Describes about the MIFARE DUOX Secure Messaging related commands. More...

Collaboration diagram for Commands_SecureMessaging:

Modules
	Defines
	Macro Definitions for Secure Messaging commands.

Functions
phStatus_t	phalMfDuoX_ISOGeneralAuthenticate (void pDataParams, uint16_t wOption, uint8_t bCARootKeyNo, uint16_t wKeyNo_PrivA, uint16_t wKeyPos_PrivA, uint8_t pOptsA, uint8_t bOptsALen, uint8_t pCertA, uint16_t wCertALen, uint8_t pExpRspLen, uint8_t bExpRspLen, uint8_t pE_PubB, uint16_t pE_PubBLen, uint8_t *ppResponse, uint16_t pRspLen)
	Performs ASymmetric Mutual or Reader-Unilateral authentication. More...

phStatus_t	phalMfDuoX_ISOInternalAuthenticate (void pDataParams, uint8_t bPrivKeyNo, uint8_t bCurveID, uint8_t pPubBKey, uint16_t wPubBKeyLen, uint8_t pOptsA, uint8_t bOptsALen, uint8_t pExpRspLen, uint8_t bExpRspLen)
	Performs Asymmetric Card-Unilateral Authentication. More...

phStatus_t	phalMfDuoX_AuthenticateEv2 (void pDataParams, uint8_t bFirstAuth, uint16_t wOption, uint16_t wKeyNo, uint16_t wKeyVer, uint8_t bKeyNoCard, uint8_t pDivInput, uint8_t bDivLen, uint8_t pPcdCapsIn, uint8_t bLenPcdCapsIn, uint8_t pPcdCapsOut, uint8_t *pPdCapsOut)
	Performs an Ev2 First or Non First Authentication depending upon bFirstAuth Parameter. More...

Detailed Description

Describes about the MIFARE DUOX Secure Messaging related commands.

Function Documentation

◆ phalMfDuoX_ISOGeneralAuthenticate()

phStatus_t phalMfDuoX_ISOGeneralAuthenticate	(	void *	pDataParams,
		uint16_t	wOption,
		uint8_t	bCARootKeyNo,
		uint16_t	wKeyNo_PrivA,
		uint16_t	wKeyPos_PrivA,
		uint8_t *	pOptsA,
		uint8_t	bOptsALen,
		uint8_t *	pCertA,
		uint16_t	wCertALen,
		uint8_t *	pExpRspLen,
		uint8_t	bExpRspLen,
		uint8_t *	pE_PubB,
		uint16_t *	pE_PubBLen,
		uint8_t **	ppResponse,
		uint16_t *	pRspLen
	)

Performs ASymmetric Mutual or Reader-Unilateral authentication.

This interfaces performs Cmd.ISOGeneralAuthenticate and Cmd.ISOGeneralAuthenticateFinal based on the information provided in wOption parameter. Type of Authentication (i.e Mutual or Reader-UniLateral) is extracted from the Option information (pOptsA).

ISOGeneral Authenticate Part1, ISOGeneral Authenticate Part2 and ISOGeneral Authenticate Final based on wOption information.
During ISOGeneral Authenticate Part1, Ephemeral Key Pair (E.Pub.A) is generated by the Library.
Interface provides Ephemeral Key Pair (E.Pub.B) and Decrypted response from PICC after successful execution of ISOGeneralAuthenticate Part 2.
For ISOGeneral Authentication Final execution, user has to provide the Ephemeral Public Key (E.Pub.B) received during ISOSelect File command exchange.

Note

Authenticate State will be Not Authenticated if AuthMethod is Mutual Authentication for Cmd.ISOGeneralAuthenticate or Cmd.ISOGeneralAuthentiate_Final command execution. To update the state to Authenticated, call ISOGeneral Authenticate Verify interface. It's must to call the ISOGeneral Authenticate Verify interface to proceed with other command with Secure Messaging applied.
Authenticate State will be Authenticated if AuthMethod is Reader UniLateral Authentication. Here call of ISOGeneral Authenticate Verify interface is not required.

