vacman_controller 0.5.0 → 0.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5ddbe7c0b1cf7bc1f64efa3ffa86ea66925dbdb27afa2f68434f0acfd3493fb8
-  data.tar.gz: cf653c109a8ba1bebdae0ecbdef5662978a05e56bfab0ee8a9f223ebc922d6fc
+  metadata.gz: 67a9773142027f6186de76542e27229381c7d6924f84611d6a6bee758e14c6cd
+  data.tar.gz: 00ac5fc4821601707fafc354fff76b1084106f4aa8aafe5ae1c9edc40cce43bf
 SHA512:
-  metadata.gz: e81eed72afeda1a0d31053e55cc3eeaa7274e6324f02f8eb528361edd285e61a9a5e15b6a0de21abc8a1659c143f8dfcc93a449c6ebfa61f55e1cbf3aee2b13c
-  data.tar.gz: 97857b1596694fd6d40ff34aa8aad9b88b273b62fe69e2c5d90320c83fd21772599add8ce3f69a8e6094f5b03eed4d90c568fc78c923f9313951b71c8655f9a0
+  metadata.gz: 6b7f76e6e157aec41406eb8ab887db4cec02637d9ddc531f667f005928697d249b66d2675c6f1525caa9e6b713b231c0ea686829a974044bd5e680387814b607
+  data.tar.gz: c16ceeaacddd6628de788c6f45db2857326cb2aff9c4d87177ae4f136de548c565e4366b8be404a949d45f06d11036f624a3750eb7b773ff34c21209f2167679

data/ext/vacman_controller/dpx.c

@@ -0,0 +1,73 @@
+/*
+ * Vacman Controller wrapper
+ *
+ * This Ruby Extension wraps the VASCO Vacman Controller
+ * library and makes its API accessible to Ruby code.
+ *
+ * (C) 2013 https://github.com/mlankenau
+ * (C) 2019 m.barnaba@ifad.org
+ */
+#include "vacman_controller.h"
+
+/*
+ * Imports a .DPX file containing token seeds and initialisation values.
+ *
+ * Pass the pre-shared key to validate it as the second argument. The
+ * key is not validated by the AAL2 library, if you pass a different
+ * key than the one that was used to create the DPX, you will get back
+ * tokens that generate different OTPs.
+ *
+ */
+VALUE vacman_dpx_import(VALUE module, VALUE filename, VALUE key) {
+  TDPXHandle dpx_handle;
+  aat_int16  appl_count;
+  aat_ascii  appl_names[13*8];
+  aat_int16  token_count;
+
+  aat_int32 result = AAL2DPXInit(&dpx_handle,
+                                 rb_string_value_cstr(&filename),
+                                 rb_string_value_cstr(&key),
+                                 &appl_count,
+                                 appl_names,
+                                 &token_count);
+
+  if (result != 0) {
+    vacman_library_error("AAL2DPXInit", result);
+    return Qnil;
+  }
+
+  aat_ascii sw_out_serial_No[22+1];
+  aat_ascii sw_out_type[5+1];
+  aat_ascii sw_out_authmode[2+1];
+  TDigipassBlob dpdata;
+
+  VALUE list = rb_ary_new();
+
+  while (1) {
+    result = AAL2DPXGetToken(&dpx_handle,
+        &g_KernelParms,
+        appl_names,
+        sw_out_serial_No,
+        sw_out_type,
+        sw_out_authmode,
+        &dpdata);
+
+
+    if (result < 0) {
+      vacman_library_error("AAL2DPXGetToken", result);
+      return Qnil;
+    }
+
+    if (result == 107) break;
+
+    VALUE hash = rb_hash_new();
+
+    vacman_digipass_to_rbhash(&dpdata, hash);
+
+    rb_ary_push(list, hash);
+  }
+
+  AAL2DPXClose(&dpx_handle);
+
+  return list;
+}

