Manufacturer Part NumberATSHA204
DescriptionAtmel CryptoAuthentication
ManufacturerATMEL [ATMEL Corporation]
ATSHA204 datasheet
Page 1
Page 2
Page 3
Page 4
Page 5
Page 6
Page 7
Page 8
Page 9
Page 10
Page 1/65

Download datasheet (2Mb)Embed
Figure 1.
Pin Configurations
Pin Name
Serial Data
Serial Clock Input
Power Supply
Secure authentication and validation device
Integrated capability for both host and client operations
Superior SHA-256 hash algorithm, HMAC option
Best-in-class, 256-bit key length; storage for up to 16 keys
Guaranteed unique 72-bit serial number
Internal, high-quality Random Number Generator (RNG)
4.5-Kbit EEPROM for keys and data
512 OTP (One Time Programmable) bits for fixed information
Multiple I/O options
High-speed, single-wire interface
1MHz I
C interface
2.0V – 5.5V supply voltage range
1.8V – 5.5V communications
<150nA sleep current
Extended, multi-level hardware security
8-lead SOIC, 8-lead TSSOP, 3-lead SOT23, 8-pad UDFN, and
3-lead Contact packages
Anti-clone protection for accessories, daughter cards, and consumables
Secure boot validation, software anti-piracy
Network and computer access control
Key exchange for encrypted downloads
Authenticated/encrypted communications for control networks
3-lead Contact
8-lead SOIC
3-lead SOT23
Atmel ATSHA204
Atmel CryptoAuthentication
8-lead UDFN
8-lead TSSOP
Bottom View

ATSHA204 Summary of contents

  • Page 1

    ... Contact 8-lead SOIC SDA SCL 3 6 GND SDA 4 5 GND 2 3-lead SOT23 GND Atmel ATSHA204 Atmel CryptoAuthentication DATASHEET 8-lead UDFN 8-lead TSSOP SCL SCL GND SDA SDA ...

  • Page 2

    ... EEPROM, but these can be easily copied, and there is no way for the host to know if the serial number is authentic or a clone. The Atmel ATSHA204 can generate high-quality random numbers and employ them for any purpose, including as part of the crypto protocols of this device. Because each 256-bit random number is guaranteed to be unique from all numbers ever generated on this or any other device, their inclusion in the protocol calculation ensures that replay attacks (re-transmitting a ® ...

  • Page 3

    ... Due to the flexible command set of the ATSHA204, however, this basic operation can be expanded in many ways. Using the GenDig command (Section 8.5, “GenDig Command”) the values in other slots can be included in the response digest, which provides an effective way of proving that a data read really did come from the device, as opposed to being inserted by a man- in-the-middle attacker ...

  • Page 4

    ... Atmel ATSHA204 device is attached. Each slot may have different access restrictions based on the values stored in the configuration zone. Within this document the nomenclature slot[yy] indicates the 32-byte value stored in slot yy of the data zone. • ...

  • Page 5

    ... See the SlotConfig (Bytes 20 – 51) section below for more details. Write Read Never Always Never Always Never Always Never Always Never Always Never Always If config Always unlocked If config Always unlocked If config Always unlocked If config Always unlocked If config Always unlocked Atmel ATSHA204 [DATASHEET] 8740D−CRYPTO−3/12 5 ...

  • Page 6

    ... See Sections 2.1.2 and 8.7 for more details. Write Read If config Always unlocked If config Always unlocked If config Always unlocked Via Always update extra cmd only Via Always update extra cmd only Via lock Always command only Via lock Always command only Atmel ATSHA204 [DATASHEET] 8740D−CRYPTO−3/12 6 ...

  • Page 7

    ... SlotConfig (Bytes 20 – 51) The 16 SlotConfig elements are used to configure the access protections for each of the 16 slots within the ATSHA204. Each configuration element consists of 16 bits, which control the usage and access for that particular slot/key. The SlotConfig field is interpreted according to the following table when the data zone is locked. When the data zone is unlocked, these restrictions do not apply — ...

