ATAES132_14 Datasheet, PDF(31/171 Page) ATMEL Corporation – 32K AES Serial EEPROM Specification

English

English German Russian Spanish Italian Polish Chinese Japanese Korean French Portuguese	Language :

ATAES132_14 Datasheet, PDF (31/171 Pages) ATMEL Corporation – 32K AES Serial EEPROM Specification

◁

7. Command Definitions

The ATAES132 extended command definitions are described in this section. The commands are presented in

alphabetical order by command name. The standard Serial EEPROM Read and Write commands are in

Section 5, Standard Serial EEPROM Read and Write Commands and are not included in this section. The

cryptographic operations performed by the ATAES132 extended commands are described in Appendix I,

Cryptographic Computations.

7.1 Auth Command

The Auth command performs a one-way or mutual authentication using AES-CCM. The Auth command options

are shown in Table 7-1. The Nonce Register value is used as the CCM Nonce for all Auth command MAC

calculations.

ï¬ Mutual Authentication

The InMAC is verified, and upon success, an OutMAC is calculated and returned to the Host. The

AuthComplete status flag is set to YesAuth if the InMAC is verified.

ï¬ Outbound Only Authentication

The OutMAC is calculated and output to the Host. The AuthComplete status flag is set to NoAuth.

Outbound-only Authentication is also known as Challenge-Response Authentication.

ï¬ Inbound Only Authentication

The InMAC value is verified, and the success or failure is reported to the Host. The AuthComplete status

flag is set to YesAuth if the InMAC is verified.

ï¬ Authentication Reset

The AuthComplete status flag is set to NoAuth.

Table 7-1. Auth Command Options

Mode Bit 1

Mode Bit 0

Description

Mutual Authentication

Outbound Only Authentication

Inbound Only Authentication

Authentication Reset

InMAC

Required

Prohibited

Required

Prohibited

OutMAC

Generated

If a MAC is required or will be generated by the Auth command, then a valid Nonce is required. If the

KeyConfig[AKeyID].RandomNonce bit is 1b, then the Nonce must be random.

The AuthCompute command can be used to generate the InMac required for Inbound Only Authentication, or

Mutual Authentication (see Section 7.3,AuthCompute Command). The AuthCheck command can be used to

validate the OutMac (see Section 7.2, AuthCheck Command).

In the I2C interface mode, the Auth command can also used for Auth signaling. See Appendix J.5, I2C Auth

Signaling.

7.1.1

Authentication Status Register

The Authentication Status Register contains the AKeyID, the AuthComplete status flag, and the usage bits. Prior

to executing the Auth command, the AuthComplete status flag is set to NoAuth. If the InMAC is successfully

verified in the Inbound Only or Mutual Authentication mode, then the AuthComplete status flag is set to YesAuth.

The ATAES132 Authentication Status Register only stores the result of the most recent authentication attempt. If

there is a parsing or execution error, then the prior Authentication status will be lost.

ATAES132 [Datasheet]

Atmel-8760C-CryptoAuth-ATAES132-Datasheet_102013

▷