Sec.Tunnel

This command enables to send a specific command, called the tunnelled command, to the reader (and to receive its response) in an encrypted and/or MACed fashion.

Depending on the values of the AuthModeAndSecLevel bit mask, the tunnelled command will either be encrypted, MACed or both. The structure of the TunnelledCmd parameter and of the TunnelledResp response vary depending on the encryption/MACing behaviour:

This command must not be used in BRP Repeat Mode.

Properties

Parameters (request frame)

Name Type/Size Description
- Bit mask (8 bits) -
ContinuousIV Boolean (bit 0x80)

If this bit is set, encryption/MACing will use a continuous IV for CBC mode will be used. That means the state of the IV after the first command will be used as the IV for the second command and so on.

If this bit is not set, the IV will be reset to zeros (00 00 ... 00) before every command or response is encrypted/MACed.

Encrypted Boolean (bit 0x40) Requires that commands running in this security level always have to be encrypted.
MACed Boolean (bit 0x20) Requires that commands running in this security level always have to be MACed.
SessionKey Boolean (bit 0x10) If this bit is set, a session key needs to be used instead of a fixed key. A session key can be generated using the 2-phase authentication process triggered by the Sec.AuthPhase1 and Sec.AuthPhase2 commands.
RFU Integer (bit mask area 0x0C) Zero padding
SecLevel Integer (bit mask area 0x03) The Security Level (0-3), which should be entered when executing the tunnelled command.
TunnelledCmd Raw data (until end of frame)

Encrypted and/or MACed command. This variable has the following data structure (before encryption):

  • Byte 0 (DeviceCode): Device code of the command to tunnel.
  • Byte 1 (CommandCode): Command code of the command to tunnel.
  • Byte 2-3 (ParamLen): Length of the parameter block of the command to tunnel.

    Unlike standard BRP frames, this parameter is MSB encoded.
  • Byte 4-x (Param): Parameter block of the command to tunnel.
  • Byte x-n (PadByteAndMac): Depending on the Authorization Mode flags, these Bytes are either zero-padding bytes (always 0) or a MAC.

Returned values (response frame)

Name Type/Size Description
TunnelledResp Raw data (until end of frame)

Encrypted/MACed response of command. This variable has the following data structure (before encryption):

  • Byte 0 (StatusCode): The status code of the command which was tunnelled.
  • Byte 1-2 (RespLen): The length of the response block of the command which was tunnelled

    Unlike standard BRP frames, this parameter is MSB encoded.
  • Byte 3-x (Resp): Response block of the command which was tunnelled.
  • Byte x-n (PadByteAndMac): Depending on the Authorization Mode flags, these Bytes are either zero-padding bytes (always 0) or a MAC.