  • Page 8

    ... Authorizing MAC required for DeriveKey command (Roll). Parent DeriveKey command can be run without authorizing MAC (Create). Parent Authorizing MAC required for DeriveKey command (Create). – Slots with this value in the WriteConfig field may not be used as the target of the DeriveKey command. Atmel ATSHA204 [DATASHEET] 8 8740D−CRYPTO−3/12 ...

  • Page 9

    ... MAC is computed using the old (current) key value. Special Memory Values in the Config Zone (Bytes 0 – 12) Various fixed information is included in the ATSHA204 that can never be written under any circumstances and can always be read, regardless of the state of the lock bits. ...

  • Page 10

    ... OTP zone are prohibited. See Section 9 or more of the Atmel ATSA102S compatibility details. All OTP zone bits have a value of one on shipment from the Atmel factory. Read Access Write Access Read Write Read <never> Read Access Write Access <never> Write Read Write** Atmel ATSHA204 [DATASHEET] 8740D−CRYPTO−3/12 10 ...

  • Page 11

    ... If 1, the contents of TempKey were generated by the GenDig command and at least one of the keys used in that generation is restricted to the CheckMac command (SlotConfig.CheckOnly is 1). Otherwise, this bit will The information in TempKey is invalid The information in TempKey is valid. Atmel ATSHA204 [DATASHEET] 8740D−CRYPTO−3/12 11 ...

  • Page 12

    ... Key Values All keys within the CryptoAuthentication family are 256 bits long. The ATSHA204 uses these keys as part of the messages hashed with the MAC, CheckMac, HMAC, and GenDig commands. Any slot in the data zone of the EEPROM can be used to store a key, though the value will be secret only if the read and write permissions are properly set within SlotConfig (including the IsSecret bit) ...

  • Page 13

    ... Rolled Keys In order to prevent repeated use of the same key value, the ATSHA204 supports key rolling. Normally, after a certain number of uses (perhaps as few as one), the current key value is replaced with the SHA-256 digest of its current value combined with some offset, which may either be a constant, something related to the current system (for example, a serial number or model number random number ...

  • Page 14

    ... The SingleUse bit is ignored by the Read and Write commands, and lastKeyUse does not change as a result of their execution. The SingleUse bit is ignored by the copy function of the CheckMac command. The SingleUse bit is honored for the parent key in the DeriveKey command, but is ignored for the target key. Atmel ATSHA204 [DATASHEET] 8740D−CRYPTO−3/12 14 ...

  • Page 15

    ... Typically, the expected password has to be stored somewhere in memory and is, therefore, subject to discovery. The ATSHA204 can securely store the expected password and perform a number of useful operations on it. The password is never passed in the clear to the device, nor can it be read from the device hashed with a random number in the system software before being passed to the device ...

  • Page 16

    ... SHA message. To prevent replay attacks on encrypted data that is passed to or from the ATSHA204, the device requires that a new, internally generated nonce be included as part of the encryption sequence used to protect the data being written or read. To implement this requirement, the data protection key generated by GenDig and used by the Read or Write command must use the internal random number generator during the creation of the Nonce ...

  • Page 17

    ... Because this may affect the security of the system, it should be used with caution. See Section 8.9 and Section 8.11 for more information about how the EEPROM seed update is controlled. 4. General I/O Information Communications with the ATSHA204 are achieved through one of two different protocols, and selected using the part number that is ordered: • Single-wire Interface This mode uses a single GPIO connection on the system microprocessor connected to SDA on the device ...

  • Page 18

    ... The UpdateExtra command will always return an error code. 5. Single-wire Interface In this mode, communications to and from the ATSHA204 take place over SDA, a single, asynchronously timed wire, and the SCL pin is ignored. Note: The sleep current specification values are guaranteed only if the SCL pin is held low or left unconnected. ...

  • Page 19

    ... Transmit Flag The transmit flag is used to turn the bus around so that the ATSHA204 can send data back to the system. The bytes that the device returns to the system depend on the current state of the device, and may include either status, error code, or command results ...

  • Page 20

    ... I/O Timeout After a leading transition for any data token has been received, the ATSHA204 will expect the remaining bits of the token to be properly received by the device within the t (a low pulse exceeding t ) will cause the device to enter the sleep state after the t ZLO The same timeout applies during the transmission of the command block ...