data/ext/vacman_controller/extconf.rb

@@ -17,7 +17,7 @@ append_cflags "-I#{VACMAN_CONTROLLER}/include -Wall -std=c99 -Wno-declaration-af
 append_ldflags "-L#{VACMAN_CONTROLLER}/lib -laal2sdk -Wl,-rpath #{VACMAN_CONTROLLER}/lib"
 
 if find_library('aal2sdk', 'AAL2DPXInit', "#{VACMAN_CONTROLLER}/lib")
-  create_makefile('vacman_controller/low_level')
+  create_makefile('vacman_controller/vacman_low_level')
 else
   puts "No libaal2sdk found"
   exit 1

data/ext/vacman_controller/kernel.c

@@ -0,0 +1,97 @@
+/*
+ * Vacman Controller wrapper
+ *
+ * This Ruby Extension wraps the VASCO Vacman Controller
+ * library and makes its API accessible to Ruby code.
+ *
+ * (C) 2013 https://github.com/mlankenau
+ * (C) 2019 m.barnaba@ifad.org
+ */
+#include "vacman_controller.h"
+
+/*
+ * Vacman Controller kernel properties
+ */
+struct kernel_property {
+  const char *name;
+  aat_int32 *value;
+  aat_int32 deflt;
+};
+static struct kernel_property vacman_kernel_properties[] = {
+  { "ITimeWindow",    &g_KernelParms.ITimeWindow,    30  },  // Identification Window size in time steps
+  { "STimeWindow",    &g_KernelParms.STimeWindow,    24  },  // Signature Window size in secs
+  { "DiagLevel",      &g_KernelParms.DiagLevel,      0   },  // Requested Diagnostic Level
+  { "GMTAdjust",      &g_KernelParms.GMTAdjust,      0   },  // GMT Time adjustment to perform
+  { "CheckChallenge", &g_KernelParms.CheckChallenge, 0   },  // Verify Challenge Corrupted (mandatory for Gordian)
+  { "IThreshold",     &g_KernelParms.IThreshold,     3   },  // Identification Error Threshold
+  { "SThreshold",     &g_KernelParms.SThreshold,     1   },  // Signature Error Threshold
+  { "ChkInactDays",   &g_KernelParms.ChkInactDays,   0   },  // Check Inactive Days
+  { "DeriveVector",   &g_KernelParms.DeriveVector,   0   },  // Vector used to make Data Encryption unique
+  { "SyncWindow",     &g_KernelParms.SyncWindow,     2   },  // Synchronisation Time Window (h)
+  { "OnLineSG",       &g_KernelParms.OnLineSG,       2   },  // On line signature
+  { "EventWindow",    &g_KernelParms.EventWindow,    100 },  // Event Window size in nbr of iterations
+  { "HSMSlotId",      &g_KernelParms.HSMSlotId,      0   },  // HSM Slot id uses to store DB and Transport Key
+};
+static size_t vacman_kernel_properties_count = sizeof(vacman_kernel_properties)/sizeof(struct kernel_property);
+
+/*
+ * Initialise the kernel parameters with their defaults
+ */
+void vacman_kernel_init_params() {
+  memset(&g_KernelParms, 0, sizeof(g_KernelParms));
+
+  g_KernelParms.ParmCount = 19; /* Number of valid parameters in this list */
+
+  for (size_t i = 0; i < vacman_kernel_properties_count; i++) {
+    *vacman_kernel_properties[i].value = vacman_kernel_properties[i].deflt;
+  }
+}
+
+
+/*
+ * Get kernel parameter names
+ */
+VALUE vacman_kernel_get_property_names() {
+  VALUE ret = rb_ary_new();
+
+  for (size_t i = 0; i < vacman_kernel_properties_count; i++) {
+    const char *name = vacman_kernel_properties[i].name;
+    rb_ary_push(ret, rb_str_new2(name));
+  }
+
+  return ret;
+}
+
+/*
+ * Get kernel parameter
+ */
+VALUE vacman_kernel_get_param(VALUE module, VALUE paramname) {
+  char *name = StringValueCStr(paramname);
+
+  for (size_t i = 0; i < vacman_kernel_properties_count; i++) {
+    if (strcmp(name, vacman_kernel_properties[i].name) == 0) {
+      return LONG2FIX(*vacman_kernel_properties[i].value);
+    }
+  }
+
+  rb_raise(e_VacmanError, "Invalid kernel param %s", name);
+  return Qnil;
+}
+
+/*
+ * Set kernel parameter
+ */
+VALUE vacman_kernel_set_param(VALUE module, VALUE paramname, VALUE rbval) {
+  char *name = StringValueCStr(paramname);
+  int value  = rb_fix2int(rbval);
+
+  for (size_t i = 0; i < vacman_kernel_properties_count; i++) {
+    if (strcmp(name, vacman_kernel_properties[i].name) == 0) {
+      *vacman_kernel_properties[i].value = value;
+      return Qtrue;
+    }
+  }
+
+  rb_raise(e_VacmanError, "Invalid kernel param %s", name);
+  return Qnil;
+}

