gss_wrap(3GSS) Generic Security Services API Library Functions gss_wrap(3GSS)NAMEgss_wrap - attach a cryptographic message
SYNOPSIS
cc -flag ... file ...-lgss [library ...]
#include <gssapi/gssapi.h>
OM_uint32 gss_wrap(OM_uint32 *minor_status, const gss_ctx_id_t con‐
text_handle, int conf_req_flag, gss_qop_t qop_req, const gss_buffer_t
input_message_buffer, int *conf_state, gss_buffer_t output_message_buf‐
fer);
DESCRIPTION
The gss_wrap() function attaches a cryptographic MIC and optionally
encrypts the specified input_message. The output_message contains both
the MIC and the message. The qop_req parameter allows a choice between
several cryptographic algorithms, if supported by the chosen mechanism.
Since some application-level protocols may wish to use tokens emitted
by gss_wrap() to provide secure framing, the GSS-API supports the wrap‐
ping of zero-length messages.
PARAMETERS
The parameter descriptions for gss_wrap() follow:
minor_status The status code returned by the underlying
mechanism.
context_handle Identifies the context on which the message
will be sent.
conf_req_flag If the value of conf_req_flag is non-zero,
both confidentiality and integrity services are
requested. If the value is zero, then only
integrity service is requested.
qop_req Specifies the required quality of protection. A
mechanism-specific default may be requested by
setting qop_req to GSS_C_QOP_DEFAULT. If an
unsupported protection strength is requested,
gss_wrap() will return a major_status of
GSS_S_BAD_QOP.
input_message_buffer The message to be protected.
conf_state If the value of conf_state is non-zero, confi‐
dentiality, data origin authentication, and
integrity services have been applied. If the
value is zero, then integrity services have
been applied. Specify NULL if this parameter is
not required.
output_message_buffer The buffer to receive the protected message.
Storage associated with this message must be
freed by the application after use with a call
to gss_release_buffer(3GSS).
ERRORSgss_wrap() may return the following status codes:
GSS_S_COMPLETE Successful completion.
GSS_S_CONTEXT_EXPIRED The context has already expired.
GSS_S_NO_CONTEXT The context_handle parameter did not
identify a valid context.
GSS_S_BAD_QOP The specified QOP is not supported by
the mechanism.
GSS_S_FAILURE The underlying mechanism detected an
error for which no specific GSS status
code is defined. The mechanism-spe‐
cific status code reported by means of
the minor_status parameter details the
error condition.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
┌─────────────────────────────┬─────────────────────────────┐
│ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
├─────────────────────────────┼─────────────────────────────┤
│Availability │SUNWgss (32-bit) │
├─────────────────────────────┼─────────────────────────────┤
│ │SUNWgssx (64-bit) │
├─────────────────────────────┼─────────────────────────────┤
│MT-Level │Safe │
└─────────────────────────────┴─────────────────────────────┘
SEE ALSOgss_release_buffer(3GSS), attributes(5)
Solaris Security for Developers Guide
SunOS 5.10 15 Jan 2003 gss_wrap(3GSS)