Authentication, Ds2784 authentication commands – Rainbow Electronics DS2784 User Manual

DS2784: 1-Cell Stand-Alone Fuel Gauge IC with Li+ Protector and SHA-1 Authentication

29 of 38

AUTHENTICATION

Authentication is performed using a FIPS-180-compliant SHA-1 one-way hash algorithm on a 512-bit message
block. The message block consists of a 64-bit secret, a 64-bit challenge and 384 bits of constant data. Optionally,
the 64-bit net address replaces 64 of the 384 bits of constant data used in the hash operation. Contact Maxim for
details of the message block organization.
The host and the DS2784 both calculate the result based on the mutually known secret. The result of the hash
operation is known as the message authentication code (MAC) or message digest. The MAC is returned by the
DS2784 for comparison to the host’s MAC. Note that the secret is never transmitted on the bus and thus cannot be
captured by observing bus traffic. Each authentication attempt is initiated by the host system by providing a 64-bit
random challenge by the Write Challenge command. The host then issues the compute MAC or compute MAC with
ROM ID command. The MAC is computed per FIPS 180, and then returned as a 160-bit serial stream, beginning
with the least significant bit.

DS2784 AUTHENTICATION COMMANDS

WRITE CHALLENGE [0Ch].

This command writes the 64-bit challenge to the DS2784. The LSB of the 64-bit data

argument can begin immediately after the MSB of the command has been completed. If more than 64-bits are
written, the final value in the challenge register will be indeterminate. The Write Challenge command must be
issued prior to every Compute MAC or Compute Next Secret command for reliable results.

COMPUTE MAC WITHOUT ROM ID [36h].

This command initiates a SHA-1 computation without including the

ROM ID in the message block. Since the ROM ID is not used, this command allows the use of a master secret and
MAC response independent of the ROM ID. The DS2784 computes the MAC in t

SHA

after receiving the last bit of

this command. After the MAC computation is complete, the host must write 8 write-zero time slots and then issue
160 read-time slots to receive the 20-byte MAC. See Figure 9 for command timing.

COMPUTE MAC WITH ROM ID [35h]
This command is structured the same as the compute MAC without ROM ID, except that the ROM ID is included in
the message block. With the ROM ID unique to each DS2784 included in the MAC computation, the MAC is unique
to each token. See White Paper 4: Glossary of 1-Wire SHA-1 Terms, for more information. See Figure 9 for
command timing.

SHA-1-related commands used while authenticating a battery or peripheral device are summarized in Table 9 for
convenience. Four additional commands for clearing, computing, and locking of the secret are described in detail in
the following section.

Table 9. Authentication Function Commands

COMMAND HEX

FUNCTION

Write Challenge

0C

Writes 64-bit challenge for SHA-1 processing. Required prior to
issuing Compute MAC and Compute Next Secret commands.

Compute MAC Without ROM ID
and Return MAC

36

Computes hash operation of the message block with logical 1s in
place of the ROM ID. Returns the 160-bit MAC.

Compute MAC With ROM ID and
Return MAC

35

Computes hash operation of the message block including the
ROM ID. Returns the 160-bit MAC.