[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

GSS Unwrap errors / Decryption failures.

From: SaNtosh kuLkarni
Subject: GSS Unwrap errors / Decryption failures.
Date: Wed, 19 Jun 2013 13:09:52 +0530


I am currently working on fixing an issue  for a GSS kernel module which is based and similar to SUNRPC/NFS implementation.

The issue is during gss_unwrap.After the client sends out a wrapped rpc message what i see is a failure on unwrap call .The failure  basically due to mismatch between the decrypted plain krb header and the outer krb header.
After further inspection what i see that there is  decryption(incorrect)  happening on the server side with a wrong key. (i compared the plain text from the client side with the plain text obtained after decryption on the server side and they are not similar).

Now my doubt is there might be a security context mismatch between the client and server.And i am not able to confirm that.

struct krb5_ctx *kctx = gctx->internal_ctx_id; 

where is gctx is of type  struct gss_ctx *gctx

> What structure members should i look into to confirm if wrong keys are being used on client and server.
> Are the crypto keys initialized from the gctx ?

I would be grateful if anyone could help me out in the analysis.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]