AT90SP0801-01SC

Features • • • • • • • • Secure Computation of Public Key Signatures Secure Storage and Decryption of Symmetric Keys On-chip Cache for Frequently Used Keys SMBus Communications Port On-board Public Key Computation Engine and Microprocessor Physical and Logical Security Measures to Inhibit Attacks 20-lead SOIC Package, 0°C to +70°C Operating Range 3.3V ±10% Supply Voltage Description The AT90SP0801 is used to perform cryptographic operations, using asymmetric private keys stored in its internal EEPROM. An arbitrary number of private keys can be stored externally and decrypted by the chip when required. Communication to the system processor is via the SMBus. Figure 1. Pin Configuration Secure Signature Generation Chip AT90SP0801 Summary Name RESET SCL SDA GND CLKIN VCC TEST Description Reset Input, Active-low SMBus Clock SMBus Data Ground Input Clock Operating Voltage Do Not Connect 28-lead TSSOP RESET NC NC NC NC NC SCL SDA NC NC NC GND NC NC 1 2 3 4 5 6 7 8 9 10 11 12 13 14 28 27 26 25 24 23 22 21 20 19 18 17 16 15 NC NC VCC NC NC NC NC NC CLKIN TEST TEST NC NC NC 28-lead SOIC RESET NC NC NC NC SCL SDA NC NC GND 1 2 3 4 5 6 7 8 9 10 20 19 18 17 16 15 14 13 12 11 VCC NC NC NC NC CLKIN TEST NC NC TEST Rev. 1495AS–01/02 N ote: This is a summary document. A complete document is available under NDA. For more information, please contact your local Atmel sales office. Figure 2. Block Diagram EEPROM Registers Hardware Key Private Key Password User Key Buffer 0 Private Key Password, Mode CRC Tag User Key Buffer 1 Private Key Password, Mode CRC Tag Data I/O Buffer SMBus 8/16-bit Crypto Data Buffer Commands AVR µp CLKIN RESET Program Memory Public Key Crypto Engine Key: Control: Data: Other Configuration Registers: LOCK, STATUS ERROR, VERS FAILCNT, CONFIG 2 AT90SP0801 1495AS–01/02 AT90SP0801 Serial Interface Data is transferred to or from the I/O buffer on the chip using the SMBus interface, in a manner similar but not identical to that of standard two-wire serial EEPROMs. All bits are sent to or read from the chip most significant bit first, in a manner consistent with standard serial EEPROMs. Bit fields listed in this document are correspondingly listed with the MSB on the left and the LSB on the right. Hex numbers are specified with the “0x” prefix. Multi-byte information sent to the chip is sent most significant byte first, following typical conventions. Within the chip, the first byte sent to the chip is stored in memory at the lowest address, and the address is incremented for subsequent bytes. When a message digest (hash) is sent to the chip, the first byte of the hash value is the first byte to be sent to the chip. In both the text and graphics, the chip is the slave and the system is the master. The following abbreviations apply: A N S P Acknowledge (bus pulled low, master or slave) Not Acknowledge (bus left high, master or slave) Start (High-to-low on SDA with SCL high, master) Stop (Low-to-high on SDA with SCL high, master) For the graphical representations, the direction of the data flow is indicated as below: Slave to Master (Chip to System) Master to Slave (System to Chip) SMBus Standard Usage Data transfer to and from the chip follows the SMBus V1.1 standard, using only some of the command protocols. The “write” command of this chip uses the “Block Write” protocol of the SMBus spec. Note that in this chip the count value can exceed 32. This chip does not support the “Write Byte” and “Write Word” protocols of the SMBus spec. The “Read” command of this chip uses the “Block Read” protocol of the SMBus spec. Note that in this chip the “Read” command can be optionally executed without the preceding partial block write command. This chip does not support the “Receive Byte”, “Read Byte” and “Read Word” protocols of the SMBus spec. All other commands of this chip use the “Send Byte” protocol of the SMBus spec. Note that the “Quick Command” and “Process Call” protocols of the SMBus spec are not supported by this chip. Two-wire Serial EEPROM Comparison Some of the differences between this chip and a standard two-wire serial EEPROM are: 1. The slave address of this chip is different from the A0-AF (hex) standard for EEPROMs. 2. The maximum clock rate is 100 kHz and Tdh is 300 ns. These specs are part of SMbus. 3. The supply voltage is 3.0V to 3.7V. 4. The read address is not specified in the aborted read command. 