gss_wrap_size_limit Check expected size of wrapped output

If both a Table of Contents and Search form are not displayed in separate frames along with this one, you may wish to redisplay this book in a frameset, beginning with the first page.

HP Open Source Security for OpenVMS Volume 3:...

GSSAPI (Generic Security Services Application...

gss_wrap Attach a MIC to a message and encrypt the message

KRB5 (Kerberos V5) Application Programming Interface

gss_wrap_size_limit -- Check expected size of wrapped output

C Prototype

OM_uint32 gss_wrap_size_limit(
        OM_uint32          minor_status,
        gss_ctx_id_t       context_handle,
        int                conf_req_flag,
        gss_qop_t          qop_req,
        OM_uint32          req_output_size,
        OM_uint32          max_input_size );

Arguments

minor_status
(output) An implementation-specific status code.

context_handle (input) A handle that refers to the security over which the messages will be sent..

conf_req_flag (input) A Boolean value indicating whether gss_wrap will be asked to apply confidentiality protection in addition to integrity protection.

TRUE -- Both confidentiality and integrity services are requested.FALSE -- Only integrity service is requested.

qop_req (input) Specifies the requested quality of protection that gss_wrap will be asked to provide. Callers are encouraged, on portability grounds, to accept the default quality of protection offered by the chosen mechanism, which may be requested by specifying GSS_C_QOP_DEFAULT for this argument.

req_output_size (input) The desired maximum size for tokens emitted by gss_wrap.

max_input_size (output) The maximum input message size that may be presented to gss_wrap in order to guarantee that the emitted token shall be no larger than req_output_size bytes.

Description

This routine allows an application to determine the maximum message size that, if presented to gss_wrap with the same conf_req_flag and qop_req arguments, will result in an output token containing no more than req_output_size bytes.

This call is intended for use by applications that communicate over protocols that impose a maximum message size. It enables the application to fragment messages prior to applying protection.

Successful completion of this call does not guarantee that gss_wrap will be able to protect a message of length max_input_size bytes, since this ability may depend on the availability of system resources at the time that gss_wrap is called.

Return Values

This routine returns one of the following GSS status codes:

GSS_S_COMPLETE
Indicates a successful token size determination: an input message with a length in octets equal to the returned max_input_size value will, when passed to gss_wrap for processing on the context identified by the context_handle argument with the confidentiality request state as provided in conf_req_flag and with the quality of protection specifier provided in the qop_req argument, yield an output token no larger than the value of the provided req_output_size argument.

GSS_S_CONTEXT_EXPIRED
Indicates that the provided input context_handle is recognized, but that the referenced context has expired. Return values other than minor_status are undefined.

GSS_S_NO_CONTEXT
Indicates that no valid context was recognized for the input context_handle provided. Return values other than minor_status are undefined.

GSS_S_BAD_QOP
Indicates that the provided QOP value is not recognized or supported for the context.

gss_wrap Attach a MIC to a message and encrypt the message

KRB5 (Kerberos V5) Application Programming Interface

minor_status (output)		An implementation-specific status code.
context_handle (input)		A handle that refers to the security over which the messages will be sent..
conf_req_flag (input)		A Boolean value indicating whether `gss_wrap` will be asked to apply confidentiality protection in addition to integrity protection. TRUE -- Both confidentiality and integrity services are requested.FALSE -- Only integrity service is requested.
qop_req (input)		Specifies the requested quality of protection that `gss_wrap` will be asked to provide. Callers are encouraged, on portability grounds, to accept the default quality of protection offered by the chosen mechanism, which may be requested by specifying GSS_C_QOP_DEFAULT for this argument.
req_output_size (input)		The desired maximum size for tokens emitted by `gss_wrap`.
max_input_size (output)		The maximum input message size that may be presented to `gss_wrap` in order to guarantee that the emitted token shall be no larger than `req_output_size` bytes.

GSS_S_COMPLETE	Indicates a successful token size determination: an input message with a length in octets equal to the returned `max_input_size` value will, when passed to `gss_wrap` for processing on the context identified by the `context_handle` argument with the confidentiality request state as provided in conf_req_flag and with the quality of protection specifier provided in the `qop_req` argument, yield an output token no larger than the value of the provided `req_output_size` argument.
GSS_S_CONTEXT_EXPIRED	Indicates that the provided input `context_handle` is recognized, but that the referenced context has expired. Return values other than `minor_status` are undefined.
GSS_S_NO_CONTEXT	Indicates that no valid context was recognized for the input `context_handle` provided. Return values other than `minor_status` are undefined.
GSS_S_BAD_QOP	Indicates that the provided QOP value is not recognized or supported for the context.