data/ext/vacman_controller/main.c

@@ -0,0 +1,90 @@
+/*
+ * Vacman Controller wrapper
+ *
+ * This Ruby Extension wraps the VASCO Vacman Controller
+ * library and makes its API accessible to Ruby code.
+ *
+ * (C) 2013 https://github.com/mlankenau
+ * (C) 2019 m.barnaba@ifad.org
+ */
+#define RUBY_EXPORT
+#include "vacman_controller.h"
+
+/*
+ * Extension entry point
+ */
+void Init_vacman_low_level(void) {
+  VALUE controller = rb_define_module("VacmanController");
+  VALUE lowlevel   = rb_define_module_under(controller, "LowLevel");
+
+  e_VacmanError = rb_define_class_under(controller, "Error", rb_eStandardError);
+
+  vacman_kernel_init_params();
+
+  /* Global methods */
+  rb_define_singleton_method(lowlevel, "library_version",       vacman_library_version, 0);
+  rb_define_singleton_method(lowlevel, "import",                vacman_dpx_import, 2);
+
+  /* Token methods */
+  rb_define_singleton_method(lowlevel, "token_property_names",  vacman_token_get_property_names, 0);
+  rb_define_singleton_method(lowlevel, "get_token_property",    vacman_token_get_property, 2);
+  rb_define_singleton_method(lowlevel, "set_token_property",    vacman_token_set_property, 3);
+  rb_define_singleton_method(lowlevel, "set_token_pin",         vacman_token_set_pin, 2);
+  rb_define_singleton_method(lowlevel, "verify_password",       vacman_token_verify_password, 2);
+  rb_define_singleton_method(lowlevel, "generate_password",     vacman_token_generate_password, 1);
+
+  /* Kernel methods */
+  rb_define_singleton_method(lowlevel, "kernel_property_names", vacman_kernel_get_property_names, 0);
+  rb_define_singleton_method(lowlevel, "get_kernel_param",      vacman_kernel_get_param, 1);
+  rb_define_singleton_method(lowlevel, "set_kernel_param",      vacman_kernel_set_param, 2);
+}
+
+/*
+ * Raises an Error, decoding the Vacman Controller error code.
+ */
+void vacman_library_error(const char* method, int vacman_error_code) {
+  aat_ascii vacman_error_message[100]; // Recommended value in documentation.
+
+  AAL2GetErrorMsg(vacman_error_code, vacman_error_message);
+
+  char error_message[256];
+  snprintf(error_message, 255, "%s error %d: %s", method, vacman_error_code,
+           vacman_error_message);
+
+  VALUE exc = rb_exc_new2(e_VacmanError, error_message);
+  rb_iv_set(exc, "@library_method", rb_str_new2(method));
+  rb_iv_set(exc, "@error_code",     INT2FIX(vacman_error_code));
+  rb_iv_set(exc, "@error_message",  rb_str_new2(vacman_error_message));
+
+  rb_exc_raise(exc);
+}
+
+
+/*
+ * Use AAL2GetLibraryVersion to obtain library version and return it as a Ruby Hash
+ */
+VALUE vacman_library_version(VALUE unused) {
+  aat_ascii version[16];
+  aat_int32 version_len = sizeof(version);
+
+  aat_ascii bitness[4];
+  aat_int32 bitness_len = sizeof(bitness);
+
+  aat_ascii type[8];
+  aat_int32 type_len = sizeof(type);
+
+  aat_int32 result = AAL2GetLibraryVersion(version, &version_len, bitness,
+      &bitness_len, type, &type_len);
+
+  if (result != 0) {
+    vacman_library_error("AAL2GetLibraryVersion", result);
+    return Qnil;
+  }
+
+  VALUE hash = rb_hash_new();
+  rb_hash_aset(hash, rb_str_new2("version"), rb_str_new2(version));
+  rb_hash_aset(hash, rb_str_new2("bitness"), rb_str_new2(bitness));
+  rb_hash_aset(hash, rb_str_new2("type"),    rb_str_new2(type));
+
+  return hash;
+}

