3
* $Id: x99.h,v 1.18 2002/11/13 04:21:59 fcusack Exp $
5
* This program is free software; you can redistribute it and/or modify
6
* it under the terms of the GNU General Public License as published by
7
* the Free Software Foundation; either version 2 of the License, or
8
* (at your option) any later version.
10
* This program is distributed in the hope that it will be useful,
11
* but WITHOUT ANY WARRANTY; without even the implied warranty of
12
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13
* GNU General Public License for more details.
15
* You should have received a copy of the GNU General Public License
16
* along with this program; if not, write to the Free Software
17
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19
* Copyright 2001,2002 Google, Inc.
26
#include <openssl/des.h> /* des_cblock */
27
#include <time.h> /* time_t */
30
* Things you might like to change (although most are configurables)
33
/* Default passwd file */
34
#define PWDFILE "/etc/x99passwd"
36
/* Default sync dir */
37
#define SYNCDIR "/etc/x99sync.d"
39
/* Default prompt for presentation of challenge */
40
#define CHALLENGE_PROMPT "Challenge: %s\n Response: "
42
/* Must be a multiple of sizeof(des_cblock) (8); read docs before changing. */
43
#define MAX_CHALLENGE_LEN 32
45
/* Password that means "challenge me" in fast_sync mode */
46
#define CHALLENGE_REQ "challenge"
48
/* Password that means "challenge me and resync" in fast_sync mode */
49
#define RESYNC_REQ "resync"
51
/* Max event window size for sync modes */
52
#define MAX_EWINDOW_SIZE 10
53
/* Max time window size for sync modes. More than 10 may not be usable. */
54
#define MAX_TWINDOW_SIZE 10
57
* PRNG device that does not block;
58
* /dev/urandom is "merely" cryptographically strong on Linux. :-)
60
#define DEVURANDOM "/dev/urandom"
64
* You shouldn't change anything past this point
68
/* struct used for instance/option data */
69
typedef struct x99_token_t {
70
char *pwdfile; /* file containing user:card_type:key entries */
71
char *syncdir; /* dir containing sync mode and state info */
72
char *chal_prompt; /* text to present challenge to user, must have %s */
73
int chal_len; /* challenge length, min 5 digits */
74
int chal_delay; /* max delay time for response, in seconds */
75
int softfail; /* number of auth fails before time delay starts */
76
int hardfail; /* number of auth fails when user is locked out */
77
int allow_sync; /* useful to override pwdfile card_type settings */
78
int fast_sync; /* response-before-challenge mode */
79
int allow_async; /* C/R mode allowed? */
80
char *chal_req; /* keyword requesting challenge for fast_sync mode */
81
char *resync_req; /* keyword requesting resync for fast_sync mode */
82
int ewindow_size; /* sync mode event window size (right side value) */
83
int ewindow2_size; /* softfail override event window size */
84
int ewindow2_delay; /* softfail override max time delay */
85
#if defined(FREERADIUS)
86
/* freeradius-specific items */
87
char *name; /* instance name for x99_token_authorize() */
88
int mschapv2_mppe_policy; /* whether or not do to mppe for mschapv2 */
89
int mschapv2_mppe_types; /* key type/length for mschapv2/mppe */
90
int mschap_mppe_policy; /* whether or not do to mppe for mschap */
91
int mschap_mppe_types; /* key type/length for mschap/mppe */
93
/* PAM specific items */
94
int debug; /* print debug info? */
95
char *fast_prompt; /* fast mode prompt */
98
int twindow_min; /* sync mode time window left side */
99
int twindow_max; /* sync mode time window right side */
103
/* Bit maps for Card Features. It is OK to insert values at will. */
104
#define X99_CF_NONE 0
106
#define X99_CF_CRYPTOCARD 0x01 << 0 /* CRYPTOCard */
107
#define X99_CF_SNK 0x01 << 1 /* Symantec nee Axent nee */
108
