NAME
gss_unwrap — verify a message with attached message integrity code (MIC) and decrypt message content if necessary
SYNOPSIS
#include <gssapi.h>
OM_uint32 gss_unwrap (
OM_uint32 *minor_status,
gss_ctx_id_t context_handle,
gss_buffer_t input_message_buffer,
gss_buffer_t output_message_buffer,
int *conf_state,
gss_qop_t *qop_state)
DESCRIPTION
The
gss_unwrap()
routine converts a protected message to a usable
form and verifies the embedded message integrity code (MIC). The
conf_state
parameter indicates whether the message was encrypted.
The
qop_state
parameter indicates the quality of protection that was
used to provide the confidentiality and integrity services.
Input Parameters
- context_handle
Specifies the context on which the message arrived.
- input_message_buffer
Specifies the protected message.
- output_message_buffer
Specifies the buffer to receive the unwrapped message.
Output Parameters
- conf_state
Returns the requested level of confidentiality and integrity
services, as follows:
- Non-zero
Both confidentiality and integrity services were used.
- zero
Only integrity services was used.
- qop_state
Returns the cryptographic algorithm, or quality of protection.
- minor_status
Returns a status code from the security mechanism.
STATUS CODES
The following status codes can be returned:
- GSS_S_COMPLETE
The routine was completed successfully.
- GSS_S_BAD_SIG
The signature was incorrect.
- GSS_S_CONTEXT_EXPIRED
The context has already expired.
- GSS_S_CREDENTIALS_EXPIRED
The context is recognized but the associated
credentials have expired.
- GSS_S_DEFECTIVE_TOKEN
The token failed consistency checks.
- GSS_S_DUPLICATE_TOKEN
The token was valid and contained the correct
signature but it had already been processed.
- GSS_S_FAILURE
The routine failed.
The context specified in the
context_handle
parameter was not valid.
- GSS_S_NO_CONTEXT
The context identified in the
context_handle
parameter was not valid.
- GSS_S_OLD_TOKEN
The token was valid and contained the correct signature
but it is too old.
- GSS_S_UNSEQ_TOKEN
The token was valid, and contained a correct MIC
for the message, but has been verified out of
sequence; a later token has already been received.
- GSS_S_GAP_TOKEN
The token was valid, and contained a correct MIC
for the message, but has been verified out of
sequence; an earlier expected token has not yet
been received.
AUTHOR
gss_unwrap()
was developed by Sun Microsystems, Inc.