Function prototype
aat_int32 AAL2GenPasswordICSF(
TDigipassBlob* DPData,
TKernelParms* CallParms,
aat_ascii* aStorageKeyNameIn,
aat_ascii* aInitialVectorIn,
aat_ascii* Password,
aat_ascii* Challenge,
aat_ascii* ReturnHostCode,
aat_int32* ReturnHostCodeLength);
Description
If Virtual Mobile Authenticator is supported and activated for the given authenticator application BLOB, AAL2GenPasswordICSF function can be used to generate a dynamic one-time password. It is an extension of AAL2GenPassword, with the additional feature of integrating the return host code.
Parameters
Table: Parameters (AAL2GenPasswordICSF) | Type | Name | Use | Description |
|---|
| TDigipassBlob * | DPData | I/O | authenticator application BLOB. Upon return from the function call, this BLOB must be rewritten to the application database to reflect changes.. |
| TKernelParms * | CallParms | I | Structure of runtime parameters to use during this function call. |
| aat_ascii * | aStorageKeyNameIn | I | String of up to 64+1 characters, left-justified, null-terminated, or right-padded with spaces. This is the label of the ICSF storage key used to encrypt the sensitive Digipass application BLOB data. |
| aat_ascii * | aInitialVectorIn | I | String of 16 or 32 hexadecimal characters, left-justified, null-terminated. This is the initial vector used to encrypt the sensitive authenticator application BLOB data. |
| aat_ascii * | Password | O | String of up to 17 numeric or hexadecimal characters, left-justified, null-terminated, or right-padded with spaces. This is the dynamic password generated by the library (recommended buffer size is 18 bytes). |
| aat_ascii * | Challenge | I | String of up to 17 numeric characters, left-justified, null-terminated, or right-padded with spaces. This parameter holds the challenge which may have been proposed to the user to generate CodeToVerify. If no challenge was generated, this parameter should be NULL. |
| aat_ascii * | ReturnHostCode | O | Up to 17 numeric or hexadecimal characters, left-justified, null-terminated or right-padded with spaces. This is the code generated by Authentication Suite Server SDK. |
| aat_int32 * | ReturnHostCodeLength | O | Pointer to a long integer that indicates the length of the generated return host code. |
COBOL calling convention
Entry point: AA2VGPIC
02 W-BLOB PIC X(248).
02 W-KERNELPARMS.
03 W-PARMCOUNT PIC 9(8) USAGE BINARY.
03 W-PARM01 PIC 9(8) USAGE BINARY.
. . .
03 W-PARM19 PIC 9(8) USAGE BINARY.
02 W-HOSTCODE PIC X(17).
02 W-HOSTCODE-LENGTH PIC 9(8) USAGE BINARY.
02 W-RETURN PIC S9(8) USAGE BINARY.
02 W-PASSWORD PIC X(17).
02 W-CHALLENGE PIC X(17).
02 W-STORAGEKEY PIC X(65).
02 W-INITVECTOR PIC X(17).
02 W-API-NAME PIC X(8) VALUE 'AA2VGPIC'.
. . .
CALL W-API-NAME USING
BY REFERENCE W-BLOB
BY REFERENCE W-KERNELPARMS
BY REFERENCE W-STORAGEKEY
BY REFERENCE W-INITVECTOR
BY REFERENCE W-PASSWORD
BY REFERENCE W-CHALLENGE
BY REFERENCE W-HOSTCODE
BY REFERENCE W-HOSTCODE-LENGTH
RETURNING W-RETURN
Return codes
Table: Return codes (AAL2GenPasswordICSF) | Code | Meaning | Code | Meaning |
|---|
| 0 | Success | 908 | HSM key not found |
| 130 | Invalid response pointer | 951 | Invalid HSM key type for HSM decryption |
| 131 | Missing required challenge | 1103 | Unlock Version 2 not supported |
| 132 | Unsupported token type | 1116 | Response check digit not allowed |
| 202 | Identification error threshold reached | 1117 | Challenge check digit not allowed |
| 208 | Application disabled | 1118 | Unsupported BLOB |
| 209 | Grace period expired | -101 | Challenge too short |
| 210 | Allowed use count reached | -102 | Challenge too long |
| 211 | Virtual Virtual token not supported | -103 | Challenge check digit wrong |
| 412 | Invalid checksum | -105 | Challenge minimum length not allowed |
| 413 | Invalid Base64 format | -106 | Challenge maximum length not allowed |
| 414 | Invalid checksum (HSM) | -107 | Challenge number wrong |
| 510 | Invalid Digipass data pointer | -108 | Challenge character invalid |
| 900 | Invalid session context handle | -1501 | Memory allocation failed |