OLD | NEW |
(Empty) | |
| 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 // Tests on exact results from cryptographic operations are based on test data |
| 6 // provided in [MS-NLMP] Version 28.0 [1] Section 4.2. |
| 7 // |
| 8 // Additional sanity checks on the low level hashing operations test for |
| 9 // properties of the outputs, such as whether the hashes change, whether they |
| 10 // should be zeroed out, or whether they should be the same or different. |
| 11 // |
| 12 // [1] https://msdn.microsoft.com/en-us/library/cc236621.aspx |
| 13 |
| 14 #include "net/ntlm/ntlm.h" |
| 15 |
| 16 #include "base/strings/utf_string_conversions.h" |
| 17 #include "net/ntlm/ntlm_test_data.h" |
| 18 #include "testing/gtest/include/gtest/gtest.h" |
| 19 |
| 20 namespace net { |
| 21 namespace ntlm { |
| 22 |
| 23 TEST(NtlmTest, GenerateNtlmHashV1PasswordSpecTests) { |
| 24 uint8_t hash[kNtlmHashLen]; |
| 25 GenerateNtlmHashV1(test::kPassword, hash); |
| 26 ASSERT_EQ(0, memcmp(hash, test::kExpectedNtlmHashV1, kNtlmHashLen)); |
| 27 } |
| 28 |
| 29 TEST(NtlmTest, GenerateNtlmHashV1PasswordChangesHash) { |
| 30 base::string16 password1 = base::UTF8ToUTF16("pwd01"); |
| 31 base::string16 password2 = base::UTF8ToUTF16("pwd02"); |
| 32 uint8_t hash1[kNtlmHashLen]; |
| 33 uint8_t hash2[kNtlmHashLen]; |
| 34 |
| 35 GenerateNtlmHashV1(password1, hash1); |
| 36 GenerateNtlmHashV1(password2, hash2); |
| 37 |
| 38 // Verify that the hash is different with a different password. |
| 39 ASSERT_NE(0, memcmp(hash1, hash2, kNtlmHashLen)); |
| 40 } |
| 41 |
| 42 TEST(NtlmTest, GenerateResponsesV1SpecTests) { |
| 43 uint8_t lm_response[kResponseLenV1]; |
| 44 uint8_t ntlm_response[kResponseLenV1]; |
| 45 GenerateResponsesV1(test::kPassword, test::kServerChallenge, lm_response, |
| 46 ntlm_response); |
| 47 |
| 48 ASSERT_EQ( |
| 49 0, memcmp(test::kExpectedNtlmResponseV1, ntlm_response, kResponseLenV1)); |
| 50 |
| 51 // This implementation never sends an LMv1 response (spec equivalent of the |
| 52 // client variable NoLMResponseNTLMv1 being false) so the LM response is |
| 53 // equal to the NTLM response when |
| 54 // NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY is not negotiated. See |
| 55 // [MS-NLMP] Section 3.3.1. |
| 56 ASSERT_EQ(0, |
| 57 memcmp(test::kExpectedNtlmResponseV1, lm_response, kResponseLenV1)); |
| 58 } |
| 59 |
| 60 TEST(NtlmTest, GenerateResponsesV1WithSessionSecuritySpecTests) { |
| 61 uint8_t lm_response[kResponseLenV1]; |
| 62 uint8_t ntlm_response[kResponseLenV1]; |
| 63 GenerateResponsesV1WithSessionSecurity( |
| 64 test::kPassword, test::kServerChallenge, test::kClientChallenge, |
| 65 lm_response, ntlm_response); |
| 66 |
| 67 ASSERT_EQ(0, memcmp(test::kExpectedLmResponseWithV1SS, lm_response, |
| 68 kResponseLenV1)); |
| 69 ASSERT_EQ(0, memcmp(test::kExpectedNtlmResponseWithV1SS, ntlm_response, |
| 70 kResponseLenV1)); |
| 71 } |
| 72 |
| 73 TEST(NtlmTest, GenerateResponsesV1WithSessionSecurityClientChallengeUsed) { |
| 74 uint8_t lm_response1[kResponseLenV1]; |
| 75 uint8_t lm_response2[kResponseLenV1]; |
| 76 uint8_t ntlm_response1[kResponseLenV1]; |
| 77 uint8_t ntlm_response2[kResponseLenV1]; |
| 78 uint8_t client_challenge1[kChallengeLen]; |
| 79 uint8_t client_challenge2[kChallengeLen]; |
| 80 |
| 81 memset(client_challenge1, 0x01, kChallengeLen); |
| 82 memset(client_challenge2, 0x02, kChallengeLen); |
| 83 |
| 84 GenerateResponsesV1WithSessionSecurity( |
| 85 test::kPassword, test::kServerChallenge, client_challenge1, lm_response1, |
| 86 ntlm_response1); |
| 87 GenerateResponsesV1WithSessionSecurity( |
| 88 test::kPassword, test::kServerChallenge, client_challenge2, lm_response2, |
| 89 ntlm_response2); |
| 90 |
| 91 // The point of session security is that the client can introduce some |
| 92 // randomness, so verify different client_challenge gives a different result. |
| 93 ASSERT_NE(0, memcmp(lm_response1, lm_response2, kResponseLenV1)); |
| 94 ASSERT_NE(0, memcmp(ntlm_response1, ntlm_response2, kResponseLenV1)); |
| 95 |
| 96 // With session security the lm and ntlm hash should be different. |
| 97 ASSERT_NE(0, memcmp(lm_response1, ntlm_response1, kResponseLenV1)); |
| 98 ASSERT_NE(0, memcmp(lm_response2, ntlm_response2, kResponseLenV1)); |
| 99 } |
| 100 |
| 101 TEST(NtlmTest, GenerateResponsesV1WithSessionSecurityVerifySSUsed) { |
| 102 uint8_t lm_response1[kResponseLenV1]; |
| 103 uint8_t lm_response2[kResponseLenV1]; |
| 104 uint8_t ntlm_response1[kResponseLenV1]; |
| 105 uint8_t ntlm_response2[kResponseLenV1]; |
| 106 |
| 107 GenerateResponsesV1WithSessionSecurity( |
| 108 test::kPassword, test::kServerChallenge, test::kClientChallenge, |
| 109 lm_response1, ntlm_response1); |
| 110 GenerateResponsesV1(test::kPassword, test::kServerChallenge, lm_response2, |
| 111 ntlm_response2); |
| 112 |
| 113 // Verify that the responses with session security are not the |
| 114 // same as without it. |
| 115 ASSERT_NE(0, memcmp(lm_response1, lm_response2, kResponseLenV1)); |
| 116 ASSERT_NE(0, memcmp(ntlm_response1, ntlm_response2, kResponseLenV1)); |
| 117 } |
| 118 |
| 119 } // namespace ntlm |
| 120 } // namespace net |
OLD | NEW |