Microsoft PPP CHAP Extensions, Version 2 rfc笔记
之前在网上阅读过mschapv2 的协议流程,并记录到博客随便中
chap mschap pap协议简介,mschapv1 mschapv2 区别
8021x认证客户端都是依赖于操作系统,但是不可控,目前准备自己编写8021x客户端,所以来看看itef rfc文档了
主要文档有:
- Microsoft PPP CHAP Extensions, Version 2 rfc2759
- PPP Challenge Handshake Authentication Protocol (CHAP) rfc1944-chap
- draft-kamath-pppext-eap-mschapv2-02#page-4
http://tools.ietf.org/html/draft-kamath-pppext-eap-mschapv2-02
http://tools.ietf.org/html/draft-kamath-pppext-peapv0-00
http://tools.ietf.org/html/draft-josefsson-pppext-eap-tls-eap-06
http://tools.ietf.org/html/rfc5216
eap-peapv0 eap-peapv1的区别见https://en.wikipedia.org/wiki/Protected_Extensible_Authentication_Protocol
客户端在和radius server tls 建立完成后开始进行;
PEAPv2 part 2 will occur only if establishment of a new TLS session in Part 1 is successful or a TLS session is successfully resumed in Part 1.
PEAPv2 Packet Format
A summary of the PEAPv2 packet format is shown below. The fields are transmitted from left to right.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Code | Identifier | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Flags | Ver | Fragment Message Length
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Fragment Message Length | TLS Message Length
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| TLS Message Length | TLS Data...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Outer TLVs...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Code:1 - Request 2 - Response Identifier:The Identifier field is one octet and aids in matching responses with requests. The Identifier field MUST be changed on each Request packet. The Identifier field in a Response packet MUST match the Identifier field from the corresponding Request. Length:The Length field is two octets and indicates the length of the EAP packet including the Code, Identifier, Length, Type, Flags, Version, Fragmented Length, TLS Message Length, TLS Data, and Outer-TLV fields. Octets outside the range of the Length field should be treated as Data Link Layer padding and should be ignored on reception. Type:25 - PEAP Flags: 0 1 2 3 4 +-+-+-+-+-+ |L M S T R| +-+-+-+-+-+
L = Length included S = PEAP start T = TLS Length included R = Reserved (must be zero) The L bit (Fragmented Message Length included) is set to indicate the presence of the four octet Fragmented Message Length field, and MUST be set for the first fragment of a fragmented PEAP message or set of messages. The M bit (more fragments) is set on all but the last fragment. The S bit (PEAP start) is set in a PEAP Start message. This differentiates the PEAP Start message from a fragment acknowledgment. The T bit (TLS Message Length included) is set to indicate the presence of the four octet TLS Message Length field, and MUST only be set for packet that contains Out-TLVs. It can be used to calculate the start of the Outer-TLVs. Version 0 1 2 +-+-+-+ |R|1|0| +-+-+-+ R = Reserved (must be zero) Fragmented Message Length The Fragmented Message Length field is four octets, and is present only if the L bit is set. This field provides the total length of the data after the Fragmented Message Length field in the PEAP message or set of messages that is being fragmented. TLS Message Length The TLS Message Length field is four octets, and is present only if the T bit is set. This field provides the total length of the TLS Data in the PEAP message. Data after this length of TLS data are the Outer TLVs. TLS Data The TLS data consists of the encapsulated packet in TLS record format. Outer TLVs The Outer-TLVs consists of the optional data used to help establishing the TLS tunnel in TLV format. The start of the Outer-TLV can be derived from the EAP Length field and TLS Length field.
EAP MS-CHAP-v2 Packet Format
见draft-kamath-pppext-eap-mschapv2-02#page-4文档
A summary of the EAP MS-CHAP-V2 packet format is shown below. The fields are transmitted from left to right. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Code | Identifier | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | OpCode | MS-CHAPv2-ID | MS-Length... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | MS-Length | Data... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
第一步获取username:EAP_TYPE_IDENTITY(交换机向peer-client发request包)
查询对等方的身份用户名,然后响应identity
wpa日志为: At least FreeRADIUS seems to send full EAP header with EAP Request Identity */
第一次使用eap 头部 获取identity :
EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=5): 01 1e 00 05 01
表示:code = 0x01 identity=0x1e=30 length = 0x0005 = 5, type = 0x01
