1 // Copyright 2017 The Chromium Authors 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 // This file contains common input and result values use to verify the NTLM 6 // implementation. They are defined in [MS-NLMP] Section 4.2 [1]. 7 // 8 // [MS-NLMP] has no test data for Extended Protection for Authentication (EPA). 9 // Test vectors related to EPA (aka Channel Binding) have been taken from 10 // a Microsoft blog post [2]. 11 // 12 // [1] https://msdn.microsoft.com/en-us/library/cc236621.aspx 13 // [2] https://blogs.msdn.microsoft.com/openspecification/2013/03/26/ntlm-and- 14 // channel-binding-hash-aka-extended-protection-for-authentication/ 15 16 #ifndef NET_NTLM_NTLM_TEST_DATA_H_ 17 #define NET_NTLM_NTLM_TEST_DATA_H_ 18 19 #include "net/ntlm/ntlm_constants.h" 20 21 namespace net::ntlm::test { 22 23 // Common input values defined in [MS-NLMP] Section 4.2.1. 24 constexpr char16_t kPassword[] = {'P', 'a', 's', 's', 'w', 'o', 'r', 'd', '\0'}; 25 constexpr char16_t kNtlmDomain[] = {'D', 'o', 'm', 'a', 'i', 'n', '\0'}; 26 constexpr uint8_t kNtlmDomainRaw[] = {'D', 0x00, 'o', 0x00, 'm', 0x00, 27 'a', 0x00, 'i', 0x00, 'n', 0x00}; 28 constexpr char16_t kUser[] = {'U', 's', 'e', 'r', '\0'}; 29 constexpr char16_t kDomainUserCombined[] = {'D', 'o', 'm', 'a', 'i', 'n', 30 '\\', 'U', 's', 'e', 'r', '\0'}; 31 constexpr char16_t kHostname[] = {'C', 'O', 'M', 'P', 'U', 'T', 'E', 'R', '\0'}; 32 constexpr char16_t kServer[] = {'S', 'e', 'r', 'v', 'e', 'r', '\0'}; 33 constexpr uint8_t kServerRaw[] = {'S', 0x00, 'e', 0x00, 'r', 0x00, 34 'v', 0x00, 'e', 0x00, 'r', 0x00}; 35 36 // ASCII Versions of the above strings. 37 constexpr char kNtlmDomainAscii[] = "Domain"; 38 constexpr char kUserAscii[] = "User"; 39 constexpr char kHostnameAscii[] = "COMPUTER"; 40 41 // Test data obtained from [2]. 42 constexpr uint8_t kChannelBindings[] = { 43 't', 'l', 's', '-', 's', 'e', 'r', 'v', 'e', 'r', '-', 44 'e', 'n', 'd', '-', 'p', 'o', 'i', 'n', 't', ':', 0xea, 45 0x05, 0xfe, 0xfe, 0xcc, 0x6b, 0x0b, 0xd5, 0x71, 0xdb, 0xbc, 0x5b, 46 0xaa, 0x3e, 0xd4, 0x53, 0x86, 0xd0, 0x44, 0x68, 0x35, 0xf7, 0xb7, 47 0x4c, 0x85, 0x62, 0x1b, 0x99, 0x83, 0x47, 0x5f, 0x95, '\0'}; 48 49 constexpr char kNtlmSpn[] = {'H', 'T', 'T', 'P', '/', 'S', 50 'e', 'r', 'v', 'e', 'r', '\0'}; 51 constexpr uint8_t kNtlmSpnRaw[] = {'H', 0x00, 'T', 0x00, 'T', 0x00, 'P', 0x00, 52 '/', 0x00, 'S', 0x00, 'e', 0x00, 'r', 0x00, 53 'v', 0x00, 'e', 0x00, 'r', 0x00}; 54 55 // Input value defined in [MS-NLMP] Section 4.2.1. 56 constexpr uint64_t kServerTimestamp = 0; 57 58 // Arbitrary value for client timestamp. The spec does not provide test data 59 // or scenarios involving the client timestamp. The relevant thing is that it 60 // is not equal to |kServerTimestamp| so it can be determined which timestamp 61 // is within the message. 62 // Tue, 23 May 2017 20:13:07 +0000 63 constexpr uint64_t kClientTimestamp = 131400439870000000; 64 65 // Challenge vectors defined in [MS-NLMP] Section 4.2.1. 66 constexpr uint8_t kServerChallenge[kChallengeLen] = {0x01, 0x23, 0x45, 0x67, 67 0x89, 0xab, 0xcd, 0xef}; 68 constexpr uint8_t kClientChallenge[kChallengeLen] = {0xaa, 0xaa, 0xaa, 0xaa, 69 0xaa, 0xaa, 0xaa, 0xaa}; 70 71 // Test input defined in [MS-NLMP] Section 4.2.3.3. 72 constexpr uint8_t kChallengeMsgV1[] = { 73 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x02, 0x00, 0x00, 0x00, 74 0x0c, 0x00, 0x0c, 0x00, 0x38, 0x00, 0x00, 0x00, 0x33, 0x82, 0x0a, 0x82, 75 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x00, 0x00, 0x00, 0x00, 76 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 77 0x06, 0x00, 0x70, 0x17, 0x00, 0x00, 0x00, 0x0f, 0x53, 0x00, 0x65, 0x00, 78 0x72, 0x00, 0x76, 0x00, 0x65, 0x00, 0x72, 0x00}; 79 80 // Test input defined in [MS-NLMP] Section 4.2.4.3. 