Login
    Contenu x
    AAL2GenHashDataBlock (function)
    • 23 Jan 2025
    • 2 Minutes à lire
    • Sombre
      Lumière
    • PDF
    Contenu

    AAL2GenHashDataBlock (function)

    • Mis à jour le 23 Jan 2025
    • 2 Minutes à lire
    • Sombre
      Lumière
    • PDF
    The content is currently unavailable in French. You are viewing the default English version.
    Résumé de l’article

    Function prototype

    aat_int32 AAL2GenHashDataBlock (
    TDigipassBlob*  DPData,
    TKernelParms*   CallParms,
    aat_int32       EventWindow,
    aat_int32       StartTime,
    aat_int32       EndTime,
    aat_byte*       Salt,
    aat_int32       SaltLength,
    aat_word32      MaxRadomValue,
    aat_byte*       bKey,
    aat_int32       KeyLength,
    aat_byte*       bHashDataBlock,
    aat_int32*      HashDataBlockLength);

    Description

    This function generates a hash data block for the event window or time period for the given authenticator application BLOB. The content of HashDataBlock is transparent to the caller and loaded into the client-side hash verification library.

    The buffer for HashDataBlock must be allocated by the client prior to the function call. It is returned as a byte string in the following format:

    • Serial number on 22 ASCII characters
    • Data block size on 4 bytes
    • Data block version on 2 bytes
    • Maximum random diversifier on 4 bytes
    • Start window on 4 bytes. It can be an event value or time indicated in seconds.

    • Number of hashes used on 4 bytes.

      • Since Authentication Suite Server SDK 3.17.1, the maximum number of OTP hashes is 12000.
      • Prior Authentication Suite Server SDK 3.17.1, the maximum number of OTP hashes was 3000.
    • Data which contains the hashes list. Size of data is (number of hashes x 20) bytes
    • CRC on 4 bytes

    The allocated buffer size for bHashDataBlock must be (44 + (number of hashes x 20)) bytes. The number of hashes depends on the following parameters:

    • For event-based authenticators, the HashDataBlock buffer to allocate is (44 + (EventWindow x 20)) bytes.

      The maximum value for EventWindow is 12000 since Authentication Suite Server SDK 3.17.1 and was 3000 for earlier versions.

    • For time-based authenticators, the HashDataBlock buffer to allocate is (44 + ( ( (EndTime – StartTime) / TimeStep) x 20)) bytes.

      The maximum value for ( (EndTime – StartTime) / TimeStep) is 12000 since Authentication Suite Server SDK 3.17.1 and was 3000 for earlier versions.

    Parameters

      Table: Parameters (AAL2GenHashDataBlock)
    TypeNameUseDescription
    TDigipassBlob*DPDataI/OAuthenticator application BLOB. Upon return from the function call, this BLOB must be rewritten to the application database to reflect changes.
    TKernelParms*CallParmsIStructure of runtime parameters to use during this function call.
    aat_int32EventWindowI

    Number of events used to generate an OTP

    Possible values: 1–12000 (limited to 3000 prior Authentication Suite Server SDK 3.17.1).

    aat_int32StartTimeIThe beginning of the time window in seconds since 1970. If 0 is used, the current server time is used as reference.
    aat_int32EndTimeIThe end of the time window.
    aat_byte*SaltIThis parameter is used to further randomize the produced hashes. The same salt value is used to generate hashes of all the OTP values in the package.
    aat_int32SaltLengthI

    Length of the salt string parameter.

    Possible values: 1–512

    aat_word32MaxRadomValueIThe maximum value of a random element that will be used for the hash calculation. The purpose of this parameter is to increase the processing time on the client side to prevent brute-force attacks. If it is 0, a default diversifier will be used (MaxRadomValue =100). A value smaller than 100 is not recommended.
    aat_byte*bKeyI16-byte key that will be released in case of successful OTP validation.
    aat_int32KeyLengthILength of the key
    aat_byte*bHashDataBlockOHash data block list.
    aat_int32*HashDataBlockLengthI/OHash data block list length.

    Return codes

      Table: Return codes (AAL2GenHashDataBlock)
    CodeMeaning
    0Success
    132Unsupported token type. Only time- or event-based authenticators are supported.
    153Invalid event window
    154Invalid data block size (hash data block)
    155Invalid time window
    158Invalid salt pointer
    160Invalid hash data block pointer
    161Invalid key pointer
    162Salt buffer too big The maximum salt length is 512 bytes.
    163Key buffer too big The maximum key length is 16 bytes.
    510Invalid Digipass data pointer
    578Invalid BLOB status
    1103Unlock Version 2 not supported
    Cet article vous a-t-il été utile ?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle