zoukankan      html  css  js  c++  java
  • peapMSCHAPV2

    Peer                                   radius

    ----                                    -------------

     

     

    <- EAP-Request/Identity

    EAP-Response/

    Identity (MyID) ->

     

     

     

    <- EAP-Request/

                              EAP-Type=EAP MS-CHAP-V2

                              (Challenge[16])

     

    EAP-Response/

    EAP-Type=EAP-MS-CHAP-V2

    (Response)->

    16 octets: Peer-Challenge

    8 octets: Reserved, must be zero

    24 octets: NT-Response

    1 octet : Flags

     

     

     

    <- EAP-Request/

                              EAP-Type=EAP-MS-CHAP-V2

                              (Success)

    S=<auth_string> M=<message>"

     

    <auth_string>

     

    GenerateAuthenticatorResponse(  Password,  NTResponse, PeerChallenge, 

    AuthenticatorChallenge, UserName,AuthenticatorResponses );

     

    GenerateAuthenticatorResponse()

     

       GenerateAuthenticatorResponse(

       IN  0-to-256-unicode-char Password,

       IN  24-octet              NT-Response,

       IN  16-octet              PeerChallenge,

       IN  16-octet              AuthenticatorChallenge,

       IN  0-to-256-char         UserName,

       OUT 42-octet              AuthenticatorResponse )

       {

          16-octet              PasswordHash

          16-octet              PasswordHashHash

          8-octet               Challenge

     

          /*

           * "Magic" constants used in response generation

           */

     

          Magic1[39] =

             {0x4D, 0x61, 0x67, 0x69, 0x63, 0x20, 0x73, 0x65, 0x72, 0x76,

              0x65, 0x72, 0x20, 0x74, 0x6F, 0x20, 0x63, 0x6C, 0x69, 0x65,

              0x6E, 0x74, 0x20, 0x73, 0x69, 0x67, 0x6E, 0x69, 0x6E, 0x67,

              0x20, 0x63, 0x6F, 0x6E, 0x73, 0x74, 0x61, 0x6E, 0x74};

     

          Magic2[41] =

             {0x50, 0x61, 0x64, 0x20, 0x74, 0x6F, 0x20, 0x6D, 0x61, 0x6B,

              0x65, 0x20, 0x69, 0x74, 0x20, 0x64, 0x6F, 0x20, 0x6D, 0x6F,

              0x72, 0x65, 0x20, 0x74, 0x68, 0x61, 0x6E, 0x20, 0x6F, 0x6E,

              0x65, 0x20, 0x69, 0x74, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6F,

              0x6E};

     

          /*

           * Hash the password with MD4

           */

     

          NtPasswordHash( Password, giving PasswordHash )

     

          /*

           * Now hash the hash

           */

     

          HashNtPasswordHash( PasswordHash, giving PasswordHashHash)

     

          SHAInit(Context)

          SHAUpdate(Context, PasswordHashHash, 16)

          SHAUpdate(Context, NTResponse, 24)

          SHAUpdate(Context, Magic1, 39)

          SHAFinal(Context, Digest)

     

          ChallengeHash( PeerChallenge, AuthenticatorChallenge, UserName,

                         giving Challenge)

     

          SHAInit(Context)

          SHAUpdate(Context, Digest, 20)

          SHAUpdate(Context, Challenge, 8)

          SHAUpdate(Context, Magic2, 41)

          SHAFinal(Context, Digest)

     

          /*

           * Encode the value of 'Digest' as "S=" followed by

           * 40 ASCII hexadecimal digits and return it in

           * AuthenticatorResponse.

           * For example,

           *   "S=0123456789ABCDEF0123456789ABCDEF01234567"

           */

     

       }

     

    EAP-Response/

    EAP-Type=EAP-MS-CHAP-V2

    (Success) ->

     

     

     

    <- EAP-Success

     

     

     

     

     

    In the case where the EAP MS-CHAP-V2 authentication is unsuccessful, due

    to a retryable error, the conversation will appear as follows (assuming

    a maximum of two retries):

     

     

    Peer                   Authenticator

    ----                   -------------

                           <- EAP-Request/Identity

    EAP-Response/

    Identity (MyID) ->

                           <- EAP-Request/

                              EAP-Type=EAP MS-CHAP-V2

                              (Challenge)

    EAP-Response/

    EAP-Type=EAP-MS-CHAP-V2

    (Response)->

                           <- EAP-Request/

                              EAP-Type=EAP-MS-CHAP-V2

                             (Failure, R=1)

    EAP-Response/

    EAP-Type=EAP-MS-CHAP-V2

    (Response) ->

                           <- EAP-Request/

                              EAP-Type=EAP-MS-CHAP-V2

                             (Failure, R=1)

     

  • 相关阅读:
    MySql--密码查看或修改
    javaweb学习--Servlet开发(一)
    javaweb学习--http协议
    Vue.js学习笔记(一)
    javascript事件处理
    javascript时间的相关操作
    代理模式(Proxy)
    单例模式(Singleton)
    ArrayBlockingQueue和LinkedBlockingQueue队列
    自增(++)和自减(--)运算符
  • 原文地址:https://www.cnblogs.com/ahuo/p/1766893.html
Copyright © 2011-2022 走看看