AAL2ProcMessageResponseICSF

Mis à jour le 22 Jan 2025
2 Minutes à lire

Partager
Sombre
Lumière
PDF

The content is currently unavailable in French. You are viewing the default English version.

Résumé de l’article

Avez-vous trouvé ce résumé utile ?

Merci pour vos commentaires

Function prototype

aat_int32 AAL2ProcMessageResponseICSF (
                                   aat_ascii       *PKBlob,
                                   TKernelParms    *CallParms,
                                   aat_ascii       *aStorageKeyNameIn,
                                   aat_ascii       *aInitialVectorIn,
                                   aat_ascii       *ResponseMessage,
                                   aat_ascii       *RequestMessage,
                                   aat_ascii       *ResponseBody,
                                   aat_int32       *ResponseBodyLength);

Description

This function is used to extract a clear response body from a response message, using the payload key embedded into the payload key BLOB.

The payload key BLOB, mandatory only if the response message is protected (encrypted and/or signed) must be mandatorily the one corresponding to the Digipass serial number of the client device that generated the response message.

For Digipass client devices supporting the two-way Secure Channel, the response message will be sent back by the device as a reply to a request message.

Response message processing is only applicable to hardware and software Digipass authenticators compliant with the Secure Channel protocol. If the response message was correctly processed and contains a Secure Channel request error that is detected by the device, the return code is dependent on the Secure Channel request error code byte (return code = offset + code byte with offset = 5000). See the list of return codes in Table: Return codes (AAL2ProcMessageResponseICSF) for more details.

Parameters

Table: Parameters (AAL2ProcMessageResponseICSF)
Type	Name	Use	Description
aat_ascii *	PKBlob	I	Contains the payload key BLOB that has been generated for the Digipass instances activated with a particular serial number license (in case of the multi-device licensing model) or that has been imported for the Digipass authenticator with a particular serial number license (in case of single-device licensing model). The payload key BLOB parameter is mandatory only if the information message is protected (encrypted and/or signed); can be NULL or empty if the information message is not protected (neither encrypted nor signed).
TKernelParms *	CallParms	I	Structure of runtime parameters to use during this function call.
aat_ascii *	aStorageKeyNameIn	I	String of up to 64+1 characters, left-justified, null-terminated, or right-padded with spaces. This is the label of the ICSF storage key used to encrypt the sensitive Digipass application BLOB data.
aat_ascii *	aInitialVectorIn	I	String of 16 hexadecimal characters, left-justified, null-terminated, or right-padded with spaces. This is the initial vector used to encrypt the sensitive authenticator application BLOB data.
aat_ascii *	ResponseMessage	I	Hexadecimal character string containing the response message that has been generated by the Digipass client device in reply to a request message. The string length must be a multiple of 2 with a maximum length of 1070 characters.
aat_ascii *	RequestMessage	I	Hexadecimal character string containing the request message that has been used by the Digipass device to generate the response message. String length must be multiple of 2 with a maximum length of 1070 characters.
aat_ascii *	ResponseBody	O	String of up to 1024+1 hexadecimal characters, null-terminated. In case of a successful operation, this parameter contains the clear response body extracted from the ResponseMessage.
aat_int32 *	ResponseBodyLength	I/O	In input, this parameter must indicate the size of the allocated buffer for the ResponseBody parameter (recommended are 1025 bytes). In output, this parameter indicates the length of the RequestBody string (without the null-terminated character).

Return codes

Table: Return codes (AAL2ProcMessageResponseICSF)
Code	Meaning	Code	Meaning
0	Success	1348	Invalid response message pointer
412	Invalid checksum	1349	Invalid response body pointer
413	Invalid Base64 format	1350	Invalid response body length pointer
807	Serial number not equal	1351	Response body buffer too small
951	Invalid HSM key type for HSM decryption	1352	Nonces are not equal
1119	Unsupported payload key BLOB	1353	Payload key BLOB is mandatory
1285	Master key derivation failed	1354	Invalid request message type
1288	Invalid serial number prefix	1355	Invalid response message type
1289	Invalid serial number suffix	1361	Invalid authentication tag
1302	AES CTR encryption failed	1362	Invalid response message error length
1303	Invalid request message pointer	5001*	Unsupported request message protocol version
1337	Unsupported message protocol version	5002*	Unsupported request message type
1338	Unsupported message type	5003*	Unsupported request message protection type
1341	Message is not hexadecimal	5004*	Invalid request message length
1342	Invalid response message length	5005*	Invalid request message; character not hexadecimal
1344	Invalid request message length	5006*	Incorrect serial number in the request message
1345	Invalid request message protection type	5007*	Invalid authentication tag in the request message
1346	Invalid message response protection type

*Specific request error message codes

Cet article vous a-t-il été utile ?

What's Next

AAL2QADecryptQABlobICSF

Table des matières

Function prototype
Description
Parameters
Return codes