Uploaded by Steve Gonzalez

ATALLA Error Codes

advertisement
12
Error Messages
Application Error Messages
If the Network Security Processor encounters a command syntax error, an error
response message is returned. The format of the error response is:
<00#XXYYZZ#>
The response ID of 00 indicates an error is being returned.
Table 12-1 lists the error number and its description that is returned in field XX.
Note. When xx = 04 the next two digits (yy) indicate the total number of fields that were
expected in the command.
Table 12-1. Error Types
Error #
Description
00
Response to test message
01
Length out of range
02
Invalid character
03
Value out of range
04
Invalid number of parameters
05
Parity error
06
Key usage error
07
Key usage error
08
Execution error
09
Expecting single-length key
10
Key Length error
20
Serial number set, cannot modify it
21
NSP not in a Security Association, or Serial number not set
22*
Non-existent command or option
23*
Invalid command or option
24
Incorrect challenge
25
Incorrect Acknowledgement
26*
Duplicate command or option
27
No challenge to verify, a command 109 has been received
without a prior command 108
28
The configuration string in command 108 is too long.
29
Unable to allocate memory for the configuration string.
41
ASRM timed out waiting for the response from the NSP.
Atalla Key Block Banking Command Reference Manual—524130-034
12- 1
Detailed Errors
Error Messages
Table 12-1. Error Types
Error #
Description
73
Header mismatch
92
Autokey error
93
Factory keys already generated
94
No factory keys generated
98**
No response from cryptographic card
99
Execution time-out
* If this error is generated when processing security policy commands, the error
response will include an additional field after the XXYYZZ field. This additional field will
contains the first item found in error.
** Ax150 only
YY – the first field found to be in error.
Note. Due to the NSP's parsing logic the field reported in the error response may not be the
first, or only, field in the command that contains an error.
If this field returns the value 00, then any of the following may be true:
•
•
•
Your command specified an invalid command number.
A necessary MFK or KEK is missing.
The response has been sent simply as an echo of a command.
ZZ – the software revision level of the cryptographic command processor.
Detailed Errors
The detailed error is appended as a separate field after the error field (XXYYZZ).
Detailed errors are only included if option 021 is enabled, see Configure Network
Security Processor Option (Command 101) on page 11-26 for more information on
enabling detailed application errors. Table 12-2 lists the detailed application error
messages by number, and provides the description of each message.
Table 12-2. Detailed Application Errors (page 1 of 5)
Error #
Description
1
Invalid command string length
2
Invalid command length
3
Invalid parameter length
4
Passcode length not matched with user data
5
Non empty field - conflicts with other fields
95
Internal error
Atalla Key Block Banking Command Reference Manual—524130-034
12- 2
Detailed Errors
Error Messages
Table 12-2. Detailed Application Errors (page 2 of 5)
Error #
Description
100
Invalid character error
101
Invalid command string format
102
Invalid character
200
Value out of range
201
Invalid command
202
Invalid parameter value
203
Command not implemented
204
Invalid continue command (5B)
205
Invalid part/length for loading keys from the key loading module
206
Invalid restriction setting
207
Invalid table type specified for loading a key
208
Invalid parent key
209
Invalid key length specified
210
Invalid key name specified
211
Invalid ANSI-formatted message authentication code
214
Invalid key serial number, if new one is the same as the current one
215
Invalid checksum on string
216
Value in field is not same as other field
217
Count value not greater than zero
218
Command count table is full
220
No free key slot for RSA key
300
Invalid number of parameters
301
Too many fields
302
Too few response fields
303
Too few fields
304
Initialization vector is missing
305
Wrong combination of keys
306
Invalid number of parameters
500
Application error
501
Key table entry in use
502
Key table full
503
MFK is not valid
504
KEK is not valid
505
MFK already exists
Atalla Key Block Banking Command Reference Manual—524130-034
12- 3
Detailed Errors
Error Messages
Table 12-2. Detailed Application Errors (page 3 of 5)
Error #
Description
506
KEK already exists
507
Error during key loading process
508
KEK check digits do not match expected check digits
509
Key did not have odd parity
510
Specified variant cannot be used
511
KD1 or KD2 check digits do not match expected check digits
512
