chapmd5 authentication  PPP
This is a discussion on chapmd5 authentication  PPP ; I'm doing connection to apn by second layer gprs modem. I have implemented
PPP protcol with LCP and CHAP. And in this chap authentication I have
problem. Used by me is chapmd5. I have made this algorithm to calculate
response ...

chapmd5 authentication
I'm doing connection to apn by second layer gprs modem. I have implemented
PPP protcol with LCP and CHAP. And in this chap authentication I have
problem. Used by me is chapmd5. I have made this algorithm to calculate
response on challenge but value of this response is incorrect. I have read
that the response is calculated with session ID and secret and information
received from server (APN  authenticator), but how?.
Anyone knows how can I calculate this properly?
For any help I will be gratefull.
Arko

Re: chapmd5 authentication
"Arko" writes:
> I'm doing connection to apn by second layer gprs modem. I have implemented
> PPP protcol with LCP and CHAP. And in this chap authentication I have
> problem. Used by me is chapmd5. I have made this algorithm to calculate
> response on challenge but value of this response is incorrect. I have read
> that the response is calculated with session ID and secret and information
> received from server (APN  authenticator), but how?.
>
> Anyone knows how can I calculate this properly?
The first thing to check is whether the MD5 code you're using is
correct. There's a set of test vectors in RFC 1321. If your MD5
library isn't working, then you're not going to get CHAP working.
Assuming your MD5 code is correct, the information you need is in RFC
1994 section 4.1. In particular, if you were to receive a CHAP
Challenge message that looks like this (after removing any framing and
FCS in use):
FF 03 C2 23 01 01 00 08 01 02 03 04
That's a challenge value of "01 02 03 04" and an Identifier value of
01. You need to compute a CHAP Response based on your shared secret.
If that secret were "hello" (hex 68 65 6C 6C 6F), then you'd use this
as input to MD5:
01 68 65 6C 6C 6F 01 02 03 04
That MD5 hash is:
19 DB 7B EC D3 7C B9 DA 91 67 76 D0 23 78 09 B4
So, the CHAP Response you'd send would look like this:
FF 03 C2 23 02 01 00 14 19 DB 7B EC D3 7C B9 DA 91 67 76 D0 23 78 09 B4
(You're aware that there's freelyavailable software that implements
all of this, and that you don't need to code it up yourself, right?)

James Carlson 42.703N 71.076W

Re: chapmd5 authentication [slight typo]
In article ,
James Carlson wrote:
>"Arko" writes:
>> I'm doing connection to apn by second layer gprs modem. I have implemented
>> PPP protcol with LCP and CHAP. And in this chap authentication I have
>> problem. Used by me is chapmd5. I have made this algorithm to calculate
>> response on challenge but value of this response is incorrect. I have read
>> that the response is calculated with session ID and secret and information
>> received from server (APN  authenticator), but how?.
>>
>> Anyone knows how can I calculate this properly?
>
>The first thing to check is whether the MD5 code you're using is
>correct. There's a set of test vectors in RFC 1321. If your MD5
>library isn't working, then you're not going to get CHAP working.
>
>Assuming your MD5 code is correct, the information you need is in RFC
>1994 section 4.1. In particular, if you were to receive a CHAP
>Challenge message that looks like this (after removing any framing and
>FCS in use):
>
> FF 03 C2 23 01 01 00 08 01 02 03 04
>
>That's a challenge value of "01 02 03 04" and an Identifier value of
>01.
Slight typo. The value field must be preceeded by a ValueSize byte,
so for a challenge value of "01 02 03 04", the packet should really look
like this:
FF 03 C2 23 01 01 00 09 04 01 02 03 04
(I adjusted the Length field and added the ValueSize byte)
>You need to compute a CHAP Response based on your shared secret.
>If that secret were "hello" (hex 68 65 6C 6C 6F), then you'd use this
>as input to MD5:
>
> 01 68 65 6C 6C 6F 01 02 03 04
>
>That MD5 hash is:
>
> 19 DB 7B EC D3 7C B9 DA 91 67 76 D0 23 78 09 B4
>
>So, the CHAP Response you'd send would look like this:
>
> FF 03 C2 23 02 01 00 14 19 DB 7B EC D3 7C B9 DA 91 67 76 D0 23 78 09 B4
Again, the ValueSize byte must added to make this packet correct:
FF 03 C2 23 02 01 00 15 10 19 DB 7B EC D3 7C B9 DA 91 67 76 D0 23 78 09 B4
>(You're aware that there's freelyavailable software that implements
>all of this, and that you don't need to code it up yourself, right?)
Awww, but where's the fun in that?!? ;^)
=========== For PPP Protocol Analysis, check out PacketView Pro! ===========
Patrick Klos Email: patrick@klos.com
Klos Technologies, Inc. Web: http://www.klos.com/
================================================== ==========================

