FreeRadius Can't accept a packet that
issused from IAS
The packet is Access-Request
. It content a EAP message
I have no idea where is the problem
The below is what I have experiment
include Source code , packet content
pls , give me a help
When present in an Access-Request packet,
Message-Authenticator is an HMAC-MD5 [9] checksum of
the entire Access-Request packet,including Type, ID,
Length and authenticator, using the shared secret as
the key, as follows.
Message-Authenticator = HMAC-MD5 (Type, Identifier,
Length,Request Authenticator, Attributes)
But I got a Radius-Access-Request by Network Monitor
I found that I use HMAC-MD5 to calculate The
Radius-Packet for having Message-Authenticator
My Message-Authenticator is different with another
Messgae-Authenticator of Radius-Access-Request from
IAS
I don't know the reason ???
Who can help me ????
Help help help .....
The secret key : chenwei
The attached file could running under Borland C++
Builder
The attached file is result of parser for
Radius-Access-Request
Help me ...
1 35.280731 TELESY310868 LOCAL RADIUS Message Type:
Access Request(1) 192.168.168.95 802-1X IP
Frame: Base frame properties
Frame: Time of capture = 1/2/2002 0:41:41.431
Frame: Time delta from previous physical frame: 0
microseconds
Frame: Frame number: 1
Frame: Total frame length: 185 bytes
Frame: Capture frame length: 185 bytes
Frame: Frame data: Number of data bytes remaining
= 185 (0x00B9)
ETHERNET: ETYPE = 0x0800 : Protocol = IP: DOD
Internet Protocol
ETHERNET: Destination address : 00502200195F
ETHERNET: .......0 = Individual address
ETHERNET: ......0. = Universally administered
address
ETHERNET: Source address : 004096310868
ETHERNET: .......0 = No routing information
present
ETHERNET: ......0. = Universally administered
address
ETHERNET: Frame Length : 185 (0x00B9)
ETHERNET: Ethernet Type : 0x0800 (IP: DOD
Internet Protocol)
ETHERNET: Ethernet Data: Number of data bytes
remaining = 171 (0x00AB)
IP: ID = 0x1E96; Proto = UDP; Len: 171
IP: Version = 4 (0x4)
IP: Header Length = 20 (0x14)
IP: Precedence = Routine
IP: Type of Service = Normal Service
IP: Total Length = 171 (0xAB)
IP: Identification = 7830 (0x1E96)
IP: Flags Summary = 0 (0x0)
IP: .......0 = Last fragment in datagram
IP: ......0. = May fragment datagram if
necessary
IP: Fragment Offset = 0 (0x0) bytes
IP: Time to Live = 64 (0x40)
IP: Protocol = UDP - User Datagram
IP: Checksum = 0x891F
IP: Source Address = 192.168.168.95
IP: Destination Address = 192.168.168.220
IP: Data: Number of data bytes remaining = 151
(0x0097)
UDP: Src Port: Unknown, (1846); Dst Port: Unknown
(1645); Length = 151 (0x97)
UDP: Source Port = 0x0736
UDP: Destination Port = 0x066D
UDP: Total length = 151 (0x97) bytes
UDP: UDP Checksum = 0x7B6A
UDP: Data: Number of data bytes remaining = 143
(0x008F)
RADIUS: Message Type: Access Request(1)
RADIUS: Message Type = Access Request
RADIUS: Identifier = 54 (0x36)
RADIUS: Length = 143 (0x8F)
RADIUS: Authenticator = 23 69 0B 3E C8 9E 6B FC 01
D4 87 FA E1 E0 BC D2
RADIUS: Attribute Type: User Name(1)
RADIUS: Attribute type = User Name
RADIUS: Attribute length = 17 (0x11)
RADIUS: User name = [EMAIL PROTECTED]
RADIUS: Attribute Type: NAS IP Address(4)
