net/ntlm/ntlm.h - Issue 2873673002: Add unit tests for NTLMv1 portable implementation

Side by Side Diff: net/ntlm/ntlm.h

Issue 2873673002: Add unit tests for NTLMv1 portable implementation (Closed)

Patch Set: Merge build config back to net Created 3 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
(Empty)
	1 // Copyright 2017 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 // Based on [MS-NLMP]: NT LAN Manager (NTLM) Authentication Protocol

	6 // Specification version 28.0 [1]. Additional NTLM reference [2].

	7 //

	8 // [1] https://msdn.microsoft.com/en-us/library/cc236621.aspx

	9 // [2] http://davenport.sourceforge.net/ntlm.html

	10

	11 #ifndef NET_BASE_NTLM_H_

	12 #define NET_BASE_NTLM_H_

	13

	14 #include <stddef.h>

	15 #include <stdint.h>

	16

	17 #include <memory>

	18

	19 #include "base/strings/string16.h"

	20 #include "base/strings/string_piece.h"

	21 #include "net/base/net_export.h"

	22 #include "net/ntlm/ntlm_constants.h"

	23

	24 namespace base {

	25 struct MD5Digest;

	26 }

	27

	28 namespace net {

	29 namespace ntlm {

	30

	31 // Generates the NTLMv1 Hash and writes the \|NTLM_HASH_LEN\| byte result to

	32 // \|hash\|. Defined by NTOWFv1() in [MS-NLMP] Section 3.3.1.

	33 NET_EXPORT_PRIVATE void GenerateNtlmHashV1(const base::string16& password,

	34 uint8_t* hash);

	35

	36 // Generates the \|RESPONSE_V1_LEN\| byte NTLMv1 response field according to the

	37 // DESL(K, V) function in [MS-NLMP] Section 6.

	38 //

	39 // \|hash\| must contain \|NTLM_HASH_LEN\| bytes.

	40 // \|challenge\| must contain \|CHALLENGE_LEN\| bytes.

	41 // \|response\| must contain \|RESPONSE_V1_LEN\| bytes.

	42 NET_EXPORT_PRIVATE void GenerateResponseDesl(const uint8_t* hash,

	43 const uint8_t* challenge,

	44 uint8_t* response);

	45

	46 // Generates the NTLM Response field for NTLMv1 without extended session

	47 // security. Defined by ComputeResponse() in [MS-NLMP] Section 3.3.1 for the

	48 // case where NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY is not set.

	49 // \|server_challenge\| must contain \|CHALLENGE_LEN\| bytes.

	50 // \|ntlm_response\| must contain \|RESPONSE_V1_LEN\| bytes.

	51 NET_EXPORT_PRIVATE void GenerateNtlmResponseV1(const base::string16& password,

	52 const uint8_t* server_challenge,

	53 uint8_t* ntlm_response);

	54

	55 // Generates both the LM Response and NTLM Response fields for NTLMv1 based

	56 // on the users password and the servers challenge. Both the LM and NTLM

	57 // Response are the result of \|GenerateNtlmResponseV1\|.

	58 //

	59 // NOTE: This should not be used. It will only get used in V1 if the
	Ryan Sleevi 2017/07/12 17:56:38 This says "should not be used" (which is good, doc This says "should not be used" (which is good, documents how), but then says "it will only get used" - which documents the implementation. Perhaps its worth rewording to indicate the 'safe'/expected and unsafe/unexpected pattern? zentaro 2017/07/13 17:10:19 Done. Show quoted text On 2017/07/12 17:56:38, Ryan Sleevi wrote: > This says "should not be used" (which is good, documents how), but then says "it > will only get used" - which documents the implementation. > > Perhaps its worth rewording to indicate the 'safe'/expected and > unsafe/unexpected pattern? Done.
	60 // \|negotiate_flags_\| passed to the constructor omit the
	Ryan Sleevi 2017/07/12 17:56:38 "the constructor" ? "the constructor" ? zentaro 2017/07/13 17:10:19 Done. Show quoted text On 2017/07/12 17:56:38, Ryan Sleevi wrote: > "the constructor" ? Done.
	61 // NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY flag.

	62 //

	63 // The default flags include this flag and the client will not be

	64 // downgraded by the server.

	65 //

	66 // \|server_challenge\| must contain \|CHALLENGE_LEN\| bytes.

	67 // \|lm_response\| must contain \|RESPONSE_V1_LEN\| bytes.

	68 // \|ntlm_response\| must contain \|RESPONSE_V1_LEN\| bytes.