[../src/l2_packet/l2_packet_linux.c-->l2_packet_receive@167]l2_packet_receive: src=ac:74:09:9f:07:58 len=50 [../src/utils/wpa_debug.c-->wpa_msg_log@670]ens36: [wpa_supplicant.c-->wpa_supplicant_rx_eapol@4996]RX EAPOL from ac:74:09:9f:07:58 RX EAPOL - hexdump(len=50): 01 00 00 28 01 1e 00 28 19 00 17 03 03 00 1d ac 4a f0 13 c8 76 b2 38 da dd 97 93 9f 76 12 d0 de d3 46 11 1b ad e5 01 91 79 81 ca 51 00 00 fd ca 20 a6 [../src/eapol_supp/eapol_supp_sm.c-->eapol_sm_rx_eapol@1372]EAPOL: Received EAP-Packet frame [../src/eapol_supp/eapol_supp_sm.c-->sm_SUPP_BE_REQUEST_Enter@487]EAPOL: SUPP_BE entering state REQUEST [../src/eapol_supp/eapol_supp_sm.c-->eapol_sm_getSuppRsp@876]EAPOL: getSuppRsp [../src/eap_peer/eap.c-->sm_EAP_RECEIVED_Enter@311]EAP: EAP entering state RECEIVED [../src/eap_peer/eap.c-->eap_sm_parseEapReq@2041]EAP: Received EAP-Request id=30 method=25 vendor=0 vendorMethod=0 [../src/eap_peer/eap.c-->sm_EAP_METHOD_Enter@885]EAP: EAP entering state METHOD [../src/eap_peer/eap_tls_common.c-->eap_peer_tls_process_init@952]SSL: Received packet(len=40) - Flags 0x00 [../src/eap_peer/eap_peap.c-->eap_peap_decrypt@771]EAP-PEAP: received 34 bytes encrypted data for Phase 2 [../src/crypto/tls_openssl.c-->tls_msg_cb@1513]OpenSSL: RX ver=0x0 content_type=256 (TLS header info/) OpenSSL: Message - hexdump(len=5): [REMOVED] EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=5): 01 1e 00 05 01 [../src/eap_peer/eap_peap.c-->eap_peap_decrypt@873]EAP-PEAP: received Phase 2: code=1 identifier=30 length=5 [../src/eap_peer/eap_peap.c-->eap_peap_phase2_request@615]EAP-PEAP: Phase 2 Request: type=1------------------------->peap------EAP_TYPE_IDENTITY EAP: using real identity - hexdump_ascii(len=10): 32 39 31 47 51 34 47 4f 50 54 291GQ4GOPT EAP-PEAP: Encrypting Phase 2 data - hexdump(len=15): [REMOVED] [../src/crypto/tls_openssl.c-->tls_msg_cb@1513]OpenSSL: TX ver=0x0 content_type=256 (TLS header info/) OpenSSL: Message - hexdump(len=5): [REMOVED] [../src/eap_peer/eap_tls_common.c-->eap_tls_process_output@639]SSL: 40 bytes left to be sent out (of total 40 bytes) [../src/eap_peer/eap.c-->sm_EAP_METHOD_Enter@925]EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0xfe1b60 [../src/eap_peer/eap.c-->sm_EAP_SEND_RESPONSE_Enter@958]EAP: EAP entering state SEND_RESPONSE [../src/eap_peer/eap.c-->sm_EAP_IDLE_Enter@299]EAP: EAP entering state IDLE [../src/eapol_supp/eapol_supp_sm.c-->sm_SUPP_BE_RESPONSE_Enter@496]EAPOL: SUPP_BE entering state RESPONSE [../src/eapol_supp/eapol_supp_sm.c-->eapol_sm_txSuppRsp@888]EAPOL: txSuppRsp [wpas_glue.c-->wpa_supplicant_eapol_send@223]TX EAPOL: dst=01:80:c2:00:00:03 TX EAPOL - hexdump(len=50): 01 00 00 2e 02 1e 00 2e 19 00 17 03 03 00 23 c1 e0 d7 7b 98 27 5a 5e 50 76 bc 47 1e 9c 28 db 08 a5 36 c7 86 87 65 97 a0 a6 f9 3c e5 c9 f8 55 d2 92 11 [../src/eapol_supp/eapol_supp_sm.c-->sm_SUPP_BE_RECEIVE_Enter@583]EAPOL: SUPP_BE entering state RECEIVE
第二个报文:Challenge packet
解密后报文为:
EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=38): 1a 01 1f 00 25 10 5f cf 9b b4 72 5b cc 92 c1 5b ee 72 a4 bc 83 d8 66 72 65 65 72 61 64 69 75 73 2d 32 2e 34 2e 34
此时报文对应
| Type | OpCode | MS-CHAPv2-ID | MS-Length... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | MS-Length | Data... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
这些字段。
而完整解析需要就eap的头部加进去。也就是将一开始的 code identityid加到头部。
| Code | Identifier | Length |组装在一起。
MS-CHAPv2-ID The MS-CHAPv2-ID field is one octet and aids in matching MSCHAP-v2 responses with requests. Typically, the MS-CHAPv2-ID field is the same as the Identifier field. MS-Length The MS-Length field is two octets and MUST be set to the value of the Length field minus 5. Value-Size This field is one octet and indicates the length of the Challenge field. Since EAP MS-CHAPv2 utilizes a 16 octet Challenge field, it is set to 0x10 (16 decimal). Challenge The Challenge field is 16 octets. The most significant octet is transmitted first. The Challenge MUST be changed each time a Challenge is sent.
响应报文包含:client challenge也就是peer challenge, identify字段,还有nt_response 字段
[../src/l2_packet/l2_packet_linux.c-->l2_packet_receive@167]l2_packet_receive: src=ac:74:09:9f:07:58 len=81 [../src/utils/wpa_debug.c-->wpa_msg_log@670]ens36: [wpa_supplicant.c-->wpa_supplicant_rx_eapol@4996]RX EAPOL from ac:74:09:9f:07:58 RX EAPOL - hexdump(len=81): 01 00 00 49 01 1f 00 49 19 00 17 03 03 00 3e ac 4a f0 13 c8 76 b2 39 33 97 a4 c3 86 a1 67 5f 00 32 4a 51 5a 6d 57 7d ad 89 ef fd 03 df 08 33 87 19 3b b1 e0 e1 62 97 15 6a ea f5 9b f4 b0 7f a2 4f 5a 1c e8 ca 27 e9 74 f9 e9 77 95 8d 84 db 2f be [../src/eapol_supp/eapol_supp_sm.c-->eapol_sm_rx_eapol@1372]EAPOL: Received EAP-Packet frame [../src/eapol_supp/eapol_supp_sm.c-->sm_SUPP_BE_REQUEST_Enter@487]EAPOL: SUPP_BE entering state REQUEST [../src/eapol_supp/eapol_supp_sm.c-->eapol_sm_getSuppRsp@876]EAPOL: getSuppRsp [../src/eap_peer/eap.c-->sm_EAP_RECEIVED_Enter@311]EAP: EAP entering state RECEIVED [../src/eap_peer/eap.c-->eap_sm_parseEapReq@2041]EAP: Received EAP-Request id=31 method=25 vendor=0 vendorMethod=0 [../src/eap_peer/eap.c-->sm_EAP_METHOD_Enter@885]EAP: EAP entering state METHOD [../src/eap_peer/eap_tls_common.c-->eap_peer_tls_process_init@952]SSL: