code review request: 7077640: gss wrap for cfx doesn't handle rrc != 0

[Valerie (Yu-Ching) Peng]

Changes look good to me.
Thanks,
Valerie

On 09/19/11 22:12, Weijun Wang wrote:
> Code changes
>
>    http://cr.openjdk.java.net/~weijun/7077640/webrev.00
>
> The original handling of rrc != 0 is not correct. We did rotate the 
> bytes but have not reset the RRC field in the GSS message header 
> before calculating the checksum. According to RFC 4121 [1]:
>
> 4.2.4.  Encryption and Checksum Operations
>
> ....
>
>    In Wrap tokens that do not provide for confidentiality, the checksum
>    SHALL be calculated first over the to-be-signed plaintext data, and
>    then over the first 16 octets of the Wrap token (the "header", as
>    defined in section 4.2.6).  Both the EC field and the RRC field in
>                                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>    the token header SHALL be filled with zeroes for the purpose of
>    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>    calculating the checksum...
>    ^^^^^^^^^^^^^^^^^^^^^^^^
>
> In the test, the Context.transmit() method is split into 4 basic 
> methods so that we have a chance to call wrap without confidentiality.
>
> Thanks
> Max
>
> [1] http://tools.ietf.org/html/rfc4121#section-4.2.4
>
>
> On 08/12/2011 09:41 AM, weijun.wang at oracle.com wrote:
>> *Change Request ID*: 7077640
>>
>> *Synopsis*: gss wrap for cfx doesn't handle rrc != 0
>>
>>    Product: java
>>    Category: jgss
>>    Subcategory: krb5plugin
>>
>> === *Description* 
>> ============================================================
>> FULL PRODUCT VERSION :
>> java version "1.6.0_26"
>>
>> A DESCRIPTION OF THE PROBLEM :
>> gss wrap for cfx doesn't handle rrc != 0
>>
>> Heimdal and mac os x always use an RRC != 0
>>
>>
>>
>> STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
>> git clone git at github.com:heimdal/heimdal.git
>> cd heimdal
>> sh autogen.sh
>> ./configure
>> make
>> cd tests/java
>> make check
>>
>>
>>
>> REPRODUCIBILITY :
>> This bug can be reproduced always.