  • Page 21

    ... The bus master may be either open–drain or totem pole, and if the latter, then it should be tri-stated when the ATSHA204 is driving results on the bus. The SCL pin is an input, and must be driven both high and low at all times by an external device 6 ...

  • Page 22

    ... S Start Condition Multiple ATSHA204 devices can easily share the same I for each device on the bus. Because six of the bits of the device address are programmable, the ATSHA204 can also share 2 2 the I C interface with any standard I C device, including any serial EEPROM. Bit 3 (also known as TTL Enable) must be programmed according the input thresholds desired, and is fixed in a particular application ...

  • Page 23

    ... The system must send a stop condition after the last command byte to ensure that the ATSHA204 will start the computation of the command. Failure to send a stop condition may eventually result in a loss of synchronization (See Section 6.7 for recovery procedures) ...

  • Page 24

    ... Sleep Sequence Upon completion of system use of the ATSHA204, the system should issue a sleep sequence to put the device into low-power mode. This sequence consists of the proper device address followed by the value of 0x01 as the word address followed by a stop condition. This transition to the low-power state causes a complete reset of the device internal command engine and input/output buffer ...

  • Page 25

    ... If the ATSHA204 is busy, idle, or asleep, it will NACK the device address on a read sequence partial command has been sent to the device, then it will NACK the device address, but float the bus during the data intervals. ...

  • Page 26

    ... I C Synchronization It is possible for the system to lose synchronization with the I/O port on the ATSHA204, perhaps due a system reset, I/O noise, or other condition. Under this circumstance, the ATSHA204 may not respond as expected, may be asleep, or may be transmitting data during an interval when the system is expecting to send data. Any command results in the I/O buffer may be lost when the system and device lose synchronization ...

  • Page 27

    ... Pulses shorter than this in width will be ignored by the device when in sleep mode. Pulses shorter than this in width will be ignored by the device when in sleep mode. Max. time from wake until device is forced into sleep mode (See Section 8.1.6). Atmel ATSHA204 [DATASHEET] 8740D−CRYPTO−3/12 27 ...

  • Page 28

    ... After the Atmel ATSHA204 transmits the last bit of a block, the system must wait this interval before sending the first bit of a flag. ms The Atmel ATSHA204 may transition to the sleep state if the bus is inactive longer than this duration. See Section 5.3.1 for specific details. ...

  • Page 29

    ... SU.DAT +2.0V to +5.5V TTL gate and 100pF CC Min Max 400 400 250 250 250 100 0 300 100 50 550 50 (1) 500 +2.0V to +5.0V) Atmel ATSHA204 [DATASHEET] 8740D−CRYPTO−3/12 t SU.STO t BUF Units MHz percent ...

  • Page 30

    ... When device is in sleep mode 0.4 V When device is in active mode When device is in active mode 0.4V OL 4.0 5.0 VCC = 3. 5. 3.3V, CC < 0.3V or > > V -0.3 SCL CC ≤ 3.6V, CC ≤ 55°C < 0.3V or > V -0.3, T SCL 2.5 – 5. 2.5 – 5.5V, CC level as follows: CC VIH VIL 6.0 Atmel ATSHA204 [DATASHEET] 8740D−CRYPTO−3/12 30 ...

  • Page 31

    ... If the voltage supplied to the V pin of the ATSHA204 is different from the system voltage to which the input pull-up resistor is CC connected, then the system designer may chose to set TTLenable to zero, which enables a fixed input threshold according to the following table. Table 7-6. V and V (Device Active, TTLenable = 0) – All I/O Interfaces ...

  • Page 32

    ... CRC. The ATSHA204 is designed in such a way that the count value in the input block should be consistent with the size requirements specified in the command parameters. If the count value is inconsistent with the command opcode and/or parameters within the packet, the ATSHA204 will respond in different ways, depending on the specific command ...

