PreviousNext

gss_unseal(3sec)

Converts a sealed message into a usable form and verifies the embedded signature

Synopsis

#include <dce/gssapi.h>

OM_uint32 gss_unseal (
OM_uint32 *minor_status,
gss_ctx_id_t context_handle,
gss_buffer_t input_message_buffer,
gss_buffer_t output_message_buffer,
int *conf_state,
int *qop_state)

Parameters

Input

context_handle
Specifies the context on which the message arrived.

input_message_buffer
Specifies the sealed message.

output_message_buffer
Specifies the buffer to receive the unsealed message.

Output

conf_state
Returns the requested level of confidentiality and integrity services, as follows:

TRUE Both confidentiality and integrity services are requested.
FALSE Only integrity services are requested.
qop_state
Returns the cryptographic algorithm, or quality of protection.

minor_status
Returns a status code from the security mechanism.

Description
The gss_unseal( ) routine converts a sealed message to a usable form and verifies the embedded signature. The conf_state parameter indicates whether the message was encrypted. The qop_state parameter indicates the quality of protection.

Errors

The following describes a partial list of errors that might be returned. Refer to the OSF DCE Problem Determination Guide for complete descriptions of all error messages.

GSS_S_COMPLETE The routine was completed successfully.
GSS_S_BAD_SIG The signature was incorrect.
GSS_S_CONTEXT_EXPIRED The context has already expired.
GSS_S_CREDENTIALS_EXPIRED The context is recognized but the associated credentials have expired.
GSS_S_DEFECTIVE_TOKEN The token failed consistency checks.
GSS_S_DUPLICATE_TOKEN The token was valid and contained the correct signature but it had already been processed.
GSS_S_FAILURE The routine failed. The context specified in the context_handle parameter was not valid.
GSS_S_NO_CONTEXT The context identified in the context_handle parameter was not valid.
GSS_S_OLD_TOKEN The token was valid and contained the correct signature but it is too old.
GSS_S_UNSEQ_TOKEN The token was valid and contained the correct signature but it has been verified out of sequence. An earlier token signed or sealed by the remote application has not been processed locally.
Related Information
Functions:

gss_sign(3sec)

gss_seal(3sec)