xref: /freebsd/lib/libgssapi/gss_verify_mic.3 (revision b9f654b163bce26de79705e77b872427c9f2afa1)
1.\" -*- nroff -*-
2.\"
3.\" Copyright (c) 2005 Doug Rabson
4.\" All rights reserved.
5.\"
6.\" Redistribution and use in source and binary forms, with or without
7.\" modification, are permitted provided that the following conditions
8.\" are met:
9.\" 1. Redistributions of source code must retain the above copyright
10.\"    notice, this list of conditions and the following disclaimer.
11.\" 2. Redistributions in binary form must reproduce the above copyright
12.\"    notice, this list of conditions and the following disclaimer in the
13.\"    documentation and/or other materials provided with the distribution.
14.\"
15.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25.\" SUCH DAMAGE.
26.\"
27.\"	$FreeBSD$
28.\"
29.\" The following commands are required for all man pages.
30.Dd January 26, 2010
31.Dt GSS_VERIFY_MIC 3 PRM
32.Os
33.Sh NAME
34.Nm gss_verify_mic ,
35.Nm gss_verify
36.Nd Check a MIC against a message; verify integrity of a received message
37.\" This next command is for sections 2 and 3 only.
38.\" .Sh LIBRARY
39.Sh SYNOPSIS
40.In "gssapi/gssapi.h"
41.Ft OM_uint32
42.Fo gss_verify_mic
43.Fa "OM_uint32 *minor_status"
44.Fa "const gss_ctx_id_t context_handle"
45.Fa "const gss_buffer_t message_buffer"
46.Fa "const gss_buffer_t token_buffer"
47.Fa "gss_qop_t *qop_state"
48.Fc
49.Ft OM_uint32
50.Fo gss_verify
51.Fa "OM_uint32 *minor_status"
52.Fa "gss_ctx_id_t context_handle"
53.Fa "gss_buffer_t message_buffer"
54.Fa "gss_buffer_t token_buffer"
55.Fa "gss_qop_t *qop_state"
56.Fc
57.Sh DESCRIPTION
58Verifies that a cryptographic MIC,
59contained in the token parameter,
60fits the supplied message.
61The
62.Fa qop_state
63parameter allows a message recipient to determine the strength of
64protection that was applied to the message.
65.Pp
66Since some application-level protocols may wish to use tokens emitted
67by
68.Fn gss_wrap
69to provide "secure framing",
70implementations must support the calculation and verification of MICs
71over zero-length messages.
72.Pp
73The
74.Fn gss_verify
75routine is an obsolete variant of
76.Fn gss_verify_mic .
77It is provided for backwards
78compatibility with applications using the GSS-API V1 interface.
79A distinct entrypoint (as opposed to #define) is provided,
80both to allow GSS-API V1 applications to link
81and to retain the slight parameter type differences between the
82obsolete versions of this routine and its current form.
83.Sh PARAMETERS
84.Bl -tag -width ".It context_handle"
85.It minor_status
86Mechanism specific status code.
87.It context_handle
88Identifies the context on which the message arrived.
89.It message_buffer
90Message to be verified.
91.It token_buffer
92Token associated with message.
93.It qop_state
94Quality of protection gained from MIC.
95Specify
96.Dv NULL
97if not required.
98.El
99.Sh RETURN VALUES
100.Bl -tag -width ".It GSS_S_CONTEXT_EXPIRED"
101.It GSS_S_COMPLETE
102Successful completion
103.It GSS_S_DEFECTIVE_TOKEN
104The token failed consistency checks
105.It GSS_S_BAD_SIG
106The MIC was incorrect
107.It GSS_S_DUPLICATE_TOKEN
108The token was valid,
109and contained a correct MIC for the message,
110but it had already been processed
111.It GSS_S_OLD_TOKEN
112The token was valid,
113and contained a correct MIC for the message,
114but it is too old to check for duplication
115.It GSS_S_UNSEQ_TOKEN
116The token was valid,
117and contained a correct MIC for the message,
118but has been verified out of sequence;
119a later token has already been received.
120.It GSS_S_GAP_TOKEN
121The token was valid,
122and contained a correct MIC for the message,
123but has been verified out of sequence;
124an earlier expected token has not yet been received
125.It GSS_S_CONTEXT_EXPIRED
126The context has already expired
127.It GSS_S_NO_CONTEXT
128The context_handle parameter did not identify a valid context
129.El
130.Sh SEE ALSO
131.Xr gss_wrap 3
132.Sh STANDARDS
133.Bl -tag -width ".It RFC 2743"
134.It RFC 2743
135Generic Security Service Application Program Interface Version 2, Update 1
136.It RFC 2744
137Generic Security Service API Version 2 : C-bindings
138.El
139.Sh HISTORY
140The
141.Nm
142function first appeared in
143.Fx 7.0 .
144.Sh AUTHORS
145John Wray, Iris Associates
146.Sh COPYRIGHT
147Copyright (C) The Internet Society (2000).  All Rights Reserved.
148.Pp
149This document and translations of it may be copied and furnished to
150others, and derivative works that comment on or otherwise explain it
151or assist in its implementation may be prepared, copied, published
152and distributed, in whole or in part, without restriction of any
153kind, provided that the above copyright notice and this paragraph are
154included on all such copies and derivative works.  However, this
155document itself may not be modified in any way, such as by removing
156the copyright notice or references to the Internet Society or other
157Internet organizations, except as needed for the purpose of
158developing Internet standards in which case the procedures for
159copyrights defined in the Internet Standards process must be
160followed, or as required to translate it into languages other than
161English.
162.Pp
163The limited permissions granted above are perpetual and will not be
164revoked by the Internet Society or its successors or assigns.
165.Pp
166This document and the information contained herein is provided on an
167"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
168TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
169BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
170HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
171MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
172