OLD | NEW |
---|---|
(Empty) | |
1 // Copyright 2017 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 // Since many of the static helpers are crypto/hash functions that output | |
6 // a buffer; matching exact results would entail implementing them all | |
7 // again in the tests. So the tests on the low level hashing operations | |
8 // test for other properties of the outputs, such as whether the hashes | |
9 // change, whether they should be zeroed out, or whether they should | |
10 // be the same or different. | |
11 | |
12 #include "net/http/ntlm_client.h" | |
13 | |
14 #include "base/strings/utf_string_conversions.h" | |
15 #include "testing/gtest/include/gtest/gtest.h" | |
16 | |
17 namespace net { | |
18 namespace ntlm { | |
19 | |
asanka
2017/06/23 21:29:11
Please use the test vectors in section 4.2 (Crypto
zentaro
2017/07/05 17:57:42
I never even noticed they were there!
| |
20 TEST(NtlmClientTest, GenerateNtlmHashV1PasswordChangesHash) { | |
21 base::string16 password1 = base::UTF8ToUTF16("pwd01"); | |
22 base::string16 password2 = base::UTF8ToUTF16("pwd02"); | |
23 uint8_t hash1[NTLM_HASH_LEN]; | |
24 uint8_t hash2[NTLM_HASH_LEN]; | |
25 | |
26 GenerateNtlmHashV1(password1, hash1); | |
27 GenerateNtlmHashV1(password2, hash2); | |
28 | |
29 // Verify that the hash is different with a different password. | |
30 EXPECT_NE(0, memcmp(hash1, hash2, NTLM_HASH_LEN)); | |
31 } | |
32 | |
33 TEST(NtlmClientTest, GenerateResponsesV1ResponsesTheSame) { | |
34 base::string16 password = base::UTF8ToUTF16("pwd"); | |
35 | |
36 uint8_t lm_response[RESPONSE_V1_LEN]; | |
37 uint8_t ntlm_response[RESPONSE_V1_LEN]; | |
38 uint8_t server_challenge[CHALLENGE_LEN]; | |
39 | |
40 // The lm and ntlm responses should be the same. | |
41 GenerateResponsesV1(password, server_challenge, lm_response, ntlm_response); | |
42 EXPECT_EQ(0, memcmp(lm_response, ntlm_response, RESPONSE_V1_LEN)); | |
43 } | |
44 | |
45 TEST(NtlmClientTest, GenerateResponsesV1WithSSClientChallengeUsed) { | |
46 base::string16 password = base::UTF8ToUTF16("pwd"); | |
47 | |
48 uint8_t lm_response1[RESPONSE_V1_LEN]; | |
49 uint8_t lm_response2[RESPONSE_V1_LEN]; | |
50 uint8_t ntlm_response1[RESPONSE_V1_LEN]; | |
51 uint8_t ntlm_response2[RESPONSE_V1_LEN]; | |
52 uint8_t server_challenge[CHALLENGE_LEN]; | |
53 uint8_t client_challenge1[CHALLENGE_LEN]; | |
54 uint8_t client_challenge2[CHALLENGE_LEN]; | |
55 | |
56 memset(client_challenge1, 1, CHALLENGE_LEN); | |
57 memset(client_challenge2, 2, CHALLENGE_LEN); | |
58 | |
59 GenerateResponsesV1WithSS(password, server_challenge, client_challenge1, | |
60 lm_response1, ntlm_response1); | |
61 GenerateResponsesV1WithSS(password, server_challenge, client_challenge2, | |
62 lm_response2, ntlm_response2); | |
63 | |
64 // The point of session security is that the client can introduce some | |
65 // randomness, so verify different client_challenge gives a different result. | |
66 EXPECT_NE(0, memcmp(lm_response1, lm_response2, RESPONSE_V1_LEN)); | |
67 EXPECT_NE(0, memcmp(ntlm_response1, ntlm_response2, RESPONSE_V1_LEN)); | |
68 | |
69 // With session security the lm and ntlm hash should be different. | |
70 EXPECT_NE(0, memcmp(lm_response1, ntlm_response1, RESPONSE_V1_LEN)); | |
71 EXPECT_NE(0, memcmp(lm_response2, ntlm_response2, RESPONSE_V1_LEN)); | |
72 } | |
73 | |
74 TEST(NtlmClientTest, GenerateResponsesV1WithSSVerifySSUsed) { | |
75 base::string16 password = base::UTF8ToUTF16("pwd"); | |
76 | |
77 uint8_t lm_response1[RESPONSE_V1_LEN]; | |
78 uint8_t lm_response2[RESPONSE_V1_LEN]; | |
79 uint8_t ntlm_response1[RESPONSE_V1_LEN]; | |
80 uint8_t ntlm_response2[RESPONSE_V1_LEN]; | |
81 uint8_t server_challenge[CHALLENGE_LEN]; | |
82 uint8_t client_challenge[CHALLENGE_LEN]; | |
83 | |
84 memset(client_challenge, 1, CHALLENGE_LEN); | |
85 | |
86 GenerateResponsesV1WithSS(password, server_challenge, client_challenge, | |
87 lm_response1, ntlm_response1); | |
88 GenerateResponsesV1(password, server_challenge, lm_response2, ntlm_response2); | |
89 | |
90 // Verify that the responses with session security are not the | |
91 // same as without it. | |
92 EXPECT_NE(0, memcmp(lm_response1, lm_response2, RESPONSE_V1_LEN)); | |
93 EXPECT_NE(0, memcmp(ntlm_response1, ntlm_response2, RESPONSE_V1_LEN)); | |
94 } | |
95 | |
96 } // namespace ntlm | |
97 } // namespace net | |
OLD | NEW |