294 lines
7.2 KiB
HTML
294 lines
7.2 KiB
HTML
|
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||
|
<html>
|
||
|
<head>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
|
||
|
<meta name="Copyright" content="Copyright (c) 2006 by IBM Corporation">
|
||
|
<title>gss_wrap()--Cryptographically Sign and Optionally Encrypt
|
||
|
Message</title>
|
||
|
<!-- Begin Header Records -->
|
||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
<!-- US Government Users Restricted Rights -->
|
||
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
<!-- Change History: -->
|
||
|
<!-- Edited by Kersten Jan 02 -->
|
||
|
<!-- Created by Kent Hofer for V5R1 -->
|
||
|
<link rel="stylesheet" type="text/css" href="../rzahg/ic.css">
|
||
|
</head>
|
||
|
<body>
|
||
|
<!-- End Header Records -->
|
||
|
<!--Java sync-link-->
|
||
|
<script type="text/javascript" language="Javascript" src="../rzahg/synch.js">
|
||
|
</script>
|
||
|
|
||
|
<a name="top_of_page"></a>
|
||
|
|
||
|
<h2>gss_wrap()--Cryptographically Sign and Optionally Encrypt Message</h2>
|
||
|
|
||
|
<div class="box" style="width: 70%;">
|
||
|
<br>
|
||
|
Syntax
|
||
|
|
||
|
<pre>
|
||
|
#include <gssapi.h>
|
||
|
|
||
|
OM_uint32 gss_wrap (
|
||
|
OM_uint32 * <em>minor_status</em>,
|
||
|
gss_ctx_id_t <em>context_handle</em>,
|
||
|
int <em>conf_req</em>,
|
||
|
gss_qop_t <em>qop_req</em>,
|
||
|
gss_buffer_t <em>input_message</em>,
|
||
|
int * <em>conf_state</em>,
|
||
|
gss_buffer_t <em>output_message</em>);
|
||
|
</pre>
|
||
|
|
||
|
Service Program Name: QSYS/QKRBGSS<br>
|
||
|
<!-- iddvc RMBR -->
|
||
|
<br>
|
||
|
Default public authority: *USE<br>
|
||
|
<!-- iddvc RMBR -->
|
||
|
<br>
|
||
|
Threadsafe: Yes<br>
|
||
|
<!-- iddvc RMBR -->
|
||
|
<br>
|
||
|
|
||
|
|
||
|
</div>
|
||
|
|
||
|
<p>The <strong>gss_wrap()</strong> function cryptographically signs and
|
||
|
optionally encrypts a message. The token returned in the
|
||
|
<em>output_message</em> parameter contains both the signature and the message.
|
||
|
This token is then sent to the partner application that calls the
|
||
|
<strong>gss_unwrap()</strong> routine to extract the original message and
|
||
|
verify its authenticity.</p>
|
||
|
|
||
|
<br>
|
||
|
|
||
|
|
||
|
<h3>Parameters</h3>
|
||
|
|
||
|
<dl>
|
||
|
<dt><strong>minor_status</strong> (Output)</dt>
|
||
|
|
||
|
<dd>A status code from the security mechanism.<br>
|
||
|
<br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>context_handle</strong> (Input)</dt>
|
||
|
|
||
|
<dd>The context handle to be associated with the message when it is sent to the
|
||
|
partner application.<br>
|
||
|
<br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>conf_req</strong> (Input)</dt>
|
||
|
|
||
|
<dd>The requested level of confidentiality and integrity services as
|
||
|
follows:<br>
|
||
|
<br>
|
||
|
<table width="80%">
|
||
|
<!-- cols="10 90" -->
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>TRUE</em></td>
|
||
|
<td align="left" valign="top">Both confidentiality and integrity services are
|
||
|
requested.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>FALSE</em></td>
|
||
|
<td align="left" valign="top">Only integrity services are requested.</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
|
||
|
<br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>qop_req</strong> (Input)</dt>
|
||
|
|
||
|
<dd>The requested quality of protection for the message. Specify
|
||
|
<strong>GSS_C_QOP_DEFAULT</strong> to use the default quality of protection as
|
||
|
defined by the selected security mechanism.
