\"     $NetBSD: skey.3,v 1.11 2017/07/03 21:32:51 wiz Exp $
\"
\" Copyright (c) 2001 The NetBSD Foundation, Inc.
\" All rights reserved.
\"
\" This code is derived from software contributed to The NetBSD Foundation
\" by Gregory McGarry.
\"
\" Redistribution and use in source and binary forms, with or without
\" modification, are permitted provided that the following conditions
\" are met:
\" 1. Redistributions of source code must retain the above copyright
\"    notice, this list of conditions and the following disclaimer.
\" 2. Redistributions in binary form must reproduce the above copyright
\"    notice, this list of conditions and the following disclaimer in the
\"    documentation and/or other materials provided with the distribution.
\"
\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
\" POSSIBILITY OF SUCH DAMAGE.
\"
Dd November 10, 2001
Dt SKEY 3
Os
Sh NAME
Nm skey ,
Nm skeychallenge ,
Nm skeylookup ,
Nm skeygetnext ,
Nm skeyverify ,
Nm skeyzero ,
Nm getskeyprompt ,
Nm skey_set_algorithm ,
Nm skey_get_algorithm ,
Nm skey_haskey ,
Nm skey_keyinfo ,
Nm skey_passcheck ,
Nm skey_authenticate
Nd one-time password (OTP) library
Sh LIBRARY
S/key One-Time Password Library (libskey, -lskey)
Sh SYNOPSIS
In skey.h
Ft int
Fn skeychallenge "struct skey *mp" "const char *name" "char *ss" \
"size_t sslen"
Ft int
Fn skeylookup "struct skey *mp" "const char *name"
Ft int
Fn skeygetnext "struct skey *mp"
Ft int
Fn skeyverify "struct skey *mp" "char *response"
Ft int
Fn skeyzero "struct skey *mp" "char *response"
Ft int
Fn getskeyprompt "struct skey *mp" "char *name" "char *prompt"
Ft const char *
Fn skey_set_algorithm "const char *new"
Ft const char *
Fn skey_get_algorithm "void"
Ft int
Fn skey_haskey "const char *username"
Ft const char *
Fn skey_keyinfo "const char *username"
Ft int
Fn skey_passcheck "const char *username" "char *passwd"
Ft int
Fn skey_authenticate "const char *username"
Ft void
Fn f "char *x"
Ft int
Fn keycrunch "char *result" "const char *seed" "const char *passwd"
Ft void
Fn rip "char *buf"
Ft char *
Fn readpass "char *buf" "int n"
Ft char *
Fn readskey "char *buf" "int n"
Ft int
Fn atob8 "char *out" "const char *in"
Ft int
Fn btoa8 "char *out" "const char *in"
Ft int
Fn htoi "int c"
Ft const char *
Fn skipspace "const char *cp"
Ft void
Fn backspace "char *buf"
Ft void
Fn sevenbit "char *buf"
Ft char *
Fn btoe "char *engout" "const char *c"
Ft int
Fn etob "char *out" "const char *e"
Ft char *
Fn put8 "char *out" "const char *s"
Sh DESCRIPTION
The
Nm
library provides routines for accessing
Nx Ns 's
one-time password (OTP) authentication system.
Pp
Most S/Key operations take a pointer to a
Em struct skey ,
which should be considered as an opaque identifier.
Sh FUNCTIONS
The following high-level functions are available:
Bl -tag -width compact
It Fn skeychallenge "mp" "name" "ss" "sslen"
Return a S/Key challenge for user
Fa name .
If successful, the caller's skey structure
Fa mp
is filled and 0 is returned.
If unsuccessful (e.g. if name is unknown),
\-1 is returned.
It Fn skeylookup "mp" "name"
Find an entry for user
Fa name
in the one-time password database.
Returns 0 if the entry is found and 1 if the entry is not found.
If an error occurs accessing the database, \-1 is returned.
