1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
|
'\" te
.\" Copyright (C) 2003, Sun Microsystems, Inc. All Rights Reserved
.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
.TH gss_verify_mic 3GSS "15 Jan 2003" "SunOS 5.11" "Generic Security Services API Library Functions"
.SH NAME
gss_verify_mic \- verify integrity of a received message
.SH SYNOPSIS
.LP
.nf
\fBcc\fR [ \fIflag\fR... ] \fIfile\fR... \fB-lgss\fR [ \fIlibrary\fR... ]
#include <gssapi/gssapi.h>
\fBOM_uint32\fR \fBgss_verify_mic\fR(\fBOM_uint32 *\fR\fIminor_status\fR,
\fBconst gss_ctx_id_t\fR \fIcontext_handle\fR, \fBconst gss_buffer_t\fR \fImessage_buffer\fR,
\fBconst gss_buffer_t\fR \fItoken_buffer\fR, \fBgss_qop_t *\fR\fIqop_state\fR);
.fi
.SH DESCRIPTION
.sp
.LP
The \fBgss_verify_mic()\fR function verifies that a cryptographic \fBMIC\fR,
contained in the token parameter, fits the supplied message. The
\fIqop_state\fR parameter allows a message recipient to determine the strength
of protection that was applied to the message.
.sp
.LP
Since some application-level protocols may wish to use tokens emitted by
\fBgss_wrap\fR(3GSS) to provide secure framing, the \fBGSS-API\fR supports the
calculation and verification of \fBMIC\fRs over zero-length messages.
.SH PARAMETERS
.sp
.LP
The parameter descriptions for \fBgss_verify_mic()\fR follow:
.sp
.ne 2
.mk
.na
\fB\fIminor_status\fR\fR
.ad
.RS 18n
.rt
The status code returned by the underlying mechanism.
.RE
.sp
.ne 2
.mk
.na
\fB\fIcontext_handle\fR\fR
.ad
.RS 18n
.rt
Identifies the context on which the message arrived.
.RE
.sp
.ne 2
.mk
.na
\fB\fImessage_buffer\fR\fR
.ad
.RS 18n
.rt
The message to be verified.
.RE
.sp
.ne 2
.mk
.na
\fB\fItoken_buffer\fR\fR
.ad
.RS 18n
.rt
The token associated with the message.
.RE
.sp
.ne 2
.mk
.na
\fB\fIqop_state\fR\fR
.ad
.RS 18n
.rt
Specifies the quality of protection gained from the \fBMIC\fR. Specify
\fBNULL\fR if this parameter is not required.
.RE
.SH ERRORS
.sp
.LP
\fBgss_verify_mic()\fR may return the following status codes:
.sp
.ne 2
.mk
.na
\fB\fBGSS_S_COMPLETE\fR\fR
.ad
.RS 25n
.rt
Successful completion.
.RE
.sp
.ne 2
.mk
.na
\fB\fBGSS_S_DEFECTIVE_TOKEN\fR\fR
.ad
.RS 25n
.rt
The token failed consistency checks.
.RE
.sp
.ne 2
.mk
.na
\fB\fBGSS_S_BAD_SIG\fR\fR
.ad
.RS 25n
.rt
The \fBMIC\fR was incorrect.
.RE
.sp
.ne 2
.mk
.na
\fB\fBGSS_S_DUPLICATE_TOKEN\fR\fR
.ad
.RS 25n
.rt
The token was valid and contained a correct \fBMIC\fR for the message, but it
had already been processed.
.RE
.sp
.ne 2
.mk
.na
\fB\fBGSS_S_OLD_TOKEN\fR\fR
.ad
.RS 25n
.rt
The token was valid and contained a correct \fBMIC\fR for the message, but it
is too old to check for duplication.
.RE
.sp
.ne 2
.mk
.na
\fB\fBGSS_S_UNSEQ_TOKEN\fR\fR
.ad
.RS 25n
.rt
The token was valid and contained a correct \fBMIC\fR for the message, but it
has been verified out of sequence; a later token has already been received.
.RE
.sp
.ne 2
.mk
.na
\fB\fBGSS_S_GAP_TOKEN\fR\fR
.ad
.RS 25n
.rt
The token was valid and contained a correct \fBMIC\fR for the message, but it
has been verified out of sequence; an earlier expected token has not yet been
received.
.RE
.sp
.ne 2
.mk
.na
\fB\fBGSS_S_CONTEXT_EXPIRED\fR\fR
.ad
.RS 25n
.rt
The context has already expired.
.RE
.sp
.ne 2
.mk
.na
\fB\fBGSS_S_NO_CONTEXT\fR\fR
.ad
.RS 25n
.rt
The \fIcontext_handle\fR parameter did not identify a valid context.
.RE
.sp
.ne 2
.mk
.na
\fB\fBGSS_S_FAILURE\fR\fR
.ad
.RS 25n
.rt
The underlying mechanism detected an error for which no specific \fBGSS\fR
status code is defined. The mechanism-specific status code reported by means
of the \fIminor_status\fR parameter details the error condition.
.RE
.SH ATTRIBUTES
.sp
.LP
See \fBattributes\fR(5) for descriptions of the following attributes:
.sp
.sp
.TS
tab(�) box;
cw(2.75i) |cw(2.75i)
lw(2.75i) |lw(2.75i)
.
ATTRIBUTE TYPE�ATTRIBUTE VALUE
_
MT-Level�Safe
.TE
.SH SEE ALSO
.sp
.LP
\fBgss_wrap\fR(3GSS), \fBattributes\fR(5)
.sp
.LP
\fISolaris Security for Developers Guide\fR
|