81 constexpr uint8_t kChallengeMsgFromSpecV2[] = { 82 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x02, 0x00, 0x00, 0x00, 83 0x0c, 0x00, 0x0c, 0x00, 0x38, 0x00, 0x00, 0x00, 0x33, 0x82, 0x8a, 0xe2, 84 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0x00, 0x00, 0x00, 0x00, 85 0x00, 0x00, 0x00, 0x00, 0x24, 0x00, 0x24, 0x00, 0x44, 0x00, 0x00, 0x00, 86 0x06, 0x00, 0x70, 0x17, 0x00, 0x00, 0x00, 0x0f, 0x53, 0x00, 0x65, 0x00, 87 0x72, 0x00, 0x76, 0x00, 0x65, 0x00, 0x72, 0x00, 0x02, 0x00, 0x0c, 0x00, 88 0x44, 0x00, 0x6f, 0x00, 0x6d, 0x00, 0x61, 0x00, 0x69, 0x00, 0x6e, 0x00, 89 0x01, 0x00, 0x0c, 0x00, 0x53, 0x00, 0x65, 0x00, 0x72, 0x00, 0x76, 0x00, 90 0x65, 0x00, 0x72, 0x00, 0x00, 0x00, 0x00, 0x00, 91 }; 92 93 // A minimal challenge message for tests. For NTLMv1 this implementation only 94 // reads the smallest required version of the message (32 bytes). Some 95 // servers may still send messages this small. The only relevant flags 96 // that affect behavior are that both NTLMSSP_NEGOTIATE_UNICODE and 97 // NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY are set. 98 // 99 // [0-7] - "NTLMSSP\0" (Signature) 100 // [9-11] - |MessageType::kChallenge| (Message Type = 0x00000002) 101 // [12-19] - |SecBuf(kNegotiateMessageLen, 0)| (Target Name - Not Used) 102 // [20-23] - |kNegotiateMessageFlags| (Flags = 0x00088207) 103 // [24-31] - |kServerChallenge| (Server Challenge) 104 // 105 // See [MS-NLMP] Section 2.2.2.2 for more information about the Challenge 106 // message. 107 constexpr uint8_t kMinChallengeMessage[kChallengeHeaderLen] = { 108 'N', 'T', 'L', 'M', 'S', 'S', 'P', '\0', 0x02, 0x00, 0x00, 109 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x07, 0x82, 110 0x08, 0x00, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef}; 111 112 // The same message as |kMinChallengeMessage| but with the 113 // NTLMSSP_NEGOTIATE_UNICODE flag cleared. 114 constexpr uint8_t kMinChallengeMessageNoUnicode[kChallengeHeaderLen] = { 115 'N', 'T', 'L', 'M', 'S', 'S', 'P', '\0', 0x02, 0x00, 0x00, 116 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x06, 0x82, 117 0x08, 0x00, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef}; 118 119 // The same message as |kMinChallengeMessage| but with the 120 // NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY flag cleared. 121 constexpr uint8_t kMinChallengeMessageNoSS[kChallengeHeaderLen] = { 122 'N', 'T', 'L', 'M', 'S', 'S', 'P', '\0', 0x02, 0x00, 0x00, 123 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x07, 0x82, 124 0x00, 0x00, 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef}; 125 126 // Test result value for NTOWFv1() defined in [MS-NLMP] Section 4.2.2.1.2. 127 constexpr uint8_t kExpectedNtlmHashV1[kNtlmHashLen] = { 128 0xa4, 0xf4, 0x9c, 0x40, 0x65, 0x10, 0xbd, 0xca, 129 0xb6, 0x82, 0x4e, 0xe7, 0xc3, 0x0f, 0xd8, 0x52}; 130 131 // Test result value for NTOWFv2() defined in [MS-NLMP] Section 4.2.4.1.1. 132 constexpr uint8_t kExpectedNtlmHashV2[kNtlmHashLen] = { 133 0x0c, 0x86, 0x8a, 0x40, 0x3b, 0xfd, 0x7a, 0x93, 134 0xa3, 0x00, 0x1e, 0xf2, 0x2e, 0xf0, 0x2e, 0x3f}; 135 136 // Test result value defined in [MS-NLMP] Section 4.2.2.1. 137 constexpr uint8_t kExpectedNtlmResponseV1[kResponseLenV1] = { 138 0x67, 0xc4, 0x30, 0x11, 0xf3, 0x02, 0x98, 0xa2, 0xad, 0x35, 0xec, 0xe6, 139 0x4f, 0x16, 0x33, 0x1c, 0x44, 0xbd, 0xbe, 0xd9, 0x27, 0x84, 0x1f, 0x94}; 140 141 // Test result value defined in [MS-NLMP] Section 4.2.3.2.2. 142 constexpr uint8_t kExpectedNtlmResponseWithV1SS[kResponseLenV1] = { 143 0x75, 0x37, 0xf8, 0x03, 0xae, 0x36, 0x71, 0x28, 0xca, 0x45, 0x82, 0x04, 144 0xbd, 0xe7, 0xca, 0xf8, 0x1e, 0x97, 0xed, 0x26, 0x83, 0x26, 0x72, 0x32}; 145 146 // Test result value defined in [MS-NLMP] Section 4.2.3.2.1. 147 constexpr uint8_t kExpectedLmResponseWithV1SS[kResponseLenV1] = { 148 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0x00, 0x00, 0x00, 0x00, 149 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; 150 151 // Test result value defined in [MS-NLMP] Section 4.2.4.1.3. 152 // 153 // "temp" is defined in Section 3.3.2 and is part of the data to be hashed 154 // to generate the NTLMv2 Proof. It is composed of 3 parts; 155 // 156 // 1) [0-27] A fixed length part in the first 28 (|kProofInputLenV2|) bytes 157 // which in this implementation is generated by |GenerateProofInputV2|. 