 English |
|
|
|
|
|
|
|
| BQ34Z950 Datasheet, PDF (16/28 Pages) Texas Instruments – SBS 1.1-COMPLIANT GAS GAUGE AND PROTECTION ENABLED WITH IMPEDANCE TRACK WITH OPTIONAL DQ INTERFACE | |||
| |||
| ◁ |
bq34z950
SLUSBF0A â APRIL 2013 â REVISED MAY 2013
SHA-1 Over DQ
www.ti.com
SHA-1 Overview
The host sends a randomly generated 20-byte challenge, and then reads the 20-byte response generated by the
bq34z950. The response generated by the bq34z950 is calculated using the SHA-1 hash algorithm and a shared
private key known by both parties to the transaction. The host compares the bq34z950 response to the expected
response, and if they agree, then the host concludes that the bq34z950 knows the key, and is thus
authenticated.
The 20-byte challenge/response is written/read using registers 0x1Bâ0x2E. The bq34z950 calculates the
response when a write of any data value is issued to register 0x2F. DQ communication is ignored when the
response is calculated, which takes approximately 22 ms.
SHA-1 Usage Procedure
Use the following two steps to implement the SHA-1 algorithm in the bq34z950:
1. Create a unique authentication key and write it to the part during assembly.
The authentication key resides in the SMBus addresses 0x63â0x66 in 4-byte strings. The four strings are
read/write accessible until the bq34z950 is sealed. When written using an SMBus string write command, they
are retained permanently in flash memory and can only be changed when the bq34z950 is unsealed. They
are stored in Little Endian format. The SHA-1 authentication key defaults to
0123456789abcdeffedcba9876543210 in the bq34z950. This is a default and is not intended for production.
It should be changed to a unique key prior to production to ensure that security is not compromised.
For more details, see Using SHA-1 in bq20Zxx Family of Gas Gauges (SLUA359).
The host sends a 20-byte random challenge string. This string must be written to the bq34z950 DQ registers
in Little Endian format.
Little Endian representation is as follows:
Byte00, Byte01, Byte02, Byte03, Byte04, Byte05, Byte06, Byte07, Byte08, Byte09,
Byte0A, Byte0B, Byte0C, Byte0D, Byte0E, Byte0F, Byte10, Byte11, Byte12, Byte13
Big Endian representation is as follows:
Byte13, Byte12, Byte11, Byte10, Byte0F, Byte0E, Byte0D, Byte0C, Byte0B, Byte0A,
Byte09, Byte08, Byte07, Byte06, Byte05, Byte04, Byte10, Byte03, Byte02, Byte01, Byte00
2. Implement SHA-1 in the OEM host system.
(a) The host must know the SHA-1 key defined in Step 1. This key is used in the host system to determine
what the response should be.
(b) The host must issue a random challenge: The host sends a challenge using a 20-byte string write to the
SMBus command 0x2F or to the DQ registers in Little Endian format. For SHA-1 over DQ bus, the write
of 20 bytes must be followed by a write access to register 0x2F to start the authentication. Any value can
be written. It is important that the challenge be random every time to ensure security.
(c) The host computes the response: With the known SHA-1 authentication key and random challenge, the
host computes the anticipated response from the bq34z950.
(d) bq34z950 computes the response: The bq34z950 computes the response at the same time that the host
is computing it. The bq34z950 should be given greater than 22 ms to compute the response and put it
into memory or the DQ registers for retrieval.
(e) The host must read the response: The host reads the response from the same DQ registers to which the
challenge was written. The response is a 20-byte string read in Little Endian format.
(f) The host must validate the response: The host must compare the response read from the bq34z950 to
what was computed in Step 2.c above.
(g) If the response is validated, then the battery is authenticated. Otherwise, the host can reject the pack.
16
Submit Documentation Feedback
Product Folder Links: bq34z950
Copyright © 2013, Texas Instruments Incorporated
|
▷ |
German
Russian
Spanish
Italian
Polish
Chinese
Japanese
Korean
French
Portuguese