| Copyright | (c) Erick Gonzalez 2017 |
|---|---|
| License | BSD3 |
| Maintainer | [email protected] |
| Stability | experimental |
| Portability | POSIX |
| Safe Haskell | None |
| Language | Haskell2010 |
Network.EAP.MSCHAPv2
Description
This module provides functions to implement the EAP MSCHAPv2 authentication scheme.
- authenticateMSCHAPv2 :: MSCHAPv2Data -> ByteString -> ByteString -> Except CryptoError Bool
- generateAuthenticatorResponse :: ByteString -> ByteString -> ByteString -> ByteString -> ByteString -> Except CryptoError ByteString
- generateNTResponse :: ByteString -> ByteString -> ByteString -> ByteString -> Except CryptoError ByteString
- ntPasswordHash :: ByteString -> ByteString
- deriveMPPEKeys :: ByteString -> ByteString -> Except CryptoError (ByteString, ByteString)
Documentation
Arguments
| :: MSCHAPv2Data | Decoded data from the MSCHAPv2 response |
| -> ByteString | Authenticator challenge sent to the peer on a previous request |
| -> ByteString | Authenticating user password NT hash (MD4) |
| -> Except CryptoError Bool | Returns either an error from one of the encryption routines or a boolean indicating whether the user response matches the expected value |
Authenticate the MSCHAPv2 response data to a given challenge request, using the supplied cleartext password.
generateAuthenticatorResponse Source #
Arguments
| :: ByteString | Username |
| -> ByteString | NT password hash |
| -> ByteString | NT Response |
| -> ByteString | Authenticator challenge |
| -> ByteString | Peer challenge |
| -> Except CryptoError ByteString | Returns either an error from one of the crypto routines or upon success, a 42 byte authenticator response |
Calculate authenticator response as per [RFC2759], Section 8.7
Arguments
| :: ByteString | Authenticator challenge sent to the peer on a previous request |
| -> ByteString | Challenge sent back by authenticating peer |
| -> ByteString | MSCHAP username |
| -> ByteString | NT hash (MD4) of user password |
| -> Except CryptoError ByteString | Returns either an error from one of the encryption routines or the calculated NT response |
Calculate the NT Response as per [RFC2759], Section 8.1
ntPasswordHash :: ByteString -> ByteString Source #
Hash an NT ascii plain-text. Password with MD4. Note that this function converts then password internally to Unicode, so feeding a Unicode password to it will *not* work
Arguments
| :: ByteString | NT Password hash |
| -> ByteString | NT Response |
| -> Except CryptoError (ByteString, ByteString) | (MPPE send key, MPPE recv key) |
Derive Microsoft Point-to-Point Encryption (MPPE) keys see [RFC3079]