zoukankan      html  css  js  c++  java
  • peapMSCHAPV2

    Peer                                   radius

    ----                                    -------------

     

     

    <- EAP-Request/Identity

    EAP-Response/

    Identity (MyID) ->

     

     

     

    <- EAP-Request/

                              EAP-Type=EAP MS-CHAP-V2

                              (Challenge[16])

     

    EAP-Response/

    EAP-Type=EAP-MS-CHAP-V2

    (Response)->

    16 octets: Peer-Challenge

    8 octets: Reserved, must be zero

    24 octets: NT-Response

    1 octet : Flags

     

     

     

    <- EAP-Request/

                              EAP-Type=EAP-MS-CHAP-V2

                              (Success)

    S=<auth_string> M=<message>"

     

    <auth_string>

     

    GenerateAuthenticatorResponse(  Password,  NTResponse, PeerChallenge, 

    AuthenticatorChallenge, UserName,AuthenticatorResponses );

     

    GenerateAuthenticatorResponse()

     

       GenerateAuthenticatorResponse(

       IN  0-to-256-unicode-char Password,

       IN  24-octet              NT-Response,

       IN  16-octet              PeerChallenge,

       IN  16-octet              AuthenticatorChallenge,

       IN  0-to-256-char         UserName,

       OUT 42-octet              AuthenticatorResponse )

       {

          16-octet              PasswordHash

          16-octet              PasswordHashHash

          8-octet               Challenge

     

          /*

           * "Magic" constants used in response generation

           */

     

          Magic1[39] =

             {0x4D, 0x61, 0x67, 0x69, 0x63, 0x20, 0x73, 0x65, 0x72, 0x76,

              0x65, 0x72, 0x20, 0x74, 0x6F, 0x20, 0x63, 0x6C, 0x69, 0x65,

              0x6E, 0x74, 0x20, 0x73, 0x69, 0x67, 0x6E, 0x69, 0x6E, 0x67,

              0x20, 0x63, 0x6F, 0x6E, 0x73, 0x74, 0x61, 0x6E, 0x74};

     

          Magic2[41] =

             {0x50, 0x61, 0x64, 0x20, 0x74, 0x6F, 0x20, 0x6D, 0x61, 0x6B,

              0x65, 0x20, 0x69, 0x74, 0x20, 0x64, 0x6F, 0x20, 0x6D, 0x6F,

              0x72, 0x65, 0x20, 0x74, 0x68, 0x61, 0x6E, 0x20, 0x6F, 0x6E,

              0x65, 0x20, 0x69, 0x74, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6F,

              0x6E};

     

          /*

           * Hash the password with MD4

           */

     

          NtPasswordHash( Password, giving PasswordHash )

     

          /*

           * Now hash the hash

           */

     

          HashNtPasswordHash( PasswordHash, giving PasswordHashHash)

     

          SHAInit(Context)

          SHAUpdate(Context, PasswordHashHash, 16)

          SHAUpdate(Context, NTResponse, 24)

          SHAUpdate(Context, Magic1, 39)

          SHAFinal(Context, Digest)

     

          ChallengeHash( PeerChallenge, AuthenticatorChallenge, UserName,

                         giving Challenge)

     

          SHAInit(Context)

          SHAUpdate(Context, Digest, 20)

          SHAUpdate(Context, Challenge, 8)

          SHAUpdate(Context, Magic2, 41)

          SHAFinal(Context, Digest)

     

          /*

           * Encode the value of 'Digest' as "S=" followed by

           * 40 ASCII hexadecimal digits and return it in

           * AuthenticatorResponse.

           * For example,

           *   "S=0123456789ABCDEF0123456789ABCDEF01234567"

           */

     

       }

     

    EAP-Response/

    EAP-Type=EAP-MS-CHAP-V2

    (Success) ->

     

     

     

    <- EAP-Success

     

     

     

     

     

    In the case where the EAP MS-CHAP-V2 authentication is unsuccessful, due

    to a retryable error, the conversation will appear as follows (assuming

    a maximum of two retries):

     

     

    Peer                   Authenticator

    ----                   -------------

                           <- EAP-Request/Identity

    EAP-Response/

    Identity (MyID) ->

                           <- EAP-Request/

                              EAP-Type=EAP MS-CHAP-V2

                              (Challenge)

    EAP-Response/

    EAP-Type=EAP-MS-CHAP-V2

    (Response)->

                           <- EAP-Request/

                              EAP-Type=EAP-MS-CHAP-V2

                             (Failure, R=1)

    EAP-Response/

    EAP-Type=EAP-MS-CHAP-V2

    (Response) ->

                           <- EAP-Request/

                              EAP-Type=EAP-MS-CHAP-V2

                             (Failure, R=1)

     

  • 相关阅读:
    后台管理界面
    登陆页面
    Django models中关于blank与null的补充说明
    django学习之路
    Django在根据models生成数据库表时报 __init__() missing 1 required positional argument: 'on_delete'
    django2笔记:路由path语法
    四 数据库备份
    Python操作MySQL
    三 数据库其他
    Shell----简单整理
  • 原文地址:https://www.cnblogs.com/ahuo/p/1766893.html
Copyright © 2011-2022 走看看