Add a buffer reader/writer for NTLM.

net/http/ntlm.h

Index: net/http/ntlm.h
diff --git a/net/http/ntlm.h b/net/http/ntlm.h
new file mode 100644
index 0000000000000000000000000000000000000000..0bd290533e1df78cd8550ecce4a59db6dbe46a1b
--- /dev/null
+++ b/net/http/ntlm.h
@@ -0,0 +1,65 @@
+// Copyright (c) 2017 The Chromium Authors. All rights reserved.

[Ryan Sleevi, 2017/06/08 18:36:33]

No (c) needed

[zentaro, 2017/06/12 23:12:05]

Done. Here and others. I assume this is new since most of the other files have
it.

+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef NET_BASE_NTLM_H_
+#define NET_BASE_NTLM_H_

[asanka, 2017/06/08 18:44:57]

Nit: I'd suggest using the ntlm.h header for the API that callers are supposed
to use to interact with this implementation and move the protocol constants out
to a different file.

[zentaro, 2017/06/12 23:12:04]

TODO(zentaro): I'm going to do this round of feedback without moving it to keep
the diffs easier to follow. Will follow up on specifics at the end of this
round.

+
+#include <stddef.h>
+#include <stdint.h>
+
+#include "base/macros.h"
+#include "net/base/net_export.h"
+
+namespace net {
+namespace ntlm {
+
+struct SecurityBuffer {

[Ryan Sleevi, 2017/06/08 18:36:33]

Document?

[zentaro, 2017/06/12 23:12:04]

Done.

[asanka, 2017/06/16 03:21:28]

Add that the offset is relative to the start of the message.

[zentaro, 2017/06/21 00:38:46]

Done.

+  SecurityBuffer(uint32_t offset, uint16_t length)
+      : offset(offset), length(length) {}
+
+  SecurityBuffer() : SecurityBuffer(0, 0) {}
+  uint32_t offset;
+  uint16_t length;
+};
+
+enum NtlmVersion {
+  VERSION_NTLM_V1 = 0x01,
+  VERSION_NTLM_V2 = 0x02,
+};
+
+enum MessageType {
+  MESSAGE_NEGOTIATE = 0x01,
+  MESSAGE_CHALLENGE = 0x02,
+  MESSAGE_AUTHENTICATE = 0x03,
+};
+
+// Defined in NTLMSSP Spec 2.2.2.5

[asanka, 2017/06/08 18:44:57]

Let's refer to the spec as [MS-NLMP] which is what MS uses to refer to their
specification. NTLMSSP is the name of a protocol and doesn't identify a spec.

[zentaro, 2017/06/12 23:12:04]

Done. And others.

+// Only the used subset is defined.
+enum NegotiateFlags {

[asanka, 2017/06/08 18:44:57]

Let's make these typed enums. Here and elsewhere.

[zentaro, 2017/06/12 23:12:04]

Done.

[asanka, 2017/06/16 03:21:28]

Thanks for doing this.

+  NTLMSSP_NEGOTIATE_UNICODE = 0x01,
+  NTLMSSP_NEGOTIATE_OEM = 0x02,
+  NTLMSSP_REQUEST_TARGET = 0x04,
+  NTLMSSP_NEGOTIATE_NTLM = 0x200,
+  NTLMSSP_NEGOTIATE_ALWAYS_SIGN = 0x8000,
+  NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY = 0x80000,
+};
+
+static constexpr uint8_t SIGNATURE[] = "NTLMSSP";
+static constexpr size_t SIGNATURE_LEN = arraysize(SIGNATURE);
+static constexpr size_t SECURITY_BUFFER_LEN =
+    (2 * sizeof(uint16_t)) + sizeof(uint32_t);
+static constexpr size_t NEGOTIATE_MESSAGE_LEN = 32;

[asanka, 2017/06/08 18:44:57]

Recent versions of Windows use a 40 byte NEGOTIATE message, no?

[zentaro, 2017/06/12 23:12:04]

Yes. It will be in the CL that adds NTLMv2 (and it will apply to v1 too). I
tried to sequence the CL's so that I could land a set of unit tests against the
old implementation, then next CL would pass all those tests (ie. be functionally
the same), then make the upgrades in the following CL.

But it's an optional field (that wasn't in older versions) and since we never
set NTLMSSP_NEGOTIATE_VERSION in the flags the server won't try to read it. 

Plus the field is entirely windows specific and supposedly for debugging only,
so in theory the server should not base any logic on it.

+static constexpr size_t RESPONSE_V1_LEN = 24;
+static constexpr size_t CHALLENGE_LEN = 8;
+static constexpr size_t NTLM_HASH_LEN = 16;
+
+static constexpr uint32_t NEGOTIATE_MESSAGE_FLAGS =
+    NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_OEM | NTLMSSP_REQUEST_TARGET |
+    NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_ALWAYS_SIGN |
+    NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY;
+
+}  // namespce ntlm
+}  // namespace net
+
+#endif  // NET_BASE_NTLM_H_