Function prototype
aat_int32 AAL2GenVerifySignatureCmdEx(
aat_byte* Cmd,
aat_int32* CmdSize,
TDigipassBlob* DPData,
TKernelParms* CallParms,
aat_ascii* aStorageKeyNameIn,
aat_ascii* aIVIn,
aat_ascii* aSignatureIn,
aat_ascii aSignedDataFieldsIn[8][20],
aat_int32 aFieldCountIn,
aat_int32 DeferredSignatureDataIn);
Description
This function extends AL2GenVerifySignatureCmd. With this function, you can address the HSM storage key by name and to specify an initial vector. The initial vector is used during the 3DES/AES encryption of the sensitive authenticator application BLOB data.
The signature validation on the HSM is identical to the functionality available with the Authentication Suite Server SDK Software e-Signature Validation Service. For information on the associated functions, refer to the Authentication Suite Server SDK C-C++ Programmer's Guide.
This function must be used with the post-HSM API AAL2ProcVerifySignatureRpl.
Parameters
Table: Parameters (AAL2GenVerifySignatureCmdEx) | Type | Name | Use | Description |
|---|
| aat_byte * | Cmd | O | Up to 659 bytes that serialize the VERIFY SIGNATURE command type and the input data to the verify signature function on the HSM: - Command type - 2 bytes
- An authenticator application BLOB - 192 bytes
- Runtime parameters - 80 bytes
- StorageKeyName - up to 128 characters
- InitialVector - 8 bytes
- Signature - up to 41 characters
- Signed data fields - 160 characters
- Field count - 4 bytes
- Deferred signature data - 4 bytes
- Host time - 4 bytes
Plus 36 bytes for Authentication Suite Server SDK internal use. |
| aat_int32 * | CmdSize | I/O | On entry, this parameter contains the size of the Cmd buffer.On exit, this parameter contains the length of the Cmd message. |
| TDigipassBlob * | DPData | I | authenticator application BLOB. |
| TKernelParms* | CallParms | I | Structure of runtime parameters to use during this function call. |
| aat_ascii * | aStorageKeyNameIn | I | String of up to 128+1 characters, left-justified, null-terminated, or right-padded with spaces. This is the label of the HSM storage key used to encrypt the sensitive Digipass application BLOB data. |
| aat_ascii * | aIVIn | I | String of 16 hexadecimal characters, left-justified, null-terminated, or right-padded with spaces. This is the initial vector used to encrypt the sensitive authenticator application BLOB data. |
| aat_ascii * | aSignatureIn | I | String of up to 17 numeric or hexadecimal characters, null-terminated or padded with spaces. |
| aat_ascii * | aSigned DataFieldsIn | I | Array of 8 left-justified, null-terminated, or space-padded strings of max. 20 characters. This parameter holds the 8 possible data fields that are entered into the Digipass authenticator to generate a signature. The Digipass data fields are limited to 16 decimal, hexadecimal, or alphabetic characters. |
| aat_int32 | FieldCount | I | Numeric value from 1 to 8 indicating the number of data fields to use from the aSignedDataFieldsIn array. |
| aat_int32 | Deferred Signature Data | I | |
Return codes
Table: Return codes (AAL2GenVerifySignatureCmdEx) | Code | Meaning | Code | Meaning |
|---|
| 0 | Success | 413 | Invalid Base64 format |
| 139 | Invalid signature pointer | 510 | Invalid Digipass data pointer |
| 141 | Invalid field count | 590 | Invalid command pointerr |
| 148 | Invalid data field pointer | 706 | Invalid data buffer pointer |
| 207 | Deferred signature not allowed with OnLineSG not Null | 1018 | Invalid TLV item pointer |
| 412 | Invalid checksum (software) | 1025 | Data buffer too small |