AAL2VerifySignatureEsICSF

Mis à jour le 23 Jan 2025
3 Minutes à lire

Partager
Sombre
Lumière
PDF

The content is currently unavailable in French. You are viewing the default English version.

Résumé de l’article

Avez-vous trouvé ce résumé utile ?

Merci pour vos commentaires

Function prototype

aat_int32 AAL2VerifySignatureEsICSF (
                               TDigipassBlob*   DPData,
                               TKernelParms*    CallParms,
                               aat_ascii*       aStorageKeyNameIn,
                               aat_ascii*       aInitialVectorIn,
                               aat_ascii*       Signature,
                               aat_ascii        SignedDataFields[8],
                               aat_int32        FieldCount,
                               aat_int32        DeferredSignatureData,
                               aat_ascii*        aServerPublicKey,
                               aat_ascii*       ConfirmationCode,
                               aat_int32*       ConfirmationCodeLength);

Description

This function is an extension of AAL2VerifySignatureICSF, offering the enhanced security feature. This feature prevents potential man-in-the-middle attacks in the architecture integrating software Digipass. A server public key, such as a certificate, can be used in input to diversify the challenge.

In addition, this function introduces pre-processing on the DataFields in input; each DataField can have up to 32000 characters.

The enhanced signature validation function is supported by Digipass 110 and DIGIPASS for Web.

Parameters

Table: Parameters (AAL2VerifySignatureEsICSF)
Type	Name	Use	Description
TDigipassBlob *	DPData	I/O	authenticator application BLOB. Upon return from the function call, this BLOB must be rewritten to the application database to reflect the changes.
TKernelParms *	CallParms	I	Structure of runtime parameters to use during this function call.
aat_ascii *	aStorageKeyNameIn	I	String of up to 64+1 characters, left-justified, null-terminated, or right-padded with spaces. This is the label of the ICSF storage key used to encrypt the sensitive Digipass application BLOB data.
aat_ascii *	aInitialVectorIn	I	String of 16 hexadecimal characters, left-justified, null-terminated, or right-padded with spaces. This is the initial vector used to encrypt the sensitive authenticator application BLOB data.
aat_ascii *	Signature	I	String of up to 17 numeric or hexadecimal characters, left justified, null terminated or right padded with spaces.
aat_ascii *	SignedDataFields	I	Array of 8 null-terminated strings of up to 32000 printable ASCII-EBCDIC invariant characters. This parameter holds the 8 possible data fields that are used to generate a signature. For a list of the characters that can be used for the data fields, see Supported data fields charset.
aat_int32	FieldCount	I	Numeric value from 1 to 8. Indicates the number of data fields to use from the SignedDataFields array.
aat_int32	DeferredSignatureData	I	Must be 0 if signature is validated in online mode (OnlineSG=1 or 2). If signature is validated in offline mode with OnlineSG=0, this parameter can receive the Digipass date of the signature generation (number of elapsed seconds from January9 1st 1970) or 0 (with 0, the current time used Important: If > 0, the parameter filled must be the Digipass time, and not the host time. If the signature is validated in offline mode with OnlineSG=3, this parameter MUST receive the counter of the Digipass used for the signature generation.
aat_ascii *	aServerPublicKey	I	String of up to 1024 hexadecimal characters, null-terminated. This parameter is used as a diversifier to prevent man-in-the-middle attacks. If this parameter is NULL, the diversification will not take place.
aat_ascii *	ConfirmationCode	O	String of up to 17 numeric or hexadecimal characters, left justified, null terminated or right padded with spaces. This is the confirmation code generated by the Authentication Suite Server SDK for this signature (recommended buffer size is 18 bytes).
aat_int32 *	ConfirmationCodeLength	O	Pointer to a long integer that will contain the length of the generated confirmation code.

COBOL calling convention

Entry point: AA2VSEIC
02   W-BLOB            PIC X(248).
02   W-KERNELPARMS.
     03   W-PARMCOUNT   PIC 9(8) USAGE BINARY.
     03   W-PARM01      PIC 9(8) USAGE BINARY.
     . . .
     03   W-PARM19      PIC 9(8) USAGE BINARY.
02   W-CONFIRMCODE      PIC X(17).
02   W-CONFCODE-LENGTH PIC 9(8) USAGE BINARY.
02   W-RETURN           PIC S9(8) USAGE BINARY.
02   W-SIGNATURE        PIC X(17).
02   W-FIELDS-PTR-TABLE.
     03 W-FIELD-PTR     USAGE POINTER OCCURS 8.
02   W-DATAFIELD        PIC X(nnnnn) OCCURS 8.
02   W-FIELDCOUNT       PIC 9(8) USAGE BINARY.
02   W-SIGNATUREDATE    PIC 9(8) USAGE BINARY.
02   W-STORAGEKEY      PIC X(65).
02   W-INITVECTOR      PIC X(17).
02   W-SERVER-PUBKEY    PIC X(1025).
02   W-API-NAME        PIC X(8) VALUE 'AA2VSEIC'.
. . .
     SET W-FIELD-PTR(n) TO ADDRESS OF W-DATAFIELD(n).
     CALL W-API-NAME USING
           BY REFERENCE W-BLOB
           BY REFERENCE W-KERNELPARMS
           BY REFERENCE W-STORAGEKEY
           BY REFERENCE W-INITVECTOR
           BY REFERENCE W-SIGNATURE
           BY REFERENCE W-FIELDS-PTR-TABLE
           BY VALUE W-FIELDCOUNT
           BY VALUE W-SIGNATUREDATE
           BY REFERENCE W-SERVER-PUBKEY
           BY REFERENCE W-CONFIRMCODE
           BY REFERENCE W-CONFCODE-LENGTH
           RETURNING W-RETURN

