1.\" $NetBSD: skey.3,v 1.3 2002/02/07 07:00:51 ross Exp $ 2.\" 3.\" Copyright (c) 2001 The NetBSD Foundation, Inc. 4.\" All rights reserved. 5.\" 6.\" This code is derived from software contributed to The NetBSD Foundation 7.\" by Gregory McGarry. 8.\" 9.\" Redistribution and use in source and binary forms, with or without 10.\" modification, are permitted provided that the following conditions 11.\" are met: 12.\" 1. Redistributions of source code must retain the above copyright 13.\" notice, this list of conditions and the following disclaimer. 14.\" 2. Redistributions in binary form must reproduce the above copyright 15.\" notice, this list of conditions and the following disclaimer in the 16.\" documentation and/or other materials provided with the distribution. 17.\" 3. All advertising materials mentioning features or use of this software 18.\" must display the following acknowledgement: 19.\" This product includes software developed by the NetBSD 20.\" Foundation, Inc. and its contributors. 21.\" 4. Neither the name of The NetBSD Foundation nor the names of its 22.\" contributors may be used to endorse or promote products derived 23.\" from this software without specific prior written permission. 24.\" 25.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 26.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 27.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 28.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 29.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 30.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 31.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 32.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 33.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 34.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 35.\" POSSIBILITY OF SUCH DAMAGE. 36.\" 37.Dd November 10, 2001 38.Dt SKEY 3 39.Os 40.Sh NAME 41.Nm skey , 42.Nm skeychallenge , 43.Nm skeylookup , 44.Nm skeygetnext , 45.Nm skeyverify , 46.Nm skeyzero , 47.Nm getskeyprompt , 48.Nm skey_set_algorithm , 49.Nm skey_get_algorithm , 50.Nm skey_haskey , 51.Nm skey_keyinfo , 52.Nm skey_passcheck , 53.Nm skey_authenticate 54.Nd one-time password (OTP) library 55.Sh LIBRARY 56S/key One-Time Password Library (libskey, -lskey) 57.Sh SYNOPSIS 58.Fd #include \*[Lt]skey.h\*[Gt] 59.Ft int 60.Fn skeychallenge "struct skey *mp" "const char *name" "char *ss" \ 61"size_t sslen" 62.Ft int 63.Fn skeylookup "struct skey *mp" "const char *name" 64.Ft int 65.Fn skeygetnext "struct skey *mp" 66.Ft int 67.Fn skeyverify "struct skey *mp" "char *response" 68.Ft int 69.Fn skeyzero "struct skey *mp" "char *response" 70.Ft int 71.Fn getskeyprompt "struct skey *mp" "char *name" "char *prompt" 72.Ft const char * 73.Fn skey_set_algorithm "const char *new" 74.Ft const char * 75.Fn skey_get_algorithm "void" 76.Ft int 77.Fn skey_haskey "const char *username" 78.Ft const char * 79.Fn skey_keyinfo "const char *username" 80.Ft int 81.Fn skey_passcheck "const char *username" "char *passwd" 82.Ft int 83.Fn skey_authenticate "const char *username" 84.Ft void 85.Fn f "char *x" 86.Ft int 87.Fn keycrunch "char *result" "const char *seed" "const char *passwd" 88.Ft void 89.Fn rip "char *buf" 90.Ft char * 91.Fn readpass "char *buf " "int n" 92.Ft char * 93.Fn readskey "char *buf" "int n" 94.Ft int 95.Fn atob8 "char *out" "const char *in" 96.Ft int 97.Fn btoa8 "char *out" "const char *in" 98.Ft int 99.Fn htoi "int c" 100.Ft const char * 101.Fn skipspace "const char *cp" 102.Ft void 103.Fn backspace "char *buf" 104.Ft void 105.Fn sevenbit "char *buf" 106.Ft char * 107.Fn btoe "char *engout" "const char *c" 108.Ft int 109.Fn etob "char *out" "const char *e" 110.Ft char * 111.Fn put8 "char *out" "const char *s" 112.Sh DESCRIPTION 113The 114.Nm 115library provides routines for accessing 116.Nx Ns 's 117one-time password (OTP) authentication system. 118.Pp 119Most S/Key operations take a pointer to a 120.Em struct skey , 121which should be considered as an opaque identifier. 122.Sh FUNCTIONS 123The following high-level functions are available: 124.Bl -tag -width compact 125.It Fn skeychallenge "mp" "name" "ss" "sslen" 126Return a S/Key challenge for user 127.Fa name . 