赞
踩
使用芯片:ATSHA204A(8脚S0IC封装)
目的:使用ATSHA204A的认证功能,防抄板
前提:了解IIC通信原理
资料:1.网上对于使用ATSHA204A的参考资料大概有三四个,很容易找到
2.ATSHA204A的datasheet
3.atmel官网下载的库代码或者代理商也应该会提供一些参考代码或者网上也可以下载到。代理商给我的参考代码把操作都封装好了,只需要修改一个底层驱动文件和一个延时函数文件即可,代理商应该会提供这个,有需要也可以找我。
工具:IAR(IDE),JLINK-V8,逻辑分析仪,示波器,串口线。
使用的是硬件IIC,使用这个芯片可以分为三步,第一步是调通IIC,第二步是成功配置这个芯片,第三步是进行认证。
过程 1.在i2c_phys.c和timer_utilities.c文件里面修改IIC通信函数和延时函数。说说IIC通信函数,包括IIC使能,设置设备地址0xC8,设置传输速率,开始发送,结束发送,发送函数,接收函数,发送唤醒函数等。根据开发板的不同,库代码不同,自行修改。
2.参考代码里有个atsha204_read_sn.c,调用里面的read_sn函数,哦哦哦,这里要说一个重要的事情,关于芯片的唤醒!!!IIC通信中,向发送一个0x00,延时至少2.5ms,就可以,用接收函数接收4个字节,成功唤醒会收到04,11,33,43。
3.成功唤醒之后,才可以做很多事情,实现它的命令功能。基本调用下面这个函数即可。
uint8_t sha204m_execute(uint8_t op_code, uint8_t param1, uint16_t param2,
uint8_t datalen1, uint8_t *data1, uint8_t datalen2, uint8_t *data2, uint8_t datalen3, uint8_t *data3,
uint8_t tx_size, uint8_t *tx_buffer, uint8_t rx_size, uint8_t *rx_buffer);
这之前我要说说这个芯片了。芯片分为三个区:88个字节的config区,512字节的slot区,64个字节的OTP区。
关于config区,放的是SN和每个slot的访问权限信息等。唤醒之后,我们需要配置slot区的访问权限,就在这个区。
关于slot区,这个区有16个slot,每个slot可以放32字节。在config区lock之后,data区(slot区和OTP区)lock之前,只能写slot区而不能读。在config区和data区都lock之后,按照config区对于slot的访问权限进行读写。
关于OTP,我也没有用,一次可编程。
config区关于16个slot的默认配置如下,我们需要修改。命令如下:
void config(void)
{
uint8_t data1[4]={0x80,0x80,0x80,0x80}; //
uint8_t data2[4]={0x80,0x00,0x80,0x00}; //
uint8_t data3[4]={0x00,0x00,0x00,0x00};//怎么配置的,看下图!
uint8_t data4[4]={0xC0,0x80,0xC0,0x80};//
uint8_t data5[4]={0xC0,0x00,0xC0,0x00};//
sha204m_execute(0x12, 0x00, 0x05,4, data1, 0, 0, 0, 0,LPI2C_DATA_LENGTH, g_slave_buff,LPI2C_DATA_LENGTH, g_master_buff);
sha204m_execute(0x12, 0x00, 0x06,4, data2, 0, 0, 0, 0,LPI2C_DATA_LENGTH, g_slave_buff,LPI2C_DATA_LENGTH, g_master_buff);
sha204m_execute(0x12, 0x00, 0x07,4, data3, 0, 0, 0, 0,LPI2C_DATA_LENGTH, g_slave_buff,LPI2C_DATA_LENGTH, g_master_buff);
sha204m_execute(0x12, 0x00, 0x08,4, data4, 0, 0, 0, 0,LPI2C_DATA_LENGTH, g_slave_buff,LPI2C_DATA_LENGTH, g_master_buff);
sha204m_execute(0x12, 0x00, 0x09,4, data5, 0, 0, 0, 0,LPI2C_DATA_LENGTH, g_slave_buff,LPI2C_DATA_LENGTH, g_master_buff);
sha204m_execute(0x12, 0x00, 0x0A,4, data3, 0, 0, 0, 0,LPI2C_DATA_LENGTH, g_slave_buff,LPI2C_DATA_LENGTH, g_master_buff);
sha204m_execute(0x12, 0x00, 0x0B,4, data3, 0, 0, 0, 0,LPI2C_DATA_LENGTH, g_slave_buff,LPI2C_DATA_LENGTH, g_master_buff);
sha204m_execute(0x12, 0x00, 0x0C,4, data3, 0, 0, 0, 0,LPI2C_DATA_LENGTH, g_slave_buff,LPI2C_DATA_LENGTH, g_master_buff);
}
之后可以通过read命令,读出看看有没有写入。写入成功的话会返回04 00 03 40。
4.在config区可以自由读写的话,进行下一步,lock住data区。
sha204m_execute(0x17, 0x80, 0x00,0, 0, 0, 0, 0, 0,LPI2C_DATA_LENGTH, g_slave_buff,LPI2C_DATA_LENGTH, g_master_buff);
之后看config区0x15中config_lock的55有没有变成00。变了的话,就lock成功。
5.ok的话,可以向slot区写数据了。最主要还是放密钥的那几个slot要写数据,如果配置为00,00,就是普通的eeprom。
// uint8_t data1[32]={0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x10,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x10,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x10,0x00,0x00};
// uint8_t data3[32]={0x55,0x55,0x55,0x55,0x55,0x55,0x55,0xAA,0xAA,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x55,0x55,0xAA};