RADIUS: Attribute type = NAS IP Address
RADIUS: Attribute length = 6 (0x6)
RADIUS: NAS IP address = 192.168.168.95
RADIUS: Attribute Type: Called Station ID(30)
RADIUS: Attribute type = Called Station ID
RADIUS: Attribute length = 14 (0xE)
RADIUS: Called station ID = 004096310868
RADIUS: Attribute Type: Calling Station ID(31)
RADIUS: Attribute type = Calling Station ID
RADIUS: Attribute length = 14 (0xE)
RADIUS: Calling station ID = 0060b3111111
RADIUS: Attribute Type: NAS Identifier(32)
RADIUS: Attribute type = NAS Identifier
RADIUS: Attribute length = 14 (0xE)
RADIUS: NAS identifier = AP340-310868
RADIUS: Attribute Type: NAS Port(5)
RADIUS: Attribute type = NAS Port
RADIUS: Attribute length = 6 (0x6)
RADIUS: NAS port = 29 (0x1D)
RADIUS: Attribute Type: Framed MTU(12)
RADIUS: Attribute type = Framed MTU
RADIUS: Attribute length = 6 (0x6)
RADIUS: Framed MTU = 1400 (0x578)
RADIUS: Attribute Type: NAS Port Type(61)
RADIUS: Attribute type = NAS Port Type
RADIUS: Attribute length = 6 (0x6)
RADIUS: NAS port type = 0x00000013
RADIUS: Attribute Type: ARAP EAP Message(79)
RADIUS: Attribute type = ARAP EAP Message
RADIUS: Attribute length = 22 (0x16)
RADIUS: EAP code = Response
RADIUS: EAP identifier = 9 (0x9)
RADIUS: EAP length = 20 (0x14)
RADIUS: EAP data = 01 6B 6B 40 77 69 72 65 6C
65 73 73 2E 63 6F 6D 50 12 B3 12 B6 2E EC
9A 35 93 92 10 2E C1 F2 CB 13 D4 1D 78 29 02 00...
RADIUS: Attribute Type: ARAP Signature(80)
RADIUS: Attribute type = ARAP Signature
RADIUS: Attribute length = 18 (0x12)
RADIUS: Signature =
¦�¦.8Ü5ôÆ�.-=-�+
00000: 00 50 22 00 19 5F 00 40 96 31 08 68 08 00 45
00010: 00 AB 1E 96 00 00 40 11 89 1F C0 A8 A8 5F C0
00020: A8 DC 07 36 06 6D 00 97 7B 6A
01 36 00 8F 23
69
00030: 0B 3E C8 9E 6B FC 01 D4 87 FA E1 E0 BC D2 01
00040: 6B 6B 40 77 69 72 65 6C 65 73 73 2E 63 6F 6D
04
00050: 06 C0 A8 A8 5F 1E 0E 30 30 34 30 39 36 33 31
00060: 38 36 38 1F 0E 30 30 36 30 62 33 31 31 31 31
31
00070: 31 20 0E 41 50 33 34 30 2D 33 31 30 38 36 38
05
00080: 06 00 00 00 1D 0C 06 00 00 05 78 3D 06 00 00
00
00090: 13 4F 16 02 09 00 14 01 6B 6B 40 77 69 72 65
000A0: 65 73 73 2E 63 6F 6D
50 12 B3 12 B6 2E EC 9A
35
000B0: 93 92 10 2E C1 F2 CB 13 D4
The isolated sgement is what I use HMAC_MD5 with
secret key : chenwei to digest
But I found the result is not as B3 12 B6 2E EC 9A 35
93 92 10 2E C1 F2 CB 13 D4
The code is compiled by C++builder
#include <stdio.h>
#include <stdlib.h>
#define MD5_CTX librad_MD5_CTX
#define MD5Init librad_MD5Init
#define MD5Update librad_MD5Update
#define MD5Final librad_MD5Final
#define AUTH_VECTOR_LEN 16
/* PROTOTYPES should be set to one if and only if the
compiler supports
function argument prototyping.
The following makes PROTOTYPES default to 0 if it
has not already
been defined with C compiler flags.
*/
# define PROTOTYPES 0
/* POINTER defines a generic pointer type */
typedef unsigned char *POINTER;
/* UINT2 defines a two byte word */
typedef unsigned short int UINT2;
/* UINT4 defines a four byte word */
typedef unsigned long int UINT4;
/* PROTO_LIST is defined depending on how PROTOTYPES
is defined above.
If using PROTOTYPES, then PROTO_LIST returns the
list, otherwise it
returns an empty list.
