12 Error Messages Application Error Messages If the Network Security Processor encounters a command syntax error, an error response message is returned. The format of the error response is: <00#XXYYZZ#> The response ID of 00 indicates an error is being returned. Table 12-1 lists the error number and its description that is returned in field XX. Note. When xx = 04 the next two digits (yy) indicate the total number of fields that were expected in the command. Table 12-1. Error Types Error # Description 00 Response to test message 01 Length out of range 02 Invalid character 03 Value out of range 04 Invalid number of parameters 05 Parity error 06 Key usage error 07 Key usage error 08 Execution error 09 Expecting single-length key 10 Key Length error 20 Serial number set, cannot modify it 21 NSP not in a Security Association, or Serial number not set 22* Non-existent command or option 23* Invalid command or option 24 Incorrect challenge 25 Incorrect Acknowledgement 26* Duplicate command or option 27 No challenge to verify, a command 109 has been received without a prior command 108 28 The configuration string in command 108 is too long. 29 Unable to allocate memory for the configuration string. 41 ASRM timed out waiting for the response from the NSP. Atalla Key Block Banking Command Reference Manual—524130-034 12- 1 Detailed Errors Error Messages Table 12-1. Error Types Error # Description 73 Header mismatch 92 Autokey error 93 Factory keys already generated 94 No factory keys generated 98** No response from cryptographic card 99 Execution time-out * If this error is generated when processing security policy commands, the error response will include an additional field after the XXYYZZ field. This additional field will contains the first item found in error. ** Ax150 only YY – the first field found to be in error. Note. Due to the NSP's parsing logic the field reported in the error response may not be the first, or only, field in the command that contains an error. If this field returns the value 00, then any of the following may be true: • • • Your command specified an invalid command number. A necessary MFK or KEK is missing. The response has been sent simply as an echo of a command. ZZ – the software revision level of the cryptographic command processor. Detailed Errors The detailed error is appended as a separate field after the error field (XXYYZZ). Detailed errors are only included if option 021 is enabled, see Configure Network Security Processor Option (Command 101) on page 11-26 for more information on enabling detailed application errors. Table 12-2 lists the detailed application error messages by number, and provides the description of each message. Table 12-2. Detailed Application Errors (page 1 of 5) Error # Description 1 Invalid command string length 2 Invalid command length 3 Invalid parameter length 4 Passcode length not matched with user data 5 Non empty field - conflicts with other fields 95 Internal error Atalla Key Block Banking Command Reference Manual—524130-034 12- 2 Detailed Errors Error Messages Table 12-2. Detailed Application Errors (page 2 of 5) Error # Description 100 Invalid character error 101 Invalid command string format 102 Invalid character 200 Value out of range 201 Invalid command 202 Invalid parameter value 203 Command not implemented 204 Invalid continue command (5B) 205 Invalid part/length for loading keys from the key loading module 206 Invalid restriction setting 207 Invalid table type specified for loading a key 208 Invalid parent key 209 Invalid key length specified 210 Invalid key name specified 211 Invalid ANSI-formatted message authentication code 214 Invalid key serial number, if new one is the same as the current one 215 Invalid checksum on string 216 Value in field is not same as other field 217 Count value not greater than zero 218 Command count table is full 220 No free key slot for RSA key 300 Invalid number of parameters 301 Too many fields 302 Too few response fields 303 Too few fields 304 Initialization vector is missing 305 Wrong combination of keys 306 Invalid number of parameters 500 Application error 501 Key table entry in use 502 Key table full 503 MFK is not valid 504 KEK is not valid 505 MFK already exists Atalla Key Block Banking Command Reference Manual—524130-034 12- 3 Detailed Errors Error Messages Table 12-2. Detailed Application Errors (page 3 of 5) Error # Description 506 KEK already exists 507 Error during key loading process 508 KEK check digits do not match expected check digits 509 Key did not have odd parity 510 Specified variant cannot be used 511 KD1 or KD2 check digits do not match expected check digits 512 Wrong entry of single length