Function prototype
aat_int32 AAL2ProcVerifyPasswordRpl(
aat_byte *InReply,
aat_int32 *ReplySize,
TDigipassBlob *DPData,
aat_ascii *aReturnHostCodeOut,
aat_int32 *ReturnHostCodeLenOut);Description
This function processes a reply from the HSM to a password validation command which has been generated either with AAL2GenVerifyPasswordCmd or AAL2GenVerifyPasswordCmdEx.
The password validation on the HSM is identical to the functionality available with the Authentication Suite Server SDK Software Dynamic Authentication Service. For information on the associated functions, refer to the Authentication Suite Server SDK C-C++ Programmer's Guide.
Score-based Digipass
For Digipass devices that integrate the score-based algorithm, the HSM module performs a score-based authentication which allows retrieving the Digipass scoring value. Once the HSM module has successfully validated the password, it returns either SUCCESS or SUCCESS with the relevant scoring warning code. See the return codes in Table: Return codes (AAL2ProcVerifyPasswordRpl) for more details.
Parameters
Return codes
| Code | Meaning | Code | Meaning |
|---|---|---|---|
| 0 | Success | 910 | Invalid HSM command in reply |
| 10001 | Success with context warning[1] | 912 | HSM invalid BLOB status |
| 10002 | Success with user warning[1] | 913 | Invalid HSM key property |
| 10003 | Success with user & context warning[1] | 951 | Invalid HSM key type for HSM decryption |
| 10004 | Success with platform warning[1] | 1009 | Invalid TLV total length |
| 10005 | Success with platform & context warning[1] | 1018 | Invalid TLV item pointer |
| 10006 | Success with platform & user warning[1] | 1019 | Missing mandatory TLV item |
| 10007 | Success with platform & user & context warning[1] | 1025 | Data buffer too small |
| 1 | Code not verified | 1039 | Invalid response length with DP algorithm |
| 2 | Static password validation failed | 1040 | Invalid host code length with DP algorithm |
| 131 | Missing required challenge | 1103 | Unlock Version 2 not supported |
| 140 | Challenge corrupted | 1116 | Response check digit not allowed |
| 201 | Code replay attempt | 1117 | Challenge check digit not allowed |
| 202 | Identification error threshold reached | 1118 | Unsupported BLOB |
| 205 | Inactive days reached | -101 | Challenge too short |
| 208 | Application disabled | -102 | Challenge too long |
| 272 | Invalid wrapped key | -103 | Challenge check digit wrong |
| 412 | Invalid checksum (software) | -105 | Challenge minimum length not allowed |
| 413 | Invalid Base64 format | -106 | Challenge maximum length not allowed |
| 414 | Invalid checksum (HSM) | -107 | Challenge number wrong |
| 510 | Invalid Digipass data pointer | -108 | Challenge character invalid |
| 600 | Invalid Gordian root information | -201 | Response length out of bounds |
| 601 | Invalid Gordian today information | -202 | Response too short |
| 602 | Invalid Gordian tomorrow information | -203 | Response too long |
| 603 | Invalid Gordian stimulus information | -204 | Response check digit wrong |
| 701 | Invalid input buffer pointer | -205 | Response character not decimal |
| 802 | Change password mandatory | -206 | Response character not hexadecimal |
| 803 | New password too short | -207 | Response character set not specified |
| 804 | New password too long | -1501 | Memory allocation failed |
- Specific score-based authentication code (see Score-based DIGIPASS)