128If successful, the caller's skey structure 129.Fa mp 130is filled and 0 is returned. If unsuccessful (e.g. if name is unknown), 131-1 is returned. 132.It Fn skeylookup "mp" "name" 133Find an entry for user 134.Fa name 135in the one-time password database. Returns 0 if the entry is found 136and 1 if the entry is not found. If an error occurs accessing the 137database, -1 is returned. 138.It Fn skeygetnext "mp" 139Get the next entry in the one-time password database. Returns 0 on 140success and the entry is stored in 141.Ar mp 142and 1 if no more entries are available. If an error occurs accessing 143the database, -1 is returned. 144.It Fn skeyverify "mp" "response" 145Verify response 146.Fa response 147to a S/Key challenge. Returns 0 if the verification is successful and 1481 if the verification failed. If an error occurs accessing the 149database, -1 is returned. 150.It Fn skeyzero "mp" "response" 151Comment out user's entry in the S/Key database. Returns 0 on success 152and the database is updated, otherwise -1 is returned and the database 153remains unchanged. 154.It Fn getskeyprompt "mp" "name" "prompt" 155Issue a S/Key challenge for user 156.Ar name . 157If successful, fill in the caller's skey structure 158.Fa mp 159and return 0. If unsuccessful (e.g. if name is unknown) -1 is returned. 160.El 161.Pp 162The following lower-level functions are available: 163.Bl -tag -width compact 164.It Fn skey_set_algorithm "new" 165Set hash algorithm type. Valid values for 166.Fa new 167are "md4", "md5" and "sha1". 168.It Fn skey_get_algorithm "void" 169Get current hash type. 170.It Fn skey_haskey "username" 171Returns 0 if the user 172.Fa username 173exists and 1 if the user doesn't exist. Returns -1 on file error. 174.It Fn skey_keyinfo "username" 175Returns the current sequence number and seed for user 176.Ar username . 177.It Fn skey_passcheck "username" "passwd" 178Check to see if answer is the correct one to the current challenge. 179.It Fn skey_authenticate "username" 180Used when calling program will allow input of the user's repsonse to 181the challenge. Returns zero on success or -1 on failure. 182.El 183.Pp 184The following miscellaneous functions are available: 185.Bl -tag -width compact 186.It Fn f "x" 187One-way function to take 8 bytes pointed to by 188.Fa x 189and return 8 bytes in place. 190.It Fn keycrunch "char *result" "const char *seed" "const char *passwd" 191Crunch a key. 192.It Fn rip "buf" 193Strip trailing CR/LF characters from a line of text 194.Fa buf . 195.It Fn readpass "buf" "n" 196Read in secret passwd (turns off echo). 197.It Fn readskey "buf" "n" 198Read in an s/key OTP (does not turn off echo). 199.It Fn atob8 "out" "in" 200Convert 8-byte hex-ascii string 201.Fa in 202to binary array 203.Fa out . 204Returns 0 on success, -1 on error. 205.It Fn btoa8 "out" "in" 206Convert 8-byte binary array 207.Fa in 208to hex-ascii string 209.Fa out . 210Returns 0 on success, -1 on error. 211.It Fn htoi "int c" 212Convert hex digit to binary integer. 213.It Fn skipspace "cp" 214Skip leading spaces from the string 215.Fa cp . 216.It Fn backspace "buf" 217Remove backspaced over characters from the string 218.Fa buf . 219.It Fn sevenbit "buf" 220Ensure line 221.Fa buf 222is all seven bits. 223.It Fn btoe "engout" "c" 224Encode 8 bytes in 225.Ar c 226as a string of English words. Returns a pointer to a static buffer in 227.Fa engout . 228.It Fn etob "out" "e" 229Convert English to binary. Returns 0 if the word is not in the 230database, 1 if all good words and parity is valid, -1 if badly formed 231input (i.e. \*[Gt] 4 char word) and -2 if words are valid but parity is 232wrong. 233.It Fn put8 "out" "s" 234Display 8 bytes 235.Fa s 236as a series of 16-bit hex digits. 237.El 238.Sh FILES 239.Bl -tag -width /usr/lib/libskey_p.a -compact 240.It Pa /usr/lib/libskey.a 241static skey library 242.It Pa /usr/lib/libskey.so 243dynamic skey library 244.It Pa /usr/lib/libskey_p.a 245static skey library compiled for profiling 246.El 247.Sh SEE ALSO 248.Xr skey 1 , 249.Xr skeyaudit 1 , 250.Xr skeyinfo 1 251.Sh BUGS 252The 253.Nm 254library functions are not re-entrant or thread-safe. 255.Pp 256The 257.Nm 258library defines many poorly named functions which pollute the name 259space. 260