ATAES132-SH-ER Atmel, ATAES132-SH-ER Datasheet - Page 37

no-image

ATAES132-SH-ER

Manufacturer Part Number
ATAES132-SH-ER
Description
EEPROM AES 32Kbit EE I2C
Manufacturer
Atmel
Datasheet

Specifications of ATAES132-SH-ER

Rohs
yes
Maximum Clock Frequency
1 MHz
Operating Supply Voltage
6 V
Maximum Operating Temperature
- 40 C to + 85 C
Mounting Style
SMD/SMT
Package / Case
SOIC-8
Interface Type
I2C
Factory Pack Quantity
2300
7.8.
7.8.1.
Decrypt Command
The decrypt command accepts 16 or 32 bytes of ciphertext, decrypts the data, verifies the MAC, and returns the decrypted
data if the MAC matches. If the MAC does not match, then an error code is returned.
The decrypt command has two operating modes, normal decryption mode and the client decryption mode. The client
decryption mode can decrypt packets which were encrypted by an ATAES132 device. The normal decryption mode decrypts
packets generated by a cryptographic host. It cannot decrypt packets encrypted by the ATAES132.
A valid nonce is required to run the decrypt command. If KeyConfig[DKeyID].RandomNonce bit is 1b, then the nonce must be
random.
Client Decryption Mode
In the client decryption mode, the decrypt command can be used to decrypt packets encrypted by the ATAES132 (either
another device, or by the same device at a later time), using the encrypt command (see Section 7.10). All of the following
requirements must be satisfied:
If these conditions are satisfied, then packets encrypted on the encrypt device can be decrypted on the decrypt device. If a
single ATAES132 will be used to encrypt packets for later decryption, then the same key value must be stored in two
appropriately configured key registers to allow all of the requirements above to be satisfied.
4.
5.
6.
7.
8.
9.
10.
11.
If the DKeyID is VolatileKey: (See Section 4.3)
If the DKeyID is not the VolatileKey, then:
If the KeyConfig[DKeyID].AuthKey bit is 1b, then:
The device performing the encrypt operation (the encrypt device) and the device performing the decrypt operation
The KeyID of the key used by the encrypt device (called EKeyID) must be known. EKeyID is passed to the decrypt
The nonce used by the encrypt device must be known. The nonce is passed to the decrypt device using the nonce
The lower byte of the count (Encrypt Param2) used by the encrypt device must identical to the value used in the
The MacCount of the encrypt device (called EMacCount) must be known. EMacCount is passed to the decrypt
The encrypt/decrypt command mode bits on both devices must be identical. Mode bit 5 must be 0b. Mode bit 6
The decrypt device KeyConfig[DKeyID] must have ExternalCrypto = 1b, and RandomNonce = 0b for the KeyID used
The encrypt device KeyConfig[EKeyID] must have ExternalCrypto = 1b, and RandomNonce = 1b for the KeyID used
(the decrypt device) must contain identical keys
device in the upper byte of decrypt Param1 for use in the MAC calculation.
command with mode bit 0 = 0b (See Section 7.20), or is synchronized with the encrypt device using the procedure in
Section 7.21.1.
lower byte of decrypt Param2 by the decrypt device. [This is used in the MAC calculation].
device in the upper byte of decrypt Param2 for use in the data decryption operation.
must be 0b unless a single device is performing both the encrypt and the decrypt operations. Mode bit 7 can be 1b if
the first four bytes of SmallZone are identical on both the encrypt and the encrypt devices.
for decryption if the nonce is passed using the nonce command with mode bit 0 = 0b.
for encryption (the EKeyID).
The VolUsage.DecryptOK must be 1b when the VolatileKey was loaded
The KeyConfig[DKeyID].ExternalCrypto bit must be 1b
Prior authentication must be performed using the KeyID stored in KeyConfig[DKeyID].LinkPointer
Atmel ATAES132 Preliminary Datasheet
8760A−CRYPTO−5/11
37

Related parts for ATAES132-SH-ER