Source for file CHAP.php
Documentation is available at CHAP.php
Copyright (c) 2002-2010, Michael Bretterklieber <michael@bretterklieber.com>
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. The names of the authors may not be used to endorse or promote products
derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
This code cannot simply be copied and put under the GNU Public License or
any other GPL-like (LGPL, GPL2) License.
$Id: CHAP.php 302857 2010-08-28 21:12:59Z mbretter $
* Classes for generating packets for various CHAP Protocols:
* @author Michael Bretterklieber <michael@bretterklieber.com>
* @version $Revision: 302857 $
* Abstract base class for CHAP
* Random binary challenge
* Id of the authentication request. Should incremented after every request.
* Generates a random challenge
* Generates a random binary challenge
* @param string $varname Name of the property
* @param integer $size Size of the challenge in Bytes
for ($i = 0; $i < $size; $i++ ) {
* Generates the response. Overwrite this.
* Generate CHAP-MD5 Packets
* Generates the response.
* CHAP-MD5 uses MD5-Hash for generating the response. The Hash consists
* of the chapid, the plaintext password and the challenge.
* Generate MS-CHAPv1 Packets. MS-CHAP doesen't use the plaintext password, it uses the
* NT-HASH wich is stored in the SAM-Database or in the smbpasswd, if you are using samba.
* The NT-HASH is MD4(str2unicode(plaintextpass)).
* You need the hash extension for this class.
* Wether using deprecated LM-Responses or not.
* 0 = use LM-Response, 1 = use NT-Response
* Loads the hash extension
$this->loadExtension ('hash');
* Generates the NT-HASH from the given plaintext password.
* Converts ascii to unicode.
for ($i = 0; $i < strlen($str); $i++ ) {
* Generates the NT-Response.
return $this->_challengeResponse ();
* Generates the NT-Response.
return $this->_challengeResponse (false );
* Generates the LAN-Manager-Response.
return $this->_challengeResponse (true );
* Generates the response.
* Generates the response using DES.
* @param bool $lm wether generating LAN-Manager-Response
function _challengeResponse ($lm = false )
$td = mcrypt_module_open (MCRYPT_DES , '', MCRYPT_MODE_ECB , '');
$iv = mcrypt_create_iv (mcrypt_enc_get_iv_size ($td), MCRYPT_RAND );
$key = $this->_desAddParity (substr($hash, 0 , 7 ));
mcrypt_generic_init ($td, $key, $iv);
$resp1 = mcrypt_generic ($td, $this->challenge);
mcrypt_generic_deinit ($td);
$key = $this->_desAddParity (substr($hash, 7 , 7 ));
mcrypt_generic_init ($td, $key, $iv);
$resp2 = mcrypt_generic ($td, $this->challenge);
mcrypt_generic_deinit ($td);
$key = $this->_desAddParity (substr($hash, 14 , 7 ));
mcrypt_generic_init ($td, $key, $iv);
$resp3 = mcrypt_generic ($td, $this->challenge);
mcrypt_generic_deinit ($td);
mcrypt_module_close ($td);
return $resp1 . $resp2 . $resp3;
* Generates the LAN-Manager-HASH from the given plaintext password.
$plain = isset ($password) ? $password : $this->password;
return $this->_desHash (substr($plain, 0 , 7 )) . $this->_desHash (substr($plain, 7 , 7 ));
* Generates an irreversible HASH.
function _desHash ($plain)
$key = $this->_desAddParity ($plain);
$td = mcrypt_module_open (MCRYPT_DES , '', MCRYPT_MODE_ECB , '');
$iv = mcrypt_create_iv (mcrypt_enc_get_iv_size ($td), MCRYPT_RAND );
mcrypt_generic_init ($td, $key, $iv);
$hash = mcrypt_generic ($td, 'KGS!@#$%');
mcrypt_generic_deinit ($td);
mcrypt_module_close ($td);
* Adds the parity bit to the given DES key.
