OLD | NEW |
1 // Copyright 2017 The Chromium Authors. All rights reserved. | 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // This file contains common input and result values use to verify the NTLM | 5 // This file contains common input and result values use to verify the NTLM |
6 // implementation. They are defined in [MS-NLMP] Section 4.2 [1]. | 6 // implementation. They are defined in [MS-NLMP] Section 4.2 [1]. |
7 // | 7 // |
8 // [1] https://msdn.microsoft.com/en-us/library/cc236621.aspx | 8 // [1] https://msdn.microsoft.com/en-us/library/cc236621.aspx |
9 | 9 |
10 #ifndef NET_BASE_NTLM_TEST_DATA_H_ | 10 #ifndef NET_BASE_NTLM_TEST_DATA_H_ |
(...skipping 17 matching lines...) Expand all Loading... |
28 constexpr char kNtlmDomainAscii[] = "Domain"; | 28 constexpr char kNtlmDomainAscii[] = "Domain"; |
29 constexpr char kUserAscii[] = "User"; | 29 constexpr char kUserAscii[] = "User"; |
30 constexpr char kHostnameAscii[] = "COMPUTER"; | 30 constexpr char kHostnameAscii[] = "COMPUTER"; |
31 | 31 |
32 // Challenge vectors defined in [MS-NLMP] Section 4.2.1. | 32 // Challenge vectors defined in [MS-NLMP] Section 4.2.1. |
33 constexpr uint8_t kServerChallenge[kChallengeLen] = {0x01, 0x23, 0x45, 0x67, | 33 constexpr uint8_t kServerChallenge[kChallengeLen] = {0x01, 0x23, 0x45, 0x67, |
34 0x89, 0xab, 0xcd, 0xef}; | 34 0x89, 0xab, 0xcd, 0xef}; |
35 constexpr uint8_t kClientChallenge[kChallengeLen] = {0xaa, 0xaa, 0xaa, 0xaa, | 35 constexpr uint8_t kClientChallenge[kChallengeLen] = {0xaa, 0xaa, 0xaa, 0xaa, |
36 0xaa, 0xaa, 0xaa, 0xaa}; | 36 0xaa, 0xaa, 0xaa, 0xaa}; |
37 | 37 |
| 38 // Test input defined in [MS-NLMP] Section 4.2.3.3. |
| 39 constexpr uint8_t kChallengeMsgV1[] = { |
| 40 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x02, 0x00, 0x00, 0x00, |
| 41 0x0c, 0x00, 0x0c, 0x00, 0x38, 0x00, 0x00, 0x00, 0x33, 0x82, 0x0a, 0x82, |
| 42 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x00, 0x00, 0x00, 0x00, |
| 43 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
| 44 0x06, 0x00, 0x70, 0x17, 0x00, 0x00, 0x00, 0x0f, 0x53, 0x00, 0x65, 0x00, |
| 45 0x72, 0x00, 0x76, 0x00, 0x65, 0x00, 0x72, 0x00}; |
| 46 |
38 // A minimal challenge message for tests. For NTLMv1 this implementation only | 47 // A minimal challenge message for tests. For NTLMv1 this implementation only |
39 // reads the smallest required version of the message (32 bytes). Some | 48 // reads the smallest required version of the message (32 bytes). Some |
40 // servers may still send messages this small. The only relevant flags | 49 // servers may still send messages this small. The only relevant flags |
41 // that affect behavior are that both NTLMSSP_NEGOTIATE_UNICODE and | 50 // that affect behavior are that both NTLMSSP_NEGOTIATE_UNICODE and |
42 // NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY are set. | 51 // NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY are set. |
43 // | 52 // |
44 // [0-7] - "NTLMSSP\0" (Signature) | 53 // [0-7] - "NTLMSSP\0" (Signature) |
45 // [9-11] - |MessageType::kChallenge| (Message Type = 0x00000002) | 54 // [9-11] - |MessageType::kChallenge| (Message Type = 0x00000002) |