Return codes

Table: Return codes (AAL2VerifySignatureICSF)
Code	Meaning	Code	Meaning
0	Success	900	Invalid session context handle
1000	Success with context warning *	908	HSM key not found
1000	Success with user warning *	951	Invalid HSM key type for HSM decryption
1000	Success with user & context warning *	1103	Unlock Version 2 not supported
1000	Success with platform warning *	1116	Response check digit not allowed
1000	Success with platform & context	1117	Challenge check digit not allowed
1000	Success with platform & user warning *	1118	Unsupported BLOB
1000	Success with platform & user & context	-101	Data field too short
1	Signature not verified	-102	Data field too long
132	Unsupported token type	-103	Data field check digit wrong
139	Invalid signature pointer	-105	Challenge minimum length not allowed
141	Invalid field count	-106	Challenge maximum length not allowed
148	Invalid data field pointer	-107	Challenge number wrong
203	Sign error threshold reached	-108	Challenge character invalid
204	Duplicate signature found	-201	Response length out of bounds
205	Inactive days reached	-202	Response too short
206	Chronological signature error	-203	Response too long
207	Deferred signature not allowed with OnLineSG not Null	-204	Response check digit wrong
208	Application disabled	-205	Response character not decimal
412	Invalid checksum (software)	-206	Response character not hexadecimal
413	Invalid Base64 format	-207	Response character set not specified
414	Invalid checksum (HSM)	-1501	Memory allocation failed
510	Invalid Digipass data pointer

* Specific score-based authentication codes; see Score-based Digipass.

Supported data fields charset

The following table lists the supported characters for the data fields of AAL2VerifySignatureEsICSF with associated hexadecimal values in ASCII and EBCDIC.

Table: List of supported characters
Character	Hex ASCII value	Hex EBCDIC value	Character	Hex ASCII value	Hex EBCDIC value
space	0x20	0x40
!	0x21	0x5A	P	0x50	0xD7
“	0x22	0x7F	Q	0x51	0xD8
#	0x23	0x7B	R	0x52	0xD9
$	0x24	0x5B	S	0x53	0xE2
%	0x25	0x6C	T	0x54	0xE3
&	0x26	0x50	U	0x55	0xE4
'	0x27	0x7D	V	0x56	0xE5
(	0x28	0x4D	W	0x57	0xE6
)	0x29	0x5D	X	0x58	0xE7
*	0x2A	0x5C	Y	0x59	0xE8
+	0x2B	0x4E	Z	0x5A	0xE9
,	0x2C	0x6B	[	0x5B	0xAD
-	0x2D	0x60	\	0x5C	0xE0
.	0x2E	0x4B	]	0x5D	0xBD
/	0x2F	0x61	^	0x5E	0x5F
0	0x30	0xF0	_	0x5F	0x6D
1	0x31	0xF1	`	0x60	0x79
2	0x32	0xF2	a	0x61	0x81
3	0x33	0xF3	b	0x62	0x82
4	0x34	0xF4	c	0x63	0x83
5	0x35	0xF5	d	0x64	0x84
6	0x36	0xF6	e	0x65	0x85
7	0x37	0xF7	f	0x66	0x86
8	0x38	0xF8	g	0x67	0x87
9	0x39	0xF9	h	0x68	0x88
:	0x3A	0x7A	i	0x69	0x89
;	0x3B	0x5E	j	0x6A	0x91
<	0x3C	0x4C	k	0x6B	0x92
=	0x3D	0x7E	l	0x6C	0x93
>	0x3E	0x6E	m	0x6D	0x94
?	0x3F	0x6F	n	0x6E	0x95
@	0x40	0x7C	o	0x6F	0x96
A	0x41	0xC1	p	0x70	0x97
B	0x42	0xC2	q	0x71	0x98
C	0x43	0xC3	r	0x72	0x99
D	0x44	0xC4	s	0x73	0xA2
E	0x45	0xC5	t	0x74	0xA3
F	0x46	0xC6	u	0x75	0xA4
G	0x47	0xC7	v	0x76	0xA5
H	0x48	0xC8	w	0x77	0xA6
I	0x49	0xC9	x	0x78	0xA7
J	0x4A	0xD1	y	0x79	0xA8
K	0x4B	0xD2	z	0x7A	0xA9
L	0x4C	0xD3	(	0x7B	0xC0
M	0x4D	0xD4	\|	0x7C	0x4F
N	0x4E	0xD5	)	0x7D	0xD0
O	0x4F	0xD6	~	0x7E	0xA1

Cet article vous a-t-il été utile ?

What's Next

AAL2VerifySignatureICSF

Table des matières

Function prototype
Description
Parameters
COBOL calling convention
Return codes
Supported data fields charset