gss_wrap - attach a cryptographic message
cc [ flag... ] file... -lgss [ library... ] #include <gssapi/gssapi.h> OM_uint32 gss_wrap(OM_uint32 *minor_status, const gss_ctx_id_t context_handle, int conf_req_flag, gss_qop_t qop_req, const gss_buffer_t input_message_buffer, int *conf_state, gss_buffer_t output_message_buffer);
Generic Security Services API Library Functions gss_wrap(3gss) NAME gss_wrap - attach a cryptographic message SYNOPSIS cc [ flag... ] file... -lgss [ library... ] #include <gssapi/gssapi.h> OM_uint32 gss_wrap(OM_uint32 *minor_status, const gss_ctx_id_t context_handle, int conf_req_flag, gss_qop_t qop_req, const gss_buffer_t input_message_buffer, int *conf_state, gss_buffer_t output_message_buffer); DESCRIPTION The gss_wrap() function attaches a cryptographic MIC and optionally encrypts the specified input_message. The output_message contains both the MIC and the message. The qop_req parameter allows a choice between several cryptographic algorithms, if supported by the chosen mechanism. Since some application-level protocols may wish to use tokens emitted by gss_wrap() to provide secure framing, the GSS-API supports the wrap- ping of zero-length messages. PARAMETERS The parameter descriptions for gss_wrap() follow: minor_status The status code returned by the underlying mechanism. context_handle Identifies the context on which the message will be sent. conf_req_flag If the value of conf_req_flag is non-zero, both confidentiality and integrity services are requested. If the value is zero, then only integrity service is requested. qop_req Specifies the required quality of protection. A mechanism-specific default may be requested by setting qop_req to GSS_C_QOP_DEFAULT. If an unsupported protection strength is requested, gss_wrap() will return a major_status of GSS_S_BAD_QOP. input_message_buffer The message to be protected. conf_state If the value of conf_state is non-zero, confi- dentiality, data origin authentication, and integrity services have been applied. If the value is zero, then integrity services have been applied. Specify NULL if this parameter is not required. output_message_buffer The buffer to receive the protected message. Storage associated with this message must be freed by the application after use with a call to gss_release_buffer(3GSS). ERRORS gss_wrap() may return the following status codes: GSS_S_COMPLETE Successful completion. GSS_S_CONTEXT_EXPIRED The context has already expired. GSS_S_NO_CONTEXT The context_handle parameter did not identify a valid context. GSS_S_BAD_QOP The specified QOP is not supported by the mechanism. GSS_S_FAILURE The underlying mechanism detected an error for which no specific GSS status code is defined. The mechanism-specific status code reported by means of the minor_status parameter details the error condition. ATTRIBUTES See attributes(7) for descriptions of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |MT-Level |Safe | +-----------------------------+-----------------------------+ ATTRIBUTES See attributes(7) for descriptions of the following attributes: +---------------+------------------------+ |ATTRIBUTE TYPE | ATTRIBUTE VALUE | +---------------+------------------------+ |Availability | security/kerberos-5 | +---------------+------------------------+ |Stability | Pass-through committed | +---------------+------------------------+ SEE ALSO gss_release_buffer(3GSS), attributes(7) NOTES Source code for open source software components in Oracle Solaris can be found at https://www.oracle.com/downloads/opensource/solaris-source- code-downloads.html. This software was built from source available at https://github.com/oracle/solaris-userland. The original community source was downloaded from http://web.mit.edu/ker- beros/dist/krb5/1.18/krb5-1.18.4.tar.gz. Further information about this software can be found on the open source community website at http://web.mit.edu/kerberos/. Solaris 11.4 22 Aug 2011 gss_wrap(3gss)