3 .\" Copyright (c) 2005 Doug Rabson
4 .\" All rights reserved.
6 .\" Redistribution and use in source and binary forms, with or without
7 .\" modification, are permitted provided that the following conditions
9 .\" 1. Redistributions of source code must retain the above copyright
10 .\" notice, this list of conditions and the following disclaimer.
11 .\" 2. Redistributions in binary form must reproduce the above copyright
12 .\" notice, this list of conditions and the following disclaimer in the
13 .\" documentation and/or other materials provided with the distribution.
15 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 .\" Copyright (C) The Internet Society (2000). All Rights Reserved.
31 .\" This document and translations of it may be copied and furnished to
32 .\" others, and derivative works that comment on or otherwise explain it
33 .\" or assist in its implementation may be prepared, copied, published
34 .\" and distributed, in whole or in part, without restriction of any
35 .\" kind, provided that the above copyright notice and this paragraph are
36 .\" included on all such copies and derivative works. However, this
37 .\" document itself may not be modified in any way, such as by removing
38 .\" the copyright notice or references to the Internet Society or other
39 .\" Internet organizations, except as needed for the purpose of
40 .\" developing Internet standards in which case the procedures for
41 .\" copyrights defined in the Internet Standards process must be
42 .\" followed, or as required to translate it into languages other than
45 .\" The limited permissions granted above are perpetual and will not be
46 .\" revoked by the Internet Society or its successors or assigns.
48 .\" This document and the information contained herein is provided on an
49 .\" "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
50 .\" TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
51 .\" BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
52 .\" HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
53 .\" MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
55 .\" The following commands are required for all man pages.
58 .Dt GSS_VERIFY_MIC 3 PRM
62 .Nd Check a MIC against a message; verify integrity of a received message
63 .\" This next command is for sections 2 and 3 only.
69 .Fa "OM_uint32 *minor_status"
70 .Fa "const gss_ctx_id_t context_handle"
71 .Fa "const gss_buffer_t message_buffer"
72 .Fa "const gss_buffer_t token_buffer"
73 .Fa "gss_qop_t *qop_state"
77 .Fa "OM_uint32 *minor_status"
78 .Fa "gss_ctx_id_t context_handle"
79 .Fa "gss_buffer_t message_buffer"
80 .Fa "gss_buffer_t token_buffer"
81 .Fa "gss_qop_t *qop_state"
84 Verifies that a cryptographic MIC,
85 contained in the token parameter,
86 fits the supplied message.
89 parameter allows a message recipient to determine the strength of
90 protection that was applied to the message.
92 Since some application-level protocols may wish to use tokens emitted
95 to provide "secure framing",
96 implementations must support the calculation and verification of MICs
97 over zero-length messages.
101 routine is an obsolete variant of
103 It is provided for backwards
104 compatibility with applications using the GSS-API V1 interface.
105 A distinct entrypoint (as opposed to #define) is provided,
106 both to allow GSS-API V1 applications to link
107 and to retain the slight parameter type differences between the
108 obsolete versions of this routine and its current form.
112 Mechanism specific status code.
114 Identifies the context on which the message arrived.
116 Message to be verified.
118 Token associated with message.
120 Quality of protection gained from MIC.
128 Successful completion
129 .It GSS_S_DEFECTIVE_TOKEN
130 The token failed consistency checks
132 The MIC was incorrect
133 .It GSS_S_DUPLICATE_TOKEN
135 and contained a correct MIC for the message,
136 but it had already been processed
139 and contained a correct MIC for the message,
140 but it is too old to check for duplication
141 .It GSS_S_UNSEQ_TOKEN
143 and contained a correct MIC for the message,
144 but has been verified out of sequence;
145 a later token has already been received.
148 and contained a correct MIC for the message,
149 but has been verified out of sequence;
150 an earlier expected token has not yet been received
151 .It GSS_S_CONTEXT_EXPIRED
152 The context has already expired
154 The context_handle parameter did not identify a valid context
161 Generic Security Service Application Program Interface Version 2, Update 1
163 Generic Security Service API Version 2 : C-bindings
169 manual page example first appeared in
172 John Wray, Iris Associates