GSS_WRAP(3GSS) Generic Security Services API Library Functions GSS_WRAP(3GSS)

gss_wrap - attach a cryptographic message

cc [ flag... ] file... -lgss  [ library... ]
#include <gssapi/gssapi.h>
OM_uint32 gss_wrap(OM_uint32 *minor_status,

const gss_ctx_id_t context_handle, int conf_req_flag,
gss_qop_t qop_req, const gss_buffer_t input_message_buffer,
int *conf_state, gss_buffer_t output_message_buffer);

The gss_wrap() function attaches a cryptographic MIC and optionally encrypts the specified input_message. The output_message contains both the MIC and the message. The qop_req parameter allows a choice between several cryptographic algorithms, if supported by the chosen mechanism.

Since some application-level protocols may wish to use tokens emitted by gss_wrap() to provide secure framing, the GSS-API supports the wrapping of zero-length messages.

The parameter descriptions for gss_wrap() follow:

minor_status

The status code returned by the underlying mechanism.

context_handle

Identifies the context on which the message will be sent.

conf_req_flag

If the value of conf_req_flag is non-zero, both confidentiality and integrity services are requested. If the value is zero, then only integrity service is requested.

qop_req

Specifies the required quality of protection. A mechanism-specific default may be requested by setting qop_req to GSS_C_QOP_DEFAULT. If an unsupported protection strength is requested, gss_wrap() will return a major_status of GSS_S_BAD_QOP.

input_message_buffer

The message to be protected.

conf_state

If the value of conf_state is non-zero, confidentiality, data origin authentication, and integrity services have been applied. If the value is zero, then integrity services have been applied. Specify NULL if this parameter is not required.

output_message_buffer

The buffer to receive the protected message. Storage associated with this message must be freed by the application after use with a call to gss_release_buffer(3GSS).

gss_wrap() may return the following status codes:

GSS_S_COMPLETE

Successful completion.

GSS_S_CONTEXT_EXPIRED

The context has already expired.

GSS_S_NO_CONTEXT

The context_handle parameter did not identify a valid context.

GSS_S_BAD_QOP

The specified QOP is not supported by the mechanism.

GSS_S_FAILURE

The underlying mechanism detected an error for which no specific GSS status code is defined. The mechanism-specific status code reported by means of the minor_status parameter details the error condition.

See attributes(7) for descriptions of the following attributes:

ATTRIBUTE TYPE ATTRIBUTE VALUE
MT-Level Safe

gss_release_buffer(3GSS), attributes(7)

Solaris Security for Developers Guide

January 15, 2003 OmniOS