1gss_wrap(3GSS) Generic Security Services API Library Functions gss_wrap(3GSS)
2
3
4
6 gss_wrap - attach a cryptographic message
7
9 cc [ flag... ] file... -lgss [ library... ]
10 #include <gssapi/gssapi.h>
11
12 OM_uint32 gss_wrap(OM_uint32 *minor_status,
13 const gss_ctx_id_t context_handle, int conf_req_flag,
14 gss_qop_t qop_req, const gss_buffer_t input_message_buffer,
15 int *conf_state, gss_buffer_t output_message_buffer);
16
17
19 The gss_wrap() function attaches a cryptographic MIC and optionally
20 encrypts the specified input_message. The output_message contains both
21 the MIC and the message. The qop_req parameter allows a choice between
22 several cryptographic algorithms, if supported by the chosen mechanism.
23
24
25 Since some application-level protocols may wish to use tokens emitted
26 by gss_wrap() to provide secure framing, the GSS-API supports the wrap‐
27 ping of zero-length messages.
28
30 The parameter descriptions for gss_wrap() follow:
31
32 minor_status The status code returned by the underlying
33 mechanism.
34
35
36 context_handle Identifies the context on which the message
37 will be sent.
38
39
40 conf_req_flag If the value of conf_req_flag is non-zero,
41 both confidentiality and integrity services
42 are requested. If the value is zero, then only
43 integrity service is requested.
44
45
46 qop_req Specifies the required quality of protection.
47 A mechanism-specific default may be requested
48 by setting qop_req to GSS_C_QOP_DEFAULT. If an
49 unsupported protection strength is requested,
50 gss_wrap() will return a major_status of
51 GSS_S_BAD_QOP.
52
53
54 input_message_buffer The message to be protected.
55
56
57 conf_state If the value of conf_state is non-zero, confi‐
58 dentiality, data origin authentication, and
59 integrity services have been applied. If the
60 value is zero, then integrity services have
61 been applied. Specify NULL if this parameter
62 is not required.
63
64
65 output_message_buffer The buffer to receive the protected message.
66 Storage associated with this message must be
67 freed by the application after use with a call
68 to gss_release_buffer(3GSS).
69
70
72 gss_wrap() may return the following status codes:
73
74 GSS_S_COMPLETE Successful completion.
75
76
77 GSS_S_CONTEXT_EXPIRED The context has already expired.
78
79
80 GSS_S_NO_CONTEXT The context_handle parameter did not identify
81 a valid context.
82
83
84 GSS_S_BAD_QOP The specified QOP is not supported by the
85 mechanism.
86
87
88 GSS_S_FAILURE The underlying mechanism detected an error for
89 which no specific GSS status code is defined.
90 The mechanism-specific status code reported by
91 means of the minor_status parameter details
92 the error condition.
93
94
96 See attributes(5) for descriptions of the following attributes:
97
98
99
100
101 ┌─────────────────────────────┬─────────────────────────────┐
102 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
103 ├─────────────────────────────┼─────────────────────────────┤
104 │Availability │SUNWgss (32-bit) │
105 ├─────────────────────────────┼─────────────────────────────┤
106 │ │SUNWgssx (64-bit) │
107 ├─────────────────────────────┼─────────────────────────────┤
108 │MT-Level │Safe │
109 └─────────────────────────────┴─────────────────────────────┘
110
112 gss_release_buffer(3GSS), attributes(5)
113
114
115 Solaris Security for Developers Guide
116
117
118
119SunOS 5.11 15 Jan 2003 gss_wrap(3GSS)