This function processes a reply from the HSM to a password validation command which has been generated with AAL2GenVerifyPasswordEsCmd.
The password validation with enhanced security on the HSM is identical to the functionality available with the Authentication Suite Server SDK Software Dynamic Authentication Service. For information on the associated functions, refer to the Authentication Suite Server SDK C-C++ Programmer's Guide.
Parameters
Table: Parameters (AAL2ProcVerifyPasswordEsRpl)
Type
Name
Use
Description
aat_byte *
InReply
I
Up to 235 bytes that contain the VERIFY PASSWORD command type and the output data from the verify password function on the HSM:
Command type - 2 bytes
An authenticator application BLOB - 192 bytes
Return code - 4 bytes
Return host code length - 4 bytes
Return host code - up to 17 characters
Plus 16 bytes for Authentication Suite Server SDK internal use.
aat_int32 *
ReplySize
I
The length of the InReply message.
TDigipassBlob *
DPData
O
authenticator application description data block. Upon return from the function call, this BLOB must be rewritten to the application database to reflect changes.
aat_ascii *
aReturn HostCode Out
O
String of up to 17 numeric characters, left-justified, null-terminated, or right-padded with spaces. This is the code generated by Authentication Suite Server SDK. Leave NULL if not required.
aat_ascii *
ReturnHost CodeLen Out
I/O
Pointer to a long integer that in input contains the size of the ReturnHostCodeOut buffer, and in output contains the real length of the generated return host code. Leave NULL if not required.
Return codes
Table: Return codes (AAL2ProcVerifyPasswordEsRpl)
Code
Meaning
Code
Meaning
0
Success
912
HSM invalid BLOB status
10001
Success with context warning*
913
Invalid HSM key property
10002
Success with user warning*
951
Invalid HSM key type for HSM decryption
10003
Success with user & context warning*
1009
Invalid TLV total length
10004
Success with platform warning*
1018
Invalid TLV item pointer
10005
Success with platform & context warning*
1019
Missing mandatory TLV item
10006
Success with platform & user warning*
1025
Data buffer too small
10007
Success with platform & user & context warning*
1039
Invalid response length with DP algorithm
1
Code not verified
1040
Invalid host code length with DP algorithm
2
Static password validation failed
1103
Unlock Version 2 not supported
131
Missing required challenge
1116
Response check digit not allowed
140
Challenge corrupted
1117
Challenge check digit not allowed
201
Code replay attempt
1118
Unsupported BLOB
202
Identification error threshold reached
-101
Challenge too short
205
Inactive days reached
-102
Challenge too long
208
Application disabled
-103
Challenge check digit wrong
272
Invalid wrapped key
-105
Challenge minimum length not allowed
412
Invalid checksum (software)
-106
Challenge maximum length not allowed
413
Invalid Base64 format
-107
Challenge number wrong
414
Invalid checksum (HSM)
-108
Challenge character invalid
510
Invalid Digipass data pointer
-153
Server public key too long
600
Invalid Gordian root information
-201
Response length out of bounds
601
Invalid Gordian today information
-202
Response too short
602
Invalid Gordian tomorrow information
-203
Response too long
603
Invalid Gordian stimulus information
-204
Response check digit wrong
701
Invalid input buffer pointer
-205
Response character not decimal
802
Change password mandatory
-206
Response character not hexadecimal
803
New password too short
-207
Response character set not specified
804
New password too long
-1501
Memory allocation failed
910
Invalid HSM command in reply
* Specific score-based authentication codes; for more information, refer to Score-based Digipass.
Cet article vous a-t-il été utile ?
Merci pour vos commentaires! Notre équipe vous répondra
