View ATECC508A_8998389.PDF datasheet online --- IC-ON-LINE

Datasheet File OCR Text:

ATECC508A ATECC508A cryptoauthentication device complete data sheet features ? cryptographic co-processor with secure hardware-based key storage ? performs high-speed public key (pki) algorithms C ecdsa: fips186-3 elliptic curve digital signature algorithm C ecdh: fips sp800-56a elliptic curve diffie-hellman algorithm ? nist standard p256 elliptic curve support ? sha-256 hash algorithm with hmac option ? host and client operations ? 256-bit key length ? storage for up to 16 keys ? two high-endurance monotonic counters ? guaranteed unique 72-bit serial number ? internal high-quality fips random number generator (rng) ? 10 kb eeprom memory for keys, certificates, and data ? multiple options for consumption logging and one-time write information ? intrusion latch for external tamper switch or power-on chip enablement. multiple i/o options: C high-speed single pin interface, with one gpio pin C 1 mhz standard i 2 c interface ? 2.0v to 5.5v supply voltage range ? 1.8v to 5.5v io levels ? <150 na sleep current ? 8-pad udfn, 8-lead soic, and 3-lead contact packages applications ? iot node security and id ? secure download and boot ? ecosystem control ? message security ? anti-cloning ? 2017 microchip technology inc. datasheet complete ds20005927a-page 1
package types table 1.?pin configuration pin function nc no connect gnd ground sda serial data scl serial clock input v cc power supply figure 1.?package types 1 2 3 4 nc nc nc gnd 8 7 6 5 v cc nc scl sda 8-pad udfn (top view) 1 2 3 4 nc nc nc gnd 8 7 6 5 v cc nc scl sda 8-lead soic (top view) 3-lead contact (top view) 1 2 3 sda gnd v cc ATECC508A ? 2017 microchip technology inc. datasheet complete ds20005927a-page 2
table of contents features.......................................................................................................................... 1 applications..................................................................................................................... 1 package types................................................................................................................2 1. introduction................................................................................................................7 1.1. applications.................................................................................................................................. 7 1.2. device features........................................................................................................................... 7 1.3. cryptographic operation.............................................................................................................. 8 1.4. commands................................................................................................................................... 9 2. device organization................................................................................................ 10 2.1. eeprom data zone.................................................................................................................. 10 2.1.1. certificate storage....................................................................................................... 11 2.2. eeprom configuration zone.................................................................................................... 13 2.2.1. slotconfig (bytes 20 to 51)..........................................................................................16 2.2.2. read permissions........................................................................................................17 2.2.3. write permissions........................................................................................................18 2.2.4. writing ecc private keys............................................................................................19 2.2.5. keyconfig (bytes 96 through 127)...............................................................................19 2.2.6. special memory values in the config zone (bytes 0 through 12)............................... 23 2.3. eeprom one time programmable (otp) zone.......................................................................23 2.4. eeprom locking...................................................................................................................... 24 2.4.1. configuration zone locking.........................................................................................24 2.4.2. data and otp zone locking....................................................................................... 24 2.4.3. individual slot locking................................................................................................. 25 2.5. static ram (sram) memory......................................................................................................26 2.5.1. tempkey......................................................................................................................26 3. security information.................................................................................................28 3.1. cryptographic standards............................................................................................................28 3.1.1. sha-256...................................................................................................................... 28 3.1.2. hmac/sha-256...........................................................................................................28 3.1.3. elliptic curve digital signature algorithm (ecdsa).................................................... 28 3.1.4. elliptic curve diffie-hellman (ecdh)...........................................................................28 3.2. key uses and restrictions......................................................................................................... 29 3.2.1. diversified keys........................................................................................................... 29 3.2.2. rolled keys..................................................................................................................29 3.2.3. created ecc keys...................................................................................................... 29 3.2.4. created secret keys....................................................................................................30 3.2.5. high endurance monotonic counters..........................................................................30 3.2.6. limited use key (slot 15 only).................................................................................... 30 3.2.7. password checking..................................................................................................... 31 ? 2017 microchip technology inc. datasheet complete ds20005927a-page 3
3.2.8. transport keys.............................................................................................................32 3.2.9. authorized keys...........................................................................................................32 3.3. security features....................................................................................................................... 33 3.3.1. physical security......................................................................................................... 33 3.3.2. random number generator (rng).............................................................................33 4. general i/o information........................................................................................... 34 4.1. byte and bit ordering................................................................................................................. 34 4.1.1. ecc key formatting....................................................................................................34 4.2. sharing the interface.................................................................................................................. 35 5. single-wire interface............................................................................................... 37 5.1. i/o tokens.................................................................................................................................. 37 5.2. i/o flags.....................................................................................................................................38 5.3. synchronization..........................................................................................................................38 5.3.1. i/o timeout.................................................................................................................. 38 5.3.2. synchronization procedures........................................................................................39 6. i 2 c interface.............................................................................................................40 6.1. i/o conditions.............................................................................................................................40 6.1.1. device is asleep.......................................................................................................... 40 6.1.2. device is awake.......................................................................................................... 40 6.2. i 2 c transmission to ATECC508A...............................................................................................42 6.2.1. word address values.................................................................................................. 42 6.2.2. command completion polling..................................................................................... 43 6.3. sleep sequence......................................................................................................................... 43 6.4. idle sequence............................................................................................................................ 43 6.5. i 2 c transmission from the ATECC508A.................................................................................... 44 6.6. address counter........................................................................................................................ 44 6.7. smbus timeout.......................................................................................................................... 45 6.8. i 2 c synchronization....................................................................................................................45 7. general purpose i/o pin......................................................................................... 47 8. electrical characteristics......................................................................................... 49 8.1. absolute maximum ratings........................................................................................................49 8.2. reliability.................................................................................................................................... 49 8.3. ac parameters: all i/o interfaces.............................................................................................. 49 8.3.1. ac parameters: single-wire interface.........................................................................50 8.3.2. ac parameters: i 2 c interface...................................................................................... 52 8.4. dc parameters: all i/o interfaces.............................................................................................. 53 8.4.1. v ih and v il specifications............................................................................................53 9. security commands................................................................................................ 55 9.1. i/o groups..................................................................................................................................55 9.1.1. security command packets........................................................................................ 55 9.1.2. status/error codes...................................................................................................... 56 9.1.3. command opcodes, short descriptions, and execution times.................................. 57 ATECC508A ? 2017 microchip technology inc. datasheet complete ds20005927a-page 4
9.1.4. address encoding........................................................................................................58 9.1.5. zone encoding.............................................................................................................60 9.1.6. watchdog fail-safe..................................................................................................... 60 9.2. checkmac command...............................................................................................................61 9.3. counter command................................................................................................................. 62 9.4. derivekey command............................................................................................................ 63 9.5. ecdh command........................................................................................................................ 65 9.6. gendig command................................................................................................................... 66 9.7. genkey command................................................................................................................... 69 9.8. hmac command........................................................................................................................ 71 9.9. info command........................................................................................................................ 73 9.10. lock command........................................................................................................................ 74 9.11. mac command...........................................................................................................................76 9.12. nonce command......................................................................................................................77 9.13. pause command......................................................................................................................79 9.14. privwrite command............................................................................................................ 79 9.15. random command................................................................................................................... 81 9.16. read command........................................................................................................................ 81 9.17. sha command...........................................................................................................................83 9.18. sign command........................................................................................................................ 84 9.19. updateextra command....................................................................................................... 86 9.20. verify command................................................................................................................... 87 9.21. write command......................................................................................................................90 9.21.1. input data encryption.................................................................................................. 91 10. compatibility............................................................................................................ 93 10.1. microchip atsha204a...............................................................................................................93 10.2. microchip atecc108a...............................................................................................................93 11. mechanical.............................................................................................................. 94 11.1. wiring configuration for single-wire interface........................................................................... 94 12. package marking information..................................................................................95 13. package drawings...................................................................................................96 13.1. 8-lead soic................................................................................................................................96 13.2. 8-pad udfn............................................................................................................................... 99 13.3. 3-lead contact..................................................................................................................... 102 14. revision history.....................................................................................................104 the microchip web site.............................................................................................. 105 customer change notification service........................................................................105 customer support....................................................................................................... 105 ATECC508A ? 2017 microchip technology inc. datasheet complete ds20005927a-page 5
product identification system...................................................................................... 106 microchip devices code protection feature............................................................... 107 legal notice.................................................................................................................107 trademarks................................................................................................................. 107 quality management system certified by dnv...........................................................108 worldwide sales and service......................................................................................109 ATECC508A ? 2017 microchip technology inc. datasheet complete ds20005927a-page 6
1. introduction 1.1 applications the ATECC508A device is a member of the microchip cryptoauthentication ? family of crypto engine authentication devices with highly secure hardware-based key storage. the ATECC508A device has a flexible command set that allows use in many applications, including the following: ? network/iot node protection - authenticates node ids, ensures the integrity of messages, and supports key agreement to create session keys for message encryption. ? anti-counterfeiting - validates that a removable, replaceable, or consumable client is authentic. examples of clients could be system accessories, electronic daughter cards, or other spare parts. it can also be used to validate a software/firmware module or memory storage element. ? protecting firmware or media - validates code stored in flash memory at boot to prevent unauthorized modifications, encrypt downloaded program files as a common broadcast, or uniquely encrypt code images to be usable on a single system only. ? storing secure data - stores secret keys for use by crypto accelerators in standard microprocessors. programmable protection is available using encrypted/authenticated reads and writes. ? checking user password - validates user-entered passwords without letting the expected value become known, maps memorable passwords to a random number, and securely exchanges password values with remote systems. 1.2 device features the ATECC508A includes an eeprom array which can be used for storage of up to 16 keys, certificates, miscellaneous read/write, read-only or secret data, consumption logging, and security configurations. access to the various sections of memory can be restricted in a variety of ways and then the configuration can be locked to prevent changes. the ATECC508A features a wide array of defense mechanisms specifically designed to prevent physical attacks on the device itself, or logical attacks on the data transmitted between the device and the system(see section security features ). hardware restrictions on the ways in which keys are used or generated provide further defense against certain styles of attack(see section key uses and restrictions ). access to the device is made through a standard i 2 c interface at speeds of up to 1 mb/s(see section i 2 c interface ). the interface is compatible with standard serial eeprom i 2 c interface specifications. the device also supports a single-wire interface (swi), which can reduce the number of gpios required on the system processor, and/or reduce the number of pins on connectors(see section single-wire interface ). if the single-wire interface is enabled, the remaining pin is available for use as a gpio, an authenticated output or tamper input(see section general purpose i/o pin ). using either the i 2 c or single-wire interface, multiple ATECC508A devices can share the same bus, which saves processor gpio usage in systems with multiple clients such as different color ink tanks or multiple spare parts, for example. see sections sharing the interface and pause command for more details regarding single-wire interface implementation. ATECC508A introduction ? 2017 microchip technology inc. datasheet complete ds20005927a-page 7
each ATECC508A ships with a guaranteed unique 72-bit serial number. using the cryptographic protocols supported by the device, a host system or remote server can verify a signature of the serial number to prove that the serial number is authentic and not a copy. serial numbers are often stored in a standard serial eeprom; however, these can be easily copied with no way for the host to know if the serial number is authentic or if it is a clone. the ATECC508A can generate high-quality fips random numbers and employ them for any purpose, including usage as part of the devices crypto protocols. because each random number is guaranteed to be essentially unique from all numbers ever generated on this or any other device, their inclusion in the protocol calculation ensures that replay attacks (i.e. re-transmitting a previously successful transaction) will always fail(see sections random number generator (rng) and random command ). system integration is easy due to a wide supply voltage range (of 2.0v to 5.5v) and an ultra-low sleep current (of <150 na). complete dc parametrics are found in section electrical characteristics . multiple package options are available (see sections product identification system and package drawings ). see section compatibility for information regarding compatibility with the microchip atsha204a and atecc108a devices. 1.3 cryptographic operation the ATECC508A implements a complete asymmetric (public/private) key cryptographic signature solution based upon elliptic curve cryptography and the ecdsa signature protocol. the device features hardware acceleration for the nist standard p256 prime curve and supports the complete key life cycle from high quality private key generation, to ecdsa signature generation, ecdh key agreement, and ecdsa public key signature verification. the hardware accelerator can implement such asymmetric cryptographic operations from ten to one- thousand times faster than software running on standard microprocessors, without the usual high risk of key exposure that is endemic to standard microprocessors. the device is designed to securely store multiple private keys along with their associated public keys and certificates. the signature verification command can use any stored or an external ecc public key. public keys stored within the device can be configured to require validation via a certificate chain to speed up subsequent device authentications. random private key generation is supported internally within the device to ensure that the private key can never be known outside of the device. the public key corresponding to a stored private key is always returned when the key is generated and it may optionally be computed at a later time. the ATECC508A also supports a standard hash-based challenge-response protocol in order to simplify programming. in its most basic instantiation, the system sends a challenge to the device, which combines that challenge with a secret key via the mac , hmac or sha commands and then sends the response back to the system. the device uses a sha-256 cryptographic hash algorithm to make that combination so that an observer on the bus cannot derive the value of the secret key, but preserving the ability of a recipient to verify that the response is correct by performing the same calculation with a stored copy of the secret on the recipients system. due to the flexible command set of the ATECC508A, these basic operation sets (i.e. ecdsa signatures, ecdh key agreement and sha-256 challenge-response) can be expanded in many ways. using the gendig command(see section gendig command ), the values in other slots can be included in the response digest or signature, which provides an effective way of proving that a data read really did come from the device, as opposed to being inserted by a man-in-the-middle attacker. this same command can ATECC508A introduction ? 2017 microchip technology inc. datasheet complete ds20005927a-page 8