158 // 159 // 2) [28-63] A variable length part which the spec calls "ServerName" but 160 // defines as the AV Pairs (aka Target Information) from the Authenticate 161 // message. See |kExpectedTargetInfoFromSpecV2| for more information. 162 // 163 // 3) [64-68] 4 zero bytes. 164 // 165 // NOTE: The timestamp (bytes [8-15]) should not actually be 0 here. In order 166 // to use the test data from the spec some lower level tests do generate this 167 // value. The target info sent by the server does not contain a timestamp 168 // AvPair, and section 3.1.5.1.2 states that the client should populate the 169 // timestamp with the servers timestamp if it exists, otherwise with the 170 // client's local time. For end to end tests the alternate value 171 // |kExpectedTempWithClientTimestampV2| below is used for end to end tests. 172 // Having different test data for the server and client time allows testing 173 // the logic more correctly. 174 constexpr uint8_t kExpectedTempFromSpecV2[] = { 175 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 176 0x00, 0x00, 0x00, 0x00, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 177 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x0c, 0x00, 0x44, 0x00, 0x6f, 0x00, 178 0x6d, 0x00, 0x61, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x01, 0x00, 0x0c, 0x00, 179 0x53, 0x00, 0x65, 0x00, 0x72, 0x00, 0x76, 0x00, 0x65, 0x00, 0x72, 0x00, 180 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; 181 182 // This value is the same as |kExpectedTempFromSpecV2| but with the timestamp 183 // field at bytes [8-15] populated with |kClientTimestamp|. 184 constexpr uint8_t kExpectedTempWithClientTimestampV2[] = { 185 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, 0x0b, 0xc8, 0xfd, 186 0x00, 0xd4, 0xd2, 0x01, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 187 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x0c, 0x00, 0x44, 0x00, 0x6f, 0x00, 188 0x6d, 0x00, 0x61, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x01, 0x00, 0x0c, 0x00, 189 0x53, 0x00, 0x65, 0x00, 0x72, 0x00, 0x76, 0x00, 0x65, 0x00, 0x72, 0x00, 190 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; 191 192 // Test result value defined (indirectly) in [MS-NLMP] Section 4.2.4. 193 // 194 // This is part 2 (bytes [28-63]) of |kExpectedTempFromSpecV2|. Additional 195 // notes; 196 // 197 // a) The spec defines the AV Pairs to be in the opposite order to which they 198 // actually appear in the output in Section 4.2.4.1.3. 199 // 200 // b) The implicit presence of a terminating AV Pair is not mentioned. 201 // 202 // c) Section 4.2.4 does not show the byte sequences of the AV Pair Headers. 203 // 204 // NOTE: The real implementation in default settings would not have such a 205 // simple set of AV Pairs since a flags field to indicate the presence of a 206 // MIC, and a channel bindings field would also have been added. 207 constexpr uint8_t kExpectedTargetInfoFromSpecV2[] = { 208 0x02, 0x00, 0x0c, 0x00, 0x44, 0x00, 0x6f, 0x00, 0x6d, 0x00, 0x61, 0x00, 209 0x69, 0x00, 0x6e, 0x00, 0x01, 0x00, 0x0c, 0x00, 0x53, 0x00, 0x65, 0x00, 210 0x72, 0x00, 0x76, 0x00, 0x65, 0x00, 0x72, 0x00, 0x00, 0x00, 0x00, 0x00}; 211 212 // This target info is to test the behavior when a server timestamp is 213 // present. It is the same as |kExpectedTargetInfoFromSpecV2| but with 214 // an additional timestamp AvPair. 215 constexpr uint8_t kExpectedTargetInfoFromSpecPlusServerTimestampV2[] = { 216 0x02, 0x00, 0x0c, 0x00, 0x44, 0x00, 0x6f, 0x00, 0x6d, 0x00, 0x61, 0x00, 217 0x69, 0x00, 0x6e, 0x00, 0x01, 0x00, 0x0c, 0x00, 0x53, 0x00, 0x65, 0x00, 218 0x72, 0x00, 0x76, 0x00, 0x65, 0x00, 0x72, 0x00, 0x07, 0x00, 0x08, 0x00, 219 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; 220 221 // The target info after being updated by the client when the server sends 222 // |kExpectedTargetInfoFromSpecV2| in the challenge message with both EPA and 223 // MIC enabled. 