Received packet(len=73) - Flags 0x00 [../src/eap_peer/eap_peap.c-->eap_peap_decrypt@771]EAP-PEAP: received 67 bytes encrypted data for Phase 2 [../src/crypto/tls_openssl.c-->tls_msg_cb@1513]OpenSSL: RX ver=0x0 content_type=256 (TLS header info/) OpenSSL: Message - hexdump(len=5): [REMOVED] EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=38): 1a 01 1f 00 25 10 5f cf 9b b4 72 5b cc 92 c1 5b ee 72 a4 bc 83 d8 66 72 65 65 72 61 64 69 75 73 2d 32 2e 34 2e 34 [../src/eap_peer/eap_peap.c-->eap_peap_decrypt@873]EAP-PEAP: received Phase 2: code=1 identifier=31 length=42 [../src/eap_peer/eap_peap.c-->eap_peap_phase2_request@615]EAP-PEAP: Phase 2 Request: type=26 [../src/eap_peer/eap_peap.c-->eap_peap_phase2_request@700]EAP-PEAP: Selected Phase 2 EAP vendor 0 method 26 [../src/eap_peer/eap_mschapv2.c-->eap_mschapv2_process@815]EAP-MSCHAPV2: RX identifier 31 mschapv2_id 31 [../src/eap_peer/eap_mschapv2.c-->eap_mschapv2_challenge@249]EAP-MSCHAPV2: Received challenge----------------------》peap-mschap challenge EAP-MSCHAPV2: Authentication Servername - hexdump_ascii(len=16): 66 72 65 65 72 61 64 69 75 73 2d 32 2e 34 2e 34 freeradius-2.4.4 [../src/eap_peer/eap_mschapv2.c-->eap_mschapv2_challenge_reply@158]EAP-MSCHAPV2: Generating Challenge Response [../src/crypto/random.c-->random_get_bytes@166]Get randomness: len=16 entropy=1 MSCHAPV2: Identity - hexdump_ascii(len=10): 32 39 31 47 51 34 47 4f 50 54 291GQ4GOPT MSCHAPV2: Username - hexdump_ascii(len=10): 32 39 31 47 51 34 47 4f 50 54 291GQ4GOPT MSCHAPV2: auth_challenge - hexdump(len=16): 5f cf 9b b4 72 5b cc 92 c1 5b ee 72 a4 bc 83 d8 ----------->server challenge MSCHAPV2: peer_challenge - hexdump(len=16): 8b 73 8f b8 01 06 28 01 27 10 28 35 69 4c 45 ce ----------->client challenge MSCHAPV2: username - hexdump_ascii(len=10): 32 39 31 47 51 34 47 4f 50 54 291GQ4GOPT MSCHAPV2: password - hexdump_ascii(len=10): [REMOVED] MSCHAPV2: NT Response - hexdump(len=24): 84 60 ca e2 28 2b f6 b6 12 cf 6e e1 ec 90 43 71 3d d1 d6 00 a4 fc 71 bc MSCHAPV2: Auth Response - hexdump(len=20): d0 9c 6b 84 fb 9b 08 22 a2 f6 6b 20 27 0d 71 ca 13 84 89 b7 MSCHAPV2: Master Key - hexdump(len=16): [REMOVED] [../src/eap_peer/eap_mschapv2.c-->eap_mschapv2_challenge_reply@221]EAP-MSCHAPV2: TX identifier 31 mschapv2_id 31 (response)------》client challenge 也就是peer challenge 和 ntrespond EAP-PEAP: Encrypting Phase 2 data - hexdump(len=69): [REMOVED] [../src/crypto/tls_openssl.c-->tls_msg_cb@1513]OpenSSL: TX ver=0x0 content_type=256 (TLS header info/) OpenSSL: Message - hexdump(len=5): [REMOVED] [../src/eap_peer/eap_tls_common.c-->eap_tls_process_output@639]SSL: 94 bytes left to be sent out (of total 94 bytes) [../src/eap_peer/eap.c-->sm_EAP_METHOD_Enter@925]EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0xfe2b40 [../src/eap_peer/eap.c-->sm_EAP_SEND_RESPONSE_Enter@958]EAP: EAP entering state SEND_RESPONSE [../src/eap_peer/eap.c-->sm_EAP_IDLE_Enter@299]EAP: EAP entering state IDLE [../src/eapol_supp/eapol_supp_sm.c-->sm_SUPP_BE_RESPONSE_Enter@496]EAPOL: SUPP_BE entering state RESPONSE [../src/eapol_supp/eapol_supp_sm.c-->eapol_sm_txSuppRsp@888]EAPOL: txSuppRsp [wpas_glue.c-->wpa_supplicant_eapol_send@223]TX EAPOL: dst=01:80:c2:00:00:03 TX EAPOL - hexdump(len=104): 01 00 00 64 02 1f 00 64 19 00 17 03 03 00 59 c1 e0 d7 7b 98 27 5a 5f 66 39 62 a0 54 db 93 dd c2 01 79 d4 05 cf 7b f5 8e 15 af c7 46 3b 14 0c 8a fd ae 81 a4 00 b1 4e 20 0b b3 84 9a b8 19 9b f0 99 34 73 7a e4 44 5d 99 62 d3 16 93 a1 a3 5d e1 cb 5d 31 3a 4d e2 09 ae 68 14 84 ef 6f 8c 23 20 2e 89 f4 be aa bd 83 0f
响应字段: 为ms_response +uername
/* Response Data field */ struct ms_response { u8 peer_challenge[MSCHAPV2_CHAL_LEN]; u8 reserved[8]; u8 nt_response[MSCHAPV2_NT_RESPONSE_LEN]; u8 flags; } STRUCT_PACKED;
int mschapv2_derive_response(const u8 *identity, size_t identity_len, const u8 *password, size_t password_len, int pwhash, const u8 *auth_challenge, const u8 *peer_challenge, u8 *nt_response, u8 *auth_response, u8 *master_key) { const u8 *username; size_t username_len; u8 password_hash[16], password_hash_hash[16]; wpa_hexdump_ascii(MSG_DEBUG, "MSCHAPV2: Identity", identity, identity_len); username_len = identity_len; username = mschapv2_remove_domain(identity, &username_len); wpa_hexdump_ascii(MSG_DEBUG, "MSCHAPV2: Username", username, username_len); wpa_hexdump(MSG_DEBUG, "MSCHAPV2: auth_challenge", auth_challenge, MSCHAPV2_CHAL_LEN); wpa_hexdump(MSG_DEBUG, "MSCHAPV2: peer_challenge", peer_challenge, MSCHAPV2_CHAL_LEN); wpa_hexdump_ascii(MSG_DEBUG, "MSCHAPV2: username", username, username_len); /* Authenticator response is not really needed yet, but calculate it * here so that challenges need not be saved. */ if (pwhash) { ------------------------------- ----- } else { wpa_hexdump_ascii_key(MSG_DEBUG, "MSCHAPV2: password", password, password_len); if (generate_nt_response(auth_challenge, peer_challenge, username, username_len, password, password_len, nt_response) || generate_authenticator_response(password, password_len, peer_challenge, auth_challenge, username, username_len, nt_response, auth_response)) return -1; } wpa_hexdump(MSG_DEBUG, "MSCHAPV2: NT Response", nt_response, MSCHAPV2_NT_RESPONSE_LEN); wpa_hexdump(MSG_DEBUG, "MSCHAPV2: Auth Response", auth_response, MSCHAPV2_AUTH_RESPONSE_LEN); /* Generate master_key here since we have the needed data available. */ if (pwhash) { if (hash_nt_password_hash(password, password_hash_hash)) return -1; } else { if (nt_password_hash(password, password_len, password_hash) || hash_nt_password_hash(password_hash, password_hash_hash)) return -1; } if (get_master_key(password_hash_hash, nt_response, master_key)) return -1; wpa_hexdump_key(MSG_DEBUG, "MSCHAPV2: Master Key", master_key, MSCHAPV2_MASTER_KEY_LEN); return 0; }
此时会保存:data seeiosn 中 auth_challenge peer_challenge auth_response master_key 同时将idtenfiy
nt_response 字段的生成:
GenerateNTResponse
GenerateNTResponse( IN 16-octet AuthenticatorChallenge, IN 16-octet PeerChallenge, IN 0-to-256-char UserName, IN 0-to-256-unicode-char Password, OUT 24-octet Response ) { 8-octet Challenge 16-octet PasswordHash ChallengeHash( PeerChallenge, AuthenticatorChallenge, UserName, giving Challenge) NtPasswordHash( Password, giving PasswordHash ) ChallengeResponse( Challenge, PasswordHash, giving Response ) }
ChallengeHash
8.2. ChallengeHash() ChallengeHash( IN 16-octet PeerChallenge, IN 16-octet AuthenticatorChallenge, IN 0-to-256-char UserName, OUT 8-octet Challenge { /* * SHAInit(), SHAUpdate() and SHAFinal() functions are an * implementation of Secure Hash Algorithm (SHA-1) [11]. These are * available in public domain or can be licensed from * RSA Data Security, Inc. */ SHAInit(Context) SHAUpdate(Context, PeerChallenge, 16) SHAUpdate(Context, AuthenticatorChallenge, 16) /* * Only the user name (as presented by the peer and * excluding any prepended domain name) * is used as input to SHAUpdate(). */ SHAUpdate(Context, UserName, strlen(Username)) SHAFinal(Context, Digest) memcpy(Challenge, Digest, 8) }
NtPasswordHash
NtPasswordHash( IN 0-to-256-unicode-char Password, OUT 16-octet PasswordHash ) { /* * Use the MD4 algorithm [5] to irreversibly hash Password * into PasswordHash. Only the password is hashed without * including any terminating 0. */ }
ChallengeResponse
ChallengeResponse( IN 8-octet Challenge, IN 16-octet PasswordHash, OUT 24-octet Response ) { Set ZPasswordHash to PasswordHash zero-padded to 21 octets DesEncrypt( Challenge, 1st 7-octets of ZPasswordHash, giving 1st 8-octets of Response ) DesEncrypt( Challenge, 2nd 7-octets of ZPasswordHash, giving 2nd 8-octets of Response ) DesEncrypt( Challenge, 3rd 7-octets of ZPasswordHash, giving 3rd 8-octets of Response ) }
/** * generate_nt_response - GenerateNTResponse() - RFC 2759, Sect. 8.1 * @auth_challenge: 16-octet AuthenticatorChallenge (IN) * @peer_challenge: 16-octet PeerChallenge (IN) * @username: 0-to-256-char UserName (IN) * @username_len: Length of username * @password: 0-to-256-unicode-char Password (IN; UTF-8) * @password_len: Length of password * @response: 24-octet Response (OUT) * Returns: 0 on success, -1 on failure */ int generate_nt_response(const u8 *auth_challenge, const u8 *peer_challenge, const u8 *username, size_t username_len, const u8 *password, size_t password_len, u8 *response) { u8 challenge[8]; u8 password_hash[16]; if (challenge_hash(peer_challenge, auth_challenge, username, username_len, challenge) || nt_password_hash(password, password_len, password_hash) || challenge_response(challenge, password_hash, response)) return -1; return 0; } /** * challenge_hash - ChallengeHash() - RFC 2759, Sect. 8.2 * @peer_challenge: 16-octet PeerChallenge (IN) * @auth_challenge: 16-octet AuthenticatorChallenge (IN) * @username: 0-to-256-char UserName (IN) * @username_len: Length of username * @challenge: 8-octet Challenge (OUT) * Returns: 0 on success, -1 on failure */ int challenge_hash(const u8 *peer_challenge, const u8 *auth_challenge, const u8 *username, size_t username_len, u8 *challenge) { u8 hash[SHA1_MAC_LEN]; const unsigned char *addr[3]; size_t len[3]; addr[0] = peer_challenge; len[0] = 16; addr[1] = auth_challenge; len[1] = 16; addr[2] = username; len[2] = username_len; if (sha1_vector(3, addr, len, hash)) return -1; os_memcpy(challenge, hash, 8); return 0; } /** * challenge_response - ChallengeResponse() - RFC 2759, Sect. 8.5 * @challenge: 8-octet Challenge (IN) * @password_hash: 16-octet PasswordHash (IN) * @response: 24-octet Response (OUT) * Returns: 0 on success, -1 on failure */ int challenge_response(const u8 *challenge, const u8 *password_hash, u8 *response) { u8 zpwd[7]; if (des_encrypt(challenge, password_hash, response) < 0 || des_encrypt(challenge, password_hash + 7, response + 8) < 0) return -1; zpwd[0] = password_hash[14]; zpwd[1] = password_hash[15]; os_memset(zpwd + 2, 0, 5); return des_encrypt(challenge, zpwd, response + 16); }
