OLD | NEW |
---|---|
(Empty) | |
1 // Copyright 2017 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 // Based on [MS-NLMP]: NT LAN Manager (NTLM) Authentication Protocol | |
6 // Specification version 28.0 [1]. Additional NTLM reference [2]. | |
7 // | |
8 // [1] https://msdn.microsoft.com/en-us/library/cc236621.aspx | |
9 // [2] http://davenport.sourceforge.net/ntlm.html | |
10 | |
11 #ifndef NET_BASE_NTLM_H_ | |
12 #define NET_BASE_NTLM_H_ | |
13 | |
14 #include <stddef.h> | |
15 #include <stdint.h> | |
16 | |
17 #include <memory> | |
18 | |
19 #include "base/strings/string16.h" | |
20 #include "base/strings/string_piece.h" | |
21 #include "net/base/net_export.h" | |
22 #include "net/ntlm/ntlm_constants.h" | |
23 | |
24 namespace base { | |
25 struct MD5Digest; | |
26 } | |
27 | |
28 namespace net { | |
29 namespace ntlm { | |
30 | |
31 // Generates the NTLMv1 Hash and writes the |NTLM_HASH_LEN| byte result to | |
32 // |hash|. Defined by NTOWFv1() in [MS-NLMP] Section 3.3.1. | |
33 NET_EXPORT_PRIVATE void GenerateNtlmHashV1(const base::string16& password, | |
34 uint8_t* hash); | |
35 | |
36 // Generates the |RESPONSE_V1_LEN| byte NTLMv1 response field according to the | |
37 // DESL(K, V) function in [MS-NLMP] Section 6. | |
38 // | |
39 // |hash| must contain |NTLM_HASH_LEN| bytes. | |
40 // |challenge| must contain |CHALLENGE_LEN| bytes. | |
41 // |response| must contain |RESPONSE_V1_LEN| bytes. | |
42 NET_EXPORT_PRIVATE void GenerateResponseDesl(const uint8_t* hash, | |
43 const uint8_t* challenge, | |
44 uint8_t* response); | |
45 | |
46 // Generates the NTLM Response field for NTLMv1 without extended session | |
47 // security. Defined by ComputeResponse() in [MS-NLMP] Section 3.3.1 for the | |
48 // case where NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY is not set. | |
49 // |server_challenge| must contain |CHALLENGE_LEN| bytes. | |
50 // |ntlm_response| must contain |RESPONSE_V1_LEN| bytes. | |
51 NET_EXPORT_PRIVATE void GenerateNtlmResponseV1(const base::string16& password, | |
52 const uint8_t* server_challenge, | |
53 uint8_t* ntlm_response); | |
54 | |
55 // Generates both the LM Response and NTLM Response fields for NTLMv1 based | |
56 // on the users password and the servers challenge. Both the LM and NTLM | |
57 // Response are the result of |GenerateNtlmResponseV1|. | |
58 // | |
59 // NOTE: This should not be used. It will only get used in V1 if the | |
Ryan Sleevi
2017/07/12 17:56:38
This says "should not be used" (which is good, doc
zentaro
2017/07/13 17:10:19
Done.
| |
60 // |negotiate_flags_| passed to the constructor omit the | |
Ryan Sleevi
2017/07/12 17:56:38
"the constructor" ?
zentaro
2017/07/13 17:10:19
Done.
| |
61 // NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY flag. | |
62 // | |
63 // The default flags include this flag and the client will not be | |
64 // downgraded by the server. | |
65 // | |
66 // |server_challenge| must contain |CHALLENGE_LEN| bytes. | |
67 // |lm_response| must contain |RESPONSE_V1_LEN| bytes. | |
68 // |ntlm_response| must contain |RESPONSE_V1_LEN| bytes. | |
69 NET_EXPORT_PRIVATE void GenerateResponsesV1(const base::string16& password, | |
70 const uint8_t* server_challenge, | |
71 uint8_t* lm_response, | |
72 uint8_t* ntlm_response); | |
73 | |
74 // The LM Response in V1 with extended session security is 8 bytes of the | |
75 // |client_challenge| then 16 bytes of zero. This is the value | |
76 // LmChallengeResponse in ComputeResponse() when | |
77 // NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY is set. See [MS-NLMP] Section | |
78 // 3.3.1. | |
79 // |lm_response| must contain |RESPONSE_V1_LEN| bytes. | |
80 NET_EXPORT_PRIVATE void GenerateLMResponseV1WithSS( | |
Ryan Sleevi
2017/07/12 17:56:38
"WithSS", while saving, leaves it ambiguous as to
zentaro
2017/07/13 17:10:20
Done.
| |
81 const uint8_t* client_challenge, | |
82 uint8_t* lm_response); | |
83 | |
84 // The |session_hash| is MD5(CONCAT(server_challenge, client_challenge)). | |
85 // It is used instead of just |server_challenge| in NTLMv1 when | |
86 // NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY is set. See [MS-NLMP] Section | |
87 // 3.3.1. | |
88 // | |
89 // |server_challenge| must contain |CHALLENGE_LEN| bytes. | |
90 // |client_challenge| must contain |CHALLENGE_LEN| bytes. | |
91 NET_EXPORT_PRIVATE void GenerateSessionHashV1WithSS( | |
92 const uint8_t* server_challenge, | |
93 const uint8_t* client_challenge, | |
94 base::MD5Digest* session_hash); | |
95 | |
96 // The NTLM Response algorithm in V1 with extended session security is the | |
97 // the same as without extended session security except the challenge | |
Ryan Sleevi
2017/07/12 17:56:38
s/security except/security, except/
zentaro
2017/07/13 17:10:20
Done.
| |
98 // is the NTLMv1 session hash (See |GenerateSessionHashV1WithSS|) instead of | |
99 // just |server_challenge|. See [MS-NLMP] Section 3.3.1. | |
Ryan Sleevi
2017/07/12 17:56:38
This reads really weirdly - the "see" and "see" an
zentaro
2017/07/13 17:10:19
Done.
| |
100 // | |
101 // |server_challenge| must contain |CHALLENGE_LEN| bytes. | |
102 // |client_challenge| must contain |CHALLENGE_LEN| bytes. | |
103 // |ntlm_response| must contain |RESPONSE_V1_LEN| bytes. | |
104 NET_EXPORT_PRIVATE void GenerateNtlmResponseV1WithSS( | |
105 const base::string16& password, | |
106 const uint8_t* server_challenge, | |
107 const uint8_t* client_challenge, | |
108 uint8_t* ntlm_response); | |
109 | |
110 // Generates the responses for V1 with extended session security. | |
111 // This is also known as NTLM2 (which is not the same as NTLMv2). | |
112 // |lm_response| is the result of |GenerateLMResponseV1WithSS| and | |
113 // |ntlm_response| is the result of |GenerateNtlmResponseV1WithSS|. | |
114 // See [MS-NLMP] Section 3.3.1. | |
115 // | |
116 // |server_challenge| must contain |CHALLENGE_LEN| bytes. | |
117 // |client_challenge| must contain |CHALLENGE_LEN| bytes. | |
118 // |ntlm_response| must contain |RESPONSE_V1_LEN| bytes. | |
119 NET_EXPORT_PRIVATE void GenerateResponsesV1WithSS( | |
120 const base::string16& password, | |
121 const uint8_t* server_challenge, | |
122 const uint8_t* client_challenge, | |
123 uint8_t* lm_response, | |
124 uint8_t* ntlm_response); | |
125 | |
126 } // namespace ntlm | |
127 } // namespace net | |
128 | |
129 #endif // NET_BASE_NTLM_H_ | |
OLD | NEW |