Function prototype
aat_int32 AAL2ProcDeriveTokenBlobsRpl (
aat_byte *InReply,
aat_int32 ReplySize,
TDigipassBlob *DPData [8]);Description
This function processes a reply from the HSM to a Software Digipass data derivation command which has been generated with AAL2GenDeriveTokenBlobsCmd.
The software Digipass data derivation on the HSM is identical to the functionality available with the Authentication Suite Server SDK Software Digipass Derivation Service. For information on the associated functions, refer to the Authentication Suite Server SDK C-C++ Programmer's Guide.
Score-based Digipass
For Digipass devices that integrate the score-based algorithm, the HSM module performs a score-based authentication to validate the derivation code. This allows retrieving the Digipass scoring value. Once the HSM module has successfully validated the BLOBs, it returns either SUCCESS or SUCCESS with the relevant scoring warning code. See the list of return codes in Table: Return codes (AAL2ProcDeriveTokenBlobsRpl) for more details.
This function serializes an important amount of data. The InReply buffer must be allocated with a sufficient size. For more information about the allocation of the Cmd and InReply buffers, refer to Cmd and InReply buffers allocation.
Parameters
Return codes
| Code | Meaning | Code | Meaning |
|---|---|---|---|
| 0 | Success | 913 | Invalid HSM key property |
| 10001 | Success with context warning[1] | 951 | Invalid HSM key type for HSM decryption |
| 10002 | Success with user warning[1] | 1009 | Invalid TLV total length |
| 10003 | Success with user & context warning[1] | 1018 | Invalid TLV item pointer |
| 10004 | Success with platform warning[1] | 1019 | Missing mandatory TLV item |
| 10005 | Success with platform & context warning[1] | 1025 | Data buffer too small |
| 10006 | Success with platform & user warning[1] | 1039 | Invalid response length with DP algorithm |
| 10007 | Success with platform & user & context warning[1] | 1040 | Invalid host code length with DP algorithm |
| 1 | Code not verified | 1103 | Unlock Version 2 not supported |
| 131 | Missing required challenge | 1109 | Invalid derivation code |
| 132 | Unsupported token type | 1111 | Invalid derivation code lengthInvalid derivation code length |
| 140 | Challenge corrupted | 1112 | Invalid character in derivation code |
| 201 | Code replay attempt | 1113 | Derivation code check digit is wrong |
| 202 | Identification error threshold reached | 1114 | Invalid derivation code format parameter |
| 205 | Inactive days reached | 1118 | Unsupported BLOB |
| 208 | Application disabled | -101 | Challenge too short |
| 272 | Invalid wrapped key | -102 | Challenge too long |
| 412 | Invalid checksum (software) | -103 | Challenge check digit wrong |
| 413 | Invalid Base64 format | -105 | Challenge minimum length not allowed |
| 414 | Invalid checksum (HSM) | -106 | Challenge maximum length not allowed |
| 510 | Invalid Digipass data pointer | -107 | Challenge number wrong |
| 600 | Invalid Gordian root information | -108 | Challenge character invalid |
| 601 | Invalid Gordian today information | -201 | Response length out of bounds |
| 602 | Invalid Gordian tomorrow information | -202 | Response too short |
| 603 | Invalid Gordian stimulus information | -203 | Response too long |
| 701 | Invalid Input Buffer PointerInvalid input buffer pointer | -205 | Response character not decimal |
| 807 | Serial number not equal | -206 | Response character not hexadecimal |
| 808 | Invalid application count value | -207 | Response character set not specified |
| 910 | Invalid HSM command in reply | -1501 | Memory allocation failed |
| 912 | HSM invalid BLOB status |
- Specific score-based authentication code (see Score-based DIGIPASS)