参考:https://datatracker.ietf.org/doc/html/rfc2759#page-7
auth_response字段计算
/** * generate_authenticator_response - GenerateAuthenticatorResponse() - RFC 2759, Sect. 8.7 * @password: 0-to-256-unicode-char Password (IN; UTF-8) * @password_len: Length of password * @nt_response: 24-octet NT-Response (IN) * @peer_challenge: 16-octet PeerChallenge (IN) * @auth_challenge: 16-octet AuthenticatorChallenge (IN) * @username: 0-to-256-char UserName (IN) * @username_len: Length of username * @response: 20-octet AuthenticatorResponse (OUT) (note: this value is usually * encoded as a 42-octet ASCII string (S=hexdump_of_response) * Returns: 0 on success, -1 on failure */ int generate_authenticator_response(const u8 *password, size_t password_len, const u8 *peer_challenge, const u8 *auth_challenge, const u8 *username, size_t username_len, const u8 *nt_response, u8 *response) { u8 password_hash[16]; if (nt_password_hash(password, password_len, password_hash)) return -1; return generate_authenticator_response_pwhash( password_hash, peer_challenge, auth_challenge, username, username_len, nt_response, response); }
mschap 第三个包:MSCHAPV2_OP_SUCCESS /MSCHAPV2_OP_FAILURE
第二个响应包将返回peer_challenge 等字段,radius server 校验完毕后,会返回mschap v2 success 报文MSCHAPV2_OP_SUCCESS 或者 MSCHAPV2_OP_FAILURE 报文
radius 服务端校验方法为:
//radius 收到 peer_challange server_challenge username //根据peer_challange server_challenge username 计算出 mschapv1_challenge //nt_passord + mschapv1_challenge---->calsum 然后和peer_nt_respone比较=0 //同时对nt_passwd进行md4_cal 等到nthashhash // radius 响应计算---> //username peer_response peer_challenge our——challenge nthashhash --->计算出msch2resp 响应给客户端
客户端收到消息
解码后mschap报文为:
1a 03 1f 00 2e 53 3d 44 30 39 43 36 42 38 34 46 42 39 42 30 38 32 32 41 32 46 36 36 42 32 30 32 37 30 44 37 31 43 41 31 33 38 34 38 39 42 37
| Type | OpCode | MS-CHAPv2-ID | MS-Length... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | MS-Length | Message... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Type 26 - EAP MS-CHAP-V2 OpCode 3 - Success
[../src/eapol_supp/eapol_supp_sm.c-->sm_SUPP_BE_RECEIVE_Enter@583]EAPOL: SUPP_BE entering state RECEIVE [../src/l2_packet/l2_packet_linux.c-->l2_packet_receive@167]l2_packet_receive: src=ac:74:09:9f:07:58 len=90 [../src/utils/wpa_debug.c-->wpa_msg_log@670]ens36: [wpa_supplicant.c-->wpa_supplicant_rx_eapol@4996]RX EAPOL from ac:74:09:9f:07:58 RX EAPOL - hexdump(len=90): 01 00 00 52 01 20 00 52 19 00 17 03 03 00 47 ac 4a f0 13 c8 76 b2 3a df da a2 64 47 76 82 41 41 68 bd 05 e8 b9 ae 58 d0 27 1c 22 9a cf 04 74 f9 eb a5 ce 31 aa be dc f3 fb 10 a1 18 19 7d 46 90 4b 9e 8c c4 eb 0c 82 9a b6 86 4c ae 36 94 90 ae af 86 b8 bc e1 e2 54 96 9a e6 [../src/eapol_supp/eapol_supp_sm.c-->eapol_sm_rx_eapol@1372]EAPOL: Received EAP-Packet frame [../src/eapol_supp/eapol_supp_sm.c-->sm_SUPP_BE_REQUEST_Enter@487]EAPOL: SUPP_BE entering state REQUEST [../src/eapol_supp/eapol_supp_sm.c-->eapol_sm_getSuppRsp@876]EAPOL: getSuppRsp [../src/eap_peer/eap.c-->sm_EAP_RECEIVED_Enter@311]EAP: EAP entering state RECEIVED [../src/eap_peer/eap.c-->eap_sm_parseEapReq@2041]EAP: Received EAP-Request id=32 method=25 vendor=0 vendorMethod=0 [../src/eap_peer/eap.c-->sm_EAP_METHOD_Enter@885]EAP: EAP entering state METHOD [../src/eap_peer/eap_tls_common.c-->eap_peer_tls_process_init@952]SSL: Received packet(len=82) - Flags 0x00 [../src/eap_peer/eap_peap.c-->eap_peap_decrypt@771]EAP-PEAP: received 76 bytes encrypted data for Phase 2 [../src/crypto/tls_openssl.c-->tls_msg_cb@1513]OpenSSL: RX ver=0x0 content_type=256 (TLS header info/) OpenSSL: Message - hexdump(len=5): [REMOVED] (00 2e ----> ms-length = 46) 46+5 == 51 总长度=51,去掉eap头部,mschap头部为51-4 = 47 字节 对应下面47 EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=47): 1a 03 1f 00 2e 53 3d 44 30 39 43 36 42 38 34 46 42 39 42 30 38 32 32 41 32 46 36 36 42 32 30 32 37 30 44 37 31 43 41 31 33 38 34 38 39 42 37 [../src/eap_peer/eap_peap.c-->eap_peap_decrypt@873]EAP-PEAP: received Phase 2: code=1 identifier=32 length=51 [../src/eap_peer/eap_peap.c-->eap_peap_phase2_request@615]EAP-PEAP: Phase 2 Request: type=26 [../src/eap_peer/eap_mschapv2.c-->eap_mschapv2_process@815]EAP-MSCHAPV2: RX identifier 32 mschapv2_id 31(0x1f) ----》 mschapv2_verify_auth_response [../src/eap_peer/eap_mschapv2.c-->eap_mschapv2_success@352]EAP-MSCHAPV2: Received success EAP-MSCHAPV2: Success message - hexdump_ascii(len=0): [../src/eap_peer/eap_mschapv2.c-->eap_mschapv2_success@371]EAP-MSCHAPV2: Authentication succeeded EAP-PEAP: Encrypting Phase 2 data - hexdump(len=6): [REMOVED] [../src/crypto/tls_openssl.c-->tls_msg_cb@1513]OpenSSL: TX ver=0x0 content_type=256 (TLS header info/) OpenSSL: Message - hexdump(len=5): [REMOVED] [../src/eap_peer/eap_tls_common.c-->eap_tls_process_output@639]SSL: 31 bytes left to be sent out (of total 31 bytes) [../src/eap_peer/eap.c-->sm_EAP_METHOD_Enter@925]EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0xfe03c0 EAP: Session-Id - hexdump(len=65): 19 26 c2 5f 10 c0 d7 0a 15 aa 66 e0 39 83 d6 03 21 a2 64 88 ef 9e ed c0 91 3c af ac dd 0a 8d 6c 3f 56 d0 5f ca c8 76 40 58 39 47 ba 0c 77 ec c0 91 d6 ef 0f 21 33 96 43 17 d4 50 56 ec 1f e8 f0 a3 [../src/eap_peer/eap.c-->sm_EAP_SEND_RESPONSE_Enter@958]EAP: EAP entering state SEND_RESPONSE [../src/eap_peer/eap.c-->sm_EAP_IDLE_Enter@299]EAP: EAP entering state IDLE [../src/eapol_supp/eapol_supp_sm.c-->sm_SUPP_BE_RESPONSE_Enter@496]EAPOL: SUPP_BE entering state RESPONSE [../src/eapol_supp/eapol_supp_sm.c-->eapol_sm_txSuppRsp@888]EAPOL: txSuppRsp [wpas_glue.c-->wpa_supplicant_eapol_send@223]TX EAPOL: dst=01:80:c2:00:00:03 TX EAPOL - hexdump(len=41): 01 00 00 25 02 20 00 25 19 00 17 03 03 00 1a c1 e0 d7 7b 98 27 5a 60 e4 e0 e9 8e 24 a9 b5 91 8e b4 a7 f7 26 10 ff 82 89 6d
收到success 报文的时候校验其 20 byte 字节内容和之前保存的auth_response 是否一样
int mschapv2_verify_auth_response(const u8 *auth_response, const u8 *buf, size_t buf_len) { u8 recv_response[MSCHAPV2_AUTH_RESPONSE_LEN]; if (buf_len < 2 + 2 * MSCHAPV2_AUTH_RESPONSE_LEN || buf[0] != 'S' || buf[1] != '=' || hexstr2bin((char *) (buf + 2), recv_response, MSCHAPV2_AUTH_RESPONSE_LEN) || os_memcmp_const(auth_response, recv_response, MSCHAPV2_AUTH_RESPONSE_LEN) != 0) return -1; return 0; }
第四个mschap包TLVs交互:TLVs EAP_TLV_RESULT_SUCCESS or failed
参考rfchttps://datatracker.ietf.org/doc/html/draft-josefsson-pppext-eap-tls-eap-10#page-27
[../src/eapol_supp/eapol_supp_sm.c-->sm_SUPP_BE_RECEIVE_Enter@583]EAPOL: SUPP_BE entering state RECEIVE
[../src/l2_packet/l2_packet_linux.c-->l2_packet_receive@167]l2_packet_receive: src=ac:74:09:9f:07:58 len=54
[../src/utils/wpa_debug.c-->wpa_msg_log@670]ens36: [wpa_supplicant.c-->wpa_supplicant_rx_eapol@4996]RX EAPOL from ac:74:09:9f:07:58
RX EAPOL - hexdump(len=54): 01 00 00 2e 01 21 00 2e 19 00 17 03 03 00 23 ac 4a f0 13 c8 76 b2 3b 4a b6 df c2 1e 08 57 62 dd da fd 06 47 8a 65 c8 b4 0a cf 24 e3 c0 f2 71 f6 0b 35 93 e1 aa ef
[../src/eapol_supp/eapol_supp_sm.c-->eapol_sm_rx_eapol@1372]EAPOL: Received EAP-Packet frame
[../src/eapol_supp/eapol_supp_sm.c-->sm_SUPP_BE_REQUEST_Enter@487]EAPOL: SUPP_BE entering state REQUEST
[../src/eapol_supp/eapol_supp_sm.c-->eapol_sm_getSuppRsp@876]EAPOL: getSuppRsp
[../src/eap_peer/eap.c-->sm_EAP_RECEIVED_Enter@311]EAP: EAP entering state RECEIVED
[../src/eap_peer/eap.c-->eap_sm_parseEapReq@2041]EAP: Received EAP-Request id=33 method=25 vendor=0 vendorMethod=0
[../src/eap_peer/eap.c-->sm_EAP_METHOD_Enter@885]EAP: EAP entering state METHOD
[../src/eap_peer/eap_tls_common.c-->eap_peer_tls_process_init@952]SSL: Received packet(len=46) - Flags 0x00
[../src/eap_peer/eap_peap.c-->eap_peap_decrypt@771]EAP-PEAP: received 40 bytes encrypted data for Phase 2
[../src/crypto/tls_openssl.c-->tls_msg_cb@1513]OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=11): 01 21 00 0b 21 80 03 00 02 00 01
[../src/eap_peer/eap_peap.c-->eap_peap_decrypt@873]EAP-PEAP: received Phase 2: code=1 identifier=33 length=11
[../src/eap_peer/eap_peap.c-->eap_peap_phase2_request@615]EAP-PEAP: Phase 2 Request: type=33 -0---------------------------->tlv 包
EAP-TLV: Received TLVs - hexdump(len=6): 80 03 00 02 00 01 MR+TLtype = 0x8003 length= 0x0002 value= 0x0001
EAP-TLV: Result TLV - hexdump(len=2): 00 01
[../src/eap_peer/eap_peap.c-->eap_tlv_process@565]EAP-TLV: TLV Result - Success - EAP-TLV/Phase2 Completed--------->tlV EAP_TYPE_TLV
EAP-PEAP: Encrypting Phase 2 data - hexdump(len=11): [REMOVED]
[../src/crypto/tls_openssl.c-->tls_msg_cb@1513]OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): [REMOVED]
[../src/eap_peer/eap_tls_common.c-->eap_tls_process_output@639]SSL: 40 bytes left to be sent out (of total 40 bytes)
[../src/eap_peer/eap.c-->sm_EAP_METHOD_Enter@925]EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC eapRespData=0xfdc480
EAP: Session-Id - hexdump(len=65): 19 26 c2 5f 10 c0 d7 0a 15 aa 66 e0 39 83 d6 03 21 a2 64 88 ef 9e ed c0 91 3c af ac dd 0a 8d 6c 3f 56 d0 5f ca c8 76 40 58 39 47 ba 0c 77 ec c0 91 d6 ef 0f 21 33 96 43 17 d4 50 56 ec 1f e8 f0 a3
[../src/eap_peer/eap.c-->sm_EAP_SEND_RESPONSE_Enter@958]EAP: EAP entering state SEND_RESPONSE
[../src/eap_peer/eap.c-->sm_EAP_IDLE_Enter@299]EAP: EAP entering state IDLE
[../src/eapol_supp/eapol_supp_sm.c-->sm_SUPP_BE_RESPONSE_Enter@496]EAPOL: SUPP_BE entering state RESPONSE
[../src/eapol_supp/eapol_supp_sm.c-->eapol_sm_txSuppRsp@888]EAPOL: txSuppRsp
[wpas_glue.c-->wpa_supplicant_eapol_send@223]TX EAPOL: dst=01:80:c2:00:00:03
TX EAPOL - hexdump(len=50): 01 00 00 2e 02 21 00 2e 19 00 17 03 03 00 23 c1 e0 d7 7b 98 27 5a 61 61 2e e7 72 6f 9c 42 17 f5 e7 5e b3 3f d8 5b 17 61 46 c1 51 2f d5 60 3f 01 82 c6
The TLVs used within PEAPv2 are standard Type-Length-Value (TLV)objects.
