 8);
+	a2base64(key, 16, key_out, 25);
+}
+
 #define H1_WS_KEY_SUFFIX_GUID "258EAFA5-E914-47DA-95CA-C5AB0DC85B11"
 
 /*