documentation指定 Message-Authenticator 字段令人困惑:
5.14. Message-Authenticator
Earlier drafts of this memo used "Signature" as the name of this
attribute, but Message-Authenticator is more precise.
String
When present in an Access-Request packet, Message-Authenticator is
an HMAC-MD5 [9] checksum of the entire Access-Request packet,
including Type, ID, Length and authenticator, using the shared
secret as the key, as follows.
Message-Authenticator = HMAC-MD5 (Type, Identifier, Length,
Request Authenticator, Attributes)
When the checksum is calculated the signature string should be
considered to be sixteen octets of zero.
For Access-Challenge, Access-Accept, and Access-Reject packets,
the Message-Authenticator is calculated as follows, using the
Request-Authenticator from the Access-Request this packet is in
reply to:
Message-Authenticator = HMAC-MD5 (Type, Identifier, Length,
Request Authenticator, Attributes)
When the checksum is calculated the signature string should be
considered to be sixteen octets of zero. The shared secret is
used as the key for the HMAC-MD5 hash. The is calculated and
inserted in the packet before the Response Authenticator is
calculated.
引用:
in an Access-Request packet, Message-Authenticator is
an HMAC-MD5 [9] checksum of the entire Access-Request packet,
including Type, ID, Length and authenticator, using the shared
secret as the key, as follows.
Message-Authenticator = HMAC-MD5 (Type, Identifier, Length,
Request Authenticator, Attributes)
此时消息验证器显然不能是一个属性,因为它还没有被计算。
When the checksum is calculated the signature string should be
considered to be sixteen octets of zero.
“签名”指的是什么?这是说在属性中添加Message-Authenticator并将其值设置为16个零来计算Message-Authenticator然后替换该值???
最佳答案
我知道这已经很旧了,但以防万一它可以帮助其他人。回答你的问题,是的,你是对的。这仅适用于 Python 2。
- 将默认消息验证器设置为 16 字节零
req["消息验证器"] = 16*6.b("\x00") - 获取原始数据包二进制文件
raw_packet = req.RequestPacket() - 使用共享 key 计算 hmac-md5
digest = hmac.new(secret, raw_packet, hashlib.md5) - 写回消息验证器
req["Message-Authenticator"] = 摘要.hexdigest().decode('hex')
关于python - RADIUS计算消息验证器字段(python),我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/52310141/