1 // Copyright 2017 The Chromium Authors 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef NET_NTLM_NTLM_CONSTANTS_H_ 6 #define NET_NTLM_NTLM_CONSTANTS_H_ 7 8 #include <stddef.h> 9 #include <stdint.h> 10 11 #include <vector> 12 13 #include "net/base/net_export.h" 14 15 namespace net::ntlm { 16 17 // A security buffer is a structure within an NTLM message that indicates 18 // the offset from the beginning of the message and the length of a payload 19 // that occurs later in the message. Within the raw message there is also 20 // an additional field, however the field is always written with the same 21 // value as length, and readers must always ignore it. 22 struct SecurityBuffer { SecurityBufferSecurityBuffer23 SecurityBuffer(uint32_t offset, uint16_t length) 24 : offset(offset), length(length) {} SecurityBufferSecurityBuffer25 SecurityBuffer() : SecurityBuffer(0, 0) {} 26 27 uint32_t offset; 28 uint16_t length; 29 }; 30 31 struct NtlmFeatures { NtlmFeaturesNtlmFeatures32 explicit NtlmFeatures(bool enable_NTLMv2) : enable_NTLMv2(enable_NTLMv2) {} 33 34 // Whether the use NTLMv2. 35 bool enable_NTLMv2 = true; 36 37 // Enables Message Integrity Check (MIC). This flag is ignored if 38 // enable_NTLMv2 is false. 39 bool enable_MIC = true; 40 41 // Enables Extended Protection for Authentication (EPA). This flag is 42 // ignored if enable_NTLMv2 is false. 43 bool enable_EPA = true; 44 }; 45 46 // There are 3 types of messages in NTLM. The message type is a field in 47 // every NTLM message header. See [MS-NLMP] Section 2.2. 48 enum class MessageType : uint32_t { 49 kNegotiate = 0x01, 50 kChallenge = 0x02, 51 kAuthenticate = 0x03, 52 }; 53 54 // Defined in [MS-NLMP] Section 2.2.2.5 55 // Only the used subset is defined. 56 enum class NegotiateFlags : uint32_t { 57 kNone = 0, 58 kUnicode = 0x01, 59 kOem = 0x02, 60 kRequestTarget = 0x04, 61 kNtlm = 0x200, 62 kAlwaysSign = 0x8000, 63 kExtendedSessionSecurity = 0x80000, 64 kTargetInfo = 0x800000, 65 }; 66 67 constexpr NegotiateFlags operator|(NegotiateFlags lhs, NegotiateFlags rhs) { 68 using TFlagsInt = std::underlying_type<NegotiateFlags>::type; 69 70 return static_cast<NegotiateFlags>(static_cast<TFlagsInt>(lhs) | 71 static_cast<TFlagsInt>(rhs)); 72 } 73 74 constexpr NegotiateFlags operator&(NegotiateFlags lhs, NegotiateFlags rhs) { 75 using TFlagsInt = std::underlying_type<NegotiateFlags>::type; 76 77 return static_cast<NegotiateFlags>(static_cast<TFlagsInt>(lhs) & 78 static_cast<TFlagsInt>(rhs)); 79 } 80 81 // Identifies the payload type in an AV Pair. See [MS-NLMP] 2.2.2.1 82 enum class TargetInfoAvId : uint16_t { 83 kEol = 0x0000, 84 kServerName = 0x00001, 85 kDomainName = 0x00002, 86 kFlags = 0x0006, 87 kTimestamp = 0x0007, 88 kTargetName = 0x0009, 89 kChannelBindings = 0x000A, 90 }; 91 92 // Flags used in an TargetInfoAvId::kFlags AV Pair. See [MS-NLMP] 2.2.2.1 93 enum class TargetInfoAvFlags : uint32_t { 94 kNone = 0, 95 kMicPresent = 0x00000002, 96 }; 97 98 using TAvFlagsInt = std::underlying_type<TargetInfoAvFlags>::type; 99 100 constexpr TargetInfoAvFlags operator|(TargetInfoAvFlags lhs, 101 TargetInfoAvFlags rhs) { 102 return static_cast<TargetInfoAvFlags>(static_cast<TAvFlagsInt>(lhs) | 103 static_cast<TAvFlagsInt>(rhs)); 104 } 105 106 constexpr TargetInfoAvFlags operator&(TargetInfoAvFlags lhs, 107 TargetInfoAvFlags rhs) { 108 return static_cast<TargetInfoAvFlags>(static_cast<TAvFlagsInt>(lhs) & 109 static_cast<TAvFlagsInt>(rhs)); 110 } 111 112 // An AV Pair is a structure that appears inside the target info field. It 113 // consists of an |avid| to identify the data type and an |avlen| specifying 114 // the size of the payload. Following that is |avlen| bytes of inline payload. 