RADIUS authentication: radiusauth/libmschap.php@7e0b422b1725 (annotated)

0 7e0b422b1725 First working revision. Dan parents: diff changeset	1	<?php
7e0b422b1725 First working revision. Dan parents: diff changeset	2
7e0b422b1725 First working revision. Dan parents: diff changeset	3	/*
7e0b422b1725 First working revision. Dan parents: diff changeset	4	Copyright (c) 2003, Michael Bretterklieber <michael@bretterklieber.com>
7e0b422b1725 First working revision. Dan parents: diff changeset	5	All rights reserved.
7e0b422b1725 First working revision. Dan parents: diff changeset	6
7e0b422b1725 First working revision. Dan parents: diff changeset	7	Redistribution and use in source and binary forms, with or without
7e0b422b1725 First working revision. Dan parents: diff changeset	8	modification, are permitted provided that the following conditions
7e0b422b1725 First working revision. Dan parents: diff changeset	9	are met:
7e0b422b1725 First working revision. Dan parents: diff changeset	10
7e0b422b1725 First working revision. Dan parents: diff changeset	11	1. Redistributions of source code must retain the above copyright
7e0b422b1725 First working revision. Dan parents: diff changeset	12	notice, this list of conditions and the following disclaimer.
7e0b422b1725 First working revision. Dan parents: diff changeset	13	2. Redistributions in binary form must reproduce the above copyright
7e0b422b1725 First working revision. Dan parents: diff changeset	14	notice, this list of conditions and the following disclaimer in the
7e0b422b1725 First working revision. Dan parents: diff changeset	15	documentation and/or other materials provided with the distribution.
7e0b422b1725 First working revision. Dan parents: diff changeset	16	3. The names of the authors may not be used to endorse or promote products
7e0b422b1725 First working revision. Dan parents: diff changeset	17	derived from this software without specific prior written permission.
7e0b422b1725 First working revision. Dan parents: diff changeset	18
7e0b422b1725 First working revision. Dan parents: diff changeset	19	THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
7e0b422b1725 First working revision. Dan parents: diff changeset	20	ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
7e0b422b1725 First working revision. Dan parents: diff changeset	21	WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
7e0b422b1725 First working revision. Dan parents: diff changeset	22	IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
7e0b422b1725 First working revision. Dan parents: diff changeset	23	INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
7e0b422b1725 First working revision. Dan parents: diff changeset	24	BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
7e0b422b1725 First working revision. Dan parents: diff changeset	25	DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
7e0b422b1725 First working revision. Dan parents: diff changeset	26	OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
7e0b422b1725 First working revision. Dan parents: diff changeset	27	NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
7e0b422b1725 First working revision. Dan parents: diff changeset	28	EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
7e0b422b1725 First working revision. Dan parents: diff changeset	29
7e0b422b1725 First working revision. Dan parents: diff changeset	30	The author of this file respectfully requests that you refrain from
7e0b422b1725 First working revision. Dan parents: diff changeset	31	relicensing it under the GPL, although the BSD license permits you to do so.
7e0b422b1725 First working revision. Dan parents: diff changeset	32
7e0b422b1725 First working revision. Dan parents: diff changeset	33	$Id: mschap.php,v 1.5 2003/01/26 20:31:11 mbretter Exp $
7e0b422b1725 First working revision. Dan parents: diff changeset	34	*/
7e0b422b1725 First working revision. Dan parents: diff changeset	35
7e0b422b1725 First working revision. Dan parents: diff changeset	36	function des_encrypt_ecb($key, $clearText)
7e0b422b1725 First working revision. Dan parents: diff changeset	37	{
7e0b422b1725 First working revision. Dan parents: diff changeset	38	return mcrypt_ecb (MCRYPT_DES, $key, $clearText, MCRYPT_ENCRYPT, str_pad("", 8, chr(0x00)));
7e0b422b1725 First working revision. Dan parents: diff changeset	39	}
7e0b422b1725 First working revision. Dan parents: diff changeset	40
7e0b422b1725 First working revision. Dan parents: diff changeset	41	function NtPasswordHash($plain)
7e0b422b1725 First working revision. Dan parents: diff changeset	42	{
7e0b422b1725 First working revision. Dan parents: diff changeset	43	return mhash (MHASH_MD4, str2unicode($plain));
7e0b422b1725 First working revision. Dan parents: diff changeset	44	}
7e0b422b1725 First working revision. Dan parents: diff changeset	45
7e0b422b1725 First working revision. Dan parents: diff changeset	46	function str2unicode($str)
7e0b422b1725 First working revision. Dan parents: diff changeset	47	{
7e0b422b1725 First working revision. Dan parents: diff changeset	48	$uni = '';
7e0b422b1725 First working revision. Dan parents: diff changeset	49	for ($i=0;$i<strlen($str);$i++) {
7e0b422b1725 First working revision. Dan parents: diff changeset	50	$a = ord($str{$i}) << 8;
7e0b422b1725 First working revision. Dan parents: diff changeset	51	$uni .= sprintf("%X",$a);
7e0b422b1725 First working revision. Dan parents: diff changeset	52	}
7e0b422b1725 First working revision. Dan parents: diff changeset	53	return pack('H*', $uni);
7e0b422b1725 First working revision. Dan parents: diff changeset	54	}
7e0b422b1725 First working revision. Dan parents: diff changeset	55
7e0b422b1725 First working revision. Dan parents: diff changeset	56	function GenerateChallenge($size = 8)
7e0b422b1725 First working revision. Dan parents: diff changeset	57	{
7e0b422b1725 First working revision. Dan parents: diff changeset	58	$chall = '';
7e0b422b1725 First working revision. Dan parents: diff changeset	59	mt_srand(hexdec(substr(md5(microtime()), -8)) & 0x7fffffff);
7e0b422b1725 First working revision. Dan parents: diff changeset	60	for($i = 0; $i < $size; $i++) {
7e0b422b1725 First working revision. Dan parents: diff changeset	61	$chall .= pack('C', 1 + mt_rand() % 255);
7e0b422b1725 First working revision. Dan parents: diff changeset	62	}
7e0b422b1725 First working revision. Dan parents: diff changeset	63	return $chall;
7e0b422b1725 First working revision. Dan parents: diff changeset	64	}
7e0b422b1725 First working revision. Dan parents: diff changeset	65
7e0b422b1725 First working revision. Dan parents: diff changeset	66	function ChallengeResponse($challenge, $nthash)
7e0b422b1725 First working revision. Dan parents: diff changeset	67	{
7e0b422b1725 First working revision. Dan parents: diff changeset	68	while (strlen($nthash) < 21)
7e0b422b1725 First working revision. Dan parents: diff changeset	69	$nthash .= "\0";
7e0b422b1725 First working revision. Dan parents: diff changeset	70
7e0b422b1725 First working revision. Dan parents: diff changeset	71	$resp1 = des_encrypt_ecb(substr($nthash, 0, 7), $challenge);
7e0b422b1725 First working revision. Dan parents: diff changeset	72	$resp2 = des_encrypt_ecb(substr($nthash, 7, 7), $challenge);
7e0b422b1725 First working revision. Dan parents: diff changeset	73	$resp3 = des_encrypt_ecb(substr($nthash, 14, 7), $challenge);
7e0b422b1725 First working revision. Dan parents: diff changeset	74
7e0b422b1725 First working revision. Dan parents: diff changeset	75	return $resp1 . $resp2 . $resp3;
7e0b422b1725 First working revision. Dan parents: diff changeset	76	}
7e0b422b1725 First working revision. Dan parents: diff changeset	77
7e0b422b1725 First working revision. Dan parents: diff changeset	78	// MS-CHAPv2
7e0b422b1725 First working revision. Dan parents: diff changeset	79
7e0b422b1725 First working revision. Dan parents: diff changeset	80	function GeneratePeerChallenge()
7e0b422b1725 First working revision. Dan parents: diff changeset	81	{
7e0b422b1725 First working revision. Dan parents: diff changeset	82	return GenerateChallenge(16);
7e0b422b1725 First working revision. Dan parents: diff changeset	83	}
7e0b422b1725 First working revision. Dan parents: diff changeset	84
7e0b422b1725 First working revision. Dan parents: diff changeset	85	function NtPasswordHashHash($hash)
7e0b422b1725 First working revision. Dan parents: diff changeset	86	{
7e0b422b1725 First working revision. Dan parents: diff changeset	87	return mhash (MHASH_MD4, $hash);
7e0b422b1725 First working revision. Dan parents: diff changeset	88	}
7e0b422b1725 First working revision. Dan parents: diff changeset	89
7e0b422b1725 First working revision. Dan parents: diff changeset	90	function ChallengeHash($challenge, $peerChallenge, $username)
7e0b422b1725 First working revision. Dan parents: diff changeset	91	{
7e0b422b1725 First working revision. Dan parents: diff changeset	92	return substr(mhash (MHASH_SHA1, $peerChallenge . $challenge . $username), 0, 8);
7e0b422b1725 First working revision. Dan parents: diff changeset	93	}
7e0b422b1725 First working revision. Dan parents: diff changeset	94
7e0b422b1725 First working revision. Dan parents: diff changeset	95	function GenerateNTResponse($challenge, $peerChallenge, $username, $password)
7e0b422b1725 First working revision. Dan parents: diff changeset	96	{
7e0b422b1725 First working revision. Dan parents: diff changeset	97	$challengeHash = ChallengeHash($challenge, $peerChallenge, $username);
7e0b422b1725 First working revision. Dan parents: diff changeset	98	$pwhash = NtPasswordHash($password);
7e0b422b1725 First working revision. Dan parents: diff changeset	99	return ChallengeResponse($challengeHash, $pwhash);
7e0b422b1725 First working revision. Dan parents: diff changeset	100	}
7e0b422b1725 First working revision. Dan parents: diff changeset	101

author	Dan
	Wed, 06 Jan 2010 02:57:23 -0500
changeset 0	7e0b422b1725
permissions	-rw-r--r--