Initial revision
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17692 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
178
lib/gssapi/mech/gss_wrap.3
Normal file
178
lib/gssapi/mech/gss_wrap.3
Normal file
@@ -0,0 +1,178 @@
|
||||
.\" -*- nroff -*-
|
||||
.\"
|
||||
.\" Copyright (c) 2005 Doug Rabson
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
.\" modification, are permitted provided that the following conditions
|
||||
.\" are met:
|
||||
.\" 1. Redistributions of source code must retain the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer.
|
||||
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer in the
|
||||
.\" documentation and/or other materials provided with the distribution.
|
||||
.\"
|
||||
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $FreeBSD: src/lib/libgssapi/gss_wrap.3,v 1.2 2006/01/25 10:06:28 dfr Exp $
|
||||
.\"
|
||||
.\" The following commands are required for all man pages.
|
||||
.Dd November 12, 2005
|
||||
.Os
|
||||
.Dt GSS_WRAP 3 PRM
|
||||
.Sh NAME
|
||||
.Nm gss_wrap ,
|
||||
.Nm gss_seal
|
||||
.Nd Attach a cryptographic MIC and optionally encrypt a message
|
||||
.\" This next command is for sections 2 and 3 only.
|
||||
.\" .Sh LIBRARY
|
||||
.Sh SYNOPSIS
|
||||
.In "gssapi/gssapi.h"
|
||||
.Ft OM_uint32
|
||||
.Fo gss_wrap
|
||||
.Fa "OM_uint32 *minor_status"
|
||||
.Fa "const gss_ctx_id_t context_handle"
|
||||
.Fa "int conf_req_flag"
|
||||
.Fa "gss_qop_t qop_req"
|
||||
.Fa "const gss_buffer_t input_message_buffer"
|
||||
.Fa "int *conf_state"
|
||||
.Fa "gss_buffer_t output_message_buffer"
|
||||
.Fc
|
||||
.Ft OM_uint32
|
||||
.Fo gss_seal
|
||||
.Fa "OM_uint32 *minor_status"
|
||||
.Fa "gss_ctx_id_t context_handle"
|
||||
.Fa "int conf_req_flag"
|
||||
.Fa "gss_qop_t qop_req"
|
||||
.Fa "gss_buffer_t input_message_buffer"
|
||||
.Fa "int *conf_state"
|
||||
.Fa "gss_buffer_t output_message_buffer"
|
||||
.Fc
|
||||
.Sh DESCRIPTION
|
||||
Attaches a cryptographic MIC and optionally encrypts the specified
|
||||
.Dv input_message .
|
||||
The output_message contains both the MIC and the message.
|
||||
The
|
||||
.Dv qop_req
|
||||
parameter allows a choice between several cryptographic algorithms,
|
||||
if supported by the chosen mechanism.
|
||||
.Pp
|
||||
Since some application-level protocols may wish to use tokens emitted
|
||||
by
|
||||
.Fn gss_wrap
|
||||
to provide "secure framing",
|
||||
implementations must support the wrapping of zero-length messages.
|
||||
.Pp
|
||||
The
|
||||
.Fn gss_seal
|
||||
routine is an obsolete variant of
|
||||
.Fn gss_wrap .
|
||||
It is
|
||||
provided for backwards
|
||||
compatibility with applications using the GSS-API V1 interface.
|
||||
A distinct entrypoint (as opposed to #define) is provided,
|
||||
both to allow GSS-API V1 applications to link
|
||||
and to retain the slight parameter type differences between the
|
||||
obsolete versions of this routine and its current form.
|
||||
.Sh PARAMETERS
|
||||
.Bl -tag
|
||||
.It minor_status
|
||||
Mechanism specific status code.
|
||||
.It context_handle
|
||||
Identifies the context on which the message will be sent.
|
||||
.It conf_req_flag
|
||||
.Bl -tag -width "Non-zero"
|
||||
.It Non-zero
|
||||
Both confidentiality and integrity services are requested.
|
||||
.It Zero
|
||||
Only integrity service is requested.
|
||||
.El
|
||||
.It qop_req
|
||||
Specifies required quality of protection.
|
||||
A mechanism-specific default may be requested by setting qop_req to
|
||||
.Dv GSS_C_QOP_DEFAULT .
|
||||
If an unsupported protection strength is requested,
|
||||
.Fn gss_wrap
|
||||
will return a major_status of
|
||||
.Dv GSS_S_BAD_QOP .
|
||||
.It input_message_buffer
|
||||
Message to be protected.
|
||||
.It conf_state
|
||||
.Bl -tag -width "Non-zero"
|
||||
.It Non-zero
|
||||
Confidentiality, data origin authentication and integrity services
|
||||
have been applied.
|
||||
.It Zero
|
||||
Integrity and data origin services only has been applied.
|
||||
.El
|
||||
.It output_message_buffer
|
||||
Buffer to receive protected message.
|
||||
Storage associated with this buffer must
|
||||
be freed by the application after use use
|
||||
with a call to
|
||||
.Xr gss_release_buffer 3 .
|
||||
.El
|
||||
.Sh RETURN VALUES
|
||||
.Bl -tag
|
||||
.It GSS_S_COMPLETE
|
||||
Successful completion.
|
||||
.It GSS_S_CONTEXT_EXPIRED
|
||||
The context has already expired
|
||||
.It GSS_S_NO_CONTEXT
|
||||
The context_handle parameter did not identify a valid context.
|
||||
.It GSS_S_BAD_QOP
|
||||
The specified QOP is not supported by the mechanism.
|
||||
.El
|
||||
.Sh SEE ALSO
|
||||
.Xr gss_unwrap 3 ,
|
||||
.Xr gss_release_buffer 3
|
||||
.Sh STANDARDS
|
||||
.Bl -tag
|
||||
.It RFC 2743
|
||||
Generic Security Service Application Program Interface Version 2, Update 1
|
||||
.It RFC 2744
|
||||
Generic Security Service API Version 2 : C-bindings
|
||||
.\" .Sh HISTORY
|
||||
.Sh HISTORY
|
||||
The
|
||||
.Nm
|
||||
manual page example first appeared in
|
||||
.Fx 7.0 .
|
||||
.Sh AUTHORS
|
||||
John Wray, Iris Associates
|
||||
.Sh COPYRIGHT
|
||||
Copyright (C) The Internet Society (2000). All Rights Reserved.
|
||||
.Pp
|
||||
This document and translations of it may be copied and furnished to
|
||||
others, and derivative works that comment on or otherwise explain it
|
||||
or assist in its implementation may be prepared, copied, published
|
||||
and distributed, in whole or in part, without restriction of any
|
||||
kind, provided that the above copyright notice and this paragraph are
|
||||
included on all such copies and derivative works. However, this
|
||||
document itself may not be modified in any way, such as by removing
|
||||
the copyright notice or references to the Internet Society or other
|
||||
Internet organizations, except as needed for the purpose of
|
||||
developing Internet standards in which case the procedures for
|
||||
copyrights defined in the Internet Standards process must be
|
||||
followed, or as required to translate it into languages other than
|
||||
English.
|
||||
.Pp
|
||||
The limited permissions granted above are perpetual and will not be
|
||||
revoked by the Internet Society or its successors or assigns.
|
||||
.Pp
|
||||
This document and the information contained herein is provided on an
|
||||
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
|
||||
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
|
||||
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
|
||||
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
|
||||
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
||||
Reference in New Issue
Block a user