Manualshelf

Datasheet

ManualsBrandsMAXIM INTEGRATED ManualsIntegrated Circuits (ICs)4 kBit 256 x 16
11121314151617181920
AN156
20 of 23
the serial number of the user token, and the random challenge. The coprocessor is then used to reproduce
this SHA result, ensuring that the user token is a valid member of the system.
Authenticating User Token with SHADEBIT.C Module Figure 37
The process for verifying a user is the same for both signed and unsigned transactions. Naturally, this can
be broken down into simple steps using the SHAIB.C module. The code snippet presented in Figure 38
demonstrates the basic implementation of the user verification method in the protocol-layer module
(minus the error checking).
Authenticating User Token with SHAIB.C Module Figure 38
Figure 39 illustrates how to use the lowest-level module (SHA18.C) to produce a random challenge.
Using the Coprocessor to Generate a Random Challenge Figure 39
After performing the steps in Figure 39, the scratchpad buffer of the coprocessor now contains the 20-
byte result of a SHA calculation, starting at index 8. Since any three bytes are as good as any other three
for a challenge, it is safe to leave the result as it is in the scratchpad. Indices 20 to 22 of the coprocessor’s
scratchpad hold the challenge bytes that will be used for the Read Authenticated Page. Using these three
particular bytes makes it unnecessary to write the challenge back to the coprocessor later.
uchar scratchpad[32]; // temporary buffer
uchar chlg[3];
/* Use the coprocessor to generate the challenge, page number is irrelevant but a
* highly used page will generate a more random (less repeating) number */
EraseScratchpadSHA18(copr.portnum, 0, FALSE);
SHAFunction18(copr.portnum, SHA_COMPUTE_CHALLENGE, copr.signPageNumber<<5, TRUE);
ReadScratchpadSHA18(copr.portnum, 0, 0, scratchpad, TRUE);
/* copy the challenge bytes into challenge buffer */
memcpy(chlg, &scratchpad[20], 3);
uchar chlg[3]; // random challenge bytes
/* Use coprocessor to generate a random challenge */
CreateChallenge(copr, copr.signPageNumber, chlg, 0);
/* issue challenge to user getting back the account data, response MAC, and the
* value of the write-cycle counter */
AnswerChallenge(user, chlg);
/* use coprocessor to verify the authentication response */
VerifyAuthResponse(copr, user, chlg, TRUE);
/* Verify user tokens authentication response, same for signed and unsigned */
VerifyUser(copr, user, TRUE);