OLD | NEW |
---|---|
(Empty) | |
1 // Copyright (c) 2017 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #ifndef NET_BASE_NTLM_CLIENT_H_ | |
6 #define NET_BASE_NTLM_CLIENT_H_ | |
7 | |
8 #include <stddef.h> | |
9 #include <stdint.h> | |
10 | |
11 #include <memory> | |
12 | |
13 #include "base/strings/string16.h" | |
14 #include "base/strings/string_piece.h" | |
15 #include "net/base/net_export.h" | |
16 #include "net/http/ntlm_message.h" | |
17 | |
18 namespace base { | |
19 struct MD5Digest; | |
20 } | |
21 | |
22 namespace net { | |
23 | |
24 // Provides an implementation of NTLM. | |
25 // | |
26 // This currently just exposes the crypto primitives needed to | |
27 // validate the existing implementation. | |
28 // | |
29 // TODO(zentaro): Follow up CLs implement NTLMv1 and then NTLMv2. | |
Ryan Sleevi
2017/05/30 19:02:23
I'm not sure I understand the TODO in this file -
zentaro
2017/06/05 17:28:45
It was meant to state that this class is pretty us
| |
30 // | |
31 // | |
Ryan Sleevi
2017/05/30 19:02:23
delete line
zentaro
2017/06/05 17:28:45
Done.
| |
32 // Based on [MS-NLMP]: NT LAN Manager (NTLM) Authentication | |
33 // Protocol specification version 28.0 [1] | |
34 // | |
35 // [1] https://msdn.microsoft.com/en-us/library/cc236621.aspx | |
36 class NET_EXPORT NtlmClient { | |
Ryan Sleevi
2017/05/30 19:02:23
NET_EXPORT_PRIVATE ?
zentaro
2017/06/05 17:28:45
Done.
| |
37 public: | |
38 // Pass the |negotiate_flags| that will be sent in the Negotiate | |
39 // message. | |
40 NtlmClient(uint32_t negotiate_flags); | |
Ryan Sleevi
2017/05/30 19:02:23
explicit
zentaro
2017/06/05 17:28:44
Done.
| |
41 ~NtlmClient(); | |
42 | |
43 // Generates the NTLMv1 Hash and writes the 16 byte result to |hash| | |
44 static void GenerateNtlmHashV1(const base::string16& password, uint8_t* hash); | |
Ryan Sleevi
2017/05/30 19:02:23
See https://google.github.io/styleguide/cppguide.h
zentaro
2017/06/05 17:28:44
Done.
| |
45 | |
46 // Generates the 24 byte NTLMv1 response field according to DESL(K, V) | |
47 // function in the NTLMSSP spec (Section 6 Appendix A) | |
48 // | |
49 // |hash| must contain at least 16 bytes. | |
50 // |challenge| must contain at least 8 bytes. | |
51 // |response| must contain at least 24 bytes. | |
52 static void GenerateResponseDesl(const uint8_t* hash, | |
53 const uint8_t* challenge, | |
54 uint8_t* response); | |
55 | |
56 // Generates the NTLM Response field for NTLMv1 without | |
57 // extended session security. | |
58 // |server_challenge| must contain at least 8 bytes. | |
59 // |ntlm_response| must contain at least 24 bytes. | |
60 static void GenerateNtlmResponseV1(const base::string16& password, | |
61 const uint8_t* server_challenge, | |
62 uint8_t* ntlm_response); | |
63 | |
64 // Generates both the LM Response and NTLM Response fields | |
65 // for NTLMv1 based on the user's password and the server's challenge. | |
66 // |lm_response| must contain at least 24 bytes. | |
67 // |ntlm_response| must contain at least 24 bytes. | |
68 static void GenerateResponsesV1(const base::string16& password, | |
69 const uint8_t* server_challenge, | |
70 uint8_t* lm_response, | |
71 uint8_t* ntlm_response); | |
72 | |
73 // The LM Response in V1 with extended session security is 8 bytes | |
74 // of the |client_challenge| and 16 bytes of zero. (See 3.3.1) | |
75 // |lm_response| must contain at least 24 bytes. | |
76 static void GenerateLMResponseV1WithSS(const uint8_t* client_challenge, | |
77 uint8_t* lm_response); | |
78 | |
79 // The |session_hash| is MD5(CONCAT(server_challenge, client_challenge)). | |
80 // It is used instead of just |server_challenge| when NTLMv1 with | |
81 // extended session secruity is enabled. (See 3.3.1) | |
82 static void GenerateSessionHashV1WithSS(const uint8_t* server_challenge, | |
83 const uint8_t* client_challenge, | |
84 base::MD5Digest* session_hash); | |
85 | |
86 // The NTLM Response in V1 with extended session security is the | |
87 // the same as without extended session security except the challenge | |
88 // is the NTLMv1 session hash instead of |just server_challenge|. | |
89 // See |GenerateSessionHashV1WithSS|. | |
90 static void GenerateNtlmResponseV1WithSS(const base::string16& password, | |
91 const uint8_t* server_challenge, | |
92 const uint8_t* client_challenge, | |
93 uint8_t* ntlm_response); | |
94 | |
95 static void GenerateResponsesV1WithSS(const base::string16& password, | |
96 const uint8_t* server_challenge, | |
97 const uint8_t* client_challenge, | |
98 uint8_t* lm_response, | |
99 uint8_t* ntlm_response); | |
100 | |
101 private: | |
102 // Generates the negotiate message (which is always the same) into | |
103 // |negotiate_message_|. | |
104 void GenerateNegotiateMessage(); | |
105 | |
106 uint32_t negotiate_flags_; | |
107 std::unique_ptr<uint8_t[]> negotiate_message_; | |
108 | |
109 DISALLOW_COPY_AND_ASSIGN(NtlmClient); | |
110 }; | |
111 | |
112 } // namespace net | |
113 | |
114 #endif // NET_BASE_NTLM_CLIENT_H_ | |
OLD | NEW |