NAME
skey,
skeychallenge, skeylookup,
skeygetnext, skeyverify,
skeyzero, getskeyprompt,
skey_set_algorithm,
skey_get_algorithm,
skey_haskey, skey_keyinfo,
skey_passcheck,
skey_authenticate —
one-time password (OTP)
library
LIBRARY
S/key One-Time Password Library (libskey, -lskey)
SYNOPSIS
#include
<skey.h>
int
skeychallenge(struct
skey *mp, const char
*name, char *ss,
size_t sslen);
int
skeylookup(struct
skey *mp, const char
*name);
int
skeygetnext(struct
skey *mp);
int
skeyverify(struct
skey *mp, char
*response);
int
skeyzero(struct
skey *mp, char
*response);
int
getskeyprompt(struct
skey *mp, char
*name, char
*prompt);
const char *
skey_set_algorithm(const
char *new);
const char *
skey_get_algorithm(void);
int
skey_haskey(const
char *username);
const char *
skey_keyinfo(const
char *username);
int
skey_passcheck(const
char *username, char
*passwd);
int
skey_authenticate(const
char *username);
void
f(char
*x);
int
keycrunch(char
*result, const char
*seed, const char
*passwd);
void
rip(char
*buf);
char *
readpass(char
*buf, int n);
char *
readskey(char
*buf, int n);
int
atob8(char
*out, const char
*in);
int
btoa8(char
*out, const char
*in);
int
htoi(int
c);
const char *
skipspace(const
char *cp);
void
backspace(char
*buf);
void
sevenbit(char
*buf);
char *
btoe(char
*engout, const char
*c);
int
etob(char
*out, const char
*e);
char *
put8(char
*out, const char
*s);
DESCRIPTION
Theskey library provides routines for accessing
NetBSD's one-time password (OTP) authentication
system.
Most S/Key operations take a pointer to a struct skey, which should be considered as an opaque identifier.
FUNCTIONS
The following high-level functions are available:
skeychallenge(mp, name, ss, sslen)- Return a S/Key challenge for user name. If successful, the caller's skey structure mp is filled and 0 is returned. If unsuccessful (e.g. if name is unknown), -1 is returned.
skeylookup(mp, name)- Find an entry for user name in the one-time password database. Returns 0 if the entry is found and 1 if the entry is not found. If an error occurs accessing the database, -1 is returned.
skeygetnext(mp)- Get the next entry in the one-time password database. Returns 0 on success and the entry is stored in mp and 1 if no more entries are available. If an error occurs accessing the database, -1 is returned.
skeyverify(mp, response)- Verify response response to a S/Key challenge. Returns 0 if the verification is successful and 1 if the verification failed. If an error occurs accessing the database, -1 is returned.
skeyzero(mp, response)- Comment out user's entry in the S/Key database. Returns 0 on success and the database is updated, otherwise -1 is returned and the database remains unchanged.
getskeyprompt(mp, name, prompt)- Issue a S/Key challenge for user name. If successful, fill in the caller's skey structure mp and return 0. If unsuccessful (e.g. if name is unknown) -1 is returned.
The following lower-level functions are available:
skey_set_algorithm(new)- Set hash algorithm type. Valid values for new are "md4", "md5" and "sha1".
skey_get_algorithm(void)- Get current hash type.
skey_haskey(username)- Returns 0 if the user username exists and 1 if the user doesn't exist. Returns -1 on file error.
skey_keyinfo(username)- Returns the current sequence number and seed for user username.
skey_passcheck(username, passwd)- Checks to see if answer is the correct one to the current challenge.
skey_authenticate(username)- Used when calling program will allow input of the user's response to the challenge. Returns zero on success or -1 on failure.
The following miscellaneous functions are available:
f(x)- One-way function to take 8 bytes pointed to by x and return 8 bytes in place.
keycrunch(char *result, const char *seed, const char *passwd)- Crunch a key.
rip(buf)- Strip trailing CR/LF characters from a line of text buf.
readpass(buf, n)- Read in secret passwd (turns off echo).
readskey(buf, n)- Read in an s/key OTP (does not turn off echo).
atob8(out, in)- Convert 8-byte hex-ascii string in to binary array out. Returns 0 on success, -1 on error.
btoa8(out, in)- Convert 8-byte binary array in to hex-ascii string out. Returns 0 on success, -1 on error.
htoi(int c)- Convert hex digit to binary integer.
skipspace(cp)- Skip leading spaces from the string cp.
backspace(buf)- Remove backspaced over characters from the string buf.
sevenbit(buf)- Ensure line buf is all seven bits.
btoe(engout, c)- Encode 8 bytes in c as a string of English words. Returns a pointer to a static buffer in engout.
etob(out, e)- Convert English to binary. Returns 0 if the word is not in the database, 1 if all good words and parity is valid, -1 if badly formed input (i.e. > 4 char word) and -2 if words are valid but parity is wrong.
put8(out, s)- Display 8 bytes s as a series of 16-bit hex digits.
FILES
- /usr/lib/libskey.a
- static skey library
- /usr/lib/libskey.so
- dynamic skey library
- /usr/lib/libskey_p.a
- static skey library compiled for profiling
SEE ALSO
BUGS
The skey library functions are not
re-entrant or thread-safe.
The skey library defines many poorly named
functions which pollute the name space.