Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(161)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/ntlm/ntlm_test_data.h

Issue 2904633002: Replace NTLMv1 implementation with a functionally equivalent one.
Patch Set: Cleanup Created 3 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/ntlm/ntlm_client_unittest.cc ('K') | « net/ntlm/ntlm_constants.h ('k') | net/ntlm/ntlm_unittest.cc » ('j') | net/ntlm/ntlm_unittest.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/ntlm/ntlm_test_data.h
diff --git a/net/ntlm/ntlm_test_data.h b/net/ntlm/ntlm_test_data.h
index 2a9913b7a4c52ec49d490893b09e41d7fb75ae81..faabae923ef1c1d53e9590870c01910cef62a735 100644
--- a/net/ntlm/ntlm_test_data.h
+++ b/net/ntlm/ntlm_test_data.h
@@ -35,6 +35,15 @@ constexpr uint8_t kServerChallenge[kChallengeLen] = {0x01, 0x23, 0x45, 0x67,
constexpr uint8_t kClientChallenge[kChallengeLen] = {0xaa, 0xaa, 0xaa, 0xaa,
0xaa, 0xaa, 0xaa, 0xaa};
+// Test input defined in [MS-NLMP] Section 4.2.3.3.
+constexpr uint8_t kChallengeMsgV1[] = {
+ 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x02, 0x00, 0x00, 0x00,
+ 0x0c, 0x00, 0x0c, 0x00, 0x38, 0x00, 0x00, 0x00, 0x33, 0x82, 0x0a, 0x82,
+ 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x06, 0x00, 0x70, 0x17, 0x00, 0x00, 0x00, 0x0f, 0x53, 0x00, 0x65, 0x00,
+ 0x72, 0x00, 0x76, 0x00, 0x65, 0x00, 0x72, 0x00};
+
// A minimal challenge message for tests. For NTLMv1 this implementation only
// reads the smallest required version of the message (32 bytes). Some
// servers may still send messages this small. The only relevant flags
@@ -54,6 +63,20 @@ constexpr uint8_t kMinChallengeMessage[kChallengeHeaderLen] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x07, 0x82,
0x08, 0x00, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef};
+// The same message as |kMinChallengeMessage| but with the
+// NTLMSSP_NEGOTIATE_UNICODE flag cleared.
+constexpr uint8_t kMinChallengeMessageNoUnicode[kChallengeHeaderLen] = {
+ 'N', 'T', 'L', 'M', 'S', 'S', 'P', '\0', 0x02, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x06, 0x82,
+ 0x08, 0x00, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef};
+
+// The same message as |kMinChallengeMessage| but with the
+// NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY flag cleared.
+constexpr uint8_t kMinChallengeMessageNoSS[kChallengeHeaderLen] = {
+ 'N', 'T', 'L', 'M', 'S', 'S', 'P', '\0', 0x02, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x07, 0x82,
+ 0x00, 0x00, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef};
+
// Test result value for NTOWFv1() defined in [MS-NLMP] Section 4.2.2.1.2.
constexpr uint8_t kExpectedNtlmHashV1[kNtlmHashLen] = {
0xa4, 0xf4, 0x9c, 0x40, 0x65, 0x10, 0xbd, 0xca,
@@ -74,6 +97,80 @@ constexpr uint8_t kExpectedLmResponseWithV1SS[kResponseLenV1] = {
0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
+// Expected negotiate message from this implementation.
+// [0-7] - "NTLMSSP\0" (Signature)
+// [9-11] - |MessageType::NEGOTIATE| (Message Type = 0x00000001)
+// [12-15] - |NEGOTIATE_MESSAGE_FLAGS| (Flags = 0x00088207)
+// [16-23] - |SecBuf(kNegotiateMessageLen, 0)|(Domain)
+// [24-32] - |SecBuf(kNegotiateMessageLen, 0)|(Workstation)
+//
+// NOTE: Message does not include Version field. Since
+// NTLMSSP_NEGOTIATE_VERSION is never sent, it is not required, and the server
+// won't try to read it. The field is currently omitted for test compatibility
+// with the existing implementation. When NTLMv2 is implemented this field
+// will be present for both NTLMv1 and NTLMv2, however it will always be set to
+// all zeros. The version field is only used for debugging and only defines
+// a mapping to Windows operating systems.
