I'm using GSSAPI gss_wrap() on OSX (which used heimdal implementation) for providing both integrity and confidentiality to a message. The wrapped message is sent to a windows server over socket and is processed (decryption/sign verification, etc). The context is negotiated with the server with both integrity and confidentiality flags set and using NTLM credentials. The issue is, the windows server is not able to understand the message and hence failing in processing it. After carefully looking into the message sent from OSX, found that the message format does not quite match with what is sent from a Linux client (where we are using MIT kerberos library), which, the same windows server able to process successfully. The major difference being, the version information (0x01000000) is present at the very start of the wrapped message in Linux case, whereas it somewhere within the wrapped message (at byte position 16) in OSX case.
Any suggestions on how to correctly use gss_wrap() and gss_unwrap()? Or are there any other API that needs to be looked into to achieve the same functionality. Any pointers will be appreciated.