  • Page 33

    ... Changes in the device state or the value of the command bits must be made before it is re-attempted. Indication that the ATSHA204 has received a proper wake token. Command was not properly received by the ATSHA204, and should be re-transmitted by the I/O driver in the system. No attempt was made to parse or execute the command. ...

  • Page 34

    ... In most but not all cases, failing commands will return relatively quickly, often well before the typical execution time. Typ. Exec. Max. Exec Time , ms Time Atmel ATSHA204 [DATASHEET] 8740D−CRYPTO−3/ ...

  • Page 35

    ... The Read and Write commands include a single address in Param2 that indicates the memory to be accessed. All Reads and Writes are in units of four bytes (one word). The most-significant byte of a legal ATSHA204 address is always zero. All unused address bits should always be set to zero. The least-significant bits in the address describe the offset to the first word to be accessed within the block/slot, while the upper bits specify the block/slot number per the table below: Table 8-5 ...

  • Page 36

    ... Watchdog Failsafe A watchdog counter starts within the device after the ATSHA204 receives a wake token. After t sleep mode, regardless of whether some I/O transmission or command execution is in progress. There is no way to reset the counter other than to put the device into sleep or idle mode and then wake it up again. ...

  • Page 37

    ... MUST still appear in the input stream). Response generated by the client. Remaining constant data needed for response calculation. Notes Returns a single byte with a value of zero if ClientResp matches the internally computed digest, one if there is a mismatch. Atmel ATSHA204 [DATASHEET] 8740D−CRYPTO−3/12 37 ...

  • Page 38

    ... Bit 2: The value of this bit must match the value in TempKey.SourceFlag or the command will return an error. Bits 0:1, 3:7: Must be zero. 2 Key slot to be written Optional MAC used to validate operation. Notes Upon successful completion, the ATSHA204 returns a value of zero. Atmel ATSHA204 [DATASHEET] 8740D−CRYPTO−3/12 38 ...

  • Page 39

    ... Zeros 32 bytes TempKey.value The data flow for this command is shown graphically in the figure below: Figure 8-1. Data Flow for DeriveKey Command Parent Key SHA (AUTH) Input MAC Match Target Key Mode Source Nonce Key SHA (Derive) Atmel ATSHA204 [DATASHEET] 39 8740D−CRYPTO−3/12 ...

  • Page 40

    ... Table 8-13. Input Parameters Name Opcode DEVREV Param1 Mode Param2 - Data - Table 8-14. Output Parameters Name Success Size Notes 1 0x30 1 Must be zero. 2 Must be zero Size Notes 4 The current device revision number. Atmel ATSHA204 [DATASHEET] 8740D−CRYPTO−3/12 40 ...

  • Page 41

    ... All other values are reserved and must not be used. Identification number of the key to be used, or selection of which OTP block. 4 bytes of data for SHA calculation when using a CheckOnly key; otherwise ignored. Notes Upon successful execution, the Atmel ATSHA204 returns a value of zero. Atmel ATSHA204 [DATASHEET] 8740D−CRYPTO−3/12 41 ...

  • Page 42

    ... OtherData 1 byte SN[8] 2 bytes SN[0:1] 25 bytes Zeros 32 bytes TempKey.value In all other cases, the message use to create TempKey is as follows: 32 bytes Config[KeyID] or OTP[KeyID] or Data.slot[KeyID] or TransportKey[KeyID] 1 byte Opcode 1 byte Param1 2 bytes Param2 1 byte SN[8] 2 bytes SN[0:1] 25 bytes Zeros 32 bytes TempKey.value Atmel ATSHA204 [DATASHEET] 8740D−CRYPTO−3/12 42 ...

  • Page 43

    ... Controls which fields within the device are used in the message. Which key used to generate the response. Bits 0:3 only are used to select a slot but all 16 bits are used in the HMAC message. - Notes HMAC digest Atmel ATSHA204 [DATASHEET] 8740D−CRYPTO−3/12 43 ...

  • Page 44

    ... Include the first 88 OTP bits (OTP[0] through OTP[10]) in the message. Otherwise, the corresponding message bits are set to zero. 3 Must be zero. 2 The value of this bit must match the value in TempKey.SourceFlag or the command will return an error. 0-1 Must be zero. Atmel ATSHA204 [DATASHEET] 8740D−CRYPTO−3/12 44 ...