+//
+// Similarly both Domain and Workstation fields are are not strictly required
+// either (though are included here) since neither
+// NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED nor
+// NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED are ever sent. A compliant server
+// should never read past the 16th byte in this message.
+//
+// See [MS-NLMP] Section 2.2.2.5 for more detail on flags and 2.2.2.1 for the
+// Negotiate message in general.
+constexpr uint8_t kExpectedNegotiateMsg[kNegotiateMessageLen] = {
+ 'N', 'T', 'L', 'M', 'S', 'S', 'P', '\0', 0x01, 0x00, 0x00,
+ 0x00, 0x07, 0x82, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00};
+
+// Expected V1 Authenticate message from this implementation when sent
+// |kChallengeMsgV1| as the challenge.
+//
+// [0-7] - "NTLMSSP\0" (Signature)
+// [9-11] - |MessageType::kAuthenticate| (Message Type = 0x00000003)
+// [12-19] - |SecBuf(64, RESPONSE_V1_LEN)| (LM Response)
+// [20-27] - |SecBuf(88, RESPONSE_V1_LEN)| (NTLM Response)
+// [28-35] - |SecBuf(112, 12)| (Target Name = L"Domain")
+// [36-43] - |SecBuf(124, 8)| (User = L"User")
+// [44-51] - |SecBuf(132, 16)| (Workstation = L"COMPUTER")
+// [52-59] - |SecBuf(64, 0)| (Session Key (empty))
+// [60-63] - 0x00088203 (Flags)
+// [64-87] - |EXPECTED_V1_WITH_SS_LM_RESPONSE| (LM Response Payload)
+// [88-111] - |EXPECTED_V1_WITH_SS_NTLM_RESPONSE| (NTLM Response Payload)
+// [112-123]- L"Domain" (Target Name Payload)
+// [124-132]- L"User" (User Payload)
+// [132-147]- L"COMPUTER" (Workstation Payload)
+//
+// NOTE: This is not identical to the message in [MS-NLMP] Section 4.2.2.3 for
+// several reasons.
+//
+// 1) The flags are different because this implementation does not support
+// the flags related to version, key exchange, signing and sealing. These
+// flags are not relevant to implementing the NTLM scheme in HTTP.
+// 2) Since key exchange is not required nor supported, the session base key
+// payload is not required nor present.
+// 3) The specification allows payloads to be in any order. This (and the
+// prior) implementation uses a different payload order than the example.
+// 4) The version field is Windows specific and there is no provision for
+// non-Windows OS information. This message does not include a version field.
+constexpr uint8_t kExpectedAuthenticateMsgV1[] = {
+ 'N', 'T', 'L', 'M', 'S', 'S', 'P', '\0', 0x03, 0x00, 0x00, 0x00,
+ 0x18, 0x00, 0x18, 0x00, 0x40, 0x00, 0x00, 0x00, 0x18, 0x00, 0x18, 0x00,
+ 0x58, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x0c, 0x00, 0x70, 0x00, 0x00, 0x00,
+ 0x08, 0x00, 0x08, 0x00, 0x7c, 0x00, 0x00, 0x00, 0x10, 0x00, 0x10, 0x00,
+ 0x84, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x40, 0x00, 0x00, 0x00,
+ 0x03, 0x82, 0x08, 0x00, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x75, 0x37, 0xf8, 0x03, 0xae, 0x36, 0x71, 0x28,
+ 0xca, 0x45, 0x82, 0x04, 0xbd, 0xe7, 0xca, 0xf8, 0x1e, 0x97, 0xed, 0x26,
+ 0x83, 0x26, 0x72, 0x32, 'D', 0x00, 'o', 0x00, 'm', 0x00, 'a', 0x00,
+ 'i', 0x00, 'n', 0x00, 'U', 0x00, 's', 0x00, 'e', 0x00, 'r', 0x00,
+ 'C', 0x00, 'O', 0x00, 'M', 0x00, 'P', 0x00, 'U', 0x00, 'T', 0x00,
+ 'E', 0x00, 'R', 0x00,
+};
+
} // namespace test
} // namespace ntlm
} // namespace net
« net/ntlm/ntlm_client_unittest.cc ('K') | « net/ntlm/ntlm_constants.h ('k') | net/ntlm/ntlm_unittest.cc » ('j') | net/ntlm/ntlm_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698