Copyright (c) 2001 The NetBSD Foundation, Inc.
All rights reserved.
This code is derived from software contributed to The NetBSD Foundation
by Gregory McGarry.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
.Dd November 10, 2001 .Dt SKEY 3 .Os .Sh NAME .Nm skey , .Nm skeychallenge , .Nm skeylookup , .Nm skeygetnext , .Nm skeyverify , .Nm skeyzero , .Nm getskeyprompt , .Nm skey_set_algorithm , .Nm skey_get_algorithm , .Nm skey_haskey , .Nm skey_keyinfo , .Nm skey_passcheck , .Nm skey_authenticate .Nd one-time password (OTP) library .Sh LIBRARY S/key One-Time Password Library (libskey, -lskey) .Sh SYNOPSIS n skey.h .Ft int .Fn skeychallenge "struct skey *mp" "const char *name" "char *ss" \ "size_t sslen" .Ft int .Fn skeylookup "struct skey *mp" "const char *name" .Ft int .Fn skeygetnext "struct skey *mp" .Ft int .Fn skeyverify "struct skey *mp" "char *response" .Ft int .Fn skeyzero "struct skey *mp" "char *response" .Ft int .Fn getskeyprompt "struct skey *mp" "char *name" "char *prompt" .Ft const char * .Fn skey_set_algorithm "const char *new" .Ft const char * .Fn skey_get_algorithm "void" .Ft int .Fn skey_haskey "const char *username" .Ft const char * .Fn skey_keyinfo "const char *username" .Ft int .Fn skey_passcheck "const char *username" "char *passwd" .Ft int .Fn skey_authenticate "const char *username" .Ft void .Fn f "char *x" .Ft int .Fn keycrunch "char *result" "const char *seed" "const char *passwd" .Ft void .Fn rip "char *buf" .Ft char * .Fn readpass "char *buf" "int n" .Ft char * .Fn readskey "char *buf" "int n" .Ft int .Fn atob8 "char *out" "const char *in" .Ft int .Fn btoa8 "char *out" "const char *in" .Ft int .Fn htoi "int c" .Ft const char * .Fn skipspace "const char *cp" .Ft void .Fn backspace "char *buf" .Ft void .Fn sevenbit "char *buf" .Ft char * .Fn btoe "char *engout" "const char *c" .Ft int .Fn etob "char *out" "const char *e" .Ft char * .Fn put8 "char *out" "const char *s" .Sh DESCRIPTION The .Nm library provides routines for accessing .Nx Ns 's one-time password (OTP) authentication system.
p Most S/Key operations take a pointer to a .Em struct skey , which should be considered as an opaque identifier. .Sh FUNCTIONS The following high-level functions are available: l -tag -width compact t Fn skeychallenge "mp" "name" "ss" "sslen" Return a S/Key challenge for user .Fa name . If successful, the caller's skey structure .Fa mp is filled and 0 is returned. If unsuccessful (e.g. if name is unknown), -1 is returned. t Fn skeylookup "mp" "name" Find an entry for user .Fa name in the one-time password database. Returns 0 if the entry is found and 1 if the entry is not found. If an error occurs accessing the database, -1 is returned. t Fn skeygetnext "mp" Get the next entry in the one-time password database. Returns 0 on success and the entry is stored in .Ar mp and 1 if no more entries are available. If an error occurs accessing the database, -1 is returned. t Fn skeyverify "mp" "response" Verify response .Fa response to a S/Key challenge. Returns 0 if the verification is successful and 1 if the verification failed. If an error occurs accessing the database, -1 is returned. t Fn skeyzero "mp" "response" Comment out user's entry in the S/Key database. Returns 0 on success and the database is updated, otherwise -1 is returned and the database remains unchanged. t Fn getskeyprompt "mp" "name" "prompt" Issue a S/Key challenge for user .Ar name . If successful, fill in the caller's skey structure .Fa mp and return 0. If unsuccessful (e.g. if name is unknown) -1 is returned. .El
p The following lower-level functions are available: l -tag -width compact t Fn skey_set_algorithm "new" Set hash algorithm type. Valid values for .Fa new are "md4", "md5" and "sha1". t Fn skey_get_algorithm "void" Get current hash type. t Fn skey_haskey "username" Returns 0 if the user .Fa username exists and 1 if the user doesn't exist. Returns -1 on file error. t Fn skey_keyinfo "username" Returns the current sequence number and seed for user .Ar username . t Fn skey_passcheck "username" "passwd" Checks to see if answer is the correct one to the current challenge. t Fn skey_authenticate "username" Used when calling program will allow input of the user's response to the challenge. Returns zero on success or -1 on failure. .El
p The following miscellaneous functions are available: l -tag -width compact t Fn f "x" One-way function to take 8 bytes pointed to by .Fa x and return 8 bytes in place. t Fn keycrunch "char *result" "const char *seed" "const char *passwd" Crunch a key. t Fn rip "buf" Strip trailing CR/LF characters from a line of text .Fa buf . t Fn readpass "buf" "n" Read in secret passwd (turns off echo). t Fn readskey "buf" "n" Read in an s/key OTP (does not turn off echo). t Fn atob8 "out" "in" Convert 8-byte hex-ascii string .Fa in to binary array .Fa out . Returns 0 on success, -1 on error. t Fn btoa8 "out" "in" Convert 8-byte binary array .Fa in to hex-ascii string .Fa out . Returns 0 on success, -1 on error. t Fn htoi "int c" Convert hex digit to binary integer. t Fn skipspace "cp" Skip leading spaces from the string .Fa cp . t Fn backspace "buf" Remove backspaced over characters from the string .Fa buf . t Fn sevenbit "buf" Ensure line .Fa buf is all seven bits. t Fn btoe "engout" "c" Encode 8 bytes in .Ar c as a string of English words. Returns a pointer to a static buffer in .Fa engout . t Fn etob "out" "e" Convert English to binary. Returns 0 if the word is not in the database, 1 if all good words and parity is valid, -1 if badly formed input (i.e. > 4 char word) and -2 if words are valid but parity is wrong. t Fn put8 "out" "s" Display 8 bytes .Fa s as a series of 16-bit hex digits. .El .Sh FILES l -tag -width /usr/lib/libskey_p.a -compact t Pa /usr/lib/libskey.a static skey library t Pa /usr/lib/libskey.so dynamic skey library t Pa /usr/lib/libskey_p.a static skey library compiled for profiling .El .Sh SEE ALSO .Xr skey 1 , .Xr skeyaudit 1 , .Xr skeyinfo 1 .Sh BUGS The .Nm library functions are not re-entrant or thread-safe.
p The .Nm library defines many poorly named functions which pollute the name space.
Indexes created Sun Sep 21 18:09:52 GMT 2025