1c0b9f4feSDoug Rabson.\" -*- nroff -*- 2c0b9f4feSDoug Rabson.\" 3c0b9f4feSDoug Rabson.\" Copyright (c) 2005 Doug Rabson 4c0b9f4feSDoug Rabson.\" All rights reserved. 5c0b9f4feSDoug Rabson.\" 6c0b9f4feSDoug Rabson.\" Redistribution and use in source and binary forms, with or without 7c0b9f4feSDoug Rabson.\" modification, are permitted provided that the following conditions 8c0b9f4feSDoug Rabson.\" are met: 9c0b9f4feSDoug Rabson.\" 1. Redistributions of source code must retain the above copyright 10c0b9f4feSDoug Rabson.\" notice, this list of conditions and the following disclaimer. 11c0b9f4feSDoug Rabson.\" 2. Redistributions in binary form must reproduce the above copyright 12c0b9f4feSDoug Rabson.\" notice, this list of conditions and the following disclaimer in the 13c0b9f4feSDoug Rabson.\" documentation and/or other materials provided with the distribution. 14c0b9f4feSDoug Rabson.\" 15c0b9f4feSDoug Rabson.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16c0b9f4feSDoug Rabson.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17c0b9f4feSDoug Rabson.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18c0b9f4feSDoug Rabson.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19c0b9f4feSDoug Rabson.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20c0b9f4feSDoug Rabson.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21c0b9f4feSDoug Rabson.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22c0b9f4feSDoug Rabson.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23c0b9f4feSDoug Rabson.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24c0b9f4feSDoug Rabson.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25c0b9f4feSDoug Rabson.\" SUCH DAMAGE. 26c0b9f4feSDoug Rabson.\" 27c0b9f4feSDoug Rabson.\" $FreeBSD$ 28c0b9f4feSDoug Rabson.\" 29c0b9f4feSDoug Rabson.\" Copyright (C) The Internet Society (2000). All Rights Reserved. 30c0b9f4feSDoug Rabson.\" 31c0b9f4feSDoug Rabson.\" This document and translations of it may be copied and furnished to 32c0b9f4feSDoug Rabson.\" others, and derivative works that comment on or otherwise explain it 33c0b9f4feSDoug Rabson.\" or assist in its implementation may be prepared, copied, published 34c0b9f4feSDoug Rabson.\" and distributed, in whole or in part, without restriction of any 35c0b9f4feSDoug Rabson.\" kind, provided that the above copyright notice and this paragraph are 36c0b9f4feSDoug Rabson.\" included on all such copies and derivative works. However, this 37c0b9f4feSDoug Rabson.\" document itself may not be modified in any way, such as by removing 38c0b9f4feSDoug Rabson.\" the copyright notice or references to the Internet Society or other 39c0b9f4feSDoug Rabson.\" Internet organizations, except as needed for the purpose of 40c0b9f4feSDoug Rabson.\" developing Internet standards in which case the procedures for 41c0b9f4feSDoug Rabson.\" copyrights defined in the Internet Standards process must be 42c0b9f4feSDoug Rabson.\" followed, or as required to translate it into languages other than 43c0b9f4feSDoug Rabson.\" English. 44c0b9f4feSDoug Rabson.\" 45c0b9f4feSDoug Rabson.\" The limited permissions granted above are perpetual and will not be 46c0b9f4feSDoug Rabson.