AT88SA10HS-TSU-T Datasheet AT88SA10HS-TSU-T, AT88SA10HS-SH-T, AT88SA10HS-TH-T | P13-P15

Atmel AT88SA10HS [DATASHEET] 13

8595H−CRYPTO−9/2012

6.1 HOST0

Concatenates the key stored in AT88SA10HS with an input 256-bit challenge and generates the digest of this message. The

result is left in internal memory and cannot be read. In general, the challenge should be a random number generated by the

host system, which will be sent to both the host (AT88SA10HS) and client (AT88SA100S or AT88SA102S).

Table 6-1. Input Parameters

Name Size Notes

Opcode

HOST0 1 0x08

Param1

Overwrite 1 If non-zero, overwrite part of internally generated key with secret fuses.

Param2

KeyID 2 The internal key to be used to generate the digest.

Data

Challenge 32 Challenge to be sent to the client AT88SA100S or AT88SA102S.

Table 6-2. Output Parameters

Name

Size

Notes

Success 1 Upon successful completion of HOST0, a value of zero will be returned by AT88SA10HS.

The 512-bit message block that will be hashed with the SHA-256 algorithm will consist of:

256-bits key[KeyID]

256-bits challenge

If the overwrite parameter is 0, then the 512-bit message block that will be hashed using the SHA-256 algorithm will consist of:

256-bits key[KeyID]

256-bits challenge

If the overwrite parameter has a value of 0x01, then the 512-bit message block that will be hashed using the SHA-256

algorithm will consist of:

192-bits key[KeyID]

64-bits Fuse[0-63]

256-bits challenge

All other values of the overwrite parameter are not recommended for use.

Atmel AT88SA10HS [DATASHEET] 14

8595H−CRYPTO−9/2012

6.2 HOST1

Completes the two block SHA-256 digest started by HOST0 and leaves the resulting digest within the internal memory of the

AT88SA10HS. This command returns an error if HOST0 has not been successfully run previously within this Wake cycle.

As a security precaution, this command does not return the digest. A subsequent command is required to compare the

response generated by the client with the one generated by the host.

Table 6-3. Input Parameters

Name Size Notes

Opcode

HOST1 1 0x40

Param1

Mode 1 Controls composition of message, see below for details.

Param2

Zero 2 Must be 0x0000.

Data

OtherInfo 13 Input portion of message to be digested.

Table 6-4. Output Parameters

Name Size Notes

Success 1 Upon successful completion of HOST1, a value of zero will be returned by AT88SA10HS.

The contents of the second block to be digested are listed below.

Note: To simplify this documentation; the bit addresses for OtherInfo are listed in the table below

Size

Source

Notes

32-bits OtherInfo[0-31] Opcode, param1 and param2 values sent to AT88SA100S/AT88SA102S.

64-bits Fuse[0-63] If enabled by bit five of the input mode parameter and if Fuse[87] is burned, else forced to

zero.

24-bits OtherInfo[32-55] Status fuse values from ATSA100S/AT88SA102S, or zeros.

8-bits Fuse[88-95] Fuse MfrID, should match between AT88SA10HS and AT88SA100S/AT88SA102S.

32-bits OtherInfo[56-87] Fuse SN from AT88SA100S/AT88SA102S (Fuse[96-127]), or zeros.

16-bits ROM MfrID Should match between AT88SA10HS and AT88SA100S/AT88SA102S.

16-bits OtherInfo[88-103] ROM SN from AT88SA100S/AT88SA102S, or zeros.

These bits are followed by the necessary ‘1’ bit, ‘0’ padding and 64-bit length as specified in the SHA-256 specification.

6.2.1.1 Mode Encoding

Bit five of the mode is used to indicate whether or not the secret fuse bits are to be included in the calculation. The remaining

bits of the mode field are ignored by AT88SA10HS and should be zero.

Table 6-5. Mode Encoding

Bit[5] Fuse Block

0 No fuse values inserted.

1 Insert the values of Fuse[0-63] in the message.

If Fuse[87] has not been burned, then the values of Fuse[0-63] will be replaced by zeros in the above message generation

step as a security measure.

Atmel AT88SA10HS [DATASHEET] 15

8595H−CRYPTO−9/2012

6.3 HOST2

Compares the value previously generated by the AT88SA10HS using HOST0 and HOST1 with that on the input stream

coming from the client and returns status to indicate whether or not the two matched. This command returns an error if HOST1

has not been previously successfully run within this Wake cycle.

If the two digests do not match, the AT88SA10HS provides no information as to the source of the mismatch, which must be

deduced from the inputs to the three HOSTX commands. On a match failure, the entire set of HOST0, HOST1, and HOST2

commands must be re-executed – HOST2 cannot be repeatedly executed.

Table 6-6. Input Parameters

Name Size Notes

Opcode

HOST2 1 0x80

Param1

Zero1 1 Must be 0x00.

Param2

Zero2 2 Must be 0x0000.

Data

ClientResponse 32 Response from the client.

Table 6-7. Output Parameters

Name Size Notes

Success 1 If the input ClientResponse matches the internally generated response, a value of zero will be

returned by AT88SA10HS after a T

HOST

delay. If the two digests do not match, a value of 0x0F

will be returned after a T

HOST

delay

P1-P3 P4-P6 P7-P9 P10-P12 P13-P15 P16-P18 P19-P21 P22-P24

AT88SA10HS-TSU-T

Mfr. #:

Buy AT88SA10HS-TSU-T

Manufacturer:

Microchip Technology / Atmel

Description:

Security ICs / Authentication ICs Host Auth. IC CryptoAuth SHA-256

Lifecycle:

New from this manufacturer.

Delivery:

DHL FedEx Ups TNT EMS

Payment:

T/T Paypal Visa MoneyGram Western Union

AT88SA10HS-TSU-T

AT88SA10HS-TSU-T

Products related to this Datasheet