Wrong entry of single length key
513
Command 14-5, keys have different length
514
Command 14-5, weak key
515
Any decimalization tables in the key table must be single length
600
Non-existent key
601
Non-existent module key entry
602
Non-existent MFK
603
Non-existent KEK
604
Non-existent Pending MFK
605
Incorrect entry of double-length key slots
606
Pending MFK name is the same as the current MFK’s name
607
Security violation
608
Non-existent configuration key
611
MFK name in command does not match the current or retired name in the
security processor
612
MFK name in command does not match the MFK name in the security
processor
613
Pending MFK name in command does not match the pending MFK name
in the security processor
620
The header is incorrect
622
The MAC of the AKB did not verify
623
Key slot empty
700
Hardware error
701
Cannot open file
702
Problem with EDES_ENC
704
Problem in routine des_cbc_cfb8
705
Problem in routine des_ofb_cfb64
706
Hardware error
707
Fatal error
Atalla Key Block Banking Command Reference Manual—524130-034
12- 4
Detailed Errors
Error Messages
Table 12-2. Detailed Application Errors (page 4 of 5)
Error #
Description
708
A routine which should always * (Return didn’t *)
709
DCP NVRAM error
710
FEB NVRAM error
711
Internal routines returned unsuccessfully
712
Wrong mode
713
Internal developer’s error
714
BSAFE error
801
Failed hardware function
802
Failed ACE function (general)
803
Failed ACE function (command buffer too big)
804
Failed ACE function (LDM function failed)
805
Failed ACE function (Response returned smaller than minimum)
806
Failed ACE function (Response length invalid)
807
Failed ACE function (Response ID incorrect)
808
Failed ACE function (Response ID had invalid error)
809
Failed ACE function (Command had NULL error)
810
Failed ACE function (Command had NULL first item)
811
Failed ACE function (Response had NULL item)
812
Failed ACE function (Response had NULL first item)
813
Failed ACE function (Command ID was modified)
901
Expecting a single-length key and received a double
902
Expecting a double-length key and received a single
903
The double-length key is really a replicated single-length key
2000
The Serial number is already set, it cannot be modified
2100
The Serial Number is not loaded
2101
NSP is not in a security association.
2200
Non-existent command item in the configuration string
2300
Invalid command item format
2301
Command 105 hasn’t been received yet. Command 105 must be received
before command 108 for all commands/options that require both.
2400
The input HASH in command 109 does not match the stored HASH from
command 108
2500
The acknowledgment text is incorrect or missing
2600
Conflicting duplication of a configuration parameter
Atalla Key Block Banking Command Reference Manual—524130-034
12- 5
Detailed Errors
Error Messages
Table 12-2. Detailed Application Errors (page 5 of 5)
Error #
Description
2700
There is no stored hash- i.e. a command 109 was received without a prior
108
2800
Configuration text exceed maximum length
2900
Unable to allocate memory
7300
The variant of the key in table incorrect
7301
The variant for a decimalization table is wrong
9200
System was not initialized
9201
RSA keys already exists
9202
Autokey global data is corrupted
9203
Can't allocate memory with mymalloc
9205
Failed signature verification
9208
Failed certificate verification
9210
Can’t sign the certificate or bad signature
9211
No communication key present in a system
9212
No session key present in a system
9213
MAC computation or verification failed
9214
Bad Tx buffer data length
9215
Bad data length inside the header
9216
Bad transaction function
9217
Bad transaction type
9218
Bad transaction state
Examples
Receiving Response 00 due to an Error Condition
The command being sent is 72 verify key table slot. It contains an invalid value for the
key slot.
<72#5678#>
The Network Security Processor issues the following response.
<00#030127#>
This response indicates the following:
•
•
•
The field’s value is out of range (indicated by 03).
Field 1 is in error (indicated by 01).
The software’s revision number is 2.7.
Atalla Key Block Banking Command Reference Manual—524130-034
12- 6
Detailed Errors
Error Messages
If the detailed error feature (option 21) is enabled the response is:
<00#030127#0202#>
This response indicates the following:
•
•
•
•
The field’s value is out of range (indicated by 03).
Field 1 is in error (indicated by 01).
The software’s revision number is 2.7.
The detailed error (0202) indicates an invalid parameter value.
Atalla Key Block Banking Command Reference Manual—524130-034
12- 7
Detailed Errors
Error Messages
Atalla Key Block Banking Command Reference Manual—524130-034
12- 8
Download