Function Prototype
aat_int32 AAL2ProcQADecryptQABlobRpl(
aat_byte *InReply,
aat_int32 ReplySize,
TDigipassBlob *DPData,
aat_ascii *aQABlobOut,
aat_int32 *QABlobSize);Description
This function processes a reply from the HSM to a decrypt QABlob code command generated with the AAL2GenQADecryptQABlobCmd function.
The Digipass Question/Answer Authentication Service on the HSM is identical to the functionality available with the Authentication Suite Server SDK Software Question/Answer Authentication Service. For information on the associated functions, refer to the Authentication Suite Server SDK C-C++ Programmer's Guide.
Score-based Digipass
For Digipass devices that integrate the score-based algorithm, the HSM module performs a score-based authentication to decrypt the QA BLOB. This allows retrieving the Digipass scoring value. Once the HSM module has successfully decrypted the QA BLOB, it returns either SUCCESS or SUCCESS with the relevant scoring warning code. See the list of return codes in Table: Return codes (AAL2ProcQADecryptQABlobRpl) for more details.
Parameters
Return codes
| Code | Meaning | Code | Meaning |
|---|---|---|---|
| 0 | Success | 802 | Change password mandatory |
| 10001 | Success with context warning[1] | 803 | New password too short |
| 10002 | Success with user warning[1] | 804 | New password too long |
| 10003 | Success with user & context warning[1] | 910 | Invalid HSM command in reply |
| 10004 | Success with platform warning[1] | 912 | HSM invalid BLOB status |
| 10005 | Success with platform & context warning[1] | 913 | Invalid HSM key property |
| 10006 | Success with platform & user warning[1] | 951 | Invalid HSM key type for HSM decryption |
| 10007 | Success with platform & user & context warning[1] | 1009 | Invalid TLV total length |
| 1 | Code not verified | 1018 | Invalid TLV item pointer |
| 2 | Static password validation failed | 1019 | Missing mandatory TLV item |
| 131 | Missing required challenge | 1025 | Data buffer too small |
| 140 | Challenge corrupted | 1039 | Invalid response length with DP algorithm |
| 201 | Code replay attempt | 1040 | Invalid host code length with DP algorithm |
| 202 | Identification error threshold reached | 1103 | Unlock Version 2 not supported |
| 205 | Inactive days reached | 1118 | Unsupported BLOB |
| 208 | Application disabled | -101 | Challenge too short |
| 272 | Invalid wrapped key | -102 | Challenge too long |
| 412 | Invalid checksum (software) | -103 | Challenge check digit wrong |
| 413 | Invalid Base64 format | -105 | Challenge minimum length not allowed |
| 414 | Invalid checksum (HSM) | -106 | Challenge maximum length not allowed |
| 510 | Invalid Digipass data pointer | -107 | Challenge number wrong |
| 530 | Invalid QA data pointer | -108 | Challenge character invalid |
| 532 | Invalid QA data length | -201 | Response length out of bounds |
| 535 | Invalid QA number | -202 | Response too short |
| 536 | Invalid encrypted QA data | -203 | Response too long |
| 600 | Invalid Gordian root information | -204 | Response check digit wrong |
| 601 | Invalid Gordian today information | -205 | Response character not decimal |
| 602 | Invalid Gordian tomorrow information | -206 | Response character not hexadecimal |
| 603 | Invalid Gordian stimulus information | -207 | Response character set not specified |
| 701 | Invalid input buffer pointer | -1501 | Memory allocation failed |
- Specific score-based authentication code. For more information, see Score-based Digipass.