Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ gss_unwrap(3) — Tru64 UNIX 5.1b

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

Functions:  gss_accept_sec_context(3)

gss_init_sec_context(3)

gss_release_buffer(3)

gss_wrap(3)

gss_unwrap(3)  —  Subroutines

NAME

gss_unwrap − Converts a protected message to a usable form. 

SYNOPSIS

#include <gssapi/gssapi.h>
OM_uint32 gss_unwrap(
        OM_uint32 ∗ minor_status,
        const gss_ctx_id_t context_handle,
        const gss_buffer_t input_message_buffer,
        gss_buffer_t output_message_buffer,
        int ∗ conf_state,
        gss_qop_t ∗ qop_state );

PARAMETERS

minor_status
Kerberos 5 error code.

context_handle
Security context that contains the session key used to decrypt the message and verify its checksum.

input_message_buffer
Protected message to be unwrapped and verified.

output_message_buffer
Buffer that receives the unwrapped message.

Storage associated with this buffer must be freed by the application after use with a call to gss_release_buffer(). 

conf_state
Protection used when the message was wrapped, that is, encrypted to ensure confidentiality. Specify NULL if this information is not required. 

       •Non-zero −− encryption used. 

       •Zero −− encryption not used. 

qop_state
Quality of protection (QOP) provided:

       •If the GSS_KRB5-C-CONF-QOP-DES confidentiality QOP was used to wrap the message, GSS_KRB5-C-INTEG-QOP-DES-MD5 is returned. 

       •If the CSF_GSS_KRB5_C_CONF_QOP_DES3 confidentiality QOP was used to wrap the message, CSF_GSS_KRB5_C_INTEG_QOP_DES3_MD5 is returned. 

Specify NULL if this information is not required.  gss_wrap() contains more information about QOPs. 

DESCRIPTION

The gss_unwrap() function converts a previously protected message back to a usable form by:

       •Verifying the checksum to check message integrity. 

       •Decrypting the message if confidentiality was used. 

This function is used in conjunction with gss_wrap() to protect messages when they are transferred between an application and its peer. 

The conf_state parameter indicates whether the message was encrypted; the qop_state parameter indicates the strength of protection that was used to provide the confidentiality and integrity services.  gss_wrap() contains more information about QOPs. 

Note

This function is a direct replacement for the gss_unseal() function used in GSS-API version 1 compliant products, including the HP Application Security Toolkit. 

If the function returns GSS_S_COMPLETE, the message has been decrypted and the checksum in the token verified successfully. 

If the function returns GSS_S_FAILURE, the token may be out-of-sequence, old, or a replay. To check for these conditions in the supplementary information fields, AND the major status code with a named identifier. 

Storage associated with the output message buffer must be freed by the application after use with a call to gss_release_buffer(). 

RETURN VALUES

GSS_S_CALL_INACCESSIBLE_READ 01xxxxxx
GSS_S_CALL_INACCESSIBLE_WRITE 02xxxxxx
GSS_S_COMPLETE 00000000
GSS_S_DEFECTIVE_TOKEN xx09xxxx
GSS_S_DUPLICATE_TOKEN xxxx0002
GSS_S_FAILURE xx0Dxxxx
GSS_S_NO_CONTEXT xx08xxxx
GSS_S_OLD_TOKEN xxxx0004
GSS_S_UNSEQ_TOKEN xxxx0008

PORTABILITY CONSIDERATIONS

Since the HP implementation of DES3 is an extension of the GSS-API, it will not interoperate with other GSS-API vendors offering DES3. 

SEE ALSO

Functions:  gss_accept_sec_context(3), gss_init_sec_context(3), gss_release_buffer(3), gss_wrap(3)

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026