data/ext/vacman_controller/serialize.c

@@ -0,0 +1,84 @@
+/*
+ * Vacman Controller wrapper
+ *
+ * This Ruby Extension wraps the VASCO Vacman Controller
+ * library and makes its API accessible to Ruby code.
+ *
+ * (C) 2013 https://github.com/mlankenau
+ * (C) 2019 m.barnaba@ifad.org
+ */
+#include "vacman_controller.h"
+
+static VALUE rbhash_get_key(VALUE token, const char *property, int type);
+
+/*
+ * Convert a Ruby Hash with the required keys to a TDigipassBlob structure.
+ */
+void vacman_rbhash_to_digipass(VALUE token, TDigipassBlob* dpdata) {
+  if (!RB_TYPE_P(token, T_HASH)) {
+    rb_raise(e_VacmanError, "invalid token object given, requires an hash");
+    return;
+  }
+
+  VALUE blob     = rbhash_get_key(token, "blob",     T_STRING);
+  VALUE serial   = rbhash_get_key(token, "serial",   T_STRING);
+  VALUE app_name = rbhash_get_key(token, "app_name", T_STRING);
+  VALUE flag1    = rbhash_get_key(token, "flags1",   T_FIXNUM);
+  VALUE flag2    = rbhash_get_key(token, "flags2",   T_FIXNUM);
+
+  memset(dpdata, 0, sizeof(*dpdata));
+
+  strcpy(dpdata->Blob, rb_string_value_cstr(&blob));
+  strncpy(dpdata->Serial, rb_string_value_cstr(&serial), sizeof(dpdata->Serial));
+  strncpy(dpdata->AppName, rb_string_value_cstr(&app_name), sizeof(dpdata->AppName));
+  dpdata->DPFlags[0] = rb_fix2int(flag1);
+  dpdata->DPFlags[1] = rb_fix2int(flag2);
+}
+
+/*
+ * Convert a TDigipassBlob structure into a Ruby Hash
+ */
+void vacman_digipass_to_rbhash(TDigipassBlob* dpdata, VALUE hash) {
+  char buffer[256];
+
+  memset(buffer, 0, sizeof(buffer));
+  strncpy(buffer, dpdata->Serial, 10);
+  rb_hash_aset(hash, rb_str_new2("serial"), rb_str_new2(buffer));
+
+  memset(buffer, 0, sizeof(buffer));
+  strncpy(buffer, dpdata->AppName, 12);
+  rb_hash_aset(hash, rb_str_new2("app_name"), rb_str_new2(buffer));
+
+  memset(buffer, 0, sizeof(buffer));
+  strncpy(buffer, dpdata->Blob, 224);
+  rb_hash_aset(hash, rb_str_new2("blob"), rb_str_new2(buffer));
+
+  rb_hash_aset(hash, rb_str_new2("flags1"), rb_fix_new(dpdata->DPFlags[0]));
+  rb_hash_aset(hash, rb_str_new2("flags2"), rb_fix_new(dpdata->DPFlags[1]));
+}
+
+/*
+ * Gets the given property from the given token hash and raises an Error
+ * if the following conditions occur:
+ *
+ * * The key is not found
+ * * The key is not of the given type
+ *
+ * Otherwise, the value corresponding to the key is returned.
+ *
+ */
+static VALUE rbhash_get_key(VALUE token, const char *property, int type) {
+  VALUE ret = rb_hash_aref(token, rb_str_new2(property));
+
+  if (ret == Qnil) {
+    rb_raise(e_VacmanError, "invalid token object given: %s property is nil", property);
+    return Qnil;
+  }
+
+  if (!RB_TYPE_P(ret, type)) {
+    rb_raise(e_VacmanError, "invalid token object given: %s property is not of the correct type", property);
+    return Qnil;
+  }
+
+  return ret;
+}