be used to combine two keys with the challenge, which is useful when there are multiple layers of authentication to be performed. in a host-client configuration where the host (for instance, a mobile phone) needs to verify a client (for instance, an oem battery), there is a need to store the secret in the host in order to validate the response from the client. the checkmac command(see section checkmac command ) allows the device to securely store the secret in the host system and hides the correct response value from the pins, returning only a yes or no answer to the system. finally, the hash combination of a challenge and secret key can be kept on the device and xored with the contents of a slot to implement an encrypted read command(see section read command ), or it can be xored with encrypted input data to implement an encrypted write command(see section write command ). all hashing functions are implemented using the industry-standard sha-256 secure hash algorithm, which is part of the latest set of high-security cryptographic algorithms recommended by various government agencies and cryptographic experts(see section sha-256 and section hmac/sha-256 ). the ATECC508A employs full-sized 256-bit secret keys to prevent any kind of exhaustive attack. 1.4 commands the ATECC508A is a command-based device which receives commands from the system, executes those commands, and then returns a result or error code. within this document, the following nomenclature is used to describe the various commands: ? security commands: described in section security commands . this group of commands generally access the eeprom space and/or perform cryptographic computation. these commands are indicated with a special font in this document (e.g. gendig ) and are available from all interfaces. ? cryptographic commands: this subset of the security commands includes all the ecc commands which access the hardware ecc accelerator ( genkey , sign , ecdh , and verify ) and the sha commands which access the hardware sha accelerator ( checkmac , derivekey , gendig , hmac , mac , sha , and nonce ). ATECC508A introduction ? 2017 microchip technology inc. datasheet complete ds20005927a-page 9
2. device organization the ATECC508A contains an integrated eeprom storage memory and sram buffer. the eeprom memory contains a total of 11,200 bits and is divided into the following zones: table 2-1.?ATECC508A zones zone description nomenclature data zone of 1,208 bytes (9.7 kb) split into 16 general purpose read-only or read/write memory slots of 36 bytes (288 bits), 72 bytes (576 bits), or 416 bytes (3,328 bits) each that can be used to store keys (public or private), signatures, certificates, calibration, model number, or other information, typically that relate to the item to which the ATECC508A device is attached. the access policy of each data slot is determined by the values programmed into the corresponding configuration values. however, the policies become effective upon setting the lockvalue byte only. slot = the entire contents stored in slot yy of the data zone. configuration zone of 128 bytes (1,024-bit) eeprom that contains the serial number and other id information, as well as, access policy information for each slot of the data memory. the values programmed into the configuration zone will determine the access policy of how each data slot will respond. the configuration zone can be modified until it has been locked ( lockconfig set to ! =0x55 ). in order to enable the access policies, the lockvalue byte must be set. (see section above) sn = a range of bytes within a field of the configuration zone. one time programmable (otp) zone of 64 bytes (512 bits) of otp bits. prior to locking the otp zone, the bits may be freely written using the standard write command. the otp zone can be used to store read-only data or one-way fuse type consumption logging information. otp = a byte within the otp zone, while otp indicates a range of bytes. terms discussed within this document will have the following meanings: table 2-2.?document terms term meaning block a single 256-bit (32-byte) area of a particular memory zone. the industry sha-256 documentation also uses the term block to indicate a 512-bit section of the message input. within this document, this convention is used only when describing hash input messages. keyid keyid is equivalent to the slot number for those slots designated to hold key values. key 1 is stored in slot<1> and so on. while all 16 slots can potentially hold keys, those slots which are configured to permit clear-text reads would not normally be used as private or secret keys by the crypto commands. param indicates bit b of a command parameter or configuration byte. sram contains input and output buffers, as well as state storage locations. see section static ram (sram) memory . 2.1 eeprom data zone the data zone is broken into 16 slots, for which access restrictions are individually programmable. while all slots can be used for private or secret keys or user data, only slots 8 through 15 are large enough to ATECC508A device organization ? 2017 microchip technology inc. datasheet complete ds20005927a-page 10
store an ecc public key or ecdsa certificate/signature. when a slot is used for a private or secret key, the excess memory not required by the particular algorithm is generally unusable. the following table lists the typical uses for each group of slots, along with any special characteristics of slots within that group. table 2-3.?data zone slot blocks (n ote) bytes bits typical use notes 0-7 2 36 288 private or secret key can also be used for data. 8 13 416 3328 data reads and writes can be configured to be restricted in the same manner as all other slots. if this slot is used as a key, then the remaining bytes not required for the secret or private key storage will be ignored. 9-14 3 72 576 public key, signature or certificate for curves supported by this device, these slots are large enough to contain both the x and y components of an ecdsa public key or the r and s components of an ecdsa signature. 15 3 72 576 private data, secret key, signature, or certificate this is the only slot that supports the 128 count limited use feature (section limited use key (slot 15 only) ), if this feature is not required, then it can otherwise be used for the same purposes as slots 9 through 14. note:? the last block in some data slots contains fewer than 32 bytes. data slots which contain ecc public or private keys should be formatted according to section ecc key formatting . the device uses the keytype and pubinfo fields of keyconfig to determine what is stored in a slot. private keys can never be read from the device under any circumstances. ecc key slot contents may not be usable by the ecc commands unless they are validated as follows: ? ecc private keys : prior to the first privwrite or genkey(create) command execution on a slot, private keys are invalid. the key may also be invalid if the privwrite command is started, but power is interrupted prior to its completion. ? ecc public keys : the key must be validated using an input signature and the ecc verify command if the pubinfo bit of keyconfig is one. if that bit is zero, then ecc usage does not depend on the key verify operation. these keys may be stored in slots 8 through 15 only. this feature is optional. 2.1.1 certificate storage the amount of storage required for a full x.509 certificate within the device can rapidly use up multiple eeprom memory slots. depending on the actual application it may or may not be desirable to use these slots for certificate storage. due to these memory limitations, microchip has defined an encoding that allows for a full x.509 certificate to be reconstructed from a minimal amount of information. the host system would actually be responsible for reconstructing the full x.509 certificate, but how to do this will be determined by the data stored in the encoded certificate. data that is common to all devices for a given system can be readily stored in the host system. other data can be readily calculated or extracted from data that is already stored in the device. table 2-4 indicates the type of data that is stored in an x.509 certificate and how it can be encoded to fit into a single 72 byte slot. ATECC508A device organization ? 2017 microchip technology inc. datasheet complete ds20005927a-page 11
table 2-4.?certificate storage x.509 certificate encoded certificate x.509 element size (bytes) encoded certificate element device cert (bits) signer cert (bits) serial number 8-20 serial number source 4 4 issue date 13 compressed format 19 19 expire date 13 number of years before expiration 5 5 signer id (2) 4 id of the specific signer used to sign the certificate (device cert) or of the signer itself (signer cert) 16 16 authoritykeyidentifier 20 sha1 hash of the authority public key 0 0 subjectkeyidentifier 20 sha1 hash of the subject public key 0 0 signature r 32 stored in device 256 256 signature s 32 stored in device 256 256 public key x (1) 32 calculated from private key or stored in device (1) 0 256 public key y (1) 32 calculated from private key or stored in device (1) 0 256 n/a 0 cert format 4 4 n/a 0 template id 4 4 n/a 0 chain id 4 4 n/a 0 reserved/user defined 8 8 total (206 to 218 bytes) 576 bits/(72 bytes) 1088 bits/(136 bytes) note:? 1. for the device certificate the device public key can be regenerated from the private key. for the signer certificate the public key would typically be stored in a separate slot. 2. for the device, the id of the signer used to sign the certificate. for the signer, the id of the signer certificate so that it can be identified by the device. slot 8 contains a total of 416 bytes. depending on the size of the serial number stored in the cert, it may or may not be possible to store two complete certificates. often within devices where a chain of trust has been created, the device certificate, the signer certificate and the signer public key must be stored within the device. for more information, see the compressed certificate definition application note, which can be found at http://ww1.microchip.com/downloads/en/appnotes/atmel-8974-cryptoauth-atecc-compressed- certificate-definition-applicationnote.pdf ATECC508A device organization ? 2017 microchip technology inc. datasheet complete ds20005927a-page 12
2.2 eeprom configuration zone the 128 bytes in the configuration zone contain the manufacturing identification data, general device and system configuration information, and access policy control values for the slots within the data zone. it is organized as four blocks of 32 bytes each. the values of these bytes can always be obtained using the read command. the bytes of this zone are arranged as shown the table below: table 2-5.?configuration zone byte name description write read 0C3 sn<0:3> part of the serial number value. see section special memory values in the config zone (bytes 0 through 12) . never always 4C7 revnum device revision number. see section special memory values in the config zone (bytes 0 through 12) . never always 8C12 sn<4:8> part of the serial number value. see section special memory values in the config zone (bytes 0 through 12) . never always 13 reserved set by microchip. never always 14 i2c_enable bits 7-1: set by microchip and cannot be changed. the value in these bits will vary and software should not depend on any particular state. bit 0: 0 = the device operates in single-wire interface mode. 1 = the device operates in i 2 c interface mode. never always 15 reserved set by microchip. never always 16 i2c_address i 2 c mode: i2c_enable<0> is one, this field is the i2c_address with a default value of 0xc0 . bits 7-1: for i 2 c interface parts the most significant seven bits of this byte form the device address value to which this device will respond. bit 0: rfu must be zero. single wire interface mode: i2c_enable<0> is zero. bits 7-4: signalkey/keyid. if gpio_mode is 01 , the slot number for the gpio authorizing key. for all other modes, must be 0b0000 . bit 3: selects between the authorization modes. must be zero if gpio_mode is not 01 . 0 = authorization output mode. when an authorization is successfully performed on the slot in signalkey, the scl pin is asserted. 1 = intrusion detection mode. intrusion latch is set via authorization and cleared if scl falls. bit 2: default state of scl pin on power-up when configured as an output. if config unlocked always ATECC508A device organization ? 2017 microchip technology inc. datasheet complete ds20005927a-page 13
byte name description write read bits 1-0: gpio_mode (see section general purpose i/o pin ). 00 = disabled. scl pin is unused should be tied low on the board. 01 = authorization modes, bit 3 determines device operation. 10 = input. current value on the scl pin returned by info command. 11 = output. scl may be driven high or low by info command. 17 reserved reserved. must be zero. if config unlocked always 18 otpmode 0xaa (read-only mode) = writes to the otp zone are forbidden when the otp zone is locked. reads of all words are permitted. 0x55 (consumption mode) = writes to the otp zone when the otp zone is locked; causes bits to transition only from a one to a zero. reads of all words are permitted. all other values of otp mode are reserved and should not be used. if config unlocked always 19 chipmode bits 7-3: must be set to zero. bit 2: watchdog duration. 0 = t watchdog is 1.3s, nominal. 1 = t watchdog is 10.0s, nominal. microchip recommends this be set to zero for the best security bit 1: ttlenable. 0 = input levels use a fixed reference. 1 = input levels are v cc referenced. bit 0: selectormode. 0 = selector can always be written with the updateextra command. 1 = selector can only be written if it currently has a value of zero. if config unlocked always 20C51 slotconfig two bytes of access and usage permissions and controls for each slot of the data zone. see section slotconfig (bytes 20 to 51) . if config unlocked always ATECC508A device organization ? 2017 microchip technology inc. datasheet complete ds20005927a-page 14
byte name description write read 52C59 counter<0> monotonic counter that can optionally be connected to keys via the slotconfig.limiteduse bit. can count to a value of 2,097,151 and can never be decremented. if config unlocked always 60C67 counter<1> second monotonic counter, not connected to any keys. if config unlocked always 68C83 lastkeyuse 128 bits to control limited use for keyid 15. initialized to 0xff. see section limited use key (slot 15 only) . if config unlocked always 84 userextra one byte value that can be modified via the updateextra command after the data zone has been locked. via update extra cmd only always 85 selector selects which device will remain in active mode after execution of the pause command. see sections , pause command and updateextra command ). via update extra cmd only always 86 lockvalue enables the data and otp zone polices set in the configuration zone. 0x55 = unlocked; 0x00 = locked. on shipment from microchip, this byte has a value of 0x55 corresponding to the unlocked state. after the lock command has been run, this byte will have a value of 0x00 . see section eeprom locking . when locked, the otp zone, when in consumption mode, can be modified only with the write command, and slots in the data zone can be modified only if the corresponding writeconfig field so indicates. when unlocked, the read command is prohibited within these two zones. via lock command only always 87 lockconfig controls the ability to modify the configuration zone. 0x55 = unlocked; 0x00 = locked. on shipment from microchip, this byte has a value of 0x55 corresponding to the unlocked state. after the lock command has been run, this byte will have a value of 0x00 . see section eeprom locking . via lock command only always 88C89 slotlocked a single bit for each slot. if the bit corresponding to a particular slot is zero, the contents of the slot cannot be modified under any circumstances. see section lock command . if config unlocked, via lock command always 90C91 rfu must be zero. if config unlocked always 92C95 x509format four individual format bytes are associated with the x.509 certificate formatting of public keys stored within the device. if the value of the byte associated with a particular public key is zero, then these formatting restrictions are ignored and that public key can be if config unlocked always ATECC508A device organization ? 2017 microchip technology inc. datasheet complete ds20005927a-page 15
byte name description write read validated with verify(validate) . unused bytes within this array must be zero, otherwise, the formatting must be as follows: bits 7C4: templatelength. the total number of blocks in the entire sha sequence which are required for the verify(validateexternal) command to properly validate a public key. bits 3C0: publicposition. the block number in which the public key must be inserted in the sha sequence for the verify(validateexternal) command to properly validate a public key. 96C 127 keyconfig two bytes of additional access and usage permissions and controls for each slot of the data zone. see section keyconfig (bytes 96 through 127) . if config unlocked always 2.2.1 slotconfig (bytes 20 to 51) the 16 slotconfig elements are used to configure the access protections for each of the 16 slots within the ATECC508A device. each configuration element consists of 16 bits, which control the usage and access for that particular slot or key. the slotconfig field is interpreted according to the following table when the data zone is locked. when the data zone is unlocked, these restrictions generally do not apply, and those slots not configured to contain private keys may freely be written and none may be read. table 2-6.?slotconfig bits (per slot) bit name description 15-12 writeconfig controls the ability to modify the data in this slot. see table 2-8 , table 2-9 , table 2-10 , table 2-11 , and write command . 11-8 writekey use this key to validate and encrypt data written to this slot. see section write command . 7 issecret 0 = the contents of this slot should contain neither confidential data nor keys. the genkey and sign commands will fail if issecret is set to zero for any ecc private key. 1 = the contents of this slot are secret C clear text reads are prohibited and both 4-byte reads and writes are prohibited. this bit must be set if encryptread is a one or if writeconfig has any value other than always to ensure proper operation of the device. see table 2-7 for additional information. 6 encryptread 0 = clear text reads may be permitted. 1 = reads from this slot will be encrypted using the procedure specified in the read command (section read command ) using readkey (bits 3-0 in this table) to generate the encryption key. no input mac is required. if this bit is set, then issecret must also be set (in addition, see the following table 2-7 ) 5 limiteduse 0 = there are no usage limitations. 1 = the key stored in the slot is limited use. see sections high endurance monotonic counters and limited use key (slot 15 only) . 4 nomac 0 = the key stored in the slot can be used by all commands. ATECC508A device organization ? 2017 microchip technology inc. datasheet complete ds20005927a-page 16
bit name description 1 = the key stored in the slot is intended for verification usage and cannot be used by the mac or hmac commands. when this key is used to generate or modify tempkey, then that value may not be used by the mac and hmac commands. also cannot be used with the sha command in hmac mode. 3-0 readkey use this keyid to encrypt data being read from this slot using the read command. see more information in the description for bit 6 in this table, the section read command , and table 2-7 for more details. 0x0 = then this slot can be the source for the checkmac/copy operation. see section password checking . do not use zero as a default. do not set this field to zero unless the checkmac/ copy operation is explicitly desired, regardless of any other read/write restrictions. slots containing private keys can never be read and this field has a different meaning: bit 3: 0 = ecdh master secret will be output in the clear. 1 = master secret will be written into slot n+1. (can only be set to 1 for even number slots and should always be 0 for odd number slots) this bit is ignored if bit 2 is zero. bit 2: 0 = ecdh operation is not permitted for this key. 1 = ecdh operation is permitted for this key. bit 1: 0 = internal signatures of messages are not enabled. 1 = internal signatures of messages generated by gendig or genkey are enabled. bit 0: 0 = external signatures of arbitrary messages are not enabled. 1 = external signatures of arbitrary messages are enabled. for slots containing public keys that can be validated (pubinfo is one, see section keyconfig (bytes 96 through 127) , this field stores the keyid that should be used to perform the validation. 2.2.2 read permissions read operations for most data slots are controlled by the state of issecret and encryptread, according to the following table. ecc private keys can never be read under any circumstances. table 2-7.?read operation permission issecret encryptread description 0 0 clear text reads are always permitted from this slot. slots set to this state should never be used as key storage. either 4 or 32 bytes may be read at a time. 0 1 prohibited. no security is guaranteed for slots using this code. 1 0 reads are never permitted from this slot. slots set to this state can still be used for key storage. 1 1 reads from this slot are encrypted using the encryption algorithm documented in section read command . the encryption key is in the slot specified by readkey. 4-byte reads and writes are prohibited. ATECC508A device organization ? 2017 microchip technology inc. datasheet complete ds20005927a-page 17
2.2.3 write permissions the 4-bit writeconfig field is interpreted by the write , derivekey , genkey and privwrite commands as shown in table 2-8 , table 2-9 , table 2-10 and table 2-11 where x means don't care. note:? the tables overlap: for example, a code of 0110 indicates a slot which can be written in encrypted form using the write command and can also be the target of an unauthorized derivekey command with the target as the source. keytype in the keyconfig field (see table 2-12 ) indicates whether the genkey or derivekey commands can be used on a particular slot; with genkey for ecc keys only, and derivekey for sha-256 keys. see section writing ecc private keys for special information regarding the writing of ecc private keys. ecc public keys are treated as normal data, and write permissions for those slots are described in this section. table 2-8.?write configuration bits: write command bit 15 bit 14 bit 13 bit 12 mode name description 0 0 0 0 always clear text writes are always permitted on this slot. slots set to always should never be used as key storage. either 4 or 32 bytes may be written to this slot. 0 0 0 1 pubinvalid if a validated public key is stored in the slot, writes are prohibited. use verify(invalidate) to invalidate prior to writing. do not use this mode unless the slot contains a public key. 0 0 1 x never writes are never permitted on this slot using the write command. slots set to never can still be used as key storage. 1 0 x x never writes are never permitted on this slot using the write command. slots set to never can still be used as key storage. x 1 x x encrypt writes to this slot require a properly computed mac, and the input data must be encrypted by the system with writekey using the encryption algorithm documented in the write command description (section write command ). 4 byte writes to this slot are prohibited. table 2-9.?write configuration bits: derivekey command bit 15 bit 14 bit 13 bit 12 source key (note) description 0 x 1 0 target derivekey command can be run without authorizing mac. ( roll ) 1 x 1 0 target authorizing mac required for derivekey command. ( roll ) 0 x 1 1 parent derivekey command can be run without authorizing mac. ( create ) 1 x 1 1 parent authorizing mac required for derivekey command. ( create ) x x 0 x slots with this value in the writeconfig field may not be used as the target of the derivekey command. ATECC508A device organization ? 2017 microchip technology inc. datasheet complete ds20005927a-page 18
note:? the source key for the computation performed by the derivekey command can either be the key directly specified in param2 (target) or the key at slotconfig.writekey (parent). see section key uses and restrictions . the issecret bit controls internal circuitry necessary for proper security for slots in which reads and/or writes must be encrypted or are prohibited altogether. it must also be set for all slots that are to be used as keys, including those created or modified with the derivekey command. specifically, to enable proper device operation, this bit must be set unless writeconfig is always . four byte accesses are generally prohibited to and from slots in which this bit is set. slots used to store key values should always have issecret set to one and encryptread set to zero (reads prohibited) for maximum security. for fixed key values, writeconfig should be set to never . when configured in this way, after the data zone is locked, there is no way to read or write the key; and it may only be used for crypto operations. some security policies require that secrets be updated from time to time. the ATECC508A supports this capability in the following way: writeconfig for the particular slot should be set to encrypt and slotconfig.writekey should point back to the same slot by setting writekey to the slot id. a standard write command can then be used to write a new value to this slot, provided that the authentication mac is computed using the old (i.e. current) key value. 2.2.4 writing ecc private keys ecc private keys are designated via the appropriate contents of keyconfig.keytype and keyconfig.private. they can never be written with the write and/or derivekey commands. instead, genkey and privwrite can be used to modify these slots. it is always an error to attempt to execute genkey or privwrite on a slot that is not configured to contain an ecc private key. slotconfig.writeconfig has the following interpretations for these commands: table 2-10.?write configuration bits: genkey command bit 15 bit 14 bit 13 bit 12 description x x 0 x genkey may not be used to write random keys into this slot. x x 1 x genkey may be used to write random keys into this slot. table 2-11.?write configuration bits: privwrite command bit 15 bit 14 bit 13 bit 12 mode name description x 0 x x forbidden privwrite will return an error if the target key slot has this value. x 1 x x encrypt writes to this slot require a properly computed mac and the input data must be encrypted by the system with slotconfig.writekey using the encryption algorithm documented in the privwrite command description (section privwrite command ). 2.2.5 keyconfig (bytes 96 through 127) the 16 keyconfig elements are used in addition to slotconfig to restrict the actions that can be performed using information stored in a particular slot. the keyconfig element is interpreted according to the table below when the data zone is locked. when the data zone is unlocked, these restrictions do not apply, with the exception that slots configured to contain private keys can be written only with the privwrite command. ATECC508A device organization ? 2017 microchip technology inc. datasheet complete ds20005927a-page 19