Returns: Status code

Return values

PH_ERR_SUCCESS	Operation successful.
PH_ERR_INVALID_DATA_PARAMS	If DataParams is null.
PH_ERR_INVALID_PARAMETER	If the buffers are null. Values not supported for Authentication (wOption parameter.)
PH_ERR_PROTOCOL_ERROR	If Tag information is not proper for AuthDOHdr of E.Pub.B and Msg.B.enc. If there is no Response from PICC in case of ISOGeneralAuthenticate Part 2 or ISOGeneralAuthenticate_Final.
XXXX	Depending on status codes return by PICC. Other Depending on implementation and underlying component.

Parameters

[in]	pDataParams	[In] Pointer to this layer's parameter structure.
[in]	wOption	[In] Authentication to perform. One of the below options. ISOGeneral Authenticate ISOGeneral Authenticate Final
[in]	bCARootKeyNo	[In] Key number of the targeted CA Root Key. Depending on available keys. Bits[6 - 4]: If Multiple application selected, Key number of the secondary targeted CA Root Key. If Single application selected, RFU Bits[2 - 0]: Key number of the primary targeted CA Root Key.
[in]	wKeyNo_PrivA	[In] Key number in KeyStore to use, known Private A Key (Priv.A).
[in]	wKeyPos_PrivA	[In] Key position in KeyStore to use, known Private A Key (Priv.A).
[in]	pOptsA	[In] Complete PCD Options in TLV format.
[in]	bOptsALen	[In] Length of bytes available in pOptsA buffer.
[in]	pCertA	[In] Certificate information of Reader (Cert.A).
[in]	wCertALen	[In] Length of bytes available in pCertA buffer.
[in]	pExpRspLen	[In] Length of expected response from Device. This parameter is for exchanging the LE information. If NULL is provided, then the expected Response length will be taken as 0x00 (1 byte) by default. Possible values are NULL, Array consisting of 1 byte or 2 bytes.
[in]	bExpRspLen	[In] Length of bytes available in pExpRspLen buffer.
[in,out]	pE_PubB	[In, Out] Ephemeral Public Key (E.Pub.B) received from PICC. User needs to create the required buffer size [Out] While Performing ISOGeneral Authenticate Part 1 Exchange. [In] During ISOSelect File command exchange. Will be utilized for ISOGeneral Authenticate Final command exchange.
[in,out]	pE_PubBLen	[In, Out] The Length of bytes available in pE_PubB buffer
[out]	ppResponse	[Out] The Decrypted Response received from the Device. Will consists of Decrypted Message B Mutual Authentication : Constant \|\| OptsB \|\| [Cert.B] \|\| Sig.B Reader Uni-lateral Authentication: Constant \|\| OptsB
[out]	pRspLen	[Out] Length of bytes available in ppResponse buffer.

◆ phalMfDuoX_ISOInternalAuthenticate()

phStatus_t phalMfDuoX_ISOInternalAuthenticate	(	void *	pDataParams,
		uint8_t	bPrivKeyNo,
		uint8_t	bCurveID,
		uint8_t *	pPubBKey,
		uint16_t	wPubBKeyLen,
		uint8_t *	pOptsA,
		uint8_t	bOptsALen,
		uint8_t *	pExpRspLen,
		uint8_t	bExpRspLen
	)

Performs Asymmetric Card-Unilateral Authentication.

The following operations are performed using this interface.

Ephemeral Key Pair (E.Pub.A) is generated by the Library.
The Signature (Sig.B) received as part of response is verified using the Key Number provided in wKeyNo_PubKeyB parameter.

Returns: Status code

Return values

PH_ERR_SUCCESS	Operation successful.
PH_ERR_INVALID_DATA_PARAMS	If DataParams is null.
PH_ERR_INVALID_PARAMETER	If the buffers are null.
PH_ERR_PROTOCOL_ERROR	If Tag information is not proper for AuthDOHdr, RndB and Signature.
PH_ERR_VERIFICATION_FAILED	Verification of Message / Signature combination failed.
XXXX	Depending on status codes return by PICC. Other Depending on implementation and underlying component.

