OLD | NEW |
(Empty) | |
| 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 // Based on [MS-NLMP]: NT LAN Manager (NTLM) Authentication Protocol |
| 6 // Specification version 28.0 [1]. Additional NTLM reference [2]. |
| 7 // |
| 8 // [1] https://msdn.microsoft.com/en-us/library/cc236621.aspx |
| 9 // [2] http://davenport.sourceforge.net/ntlm.html |
| 10 |
| 11 #ifndef NET_BASE_NTLM_H_ |
| 12 #define NET_BASE_NTLM_H_ |
| 13 |
| 14 #include <stddef.h> |
| 15 #include <stdint.h> |
| 16 |
| 17 #include <memory> |
| 18 |
| 19 #include "base/strings/string16.h" |
| 20 #include "base/strings/string_piece.h" |
| 21 #include "net/base/net_export.h" |
| 22 #include "net/ntlm/ntlm_constants.h" |
| 23 |
| 24 namespace base { |
| 25 struct MD5Digest; |
| 26 } |
| 27 |
| 28 namespace net { |
| 29 namespace ntlm { |
| 30 |
| 31 // Generates the NTLMv1 Hash and writes the |kNtlmHashLen| byte result to |
| 32 // |hash|. Defined by NTOWFv1() in [MS-NLMP] Section 3.3.1. |
| 33 NET_EXPORT_PRIVATE void GenerateNtlmHashV1(const base::string16& password, |
| 34 uint8_t* hash); |
| 35 |
| 36 // Generates the |kResponseLenV1| byte NTLMv1 response field according to the |
| 37 // DESL(K, V) function in [MS-NLMP] Section 6. |
| 38 // |
| 39 // |hash| must contain |kNtlmHashLen| bytes. |
| 40 // |challenge| must contain |kChallengeLen| bytes. |
| 41 // |response| must contain |kResponseLenV1| bytes. |
| 42 NET_EXPORT_PRIVATE void GenerateResponseDesl(const uint8_t* hash, |
| 43 const uint8_t* challenge, |
| 44 uint8_t* response); |
| 45 |
| 46 // Generates the NTLM Response field for NTLMv1 without extended session |
| 47 // security. Defined by ComputeResponse() in [MS-NLMP] Section 3.3.1 for the |
| 48 // case where NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY is not set. |
| 49 // |
| 50 // |server_challenge| must contain |kChallengeLen| bytes. |
| 51 // |ntlm_response| must contain |kResponseLenV1| bytes. |
| 52 NET_EXPORT_PRIVATE void GenerateNtlmResponseV1(const base::string16& password, |
| 53 const uint8_t* server_challenge, |
| 54 uint8_t* ntlm_response); |
| 55 |
| 56 // Generates both the LM Response and NTLM Response fields for NTLMv1 based |
| 57 // on the users password and the servers challenge. Both the LM and NTLM |
| 58 // Response are the result of |GenerateNtlmResponseV1|. |
| 59 // |
| 60 // NOTE: This should not be used. The default flags always include session |
| 61 // security. Session security can however be disabled in NTLMv1 by omitting |
| 62 // NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY from the flag set used to |
| 63 // initialize |NtlmClient|. |
| 64 // |
| 65 // The default flags include this flag and the client will not be |
| 66 // downgraded by the server. |
| 67 // |
| 68 // |server_challenge| must contain |kChallengeLen| bytes. |
| 69 // |lm_response| must contain |kResponseLenV1| bytes. |
| 70 // |ntlm_response| must contain |kResponseLenV1| bytes. |
| 71 NET_EXPORT_PRIVATE void GenerateResponsesV1(const base::string16& password, |
| 72 const uint8_t* server_challenge, |
| 73 uint8_t* lm_response, |
| 74 uint8_t* ntlm_response); |
| 75 |
| 76 // The LM Response in V1 with extended session security is 8 bytes of the |
| 77 // |client_challenge| then 16 bytes of zero. This is the value |
| 78 // LmChallengeResponse in ComputeResponse() when |
| 79 // NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY is set. See [MS-NLMP] Section |
| 80 // 3.3.1. |
| 81 // |
| 82 // |lm_response| must contain |kResponseLenV1| bytes. |
| 83 NET_EXPORT_PRIVATE void GenerateLMResponseV1WithSessionSecurity( |
| 84 const uint8_t* client_challenge, |
| 85 uint8_t* lm_response); |
| 86 |
| 87 // The |session_hash| is MD5(CONCAT(server_challenge, client_challenge)). |
| 88 // It is used instead of just |server_challenge| in NTLMv1 when |
| 89 // NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY is set. See [MS-NLMP] Section |
| 90 // 3.3.1. |
| 91 // |
| 92 // |server_challenge| must contain |kChallengeLen| bytes. |
| 93 // |client_challenge| must contain |kChallengeLen| bytes. |
| 94 NET_EXPORT_PRIVATE void GenerateSessionHashV1WithSessionSecurity( |
| 95 const uint8_t* server_challenge, |
| 96 const uint8_t* client_challenge, |
| 97 base::MD5Digest* session_hash); |
| 98 |
| 99 // Generates the NTLM Response for NTLMv1 with session security. |
| 100 // Defined by ComputeResponse() in [MS-NLMP] Section 3.3.1 for the |
| 101 // case where NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY is set. |
| 102 // |
| 103 // |server_challenge| must contain |kChallengeLen| bytes. |
| 104 // |client_challenge| must contain |kChallengeLen| bytes. |
| 105 // |ntlm_response| must contain |kResponseLenV1| bytes. |
| 106 NET_EXPORT_PRIVATE void GenerateNtlmResponseV1WithSessionSecurity( |
| 107 const base::string16& password, |
| 108 const uint8_t* server_challenge, |
| 109 const uint8_t* client_challenge, |
| 110 uint8_t* ntlm_response); |
| 111 |
| 112 // Generates the responses for V1 with extended session security. |
| 113 // This is also known as NTLM2 (which is not the same as NTLMv2). |
| 114 // |lm_response| is the result of |GenerateLMResponseV1WithSessionSecurity| and |
| 115 // |ntlm_response| is the result of |GenerateNtlmResponseV1WithSessionSecurity|. |
| 116 // See [MS-NLMP] Section 3.3.1. |
| 117 // |
| 118 // |server_challenge| must contain |kChallengeLen| bytes. |
| 119 // |client_challenge| must contain |kChallengeLen| bytes. |
| 120 // |ntlm_response| must contain |kResponseLenV1| bytes. |
| 121 NET_EXPORT_PRIVATE void GenerateResponsesV1WithSessionSecurity( |
| 122 const base::string16& password, |
| 123 const uint8_t* server_challenge, |
| 124 const uint8_t* client_challenge, |
| 125 uint8_t* lm_response, |
| 126 uint8_t* ntlm_response); |
| 127 |
| 128 } // namespace ntlm |
| 129 } // namespace net |
| 130 |
| 131 #endif // NET_BASE_NTLM_H_ |
OLD | NEW |