224 // 225 // When MIC and EPA are enabled, 3 additional AvPairs are added. 226 // 1) A flags AVPair with the MIC_PRESENT bit set. 227 // 2) A channel bindings AVPair containing the channel bindings hash. 228 // 3) A target name AVPair containing the SPN of the server. 229 // 230 // AvPair 1 [0-1] |TargetInfoAvId::kDomainName| Av ID = 0x0002 231 // AvPair 1 [2-3] |len(kNtlmDomainRaw)| Av Length = 0x000c 232 // AvPair 1 [4-15] |kNtlmDomainRaw| Av Payload = L"Domain" 233 // 234 // AvPair 2 [16-17] |TargetInfoAvId::kServerName| Av ID = 0x0001 235 // AvPair 2 [18-19] |len(kServerRaw)| Av Length = 0x000c 236 // AvPair 2 [20-31] |kServerRaw| Av Payload = L"Server" 237 // 238 // AvPair 3 [32-33] |TargetInfoAvId::kFlags| Av ID = 0x0006 239 // AvPair 3 [34-35] |sizeof(uint32_t)| Av Length = 0x0004 240 // AvPair 3 [36-39] |TargetInfoAvFlags::kMicPresent| Av Payload = 0x00000002 241 // 242 // AvPair 4 [40-41] |TargetInfoAvId::kChannelBindings| Av ID = 0x000a 243 // AvPair 4 [42-43] |kChannelBindingsHashLen| Av Length = 0x0010 244 // AvPair 4 [44-59] |kExpectedChannelBindingHashV2| Av Payload 245 // 246 // AvPair 5 [60-61] |TargetInfoAvId::kTargetName| Av ID = 0x0009 247 // AvPair 5 [62-63] |len(kNtlmSpnRaw)| Av Length = 0x0016 248 // AvPair 5 [64-85] |kNtlmSpnRaw| Av Payload = 249 // L"HTTP/Server" 250 // 251 // AvPair 6 [86-87] |TargetInfoAvId::kEol| Av ID = 0x0000 252 // AvPair 6 [88-89] Av Length = 0x0000 253 constexpr uint8_t kExpectedTargetInfoSpecResponseV2[] = { 254 0x02, 0x00, 0x0c, 0x00, 'D', 0x00, 'o', 0x00, 'm', 0x00, 'a', 0x00, 255 'i', 0x00, 'n', 0x00, 0x01, 0x00, 0x0c, 0x00, 'S', 0x00, 'e', 0x00, 256 'r', 0x00, 'v', 0x00, 'e', 0x00, 'r', 0x00, 0x06, 0x00, 0x04, 0x00, 257 0x02, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x10, 0x00, 0x65, 0x86, 0xE9, 0x9D, 258 0x81, 0xC2, 0xFC, 0x98, 0x4E, 0x47, 0x17, 0x2F, 0xD4, 0xDD, 0x03, 0x10, 259 0x09, 0x00, 0x16, 0x00, 'H', 0x00, 'T', 0x00, 'T', 0x00, 'P', 0x00, 260 '/', 0x00, 'S', 0x00, 'e', 0x00, 'r', 0x00, 'v', 0x00, 'e', 0x00, 261 'r', 0x00, 0x00, 0x00, 0x00, 0x00}; 262 263 // Test result value defined in [MS-NLMP] Section 4.2.4.2.2. 264 constexpr uint8_t kExpectedProofFromSpecV2[kNtlmProofLenV2] = { 265 0x68, 0xcd, 0x0a, 0xb8, 0x51, 0xe5, 0x1c, 0x96, 266 0xaa, 0xbc, 0x92, 0x7b, 0xeb, 0xef, 0x6a, 0x1c}; 267 268 // The value of the NTLMv2 proof when |kExpectedTargetInfoSpecResponseV2| is 269 // the updated target info in the Authenticate message. 270 constexpr uint8_t kExpectedProofSpecResponseV2[kNtlmProofLenV2] = { 271 0x01, 0x0c, 0x0b, 0xd1, 0x4e, 0xf7, 0xa2, 0x96, 272 0x89, 0xc0, 0xc1, 0x9c, 0xea, 0xe8, 0xb7, 0xdf}; 273 274 // The value of the NTLMv2 proof when |kExpectedTargetInfoSpecResponseV2| is 275 // the updated target info, and |kClientTimestamp| is correctly set in the 276 // Authenticate message. 277 constexpr uint8_t 278 kExpectedProofSpecResponseWithClientTimestampV2[kNtlmProofLenV2] = { 279 0x8c, 0x02, 0x60, 0xdb, 0xef, 0x69, 0x06, 0x62, 280 0xaf, 0x9c, 0x42, 0xd5, 0x07, 0x82, 0xd2, 0xed}; 281 282 // Test result data obtained from [2]. 283 constexpr uint8_t kExpectedChannelBindingHashV2[kChannelBindingsHashLen] = { 284 0x65, 0x86, 0xE9, 0x9D, 0x81, 0xC2, 0xFC, 0x98, 285 0x4E, 0x47, 0x17, 0x2F, 0xD4, 0xDD, 0x03, 0x10}; 286 287 // Test result value defined in [MS-NLMP] Section 4.2.4.1.2. 288 constexpr uint8_t kExpectedSessionBaseKeyFromSpecV2[kSessionKeyLenV2] = { 289 0x8d, 0xe4, 0x0c, 0xca, 0xdb, 0xc1, 0x4a, 0x82, 290 0xf1, 0x5c, 0xb0, 0xad, 0x0d, 0xe9, 0x5c, 0xa3}; 291 292 // The session base key when the proof is 293 // |kExpectedProofSpecResponseWithClientTimestampV2|. 294 constexpr uint8_t 295 kExpectedSessionBaseKeyWithClientTimestampV2[kSessionKeyLenV2] = { 296 0x62, 0x3d, 0xbd, 0x07, 0x1b, 0xe7, 0xa5, 0x30, 297 0xb6, 0xa9, 0x5c, 0x2e, 0xb4, 0x98, 0x24, 0x70}; 298 299 // The Message Integrity Check (MIC) using 300 // |kExpectedSessionBaseKeyWithClientTimestampV2| over the following 3 301 // messages; |kExpectedNegotiateMsg|, |kChallengeMsgFromSpecV2|, and 302 // |kExpectedAuthenticateMsgSpecResponseV2|. 