* @param string $key 7-Bytes Key without parity
function _desAddParity ($key)
static $odd_parity = array (
1 , 1 , 2 , 2 , 4 , 4 , 7 , 7 , 8 , 8 , 11 , 11 , 13 , 13 , 14 , 14 ,
16 , 16 , 19 , 19 , 21 , 21 , 22 , 22 , 25 , 25 , 26 , 26 , 28 , 28 , 31 , 31 ,
32 , 32 , 35 , 35 , 37 , 37 , 38 , 38 , 41 , 41 , 42 , 42 , 44 , 44 , 47 , 47 ,
49 , 49 , 50 , 50 , 52 , 52 , 55 , 55 , 56 , 56 , 59 , 59 , 61 , 61 , 62 , 62 ,
64 , 64 , 67 , 67 , 69 , 69 , 70 , 70 , 73 , 73 , 74 , 74 , 76 , 76 , 79 , 79 ,
81 , 81 , 82 , 82 , 84 , 84 , 87 , 87 , 88 , 88 , 91 , 91 , 93 , 93 , 94 , 94 ,
97 , 97 , 98 , 98 ,100 ,100 ,103 ,103 ,104 ,104 ,107 ,107 ,109 ,109 ,110 ,110 ,
112 ,112 ,115 ,115 ,117 ,117 ,118 ,118 ,121 ,121 ,122 ,122 ,124 ,124 ,127 ,127 ,
128 ,128 ,131 ,131 ,133 ,133 ,134 ,134 ,137 ,137 ,138 ,138 ,140 ,140 ,143 ,143 ,
145 ,145 ,146 ,146 ,148 ,148 ,151 ,151 ,152 ,152 ,155 ,155 ,157 ,157 ,158 ,158 ,
161 ,161 ,162 ,162 ,164 ,164 ,167 ,167 ,168 ,168 ,171 ,171 ,173 ,173 ,174 ,174 ,
176 ,176 ,179 ,179 ,181 ,181 ,182 ,182 ,185 ,185 ,186 ,186 ,188 ,188 ,191 ,191 ,
193 ,193 ,194 ,194 ,196 ,196 ,199 ,199 ,200 ,200 ,203 ,203 ,205 ,205 ,206 ,206 ,
208 ,208 ,211 ,211 ,213 ,213 ,214 ,214 ,217 ,217 ,218 ,218 ,220 ,220 ,223 ,223 ,
224 ,224 ,227 ,227 ,229 ,229 ,230 ,230 ,233 ,233 ,234 ,234 ,236 ,236 ,239 ,239 ,
241 ,241 ,242 ,242 ,244 ,244 ,247 ,247 ,248 ,248 ,251 ,251 ,253 ,253 ,254 ,254 );
for ($i = 0; $i < strlen ($key); $i++ ) {
* Generates the response-packet.
* @param bool $lm wether including LAN-Manager-Response
function response ($lm = false )
// Response: LM Response, NT Response, flags (0 = use LM Response, 1 = use NT Response)
return $lmresp . $ntresp . pack('C', !$lm);
* Generate MS-CHAPv2 Packets. This version of MS-CHAP uses a 16 Bytes authenticator
* challenge and a 16 Bytes peer Challenge. LAN-Manager responses no longer exists
* in this version. The challenge is already a SHA1 challenge hash of both challenges
* The 16 Bytes random binary peer challenge
* The 16 Bytes random binary authenticator challenge
* Generates the 16 Bytes peer and authentication challenge
* Generates a hash from the NT-HASH.
* @param string $nthash The NT-HASH
* Generates the challenge hash from the peer and the authenticator challenge and
* the username. SHA1 is used for this, but only the first 8 Bytes are used.
* Generates the response.
return $this->_challengeResponse ();
Documentation generated on Mon, 11 Mar 2019 15:39:04 -0400 by phpDocumentor 1.4.4. PEAR Logo Copyright © PHP Group 2004.
|