PSARC/2015/144 Kerberos 1.13 Delivery to Userland
19153034 Add MIT Kerberos to the Userland Consolidation
'\" te
.\" Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved.
.TH gss_unwrap 3GSS "22 Aug 2011" "SunOS 5.12" "Generic Security Services API Library Functions"
.SH NAME
gss_unwrap \- verify a message with attached cryptographic message
.SH SYNOPSIS
.LP
.nf
\fBcc\fR [ \fIflag\fR... ] \fIfile\fR... \fB-lgss\fR [ \fIlibrary\fR... ]
#include <gssapi/gssapi.h>
\fBOM_uint32\fR \fBgss_unwrap\fR(\fBOM_uint32 *\fR\fIminor_status\fR,
\fBconst gss_ctx_id_t\fR \fIcontext_handle\fR,
\fBconst gss_buffer_t\fR \fIinput_message_buffer\fR,
\fBgss_buffer_t\fR \fIoutput_message_buffer\fR, \fBint *\fR\fIconf_state\fR,
\fBgss_qop_t *\fR\fIqop_state\fR);
.fi
.SH DESCRIPTION
.sp
.LP
The \fBgss_unwrap()\fR function converts a message previously protected by \fBgss_wrap\fR(3GSS) back to a usable form, verifying the embedded \fBMIC\fR. The \fIconf_state\fR parameter indicates whether the message was encrypted; the \fIqop_state\fR parameter indicates the strength of protection that was used to provide the confidentiality and integrity services.
.sp
.LP
Since some application-level protocols may wish to use tokens emitted by \fBgss_wrap\fR(3GSS) to provide secure framing, the \fBGSS-API\fR supports the wrapping and unwrapping of zero-length messages.
.SH PARAMETERS
.sp
.LP
The parameter descriptions for \fBgss_unwrap()\fR follow:
.sp
.ne 2
.mk
.na
\fB\fIminor_status\fR\fR
.ad
.RS 25n
.rt
The status code returned by the underlying mechanism.
.RE
.sp
.ne 2
.mk
.na
\fB\fIcontext_handle\fR\fR
.ad
.RS 25n
.rt
Identifies the context on which the message arrived.
.RE
.sp
.ne 2
.mk
.na
\fB\fIinput_message_buffer\fR\fR
.ad
.RS 25n
.rt
The message to be protected.
.RE
.sp
.ne 2
.mk
.na
\fB\fIoutput_message_buffer\fR\fR
.ad
.RS 25n
.rt
The buffer to receive the unwrapped message. Storage associated with this buffer must be freed by the application after use with a call to \fBgss_release_buffer\fR(3GSS).
.RE
.sp
.ne 2
.mk
.na
\fB\fIconf_state\fR\fR
.ad
.RS 25n
.rt
If the value of \fIconf_state\fR is non-zero, then confidentiality and integrity protection were used. If the value is zero, only integrity service was used. Specify \fBNULL\fR if this parameter is not required.
.RE
.sp
.ne 2
.mk
.na
\fB\fIqop_state\fR\fR
.ad
.RS 25n
.rt
Specifies the quality of protection provided. Specify \fBNULL\fR if this parameter is not required.
.RE
.SH ERRORS
.sp
.LP
\fBgss_unwrap()\fR may return the following status codes:
.sp
.ne 2
.mk
.na
\fB\fBGSS_S_COMPLETE\fR\fR
.ad
.RS 25n
.rt
Successful completion.
.RE
.sp
.ne 2
.mk
.na
\fB\fBGSS_S_DEFECTIVE_TOKEN\fR\fR
.ad
.RS 25n
.rt
The token failed consistency checks.
.RE
.sp
.ne 2
.mk
.na
\fB\fBGSS_S_BAD_SIG\fR\fR
.ad
.RS 25n
.rt
The \fBMIC\fR was incorrect.
.RE
.sp
.ne 2
.mk
.na
\fB\fBGSS_S_DUPLICATE_TOKEN\fR\fR
.ad
.RS 25n
.rt
The token was valid, and contained a correct \fBMIC\fR for the message, but it had already been processed.
.RE
.sp
.ne 2
.mk
.na
\fB\fBGSS_S_OLD_TOKEN\fR\fR
.ad
.RS 25n
.rt
The token was valid, and contained a correct \fBMIC\fR for the message, but it is too old to check for duplication.
.RE
.sp
.ne 2
.mk
.na
\fB\fBGSS_S_UNSEQ_TOKEN\fR\fR
.ad
.RS 25n
.rt
The token was valid, and contained a correct \fBMIC\fR for the message, but has been verified out of sequence; a later token has already been received.
.RE
.sp
.ne 2
.mk
.na
\fB\fBGSS_S_GAP_TOKEN\fR\fR
.ad
.RS 25n
.rt
The token was valid, and contained a correct \fBMIC\fR for the message, but has been verified out of sequence; an earlier expected token has not yet been received.
.RE
.sp
.ne 2
.mk
.na
\fB\fBGSS_S_CONTEXT_EXPIRED\fR\fR
.ad
.RS 25n
.rt
The context has already expired.
.RE
.sp
.ne 2
.mk
.na
\fB\fBGSS_S_NO_CONTEXT\fR\fR
.ad
.RS 25n
.rt
The \fIcontext_handle\fR parameter did not identify a valid context.
.RE
.sp
.ne 2
.mk
.na
\fB\fBGSS_S_FAILURE\fR\fR
.ad
.RS 25n
.rt
The underlying mechanism detected an error for which no specific \fBGSS\fR status code is defined. The mechanism-specific status code reported by means of the \fIminor_status\fR parameter details the error condition.
.RE
.SH ATTRIBUTES
.sp
.LP
See \fBattributes\fR(5) for descriptions of the following attributes:
.sp
.sp
.TS
tab() box;
cw(2.75i) |cw(2.75i)
lw(2.75i) |lw(2.75i)
.
ATTRIBUTE TYPEATTRIBUTE VALUE
_
MT-LevelSafe
.TE
.SH SEE ALSO
.sp
.LP
\fBgss_release_buffer\fR(3GSS), \fBgss_wrap\fR(3GSS), \fBattributes\fR(5)
.sp
.LP