303 // The MIC field in |kExpectedAuthenticateMsgSpecResponseV2| is set to all 304 // zeros while calculating the hash. 305 constexpr uint8_t kExpectedMicV2[kMicLenV2] = { 306 0xf7, 0x36, 0x16, 0x33, 0xf0, 0xad, 0x9b, 0xdf, 307 0x4a, 0x7c, 0x42, 0x1b, 0xc6, 0xb8, 0x24, 0xa3}; 308 309 // Expected negotiate message from this implementation. 310 // [0-7] - "NTLMSSP\0" (Signature) 311 // [9-11] - |MessageType::kNegotiate| (Message Type = 0x00000001) 312 // [12-15] - |kNegotiateMessageFlags| (Flags = 0x00088207) 313 // [16-23] - |SecBuf(kNegotiateMessageLen, 0)| (Domain) 314 // [24-32] - |SecBuf(kNegotiateMessageLen, 0)| (Workstation) 315 // 316 // NOTE: Message does not include Version field. Since 317 // NTLMSSP_NEGOTIATE_VERSION is never sent, it is not required, and the server 318 // won't try to read it. The field is currently omitted for test compatibility 319 // with the existing implementation. When NTLMv2 is implemented this field 320 // will be present for both NTLMv1 and NTLMv2, however it will always be set to 321 // all zeros. The version field is only used for debugging and only defines 322 // a mapping to Windows operating systems. 323 // 324 // Similarly both Domain and Workstation fields are are not strictly required 325 // either (though are included here) since neither 326 // NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED nor 327 // NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED are ever sent. A compliant server 328 // should never read past the 16th byte in this message. 329 // 330 // See [MS-NLMP] Section 2.2.2.5 for more detail on flags and 2.2.2.1 for the 331 // Negotiate message in general. 332 constexpr uint8_t kExpectedNegotiateMsg[kNegotiateMessageLen] = { 333 'N', 'T', 'L', 'M', 'S', 'S', 'P', '\0', 0x01, 0x00, 0x00, 334 0x00, 0x07, 0x82, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 335 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00}; 336 337 // Expected V1 Authenticate message from this implementation when sent 338 // |kChallengeMsgV1| as the challenge. 339 // 340 // [0-7] - "NTLMSSP\0" (Signature) 341 // [9-11] - |MessageType::kAuthenticate| (Message Type = 0x00000003) 342 // [12-19] - |SecBuf(64, kResponseLenV1)| (LM Response) 343 // [20-27] - |SecBuf(88, kResponseLenV1)| (NTLM Response) 344 // [28-35] - |SecBuf(112, 12)| (Target Name = L"Domain") 345 // [36-43] - |SecBuf(124, 8)| (User = L"User") 346 // [44-51] - |SecBuf(132, 16)| (Workstation = L"COMPUTER") 347 // [52-59] - |SecBuf(64, 0)| (Session Key (empty)) 348 // [60-63] - 0x00088203 (Flags) 349 // [64-87] - |EXPECTED_V1_WITH_SS_LM_RESPONSE| (LM Response Payload) 350 // [88-111] - |EXPECTED_V1_WITH_SS_NTLM_RESPONSE| (NTLM Response Payload) 351 // [112-123]- L"Domain" (Target Name Payload) 352 // [124-132]- L"User" (User Payload) 353 // [132-147]- L"COMPUTER" (Workstation Payload) 354 // 355 // NOTE: This is not identical to the message in [MS-NLMP] Section 4.2.2.3 for 356 // several reasons. 357 // 358 // 1) The flags are different because this implementation does not support 359 // the flags related to version, key exchange, signing and sealing. These 360 // flags are not relevant to implementing the NTLM scheme in HTTP. 361 // 2) Since key exchange is not required nor supported, the session base key 362 // payload is not required nor present. 363 // 3) The specification allows payloads to be in any order. This (and the 364 // prior) implementation uses a different payload order than the example. 365 // 4) The version field is Windows specific and there is no provision for 366 // non-Windows OS information. This message does not include a version field. 