<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <meta name="Copyright" content="Copyright (c) 2006 by IBM Corporation"> <title>gss_verify_mic()--Verify that Cryptographic Signature is Correct</title> <!-- Begin Header Records ========================================== --> <!-- All rights reserved. Licensed Materials Property of IBM --> <!-- US Government Users Restricted Rights --> <!-- Use, duplication or disclosure restricted by --> <!-- GSA ADP Schedule Contract with IBM Corp. --> <!-- Change History: --> <!-- Created by Kent Hofer for V5R1 --> <!-- Edited by Kersten Jan 02 --> <link rel="stylesheet" type="text/css" href="../rzahg/ic.css"> </head> <body> <!-- End Header Records --><!--Java sync-link--> <script type="text/javascript" language="Javascript" src="../rzahg/synch.js"> </script> <a name="top_of_page"></a> <h2>gss_verify_mic()--Verify that Cryptographic Signature is Correct</h2> <div class="box" style="width: 60%;"> <br> Syntax <pre> #include <gssapi.h> OM_uint32 gss_verify_mic ( OM_uint32 * <em>minor_status</em>, gss_ctx_id_t <em>context_handle</em>, gss_buffer_t <em>input_message</em>, gss_buffer_t <em>input_token</em>, gss_qop_t * <em>qop_state</em>); </pre> Service Program Name: QSYS/QKRBGSS<br> <!-- iddvc RMBR --> <br> Default public authority: *USE<br> <!-- iddvc RMBR --> <br> Threadsafe: Yes<br> <!-- iddvc RMBR --> <br> </div> <p>The <strong>gss_verify_mic()</strong> function verifies that the cryptographic signature for a message is correct. This ensures that the message has not been modified since the signature was generated.</p> <br> <h3>Parameters</h3> <dl> <dt><strong>minor_status</strong> (Output)</dt> <dd>A status code from the security mechanism.<br> <br> </dd> <dt><strong>context_handle</strong> (Input)</dt> <dd>The context in which the message arrived.<br> <br> </dd> <dt><strong>input_message</strong> (Input)</dt> <dd>The message to be verified.<br> <br> </dd> <dt><strong>input_token</strong> (Input)</dt> <dd>The signature token generated by the <strong>gss_get_mic()</strong> routine.<br> <br> </dd> <dt><strong>qop_state</strong> (Output)</dt> <dd>The quality of protection that was applied to the message. Specify <strong> NULL</strong> for this parameter if the quality of protection is not needed. <p>The Kerberos security mechanism supports three quality of protection levels as follows:</p> <table cellpadding="5"> <!-- cols="40 60" --> <tr> <td align="left" valign="top"><em>GSS_KRB5_INTEG_C_QOP_MD5</em></td> <td align="left" valign="top">Truncated MD5</td> </tr> <tr> <td align="left" valign="top"><em>GSS_KRB5_INTEG_C_QOP_DES_MD5</em></td> <td align="left" valign="top">DES_MAC of an MD5 hash</td> </tr> <tr> <td align="left" valign="top"><em>GSS_KRB5_INTEG_C_QOP_DES_MAC</em></td> <td align="left" valign="top">Normal DES_MAC algorithm</td> </tr> </table> </dd> </dl> <br> <h3>Return Value</h3> <p>The return value is one of the following status codes:</p> <dl> <dt><strong>GSS_S_BAD_SIG</strong></dt> <dd>The input token contains an incorrect signature.<br> <br> </dd> <dt><strong>GSS_S_COMPLETE</strong></dt> <dd>The routine completed successfully.<br> <br> </dd> <dt><strong>GSS_S_CONTEXT_EXPIRED</strong></dt> <dd>The context identifier provided by the caller has expired.<br> <br> </dd> <dt><strong>GSS_S_CREDENTIALS_EXPIRED</strong></dt> <dd>The credentials associated with the referenced context have expired.<br> <br> </dd> <dt><strong>GSS_S_DEFECTIVE_CREDENTIAL</strong></dt> <dd>The credential is defective.<br> <br> </dd> <dt><strong>GSS_S_DEFECTIVE_TOKEN</strong></dt> <dd>Consistency checks performed on the input token failed.<br> <br> </dd> <dt><strong>GSS_S_DUPLICATE_TOKEN</strong></dt> <dd>The token is a duplicate of a token that has already been processed.<br> <br> </dd> <dt><strong>GSS_S_FAILURE</strong></dt> <dd>The routine failed for reasons that are not defined at the GSS level. The <em>minor_status</em> return parameter contains a mechanism-dependent error code describing the reason for the failure.<br> <br> </dd> <dt><strong>GSS_S_GAP_TOKEN</strong></dt> <dd>One or more predecessor tokens have not been processed.<br> <br> </dd> <dt><strong>GSS_S_NO_CONTEXT</strong></dt> <dd>The context identifier provided by the caller does not refer to a valid security context.<br> <br> </dd> <dt><strong>GSS_S_OLD_TOKEN</strong></dt> <dd>The token is too old to be checked for duplication against previous tokens. This is a fatal error during context establishment.<br> <br> </dd> <dt><strong>GSS_S_UNSEQ_TOKEN</strong></dt> <dd>A later token has already been processed.</dd> </dl> <br> <h3>Authorities</h3> <table border width="80%"> <tr> <th align="left" valign="bottom">Object Referred to</th> <th align="center" valign="bottom">Data Authority Required</th> </tr> <tr> <td align="left" valign="top">Each directory in the path name preceding the configuration file</td> <td align="center" valign="top">*X</td> </tr> <tr> <td align="left" valign="top">Configuration file</td> <td align="center" valign="top">*R</td> </tr> </table> <br> <h3>Error Messages</h3> <table width="100%" cellpadding="5"> <!-- cols="15 85" --> <tr> <th align="left" valign="top">Message ID</th> <th align="left" valign="top">Error Message Text</th> </tr> <tr> <td width="15%" valign="top">CPE3418 E</td> <td width="85%" valign="top">Possible APAR condition or hardware failure.</td> </tr> </table> <br> <hr> API introduced: V5R1 <hr> <center> <table cellpadding="2" cellspacing="2"> <tr align="center"> <td valign="middle" align="center"><a href="#Top_Of_Page">Top</a> | <a href= "sec.htm">Security APIs</a><br> <a href="unix.htm">UNIX-Type APIs</a> | <a href="aplist.htm">APIs by category</a></td> </tr> </table> </center> </body> </html>