OLD | NEW |
1 // Copyright 2017 The Chromium Authors. All rights reserved. | 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // This file contains common input and result values use to verify the NTLM | 5 // This file contains common input and result values use to verify the NTLM |
6 // implementation. They are defined in [MS-NLMP] Section 4.2 [1]. | 6 // implementation. They are defined in [MS-NLMP] Section 4.2 [1]. |
7 // | 7 // |
8 // [1] https://msdn.microsoft.com/en-us/library/cc236621.aspx | 8 // [1] https://msdn.microsoft.com/en-us/library/cc236621.aspx |
9 | 9 |
10 #ifndef NET_BASE_NTLM_TEST_DATA_H_ | 10 #ifndef NET_BASE_NTLM_TEST_DATA_H_ |
(...skipping 14 matching lines...) Expand all Loading... |
25 const std::string NTLM_DOMAIN_ASCII("Domain"); | 25 const std::string NTLM_DOMAIN_ASCII("Domain"); |
26 const std::string NTLM_USER_ASCII("User"); | 26 const std::string NTLM_USER_ASCII("User"); |
27 const std::string NTLM_HOSTNAME_ASCII("COMPUTER"); | 27 const std::string NTLM_HOSTNAME_ASCII("COMPUTER"); |
28 | 28 |
29 // Challenge vectors defined in [MS-NLMP] Section 4.2.1. | 29 // Challenge vectors defined in [MS-NLMP] Section 4.2.1. |
30 constexpr uint8_t SERVER_CHALLENGE[CHALLENGE_LEN] = {0x01, 0x23, 0x45, 0x67, | 30 constexpr uint8_t SERVER_CHALLENGE[CHALLENGE_LEN] = {0x01, 0x23, 0x45, 0x67, |
31 0x89, 0xab, 0xcd, 0xef}; | 31 0x89, 0xab, 0xcd, 0xef}; |
32 constexpr uint8_t CLIENT_CHALLENGE[CHALLENGE_LEN] = {0xaa, 0xaa, 0xaa, 0xaa, | 32 constexpr uint8_t CLIENT_CHALLENGE[CHALLENGE_LEN] = {0xaa, 0xaa, 0xaa, 0xaa, |
33 0xaa, 0xaa, 0xaa, 0xaa}; | 33 0xaa, 0xaa, 0xaa, 0xaa}; |
34 | 34 |
| 35 // Test input defined in [MS-NLMP] Section 4.2.3.3. |
| 36 constexpr uint8_t V1_CHALLENGE_MSG[] = { |
| 37 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x02, 0x00, 0x00, 0x00, |
| 38 0x0c, 0x00, 0x0c, 0x00, 0x38, 0x00, 0x00, 0x00, 0x33, 0x82, 0x0a, 0x82, |
| 39 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x00, 0x00, 0x00, 0x00, |
| 40 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
| 41 0x06, 0x00, 0x70, 0x17, 0x00, 0x00, 0x00, 0x0f, 0x53, 0x00, 0x65, 0x00, |
| 42 0x72, 0x00, 0x76, 0x00, 0x65, 0x00, 0x72, 0x00}; |
| 43 |
| 44 // A minimal challenge message for tests. For NTLMv1 Chrome only |
| 45 // reads the smallest required version of the message (32 bytes). Some |
| 46 // servers may still send messages this small. The only relevant flags |
| 47 // that affect behavior are that both NTLMSSP_NEGOTIATE_UNICODE and |
| 48 // NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY are set. |
| 49 // |
| 50 // [0-7] - "NTLMSSP\0" (Signature) |
| 51 // [9-11] - |MessageType::CHALLENGE| (Message Type = 0x00000002) |
| 52 // [12-19] - |SecBuf(NEGOTIATE_MESSAGE_LEN, 0)|(Target Name - Not Used) |