/* AssureNet Pathways nee */
109
/* Digital Pathways */
110
/* "SecureNet Key" */
111
#define X99_CF_ACTIVCARD 0x01 << 2 /* ActivCard */
112
#define X99_CF_SCOMPUTING 0x01 << 3 /* Secure Computing */
113
#define X99_CF_VASCO 0x01 << 4 /* Vasco */
115
#define X99_CF_AM 0x01 << 5 /* async mode (chal/resp) */
116
#define X99_CF_ES 0x01 << 6 /* event synchronous */
117
#define X99_CF_TS 0x01 << 7 /* time synchronous */
119
#define X99_CF_HD 0x01 << 8 /* hex display */
120
#define X99_CF_DD 0x01 << 9 /* dec display */
121
#define X99_CF_R8 0x01 << 10 /* 8 digit response */
122
#define X99_CF_R7 0x01 << 11 /* 7 digit response */
123
#define X99_CF_R6 0x01 << 12 /* 6 digit response */
124
#define X99_CF_MAX 0x01 << 31 /* MAX placeholder */
126
/* mask to test for sync mode */
127
#define X99_CF_SM (X99_CF_ES|X99_CF_TS)
129
/* cards and their features */
130
#define CRYPTOCARD_H8_RC (X99_CF_CRYPTOCARD|X99_CF_HD|X99_CF_R8|X99_CF_AM)
131
#define CRYPTOCARD_H7_RC (X99_CF_CRYPTOCARD|X99_CF_HD|X99_CF_R7|X99_CF_AM)
132
#define CRYPTOCARD_D8_RC (X99_CF_CRYPTOCARD|X99_CF_DD|X99_CF_R8|X99_CF_AM)
133
#define CRYPTOCARD_D7_RC (X99_CF_CRYPTOCARD|X99_CF_DD|X99_CF_R7|X99_CF_AM)
134
#define CRYPTOCARD_H8_ES (X99_CF_CRYPTOCARD|X99_CF_HD|X99_CF_R8|X99_CF_ES)
135
#define CRYPTOCARD_H7_ES (X99_CF_CRYPTOCARD|X99_CF_HD|X99_CF_R7|X99_CF_ES)
136
#define CRYPTOCARD_D8_ES (X99_CF_CRYPTOCARD|X99_CF_DD|X99_CF_R8|X99_CF_ES)
137
#define CRYPTOCARD_D7_ES (X99_CF_CRYPTOCARD|X99_CF_DD|X99_CF_R7|X99_CF_ES)
138
#define CRYPTOCARD_H8_RS (CRYPTOCARD_H8_RC|CRYPTOCARD_H8_ES)
139
#define CRYPTOCARD_H7_RS (CRYPTOCARD_H7_RC|CRYPTOCARD_H7_ES)
140
#define CRYPTOCARD_D8_RS (CRYPTOCARD_D8_RC|CRYPTOCARD_D8_ES)
141
#define CRYPTOCARD_D7_RS (CRYPTOCARD_D7_RC|CRYPTOCARD_D7_ES)
143
/* user-specific info */
144
typedef struct x99_user_info_t {
151
extern int x99_response(const char *challenge, char response[17],
152
uint32_t card_id, des_cblock keyblock);
153
extern int x99_mac(const char *input, des_cblock output, des_cblock keyblock);
156
/* Character maps for generic hex and vendor specific decimal modes */
157
extern const char x99_hex_conversion[];
158
extern const char x99_cc_dec_conversion[];
159
extern const char x99_snk_dec_conversion[];
160
extern const char x99_sc_friendly_conversion[];
162
extern int x99_get_challenge(int fd, char *challenge, int len);
163
extern int x99_get_random(int fd, unsigned char *rnd_data, int req_bytes);
165
extern int x99_string_to_keyblock(const char *s, des_cblock keyblock);
166
extern void x99_keyblock_to_string(char *s, const des_cblock keyblock,
167
const char conversion[17]);
169
extern int x99_get_user_info(const char *pwdfile, const char *username,
170
x99_user_info_t *user_info);
177
extern int x99_get_sync_data(const char *syncdir, const char *username,
178
uint32_t card_id, int ewin, int twin,
179
char challenge[MAX_CHALLENGE_LEN + 1],
180
des_cblock keyblock);
181
extern int x99_set_sync_data(const char *syncdir, const char *username,
182
const char *challenge, const des_cblock keyblock);
183
extern int x99_check_failcount(const char *syncdir, const x99_token_t *inst);
184
extern int x99_incr_failcount(const char *syncdir, const char *username);
185
extern int x99_reset_failcount(const char *syncdir, const char *username);
186
extern int x99_get_last_auth(const char *syncdir, const char *username,
188
extern int x99_upd_last_auth(const char *syncdir, const char *username);
189
extern unsigned x99_get_last_auth_pos(const char *syncdir,const char *username);
190
extern int x99_set_last_auth_pos(const char *syncdir, const char *username,
194
extern int x99_challenge_transform(const char *username,
195
char challenge[MAX_CHALLENGE_LEN + 1]);
198
extern void x99_log(int level, const char *format, ...);
200
#if defined(FREERADIUS)