Index: net/http/ntlm_client_unittest.cc |
diff --git a/net/http/ntlm_client_unittest.cc b/net/http/ntlm_client_unittest.cc |
new file mode 100644 |
index 0000000000000000000000000000000000000000..1839d23f15ce8987ce64e32e11efc082e7d67499 |
--- /dev/null |
+++ b/net/http/ntlm_client_unittest.cc |
@@ -0,0 +1,99 @@ |
+// Copyright (c) 2017 The Chromium Authors. All rights reserved. |
+// Use of this source code is governed by a BSD-style license that can be |
+// found in the LICENSE file. |
+ |
+// Since many of the static helpers are crypto/hash functions that output |
+// a buffer; matching exact results would entail implementing them all |
+// again in the tests. So the tests on the low level hashing operations |
+// test for other properties of the outputs, such as whether the hashes |
+// change, whether they should be zeroed out, or whether they should |
+// be the same or different. |
+ |
+#include "net/http/ntlm_client.h" |
+ |
+#include "base/strings/utf_string_conversions.h" |
+#include "testing/gtest/include/gtest/gtest.h" |
+ |
+namespace net { |
+ |
+TEST(NtlmClientTest, GenerateNtlmHashV1PasswordChangesHash) { |
+ base::string16 password1 = base::UTF8ToUTF16("pwd01"); |
+ base::string16 password2 = base::UTF8ToUTF16("pwd02"); |
+ uint8_t hash1[ntlm::NTLM_HASH_LEN]; |
Ryan Sleevi
2017/06/08 18:47:43
= {0}; ?
zentaro
2017/06/12 23:16:54
Per previous reply.
|
+ uint8_t hash2[ntlm::NTLM_HASH_LEN]; |
+ |
+ ntlm::GenerateNtlmHashV1(password1, hash1); |
+ ntlm::GenerateNtlmHashV1(password2, hash2); |
+ |
+ // Verify that the hash is different with a different password. |
+ EXPECT_TRUE(memcmp(hash1, hash2, ntlm::NTLM_HASH_LEN) != 0); |
Ryan Sleevi
2017/06/08 18:47:43
EXPECT_EQ(0, memcmp(...))
zentaro
2017/06/12 23:16:54
Actually EXPECT_NE. But done and elsewhere.
|
+} |
+ |
+TEST(NtlmClientTest, GenerateResponsesV1ResponsesTheSame) { |
+ base::string16 password = base::UTF8ToUTF16("pwd"); |
+ |
+ uint8_t lm_response[ntlm::RESPONSE_V1_LEN]; |
+ uint8_t ntlm_response[ntlm::RESPONSE_V1_LEN]; |
+ uint8_t server_challenge[ntlm::CHALLENGE_LEN]; |
+ |
+ // The lm and ntlm responses should be the same. |
+ ntlm::GenerateResponsesV1(password, server_challenge, lm_response, |
+ ntlm_response); |
+ EXPECT_EQ(0, memcmp(lm_response, ntlm_response, ntlm::RESPONSE_V1_LEN)); |
+} |
+ |
+TEST(NtlmClientTest, GenerateResponsesV1WithSSClientChallengeUsed) { |
+ base::string16 password = base::UTF8ToUTF16("pwd"); |
+ |
+ uint8_t lm_response1[ntlm::RESPONSE_V1_LEN]; |
+ uint8_t lm_response2[ntlm::RESPONSE_V1_LEN]; |
+ uint8_t ntlm_response1[ntlm::RESPONSE_V1_LEN]; |
+ uint8_t ntlm_response2[ntlm::RESPONSE_V1_LEN]; |
+ uint8_t server_challenge[ntlm::CHALLENGE_LEN]; |
+ uint8_t client_challenge1[ntlm::CHALLENGE_LEN]; |
+ uint8_t client_challenge2[ntlm::CHALLENGE_LEN]; |
+ |
+ memset(client_challenge1, 1, ntlm::CHALLENGE_LEN); |
+ memset(client_challenge2, 2, ntlm::CHALLENGE_LEN); |
+ |
+ ntlm::GenerateResponsesV1WithSS(password, server_challenge, client_challenge1, |
+ lm_response1, ntlm_response1); |
+ ntlm::GenerateResponsesV1WithSS(password, server_challenge, client_challenge2, |
+ lm_response2, ntlm_response2); |
+ |
+ // The point of session security is that the client can introduce some |
+ // randomness, so verify different client_challenge gives a different result. |
+ EXPECT_TRUE(memcmp(lm_response1, lm_response2, ntlm::RESPONSE_V1_LEN) != 0); |
+ EXPECT_TRUE(memcmp(ntlm_response1, ntlm_response2, ntlm::RESPONSE_V1_LEN) != |
+ 0); |
+ |
+ // With session security the lm and ntlm hash should be different. |
+ EXPECT_TRUE(memcmp(lm_response1, ntlm_response1, ntlm::RESPONSE_V1_LEN) != 0); |
+ EXPECT_TRUE(memcmp(lm_response2, ntlm_response2, ntlm::RESPONSE_V1_LEN) != 0); |
+} |
+ |
+TEST(NtlmClientTest, GenerateResponsesV1WithSSVerifySSUsed) { |
+ base::string16 password = base::UTF8ToUTF16("pwd"); |
+ |
+ uint8_t lm_response1[ntlm::RESPONSE_V1_LEN]; |
+ uint8_t lm_response2[ntlm::RESPONSE_V1_LEN]; |
+ uint8_t ntlm_response1[ntlm::RESPONSE_V1_LEN]; |
+ uint8_t ntlm_response2[ntlm::RESPONSE_V1_LEN]; |
+ uint8_t server_challenge[ntlm::CHALLENGE_LEN]; |
+ uint8_t client_challenge[ntlm::CHALLENGE_LEN]; |
+ |
+ memset(client_challenge, 1, ntlm::CHALLENGE_LEN); |
+ |
+ ntlm::GenerateResponsesV1WithSS(password, server_challenge, client_challenge, |
+ lm_response1, ntlm_response1); |
+ ntlm::GenerateResponsesV1(password, server_challenge, lm_response2, |
+ ntlm_response2); |
+ |
+ // Verify that the responses with session security are not the |
+ // same as without it. |
+ EXPECT_TRUE(memcmp(lm_response1, lm_response2, ntlm::RESPONSE_V1_LEN) != 0); |
+ EXPECT_TRUE(memcmp(ntlm_response1, ntlm_response2, ntlm::RESPONSE_V1_LEN) != |
+ 0); |
+} |
+ |
+} // namespace net |