Index: net/http/ntlm_client_unittest.cc |
diff --git a/net/http/ntlm_client_unittest.cc b/net/http/ntlm_client_unittest.cc |
new file mode 100644 |
index 0000000000000000000000000000000000000000..0d60a8d1a5e6b9980aa1a9ba931dd903052e28b6 |
--- /dev/null |
+++ b/net/http/ntlm_client_unittest.cc |
@@ -0,0 +1,97 @@ |
+// Copyright 2017 The Chromium Authors. All rights reserved. |
+// Use of this source code is governed by a BSD-style license that can be |
+// found in the LICENSE file. |
+ |
+// Since many of the static helpers are crypto/hash functions that output |
+// a buffer; matching exact results would entail implementing them all |
+// again in the tests. So the tests on the low level hashing operations |
+// test for other properties of the outputs, such as whether the hashes |
+// change, whether they should be zeroed out, or whether they should |
+// be the same or different. |
+ |
+#include "net/http/ntlm_client.h" |
+ |
+#include "base/strings/utf_string_conversions.h" |
+#include "testing/gtest/include/gtest/gtest.h" |
+ |
+namespace net { |
+namespace ntlm { |
+ |
asanka
2017/06/23 21:29:11
Please use the test vectors in section 4.2 (Crypto
zentaro
2017/07/05 17:57:42
I never even noticed they were there!
|
+TEST(NtlmClientTest, GenerateNtlmHashV1PasswordChangesHash) { |
+ base::string16 password1 = base::UTF8ToUTF16("pwd01"); |
+ base::string16 password2 = base::UTF8ToUTF16("pwd02"); |
+ uint8_t hash1[NTLM_HASH_LEN]; |
+ uint8_t hash2[NTLM_HASH_LEN]; |
+ |
+ GenerateNtlmHashV1(password1, hash1); |
+ GenerateNtlmHashV1(password2, hash2); |
+ |
+ // Verify that the hash is different with a different password. |
+ EXPECT_NE(0, memcmp(hash1, hash2, NTLM_HASH_LEN)); |
+} |
+ |
+TEST(NtlmClientTest, GenerateResponsesV1ResponsesTheSame) { |
+ base::string16 password = base::UTF8ToUTF16("pwd"); |
+ |
+ uint8_t lm_response[RESPONSE_V1_LEN]; |
+ uint8_t ntlm_response[RESPONSE_V1_LEN]; |
+ uint8_t server_challenge[CHALLENGE_LEN]; |
+ |
+ // The lm and ntlm responses should be the same. |
+ GenerateResponsesV1(password, server_challenge, lm_response, ntlm_response); |
+ EXPECT_EQ(0, memcmp(lm_response, ntlm_response, RESPONSE_V1_LEN)); |
+} |
+ |
+TEST(NtlmClientTest, GenerateResponsesV1WithSSClientChallengeUsed) { |
+ base::string16 password = base::UTF8ToUTF16("pwd"); |
+ |
+ uint8_t lm_response1[RESPONSE_V1_LEN]; |
+ uint8_t lm_response2[RESPONSE_V1_LEN]; |
+ uint8_t ntlm_response1[RESPONSE_V1_LEN]; |
+ uint8_t ntlm_response2[RESPONSE_V1_LEN]; |
+ uint8_t server_challenge[CHALLENGE_LEN]; |
+ uint8_t client_challenge1[CHALLENGE_LEN]; |
+ uint8_t client_challenge2[CHALLENGE_LEN]; |
+ |
+ memset(client_challenge1, 1, CHALLENGE_LEN); |
+ memset(client_challenge2, 2, CHALLENGE_LEN); |
+ |
+ GenerateResponsesV1WithSS(password, server_challenge, client_challenge1, |
+ lm_response1, ntlm_response1); |
+ GenerateResponsesV1WithSS(password, server_challenge, client_challenge2, |
+ lm_response2, ntlm_response2); |
+ |
+ // The point of session security is that the client can introduce some |
+ // randomness, so verify different client_challenge gives a different result. |
+ EXPECT_NE(0, memcmp(lm_response1, lm_response2, RESPONSE_V1_LEN)); |
+ EXPECT_NE(0, memcmp(ntlm_response1, ntlm_response2, RESPONSE_V1_LEN)); |
+ |
+ // With session security the lm and ntlm hash should be different. |
+ EXPECT_NE(0, memcmp(lm_response1, ntlm_response1, RESPONSE_V1_LEN)); |
+ EXPECT_NE(0, memcmp(lm_response2, ntlm_response2, RESPONSE_V1_LEN)); |
+} |
+ |
+TEST(NtlmClientTest, GenerateResponsesV1WithSSVerifySSUsed) { |
+ base::string16 password = base::UTF8ToUTF16("pwd"); |
+ |
+ uint8_t lm_response1[RESPONSE_V1_LEN]; |
+ uint8_t lm_response2[RESPONSE_V1_LEN]; |
+ uint8_t ntlm_response1[RESPONSE_V1_LEN]; |
+ uint8_t ntlm_response2[RESPONSE_V1_LEN]; |
+ uint8_t server_challenge[CHALLENGE_LEN]; |
+ uint8_t client_challenge[CHALLENGE_LEN]; |
+ |
+ memset(client_challenge, 1, CHALLENGE_LEN); |
+ |
+ GenerateResponsesV1WithSS(password, server_challenge, client_challenge, |
+ lm_response1, ntlm_response1); |
+ GenerateResponsesV1(password, server_challenge, lm_response2, ntlm_response2); |
+ |
+ // Verify that the responses with session security are not the |
+ // same as without it. |
+ EXPECT_NE(0, memcmp(lm_response1, lm_response2, RESPONSE_V1_LEN)); |
+ EXPECT_NE(0, memcmp(ntlm_response1, ntlm_response2, RESPONSE_V1_LEN)); |
+} |
+ |
+} // namespace ntlm |
+} // namespace net |