Login
    Contenu x
    AAL2ProcQADecryptQABlobRpl
    • 22 Jan 2025
    • 2 Minutes à lire
    • Sombre
      Lumière
    • PDF
    Contenu

    AAL2ProcQADecryptQABlobRpl

    • Mis à jour le 22 Jan 2025
    • 2 Minutes à lire
    • Sombre
      Lumière
    • PDF
    The content is currently unavailable in French. You are viewing the default English version.
    Résumé de l’article

    Function Prototype

    aat_int32 AAL2ProcQADecryptQABlobRpl(
                                     aat_byte        *InReply,
                                     aat_int32        ReplySize,
                                     TDigipassBlob   *DPData,
                                     aat_ascii       *aQABlobOut,
                                     aat_int32       *QABlobSize);

    Description

    This function processes a reply from the HSM to a decrypt QABlob code command generated with the AAL2GenQADecryptQABlobCmd function.

    The Digipass Question/Answer Authentication Service on the HSM is identical to the functionality available with the Authentication Suite Server SDK Software Question/Answer Authentication Service. For information on the associated functions, refer to the Authentication Suite Server SDK C-C++ Programmer's Guide.

    Score-based Digipass

    For Digipass devices that integrate the score-based algorithm, the HSM module performs a score-based authentication to decrypt the QA BLOB. This allows retrieving the Digipass scoring value. Once the HSM module has successfully decrypted the QA BLOB, it returns either SUCCESS or SUCCESS with the relevant scoring warning code. See the list of return codes in Table: Return codes (AAL2ProcQADecryptQABlobRpl) for more details.

    Parameters

      Table: Parameters (AAL2ProcQADecryptQABlobRpl)
    TypeNameUseDescription
    aat_byte *InReplyI

    Up to 576 bytes that contain the decrypt QABlob command type and the output data from the decrypt function on the HSM:

    • Command type - 2 bytes
    • An authenticator application BLOB - 192 bytes
    • Return code - 4 bytes
    • Decrypted QABlob - up to 358 bytes
    • QABlob size - 4 bytes

    Plus 16 bytes for Authentication Suite Server SDK internal use.

    aat_int32ReplySizeIThe length of the InReply message.
    TDigipassBlob*DPDataO

    Digipass application BLOB. Upon return from the function call, this BLOB must be rewritten to the application database to reflect changes.

    aat_ascii *aQABlobOut O

    String of up to 358+1 alpha-numeric characters, null-terminated containing the BLOB resulting from the formatted answer hash :

    • UserID - 32 chars
    • BLOB version - 2 chars
    • Hash number - 2 chars
    • Decrypted answer hashes - up to 10 times 32 hexadecimal characters
    • Checksum - 2 decimal characters

    Each answer hash contains:

    • 2 hexadecimal characters representing the index (01 to 0A)
    • 30 hexadecimal characters containing the decrypted answer hash
    aat_int32 *QABlobSize I/O

    In input, this parameter must indicate the size of the allocated buffer for the QABlobOut parameter (recommended 359 bytes).

    In output, this parameter indicates the length of the QABlobOut string (without the null-terminated character).

    Return codes

      Table:  Return codes (AAL2ProcQADecryptQABlobRpl)
    CodeMeaningCodeMeaning
    0Success802Change password mandatory
    10001Success with context warning*803New password too short
    10002Success with user warning*804New password too long
    10003Success with user & context warning*910Invalid HSM command in reply
    10004Success with platform warning*912HSM invalid BLOB status
    10005Success with platform & context warning*913Invalid HSM key property
    10006Success with platform & user warning*951Invalid HSM key type for HSM decryption
    10007Success with platform & user & context warning*1009Invalid TLV total length
    1Code not verified1018Invalid TLV item pointer
    2Static password validation failed1019Missing mandatory TLV item
    131Missing required challenge1025Data buffer too small
    140Challenge corrupted1039Invalid response length with DP algorithm
    201Code replay attempt1040Invalid host code length with DP algorithm
    202Identification error threshold reached1103Unlock Version 2 not supported
    205Inactive days reached1118Unsupported BLOB
    208Application disabled-101Challenge too short
    272Invalid wrapped key-102Challenge too long
    412Invalid checksum (software)-103Challenge check digit wrong
    413Invalid Base64 format-105

    Challenge minimum length not allowed

    414Invalid checksum (HSM)-106Challenge maximum length not allowed
    510Invalid Digipass data pointer-107Challenge number wrong
    530Invalid QA data pointer-108Challenge character invalid
    532Invalid QA data length-201Response length out of bounds
    535Invalid QA number-202Response too short
    536Invalid encrypted QA data-203Response too long
    600Invalid Gordian root information-204Response check digit wrong
    601Invalid Gordian today information-205Response character not decimal
    602Invalid Gordian tomorrow information-206Response character not hexadecimal
    603Invalid Gordian stimulus information-207Response character set not specified
    701Invalid input buffer pointer-1501Memory allocation failed

    * Specific score-based authentication codes; for more information, refer to  Score-based Digipass.

    Cet article vous a-t-il été utile ?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle