1.\" -*- nroff -*- 2.\" 3.\" Copyright (c) 2005 Doug Rabson 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 15.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25.\" SUCH DAMAGE. 26.\" 27.\" $FreeBSD$ 28.\" 29.\" The following commands are required for all man pages. 30.Dd January 26, 2010 31.Dt GSS_VERIFY_MIC 3 PRM 32.Os 33.Sh NAME 34.Nm gss_verify_mic , 35.Nm gss_verify 36.Nd Check a MIC against a message; verify integrity of a received message 37.\" This next command is for sections 2 and 3 only. 38.\" .Sh LIBRARY 39.Sh SYNOPSIS 40.In "gssapi/gssapi.h" 41.Ft OM_uint32 42.Fo gss_verify_mic 43.Fa "OM_uint32 *minor_status" 44.Fa "const gss_ctx_id_t context_handle" 45.Fa "const gss_buffer_t message_buffer" 46.Fa "const gss_buffer_t token_buffer" 47.Fa "gss_qop_t *qop_state" 48.Fc 49.Ft OM_uint32 50.Fo gss_verify 51.Fa "OM_uint32 *minor_status" 52.Fa "gss_ctx_id_t context_handle" 53.Fa "gss_buffer_t message_buffer" 54.Fa "gss_buffer_t token_buffer" 55.Fa "gss_qop_t *qop_state" 56.Fc 57.Sh DESCRIPTION 58Verifies that a cryptographic MIC, 59contained in the token parameter, 60fits the supplied message. 61The 62.Fa qop_state 63parameter allows a message recipient to determine the strength of 64protection that was applied to the message. 65.Pp 66Since some application-level protocols may wish to use tokens emitted 67by 68.Fn gss_wrap 69to provide "secure framing", 70implementations must support the calculation and verification of MICs 71over zero-length messages. 72.Pp 73The 74.Fn gss_verify 75routine is an obsolete variant of 76.Fn gss_verify_mic . 77It is provided for backwards 78compatibility with applications using the GSS-API V1 interface. 79A distinct entrypoint (as opposed to #define) is provided, 80both to allow GSS-API V1 applications to link 81and to retain the slight parameter type differences between the 82obsolete versions of this routine and its current form. 83.Sh PARAMETERS 84.Bl -tag -width ".It context_handle" 85.It minor_status 86Mechanism specific status code. 87.It context_handle 88Identifies the context on which the message arrived. 89.It message_buffer 90Message to be verified. 91.It token_buffer 92Token associated with message. 93.It qop_state 94Quality of protection gained from MIC. 95Specify 96.Dv NULL 97if not required. 98.El 99.Sh RETURN VALUES 100.Bl -tag -width ".It GSS_S_CONTEXT_EXPIRED" 101.It GSS_S_COMPLETE 102Successful completion 103.It GSS_S_DEFECTIVE_TOKEN 104The token failed consistency checks 105.It GSS_S_BAD_SIG 106The MIC was incorrect 107.It GSS_S_DUPLICATE_TOKEN 108The token was valid, 109and contained a correct MIC for the message, 110but it had already been processed 111.It GSS_S_OLD_TOKEN 112The token was valid, 113and contained a correct MIC for the message, 114but it is too old to check for duplication 115.It GSS_S_UNSEQ_TOKEN 116The token was valid, 117and contained a correct MIC for the message, 118but has been verified out of sequence; 119a later token has already been received. 120.It GSS_S_GAP_TOKEN 121The token was valid, 122and contained a correct MIC for the message, 123but has been verified out of sequence; 124an earlier expected token has not yet been received 125.It GSS_S_CONTEXT_EXPIRED 126The context has already expired 127.It GSS_S_NO_CONTEXT 128The context_handle parameter did not identify a valid context 129.El 130.Sh SEE ALSO 131.Xr gss_wrap 3 132.Sh STANDARDS 133.Bl -tag -width ".It RFC 2743" 134.It RFC 2743 135Generic Security Service Application Program Interface Version 2, Update 1 136.It RFC 2744 137Generic Security Service API Version 2 : C-bindings 138.El 139.Sh HISTORY 140The 141.Nm 142function first appeared in 143.Fx 7.0 . 144.Sh AUTHORS 145John Wray, Iris Associates 146.Sh COPYRIGHT 147Copyright (C) The Internet Society (2000). All Rights Reserved. 148.Pp 149This document and translations of it may be copied and furnished to 150others, and derivative works that comment on or otherwise explain it 151or assist in its implementation may be prepared, copied, published 152and distributed, in whole or in part, without restriction of any 153kind, provided that the above copyright notice and this paragraph are 154included on all such copies and derivative works. However, this 155document itself may not be modified in any way, such as by removing 156the copyright notice or references to the Internet Society or other 157Internet organizations, except as needed for the purpose of 158developing Internet standards in which case the procedures for 159copyrights defined in the Internet Standards process must be 160followed, or as required to translate it into languages other than 161English. 162.Pp 163The limited permissions granted above are perpetual and will not be 164revoked by the Internet Society or its successors or assigns. 165.Pp 166This document and the information contained herein is provided on an 167"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 168TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 169BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 170HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 171MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 172