table 2-12.?keyconfig bits (per slot) bit name description 15-14 x509id the index into the x509format array within the configuration zone (addresses 92-95) which corresponds to this slot. if the corresponding format byte is zero, then the public key can be validated by any format signature by the parent. if the corresponding format byte is non-zero, then the validating certificate must be of a certain length; the stored public key must be located at a certain place within the message and the sha () commands must be used to generate the digest of the message. must be zero if the slot does not contain a public key. 13 rfu must be zero. 12 intrusiondisable 0 = then use of this key is independent of the state of the intrusionlatch. 1 = use of this key is prohibited for all commands other than genkey if the intrusionlatch is zero. genkey is permitted regardless of the state of the latch. 11-8 authkey if reqauth is one, this field points to the key that must be used for authorization before the key associated with this slot may be used. must be zero if reqauth is zero. 7 reqauth 0 = no prior authorization is required. 1 = before this key must be used, a prior authorization using the key pointed to by authkey must be completed successfully prior to cryptographic use of the key. applies to all key types, both public, secret, and private. see section authorized keys . 6 reqrandom this field controls the requirements for random nonces used by the following commands: genkey , mac , hmac , checkmac , verify , derivekey , and gendig . 0 = a random nonce is not required. 1 = a random nonce is required. 5 lockable 0 = slotconfig and remaining keyconfig bits control modification permissions. 1 = slot can be individually locked using the lock command. see the slotlocked field in the configuration zone to determine whether a slot is currently locked or not. applies to all slots, regardless of whether or not they contain keys. see section eeprom locking . 4-2 keytype if the slot contains an ecc public or private key, then the key type field below must be set to 0b100 . if the slot contains any other kind of data, key, or secret, then this field must be set to 0b111 for proper operation. 100 = p256 nist ecc key 111 = not an ecc key all other values are rfu (reserved for future use) 1 pubinfo if private indicates this slot contains an ecc private key: ATECC508A device organization ? 2017 microchip technology inc. datasheet complete ds20005927a-page 20
bit name description 0 = the public version of this key can never be generated. use this mode for the highest security. 1 = the public version of this key can always be generated. if private indicates that this slot does not contain an ecc private key, then this bit may be used to control validity of public keys. if so configured, the verify command will only use a stored public key to verify a signature if it has been validated. the sign and info commands are used to report the validity state. the public key validity feature is ignored by all other commands and applies only to slots 8 C 15. 0 = the public key in this slot can be used by the verify command without being validated. 1 = the public key in this slot can be used by the verify command only if the public key in the slot has been validated. when this slot is written for any reason, the most significant four bits of byte 0 of block 0 will be set to 0xa to invalidate the slot. the verify command can be used to write those bits to 0x5 to validate the slot. 0 private 0 = the key slot does not contain an ecc private key and cannot be used with the sign , genkey , ecdh and privwrite commands. it may contain an ecc public key, a sha key, or data. 1 = the key slot contains an ecc private key and can be used only with the sign , genkey , ecdh and privwrite commands. more information on select fields is described below. ? private: this bit indicates that the slot contains an ecc private key and it is used by the device to limit uses of this slot to the appropriate ecc commands. if this bit is set, then slotconfig.readkey is used to enable or disable the use of the private key for various operations. readkey<0> enables the use of the key for signatures of externally supplied data, while readkey<1> enables the use of the key to sign only messages that are stored in tempkey by the genkey or gendig commands. this mechanism permits a remote entity to have the knowledge that a particular key value or slot contents are stored within an ATECC508A device, and it prevents an attacker from creating an external message that would model an internal state that does not exist and create a signature of that state. ? pubinfo : for public keys, this field can be used to walk a certificate chain to validate the key. this feature is implemented using the verify command and the validation is stored in nonvolatile memory alongside the key so that subsequent uses of the public key do not require additional validation. these keys are always invalidated when any part of the slot containing the key is written. for private keys, this field can be used to increase security or privacy in some situations by preventing the generation of the public key corresponding to a private key. the presumption is that the public key has been stored elsewhere at the time the private key was generated or written into the device. this field is ignored when a random key is generated. the ATECC508A includes a method of walking either an x.509 certificate chain or a simplified internal format chain. see the sha and verify(validateexternal) commands for more details. ATECC508A device organization ? 2017 microchip technology inc. datasheet complete ds20005927a-page 21
? keytype: the four ecc commands that use ecc keys (i.e. genkey , sign , ecdh , and verify ) will operate only on data slots in which this field is set to one of the legal ecc key types. any attempt to use any sha-256 computation commands (i.e. checkmac , derivekey , mac , or hmac ) on a slot configured to be an ecc private key will result in an error. keys that will be the source or destination of the sha-256 computation commands (i.e. checkmac , derivekey , mac , or hmac ) should be set to a keytype of 0b111 . proper operation of the device is not guaranteed if these commands are attempted with any other keytype. the gendig command may operate on any slot type other than for ecc private keys. ? reqrandom: this field is useful in preventing replays of authorization and/or other cryptographic operations. keys that control encrypted reads and/or writes should have this field set to one under normal circumstances in order to provide data security. if this field is set to one, then prior to the execution of the checkmac , gendig , derivekey , verify , mac , and hmac commands, the random number generator (rng) must have been used by the nonce command to generate the contents of tempkey. if genkey is used to generate a public key digest of either a public or private key stored in a data zone slot, then the reqrandom field is used to ensure that the nonce in tempkey included the rng. ? reqauth : if this bit is set, then prior authorization of the key at keyconfig.authkey must have been completed prior to execution of any cryptographic command (i.e. checkmac , derivekey , gendig , genkey , mac , hmac , sign , or verify ) that uses this key. the derivekey command checks for usage authorization only for the parent key, and never the target key, unless it is the same as the parent key. the genkey command checks for usage authorization even when generating a new key to prevent denial of service attacks. the authorization state is stored in two internal volatile registers: C authvalid C authkeyid these registers are retained as long as power is applied, and the device does not enter the sleep mode. these registers are set by means of the execution of a successful checkmac or verify command with the key to be authorized as the target key of the command. checkmac must be run with mode<1> set to one, or verify must be run in stored mode to set authkeyid to the value in the keyid parameter to these commands. the checkmac and verify commands do not clear these bits on an unsuccessful authorization attempt unless the keys also happen to be used as the source key. authvalid is cleared under the following situations: C the device enters sleep mode or power is removed. C any command is executed that uses a key requiring prior authorization, regardless of which slot has been authorized and/or which slot was required to be authorized for this key. if there are multiple state or configuration errors preventing the proper execution of the command, then authvalid may or may not be cleared depending upon the specific error conditions encountered. ATECC508A device organization ? 2017 microchip technology inc. datasheet complete ds20005927a-page 22
2.2.6 special memory values in the config zone (bytes 0 through 12) various fixed information is included in the ATECC508A that can never be written under any circumstances and can always be read, regardless of the state of the lock bits. ? serialnum nine bytes (sn<0:8>) that together form a unique value that is never repeated for any device in the cryptoauthentication family. the serial number is divided into two groups: C sn<0:1> and sn<8> the values of these bits are fixed at manufacturing time in most versions of the ATECC508A. their default value is 0x01 23 ee. these 24 bits are always included in the cryptographic computations that the ATECC508A makes. C sn<2:3> and sn<4:7> the values of these bits are programmed by microchip during the manufacturing process and are different for every die. these 48 bits are optionally included in some cryptographic computations that are made by the ATECC508A. ? revnum four bytes of information that are used by microchip to provide manufacturing revision information. these bytes can be freely read as revnum<0:3>, but they should never be used by system software because they may be revised by microchip occasionally. 2.3 eeprom one time programmable (otp) zone the otp zone of 64 bytes (512 bits) is part of the eeprom array, and can be used for read-only storage or consumption logging purposes. it is organized as two blocks of 32 bytes each. prior to locking the configuration zone (lockconfig =0x55 ), the otp zone is inaccessible and can be neither read nor written. after configuration locking, but prior to locking of the otp zone (lockvalue =0x55 ), the entire otp zone can be written using the write command. if desired, the data to be written can be encrypted. prior to locking the data/otp zones using lockvalue, this zone cannot be read at all. once the otp zone is locked, the otpmode byte in the configuration zone controls the access permissions of this zone as follows: ? read-only mode the data cannot be modified and would be used to store fixed model numbers, calibration information, manufacturing history, or other data that should never change. the write command will always return an error and leave the memory unmodified. all 64 bytes within the otp zone are always available for reading using either 4 or 32 byte reads. ? consumption mode the bits function as one-way fuses and can be used to track consumption or usage of the item to which the ATECC508A device is attached. in a battery, for example, they might be used to track charging cycles or use time. in a printer ink cartridge, they might track the quantity of material consumed. in a medical device, they might track the number of permitted uses for a limited use item. the write command can only cause bits to transition from a one to a zero. logically, this means that the data value in the input parameter list will be anded with the current value in the word(s), and the result written back to memory. as an example, writing a value of 0xff results in no change to the byte and writing a value of 0x00 causes the byte in memory to go to zero, regardless of the previous value. once a bit has transitioned to a zero, it can never transition back to a one. all 64 bytes within the otp zone are always available for reading using either 4 or 32 byte reads. ATECC508A device organization ? 2017 microchip technology inc. datasheet complete ds20005927a-page 23
all otp bits have a value of one upon shipment from the microchip factory. 2.4 eeprom locking there are two separate lock states for the device: ? one to lock the configuration zone (that is controlled by lockconfig, byte 87). ? one to lock both the otp and data zones (that are controlled by lockvalue, byte 86). these lock values are stored within separate bytes in the configuration zone, and they can be modified only by means of the lock command. after a memory zone is locked, there is no way to unlock it. the device should be personalized at the system manufacturers site with the desired configuration information; after which, the configuration zone should be locked. then, all necessary writes of public and secret information into the data and otp zones should be performed by using encrypted writes, if appropriate, and then the data and otp zones should be locked. it is vital that the data and otp zones be locked prior to release into the field of the system containing the device. failure to lock these zones may permit modification of any secret keys and may lead to other security problems. any attempt to read or write the data or otp zones prior to locking the configuration zone causes the device to return an error. note:? contact microchip for optional secure personalization services. 2.4.1 configuration zone locking certain bytes within the configuration zone can never be modified in the field regardless of the lock status, per table 2-5 . write permission for most of the remaining bytes within the zone is controlled using the lockconfig byte in the configuration zone as shown in table 2-13 . throughout this document, if lockconfig is 0x55 , the configuration zone is said to be unlocked; otherwise, it is locked. the lockconfig byte can only be set via the lock command. once the configuration zone has been locked it can never be unlocked and no values within the config zone can be updated via direct write commands. some configuration values can be set by other commands such as the lock command when doing individual slot locking. values within the configuration zone can always be read. table 2-13.?configuration zone locking read access write access lockconfig == 0x55 (unlocked) read write lockconfig != 0x55 (locked) read 2.4.2 data and otp zone locking once the configuration zone has been locked, secret and/or read-only data can be written into the slots of the data zone and the otp zone. most write access restrictions are ignored when the data zone is unlocked. throughout this document, if lockvalue is 0x55 , then both the otp and data zones are said to be unlocked; otherwise, they are locked. the lockvalue byte can only be set with the lock command. locking the data/otp zone does not mean that the values in these zones cannot be modified; locking indicates that the slot now behaves according to the policies set by the associated configuration zones values. once the lockvalue byte has been set it can never be cleared. note:? there is neither read nor write access to the otp and data zones prior to locking of the configuration zone. ATECC508A device organization ? 2017 microchip technology inc. datasheet complete ds20005927a-page 24
table 2-14.?data and otp zone access restrictions read access write access lockvalue == 0x55 (unlocked) write lockvalue != 0x55 (locked) read write note note:? after the data/otp zones are locked using lockvalue, reads and writes of the otp zone additionally depend on the state of the otp mode bytes in the configuration zone. see eeprom one time programmable (otp) zone for more information. 2.4.3 individual slot locking ATECC508A provides a mechanism for one-time locking of any of the 16 data slots. once a slot is individually locked, the slot can no longer be modified under any circumstances. this mechanism is controlled by the 16-bit field slotlocked in the configuration zone and the lockable bit within each of the 16 keyconfig words. the slotlocked and lockable bits can be freely written using the write command prior to locking of the configuration zone. ? slotlocked bits if the slotlocked bit for a particular slot is set to zero after the configuration zone is locked, then modification of that slot via the privwrite , write , genkey , and/or derivekey commands is permanently prohibited, regardless of the state of the corresponding lockable, slotconfig and/or keyconfig bits. when slotlocked is zero, then the corresponding slot cannot be written even if the data zone is unlocked. ? lockable bits after the configuration zone is locked, the state of the lockable bit for a particular slot controls whether or not the lock command will be permitted to change the slotlocked bit for the corresponding slot, per the table below. if lockable is one, then the lock command can be used to modify the slotlocked bit either before or after the data zone is locked. table 2-15.?individual slot locking after configuration zone is locked slotlocked bit lockable bit lock command privwrite , write , derivekey , and genkey commands notes 0 0 or 1 no no not writeable. 1 0 no yes writeable but not lockable. 1 1 yes yes writeable and lockable. individually lockable slots can contain either secret information or readable data and may be used in one of two ways: ? the configuration zone and non-lockable data slots should be initialized and locked in the usual manner by the oem. after the data zone has been locked, those particular slots marked as lockable can then be modified and individually locked in the field at some point in the future. ? after the configuration zone is locked, some slots can be personalized and locked by the oem prior to transfer of the device/component to a second party such as a subcontractor or distributor that personalizes the remaining slots, and then locks the data zone prior to shipment of the device into the field. the lock command does not provide a crc validation mechanism when using the individual slot locking mechanism. if slots are locked prior to locking of the entire data zone, then the contents may be validated ATECC508A device organization ? 2017 microchip technology inc. datasheet complete ds20005927a-page 25
at the time of data/otp locking. after the data/otp zones are locked, either the read , checkmac , or mac commands can be used to validate the slot contents prior to individual slot locking. note:? validation of a public key via the verify command can occur regardless of the state of the slotlocked bit for that slot. 2.5 static ram (sram) memory the device includes an sram array that is used to store the input command or output result, intermediate computation values, and/or an ephemeral key. the entire contents of this memory are always invalidated whenever the device goes into sleep mode or the power is removed. the ephemeral key is named tempkey and can be used as an input to the mac , hmac , checkmac , gendig , sign , verify , and derivekey commands. it is also used as the data protection (encryption or decryption) key by the read and write commands. 2.5.1 tempkey tempkey is a storage register in the sram array that can be used to store an ephemeral result value from the nonce , gendig , sha , or genkey commands. the contents of the 32 byte data value in this register can never be read from the device (although the device itself can read and use the contents internally). the info command can be used to return the value of the nine status/flag bits within this register. execution of gendig or genkey replaces the old contents of tempkey with the new calculated output, which is a combination of the old tempkey value and other information. execution of the nonce command or the copy mode of the checkmac command completely replaces any previous output of the gendig or genkey commands. this register contains the elements shown in the table below: table 2-16.?tempkey storage register name length description tempkey 256-bit (32 byte) nonce (from nonce command) or digest (from gendig or genkey(digest) commands). keyid 4 bits if tempkey was generated by gendig or genkey , these bits indicate which key was used in its computation. the four bits represent one of the slots of the data zone. sourceflag 1 bit the source of the randomness in tempkey: 0 = internally generated random number (rand). 1 = input seed only, no internal random generation (input). gendigdata 1 bit 0 = tempkey was not generated by gendig . 1 = the contents of tempkey were generated by gendig using one of the slots in the data zone (and tempkey.keyid will be meaningful). genkeydata 1 bit 0 = tempkey.keyid was not generated by genkey . 1 = the contents of tempkey were generated by genkey using one of the slots in the data zone (and tempkey.keyid will be meaningful). ATECC508A device organization ? 2017 microchip technology inc. datasheet complete ds20005927a-page 26
name length description nomacflag 1 bit 0 = the contents of tempkey were generated and can be used with any of the mac commands. 1 = the contents of tempkey were generated using the value in a slot for which slotconfig.nomac is one, and therefore cannot be used by the mac and hmac commands. if multiple slots were used in the calculation of tempkey, then this bit will be set if slotconfig.nomac was set for any of those slots. also cannot be used with the sha command in hmac mode. valid 1 bit 0 = the information in tempkey is invalid. 1 = the information in tempkey is valid. in this specification, tempkey refers to the contents of the 256-bit data register. the remaining bit fields are referred to as tempkey.sourceflag, tempkey.gendigdata, and so forth. the tempkey.valid bit is cleared to zero during power-up, sleep, brown-out, watchdog expiration, or tamper detection. the contents of tempkey are retained when the device enters idle mode. depending upon the command and the circumstances, the tempkey.valid bit is also cleared as follows: ? nonce , genkey , or gendig commands : tempkey.valid will be cleared on any error other than crc (communications) or ecc (retry). ? checkmac command : tempkey.valid will be cleared unless a successful copy takes place (section password checking ). ? info command : tempkey.valid is not modified regardless of success or failure. ? all others : tempkey.valid will be cleared for all return codes (including success) other than crc (communications) or ecc (retry). ATECC508A device organization ? 2017 microchip technology inc. datasheet complete ds20005927a-page 27
3. security information 3.1 cryptographic standards the ATECC508A follows various industry standards for the computation of cryptographic results. these reference documents are described in the sections below. 3.1.1 sha-256 the ATECC508A mac command calculates the digest of a secret key concatenated with the challenge or nonce. it optionally includes various other pieces of information stored on the device within the digested message. the ATECC508A computes the sha-256 digest based upon the algorithm documented in the following website: http://nvlpubs.nist.gov/nistpubs/fips/nist.fips.180-4.pdf the complete sha-256 message processed by the ATECC508A is listed in section security commands for each of the particular commands that use the algorithm. most standard software implementations of the algorithm automatically add the appropriate number of pad and length bits to this message to match the operation the device performs internally. the sha-256 algorithm is also used for encryption by taking the output digest of the hash algorithm and xoring it with the plain text data to produce the ciphertext. decryption is the reverse operation, in which the ciphertext is xored with the digest with the result being the plain text. 3.1.2 hmac/sha-256 the response to the challenge can also be computed using the hmac algorithm based upon the sha-256 documented at the following website: https://csrc.nist.gov/csrc/media/publications/fips/198/1/final/documents/fips-198-1_final.pdf because of the increased computation complexity, the hmac command is not as flexible as the mac command, and the computation time is extended for hmac. while the hmac sequence is not necessary to ensure the security of the digest, it is included for compatibility with various software packages. 3.1.3 elliptic curve digital signature algorithm (ecdsa) the ATECC508A computes and verifies the elliptic curve signatures according to the algorithm documented in: ansi x9.62-2005 https://www.ansi.org/ fips 186-4 specification http://nvlpubs.nist.gov/nistpubs/fips/nist.fips.186-4.pdf 3.1.4 elliptic curve diffie-hellman (ecdh) the ATECC508A executes the ecdh key agreement according to nist special publication 800-56a recommendations: http://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-56ar2.pdf https://csrc.nist.gov/csrc/media/publications/sp/800-56a/rev-2/final/documents/draft-sp-800-56a.pdf the ATECC508A does not implement the kdf portions of these specifications. ATECC508A security information ? 2017 microchip technology inc. datasheet complete ds20005927a-page 28
