rfc2759.txt

radius服务器

         +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

         Bits 0-15
            Reserved, always clear (0).

8.  Pseudocode

   The routines mentioned in the text above are described in pseudocode
   in the following sections.

8.1.  GenerateNTResponse()

   GenerateNTResponse(
   IN  16-octet              AuthenticatorChallenge,
   IN  16-octet              PeerChallenge,



Zorn                         Informational                      [Page 7]

RFC 2759                  Microsoft MS-CHAP-V2              January 2000


   IN  0-to-256-char         UserName,

   IN  0-to-256-unicode-char Password,
   OUT 24-octet              Response )
   {
      8-octet  Challenge
      16-octet PasswordHash

      ChallengeHash( PeerChallenge, AuthenticatorChallenge, UserName,
                     giving Challenge)

      NtPasswordHash( Password, giving PasswordHash )
      ChallengeResponse( Challenge, PasswordHash, giving Response )
   }

8.2.  ChallengeHash()

   ChallengeHash(
   IN 16-octet               PeerChallenge,
   IN 16-octet               AuthenticatorChallenge,
   IN  0-to-256-char         UserName,
   OUT 8-octet               Challenge
   {

      /*
       * SHAInit(), SHAUpdate() and SHAFinal() functions are an
       * implementation of Secure Hash Algorithm (SHA-1) [11]. These are
       * available in public domain or can be licensed from
       * RSA Data Security, Inc.
       */

      SHAInit(Context)
      SHAUpdate(Context, PeerChallenge, 16)
      SHAUpdate(Context, AuthenticatorChallenge, 16)

      /*
       * Only the user name (as presented by the peer and
       * excluding any prepended domain name)
       * is used as input to SHAUpdate().
       */

      SHAUpdate(Context, UserName, strlen(Username))
      SHAFinal(Context, Digest)
      memcpy(Challenge, Digest, 8)
   }






Zorn                         Informational                      [Page 8]

RFC 2759                  Microsoft MS-CHAP-V2              January 2000


8.3.  NtPasswordHash()

   NtPasswordHash(
   IN  0-to-256-unicode-char Password,
   OUT 16-octet              PasswordHash )
   {
      /*
       * Use the MD4 algorithm [5] to irreversibly hash Password
       * into PasswordHash.  Only the password is hashed without
       * including any terminating 0.
       */
   }

8.4.  HashNtPasswordHash()

   HashNtPasswordHash(
   IN  16-octet PasswordHash,
   OUT 16-octet PasswordHashHash )
   {
      /*
       * Use the MD4 algorithm [5] to irreversibly hash
       * PasswordHash into PasswordHashHash.
       */
   }

8.5.  ChallengeResponse()

   ChallengeResponse(
   IN  8-octet  Challenge,
   IN  16-octet PasswordHash,
   OUT 24-octet Response )
   {
      Set ZPasswordHash to PasswordHash zero-padded to 21 octets

      DesEncrypt( Challenge,
                  1st 7-octets of ZPasswordHash,
                  giving 1st 8-octets of Response )

      DesEncrypt( Challenge,
                  2nd 7-octets of ZPasswordHash,
                  giving 2nd 8-octets of Response )

      DesEncrypt( Challenge,
                  3rd 7-octets of ZPasswordHash,
                  giving 3rd 8-octets of Response )
   }





Zorn                         Informational                      [Page 9]

RFC 2759                  Microsoft MS-CHAP-V2              January 2000


8.6.  DesEncrypt()

   DesEncrypt(
   IN  8-octet Clear,
   IN  7-octet Key,
   OUT 8-octet Cypher )
   {
      /*
       * Use the DES encryption algorithm [4] in ECB mode [10]
       * to encrypt Clear into Cypher such that Cypher can
       * only be decrypted back to Clear by providing Key.
       * Note that the DES algorithm takes as input a 64-bit
       * stream where the 8th, 16th, 24th, etc.  bits are
       * parity bits ignored by the encrypting algorithm.
       * Unless you write your own DES to accept 56-bit input
       * without parity, you will need to insert the parity bits
       * yourself.
       */
   }

8.7.  GenerateAuthenticatorResponse()

   GenerateAuthenticatorResponse(
   IN  0-to-256-unicode-char Password,
   IN  24-octet              NT-Response,
   IN  16-octet              PeerChallenge,
   IN  16-octet              AuthenticatorChallenge,
   IN  0-to-256-char         UserName,
   OUT 42-octet              AuthenticatorResponse )
   {
      16-octet              PasswordHash
      16-octet              PasswordHashHash
      8-octet               Challenge

      /*
       * "Magic" constants used in response generation
       */

      Magic1[39] =
         {0x4D, 0x61, 0x67, 0x69, 0x63, 0x20, 0x73, 0x65, 0x72, 0x76,
          0x65, 0x72, 0x20, 0x74, 0x6F, 0x20, 0x63, 0x6C, 0x69, 0x65,
          0x6E, 0x74, 0x20, 0x73, 0x69, 0x67, 0x6E, 0x69, 0x6E, 0x67,
          0x20, 0x63, 0x6F, 0x6E, 0x73, 0x74, 0x61, 0x6E, 0x74};








Zorn                         Informational                     [Page 10]