5. Multi-byte reads and writes are preceded by the number of bytes that will be transferred. 3 1495AS–01/02 6. Multi-byte writes longer than the maximum size of the register (i.e., containing more bytes) cause an error. Commands Without Data Transfer There are a number of commands (described within the following Commands sections) that perform various internal operations on the chip, using data already stored in either the I/O buffer or the internal memories of the chip. All such commands are composed of two bytes sent to the chip according to the following flow: Number of bits 1 S 7 Slave Address 1 Wr 1 A 8 Command Code 1 A 1 P Start Condition R/W Bit Acknowledge Stop Condition Write Commands The write commands permit data to be transferred to the I/O buffer located within the SRAM on the chip. Only block writes are supported, so transfers of 1 or 2 bytes require the same basic sequence as 32 bytes. The commands are encoded as follows: Slave Address 01010000 01010010 01010000 s Command Code 1 Description Write buffer, (+data) Write command, ignored Write command, ignored s 0 000000 01111111 01111111 The following figure shows the structure for block write operations: 1 S 7 Slave Address 1 Wr 1 A 8 Command Code 1 ... A 8 Byte Count = N 1 A 8 Data byte 1 1 A 8 Data byte 2 1 ... A 8 Data byte N 1 A 1 P The write buffer command is followed by up to 255 bytes of data. All bytes are sourced by the host and are formatted as follows: 01010000 s1s0000000 count data0 data1 … dataN crc0 crc1 Count denotes the total number of bytes that follows the command, including any CRC bytes. A 0 value is illegal. 255 is the max. number of bytes that may be written per command. 4 AT90SP0801 1495AS–01/02 AT90SP0801 Data is sent least significant byte first. In some circumstances, there may be no data, only crc. Depending on the value of ss, the crc bytes may or may not be included. The two sequence bits s1-0 within the command code tell the chip how to relate this transfer to previous and subsequent transfers. S0 if set to a 1 indicates that this is the first transfer to the buffer and that data0 should go into buffer address 0 and so on. If this bit is set to a 0, then data0 will be stored in the next location within the buffer after that from the previous transfer. When set, this bit also resets the CRC generator. S1 if set to a 1 indicates that this is the last transfer to the buffer. If set to a 0, the chip must have previously executed a command where s0 was set to a 1. When s1 is set to a 1, the last two bytes of the information transferred in this block are a CRC value. The chip will NACK the crc1 byte, if the value sent does not match that computed on the incoming data. The CRC bytes may not be split across two blocks. For instance, to write password information (64 bytes) to the chip, the following sequence of three write commands would be used (assuming 32 byte loads). The ACKs, NACKs and STOP conditions have been ignored for clarity. S S S 01010000 01010000 01010000 01000000 00000000 10000000 00100000 00100000 00000010 data0 data32 crc0 data1 data33 crc1 data2 data34 ... ... data31 data63 For shorter data transfer values, it is perfectly legal for both s0 and s1 to be set. This indicates that the entire transfer is taking place in a single block access. As an example of this, the following command would write a single byte to the buffer: S 01010000 11000000 00000011 data0 crc0 crc1 The chip will NACK writes that attempt to write into the chip beyond the internal buffer, which may be as short as 320 bytes. 5 1495AS–01/02 Read Commands Slave Address 01010011 01010001 Block read commands are slightly different than writes and are encoded as follows: Command Code --------------Description Read buffer, first block Read, subsequent blk The read command is only one byte long, and the chip (not the host) sends back the count information. The count value will always be the smaller of MAXBLK_R or the (remaining) number of bytes in the register that have not been read yet. When there are a large number of bytes in the buffer, multiple read commands must be executed to read all the bytes out of the chip. Using the slave address of 0x53 will cause the chip to start reading at the beginning of the buffer. Using the slave address of 0x51 will cause the chip to continue reading information that is subsequent to the information last read by the chip from the buffer. After a load or crypto operation, the