NAME

skey, skeychallenge, skeylookup, skeygetnext, skeyverify, skeyzero, getskeyprompt, skey_set_algorithm, skey_get_algorithm, skey_haskey, skey_keyinfo, skey_passcheck, skey_authenticate — one-time password (OTP) library

LIBRARY

S/key One-Time Password Library (libskey, -lskey)

SYNOPSIS

#include <skey.h>

int
skeychallenge(struct skey *mp, const char *name, char *ss, size_t sslen);

int
skeylookup(struct skey *mp, const char *name);

int
skeygetnext(struct skey *mp);

int
skeyverify(struct skey *mp, char *response);

int
skeyzero(struct skey *mp, char *response);

int
getskeyprompt(struct skey *mp, char *name, char *prompt);

const char *
skey_set_algorithm(const char *new);

const char *
skey_get_algorithm(void);

int
skey_haskey(const char *username);

const char *
skey_keyinfo(const char *username);

int
skey_passcheck(const char *username, char *passwd);

int
skey_authenticate(const char *username);

void
f(char *x);

int
keycrunch(char *result, const char *seed, const char *passwd);

void
rip(char *buf);

char *
readpass(char *buf, int n);

char *
readskey(char *buf, int n);

int
atob8(char *out, const char *in);

int
btoa8(char *out, const char *in);

int
htoi(int c);

const char *
skipspace(const char *cp);

void
backspace(char *buf);

void
sevenbit(char *buf);

char *
btoe(char *engout, const char *c);

int
etob(char *out, const char *e);

char *
put8(char *out, const char *s);

DESCRIPTION

The skey library provides routines for accessing NetBSD's one-time password (OTP) authentication system.

Most S/Key operations take a pointer to a struct skey, which should be considered as an opaque identifier.

FUNCTIONS

The following high-level functions are available:

skeychallenge(mp, name, ss, sslen)

Return a S/Key challenge for user name. If successful, the caller's skey structure mp is filled and 0 is returned. If unsuccessful (e.g. if name is unknown), -1 is returned.

skeylookup(mp, name)

Find an entry for user name in the one-time password database. Returns 0 if the entry is found and 1 if the entry is not found. If an error occurs accessing the database, -1 is returned.

skeygetnext(mp)

Get the next entry in the one-time password database. Returns 0 on success and the entry is stored in mp and 1 if no more entries are available. If an error occurs accessing the database, -1 is returned.

skeyverify(mp, response)

Verify response response to a S/Key challenge. Returns 0 if the verification is successful and 1 if the verification failed. If an error occurs accessing the database, -1 is returned.

skeyzero(mp, response)

Comment out user's entry in the S/Key database. Returns 0 on success and the database is updated, otherwise -1 is returned and the database remains unchanged.

getskeyprompt(mp, name, prompt)

Issue a S/Key challenge for user name. If successful, fill in the caller's skey structure mp and return 0. If unsuccessful (e.g. if name is unknown) -1 is returned.

The following lower-level functions are available:

skey_set_algorithm(new)

Set hash algorithm type. Valid values for new are "md4", "md5" and "sha1".

skey_get_algorithm(void)

Get current hash type.

skey_haskey(username)

Returns 0 if the user username exists and 1 if the user doesn't exist. Returns -1 on file error.

skey_keyinfo(username)

Returns the current sequence number and seed for user username.

skey_passcheck(username, passwd)

Checks to see if answer is the correct one to the current challenge.

skey_authenticate(username)

Used when calling program will allow input of the user's response to the challenge. Returns zero on success or -1 on failure.

The following miscellaneous functions are available:

f(x)

One-way function to take 8 bytes pointed to by x and return 8 bytes in place.

keycrunch(char *result, const char *seed, const char *passwd)

Crunch a key.

rip(buf)

Strip trailing CR/LF characters from a line of text buf.

readpass(buf, n)

Read in secret passwd (turns off echo).

readskey(buf, n)

Read in an s/key OTP (does not turn off echo).

atob8(out, in)

Convert 8-byte hex-ascii string in to binary array out. Returns 0 on success, -1 on error.

btoa8(out, in)

Convert 8-byte binary array in to hex-ascii string out. Returns 0 on success, -1 on error.

htoi(int c)

Convert hex digit to binary integer.

skipspace(cp)

Skip leading spaces from the string cp.

backspace(buf)

Remove backspaced over characters from the string buf.

sevenbit(buf)

Ensure line buf is all seven bits.

btoe(engout, c)

Encode 8 bytes in c as a string of English words. Returns a pointer to a static buffer in engout.

etob(out, e)

Convert English to binary. Returns 0 if the word is not in the database, 1 if all good words and parity is valid, -1 if badly formed input (i.e. > 4 char word) and -2 if words are valid but parity is wrong.

put8(out, s)

Display 8 bytes s as a series of 16-bit hex digits.

FILES

/usr/lib/libskey.a

static skey library

/usr/lib/libskey.so

dynamic skey library

/usr/lib/libskey_p.a

static skey library compiled for profiling

SEE ALSO

skey(1), skeyaudit(1), skeyinfo(1)

BUGS

The skey library functions are not re-entrant or thread-safe.

The skey library defines many poorly named functions which pollute the name space.