RFC 2759                  Microsoft MS-CHAP-V2              January 2000


      Magic2[41] =
         {0x50, 0x61, 0x64, 0x20, 0x74, 0x6F, 0x20, 0x6D, 0x61, 0x6B,
          0x65, 0x20, 0x69, 0x74, 0x20, 0x64, 0x6F, 0x20, 0x6D, 0x6F,
          0x72, 0x65, 0x20, 0x74, 0x68, 0x61, 0x6E, 0x20, 0x6F, 0x6E,
          0x65, 0x20, 0x69, 0x74, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6F,
          0x6E};

      /*
       * Hash the password with MD4
       */

      NtPasswordHash( Password, giving PasswordHash )

      /*
       * Now hash the hash
       */

      HashNtPasswordHash( PasswordHash, giving PasswordHashHash)

      SHAInit(Context)
      SHAUpdate(Context, PasswordHashHash, 16)
      SHAUpdate(Context, NTResponse, 24)
      SHAUpdate(Context, Magic1, 39)
      SHAFinal(Context, Digest)

      ChallengeHash( PeerChallenge, AuthenticatorChallenge, UserName,
                     giving Challenge)

      SHAInit(Context)
      SHAUpdate(Context, Digest, 20)
      SHAUpdate(Context, Challenge, 8)
      SHAUpdate(Context, Magic2, 41)
      SHAFinal(Context, Digest)

      /*
       * Encode the value of 'Digest' as "S=" followed by
       * 40 ASCII hexadecimal digits and return it in
       * AuthenticatorResponse.
       * For example,
       *   "S=0123456789ABCDEF0123456789ABCDEF01234567"
       */

   }








Zorn                         Informational                     [Page 11]

RFC 2759                  Microsoft MS-CHAP-V2              January 2000


8.8.  CheckAuthenticatorResponse()

   CheckAuthenticatorResponse(
   IN  0-to-256-unicode-char Password,
   IN  24-octet              NtResponse,
   IN  16-octet              PeerChallenge,
   IN  16-octet              AuthenticatorChallenge,
   IN  0-to-256-char         UserName,
   IN  42-octet              ReceivedResponse,
   OUT Boolean               ResponseOK )
   {

      20-octet MyResponse

      set ResponseOK = FALSE
      GenerateAuthenticatorResponse( Password, NtResponse, PeerChallenge,
                                     AuthenticatorChallenge, UserName,
                                     giving MyResponse)

      if (MyResponse = ReceivedResponse) then set ResponseOK = TRUE
      return ResponseOK
   }

8.9.  NewPasswordEncryptedWithOldNtPasswordHash()

   datatype-PWBLOCK
   {
      256-unicode-char Password
      4-octets         PasswordLength
   }

   NewPasswordEncryptedWithOldNtPasswordHash(
   IN  0-to-256-unicode-char NewPassword,
   IN  0-to-256-unicode-char OldPassword,
   OUT datatype-PWBLOCK      EncryptedPwBlock )
   {
      NtPasswordHash( OldPassword, giving PasswordHash )

      EncryptPwBlockWithPasswordHash( NewPassword,
                                      PasswordHash,
                                      giving EncryptedPwBlock )
   }









Zorn                         Informational                     [Page 12]

RFC 2759                  Microsoft MS-CHAP-V2              January 2000


8.10.  EncryptPwBlockWithPasswordHash()

   EncryptPwBlockWithPasswordHash(
   IN  0-to-256-unicode-char Password,
   IN  16-octet              PasswordHash,
   OUT datatype-PWBLOCK      PwBlock )
   {

      Fill ClearPwBlock with random octet values

         PwSize = lstrlenW( Password ) * sizeof( unicode-char )
         PwOffset = sizeof( ClearPwBlock.Password ) - PwSize
         Move PwSize octets to (ClearPwBlock.Password + PwOffset ) from
   Password
         ClearPwBlock.PasswordLength = PwSize
         Rc4Encrypt( ClearPwBlock,
                     sizeof( ClearPwBlock ),
                     PasswordHash,
                     sizeof( PasswordHash ),
                     giving PwBlock )
      }

8.11.  Rc4Encrypt()

   Rc4Encrypt(
   IN  x-octet Clear,
   IN  integer ClearLength,
   IN  y-octet Key,
   IN  integer KeyLength,
   OUT x-octet Cypher )
   {
      /*
       * Use the RC4 encryption algorithm [6] to encrypt Clear of
       * length ClearLength octets into a Cypher of the same length
       * such that the Cypher can only be decrypted back to Clear
       * by providing a Key of length KeyLength octets.
       */
   }













Zorn                         Informational                     [Page 13]

RFC 2759                  Microsoft MS-CHAP-V2              January 2000


8.12.  OldNtPasswordHashEncryptedWithNewNtPasswordHash()

   OldNtPasswordHashEncryptedWithNewNtPasswordHash(
   IN  0-to-256-unicode-char NewPassword,
   IN  0-to-256-unicode-char OldPassword,
   OUT 16-octet              EncryptedPasswordHash )
   {
      NtPasswordHash( OldPassword, giving OldPasswordHash )
      NtPasswordHash( NewPassword, giving NewPasswordHash )
      NtPasswordHashEncryptedWithBlock( OldPasswordHash,
                                        NewPasswordHash,
                                        giving EncryptedPasswordHash )
   }

8.13.  NtPasswordHashEncryptedWithBlock()