*/
#define PROTO_LIST(list) ()
typedef struct radius_packet {
//int sockfd;
//uint32_t src_ipaddr;
//uint32_t dst_ipaddr;
//u_short src_port;
//u_short dst_port;
int id;
int code;
//uint8_t vector[AUTH_VECTOR_LEN];
unsigned char
vector[AUTH_VECTOR_LEN];
//time_t timestamp;
int verified;
//uint8_t *data;
unsigned char *data;
int data_len;
//VALUE_PAIR *vps;
} RADIUS_PACKET;
typedef struct {
UINT4 state[4]; /*
state (ABCD) */
UINT4 count[2]; /* number of bits, modulo
2^64 (lsb first) */
unsigned char buffer[64]; /*
input buffer */
} MD5_CTX;
void MD5Init PROTO_LIST ((MD5_CTX *));
void MD5Update PROTO_LIST
((MD5_CTX *, const unsigned char *, unsigned int));
void MD5Final PROTO_LIST ((unsigned char [16], MD5_CTX
*));
#define S11 7
#define S12 12
#define S13 17
#define S14 22
#define S21 5
#define S22 9
#define S23 14
#define S24 20
#define S31 4
#define S32 11
#define S33 16
#define S34 23
#define S41 6
#define S42 10
#define S43 15
#define S44 21
void librad_md5_calc(unsigned char *output, unsigned
char *input,
unsigned int inputlen);
static void MD5Transform PROTO_LIST ((UINT4 [4], const
unsigned char [64]));
static void Encode PROTO_LIST
((unsigned char *, UINT4 *, unsigned int));
static void Decode PROTO_LIST
((UINT4 *, const unsigned char *, unsigned int));
static void MD5_memcpy PROTO_LIST ((POINTER, POINTER,
unsigned int));
static void MD5_memset PROTO_LIST ((POINTER, int,
unsigned int));
static const unsigned char PADDING[64] = {
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0
};
/* F, G, H and I are basic MD5 functions.
*/
#define F(x, y, z) (((x) & (y)) | ((~x) & (z)))
#define G(x, y, z) (((x) & (z)) | ((y) & (~z)))
#define H(x, y, z) ((x) ^ (y) ^ (z))
#define I(x, y, z) ((y) ^ ((x) | (~z)))
/* ROTATE_LEFT rotates x left n bits.
*/
#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >>
(32-(n))))
/* FF, GG, HH, and II transformations for rounds 1, 2,
3, and 4.
Rotation is separate from addition to prevent
recomputation.
*/
#define FF(a, b, c, d, x, s, ac) { \
(a) += F ((b), (c), (d)) + (x) + (UINT4)(ac); \
(a) = ROTATE_LEFT ((a), (s)); \
(a) += (b); \
}
#define GG(a, b, c, d, x, s, ac) { \
(a) += G ((b), (c), (d)) + (x) + (UINT4)(ac); \
(a) = ROTATE_LEFT ((a), (s)); \
(a) += (b); \
}
#define HH(a, b, c, d, x, s, ac) { \
(a) += H ((b), (c), (d)) + (x) + (UINT4)(ac); \
(a) = ROTATE_LEFT ((a), (s)); \
(a) += (b); \
}
#define II(a, b, c, d, x, s, ac) { \
(a) += I ((b), (c), (d)) + (x) + (UINT4)(ac); \
(a) = ROTATE_LEFT ((a), (s)); \
(a) += (b); \
}
void librad_md5_calc(unsigned char *output, unsigned
char *input,
unsigned int inlen)
{
MD5_CTX context;
MD5Init(&context);
MD5Update(&context, input, inlen);
MD5Final(output, &context);
}
/* MD5 initialization. Begins an MD5 operation,
writing a new context.
*/
void MD5Init (context)
MD5_CTX *context;
/* context */
{
context->count[0] = context->count[1] = 0;
/* Load magic initialization constants.
*/
context->state[0] = 0x67452301;
context->state[1] = 0xefcdab89;
context->state[2] = 0x98badcfe;
context->state[3] = 0x10325476;
}
/* MD5 block update operation. Continues an MD5
message-digest
operation, processing another message block, and
updating the
context.