3.2 key uses and restrictions any slot in the eeprom data zone can be used to store a secret or private key. there are a number of ways in which the keys stored within the device can be used and/or their access restricted. see the following sections diversified keys to authorized keys for some of these concepts. the device should be properly configured to prevent any unwanted read and write access to all key slots, including the setting of the issecret bit. private keys can never be read from the device regardless of the values in the configuration zone. with the exception of transport keys documented in section transport keys , the most significant 12 bits of all keyid parameters should be zero. 3.2.1 diversified keys if the host or validating entity has a place to securely store secrets, or contains an ATECC508A device, the secret key values stored in the eeprom slot(s) of the clients can be diversified by using the serial number embedded in the device (sn<0:8>). in this manner, every client device can have a unique key, which can provide extra protection against known plaintext attacks and permit compromised serial numbers to be identified and blacklisted. to implement this operation, a root secret is externally combined with the devices serial number during personalization by using some cryptographic algorithm, and the result is written to the ATECC508A key slot. the ATECC508A gendig and checkmac commands provide a mechanism to securely generate and compare diversified keys, thereby eliminating this requirement from the host system. consult the following application note for more details: http://ww1.microchip.com/downloads/en/appnotes/doc8666.pdf 3.2.2 rolled keys in order to prevent repeated uses of the same secret key value, the ATECC508A supports key rolling. normally, after a certain number of uses (perhaps as few as one), the current key value is replaced with the sha-256 digest of its current value combined with some offset, which may either be a constant, something related to the current system (for example, a serial number or model number), or a random number. this capability is implemented using the derivekey command. prior to execution of the derivekey command, the nonce command must be run to load the offset into tempkey. one use for this capability is to permanently remove the original key from the device, and replace it with a key that is only useful in a particular environment. after the key is rolled, there is no possible way to retrieve the old keys value, which improves the security of the system. note:? any power interruption during the execution of the derivekey command in roll mode may cause the key to have an unknown value. if writing to a slot is enabled using bit 14 of slotconfig, such keys can be written in encrypted and authenticated form using the write command. alternatively, multiple copies of the key can be stored in multiple slots so that failure of a single slot does not incapacitate the system. 3.2.3 created ecc keys for the highest security, private ecc keys may be created within the ATECC508A using the internal high quality rng. these keys are guaranteed to be unique to this device since there is no mechanism for reading the value of an ecc private key from the ATECC508A. ATECC508A security information ? 2017 microchip technology inc. datasheet complete ds20005927a-page 29
the public key corresponding to the generated private key is returned to the system, and the device can also use another internally stored key to create a mac or signature (using the sign(internal) command) covering the new public key. 3.2.4 created secret keys there may be a need to have unique ephemeral symmetric keys on each client; a function also supported by the ATECC508A. with this mechanism, a parent key (that is specified by slotconfig.writekey) is combined with a fixed or random nonce to create a unique key, which is then used for any cryptographic purpose. the ability to create unique keys is especially useful if the parent key has usage restrictions (see sections high endurance monotonic counters and limited use key (slot 15 only) ). in this mode, the limited use parent can be employed to create an unlimited use child key. because the child key is useful only for this particular host-client pair, attacks on its value are less valuable. this capability is also implemented using the derivekey command. prior to execution of the derivekey command, the nonce command must be run to load the nonce value into tempkey. 3.2.5 high endurance monotonic counters the ATECC508A supports two independent high endurance nonvolatile monotonic counters that can count to a value of 2,097,151. their value never decreases and the storage elements are protected against count loss if the power is interrupted during an incrementing operation. the current value of the two counters can be read using the counter command, which can also be used to increment the counters. there is no way to reset the counters. the counters can be used in one of two methods: ? cryptographic counters : in this mode, the counter command is used to increment the value of the counters and the current value can be read via the same command. the two counters are independent. ? limited key use : counter<0> can be attached to any one (or more) of keys 0 C 14 via the slotconfig.limiteduse bit. if this bit is set, then any use of the keys will cause the counter to increment automatically prior to the operation being performed. if the counter has reached its limit, then the command will return an error code, and no counter change will occur. use of the keys for fewer than 2,097,151 times is facilitated by initializing the counters in the configuration zone to a lower value. contact microchip for details. the genkey , read , and write commands ignore the monotonic counter limited use feature. it is also ignored for the copied slot during checkmac/copy . 3.2.6 limited use key (slot 15 only) if slotconfig<15>.limiteduse is set, usage of key number 15 is limited through a different mechanism than the limitation described in the previous section (which applies only to slots 0 through 14). prior to any use of key 15 by a command, the following takes place: ? if all bytes in lastkeyuse are 0x00 , then return error. ? starting at bit 7 of the first byte of lastkeyuse (byte 68 in configuration zone), clear to zero the first bit, which is currently a one. if byte 68 is 0x00 , then check bit 7 of byte 69, and so forth up through byte 83. only a single bit is cleared each time prior to using key 15. ATECC508A security information ? 2017 microchip technology inc. datasheet complete ds20005927a-page 30
there is no reset mechanism for this limitation. after 128 uses (or the number of one bits set in lastkeyuse on personalization), key 15 is permanently disabled. this capability is not susceptible to power interruptions. even if the power is interrupted during execution of the command, only a single bit in lastkeyuse will be unknown, all other bits in lastkeyuse will be unchanged, and the key will remain unchanged. if fewer than 128 uses are desired for key 15, then some of the bytes within this array should not be initialized to 0xff. the only legal values for bytes within this field (besides 0xff ) are 0x7f, 0x3f, 0x1f, 0x0f, 0x07, 0x03, 0x01, or 0x00 . the total number of bits set to one indicates the number of uses. example : how to set 16 uses is shown as follows: 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 the limited use capability applies to the same commands, and in the same situations, in which they are checked for the limiteduse feature (see the previous section for more information). in addition, the verify command will check for single use restrictions on both the public key (when that key is stored internally), and the key to be validated when the command is run in validation mode and either is stored in slot 15. 3.2.7 password checking many applications require a user to enter a password to enable features, decrypt stored data, or perform some other task. typically, the expected password has to be stored somewhere in the memory, and therefore is subject to discovery. the ATECC508A can securely store the expected password and perform a number of useful operations upon it. the password is never passed in the clear to the device, and it cannot be read from the device. it is hashed with a random number in the system software before being passed to the device. the copy capability of the checkmac command enables the following types of password checking options: 1. checkmac does an internal comparison with the expected password and returns a boolean result to the system to indicate whether the password was correctly entered or not. 2. if the device determines that the correct password has been entered, then the value of the password can optionally be combined with a stored ephemeral value to create a key that can be used by the system for data protection purposes. 3. if the device determines that the correct password has been entered, then the device can use this fact to optionally release a secondary high entropy secret, which can be used for data protection without the risk of an exhaustive dictionary attack. 4. if the password has been lost, then an entity with knowledge of a parent key value can optionally write a new password into the slot. optionally, the current value can be encrypted with a parent key and read from the device. to prepare for this checkmac/copy capability, passwords should be stored in even numbered slots. if the password is to be mapped to a secondary value (using the third option above), then the target slot containing this value is located in the next higher slot number (i.e. the passwords slot number plus one); otherwise, the target slot is the same as the password slot. readkey for the target slot must be set to zero to enable this capability. in order to prevent fraudulent or unintended usage of this capability, do not set readkey for any slot to zero unless this checkmac/copy capability is specifically required. in ATECC508A security information ? 2017 microchip technology inc. datasheet complete ds20005927a-page 31
particular, do not assume that the other bits in the configuration word for a particular slot will override the enablement of this capability specified by readkey = 0 . this capability is only enabled if the mode parameter to checkmac has a value of 0x01 , indicating the following: ? the first 32 bytes of the sha-256 message are stored in a data slot in the eeprom (i.e. the password). ? the second 32 bytes of the sha-256 message must be a randomly generated nonce in the tempkey register. if the above conditions are met and the input response matches the internally generated digest, then the contents of the target key are copied to tempkey. the other tempkey register bits are set as follows: ? sourceflag is set to one (not random). ? gendigdata is set to zero (not generate by the gendig(data) command). ? nomacflag is set to zero (tempkey is usable by mac , hmac , and read commands). ? valid is set to one. see the microchip website for application notes with more detail on this capability. 3.2.8 transport keys the ATECC508A device includes an internal hardware array of keys that are used for secure personalization (i.e. transport keys). the values of the hardware keys are kept secret and are made available only to qualified customers upon request to microchip. these keys can be used with the gendig command only and are indicated by a keyid value greater than or equal to 0x8000 . for gendig and all other commands, keyid values of less than 0x8000 always reference keys that are stored in the data zone of the eeprom. in these cases, only the four least-significant bits of keyid are used to determine the slot number, while the entire 16-bit keyid as input is used in any sha-256 message calculation. 3.2.9 authorized keys the ATECC508A device provides an optional mechanism for restricting the use of any key to those users with knowledge of the appropriate authorization information. key authorization is a standard cryptographic requirement in many systems and can be used to prevent fraudulent use of a key if the device containing the key is stolen or lost. for instance, if a key is used as identification for a person, the authorizing value could be a password known only to that person. if the device with the id is stolen, then the thief cannot use the device to sign fraudulent messages since he or she does not know the password. the device can use either the checkmac or verify commands to implement this capability. if the validation succeeds, then an internal authvalid flag is set and the authorizing slot number is internally retained in authkeyid. the authvalid flag is cleared whenever the device wakes from sleep or is powered on. it is also cleared when any operation is performed on a key which requires authorization. prior to the authorization check, the nonce command must be run to load tempkey with a nonce. ? checkmac the authorization value is stored in any slot configured to contain a secret, and it is validated with a mac calculated using that secret and the nonce stored in tempkey. ? verify the authorizing slot must contain a valid ecc public key. the authorization value should be a ATECC508A security information ? 2017 microchip technology inc. datasheet complete ds20005927a-page 32
signature calculated using the corresponding private key calculated over the nonce stored in tempkey. this signature is then validated. depending upon the configuration of the slot containing the authorizing secret, a token can be externally stored, which can be repeatedly used for key authorization. if the authorizing slot is configured to require a random nonce (keyconfig.reqrandom is one), then a stored authorizing token will not work, and the authorizing digest or signature will have to be computed on the fly by the authorizing agent using the random nonce generated by the device. 3.3 security features 3.3.1 physical security the ATECC508A incorporates a number of physical security features designed to protect the eeprom contents from unauthorized exposure. the security measures include: ? active shield circuitry ? internal memory encryption ? glitch protection ? voltage tamper detection pre-programmed transport keys stored on the ATECC508A are encrypted in such a way as to make retrieval of their values using outside analysis very difficult. both the logic clock and logic supply voltage are internally generated, thus preventing any direct attack on these two signals using the pins of the device. 3.3.2 random number generator (rng) the ATECC508A includes a high-quality rng which returns 32 random bytes to the system. see https:// csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg for further documentation on nist cavp certification of this rng. the rng of the ATECC508A is identical to that of the atecc108a. the device generally combines this generated number with a separate input number to form a nonce that is stored within the device in tempkey and may be used by subsequent commands. the system may use this rng for any purpose. the device provides a special random command for such purposes that do not affect the internally stored nonce. random numbers are generated from a combination of the output of a hardware rng and an internal seed value, which is not externally accessible. the internal seed is stored in the eeprom and is normally updated once after every power-up or sleep/wake cycle. after the update, this seed value is retained in registers within the device that are invalidated if the device enters sleep mode, or the power is removed. to simplify system testing, prior to config locking the rng always returns the following value: ff ff 00 00 ff ff 00 00 where ff is the first byte read from the device and the first byte into the sha message. ATECC508A security information ? 2017 microchip technology inc. datasheet complete ds20005927a-page 33
4. general i/o information communications to the ATECC508A are through one of two different protocols. the protocols are selected by specifying the part number that is ordered: ? single-wire interface : uses a single gpio connection on the system microprocessor that is connected to the sda pin on the device. it permits the fewest number of pins connected to any removable or replaceable entity. the bit rate is up to 26kb/s. ? i 2 c interface : this mode is compatible with the i 2 c standard and also with the microchip at24c16 serial eeprom interface. two pins, serial data (sda) and serial clock (scl), are required. the i 2 c interface supports a bit rate of up to 1mb/s. note:? the ATECC508A and at24c16b have different default i 2 c addresses. the ATECC508A i 2 c address can be modified from default by writing a new value into the configuration zone. the lowest levels of the i/o protocols are described below. above the i/o protocol level, exactly the same bytes are transferred to and from the device to implement the security commands and error codes, which are documented in section security commands . note:? the device implements a fail-safe internal watchdog timer that forces it into a very low power mode after a certain time interval regardless of any current activity. system programming must take this into consideration. see section watchdog failsafe . 4.1 byte and bit ordering cryptoauthentication uses a common ordering scheme for bytes and also for the way in which numbers and arrays are represented in this datasheet: ? all multi-byte aggregate elements are treated as arrays of bytes and are processed in the order received or transmitted with index #0 first. ? 16 bit (2 byte) integers, typically param2, slotconfig or keyconfig, appear on the bus least- significant byte first. ? ecc keys appear on the bus, and are stored in eeprom, with the most significant 32-bit word at the lowest address. see section ecc key formatting for further information on ecc key formatting. in this document, the most-significant bit or nibble of a byte or 16-bit word appears towards the left hand side of the page. the bit order is different depending upon the i/o channel used: ? on the one-wire bus, data is transferred to and from the ATECC508A least significant bit (lsb) first on the bus. ? on the i 2 c interface, data is transferred to and from the ATECC508A most significant bit (msb) first on the bus. 4.1.1 ecc key formatting the format for public and private keys depends on the command and key length. in general, the most significant bytes (msb) appear first on the bus and at the lowest address in memory. in the remainder of this section, the bytes on the left side of the page are the msbs. microchip recommends all pad bytes be set to zero for consistency. ? ecc private keys appear to the user only as the input parameter to the privwrite command. this parameter is always 36 bytes in length and the first four bytes (32 bits) are all pad bits. ATECC508A general i/o information ? 2017 microchip technology inc. datasheet complete ds20005927a-page 34
ecc public keys appear as the input or output parameters to several commands, and they can also be stored in eeprom. they are composed of an x value first on the bus or in memory, followed by a y value. they are formatted differently depending upon the situation as noted below: ? the public key is an output of genkey command or an input to verify command : 32 bytes of x, then 32 bytes of y. there are no pad bytes. ? write command : public keys can be written directly to the eeprom using write command and are always 72 bytes long, formatted as follows: 4 pad bytes, 32 bytes of x, four pad bytes, then 32 bytes of y. ? genkey command : sha message: public keys can be hashed and placed in tempkey by the genkey command. the sha message contains various bytes that are independent of the size of the key. these are followed by 25 bytes of pad, followed by 32 bytes of x, then 32 bytes of y. ? verify command : sha message: when used to validate a stored public key, the verify command expects an input signature created over a sha-256 digest of a key stored in memory. such an inner sha calculation is always performed over 72 bytes formatted as they are stored in eeprom as 4 pad bytes, 32 bytes of x, four pad bytes, then 32 bytes of y. when a public key is configured to be validated by the verify command, then the most significant four bits of the first byte in memory are used internally by the device to save the validation state. they are always set to the invalid state (0xa) by the write command, and then may be set to the valid state (0x5) by the verify command. 4.2 sharing the interface multiple cryptoauthentication devices may share the same interface, as follows: 1. the system issues a wake token to wake-up all devices. 2. the system issues the pause command (section pause command ) to put all but one of the devices into the idle mode. only the remaining device will then see any of the commands that the system sends. when the system has completed talking to the one active device, it then sends an idle flag that puts the remaining active device into the idle mode and the idle devices will ignore. steps 1 and 2 are repeated for each device on the wire. if the system has completed communications with the final device, it should wake up all the devices, and then put all the devices to sleep to reduce total power consumption. the device uses the selector byte within the configuration zone to determine which device stays awake. only that device with a selector value that matches the input parameter of the pause command will stay awake. in order to facilitate late configuration of systems which use the multi-device sharing mode, the following three update capabilities for the selector byte are supported: ? unlimited updates : at any time, the updateextra command can be executed to write the value in the selector field of the configuration zone. to enable this mode, clear the selectormode bit in chipmode. ? one-time field update : if the selectormode bit is set to one, and the selector byte has a zero value prior to locking the configuration zone, then at any time after the configuration zone is locked the updateextra ATECC508A general i/o information ? 2017 microchip technology inc. datasheet complete ds20005927a-page 35
command can be used one-time to set selector to a non-zero value. the updateextra command is not affected by the lockvalue byte. ? fixed selector value : the selector byte can never be modified after the configuration zone is locked if selectormode is set to one and the selector byte is set to a non-zero value. the updateextra command will always return an error code. ATECC508A general i/o information ? 2017 microchip technology inc. datasheet complete ds20005927a-page 36
5. single-wire interface in this mode, communications to and from the ATECC508A take place over sda, a single asynchronously timed wire. the scl pin is not used as part of the communications channel. instead, the scl pin functions as a gpio pin. note:? the sleep current specification values are guaranteed only if scl pin is held low or left unconnected. the overall communications structure is a hierarchical format: ? tokens i/o tokens implement a single data bit transmitted on the bus, or the wake-up event. ? flags flags consist of eight tokens (bits) that convey the direction and meaning of the next group of bits (if any) that may be transmitted. ? groups groups of data follow the command and transmit flags. they incorporate both a byte count and a checksum to ensure proper data transmission. ? packets packets of bytes form the core of the group (minus the byte count and crc). they are either the input or output parameters of a cryptoauthentication command or status information from the ATECC508A. see the microchip website for the appropriate application notes for more detail on how to use any microprocessor to easily generate the signaling necessary to send these elements to the device, including c source code libraries. also see section wiring configuration for single-wire interface for more information about how to connect the device in the single-wire interface mode. 5.1 i/o tokens there are a number of i/o tokens, which may be transmitted over the single-wire interface: ? input (to the ATECC508A): C wake: wake the device up from either the sleep or idle modes, or reset the i/o interface. C zero: send a single bit from the system to the device with a value of zero. C one: send a single bit from the system to the device with a value of one. ? output (from the ATECC508A): C zeroout: send a single bit from the device to the system with a value of zero. C oneout: send a single bit from the device to the system with a value of one. the waveforms are the same in either direction, however, there are some differences in timing based upon the expectation that the host has a very accurate and consistent clock while the ATECC508A has significant part-to-part variability in its internal clock generator due to normal manufacturing and environmental fluctuations. the bit timings are designed to permit a standard uart running at 230.4 kbaud to transmit and receive the tokens efficiently. each byte transmitted or received by the uart corresponds to a single bit received or transmitted by the device. the wake token is special since it requires an extra long low pulse on the sda pin, which cannot be confused with the shorter low pulses that occur during a data token (i.e. zero, one, zeroout, or oneout). devices that are either in the idle or sleep mode will ignore all data tokens until they receive a legal wake token. if the processor is out of synchronization with the ATECC508A, it can send an additional wake token to the device, which will reset the i/o channel hardware on the device. ATECC508A single-wire interface ? 2017 microchip technology inc. datasheet complete ds20005927a-page 37
note:? this may result in the loss of data stored in the command output buffer. 5.2 i/o flags the system is always the bus master, so before any i/o transaction, the system must send an eight bit flag to the device to indicate the i/o operation that will be subsequently performed. table 5-1.?io flags value name meaning 0x77 command after this flag, the system starts sending a command group to the device. the first bit of the group can follow immediately after the last bit of the flag. 0x88 transmit this command tells the device to wait for a bus turnaround time and then to start transmitting its response to the previously transmitted command group. 0xbb idle upon receipt of an idle flag, the device goes into the idle mode and remains there until the next wake token is received. 0xcc sleep upon receipt of a sleep flag, the device enters the low-power sleep mode until the next wake token is received. note:? all other values are reserved and should not be used. ? transmit flag : used to turn around the bus so that the ATECC508A can send data back to the system. the bytes that the device returns to the system depend on the current state of the device and may include status, error code, or command results. when the device is busy executing a command, it ignores the sda pin and any flags that are sent by the system. see table 9-4 for each command types execution delays. the system must observe these delays after sending a command to the device. ? idle flag : used to transition the ATECC508A to the idle mode, which causes the input/output buffer to be flushed. it does not invalidate the contents of the tempkey and rng seed registers. this flag can be sent to the device during any time that it will accept a flag. when the device is in the idle mode, the watchdog timer is disabled. ? sleep flag : transitions the ATECC508A to the low power sleep mode, which causes a complete reset of the device, including invalidation of the contents of the sram and all volatile registers. this flag can be sent to the device at any time that it will accept a flag. 5.3 synchronization since the communications protocol is half-duplex, there is the possibility that the system and the ATECC508A will fall out of synchronization with each other. in order to speed recovery, the device implements a timeout that forces it to sleep under certain circumstances. 5.3.1 i/o timeout after a leading transition for any data token has been received, the ATECC508A will expect both the completion of the token and the start of the next (if this is not the last token of the group) to be properly received by the device within the t timeout interval. failure to send enough bits, or the transmission of an illegal token (e.g. a low pulse exceeding t zlo ), will cause the device to enter the sleep mode after the t timeout interval. ATECC508A single-wire interface ? 2017 microchip technology inc. datasheet complete ds20005927a-page 38
