Add a buffer reader/writer for NTLM.

net/http/ntlm_buffer_writer.h

+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef NET_BASE_NTLM_BUFFER_WRITER_H_
+#define NET_BASE_NTLM_BUFFER_WRITER_H_
+
+#include <stddef.h>
+#include <stdint.h>
+
+#include <memory>
+#include <string>
+
+#include "base/strings/string16.h"
+#include "base/strings/string_piece.h"
+#include "net/base/net_export.h"
+#include "net/http/ntlm.h"
+
+namespace net {
+
+// Supports various bounds checked low level buffer operations required by an
+// NTLM implementation.
+//
+// The class supports sequential write to an internally managed buffer. All
+// writes perform bounds checking to ensure enough space is remaining in the
+// buffer.
+//
+// The internal buffer is allocated in the constructor with size |buffer_len|
+// and owned by the class. Use |ReleaseBufferPtr| to take ownership of the
+// internal buffer. Thereafter all operations on the class will fail.
+//
+// Write* methods write the buffer at the current cursor position and perform
+// any necessary type conversion and provide the data in out params. After a
+// successful write the cursor position is advanced past the written field.
+//
+// Failed writes leave the internal cursor at the same position as before the
+// call.
+//
+// Based on [MS-NLMP]: NT LAN Manager (NTLM) Authentication Protocol
+// Specification version 28.0 [1]
+//
+// [1] https://msdn.microsoft.com/en-us/library/cc236621.aspx
+class NET_EXPORT_PRIVATE NtlmBufferWriter {
+ public:
+  explicit NtlmBufferWriter(size_t buffer_len);
+  ~NtlmBufferWriter();
+
+  size_t GetLength() const { return buffer_len_; }
+  size_t GetCursor() const { return cursor_; }
+  bool IsEndOfBuffer() const { return cursor_ >= GetLength(); }
+
+  // Releases ownership of the internal buffer. Subsequent writes
+  // will all fail.
+  uint8_t* ReleaseBufferPtr() {
+    buffer_len_ = 0;
+    cursor_ = 0;
+    return buffer_.release();
+  }
+
+  // Gets a base::StringPiece view over the entire buffer.
+  base::StringPiece GetBuffer() const {
+    return base::StringPiece(reinterpret_cast<const char*>(buffer_.get()),
+                             buffer_len_);
+  }
+
+  // Returns true if there are |len| more bytes between the current cursor
+  // position and the end of the buffer.
+  bool CanWrite(size_t len) const;
+
+  // Writes a 16 bit unsigned value (little endian). If there are not 16
+  // more bits available in the buffer it returns false.
+  bool WriteUInt16(uint16_t value);

[asanka, 2017/06/16 03:21:29]

Same comment about WARN_UNUSED_RESULT. The buffer is pretty much a unsalvageable
if any of these fail.

[zentaro, 2017/06/21 00:38:47]

Done.

+
+  // Writes a 32 bit unsigned value (little endian). If there are not 32
+  // more bits available in the buffer it returns false.
+  bool WriteUInt32(uint32_t value);
+
+  // Writes a 64 bit unsigned value (little endian). If there are not 64
+  // more bits available in the buffer it returns false.
+  bool WriteUInt64(uint64_t value);
+
+  // Casts |flags| to |uint32_t| and calls |WriteUInt32|.

[asanka, 2017/06/16 03:21:29]

Unnecessary to describe an implementation detail.

[zentaro, 2017/06/21 00:38:47]

Done.