// uint8_t data4[32]={0x11,0x11,0x23,0xB6,0xCC,0x53,0xB7,0xB9,0xE9,0xBB,0x51,0xFD,0x2F,0x74,0xCD,0x0E,0x91,0xD9,0x7F,0xEB,0x84,0x7B,0x98,0x09,0xF4,0xCD,0x93,0x6A,0xB6,0x48,0x11,0x11};
// sha204m_execute(0x12, 0x82, 0x0010,32, data1, 0, 0, 0, 0,LPI2C_DATA_LENGTH, g_slave_buff,LPI2C_DATA_LENGTH, g_master_buff);
//
// sha204m_execute(0x12, 0x82, 0x0000,32, data1, 0, 0, 0, 0,LPI2C_DATA_LENGTH, g_slave_buff,LPI2C_DATA_LENGTH, g_master_buff);
// sha204m_execute(0x12, 0x82, 0x0008,32, data1, 0, 0, 0, 0,LPI2C_DATA_LENGTH, g_slave_buff,LPI2C_DATA_LENGTH, g_master_buff);
//
// sha204m_execute(0x12, 0x82, 0x0010,32, data1, 0, 0, 0, 0,LPI2C_DATA_LENGTH, g_slave_buff,LPI2C_DATA_LENGTH, g_master_buff);
// sha204m_execute(0x12, 0x82, 0x0018,32, data1, 0, 0, 0, 0,LPI2C_DATA_LENGTH, g_slave_buff,LPI2C_DATA_LENGTH, g_master_buff);
//
// sha204m_execute(0x12, 0x82, 0x0020,32, data1, 0, 0, 0, 0,LPI2C_DATA_LENGTH, g_slave_buff,LPI2C_DATA_LENGTH, g_master_buff);
// sha204m_execute(0x12, 0x82, 0x0028,32, data1, 0, 0, 0, 0,LPI2C_DATA_LENGTH, g_slave_buff,LPI2C_DATA_LENGTH, g_master_buff);
//
// sha204m_execute(0x12, 0x82, 0x0030,32, data1, 0, 0, 0, 0,LPI2C_DATA_LENGTH, g_slave_buff,LPI2C_DATA_LENGTH, g_master_buff);
// sha204m_execute(0x12, 0x82, 0x0038,32, data1, 0, 0, 0, 0,LPI2C_DATA_LENGTH, g_slave_buff,LPI2C_DATA_LENGTH, g_master_buff);
//
// sha204m_execute(0x12, 0x82, 0x0040,32, data1, 0, 0, 0, 0,LPI2C_DATA_LENGTH, g_slave_buff,LPI2C_DATA_LENGTH, g_master_buff);
// sha204m_execute(0x12, 0x82, 0x0048,32, data1, 0, 0, 0, 0,LPI2C_DATA_LENGTH, g_slave_buff,LPI2C_DATA_LENGTH, g_master_buff);
//
// sha204m_execute(0x12, 0x82, 0x0050,32, data1, 0, 0, 0, 0,LPI2C_DATA_LENGTH, g_slave_buff,LPI2C_DATA_LENGTH, g_master_buff);
// sha204m_execute(0x12, 0x82, 0x0058,32, data1, 0, 0, 0, 0,LPI2C_DATA_LENGTH, g_slave_buff,LPI2C_DATA_LENGTH, g_master_buff);
6.成功的话,每个操作都会返回04,00,03,40。这里如果没有返回值的话,根本不知道有没有写进去。因为现在是读不了的。
7.lock data区
// sha204m_execute(0x17, 0x81, 0x00,0, 0, 0, 0, 0, 0,LPI2C_DATA_LENGTH, g_slave_buff,LPI2C_DATA_LENGTH, g_master_buff);
8. read config zone 0x15,看看有没有锁住 0x55应变为0x00
9.到这里配置就完成了,可以读读允许读的slot中的数据。
10.认证其实有很多方法,我用的最简单的,固定挑战认证。slot0为密钥区。
uint8_t data1[32]={0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22};
sha204m_execute(0x08,0x00,0x0000,32, data1, 0, 0, 0, 0,LPI2C_DATA_LENGTH, g_slave_buff,LPI2C_DATA_LENGTH, g_master_buff);
会有一个返回。
之后再用sha256算法。 //message发送的数据是88个字节。密钥,挑战码,mac等,0x00等,sn,
static uint8 message1[]= { 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x10,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x10,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x10,0x00,0x00,
0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,0x22,
0x08,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0xee,
0x00,0x00,0x00,0x00,0x01,0x23,0x00,
0x00,
// };
sha256(message1, 88, digest);
这个digest如果和之前mac的返回一样,那就成功了。
注:硬件IIC最好别飞线。
Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。