It Fn skeygetnext "mp"
Get the next entry in the one-time password database.
Returns 0 on success and the entry is stored in
Ar mp
and 1 if no more entries are available.
If an error occurs accessing the database, \-1 is returned.
It Fn skeyverify "mp" "response"
Verify response
Fa response
to a S/Key challenge.
Returns 0 if the verification is successful and 1 if the verification failed.
If an error occurs accessing the database, \-1 is returned.
It Fn skeyzero "mp" "response"
Comment out user's entry in the S/Key database.
Returns 0 on success and the database is updated,
otherwise \-1 is returned and the database remains unchanged.
It Fn getskeyprompt "mp" "name" "prompt"
Issue a S/Key challenge for user
Ar name .
If successful, fill in the caller's skey structure
Fa mp
and return 0.
If unsuccessful (e.g. if name is unknown) \-1 is returned.
El
Pp
The following lower-level functions are available:
Bl -tag -width compact
It Fn skey_set_algorithm "new"
Set hash algorithm type.
Valid values for
Fa new
are "md4", "md5" and "sha1".
It Fn skey_get_algorithm "void"
Get current hash type.
It Fn skey_haskey "username"
Returns 0 if the user
Fa username
exists and 1 if the user doesn't exist.
Returns \-1 on file error.
It Fn skey_keyinfo "username"
Returns the current sequence number and seed for user
Ar username .
It Fn skey_passcheck "username" "passwd"
Checks to see if answer is the correct one to the current challenge.
It Fn skey_authenticate "username"
Used when calling program will allow input of the user's response to
the challenge.
Returns zero on success or \-1 on failure.
El
Pp
The following miscellaneous functions are available:
Bl -tag -width compact
It Fn f "x"
One-way function to take 8 bytes pointed to by
Fa x
and return 8 bytes in place.
It Fn keycrunch "char *result" "const char *seed" "const char *passwd"
Crunch a key.
It Fn rip "buf"
Strip trailing CR/LF characters from a line of text
Fa buf .
It Fn readpass "buf" "n"
Read in secret passwd (turns off echo).
It Fn readskey "buf" "n"
Read in an s/key OTP (does not turn off echo).
It Fn atob8 "out" "in"
Convert 8-byte hex-ascii string
Fa in
to binary array
Fa out .
Returns 0 on success, \-1 on error.
It Fn btoa8 "out" "in"
Convert 8-byte binary array
Fa in
to hex-ascii string
Fa out .
Returns 0 on success, \-1 on error.
It Fn htoi "int c"
Convert hex digit to binary integer.
It Fn skipspace "cp"
Skip leading spaces from the string
Fa cp .
It Fn backspace "buf"
Remove backspaced over characters from the string
Fa buf .
It Fn sevenbit "buf"
Ensure line
Fa buf
is all seven bits.
It Fn btoe "engout" "c"
Encode 8 bytes in
Ar c
as a string of English words.
Returns a pointer to a static buffer in
Fa engout .
It Fn etob "out" "e"
Convert English to binary.
Returns 0 if the word is not in the database, 1 if all good words and
parity is valid, \-1 if badly formed input (i.e. > 4 char word)
and -2 if words are valid but parity is wrong.
It Fn put8 "out" "s"
Display 8 bytes
Fa s
as a series of 16-bit hex digits.
El
Sh FILES
Bl -tag -width /usr/lib/libskey_p.a -compact
It Pa /usr/lib/libskey.a
static skey library
It Pa /usr/lib/libskey.so
dynamic skey library
It Pa /usr/lib/libskey_p.a
static skey library compiled for profiling
El
Sh SEE ALSO
Xr skey 1 ,
Xr skeyaudit 1 ,
Xr skeyinfo 1
Sh BUGS
The
Nm
library functions are not re-entrant or thread-safe.
Pp
The
Nm
library defines many poorly named functions which pollute the name space.

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.