gss_wrap()--Cryptographically Sign and Optionally Encrypt Message
Syntax
#include <gssapi.h> OM_uint32 gss_wrap ( OM_uint32 * minor_status, gss_ctx_id_t context_handle, int conf_req, gss_qop_t qop_req, gss_buffer_t input_message, int * conf_state, gss_buffer_t output_message);Service Program Name: QSYS/QKRBGSS
Default public authority: *USE
Threadsafe: Yes
The gss_wrap() function cryptographically signs and optionally encrypts a message. The token returned in the output_message parameter contains both the signature and the message. This token is then sent to the partner application that calls the gss_unwrap() routine to extract the original message and verify its authenticity.
Parameters
- minor_status (Output)
- A status code from the security mechanism.
- context_handle (Input)
- The context handle to be associated with the message when it is sent to the
partner application.
- conf_req (Input)
- The requested level of confidentiality and integrity services as
follows:
TRUE Both confidentiality and integrity services are requested. FALSE Only integrity services are requested.
- qop_req (Input)
- The requested quality of protection for the message. Specify
GSS_C_QOP_DEFAULT to use the default quality of protection as
defined by the selected security mechanism.
The Kerberos security mechanism supports three quality of protection levels as follows (in decreasing order or speed). Specify GSS_KRB5_INTEG_C_QOP_DES_MD5 (or GSS_C_QOP_DEFAULT) for interoperability with other implementations of the Kerberos security mechanism.
GSS_KRB5_INTEG_C_QOP_MD5 Truncated MD5 GSS_KRB5_INTEG_C_QOP_DES_MD5 DES_MAC of an MD5 hash (default) GSS_KRB5_INTEG_C_QOP_DES_MAC Normal DES_MAC algorithm
- input_message (Input)
- The message to be wrapped.
- conf_state (Output)
- The level of confidentiality that was applied to the message. Specify
NULL for this parameter if the confidentiality state is not
needed. The return value is set as follows:
TRUE Both confidentiality and integrity services were applied. FALSE Only integrity services were applied.
- output_message (Output)
- The wrapped message. The buffer should be released when it is no longer needed by calling the gss_release_buffer() routine.
Return Value
The return value is one of the following status codes:
- GSS_S_BAD_QOP
- The quality of protection value is not valid.
- GSS_S_COMPLETE
- The routine completed successfully.
- GSS_S_CONTEXT_EXPIRED
- The context identifier provided by the caller has expired.
- GSS_S_CREDENTIALS_EXPIRED
- Credentials are no longer valid.
- GSS_S_FAILURE
- The routine failed for reasons that are not defined at the GSS level. The
minor_status return parameter contains a mechanism-dependent error
code describing the reason for the failure.
- GSS_S_NO_CONTEXT
- The context identifier provided by the caller does not refer to a valid security context.
Authorities
Object Referred to | Data Authority Required |
---|---|
Each directory in the path name preceding the configuration file | *X |
Configuration file | *R |
Error Messages
Message ID | Error Message Text |
---|---|
CPE3418 E | Possible APAR condition or hardware failure. |
Usage Notes
- If confidentiality is requested (the conf_req is true) but confidentiality services are not available for the security context, no error is returned and only integrity services are performed. The conf_state return parameter indicates whether or not the requested confidentiality services were performed.
API introduced: V5R1
[ Back to top | Security APIs | UNIX-Type APIs | APIs by category ]