Index: net/http/ntlm_client.h |
diff --git a/net/http/ntlm_client.h b/net/http/ntlm_client.h |
new file mode 100644 |
index 0000000000000000000000000000000000000000..9ae381cdcb124ac7492bbfcb39411bbb5493601e |
--- /dev/null |
+++ b/net/http/ntlm_client.h |
@@ -0,0 +1,114 @@ |
+// Copyright (c) 2017 The Chromium Authors. All rights reserved. |
+// Use of this source code is governed by a BSD-style license that can be |
+// found in the LICENSE file. |
+ |
+#ifndef NET_BASE_NTLM_CLIENT_H_ |
+#define NET_BASE_NTLM_CLIENT_H_ |
+ |
+#include <stddef.h> |
+#include <stdint.h> |
+ |
+#include <memory> |
+ |
+#include "base/strings/string16.h" |
+#include "base/strings/string_piece.h" |
+#include "net/base/net_export.h" |
+#include "net/http/ntlm_message.h" |
+ |
+namespace base { |
+struct MD5Digest; |
+} |
+ |
+namespace net { |
+ |
+// Provides an implementation of NTLM. |
+// |
+// This currently just exposes the crypto primitives needed to |
+// validate the existing implementation. |
+// |
+// TODO(zentaro): Follow up CLs implement NTLMv1 and then NTLMv2. |
Ryan Sleevi
2017/05/30 19:02:23
I'm not sure I understand the TODO in this file -
zentaro
2017/06/05 17:28:45
It was meant to state that this class is pretty us
|
+// |
+// |
Ryan Sleevi
2017/05/30 19:02:23
delete line
zentaro
2017/06/05 17:28:45
Done.
|
+// Based on [MS-NLMP]: NT LAN Manager (NTLM) Authentication |
+// Protocol specification version 28.0 [1] |
+// |
+// [1] https://msdn.microsoft.com/en-us/library/cc236621.aspx |
+class NET_EXPORT NtlmClient { |
Ryan Sleevi
2017/05/30 19:02:23
NET_EXPORT_PRIVATE ?
zentaro
2017/06/05 17:28:45
Done.
|
+ public: |
+ // Pass the |negotiate_flags| that will be sent in the Negotiate |
+ // message. |
+ NtlmClient(uint32_t negotiate_flags); |
Ryan Sleevi
2017/05/30 19:02:23
explicit
zentaro
2017/06/05 17:28:44
Done.
|
+ ~NtlmClient(); |
+ |
+ // Generates the NTLMv1 Hash and writes the 16 byte result to |hash| |
+ static void GenerateNtlmHashV1(const base::string16& password, uint8_t* hash); |
Ryan Sleevi
2017/05/30 19:02:23
See https://google.github.io/styleguide/cppguide.h
zentaro
2017/06/05 17:28:44
Done.
|
+ |
+ // Generates the 24 byte NTLMv1 response field according to DESL(K, V) |
+ // function in the NTLMSSP spec (Section 6 Appendix A) |
+ // |
+ // |hash| must contain at least 16 bytes. |
+ // |challenge| must contain at least 8 bytes. |
+ // |response| must contain at least 24 bytes. |
+ static void GenerateResponseDesl(const uint8_t* hash, |
+ const uint8_t* challenge, |
+ uint8_t* response); |
+ |
+ // Generates the NTLM Response field for NTLMv1 without |
+ // extended session security. |
+ // |server_challenge| must contain at least 8 bytes. |
+ // |ntlm_response| must contain at least 24 bytes. |
+ static void GenerateNtlmResponseV1(const base::string16& password, |
+ const uint8_t* server_challenge, |
+ uint8_t* ntlm_response); |
+ |
+ // Generates both the LM Response and NTLM Response fields |
+ // for NTLMv1 based on the user's password and the server's challenge. |
+ // |lm_response| must contain at least 24 bytes. |
+ // |ntlm_response| must contain at least 24 bytes. |
+ static void GenerateResponsesV1(const base::string16& password, |
+ const uint8_t* server_challenge, |
+ uint8_t* lm_response, |
+ uint8_t* ntlm_response); |
+ |
+ // The LM Response in V1 with extended session security is 8 bytes |
+ // of the |client_challenge| and 16 bytes of zero. (See 3.3.1) |
+ // |lm_response| must contain at least 24 bytes. |
+ static void GenerateLMResponseV1WithSS(const uint8_t* client_challenge, |
+ uint8_t* lm_response); |
+ |
+ // The |session_hash| is MD5(CONCAT(server_challenge, client_challenge)). |
+ // It is used instead of just |server_challenge| when NTLMv1 with |
+ // extended session secruity is enabled. (See 3.3.1) |
+ static void GenerateSessionHashV1WithSS(const uint8_t* server_challenge, |
+ const uint8_t* client_challenge, |
+ base::MD5Digest* session_hash); |
+ |
+ // The NTLM Response in V1 with extended session security is the |
+ // the same as without extended session security except the challenge |
+ // is the NTLMv1 session hash instead of |just server_challenge|. |
+ // See |GenerateSessionHashV1WithSS|. |
+ static void GenerateNtlmResponseV1WithSS(const base::string16& password, |
+ const uint8_t* server_challenge, |
+ const uint8_t* client_challenge, |
+ uint8_t* ntlm_response); |
+ |
+ static void GenerateResponsesV1WithSS(const base::string16& password, |
+ const uint8_t* server_challenge, |
+ const uint8_t* client_challenge, |
+ uint8_t* lm_response, |
+ uint8_t* ntlm_response); |
+ |
+ private: |
+ // Generates the negotiate message (which is always the same) into |
+ // |negotiate_message_|. |
+ void GenerateNegotiateMessage(); |
+ |
+ uint32_t negotiate_flags_; |
+ std::unique_ptr<uint8_t[]> negotiate_message_; |
+ |
+ DISALLOW_COPY_AND_ASSIGN(NtlmClient); |
+}; |
+ |
+} // namespace net |
+ |
+#endif // NET_BASE_NTLM_CLIENT_H_ |