C API for BALTECH SDK

§ brp_Sec_AuthPhase1()

brp_errcode brp_Sec_AuthPhase1 ( brp_protocol  protocol,
unsigned  SecLevel,
brp_buf  RndA,
brp_buf EncRndA,
brp_buf RndB,
bool *  ContinuousIV,
bool *  Encrypted,
bool *  MACed,
bool *  SessionKey,
brp_mempool mempool 
)

This command initiates a 2-phase authentication. The 2-phase authentication is required for entering a security level, if its Authorization Mode enforces a session key.

In the first phase of the 2-phase authentication, the host sends a random number (RndA) to the reader. The reader encrypts this number two times, using AES128 encryption, with the key of the Security Level specified in SecLevel , and sends the result back to the host as EncRndA. The host then has to check if the reader encrypted the number correctly. If this is the case, the reader returns the OK status code and the Sec.AuthPhase2 command can be called to initiate the second phase of the 2-phase authentication procedure.

If EncRndA is invalid, the reader is configured with an invalid key, different from the one expected by the host. In this case, an error status code is returned.

Parameters
[in]protocolused to execute the command
[in]SecLevelThe Security Level which needs to be authenticated.
[in]RndARandom number to be encrypted by reader.
[out]EncRndAA version of RndA twice encrypted by the reader using the key of the Security Level specified by SecLevel.
[out]RndBA second random number (generated by reader).
[out]ContinuousIVRequires a contionous IV to avoid replay attacks.
[out]EncryptedRequires that commands running in this security level always have to be encrypted. This flag cannot be set at the same time as the MACed flag.
[out]MACedRequires that commands running in this security level always have to be MACed. This flag cannot be set at the same time as the Encrypted flag.
[out]SessionKeyRequires a two-phase authentication to be able to enter a security level. This two-phase authentication process needs to be performed using the Sec.AuthPhase1 and Sec.AuthPhase2 commands.
[in]mempoolis used to store response data. Maybe NULL to use an internal mempool, in this case the data is only available until another command uses the internal mempool