Method GSSAPI.Context()->verify_mic()
- Method verify_mic
int
verify_mic(string
message
,string
mic
)- Description
Verifies the origin and integrity of the given
message
using the givenmic
, which has been calculated by the sender using get_mic or some other GSS_GetMIC wrapper.This wraps GSS_VerifyMIC according to RFC 2743 section 2.3.2.
This function requires that the context is established, or that the early per-message protection service is available (c.f. GSSAPI.PROT_READY_FLAG. If not, a GSSAPI.MissingServicesError is thrown (but the context is not closed).
- Returns
Zero is returned if the verification fails with GSSAPI.DEFECTIVE_TOKEN or
GSSAPI.BAD_MIC
.Otherwise the message origin and integrity checks out, but it might still be considered wrong depending on whether the replay detection or sequencing services are required (see required_services):
If replay detection (c.f. GSSAPI.REPLAY_FLAG) is required then zero is returned if the message is duplicated (GSSAPI.DUPLICATE_TOKEN) or old (GSSAPI.OLD_TOKEN).
If sequencing (c.f. GSSAPI.SEQUENCE_FLAG) is required then in addition to the replay detection conditions, zero is also returned if the message is out of sequence (GSSAPI.UNSEQ_TOKEN or GSSAPI.GAP_TOKEN).
Otherwise nonzero is returned to indicate that the message is valid according to the currently required services.
- Throws
Any GSS-API errors except GSSAPI.DEFECTIVE_TOKEN and
GSSAPI.BAD_MIC
are thrown.- Note
This function sets the value returned by last_qop.
- Note
Regardless whether the message is considered valid or not by the return value, last_major_status may be called to check for routine errors or the informatory codes mentioned above.