Login
    Contenu x
    AAL2ProcVerifyMessageSignatureRpl
    • 22 Jan 2025
    • 2 Minutes à lire
    • Sombre
      Lumière
    • PDF
    Contenu

    AAL2ProcVerifyMessageSignatureRpl

    • Mis à jour le 22 Jan 2025
    • 2 Minutes à lire
    • Sombre
      Lumière
    • PDF
    The content is currently unavailable in French. You are viewing the default English version.
    Résumé de l’article

    Function prototype

    aat_int32 AAL2ProcVerifyMessageSignatureRpl(
                                     aat_byte      *InReply,
                                     aat_int32      ReplySize,
                                     TDigipassBlob *DPData,
                                     aat_ascii     *ConfirmationCode,
                                     aat_int3      *ConfirmationCodeLength);

    Description

    This function processes a reply from the HSM to a deactivation message command generated with AAL2GenVerifyMessageSignatureCmd.

    The message signature validation on the HSM is identical to the functionality available with the Authentication Suite Server SDK Software Digipass Multi-Device Activation Service and the Digipass Secure Channel Service. For information on the associated functions, refer to the Authentication Suite Server SDK C-C++ Programmer's Guide.

    Score-based Digipass

    For Digipass devices that integrate the score-based algorithm, the HSM module performs a score-based message signature validation which allows retrieving the Digipass scoring value. Once the HSM module has successfully validated the signature, it returns either SUCCESS or SUCCESS with the relevant scoring warning code. See return codes in Table: Return codes (AAL2ProcVerifyMessageSignatureRpl) for more details.

    Parameters

      Table: Parameters (AAL2ProcVerifyMessageSignatureRpl)
    TypeNameUseDescription
    aat_byte *InReplyI

    Up to 231 bytes that contain the MESSAGE SIGNATURE VALIDATION command type and the output data from the message signature validation function on the HSM:

    • Command type - 2 bytes
    • An authenticator application BLOB - 192 bytes
    • Confirmation code - up to 17 characters
    • Confirmation code length - 4 bytes
    • Return code - 4 bytes

    Plus 16 bytes for Authentication Suite Server SDK internal use.

    aat_int32ReplySizeIThe length of the InReply message.
    TDigipassBlob *DPDataOauthenticator application BLOB of the Digipass instance to use for the signature verification. Upon return from the function call, this BLOB must be rewritten to the application database to reflect changes.
    aat_ascii * ConfirmationCodeO

    String of up to 16+1 numeric or hexadecimal characters, left-justified, null-terminated or right-padded with spaces. This is the confirmation code generated by Authentication Suite Server SDK for this signature (recommended buffer size is 17 bytes).

    aat_int32 * ConfirmationCodeLen O

    In input, this parameter must indicate the size of the allocated buffer for the ConfirmationCode parameter (recommended 17 bytes). In output, this parameter indicates the length of the ConfirmationCode string (without the null-terminated character).

    Return codes

      Table:  Return codes (AAL2ProcVerifyMessageSignatureRpl)
    CodeMeaningCodeMeaning
    0Success1018Invalid TLV item pointer
    10001Success with context warning*1019Missing mandatory TLV item
    10002Success with user warning*1025Buffer too small
    10003Success with user & context warning*1103Unlock Version 2 not supported
    10004Success with platform warning*1116Response check digit not allowed
    10005Success with platform & context warning*1117Challenge check digit not allowed
    10006Success with platform & user warning*1118Unsupported BLOB
    10007Success with platform & user & context warning*1309Application cannot be used for Secure Channel transactions
    1Signature not verified1337Unsupported message protocol version
    132Unsupported token type1339Invalid message length
    203Sign error threshold reached1364Message time validity expired
    204Duplicate signature found-103Data field check digit wrong
    205Inactive days reached-105Challenge minimum length not allowed
    206Chronological signature error-106Challenge maximum length not allowed
    208Application disabled-107Challenge number wrong
    272Invalid wrapped key-108Challenge character invalid
    412Invalid checksum (software)-201Response length out of bounds
    413Invalid Base64 format-202Response too short
    414Invalid checksum (HSM)-203Response too long
    510Invalid Digipass data pointer-102Data field too long
    701Invalid input buffer pointer-204Response check digit wrong
    910Invalid HSM command in reply-205Response character not decimal
    912HSM invalid BLOB status-206Response character not hexadecimal
    913Invalid HSM key property-207Response character set not specified
    951Invalid HSM key type for HSM decryption-1501Memory allocation failed
    1009Invalid TLV total length  

    * Specific score-based authentication codes; for more information, refer to Score-based Digipass.

    Cet article vous a-t-il été utile ?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle