/*
String RequestStr3 = @"01 00 00 9E EB B2 E8 D9 1E 52 10 03 FB E1 52 39 27 58 93 F0 01 0E 33 34 38 30 62 33 34 32 61 30 61 33 02 12 56 BE 23 D1 61 13 7F E5 95 21 CB 44 B9 32 D4 49 04 06 C0 A8 08 05 20 07 68 65 6C 6C 6F 1E 1A 41 30 2D 36 33 2D 39 31 2D 38 42 2D 30 39 2D 35 30 3A 48 44 41 50 30 35 1F 13 33 34 2D 38 30 2D 42 33 2D 34 32 2D 41 30 2D 41 33 3D 06 00 00 00 13 4D 18 43 4F 4E 4E 45 43 54 20 31 31 4D 62 70 73 20 38 30 32 2E 31 31 62 50 12 B8 4B 87 5E 53 77 2C FA 90 16 E3 B5 5F 4E CA FD ";
*/
var requestStr = RequestStr3;
var responseStr = @"02-00-00-2C-57-CE-42-DB-EB-9F-DA-5D-B3-E5-DB-D0-9E-75-92-BA-1B-06-00-98-96-7F-50-12-D1-B1-36-29-F5-7D-1C-65-CB-BC-DA-57-DE-49-E7-3C";
var responseArr = responseStr.Split("-".ToCharArray(), StringSplitOptions.RemoveEmptyEntries);
var responseBytes = new List<byte>();
foreach (var item in responseArr)
{
responseBytes.Add(byte.Parse(item, NumberStyles.HexNumber));
}
var responsePaket = nRadiusPaket.Parser(responseBytes.ToArray()); var request = GetRequestPaket(); var autherRaw = new List<byte>();
autherRaw.Add();
autherRaw.Add();
autherRaw.AddRange(new byte[] { , 0x2C });
autherRaw.AddRange(request.Authenticator);
foreach (var a in responsePaket.Attributes)
{
autherRaw.AddRange(a.Paket);
}
autherRaw.AddRange(Encoding.ASCII.GetBytes("")); var md5 = new MD5CryptoServiceProvider();
var authernticatorMd5 = md5.ComputeHash(autherRaw.ToArray()); Console.WriteLine("MD5:" + BitConverter.ToString(authernticatorMd5));
Console.WriteLine("TAG:" + BitConverter.ToString(responsePaket.Authenticator)); var MAuthRaw = new List<byte>();
MAuthRaw.Add();
MAuthRaw.Add();
MAuthRaw.AddRange(new byte[] { , 0x2C });
MAuthRaw.AddRange(request.Authenticator);
foreach (var a in responsePaket.Attributes)
{
if (a.Paket[] == )
{ MAuthRaw.AddRange(a.Paket.Take());
for (int i = ; i < ; i++)
{
MAuthRaw.Add();
}
}
else
{
MAuthRaw.AddRange(a.Paket);
}
} var hmacMD5 = HMACMD5.Create("HMACMD5"); hmacMD5.Key = Encoding.ASCII.GetBytes("");
var hmacBytes= hmacMD5.ComputeHash(MAuthRaw.ToArray());
Console.WriteLine("HMAC-TAG:D1-B1-36-29-F5-7D-1C-65-CB-BC-DA-57-DE-49-E7-3C");
Console.WriteLine("HMAC-Cup:" + BitConverter.ToString(hmacBytes));
1.Message-Authenticator计算时
参考文档:
Message-Authenticator = HMAC-MD5 (Type, Identifier, Length,
Request Authenticator, Attributes) When the checksum is calculated the signature string should be
considered to be sixteen octets of zero.
这里的Type,应该是Response paket的 Code, Attributes,由于包括了Message-Authenticator Attribute,
在计算时间时,填充16个字节的0来计算,即 byte[]{80,18,00,00...,00}
另外HMAC-MD5(Type, Identifier, Length, Request Authenticator, Attributes)表示
HMAC-MD5(Type + Identifier + Length +Request Authenticator + Attributes) Access-Accept packet中type= byte[]{02},Attributes 是完整包,如 Message-Authenticator Attribute =byte[]{80,18,x,x,x....x},
2.Response Authernticator 的计算,需要先完成上面的Message-Authernticator 计算 3.User-Password字段的计算与解密
/// <summary>
///
/// </summary>
/// <param name="pwdAttrPaket">User-Password段,包括type跟length+x...</param>
/// <param name="SharedSecret"></param>
/// <param name="RequestAuthenticator"></param>
/// <returns></returns>
public static byte[] EncodePAPPwd(String pwdStr, string SharedSecret, byte[] RequestAuthenticator)
{ var pwdBytes = Encoding.Default.GetBytes(pwdStr);
var dataLen = pwdBytes.Length / ;
var r = pwdBytes.Length % ;
if (r != )
{
dataLen++;
} var pArr=new byte[dataLen * ];
Array.Copy(pwdBytes, pArr, pwdBytes.Length); //补0字节处理
if (r != )
{
for (int i = pwdBytes.Length; i < pArr.Length; i++)
{
pArr[i] = ;
}
} var bi = new byte[];
var ciArr = new byte[pArr.Length]; var shareSecretBytes = Encoding.Default.GetBytes(SharedSecret); var tmp = new byte[shareSecretBytes.Length + ];
Array.Copy(shareSecretBytes, tmp, shareSecretBytes.Length);
Array.Copy(RequestAuthenticator, , tmp, shareSecretBytes.Length, );
Array.Copy(MD5.Create("MD5").ComputeHash(tmp), bi, ); for (int i = ; i < dataLen; i++)
{
for (int bIndex = ; bIndex < ; bIndex++)
{
ciArr[i * + bIndex] =(byte)( bi[bIndex] ^ pArr[i * + bIndex]);
} Array.Copy(ciArr, i * , tmp, shareSecretBytes.Length, );
Array.Copy(MD5.Create("MD5").ComputeHash(tmp), bi, ); }
return ciArr;
}
/// <summary>
///
/// </summary>
/// <param name="pwdAttrPaket">User-Password段,包括type跟length+x...</param>
/// <param name="SharedSecret"></param>
/// <param name="RequestAuthenticator"></param>
/// <returns></returns>
public static byte[] DecodePAPPwd(byte[] pwdAttrPaket, string SharedSecret, byte[] RequestAuthenticator)
{
var chunksCount = (pwdAttrPaket.Length - ) / ;
var biArr = new byte[pwdAttrPaket.Length - ]; var shareSecretBytes= Encoding.Default.GetBytes(SharedSecret);
var tmp = new byte[shareSecretBytes.Length + ];
Array.Copy(shareSecretBytes, tmp, shareSecretBytes.Length);
Array.Copy(RequestAuthenticator, , tmp, shareSecretBytes.Length, );
Array.Copy( MD5.Create("MD5").ComputeHash(tmp),biArr,); for (int i = ; i < chunksCount; i++)
{ Array.Copy(pwdAttrPaket, ((i - ) * ) + , tmp, shareSecretBytes.Length, );
Array.Copy(MD5.Create("MD5").ComputeHash(tmp), , biArr, i * , );
} for (int i = ; i < biArr.Length; i++)
{
biArr[i] =(byte)( biArr[i] ^ pwdAttrPaket[ + i]);
} return biArr;
}