NAME
skey,
skeychallenge,
skeylookup,
skeygetnext,
skeyverify,
skeyzero,
getskeyprompt,
skey_set_algorithm,
skey_get_algorithm,
skey_haskey,
skey_keyinfo,
skey_passcheck,
skey_authenticate —
one-time password
(OTP) library
LIBRARY
S/key One-Time Password Library (libskey, -lskey)
SYNOPSIS
#include <skey.h>
int
skeychallenge(
struct
skey *mp,
const char
*name,
char *ss,
size_t sslen);
int
skeylookup(
struct
skey *mp,
const char
*name);
int
skeygetnext(
struct
skey *mp);
int
skeyverify(
struct
skey *mp,
char
*response);
int
skeyzero(
struct
skey *mp,
char
*response);
int
getskeyprompt(
struct
skey *mp,
char *name,
char *prompt);
const char *
skey_set_algorithm(
const
char *new);
const char *
skey_get_algorithm(
void);
int
skey_haskey(
const
char *username);
const char *
skey_keyinfo(
const
char *username);
int
skey_passcheck(
const
char *username,
char
*passwd);
int
skey_authenticate(
const
char *username);
void
f(
char *x);
int
keycrunch(
char
*result,
const char
*seed,
const char
*passwd);
void
rip(
char
*buf);
char *
readpass(
char
*buf,
int n);
char *
readskey(
char
*buf,
int n);
int
atob8(
char
*out,
const char
*in);
int
btoa8(
char
*out,
const char
*in);
int
htoi(
int
c);
const char *
skipspace(
const
char *cp);
void
backspace(
char
*buf);
void
sevenbit(
char
*buf);
char *
btoe(
char
*engout,
const char
*c);
int
etob(
char
*out,
const char *e);
char *
put8(
char
*out,
const char *s);
DESCRIPTION
The
skey library provides routines for accessing
NetBSD's one-time password (OTP) authentication
system.
Most S/Key operations take a pointer to a
struct skey, which
should be considered as an opaque identifier.
FUNCTIONS
The following high-level functions are available:
-
-
- skeychallenge(mp,
name, ss,
sslen)
- Return a S/Key challenge for user
name. If successful, the caller's skey structure
mp is filled and 0 is returned. If unsuccessful
(e.g. if name is unknown), -1 is returned.
-
-
- skeylookup(mp,
name)
- Find an entry for user name in the
one-time password database. Returns 0 if the entry is found and 1 if the
entry is not found. If an error occurs accessing the database, -1 is
returned.
-
-
- skeygetnext(mp)
- Get the next entry in the one-time password database.
Returns 0 on success and the entry is stored in mp
and 1 if no more entries are available. If an error occurs accessing the
database, -1 is returned.
-
-
- skeyverify(mp,
response)
- Verify response response to a S/Key
challenge. Returns 0 if the verification is successful and 1 if the
verification failed. If an error occurs accessing the database, -1 is
returned.
-
-
- skeyzero(mp,
response)
- Comment out user's entry in the S/Key database. Returns 0
on success and the database is updated, otherwise -1 is returned and the
database remains unchanged.
-
-
- getskeyprompt(mp,
name, prompt)
- Issue a S/Key challenge for user
name. If successful, fill in the caller's skey
structure mp and return 0. If unsuccessful (e.g. if
name is unknown) -1 is returned.
The following lower-level functions are available:
-
-
- skey_set_algorithm(new)
- Set hash algorithm type. Valid values for
new are "md4", "md5" and
"sha1".
-
-
- skey_get_algorithm(void)
- Get current hash type.
-
-
- skey_haskey(username)
- Returns 0 if the user username exists
and 1 if the user doesn't exist. Returns -1 on file error.
-
-
- skey_keyinfo(username)
- Returns the current sequence number and seed for user
username.
-
-
- skey_passcheck(username,
passwd)
- Checks to see if answer is the correct one to the current
challenge.
-
-
- skey_authenticate(username)
- Used when calling program will allow input of the user's
response to the challenge. Returns zero on success or -1 on failure.
The following miscellaneous functions are available:
-
-
- f(x)
- One-way function to take 8 bytes pointed to by
x and return 8 bytes in place.
-
-
- keycrunch(char
*result, const char *seed, const
char *passwd)
- Crunch a key.
-
-
- rip(buf)
- Strip trailing CR/LF characters from a line of text
buf.
-
-
- readpass(buf,
n)
- Read in secret passwd (turns off echo).
-
-
- readskey(buf,
n)
- Read in an s/key OTP (does not turn off echo).
-
-
- atob8(out,
in)
- Convert 8-byte hex-ascii string in to
binary array out. Returns 0 on success, -1 on
error.
-
-
- btoa8(out,
in)
- Convert 8-byte binary array in to
hex-ascii string out. Returns 0 on success, -1 on
error.
-
-
- htoi(int
c)
- Convert hex digit to binary integer.
-
-
- skipspace(cp)
- Skip leading spaces from the string
cp.
-
-
- backspace(buf)
- Remove backspaced over characters from the string
buf.
-
-
- sevenbit(buf)
- Ensure line buf is all seven
bits.
-
-
- btoe(engout,
c)
- Encode 8 bytes in c as a string of
English words. Returns a pointer to a static buffer in
engout.
-
-
- etob(out,
e)
- Convert English to binary. Returns 0 if the word is not in
the database, 1 if all good words and parity is valid, -1 if badly formed
input (i.e. > 4 char word) and -2 if words are valid but parity is
wrong.
-
-
- put8(out,
s)
- Display 8 bytes s as a series of
16-bit hex digits.
FILES
- /usr/lib/libskey.a
- static skey library
- /usr/lib/libskey.so
- dynamic skey library
- /usr/lib/libskey_p.a
- static skey library compiled for profiling
SEE ALSO
skey(1),
skeyaudit(1),
skeyinfo(1)
BUGS
The
skey library functions are not re-entrant or thread-safe.
The
skey library defines many poorly named functions which
pollute the name space.