data/ext/vacman_controller/token.c

@@ -0,0 +1,207 @@
+/*
+ * Vacman Controller wrapper
+ *
+ * This Ruby Extension wraps the VASCO Vacman Controller
+ * library and makes its API accessible to Ruby code.
+ *
+ * (C) 2013 https://github.com/mlankenau
+ * (C) 2019 m.barnaba@ifad.org
+ */
+#include "vacman_controller.h"
+
+/*
+ * Vacman properties names and IDs registry
+ */
+struct token_property {
+  const char *name;
+  aat_int32 id;
+};
+static struct token_property vacman_token_properties[] = {
+  {"token_model",                   TOKEN_MODEL                   },
+  {"token_status",                  TOKEN_STATUS                  },
+  {"use_count",                     USE_COUNT                     },
+  {"last_time_used",                LAST_TIME_USED                },
+  {"last_time_shift",               LAST_TIME_SHIFT               },
+  {"time_based_algo",               TIME_BASED_ALGO               },
+  {"event_based_algo",              EVENT_BASED_ALGO              },
+  {"pin_supported",                 PIN_SUPPORTED                 },
+  {"unlock_supported",              UNLOCK_SUPPORTED              },
+  {"pin_ch_on",                     PIN_CH_ON                     },
+  {"pin_change_enabled",            PIN_CH_ON                     },
+  {"pin_len",                       PIN_LEN                       },
+  {"pin_length",                    PIN_LEN                       },
+  {"pin_min_len",                   PIN_MIN_LEN                   },
+  {"pin_minimum_length",            PIN_MIN_LEN                   },
+  {"pin_enabled",                   PIN_ENABLED                   },
+  {"pin_ch_forced",                 PIN_CH_FORCED                 },
+  {"pin_change_forced",             PIN_CH_FORCED                 },
+  {"virtual_token_type",            VIRTUAL_TOKEN_TYPE            },
+  {"virtual_token_grace_period",    VIRTUAL_TOKEN_GRACE_PERIOD    },
+  {"virtual_token_remain_use",      VIRTUAL_TOKEN_REMAIN_USE      },
+  {"last_response_type",            LAST_RESPONSE_TYPE            },
+  {"error_count",                   ERROR_COUNT                   },
+  {"event_value",                   EVENT_VALUE                   },
+  {"last_event_value",              LAST_EVENT_VALUE              },
+  {"sync_windows",                  SYNC_WINDOWS                  },
+  {"primary_token_enabled",         PRIMARY_TOKEN_ENABLED         },
+  {"virtual_token_supported",       VIRTUAL_TOKEN_SUPPORTED       },
+  {"virtual_token_enabled",         VIRTUAL_TOKEN_ENABLED         },
+  {"code_word",                     CODE_WORD                     },
+  {"auth_mode",                     AUTH_MODE                     },
+  {"ocra_suite",                    OCRA_SUITE                    },
+  {"derivation_supported",          DERIVATION_SUPPORTED          },
+  {"max_dtf_number",                MAX_DTF_NUMBER                },
+  {"response_len",                  RESPONSE_LEN                  },
+  {"response_length",               RESPONSE_LEN                  },
+  {"response_format",               RESPONSE_FORMAT               },
+  {"response_chk",                  RESPONSE_CHK                  },
+  {"response_checksum",             RESPONSE_CHK                  },
+  {"time_step",                     TIME_STEP                     },
+  {"use_3des",                      TRIPLE_DES_USED               },
+  {"triple_des_used",               TRIPLE_DES_USED               },
+};
+
+static size_t vacman_token_properties_count = sizeof(vacman_token_properties)/sizeof(struct token_property);
+
+/*
+ * Convert property name to property ID
