ATAES132-SH-ER Atmel, ATAES132-SH-ER Datasheet - Page 108

ATAES132-SH-ER

Manufacturer Part Number

ATAES132-SH-ER

Description

EEPROM AES 32Kbit EE I2C

Manufacturer

Atmel

Datasheet

1.ATAES132-SH-EQ.pdf (166 pages)

Specifications of ATAES132-SH-ER

Rohs

yes

Maximum Clock Frequency

1 MHz

Operating Supply Voltage

6 V

Maximum Operating Temperature

- 40 C to + 85 C

Mounting Style

SMD/SMT

Package / Case

SOIC-8

Interface Type

I2C

Factory Pack Quantity

2300

Current page: 108 of 166
Download datasheet (2Mb)

I.5.

Data Decryption

The following example shows how the encrypted data and integrity MAC are calculated for a 128 bit data block write to the

device with up to 14 bytes of authenticate-only data. This operation involves five passes through the AES crypto engine, all

five using the same key. If there are more than 14 bytes of authenticate-only data and/or more than 128 bits of data being

written, then 1, 2 or 3 more passes through the AES crypto engine are required.

There are two passes through the AES crypto engine in CTR mode to create the key block that is used to decrypt the data and

the MAC. The inputs to the crypto engine for those blocks are labeled A0 and A1, and the outputs are A’0 and A’1

respectively. A’0 & A’1 are the blocks sent to the system as the output parameters of the EncRead and decrypt commands.

There are three passes through the AES crypto engine in CBC mode to create the expected MAC value. The inputs to the

crypto engine for those blocks are labeled B0, B1 and B2, and the outputs are B’0, B’1 and B’2 respectively.

This sequence is also used for the Decrypt and KeyLoad commands, in addition to EncWrite.

A0 is composed of the following 128 bits:

A’0 is XOR’d with the encrypted input MAC and stored in the internal SRAM as the MAC T

A1 is composed of the following 128 bits:

A’1 is XOR’d with the encrypted input data and stored in the internal SRAM as the message M

B0 is composed of the following 128 bits:

B1 is the XOR of B’0 with the following 128 bits:

B2 is the XOR of B’1 with the following 128 bits:

B’2 is the cleartext MAC. If this matches the stored T value, then the write to memory proceeds. If there is no match, the

device returns an error flag and does not modify memory.

1 byte flag, fixed value of b0000 0001

12 byte nonce, as generated by the nonce command

1 byte MacCount, 1 for first MAC generation

2 byte counter field – always 0x00 00 for A0

1 byte flag, fixed value of b0000 0001

12 byte nonce, as generated by ATAES132 during nonce command

1 byte MacCount, 1 for first MAC generation

2 byte counter field – always 0x00 01 for A1

1 byte flag, fixed value of b0111 1001

12 byte nonce, as generated by the nonce command

1 byte MacCount, 1 for first MAC generation

2 byte length field – max 0x00 20 if 256 bits of encrypted data, min 0x00 01 for one byte

2 byte length field, size of authenticate-only data

14 byte data to be authenticated only

16 bytes of cleartext message M

Atmel ATAES132 Preliminary Datasheet

8760A−CRYPTO−5/11

108

ATAES132-SH-ER Atmel, ATAES132-SH-ER Datasheet - Page 108

ATAES132-SH-ER

Specifications of ATAES132-SH-ER

Related parts for ATAES132-SH-ER