RFC 4121 (Kerberos 5 V2 - GSSAPI) - RRC

Srinivas Cheruku srinivas.cheruku at gmail.com
Thu May 6 06:37:03 EDT 2010


Hi,

 

According to RFC 4121 on RRC Field:

 

Excluding the first

   16 octets of the token header, the resulting Wrap token in the

   previous section is rotated to the right by "RRC" octets.  The net

 

 

The Wrap token should be rotated to the right by count specified in RRC
field, where as looks like MIT Kerberos (1.8.1) is rotating to left (when
gss_unwrap() is called). Is this right?

 

Code shown from krb5-1.8.1/src/lib/gssapi/krb5/k5sealv3.c, function
gss_krb5int_unseal_token_v3().

 

    if (toktype == KG_TOK_WRAP_MSG) {

        if (load_16_be(ptr) != KG2_TOK_WRAP_MSG)

            goto defective;

        if (ptr[3] != 0xff)

            goto defective;

        ec = load_16_be(ptr+4);

        rrc = load_16_be(ptr+6);

        seqnum = load_64_be(ptr+8);

        if (!gss_krb5int_rotate_left(ptr+16, bodysize-16, rrc)) {

        no_mem:

            *minor_status = ENOMEM;

            return GSS_S_FAILURE;

        }


Thanks,
Srini




More information about the Kerberos mailing list