  • Page 45

    ... Write either LockConfig or LockValue to 0xFF, thereby changing the permissions in the designated zone. This command fails if the designated zone is already locked. Prior to locking the device, the ATSHA204 uses the CRC-16 algorithm to generate a summary digest of the designated zone(s). The calculation is made identically to the CRC computed over the input and output blocks. ...

  • Page 46

    ... Controls which fields within the device are used in the message. Which internal key used to generate the response. Bits 0:3 only are used to select a slot but all 16 bits are used in the SHA-256 message. Input portion of message to be digested, ignored if Mode:0 is one. Notes SHA-256 digest Atmel ATSHA204 [DATASHEET] 8740D−CRYPTO−3/12 46 ...

  • Page 47

    ... If one, the first 32 bytes are filled with TempKey zero, the second 32 bytes of the SHA message are taken from the input Challenge parameter. If one, the second 32 bytes are filled with the value in TempKey. This mode is recommended for all use. Atmel ATSHA204 [DATASHEET] 8740D−CRYPTO−3/12 47 ...

  • Page 48

    ... Notes 1 0x16 1 Controls the mechanism of the internal random number generator and seed update. 2 Must be 0x0000. Input value from system. Size Notes The output of the random number generator or a single byte with a value of zero if Mode[0:1] is three. Atmel ATSHA204 [DATASHEET] 8740D−CRYPTO−3/12 48 ...

  • Page 49

    ... Recommended for highest security. 1: Combine new random number with NumIn, store in TempKey. Generate random number using existing EEPROM seed, do NOT update EEPROM seed. 2: Invalid 3: Operate in pass-through mode and write TempKey with NumIn. Atmel ATSHA204 [DATASHEET] 8740D−CRYPTO−3/12 49 ...

  • Page 50

    ... Pause Command All devices on the bus for which the configuration Selector byte does not match the input selector parameter will go into the idle state. This command is used to prevent bus conflicts in a system that includes multiple ATSHA204 devices sharing the same bus. ...

  • Page 51

    ... Recommended for highest security. 1: Generate random number using existing EEPROM seed; do not update EEPROM seed. Size Notes 1 0x1B 1 Controls the mechanism of the internal random number generator and seed update. 2 Must be 0x0000 0 - Notes 32 The output of the random number generator. Atmel ATSHA204 [DATASHEET] 8740D−CRYPTO−3/12 51 ...

  • Page 52

    ... Bits 2-6: Must be zero. Bit 7: If one, 32 bytes are read; otherwise four bytes are read. Must be zero if reading from OTP zone. Address of first word to be read within the zone. See Section 8.1.4. - Notes The contents of the specified memory location. Atmel ATSHA204 [DATASHEET] 8740D−CRYPTO−3/12 52 ...

  • Page 53

    ... All of the TempKey register bits must be properly set as follows, or this command returns an error: TempKey.Valid == 1 TempKey.GenData == 1 TempKey.KeyID == SlotConfig.ReadKey TempKey.SourceFlag == “Rand” XOR the data from the memory zone with TempKey. Return as “Contents.” Atmel ATSHA204 [DATASHEET] 8740D−CRYPTO−3/12 53 ...

  • Page 54

    ... If one, update config byte 85. Bits1-7: Must be zero 2 LSB: Value to optionally be written to location configuration zone. MSB: Must be 0x00 Notes 1 If the memory byte was updated, this command returns a value of 0x00 Otherwise, it returns an Execution error. Atmel ATSHA204 [DATASHEET] 8740D−CRYPTO−3/12 54 ...

  • Page 55

    ... Specifically, this means that TempKey.Valid and TempKey.GenDig must both be set to one. Prior to data locking, any key can be used to generate TempKey. After locking, the last slot used by GenDig for TempKey creation and stored in TempKey.KeyID must match that in SlotConfig.WriteKey and the random number generator must have been used to originally generate TempKey prior to GenDig. Atmel ATSHA204 [DATASHEET] 8740D−CRYPTO−3/12 55 ...

