Function prototype
aat_int32 AAL2ProcVerifyMessageSignatureRpl(
aat_byte *InReply,
aat_int32 ReplySize,
TDigipassBlob *DPData,
aat_ascii *ConfirmationCode,
aat_int3 *ConfirmationCodeLength);Description
This function processes a reply from the HSM to a deactivation message command generated with AAL2GenVerifyMessageSignatureCmd.
The message signature validation on the HSM is identical to the functionality available with the Authentication Suite Server SDK Software Digipass Multi-Device Activation Service and the Digipass Secure Channel Service. For information on the associated functions, refer to the Authentication Suite Server SDK C-C++ Programmer's Guide.
Score-based Digipass
For Digipass devices that integrate the score-based algorithm, the HSM module performs a score-based message signature validation which allows retrieving the Digipass scoring value. Once the HSM module has successfully validated the signature, it returns either SUCCESS or SUCCESS with the relevant scoring warning code. See return codes in Table: Return codes (AAL2ProcVerifyMessageSignatureRpl) for more details.
Parameters
Return codes
| Code | Meaning | Code | Meaning |
|---|---|---|---|
| 0 | Success | 1018 | Invalid TLV item pointer |
| 10001 | Success with context warning[1] | 1019 | Missing mandatory TLV item |
| 10002 | Success with user warning[1] | 1025 | Buffer too small |
| 10003 | Success with user & context warning[1] | 1103 | Unlock Version 2 not supported |
| 10004 | Success with platform warning[1] | 1116 | Response check digit not allowed |
| 10005 | Success with platform & context warning[1] | 1117 | Challenge check digit not allowed |
| 10006 | Success with platform & user warning[1] | 1118 | Unsupported BLOB |
| 10007 | Success with platform & user & context warning[1] | 1309 | Application cannot be used for Secure Channel transactions |
| 1 | Signature not verified | 1337 | Unsupported message protocol version |
| 132 | Unsupported token type | 1339 | Invalid message length |
| 203 | Sign error threshold reached | 1364 | Message time validity expired |
| 204 | Duplicate signature found | -103 | Data field check digit wrong |
| 205 | Inactive days reached | -105 | Challenge minimum length not allowed |
| 206 | Chronological signature error | -106 | Challenge maximum length not allowed |
| 208 | Application disabled | -107 | Challenge number wrong |
| 272 | Invalid wrapped key | -108 | Challenge character invalid |
| 412 | Invalid checksum (software) | -201 | Response length out of bounds |
| 413 | Invalid Base64 format | -202 | Response too short |
| 414 | Invalid checksum (HSM) | -203 | Response too long |
| 510 | Invalid Digipass data pointer | -102 | Data field too long |
| 701 | Invalid input buffer pointer | -204 | Response check digit wrong |
| 910 | Invalid HSM command in reply | -205 | Response character not decimal |
| 912 | HSM invalid BLOB status | -206 | Response character not hexadecimal |
| 913 | Invalid HSM key property | -207 | Response character set not specified |
| 951 | Invalid HSM key type for HSM decryption | -1501 | Memory allocation failed |
| 1009 | Invalid TLV total length |
- Specific score-based authentication code (see Score-based DIGIPASS)