zoukankan      html  css  js  c++  java
  • peapMSCHAPV2

    Peer                                   radius

    ----                                    -------------

     

     

    <- EAP-Request/Identity

    EAP-Response/

    Identity (MyID) ->

     

     

     

    <- EAP-Request/

                              EAP-Type=EAP MS-CHAP-V2

                              (Challenge[16])

     

    EAP-Response/

    EAP-Type=EAP-MS-CHAP-V2

    (Response)->

    16 octets: Peer-Challenge

    8 octets: Reserved, must be zero

    24 octets: NT-Response

    1 octet : Flags

     

     

     

    <- EAP-Request/

                              EAP-Type=EAP-MS-CHAP-V2

                              (Success)

    S=<auth_string> M=<message>"

     

    <auth_string>

     

    GenerateAuthenticatorResponse(  Password,  NTResponse, PeerChallenge, 

    AuthenticatorChallenge, UserName,AuthenticatorResponses );

     

    GenerateAuthenticatorResponse()

     

       GenerateAuthenticatorResponse(

       IN  0-to-256-unicode-char Password,

       IN  24-octet              NT-Response,

       IN  16-octet              PeerChallenge,

       IN  16-octet              AuthenticatorChallenge,

       IN  0-to-256-char         UserName,

       OUT 42-octet              AuthenticatorResponse )

       {

          16-octet              PasswordHash

          16-octet              PasswordHashHash

          8-octet               Challenge

     

          /*

           * "Magic" constants used in response generation

           */

     

          Magic1[39] =

             {0x4D, 0x61, 0x67, 0x69, 0x63, 0x20, 0x73, 0x65, 0x72, 0x76,

              0x65, 0x72, 0x20, 0x74, 0x6F, 0x20, 0x63, 0x6C, 0x69, 0x65,

              0x6E, 0x74, 0x20, 0x73, 0x69, 0x67, 0x6E, 0x69, 0x6E, 0x67,

              0x20, 0x63, 0x6F, 0x6E, 0x73, 0x74, 0x61, 0x6E, 0x74};

     

          Magic2[41] =

             {0x50, 0x61, 0x64, 0x20, 0x74, 0x6F, 0x20, 0x6D, 0x61, 0x6B,

              0x65, 0x20, 0x69, 0x74, 0x20, 0x64, 0x6F, 0x20, 0x6D, 0x6F,

              0x72, 0x65, 0x20, 0x74, 0x68, 0x61, 0x6E, 0x20, 0x6F, 0x6E,

              0x65, 0x20, 0x69, 0x74, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6F,

              0x6E};

     

          /*

           * Hash the password with MD4

           */

     

          NtPasswordHash( Password, giving PasswordHash )

     

          /*

           * Now hash the hash

           */

     

          HashNtPasswordHash( PasswordHash, giving PasswordHashHash)

     

          SHAInit(Context)

          SHAUpdate(Context, PasswordHashHash, 16)

          SHAUpdate(Context, NTResponse, 24)

          SHAUpdate(Context, Magic1, 39)

          SHAFinal(Context, Digest)

     

          ChallengeHash( PeerChallenge, AuthenticatorChallenge, UserName,

                         giving Challenge)

     

          SHAInit(Context)

          SHAUpdate(Context, Digest, 20)

          SHAUpdate(Context, Challenge, 8)

          SHAUpdate(Context, Magic2, 41)

          SHAFinal(Context, Digest)

     

          /*

           * Encode the value of 'Digest' as "S=" followed by

           * 40 ASCII hexadecimal digits and return it in

           * AuthenticatorResponse.

           * For example,

           *   "S=0123456789ABCDEF0123456789ABCDEF01234567"

           */

     

       }

     

    EAP-Response/

    EAP-Type=EAP-MS-CHAP-V2

    (Success) ->

     

     

     

    <- EAP-Success

     

     

     

     

     

    In the case where the EAP MS-CHAP-V2 authentication is unsuccessful, due

    to a retryable error, the conversation will appear as follows (assuming

    a maximum of two retries):

     

     

    Peer                   Authenticator

    ----                   -------------

                           <- EAP-Request/Identity

    EAP-Response/

    Identity (MyID) ->

                           <- EAP-Request/

                              EAP-Type=EAP MS-CHAP-V2

                              (Challenge)

    EAP-Response/

    EAP-Type=EAP-MS-CHAP-V2

    (Response)->

                           <- EAP-Request/

                              EAP-Type=EAP-MS-CHAP-V2

                             (Failure, R=1)

    EAP-Response/

    EAP-Type=EAP-MS-CHAP-V2

    (Response) ->

                           <- EAP-Request/

                              EAP-Type=EAP-MS-CHAP-V2

                             (Failure, R=1)

     

  • 相关阅读:
    【2020-05-17】人生十三信条
    【2020-05-16】评价与骄傲
    【2020-05-15】每天都充满向上的激情
    【04NOIP普及组】火星人(信息学奥赛一本通 1929)(洛谷 1088)
    next_permutation(全排列算法)
    【03NOIP普及组】麦森数(信息学奥赛一本通 1925)(洛谷 1045)
    快速幂
    【03NOIP普及组】栈(信息学奥赛一本通 1924)(洛谷 1044)
    【06NOIP普及组】数列(信息学奥赛一本通 1937)(洛谷 1062)
    【00NOIP普及组】计算器的改良(信息学奥赛一本通 1910)(洛谷 1022)
  • 原文地址:https://www.cnblogs.com/ahuo/p/1766893.html
Copyright © 2011-2022 走看看