AN156
15 of 23
The following blocks of code demonstrate the steps necessary for initializing the coprocessor. Each block
of code is well commented and the declarations, though not necessarily the initialization, of all variables
used are shown. The intent is that the code can be copied into a project and compiled after just a few
edits. This first block shows the declaration, but not the initialization, of the most important properties.
Necessary System Parameters for a SHA Application Figure 28
Although there are a few other parameters for a system that are stored in the service configuration file,
these are the most essential parameters. The name of the provider and the version number of the system,
for example, are not necessary for a minimal-functionality debit application.
/* The input data to be used for calculating the master authentication and signing
* secrets. The calculation involves splitting the secret into blocks of 47 bytes
* (32 bytes to the data page, 15 bytes to the scratchpad) and then performing the
* SHA command Compute First Secret, followed by Compute Next Secret for each 47
* byte block after the first. */
uchar inputAuthSecret[47], inputSignSecret[47]; // . . . initialize from user input
/* The coprocessor */
SHACopr copr;
copr.portnum = 0;
/* Name of the account file (and file extension) to create on user tokens */
memcpy(copr.serviceFilename, “DLSM”, 4);
copr.serviceFilename[4] = 102; // extension for money files
/* The page to use for the signing secret must be page 8, because secret 0 is the
* only secret that can be used for the SHA command Sign Data Page. For a list of
* SHA commands, and what pages they can be used on, see the DS1963S datasheet. */
copr.signPageNumber = 8;
/* The authentication secret can be on any page as long as it doesn’t collide with
* the file holding coprocessor configuration information and not secret 0 */
copr.authPageNumber = 7;
/* The workspace page is the page the coprocessor will use for recreating a user’s
* unique authentication secret and it’s authentication response. */
copr.wspcPageNumber = 9;
/* The binding information is used to create the “unique” secret for each button.
* bindData is written to the data page of the user token, and bindCode is written
* to the scratchpad. The result of a Compute Next Secret using the system
* authentication secret, the account page number, the rom ID of the user token, the
* bind data, and the bind code becomes the user’s unique authentication secret.
* This is used to initialize a user token and the coprocessor must use the same
* data to recreate the user token’s unique secret. */
copr.bindData = //32 bytes
copr.bindCode = //7 bytes
/* Initial signature to use when signing the certificate */
copr.initSignature = // 20 bytes of user input
/* Three byte challenge used when signing the certificate */
copr.signingChlg = // 3 bytes