gss_verify_mic Check that a cryptographic MIC fits the applied message

If both a Table of Contents and Search form are not displayed in separate frames along with this one, you may wish to redisplay this book in a frameset, beginning with the first page.

HP Open Source Security for OpenVMS Volume 3:...

GSSAPI (Generic Security Services Application...

gss_unwrap Verify a message with attached MIC and decrypt message...

gss_wrap Attach a MIC to a message and encrypt the message

gss_verify_mic -- Check that a cryptographic MIC fits the applied message

C Prototype

OM_uint32 gss_verify_mic(
        OM_uint32         minor_status,
        gss_ctx_id_t      context_handle,
        gss_buffer_t      message_buffer,
        gss_buffer_t      message_token,
        gss_qop_t         qop_state );

Arguments

minor_status
(output) An implementation-specific status code.

context_handle (input) Specifies the context on which the message arrived.

message_buffer (input) Specifies the message to be verified.

message_token (input) Specifies the token to be associated with the message.

qop_state (output) Returns the quality of protection gained from the MIC. Specify NULL if not required.

Description

This routine checks that a cryptographic MIC, contained in the message_token argument, fits the message in the message_buffer argument. The qop_state argument allows a message recipient to determine the strength of protection that was applied to the message.

This routine is functionally equivalent to the gss_verify routine. New code should use gss_verify_mic instead of gss_verify. Although both routines are supported, gss_verify has been deprecated in the GSSAPI Version 2 specification.

Return Values

This routine returns one of the following GSS status codes:

GSS_S_COMPLETE
Indicates that the message was successfully verified.

GSS_S_DEFECTIVE_TOKEN
Indicates that consistency checks performed on the received message_token failed, preventing further processing from being performed with that token.

GSS_S_BAD_SIG
Indicates that the received message_token contains an incorrect MIC for the message.

GSS_S_DUPLICATE_TOKEN
The message_token was valid, and contained a correct MIC for the message, but is a duplicate of a token already processed. This is a fatal error during context establishment.

GSS_S_OLD_TOKEN
The message_token was valid, and contained a correct MIC for the message, but the message_token was too old to check for duplication. This is a fatal error during context establishment.

GSS_S_UNSEQ_TOKEN
Indicates that the cryptographic check value on the received message was correct, and the message_token contained a correct MIC, but the token has been verified out of sequence; a later token has already been received.

GSS_S_GAP_TOKEN
Indicates that the cryptographic check value on the received message was correct, and the message_token contained a correct MIC, but the token has been verified out of sequence; an earlier expected token has not yet been received.

GSS_S_CONTEXT_EXPIRED
Indicates that context-related data items have expired, so that the requested operation cannot be performed

GSS_S_NO_CONTEXT
Indicates that no valid context was recognized for the input context_handle provided.

gss_unwrap Verify a message with attached MIC and decrypt message...

gss_wrap Attach a MIC to a message and encrypt the message

minor_status (output)		An implementation-specific status code.
context_handle (input)		Specifies the context on which the message arrived.
message_buffer (input)		Specifies the message to be verified.
message_token (input)		Specifies the token to be associated with the message.
qop_state (output)		Returns the quality of protection gained from the MIC. Specify NULL if not required.

GSS_S_COMPLETE	Indicates that the message was successfully verified.
GSS_S_DEFECTIVE_TOKEN	Indicates that consistency checks performed on the received `message_token` failed, preventing further processing from being performed with that token.
GSS_S_BAD_SIG	Indicates that the received `message_token` contains an incorrect MIC for the message.
GSS_S_DUPLICATE_TOKEN	The `message_token` was valid, and contained a correct MIC for the message, but is a duplicate of a token already processed. This is a fatal error during context establishment.
GSS_S_OLD_TOKEN	The `message_token` was valid, and contained a correct MIC for the message, but the `message_token` was too old to check for duplication. This is a fatal error during context establishment.
GSS_S_UNSEQ_TOKEN	Indicates that the cryptographic check value on the received message was correct, and the `message_token` contained a correct MIC, but the token has been verified out of sequence; a later token has already been received.
GSS_S_GAP_TOKEN	Indicates that the cryptographic check value on the received message was correct, and the `message_token` contained a correct MIC, but the token has been verified out of sequence; an earlier expected token has not yet been received.
GSS_S_CONTEXT_EXPIRED	Indicates that context-related data items have expired, so that the requested operation cannot be performed
GSS_S_NO_CONTEXT	Indicates that no valid context was recognized for the input `context_handle` provided.