HP Open Source Security for OpenVMS Volume 3: Kerberos > Chapter 5 GSSAPI (Generic Security Services Application Programming Interface)

gss_unwrap — Verify a message with attached MIC and decrypt message content

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

C Prototype

OM_uint32 gss_unwrap(
        OM_uint32               * minor_status,
        gss_ctx_id_t              context_handle,
        gss_buffer_t              input_message_buffer,
        gss_buffer_t              output_message_buffer,
        int                     * conf_state,
        gss_qop_t               * qop_state );

Arguments

minor_status (output) 

An implementation-specific status code.

context_handle (input) 

Identifies the context in which the message arrived.

input_message_buffer (input) 

The protected message.

output_message_buffer (output)
  

A buffer to receive the unwrapped message. Storage associated with this buffer must be freed by the application after use with a call to gss_release_buffer.

conf_state (output) 

A Boolean value indicating which services have been applied. Specify NULL if not required.

TRUE — Confidentiality and integrity protection services have been applied.FALSE — Only integrity service has been applied.

qop_state (output) 

The quality of protection provided. Specify NULL if not required.

Description

This routine converts a message previously protected by gss_wrap back to a usable form, verifying the embedded Message Integrity Code (MIC). The conf_state argument indicates whether the message was encrypted; the qop_state argument indicates the strength of the protection that was used to provide the confidentiality and integrity services.

This routine is functionally equivalent to the gss_unseal routine. New code should use gss_unwrap instead of gss_unseal. Although both routines are supported, gss_unseal has been deprecated in the GSSAPI Version 2 specification.

Return Values

This routine returns one of the following GSS status codes:

GSS_S_COMPLETE

Indicates that the input_message_buffer was successfully processed and that the output_message_buffer is ready for transmission.

GSS_S_DEFECTIVE_TOKEN

Indicates that the input_message_buffer was successfully processed and that the output_message_buffer is ready for transmission.

GSS_S_BAD_SIG

Indicates that consistency checks performed on the token extracted from the input_message_buffer failed, preventing further processing from being performed with that token.

GSS_S_DUPLICATE_TOKEN

Indicates that the MIC extracted from the input_message_buffer contains an incorrect integrity check for the message.

GSS_S_OLD_TOKEN

The token extracted from the input_message_buffer is valid, and contained a correct MIC for the message, but is a duplicate of a token already processed. This is a fatal error during context establishment.

GSS_S_UNSEQ_TOKE

Indicates that the token was valid, and contained a correct MIC for the message, but has been verified out of sequence; a later token has already been received.

GSS_S_GAP_TOKEN

Indicates that the token was valid, and contained a correct MIC for the message, but has been verified out of sequence; an earlier expected token has not yet been received.

GSS_S_CONTEXT_EXPIRED

Indicates that context-related data items have expired, so that the requested operation cannot be performed
GSS_S_NO_CONTEXT

Indicates that no valid context was recognized for the input context_handle provided.



gss_test_oid_set_member — Determine whether an object identifier is a member of the set
  		 


gss_verify_mic — Check that a cryptographic MIC fits the applied message