skip book previous and next navigation links
go up to top of book: HP Open Source Security for OpenVMS Volume 3:... HP Open Source Security for OpenVMS Volume 3:...
go to beginning of chapter: GSSAPI (Generic Security Services Application... GSSAPI (Generic Security Services Application...
go to previous page: gss_export_sec_context Transfer a security context to another process gss_export_sec_context Transfer a security context to another...
go to next page: gss_import_name Convert a printable string to an internal formgss_import_name Convert a printable string to an internal form
end of book navigation links

gss_get_mic -- Generate a cryptographic MIC for a message 



C Prototype 

OM_uint32 gss_get_mic(
        OM_uint32         minor_status,
        gss_ctx_id_t      context_handle,
        gss_qop_t         qop_req,
        gss_buffer_t      message_buffer,
        gss_buffer_t      message_token );

Arguments 

minor_status
(output)		 An implementation-specific status code.
context_handle (input)  Identifies the context on which the message will be sent.
qop_req (input) Specifies the requested quality of protection. Callers are encouraged, on portability grounds, to accept the default quality of protection offered by the chosen mechanism, which may be requested by specifying GSS_C_QOP_DEFAULT for this argument. If an unsupported protection strength is requested, gss_get_mic will return a status of GSS_S_BAD_QOP.
message_buffer (input) The message to be protected.
message_token (output) A buffer to receive the token. The application must free storage associated with this buffer after use with a call to gss_release_buffer.

Description 

This routine supports data origin authentication and data integrity services. When gss_get_mic is invoked on an input message, it generates a cryptographic MIC, and places the MIC in a per-message token containing data items that allow underlying mechanisms to provide the specified security services. The original message, along with the generated per-message token, is passed to the remote peer; these two data elements are processed by gss_verify_mic, which validates the message in conjunction with the separate token. The qop_req argument allows a choice between several cryptographic algorithms.

This routine is functionally equivalent to the gss_sign routine. New code should use gss_get_mic instead of gss_sign. Although both routines are supported, gss_sign has been deprecated in the GSSAPI Version 2 specification.

Return Values 

This routine returns one of the following GSS status codes:

GSS_S_COMPLETE
Indicates that an integrity check, suitable for an established security context, was successfully applied and that the message and corresponding per_msg_token are ready for transmission.
GSS_S_CONTEXT_EXPIRED
 Indicates that context-related data items have expired, so that the requested operation cannot be performed.
GSS_S_NO_CONTEXT
 Indicates that the context_handle argument did not identify a valid context.
GSS_S_BAD_QOP
 Indicates that the provided QOP value is not recognized or supported for the context.

go to previous page: gss_export_sec_context Transfer a security context to another process gss_export_sec_context Transfer a security context to another...
go to next page: gss_import_name Convert a printable string to an internal formgss_import_name Convert a printable string to an internal form