46 // [12-19] - |SecBuf(kNegotiateMessageLen, 0)|(Target Name - Not Used) | 55 // [12-19] - |SecBuf(kNegotiateMessageLen, 0)|(Target Name - Not Used) |
47 // [20-23] - |NEGOTIATE_MESSAGE_FLAGS| (Flags = 0x00088207) | 56 // [20-23] - |NEGOTIATE_MESSAGE_FLAGS| (Flags = 0x00088207) |
48 // [24-31] - |SERVER_CHALLENGE| (Server Challenge) | 57 // [24-31] - |SERVER_CHALLENGE| (Server Challenge) |
49 // | 58 // |
50 // See [MS-NLMP] Section 2.2.2.2 for more information about the Challenge | 59 // See [MS-NLMP] Section 2.2.2.2 for more information about the Challenge |
51 // message. | 60 // message. |
52 constexpr uint8_t kMinChallengeMessage[kChallengeHeaderLen] = { | 61 constexpr uint8_t kMinChallengeMessage[kChallengeHeaderLen] = { |
53 'N', 'T', 'L', 'M', 'S', 'S', 'P', '\0', 0x02, 0x00, 0x00, | 62 'N', 'T', 'L', 'M', 'S', 'S', 'P', '\0', 0x02, 0x00, 0x00, |
54 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x07, 0x82, | 63 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x07, 0x82, |
55 0x08, 0x00, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef}; | 64 0x08, 0x00, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef}; |
56 | 65 |
| 66 // The same message as |kMinChallengeMessage| but with the |
| 67 // NTLMSSP_NEGOTIATE_UNICODE flag cleared. |
| 68 constexpr uint8_t kMinChallengeMessageNoUnicode[kChallengeHeaderLen] = { |
| 69 'N', 'T', 'L', 'M', 'S', 'S', 'P', '\0', 0x02, 0x00, 0x00, |
| 70 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x06, 0x82, |
| 71 0x08, 0x00, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef}; |
| 72 |
| 73 // The same message as |kMinChallengeMessage| but with the |
| 74 // NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY flag cleared. |
| 75 constexpr uint8_t kMinChallengeMessageNoSS[kChallengeHeaderLen] = { |
| 76 'N', 'T', 'L', 'M', 'S', 'S', 'P', '\0', 0x02, 0x00, 0x00, |
| 77 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x07, 0x82, |
| 78 0x00, 0x00, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef}; |
| 79 |
57 // Test result value for NTOWFv1() defined in [MS-NLMP] Section 4.2.2.1.2. | 80 // Test result value for NTOWFv1() defined in [MS-NLMP] Section 4.2.2.1.2. |
58 constexpr uint8_t kExpectedNtlmHashV1[kNtlmHashLen] = { | 81 constexpr uint8_t kExpectedNtlmHashV1[kNtlmHashLen] = { |
59 0xa4, 0xf4, 0x9c, 0x40, 0x65, 0x10, 0xbd, 0xca, | 82 0xa4, 0xf4, 0x9c, 0x40, 0x65, 0x10, 0xbd, 0xca, |
60 0xb6, 0x82, 0x4e, 0xe7, 0xc3, 0x0f, 0xd8, 0x52}; | 83 0xb6, 0x82, 0x4e, 0xe7, 0xc3, 0x0f, 0xd8, 0x52}; |
61 | 84 |
62 // Test result value defined in [MS-NLMP] Section 4.2.2.1. | 85 // Test result value defined in [MS-NLMP] Section 4.2.2.1. |
63 constexpr uint8_t kExpectedNtlmResponseV1[kResponseLenV1] = { | 86 constexpr uint8_t kExpectedNtlmResponseV1[kResponseLenV1] = { |
64 0x67, 0xc4, 0x30, 0x11, 0xf3, 0x02, 0x98, 0xa2, 0xad, 0x35, 0xec, 0xe6, | 87 0x67, 0xc4, 0x30, 0x11, 0xf3, 0x02, 0x98, 0xa2, 0xad, 0x35, 0xec, 0xe6, |