\" revoked by the Internet Society or its successors or assigns. 47c0b9f4feSDoug Rabson.\" 48c0b9f4feSDoug Rabson.\" This document and the information contained herein is provided on an 49c0b9f4feSDoug Rabson.\" "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 50c0b9f4feSDoug Rabson.\" TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 51c0b9f4feSDoug Rabson.\" BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 52c0b9f4feSDoug Rabson.\" HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 53c0b9f4feSDoug Rabson.\" MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 54c0b9f4feSDoug Rabson.\" 55c0b9f4feSDoug Rabson.\" The following commands are required for all man pages. 56c0b9f4feSDoug Rabson.Dd November 12, 2005 57c0b9f4feSDoug Rabson.Os 58c0b9f4feSDoug Rabson.Dt GSS_VERIFY_MIC 3 PRM 59c0b9f4feSDoug Rabson.Sh NAME 60c0b9f4feSDoug Rabson.Nm gss_verify_mic , 61c0b9f4feSDoug Rabson.Nm gss_verify 62c0b9f4feSDoug Rabson.Nd Check a MIC against a message; verify integrity of a received message 63c0b9f4feSDoug Rabson.\" This next command is for sections 2 and 3 only. 64c0b9f4feSDoug Rabson.\" .Sh LIBRARY 65c0b9f4feSDoug Rabson.Sh SYNOPSIS 66c0b9f4feSDoug Rabson.In "gssapi/gssapi.h" 67c0b9f4feSDoug Rabson.Ft OM_uint32 68c0b9f4feSDoug Rabson.Fo gss_verify_mic 69c0b9f4feSDoug Rabson.Fa "OM_uint32 *minor_status" 70c0b9f4feSDoug Rabson.Fa "const gss_ctx_id_t context_handle" 71c0b9f4feSDoug Rabson.Fa "const gss_buffer_t message_buffer" 72c0b9f4feSDoug Rabson.Fa "const gss_buffer_t token_buffer" 73c0b9f4feSDoug Rabson.Fa "gss_qop_t *qop_state" 74c0b9f4feSDoug Rabson.Fc 75c0b9f4feSDoug Rabson.Ft OM_uint32 76c0b9f4feSDoug Rabson.Fo gss_verify 77c0b9f4feSDoug Rabson.Fa "OM_uint32 *minor_status" 78c0b9f4feSDoug Rabson.Fa "gss_ctx_id_t context_handle" 79c0b9f4feSDoug Rabson.Fa "gss_buffer_t message_buffer" 80c0b9f4feSDoug Rabson.Fa "gss_buffer_t token_buffer" 81c0b9f4feSDoug Rabson.Fa "gss_qop_t *qop_state" 82c0b9f4feSDoug Rabson.Fc 83c0b9f4feSDoug Rabson.Sh DESCRIPTION 84c0b9f4feSDoug RabsonVerifies that a cryptographic MIC, 85c0b9f4feSDoug Rabsoncontained in the token parameter, 86c0b9f4feSDoug Rabsonfits the supplied message. 87c0b9f4feSDoug RabsonThe 88c0b9f4feSDoug Rabson.Fa qop_state 89c0b9f4feSDoug Rabsonparameter allows a message recipient to determine the strength of 90c0b9f4feSDoug Rabsonprotection that was applied to the message. 91c0b9f4feSDoug Rabson.Pp 92c0b9f4feSDoug RabsonSince some application-level protocols may wish to use tokens emitted 93c0b9f4feSDoug Rabsonby 94c0b9f4feSDoug Rabson.Fn gss_wrap 95c0b9f4feSDoug Rabsonto provide "secure framing", 96c0b9f4feSDoug Rabsonimplementations must support the calculation and verification of MICs 97c0b9f4feSDoug Rabsonover zero-length messages. 98c0b9f4feSDoug Rabson.Pp 99c0b9f4feSDoug RabsonThe 100c0b9f4feSDoug Rabson.Fn gss_verify 101c0b9f4feSDoug Rabsonroutine is an obsolete variant of 102c0b9f4feSDoug Rabson.Fn gss_verify_mic . 103c0b9f4feSDoug RabsonIt is provided for backwards 104c0b9f4feSDoug Rabsoncompatibility with applications using the GSS-API V1 interface. 