Function prototype
aat_int32 AAL2GenGenPasswordCmd(
aat_byte *Cmd,
aat_int32 *CmdSize,
TDigipassBlob *DPData,
TKernelParms *CallParms,
aat_ascii *aStorageKeyNameIn,
aat_ascii *aIVIn,
aat_ascii *aChallengeIn);
Description
If Virtual Mobile Authenticator is supported and activated for the given authenticator application BLOB, this function can be used to generate a dynamic one-time password.
With this function, you can address the HSM storage key by name and to specify an initial vector. The initial vector is used during the 3DES/AES encryption of the sensitive authenticator application BLOB data.
The password generation on the HSM is identical to the functionality available with the Authentication Suite Server SDK Software Password Generation Service. For information on the associated functions, refer to the Authentication Suite Server SDK C-C++ Programmer's Guide.
This function must be used with the post-HSM API AAL2ProcGenPasswordRpl.
Parameters
Table: Parameters (AAL2GenGenPasswordCmd) | Type | Name | Use | Description |
|---|
| aat_byte * | Cmd | O | Up to 455 bytes that serialize the GENERATE PASSWORD command type and the input data to the generate password function on the HSM: - Command type - 2 bytes
- An authenticator application BLOB - 192 bytes
- Run time parameters - 80 bytes
- StorageKeyName - up to 128 characters
- InitialVector - 8 bytes
- Challenge - up to 17 characters
- Host time - 4 bytes
Plus 24 bytes for Authentication Suite Server SDK internal use. |
| aat_int32 * | CmdSize | I/O | On entry, this parameter contains the size of the Cmd buffer.On exit, this parameter contains the length of the Cmd message. |
| TDigipassBlob * | DPData | I | authenticator application BLOB. |
| TKernelParms * | CallParms | I | Structure of runtime parameters to use during this function call. |
| aat_ascii * | aStorage KeyNameIn | I | String of up to 128+1 characters, left-justified, null-terminated, or right-padded with spaces. This is the label of the HSM storage key used to encrypt the sensitive Digipass application BLOB data. |
| aat_ascii * | aIVIn | I | String of 16 hexadecimal characters, left-justified, null-terminated, or right-padded with spaces. This is the initial vector used to encrypt the sensitive authenticator application BLOB data. |
| aat_ascii * | aChallengeIn | I | String of up to 17 numeric characters, left-justified, null-terminated, or right-padded with spaces. This parameter holds the challenge that is used to generate the password. If no challenge is needed, this parameter should be NULL. |
Return codes
Table: Return codes (AAL2GenGenPasswordCmd) | Code | Meaning | Code | Meaning |
|---|
| 0 | Success | 590 | Invalid command pointer |
| 149 | Invalid initial vector length | 706 | Invalid data buffer pointer |
| 412 | Invalid checksum (software) | 1000 | Function does not support EMV-CAP |
| 413 | Invalid Base64 format | 1018 | Invalid TLV item pointer |
| 510 | Invalid Digipass data pointer | 1025 | Data buffer too small |