| 53 // [20-23] - |NEGOTIATE_MESSAGE_FLAGS| (Flags = 0x00088207) |
| 54 // [24-31] - |SERVER_CHALLENGE| (Server Challenge) |
| 55 // |
| 56 // See [MS-NLMP] Section 2.2.2.2 for more information about the Challenge |
| 57 // message. |
| 58 constexpr uint8_t MIN_CHALLENGE_MESSAGE[ntlm::CHALLENGE_HEADER_LEN] = { |
| 59 'N', 'T', 'L', 'M', 'S', 'S', 'P', '\0', 0x02, 0x00, 0x00, |
| 60 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x07, 0x82, |
| 61 0x08, 0x00, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef}; |
| 62 |
| 63 // The same message as |MIN_CHALLENGE_MESSAGE| but with the |
| 64 // NTLMSSP_NEGOTIATE_UNICODE flag cleared. |
| 65 constexpr uint8_t MIN_CHALLENGE_MESSAGE_NO_UNICODE[ntlm::CHALLENGE_HEADER_LEN] = |
| 66 {'N', 'T', 'L', 'M', 'S', 'S', 'P', '\0', 0x02, 0x00, 0x00, |
| 67 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x06, 0x82, |
| 68 0x08, 0x00, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef}; |
| 69 |
| 70 // The same message as |MIN_CHALLENGE_MESSAGE| but with the |
| 71 // NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY flag cleared. |
| 72 constexpr uint8_t MIN_CHALLENGE_MESSAGE_NO_SS[ntlm::CHALLENGE_HEADER_LEN] = { |
| 73 'N', 'T', 'L', 'M', 'S', 'S', 'P', '\0', 0x02, 0x00, 0x00, |
| 74 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x07, 0x82, |
| 75 0x00, 0x00, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef}; |
| 76 |
35 // Test result value for NTOWFv1() defined in [MS-NLMP] Section 4.2.2.1.2. | 77 // Test result value for NTOWFv1() defined in [MS-NLMP] Section 4.2.2.1.2. |
36 constexpr uint8_t EXPECTED_V1_HASH[NTLM_HASH_LEN] = { | 78 constexpr uint8_t EXPECTED_V1_HASH[NTLM_HASH_LEN] = { |
37 0xa4, 0xf4, 0x9c, 0x40, 0x65, 0x10, 0xbd, 0xca, | 79 0xa4, 0xf4, 0x9c, 0x40, 0x65, 0x10, 0xbd, 0xca, |
38 0xb6, 0x82, 0x4e, 0xe7, 0xc3, 0x0f, 0xd8, 0x52}; | 80 0xb6, 0x82, 0x4e, 0xe7, 0xc3, 0x0f, 0xd8, 0x52}; |
39 | 81 |
40 // Test result value defined in [MS-NLMP] Section 4.2.2.1. | 82 // Test result value defined in [MS-NLMP] Section 4.2.2.1. |
41 constexpr uint8_t EXPECTED_V1_NTLM_RESPONSE[RESPONSE_V1_LEN] = { | 83 constexpr uint8_t EXPECTED_V1_NTLM_RESPONSE[RESPONSE_V1_LEN] = { |
42 0x67, 0xc4, 0x30, 0x11, 0xf3, 0x02, 0x98, 0xa2, 0xad, 0x35, 0xec, 0xe6, | 84 0x67, 0xc4, 0x30, 0x11, 0xf3, 0x02, 0x98, 0xa2, 0xad, 0x35, 0xec, 0xe6, |
43 0x4f, 0x16, 0x33, 0x1c, 0x44, 0xbd, 0xbe, 0xd9, 0x27, 0x84, 0x1f, 0x94}; | 85 0x4f, 0x16, 0x33, 0x1c, 0x44, 0xbd, 0xbe, 0xd9, 0x27, 0x84, 0x1f, 0x94}; |
44 | 86 |
45 // Test result value defined in [MS-NLMP] Section 4.2.3.2.2. | 87 // Test result value defined in [MS-NLMP] Section 4.2.3.2.2. |
46 constexpr uint8_t EXPECTED_V1_WITH_SS_NTLM_RESPONSE[RESPONSE_V1_LEN] = { | 88 constexpr uint8_t EXPECTED_V1_WITH_SS_NTLM_RESPONSE[RESPONSE_V1_LEN] = { |