Parameters

[in]	pDataParams	[In] Pointer to this layer's parameter structure.
[in]	bPrivKeyNo	[In] Private Key number for signing the response. At PICC level, two keys are supported. At Application level, up to five keys are supported.
[in]	bCurveID	[In] The targeted curve for the public key provided in pPubBKey parameter. Should be one of the below values. P-256 BP-256
[in]	pPubBKey	[In] Public Key (Pub.B) to be used for verification.
[in]	wPubBKeyLen	[In] Length of bytes available in pPubBKey buffer.
[in]	pOptsA	[In] Complete PCD Options in TLV format. NULL in case of Optional scenario
[in]	bOptsALen	[In] Length of bytes available in pOptsA buffer. Zero in case of Optional scenario.
[in]	pExpRspLen	[In] Length of expected response from Device. This parameter is for exchanging the LE information. If NULL is provided, then the expected Response length will be taken as 0x00 (1 byte) by default or 2 bytes based on LC. Possible values are NULL, Array consisting of 1 byte or 2 bytes.
[in]	bExpRspLen	[In] Length of bytes available in pExpRspLen buffer.

◆ phalMfDuoX_AuthenticateEv2()

phStatus_t phalMfDuoX_AuthenticateEv2	(	void *	pDataParams,
		uint8_t	bFirstAuth,
		uint16_t	wOption,
		uint16_t	wKeyNo,
		uint16_t	wKeyVer,
		uint8_t	bKeyNoCard,
		uint8_t *	pDivInput,
		uint8_t	bDivLen,
		uint8_t *	pPcdCapsIn,
		uint8_t	bLenPcdCapsIn,
		uint8_t *	pPcdCapsOut,
		uint8_t *	pPdCapsOut
	)

Performs an Ev2 First or Non First Authentication depending upon bFirstAuth Parameter.

This will be using the AES128 keys and will generate and verify the contents based on generic AES algorithm. The Random number generation will be performed by the library.

Returns: Status code

Return values

PH_ERR_SUCCESS	Operation successful.
PH_ERR_INVALID_DATA_PARAMS	If DataParams is null.
PH_ERR_INVALID_PARAMETER	If the buffers are null. For Invalid AuthType (bFirstAuth), Invalid Diversification Options (wOption). If Diversification is higher than Maximum Diversification Length.
PH_ERR_KEY	KeyType is not of AES128.
PH_ERR_PROTOCOL_ERROR	If Response length is not of AES128 Block Size (Single or multiple).
PH_ERR_AUTH_ERROR	If Received RndA do not match.
XXXX	Depending on status codes return by PICC. Other Depending on implementation and underlying component.

Parameters

[in]	pDataParams	[In] Pointer to this layer's parameter structure.
[in]	bFirstAuth	[In] Authentication type to perform. One of the below options. First Authentication Following Authentication
[in]	wOption	[In] One of the below options. No Diversification Encryption Method of Diversification CMAC Method of Diversification
[in]	wKeyNo	[In] Key number in KeyStore of software.
[in]	wKeyVer	[In] Key version in the key store of software.
[in]	bKeyNoCard	[In] Key number on card. ORed with Secondary Application indicator.
[in]	pDivInput	[In] Diversification input to be used for diversifying the key. Can be NULL.
[in]	bDivLen	[In] Length of bytes available in pDivInput buffer.
[in]	pPcdCapsIn	[In] PCD Capabilities. Upto 6 bytes.
[in]	bLenPcdCapsIn	[In] Length of PcdCapsIn. Always zero for NonFirst authentication.
[out]	pPcdCapsOut	[Out] PCD Capabilities. The size of the buffer should be 6 bytes long.
[out]	pPdCapsOut	[Out] PD Capabilities. The size of the buffer should be 6 bytes long.

Modules

Functions

Detailed Description

Function Documentation

◆ phalMfDuoX_ISOGeneralAuthenticate()

◆ phalMfDuoX_ISOInternalAuthenticate()

◆ phalMfDuoX_AuthenticateEv2()