The TLV objects could be used to carry arbitrary parameters between EAP peer and EAP server.
Possible uses for TLV objects include: language and character set for Notification messages and cryptographic binding.
PEAPv2 中使用的 TLV 是标准的类型-长度-值(TLV)对象。TLV 对象可以用于在 EAP peer client和 EAP 服务器之间传递任意参数。TLV 对象的可能用途包括:通知消息的语言和字符集以及加密绑定。
EAP peer client 不一定实现 EAP 服务器支持的所有 TLV;因此,为了实现互操作性,TLV 允许 EAP 服务器使用 NAK TLV 来发现EAP peer client是否支持某个 TLV。PEAPv2 数据包不必包含任何 TLV,也不需要包含任何强制性 TLV。
TLV 中的强制位指示是否需要支持该 TLV。如果EAP peer client或服务器不支持 TLV,则必须发送一个 NAK TLV 作为响应,并且消息中的所有其他 TLV 必须被忽略。
如果EAP peer client或服务器发现一个标记为可选的、不支持的 TLV,则可以忽略该不支持的 TLV,但不能发送 NAK TLV。
TLV Format
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|M|R| TLV Type | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Value...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
M ------->0 - Optional TLV 1 - Mandatory TLV
R------> Reserved, set to zero (0)
TLV Type
A 14-bit field, denoting the TLV type. Allocated Types include:
A 14-bit field, denoting the TLV type. Allocated Types include: 0 - Reserved 1 - Reserved 2 - Reserved 3 - Result-TLV - Acknowledged Result 4 - NAK-TLV 5 - Error-Code TLV 6 - Connection-Binding TLV 7 - Vendor-Specific TLV 8 - URI-TLV 9 - EAP-Payload TLV 10 - Intermediate-Result TLV 11 - Reserved 12 - Crypto-Binding TLV 13 - Calling-Station-Id TLV 14 - Called-Station-Id TLV 15 - NAS-Port-Type TLV 16 - Server-Identifier TLV 17 - Identity-Type TLV 18 - Server-Trusted-Root TLV 19 - Request-Action TLV 20 - PKCS#7 TLV
Length: The length of the Value field in octets.占用2字节
第五个包:
[../src/eapol_supp/eapol_supp_sm.c-->sm_SUPP_BE_RECEIVE_Enter@583]EAPOL: SUPP_BE entering state RECEIVE [../src/l2_packet/l2_packet_linux.c-->l2_packet_receive@167]l2_packet_receive: src=ac:74:09:9f:07:58 len=50 [../src/utils/wpa_debug.c-->wpa_msg_log@670]ens36: [wpa_supplicant.c-->wpa_supplicant_rx_eapol@4996]RX EAPOL from ac:74:09:9f:07:58 RX EAPOL - hexdump(len=50): 01 00 00 04 03 21 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 77 6e 84 [../src/eapol_supp/eapol_supp_sm.c-->eapol_sm_rx_eapol@1372]EAPOL: Received EAP-Packet frame [../src/eapol_supp/eapol_supp_sm.c-->sm_SUPP_BE_REQUEST_Enter@487]EAPOL: SUPP_BE entering state REQUEST [../src/eapol_supp/eapol_supp_sm.c-->eapol_sm_getSuppRsp@876]EAPOL: getSuppRsp [../src/eap_peer/eap.c-->sm_EAP_RECEIVED_Enter@311]EAP: EAP entering state RECEIVED [../src/eap_peer/eap.c-->eap_sm_parseEapReq@2066]EAP: Received EAP-Success [../src/eap_peer/eap.c-->eap_notify_status@93]EAP: Status notification: completion (param=success) [../src/eap_peer/eap.c-->sm_EAP_SUCCESS_Enter@1049]EAP: EAP entering state SUCCESS [../src/utils/wpa_debug.c-->wpa_msg_log@670]ens36: [../src/eap_peer/eap.c-->sm_EAP_SUCCESS_Enter@1070]CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully [../src/eapol_supp/eapol_supp_sm.c-->sm_SUPP_PAE_Step@414]EAPOL: IEEE 802.1X for plaintext connection; no EAPOL-Key frames required [../src/utils/wpa_debug.c-->wpa_msg_log@670]ens36: [wpas_glue.c-->wpa_supplicant_notify_eapol_done@371]WPA: EAPOL processing complete [../src/utils/wpa_debug.c-->wpa_msg_log@670]ens36: [wpa_supplicant.c-->wpa_supplicant_cancel_auth_timeout@292]Cancelling authentication timeout [../src/utils/wpa_debug.c-->wpa_msg_log@670]ens36: [wpa_supplicant.c-->wpa_supplicant_set_state@927]State: ASSOCIATED -> COMPLETED [../src/utils/wpa_debug.c-->wpa_msg_log@670]ens36: [wpa_supplicant.c-->wpa_supplicant_set_state@1003]CTRL-EVENT-CONNECTED - Connection to 01:80:c2:00:00:03 completed [id=0 id_str=] [../src/eapol_supp/eapol_supp_sm.c-->sm_SUPP_PAE_AUTHENTICATED_Enter@320]EAPOL: SUPP_PAE entering state AUTHENTICATED [wpas_glue.c-->wpa_supplicant_port_cb@1070]EAPOL: Supplicant port status: Authorized [../src/eapol_supp/eapol_supp_sm.c-->sm_SUPP_BE_RECEIVE_Enter@583]EAPOL: SUPP_BE entering state RECEIVE [../src/eapol_supp/eapol_supp_sm.c-->sm_SUPP_BE_SUCCESS_Enter@504]EAPOL: SUPP_BE entering state SUCCESS [../src/eapol_supp/eapol_supp_sm.c-->sm_SUPP_BE_IDLE_Enter@558]EAPOL: SUPP_BE entering state IDLE [wpas_glue.c-->wpa_supplicant_eapol_cb@292]EAPOL authentication completed - result=SUCCESS ^C[../src/utils/wpa_debug.c-->wpa_msg_log@670]ens36: [wpa_supplicant.c-->wpa_supplicant_remove_iface@7188]Removing interface ens36 [../src/utils/wpa_debug.c-->wpa_msg_log@670]ens36: [wpa_supplicant.c-->wpa_supplicant_deauthenticate@4123]Request to deauthenticate - bssid=01:80:c2:00:00:03 pending_bssid=00:00:00:00:00:00 reason=3 (DEAUTH_LEAVING) state=COMPLETED [../src/rsn_supp/tdls.c-->wpa_tdls_teardown_peers@2930]TDLS: