Function Prototype
aat_int32 AAL2ProcGenMessageActivation2Rpl(
aat_byte *InReply,
aat_int32 ReplySize,
TDigipassBlob *DPMAData,
aat_int32 *pSeqNum,
aat_ascii TokenType[6],
aat_int16 *Appl_count,
aat_ascii Serial_Appli [8][23],
aat_ascii AuthMode [8][3],
TDigipassBlob DPData,
aat_ascii *Activation2Message,
aat_ascii *Activation2MessageLength);
Description
This function processes a reply from the HSM to a Activation Message 2 generation command which has been generated with AAL2GenGenMessageActivation2Cmd.
The Activation Message 2 and Digipass instance generation on the HSM is identical to the functionality available with the Authentication Suite Server SDK Software Digipass Multi-Device Activation Service. For information on the associated functions, refer to the Authentication Suite Server SDK C-C++ Programmer's Guide.
This function serializes an important amount of data. The InReply buffer must be allocated with a sufficient size. For more information about the allocation of the Cmd and InReply buffers, refer to Cmd and InReply buffers allocation.
Parameters
Table: Parameters (AAL2ProcGenMessageActivation2Rpl) | Type | Name | Use | Description |
|---|
| aat_byte * | InReply | I | A string of up to 2195 bytes that contain the GENERATE MESSAGE ACTIVATION2 command type and the output data from the Generate Message Activation2 function on the HSM: - Command type - 2 bytes
- Digipass Master Activation application BLOB - 192 bytes
- Sequence Number - 4 bytes
- Digipass TYPE - 6 characters
- Application Count - 2 bytes
- Serial Application - 23 characters (x1 to 8)
- Authentication Mode - 3 characters (x1 to 8)
- An authenticator application BLOB - 192 bytes (x1 to 8)
- Activation Message 2 - 109 characters
- Activation Message 2 Length - 4 bytes
- Return code - 4 bytes
Plus 128 bytes for Authentication Suite Server SDK internal use. |
| aat_int32 | ReplySize | I | The length of the InReply message. |
| TDigipassBlob | DPMAData | O | Digipass master activation application BLOB of the Digipass serial number license that will be used for the activation. Upon return from the function call, this BLOB must be rewritten to the application database to reflect changes. |
| aat_int32 * | pSeqNum | O | Contains in output the sequence number of the generated Digipass instance (from 1 to 99). |
| aat_ascii[6] | TokenType | O | An output string of 5+1 characters, null-terminated. It contains the Digipass type name given to the Digipass instance. Will return a Digipass type of the form TYPxx with xx representing the device type coded on two decimal digits e.g. TYP07. |
| aat_int16 * | Appl_count | O | Number of Digipass applications returned. Points to a short integer where the function returns the number of applications found. |
| aat_ascii[8][23] | Serial_Appli | O | Set of up to 8 x 22+1 character strings, null-terminated, each composed of the 10-character license serial number concatenated with the 12-character application name. Each array entry represents the logical instance of a Digipass cryptographic application with its unique secrets and parameters. The application name part will end with the sequence number coded on two decimal digits e.g. APPL1 03. |
| aat_ascii[8][3] | AuthMode | O | Set of up to 8 x 2+1 character strings, null-terminated. Defines each returned authenticator application authentication mode. RO: Response-Only CR: Challenge/Response SG: Signature MM: Multi-Mode UL: Unlock V2 Signature-mode devices may also be used for Challenge/Response authentication if they are programmed to accept a single input data field. |
| TDigipassBlob[8] | DPData | O | Up to 8 authenticator application BLOBs of the Digipass instance. Upon return from the function call, these BLOBs must be written to the application database. |
| aat_ascii * | Activation2Message | O | String of up to 124+1 hexadecimal characters, null-terminated. It contains the Activation Message 2 which is necessary during the activation process to provision the Digipass keys and the payload key to the Digipass device. |
| aat_int32 * | Activation2MessageLength | I/O | In input, this parameter must indicate the size of the allocated buffer for the Activation2Message parameter (recommended 125 bytes). In output, this parameter indicates the length of the Activation2Message string (without the null-terminated character). |
Return codes
Table: Return codes (AAL2ProcGenMessageActivation2Rpl) | Code | Meaning | Code | Meaning |
|---|
| 0 | Success | 1271 | Invalid activation message length pointer |
| 272 | Invalid wrapped key | 1272 | Invalid message body type |
| 412 | Invalid checksum (software) | 1274 | Invalid message protocol version |
| 413 | Invalid Base64 format | 1275 | Invalid message protection type |
| 414 | Invalid checksum (HSM) | 1285 | Master key derivation failed |
| 537 | Invalid static vector pointer | 1288 | Invalid serial number prefix |
| 545 | Invalid static vector length | 1289 | Invalid serial number suffix |
| 570 | Invalid static vector version | 1290 | Invalid sequence number pointer |
| 571 | Invalid application index in static vector | 1291 | Invalid application count pointer |
| 574 | Invalid serial number prefix in SV | 1292 | Sequence number threshold reached |
| 701 | Invalid input buffer pointer | 1293 | Invalid sequence number |
| 807 | Serial number not equal | 1294 | Digipass key derivation failed |
| 910 | Invalid HSM command in reply | 1295 | Invalid Digipass instance SM application in static vector |
| 912 | HSM invalid BLOB status | 1296 | Key wrapping failed |
| 913 | Invalid HSM key property | 1297 | Invalid static vector |
| 917 | Key type inconsistent | 1298 | Invalid Digipass instance application in static vector |
| 951 | Invalid HSM key type for HSM decryption | 1302 | AES CTR encryption failed |
| 1000 | Function does not support EMV-CAP | 1310 | Invalid payload key type |
| 1009 | Invalid TLV total length | 1311 | Null Digipass data |
| 1018 | Invalid TLV item pointer | 1312 | Null serial number |
| 1019 | Missing mandatory TLV item | 1313 | Null authentication mode |
| 1025 | Buffer too small | 1314 | Null token type |
| 1118 | Unsupported BLOB | 1317 | Secure Channel supported. Payload key BLOB is mandatory |
| 1264 | Invalid master application | 1318 | Secure Channel not supported. Payload key BLOB has to be NULL or empty string |
| 1265 | Invalid master application data pointer | 1332 | Activation 2 not supported |
| 1267 | Invalid message vector length | 1335 | Invalid payload key type in payload key data |
| 1268 | Invalid message vector version | 1336 | Inconsistent payload key type between payload key data and message vector |
| 1270 | Invalid activation message pointer | -1501 | Memory allocation failed |