Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(130)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/ntlm/ntlm_unittest.cc

Issue 2873673002: Add unit tests for NTLMv1 portable implementation (Closed)
Patch Set: Rebase Created 3 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/ntlm/ntlm_test_data.h ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright 2017 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 // Tests on exact results from cryptographic operations are based on test data
6 // provided in [MS-NLMP] Version 28.0 [1] Section 4.2.
7 //
8 // Additional sanity checks on the low level hashing operations test for
9 // properties of the outputs, such as whether the hashes change, whether they
10 // should be zeroed out, or whether they should be the same or different.
11 //
12 // [1] https://msdn.microsoft.com/en-us/library/cc236621.aspx
13
14 #include "net/ntlm/ntlm.h"
15
16 #include "base/strings/utf_string_conversions.h"
17 #include "net/ntlm/ntlm_test_data.h"
18 #include "testing/gtest/include/gtest/gtest.h"
19
20 namespace net {
21 namespace ntlm {
22
23 TEST(NtlmTest, GenerateNtlmHashV1PasswordSpecTests) {
24 uint8_t hash[kNtlmHashLen];
25 GenerateNtlmHashV1(test::kPassword, hash);
26 ASSERT_EQ(0, memcmp(hash, test::kExpectedNtlmHashV1, kNtlmHashLen));
27 }
28
29 TEST(NtlmTest, GenerateNtlmHashV1PasswordChangesHash) {
30 base::string16 password1 = base::UTF8ToUTF16("pwd01");
31 base::string16 password2 = base::UTF8ToUTF16("pwd02");
32 uint8_t hash1[kNtlmHashLen];
33 uint8_t hash2[kNtlmHashLen];
34
35 GenerateNtlmHashV1(password1, hash1);
36 GenerateNtlmHashV1(password2, hash2);
37
38 // Verify that the hash is different with a different password.
39 ASSERT_NE(0, memcmp(hash1, hash2, kNtlmHashLen));
40 }
41
42 TEST(NtlmTest, GenerateResponsesV1SpecTests) {
43 uint8_t lm_response[kResponseLenV1];
44 uint8_t ntlm_response[kResponseLenV1];
45 GenerateResponsesV1(test::kPassword, test::kServerChallenge, lm_response,
46 ntlm_response);
47
48 ASSERT_EQ(
49 0, memcmp(test::kExpectedNtlmResponseV1, ntlm_response, kResponseLenV1));
50
51 // This implementation never sends an LMv1 response (spec equivalent of the
52 // client variable NoLMResponseNTLMv1 being false) so the LM response is
53 // equal to the NTLM response when
54 // NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY is not negotiated. See
55 // [MS-NLMP] Section 3.3.1.
56 ASSERT_EQ(0,
57 memcmp(test::kExpectedNtlmResponseV1, lm_response, kResponseLenV1));
58 }
59
60 TEST(NtlmTest, GenerateResponsesV1WithSessionSecuritySpecTests) {
61 uint8_t lm_response[kResponseLenV1];
62 uint8_t ntlm_response[kResponseLenV1];
63 GenerateResponsesV1WithSessionSecurity(
64 test::kPassword, test::kServerChallenge, test::kClientChallenge,
65 lm_response, ntlm_response);
66
67 ASSERT_EQ(0, memcmp(test::kExpectedLmResponseWithV1SS, lm_response,
68 kResponseLenV1));
69 ASSERT_EQ(0, memcmp(test::kExpectedNtlmResponseWithV1SS, ntlm_response,
70 kResponseLenV1));
71 }
72
73 TEST(NtlmTest, GenerateResponsesV1WithSessionSecurityClientChallengeUsed) {
74 uint8_t lm_response1[kResponseLenV1];
75 uint8_t lm_response2[kResponseLenV1];
76 uint8_t ntlm_response1[kResponseLenV1];
77 uint8_t ntlm_response2[kResponseLenV1];
78 uint8_t client_challenge1[kChallengeLen];
79 uint8_t client_challenge2[kChallengeLen];
80
81 memset(client_challenge1, 0x01, kChallengeLen);
82 memset(client_challenge2, 0x02, kChallengeLen);
83
84 GenerateResponsesV1WithSessionSecurity(
85 test::kPassword, test::kServerChallenge, client_challenge1, lm_response1,
86 ntlm_response1);
87 GenerateResponsesV1WithSessionSecurity(
88 test::kPassword, test::kServerChallenge, client_challenge2, lm_response2,
89 ntlm_response2);
90
91 // The point of session security is that the client can introduce some
92 // randomness, so verify different client_challenge gives a different result.
93 ASSERT_NE(0, memcmp(lm_response1, lm_response2, kResponseLenV1));
94 ASSERT_NE(0, memcmp(ntlm_response1, ntlm_response2, kResponseLenV1));
95
96 // With session security the lm and ntlm hash should be different.
97 ASSERT_NE(0, memcmp(lm_response1, ntlm_response1, kResponseLenV1));
98 ASSERT_NE(0, memcmp(lm_response2, ntlm_response2, kResponseLenV1));
99 }
100
101 TEST(NtlmTest, GenerateResponsesV1WithSessionSecurityVerifySSUsed) {
102 uint8_t lm_response1[kResponseLenV1];
103 uint8_t lm_response2[kResponseLenV1];
104 uint8_t ntlm_response1[kResponseLenV1];
105 uint8_t ntlm_response2[kResponseLenV1];
106
107 GenerateResponsesV1WithSessionSecurity(
108 test::kPassword, test::kServerChallenge, test::kClientChallenge,
109 lm_response1, ntlm_response1);
110 GenerateResponsesV1(test::kPassword, test::kServerChallenge, lm_response2,
111 ntlm_response2);
112
113 // Verify that the responses with session security are not the
114 // same as without it.
115 ASSERT_NE(0, memcmp(lm_response1, lm_response2, kResponseLenV1));
116 ASSERT_NE(0, memcmp(ntlm_response1, ntlm_response2, kResponseLenV1));
117 }
118
119 } // namespace ntlm
120 } // namespace net
OLDNEW
« no previous file with comments | « net/ntlm/ntlm_test_data.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698