Add unit tests for NTLMv1 portable implementation

net/ntlm/ntlm.h

Index: net/ntlm/ntlm.h
diff --git a/net/ntlm/ntlm.h b/net/ntlm/ntlm.h
new file mode 100644
index 0000000000000000000000000000000000000000..73ae669b569c4dcf1cbc89afb463561b42149875
--- /dev/null
+++ b/net/ntlm/ntlm.h
@@ -0,0 +1,129 @@
+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Based on [MS-NLMP]: NT LAN Manager (NTLM) Authentication Protocol
+// Specification version 28.0 [1]. Additional NTLM reference [2].
+//
+// [1] https://msdn.microsoft.com/en-us/library/cc236621.aspx
+// [2] http://davenport.sourceforge.net/ntlm.html
+
+#ifndef NET_BASE_NTLM_H_
+#define NET_BASE_NTLM_H_
+
+#include <stddef.h>
+#include <stdint.h>
+
+#include <memory>
+
+#include "base/strings/string16.h"
+#include "base/strings/string_piece.h"
+#include "net/base/net_export.h"
+#include "net/ntlm/ntlm_constants.h"
+
+namespace base {
+struct MD5Digest;
+}
+
+namespace net {
+namespace ntlm {
+
+// Generates the NTLMv1 Hash and writes the |kNtlmHashLen| byte result to
+// |hash|. Defined by NTOWFv1() in [MS-NLMP] Section 3.3.1.
+NET_EXPORT_PRIVATE void GenerateNtlmHashV1(const base::string16& password,
+                                           uint8_t* hash);
+
+// Generates the |kResponseLenV1| byte NTLMv1 response field according to the
+// DESL(K, V) function in [MS-NLMP] Section 6.
+//
+// |hash| must contain |kNtlmHashLen| bytes.
+// |challenge| must contain |kChallengeLen| bytes.
+// |response| must contain |kResponseLenV1| bytes.
+NET_EXPORT_PRIVATE void GenerateResponseDesl(const uint8_t* hash,
+                                             const uint8_t* challenge,
+                                             uint8_t* response);
+
+// Generates the NTLM Response field for NTLMv1 without extended session
+// security. Defined by ComputeResponse() in [MS-NLMP] Section 3.3.1 for the
+// case where NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY is not set.
+// |server_challenge| must contain |kChallengeLen| bytes.
+// |ntlm_response| must contain |kResponseLenV1| bytes.
+NET_EXPORT_PRIVATE void GenerateNtlmResponseV1(const base::string16& password,
+                                               const uint8_t* server_challenge,
+                                               uint8_t* ntlm_response);
+
+// Generates both the LM Response and NTLM Response fields for NTLMv1 based
+// on the users password and the servers challenge. Both the LM and NTLM
+// Response are the result of |GenerateNtlmResponseV1|.
+//
+// NOTE: This should not be used. The default flags always include session
+// security. Session security can however be disabled in NTLMv1 by omitting
+// NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY from the flag set used to
+// initialize |NtlmClient|.
+//
+// The default flags include this flag and the client will not be
+// downgraded by the server.
+//
+// |server_challenge| must contain |kChallengeLen| bytes.
+// |lm_response| must contain |kResponseLenV1| bytes.
+// |ntlm_response| must contain |kResponseLenV1| bytes.
+NET_EXPORT_PRIVATE void GenerateResponsesV1(const base::string16& password,
+                                            const uint8_t* server_challenge,
+                                            uint8_t* lm_response,
+                                            uint8_t* ntlm_response);
+
+// The LM Response in V1 with extended session security is 8 bytes of the
+// |client_challenge| then 16 bytes of zero. This is the value
+// LmChallengeResponse in ComputeResponse() when
+// NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY is set. See [MS-NLMP] Section
+// 3.3.1.
+// |lm_response| must contain |kResponseLenV1| bytes.

[Ryan Sleevi, 2017/07/13 17:39:54]

You introduce a newline in the other bits of documentation (e.g. 89, 100, 115) -
for consistency, the same here?

[zentaro, 2017/07/13 18:20:31]

Done.

+NET_EXPORT_PRIVATE void GenerateLMResponseV1WithSessionSecurity(
+    const uint8_t* client_challenge,
+    uint8_t* lm_response);
+
+// The |session_hash| is MD5(CONCAT(server_challenge, client_challenge)).
+// It is used instead of just |server_challenge| in NTLMv1 when
+// NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY is set. See [MS-NLMP] Section
+// 3.3.1.
+//
+// |server_challenge| must contain |kChallengeLen| bytes.
+// |client_challenge| must contain |kChallengeLen| bytes.
+NET_EXPORT_PRIVATE void GenerateSessionHashV1WithSessionSecurity(
+    const uint8_t* server_challenge,
+    const uint8_t* client_challenge,
+    base::MD5Digest* session_hash);
+
+// Generates the NTLM Response for NTLMv1 with session security.
+// Defined by ComputeResponse() in [MS-NLMP] Section 3.3.1 for the
+// case where NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY is set.
+//
+// |server_challenge| must contain |kChallengeLen| bytes.
+// |client_challenge| must contain |kChallengeLen| bytes.
+// |ntlm_response| must contain |kResponseLenV1| bytes.
+NET_EXPORT_PRIVATE void GenerateNtlmResponseV1WithSessionSecurity(
+    const base::string16& password,
+    const uint8_t* server_challenge,
+    const uint8_t* client_challenge,
+    uint8_t* ntlm_response);
+
+// Generates the responses for V1 with extended session security.
+// This is also known as NTLM2 (which is not the same as NTLMv2).
+// |lm_response| is the result of |GenerateLMResponseV1WithSessionSecurity| and
+// |ntlm_response| is the result of |GenerateNtlmResponseV1WithSessionSecurity|.
+// See [MS-NLMP] Section 3.3.1.
+//
+// |server_challenge| must contain |kChallengeLen| bytes.
+// |client_challenge| must contain |kChallengeLen| bytes.
+// |ntlm_response| must contain |kResponseLenV1| bytes.
+NET_EXPORT_PRIVATE void GenerateResponsesV1WithSessionSecurity(
+    const base::string16& password,
+    const uint8_t* server_challenge,
+    const uint8_t* client_challenge,
+    uint8_t* lm_response,
+    uint8_t* ntlm_response);
+
+}  // namespace ntlm
+}  // namespace net
+
+#endif  // NET_BASE_NTLM_H_