+  bool WriteFlags(ntlm::NegotiateFlags flags);
+
+  // Writes |len| bytes from |buffer|. If there are not |len| more bytes in
+  // the buffer it returns false.
+  bool WriteBytes(const uint8_t* buffer, size_t len);
+
+  // Writes the bytes from the |base::StringPiece|. If there are not enough
+  // bytes in the buffer it returns false.
+  bool WriteBytes(base::StringPiece bytes);
+
+  // Writes |count| bytes of zeros to the buffer. If there are not |count|
+  // more bytes in available in the buffer it returns false.
+  bool WriteZeros(size_t count);
+
+  // A security buffer is an 8 byte structure that defines the offset and
+  // length of a payload (string, struct, or byte array) that appears after
+  // the fixed part of the message.
+  //
+  // The structure in the NTLM message is (little endian fields):
+  //     uint16 - |length| Length of payload
+  //     uint16 - Allocation (ignored and always set to |length|)
+  //     uint32 - |offset| Offset from start of message
+  bool WriteSecurityBuffer(ntlm::SecurityBuffer sec_buf);
+
+  // Writes a security buffer with all fields zero. This implies there is
+  // no payload for this field. See |WriteSecurityBuffer|.
+  bool WriteEmptySecurityBuffer();
+
+  // Writes a string of 8 bit characters to the buffer.
+  //
+  // When unicode was not negotiated only the hostname string will go through
+  // this code path. The 8 bit bytes of the hostname are written to the buffer.
+  // The encoding is not relevant.
+  bool WriteUtf8String(const std::string& str);
+
+  // Converts the 16 bit characters to UTF8 and writes the resulting 8 bit
+  // characters.
+  //
+  // If unicode was not negotiated, username and domain get converted to UTF8
+  // in the message. Since they are just treated as additional bytes input to
+  // hash the encoding doesn't matter. In practice only a very old or non-
+  // windows server might trigger this code path since we always attempt to
+  // negotiate unicode and servers are supposed to honor that request.
+  bool WriteUtf16AsUtf8String(const base::string16& str);
+
+  // Treats |str| as UTF8, converts to UTF-16 and writes it with little-endian
+  // byte order to the buffer.
+  //
+  // Two specific strings go through this code path.
+  //
+  // One case is the hostname. When the the unicode flag has been set during
+  // negotiation the hostname needs to appear in the message with 16 bit
+  // chars. The high byte of each char is just set to 0.
+  //
+  // The other case is the spn. With EPA enabled it appears in the target info
+  // inside an AV Pair where strings always have 16 bit chars.
+  bool WriteUtf8AsUtf16String(const std::string& str);
+
+  // Writes UTF-16 LE characters to the buffer. For these strings such as
+  // username and domain the actual encoding isn't really important. They are
+  // just treated as additional bytes of input to the hash.
+  bool WriteUtf16String(const base::string16& str);
+
+  // Writes the 8 byte NTLM signature "NTLMSSP\0" into the buffer.
+  bool WriteSignature();
+
+  // There are 3 message types Negotiate (sent by client), Challenge (sent by
+  // server), and Authenticate (sent by client).
+  //
+  // This writes |message_type| as a uint32_t into the buffer.
+  bool WriteMessageType(ntlm::MessageType message_type);
+
+  // Performs |WriteSignature| then |WriteMessageType|.
+  bool WriteMessageHeader(ntlm::MessageType message_type);
+
+ private:
+  // Writes |sizeof(T)| bytes little-endian of an integer type to the buffer.
+  template <typename T>
+  bool WriteUInt(T value);
+
+  // Sets the cursor position. Will return false if outside the buffer.
+  void SetCursor(size_t cursor);
+
+  // Advances the cursor by |count|. The caller is responsible for checking
+  // that the target location is within the buffer.
+  void AdvanceCursor(size_t count) { SetCursor(GetCursor() + count); }
+
+  // Returns a pointer to the start of the buffer.
+  uint8_t* GetBufferPtr() const { return buffer_.get(); }
+
+  // Returns pointer into the buffer at the current cursor location.
+  uint8_t* GetBufferPtrAtCursor() const { return buffer_.get() + GetCursor(); }
+
+  std::unique_ptr<uint8_t[]> buffer_;
+  size_t buffer_len_;
+  size_t cursor_;
+
+  DISALLOW_COPY_AND_ASSIGN(NtlmBufferWriter);
+};
+
+}  // namespace net
+
+#endif  // NET_BASE_NTLM_BUFFER_WRITER_H_