# Diag Authentication Service - [API reference](https://docs.qualcomm.com/doc/80-41102-2/topic/_doxygen_rst_file__doxygen_sources_taf_diagAuth_interface_h.html#file-taf-diagauth-interface-h) The diag Authentication service APIs are part of the diagnostic service. The Authentication(0x29) service is used to secure applicable diagnostic sessions/functions/services. The client request message contains the necessary parameters to reference the communication configuration, certificate, and/or challenge. ## IPC interfaces binding The functions of this API are provided by the **tafDiagSvc** platform service. The following example illustrates how to bind to the diag Authentication service. bindings: { clientExe.clientComponent.taf_diagAuth -> tafDiagSvc.taf_diagAuth } Copy to clipboard ## Server-service APIs Get a diag Authentication service reference using [taf\_diagAuth\_GetService()](https://docs.qualcomm.com/doc/80-41102-2/topic/function_a00338_1ad77bfb0cbec06d0ff0d1c7cddd631b04.html#Documentationa00338_1ad77bfb0cbec06d0ff0d1c7cddd631b04). Use the returned reference for subsequent operations. The following example illustrates how to set up a diag Authentication server-service-instance. taf_diagAuth_ServiceRef_t svcRef; // Service reference // Get the service reference. svcRef = taf_diagAuth_GetService(); LE_ASSERT(svcRef != NULL); Copy to clipboard ## Set/get VLAN ID After getting a service reference, an application can set the VLAN ID to the service to filter Authentication requests using [taf\_diagAuth\_SetVlanId()](https://docs.qualcomm.com/doc/80-41102-2/topic/function_a00338_1a4fd41be95375d757e6a9d083ebc0e30e.html#Documentationa00338_1a4fd41be95375d757e6a9d083ebc0e30e). It shall be called before registering the handler for the Authentication(0x29) request message. An application can get the VLAN ID of the request message using [taf\_diagAuth\_GetVlanIdFromMsg()](https://docs.qualcomm.com/doc/80-41102-2/topic/function_a00338_1a8cc0ea31ea915995a1442edaa8abd24c.html#Documentationa00338_1a8cc0ea31ea915995a1442edaa8abd24c). - [taf\_diagAuth\_SetVlanId()](https://docs.qualcomm.com/doc/80-41102-2/topic/function_a00338_1a4fd41be95375d757e6a9d083ebc0e30e.html#Documentationa00338_1a4fd41be95375d757e6a9d083ebc0e30e) — Sets the VLAN ID. - [taf\_diagAuth\_GetVlanIdFromMsg()](https://docs.qualcomm.com/doc/80-41102-2/topic/function_a00338_1a8cc0ea31ea915995a1442edaa8abd24c.html#Documentationa00338_1a8cc0ea31ea915995a1442edaa8abd24c) — Gets the VLAN ID of the request message. ## Authentication(0x29) service After getting the service reference, an application can call [taf\_diagAuth\_AddRxMsgHandler()](https://docs.qualcomm.com/doc/80-41102-2/topic/function_a00338_1a54ef98331c96e17e75f2be87ebc3de08.html#Documentationa00338_1a54ef98331c96e17e75f2be87ebc3de08) to register a message handler for Authentication(0x29) service. Once an Authentication service request message is received, the handler will be called with the message reference, authTaskType passed as input parameters. le_result_t result; // Rx message handler function. void RxAuthEventHandler ( taf_diagAuth_RxMsgRef_t rxMsgRef, taf_diagAuth_Type_t authTaskType, void* contextPtr ) { // Process after succesfully receiving message } // Register the message handler. taf_diagAuth_RxMsgHandlerRef_t handlerRef = taf_diagAuth_AddRxMsgHandler(svcRef, (taf_diagAuth_RxMsgHandlerFunc_t)RxAuthEventHandler, NULL); LE_ASSERT(handlerRef != NULL); // To get the conmunication configuration. uint8_t commConf; result = taf_diagAuth_GetCommConf(rxMsgRef, &commConf); if (result != LE_OK) { LE_ERROR("Fail to get communication configuration."); return result; } // To get the certificate size. uint16_t