367 constexpr uint8_t kExpectedAuthenticateMsgSpecResponseV1[] = { 368 'N', 'T', 'L', 'M', 'S', 'S', 'P', '\0', 0x03, 0x00, 0x00, 0x00, 369 0x18, 0x00, 0x18, 0x00, 0x40, 0x00, 0x00, 0x00, 0x18, 0x00, 0x18, 0x00, 370 0x58, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x0c, 0x00, 0x70, 0x00, 0x00, 0x00, 371 0x08, 0x00, 0x08, 0x00, 0x7c, 0x00, 0x00, 0x00, 0x10, 0x00, 0x10, 0x00, 372 0x84, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x40, 0x00, 0x00, 0x00, 373 0x03, 0x82, 0x08, 0x00, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 374 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 375 0x00, 0x00, 0x00, 0x00, 0x75, 0x37, 0xf8, 0x03, 0xae, 0x36, 0x71, 0x28, 376 0xca, 0x45, 0x82, 0x04, 0xbd, 0xe7, 0xca, 0xf8, 0x1e, 0x97, 0xed, 0x26, 377 0x83, 0x26, 0x72, 0x32, 'D', 0x00, 'o', 0x00, 'm', 0x00, 'a', 0x00, 378 'i', 0x00, 'n', 0x00, 'U', 0x00, 's', 0x00, 'e', 0x00, 'r', 0x00, 379 'C', 0x00, 'O', 0x00, 'M', 0x00, 'P', 0x00, 'U', 0x00, 'T', 0x00, 380 'E', 0x00, 'R', 0x00, 381 }; 382 383 // Expected V2 Authenticate message from this implementation when sent 384 // |kChallengeMsgFromSpecV2| as the challenge using default features. 385 // 386 // [0-7] - "NTLMSSP\0" (Signature) 387 // [9-11] - |MessageType::kAuthenticate| (Message Type = 0x00000003) 388 // [12-19] - |SecBuf(88, kResponseLenV1)| (LM Response) 389 // [20-27] - |SecBuf(112, 138)| (NTLM Response) 390 // [28-35] - |SecBuf(250, 12)| (Target Name = L"Domain") 391 // [36-43] - |SecBuf(262, 8)| (User = L"User") 392 // [44-51] - |SecBuf(270, 16)| (Workstation = L"COMPUTER") 393 // [52-59] - |SecBuf(88, 0)| (Session Key (empty)) 394 // [60-63] - 0x00088203 (Flags) 395 // [64-71] - All zero (Version) 396 // [72-87] - |kExpectedMicV2| (MIC) 397 // [88-111] - All zero (LM Response Payload) 398 // [112-249]-------------------------------------- (NTLM Response Payload) 399 // [112-127]-|kExpectedProofSpecResponseWithClientTimestampV2| 400 // (NTLMv2 Proof) 401 // [128-155]-|kExpectedTempWithClientTimestampV2[0-27]| 402 // (Proof Input) 403 // [156-245]-|kExpectedTargetInfoSpecResponseV2| (Updated target info) 404 // [246-249]-0x00000000 (Reserved - zeros) 405 // ----------------------------------------------------------------------- 406 // [250-261]- L"Domain" (Target Name Payload) 407 // [262-269]- L"User" (User Payload) 408 // [270-285]- L"COMPUTER" (Workstation Payload) 409 // 410 // NOTE: This is not identical to the message in [MS-NLMP] Section TODO(X) for 411 // several reasons. 412 // 413 // 1) The flags are different because this implementation does not support 414 // the flags related to version, key exchange, signing and sealing. These 415 // flags are not relevant to implementing the NTLM scheme in HTTP. 416 // 2) Since key exchange is not required nor supported, the session base key 417 // payload is not required nor present. 418 // 3) The specification allows payloads to be in any order. This (and the 419 // prior) implementation uses a different payload order than the example. 420 // 4) The version field is Windows specific and there is no provision for a 421 // non-Windows OS information. This message does not include a version field. 422 // 5) The example in the spec does not use Extended Protection for 423 // Authentication (EPA). This message includes an extra AV Pair containing 424 // the hashed channel bindings. 425 // 6) The example in the spec does not use Message Integrity Check (MIC). 426 // The optional field is not present, nor is the flags AV Pair that indicates 427 // it's presence. 428 // 7) Since the server does not provide a timestamp, the client should 429 // provide one. 430 constexpr uint8_t kExpectedAuthenticateMsgSpecResponseV2[] = { 431 'N', 'T', 'L', 'M', 'S', 'S', 'P', '\0', 0x03, 0x00, 0x00, 0x00, 432 0x18, 0x00, 0x18, 0x00, 0x58, 0x00, 0x00, 0x00, 0x8a, 0x00, 0x8a, 0x00, 433 0x70, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x0c, 0x00, 0xfa, 0x00, 0x00, 0x00, 434 0x08, 0x00, 0x08, 0x00, 0x06, 0x01, 0x00, 0x00, 0x10, 0x00, 0x10, 0x00, 435 0x0e, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x58, 0x00, 0x00, 0x00, 436 0x03, 0x82, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 437 0xf7, 0x36, 0x16, 0x33, 0xf0, 0xad, 0x9b, 0xdf, 0x4a, 0x7c, 0x42, 0x1b, 438 0xc6, 0xb8, 0x24, 