Add a buffer reader/writer for NTLM.

net/http/ntlm_client.h

+// Copyright (c) 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef NET_BASE_NTLM_CLIENT_H_
+#define NET_BASE_NTLM_CLIENT_H_
+
+#include <stddef.h>
+#include <stdint.h>
+
+#include <memory>
+
+#include "base/strings/string16.h"
+#include "base/strings/string_piece.h"
+#include "net/base/net_export.h"
+#include "net/http/ntlm_message.h"
+
+namespace base {
+struct MD5Digest;
+}
+
+namespace net {
+
+// Provides an implementation of NTLM.
+//
+// This currently just exposes the crypto primitives needed to
+// validate the existing implementation.
+//
+// TODO(zentaro): Follow up CLs implement NTLMv1 and then NTLMv2.

[Ryan Sleevi, 2017/05/30 19:02:23]

I'm not sure I understand the TODO in this file - unnecessary? And/or should
they be part of the subsequent CL that implements || part of a refactoring that
uses?

[zentaro, 2017/06/05 17:28:45]

It was meant to state that this class is pretty useless right now but gets
filled in with subsequent CLs :)

After some of the other refactoring - this class moved to a future CL and the
statics are pulled out to a namespace.

+//
+//

[Ryan Sleevi, 2017/05/30 19:02:23]

delete line

[zentaro, 2017/06/05 17:28:45]

Done.

+// Based on [MS-NLMP]: NT LAN Manager (NTLM) Authentication
+// Protocol specification version 28.0 [1]
+//
+// [1] https://msdn.microsoft.com/en-us/library/cc236621.aspx
+class NET_EXPORT NtlmClient {

[Ryan Sleevi, 2017/05/30 19:02:23]

NET_EXPORT_PRIVATE ?

[zentaro, 2017/06/05 17:28:45]

Done.

+ public:
+  // Pass the |negotiate_flags| that will be sent in the Negotiate
+  // message.
+  NtlmClient(uint32_t negotiate_flags);

[Ryan Sleevi, 2017/05/30 19:02:23]

explicit

[zentaro, 2017/06/05 17:28:44]

Done.

+  ~NtlmClient();
+
+  // Generates the NTLMv1 Hash and writes the 16 byte result to |hash|
+  static void GenerateNtlmHashV1(const base::string16& password, uint8_t* hash);

[Ryan Sleevi, 2017/05/30 19:02:23]

See
https://google.github.io/styleguide/cppguide.html#Nonmember,_Static_Member,_a...
regarding the use of static functions

"Prefer grouping functions with a namespace instead of using a class as if it
were a namespace. Static methods of a class should generally be closely related
to instances of the class or the class's static data."

[zentaro, 2017/06/05 17:28:44]

Done.

+
+  // Generates the 24 byte NTLMv1 response field according to DESL(K, V)
+  // function in the NTLMSSP spec (Section 6 Appendix A)
+  //
+  // |hash| must contain at least 16 bytes.
+  // |challenge| must contain at least 8 bytes.
+  // |response| must contain at least 24 bytes.
+  static void GenerateResponseDesl(const uint8_t* hash,
+                                   const uint8_t* challenge,
+                                   uint8_t* response);
+
+  // Generates the NTLM Response field for NTLMv1 without
+  // extended session security.
+  // |server_challenge| must contain at least 8 bytes.
+  // |ntlm_response| must contain at least 24 bytes.
+  static void GenerateNtlmResponseV1(const base::string16& password,
+                                     const uint8_t* server_challenge,
+                                     uint8_t* ntlm_response);
+
+  // Generates both the LM Response and NTLM Response fields
+  // for NTLMv1 based on the user's password and the server's challenge.
+  // |lm_response| must contain at least 24 bytes.
+  // |ntlm_response| must contain at least 24 bytes.
+  static void GenerateResponsesV1(const base::string16& password,
+                                  const uint8_t* server_challenge,
+                                  uint8_t* lm_response,
+                                  uint8_t* ntlm_response);
+
+  // The LM Response in V1 with extended session security is 8 bytes
+  // of the |client_challenge| and 16 bytes of zero. (See 3.3.1)
+  // |lm_response| must contain at least 24 bytes.
+  static void GenerateLMResponseV1WithSS(const uint8_t* client_challenge,
+                                         uint8_t* lm_response);
+
+  // The |session_hash| is MD5(CONCAT(server_challenge, client_challenge)).
+  // It is used instead of just |server_challenge| when NTLMv1 with
+  // extended session secruity is enabled. (See 3.3.1)
+  static void GenerateSessionHashV1WithSS(const uint8_t* server_challenge,
+                                          const uint8_t* client_challenge,
+                                          base::MD5Digest* session_hash);
+
+  // The NTLM Response in V1 with extended session security is the
+  // the same as without extended session security except the challenge
+  // is the NTLMv1 session hash instead of |just server_challenge|.
+  // See |GenerateSessionHashV1WithSS|.
+  static void GenerateNtlmResponseV1WithSS(const base::string16& password,
+                                           const uint8_t* server_challenge,
+                                           const uint8_t* client_challenge,
+                                           uint8_t* ntlm_response);
+
+  static void GenerateResponsesV1WithSS(const base::string16& password,
+                                        const uint8_t* server_challenge,
+                                        const uint8_t* client_challenge,
+                                        uint8_t* lm_response,
+                                        uint8_t* ntlm_response);
+
+ private:
+  // Generates the negotiate message (which is always the same) into
+  // |negotiate_message_|.
+  void GenerateNegotiateMessage();
+
+  uint32_t negotiate_flags_;
+  std::unique_ptr<uint8_t[]> negotiate_message_;
+
+  DISALLOW_COPY_AND_ASSIGN(NtlmClient);
+};
+
+}  // namespace net
+
+#endif  // NET_BASE_NTLM_CLIENT_H_