certSize; result = taf_diagAuth_GetCertSize(rxMsgRef, &certSize); if (result != LE_OK) { LE_ERROR("Fail to get certificate size."); return result; } // To get the certificate. uint8_t *certPtr = (uint8_t*)malloc(certSize); LE_ASSERT(certPtr != NULL); result = taf_diagAuth_GetCert(rxMsgRef, certPtr, &certSize); if (result != LE_OK) { LE_ERROR("Fail to get certificate."); return result; } // To get the challenge size. uint16_t challengeSize; result = taf_diagAuth_GetChallengeSize(rxMsgRef, &challengeSize); if (result != LE_OK) { LE_ERROR("Fail to get certificate."); return result; } // To get the challenge. uint8_t *challengePtr = (uint8_t*)malloc(challengeSize); LE_ASSERT(challengePtr != NULL); result = taf_diagAuth_GetChallenge(rxMsgRef, challengePtr, &challengeSize); if (result != LE_OK) { LE_ERROR("Fail to get challenge."); return result; } // To get the proof of ownership size. uint16_t POWNSize; result = taf_diagAuth_GetPOWNSize(rxMsgRef, &POWNSize); if (result != LE_OK) { LE_ERROR("Fail to get challenge."); return result; } // To get the proof of ownership. uint8_t *POWNPtr = (uint8_t*)malloc(POWNSize); LE_ASSERT(POWNPtr != NULL); result = taf_diagAuth_GetPOWN(rxMsgRef, POWNPtr, &POWNSize); if (result != LE_OK) { LE_ERROR("Fail to get POWN."); return result; } // To get the ephemeral public key size. uint16_t keyize; result = taf_diagAuth_GetPublicKeySize(rxMsgRef, &keyize); if (result != LE_OK) { LE_ERROR("Fail to get public key size."); return result; } // To get the ephemeral public key. uint8_t *keyPtr = (uint8_t*)malloc(keyize); LE_ASSERT(keyPtr != NULL); result = taf_diagAuth_GetPublicKey(rxMsgRef, keyPtr, &keyize); if (result != LE_OK) { LE_ERROR("Fail to get public key."); return result; } // To set the role. result = taf_diagAuth_SetRole(rxMsgRef, roleId); if (result != LE_OK) { LE_ERROR("Fail to set role id."); return result; } // To get the certicicate evaluation id. uint16_t evalId; result = taf_diagAuth_GetCertEvalId(rxMsgRef, &evalId); if (result != LE_OK) { LE_ERROR("Fail to get evaluation id."); return result; } // To set the challenge for the response message. result = taf_diagAuth_SetChallenge(rxMsgRef, challengePtr, challengeSize); if (result != LE_OK) { LE_ERROR("Fail to set challenge."); return result; } // To set the ephemeral public key for the response message. result = taf_diagAuth_SetPublicKey(rxMsgRef, publicKeyPtr, publicKeySize); if (result != LE_OK) { LE_ERROR("Fail to set public key."); return result; } // To set the session key information for the response message. result = taf_diagAuth_SetSessKeyInfo(rxMsgRef, sessKeyInfoPtr, sessKeyInfoSize); if (result != LE_OK) { LE_ERROR("Fail to set session key info."); return result; } // To send Authentication response. le_result_t result = taf_diagAuth_SendResp(rxMsgRef, TAF_DIAGAUTH_NO_ERROR, TAF_DIAGAUTH_REQUEST_ACCEPTED); if (result != LE_OK) { LE_ERROR("Fail to send response."); return result; } // To remove the handler function, when it is not needed. taf_diagAuth_RemoveRxMsgHandler(handlerRef); Copy to clipboard An application can remove the Authentication server service by calling [taf\_diagAuth\_RemoveSvc()](https://docs.qualcomm.com/doc/80-41102-2/topic/function_a00338_1a1ea051abb01b4e7b6db57e792e499384.html#Documentationa00338_1a1ea051abb01b4e7b6db57e792e499384). le_result_t result = taf_diagAuth_RemoveSvc(svcRef); LE_ASSERT(result == LE_OK); Copy to clipboard Last Published: Jun 09, 2026 [Previous Topic Diag Service](https://docs.qualcomm.com/bundle/publicresource/80-41102-2/topics/page_c_tafDiag.md) [Next Topic Diag Data ID Service](https://docs.qualcomm.com/bundle/publicresource/80-41102-2/topics/page_c_tafDiagDataID.md)