This function processes a reply from the HSM to a command generated with either AAL2GenVerifySignatureCmd or AAL2GenVerifySignatureCmdEx.
The signature validation with enhanced security on the HSM is identical to the functionality available with the Authentication Suite Server SDK Software e-Signature Validation Service. For information on the associated functions, refer to the Authentication Suite Server SDK C-C++ Programmer's Guide.
Score-based Digipass
For Digipass devices that integrate the score-based algorithm, the HSM module performs a score-based signature validation which allows retrieving the Digipass scoring value. Once the HSM module has successfully validated the signature, it returns either SUCCESS or SUCCESS with the relevant scoring warning code. See the list of return codes in Table: Return codes (AAL2ProcVerifySignatureRpl) for more details.
Parameters
Table: Parameters (AAL2ProcVerifySignatureRpl)
Type
Name
Use
Description
aat_byte *
InReply
I
Up to 251 bytes that contain the VERIFY SIGNATURE command type and the output data from the verify signature function on the HSM:
Command type - 2 bytes
An authenticator application BLOB - 192 bytes
Return code - 4 bytes
Confirmation code length - 4 bytes
Confirmation code - up to 17 characters
Plus 32 bytes for Authentication Suite Server SDK internal use.
aat_int32
ReplySize
I
The length of the InReply message.
TDigipassBlob *
DPData
O
authenticator application BLOB. Upon return from the function call, this BLOB must be rewritten to the application database to reflect changes.
aat_ascii *
Return HostCode
O
String of up to 17 numeric or hexadecimal characters, left-justified, null-terminated, or right-padded with spaces. This is the confirmation code generated by Authentication Suite Server SDK for this signature (recommended buffer size is 18 bytes).
aat_int32 *
ReturnHostCodeLen
I/O
Pointer to a long integer that in input contains the size of the ReturnHostCodeOut buffer, and in output contains the real length of the generated return host code. Leave NULL if not required.
Return codes
Table: Return codes (AAL2ProcVerifySignatureRpl)
Code
Meaning
Code
Meaning
0
Success
951
Invalid HSM key type for HSM decryption
10001
Success with context warning*
1009
Invalid TLV total length
10002
Success with user warning*
1018
Invalid TLV item pointer
10003
Success with user & context warning*
1019
Missing mandatory TLV item
10004
Success with platform warning*
1025
Data buffer too small
10005
Success with platform & context warning*
1103
Unlock Version 2 not supported
10006
Success with platform & user warning*
1116
Response check digit not allowed
10007
Success with platform & user & context warning*
1117
Challenge check digit not allowed
1
Signature not verified
1118
Unsupported BLOB
132
Unsupported token type
-101
Challenge too short
203
Sign error threshold reached
-102
Challenge too long
204
Duplicate signature found
-103
Challenge check digit wrong
205
Inactive days reached
-105
Challenge minimum length not allowed
206
Chronological signature error
-106
Challenge maximum length not allowed
208
Application disabled
-107
Challenge number wrong
272
Invalid wrapped key
-108
Challenge character invalid
412
Invalid checksum (software)
-201
Response length out of bounds
413
Invalid Base64 format
-202
Response too short
414
Invalid checksum (HSM)
-203
Response too long
510
Invalid Digipass data pointer
-204
Response check digit wrong
701
Invalid Input Buffer Pointer
-205
Response character not decimal
910
Invalid HSM command in reply
-206
Response character not hexadecimal
912
HSM Invalid BLOB Status
-207
Response character set not specified
913
Invalid HSM key property
-1501
Memory allocation failed
* Specific score-based authentication codes; for more information, refer to Score-based Digipass.
Cet article vous a-t-il été utile ?
Merci pour vos commentaires! Notre équipe vous répondra