105c0b9f4feSDoug RabsonA distinct entrypoint (as opposed to #define) is provided, 106c0b9f4feSDoug Rabsonboth to allow GSS-API V1 applications to link 107c0b9f4feSDoug Rabsonand to retain the slight parameter type differences between the 108c0b9f4feSDoug Rabsonobsolete versions of this routine and its current form. 109c0b9f4feSDoug Rabson.Sh PARAMETERS 110c0b9f4feSDoug Rabson.Bl -tag 111c0b9f4feSDoug Rabson.It minor_status 112c0b9f4feSDoug RabsonMechanism specific status code. 113c0b9f4feSDoug Rabson.It context_handle 114c0b9f4feSDoug RabsonIdentifies the context on which the message arrived. 115c0b9f4feSDoug Rabson.It message_buffer 116c0b9f4feSDoug RabsonMessage to be verified. 117c0b9f4feSDoug Rabson.It token_buffer 118c0b9f4feSDoug RabsonToken associated with message. 119c0b9f4feSDoug Rabson.It qop_state 120c0b9f4feSDoug RabsonQuality of protection gained from MIC. 121c0b9f4feSDoug RabsonSpecify 122c0b9f4feSDoug Rabson.Dv NULL 123c0b9f4feSDoug Rabsonif not required. 124c0b9f4feSDoug Rabson.El 125c0b9f4feSDoug Rabson.Sh RETURN VALUES 126c0b9f4feSDoug Rabson.Bl -tag 127c0b9f4feSDoug Rabson.It GSS_S_COMPLETE 128c0b9f4feSDoug RabsonSuccessful completion 129c0b9f4feSDoug Rabson.It GSS_S_DEFECTIVE_TOKEN 130c0b9f4feSDoug RabsonThe token failed consistency checks 131c0b9f4feSDoug Rabson.It GSS_S_BAD_SIG 132c0b9f4feSDoug RabsonThe MIC was incorrect 133c0b9f4feSDoug Rabson.It GSS_S_DUPLICATE_TOKEN 134c0b9f4feSDoug RabsonThe token was valid, 135c0b9f4feSDoug Rabsonand contained a correct MIC for the message, 136c0b9f4feSDoug Rabsonbut it had already been processed 137c0b9f4feSDoug Rabson.It GSS_S_OLD_TOKEN 138c0b9f4feSDoug RabsonThe token was valid, 139c0b9f4feSDoug Rabsonand contained a correct MIC for the message, 140c0b9f4feSDoug Rabsonbut it is too old to check for duplication 141c0b9f4feSDoug Rabson.It GSS_S_UNSEQ_TOKEN 142c0b9f4feSDoug RabsonThe token was valid, 143c0b9f4feSDoug Rabsonand contained a correct MIC for the message, 144c0b9f4feSDoug Rabsonbut has been verified out of sequence; 145c0b9f4feSDoug Rabsona later token has already been received. 146c0b9f4feSDoug Rabson.It GSS_S_GAP_TOKEN 147c0b9f4feSDoug RabsonThe token was valid, 148c0b9f4feSDoug Rabsonand contained a correct MIC for the message, 149c0b9f4feSDoug Rabsonbut has been verified out of sequence; 150c0b9f4feSDoug Rabsonan earlier expected token has not yet been received 151c0b9f4feSDoug Rabson.It GSS_S_CONTEXT_EXPIRED 152c0b9f4feSDoug RabsonThe context has already expired 153c0b9f4feSDoug Rabson.It GSS_S_NO_CONTEXT 154c0b9f4feSDoug RabsonThe context_handle parameter did not identify a valid context 155c0b9f4feSDoug Rabson.El 156c0b9f4feSDoug Rabson.Sh SEE ALSO 157c0b9f4feSDoug Rabson.Xr gss_wrap 3 158c0b9f4feSDoug Rabson.Sh STANDARDS 159c0b9f4feSDoug Rabson.Bl -tag 160c0b9f4feSDoug Rabson.It RFC 2743 161c0b9f4feSDoug RabsonGeneric Security Service Application Program Interface Version 2, Update 1 162c0b9f4feSDoug Rabson.It RFC 2744 163c0b9f4feSDoug RabsonGeneric Security Service API Version 2 : C-bindings 164c0b9f4feSDoug Rabson.\" .Sh HISTORY 165c0b9f4feSDoug Rabson.El 166c0b9f4feSDoug Rabson.Sh HISTORY 167c0b9f4feSDoug RabsonThe 168c0b9f4feSDoug Rabson.Nm 169c0b9f4feSDoug Rabsonmanual page example first appeared in 170c0b9f4feSDoug Rabson.Fx 7.0 . 171c0b9f4feSDoug Rabson.Sh AUTHORS 172c0b9f4feSDoug RabsonJohn Wray, Iris Associates 173