gss_verify_mic(3) [hpux man page]

gss_verify_mic(3)					     Library Functions Manual						 gss_verify_mic(3)

NAME

       gss_verify_mic() - check a cryptographic message integrity code (MIC) against a message to verify its integrity

SYNOPSIS


DESCRIPTION

       The routine verifies that a cryptographic MIC, contained in the token_buffer parameter, fits the supplied message.  The application receiv-
       ing the message can use the qop_state parameter to check the strength of protection.

   Input Parameters
       context_handle	     Specifies the context on which the message arrived.

       message_buffer	     Specifies the message to be verified.

       token_buffer	     Specifies the token to be associated with the message.

   Output Parameters
       qop_state	     Returns the quality of protection gained from message integrity code (MIC).  Specify NULL if not required.

       minor_status	     Returns a status code from the security mechanism.

STATUS CODES

       The following status codes can be returned:

       The routine was completed successfully.

       The token failed consistency checks.

       The MIC was incorrect.

       The token was valid, and contained a correct
				MIC for the message, but it had already been processed.

       The token was valid, and contained a correct
				MIC for the message, but it is too old.

       The token was valid, and contained a correct MIC
				for the message, but has been verified out of sequence.  A later token has already been received.

       The token was valid, and contained a correct MIC
				for the message, but has been verified out of sequence.  An earlier expected token has not yet been received.

       The context has already expired.

       The routine failed.  Check the
				minor_status parameter for details.

       The context identified in the
				context_handle parameter was not valid.

AUTHOR

       was developed by Sun Microsystems, Inc.

SEE ALSO

       gss_get_mic(3), gss_wrap(3).

       The manpages for DCE-GSSAPI are included with the DCE-CoreTools product.  To see those manpages add to

																 gss_verify_mic(3)

gss_unwrap(3GSS)				  Generic Security Services API Library Functions				  gss_unwrap(3GSS)

NAME

       gss_unwrap - verify a message with attached cryptographic message

SYNOPSIS

       cc [ flag... ] file... -lgss  [ library... ]
       #include <gssapi/gssapi.h>

       OM_uint32 gss_unwrap(OM_uint32 *minor_status,
	    const gss_ctx_id_t context_handle,
	    const gss_buffer_t input_message_buffer,
	    gss_buffer_t output_message_buffer, int *conf_state,
	    gss_qop_t *qop_state);

DESCRIPTION

       The  gss_unwrap() function converts a message previously protected by gss_wrap(3GSS) back to a usable form, verifying the embedded MIC. The
       conf_state parameter indicates whether the message was encrypted; the qop_state parameter indicates the strength  of  protection  that  was
       used to provide the confidentiality and integrity services.

       Since some application-level protocols may wish to use tokens emitted by gss_wrap(3GSS) to provide secure framing, the GSS-API supports the
       wrapping and unwrapping of zero-length messages.

PARAMETERS

       The parameter descriptions for gss_unwrap() follow:

       minor_status		The status code returned by the underlying mechanism.

       context_handle		Identifies the context on which the message arrived.

       input_message_buffer	The message to be protected.

       output_message_buffer	The buffer to receive the unwrapped message. Storage associated with this buffer must be freed by the  application
				after use with a call to gss_release_buffer(3GSS).

       conf_state		If  the  value of conf_state is non-zero, then confidentiality and integrity protection were used. If the value is
				zero, only integrity service was used. Specify NULL if this parameter is not required.

       qop_state		Specifies the quality of protection provided. Specify NULL if this parameter is not required.

ERRORS

       gss_unwrap() may return the following status codes:

       GSS_S_COMPLETE		Successful completion.

       GSS_S_DEFECTIVE_TOKEN	The token failed consistency checks.

       GSS_S_BAD_SIG		The MIC was incorrect.

       GSS_S_DUPLICATE_TOKEN	The token was valid, and contained a correct MIC for the message, but it had already been processed.

       GSS_S_OLD_TOKEN		The token was valid, and contained a correct MIC for the message, but it is too old to check for duplication.

       GSS_S_UNSEQ_TOKEN	The token was valid, and contained a correct MIC for the message, but has been verified out of sequence;  a  later
				token has already been received.

       GSS_S_GAP_TOKEN		The  token  was valid, and contained a correct MIC for the message, but has been verified out of sequence; an ear-
				lier expected token has not yet been received.

       GSS_S_CONTEXT_EXPIRED	The context has already expired.

       GSS_S_NO_CONTEXT 	The context_handle parameter did not identify a valid context.

       GSS_S_FAILURE		The underlying mechanism detected an error for which no specific GSS status code is defined.   The  mechanism-spe-
				cific status code reported by means of the minor_status parameter details the error condition.

ATTRIBUTES

       See attributes(5)  for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWgss (32-bit)		   |
       +-----------------------------+-----------------------------+
       |			     |SUNWgssx (64-bit) 	   |
       +-----------------------------+-----------------------------+
       |MT-Level		     |Safe			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       gss_release_buffer(3GSS), gss_wrap(3GSS), attributes(5)

       Solaris Security for Developers Guide

SunOS 5.11							    15 Jan 2003 						  gss_unwrap(3GSS)