AN156
21 of 23
Answering a Random Challenge with a DS1963S User Token Figure 40
After retrieving the MAC (Message Authentication Code) from the user token, it is now the job of the
coprocessor to verify it. To verify the response, the user token’s unique secret is recreated in the
workspace secret of the coprocessor and the raw account data is signed with this workspace secret.
Validating the Authentication Response Figure 41
int acctAddr = user.accountPageNumber<<5; //physical address of account file
uchar scratchpad[32];
memcpy(&scratchpad[20], chlg, 3);
/* Write the challenge to the scratchpad of the user token */
EraseScratchpadSHA18(user.portnum, acctAddr, FALSE);
WriteScratchpadSHA18(user.portnum, acctAddr, scratchpad, 32, TRUE);
/* perform authenticated read to get the page data and the resulting MAC */
user.writeCycleCounter =
ReadAuthPageSHA18(user.portnum,
user.accountPageNumber,
user.accountFile.raw,
user.res
ponseMAC, TRUE);
int wcc = user.writeCycleCounter;
/* Bind DS1963S user token’s unique secret to coprocessor */
uchar fullBindCode[15];
/* Get the 7-byte binding code
memcpy(fullBindCode, copr.bindCode, 4);
memcpy(&fullBindCode[12], &copr.bindCode[4], 3);
/* get the page number of the account file and 7 bytes of the ROM ID */
fullBindCode[4] = user.accountPageNumber;
memcpy(&fullBindCode[5], user.devAN, 7);
/* recreate user token’s unique secret in workspace secret*/
BindSecretToiButton18(copr.authPageNumber, copr.bindData, fullBindCode,
copr.wspcPageNumber);
/* the scratchpad of the coprocessor now needs the user’s ROM ID and page number,
* In addition to the challenge bytes used and the write-cycle counter. */
memcpy(&scratchpad[12], fullBindCode[4], 8);
memcpy(&scratchpad[20], chlg, 3);
scratchpad[8] = (wcc&0x0ff);
scratchpad[9] = ((wcc>>=8)&0x0ff);
scratchpad[10] = ((wcc>>=8)&0x0ff);
scratchpad[11] = ((wcc>>=8)&0x0ff);
/* write to the coprocessor and validate */
int wspcAddr = copr.wspcPageNumber<<5; //physical address of wspc page
WriteDataPageSHA18(copr.portnum, copr.wspcPageNumber, user.accountFile.raw, FALSE);
WriteScratchpadSHA18(copr.portnum, wspcAddr, scratchpad, 32, TRUE);
SHAFunction18(copr.portnum, SHA_VALIDATE_DATA_PAGE, wspcAddr, TRUE);
if( MatchScratchpadSHA18(copr.portnum, user.responseMAC, TRUE) )
printf(“DS1963S Authentication Successful!”);