key 513 Command 14-5, keys have different length 514 Command 14-5, weak key 515 Any decimalization tables in the key table must be single length 600 Non-existent key 601 Non-existent module key entry 602 Non-existent MFK 603 Non-existent KEK 604 Non-existent Pending MFK 605 Incorrect entry of double-length key slots 606 Pending MFK name is the same as the current MFK’s name 607 Security violation 608 Non-existent configuration key 611 MFK name in command does not match the current or retired name in the security processor 612 MFK name in command does not match the MFK name in the security processor 613 Pending MFK name in command does not match the pending MFK name in the security processor 620 The header is incorrect 622 The MAC of the AKB did not verify 623 Key slot empty 700 Hardware error 701 Cannot open file 702 Problem with EDES_ENC 704 Problem in routine des_cbc_cfb8 705 Problem in routine des_ofb_cfb64 706 Hardware error 707 Fatal error Atalla Key Block Banking Command Reference Manual—524130-034 12- 4 Detailed Errors Error Messages Table 12-2. Detailed Application Errors (page 4 of 5) Error # Description 708 A routine which should always * (Return didn’t *) 709 DCP NVRAM error 710 FEB NVRAM error 711 Internal routines returned unsuccessfully 712 Wrong mode 713 Internal developer’s error 714 BSAFE error 801 Failed hardware function 802 Failed ACE function (general) 803 Failed ACE function (command buffer too big) 804 Failed ACE function (LDM function failed) 805 Failed ACE function (Response returned smaller than minimum) 806 Failed ACE function (Response length invalid) 807 Failed ACE function (Response ID incorrect) 808 Failed ACE function (Response ID had invalid error) 809 Failed ACE function (Command had NULL error) 810 Failed ACE function (Command had NULL first item) 811 Failed ACE function (Response had NULL item) 812 Failed ACE function (Response had NULL first item) 813 Failed ACE function (Command ID was modified) 901 Expecting a single-length key and received a double 902 Expecting a double-length key and received a single 903 The double-length key is really a replicated single-length key 2000 The Serial number is already set, it cannot be modified 2100 The Serial Number is not loaded 2101 NSP is not in a security association. 2200 Non-existent command item in the configuration string 2300 Invalid command item format 2301 Command 105 hasn’t been received yet. Command 105 must be received before command 108 for all commands/options that require both. 2400 The input HASH in command 109 does not match the stored HASH from command 108 2500 The acknowledgment text is incorrect or missing 2600 Conflicting duplication of a configuration parameter Atalla Key Block Banking Command Reference Manual—524130-034 12- 5 Detailed Errors Error Messages Table 12-2. Detailed Application Errors (page 5 of 5) Error # Description 2700 There is no stored hash- i.e. a command 109 was received without a prior 108 2800 Configuration text exceed maximum length 2900 Unable to allocate memory 7300 The variant of the key in table incorrect 7301 The variant for a decimalization table is wrong 9200 System was not initialized 9201 RSA keys already exists 9202 Autokey global data is corrupted 9203 Can't allocate memory with mymalloc 9205 Failed signature verification 9208 Failed certificate verification 9210 Can’t sign the certificate or bad signature 9211 No communication key present in a system 9212 No session key present in a system 9213 MAC computation or verification failed 9214 Bad Tx buffer data length 9215 Bad data length inside the header 9216 Bad transaction function 9217 Bad transaction type 9218 Bad transaction state Examples Receiving Response 00 due to an Error Condition The command being sent is 72 verify key table slot. It contains an invalid value for the key slot. <72#5678#> The Network Security Processor issues the following response. <00#030127#> This response indicates the following: • • • The field’s value is out of range (indicated by 03). Field 1 is in error (indicated by 01). The software’s revision number is 2.7. Atalla Key Block Banking Command Reference Manual—524130-034 12- 6 Detailed Errors Error Messages If the detailed error feature (option 21) is enabled the response is: <00#030127#0202#> This response indicates the following: • • • • The field’s value is out of range (indicated by 03). Field 1 is in error (indicated by 01). The software’s revision number is 2.7. The detailed error (0202) indicates an invalid parameter value. Atalla Key Block Banking Command Reference Manual—524130-034 12- 7 Detailed Errors Error Messages Atalla Key Block Banking Command Reference Manual—524130-034 12- 8