Add unit tests for NTLMv1 portable implementation

net/http/ntlm_client.h

Index: net/http/ntlm_client.h
diff --git a/net/http/ntlm_client.h b/net/http/ntlm_client.h
new file mode 100644
index 0000000000000000000000000000000000000000..727d9d8417f856df0f74b3fe2808df45efb6964d
--- /dev/null
+++ b/net/http/ntlm_client.h
@@ -0,0 +1,102 @@
+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef NET_BASE_NTLM_CLIENT_H_
+#define NET_BASE_NTLM_CLIENT_H_
+
+#include <stddef.h>
+#include <stdint.h>
+
+#include <memory>
+
+#include "base/strings/string16.h"
+#include "base/strings/string_piece.h"
+#include "net/base/net_export.h"
+#include "net/http/ntlm.h"
+
+namespace base {
+struct MD5Digest;
+}
+
+namespace net {
+namespace ntlm {

[asanka, 2017/06/23 21:29:11]

It's was a bit tricky to locate the spec for each of the functions implemented
below. Shall we add the correct references? That way it's easier for someone
trying to verify the correctness and compliance of the implementation.

[zentaro, 2017/07/05 17:57:42]

Done.

+
+// Generates the NTLMv1 Hash and writes the 16 byte result to |hash|

[asanka, 2017/06/23 21:29:11]

NTOWFv1() as defined in Section 3.3.1 of [MS-NLMP].

[zentaro, 2017/07/05 17:57:42]

Done.

+NET_EXPORT_PRIVATE void GenerateNtlmHashV1(const base::string16& password,
+                                           uint8_t* hash);
+
+// Generates the 24 byte NTLMv1 response field according to DESL(K, V)
+// function in the NTLMSSP spec (Section 6 Appendix A)

[asanka, 2017/06/23 21:29:11]

[MS-NLMP] rev 28 Section 6

(Section 6 is Appendix A. No need to specify both.)

[zentaro, 2017/07/05 17:57:42]

Done.

+//
+// |hash| must contain at least 16 bytes.

[asanka, 2017/06/23 21:29:11]

"at least" is worrisome wording for a buffer whose length is left unspecified.
Let's drop the "at least" and make sure we don't touch anything outside of that.
Here and elsewhere.

Also give these buffer sizes names so that both the calling code and the called
implementation can use the same constants that govern buffer sizes.

[zentaro, 2017/07/05 17:57:42]

Done.

+// |challenge| must contain at least 8 bytes.
+// |response| must contain at least 24 bytes.
+NET_EXPORT_PRIVATE void GenerateResponseDesl(const uint8_t* hash,
+                                             const uint8_t* challenge,
+                                             uint8_t* response);
+
+// Generates the NTLM Response field for NTLMv1 without extended session
+// security.
+// |server_challenge| must contain at least 8 bytes.
+// |ntlm_response| must contain at least 24 bytes.
+NET_EXPORT_PRIVATE void GenerateNtlmResponseV1(const base::string16& password,
+                                               const uint8_t* server_challenge,
+                                               uint8_t* ntlm_response);
+
+// Generates both the LM Response and NTLM Response fields for NTLMv1 based
+// on the users password and the servers challenge.
+//
+// NOTE: This should not be used. It will only get used in V1 if the
+// |negotiate_flags_| passed to the constructor omit the
+// NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY flag.
+//
+// The default flags include this flag and the client will not be
+// downgraded by the server.
+//
+// |server_challenge| must contain at least 8 bytes.
+// |lm_response| must contain 24 bytes.
+// |ntlm_response| must contain 24 bytes.
+NET_EXPORT_PRIVATE void GenerateResponsesV1(const base::string16& password,
+                                            const uint8_t* server_challenge,
+                                            uint8_t* lm_response,
+                                            uint8_t* ntlm_response);
+
+// The LM Response in V1 with extended session security is 8 bytes of the
+// |client_challenge| then 16 bytes of zero. (See 3.3.1)
+// |lm_response| must contain at least 24 bytes.
+NET_EXPORT_PRIVATE void GenerateLMResponseV1WithSS(
+    const uint8_t* client_challenge,
+    uint8_t* lm_response);
+
+// The |session_hash| is MD5(CONCAT(server_challenge, client_challenge)).
+// It is used instead of just |server_challenge| when NTLMv1 with
+// extended session secruity is enabled. (See 3.3.1)
+NET_EXPORT_PRIVATE void GenerateSessionHashV1WithSS(
+    const uint8_t* server_challenge,
+    const uint8_t* client_challenge,
+    base::MD5Digest* session_hash);
+
+// The NTLM Response algorithm in V1 with extended session security is the
+// the same as without extended session security except the challenge
+// is the NTLMv1 session hash instead of |just server_challenge|.
+// See |GenerateSessionHashV1WithSS|.
+NET_EXPORT_PRIVATE void GenerateNtlmResponseV1WithSS(
+    const base::string16& password,
+    const uint8_t* server_challenge,
+    const uint8_t* client_challenge,
+    uint8_t* ntlm_response);
+
+// Generates the responses for V1 with extended session security.
+// This is also known as NTLM2 (which is not the same as NTLMv2).
+NET_EXPORT_PRIVATE void GenerateResponsesV1WithSS(
+    const base::string16& password,
+    const uint8_t* server_challenge,
+    const uint8_t* client_challenge,
+    uint8_t* lm_response,
+    uint8_t* ntlm_response);
+
+}  // namespace ntlm
+}  // namespace net
+
+#endif  // NET_BASE_NTLM_CLIENT_H_