32
SLUUBH1C–August 2016–Revised March 2018
Submit Documentation Feedback
Copyright © 2016–2018, Texas Instruments Incorporated
SHA-1 Authentication
Chapter 10
SLUUBH1C–August 2016–Revised March 2018
SHA-1 Authentication
10.1 Overview
As of March 2012, the latest revision is FIPS 180-4. SHA-1, or secure hash algorithm, is used to compute
a condensed representation of a message or data also known as hash. For messages < 2
64
, the SHA-1
algorithm produces a 160-bit output called a digest.
In a SHA-1 one-way hash function, there is no known mathematical method of computing the input given,
only the output. The specification of SHA-1, as defined by FIPS 180-4, states that the input consists of
512-bit blocks with a total input length less than 264 bits. Inputs that do not conform to integer multiples of
512-bit blocks are padded before any block is input to the hash function. The SHA-1 algorithm outputs the
160-bit digest.
The device generates a SHA-1 input block of 288 bits (total input = 160-bit message + 128-bit key). To
complete the 512-bit block size requirement of the SHA-1 function, the device pads the key and message
with a 1, followed by 159 0s, followed by the 64-bit value for 288 (000...00100100000), which conforms to
the pad requirements specified by FIPS 180-4.
• http://www.nist.gov/itl/
• http://csrc.nist.gov/publications/fips
• www.faqs.org/rfcs/rfc3174.html
10.2 HMAC Description
The SHA-1 engine calculates a modified HMAC value. Using a public message and a secret key, the
HMAC output is considered to be a secure fingerprint that authenticates the device used to generate the
HMAC.
To compute the HMAC: Let H designate the SHA-1 hash function, M designate the message transmitted
to the device, and KD designate the unique 128-bit Unseal/Full Access/Authentication key of the device.
HMAC(M) is defined as: H[KD || H(KD || M)], where || symbolizes an append operation.
10.3 Authentication
The authentication feature is used in the following sequence:
1. MAC command 0x0000: Command = 0x0000, write the 20 bytes to 0x40, then write the checksum+len
at 0x60. The response will be available as a MAC response, so 0x3E/0x3F will be 0x0000, 0x40 will
have the SHA1 result, and 0x60/0x61 will have the checksum and length.
2. Generate 160-bit message M using a random number generator that meets approved random number
generators described in FIPS PUB 140–2.
3. Generate SHA-1 input block B1 of 512 bytes (total input = 128-bit authentication key KD + 160-bit
message M + 1 + 159 0s + 100100000).
4. Generate SHA-1 hash HMAC1 using B1.
5. Generate SHA-1 input block B2 of 512 bytes (total input = 128-bit authentication key KD + 160-bit hash
HMAC1 + 1 + 159 0s + 100100000).
6. Generate SHA-1 hash HMAC2 using B2.
7. With no active MACData() data waiting, write 160-bit message M to MACData() in the format
0xAABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTT, where AA is LSB.
8. Wait 250 ms, then read MACData() for HMAC3.
To Next Page
Loading...
Need help?
General
