Login
    Contenu x
    AAL2ProcVerifyPasswordRpl
    • 22 Jan 2025
    • 2 Minutes à lire
    • Sombre
      Lumière
    • PDF
    Contenu

    AAL2ProcVerifyPasswordRpl

    • Mis à jour le 22 Jan 2025
    • 2 Minutes à lire
    • Sombre
      Lumière
    • PDF
    The content is currently unavailable in French. You are viewing the default English version.
    Résumé de l’article

    Function prototype

    aat_int32 AAL2ProcVerifyPasswordRpl(
                                    aat_byte      *InReply,
                                    aat_int32     *ReplySize,
                                    TDigipassBlob *DPData,
                                    aat_ascii     *aReturnHostCodeOut,
                                    aat_int32     *ReturnHostCodeLenOut);

    Description

    This function processes a reply from the HSM to a password validation command which has been generated either with AAL2GenVerifyPasswordCmd or AAL2GenVerifyPasswordCmdEx.

    The password validation on the HSM is identical to the functionality available with the Authentication Suite Server SDK Software Dynamic Authentication Service. For information on the associated functions, refer to the Authentication Suite Server SDK C-C++ Programmer's Guide.

    Score-based Digipass

    For Digipass devices that integrate the score-based algorithm, the HSM module performs a score-based authentication which allows retrieving the Digipass scoring value. Once the HSM module has successfully validated the password, it returns either SUCCESS or SUCCESS with the relevant scoring warning code. See the return codes in Table: Return codes (AAL2ProcVerifyPasswordRpl) for more details.

    Parameters

      Table: Parameters (AAL2ProcVerifyPasswordRpl)
    TypeNameUseDescription
    aat_byte *InReplyI

    Up to 235 bytes that contain the VERIFY PASSWORD command type and the output data from the verify password function on the HSM:

    • Command type - 2 bytes
    • An authenticator application BLOB - 192 bytes
    • Return code - 4 bytes
    • Return host code length - 4 bytes
    • Return host code - up to 17 characters

    Plus 16 bytes for Authentication Suite Server SDK internal use.

    aat_int32 *ReplySizeIThe length of the InReply message.
    TDigipassBlob *DPDataOauthenticator application BLOB. Upon return from the function call, this BLOB must be rewritten to the application database to reflect changes.
    aat_ascii * aReturn HostCode Out O

    String of up to 17 numeric characters, left-justified, null-terminated, or right-padded with spaces. This is the code generated by Authentication Suite Server SDK. Leave NULL if not required (recommended buffer size is 18 bytes).

    aat_ascii * ReturnHost CodeLen Out I/O

    Pointer to a long integer that in input contains the size of the ReturnHostCodeOut buffer, and in output contains the real length of the generated return host code. Leave NULL if not required.

    Return codes

      Table:  Return codes (AAL2ProcVerifyPasswordRpl)
    CodeMeaningCodeMeaning
    0Success910Invalid HSM command in reply
    10001Success with context warning*912HSM invalid BLOB status
    10002Success with user warning*913Invalid HSM key property
    10003Success with user & context warning*951Invalid HSM key type for HSM decryption
    10004Success with platform warning*1009Invalid TLV total length
    10005Success with platform & context warning*1018Invalid TLV item pointer
    10006Success with platform & user warning*1019Missing mandatory TLV item
    10007Success with platform & user & context warning*1025Data buffer too small
    1Code not verified1039Invalid response length with DP algorithm
    2Static password validation failed1040Invalid host code length with DP algorithm
    131Missing required challenge1103Unlock Version 2 not supported
    140Challenge corrupted1116Response check digit not allowed
    201Code replay attempt1117Challenge check digit not allowed
    202Identification error threshold reached1118Unsupported BLOB
    205Inactive days reached-101Challenge too short
    208Application disabled-102Challenge too long
    272Invalid wrapped key-103Challenge check digit wrong
    412Invalid checksum (software)-105Challenge minimum length not allowed
    413Invalid Base64 format-106Challenge maximum length not allowed
    414Invalid checksum (HSM)-107Challenge number wrong
    510Invalid Digipass data pointer-108Challenge character invalid
    600Invalid Gordian root information-201Response length out of bounds
    601Invalid Gordian today information-202Response too short
    602Invalid Gordian tomorrow information-203Response too long
    603Invalid Gordian stimulus information-204Response check digit wrong
    701Invalid input buffer pointer-205Response character not decimal
    802Change password mandatory-206Response character not hexadecimal
    803New password too short-207Response character set not specified
    804New password too long-1501Memory allocation failed

    * Specific score-based authentication codes; for more information, refer to Score-based Digipass.

    Cet article vous a-t-il été utile ?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle