11.12.3.4.71. Function Se05x_API_DFAuthenticateFirstPart1

11.12.3.4.71.1. Function Documentation

smStatus_t Se05x_API_DFAuthenticateFirstPart1(pSe05xSession_t session_ctx, uint32_t objectID, const uint8_t *inputData, size_t inputDataLen, uint8_t *outputData, size_t *poutputDataLen)

Se05x_API_DFAuthenticateFirstPart1

MIFARE DESFire support

MIFARE DESFire EV2 Key derivation (S-mode). This is limited to AES128 keys only.

The SE05X can be used by a card reader to setup a session where the SE05X stores the master key(s) and the session keys are generated and passed to the host.

The SE05X keeps an internal state of MIFARE DESFire authentication data during authentication setup. This state is fully transient, so it is lost on deselect of the applet.

The MIFARE DESFire state is owned by 1 user at a time; i.e., the user who calls DFAuthenticateFirstPart1 owns the MIFARE DESFire context until DFAuthenticateFirstPart1 is called again or until DFKillAuthentication is called.

The SE05X can also be used to support a ChangeKey command, either supporting ChangeKey or ChangeKeyEV2. To establish a correct use case, policies need to be applied to the keys to indicate keys can be used for ChangeKey or not, etc. (to be detailed)

Command to Applet

Field

Value

Description

CLA

0x80

INS

INS_CRYPTO

SE05x_INS_t

P1

P1_DEFAULT

See SE05x_P1_t

P2

P2_AUTH_FIRST_PART1

See SE05x_P2_t

Lc

#(Payload)

TLV[TAG_1]

4-byte key identifier.

TLV[TAG_2]

16-byte encrypted card challenge: E(Kx,RndB)

Le

0x00

R-APDU Body

Value

Description

TLV[TAG_1]

32-byte output data: E(Kx, RandA || RandB’)

R-APDU Trailer

SW

Description

SW_NO_ERROR

The command is handled successfully.

Parameters
  • [in] session_ctx: Session Context [0:kSE05x_pSession]

  • [in] objectID: objectID [1:kSE05x_TAG_1]

  • [in] inputData: inputData [2:kSE05x_TAG_2]

  • [in] inputDataLen: Length of inputData

  • [out] outputData: [0:kSE05x_TAG_1]

  • [inout] poutputDataLen: Length for outputData