the same timeout applies during the transmission of the command group. after the transmission of a legal command flag, the i/o timeout circuitry is enabled until the last expected data bit is received. note:? the timeout counter is reset after every legal token; therefore, the total time to transmit the command may exceed the t timeout interval while the time between bits may not. the i/o timeout circuitry is disabled when the device is busy executing a command. 5.3.2 synchronization procedures if the device is not busy when the system sends a transmit flag, the device should respond within t turnaround . if t exec time has not already passed, the device may be busy, and the system should poll or wait until the maximum exec time has elapsed. if the device still does not respond to a second transmit flag within t turnaround , it may be out of synchronization. at this point, the system may take the following steps to reestablish communication: 1. wait t timeout . 2. send the transmit flag. 3. if the device responds within t turnaround , then the system may proceed with more commands. 4. send a wake token. 5. wait t whi . 6. send the transmit flag. 7. the device should respond with a 0x11 return status within t turnaround , after which the system may proceed with more commands. ATECC508A single-wire interface ? 2017 microchip technology inc. datasheet complete ds20005927a-page 39
6. i 2 c interface the i 2 c interface uses the sda and scl pins to indicate various i/o states to the ATECC508A. this interface is designed to be compatible at the protocol level with the microchip at24c16 serial eeprom operating at 1 mhz. note:? there are many differences between the two devices (for example, the ATECC508A and at24c16 have different default i 2 c addresses); therefore, designers should read the respective data sheets carefully. the sda pin is normally pulled high with an external pull-up resistor because the ATECC508A includes only an open-drain driver on its output pin. the bus master may either be open-drain or totem pole. in the latter case, it should be tri-stated when the ATECC508A is driving results on the bus. the scl pin is an input and must be driven both high and low at all times by an external device or resistor. 6.1 i/o conditions the device responds to the following i/o conditions: 6.1.1 device is asleep when the device is asleep, it ignores all but the wake condition. ? wake : if sda is held low for a period of greater than t wlo , the device will exit low power mode and after a delay of t whi , it will be ready to receive i 2 c commands. the device ignores any levels or transitions on the scl pin when the device is idle or asleep and during t wlo . at some point during t whi the scl pin is enabled and the conditions listed in section device is awake are honored. the wake condition requires that either the system processor manually drives the sda pin low for t wlo , or a data byte of 0x00 be transmitted at a clock rate sufficiently slow so that sda is low for a minimum period of t wlo . when the device is awake, the normal processor i 2 c hardware and/or software can be used for device communications up to and including the i/o sequence required, thus putting the device back into low power (i.e. sleep) mode. when there are multiple ATECC508A devices on the bus, and the i 2 c interface is run at 133 khz or slower, the transmission of certain data patterns (such as 0x00 ) will cause all the ATECC508A devices on the bus to wake-up. because subsequent device addresses transmitted along the bus will only match the desired devices, the unused devices will remain idle and not cause any bus conflicts. in the i 2 c mode, the device will ignore a wake sequence that is sent when the device is already awake. 6.1.2 device is awake when the device is awake, it honors the conditions listed below: ? data zero : if sda is low and stable while scl goes from low to high to low, then a zero bit is being transferred on the bus. sda can change while scl is low. ? data one : if sda is high and stable while scl goes from low to high to low, then a one bit is being transferred on the bus. sda can change while scl is low. ATECC508A i2c interface ? 2017 microchip technology inc. datasheet complete ds20005927a-page 40
figure 6-1.?data bit transfer on i 2 c interface scl data line stable; data valid change of data allowed sda ? start condition : a high-to-low transition of sda with scl high is a start condition which must precede all commands. ? stop condition : a low-to-high transition of sda with scl high is a stop condition. after this condition is received by the device, the current i/o transaction ends. on input, if the device has sufficient bytes to execute a command, the device transitions to the busy state and begins execution. the stop condition should always be sent at the end of any packet sent to the device. figure 6-2.?start and stop conditions on i 2 c interface scl sda start condition stop condition s p ? acknowledge (ack) : on the ninth clock cycle after every address or data byte is transferred, the receiver will pull the sda pin low to acknowledge proper reception of the byte. ? not acknowledge (not ack) : alternatively, on the ninth clock cycle after every address or data byte is transferred, the receiver can leave the sda pin high to indicate that there was a problem with the reception of the byte or that this byte completes the group transfer. figure 6-3.?not ack and ack conditions on i 2 c interface data output by receiver scl from master data output by transmitter clock pulse for acknowledgment start condition s not acknowledge acknowledge 1 2 8 9 multiple ATECC508A devices can easily share the same i 2 c interface signals if the i2c_address byte in the configuration zone is programmed differently for each device on the bus. since all seven of the bits of the device address are programmable, ATECC508A can also share the i 2 c interface with any i 2 c device, including any serial eeprom. ATECC508A i2c interface ? 2017 microchip technology inc. datasheet complete ds20005927a-page 41
6.2 i 2 c transmission to ATECC508A the transmission of data from the system to the ATECC508A is summarized in the table below. the order of transmission is as follows: ? start condition ? device address byte ? word address byte ? optional data bytes (1 through n) ? stop condition figure 6-4.?normal i 2 c transmission to ATECC508A 1-7 8 9 1-7 8 9 1-7 8 9 1-7 8 9 1-7 8 9 scl sda s p r/w ack 1 ack 1 ack 1 word address data 1 ack 1 data 2 start condition stop condition device address ack 1 data n sda is driven low by ATECC508A ack periods. the tables below label the bytes of the i/o transaction. the column labeled i 2 c name provides the name of the byte as described in the at24c16 data sheet. table 6-1.?i 2 c transmission to ATECC508A name i 2 c name description device address device address this byte selects a particular device on the i 2 c interface. ATECC508A is selected if the data shifted out on clock pulses 1-7 match the data stored in the i2c_address byte in the configuration zone. data is shifted out msb first. bit 0 of this byte (clock pulse 8) is the standard i 2 c r/w bit, and should be zero to indicate a write operation (the bytes following the device address travel from the master to the slave). word address word address this byte should have a value of 0x03 for normal operation. see sections word address values and address counter for more information. command data1,n the command group, consisting of the count, command packet, and the two byte crc. the crc is calculated over the size and packet bytes. see section i/o groups . because the device treats the command input buffer as a fifo, the input group can be sent to the device in one or many i 2 c command groups. the first byte sent to the device is the count, so after the device receives that number of bytes, it will ignore any subsequently received bytes until execution is finished. the system must send a stop condition after the last command byte to ensure that ATECC508A will start the computation of the command. failure to send a stop condition may eventually result in a loss of synchronization; see section i 2 c synchronization for recovery procedures. 6.2.1 word address values during an i 2 c write packet, the ATECC508A interprets the second byte sent as the word address, which indicates the packet function as it is described in the table below: ATECC508A i2c interface ? 2017 microchip technology inc. datasheet complete ds20005927a-page 42
table 6-2.?word address values name value description reset 0x00 reset the address counter. the next i 2 c read or write transaction will start with the beginning of the i/o buffer. sleep (low-power) 0x01 the ATECC508A goes into the low power sleep mode and ignores all subsequent i/o transitions until the next wake flag. the entire volatile state of the device is reset. idle 0x02 the ATECC508A goes into the idle mode and ignores all subsequent i/o transitions until the next wake flag. the contents of tempkey and rng seed registers are retained. command 0x03 write subsequent bytes to sequential addresses in the input command buffer that follow previous writes. this is the normal operation. reserved 0x04 C 0xff these addresses should not be sent to the device. 6.2.2 command completion polling after a complete command has been sent to the ATECC508A, the device will be busy until the command computation completes. the system has two options for this delay as noted below: ? polling : the system should wait t exec (typical) and then send a read sequence (see section i 2 c transmission from the ATECC508A ). if the device not acks the device address, then it is still busy. the system may delay for some time or immediately send another read sequence, again looping on not ack. after a total delay of t exec (max), the device will have completed the computation and return the results. ? single delay : the system should wait t exec (max) after which the device will have completed execution, and the result can be read from the device using a normal read sequence. 6.3 sleep sequence upon completion of the use of the ATECC508A by the system, the system should issue a sleep sequence to put the device into low power mode. this sequence consists of the proper device address followed by the value of 0x01 as the word address followed by a stop condition. this transition to the low power state causes a complete reset of the devices internal command engine and input/output buffer. it can be sent to the device at any time when it is awake and not busy. 6.4 idle sequence if the total sequence of required commands exceeds t watchdog , then the device will automatically go to sleep and lose any information stored in the volatile registers. this action can be prevented by putting the device into the idle mode prior to completion of the watchdog interval. when the device receives the wake token, it will then restart the watchdog timer and execution can be continued. the idle sequence consists of the proper device address followed by the value of 0x02 as the word address followed by a stop condition. it can be sent to the device at any time when it is awake and not busy. ATECC508A i2c interface ? 2017 microchip technology inc. datasheet complete ds20005927a-page 43
6.5 i 2 c transmission from the ATECC508A when the ATECC508A is awake and not busy, the bus master can retrieve the current buffer contents from the device using an i 2 c read. if valid command results are available, the size of the group returned is determined by the particular command which has been run (see section security commands ); otherwise, the size of the group (and the first byte returned) will always be four: count, status/error, and 2- byte crc. the bus timing is shown in figure 8-3 . table 6-3.?i 2 c transmission from the ATECC508A name i 2 c name direction description device address device address to slave this byte selects a particular device on the i 2 c interface and ATECC508A will be selected if bits 1 through 7 of this byte match bits 1 thru 7 of the i2c_address byte in the configuration zone. bit 0 of this byte is the standard i 2 c r/w pin, and should be one to indicate that the bytes following the device address travel from the slave to the master (read). data data1,n to master the output group, consisting of the count, status/error byte or the output packet followed by the two byte crc per section i/o groups . the status, error, or command outputs can be read repeatedly by the master. each time a read command is sent to the ATECC508A along the i 2 c interface, the device transmits the next sequential byte in the output buffer. see the following section for details on how the device handles the address counter. if the ATECC508A is busy, idle, or asleep, it will not ack the device address on a read sequence. if a partial command has been sent to the device and a read sequence [start + deviceaddress(r/w == r)] is sent to the device, then the ATECC508A will not ack the device address to indicate that no data is available to be read. 6.6 address counter writes to and/or reads from the ATECC508A i/o buffer over the i 2 c interface are treated as if the device were a fifo. either the i 2 c byte or page write/read protocols can be used. the number of bytes transferred with each page sequence does not affect the operation of the device. the first byte transmitted to the device is treated as the size byte. any attempt to send more than this number of bytes, or any attempts to write beyond the end of the i/o buffer (71 bytes) will cause the ATECC508A to not ack those bytes. after the host writes a single command byte to the input buffer, reads are prohibited until after the device completes command execution. attempts to read from the device prior to the last command byte being sent will result in an ack of the device address but all ones ( 0xff ) on the bus during the data intervals because the device is still waiting for the completion of the command transmission. if the host attempts to send a read byte after the last byte of the command has been transmitted, the device will be executing the command and will not ack the device address. data may be read from the device under the following three conditions: ? on power-up, the single byte 0x11 (section status/error codes ) can be read inside a four byte group. ? if a complete block has been received by the device, but there are any errors in parsing or executing the command, a single byte of error code is available (also inside a four byte group). ATECC508A i2c interface ? 2017 microchip technology inc. datasheet complete ds20005927a-page 44
? upon completion of a command execution from 1 to 32 bytes of command, results are available to be read inside a group of 4 to 35 bytes. any attempt to read beyond the end of the valid output buffer returns 0xff to the system, and the address counter does not wrap around to the beginning of the buffer. there may be situations where the system may wish to re-read the output buffer, for example when the crc check reveals an error. in this case, the host should send a two-byte sequence to the ATECC508A consisting of the correct device address and a word address of 0x00 (reset, per table 6-2 ), followed by a stop condition. this causes the address counter to be reset to zero and permits the data to be rewritten (or re-read) to (or from) the device. this address reset sequence does not prohibit subsequent read operations if data were available for reading in the i/o buffer prior to the sequence execution. after one or more read operations to retrieve the results of a command execution, the first write operation resets the address counter to the beginning of the i/o buffer. 6.7 smbus timeout the ATECC508A supports the smbus timeout feature in which the ATECC508A will reset its serial interface and release the smbus (i.e. stop driving the bus and let sda float high) if the scl pin is held low for more than the minimum t timeout specification. the ATECC508A will be ready to accept a new start condition before t timeout maximum has elapsed. figure 6-5.?smbus timeout scl t timeout (max) t timeout (min) device will release bus and be ready to accept a new start condition within this time. 6.8 i 2 c synchronization it is possible for the system to lose synchronization with the i/o port on the ATECC508A, perhaps due a system reset, i/o noise, or other condition. under this circumstance, the ATECC508A may not respond as expected, may be asleep, or may be transmitting data during an interval when the system is expecting to send data. to resynchronize, the following procedure should be followed: 1. to ensure an i/o channel reset, the system should send the standard i 2 c software reset sequence, as follows: C a start bit condition. C nine cycles of scl, with sda held high. C another start bit condition. C a stop bit condition. it should then be possible to send a read sequence, and if synchronization has completed properly, the ATECC508A will ack the device address. the device may return data or may leave the bus floating (which the system will interpret as a data value of 0xff ) during the data periods. ATECC508A i2c interface ? 2017 microchip technology inc. datasheet complete ds20005927a-page 45
if the device does ack the device address, the system should reset the internal address counter to force the ATECC508A to ignore any partial input command that may have been sent. this can be accomplished by sending a write sequence to word address 0x00 (reset), followed by a stop condition. 2. if the device does not respond to the device address with an ack, then it may be asleep. in this case, the system should send a complete wake token and wait t whi after the rising edge. the system may then send another read sequence, and if synchronization has completed, the device will ack the device address. 3. if the device still does not respond to the device address with an ack, then it may be busy executing a command. the system should wait the longest t exec (max) and then send the read sequence, which will be acknowledged by the device. ATECC508A i2c interface ? 2017 microchip technology inc. datasheet complete ds20005927a-page 46
7. general purpose i/o pin when the single-wire interface is enabled, the scl pin is available to be used as a gpio pin. it may be used to drive one or two leds or can be connected to an external tamper detection switch or connected in many other ways. when configured as an output, it may be used as an enable pin for some external component in the system which may require cryptographic validation prior to assertion. on initial power-up, the pin is always temporarily configured as an input. during the device initialization, which occurs with the very first wake operation, the contents of the i2c_address field are read and the gpio pin will be driven to the state. the direction (input or output) and state (if an output) of the gpio pin will remain unchanged during sleep and idle states. the actions of this pin are controlled by the i2c_address byte in the configuration zone, and the gpio mode of the info command as described in the table below: table 7-1.?gpio mode bit 3 bit 2 bit 1 bit 0 name power- up state meaning x x 0 0 disable input the scl pin is unused and should be tied to gnd. any attempt to execute the gpio mode of the info command will result in an error code being returned to the system firmware. the gpio mode of the info command will also return an error code if the part is configured for i 2 c operation. 0 0 0 1 auth0 low the scl pin will be permanently configured as an output and will be driven to a zero (default) state when the first wake operation after power-up occurs. the pin can then be driven to the opposite (' 1 ') state by the info command if a prior authorization has been performed using the signalkey slot. the gpio output mode of the info command can be used to reset the pin back to the default value without authorization. the gpio retains its state so long as v cc remains above 2v. 0 1 0 1 auth1 high as auth0; however, the default state after power-up is one. 1 x 0 1 intrusion input the scl pin will be permanently configured as an input. on power- up, an internal intrusion latch is set to zero. the intrusion latch is set via authorization and is cleared if scl falls. the state of latch can be determined via the info command. it will remain in that state so long as a voltage greater than 1.8v is applied to the scl pin and v cc remains above 2.0v regardless of the internal state (asleep, idle, or wake) of the ATECC508A. any falling edge on the scl pin resets the intrusion latch to zero regardless of whether or not the ATECC508A is in wake or sleep mode. reading the state of the gpio pin via the info command returns the value of the intrusion latch; not the current state of the pin. x x 1 0 input input the scl pin will remain permanently configured as an input. execution of the info command will permit the current state on the pin to be returned to the system firmware. x 0 1 1 output0 low the scl pin will be configured as an output and will be driven to a zero state when the first wake operation occurs. subsequent info commands can be executed to drive the pin high or low. ATECC508A general purpose i/o pin ? 2017 microchip technology inc. datasheet complete ds20005927a-page 47
bit 3 bit 2 bit 1 bit 0 name power- up state meaning alternatively, the info command can be used to change the gpio pin to an input. x 1 1 1 output1 high as output0; however, the default state after power-up is one. the gpio pin has active drivers for both the high and low output states to enable connection to two different leds, which may be connected to v cc and gnd respectively. if an led is connected to a supply voltage higher than v cc , it may not turn off completely when the gpio pin is high. in this case, the gpio pin should be transitioned to an input to completely turn off the led. ATECC508A general purpose i/o pin ? 2017 microchip technology inc. datasheet complete ds20005927a-page 48
8. electrical characteristics 8.1 absolute maximum ratings operating temperature storage temperature maximum operating voltage dc output current voltage on any pin -40c to +85c -65c to +150c 6.0v 5 ma -0.5v to (v cc + 0.5v) note:? stresses beyond those listed under absolute maximum ratings may cause permanent damage to the device. this is a stress rating only and functional operation of the device at these or any other conditions beyond those indicated in the operational sections of this specification are not implied. exposure to absolute maximum rating conditions for extended periods may affect device reliability. 8.2 reliability the ATECC508A is fabricated with the microchip high reliability of the cmos eeprom manufacturing technology. table 8-1.?eeprom reliability parameter min typical max units write endurance at +85c (each byte) 400,000 write cycles data retention at +55c 10 years data retention at +35c 30 50 years read endurance unlimited read cycles 8.3 ac parameters: all i/o interfaces figure 8-1.?ac timing diagram: all interfaces data comm wake t lignore t hignore noise suppresion t wlo t whi ATECC508A electrical characteristics ? 2017 microchip technology inc. datasheet complete ds20005927a-page 49
table 8-2.?ac parameters: all i/o interfaces parameter (note) symbol direction min typ max unit conditions power-up delay t pu to crypto authentication 100 s minimum time between v cc > v cc min prior to measurement of t wlo . wake low duration t wlo to crypto authentication 60 s wake high delay to data comm. t whi to crypto authentication 1500 s sda should be stable high for this entire duration. high side glitch filter at active t hignore_a to crypto authentication 45 (note) ns pulses shorter than this in width will be ignored by the device, regardless of its state when active. low side glitch filter at active t lignore_a to crypto authentication 45 (note) ns pulses shorter than this in width will be ignored by the device, regardless of its state when active. low side glitch filter at sleep t lignore_s to crypto authentication 15 (note) s pulses shorter than this in width will be ignored by the device when in sleep mode. watchdog timeout t watchdog to crypto authentication 0.7 1.3 1.7 s maximum time from wake until device is forced into sleep mode. see section watchdog failsafe . note:? these parameters are guaranteed through characterization, but not tested. 8.3.1 ac parameters: single-wire interface figure 8-2.?ac timing diagram: single-wire interface t start t zhi t zlo logic ? t start t bit logic 1 t start t turnaround t start sda table 8-3.?ac parameters: single-wire interface unless otherwise specified, applicable from t a = -40c to +85c, v cc = +2.0v to +5.5v, cl =100 pf. ATECC508A electrical characteristics ? 2017 microchip technology inc. datasheet complete ds20005927a-page 50
