Function prototype
aat_int32 AAL2ProcVerifySignatureRpl(
aat_byte *InReply,
aat_int32 *ReplySize,
TDigipassBlob *DPData,
aat_ascii *aReturnHostCodeOut,
aat_int32 *ReturnHostCodeLenOut);Description
This function processes a reply from the HSM to a command generated with either AAL2GenVerifySignatureCmd or AAL2GenVerifySignatureCmdEx.
The signature validation with enhanced security on the HSM is identical to the functionality available with the Authentication Suite Server SDK Software e-Signature Validation Service. For information on the associated functions, refer to the Authentication Suite Server SDK C-C++ Programmer's Guide.
Score-based Digipass
For Digipass devices that integrate the score-based algorithm, the HSM module performs a score-based signature validation which allows retrieving the Digipass scoring value. Once the HSM module has successfully validated the signature, it returns either SUCCESS or SUCCESS with the relevant scoring warning code. See the list of return codes in Table: Return codes (AAL2ProcVerifySignatureRpl) for more details.
Parameters
Return codes
| Code | Meaning | Code | Meaning |
|---|---|---|---|
| 0 | Success | 951 | Invalid HSM key type for HSM decryption |
| 10001 | Success with context warning[1] | 1009 | Invalid TLV total length |
| 10002 | Success with user warning[1] | 1018 | Invalid TLV item pointer |
| 10003 | Success with user & context warning[1] | 1019 | Missing mandatory TLV item |
| 10004 | Success with platform warning[1] | 1025 | Data buffer too small |
| 10005 | Success with platform & context warning[1] | 1103 | Unlock Version 2 not supported |
| 10006 | Success with platform & user warning[1] | 1116 | Response check digit not allowed |
| 10007 | Success with platform & user & context warning[1] | 1117 | Challenge check digit not allowed |
| 1 | Signature not verified | 1118 | Unsupported BLOB |
| 132 | Unsupported token type | -101 | Challenge too short |
| 203 | Sign error threshold reached | -102 | Challenge too long |
| 204 | Duplicate signature found | -103 | Challenge check digit wrong |
| 205 | Inactive days reached | -105 | Challenge minimum length not allowed |
| 206 | Chronological signature error | -106 | Challenge maximum length not allowed |
| 208 | Application disabled | -107 | Challenge number wrong |
| 272 | Invalid wrapped key | -108 | Challenge character invalid |
| 412 | Invalid checksum (software) | -201 | Response length out of bounds |
| 413 | Invalid Base64 format | -202 | Response too short |
| 414 | Invalid checksum (HSM) | -203 | Response too long |
| 510 | Invalid Digipass data pointer | -204 | Response check digit wrong |
| 701 | Invalid Input Buffer Pointer | -205 | Response character not decimal |
| 910 | Invalid HSM command in reply | -206 | Response character not hexadecimal |
| 912 | HSM Invalid BLOB Status | -207 | Response character set not specified |
| 913 | Invalid HSM key property | -1501 | Memory allocation failed |
- Specific score-based authentication code (see Score-based DIGIPASS)