ATAES132-SH-ER Atmel, ATAES132-SH-ER Datasheet - Page 37

ATAES132-SH-ER

Manufacturer Part Number

ATAES132-SH-ER

Description

EEPROM AES 32Kbit EE I2C

Manufacturer

Atmel

Datasheet

1.ATAES132-SH-EQ.pdf (166 pages)

Specifications of ATAES132-SH-ER

Rohs

yes

Maximum Clock Frequency

1 MHz

Operating Supply Voltage

6 V

Maximum Operating Temperature

- 40 C to + 85 C

Mounting Style

SMD/SMT

Package / Case

SOIC-8

Interface Type

I2C

Factory Pack Quantity

2300

Current page: 37 of 166
Download datasheet (2Mb)

7.8.

7.8.1.

Decrypt Command

The decrypt command accepts 16 or 32 bytes of ciphertext, decrypts the data, verifies the MAC, and returns the decrypted

data if the MAC matches. If the MAC does not match, then an error code is returned.

The decrypt command has two operating modes, normal decryption mode and the client decryption mode. The client

decryption mode can decrypt packets which were encrypted by an ATAES132 device. The normal decryption mode decrypts

packets generated by a cryptographic host. It cannot decrypt packets encrypted by the ATAES132.

A valid nonce is required to run the decrypt command. If KeyConfig[DKeyID].RandomNonce bit is 1b, then the nonce must be

random.

Client Decryption Mode

In the client decryption mode, the decrypt command can be used to decrypt packets encrypted by the ATAES132 (either

another device, or by the same device at a later time), using the encrypt command (see Section 7.10). All of the following

requirements must be satisfied:

If these conditions are satisfied, then packets encrypted on the encrypt device can be decrypted on the decrypt device. If a

single ATAES132 will be used to encrypt packets for later decryption, then the same key value must be stored in two

appropriately configured key registers to allow all of the requirements above to be satisfied.

10.

11.

If the DKeyID is VolatileKey: (See Section 4.3)

If the DKeyID is not the VolatileKey, then:

If the KeyConfig[DKeyID].AuthKey bit is 1b, then:

The device performing the encrypt operation (the encrypt device) and the device performing the decrypt operation

The KeyID of the key used by the encrypt device (called EKeyID) must be known. EKeyID is passed to the decrypt

The nonce used by the encrypt device must be known. The nonce is passed to the decrypt device using the nonce

The lower byte of the count (Encrypt Param2) used by the encrypt device must identical to the value used in the

The MacCount of the encrypt device (called EMacCount) must be known. EMacCount is passed to the decrypt

The encrypt/decrypt command mode bits on both devices must be identical. Mode bit 5 must be 0b. Mode bit 6

The decrypt device KeyConfig[DKeyID] must have ExternalCrypto = 1b, and RandomNonce = 0b for the KeyID used

The encrypt device KeyConfig[EKeyID] must have ExternalCrypto = 1b, and RandomNonce = 1b for the KeyID used

(the decrypt device) must contain identical keys

device in the upper byte of decrypt Param1 for use in the MAC calculation.

command with mode bit 0 = 0b (See Section 7.20), or is synchronized with the encrypt device using the procedure in

Section 7.21.1.

lower byte of decrypt Param2 by the decrypt device. [This is used in the MAC calculation].

device in the upper byte of decrypt Param2 for use in the data decryption operation.

must be 0b unless a single device is performing both the encrypt and the decrypt operations. Mode bit 7 can be 1b if

the first four bytes of SmallZone are identical on both the encrypt and the encrypt devices.

for decryption if the nonce is passed using the nonce command with mode bit 0 = 0b.

for encryption (the EKeyID).

The VolUsage.DecryptOK must be 1b when the VolatileKey was loaded

The KeyConfig[DKeyID].ExternalCrypto bit must be 1b

Prior authentication must be performed using the KeyID stored in KeyConfig[DKeyID].LinkPointer

Atmel ATAES132 Preliminary Datasheet

8760A−CRYPTO−5/11

ATAES132-SH-ER Atmel, ATAES132-SH-ER Datasheet - Page 37

ATAES132-SH-ER

Specifications of ATAES132-SH-ER

Related parts for ATAES132-SH-ER