first command may also be a 0x51, which will have the same effect as 0x53. Block Reads are formatted as follows: 1 S 7 Slave Address 1 Rd 1 A 8 Byte Count = N 1 ... A 8 Data Byte 1 1 A 8 Data Byte 2 1 ... A 8 Data Byte N 1 N 1 P After the last byte has been read from the register, the read pointer is reset back to the beginning of the register, and the system may continue to read from the beginning of the buffer again, if desired. There is no indication from the chip as to when the read pointer has been reset (other than as may be inferred from the values in the count field). To be compatible with the SMBus specification, the read command may optionally be preceded by the first two bytes of either of the “ignored write” commands, which are then aborted with a new start bit for the read. The two bytes of the write command are completely ignored by the chip in this case, and a different encoding for the second byte (01111111, or 0x7F) must be used. Execution of a block read sequence using a legal write command code for the second byte (00, 0x40, 0x80 or 0xC) is undefined. The protocol for this is shown below: 1 S 7 Slave Address 1 Wr 1 A 8 0111 1111 1 A 1 S 7 Slave Address 1 Rd 1 ... A 8 Byte Count = N 1 A 8 Data byte 1 1 A 8 Data byte 2 1 ... A 8 Data byte N 1 N 1 P 6 AT90SP0801 1495AS–01/02 AT90SP0801 As an example of the read block command, the following would take place to read four bytes of data from the buffer (assuming that the load VERS_R command had previously been executed). S 01010011 00000100 data0 data1 data2 data3 or S 01010010 01111111 S 01010011 00000100 data0 data1 data2 data3 As an example of multiple read block command, the following would take place to read the 1040 bits (130 bytes) of signature data from the buffer (assuming that the “sign” command had previously been executed). As earlier, the two-byte aborted write is an option on each command. Note that the first byte read (data0) is the most significant byte of the signature, while data128 is the most significant byte of the CRC. S S S S S 01010010 01010000 01010000 01010000 01010000 01111111 01111111 01111111 01111111 01111111 S S S S S 01010011 01010001 01010001 01010001 01010001 00100000 00100000 00100000 00100000 00000010 data0 data32 data64 data96 data128 data1 data33 data65 data97 data129 ... ... ... ... ... data31 data63 data95 data127 7 1495AS–01/02 Absolute Maximum Ratings Operating Temperature...................................0°C to +70°C Storage Temperature (without bias)................0°C to +70°C Votage on I/O Pins..................................-0.1 to VCC +0.3V Voltage on VCC with Respect to Ground......................6.0V *NOTICE: Stresses beyond those listed under “Absolute Maximum Ratings” may cause permanent damage to the device. This is a stress rating only and functional operation of the device at these or any other conditions beyond those indicated in the operational sections of this specification may cause temporary or permanent failure. Exposure to absolute maximum rating conditions for extended periods may affect device reliability. Maximum ESD Voltage..............................................2000V Serial Interface AC Specifications CL = 1 TTL Gate and 100 pF, except as noted. VCC = 3.0V to 3.7V. Name tSCL tLOW tHIGH tI tAA tBUF tHD.STA tSU.STA tHD.DAT tSU.DAT tR tF tSU.STO tDH tWR tCLKIN tCLKO, tCKH1 69 34 4.7 300 10 100 50 0.1 4.7 4.0 4.7 0 200 1.0 300 4.7 4.0 100 4.5 Min Max 100 Units kHz µs µs ns µs µs µs µs µs ns µs ns µs ns ms ns ns Notes Clock (SCL) Frequency Clock (SCL) Pulse Low-width Clock (SCL) Pulse High-width Noise Suppression, Not Tested Clock low to Data out valid Bus free before Transmission, Not Tested Start Hold Time Start Set-up Time Data In Hold Time Data In Set-up Time Inputs Rise Time, Not Tested Inputs Fall time, Not Tested Stop Set-up Time Data Out Hold Time Write Cycle Time, EEPROM Write CLKIN Period CLKIN Low or CLKIN High Figure 3. Timing Diagram for Serial Interface AC Specification 8 AT90SP0801 1495AS–01/02 AT90SP0801 Serial Interface DC Specifications Operating Temperature Range = 0° to 70°C. Name VCC ICC(1) ISB (1) Min 3.0 Typ Max 3.7 Units V mA µA µA V V V pF Notes Operating Voltage, VCC Pin At VCC = 3.7V, fSDA = 100 kHz At VCC = 3.3V, CLKIN = VSS SDA, SCL. VIN = VCC or VSS 18 50 0.1 −0.1 VCC x 0.7 25 100 3.0 VCC x 0.3 VCC 0.4 ILIO VIL VIH VOL CIO fCLKIN Notes: 1 IOL = 2.1 mA SCL, SDA, Not Tested Duty cycle >48% and