47 0x75, 0x37, 0xf8, 0x03, 0xae, 0x36, 0x71, 0x28, 0xca, 0x45, 0x82, 0x04, | 89 0x75, 0x37, 0xf8, 0x03, 0xae, 0x36, 0x71, 0x28, 0xca, 0x45, 0x82, 0x04, |
48 0xbd, 0xe7, 0xca, 0xf8, 0x1e, 0x97, 0xed, 0x26, 0x83, 0x26, 0x72, 0x32}; | 90 0xbd, 0xe7, 0xca, 0xf8, 0x1e, 0x97, 0xed, 0x26, 0x83, 0x26, 0x72, 0x32}; |
49 | 91 |
50 // Test result value defined in [MS-NLMP] Section 4.2.3.2.1. | 92 // Test result value defined in [MS-NLMP] Section 4.2.3.2.1. |
51 constexpr uint8_t EXPECTED_V1_WITH_SS_LM_RESPONSE[RESPONSE_V1_LEN] = { | 93 constexpr uint8_t EXPECTED_V1_WITH_SS_LM_RESPONSE[RESPONSE_V1_LEN] = { |
52 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0x00, 0x00, 0x00, 0x00, | 94 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0x00, 0x00, 0x00, 0x00, |
53 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; | 95 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; |
54 | 96 |
| 97 // Expected negotiate message from this implementation. |
| 98 // [0-7] - "NTLMSSP\0" (Signature) |
| 99 // [9-11] - |MessageType::NEGOTIATE| (Message Type = 0x00000001) |
| 100 // [12-15] - |NEGOTIATE_MESSAGE_FLAGS| (Flags = 0x00088207) |
| 101 // [16-23] - |SecBuf(NEGOTIATE_MESSAGE_LEN, 0)|(Domain) |
| 102 // [24-32] - |SecBuf(NEGOTIATE_MESSAGE_LEN, 0)|(Workstation) |
| 103 // |
| 104 // NOTE: Message does not include Version field. Since |
| 105 // NTLMSSP_NEGOTIATE_VERSION is never sent it is not required and the server |
| 106 // won't try to read it. This is currently omitted for test compatibility with |
| 107 // the existing implementation. When NTLMv2 is implemented this field |
| 108 // will be added for all versions. |
| 109 // |
| 110 // Similarly both Domain and Workstation fields are are not strictly required |
| 111 // either (though are included here) since neither |
| 112 // NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED nor |
| 113 // NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED are ever sent. A compliant server |
| 114 // should never read past the 16th byte in this message. |
| 115 // |
| 116 // See [MS-NLMP] Section 2.2.2.5 for more detail on flags and 2.2.2.1 for the |
| 117 // Negotiate message in general. |
| 118 constexpr uint8_t EXPECTED_NEGOTIATE_MSG[NEGOTIATE_MESSAGE_LEN] = { |
| 119 'N', 'T', 'L', 'M', 'S', 'S', 'P', '\0', 0x01, 0x00, 0x00, |
| 120 0x00, 0x07, 0x82, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x00, |
| 121 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00}; |
| 122 |
| 123 // Expected V1 Authenticate message from this implementation when sent |
| 124 // |V1_CHALLENGE_MSG| as the challenge. |
| 125 // |
| 126 // [0-7] - "NTLMSSP\0" (Signature) |
| 127 // [9-11] - |MessageType::AUTHENTICATE| (Message Type = 0x00000003) |
| 128 // [12-19] - |SecBuf(64, RESPONSE_V1_LEN)| (LM Response) |
