AAL2GenVerifyMessageSignatureCmd

Mis à jour le 22 Jan 2025
3 Minutes à lire

Partager
Sombre
Lumière
PDF

The content is currently unavailable in French. You are viewing the default English version.

Résumé de l’article

Avez-vous trouvé ce résumé utile ?

Merci pour vos commentaires

Function prototype

aat_int32 AAL2GenVerifyMessageSignatureCmd(
                                     aat_byte       *Cmd,
                                     aat_int32      *CmdSize,
                                     TDigipassBlob  *DPData,
                                     TKernelParms   *CallParms,
                                     aat_ascii      *aStorageKeyNameIn,
                                     aat_ascii      *aIVIn,
                                     aat_int32       MessageExpirationTime,
                                     aat_ascii      *Signature,
                                     aat_ascii      *SignedMessage,
                                     aat_int32       DeferredSignatureData);

Description

This function creates a command that directs the HSM to verify a message signature using the given data and to return a result in the form of a reply.

The message signature validation on the HSM is identical to the functionality available with the Authentication Suite Server SDK Software Digipass Multi-Device Activation Service and the Digipass Secure Channel Service. For information on the associated functions, refer to the Authentication Suite Server SDK C-C++ Programmer's Guide..

This function must be used with the post-HSM API AAL2ProcVerifyMessageSignatureRpl.

Signed message optional expiration check

This function allows optionally checking a maximum amount of time authorized since the generation of Activation Message 2 or the request message for which the signature validation is performed. This message time validity check depends on the MessageExpirationTime parameter.

If MessageExpirationTime = 0, the function will not perform any message time validity check.

If MessageExpirationTime > 0, MessageExpirationTime represents the maximum amount of time (expressed in seconds) authorized since the generation of the message (Activation Message 2 or a request message).

Activation Message 2 or the request messages must have been MANDATORILLY generated by Authentication Suite Server SDK 3.15.1 or more if checking the time validity (i.e. MessageExpirationTime > 0).
The timestamp of the generation time is embedded in Activation Message 2 and the request messages only as of Authentication Suite Server SDK 3.15.1.

Parameters

Table: Parameters (AAL2GenVerifyMessageSignatureCmd)
Type	Name	Use	Description
aat_byte *	Cmd	O	Up to 662 bytes that serialize the MESSAGE SIGNATURE VALIDATION command type and the input data to the message signature validation function on the HSM: Command type - 2 bytes An authenticator application BLOB - 192 bytes Runtime parameters - 80 bytes StorageKeyName - up to 128 characters InitialVector - 8 bytes MessageExpirationTime - 4 bytes Signature - up to 17 characters Formatted signed message - 8 x 20 characters Host time - 4 bytes Plus 67 bytes for Authentication Suite Server SDK internal use.
aat_int32 *	CmdSize	I/O	On entry, this parameter contains the size of the Cmd buffer.On exit, this parameter contains the length of the Cmd message.
TDigipassBlob*	DPData	I	authenticator application BLOB of the Digipass instance to use for the signature verification.
TKernelParms *	CallParms	I	Structure of runtime parameters to use during this function call.
aat_ascii *	aStorageKeyNameIn	I	String of up to 128+1 characters, left-justified, null-terminated, or right-padded with spaces. This is the label of the HSM storage key used to encrypt the sensitive Digipass application BLOB data.
aat_ascii *	aIVIn	I	String of 16 hexadecimal characters, left-justified, null-terminated, or right-padded with spaces. This is the initial vector used to encrypt the sensitive authenticator application BLOB data.
aat_int32	MessageExpirationTime	I	Must be mandatorily equal or greater to 0. If MessageExpirationTime = 0: No message time validity check. If MessageExpirationTime > 0: MessageExpirationTime represents the maximum amount of time (expressed in seconds) authorized since the generation of the message (Activation Message 2 or a request message).
aat_ascii *	Signature	I	String of up to 17 numeric or hexadecimal characters, null-terminated or padded with spaces.
aat_ascii *	SignedMessage	I	Hexadecimal character string containing the message that has been used by the Digipass device to generate the signature. String length must be a multiple of 2. This can be either an Activation Message 2 or a request message.
aat_int32	DeferredSignatureData	I	Must be 0 if signature is validated in online mode (OnlineSG=1 or 2). If signature is validated in offline mode with OnlineSG=0, this parameter can receive the Digipass date of the signature generation (number of elapsed seconds since January 1, 1970) or 0. (With 0, the current time is used.) If this parameter is >0, the filled parameter must be the Digipass time, not the host time. If the signature is validated in offline mode with OnlineSG=3, this parameter must receive counter of the Digipass instance used for the signature generation.

Return codes

Table: Return codes (AAL2GenVerifyMessageSignaturCmd)
Code	Meaning	Code	Meaning
0	Success	706	Invalid data buffer pointer
149	Invalid initial vector length	1000	Function does not support EMV-CAP
139	Invalid signature pointer	1025	Buffer too small
412	Invalid checksum (software)	1299	Signed message not hexadecimal
413	Invalid Base64 format	1300	Invalid signed message length
510	Invalid Digipass data pointer	1301	Invalid signed message pointer
590	Invalid command pointer	1363	Invalid message expiration time value

Cet article vous a-t-il été utile ?

What's Next

AAL2ProcVerifyMessageSignatureRpl

Table des matières

Function prototype
Description
Parameters
Return codes