Functions and fundamentals of cryptographic chips

Principle: At88scxx (at88sc0104~25616) has the function of protocol authentication and data ciphertext transmission, so that pirates can not copy the whole machine even if they steal the microcontroller program code and the CPLD code, because At88scxx (at88sc0104c.html " >at88sc0104c~25616) cannot be copied.

1. Functions and fundamentals of the cryptographic chip.
Encryption chip is mainly used to protect the flash inside the program even if the Pirates read away, on the illegal board can not run, so as to protect their own labor results.

The main content of this article:

(1). How the encryption chip works

(2) Register configuration in the configuration area

(3) Interface description

(4) Des and custom algorithms.


First. How the encryption chip works.

1. Hardware connection

The AT88SC0104C package exterior and internal structure modules are shown below:


Can't copy the picture ~~~~~~



After connecting the power and ground, the SDA and SCL are connected with the Gpio of the master host.


2. Working mode and working mechanism of AT88

The AT88SC has three modes of operation, standard, authentication and encryption in three mode, which can be accessed as a common EEPROM in standard mode. However, the access timing is to read and write data by recruiting its own write/read User Zone command. Authentication mode is much more complex, before we discuss the authentication mode, we should study the algorithm F2 of this encryption chip first.


The input of the F2 algorithm is a system-generated random number Q0, there are 8 bytes of ciphertext CI and a seed GC from the 0x50,0x60,x070,x080 position of the encryption chip, there are four groups of user access areas inside the chip, so corresponding to four sets of access register AR and password register PR, and four sets of cipher registers CRYPTOGRAMCI and four ciphertext seed GC.

Its output is a eight-bit Xinmi text Q1, the host in the call F2 generated Q1, while Q0 and Q1 with verify authentication command to AT88, AT88 received the authentication command internally according to the CI value stored in the ciphertext area and the seed GC to do the same operation generated Q2, At the same time generate a key SK, and then Q2 and Q1 for comparison, if the results have been shown that the certification successful, it used Q2 to replace the ciphertext area CI, while generating a new ciphertext update session encryption key configuration area.

The third mode is the encryption mode, it is on the basis of the authentication in the use of SK instead of GC to do a F2 operation, and the results with verify encryption command to AT88, if the operation is successful, the chip will start the encryption mechanism, the data transmitted on the bus encryption \ Decryption.


3. Access the user data area.

In at88sc0104, for example, its data store is divided into four partitions, each with a capacity of 32 bytes per data area. Size is 4*32=128b=1028b

Look at several configuration registers related to the user area first

AR: Access Register,


PM1

PM0

AM1

AM0


ER


Wlm


MDF


PGO



Bit7







Bit0


PM1-PM0: Used to set whether a password is required for read and write in the user area.

AM1-AM0: Used to set whether access to the user area requires authentication.

ER,WLM,WDF, PGO Please refer to the NDA document


PR:


AK1

AK0

POK1

POK0


Res


PW2


PW1


PW0



Bit7







Bit0


Ak1-ak0: Select one of the four seeds as the input for authentication.

Pok1-pok0: Used when bidirectional authentication

Pw2-pw0: Select one of the 8 sets of passwords as the authentication password.


After setting the AR register, you can read and write to the user area through the following command steps.

1. Setuserzone

2. If authentication encryption is required to start the authentication command

3. Read and Write Data

4. Send Checksum

Refer to My code for details.


Second. Configuration of the at88sc0104.

The use phase of a cryptographic chip consists of three stages.

1. Development phase

This phase is mainly used to debug the code, this time to be very careful not to access certain registers, because more than some times register, such as AAC, PAC's count number of times, the film will be locked, so the unlock configuration area will fail. So be very careful when debugging.


Mainly with ATSC88 for certification, I put all the seeds are set to a value, Ar0-3 pr0-3 is also set to the same, so that you can use a seed to access the entire 128-byte space.

AR PR is set to authentication does not require a password mode, see the following code

Data[0]=0xdf;//arnormal authentication, encrypted required

Data[1]=0x23;//pr

Cm_writeconfigzone (0x20, data, 2, 0);

data[1]=0x63;//

Cm_writeconfigzone (0x22, data, 2, 0);

data[1]=0xa3;//

Cm_writeconfigzone (0x24, data, 2, 0);

data[1]=0xe3;//

Cm_writeconfigzone (0x26, data, 2, 0);

NC set to 0xFF 0xff 0xff 0xff 0x00 0x00 0x00 then one NC value per factory plus one.

Other registers such as CI SK can be used with default values because they change dynamically after the chip has worked.