test(mssql): add unit tests for NTLMv2 handshake logic

Author: vkuttyp

Directory.Build.props

@@ -7,6 +7,6 @@
     <Authors>vkuttyp</Authors>
     <PackageLicenseExpression>MIT</PackageLicenseExpression>
     <RepositoryUrl>https://github.com/vkuttyp/CosmoSQLClient-Dotnet</RepositoryUrl>
-    <Version>1.6.0</Version>
+    <Version>1.6.1</Version>
   </PropertyGroup>
 </Project>

src/CosmoSQLClient.MsSql/Auth/NtlmAuth.cs

@@ -7,7 +7,7 @@ namespace CosmoSQLClient.MsSql.Auth;
 /// Implements the NTLMv2 authentication protocol used by Windows domain auth.
 /// Ported from CosmoSQLClient-Swift.
 /// </summary>
-internal static class NtlmAuth
+public static class NtlmAuth
 {
     private static readonly byte[] NtlmSignature = { 0x4E, 0x54, 0x4C, 0x4D, 0x53, 0x53, 0x50, 0x00 };
     private const uint NegotiateFlags = 0x62088235;
@@ -175,7 +175,7 @@ private static byte[] ComputeHmacMd5(byte[] key, byte[] data)
     }
 }
 
-internal static class MD4
+public static class MD4
 {
     public static byte[] Hash(byte[] input)
     {

tests/CosmoSQLClient.MsSql.Tests/NtlmAuthTests.cs

@@ -0,0 +1,62 @@
+using System.Text;
+using CosmoSQLClient.MsSql.Auth;
+using Xunit;
+
+namespace CosmoSQLClient.MsSql.Tests;
+
+public class NtlmAuthTests
+{
+    [Fact]
+    public void TestMD4_EmptyString()
+    {
+        var result = MD4.Hash(Array.Empty<byte>());
+        Assert.Equal("31d6cfe0d16ae931b73c59d7e0c089c0", ToHex(result));
+    }
+
+    [Fact]
+    public void TestMD4_Message()
+    {
+        var result = MD4.Hash(Encoding.ASCII.GetBytes("a"));
+        Assert.Equal("bde52cb31de33e46245e05fbdbd6fb24", ToHex(result));
+    }
+
+    [Fact]
+    public void TestMD4_LongString()
+    {
+        var input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
+        var result = MD4.Hash(Encoding.ASCII.GetBytes(input));
+        Assert.Equal("043f8582f241db351ce627e153e7f0e4", ToHex(result));
+    }
+
+    [Fact]
+    public void TestNtlmExchange_Structure()
+    {
+        // 1. Test Negotiate
+        var negotiate = NtlmAuth.BuildNegotiate();
+        Assert.StartsWith("NTLMSSP", Encoding.ASCII.GetString(negotiate));
+        Assert.Equal(1u, BitConverter.ToUInt32(negotiate, 8)); // Type 1
+
+        // 2. Test Challenge Parsing (using a synthetic challenge)
+        var challengeBytes = new byte[64];
+        Encoding.ASCII.GetBytes("NTLMSSP\0").CopyTo(challengeBytes, 0);
+        BitConverter.GetBytes(2u).CopyTo(challengeBytes, 8); // Type 2
+        var serverChallenge = new byte[] { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 };
+        serverChallenge.CopyTo(challengeBytes, 24);
+        BitConverter.GetBytes(56).CopyTo(challengeBytes, 44); // TargetInfo Offset
+
+        var parsed = NtlmAuth.ParseChallenge(challengeBytes);
+        Assert.Equal(serverChallenge, parsed.ServerChallenge);
+
+        // 3. Test Authenticate (Type 3)
+        var auth = NtlmAuth.BuildAuthenticate(challengeBytes, "User", "Password", "Domain", "WORKSTATION");
+        Assert.StartsWith("NTLMSSP", Encoding.ASCII.GetString(auth));
+        Assert.Equal(3u, BitConverter.ToUInt32(auth, 8)); // Type 3
+    }
+
+    private static string ToHex(byte[] bytes)
+    {
+        var sb = new StringBuilder();
+        foreach (var b in bytes) sb.Append(b.ToString("x2"));
+        return sb.ToString();
+    }
+}