gss_unwrap Verify a message with attached MIC and decrypt message content

If both a Table of Contents and Search form are not displayed in separate frames along with this one, you may wish to redisplay this book in a frameset, beginning with the first page.

HP Open Source Security for OpenVMS Volume 3:...

GSSAPI (Generic Security Services Application...

gss_test_oid_set_member Determine whether an object identifier...

gss_verify_mic Check that a cryptographic MIC fits the applied...

gss_unwrap -- Verify a message with attached MIC and decrypt message content

C Prototype

OM_uint32 gss_unwrap(
        OM_uint32          minor_status,
        gss_ctx_id_t       context_handle,
        gss_buffer_t       input_message_buffer,
        gss_buffer_t       output_message_buffer,
        int                conf_state,
        gss_qop_t          qop_state );

Arguments

minor_status
(output) An implementation-specific status code.

context_handle (input) Identifies the context in which the message arrived.

input_message_buffer (input)
The protected message.

output_message_buffer (output)
A buffer to receive the unwrapped message. Storage associated with this buffer must be freed by the application after use with a call to gss_release_buffer.

conf_state (output) A Boolean value indicating which services have been applied. Specify NULL if not required.

TRUE -- Confidentiality and integrity protection services have been applied.FALSE -- Only integrity service has been applied.

qop_state (output) The quality of protection provided. Specify NULL if not required.

Description

This routine converts a message previously protected by gss_wrap back to a usable form, verifying the embedded Message Integrity Code (MIC). The conf_state argument indicates whether the message was encrypted; the qop_state argument indicates the strength of the protection that was used to provide the confidentiality and integrity services.

This routine is functionally equivalent to the gss_unseal routine. New code should use gss_unwrap instead of gss_unseal. Although both routines are supported, gss_unseal has been deprecated in the GSSAPI Version 2 specification.

Return Values

This routine returns one of the following GSS status codes:

GSS_S_COMPLETE
Indicates that the input_message_buffer was successfully processed and that the output_message_buffer is ready for transmission.

GSS_S_DEFECTIVE_TOKEN
Indicates that the input_message_buffer was successfully processed and that the output_message_buffer is ready for transmission.

GSS_S_BAD_SIG
Indicates that consistency checks performed on the token extracted from the input_message_buffer failed, preventing further processing from being performed with that token.

GSS_S_DUPLICATE_TOKEN
Indicates that the MIC extracted from the input_message_buffer contains an incorrect integrity check for the message.

GSS_S_OLD_TOKEN
The token extracted from the input_message_buffer is valid, and contained a correct MIC for the message, but is a duplicate of a token already processed. This is a fatal error during context establishment.

GSS_S_UNSEQ_TOKE
Indicates that the token was valid, and contained a correct MIC for the message, but has been verified out of sequence; a later token has already been received.

GSS_S_GAP_TOKEN
Indicates that the token was valid, and contained a correct MIC for the message, but has been verified out of sequence; an earlier expected token has not yet been received.

GSS_S_CONTEXT_EXPIRED
Indicates that context-related data items have expired, so that the requested operation cannot be performed

GSS_S_NO_CONTEXT
Indicates that no valid context was recognized for the input context_handle provided.

gss_test_oid_set_member Determine whether an object identifier...

gss_verify_mic Check that a cryptographic MIC fits the applied...

minor_status (output)		An implementation-specific status code.
context_handle (input)		Identifies the context in which the message arrived.
input_message_buffer (input)
		The protected message.
output_message_buffer (output)
		A buffer to receive the unwrapped message. Storage associated with this buffer must be freed by the application after use with a call to `gss_release_buffer`.
conf_state (output)		A Boolean value indicating which services have been applied. Specify NULL if not required. TRUE -- Confidentiality and integrity protection services have been applied.FALSE -- Only integrity service has been applied.
qop_state (output)		The quality of protection provided. Specify NULL if not required.

GSS_S_COMPLETE	Indicates that the `input_message_buffer` was successfully processed and that the `output_message_buffer` is ready for transmission.
GSS_S_DEFECTIVE_TOKEN	Indicates that the `input_message_buffer` was successfully processed and that the `output_message_buffer` is ready for transmission.
GSS_S_BAD_SIG	Indicates that consistency checks performed on the token extracted from the `input_message_buffer` failed, preventing further processing from being performed with that token.
GSS_S_DUPLICATE_TOKEN	Indicates that the MIC extracted from the `input_message_buffer` contains an incorrect integrity check for the message.
GSS_S_OLD_TOKEN	The token extracted from the `input_message_buffer` is valid, and contained a correct MIC for the message, but is a duplicate of a token already processed. This is a fatal error during context establishment.
GSS_S_UNSEQ_TOKE	Indicates that the token was valid, and contained a correct MIC for the message, but has been verified out of sequence; a later token has already been received.
GSS_S_GAP_TOKEN	Indicates that the token was valid, and contained a correct MIC for the message, but has been verified out of sequence; an earlier expected token has not yet been received.
GSS_S_CONTEXT_EXPIRED	Indicates that context-related data items have expired, so that the requested operation cannot be performed
GSS_S_NO_CONTEXT	Indicates that no valid context was recognized for the input `context_handle` provided.