Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1606)

Side by Side Diff: net/http/ntlm_client.h

Issue 2879353002: Add a buffer reader/writer for NTLM. (Closed)
Patch Set: Add a buffer reader/writer for NTLM. Created 3 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
(Empty)
1 // Copyright (c) 2017 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #ifndef NET_BASE_NTLM_CLIENT_H_
6 #define NET_BASE_NTLM_CLIENT_H_
7
8 #include <stddef.h>
9 #include <stdint.h>
10
11 #include <memory>
12
13 #include "base/strings/string16.h"
14 #include "base/strings/string_piece.h"
15 #include "net/base/net_export.h"
16 #include "net/http/ntlm_message.h"
17
18 namespace base {
19 struct MD5Digest;
20 }
21
22 namespace net {
23
24 // Provides an implementation of NTLM.
25 //
26 // This currently just exposes the crypto primitives needed to
27 // validate the existing implementation.
28 //
29 // TODO(zentaro): Follow up CLs implement NTLMv1 and then NTLMv2.
Ryan Sleevi 2017/05/30 19:02:23 I'm not sure I understand the TODO in this file -
zentaro 2017/06/05 17:28:45 It was meant to state that this class is pretty us
30 //
31 //
Ryan Sleevi 2017/05/30 19:02:23 delete line
zentaro 2017/06/05 17:28:45 Done.
32 // Based on [MS-NLMP]: NT LAN Manager (NTLM) Authentication
33 // Protocol specification version 28.0 [1]
34 //
35 // [1] https://msdn.microsoft.com/en-us/library/cc236621.aspx
36 class NET_EXPORT NtlmClient {
Ryan Sleevi 2017/05/30 19:02:23 NET_EXPORT_PRIVATE ?
zentaro 2017/06/05 17:28:45 Done.
37 public:
38 // Pass the |negotiate_flags| that will be sent in the Negotiate
39 // message.
40 NtlmClient(uint32_t negotiate_flags);
Ryan Sleevi 2017/05/30 19:02:23 explicit
zentaro 2017/06/05 17:28:44 Done.
41 ~NtlmClient();
42
43 // Generates the NTLMv1 Hash and writes the 16 byte result to |hash|
44 static void GenerateNtlmHashV1(const base::string16& password, uint8_t* hash);
Ryan Sleevi 2017/05/30 19:02:23 See https://google.github.io/styleguide/cppguide.h
zentaro 2017/06/05 17:28:44 Done.
45
46 // Generates the 24 byte NTLMv1 response field according to DESL(K, V)
47 // function in the NTLMSSP spec (Section 6 Appendix A)
48 //
49 // |hash| must contain at least 16 bytes.
50 // |challenge| must contain at least 8 bytes.
51 // |response| must contain at least 24 bytes.
52 static void GenerateResponseDesl(const uint8_t* hash,
53 const uint8_t* challenge,
54 uint8_t* response);
55
56 // Generates the NTLM Response field for NTLMv1 without
57 // extended session security.
58 // |server_challenge| must contain at least 8 bytes.
59 // |ntlm_response| must contain at least 24 bytes.
60 static void GenerateNtlmResponseV1(const base::string16& password,
61 const uint8_t* server_challenge,
62 uint8_t* ntlm_response);
63
64 // Generates both the LM Response and NTLM Response fields
65 // for NTLMv1 based on the user's password and the server's challenge.
66 // |lm_response| must contain at least 24 bytes.
67 // |ntlm_response| must contain at least 24 bytes.
68 static void GenerateResponsesV1(const base::string16& password,
69 const uint8_t* server_challenge,
70 uint8_t* lm_response,
71 uint8_t* ntlm_response);
72
73 // The LM Response in V1 with extended session security is 8 bytes
74 // of the |client_challenge| and 16 bytes of zero. (See 3.3.1)
75 // |lm_response| must contain at least 24 bytes.
76 static void GenerateLMResponseV1WithSS(const uint8_t* client_challenge,
77 uint8_t* lm_response);
78
79 // The |session_hash| is MD5(CONCAT(server_challenge, client_challenge)).
80 // It is used instead of just |server_challenge| when NTLMv1 with
81 // extended session secruity is enabled. (See 3.3.1)
82 static void GenerateSessionHashV1WithSS(const uint8_t* server_challenge,
83 const uint8_t* client_challenge,
84 base::MD5Digest* session_hash);
85
86 // The NTLM Response in V1 with extended session security is the
87 // the same as without extended session security except the challenge
88 // is the NTLMv1 session hash instead of |just server_challenge|.
89 // See |GenerateSessionHashV1WithSS|.
90 static void GenerateNtlmResponseV1WithSS(const base::string16& password,
91 const uint8_t* server_challenge,
92 const uint8_t* client_challenge,
93 uint8_t* ntlm_response);
94
95 static void GenerateResponsesV1WithSS(const base::string16& password,
96 const uint8_t* server_challenge,
97 const uint8_t* client_challenge,
98 uint8_t* lm_response,
99 uint8_t* ntlm_response);
100
101 private:
102 // Generates the negotiate message (which is always the same) into
103 // |negotiate_message_|.
104 void GenerateNegotiateMessage();
105
106 uint32_t negotiate_flags_;
107 std::unique_ptr<uint8_t[]> negotiate_message_;
108
109 DISALLOW_COPY_AND_ASSIGN(NtlmClient);
110 };
111
112 } // namespace net
113
114 #endif // NET_BASE_NTLM_CLIENT_H_
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698