// Copyright 2017 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifdef UNSAFE_BUFFERS_BUILD // TODO(crbug.com/40284755): Remove this and spanify to fix the errors. #pragma allow_unsafe_buffers #endif #include "net/ntlm/ntlm.h" #include <string.h> #include "base/check_op.h" #include "base/containers/span.h" #include "base/notreached.h" #include "base/strings/utf_string_conversions.h" #include "net/base/net_string_util.h" #include "net/ntlm/ntlm_buffer_writer.h" #include "net/ntlm/ntlm_constants.h" #include "third_party/boringssl/src/include/openssl/des.h" #include "third_party/boringssl/src/include/openssl/hmac.h" #include "third_party/boringssl/src/include/openssl/md4.h" #include "third_party/boringssl/src/include/openssl/md5.h" namespace net::ntlm { namespace { // Takes the parsed target info in |av_pairs| and performs the following // actions. // // 1) If a |TargetInfoAvId::kTimestamp| AvPair exists, |server_timestamp| // is set to the payload. // 2) If |is_mic_enabled| is true, the existing |TargetInfoAvId::kFlags| AvPair // will have the |TargetInfoAvFlags::kMicPresent| bit set. If an existing // flags AvPair does not already exist, a new one is added with the value of // |TargetInfoAvFlags::kMicPresent|. // 3) If |is_epa_enabled| is true, two new AvPair entries will be added to // |av_pairs|. The first will be of type |TargetInfoAvId::kChannelBindings| // and contains MD5(|channel_bindings|) as the payload. The second will be // of type |TargetInfoAvId::kTargetName| and contains |spn| as a little // endian UTF16 string. // 4) Sets |target_info_len| to the size of |av_pairs| when serialized into // a payload. void UpdateTargetInfoAvPairs(bool is_mic_enabled, bool is_epa_enabled, const std::string& channel_bindings, const std::string& spn, std::vector<AvPair>* av_pairs, uint64_t* server_timestamp, size_t* target_info_len) { … } std::vector<uint8_t> WriteUpdatedTargetInfo(const std::vector<AvPair>& av_pairs, size_t updated_target_info_len) { … } // Reads 7 bytes (56 bits) from |key_56| and writes them into 8 bytes of // |key_64| with 7 bits in every byte. The least significant bits are // undefined and a subsequent operation will set those bits with a parity bit. // |key_56| must contain 7 bytes. // |key_64| must contain 8 bytes. void Splay56To64(base::span<const uint8_t, 7> key_56, base::span<uint8_t, 8> key_64) { … } } // namespace void Create3DesKeysFromNtlmHash( base::span<const uint8_t, kNtlmHashLen> ntlm_hash, base::span<uint8_t, 24> keys) { … } void GenerateNtlmHashV1(const std::u16string& password, base::span<uint8_t, kNtlmHashLen> hash) { … } void GenerateResponseDesl(base::span<const uint8_t, kNtlmHashLen> hash, base::span<const uint8_t, kChallengeLen> challenge, base::span<uint8_t, kResponseLenV1> response) { … } void GenerateNtlmResponseV1( const std::u16string& password, base::span<const uint8_t, kChallengeLen> server_challenge, base::span<uint8_t, kResponseLenV1> ntlm_response) { … } void GenerateResponsesV1( const std::u16string& password, base::span<const uint8_t, kChallengeLen> server_challenge, base::span<uint8_t, kResponseLenV1> lm_response, base::span<uint8_t, kResponseLenV1> ntlm_response) { … } void GenerateLMResponseV1WithSessionSecurity( base::span<const uint8_t, kChallengeLen> client_challenge, base::span<uint8_t, kResponseLenV1> lm_response) { … } void GenerateSessionHashV1WithSessionSecurity( base::span<const uint8_t, kChallengeLen> server_challenge, base::span<const uint8_t, kChallengeLen> client_challenge, base::span<uint8_t, kNtlmHashLen> session_hash) { … } void GenerateNtlmResponseV1WithSessionSecurity( const std::u16string& password, base::span<const uint8_t, kChallengeLen> server_challenge, base::span<const uint8_t, kChallengeLen> client_challenge, base::span<uint8_t, kResponseLenV1> ntlm_response) { … } void GenerateResponsesV1WithSessionSecurity( const std::u16string& password, base::span<const uint8_t, kChallengeLen> server_challenge, base::span<const uint8_t, kChallengeLen> client_challenge, base::span<uint8_t, kResponseLenV1> lm_response, base::span<uint8_t, kResponseLenV1> ntlm_response) { … } void GenerateNtlmHashV2(const std::u16string& domain, const std::u16string& username, const std::u16string& password, base::span<uint8_t, kNtlmHashLen> v2_hash) { … } std::vector<uint8_t> GenerateProofInputV2( uint64_t timestamp, base::span<const uint8_t, kChallengeLen> client_challenge) { … } void GenerateNtlmProofV2( base::span<const uint8_t, kNtlmHashLen> v2_hash, base::span<const uint8_t, kChallengeLen> server_challenge, base::span<const uint8_t, kProofInputLenV2> v2_input, base::span<const uint8_t> target_info, base::span<uint8_t, kNtlmProofLenV2> v2_proof) { … } void GenerateSessionBaseKeyV2( base::span<const uint8_t, kNtlmHashLen> v2_hash, base::span<const uint8_t, kNtlmProofLenV2> v2_proof, base::span<uint8_t, kSessionKeyLenV2> session_key) { … } void GenerateChannelBindingHashV2( const std::string& channel_bindings, base::span<uint8_t, kNtlmHashLen> channel_bindings_hash) { … } void GenerateMicV2(base::span<const uint8_t, kSessionKeyLenV2> session_key, base::span<const uint8_t> negotiate_msg, base::span<const uint8_t> challenge_msg, base::span<const uint8_t> authenticate_msg, base::span<uint8_t, kMicLenV2> mic) { … } NET_EXPORT_PRIVATE std::vector<uint8_t> GenerateUpdatedTargetInfo( bool is_mic_enabled, bool is_epa_enabled, const std::string& channel_bindings, const std::string& spn, const std::vector<AvPair>& av_pairs, uint64_t* server_timestamp) { … } } // namespace net::ntlm
Codebase Browser
chromium