*/
void MD5Update (context, input, inputLen)
MD5_CTX *context;
/* context */
const unsigned char *input;
/* input block */
unsigned int inputLen; /* length
of input block */
{
unsigned int i, index, partLen;
/* Compute number of bytes mod 64 */
index = (unsigned int)((context->count[0] >> 3) &
0x3F);
/* Update number of bits */
if ((context->count[0] += ((UINT4)inputLen << 3))
< ((UINT4)inputLen << 3))
context->count[1]++;
context->count[1] += ((UINT4)inputLen >> 29);
partLen = 64 - index;
/* Transform as many times as possible.
*/
if (inputLen >= partLen) {
MD5_memcpy
((POINTER)&context->buffer[index], (POINTER)input,
partLen);
MD5Transform (context->state, context->buffer);
for (i = partLen; i + 63 < inputLen; i += 64)
MD5Transform (context->state, &input[i]);
index = 0;
}
else
i = 0;
/* Buffer remaining input */
MD5_memcpy
((POINTER)&context->buffer[index],
(POINTER)&input[i],
inputLen-i);
}
/* MD5 finalization. Ends an MD5 message-digest
operation, writing the
the message digest and zeroizing the context.
*/
void MD5Final (digest, context)
unsigned char digest[16]; /*
message digest */
MD5_CTX *context;
/* context */
{
unsigned char bits[8];
unsigned int index, padLen;
/* Save number of bits */
Encode (bits, context->count, 8);
/* Pad out to 56 mod 64.
*/
index = (unsigned int)((context->count[0] >> 3) &
0x3f);
padLen = (index < 56) ? (56 - index) : (120 -
index);
MD5Update (context, PADDING, padLen);
/* Append length (before padding) */
MD5Update (context, bits, 8);
/* Store state in digest */
Encode (digest, context->state, 16);
/* Zeroize sensitive information.
*/
MD5_memset ((POINTER)context, 0, sizeof (*context));
}
/* MD5 basic transformation. Transforms state based on
block.
*/
static void MD5Transform (state, block)
UINT4 state[4];
const unsigned char block[64];
{
UINT4 a = state[0], b = state[1], c = state[2], d =
state[3], x[16];
Decode (x, block, 64);
/* Round 1 */
FF (a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */
FF (d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */
FF (c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */
FF (b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */
FF (a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */
FF (d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */
FF (c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */
FF (b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */
FF (a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */
FF (d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */
FF (c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */
FF (b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */
FF (a, b, c, d, x[12], S11, 0x6b901122); /* 13 */
FF (d, a, b, c, x[13], S12, 0xfd987193); /* 14 */
FF (c, d, a, b, x[14], S13, 0xa679438e); /* 15 */
FF (b, c, d, a, x[15], S14, 0x49b40821); /* 16 */
/* Round 2 */
GG (a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */
GG (d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */
GG (c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */
GG (b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */
GG (a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */
GG (d, a, b, c, x[10], S22, 0x2441453); /* 22 */
GG (c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */
GG (b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */
GG (a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */
GG (d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */
GG (c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */
GG (b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */
GG (a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */
GG (d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */
GG (c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */
GG (b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */
/* Round 3 */
HH (a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */
HH (d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */
HH (c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */
HH (b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */
HH (a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */
HH (d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */
HH (c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */
HH (b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */
HH (a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */
HH (d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */
HH (c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */
HH (b, c, d, a, x[ 6], S34, 0x4881d05); /* 44 */
HH (a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */
HH (d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */
HH (c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */
HH (b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */
/* Round 4 */
II (a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */
II (d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */
II (c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */
II (b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */
II (a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */
II (d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */
II (c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */
II (b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */
II (a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */
II (d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */
II (c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */
II (b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */
II (a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */
II (d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */
II (c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */
II (b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */
state[0] += a;
state[1] += b;
state[2] += c;
state[3] += d;
/* Zeroize sensitive information.
*/
MD5_memset ((POINTER)x, 0, sizeof (x));
}
/* Encodes input (UINT4) into output (unsigned char).
Assumes len is
a multiple of 4.
*/
static void Encode (output, input, len)
unsigned char *output;
UINT4 *input;
unsigned int len;
{
unsigned int i, j;
for (i = 0, j = 0; j < len; i++, j += 4) {
output[j] = (unsigned char)(input[i] & 0xff);
output[j+1] = (unsigned char)((input[i] >> 8) &
0xff);
output[j+2] = (unsigned char)((input[i] >> 16) &
0xff);
output[j+3] = (unsigned char)((input[i] >> 24) &
0xff);
}
}
/* Decodes input (unsigned char) into output (UINT4).