65 0x4f, 0x16, 0x33, 0x1c, 0x44, 0xbd, 0xbe, 0xd9, 0x27, 0x84, 0x1f, 0x94}; | 88 0x4f, 0x16, 0x33, 0x1c, 0x44, 0xbd, 0xbe, 0xd9, 0x27, 0x84, 0x1f, 0x94}; |
66 | 89 |
67 // Test result value defined in [MS-NLMP] Section 4.2.3.2.2. | 90 // Test result value defined in [MS-NLMP] Section 4.2.3.2.2. |
68 constexpr uint8_t kExpectedNtlmResponseWithV1SS[kResponseLenV1] = { | 91 constexpr uint8_t kExpectedNtlmResponseWithV1SS[kResponseLenV1] = { |
69 0x75, 0x37, 0xf8, 0x03, 0xae, 0x36, 0x71, 0x28, 0xca, 0x45, 0x82, 0x04, | 92 0x75, 0x37, 0xf8, 0x03, 0xae, 0x36, 0x71, 0x28, 0xca, 0x45, 0x82, 0x04, |
70 0xbd, 0xe7, 0xca, 0xf8, 0x1e, 0x97, 0xed, 0x26, 0x83, 0x26, 0x72, 0x32}; | 93 0xbd, 0xe7, 0xca, 0xf8, 0x1e, 0x97, 0xed, 0x26, 0x83, 0x26, 0x72, 0x32}; |
71 | 94 |
72 // Test result value defined in [MS-NLMP] Section 4.2.3.2.1. | 95 // Test result value defined in [MS-NLMP] Section 4.2.3.2.1. |
73 constexpr uint8_t kExpectedLmResponseWithV1SS[kResponseLenV1] = { | 96 constexpr uint8_t kExpectedLmResponseWithV1SS[kResponseLenV1] = { |
74 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0x00, 0x00, 0x00, 0x00, | 97 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0x00, 0x00, 0x00, 0x00, |
75 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; | 98 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; |
76 | 99 |
| 100 // Expected negotiate message from this implementation. |
| 101 // [0-7] - "NTLMSSP\0" (Signature) |
| 102 // [9-11] - |MessageType::NEGOTIATE| (Message Type = 0x00000001) |
| 103 // [12-15] - |NEGOTIATE_MESSAGE_FLAGS| (Flags = 0x00088207) |
| 104 // [16-23] - |SecBuf(kNegotiateMessageLen, 0)|(Domain) |
| 105 // [24-32] - |SecBuf(kNegotiateMessageLen, 0)|(Workstation) |
| 106 // |
| 107 // NOTE: Message does not include Version field. Since |
| 108 // NTLMSSP_NEGOTIATE_VERSION is never sent, it is not required, and the server |
| 109 // won't try to read it. The field is currently omitted for test compatibility |
| 110 // with the existing implementation. When NTLMv2 is implemented this field |
| 111 // will be present for both NTLMv1 and NTLMv2, however it will always be set to |
| 112 // all zeros. The version field is only used for debugging and only defines |
| 113 // a mapping to Windows operating systems. |
| 114 // |
| 115 // Similarly both Domain and Workstation fields are are not strictly required |
| 116 // either (though are included here) since neither |
| 117 // NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED nor |
| 118 // NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED are ever sent. A compliant server |
| 119 // should never read past the 16th byte in this message. |
| 120 // |
| 121 // See [MS-NLMP] Section 2.2.2.5 for more detail on flags and 2.2.2.1 for the |
| 122 // Negotiate message in general. |
| 123 constexpr uint8_t kExpectedNegotiateMsg[kNegotiateMessageLen] = { |
| 124 'N', 'T', 'L', 'M', 'S', 'S', 'P', '\0', 0x01, 0x00, 0x00, |
| 125 0x00, 0x07, 0x82, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x00, |
| 126 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00}; |
| 127 |
| 128 // Expected V1 Authenticate message from this implementation when sent |
