AAL2ProcSyncTokenAndHostRpl

Function prototype

aat_int32 AAL2ProcSyncTokenAndHostRpl(
                                      aat_byte        *InReply,
                                      aat_int32       ReplySize,
                                      TDigipassBlob   *DPData);

Description

This function processes a reply from the HSM after to a command which has been generated either with AAL2GenSyncTokenAndHostCmd or AAL2GenSyncTokenAndHostCmdEx.

The Digipass token and host synchronization on the HSM is identical to the functionality available with the Authentication Suite Server SDK Software Digipass Management Service. For information on the associated functions, refer to the Authentication Suite Server SDK C-C++ Programmer's Guide.

Score-based Digipass

For Digipass devices that integrate the score-based algorithm, the HSM module performs a score-based authentication which allows retrieving the Digipass scoring value. Once the HSM module has successfully validated the two consecutive passwords, it returns either SUCCESS or SUCCESS with the relevant scoring warning code. See the return codes in Table: Return codes (AAL2ProcSyncTokenAndHostRpl) for more details.

Parameters

Table: Parameters (AAL2ProcSyncTokenAndHostRpl)
Type	Name	Use	Description
aat_byte *	InReply	I	Up to 206 bytes that contain the SYNC TOKEN AND HOST command type and the output data from the verify password function on the HSM: Command type - 2 bytes An authenticator application BLOB - 192 bytes Return code - 4 bytes Plus 8 bytes for Authentication Suite Server SDK internal use.
aat_int32	ReplySize	I	The length of the InReply message.
TDigipassBlob *	DPData	O	authenticator application BLOB. Upon return from the function call, this BLOB must be rewritten to the application database to reflect changes.

Return codes

Table: Return codes (AAL2ProcSyncTokenAndHostRpl)
Code	Meaning	Code	Meaning
0	Success	802	Change password mandatory
10001	Success with context warning[1]	803	New password too short
10002	Success with user warning[1]	804	New password too long
10003	Success with user & context warning[1]	908	Invalid key ID specified to decrypt the BLOB
10004	Success with platform warning[1]	910	Invalid command type in reply
10005	Success with platform & context warning[1]	912	HSM Invalid BLOB Status
10006	Success with platform & user warning[1]	913	Invalid HSM key property
10007	Success with platform & user & context warning[1]	951	Invalid HSM key type for HSM decryption
1	Code not verified	1009	Invalid TLV total length
2	Static password validation failed	1018	Invalid TLV item pointer
131	Missing required challenge	1019	Missing mandatory TLV item
132	Unsupported token type	1025	Data buffer too small
140	Challenge corrupted	1039	Invalid response length with DP algorithm
201	Code replay attempt	1040	Invalid host code length with DP algorithm
202	Identification error threshold reached	1118	Unsupported BLOB
205	Inactive days reached	-101	Challenge too short
208	Application disabled	1103	Unlock Version 2 not supported
272	Invalid wrapped key	-102	Challenge too long
412	Invalid checksum (software)	-103	Challenge check digit wrong
413	Invalid Base64 format	-104	Challenge character not decimal
414	Invalid checksum (HSM)	-108	Challenge character invalid
510	Invalid Digipass data pointer	-201	Response length out of bounds
600	Invalid Gordian root information	-202	Response too short
601	Invalid Gordian today information	-203	Response too long
602	Invalid Gordian tomorrow information	-204	Response check digit wrong
603	Invalid Gordian stimulus information	-205	Response character not decimal
701	Invalid input buffer pointer	-206	Response character not hexadecimal