0xa3, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 439 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 440 0x00, 0x00, 0x00, 0x00, 0x8c, 0x02, 0x60, 0xdb, 0xef, 0x69, 0x06, 0x62, 441 0xaf, 0x9c, 0x42, 0xd5, 0x07, 0x82, 0xd2, 0xed, 0x01, 0x01, 0x00, 0x00, 442 0x00, 0x00, 0x00, 0x00, 0x80, 0x0b, 0xc8, 0xfd, 0x00, 0xd4, 0xd2, 0x01, 443 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0x00, 0x00, 0x00, 0x00, 444 0x02, 0x00, 0x0c, 0x00, 'D', 0x00, 'o', 0x00, 'm', 0x00, 'a', 0x00, 445 'i', 0x00, 'n', 0x00, 0x01, 0x00, 0x0c, 0x00, 'S', 0x00, 'e', 0x00, 446 'r', 0x00, 'v', 0x00, 'e', 0x00, 'r', 0x00, 0x06, 0x00, 0x04, 0x00, 447 0x02, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x10, 0x00, 0x65, 0x86, 0xE9, 0x9D, 448 0x81, 0xC2, 0xFC, 0x98, 0x4E, 0x47, 0x17, 0x2F, 0xD4, 0xDD, 0x03, 0x10, 449 0x09, 0x00, 0x16, 0x00, 'H', 0x00, 'T', 0x00, 'T', 0x00, 'P', 0x00, 450 '/', 0x00, 'S', 0x00, 'e', 0x00, 'r', 0x00, 'v', 0x00, 'e', 0x00, 451 'r', 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 'D', 0x00, 452 'o', 0x00, 'm', 0x00, 'a', 0x00, 'i', 0x00, 'n', 0x00, 'U', 0x00, 453 's', 0x00, 'e', 0x00, 'r', 0x00, 'C', 0x00, 'O', 0x00, 'M', 0x00, 454 'P', 0x00, 'U', 0x00, 'T', 0x00, 'E', 0x00, 'R', 0x00, 455 }; 456 457 // Expected V2 Authenticate message from this implementation when sent 458 // |kChallengeMsgV1| as the challenge using default features. This scenario 459 // can occur because some older implementations (Windows 2003 and earlier), 460 // do not send NTLMSSP_NEGOTIATE_TARGET_INFO, nor a Target Info payload in 461 // the challenge message. 462 // 463 // [0-7] - "NTLMSSP\0" (Signature) 464 // [9-11] - |MessageType::kAuthenticate| (Message Type = 0x00000003) 465 // [12-19] - |SecBuf(88, kResponseLenV1)| (LM Response) 466 // [20-27] - |SecBuf(112, 106)| (NTLM Response) 467 // [28-35] - |SecBuf(218, 12)| (Target Name = L"Domain") 468 // [36-43] - |SecBuf(230, 8)| (User = L"User") 469 // [44-51] - |SecBuf(238, 16)| (Workstation = L"COMPUTER") 470 // [52-59] - |SecBuf(88, 0)| (Session Key (empty)) 471 // [60-63] - 0x00088203 (Flags) 472 // [64-71] - All zero (Version) 473 // [72-87] - (MIC) 474 // [88-111] - All zero (LM Response Payload) 475 // [112-217]-------------------------------------- (NTLM Response Payload) 476 // [112-127]- (NTLMv2 Proof) 477 // [128-155]-|kExpectedTempWithClientTimestampV2[0-27]| 478 // (Proof Input) 479 // [156-213]-|kExpectedTargetInfoSpecResponseV2[32-89]| 480 // (Updated target info) 481 // [214-217]-0x00000000 (Reserved - zeros) 482 // ----------------------------------------------------------------------- 483 // [218-229]- L"Domain" (Target Name Payload) 484 // [230-237]- L"User" (User Payload) 485 // [238-253]- L"COMPUTER" (Workstation Payload) 486 // 487 // NOTE: This is message is almost the same as 488 // |kExpectedAuthenticateMsgSpecResponseV2| with the following changes. 489 // 1) The target info within the NTLM response is missing the first 32 490 // bytes, which represent the 2 AvPairs that the server does not send in 491 // this case. 492 // 2) The NTLM Response security buffer length is reduced by 32 and therefore 493 // all subsequent security buffer offsets are reduced by 32. 494 // 3) The NTLMv2 Proof is different since the different target info changes 495 // the hash. 496 // 4) As with the NTLMv2 Proof, the MIC is different because the message is 497 // different. 498 constexpr uint8_t kExpectedAuthenticateMsgToOldV1ChallegeV2[] = { 499 'N', 'T', 'L', 'M', 'S', 'S', 'P', '\0', 0x03, 0x00, 0x00, 0x00, 500 0x18, 0x00, 0x18, 0x00, 0x58, 0x00, 0x00, 0x00, 0x6a, 0x00, 0x6a, 0x00, 501 0x70, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x0c, 0x00, 0xda, 0x00, 0x00, 0x00, 502 0x08, 0x00, 0x08, 0x00, 0xe6, 0x00, 0x00, 0x00, 0x10, 0x00, 0x10, 0x00, 503 0xee, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x58, 0x00, 0x00, 0x00, 504 0x03, 0x82, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 505 0x31, 0x37, 0xd6, 0x9e, 0x5c, 0xc8, 0x7d, 0x7a, 0x9f, 0x7c, 