| 129 // [20-27] - |SecBuf(88, RESPONSE_V1_LEN)| (NTLM Response) |
| 130 // [28-35] - |SecBuf(112, 12)| (Target Name = L"Domain") |
| 131 // [36-43] - |SecBuf(124, 8)| (User = L"User") |
| 132 // [44-51] - |SecBuf(132, 16)| (Workstation = L"COMPUTER") |
| 133 // [52-59] - |SecBuf(64, 0)| (Session Key (empty)) |
| 134 // [60-63] - 0x00088203 (Flags) |
| 135 // [64-87] - |EXPECTED_V1_WITH_SS_LM_RESPONSE| (LM Response Payload) |
| 136 // [88-111] - |EXPECTED_V1_WITH_SS_NTLM_RESPONSE|(NTLM Response Payload) |
| 137 // [112-123]- L"Domain" (Target Name Payload) |
| 138 // [124-132]- L"User" (User Payload) |
| 139 // [132-147]- L"COMPUTER" (Workstation Payload) |
| 140 // |
| 141 // NOTE: This is not identical to the message in [MS-NLMP] Section 4.2.2.3 for |
| 142 // several reasons. |
| 143 // |
| 144 // 1) The flags are different because this implementation does not support |
| 145 // the flags related to version, key exchange, signing and sealing. These |
| 146 // flags are not relevant to implementing the NTLM scheme in HTTP. |
| 147 // 2) Since key exchange is not required nor supported, the session base key |
| 148 // payload is not required nor present. |
| 149 // 3) The specification allows payloads to be in any order. This (and the |
| 150 // prior) implementation uses a different payload order than the example. |
| 151 // 4) The version field is Windows specific and there is no provision for a |
| 152 // non-Windows OS information. This message does not include a version field. |
| 153 constexpr uint8_t EXPECTED_V1_AUTHENTICATE_MSG[] = { |
| 154 'N', 'T', 'L', 'M', 'S', 'S', 'P', '\0', 0x03, 0x00, 0x00, 0x00, |
| 155 0x18, 0x00, 0x18, 0x00, 0x40, 0x00, 0x00, 0x00, 0x18, 0x00, 0x18, 0x00, |
| 156 0x58, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x0c, 0x00, 0x70, 0x00, 0x00, 0x00, |
| 157 0x08, 0x00, 0x08, 0x00, 0x7c, 0x00, 0x00, 0x00, 0x10, 0x00, 0x10, 0x00, |
| 158 0x84, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x40, 0x00, 0x00, 0x00, |
| 159 0x03, 0x82, 0x08, 0x00, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, |
| 160 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
| 161 0x00, 0x00, 0x00, 0x00, 0x75, 0x37, 0xf8, 0x03, 0xae, 0x36, 0x71, 0x28, |
| 162 0xca, 0x45, 0x82, 0x04, 0xbd, 0xe7, 0xca, 0xf8, 0x1e, 0x97, 0xed, 0x26, |
| 163 0x83, 0x26, 0x72, 0x32, 'D', 0x00, 'o', 0x00, 'm', 0x00, 'a', 0x00, |
| 164 'i', 0x00, 'n', 0x00, 'U', 0x00, 's', 0x00, 'e', 0x00, 'r', 0x00, |
| 165 'C', 0x00, 'O', 0x00, 'M', 0x00, 'P', 0x00, 'U', 0x00, 'T', 0x00, |
| 166 'E', 0x00, 'R', 0x00, |
| 167 }; |
| 168 |
55 } // namespace ntlm | 169 } // namespace ntlm |
56 } // namespace net | 170 } // namespace net |
57 | 171 |
58 #endif // NET_BASE_NTLM_TEST_DATA_H_ | 172 #endif // NET_BASE_NTLM_TEST_DATA_H_ |
OLD | NEW |