HP Open Source Security for OpenVMS Volume 3: Kerberos > Chapter 5 GSSAPI (Generic Security Services Application Programming Interface)

gss_verify_mic — Check that a cryptographic MIC fits the applied message

  Table of Contents

  Glossary

  Index

C Prototype

OM_uint32 gss_verify_mic(
OM_uint32 * minor_status,
gss_ctx_id_t context_handle,
gss_buffer_t message_buffer,
gss_buffer_t message_token,
gss_qop_t * qop_state );

Arguments

minor_status (output) 

An implementation-specific status code.

context_handle (input) 

Specifies the context on which the message arrived.

message_buffer (input) 

Specifies the message to be verified.

message_token (input) 

Specifies the token to be associated with the message.

qop_state (output) 

Returns the quality of protection gained from the MIC. Specify NULL if not required.

Description

This routine checks that a cryptographic MIC, contained in the message_token argument, fits the message in the message_buffer argument. The qop_state argument allows a message recipient to determine the strength of protection that was applied to the message.

This routine is functionally equivalent to the gss_verify routine. New code should use gss_verify_mic instead of gss_verify. Although both routines are supported, gss_verify has been deprecated in the GSSAPI Version 2 specification.

Return Values

This routine returns one of the following GSS status codes:

GSS_S_COMPLETE

Indicates that the message was successfully verified.

GSS_S_DEFECTIVE_TOKEN

Indicates that consistency checks performed on the received message_token failed, preventing further processing from being performed with that token.

GSS_S_BAD_SIG

Indicates that the received message_token contains an incorrect MIC for the message.

GSS_S_DUPLICATE_TOKEN

The message_token was valid, and contained a correct MIC for the message, but is a duplicate of a token already processed. This is a fatal error during context establishment.

GSS_S_OLD_TOKEN

The message_token was valid, and contained a correct MIC for the message, but the message_token was too old to check for duplication. This is a fatal error during context establishment.

GSS_S_UNSEQ_TOKEN

Indicates that the cryptographic check value on the received message was correct, and the message_token contained a correct MIC, but the token has been verified out of sequence; a later token has already been received.

GSS_S_GAP_TOKEN

Indicates that the cryptographic check value on the received message was correct, and the message_token contained a correct MIC, but the token has been verified out of sequence; an earlier expected token has not yet been received.

GSS_S_CONTEXT_EXPIRED

Indicates that context-related data items have expired, so that the requested operation cannot be performed

GSS_S_NO_CONTEXT

Indicates that no valid context was recognized for the input context_handle provided.