parameter symbol direction min typ max unit notes start pulse duration t start to crypto authentication 4.10 4.34 4.56 s from crypto authentication 4.60 6 8.60 s zero transmission high pulse t zhi to crypto authentication 4.10 4.34 4.56 s from crypto authentication 4.60 6 8.60 s zero transmission low pulse t zlo to crypto authentication 4.10 4.34 4.56 s from crypto authentication 4.60 6 8.60 s bit time (note) t bit to crypto authentication 37 39 s if the bit time exceeds t timeout then ATECC508A may enter the sleep mode. see section i/o timeout . from crypto authentication 41 54 78 s turn around delay t turnaround from crypto authentication 64 96 131 s ATECC508A will initiate the first low going transition after this time interval following the initial falling edge of the start pulse of the last bit of the transmit flag. to crypto authentication 93 s after ATECC508A transmits the last bit of a group, system must wait this interval before sending the first bit of a flag. it is measured from the falling edge of the start pulse of the last bit transmitted by ATECC508A. io timeout t timeout to crypto authentication 45 65 85 ms ATECC508A may transition to the sleep mode if the bus is inactive longer than this duration. see section i/o timeout . note:? start, zlo, zhi, and bit are designed to be compatible with a standard uart running at 230.4 kbaud for both transmit and receive. the uart should be set to seven data bits, no parity and one stop bit. ATECC508A electrical characteristics ? 2017 microchip technology inc. datasheet complete ds20005927a-page 51
8.3.2 ac parameters: i 2 c interface figure 8-3.?i 2 c synchronous data timing scl sda in sda out t f t high t low t low t r t aa t dh t buf t su.sto t su.dat t hd.dat t hd.sta t su.sta table 8-4.?ac characteristics of i 2 c interface unless otherwise specified, applicable over recommended operating range from t a = -40c to + 85c, v cc = +2.0v to +5.5v, cl = 1 ttl gate and 100 pf. parameter symbol min max units sck clock frequency f sck 0 1 mhz sck high time t high 400 ns sck low time t low 400 ns start setup time t su.sta 250 ns start hold time t hd.sta 250 ns stop setup time t su.sto 250 ns data in setup time t su.dat 100 ns data in hold time t hd.dat 0 ns input rise time (1) t r 300 ns input fall time (1) t f 100 ns clock low to data out valid t aa 50 550 ns data out hold time t dh 50 ns smbus timeout delay t timeout 25 75 ms time bus must be free before a new transmission can start. (1) t buf 500 ns note:? 1. values are based on characterization and are not tested 2. ac measurement conditions: C rl (connects between sda and v cc ): 1.2 k (for v cc +2.0v to +5.0v) C input pulse voltages: 0.3 v cc to 0.7 v cc C input rise and fall times: 50 ns C input and output timing reference voltage: 0.5v cc ATECC508A electrical characteristics ? 2017 microchip technology inc. datasheet complete ds20005927a-page 52
8.4 dc parameters: all i/o interfaces table 8-5.?dc parameters on all i/o interfaces parameter symbol min typ max unit conditions ambient operating temperature t a -40 85 c power supply voltage v cc 2.0 5.5 v active power supply current i cc 3 6 ma waiting for i/o during i/o transfers or execution of non-ecc commands. 16 ma during ecc command execution. idle power supply current i idle 800 a when device is in idle mode, v sda and v scl < 0.4v or > v cc C 0.4 sleep current i sleep 30 150 na when device is in sleep mode, v cc 3.6v, v sda and v scl < 0.4v or > v cc C 0.4, t a +55c 2 a when device is in sleep mode. output low voltage v ol 0.4 v when device is in active mode, v cc = 2.5 C 5.5v output low current i ol 4 ma when device is in active mode, v cc = 2.5 C 5.5v, v ol = 0.4v theta ja ? ja 166 c/w soic (ssh) 173 c/w udfn (mah) 146 c/w rbh 8.4.1 v ih and v il specifications the input levels of the device will vary dependent on the mode and voltage of the device. the input voltage thresholds when in sleep or idle mode are dependent on the v cc level as shown in figure 8-4 . when in sleep or idle mode the ttlenable bit has no effect. when the device is active (i.e. not in sleep or idle mode), the input voltage thresholds are different depending upon the state of ttlenable (bit 1) within the chipmode byte in the configuration zone of the eeprom. if the voltage supplied to the v cc pin of the ATECC508A is different than the system voltage to which the input pull-up resistor is connected, then the system designer may choose to set ttlenable to zero, which enables a fixed input threshold shown by curves vil_act and vih_act in figure 8-4 . table 8-6 which applies only when the device is active, presents the guaranteed levels of operation when operating in this mode. table 8-6.?v il , v ih on all i/o interfaces (ttlenable = 0) parameter symbol min typ max unit conditions input low voltage v il -0.5 0.5 v when device is active and ttlenable bit in configuration memory is zero; otherwise see above. input high voltage v ih 1.5 v cc + 0.5 v when device is active and ttlenable bit in configuration memory is zero; otherwise see above. ATECC508A electrical characteristics ? 2017 microchip technology inc. datasheet complete ds20005927a-page 53
figure 8-4.?v ih and v il in sleep and idle mode or when ttlenable = 0 on all i/o interfaces 0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 2 2.5 3 3.5 4 4.5 5 5.5 v in (v) v cc (v) vih_sleep vil_sleep vih_act vil_act when a common voltage is used for the ATECC508A v cc pin and the input pull-up resistor, then the ttlenable bit should be set to a one, which permits the input thresholds to track the supply as shown in figure 8-5 . figure 8-5.?v ih and v il when active and ttlenable = 1 on all i/o interfaces 0.4 0.9 1.4 1.9 2.4 2.9 2 2.5 3 3.5 4 4.5 5 5.5 v in (v) v cc (v) vih_act vil_act ATECC508A electrical characteristics ? 2017 microchip technology inc. datasheet complete ds20005927a-page 54
9. security commands 9.1 i/o groups regardless of the i/o protocol being used (i.e. either single-wire interface or i 2 c); security commands are sent to the device and responses received from the device within a group that is constructed in the following way: table 9-1.?i/o groups byte name meaning 0 count number of bytes to be transferred to (or from) the device in the group, including count byte, packet bytes, and checksum bytes. the count byte should therefore always have a value of (n+1), where n is equal to the number of bytes in the packet plus the two checksum bytes. for a group with one count byte, 50 packet bytes, and two checksum bytes, the count byte should be set to 53. the maximum size group (and value of count) is 155 bytes, and the minimum size group is four bytes. values outside this range will cause the device to return an i/o error. 1 to (n-2) packet command, parameters and data, or response. see below for more details. n-1, n checksum crc-16 verification of the count and packet bytes. the crc polynomial is 0x8005 . the initial register value should be zero and after the last bit of the count and packet have been transmitted, the internal crc register should have a value that matches the checksum bytes in the block. the first crc byte transmitted (n-1) is the least-significant byte of the crc value, so the last byte of the group is the most-significant byte of the crc. the ATECC508A is designed in such a way that the count value in the input group should be consistent with the size requirements that are specified in the command parameters. if the count value is inconsistent with the command opcode and/or parameters within the packet, then the ATECC508A will respond in different ways depending upon the specific command. the response may either include an error indication or some input bytes may be silently ignored. 9.1.1 security command packets the security command packet is broken down as shown in the table below: table 9-2.?security command packets byte name meaning 0 opcode the command code. see section command opcodes, short descriptions, and execution times . 1 param1 the first parameter; always present. 2 C 3 param2 the second parameter; always present. 4+ data optional remaining input data. after the ATECC508A receives all the bytes in a group, the device transitions to the busy state and attempts to execute the command. neither status nor results can be read from the device when it is busy. during this time, the i/o interface of the device ignores all sda transitions regardless of the i/o interface selected. the command execution delays are listed in section command opcodes, short descriptions, and execution times . ATECC508A security commands ? 2017 microchip technology inc. datasheet complete ds20005927a-page 55
if insufficient bytes are sent to the device when it is in single-wire mode, the device automatically transitions to the low power sleep mode after the t timeout interval. in i 2 c mode, the device continues to wait for the remaining bytes until the watchdog timer limit t watchdog is reached, or a start/stop condition is received by the device. 9.1.2 status/error codes the device does not have a dedicated status register, so the output fifo is shared among status, error, and command results. all outputs from the device are returned to the system as complete groups which are formatted identically to input groups: ? count ? packet ? two byte crc after the device receives the first byte of an input command group, the system cannot read anything from the device until the system has sent all the bytes to the device. after wake and after execution of a command, there will be error, status, or result bytes in the device's output register that can be retrieved by the system. when the length of that group is four bytes, the codes returned are detailed in the table below. some commands return more than four bytes when they execute successfully. the resulting packet description is listed in the command section that follows. crc errors are always returned before any other type of error. they indicate that some sort of i/o error occurred, and that the command may be resent to the device. no particular precedence is enforced among the remaining errors if more than one occurs. table 9-3.?status/error codes in four byte groups state description error/ status description successful command execution 0x00 command executed successfully. checkmac or verify miscompare 0x01 the checkmac or verify command was properly sent to the device, but the input client response did not match the expected value. parse error 0x03 command was properly received but the length, command opcode, or parameters are illegal regardless of the state (volatile and/or eeprom configuration) of the ATECC508A. changes in the value of the command bits must be made before it is re-attempted. ecc fault 0x05 a computation error occurred during ecc processing that caused the result to be invalid. retrying the command may result in a successful execution. execution error 0x0f command was properly received but could not be executed by the device in its current state. changes in the device state or the value of the command bits must be made before it is re-attempted. after wake, prior to first command 0x11 indication that ATECC508A has received a proper wake token. ATECC508A security commands ? 2017 microchip technology inc. datasheet complete ds20005927a-page 56
state description error/ status description watchdog about to expire 0xee there is insufficient time to execute the given command before the watchdog timer will expire. the system must reset the watchdog timer by entering the idle or sleep modes. crc or other communications error 0xff command was not properly received by ATECC508A and should be re-transmitted by the i/o driver in the system. no attempt was made to parse or execute the command. 9.1.3 command opcodes, short descriptions, and execution times during parsing of the parameters and subsequent execution of a properly received command, the device will be busy and not respond to transitions on the pins. the interval during which the device will be busy varies depending upon the command and its parameter values, the state of the device, the environmental conditions, and other factors according to the following table: table 9-4.?command opcodes, short descriptions, and execution time command opcode description typ. exec. time (1) max. exec. time (2) unit checkmac 0x28 verify a mac calculated on another cryptoauthentication device. 5 13 ms counter 0x24 read or increment one of the monotonic counters 5 20 ms derivekey 0x1c derive a target key value from the target or parent key. 2 50 ms ecdh 0x43 generate an ecdh master secret using stored private key and input public key. 38 58 ms gendig 0x15 generate a data digest from a random or input seed and a key. 5 11 ms genkey 0x40 generate an ecc public key. optionally generate an ecc private key. 11 115 ms hmac 0x11 calculate response from key and other internal data using hmac/sha-256. 13 23 ms info 0x30 return device state information. 0.1 1 ms lock 0x17 prevent further modifications to a zone of the device. 8 32 ms mac 0x08 calculate response from key and other internal data using sha-256. 5 14 ms nonce 0x16 generate a 32-byte random number and an internally stored nonce. 0.1 7 ms pause 0x01 selectively put just one device on a shared bus into the idle mode. 0.1 3 ms privwrite 0x46 write an ecc private key into a slot in the data zone. 0.8 48 ms random 0x1b generate a random number. 1 23 ms read 0x02 read four bytes from the device, with or without authentication and encryption. 0.1 1 ms sign 0x41 ecdsa signature calculation. 42 50 ms ATECC508A security commands ? 2017 microchip technology inc. datasheet complete ds20005927a-page 57
command opcode description typ. exec. time (1) max. exec. time (2) unit sha 0x47 computes a sha-256 or hmac digest for general purpose use by the system. 7 9 ms updateextra 0x20 update bytes 84 or 85 within the configuration zone after the configuration zone is locked. 8 10 ms verify 0x45 ecdsa verify calculation. 38 58 ms write 0x12 write 4 or 32 bytes to the device, with or without authentication and encryption. 7 26 ms note:? 1. typical execution times are representative of the duration to execute the command assuming no error conditions, fastest mode setting, and favorable environmental conditions. for best performance, delay for this interval and then start polling to determine actual command completion. 2. maximum execution times are representative of the longest duration of a successful command execution under the worst case statistical and environmental conditions. some internal modes, such as limited use and others will cause the delays to be as much as 50 ms longer. in most but not all cases, failing commands will return relatively quickly, often well before the typical execution time. 9.1.4 address encoding the read and write commands include a single 16 bit address in param2, which indicates the memory location to be accessed. in all cases, data is accessed on 4 byte word boundaries. the word address can be created by taking the byte address and dropping the least significant two bits. the read and write commands support either 4 or 32 byte accesses. when 32 bytes are being accessed, the offset (i.e. the least significant three bits of the word address) must be present in the parameter, but their value in the parameter is ignored, and the operation proceeds assuming they are zero (i.e. all 32 byte accesses are block aligned). table 9-5.?address encoding for config and otp zones (param2) zone byte 1 byte 0 unused unused block offset config bits 7-0 bits 7-5 bits 4-3 bits 2-0 otp bits 7-0 bits 7-4 bit 3 bits 2-0 table 9-6.?address encoding for data zone (param2) zone byte 1 byte 0 unused block unused slot offset data slots 0 C 7 bits 7-1 bit 0 bit 7 bits 6-3 bits 2-0 data slot 8 bits 7-4 bits 3-0 bit 7 bits 6-3 bits 2-0 data slots 9 C 15 bits 7-2 bits 1-0 bit 7 bits 6-3 bits 2-0 within each zone, there are various access restrictions as noted in the table below: ATECC508A security commands ? 2017 microchip technology inc. datasheet complete ds20005927a-page 58
table 9-7.?legal block/slot values zone name legal block legal slot notes config 0C3 addresses below 16 (block 0, offset 16) can never be written. addresses from 84-87 cannot be written using the write command. both 4-byte and 32-byte reads/writes are permitted. otp 0C1 when otpmode is read-only, all offsets in both blocks are available to use with 4 or 32 byte reads. if otpmode is consumption, then writes are also permitted to all offsets. data 0C1 0-7 all offsets in all slots available for both read and write. a 4-byte access is permitted on a particular slot only if slotconfig.issecret is zero. 0-12 8 0-2 9-15 in the following table, address is the value to be passed to the read and/or write commands as the address parameter to access data in the specific blocks using a 32 byte read or write. size is the number of implemented eeprom bytes within that particular block. note:? slot 8 contains an additional nine blocks, each containing 32 bytes that are not included in the table below. to use a four byte read or write command to access the first word in a block, use the addresses shown in the table below. otherwise, the least significant three bits of the address field should include the word address to be accessed. the 32 byte access is permitted in blocks that contain less than 32 implemented memory bytes. the extra bytes will be returned as zero on a read and ignored on a write. table 9-8.?data zone address values block 0 block 1 block 2 block 3 slot address size address size address size address size 0 0x0000 32 0x0100 4 1 0x0008 32 0x0108 4 2 0x0010 32 0x0110 4 3 0x0018 32 0x0118 4 4 0x0020 32 0x0120 4 5 0x0028 32 0x0128 4 6 0x0030 32 0x0130 4 7 0x0038 32 0x0138 4 8 0x0040 32 0x0140 32 0x0240 32 0x0340 32 9 0x0048 32 0x0148 32 0x0248 8 10 0x0050 32 0x0150 32 0x0250 8 11 0x0058 32 0x0158 32 0x0258 8 12 0x0060 32 0x0160 32 0x0260 8 13 0x0068 32 0x0168 32 0x0268 8 ATECC508A security commands ? 2017 microchip technology inc. datasheet complete ds20005927a-page 59
block 0 block 1 block 2 block 3 slot address size address size address size address size 14 0x0070 32 0x0170 32 0x0270 8 15 0x0078 32 0x0178 32 0x0278 8 note:? to complete a four byte read of the 53 rd through 56th byte of slot 9, the word address would be: ? the 53 rd byte is the 21st byte in block 1 (53 divided by 32 is 1, 53 minus 32 is 21). ? the 21 st byte is located at byte offset 0x14 , which is at word offset 0x05 ( 0x14 divided by 4 is 0x05 ). ? per table 9-6 , the address parameter to the read command is 000000 01 0 1001 101 or 0x014. 0 0 0 0 0 0 0 1 0 1 0 0 1 1 0 1 0 1 4 d word offset slot number unused block numbe r unused 9.1.5 zone encoding the value in param1 controls which zone the command accesses. see section configuration zone locking to obtain more information on what controls the locked and unlocked states for each zone. all other zone values are reserved and should not be used. table 9-9.?zone encoding (param1) zone param1 value size read write config 0 1024 bits 128 bytes 4 blocks always available. partially, when unlocked. never when locked. never encrypted. otp 1 512 bits 64 bytes 2 blocks never when unlocked. always when locked. see section eeprom one time programmable (otp) zone . all writeable when unlocked using write. when locked, write permissions depend on otpmode. see section eeprom one time programmable (otp) zone . data 2 9664 bits 1208 bytes 16 slots never when unlocked; otherwise, controlled by issecret and encryptread. all writeable when unlocked. when locked, writes controlled by writeconfig. 9.1.6 watchdog fail-safe after the ATECC508A receives a wake token, a watchdog counter starts within the device. after t watchdog , the device enters sleep mode regardless of whether an i/o transmission or command ATECC508A security commands ? 2017 microchip technology inc. datasheet complete ds20005927a-page 60
execution is in progress. there is no way to reset the counter other than to put the device into sleep or idle mode and then wake it up again. the watchdog timer is implemented as a fail-safe mechanism where no matter what happens on either the system side or inside the device, including any i/o synchronization issue, power consumption will fall to the ultra-low sleep level automatically. the device resets the values stored in the sram and internal status registers when it transitions to the sleep mode; however, if the device is explicitly put into the idle mode through the appropriate i/o sequence, then the device retains the contents of the two sram registers (tempkey and rng seed). normally, all command sequences must complete within t watchdog if they require a state that is stored in the sram registers. if there is a need to implement a command sequence that is longer than the watchdog interval, the system software can use this idle mode mechanism to ensure that the sequence can complete successfully.. if a command is attempted when insufficient time remains prior to watchdog timer execution, the device will return the watchdog timeout error code without attempting to execute the command. this feature prevents situations in which the command may only be partially executed at the time the watchdog timer resets the device. in particular, the limited use counter is always decremented prior to execution of the crypto computation; therefore, an aborted command might result in fewer counts remaining without the result being available to the system. the device will never be left in an unusable state after an aborted command. 9.2 checkmac command the checkmac command calculates a mac response that would have been generated on an ATECC508A, atecc108a, or atsha204a device and then compares the result with the input value. it returns a boolean result to indicate the success or failure of the comparison. prior to running this command, the nonce and/or gendig commands may have been optionally run to create a key or nonce value in tempkey. the input mode parameter determines the source of the key (the first 32 bytes of sha message) and challenge/nonce (the second 32 bytes of sha message). if keyconfig.reqrandom is one, the rng must have been used during the execution of the nonce command, or else this command will return an error. if authorization is required by the keyconfig before use of a key, this authorization function can be accomplished by executing this command with mode<1> set to zero. tempkey should have been previously loaded with a nonce via the nonce command. if keyconfig.reqrandom is one, the rng should have been used during the execution of that nonce command. if the checkmac succeeds, then an internal authvalid flag will be set and keyid retained internally in authkeyid. see section authorized keys for more details. if the comparison matches, then the target eeprom slot value may be copied into tempkey. if keyid is even, then the target slot is keyid+1, or else the target slot is keyid. for the copy to take place the mode parameter to checkmac must have a value of 0x01 or 0x05 and slotconfig.readkey for the target key must be zero. this copy will take place regardless of the value of slotconfig.limiteduse and/or lastkeyuse for the target slot. ATECC508A security commands ? 2017 microchip technology inc. datasheet complete ds20005927a-page 61
table 9-10.?input parameters name size notes opcode checkmac 1 0x28 param1 mode 1 bits 7C3: must be zero. bit 2: if mode<0> or mode<1> are set, then the value of this bit must match the value in tempkey.sourceflag or the command will return an error. bit 1: 0 = use slot in first sha block. 1 = use tempkey. bit 0: 0 = the second 32 bytes of the sha message are taken from the input clientchal parameter. 1 = the second 32 bytes of the message are taken from tempkey. param2 keyid 2 the internal key is to be used to generate the response. all except bits keyid<3:0> are ignored. data1 clientchal 32 challenge sent to client. if mode<0> is one, then the value of this parameter will be ignored. (these 32 bytes must still appear in the input stream). data2 clientresp 32 response generated by the client. data3 otherdata 13 remaining constant data needed for response calculation. table 9-11.?output parameter name size notes result 1 returns a single byte with a value of zero if clientresp matches the internally computed digest; value of one if there is a mismatch. the message that will be hashed with the sha-256 algorithm consists of the following information: 32 bytes slot or tempkey (depending on mode) 32 bytes clientchal or tempkey (depending on mode) 4 bytes otherdata<0:3> 8 bytes zeros 3 bytes otherdata<4:6> 1 byte sn<8> 4 bytes otherdata<7:10> 2 bytes sn<0:1> 2 bytes otherdata<11:12> 9.3 counter command the counter command reads the binary count value from one of the two monotonic counters located on the device within the configuration zone. the maximum value that the counter may have is 2,097,151. any attempt to count beyond this value will result in an error code. the counter is designed to never lose ATECC508A security commands ? 2017 microchip technology inc. datasheet complete ds20005927a-page 62
counts even if the power is interrupted during the counting operation. in some power loss conditions, the counter may increment by a value of more than one. counter<0> may be attached to some keys to limit their use; counter<1> is never attached to any key. when counter<0> is attached to a key, the counter will be incremented with each use of the key until the counter has reached its maximum value at which point use of the key will no longer be permitted. the number of legal uses for a key can be controlled by initializing the counter<0> to a non-zero value at configuration time. contact microchip for details. table 9-12.?input parameters name size notes opcode counter 1 0x24 param1 mode 1 bit 7-1: must be zero. bit 0: 0 = read the value of the specified counter. 1 = increment the value of the specified counter. param2 keyid 2 the counter to be incremented. only zero and one are legal values. table 9-13.?output parameter name size notes count 4 or 1 generally, this will be the current binary value of the counter. if keyid points to in invalid counter id, a parse error will be returned. if a requested increment fails, then an exec error will be returned. 9.4 derivekey command the device combines the current value of a key with the nonce stored in tempkey using sha-256 and places the result into the target key slot. slotconfig.bit13 must be set or derivekey will return an error. derivekey always returns an error if keyconfig indicates that the slot contains an ecc private key, if the configuration zone has not been locked, or if the targetkey slot is individually locked using slotlocked. if slotconfig.bit12 is zero, the source key that will be combined with tempkey is the target key as specified in the command line (roll key operation). if slotconfig.bit12 is one, the source key is the parent key of the target key, which is found in slotconfig.writekey (create key operation). prior to execution of this command, the nonce command must have been run to create a valid nonce in tempkey. if keyconfig.reqrandom is one for the source key, this nonce must have been created with the internal rng or an error will be returned. in all cases, mode<2> must match the state of tempkey.sourceflag or the command will return an error. if slotconfig.bit15 is set, an input mac must be present and have been computed as follows: sha-256(parentkey, opcode, param1, param2, sn<8>, sn<0:1>) where the parentkey id is always slotconfig.writekey. if performing a roll key operation and keyconfig.reqauth is one, then the appropriate authorization must have been performed using keyconfig.authkey prior to the execution of ATECC508A security commands ? 2017 microchip technology inc. datasheet complete ds20005927a-page 63
