11.12.3.4.71. Function Se05x_API_DFAuthenticateFirstPart1¶
Defined in File se05x_APDU_apis.h
11.12.3.4.71.1. Function Documentation¶
-
smStatus_t
Se05x_API_DFAuthenticateFirstPart1
(pSe05xSession_t session_ctx, uint32_t objectID, const uint8_t *inputData, size_t inputDataLen, uint8_t *outputData, size_t *poutputDataLen)¶ Se05x_API_DFAuthenticateFirstPart1
MIFARE DESFire support
MIFARE DESFire EV2 Key derivation (S-mode). This is limited to AES128 keys only.
The SE05X can be used by a card reader to setup a session where the SE05X stores the master key(s) and the session keys are generated and passed to the host.
The SE05X keeps an internal state of MIFARE DESFire authentication data during authentication setup. This state is fully transient, so it is lost on deselect of the applet.
The MIFARE DESFire state is owned by 1 user at a time; i.e., the user who calls DFAuthenticateFirstPart1 owns the MIFARE DESFire context until DFAuthenticateFirstPart1 is called again or until DFKillAuthentication is called.
The SE05X can also be used to support a ChangeKey command, either supporting ChangeKey or ChangeKeyEV2. To establish a correct use case, policies need to be applied to the keys to indicate keys can be used for ChangeKey or not, etc. (to be detailed)
Command to Applet
Field
Value
Description
CLA
0x80
INS
INS_CRYPTO
P1
P1_DEFAULT
See
SE05x_P1_t
P2
P2_AUTH_FIRST_PART1
See
SE05x_P2_t
Lc
#(Payload)
TLV[TAG_1]
4-byte key identifier.
TLV[TAG_2]
16-byte encrypted card challenge: E(Kx,RndB)
Le
0x00
R-APDU Body
Value
Description
TLV[TAG_1]
32-byte output data: E(Kx, RandA || RandB’)
R-APDU Trailer
SW
Description
SW_NO_ERROR
The command is handled successfully.
- Parameters
[in] session_ctx
: Session Context [0:kSE05x_pSession][in] objectID
: objectID [1:kSE05x_TAG_1][in] inputData
: inputData [2:kSE05x_TAG_2][in] inputDataLen
: Length of inputData[out] outputData
: [0:kSE05x_TAG_1][inout] poutputDataLen
: Length for outputData