|
||
|
|
||
|
<p>The Kerberos security mechanism supports three quality of protection levels
|
||
|
as follows (in decreasing order or speed). Specify
|
||
|
<strong>GSS_KRB5_INTEG_C_QOP_DES_MD5</strong> (or
|
||
|
<strong>GSS_C_QOP_DEFAULT</strong>) for interoperability with other
|
||
|
implementations of the Kerberos security mechanism.</p>
|
||
|
|
||
|
<table cellpadding="5">
|
||
|
<!-- cols="40 60" -->
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>GSS_KRB5_INTEG_C_QOP_MD5</em></td>
|
||
|
<td align="left" valign="top">Truncated MD5</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>GSS_KRB5_INTEG_C_QOP_DES_MD5</em></td>
|
||
|
<td align="left" valign="top">DES_MAC of an MD5 hash (default)</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>GSS_KRB5_INTEG_C_QOP_DES_MAC</em></td>
|
||
|
<td align="left" valign="top">Normal DES_MAC algorithm</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
|
||
|
<br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>input_message</strong> (Input)</dt>
|
||
|
|
||
|
<dd>The message to be wrapped.<br>
|
||
|
<br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>conf_state</strong> (Output)</dt>
|
||
|
|
||
|
<dd>The level of confidentiality that was applied to the message. Specify
|
||
|
<strong>NULL</strong> for this parameter if the confidentiality state is not
|
||
|
needed. The return value is set as follows:<br>
|
||
|
<br>
|
||
|
|
||
|
|
||
|
<table width="80%">
|
||
|
<!-- cols="10 90" -->
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>TRUE</em></td>
|
||
|
<td align="left" valign="top">Both confidentiality and integrity services were
|
||
|
applied.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>FALSE</em></td>
|
||
|
<td align="left" valign="top">Only integrity services were applied.</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
|
||
|
<br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>output_message</strong> (Output)</dt>
|
||
|
|
||
|
<dd>The wrapped message. The buffer should be released when it is no longer
|
||
|
needed by calling the <strong>gss_release_buffer()</strong> routine.</dd>
|
||
|
</dl>
|
||
|
|
||
|
<br>
|
||
|
|
||
|
|
||
|
<h3>Return Value</h3>
|
||
|
|
||
|
<p>The return value is one of the following status codes:</p>
|
||
|
|
||
|
<dl>
|
||
|
<dt><strong>GSS_S_BAD_QOP</strong></dt>
|
||
|
|
||
|
<dd>The quality of protection value is not valid.<br>
|
||
|
<br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>GSS_S_COMPLETE</strong></dt>
|
||
|
|
||
|
<dd>The routine completed successfully.<br>
|
||
|
<br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>GSS_S_CONTEXT_EXPIRED</strong></dt>
|
||
|
|
||
|
<dd>The context identifier provided by the caller has expired.<br>
|
||
|
<br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>GSS_S_CREDENTIALS_EXPIRED</strong></dt>
|
||
|
|
||
|
<dd>Credentials are no longer valid.<br>
|
||
|
<br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>GSS_S_FAILURE</strong></dt>
|
||
|
|
||
|
<dd>The routine failed for reasons that are not defined at the GSS level. The
|
||
|
<em>minor_status</em> return parameter contains a mechanism-dependent error
|
||
|
code describing the reason for the failure.<br>
|
||
|
<br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>GSS_S_NO_CONTEXT</strong></dt>
|
||
|
|
||
|
<dd>The context identifier provided by the caller does not refer to a valid
|
||
|
security context.</dd>
|
||
|
</dl>
|
||
|
|
||
|
<br>
|
||
|
|
||
|
|
||
|
<h3>Authorities</h3>
|
||
|
|
||
|
<table border width="80%">
|
||
|
<tr>
|
||
|
<th align="left" valign="bottom">Object Referred to</th>
|
||
|
<th align="center" valign="bottom">Data Authority Required</th>
|
||
|
</tr>
|
||
|
<tr>
|
||
|
<td align="left" valign="top">Each directory in the path name preceding the
|
||
|
configuration file</td>
|
||
|
<td align="center" valign="top">*X</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top">Configuration file</td>
|
||
|
<td align="center" valign="top">*R</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
|
||
|
<br>
|
||
|
<br>
|
||
|
|
||
|
|
||
|
<h3>Error Messages</h3>
|
||
|
|
||
|
<table width="100%" cellpadding="5">
|
||
|
<!-- cols="15 85" -->
|
||
|
<tr>
|
||
|
<th align="left" valign="top">Message ID</th>
|
||
|
<th align="left" valign="top">Error Message Text</th>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td width="15%" valign="top">CPE3418 E</td>
|
||
|
<td width="85%" valign="top">Possible APAR condition or hardware failure.</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
|
||
|
<br>
|
||
|
|
||
|
|
||
|
<h3>Usage Notes</h3>
|
||
|
|
||
|
<ol>
|
||
|
<li>If confidentiality is requested (the <em>conf_req</em> is
|
||
|
<strong>true</strong>) but confidentiality services are not available for the
|
||
|
security context, no error is returned and only integrity services are
|
||
|
performed. The <em>conf_state</em> return parameter indicates whether or not
|
||
|
the requested confidentiality services were performed.</li>
|
||
|
</ol>
|
||
|
|
||
|
<br>
|
||
|
<hr>
|
||
|
API introduced: V5R1
|
||
|
|
||
|
<hr>
|
||
|
<center>
|
||
|
<table cellpadding="2" cellspacing="2">
|
||
|
<tr align="center">
|
||
|
<td valign="middle" align="center"><a href="#Top_Of_Page">Top</a> | <a href=
|
||
|
"sec.htm">Security APIs</a> <br>
|
||
|
<a href="unix.htm">UNIX-Type APIs</a> | <a href="aplist.htm">APIs by
|
||
|
category</a> </td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
</center>
|
||
|
</body>
|
||
|
</html>
|
||
|
|