derivekey . if performing a create key operation and keyconfig.reqauth is one, then the appropriate authorization must have been performed using keyconfig.authkey prior to the execution of derivekey . if an input mac is required and keyconfig.reqauth is one, then the appropriate authorization must have been performed using keyconfig.authkey prior to the execution of derivekey . if a parent key is involved in the operation (either slotconfig.bit12 or slotconfig.bit15 are set) and slotconfig.limiteduse is also set, derivekey returns an error if counter<0> has reached its limit. derivekey always ignores limiteduse for the target key. note:? if the source and target key are the same, then there is a risk of permanent loss of the key value if power is interrupted during the write operation. if the configuration bits permit it, then the key value may be recovered using an authenticated and encrypted write based on the parent key. table 9-14.?input parameters name size notes opcode derivekey 1 0x1c param1 mode 1 bits 7-3: must be zero. bit 2: the value of this bit must match the value in tempkey.sourceflag or the command will return an error. bits 1-0: must be zero. param2 targetkey 2 key slot to be written. data mac 0 or 32 optional mac used to validate operation. table 9-15.?output parameter name size notes success 1 upon successful completion, the ATECC508A returns a value of zero. the key written to the target slot is the result of sha-256 of the following message: 32 bytes target or parent key (depending upon slotconfig<12>) 1 byte opcode 1 byte param1 2 bytes param2 1 byte sn<8> 2 bytes sn<0:1> 25 bytes zeros 32 bytes tempkey.value the data flow for this command is illustrated below. ATECC508A security commands ? 2017 microchip technology inc. datasheet complete ds20005927a-page 64
figure 9-1.?data flow for derivekey command match parent key target key sha (auth) input mac sha (device) mode source key nonce 9.5 ecdh command the ecdh command on the ATECC508A computes the nist ecdh algorithm to create a shared premaster secret. the generated premaster secret will be either loaded into a slot in the data zone or be output in the clear. bit 2 in slotconfig.readkey for the private key must be set to enable the ecdh operation or this command will return an error. the host processor may encrypt the premaster secret by writing it into the adjacent slot and then executing an encrypted read of that slot to securely transfer the secret to the processor. control of this capability is determined solely by bit 3 of slotconfig.readkey and cannot be modified with this command. if this bit is set, then the least significant bit of keyid (param2) must be zero, and the premaster secret slot number will be obtained by adding one to keyid. table 9-16.?input parameters name size notes opcode ecdh 1 0x43 param1 mode 1 bits 7-0: reserved for future use, must be zero. param2 keyid 2 the private key to be used in the ecdh calculation. data1 x 32 the x component of the public key to be used for ecdh calculation. data2 y 32 the y component of the public key to be used for ecdh calculation. table 9-17.?output parameter name size notes response 1 or 32 if the ecdh operation was successful: ? if specified by slotconfig.readkey<3>, the shared secret in the clear ATECC508A security commands ? 2017 microchip technology inc. datasheet complete ds20005927a-page 65
name size notes ? else the success code of 0x00 if any error has occurred, this parameter will contain the error code. 9.6 gendig command the gendig command uses sha-256 to combine a stored or input value with the contents of tempkey, which must have been valid prior to the execution of this command. the stored value can come from one of the data slots, the configuration zone, either of the otp pages, the monotonic counters, or be retrieved from the hardware transport key array. the resulting digest is retained in tempkey, and can be used in one of four ways: 1. it can be included as part of the message used by the mac , sign , checkmac , or hmac commands. because the mac response output incorporates both the data used in the gendig calculation and the secret key from the mac command, it serves to authenticate the data stored in the data and/or otp zones. 2. a subsequent read or write command can use the digest to provide authentication and/or confidentiality for the data, in which case it is known as a data protection digest. 3. the command can be used for secure personalization by using a value from the transport key array. the resulting data protection digest would then be used by write . 4. the input value, typically a nonce from a remote device, is combined with the current tempkey value to create a shared nonce in which both devices can attest to the inclusion of the rng. if zone is 0x02 (i.e. data), and keyid is less than 0x8000 , then the gendig command sets tempkey.gendigdata to one, and tempkey.keyid to the input keyid; otherwise, tempkey.gendigdata is set to zero. if keyconfig.reqrandom is set for keyid, and the data zone is locked, then the value in the tempkey register must have been originally computed using a random number via the nonce command; otherwise, gendig will fail. regardless of how the resulting digest is computed, it can never be read from the device. if tempkey.valid is invalid, this command returns an error. upon command completion, the tempkey.valid bit is set indicating that a digest has been loaded and is ready for use. the tempkey.valid bit is cleared when the next command is executed. see section static ram (sram) memory for more details. for all keyid values less than 0x8000 , the device uses the least-significant four bits of keyid to determine the slot number from which to retrieve the key value from the data zone of the eeprom. keyid values above 0x8000 reference keys stored in the masks of the design. these keys can only be used if the nonce value stored in tempkey has been generated using the on-board rng. in any event, all 16 bits of the keyid as input to the device are used as param2 in the sha-256 calculation. when the key specified on input to gendig has the nomac bit set, gendig can be used to generate ephemeral keys matching those generated on client cryptoauthentication devices using the derivekey command. keys which have the nomac bit set represent situations in which the device is acting as a host. in this case, the opcode and parameter bytes that would normally be included in the sha calculation are replaced with bytes from the input stream. ATECC508A security commands ? 2017 microchip technology inc. datasheet complete ds20005927a-page 66
table 9-18.?input parameters name size notes opcode gendig 1 0x15 param1 zone 1 if 0x00 (config), then use keyid to specify any of the four 256-bit blocks of the configuration zone. if keyid has a value greater than three, the command will return an error. if 0x01 (otp), use keyid to specify either the first or second 256-bit block of the otp zone. if 0x02 (data), then keyid specifies a slot in the data zone or a transport key in the hardware array. if 0x03 (shared nonce), then keyid specifies the location of the input value in the message generation. if 0x04 (counter), then keyid specifies the monotonic counter id to be included in the message generation. if 0x05 (key config), then keyid specifies the slot for which the configuration information is to be included in the message generation. all other values are reserved and must not be used. param2 keyid 2 identification number of the key to be used, selection of which otp block or message order for shared nonce mode. data1 otherdata 32 or 4 or 0 four bytes of data for sha calculation when using a nomac key, 32 bytes for shared nonce mode, otherwise ignored table 9-19.?output parameter name size notes success 1 upon successful execution, ATECC508A returns a value of zero. if zone is shared nonce and keyid<15> is zero then the sha-256 message body used to create the resulting new tempkey consists of the following bytes: 32 bytes input otherdata parameter 1 byte opcode (always 0x15 ) 1 byte mode 1 byte lsb of keyid 1 byte zero 1 byte sn<8> 2 bytes sn<0:1> 25 bytes zeros 32 bytes tempkey.value if zone is shared nonce and keyid<15> is one then the sha-256 message body used to create the resulting new tempkey consists of the following bytes: ATECC508A security commands ? 2017 microchip technology inc. datasheet complete ds20005927a-page 67
32 bytes tempkey.value 1 byte opcode (always 0x15 ) 1 byte mode 1 byte lsb of keyid 1 byte zero 1 byte sn<8> 2 bytes sn<0:1> 25 bytes zeros 32 bytes input otherdata parameter if zone is data and slotconfig.nomac is one, then the sha-256 message body used to create the resulting new tempkey consists of the following bytes: 32 bytes slot 4 bytes otherdata 1 byte sn<8> 2 bytes sn<0:1> 25 bytes zeros 32 bytes tempkey.value if zone is counter, then the sha-256 message body used to create the resulting new tempkey consists of the following bytes. counter mode is supported only on the ATECC508A. 32 bytes zeros 1 byte opcode 1 byte param1 2 bytes param2 1 byte sn<8> 2 bytes sn<0:1> 1 byte zero 4 bytes counter (binary value as reported by counter command) 20 bytes zeros 32 bytes tempkey.value if zone is key config (0x05), then the sha-256 message body used to create the resulting new tempkey consists of the following bytes: 32 bytes zeros 1 byte opcode 1 byte mode 2 bytes param2 ATECC508A security commands ? 2017 microchip technology inc. datasheet complete ds20005927a-page 68
1 byte sn<8> 2 bytes sn<0:1> 1 byte zero 2 bytes slotconfig 2 bytes keyconfig 1 byte slotlocked (byte is 0x01 if slotlocked bit is set otherwise 0x00 ) 19 bytes zeros 32 bytes tempkey.value in all other cases, the message use to create tempkey is as follows: 32 bytes otp or slot or transportkey 1 byte opcode 1 byte param1 2 bytes param2 1 byte sn<8> 2 bytes sn<0:1> 25 bytes zeros 32 bytes tempkey.value 9.7 genkey command the genkey command performs one or more of the following three operations: 1. private key creation : creates a new random private key and writes that key into the slot specified by the keyid parameter. the eeprom rng seed will automatically be updated prior to the execution of this command if it has not been already updated this power cycle. 2. public key computation : generates an ecc public key based upon the private key stored in the slot defined by the keyid parameter. this mode of the command may be used to avoid storing the public key on the device at the expense of the time required to regenerate it. 3. digest calculation : genkey can also combine a public key referenced by the keyid parameter with the current value stored in tempkey, calculate a sha-256 digest of the resulting message, and place that digest back into tempkey. this digest can be used as the message for an internal signature, or as a component of a mac computation. tempkey must be valid prior to digest calculation. if keyconfig.reqrandom is set, then tempkey must have been created using the internal rng. the digest calculation operation can be performed by using either a public key computed from a private key in a slot or by using a public key already stored in a slot. in the latter case, the appropriate checks for prior authorization and limited use will be performed on the public key slot, and the remaining checks indicated below will not be performed. when genkey is used to calculate a digest on a public key slot, it ignores the validity status of the public key. ATECC508A security commands ? 2017 microchip technology inc. datasheet complete ds20005927a-page 69
excluding the digest generation operation described above, the slot indicated by this command must be configured by means of keyconfig.private to contain an ecc private key, and slotconfig.issecret must be set to one, or else this command will fail. if the keyconfig.keytype does not indicate an ecc curve supported by this device, then this command will also return an error. prior to the configuration zone being locked, this command will always return an error. once the data zone has been locked, the following additional restrictions are enforced: ? private key creation: C bit 13 of the corresponding slotconfig must be set to one. C if keyconfig.reqauth is set to one, then a prior authorization using keyconfig.authkey must have been performed. ? public key generation: C keyconfig.pubinfo must be set to one. C if keyconfig.reqauth is set to one, then a prior authorization using keyconfig.authkey must have been performed. the following applies to all private key creation operations regardless of whether or not the data zone has been locked: ? this command writes only those bytes necessary to create a private key of the type specified. the remaining bytes within the slot are unaffected by this command. ? when creating and writing a random key into the data zone, the genkey command always returns the public key regardless of the value of the pubinfo bit within the keyconfig area. ? if the corresponding slotlocked bit is zero, then this command returns an error. ? there is a small statistical probability that the generated key will be unacceptable, in which case this command will return a single byte containing the ecc fault code (see table 9-3 ). in this circumstance the command should be re-run and will usually generate a key correctly in the subsequent iteration. table 9-20.?input parameters name size notes opcode genkey 1 0x40 param1 mode 1 see table 9-22 . param2 keyid 2 specifies the slot where a private ecc key is generated, the private key slot used to generate a public key or a public key location used as part of a digest generation. data otherdata 3 if keyid points to a public key, then these bytes replace param1 and param2 in the message calculation. table 9-21.?output parameter name size notes response 1 or 64 public key x and y coordinates. ecc fault code if generated private key was unacceptable. ATECC508A security commands ? 2017 microchip technology inc. datasheet complete ds20005927a-page 70
table 9-22.?mode encoding bits meaning 7C5 must be zero. 4 0 = keyid points to a private key, and mode<2> and mode<3> control device operation. 1 = keyid must point to a public key, and genkey only creates the digest in tempkey without any public key generation operation. bit 2 and bit 3 of the mode byte are ignored if this bit is set. 3 0 = no pubkey digest is created. 1 = the device creates a pubkey digest based on the private key in keyid and places it in tempkey. 2 0 = a the private key currently stored in the slot is used to generate the public key. 1 = a random private key is generated and stored in the slot specified by keyid. keytype must indicate an ecc key in the keyconfig area for this keyid or an error will be returned. 1C0 must be zero. when a pubkey digest is to be calculated by the genkey command, the following message is used as the input to the sha-256 algorithm: 32 bytes tempkey 1 byte opcode 1 byte param1 2 bytes param2 1 byte sn<8> 2 bytes sn<0:1> 25 bytes zeros 64 bytes x and y coordinates of the public key 9.8 hmac command the hmac command computes an hmac/sha-256 digest using a key stored in the device over a challenge, stored in the tempkey register and/or other information stored within the device. the output of this command is the output of the hmac algorithm computed over message using the specified key. the normal command flow to use this command is as follows: 1. run nonce command to load input challenge and optionally combine it with a generated random number. the result of this operation is a nonce stored internally on the device. 2. optionally run gendig command to combine one or more stored eeprom locations in the device with the nonce. the result is stored internally in the device. 3. run this hmac command to combine the output of step one (and step two, if desired) with an eeprom key to generate an output response (i.e. digest). see the sha command, which can generate an hmac digest over an arbitrary length message without any special formatting. ATECC508A security commands ? 2017 microchip technology inc. datasheet complete ds20005927a-page 71
table 9-23.?input parameters name size notes opcode hmac 1 0x11 param1 mode 1 controls which fields within the device are used in the message. param2 keyid 2 the internal key is to be used to generate the response. bits 3:0 are only used to select a slot; however, all 16 bits are used in the hmac message. data 0 table 9-24.?output parameter name size notes response 32 hmac digest. the hmac digest is computed using the key at keyid as the hmac key over a message consisting of the following information: 32 bytes zeros 32 bytes tempkey 1 byte opcode (always 0x11 ) 1 byte mode 2 bytes keyid 8 bytes zeros 3 bytes zeros 1 byte sn<8> (never zeroed out) 4 bytes sn<4:7> (or zeros, see mode encoding ) 2 bytes sn<0:1> (never zeroed out) 2 bytes sn<2:3> (or zeros, see mode encoding ) table 9-25.?mode encoding bits meaning 7 must be zero. 6 0 = 48 message bits corresponding to sn<2:3> and sn<4:7> are set to zero. 1 = include the 48 bits sn<2:3> and sn<4:7> in the message. 5C3 must be zero. 2 the value of this bit must match the value in tempkey.sourceflag or the command will return an error. 1C0 must be zero. ATECC508A security commands ? 2017 microchip technology inc. datasheet complete ds20005927a-page 72
9.9 info command info command accesses some static or dynamic four byte information from the device depending upon the value of mode. illegal values of the mode parameter will result in a parse error response. table 9-26.?mode encoding param1 mode notes 0x00 revision a single 4-byte word representing the revision number of the device is returned. software should not depend on this value as it may change from time to time. at the time of data sheet creation the info command will return 0x00 0x00 0x50 0x00 . for all versions of the ecc508a the 3 rd byte will always be 0x50 . the fourth byte will indicate the silicon revision. 0x01 keyvalid returns a value of one if an ecc private or public key stored in the key slot specified by param is valid and zero if the key is not valid. for public keys in slots where pubinfo is zero, the information returned by this command is not useful. this information is not meaningful for slots in which keytype does not indicate a supported ecc curve. 0x02 state returns various dynamic state information as follows: first byte on the bus: bit 7: tempkey.nomacflag bit 6: tempkey.genkeydata bit 5: tempkey.gendigdata bit 4: tempkey.sourceflag bits 3C0: tempkey.keyid second byte on the bus: bit 7: tempkey.valid bits 6C3: authkeyid: the slot id on which an authorization was performed bit 2: authvalid: a valid authorization sequence has been performed bit 1: sram rng: seed has been updated this power cycle bit 0: eeprom rng: seed has been updated this power cycle the third and fourth bytes on the bus are all zeros. 0x03 gpio accesses the gpio pin when the device is in either of the single-wire interface modes. the specific operation is controlled by param2 as follows: bits 15-2: must be zero bit 1: driver state; input (0) or output (1) bit 0: state to which output is to be driven. ignored if bit 1 is zero always return the current state in the first byte followed by three bytes of 0x00 . ATECC508A security commands ? 2017 microchip technology inc. datasheet complete ds20005927a-page 73
table 9-27.?input parameters name size notes opcode info 1 0x30 param1 mode 1 see table 9-26 . param2 param 2 use depends on mode. data 0 ignored. table 9-28.?output parameters name size notes response 4 the information specified by mode or an error code. further information on the gpio mode is as follows: ? if the gpio_mode field within config.i2c_address is set to disabled, or if config.i2c_enable<0> is set to i 2 c mode, then the gpio mode always returns an error code to the system firmware. ? if the gpio_mode field within config.i2c_address is set to authorization modes, then the operation depends on i2c_address<3>. if this bit is zero, then the device is in authorization output mode. if one, then the device is in intrusion detection mode. C authorization output mode : regardless of the state of param2<1>, on a successful execution the info command returns the current state of the output pin. if param2<1> indicates output and param2<0> matches the default output state (i2c_address<2>), then set the output to the default; otherwise, if authvalid is one and authkeyid matches signalkey, then set the output to the opposite of the default state. C intrusion detection mode : regardless of the state of param2<1> on a successful execution the info command returns the current state of the intrusion latch. if param2<1> indicates output, and if authvalid is one and authkey matches signalkey, then set the intrusion latch to param2<0>. ? if the gpio_mode field within config.i2c_address is set to input, then the current state of the gpio pin is returned to the system firmware without changing the direction of the gpio pin. this command will return an error if param2<1> (driver state) is set to one (output). ? if the gpio_mode field within config.i2c_address is set to output, then the direction of the gpio driver will be set to match param2<1> to zero for input and one for output. if configured as an output, then the value in param2<0> will be driven to the pin. regardless of the value in param2, the current state of the gpio pin will be returned to the system in the output response parameter. 9.10 lock command the lock command prevents future modifications of the configuration and/or data and otp zones. if the device is so configured, then this command can be used to lock individual data slots. this command fails if the designated area is already locked. prior to locking the configuration and/or data and otp zones, the ATECC508A can optionally use the crc-16 algorithm to verify the contents of the designated zone(s). the calculation uses the same algorithm as the crc computed over the input and output groups. this summary digest (crc) is always ignored when locking an individual slot. ATECC508A security commands ? 2017 microchip technology inc. datasheet complete ds20005927a-page 74
? configuration zone : the crc is calculated over all 128 bytes within the configuration zone using the current value of the lockconfig at address 87. if the compare succeeds, then lockconfig will be set to a value of 00 . ? data and otp zone : the slot contents are concatenated in numerical order to create the input to the crc algorithm. slots that are configured to contain an ecc private key are never included in the summary crc calculation. the otp zone is then concatenated after the last data slot and the crc value is calculated. if the compare succeeds, then lockvalue will be set to a value of 00 . if mode<7> is zero and the input summary does not match that computed on the device, then an error is returned and the personalization process should be repeated. for slots containing public keys that must be validated, the most significant four bits are modified by the device when being written and/or when being validated. the summary crc is calculated using the current values. table 9-29.?input parameters name size notes opcode lock 1 0x17 param1 mode 1 see table 9-31 . param2 summary 2 summary (crc) of the designated zones, or should be 0x0000 if mode<7> is set. data ignored 0 table 9-30.?output parameter name size notes success 1 upon successful execution, ATECC508A returns a value of zero. table 9-31.?mode encoding bits meaning 7 summary check bit. this bit is ignored when locking individual data slots. 0 = the summary value is verified before the zone is locked. 1 = check of the zone summary is ignored and the zone is locked regardless of the contents of the zone. microchip does not recommend using this mode. 6 unused, must be zero. 5C2 the slot number to be locked if bits<1:0> have a value of 0b10 ; otherwise, these bits must be zero. 1-0 00 = the configuration zone is to be locked. 01 = the data and otp zones are to be locked. 10 = a single slot in the data zone is to be locked. 11 = illegal value, the device will return an error. ATECC508A security commands ? 2017 microchip technology inc. datasheet complete ds20005927a-page 75
9.11 mac command the mac command computes a sha-256 digest of a key stored in the device, a challenge, and other information on the device. the output of this command is the digest of this message. if the message includes the serial number of the device, the response is said to be diversified. the normal command flow to use this command is as follows: 1. run nonce command to load input challenge and optionally combine it with a generated random number. the result of this operation is a nonce stored internally on the device. 2. optionally, run gendig command to combine one or more stored eeprom locations in the device with the nonce. the result is stored internally in the device. this capability permits two or more keys to be used as part of the response generation. 3. run this mac command to combine the output of step one (and step two if desired) with an eeprom key to generate an output response (i.e. digest). alternatively, data in any slot (which does not have to necessarily even be secret) can be accumulated into the response through the same gendig mechanism. this has the effect of authenticating the value stored in that location. table 9-32.?input parameters name size notes opcode mac 1 0x08 param1 mode 1 controls which fields within the device are used in the message. param2 keyid 2 the internal key is to be used to generate the response. bits 3:0 only are used to select a slot; however, all 16 bits are used in the sha-256 message. data challenge 0 or 32 input portion of message to be digested, ignored if mode<0> is one. table 9-33.?output parameter name size notes response 32 sha-256 digest the message that will be hashed with the sha-256 algorithm consists of the following information: 32 bytes slot or tempkey (see mode encoding ) 32 bytes challenge or tempkey (see mode encoding ) 1 byte opcode (always 0x08 ) 1 byte mode 2 bytes keyid 8 bytes zeros 3 bytes zeros 1 byte sn<8> (never zeroed out) 4 bytes sn<4:7> (or zeros, see mode encoding ) ATECC508A security commands ? 2017 microchip technology inc. datasheet complete ds20005927a-page 76