  • Page 56

    ... Information to be written to the zone; may be encrypted. Data_2 Mac Message authentication code to validate address and data. Ignored if zone is unlocked. Table 8-38. Output parameter Name Size Notes Success 1 Upon successful completion, the Atmel ATSHA204 returns a value of zero. locked. Atmel ATSHA204 [DATASHEET] 56 8740D−CRYPTO−3/12 ...

  • Page 57

    ... Compatibility The ATSHA204 is designed to be upwards compatible with the AT88SA102S for field operation. Most systems designed to use the AT88SA102S in client devices will work perfectly with the ATSHA204 in the client devices without any modification to the host system software or hardware. Host systems that utilize the AT88SA10HS host device will also interoperate properly with the ATSHA204 client device in place of a previously used AT88SA102S client ...

  • Page 58

    ... Wiring Configuration for Single-wire Interface Using the single-wire interface allows the connection of the ATSHA204 to a host using only a single pin (SDA) to transfer data in both directions. This interface does not use the SCL pin. In this configuration, no bypass capacitor is required to connect the device to the system. ...

  • Page 59

    ... JEDEC Drawing TO-236, Variation AB for additional information. Package Drawing Contact: e1 SYMBOL TITLE 3TS1, 3-lead, 1.30mm Body, Plastic Thin Shrink Small Outline Package (Shrink SOT) Atmel ATSHA204 [DATASHEET] COMMON DIMENSIONS (Unit of Measure = mm) MIN NOM MAX NOTE 0.89 - 1.12 0.01 - 0.10 0.88 - 1.02 2.80 2.90 3.04 1,2 2.10 - 2.64 1.20 1.30 1.40 1,2 0.54 REF 1 ...

  • Page 60

    ... Body, Plastic Thin Shrink Small Outline Package (TSSOP End View COMMON DIMENSIONS (Unit of Measure = mm) MIN NOM MAX NOTE SYMBOL 1.20 A1 0.05 - 0.15 A2 0.80 1.00 1.05 D 2.90 3.00 3. 6.40 BSC E1 4.30 4.40 4. 0.19 – 0. 0.65 BSC L 0.45 0.60 0.75 L1 1.00 REF C 0.09 - 0.20 GPC DRAWING NO. TNR 8X Atmel ATSHA204 [DATASHEET] 8740D−CRYPTO−3/12 6/22/11 REV ...

  • Page 61

    ... UDFN Atmel ATSHA204 [DATASHEET] 8740D−CRYPTO−3/12 61 ...

  • Page 62

    ... Wing Small Outline (JEDEC SOIC Ø END VIEW COMMON DIMENSIONS (Unit of Measure = mm) SYMBOL MIN NOM MAX NOTE A 1.35 – 1.75 A1 0.10 – 0.25 b 0.31 – 0.51 C 0.17 – 0.25 D 4.80 – 5.05 E1 3.81 – 3.99 E 5.79 – 6.20 e 1.27 BSC L 0.40 – 1.27 0° – 8° GPC DRAWING NO. SWB 8S1 Atmel ATSHA204 [DATASHEET] 8740D−CRYPTO−3/12 6/22/11 REV ...

  • Page 63

    ... Contact Atmel ATSHA204 [DATASHEET] 8740D−CRYPTO−3/12 63 ...

  • Page 64

    ... Edit/update Write Command section. Update template. Document update. Initial document release. pin on the SHA204 and any pull-up resistor on the SDA pin. CC Interface configuration Single-wire Single-wire Single-wire Single-wire Single-wire -0.5V and V +0.5V. The same power SS CC Atmel ATSHA204 [DATASHEET] 8740D−CRYPTO−3/12 64 ...

  • Page 65

    Atmel Corporation Atmel Asia Limited 2325 Orchard Parkway Unit 01-5 & 16, 19F San Jose, CA 95131 BEA Tower, Millennium City 5 USA 418 Kwun Tong Road Tel: (+1)(408) 441-0311 Kwun Tong, Kowloon Fax: (+1)(408) 487-2600 HONG KONG Tel: ...