GSS_VERIFY_MIC(3GSS) Generic Security Services API Library Functions


NAME


gss_verify_mic - verify integrity of a received message

SYNOPSIS


cc [ flag... ] file... -lgss [ library... ]
#include <gssapi/gssapi.h>

OM_uint32 gss_verify_mic(OM_uint32 *minor_status,
const gss_ctx_id_t context_handle, const gss_buffer_t message_buffer,
const gss_buffer_t token_buffer, gss_qop_t *qop_state);


DESCRIPTION


The gss_verify_mic() function verifies that a cryptographic MIC,
contained in the token parameter, fits the supplied message. The
qop_state parameter allows a message recipient to determine the strength
of protection that was applied to the message.


Since some application-level protocols may wish to use tokens emitted by
gss_wrap(3GSS) to provide secure framing, the GSS-API supports the
calculation and verification of MICs over zero-length messages.

PARAMETERS


The parameter descriptions for gss_verify_mic() follow:

minor_status
The status code returned by the underlying mechanism.


context_handle
Identifies the context on which the message arrived.


message_buffer
The message to be verified.


token_buffer
The token associated with the message.


qop_state
Specifies the quality of protection gained from the
MIC. Specify NULL if this parameter is not required.


ERRORS


gss_verify_mic() may return the following status codes:

GSS_S_COMPLETE
Successful completion.


GSS_S_DEFECTIVE_TOKEN
The token failed consistency checks.


GSS_S_BAD_SIG
The MIC was incorrect.


GSS_S_DUPLICATE_TOKEN
The token was valid and contained a correct MIC
for the message, but it had already been
processed.


GSS_S_OLD_TOKEN
The token was valid and contained a correct MIC
for the message, but it is too old to check for
duplication.


GSS_S_UNSEQ_TOKEN
The token was valid and contained a correct MIC
for the message, but it has been verified out of
sequence; a later token has already been
received.


GSS_S_GAP_TOKEN
The token was valid and contained a correct MIC
for the message, but it has been verified out of
sequence; an earlier expected token has not yet
been received.


GSS_S_CONTEXT_EXPIRED
The context has already expired.


GSS_S_NO_CONTEXT
The context_handle parameter did not identify a
valid context.


GSS_S_FAILURE
The underlying mechanism detected an error for
which no specific GSS status code is defined.
The mechanism-specific status code reported by
means of the minor_status parameter details the
error condition.


ATTRIBUTES


See attributes(5) for descriptions of the following attributes:


+---------------+-----------------+
|ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+---------------+-----------------+
|MT-Level | Safe |
+---------------+-----------------+

SEE ALSO


gss_wrap(3GSS), attributes(5)


Solaris Security for Developers Guide


January 15, 2003 GSS_VERIFY_MIC(3GSS)