GSS_WRAP(3GSS) Generic Security Services API Library Functions GSS_WRAP(3GSS)


NAME


gss_wrap - attach a cryptographic message

SYNOPSIS


cc [ flag... ] file... -lgss [ library... ]
#include <gssapi/gssapi.h>

OM_uint32 gss_wrap(OM_uint32 *minor_status,
const gss_ctx_id_t context_handle, int conf_req_flag,
gss_qop_t qop_req, const gss_buffer_t input_message_buffer,
int *conf_state, gss_buffer_t output_message_buffer);


DESCRIPTION


The gss_wrap() function attaches a cryptographic MIC and optionally
encrypts the specified input_message. The output_message contains both
the MIC and the message. The qop_req parameter allows a choice between
several cryptographic algorithms, if supported by the chosen mechanism.


Since some application-level protocols may wish to use tokens emitted by
gss_wrap() to provide secure framing, the GSS-API supports the wrapping
of zero-length messages.

PARAMETERS


The parameter descriptions for gss_wrap() follow:

minor_status
The status code returned by the underlying
mechanism.


context_handle
Identifies the context on which the message will
be sent.


conf_req_flag
If the value of conf_req_flag is non-zero, both
confidentiality and integrity services are
requested. If the value is zero, then only
integrity service is requested.


qop_req
Specifies the required quality of protection. A
mechanism-specific default may be requested by
setting qop_req to GSS_C_QOP_DEFAULT. If an
unsupported protection strength is requested,
gss_wrap() will return a major_status of
GSS_S_BAD_QOP.


input_message_buffer
The message to be protected.


conf_state
If the value of conf_state is non-zero,
confidentiality, data origin authentication, and
integrity services have been applied. If the
value is zero, then integrity services have been
applied. Specify NULL if this parameter is not
required.


output_message_buffer
The buffer to receive the protected message.
Storage associated with this message must be
freed by the application after use with a call
to gss_release_buffer(3GSS).


ERRORS


gss_wrap() may return the following status codes:

GSS_S_COMPLETE
Successful completion.


GSS_S_CONTEXT_EXPIRED
The context has already expired.


GSS_S_NO_CONTEXT
The context_handle parameter did not identify a
valid context.


GSS_S_BAD_QOP
The specified QOP is not supported by the
mechanism.


GSS_S_FAILURE
The underlying mechanism detected an error for
which no specific GSS status code is defined.
The mechanism-specific status code reported by
means of the minor_status parameter details the
error condition.


ATTRIBUTES


See attributes(5) for descriptions of the following attributes:


+---------------+-----------------+
|ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+---------------+-----------------+
|MT-Level | Safe |
+---------------+-----------------+

SEE ALSO


gss_release_buffer(3GSS), attributes(5)


Solaris Security for Developers Guide


January 15, 2003 GSS_WRAP(3GSS)