| 129 // |kChallengeMsgV1| as the challenge. |
| 130 // |
| 131 // [0-7] - "NTLMSSP\0" (Signature) |
| 132 // [9-11] - |MessageType::kAuthenticate| (Message Type = 0x00000003) |
| 133 // [12-19] - |SecBuf(64, RESPONSE_V1_LEN)| (LM Response) |
| 134 // [20-27] - |SecBuf(88, RESPONSE_V1_LEN)| (NTLM Response) |
| 135 // [28-35] - |SecBuf(112, 12)| (Target Name = L"Domain") |
| 136 // [36-43] - |SecBuf(124, 8)| (User = L"User") |
| 137 // [44-51] - |SecBuf(132, 16)| (Workstation = L"COMPUTER") |
| 138 // [52-59] - |SecBuf(64, 0)| (Session Key (empty)) |
| 139 // [60-63] - 0x00088203 (Flags) |
| 140 // [64-87] - |EXPECTED_V1_WITH_SS_LM_RESPONSE| (LM Response Payload) |
| 141 // [88-111] - |EXPECTED_V1_WITH_SS_NTLM_RESPONSE| (NTLM Response Payload) |
| 142 // [112-123]- L"Domain" (Target Name Payload) |
| 143 // [124-132]- L"User" (User Payload) |
| 144 // [132-147]- L"COMPUTER" (Workstation Payload) |
| 145 // |
| 146 // NOTE: This is not identical to the message in [MS-NLMP] Section 4.2.2.3 for |
| 147 // several reasons. |
| 148 // |
| 149 // 1) The flags are different because this implementation does not support |
| 150 // the flags related to version, key exchange, signing and sealing. These |
| 151 // flags are not relevant to implementing the NTLM scheme in HTTP. |
| 152 // 2) Since key exchange is not required nor supported, the session base key |
| 153 // payload is not required nor present. |
| 154 // 3) The specification allows payloads to be in any order. This (and the |
| 155 // prior) implementation uses a different payload order than the example. |
| 156 // 4) The version field is Windows specific and there is no provision for |
| 157 // non-Windows OS information. This message does not include a version field. |
| 158 constexpr uint8_t kExpectedAuthenticateMsgV1[] = { |
| 159 'N', 'T', 'L', 'M', 'S', 'S', 'P', '\0', 0x03, 0x00, 0x00, 0x00, |
| 160 0x18, 0x00, 0x18, 0x00, 0x40, 0x00, 0x00, 0x00, 0x18, 0x00, 0x18, 0x00, |
| 161 0x58, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x0c, 0x00, 0x70, 0x00, 0x00, 0x00, |
| 162 0x08, 0x00, 0x08, 0x00, 0x7c, 0x00, 0x00, 0x00, 0x10, 0x00, 0x10, 0x00, |
| 163 0x84, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x40, 0x00, 0x00, 0x00, |
| 164 0x03, 0x82, 0x08, 0x00, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, |
| 165 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, |
| 166 0x00, 0x00, 0x00, 0x00, 0x75, 0x37, 0xf8, 0x03, 0xae, 0x36, 0x71, 0x28, |
| 167 0xca, 0x45, 0x82, 0x04, 0xbd, 0xe7, 0xca, 0xf8, 0x1e, 0x97, 0xed, 0x26, |
| 168 0x83, 0x26, 0x72, 0x32, 'D', 0x00, 'o', 0x00, 'm', 0x00, 'a', 0x00, |
| 169 'i', 0x00, 'n', 0x00, 'U', 0x00, 's', 0x00, 'e', 0x00, 'r', 0x00, |
| 170 'C', 0x00, 'O', 0x00, 'M', 0x00, 'P', 0x00, 'U', 0x00, 'T', 0x00, |
| 171 'E', 0x00, 'R', 0x00, |
| 172 }; |
| 173 |
77 } // namespace test | 174 } // namespace test |
78 } // namespace ntlm | 175 } // namespace ntlm |
79 } // namespace net | 176 } // namespace net |
80 | 177 |
81 #endif // NET_BASE_NTLM_TEST_DATA_H_ | 178 #endif // NET_BASE_NTLM_TEST_DATA_H_ |
OLD | NEW |