WebSocket key1+key2+8_byte_data != 16 bytes (128 bits)?

Question

I'm trying to build a websocket server in Java, but I'm having difficulty... the specification of websockets say that you have to concatenate the numbers from key1 and key2 then concatenate the extra 8 bytes of data to '...form a 128 bit string whose MD5 sum is then used by the server to prove that it read the handshake.'

The example key1 is 155712099 The example key2 is 173347027 The example 8 bytes of extra data is Tm[K T2u

'155712099173347027Tm[K T2u' is 26 bytes not 16 bytes (128 bits) like it's suppose to be! What am I missing here?

I can 'get' everything about websockets but this little part here.

Answer 1

You are using key1 and key2 as a string of digits instead of 32-bit numbers.

For example, 155712099 as a hexidecimal 32-bit number is: 0x63, 0xfa, 0x47, 0x09 (0x947fa63). That's what you want. You need to convert the key1 and key2 strings into unsigned integers and then pack those 4 bytes into position 0 (for key1) and position 4 (for key2) of your target byte array.

Taking 155712099 as a string of digits will result in a 9 byte string with hex values: 0x31, 0x35, 0x35, 0x37, 0x31, 0x32, 0x30, 0x39, 0x39. On the other hand you do want to pack the extra bytes directly into your target byte array starting at position 8. That should give you a target byte array 16 bytes long.

Note that the handshake is intentionally manipulating the different data elements as different data-types to try and thwart different types of attacks against a WebSockets server.

Answer 2

If key1 and key2 are 32-bit integers, you probably need to concatenate together the representations of each of those as 4 bytes each, not their string representation.