Permalink
Browse files

Annotate Google SSLTCP hardcoded values.

This commit adds documentation only. It does not introduce functional changes.

The documentation was generated by crafting hex dumps from the values hardcoded
in the source code, which were fed to Wireshark (using its "import from hex dump"
option).
  • Loading branch information...
guusdk authored and bgrozev committed Nov 10, 2017
1 parent c266797 commit 610a438dac0182abd27a32a077eba323cf40e77f
Showing with 87 additions and 21 deletions.
  1. +87 −21 src/main/java/org/ice4j/ice/harvest/GoogleTurnSSLCandidateHarvester.java
@@ -29,43 +29,109 @@
* Implements a <tt>CandidateHarvester</tt> which gathers Google TURN SSLTCP
* dialect <tt>Candidate</tt>s for a specified {@link Component}.
*
* This dialect exchanges a SSL v2.0 client-hello answered by a TLS v1.0
* server-hello, before TURN data is exchanged. The data is SSL-spec compliant,
* but use hard-coded values for data that typically aught to be generated
* (for example: challenge, session-id and random fields).
*
* @author Sebastien Vincent
*/
public class GoogleTurnSSLCandidateHarvester
extends GoogleTurnCandidateHarvester
{
/**
* Data for the SSL message sent by the server.
* Data for the SSL message sent by the server ('server-hello').
*/
static final byte SSL_SERVER_HANDSHAKE[] =
{
0x16, 0x03, 0x01, 0x00, 0x4a, 0x02, 0x00, 0x00,
0x46, 0x03, 0x01, 0x42, (byte)0x85, 0x45, (byte)0xa7, 0x27,
(byte)0xa9, 0x5d, (byte)0xa0, (byte)0xb3, (byte)0xc5, (byte)0xe7, 0x53,
(byte)0xda,
0x48, 0x2b, 0x3f, (byte)0xc6, 0x5a, (byte)0xca, (byte)0x89, (byte)0xc1,
0x58, 0x52, (byte)0xa1, 0x78, 0x3c, 0x5b, 0x17, 0x46,
0x00, (byte)0x85, 0x3f, 0x20, 0x0e, (byte)0xd3, 0x06, 0x72,
0x5b, 0x5b, 0x1b, 0x5f, 0x15, (byte)0xac, 0x13, (byte)0xf9,
(byte)0x88, 0x53, (byte)0x9d, (byte)0x9b, (byte)0xe8, 0x3d, 0x7b, 0x0c,
// Content type: Handshake
0x16,
// Version: TLS 1.0
0x03, 0x01,
// Length: 74
0x00, 0x4a,
// Handshake Layer starts here
// Handshake type: Server Hello
0x02,
// Length: 70
0x00, 0x00, 0x46,
// Version: TLS 1.0
0x03, 0x01,
// 32 bytes random (well, obviously hardcoded here)
0x42, (byte)0x85, 0x45, (byte)0xa7, 0x27, (byte)0xa9,
0x5d, (byte)0xa0, (byte)0xb3, (byte)0xc5, (byte)0xe7,
0x53, (byte)0xda, 0x48, 0x2b, 0x3f, (byte)0xc6, 0x5a,
(byte)0xca, (byte)0x89, (byte)0xc1, 0x58, 0x52,
(byte)0xa1, 0x78, 0x3c, 0x5b, 0x17, 0x46, 0x00,
(byte)0x85, 0x3f,
// Session-ID length: 32
0x20,
// Session-ID
0x0e, (byte)0xd3, 0x06, 0x72, 0x5b, 0x5b, 0x1b, 0x5f,
0x15, (byte)0xac, 0x13, (byte)0xf9, (byte)0x88, 0x53,
(byte)0x9d, (byte)0x9b, (byte)0xe8, 0x3d, 0x7b, 0x0c,
0x30, 0x32, 0x6e, 0x38, 0x4d, (byte)0xa2, 0x75, 0x57,
0x41, 0x6c, 0x34, 0x5c, 0x00, 0x04, 0x00
0x41, 0x6c, 0x34, 0x5c,
// Selected Cipher suite
0x00, 0x04, // TLS_RSA_WITH_RC4_128_MD5
// Compression method: null
0x00
};
/**
* Data for the SSL message sent by the client.
* Data for the SSL message sent by the client (client-hello).
*/
public static final byte SSL_CLIENT_HANDSHAKE[] =
{
(byte)0x80, 0x46, 0x01, 0x03, 0x01, 0x00, 0x2d, 0x00,
0x00, 0x00, 0x10, 0x01, 0x00, (byte)0x80, 0x03, 0x00,
(byte)0x80, 0x07, 0x00, (byte)0xc0, 0x06, 0x00, 0x40, 0x02,
0x00, (byte)0x80, 0x04, 0x00, (byte)0x80, 0x00, 0x00, 0x04,
0x00, (byte)0xfe, (byte)0xff, 0x00, 0x00, 0x0a, 0x00, (byte)0xfe,
(byte)0xfe, 0x00, 0x00, 0x09, 0x00, 0x00, 0x64, 0x00,
0x00, 0x62, 0x00, 0x00, 0x03, 0x00, 0x00, 0x06,
0x1f, 0x17, 0x0c, (byte)0xa6, 0x2f, 0x00, 0x78, (byte)0xfc,
0x46, 0x55, 0x2e, (byte)0xb1, (byte)0x83, 0x39, (byte)0xf1, (byte)0xea
// Version: SSL 2.0 (0x0002) and length: 70
(byte)0x80, 0x46,
// Handshake message type: Client Hello
0x01,
// Version TLS 1.0
0x03, 0x01,
// Cipher Spec Length: 45
0x00, 0x2d,
// Session ID: 0
0x00, 0x00,
// Challenge length: 16
0x00, 0x10,
// Cipher spec (15 cyphers)
0x01, 0x00, (byte)0x80, // SSL2_RC4_128_WITH_MD5
0x03, 0x00, (byte)0x80, // SSL2_rc2_128_CBC_WITH_MD5
0x07, 0x00, (byte)0xc0, // SSL2_DES_192_EDE3_CBC_WITH_MD5
0x06, 0x00, 0x40, // SSL2_DES_64_CBC_WITH_MD5
0x02, 0x00, (byte)0x80, // SSL2_RC4_128_EXPORT40_WITH_MD5
0x04, 0x00, (byte)0x80, // SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
0x00, 0x00, 0x04, // TLS_RSA_WITH_RC4_128_MD5
0x00, (byte)0xfe, (byte)0xff, // SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA
0x00, 0x00, 0x0a, // TLS_RSA_WITH_3DES_EDE_CBC_SHA
0x00, (byte)0xfe, (byte)0xfe, // SSL_RSA_FIPS_WITH_DES_CBC_SHA
0x00, 0x00, 0x09, // TLS_RSA_WITH_DES_CBC_SHA
0x00, 0x00, 0x64, // TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
0x00, 0x00, 0x62, // TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
0x00, 0x00, 0x03, // TLS_RSA_EXPORT_WITH_RC4_40_MD5
0x00, 0x00, 0x06, // TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
// Challenge
0x1f, 0x17, 0x0c, (byte)0xa6, 0x2f, 0x00, 0x78, (byte)0xfc, 0x46,
0x55, 0x2e, (byte)0xb1, (byte)0x83, 0x39, (byte)0xf1, (byte)0xea
};
/**

0 comments on commit 610a438

Please sign in to comment.