GSS_UNWRAP(3GSS) Generic Security Services API Library Functions
gss_unwrap - verify a message with attached cryptographic message
cc [ flag... ] file... -lgss [ library... ]
#include <gssapi/gssapi.h>
OM_uint32 gss_unwrap(OM_uint32 *minor_status,
const gss_ctx_id_t context_handle,
const gss_buffer_t input_message_buffer,
gss_buffer_t output_message_buffer, int *conf_state,
gss_qop_t *qop_state);
The gss_unwrap() function converts a message previously protected by
gss_wrap(3GSS) back to a usable form, verifying the embedded MIC.
The conf_state parameter indicates whether the message was encrypted;
the qop_state parameter indicates the strength of protection that was
used to provide the confidentiality and integrity services.
Since some application-level protocols may wish to use tokens emitted
by gss_wrap(3GSS) to provide secure framing, the GSS-API supports the
wrapping and unwrapping of zero-length messages.
The parameter descriptions for gss_unwrap() follow:
minor_status
The status code returned by the underlying
mechanism.
context_handle
Identifies the context on which the message
arrived.
input_message_buffer
The message to be protected.
output_message_buffer
The buffer to receive the unwrapped message.
Storage associated with this buffer must be
freed by the application after use with a
call to gss_release_buffer(3GSS).
conf_state
If the value of conf_state is non-zero, then
confidentiality and integrity protection
were used. If the value is zero, only
integrity service was used. Specify NULL if
this parameter is not required.
qop_state
Specifies the quality of protection
provided. Specify NULL if this parameter is
not required.
gss_unwrap() may return the following status codes:
GSS_S_COMPLETE
Successful completion.
GSS_S_DEFECTIVE_TOKEN
The token failed consistency checks.
GSS_S_BAD_SIG
The MIC was incorrect.
GSS_S_DUPLICATE_TOKEN
The token was valid, and contained a correct
MIC for the message, but it had already been
processed.
GSS_S_OLD_TOKEN
The token was valid, and contained a correct
MIC for the message, but it is too old to
check for duplication.
GSS_S_UNSEQ_TOKEN
The token was valid, and contained a correct
MIC for the message, but has been verified
out of sequence; a later token has already
been received.
GSS_S_GAP_TOKEN
The token was valid, and contained a correct
MIC for the message, but has been verified
out of sequence; an earlier expected token
has not yet been received.
GSS_S_CONTEXT_EXPIRED
The context has already expired.
GSS_S_NO_CONTEXT
The context_handle parameter did not
identify a valid context.
GSS_S_FAILURE
The underlying mechanism detected an error
for which no specific GSS status code is
defined. The mechanism-specific status code
reported by means of the minor_status
parameter details the error condition.
See attributes(7) for descriptions of the following attributes:
+---------------+-----------------+
|ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+---------------+-----------------+
|MT-Level | Safe |
+---------------+-----------------+
gss_release_buffer(3GSS), gss_wrap(3GSS), attributes(7)
Solaris Security for Developers Guide
January 15, 2003 GSS_UNWRAP(3GSS)
NAME
gss_unwrap - verify a message with attached cryptographic message
SYNOPSIS
cc [ flag... ] file... -lgss [ library... ]
#include <gssapi/gssapi.h>
OM_uint32 gss_unwrap(OM_uint32 *minor_status,
const gss_ctx_id_t context_handle,
const gss_buffer_t input_message_buffer,
gss_buffer_t output_message_buffer, int *conf_state,
gss_qop_t *qop_state);
DESCRIPTION
The gss_unwrap() function converts a message previously protected by
gss_wrap(3GSS) back to a usable form, verifying the embedded MIC.
The conf_state parameter indicates whether the message was encrypted;
the qop_state parameter indicates the strength of protection that was
used to provide the confidentiality and integrity services.
Since some application-level protocols may wish to use tokens emitted
by gss_wrap(3GSS) to provide secure framing, the GSS-API supports the
wrapping and unwrapping of zero-length messages.
PARAMETERS
The parameter descriptions for gss_unwrap() follow:
minor_status
The status code returned by the underlying
mechanism.
context_handle
Identifies the context on which the message
arrived.
input_message_buffer
The message to be protected.
output_message_buffer
The buffer to receive the unwrapped message.
Storage associated with this buffer must be
freed by the application after use with a
call to gss_release_buffer(3GSS).
conf_state
If the value of conf_state is non-zero, then
confidentiality and integrity protection
were used. If the value is zero, only
integrity service was used. Specify NULL if
this parameter is not required.
qop_state
Specifies the quality of protection
provided. Specify NULL if this parameter is
not required.
ERRORS
gss_unwrap() may return the following status codes:
GSS_S_COMPLETE
Successful completion.
GSS_S_DEFECTIVE_TOKEN
The token failed consistency checks.
GSS_S_BAD_SIG
The MIC was incorrect.
GSS_S_DUPLICATE_TOKEN
The token was valid, and contained a correct
MIC for the message, but it had already been
processed.
GSS_S_OLD_TOKEN
The token was valid, and contained a correct
MIC for the message, but it is too old to
check for duplication.
GSS_S_UNSEQ_TOKEN
The token was valid, and contained a correct
MIC for the message, but has been verified
out of sequence; a later token has already
been received.
GSS_S_GAP_TOKEN
The token was valid, and contained a correct
MIC for the message, but has been verified
out of sequence; an earlier expected token
has not yet been received.
GSS_S_CONTEXT_EXPIRED
The context has already expired.
GSS_S_NO_CONTEXT
The context_handle parameter did not
identify a valid context.
GSS_S_FAILURE
The underlying mechanism detected an error
for which no specific GSS status code is
defined. The mechanism-specific status code
reported by means of the minor_status
parameter details the error condition.
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
+---------------+-----------------+
|ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+---------------+-----------------+
|MT-Level | Safe |
+---------------+-----------------+
SEE ALSO
gss_release_buffer(3GSS), gss_wrap(3GSS), attributes(7)
Solaris Security for Developers Guide
January 15, 2003 GSS_UNWRAP(3GSS)