Add unit tests for NTLMv1 portable implementation

net/http/ntlm_client_unittest.cc

Index: net/http/ntlm_client_unittest.cc
diff --git a/net/http/ntlm_client_unittest.cc b/net/http/ntlm_client_unittest.cc
new file mode 100644
index 0000000000000000000000000000000000000000..1839d23f15ce8987ce64e32e11efc082e7d67499
--- /dev/null
+++ b/net/http/ntlm_client_unittest.cc
@@ -0,0 +1,99 @@
+// Copyright (c) 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Since many of the static helpers are crypto/hash functions that output
+// a buffer; matching exact results would entail implementing them all
+// again in the tests. So the tests on the low level hashing operations
+// test for other properties of the outputs, such as whether the hashes
+// change, whether they should be zeroed out, or whether they should
+// be the same or different.
+
+#include "net/http/ntlm_client.h"
+
+#include "base/strings/utf_string_conversions.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+namespace net {
+
+TEST(NtlmClientTest, GenerateNtlmHashV1PasswordChangesHash) {
+  base::string16 password1 = base::UTF8ToUTF16("pwd01");
+  base::string16 password2 = base::UTF8ToUTF16("pwd02");
+  uint8_t hash1[ntlm::NTLM_HASH_LEN];

[Ryan Sleevi, 2017/06/08 18:47:43]

= {0}; ?

[zentaro, 2017/06/12 23:16:54]

Per previous reply.

+  uint8_t hash2[ntlm::NTLM_HASH_LEN];
+
+  ntlm::GenerateNtlmHashV1(password1, hash1);
+  ntlm::GenerateNtlmHashV1(password2, hash2);
+
+  // Verify that the hash is different with a different password.
+  EXPECT_TRUE(memcmp(hash1, hash2, ntlm::NTLM_HASH_LEN) != 0);

[Ryan Sleevi, 2017/06/08 18:47:43]

EXPECT_EQ(0, memcmp(...))

[zentaro, 2017/06/12 23:16:54]

Actually EXPECT_NE. But done and elsewhere.

+}
+
+TEST(NtlmClientTest, GenerateResponsesV1ResponsesTheSame) {
+  base::string16 password = base::UTF8ToUTF16("pwd");
+
+  uint8_t lm_response[ntlm::RESPONSE_V1_LEN];
+  uint8_t ntlm_response[ntlm::RESPONSE_V1_LEN];
+  uint8_t server_challenge[ntlm::CHALLENGE_LEN];
+
+  // The lm and ntlm responses should be the same.
+  ntlm::GenerateResponsesV1(password, server_challenge, lm_response,
+                            ntlm_response);
+  EXPECT_EQ(0, memcmp(lm_response, ntlm_response, ntlm::RESPONSE_V1_LEN));
+}
+
+TEST(NtlmClientTest, GenerateResponsesV1WithSSClientChallengeUsed) {
+  base::string16 password = base::UTF8ToUTF16("pwd");
+
+  uint8_t lm_response1[ntlm::RESPONSE_V1_LEN];
+  uint8_t lm_response2[ntlm::RESPONSE_V1_LEN];
+  uint8_t ntlm_response1[ntlm::RESPONSE_V1_LEN];
+  uint8_t ntlm_response2[ntlm::RESPONSE_V1_LEN];
+  uint8_t server_challenge[ntlm::CHALLENGE_LEN];
+  uint8_t client_challenge1[ntlm::CHALLENGE_LEN];
+  uint8_t client_challenge2[ntlm::CHALLENGE_LEN];
+
+  memset(client_challenge1, 1, ntlm::CHALLENGE_LEN);
+  memset(client_challenge2, 2, ntlm::CHALLENGE_LEN);
+
+  ntlm::GenerateResponsesV1WithSS(password, server_challenge, client_challenge1,
+                                  lm_response1, ntlm_response1);
+  ntlm::GenerateResponsesV1WithSS(password, server_challenge, client_challenge2,
+                                  lm_response2, ntlm_response2);
+
+  // The point of session security is that the client can introduce some
+  // randomness, so verify different client_challenge gives a different result.
+  EXPECT_TRUE(memcmp(lm_response1, lm_response2, ntlm::RESPONSE_V1_LEN) != 0);
+  EXPECT_TRUE(memcmp(ntlm_response1, ntlm_response2, ntlm::RESPONSE_V1_LEN) !=
+              0);
+
+  // With session security the lm and ntlm hash should be different.
+  EXPECT_TRUE(memcmp(lm_response1, ntlm_response1, ntlm::RESPONSE_V1_LEN) != 0);
+  EXPECT_TRUE(memcmp(lm_response2, ntlm_response2, ntlm::RESPONSE_V1_LEN) != 0);
+}
+
+TEST(NtlmClientTest, GenerateResponsesV1WithSSVerifySSUsed) {
+  base::string16 password = base::UTF8ToUTF16("pwd");
+
+  uint8_t lm_response1[ntlm::RESPONSE_V1_LEN];
+  uint8_t lm_response2[ntlm::RESPONSE_V1_LEN];
+  uint8_t ntlm_response1[ntlm::RESPONSE_V1_LEN];
+  uint8_t ntlm_response2[ntlm::RESPONSE_V1_LEN];
+  uint8_t server_challenge[ntlm::CHALLENGE_LEN];
+  uint8_t client_challenge[ntlm::CHALLENGE_LEN];
+
+  memset(client_challenge, 1, ntlm::CHALLENGE_LEN);
+
+  ntlm::GenerateResponsesV1WithSS(password, server_challenge, client_challenge,
+                                  lm_response1, ntlm_response1);
+  ntlm::GenerateResponsesV1(password, server_challenge, lm_response2,
+                            ntlm_response2);
+
+  // Verify that the responses with session security are not the
+  // same as without it.
+  EXPECT_TRUE(memcmp(lm_response1, lm_response2, ntlm::RESPONSE_V1_LEN) != 0);
+  EXPECT_TRUE(memcmp(ntlm_response1, ntlm_response2, ntlm::RESPONSE_V1_LEN) !=
+              0);
+}
+
+}  // namespace net