+ */
+static long vacman_token_get_property_id(char *property_name) {
+  for (size_t i = 0; i < vacman_token_properties_count; i++) {
+    if (strcmp(property_name, vacman_token_properties[i].name) == 0) {
+      return vacman_token_properties[i].id;
+    }
+  }
+
+  rb_raise(e_VacmanError, "Invalid property name `%s'", property_name);
+  return 0;
+}
+
+
+/*
+ * Get token property names
+ */
+VALUE vacman_token_get_property_names() {
+  VALUE ret = rb_ary_new();
+
+  for (size_t i = 0; i < vacman_token_properties_count; i++) {
+    const char *name = vacman_token_properties[i].name;
+    rb_ary_push(ret, rb_str_new2(name));
+  }
+
+  return ret;
+}
+
+
+/*
+ * Get the given property value from the given token.
+ */
+VALUE vacman_token_get_property(VALUE module, VALUE token, VALUE property) {
+  TDigipassBlob dpdata;
+  vacman_rbhash_to_digipass(token, &dpdata);
+
+  aat_ascii value[64];
+  aat_int32 property_id = vacman_token_get_property_id(StringValueCStr(property));
+  aat_int32 result = AAL2GetTokenProperty(&dpdata, &g_KernelParms, property_id, value);
+
+  if (result == 0) {
+    return rb_str_new2(value);
+  } else {
+    vacman_library_error("AAL2GetTokenProperty", result);
+    return Qnil;
+  }
+}
+
+
+/*
+ * Set the given token property to the given value.
+ */
+VALUE vacman_token_set_property(VALUE module, VALUE token, VALUE property, VALUE rbval) {
+  TDigipassBlob dpdata;
+
+  aat_int32 property_id = vacman_token_get_property_id(StringValueCStr(property));
+  aat_int32 value = rb_fix2int(rbval);
+
+  vacman_rbhash_to_digipass(token, &dpdata);
+
+  aat_int32 result = AAL2SetTokenProperty(&dpdata, &g_KernelParms, property_id, value);
+
+  vacman_digipass_to_rbhash(&dpdata, token);
+
+  if (result == 0) {
+    return Qtrue;
+  } else {
+    vacman_library_error("AAL2SetTokenProperty", result);
+    return Qnil;
+  }
+}
+
+
+/*
+ * Changes the static password on the given token.
+ */
+VALUE vacman_token_set_pin(VALUE module, VALUE token, VALUE pin) {
+  TDigipassBlob dpdata;
+
+  if (!RB_TYPE_P(pin, T_STRING)) {
+    rb_raise(e_VacmanError, "invalid pin given, requires a string");
+    return Qnil;
+  }
+
+  vacman_rbhash_to_digipass(token, &dpdata);
+
+  aat_ascii *passwd = StringValueCStr(pin);
+  aat_int32 result = AAL2ChangeStaticPassword(&dpdata, &g_KernelParms, passwd, passwd);
+
+  vacman_digipass_to_rbhash(&dpdata, token);
+
+  if (result == 0) {
+    return Qtrue;
+  } else {
+    vacman_library_error("AAL2ChangeStaticPassword", result);
+    return Qnil;
+  }
+}
+
+
+/*
+ * Verifies the given OTP against the given token.
+ */
+VALUE vacman_token_verify_password(VALUE module, VALUE token, VALUE password) {
+  TDigipassBlob dpdata;
+
+  vacman_rbhash_to_digipass(token, &dpdata);
+
+  aat_int32 result = AAL2VerifyPassword(&dpdata, &g_KernelParms, rb_string_value_cstr(&password), 0);
+
+  vacman_digipass_to_rbhash(&dpdata, token);
+
+  if (result == 0)
+    return Qtrue;
+  else {
+    vacman_library_error("AAL2VerifyPassword", result);
+    return Qnil;
+  }
+}
+
+/*
+ * Generate an OTP from the given token, if the token allows it.
+ */
+VALUE vacman_token_generate_password(VALUE module, VALUE token) {
+  TDigipassBlob dpdata;
+
+  vacman_rbhash_to_digipass(token, &dpdata);
+
+  aat_ascii password[18];
+  memset(password, 0, sizeof(password));
+
+  aat_int32 result = AAL2GenPassword(&dpdata, &g_KernelParms, password, NULL);
+  vacman_digipass_to_rbhash(&dpdata, token);
+
+  if (result != 0) {
+    vacman_library_error("AAL2GenPassword", result);
+    return Qnil;
+  }
+
+  return rb_str_new2(password);
+}

