Add a buffer reader/writer for NTLM.

net/http/ntlm_buffer_writer.h

+// Copyright (c) 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef NET_BASE_NTLM_BUFFER_WRITER_H_
+#define NET_BASE_NTLM_BUFFER_WRITER_H_
+
+#include <stddef.h>
+#include <stdint.h>
+
+#include <memory>
+#include <string>
+
+#include "base/strings/string16.h"
+#include "base/strings/string_piece.h"
+#include "net/base/net_export.h"
+#include "net/http/ntlm_message.h"
+
+namespace net {
+
+// Supports various bounds checked low level buffer
+// operations required by an NTLM implementation.
+//
+// The class supports sequential write to an internally
+// managed buffer. All writes perform bounds checking to ensure
+// enough space is remaining in the buffer.
+//
+// The internal buffer is allocated in the constructor with
+// size |buffer_len| and owned by the class. Use
+// |ReleaseBufferPtr| to take ownership of the internal
+// buffer. Thereafter all operations on the class will fail.
+//
+//
+// Write* methods write the buffer at the current cursor
+// position and perform any necessary type conversion and
+// provide the data in out params. After a successful write
+// the cursor position is advanced past the written field.
+//
+// Failed writes leave the internal cursor at the same
+// position as before the call.
+//
+//
+// Based on [MS-NLMP]: NT LAN Manager (NTLM) Authentication
+// Protocol specification version 28.0 [1]
+//
+// [1] https://msdn.microsoft.com/en-us/library/cc236621.aspx
+class NET_EXPORT NtlmBufferWriter {
+ public:
+  NtlmBufferWriter(size_t buffer_len);
+  ~NtlmBufferWriter();
+
+  size_t GetLength() const { return buffer_len_; }
+  size_t GetCursor() const { return cursor_; }
+  bool IsEndOfBuffer() const { return cursor_ >= GetLength(); }
+  uint8_t* GetBufferPtr() const { return buffer_.get(); }
+
+  // Releases ownership of the internal buffer. Subsequent writes
+  // will all fail.
+  uint8_t* ReleaseBufferPtr() {
+    buffer_len_ = 0;
+    cursor_ = 0;
+    return buffer_.release();
+  }
+
+  base::StringPiece GetBuffer() const {
+    return base::StringPiece(reinterpret_cast<const char*>(buffer_.get()),
+                             buffer_len_);
+  }
+
+  // Returns true if there are |len| more bytes between the
+  // current cursor position and the end of the buffer.
+  bool CanWrite(size_t len) const;
+
+  bool WriteUInt16(uint16_t value);
+  bool WriteUInt32(uint32_t value);
+  bool WriteUInt64(uint64_t value);
+  bool WriteBytes(const uint8_t* buffer, size_t len);
+
+  bool WriteZeros(size_t count);
+
+  // A security buffer is an 8 byte structure that defines the
+  // offset and length of a payload (string, struct or byte array)
+  // that appears after the fixed part of the message.
+  //
+  // The structure is (little endian fields):
+  //     uint16 - |length| Length of payload
+  //     uint16 - Allocation (always set to |length|)
+  //     uint32 - |offset| Offset from start of message
+  bool WriteSecurityBuffer(uint16_t length, uint32_t offset);
+  bool WriteEmptySecurityBuffer();
+
+  // Writes a string of 8 bit characters to the buffer.
+  bool WriteNarrowString(const std::string& str);
+
+  // Converts the 16 bit characters to UTF8 and writes
+  // the resulting 8 bit characters.
+  bool WriteString16AsUTF8(const base::string16& str);
+
+  // Zero pads an 8 bit string to a 16 bit string and writes
+  // the resulting 16 bit characters.

[Ryan Sleevi, 2017/05/30 19:02:23]

This comment I found a bit confusing. Could you describe more what's going on?

That is, is the string 7-bit (ASCII) or 8-bit (with a codepage? UTF-8?). Is it
going UTF8 to UTF16, or something else? What's the special case here :)

Assume someone isn't as familiar with the spec as you - is there a part in the
spec that describes this behaviour (or any other behaviours relavant to
understanding)? It might help to mention them 'for further reading'

[zentaro, 2017/06/05 17:28:44]

I tried to clarify. In practice I think nothing ever really cares about the
encodings of the strings we write. I'd have to try and dig through the spec a
little more but from what I can tell the only string that both sides need to
agree on how to interpret as a string is the SPN

Technically when unicode isn't negotiated (which would be a really old windows
server or maybe some other open source impl) the strings are "OEM Character set"
which I think it inherently just "assumes compatibility". That's why I think
nothing can ever be reading them and trying to match them to something on the
other side.

+  bool WriteNarrowStringAsString16(const std::string& str);
+
+  // Writes the 16 bit characters to the buffer.
+  bool WriteUnicodeString(const base::string16& str);
+
+  // Writes the 8 byte NTLM signature "NTLMSSP\0" into the buffer.
+  bool WriteSignature();
+
+  // There are 3 message types Negotiate (sent by client),
+  // Challenge (sent by server), and Authenticate (sent by client).
+  //
+  // This writes |message_type| as a uint32_t into the buffer.
+  bool WriteMessageType(NtlmMessage::MessageType message_type);
+
+  // Performs |WriteSignature| then |WriteMessageType|.
+  bool WriteMessageHeader(NtlmMessage::MessageType message_type);
+
+  static size_t GetStringPayloadLength(const base::string16& str,
+                                       bool is_unicode);
+  static size_t GetStringPayloadLength(const std::string& str, bool is_unicode);
+
+ private:
+  // Writes |sizeof(T)| bytes little-endian of an integer type to
+  // the buffer.
+  template <typename T>
+  bool WriteUInt(T value);
+  bool SetCursor(size_t cursor);
+  bool WriteUnicodeStringIntoBuffer(const base::string16& value,
+                                    uint8_t* buffer,
+                                    size_t buffer_len);
+
+  std::unique_ptr<uint8_t[]> buffer_;
+  size_t buffer_len_;
+  size_t cursor_;
+
+  DISALLOW_COPY_AND_ASSIGN(NtlmBufferWriter);
+};
+
+}  // namespace net
+
+#endif  // NET_BASE_NTLM_BUFFER_WRITER_H_