zoukankan      html  css  js  c++  java
  • peapMSCHAPV2

    Peer                                   radius

    ----                                    -------------

     

     

    <- EAP-Request/Identity

    EAP-Response/

    Identity (MyID) ->

     

     

     

    <- EAP-Request/

                              EAP-Type=EAP MS-CHAP-V2

                              (Challenge[16])

     

    EAP-Response/

    EAP-Type=EAP-MS-CHAP-V2

    (Response)->

    16 octets: Peer-Challenge

    8 octets: Reserved, must be zero

    24 octets: NT-Response

    1 octet : Flags

     

     

     

    <- EAP-Request/

                              EAP-Type=EAP-MS-CHAP-V2

                              (Success)

    S=<auth_string> M=<message>"

     

    <auth_string>

     

    GenerateAuthenticatorResponse(  Password,  NTResponse, PeerChallenge, 

    AuthenticatorChallenge, UserName,AuthenticatorResponses );

     

    GenerateAuthenticatorResponse()

     

       GenerateAuthenticatorResponse(

       IN  0-to-256-unicode-char Password,

       IN  24-octet              NT-Response,

       IN  16-octet              PeerChallenge,

       IN  16-octet              AuthenticatorChallenge,

       IN  0-to-256-char         UserName,

       OUT 42-octet              AuthenticatorResponse )

       {

          16-octet              PasswordHash

          16-octet              PasswordHashHash

          8-octet               Challenge

     

          /*

           * "Magic" constants used in response generation

           */

     

          Magic1[39] =

             {0x4D, 0x61, 0x67, 0x69, 0x63, 0x20, 0x73, 0x65, 0x72, 0x76,

              0x65, 0x72, 0x20, 0x74, 0x6F, 0x20, 0x63, 0x6C, 0x69, 0x65,

              0x6E, 0x74, 0x20, 0x73, 0x69, 0x67, 0x6E, 0x69, 0x6E, 0x67,

              0x20, 0x63, 0x6F, 0x6E, 0x73, 0x74, 0x61, 0x6E, 0x74};

     

          Magic2[41] =

             {0x50, 0x61, 0x64, 0x20, 0x74, 0x6F, 0x20, 0x6D, 0x61, 0x6B,

              0x65, 0x20, 0x69, 0x74, 0x20, 0x64, 0x6F, 0x20, 0x6D, 0x6F,

              0x72, 0x65, 0x20, 0x74, 0x68, 0x61, 0x6E, 0x20, 0x6F, 0x6E,

              0x65, 0x20, 0x69, 0x74, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6F,

              0x6E};

     

          /*

           * Hash the password with MD4

           */

     

          NtPasswordHash( Password, giving PasswordHash )

     

          /*

           * Now hash the hash

           */

     

          HashNtPasswordHash( PasswordHash, giving PasswordHashHash)

     

          SHAInit(Context)

          SHAUpdate(Context, PasswordHashHash, 16)

          SHAUpdate(Context, NTResponse, 24)

          SHAUpdate(Context, Magic1, 39)

          SHAFinal(Context, Digest)

     

          ChallengeHash( PeerChallenge, AuthenticatorChallenge, UserName,

                         giving Challenge)

     

          SHAInit(Context)

          SHAUpdate(Context, Digest, 20)

          SHAUpdate(Context, Challenge, 8)

          SHAUpdate(Context, Magic2, 41)

          SHAFinal(Context, Digest)

     

          /*

           * Encode the value of 'Digest' as "S=" followed by

           * 40 ASCII hexadecimal digits and return it in

           * AuthenticatorResponse.

           * For example,

           *   "S=0123456789ABCDEF0123456789ABCDEF01234567"

           */

     

       }

     

    EAP-Response/

    EAP-Type=EAP-MS-CHAP-V2

    (Success) ->

     

     

     

    <- EAP-Success

     

     

     

     

     

    In the case where the EAP MS-CHAP-V2 authentication is unsuccessful, due

    to a retryable error, the conversation will appear as follows (assuming

    a maximum of two retries):

     

     

    Peer                   Authenticator

    ----                   -------------

                           <- EAP-Request/Identity

    EAP-Response/

    Identity (MyID) ->

                           <- EAP-Request/

                              EAP-Type=EAP MS-CHAP-V2

                              (Challenge)

    EAP-Response/

    EAP-Type=EAP-MS-CHAP-V2

    (Response)->

                           <- EAP-Request/

                              EAP-Type=EAP-MS-CHAP-V2

                             (Failure, R=1)

    EAP-Response/

    EAP-Type=EAP-MS-CHAP-V2

    (Response) ->

                           <- EAP-Request/

                              EAP-Type=EAP-MS-CHAP-V2

                             (Failure, R=1)

     

  • 相关阅读:
    组件间通信
    Android抓包方法(一)之Fiddler代理
    汉字转拼音
    post请求参数问题
    post请求参数设置
    swagger
    IfcPresentationDefinitionResource(介绍定义资源)
    Java计算两个日期之间的时间差(毫秒数)
    IfcPresentationAppearanceResource(外观定义资源)
    IfcMeasureResource(度量资源)
  • 原文地址:https://www.cnblogs.com/ahuo/p/1766893.html
Copyright © 2011-2022 走看看