Radius - 报文解析-编程知识

Radius - 报文解析

news/2025/2/28 9:49:30/文章来源:https://www.cnblogs.com/chen1880/p/18742632

请求报文_Authenticator：MD5(Code + Identifier + Length + 16字节零填充 + 属性 + 共享密钥)

响应报文_Authenticator：
Res_Message-Authenticator：HMAC-MD5(共享密钥, 完整报文数据) ,更新属性
MD5(Code + Identifier + Length + 请求报文Authenticator + 属性 + 共享密钥)

======================================================================================================
【共享密钥】：52 33 51 6C 55 6D 46 6B 61 58 56 7A 4D 6A 51 6A 4E 6A 55 34 59 7A 52 6D 59 6D 4E 6B 59 32 59 30 4D 7A 63 32 4E 44 59 33 4D 47 4E 69 59 57 4D 33 4D 47 51 32 4F 44 6B 34 5A 6D 59 3D

【请求报文】：04 00 00 21 1C 6F 61 B9 FC 60 26 53 00 F4 AE BD 18 90 62 21 28 06 00 00 00 01 2C 07 31 36 32 34 30
Step1：创建报文，添加属性，计算Auth_MD5

添加属性
AVP: t=Acct-Status-Type(40) l=6 val=Start(1)
AVP: t=Acct-Session-Id(44) l=7 val=16240

04 00 00 21 -- Code + Identifier + Length
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 -- 16字节零填充
28 06 00 00 00 01 2C 07 31 36 32 34 30 -- 属性
52 33 51 6C 55 6D 46 6B 61 58 56 7A 4D 6A 51 6A 4E 6A 55 34 59 7A 52 6D 59 6D 4E 6B 59 32 59 30 4D 7A 63 32 4E 44 59 33 4D 47 4E 69 59 57 4D 33 4D 47 51 32 4F 44 6B 34 5A 6D 59 3D -- 共享密钥

Auth_MD5: 1C 6F 61 B9 FC 60 26 53 00 F4 AE BD 18 90 62 21

Step2：更新报文Auth（字节4-20的位置），结束

【响应报文】：05 00 00 26 B4 9C 6E 23 71 F4 C5 D3 35 BB 68 B9 7F 67 CD 63 50 12 9A AB 65 EE DE 81 5A DF 4E 1C 37 CB D1 C0 03 06

Step1：创建报文，添加属性，计算Message_MD5

添加属性
AVP: t=Message-Authenticator(80) l=18 val=00000000000000000000000000000000
Type=80 (Hex：50)
Length: 2 + 16 (Hex：12)
Value: 16 字节零填充

05 00 00 26 -- Code + Identifier + Length
1C 6F 61 B9 FC 60 26 53 00 F4 AE BD 18 90 62 21 -- 请求报文Authenticator
50 12 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 -- Type：80，Length：18， Value：16字节零填充

HMAC-MD5(共享密钥, 完整报文数据 Code + Identifier + Length + 请求报文Authenticator + 属性 + 共享密钥) 9A AB 65 EE DE 81 5A DF 4E 1C 37 CB D1 C0 03 06

步骤2：更新Message_MD5+追加密钥
05 00 00 26 -- Code + Identifier + Length
1C 6F 61 B9 FC 60 26 53 00 F4 AE BD 18 90 62 21 -- 请求报文Authenticator
50 12 9A AB 65 EE DE 81 5A DF 4E 1C 37 CB D1 C0 03 06 -- 更新后属性
52 33 51 6C 55 6D 46 6B 61 58 56 7A 4D 6A 51 6A 4E 6A 55 34 59 7A 52 6D 59 6D 4E 6B 59 32 59 30 4D 7A 63 32 4E 44 59 33 4D 47 4E 69 59 57 4D 33 4D 47 51 32 4F 44 6B 34 5A 6D 59 3D -- 共享密钥

Auth_MD5: B4 9C 6E 23 71 F4 C5 D3 35 BB 68 B9 7F 67 CD 63

Step3：更新报文Auth（字节4-20的位置），结束

 /// <summary>/// 生成Authenticator/// </summary>static byte[] CreateAuthenticator(byte code, byte identifier, ushort length, byte[] attributes, byte[] secretBytes, byte[] padding){ using (MD5 md5 = MD5.Create()){byte[] input = new[] { code, identifier }.Concat(BitConverter.GetBytes(IPAddress.HostToNetworkOrder((short)length))).Concat(padding).Concat(attributes).Concat(secretBytes).ToArray();var b1 = BitConverter.ToString(input).Replace("-", " ");var b2 = md5.ComputeHash(input); var b3 = BitConverter.ToString(b2).Replace("-", " ");return b2;}}/// <summary>/// 生成Authenticator/// </summary>static byte[] CreateAuthenticator(byte[] data, byte[] secretBytes){using (MD5 md5 = MD5.Create()){byte[] input = data.Concat(secretBytes).ToArray();var b1 = BitConverter.ToString(input).Replace("-", " ");var b2 = md5.ComputeHash(input); var b3 = BitConverter.ToString(b2).Replace("-", " ");return b2;}}/// <summary>/// 生成MessageAuthenticator/// </summary>static byte[] CreateMessageAuthenticator(byte[] data, byte[] secret){ using (var hmac = new HMACMD5(secret)){var b1 = BitConverter.ToString(data).Replace("-", " ");byte[] hmacResult = hmac.ComputeHash(data);var strMessageMD5 = BitConverter.ToString(hmacResult).Replace("-", " ");// 9AAB65EEDE815ADF4E1C37CBD1C00306return hmacResult;}}