Hi,
I am currently working on fixing an issue for a GSS kernel module which is based and similar to SUNRPC/NFS implementation.
The issue is during gss_unwrap.After the client sends out a wrapped rpc message what i see is a failure on unwrap call .The failure basically due to mismatch between the decrypted plain krb header and the outer krb header.
After further inspection what i see that there is decryption(incorrect) happening on the server side with a wrong key. (i compared the plain text from the client side with the plain text obtained after decryption on the server side and they are not similar).
Now my doubt is there might be a security context mismatch between the client and server.And i am not able to confirm that.
struct krb5_ctx *kctx = gctx->internal_ctx_id;
where is gctx is of type struct gss_ctx *gctx
> What structure members should i look into to confirm if wrong keys are being used on client and server.
> Are the crypto keys initialized from the gctx ?
I would be grateful if anyone could help me out in the analysis.