Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

gss_wrap(3gss) [opensolaris man page]

gss_wrap(3GSS)					  Generic Security Services API Library Functions				    gss_wrap(3GSS)

NAME

       gss_wrap - attach a cryptographic message

SYNOPSIS

       cc [ flag... ] file... -lgss  [ library... ]
       #include <gssapi/gssapi.h>

       OM_uint32 gss_wrap(OM_uint32 *minor_status,
	    const gss_ctx_id_t context_handle, int conf_req_flag,
	    gss_qop_t qop_req, const gss_buffer_t input_message_buffer,
	    int *conf_state, gss_buffer_t output_message_buffer);

DESCRIPTION

       The  gss_wrap() function attaches a cryptographic MIC and optionally encrypts the specified input_message. The output_message contains both
       the MIC and the message. The qop_req parameter allows a choice between several cryptographic algorithms, if supported by the chosen  mecha-
       nism.

       Since  some  application-level  protocols  may wish to use tokens emitted by gss_wrap() to provide secure framing, the GSS-API supports the
       wrapping of zero-length messages.

PARAMETERS

       The parameter descriptions for gss_wrap() follow:

       minor_status		The status code returned by the underlying mechanism.

       context_handle		Identifies the context on which the message will be sent.

       conf_req_flag		If the value of conf_req_flag is non-zero, both confidentiality and integrity services are requested. If the value
				is zero, then only integrity service is requested.

       qop_req			Specifies  the required quality of protection. A mechanism-specific default may be requested by setting qop_req to
				GSS_C_QOP_DEFAULT. If an unsupported protection strength is requested, gss_wrap() will return  a  major_status	of
				GSS_S_BAD_QOP.

       input_message_buffer	The message to be protected.

       conf_state		If  the  value of conf_state is non-zero, confidentiality, data origin authentication, and integrity services have
				been applied. If the value is zero, then integrity services have been applied. Specify NULL if this  parameter	is
				not required.

       output_message_buffer	The buffer to receive the protected message. Storage associated with this message must be freed by the application
				after use with a call to gss_release_buffer(3GSS).

ERRORS

       gss_wrap() may return the following status codes:

       GSS_S_COMPLETE		Successful completion.

       GSS_S_CONTEXT_EXPIRED	The context has already expired.

       GSS_S_NO_CONTEXT 	The context_handle parameter did not identify a valid context.

       GSS_S_BAD_QOP		The specified QOP is not supported by the mechanism.

       GSS_S_FAILURE		The underlying mechanism detected an error for which no specific GSS status code is defined.   The  mechanism-spe-
				cific status code reported by means of the minor_status parameter details the error condition.

ATTRIBUTES

       See attributes(5)  for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWgss (32-bit)		   |
       +-----------------------------+-----------------------------+
       |			     |SUNWgssx (64-bit) 	   |
       +-----------------------------+-----------------------------+
       |MT-Level		     |Safe			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       gss_release_buffer(3GSS), attributes(5)

       Solaris Security for Developers Guide

SunOS 5.11							    15 Jan 2003 						    gss_wrap(3GSS)

Check Out this Related Man Page

gss_unwrap(3GSS)				  Generic Security Services API Library Functions				  gss_unwrap(3GSS)

NAME

       gss_unwrap - verify a message with attached cryptographic message

SYNOPSIS

       cc [ flag... ] file... -lgss  [ library... ]
       #include <gssapi/gssapi.h>

       OM_uint32 gss_unwrap(OM_uint32 *minor_status,
	    const gss_ctx_id_t context_handle,
	    const gss_buffer_t input_message_buffer,
	    gss_buffer_t output_message_buffer, int *conf_state,
	    gss_qop_t *qop_state);

DESCRIPTION

       The  gss_unwrap() function converts a message previously protected by gss_wrap(3GSS) back to a usable form, verifying the embedded MIC. The
       conf_state parameter indicates whether the message was encrypted; the qop_state parameter indicates the strength  of  protection  that  was
       used to provide the confidentiality and integrity services.

       Since some application-level protocols may wish to use tokens emitted by gss_wrap(3GSS) to provide secure framing, the GSS-API supports the
       wrapping and unwrapping of zero-length messages.

PARAMETERS

       The parameter descriptions for gss_unwrap() follow:

       minor_status		The status code returned by the underlying mechanism.

       context_handle		Identifies the context on which the message arrived.

       input_message_buffer	The message to be protected.

       output_message_buffer	The buffer to receive the unwrapped message. Storage associated with this buffer must be freed by the  application
				after use with a call to gss_release_buffer(3GSS).

       conf_state		If  the  value of conf_state is non-zero, then confidentiality and integrity protection were used. If the value is
				zero, only integrity service was used. Specify NULL if this parameter is not required.

       qop_state		Specifies the quality of protection provided. Specify NULL if this parameter is not required.

ERRORS

       gss_unwrap() may return the following status codes:

       GSS_S_COMPLETE		Successful completion.

       GSS_S_DEFECTIVE_TOKEN	The token failed consistency checks.

       GSS_S_BAD_SIG		The MIC was incorrect.

       GSS_S_DUPLICATE_TOKEN	The token was valid, and contained a correct MIC for the message, but it had already been processed.

       GSS_S_OLD_TOKEN		The token was valid, and contained a correct MIC for the message, but it is too old to check for duplication.

       GSS_S_UNSEQ_TOKEN	The token was valid, and contained a correct MIC for the message, but has been verified out of sequence;  a  later
				token has already been received.

       GSS_S_GAP_TOKEN		The  token  was valid, and contained a correct MIC for the message, but has been verified out of sequence; an ear-
				lier expected token has not yet been received.

       GSS_S_CONTEXT_EXPIRED	The context has already expired.

       GSS_S_NO_CONTEXT 	The context_handle parameter did not identify a valid context.

       GSS_S_FAILURE		The underlying mechanism detected an error for which no specific GSS status code is defined.   The  mechanism-spe-
				cific status code reported by means of the minor_status parameter details the error condition.

ATTRIBUTES

       See attributes(5)  for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWgss (32-bit)		   |
       +-----------------------------+-----------------------------+
       |			     |SUNWgssx (64-bit) 	   |
       +-----------------------------+-----------------------------+
       |MT-Level		     |Safe			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       gss_release_buffer(3GSS), gss_wrap(3GSS), attributes(5)

       Solaris Security for Developers Guide

SunOS 5.11							    15 Jan 2003 						  gss_unwrap(3GSS)
Man Page