Tear down peers [../src/utils/wpa_debug.c-->wpa_msg_log@670]ens36: [events.c-->wpa_supplicant_event@4927]Event DEAUTH (11) received [../src/utils/wpa_debug.c-->wpa_msg_log@670]ens36: [events.c-->wpas_event_deauth@4230]Deauthentication notification [../src/utils/wpa_debug.c-->wpa_msg_log@670]ens36: [events.c-->wpas_event_deauth@4240] * reason 3 (DEAUTH_LEAVING) locally_generated=1 Deauthentication frame IE(s) - hexdump(len=0): [NULL] [../src/utils/wpa_debug.c-->wpa_msg_log@670]ens36: [events.c-->wpa_supplicant_event_disassoc@3569]CTRL-EVENT-DISCONNECTED bssid=01:80:c2:00:00:03 reason=3 locally_generated=1 [../src/utils/wpa_debug.c-->wpa_msg_log@670]ens36: [events.c-->wpa_supplicant_event_disassoc_finish@3682]Auto connect disabled: do not try to re-connect [../src/utils/wpa_debug.c-->wpa_msg_log@670]ens36: [wpa_supplicant.c-->wpas_connection_failed@7680]Ignore connection failure indication since interface has been put into disconnected state [../src/rsn_supp/tdls.c-->wpa_tdls_disassoc@2993]TDLS: Remove peers on disassociation [../src/utils/wpa_debug.c-->wpa_msg_log@670]ens36: [../src/rsn_supp/wpa.c-->wpa_sm_drop_sa@3839]WPA: Clear old PMK and PTK [../src/utils/wpa_debug.c-->wpa_msg_log@670]ens36: [events.c-->wpa_supplicant_event_disassoc_finish@3702]Disconnect event - remove keys [../src/utils/wpa_debug.c-->wpa_msg_log@670]ens36: [wpa_supplicant.c-->wpa_supplicant_set_state@927]State: COMPLETED -> DISCONNECTED [../src/eapol_supp/eapol_supp_sm.c-->eapol_sm_notify_portEnabled@1462]EAPOL: External notification - portEnabled=0 [../src/eapol_supp/eapol_supp_sm.c-->sm_SUPP_PAE_DISCONNECTED_Enter@234]EAPOL: SUPP_PAE entering state DISCONNECTED [wpas_glue.c-->wpa_supplicant_port_cb@1070]EAPOL: Supplicant port status: Unauthorized [../src/eapol_supp/eapol_supp_sm.c-->sm_SUPP_BE_INITIALIZE_Enter@566]EAPOL: SUPP_BE entering state INITIALIZE [../src/eap_peer/eap.c-->sm_EAP_DISABLED_Enter@280]EAP: EAP entering state DISABLED [../src/eapol_supp/eapol_supp_sm.c-->eapol_sm_notify_portValid@1482]EAPOL: External notification - portValid=0 [../src/utils/wpa_debug.c-->wpa_msg_log@670]ens36: [wpa_supplicant.c-->wpa_supplicant_set_state@927]State: DISCONNECTED -> DISCONNECTED [../src/eapol_supp/eapol_supp_sm.c-->eapol_sm_notify_portEnabled@1462]EAPOL: External notification - portEnabled=0 [../src/eapol_supp/eapol_supp_sm.c-->eapol_sm_notify_portValid@1482]EAPOL: External notification - portValid=0 [robust_av.c-->wpas_dscp_deinit@1159]QM: Clear all active DSCP policies [../src/utils/wpa_debug.c-->wpa_msg_log@670]ens36: [robust_av.c-->wpas_dscp_deinit@1160]CTRL-EVENT-DSCP-POLICY clear_all [../src/eap_peer/eap.c-->eap_deinit_prev_method@125]EAP: deinitialize previously used EAP method (25, PEAP) at EAP deinit [../src/crypto/tls_openssl.c-->tls_engine_deinit@1300]ENGINE: engine deinit [../src/utils/wpa_debug.c-->wpa_msg_log@670]ens36: [../src/rsn_supp/wpa.c-->wpa_sm_drop_sa@3839]WPA: Clear old PMK and PTK [../src/utils/wpa_debug.c-->wpa_msg_log@670]ens36: [scan.c-->wpa_supplicant_cancel_scan@1837]Cancelling scan request [../src/utils/wpa_debug.c-->wpa_msg_log@670]ens36: [wpa_supplicant.c-->wpa_supplicant_cancel_auth_timeout@292]Cancelling authentication timeout [offchannel.c-->offchannel_clear_pending_action_tx@471]Off-channel: Clear pending Action frame TX (pending_action_tx=(nil) [hs20_supplicant.c-->hs20_del_icon@395]HS20: Delete all stored icons [offchannel.c-->offchannel_send_action_done@399]Off-channel: Action frame sequence done notification: pending_action_tx=(nil) drv_offchan_tx=0 action_tx_wait_time=0 off_channel_freq=0 roc_waiting_drv_freq=0 [robust_av.c-->wpas_dscp_deinit@1159]QM: Clear all active DSCP policies [../src/utils/wpa_debug.c-->wpa_msg_log@670]ens36: [robust_av.c-->wpas_dscp_deinit@1160]CTRL-EVENT-DSCP-POLICY clear_all [wpa_supplicant.c-->radio_remove_interface@6306]Remove interface ens36 from radio [wpa_supplicant.c-->radio_remove_interface@6317]Remove radio [../src/utils/wpa_debug.c-->wpa_msg_log@670]ens36: [wpa_supplicant.c-->wpa_supplicant_deinit_iface@6975]CTRL-EVENT-TERMINATING
preap-mschap第二阶段逻辑为:
1、交换机发送identity
2、peer-client 响应username
3、交换机发送server-challenge
4、peer 收到 server-challgen 响应peer-challenge identity-username hash(ntpassword)---ntrespone
5、交换机/radius 校验ntpassword后 发送auth_response 等字段
6、peer client 校验auth-resp等字段 响应succes 报文
7、交换机/radius 收到success后,响应 发送 tlv succes
8、 peer-client 响应tls success
9、交换机响应eap success
http代理服务器(3-4-7层代理)-网络事件库公共组件、内核kernel驱动 摄像头驱动 tcpip网络协议栈、netfilter、bridge 好像看过!!!!
但行好事 莫问前程
--身高体重180的胖子
浙公网安备 33010602011771号