	69 NET_EXPORT_PRIVATE void GenerateResponsesV1(const base::string16& password,

	70 const uint8_t* server_challenge,

	71 uint8_t* lm_response,

	72 uint8_t* ntlm_response);

	73

	74 // The LM Response in V1 with extended session security is 8 bytes of the

	75 // \|client_challenge\| then 16 bytes of zero. This is the value

	76 // LmChallengeResponse in ComputeResponse() when

	77 // NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY is set. See [MS-NLMP] Section

	78 // 3.3.1.

	79 // \|lm_response\| must contain \|RESPONSE_V1_LEN\| bytes.

	80 NET_EXPORT_PRIVATE void GenerateLMResponseV1WithSS(
	Ryan Sleevi 2017/07/12 17:56:38 "WithSS", while saving, leaves it ambiguous as to "WithSS", while saving, leaves it ambiguous as to what that abbreviation is. zentaro 2017/07/13 17:10:20 Done. Show quoted text On 2017/07/12 17:56:38, Ryan Sleevi wrote: > "WithSS", while saving, leaves it ambiguous as to what that abbreviation is. Done.
	81 const uint8_t* client_challenge,

	82 uint8_t* lm_response);

	83

	84 // The \|session_hash\| is MD5(CONCAT(server_challenge, client_challenge)).

	85 // It is used instead of just \|server_challenge\| in NTLMv1 when

	86 // NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY is set. See [MS-NLMP] Section

	87 // 3.3.1.

	88 //

	89 // \|server_challenge\| must contain \|CHALLENGE_LEN\| bytes.

	90 // \|client_challenge\| must contain \|CHALLENGE_LEN\| bytes.

	91 NET_EXPORT_PRIVATE void GenerateSessionHashV1WithSS(

	92 const uint8_t* server_challenge,

	93 const uint8_t* client_challenge,

	94 base::MD5Digest* session_hash);

	95

	96 // The NTLM Response algorithm in V1 with extended session security is the

	97 // the same as without extended session security except the challenge
	Ryan Sleevi 2017/07/12 17:56:38 s/security except/security, except/ s/security except/security, except/ zentaro 2017/07/13 17:10:20 Done. Show quoted text On 2017/07/12 17:56:38, Ryan Sleevi wrote: > s/security except/security, except/ Done.
	98 // is the NTLMv1 session hash (See \|GenerateSessionHashV1WithSS\|) instead of

	99 // just \|server_challenge\|. See [MS-NLMP] Section 3.3.1.
	Ryan Sleevi 2017/07/12 17:56:38 This reads really weirdly - the "see" and "see" an This reads really weirdly - the "see" and "see" and just trying to grammatically fit this. It also seems like multiple other functions have to be read - but perhaps I've misunderstood? It might be easier to document what it is. zentaro 2017/07/13 17:10:19 Done. Show quoted text On 2017/07/12 17:56:38, Ryan Sleevi wrote: > This reads really weirdly - the "see" and "see" and just trying to grammatically > fit this. It also seems like multiple other functions have to be read - but > perhaps I've misunderstood? > > It might be easier to document what it is. Done.
	100 //

	101 // \|server_challenge\| must contain \|CHALLENGE_LEN\| bytes.

	102 // \|client_challenge\| must contain \|CHALLENGE_LEN\| bytes.

	103 // \|ntlm_response\| must contain \|RESPONSE_V1_LEN\| bytes.

	104 NET_EXPORT_PRIVATE void GenerateNtlmResponseV1WithSS(

	105 const base::string16& password,

	106 const uint8_t* server_challenge,

	107 const uint8_t* client_challenge,

	108 uint8_t* ntlm_response);

	109

	110 // Generates the responses for V1 with extended session security.

	111 // This is also known as NTLM2 (which is not the same as NTLMv2).

	112 // \|lm_response\| is the result of \|GenerateLMResponseV1WithSS\| and

	113 // \|ntlm_response\| is the result of \|GenerateNtlmResponseV1WithSS\|.

	114 // See [MS-NLMP] Section 3.3.1.

	115 //

	116 // \|server_challenge\| must contain \|CHALLENGE_LEN\| bytes.

	117 // \|client_challenge\| must contain \|CHALLENGE_LEN\| bytes.

	118 // \|ntlm_response\| must contain \|RESPONSE_V1_LEN\| bytes.

	119 NET_EXPORT_PRIVATE void GenerateResponsesV1WithSS(

	120 const base::string16& password,

	121 const uint8_t* server_challenge,

	122 const uint8_t* client_challenge,

	123 uint8_t* lm_response,

	124 uint8_t* ntlm_response);

	125

	126 } // namespace ntlm

	127 } // namespace net

	128

	129 #endif // NET_BASE_NTLM_H_

OLD	NEW

« net/ntlm/md4.cc ('K') | « net/ntlm/md4.cc ('k') | net/ntlm/ntlm.cc » ('j') | net/ntlm/ntlm_test_data.h » ('J')