com.theorem.radserver3
Class MSChap

Object
  MSChap

Direct Known Subclasses:

MSChapV2

public class MSChap

extends Object

Class to handle the code described in RFC 2433 of MS-CHAP V1 and RFC 2759 MS-CHAP V2.

Field Summary

static int	CHALLENGE_LENGTH Length of a MSCHAP challenge - 8.
static boolean	NTHASH_PASSWORD Indicates that the password is an NT Hash of the plain text password.
static int	NTHASH_PASSWORD_LENGTH NT Password hash length in bytes - 16.
static boolean	PLAINTEXT_PASSWORD Indicates that the password is plain text.
static int	RESPONSE_LENGTH Length of a MSCHAP response - 24.

Constructor Summary

MSChap()
Constructor.

Method Summary

byte[]	ChallengeResponse(byte[] challenge, byte[] passwordHash) Calculate the ChallengeResponse.
static byte[]	createChallenge() Create random 8 byte challenge.
byte[]	DesEncrypt(byte[] clear, byte[] key)
byte[]	DesHash(byte[] clear)
byte	getIdent(byte lastId) Get a CHAP Ident value.
byte[]	HashNtPasswordHash(byte[] ntPasswordHash)
byte[]	LmChallengeResponse(byte[] challenge, byte[] password)
byte[]	LmEncryptedPasswordHash(byte[] oemPassword, byte[] key)
byte[]	LmPasswordHash(byte[] oemPassword)
byte[]	NtChallengeResponse(byte[] challenge, byte[] password, boolean ntHash) Encode the NT password for the NT password response.
byte[]	NtEncryptedPasswordHash(byte[] oemPassword, byte[] challenge, boolean ntHash)
byte[]	NtPasswordHash(byte[] unicodePassword) Produce the NTPassworHash.
byte[]	parityKey(byte[] in)
byte[]	PasswordHashEncryptedWithBlock(byte[] passwordHash, byte[] block)
byte[]	toUnicode(byte[] in) Convert a byte array into a UNICODE array.

Methods inherited from class Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

CHALLENGE_LENGTH

public static final int CHALLENGE_LENGTH

Length of a MSCHAP challenge - 8.

See Also:

Constant Field Values

NTHASH_PASSWORD

public static final boolean NTHASH_PASSWORD

Indicates that the password is an NT Hash of the plain text password.

See Also:

Constant Field Values

NTHASH_PASSWORD_LENGTH

public static final int NTHASH_PASSWORD_LENGTH

NT Password hash length in bytes - 16.

See Also:

Constant Field Values

PLAINTEXT_PASSWORD

public static final boolean PLAINTEXT_PASSWORD

Indicates that the password is plain text.

See Also:

Constant Field Values

RESPONSE_LENGTH

public static final int RESPONSE_LENGTH

Length of a MSCHAP response - 24.

See Also:

Constant Field Values

Constructor Detail

MSChap

public MSChap()
       throws RADIUSException

Constructor.

Throws:

RADIUSException - if the DES cipher cannot be found.

Method Detail

ChallengeResponse

public final byte[] ChallengeResponse(byte[] challenge,
                                      byte[] passwordHash)
                               throws RADIUSException

Calculate the ChallengeResponse.

Parameters:

challenge - Challenge.

passwordHash - Hash of the NT

Throws:

RADIUSException

createChallenge

public static final byte[] createChallenge()

Create random 8 byte challenge.

Returns:

challenge.

DesEncrypt

public final byte[] DesEncrypt(byte[] clear,
                               byte[] key)
                        throws RADIUSException

Throws:

RADIUSException

DesHash

public final byte[] DesHash(byte[] clear)
                     throws RADIUSException

Throws:

RADIUSException

getIdent

public final byte getIdent(byte lastId)

Get a CHAP Ident value.

Parameters:

lastId - Last used ID value.

Returns:

new Ident value.

HashNtPasswordHash

public byte[] HashNtPasswordHash(byte[] ntPasswordHash)

LmChallengeResponse

public final byte[] LmChallengeResponse(byte[] challenge,
                                        byte[] password)
                                 throws RADIUSException

Throws:

RADIUSException

LmEncryptedPasswordHash

public final byte[] LmEncryptedPasswordHash(byte[] oemPassword,
                                            byte[] key)
                                     throws RADIUSException

Throws:

RADIUSException

LmPasswordHash

public final byte[] LmPasswordHash(byte[] oemPassword)
                            throws RADIUSException

Throws:

RADIUSException

NtChallengeResponse

public final byte[] NtChallengeResponse(byte[] challenge,
                                        byte[] password,
                                        boolean ntHash)
                                 throws RADIUSException

Encode the NT password for the NT password response. The password is expected to be UTF8 encoded. It will be converted to UNICODE here.

Parameters:

challenge - Challenge bytes.

password - Password bytes - if not UNICODE (UTF8 or ASCII) it will be translated.

Returns:

Response data.

Throws:

RADIUSException - if there's a problem using the DES algorithm.

NtEncryptedPasswordHash

public final byte[] NtEncryptedPasswordHash(byte[] oemPassword,
                                            byte[] challenge,
                                            boolean ntHash)
                                     throws RADIUSException

Throws:

RADIUSException

NtPasswordHash

public final byte[] NtPasswordHash(byte[] unicodePassword)

Produce the NTPassworHash.

Parameters:

unicodePassword - NT password as represented in unicode. Only the first 256 bytes will be processed.

Returns:

the password hash. The length is NTHASH_PASSWORD_LENGTH.

parityKey

public final byte[] parityKey(byte[] in)

PasswordHashEncryptedWithBlock

public final byte[] PasswordHashEncryptedWithBlock(byte[] passwordHash,
                                                   byte[] block)
                                            throws RADIUSException

Throws:

RADIUSException

toUnicode

public final byte[] toUnicode(byte[] in)

Convert a byte array into a UNICODE array.

Parameters:

in - Byte array to convert.

Returns:

unicode array.