0xf4, 0x1a, 506 0x5a, 0x19, 0xdc, 0x25, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 507 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 508 0x00, 0x00, 0x00, 0x00, 0xbe, 0xd9, 0xa9, 0x42, 0x20, 0xc2, 0x25, 0x2b, 509 0x91, 0x6e, 0x9c, 0xe3, 0x9d, 0x97, 0x3a, 0x2d, 0x01, 0x01, 0x00, 0x00, 510 0x00, 0x00, 0x00, 0x00, 0x80, 0x0b, 0xc8, 0xfd, 0x00, 0xd4, 0xd2, 0x01, 511 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0x00, 0x00, 0x00, 0x00, 512 0x06, 0x00, 0x04, 0x00, 0x02, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x10, 0x00, 513 0x65, 0x86, 0xE9, 0x9D, 0x81, 0xC2, 0xFC, 0x98, 0x4E, 0x47, 0x17, 0x2F, 514 0xD4, 0xDD, 0x03, 0x10, 0x09, 0x00, 0x16, 0x00, 'H', 0x00, 'T', 0x00, 515 'T', 0x00, 'P', 0x00, '/', 0x00, 'S', 0x00, 'e', 0x00, 'r', 0x00, 516 'v', 0x00, 'e', 0x00, 'r', 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 517 0x00, 0x00, 'D', 0x00, 'o', 0x00, 'm', 0x00, 'a', 0x00, 'i', 0x00, 518 'n', 0x00, 'U', 0x00, 's', 0x00, 'e', 0x00, 'r', 0x00, 'C', 0x00, 519 'O', 0x00, 'M', 0x00, 'P', 0x00, 'U', 0x00, 'T', 0x00, 'E', 0x00, 520 'R', 0x00, 521 }; 522 523 // Expected V2 Authenticate message from this implementation when sent 524 // |kChallengeMsgFromSpecV2|, no channel bindings exist, and the remote 525 // server is named 'server' (with lowercase 's'). All the test data from the 526 // spec uses 'Server' with an uppercase 'S'. Chrome lower cases the hostname 527 // so this result vector is needed for an end to end test in 528 // |HttpNetworkTransactionUnitTest|. 529 // 530 // The response is the same as |kExpectedAuthenticateMsgSpecResponseV2| with 531 // the following differences. 532 // 533 // [72-87] - The MIC (hash of all messages) is different because the 534 // message is different. 535 // [112-127] - The cryptographic proof is different due to the changed 536 // AvPairs below, which are inputs to the hash. 537 // [225]- The 's' in the SPN AvPair is lowercase. 538 // [200-215] - The channel binding AvPair in the target info is all zero. See 539 // |kExpectedTargetInfoSpecResponseV2| for more information. 540 constexpr uint8_t kExpectedAuthenticateMsgEmptyChannelBindingsV2[] = { 541 'N', 'T', 'L', 'M', 'S', 'S', 'P', '\0', 0x03, 0x00, 0x00, 0x00, 542 0x18, 0x00, 0x18, 0x00, 0x58, 0x00, 0x00, 0x00, 0x8a, 0x00, 0x8a, 0x00, 543 0x70, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x0c, 0x00, 0xfa, 0x00, 0x00, 0x00, 544 0x08, 0x00, 0x08, 0x00, 0x06, 0x01, 0x00, 0x00, 0x10, 0x00, 0x10, 0x00, 545 0x0e, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x58, 0x00, 0x00, 0x00, 546 0x03, 0x82, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 547 0xa7, 0x37, 0x50, 0x69, 0x59, 0xfe, 0xea, 0x74, 0xaa, 0x77, 0xa1, 0xc0, 548 0x5b, 0xe2, 0x39, 0xa2, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 549 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 550 0x00, 0x00, 0x00, 0x00, 0xfe, 0x4d, 0xec, 0x67, 0xcf, 0x4d, 0xbd, 0xf8, 551 0xc7, 0xa7, 0x80, 0x89, 0xb1, 0xc5, 0x46, 0xa7, 0x01, 0x01, 0x00, 0x00, 552 0x00, 0x00, 0x00, 0x00, 0x80, 0x0b, 0xc8, 0xfd, 0x00, 0xd4, 0xd2, 0x01, 553 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0x00, 0x00, 0x00, 0x00, 554 0x02, 0x00, 0x0c, 0x00, 'D', 0x00, 'o', 0x00, 'm', 0x00, 'a', 0x00, 555 'i', 0x00, 'n', 0x00, 0x01, 0x00, 0x0c, 0x00, 'S', 0x00, 'e', 0x00, 556 'r', 0x00, 'v', 0x00, 'e', 0x00, 'r', 0x00, 0x06, 0x00, 0x04, 0x00, 557 0x02, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 558 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 559 0x09, 0x00, 0x16, 0x00, 'H', 0x00, 'T', 0x00, 'T', 0x00, 'P', 0x00, 560 '/', 0x00, 's', 0x00, 'e', 0x00, 'r', 0x00, 'v', 0x00, 'e', 0x00, 561 'r', 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 'D', 0x00, 562 'o', 0x00, 'm', 0x00, 'a', 0x00, 'i', 0x00, 'n', 0x00, 'U', 0x00, 563 's', 0x00, 'e', 0x00, 'r', 0x00, 'C', 0x00, 'O', 0x00, 'M', 0x00, 564 'P', 0x00, 'U', 0x00, 'T', 0x00, 'E', 0x00, 'R', 0x00, 565 }; 566 567 } // namespace net::ntlm::test 568 569 #endif // NET_NTLM_NTLM_TEST_DATA_H_ 570