OLD | NEW |
---|---|
(Empty) | |
1 // Copyright 2017 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 // Based on [MS-NLMP]: NT LAN Manager (NTLM) Authentication Protocol | |
6 // Specification version 28.0 [1]. Additional NTLM reference [2]. | |
7 // | |
8 // [1] https://msdn.microsoft.com/en-us/library/cc236621.aspx | |
9 // [2] http://davenport.sourceforge.net/ntlm.html | |
10 | |
11 #ifndef NET_BASE_NTLM_H_ | |
12 #define NET_BASE_NTLM_H_ | |
13 | |
14 #include <stddef.h> | |
15 #include <stdint.h> | |
16 | |
17 #include <memory> | |
18 | |
19 #include "base/strings/string16.h" | |
20 #include "base/strings/string_piece.h" | |
21 #include "net/base/net_export.h" | |
22 #include "net/ntlm/ntlm_constants.h" | |
23 | |
24 namespace base { | |
25 struct MD5Digest; | |
26 } | |
27 | |
28 namespace net { | |
29 namespace ntlm { | |
30 | |
31 // Generates the NTLMv1 Hash and writes the |kNtlmHashLen| byte result to | |
32 // |hash|. Defined by NTOWFv1() in [MS-NLMP] Section 3.3.1. | |
33 NET_EXPORT_PRIVATE void GenerateNtlmHashV1(const base::string16& password, | |
34 uint8_t* hash); | |
35 | |
36 // Generates the |kResponseLenV1| byte NTLMv1 response field according to the | |
37 // DESL(K, V) function in [MS-NLMP] Section 6. | |
38 // | |
39 // |hash| must contain |kNtlmHashLen| bytes. | |
40 // |challenge| must contain |kChallengeLen| bytes. | |
41 // |response| must contain |kResponseLenV1| bytes. | |
42 NET_EXPORT_PRIVATE void GenerateResponseDesl(const uint8_t* hash, | |
43 const uint8_t* challenge, | |
44 uint8_t* response); | |
45 | |
46 // Generates the NTLM Response field for NTLMv1 without extended session | |
47 // security. Defined by ComputeResponse() in [MS-NLMP] Section 3.3.1 for the | |
48 // case where NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY is not set. | |
49 // |server_challenge| must contain |kChallengeLen| bytes. | |
50 // |ntlm_response| must contain |kResponseLenV1| bytes. | |
51 NET_EXPORT_PRIVATE void GenerateNtlmResponseV1(const base::string16& password, | |
52 const uint8_t* server_challenge, | |
53 uint8_t* ntlm_response); | |
54 | |
55 // Generates both the LM Response and NTLM Response fields for NTLMv1 based | |
56 // on the users password and the servers challenge. Both the LM and NTLM | |
57 // Response are the result of |GenerateNtlmResponseV1|. | |
58 // | |
59 // NOTE: This should not be used. The default flags always include session | |
60 // security. Session security can however be disabled in NTLMv1 by omitting | |
61 // NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY from the flag set used to | |
62 // initialize |NtlmClient|. | |
63 // | |
64 // The default flags include this flag and the client will not be | |
65 // downgraded by the server. | |
66 // | |
67 // |server_challenge| must contain |kChallengeLen| bytes. | |
68 // |lm_response| must contain |kResponseLenV1| bytes. | |
69 // |ntlm_response| must contain |kResponseLenV1| bytes. | |
70 NET_EXPORT_PRIVATE void GenerateResponsesV1(const base::string16& password, | |
71 const uint8_t* server_challenge, | |
72 uint8_t* lm_response, | |
73 uint8_t* ntlm_response); | |
74 | |
75 // The LM Response in V1 with extended session security is 8 bytes of the | |
76 // |client_challenge| then 16 bytes of zero. This is the value | |
77 // LmChallengeResponse in ComputeResponse() when | |
78 // NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY is set. See [MS-NLMP] Section | |
79 // 3.3.1. | |
80 // |lm_response| must contain |kResponseLenV1| bytes. | |
Ryan Sleevi
2017/07/13 17:39:54
You introduce a newline in the other bits of docum
zentaro
2017/07/13 18:20:31
Done.
| |
81 NET_EXPORT_PRIVATE void GenerateLMResponseV1WithSessionSecurity( | |
82 const uint8_t* client_challenge, | |
83 uint8_t* lm_response); | |
84 | |
85 // The |session_hash| is MD5(CONCAT(server_challenge, client_challenge)). | |
86 // It is used instead of just |server_challenge| in NTLMv1 when | |
87 // NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY is set. See [MS-NLMP] Section | |
88 // 3.3.1. | |
89 // | |
90 // |server_challenge| must contain |kChallengeLen| bytes. | |
91 // |client_challenge| must contain |kChallengeLen| bytes. | |
92 NET_EXPORT_PRIVATE void GenerateSessionHashV1WithSessionSecurity( | |
93 const uint8_t* server_challenge, | |
94 const uint8_t* client_challenge, | |
95 base::MD5Digest* session_hash); | |
96 | |
97 // Generates the NTLM Response for NTLMv1 with session security. | |
98 // Defined by ComputeResponse() in [MS-NLMP] Section 3.3.1 for the | |
99 // case where NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY is set. | |
100 // | |
101 // |server_challenge| must contain |kChallengeLen| bytes. | |
102 // |client_challenge| must contain |kChallengeLen| bytes. | |
103 // |ntlm_response| must contain |kResponseLenV1| bytes. | |
104 NET_EXPORT_PRIVATE void GenerateNtlmResponseV1WithSessionSecurity( | |
105 const base::string16& password, | |
106 const uint8_t* server_challenge, | |
107 const uint8_t* client_challenge, | |
108 uint8_t* ntlm_response); | |
109 | |
110 // Generates the responses for V1 with extended session security. | |
111 // This is also known as NTLM2 (which is not the same as NTLMv2). | |
112 // |lm_response| is the result of |GenerateLMResponseV1WithSessionSecurity| and | |
113 // |ntlm_response| is the result of |GenerateNtlmResponseV1WithSessionSecurity|. | |
114 // See [MS-NLMP] Section 3.3.1. | |
115 // | |
116 // |server_challenge| must contain |kChallengeLen| bytes. | |
117 // |client_challenge| must contain |kChallengeLen| bytes. | |
118 // |ntlm_response| must contain |kResponseLenV1| bytes. | |
119 NET_EXPORT_PRIVATE void GenerateResponsesV1WithSessionSecurity( | |
120 const base::string16& password, | |
121 const uint8_t* server_challenge, | |
122 const uint8_t* client_challenge, | |
123 uint8_t* lm_response, | |
124 uint8_t* ntlm_response); | |
125 | |
126 } // namespace ntlm | |
127 } // namespace net | |
128 | |
129 #endif // NET_BASE_NTLM_H_ | |
OLD | NEW |