Datasheet

ManualsBrandsTEXAS INSTRUMENTS ManualsDev KitsPCB design board

www.ti.com

1000...000000...0100100000

64bits159bits

HMAC DESCRIPTION

KEY PROGRAMMING DESCRIPTION

MasterTX:

Reset&

WriteStatuscommand

Mastersets

LOCKK1/LOCKK0atStatus

address0x0000

MasterRX:

CRCofWriteControlCmd,

Address,andData

MasterpullsSDQlineto

V for3ms

PROG

MasterTX:

Reset&

WriteControlCommand

Mastersets

PROGK1/PROGK0

inCONTROL reg

MasterTX:

Reset&

WriteMessageCommand

Masterwritesupto

160-bitmessage

bq26100

SLUS696A – JUNE 2006 – REVISED FEBRUARY 2007

The bq26100 generates an SHA-1 input block of 288 bits (total input = 160 bit message + 128 bit key). To

complete the 512 bit block size requirement of the SHA-1, the bq26100 pads the key and message with a 1,

followed by 159 0’s, followed by the 64 bit value for 288 (000 … 00100100000), which conforms to the pad

requirements specified by FIPS 180-2:

The SHA-1 engine is used to calculate a modified HMAC value. Using a public message and a secret key, the

HMAC output is considered to be a secure fingerprint that authenticates the device used to generate the HMAC.

To compute the HMAC let H designate the SHA-1 hash function, M designate the message transmitted to the

bq26100, and K

designate the unique 128 bit device key of the bq26100. HMAC(M) is defined as:

H[K

|| H(K

|| M)], where || symbolizes an append operation

The message, M, is appended to the device key, K

, and padded to become the input to the SHA-1 hash. The

output of this first calculation is then appended to the device key, K

, padded again, and cycled through the

SHA-1 hash a second time. The output is the HMAC digest value.

The 128-bit key used in the HMAC calculation is built from two 64-bit key spaces on the bq26100. Each key can

be programmed independently, allowing multiple parties to program part of the full 128-bit key without the

knowledge necessary to reproduce the full 128-bit key. To further protect the 128-bit key, the value written to

each 64-bit non-volatile key space is the output of a SHA-1 calculation on a 160-bit input. Figure 13 provides a

flow for the programming of the 128-bit device key. Once KEYx has been programmed, the LOCKKx bit should

be programmed to 0 in the status register, preventing another value from overwriting that key space.

Figure 13. Key Programming Flow

This flow is run twice, for KEY0 and KEY1. An external power source is required on the PWR pin during key

programming. Figure 14 shows a typical connection for the external power source.

Since there is no key pre-appended to the message, the key message is padded with a 1, followed by 287 0’s,

followed by the 64-bit value for 160 (00..01010000):

Submit Documentation Feedback