Re: chapmd5 authentication [slight typo]
pklos@osmium.mv.net (Patrick Klos) writes:
> > FF 03 C2 23 01 01 00 08 01 02 03 04
> >
> >That's a challenge value of "01 02 03 04" and an Identifier value of
> >01.
>
> Slight typo. The value field must be preceeded by a ValueSize byte,
> so for a challenge value of "01 02 03 04", the packet should really look
> like this:
>
> FF 03 C2 23 01 01 00 09 04 01 02 03 04
Dang. That's exactly what I'd intended to use, and I had a senior
moment.
Thanks for correcting and reading that closely. ;}
> >(You're aware that there's freelyavailable software that implements
> >all of this, and that you don't need to code it up yourself, right?)
>
> Awww, but where's the fun in that?!? ;^)
Apparently, all the fun is in staring at some packet traces wondering
why nothing is working right.

James Carlson 42.703N 71.076W

Re: chapmd5 authentication [slight typo]
James Carlson writes:
>pklos@osmium.mv.net (Patrick Klos) writes:
>> > FF 03 C2 23 01 01 00 08 01 02 03 04
>> >
>> >That's a challenge value of "01 02 03 04" and an Identifier value of
>> >01.
>>
>> Slight typo. The value field must be preceeded by a ValueSize byte,
>> so for a challenge value of "01 02 03 04", the packet should really look
>> like this:
>>
>> FF 03 C2 23 01 01 00 09 04 01 02 03 04
>Dang. That's exactly what I'd intended to use, and I had a senior
>moment.
>Thanks for correcting and reading that closely. ;}
>> >(You're aware that there's freelyavailable software that implements
>> >all of this, and that you don't need to code it up yourself, right?)
>>
>> Awww, but where's the fun in that?!? ;^)
>Apparently, all the fun is in staring at some packet traces wondering
>why nothing is working right.
Ah no, the fun is in putting out some system which impliments your
particular variation of ppp to thousands of users and imagining them
staring at packet traces wondering why nothing is working right.
>
>James Carlson 42.703N 71.076W

Re: chapmd5 authentication [slight typo]
Thanks
I've done and now it works fine.
Best Regards
Arko
Użytkownik "Patrick Klos" napisał w wiadomości
news:entifv$1del$1@pyrite.mv.net...
> In article ,
> James Carlson wrote:
>>"Arko" writes:
>>> I'm doing connection to apn by second layer gprs modem. I have
>>> implemented
>>> PPP protcol with LCP and CHAP. And in this chap authentication I have
>>> problem. Used by me is chapmd5. I have made this algorithm to calculate
>>> response on challenge but value of this response is incorrect. I have
>>> read
>>> that the response is calculated with session ID and secret and
>>> information
>>> received from server (APN  authenticator), but how?.
>>>
>>> Anyone knows how can I calculate this properly?
>>
>>The first thing to check is whether the MD5 code you're using is
>>correct. There's a set of test vectors in RFC 1321. If your MD5
>>library isn't working, then you're not going to get CHAP working.
>>
>>Assuming your MD5 code is correct, the information you need is in RFC
>>1994 section 4.1. In particular, if you were to receive a CHAP
>>Challenge message that looks like this (after removing any framing and
>>FCS in use):
>>
>> FF 03 C2 23 01 01 00 08 01 02 03 04
>>
>>That's a challenge value of "01 02 03 04" and an Identifier value of
>>01.
>
> Slight typo. The value field must be preceeded by a ValueSize byte,
> so for a challenge value of "01 02 03 04", the packet should really look
> like this:
>
> FF 03 C2 23 01 01 00 09 04 01 02 03 04
>
> (I adjusted the Length field and added the ValueSize byte)
>
>>You need to compute a CHAP Response based on your shared secret.
>>If that secret were "hello" (hex 68 65 6C 6C 6F), then you'd use this
>>as input to MD5:
>>
>> 01 68 65 6C 6C 6F 01 02 03 04
>>
>>That MD5 hash is:
>>
>> 19 DB 7B EC D3 7C B9 DA 91 67 76 D0 23 78 09 B4
>>
>>So, the CHAP Response you'd send would look like this:
>>
>> FF 03 C2 23 02 01 00 14 19 DB 7B EC D3 7C B9 DA 91 67 76 D0 23 78 09 B4
>
> Again, the ValueSize byte must added to make this packet correct:
>
> FF 03 C2 23 02 01 00 15 10 19 DB 7B EC D3 7C B9 DA 91 67 76 D0 23 78 09
> B4
>
>>(You're aware that there's freelyavailable software that implements
>>all of this, and that you don't need to code it up yourself, right?)
>
> Awww, but where's the fun in that?!? ;^)
>
> =========== For PPP Protocol Analysis, check out PacketView Pro!
> ===========
> Patrick Klos Email: patrick@klos.com
> Klos Technologies, Inc. Web: http://www.klos.com/
> ================================================== ==========================