115 // AV Pairs are concatenated together and a special terminator with |avid| 116 // equal to |kEol| and |avlen| equal to zero signals that no further pairs 117 // follow. See [MS-NLMP] 2.2.2.1 118 // 119 // AV Pairs from the Challenge message are read from the challenge message 120 // and a potentially modified version is written into the authenticate 121 // message. In some cases the existing AV Pair is modified, eg. flags. In 122 // some cases new AV Pairs are add, eg. channel bindings and spn. 123 // 124 // For simplicity of processing two special fields |flags|, and |timestamp| 125 // are populated during the initial parsing phase for AVIDs |kFlags| and 126 // |kTimestamp| respectively. This avoids subsequent code having to 127 // manipulate the payload value through the buffer directly. For all 128 // other AvPairs the value of these 2 fields is undefined and the payload 129 // is in the |buffer| field. For these fields the payload is copied verbatim 130 // and it's content is not read or validated in any way. 131 struct NET_EXPORT_PRIVATE AvPair { 132 AvPair(); 133 AvPair(TargetInfoAvId avid, uint16_t avlen); 134 AvPair(TargetInfoAvId avid, std::vector<uint8_t> buffer); 135 AvPair(const AvPair& other); 136 AvPair(AvPair&& other); 137 ~AvPair(); 138 139 AvPair& operator=(const AvPair& other); 140 AvPair& operator=(AvPair&& other); 141 142 std::vector<uint8_t> buffer; 143 uint64_t timestamp; 144 TargetInfoAvFlags flags; 145 TargetInfoAvId avid; 146 uint16_t avlen; 147 }; 148 149 static constexpr uint8_t kSignature[] = "NTLMSSP"; 150 static constexpr size_t kSignatureLen = std::size(kSignature); 151 static constexpr uint16_t kProofInputVersionV2 = 0x0101; 152 static constexpr size_t kSecurityBufferLen = 153 (2 * sizeof(uint16_t)) + sizeof(uint32_t); 154 static constexpr size_t kNegotiateMessageLen = 32; 155 static constexpr size_t kMinChallengeHeaderLen = 32; 156 static constexpr size_t kChallengeHeaderLen = 48; 157 static constexpr size_t kResponseLenV1 = 24; 158 static constexpr size_t kChallengeLen = 8; 159 static constexpr size_t kVersionFieldLen = 8; 160 static constexpr size_t kNtlmHashLen = 16; 161 static constexpr size_t kNtlmProofLenV2 = kNtlmHashLen; 162 static constexpr size_t kSessionKeyLenV2 = kNtlmHashLen; 163 static constexpr size_t kMicLenV2 = kNtlmHashLen; 164 static constexpr size_t kChannelBindingsHashLen = kNtlmHashLen; 165 static constexpr size_t kEpaUnhashedStructHeaderLen = 20; 166 static constexpr size_t kProofInputLenV2 = 28; 167 static constexpr size_t kAvPairHeaderLen = 2 * sizeof(uint16_t); 168 static constexpr size_t kNtlmResponseHeaderLenV2 = 169 kNtlmProofLenV2 + kProofInputLenV2; 170 static constexpr size_t kAuthenticateHeaderLenV1 = 64; 171 static constexpr size_t kMicOffsetV2 = 72; 172 static constexpr size_t kAuthenticateHeaderLenV2 = 88; 173 174 static constexpr size_t kMaxFqdnLen = 255; 175 static constexpr size_t kMaxUsernameLen = 104; 176 static constexpr size_t kMaxPasswordLen = 256; 177 178 static constexpr NegotiateFlags kNegotiateMessageFlags = 179 NegotiateFlags::kUnicode | NegotiateFlags::kOem | 180 NegotiateFlags::kRequestTarget | NegotiateFlags::kNtlm | 181 NegotiateFlags::kAlwaysSign | NegotiateFlags::kExtendedSessionSecurity; 182 183 } // namespace net::ntlm 184 185 #endif // NET_NTLM_NTLM_CONSTANTS_H_ 186