aboutsummaryrefslogtreecommitdiff
path: root/lib/libgssapi/gss_wrap.3
diff options
context:
space:
mode:
Diffstat (limited to 'lib/libgssapi/gss_wrap.3')
-rw-r--r--lib/libgssapi/gss_wrap.3178
1 files changed, 178 insertions, 0 deletions
diff --git a/lib/libgssapi/gss_wrap.3 b/lib/libgssapi/gss_wrap.3
new file mode 100644
index 000000000000..342d5906653d
--- /dev/null
+++ b/lib/libgssapi/gss_wrap.3
@@ -0,0 +1,178 @@
+.\" -*- nroff -*-
+.\"
+.\" Copyright (c) 2005 Doug Rabson
+.\" All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" $FreeBSD$
+.\"
+.\" Copyright (C) The Internet Society (2000). All Rights Reserved.
+.\"
+.\" This document and translations of it may be copied and furnished to
+.\" others, and derivative works that comment on or otherwise explain it
+.\" or assist in its implementation may be prepared, copied, published
+.\" and distributed, in whole or in part, without restriction of any
+.\" kind, provided that the above copyright notice and this paragraph are
+.\" included on all such copies and derivative works. However, this
+.\" document itself may not be modified in any way, such as by removing
+.\" the copyright notice or references to the Internet Society or other
+.\" Internet organizations, except as needed for the purpose of
+.\" developing Internet standards in which case the procedures for
+.\" copyrights defined in the Internet Standards process must be
+.\" followed, or as required to translate it into languages other than
+.\" English.
+.\"
+.\" The limited permissions granted above are perpetual and will not be
+.\" revoked by the Internet Society or its successors or assigns.
+.\"
+.\" This document and the information contained herein is provided on an
+.\" "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
+.\" TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
+.\" BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
+.\" HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+.\"
+.\" The following commands are required for all man pages.
+.Dd November 12, 2005
+.Os
+.Dt GSS_WRAP 3 PRM
+.Sh NAME
+.Nm gss_wrap ,
+.Nm gss_seal
+.Nd Attach a cryptographic MIC and optionally encrypt a message
+.\" This next command is for sections 2 and 3 only.
+.\" .Sh LIBRARY
+.Sh SYNOPSIS
+.In "gssapi/gssapi.h"
+.Ft OM_uint32
+.Fo gss_wrap
+.Fa "OM_uint32 *minor_status"
+.Fa "const gss_ctx_id_t context_handle"
+.Fa "int conf_req_flag"
+.Fa "gss_qop_t qop_req"
+.Fa "const gss_buffer_t input_message_buffer"
+.Fa "int *conf_state"
+.Fa "gss_buffer_t output_message_buffer"
+.Fc
+.Ft OM_uint32
+.Fo gss_seal
+.Fa "OM_uint32 *minor_status"
+.Fa "gss_ctx_id_t context_handle"
+.Fa "int conf_req_flag"
+.Fa "gss_qop_t qop_req"
+.Fa "gss_buffer_t input_message_buffer"
+.Fa "int *conf_state"
+.Fa "gss_buffer_t output_message_buffer"
+.Fc
+.Sh DESCRIPTION
+Attaches a cryptographic MIC and optionally encrypts the specified
+.Dv input_message .
+The output_message contains both the MIC and the message.
+The
+.Dv qop_req
+parameter allows a choice between several cryptographic algorithms,
+if supported by the chosen mechanism.
+.Pp
+Since some application-level protocols may wish to use tokens emitted
+by
+.Fn gss_wrap
+to provide "secure framing",
+implementations must support the wrapping of zero-length messages.
+.Pp
+The
+.Fn gss_seal
+routine is an obsolete variant of
+.Fn gss_wrap .
+It is
+provided for backwards
+compatibility with applications using the GSS-API V1 interface.
+A distinct entrypoint (as opposed to #define) is provided,
+both to allow GSS-API V1 applications to link
+and to retain the slight parameter type differences between the
+obsolete versions of this routine and its current form.
+.Sh PARAMETERS
+.Bl -tag
+.It minor_status
+Mechanism specific status code.
+.It context_handle
+Identifies the context on which the message will be sent.
+.It conf_req_flag
+.Bl -tag -width "Non-zero"
+.It Non-zero
+Both confidentiality and integrity services are requested.
+.It Zero
+Only integrity service is requested.
+.El
+.It qop_req
+Specifies required quality of protection.
+A mechanism-specific default may be requested by setting qop_req to
+.Dv GSS_C_QOP_DEFAULT .
+If an unsupported protection strength is requested,
+.Fn gss_wrap
+will return a major_status of
+.Dv GSS_S_BAD_QOP .
+.It input_message_buffer
+Message to be protected.
+.It conf_state
+.Bl -tag -width "Non-zero"
+.It Non-zero
+Confidentiality, data origin authentication and integrity services
+have been applied.
+.It Zero
+Integrity and data origin services only has been applied.
+.El
+.It output_message_buffer
+Buffer to receive protected message.
+Storage associated with this buffer must
+be freed by the application after use use
+with a call to
+.Xr gss_release_buffer 3 .
+.El
+.Sh RETURN VALUES
+.Bl -tag
+.It GSS_S_COMPLETE
+Successful completion.
+.It GSS_S_CONTEXT_EXPIRED
+The context has already expired
+.It GSS_S_NO_CONTEXT
+The context_handle parameter did not identify a valid context.
+.It GSS_S_BAD_QOP
+The specified QOP is not supported by the mechanism.
+.El
+.Sh SEE ALSO
+.Xr gss_unwrap 3 ,
+.Xr gss_release_buffer 3
+.Sh STANDARDS
+.Bl -tag
+.It RFC 2743
+Generic Security Service Application Program Interface Version 2, Update 1
+.It RFC 2744
+Generic Security Service API Version 2 : C-bindings
+.\" .Sh HISTORY
+.Sh HISTORY
+The
+.Nm
+manual page example first appeared in
+.Fx 7.0 .
+.Sh AUTHORS
+John Wray, Iris Associates