data/ext/vacman_controller/vacman_controller.h

@@ -0,0 +1,53 @@
+#ifndef __vacman_controller_h__
+#define __vacman_controller_h__
+
+#if defined(__cplusplus)
+extern "C" {
+#if 0
+} /* satisfy cc-mode */
+#endif
+#endif
+
+#include <ruby.h>
+#include <string.h>
+#include <aal2sdk.h>
+
+/* The Vacman default kernel parameters, set up upon extension initialisation. */
+TKernelParms g_KernelParms;
+
+/* Ruby exception type, defined as VacmanController::Error in Ruby land. */
+VALUE e_VacmanError;
+
+/* General methods (main.c) */
+void vacman_library_error(const char* method, int vacman_error_code);
+VALUE vacman_library_version(VALUE unused);
+
+/* Kernel methods (kernel.c) */
+VALUE vacman_kernel_get_property_names();
+VALUE vacman_kernel_get_param(VALUE module, VALUE paramname);
+VALUE vacman_kernel_set_param(VALUE module, VALUE paramname, VALUE rbval);
+void vacman_kernel_init_params();
+
+/* Token methods (token.c) */
+VALUE vacman_token_get_property_names();
+VALUE vacman_token_get_property(VALUE module, VALUE token, VALUE property);
+VALUE vacman_token_set_property(VALUE module, VALUE token, VALUE property, VALUE rbval);
+VALUE vacman_token_set_pin(VALUE module, VALUE token, VALUE pin);
+VALUE vacman_token_verify_password(VALUE module, VALUE token, VALUE password);
+VALUE vacman_token_generate_password(VALUE module, VALUE token);
+
+/* Token interchange format between Ruby and libaal2 (serialize.c) */
+void vacman_rbhash_to_digipass(VALUE token, TDigipassBlob* dpdata);
+void vacman_digipass_to_rbhash(TDigipassBlob* dpdata, VALUE hash);
+
+/* DPX methods (dpx.c) */
+VALUE vacman_dpx_import(VALUE module, VALUE filename, VALUE key);
+
+#if defined(__cplusplus)
+#if 0
+{ /* satisfy cc-mode */
+#endif
+}  /* extern "C" { */
+#endif
+
+#endif /* __vacman_controller_h__ */