Get signature size from gss_wrap

Benjamin Kaduk kaduk at MIT.EDU
Sat Jan 16 12:19:22 EST 2016

On Fri, 15 Jan 2016, Николай Кинаш wrote:

> Hello.
> I have two questions.
> 1. Is there any way to get a size of the signature from gss_wrap output
> buffer?

I'm not entirely sure what you're asking for.  Wrap tokens generally are
using symmetric-keyed MICs for message authenticity, not asymmetric crypto

In any case, are you asking how to determine just the length of the
integrity-protection portion of the wrap token?  This is something below
the GSS-API layer (which deals only in whole tokens), and so will be
determined by the specification for the individual mechanism in use.

> 2. I'm using aes256-cts-hmac-sha1-96 scheme. The first 16 bytes of output
> buffer from gss_wrap is a header as specified in
> and right after the header there is a
> signature, right?

The on-the-wire layout again is now enctype-specific, depending on the RFC
3961 encryption profile in use.  That enctype is specified in RFC 3962,
but uses the "simplified profile" specified in RFC 3961.  That simplified
profile puts the ciphertext first and then the MIC (see page 15).

In the gss_wrap context, the wire layout can also be influenced by whether
"DCE-style" tokens are used, which "rotate" the bits as in a circular
buffer before putting on the wire.  But you probably would know if that
was the case you're looking at.


More information about the krbdev mailing list