Questions on gss_verify_mic_iov

Greg Hudson ghudson at
Wed Sep 16 01:17:26 EDT 2015

On 09/16/2015 12:29 AM, Natalie Li wrote:
> EType: aes256-cts-hmac-sha1-96 (18) as shown in frame 25. See (1) of the
> attached doc.
> Size of the MIC token is 32 bytes as shown in frame 37. See (2) of the
> attache doc.

The AES enctypes use a checksum length of 12 bytes.  There are an
additional 16 bytes of GSSAPI token header, for an expected total of 28
bytes.  In checksum_iov_v3() we check for an exact match against this
expected length, so the 32-byte token yields an error.

Looking at the packet capture, the MIC token ends with twelve non-zero
checksum bytes followed by four zero bytes, which I assume are padding.
 This padding appears to conform to [MS-RPCE]; I don't know if
there is any way to find out the true length of the token without the
padding.  (Removing zero bytes is of course not safe; nothing prevents
the last byte of the checksum from being zero.)

More information about the krbdev mailing list