Assumes len is
a multiple of 4.
*/
static void Decode (output, input, len)
UINT4 *output;
const unsigned char *input;
unsigned int len;
{
unsigned int i, j;
for (i = 0, j = 0; j < len; i++, j += 4)
output[i] = ((UINT4)input[j]) | (((UINT4)input[j+1])
<< 8) |
(((UINT4)input[j+2]) << 16) | (((UINT4)input[j+3])
<< 24);
}
/* Note: Replace "for loop" with standard memcpy if
possible.
*/
static void MD5_memcpy (output, input, len)
POINTER output;
POINTER input;
unsigned int len;
{
unsigned int i;
for (i = 0; i < len; i++)
output[i] = input[i];
}
/* Note: Replace "for loop" with standard memset if
possible.
*/
static void MD5_memset (output, value, len)
POINTER output;
int value;
unsigned int len;
{
unsigned int i;
for (i = 0; i < len; i++)
((char *)output)[i] = (char)value;
}
void
lrad_hmac_md5(const unsigned char *text, int text_len,
const unsigned char *key, int key_len,
unsigned char *digest)
{
MD5_CTX context;
unsigned char k_ipad[65]; /* inner padding
-
* key XORd with
ipad
*/
unsigned char k_opad[65]; /* outer padding
-
* key XORd with
opad
*/
unsigned char tk[16];
int i;
/* if key is longer than 64 bytes reset it to
key=MD5(key) */
if (key_len > 64) {
MD5_CTX tctx;
MD5Init(&tctx);
MD5Update(&tctx, key, key_len);
MD5Final(tk, &tctx);
key = tk;
key_len = 16;
}
/*
* the HMAC_MD5 transform looks like:
*
* MD5(K XOR opad, MD5(K XOR ipad, text))
*
* where K is an n byte key
* ipad is the byte 0x36 repeated 64 times
* opad is the byte 0x5c repeated 64 times
* and text is the data being protected
*/
/* start out by storing key in pads */
memset( k_ipad, 0, sizeof(k_ipad));
memset( k_opad, 0, sizeof(k_opad));
memcpy( k_ipad, key, key_len);
memcpy( k_opad, key, key_len);
/* XOR key with ipad and opad values */
for (i = 0; i < 64; i++) {
k_ipad[i] ^= 0x36;
k_opad[i] ^= 0x5c;
}
/*
* perform inner MD5
*/
MD5Init(&context); /* init
context for 1st
* pass
*/
MD5Update(&context, k_ipad, 64); /* start
with inner pad */
MD5Update(&context, text, text_len); /* then
text of datagram */
MD5Final(digest, &context); /* finish
up 1st pass */
/*
* perform outer MD5
*/
MD5Init(&context); /* init
context for 2nd
* pass
*/
MD5Update(&context, k_opad, 64); /* start
with outer pad */
MD5Update(&context, digest, 16); /* then
results of 1st
* hash
*/
MD5Final(digest, &context); /* finish
up 2nd pass */
}
/*
Test Vectors (Trailing '\0' of a character string not
included in test):
key = 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
key_len = 16 bytes
data = "Hi There"
data_len = 8 bytes
digest = 0x9294727a3638bb1c13f48ef8158bfc9d
key = "Jefe"
data = "what do ya want for nothing?"
data_len = 28 bytes
digest = 0x750c783e6ab0b503eaa86e310a5db738
key = 0xAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
key_len 16 bytes
data = 0xDDDDDDDDDDDDDDDDDDDD...
..DDDDDDDDDDDDDDDDDDDD...
..DDDDDDDDDDDDDDDDDDDD...
..DDDDDDDDDDDDDDDDDDDD...
..DDDDDDDDDDDDDDDDDDDD
data_len = 50 bytes
digest = 0x56be34521d144c88dbb8c733f0e8b3f6
*/
/*
* Validates the requesting client NAS. Calculates
the
* signature based on the clients private key.
*/
/*
static int calc_acctdigest(RADIUS_PACKET *packet,
const char *secret)
{
u_char digest[AUTH_VECTOR_LEN];
MD5_CTX context;
/*
* Older clients have the authentication vector set
to
* all zeros. Return `1' in that case.
*/
/* memset(digest, 0, sizeof(digest));
if (memcmp(packet->vector, digest, AUTH_VECTOR_LEN)
== 0) {
packet->verified = 1;
return 1;
}
/*
* Zero out the auth_vector in the received packet.
* Then append the shared secret to the received
packet,
* and calculate the MD5 sum. This must be the same
* as the original MD5 sum (packet->vector).
*/
/* memset(packet->data + 4, 0, AUTH_VECTOR_LEN);
/*
* MD5(packet + secret);
*/
/* MD5Init(&context);
MD5Update(&context, packet->data, packet->data_len);
MD5Update(&context, secret, strlen(secret));
MD5Final(digest, &context);
/*
* Return 0 if OK, 2 if not OK.
*/
/* packet->verified =
memcmp(digest, packet->vector, AUTH_VECTOR_LEN) ? 2 :
0;
return packet->verified;
}
/*
* Validates the requesting client NAS. Calculates
the
* signature based on the clients private key.
*/
/*
static int calc_replydigest(RADIUS_PACKET *packet,
RADIUS_PACKET *original, const char *secret)
{
uint8_t calc_digest[AUTH_VECTOR_LEN];
MD5_CTX context;
/*
* Copy the original vector in place.
*/
/* memcpy(packet->data + 4, original->vector,
sizeof(original->vector));
/*
* MD5(packet + secret);
*/
/* MD5Init(&context);
MD5Update(&context, packet->data, packet->data_len);
MD5Update(&context, secret, strlen(secret));
MD5Final(calc_digest, &context);
/*
* Copy the packet's vector back to the packet.
*/
/* memcpy(packet->data + 4, packet->vector,
sizeof(packet->vector));
/*
* Return 0 if OK, 2 if not OK.
*/
/* packet->verified =
memcmp(packet->vector, calc_digest,
sizeof(packet->vector)) ? 2 : 0;
return packet->verified;
}
*/
int main(int argc, char **argv)
{
unsigned char digest[16];
char *key;
int key_len;
char *text;
int text_len;
int i;
key = argv[1];
key = "Jefe";
sprintf(key,"%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c",0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b,0x0b);
sprintf(key,"%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c",0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa,0xaa);
key = "chenwei";
key_len = strlen(key);
text = argv[2];
text = "what do ya want for nothing?";
text = "Hi There";
sprintf(text,"%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c",
0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd,0xdd);
sprintf(text,
"%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c",
0x01,0x36,0x00,0x8f,0x23,0x69,
0x0b,0x3e,0xc8,0x9e,0x6b,0xfc,0x01,0xd4,0x87,0xfa,0xe1,0xe0,0xbc,0xd2,0x01,0x11,
0x6B,0x6B,0x40,0x77,0x69,0x72,0x65,0x6C,0x65,0x73,0x73,0x2E,0x63,0x6F,0x6D,0x04,
0x06,0xC0,0xA8,0xA8,0x5F,0x1E,0x0E,0x30,0x30,0x34,0x30,0x39,0x36,0x33,0x31,0x30,
0x38,0x36,0x38,0x1F,0x0E,0x30,0x30,0x36,0x30,0x62,0x33,0x31,0x31,0x31,0x31,0x31,
0x31,0x20,0x0E,0x41,0x50,0x33,0x34,0x30,0x2D,0x33,0x31,0x30,0x38,0x36,0x38,0x05,
0x06,0x00,0x00,0x00,0x1D,0x0C,0x06,0x00,0x00,0x05,0x78,0x3D,0x06,0x00,0x00,0x00,
0x13,0x4F,0x16,0x02,0x09,0x00,0x14,0x01,0x6B,0x6B,0x40,0x77,0x69,0x72,0x65,0x6C,
0x65,0x73,0x73,0x2E,0x63,0x6F,0x6D
);
text_len = strlen(text);
lrad_hmac_md5(text, text_len, key, key_len, digest);
for (i = 0; i < 16; i++) {
printf("%02x", digest[i]);
}
printf("\n");
gets(digest);
exit(0);
return 0;
}
-----------------------------------------------------------------
< �C�ѳ� Yahoo!�_�� > www.yahoo.com.tw
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