2 bytes sn<0:1> (never zeroed out) 2 bytes sn<2:3> (or zeros, see mode encoding ) table 9-34.?mode encoding bits meaning 7 must be zero. 6 0 = 48 message bits corresponding to sn<2:3> and sn<4:7> are set to zero. 1 = include the 48 bits sn<2:3> and sn<4:7> in the message. 5C3 must be zero. 2 if either mode<0> or mode<1> are set, mode<2> must match the value in tempkey.sourceflag or the command will return an error. 1 0 = the first 32 bytes of the sha message are loaded from one of the data slots. 1 = the first 32 bytes are filled with tempkey. 0 0 = the second 32 bytes of the sha message are taken from the input challenge parameter. 1 = the second 32 bytes are filled with the value in tempkey. this mode is recommended for all use. 9.12 nonce command the nonce command generates a nonce for use by a subsequent command by combining an internally generated random number with an input value from the system. the resulting nonce is stored internally in tempkey and the generated random number is returned to the system. the input value is designed to prevent replay attacks against the host, and it must be externally generated by the system and passed into the device using this command. it may be any value that changes consistently, such as a nonvolatile counter, current real time of day, and so forth, or it can be an externally generated random number. to provide a nonce value for subsequent crypto commands, the input number and output random number are hashed together according to the information listed below. the resulting digest (i.e. nonce) is always stored in the tempkey register, tempkey.valid is set, and tempkey.sourceflag is set to rand. the nonce can then be used by a subsequent ATECC508A command. where the actual nonce value is required to be known by an external system, software will typically be needed to externally compute this digest value and store it externally to complete the execution of those commands. in order to simplify the system code for some usage models, the device provides a mechanism for a host device to compute the nonce generated on a client device. in this calculation mode, the current value in tempkey is combined with the input parameters using sha and the result is written back into tempkey. the new tempkey value is also returned to the system as the output parameter. mode<1:0> must have a value of zero or one to enable this feature. tempkey.sourceflag is not modified by the device in this mode. alternatively, this command can also be run in a pass-through mode if a fixed nonce is required for subsequent commands. in this case, the input value must be 32 bytes long and it is passed directly to tempkey without modification. no sha-256 calculation is performed and tempkey.sourceflag is set to ATECC508A security commands ? 2017 microchip technology inc. datasheet complete ds20005927a-page 77
input. if operated in this mode and with a repeated input number value, the device provides no protection against replay attacks. prior to the configuration zone being locked, the rng produces a value of 0xff ff 00 00 ff ff 00 00 to facilitate testing. this test value is combined with the input value in the manner described above. table 9-35.?input parameters name size notes opcode nonce 1 0x16 param1 mode 1 controls the mechanism of the internal rng and seed update. param2 zero 2 bit 15: 0 = outdata is either the output of the rng or a single byte of zero. 1 = randout is replaced by tempkey in both the hash calculation input (message) and the command output parameter. bits 14-0: must be zero data numin 20, 32 input value from system. table 9-36.?output parameter name size notes outdata 1 or 32 the output of the rng, calculated nonce or a single byte with a value of zero if mode<0:1> is three. if mode<1:0> is 0b00 or 0b01 and param2<15> is zero, then the input numin parameter must be 20 bytes long and the sha-256 message body used to create the nonce stored internally in tempkey consists of the following. upon completion of the command, tempkey.sourceflag is set to rand. if mode<1:0> is 0b01 , the automatic random number seed update is suppressed. see section random number generator (rng) . 32 bytes randout 20 bytes numin from input stream 1 byte opcode (always 0x16 ) 1 byte mode 1 byte lsb of param2 (should always be 0x00 ) if mode<1:0> is 0b00 or 0b01 and param2<15> is one, then the input numin parameter must be 20 bytes long and the sha-256 message body used to create the nonce stored internally in tempkey consists of the following. tempkey must be valid prior to execution of this command and the values of the remaining tempkey flags remain unchanged. 32 bytes tempkey 20 bytes numin from input stream 1 byte opcode (always 0x16 ) 1 byte mode 1 byte lsb of param2 (should always be 0x00 ) ATECC508A security commands ? 2017 microchip technology inc. datasheet complete ds20005927a-page 78
if mode<1:0> is 0b11 , then this command operates in pass-through mode, the input parameter (numin) must be 32 bytes long and tempkey is loaded with numin. no sha-256 calculation is performed, no data is returned to the system, and tempkey.sourceflag is set to input. table 9-37.?mode encoding bits meaning 7C2 must be zero. 1C0 00 = combine new random number with numin, store in tempkey. automatically update eeprom seed only if necessary prior to random number generation. recommended for highest security. 01 = combine new random number with numin, store in tempkey. generate random number using existing eeprom seed, do not update eeprom seed. (not recommended for general use.) 10 = invalid. 11 = operate in pass-through mode and write tempkey with numin. 9.13 pause command all devices on the bus for which the configuration selector byte does not match the input selector parameter will go to the idle mode. this command is used to prevent bus conflicts in a system that includes multiple ATECC508A devices sharing the same bus. this command differs from the idle flag/sequence in that individual devices on the single pin bus may be selected to go into the idle mode, as opposed to the idle flag which causes all the cryptoauthentication devices on the bus into the idle mode. if the eeprom selector byte does not match the input selector parameter, then the device will immediately go to the idle mode and no result information will be available. if the input selector parameter does match the configuration selector byte, then the device returns a success code of 0x00 . the pause command cannot be used to put the devices into the sleep mode. table 9-38.?input parameters name size notes opcode pause 1 0x01 param1 selector 1 all devices that do not match this value go to idle mode. param2 zero 2 must be 0x0000 . data ignored 0 table 9-39.?output parameter name size notes success 1 if the command indicates that some other device should idle, ATECC508A returns a value of 0x00 . if this device goes to idle, no value is returned. 9.14 privwrite command the privwrite command is used to write externally generated ecc private keys into the device. ATECC508A security commands ? 2017 microchip technology inc. datasheet complete ds20005927a-page 79
note:? for best security, microchip recommends that the privwrite command not be used, and that private keys be internally generated from the rng using the genkey(create) command. the slot indicated by this command must be configured via keyconfig.private to contain an ecc private key, and slotconfig.issecret must be set to one, or else this command will return an error. if the slot is individually locked using slotlocked, then this command will also return an error. the private key data is always sent to the device as a 36 byte integer. it is passed to the device msb first. the first four bytes (32 bits) should be zero. prior to the data zone being locked, this command can be used to write the slot contents without regards to the slotconfig value and/or the method by which tempkey was generated. the input data may or may not be encrypted based on the zone byte; if the input data is plain text then the mac is ignored, but if it is encrypted then the mac must be present and be properly computed. prior to the configuration zone being locked, this command will always return an error. once the data zone is locked, the following is necessary for the write to complete: ? slotconfig.issecret must be one. ? slotconfig.writeconfig must be set to encrypt to indicate that writes require encryption. it is not possible to write to a slot for which writeconfig is set to any other value. ? tempkey must be valid, its contents must have been generated using the gendig command, and the keyid used during the gendig execution must match slotconfig.writekey. ? zone<6> must be set to indicate that the input data has been encrypted as follows: C the first 32 input bytes should be externally encrypted by xoring their value with the current value in tempkey. the next four bytes should be externally encrypted by xoring their value with the first four bytes of sha-256(tempkey). ? an input authenticating mac must be computed as follows: C sha-256(tempkey, opcode, param1, param2, sn<8>, sn<0:1>, <21 bytes of zeros>, 36 bytes of plaintextdata) keyconfig.reqrandom, keyconfig.reqauth and keyconfig.authkey are ignored by this command because they will have been checked by the gendig command for the parent encrypting key. table 9-40.?input parameters name size notes opcode privwrite 1 0x46 param1 zone 1 bit 7: must be zero. bit 6: 0 = the input data is not encrypted: legal only when the data zone is unlocked. 1 = the input data is encrypted using tempkey. bits 5-0: must be zero. param2 keyid 2 key slot to be written. data_1 value 36 information to be written to the slot may be encrypted. must be 36 bytes long regardless of the size of the key. data_2 mac 32 message authentication code to validate eeprom write operation. ATECC508A security commands ? 2017 microchip technology inc. datasheet complete ds20005927a-page 80
table 9-41.?output parameter name size notes success 1 upon successful completion, ATECC508A returns a value of zero. 9.15 random command the random command generates a random number for use by the system. random numbers are generated through a combination of the output of a hardware rng and an internal seed value stored in the eeprom or sram. the external system may choose to update the internally stored eeprom seed value prior to the generation of the random number as part of the execution of the nonce or random command. the random command does not provide a mechanism to integrate an input number with the internal stored seed. if this functionality is desired, then the system should use the nonce command and ignore the generated nonce. prior to the configuration zone being locked, the rng produces a value of 0xff, 0xff, 0x00, 0x00, 0xff, 0xff, 0x00, 0x00 to facilitate testing. note:? the same internal stored seeds are used for both the nonce and random commands. table 9-42.?input parameters name size notes opcode random 1 0x1b param1 mode 1 controls the mechanism of the internal rng and seed update. param2 zero 2 must be 0x0000 . data ignored 0 table 9-43.?output parameter name size notes randout 32 the output of the rng. table 9-44.?mode encoding bits meaning 7C1 must be zero. 0 0 = automatically update eeprom seed only if necessary prior to random number generation. recommended for highest security. 1 = generate random number using existing eeprom seed, do not update eeprom seed. 9.16 read command the read command reads words (one four byte word or an 8-word block of 32 bytes) from one of the memory zones of the device. the data may optionally be encrypted before being returned to the system. see section address encoding for data zone byte and word addressing information. ATECC508A security commands ? 2017 microchip technology inc. datasheet complete ds20005927a-page 81
if reading from a slot in which slotconfig.encryptread is set, the gendig command must have been run prior to the execution of this command to generate the key that will be used for encryption. the key specified in slotconfig.readkey must have been used in the gendig calculation. the device encrypts data to be read by xoring each byte read from the eeprom with the corresponding byte from tempkey. encrypted reads of the configuration and/or otp zones are not permitted. note:? keyconfig.reqrandom, keyconfig.reqauth, and keyconfig.authkey are ignored by this command because they will have been checked by the gendig command for the parent encrypting key. the byte addresses to be read should be divided by four (drop the least-significant two bits) before being passed to the device. if 32 bytes are being read, then the least-significant three bits of the input address are ignored. addresses beyond the end of the specified zone result in an error. the following restrictions apply to the three zones: ? configuration zone : the words within this zone are always readable using this command, regardless of the value of lockconfig. ? otp zone : if the otp zone is unlocked this command returns an error. once locked, if otpmode is set to a non-zero value and the address points to either word zero or one, then the command also returns an error; otherwise, the corresponding word within the otp zone is returned in the clear. ? data zone : if the data zone is unlocked, this command returns an error; otherwise, the values within the corresponding slotconfig word control access to the data slot. if slotconfig.issecret is set and a four byte read is attempted, the device returns an error. if encryptread is set, this command encrypts the data as specified above. if issecret is set and encryptread is clear, this command returns an error. if issecret is clear and encryptread is clear, this command returns the desired slot in the clear. partial data blocks are always zero extended to 32 bytes before being encrypted. table 9-45.?input parameters name size notes opcode read 1 0x02 param1 zone 1 bit 7: 0 = 4 bytes are read. 1 = 32 bytes are read. bits 6-2: must be zero. bits 1-0: select among configuration, otp, or data. see section zone encoding . param2 address 2 address of first word to be read within the zone. see section address encoding . data 0 table 9-46.?output parameter name size notes contents 4 or 32 the contents of the specified memory location. ATECC508A security commands ? 2017 microchip technology inc. datasheet complete ds20005927a-page 82
if reading a data zone and the encryptread bit is set in the corresponding slotconfig word, the following actions are taken to encrypt the data: ? all of the tempkey register bits must be properly set as follows or else this command returns an error: tempkey.valid == 1 tempkey.gendigdata == 1 tempkey.keyid == slotconfig.readkey tempkey.sourceflag == rand ? xor the data from the memory zone with tempkey. return as contents. 9.17 sha command computes a sha-256 or hmac/sha digest for general purpose use by the system. it may also be used by the verify(validateexternal) command to verify an x.509 certificate and store that validation status with an internally stored public key. calculation of a sha-256 digest occurs in the following three steps: 1. start: initialization of the sha-256 calculation engine and initialization of the sha context in memory. this mode does not accept any message bytes. 2. update: the command can be called a variable number of times with this mode to add bytes to the message. each iteration of this mode must include a message of 64 bytes. a variation on sha(update) is sha(public) which inserts the contents of a public key slot into the message. 3. end: the sha-256 calculation is completed, and the resulting digest is placed into the output buffer. it is also stored in the tempkey register for subsequent (optional) use by the verify(validateexternal) command. from 0 bytes to 63 bytes may be passed to the device for this mode. on any error return code, or if any command other than sha is sent to the device, the internal sha context is invalidated and tempkey is also invalidated. this command can also optionally generate a digest to be used by verify(validateexternal) to validate a stored public key, which allows speed-up for future signature validations when x.509 format signatures are used. to implement this, a sha(public) iteration can be inserted prior to sha(end) iteration, and the 64 bytes of the public key stored in the slot designated by param2 will be added to the message. this mode will fail if the designated slot does not contain a public key. verify(validateexternal) will only successfully validate the stored public key if the sha(public) iteration occurs at the at the block number indicated by x509format.bits<3:0> within the sequence of sha(update) commands, and if the total number of blocks passed to the sha command matches the value in x509format.bits<7:4> . this restriction prevents a generation of non-standard x.509 templates, which may push the inserted public key into an unchecked area of the template. calculation of an hmac digest occurs in the following three steps, which are similar to the sha process above with the exception that a key slot is specified in the first step, and its value is used in the calculations at the beginning and end of the message per the hmac specification. ATECC508A security commands ? 2017 microchip technology inc. datasheet complete ds20005927a-page 83
1. hmacstart: initialization of the hmac calculation engine and initialization of the sha context in memory. a stored key legal for use with sha operations must be specified. this mode does not accept any message bytes. 2. update: along with sha(public) , identical to sha-256. 3. hmacend: the hmac calculation is completed re-using the key value from hmacstart, and the resulting digest is placed into the output buffer. it is also stored in the tempkey register. from 0 bytes to 63 bytes may be passed to the device for this mode. table 9-47.?input parameters name size notes opcode sha 1 0x47 param1 mode 1 bits 7-3: must be zero. bits 2-0: 000 (start) = load tempkey with the initialization value for sha2-56. no message bytes are accepted (length must be zero). 001 (update) = add 64 bytes in the message parameter to the sha context. 010 (end) = complete the sha-256 computation and load the digest into tempkey and the output buffer. up to 63 message bytes are accepted (length must be 0 through 63 inclusive.) 011 (public) = add 64 bytes of a public key stored in one of the data zone slots to the sha context. param2 should contain the slot id of the public key, and the command will return an error if the slot contains anything other than a public key. no further bytes should appear in the input stream (message size is zero). 100 (hmacstart) = load tempkey with the initialization value for sha2-56. length field specifies the key to be used for the hmac calculation. no message bytes are accepted. 101 (hmacend) = complete the hmac/sha-256 computation and load the digest into tempkey and the output buffer. up to 63 message bytes are accepted (length must be 0 through 63 inclusive.) param2 length 2 number of bytes in the message parameter. keyid for the hmac key if mode is hmacstart. data message 0 C 64 up to 64 bytes of data to be included into the hash operation. table 9-48.?output parameter name size notes response 1 or 32 the sha256 digest if mode is end(0x02) or hmacend(0x05), otherwise 0x00 for success or an error code. 9.18 sign command the sign command generates a signature using the ecdsa algorithm. the ecc private key in the slot specified by keyid is used to generate the signature. the message may be externally or internally generated, as noted below: ATECC508A security commands ? 2017 microchip technology inc. datasheet complete ds20005927a-page 84
? external message generation (mode<7> is 1) C the system should externally compile the information to be signed and compute the digest of that information using an external hash algorithm. this digest should then be loaded into tempkey using the nonce command. the ATECC508A cannot compute the sha-256 digest of a random external message. C external signatures must be enabled using slotconfig.readkey<0> or else this command will return an error. ? internal message generation (mode<7> is 0) C the message to be signed is internally generated. a typical use for this mode is to sign an internally generated random key. C the message is comprised of the output of the gendig or genkey commands (stored in tempkey), plus various other state information according to the description below. if tempkey is invalid or if it was not generated using gendig or genkey , then this command will return an error. C internal signatures must be enabled using slotconfig.readkey<1> or this command will return an error. C if the data zone has not been locked, then internal signatures will always generate an error code. the slot indicated by this command must be configured via keyconfig.private to contain an ecc private key, and slotconfig.issecret must be set to one or else this command will fail. there is a small statistical probability that the device will fail to properly generate the ephemeral key, in which case this command will return a single byte containing the ecc fault code (see table 9-3 ). the command will generally succeed if resubmitted. table 9-49.?input parameters name size notes opcode sign 1 0x41 param1 mode 1 see table 9-51 . param2 keyid 2 the internally-stored private key to be used to generate the signature. table 9-50.?output parameter name size notes response 64 the signature composed of r and s, or an error code. table 9-51.?mode encoding bits meaning 7 0 = the message to be signed is internally generated as below. 1 = the message to be signed is in tempkey and sign extended as above. 6 0 = 48 message bits corresponding to sn<2:3> and sn<4:7> are set to zero. 1 = include the 48 bits sn<2:3> and sn<4:7> in the message for internal signatures. this bit is ignored if mode<7> is one. ATECC508A security commands ? 2017 microchip technology inc. datasheet complete ds20005927a-page 85
bits meaning 5C1 must be 0 . 0 set to 0 if the resulting signature is intended to be used by verify(validate) or 1 if it is to be used by verify(invalidate) . in all other situations, this bit must be 0 . internal signatures are always generated over digest information placed in tempkey by genkey or gendig , and include further configuration information regarding the key used for the tempkey calculation. note:? if multiple genkey or gendig commands have been run between the nonce and sign commands, only the configuration for the last key used will be signed. the bit within the slotlocked field corresponding to the last key used in the tempkey computation is in the lsb of the byte listed below, regardless of whether or not the slot is individually lockable. this 55 byte message is created as described in the next paragraph. if the slot contains a public key corresponding to a supported curve, and if pubinfo indicates this key must be validated before being used by verify , and if the validity bits have a value of 0x05 , then the pubkey valid byte will be 0x01 . in all other cases, it will be 0x00 . 32 bytes tempkey (must have been generated by genkey or gendig ) 1 byte opcode (0x41) 1 byte mode 2 bytes keyid 2 bytes slotconfig 2 bytes keyconfig 1 byte tempkeyflags (b<7> nomacflag, b<6> genkeydata, b<5> gendigdata, b<4> sourceflag, b<3:0> keyid) 2 byte zeros 1 byte sn<8> (never zeroed out) 4 bytes sn<4:7> (or zeros, see mode) 2 bytes sn<0:1> (never zeroed out) 2 bytes sn<2:3> (or zeros, see mode) 1 byte slotlocked (byte is 0x01 if slotlocked bit is set otherwise 0x00 ) 1 byte pubkey valid (or zero, see above) 1 byte 0x00 this message is then hashed using the sha-256 algorithm and passed to the ecdsa signature computation engine. 9.19 updateextra command the updateextra command is used to update the values of the two extra bytes within the configuration zone (location 84 and 85) after the configuration zone has been locked. ATECC508A security commands ? 2017 microchip technology inc. datasheet complete ds20005927a-page 86
? if mode<1> is set, the command implements a fast decrement of the limited use counters which may be associated with a particular key. C if the slot indicated by the newvalue param does not contain a key for which limited use is implemented or enabled, then the command returns silently without taking any action. C if the indicated slot contains a limited use key, which does not have any uses remaining, then the command returns an error. ? if the mode parameter indicates userextra at address 84: C if the current value in userextra (byte 84 of configuration zone) is zero, then updateextra writes this byte with the lsb of newvalue and returns success. C if the current value in userextra is non-zero, then the command returns an execution error. ? if the mode parameter indicates selector at address 85: C if the selectormode (chipmode.bit0 of the device mode within the configuration zone) is set to one and selector (byte 85 of the configuration zone) is non-zero, then this command will write selector with the lsb of newvalue and return success. C if selectormode is cleared, indicating that no check of the current selector should be made, then this command always updates selector and always succeeds. table 9-52.?input parameters name size notes opcode updateextra 1 0x20 param1 mode 1 bits 7C2: must be zero. bit 1: 0 = update config byte 84 or 85. 1 = ignore bit 0, and decrement the limited use counter associated with the key in slot newvalue bit 0: 0 = update config byte 84. 1 = update config byte 85. param2 newvalue 2 lsb: value to optionally be written to location 84 or 85 in configuration zone. msb: must be 0x00 . data 0 table 9-53.?output parameter name size notes success 1 if the memory byte was updated, this command returns a value of 0x00 ; otherwise, it returns an execution error. 9.20 verify command the verify command takes an ecdsa signature and verifies that it is correctly generated from a given message and public key. in all cases, the signature is an input to the command. the verify command can operate in four different modes: ATECC508A security commands ? 2017 microchip technology inc. datasheet complete ds20005927a-page 87
1. external mode the public key to be used is an input to the command. prior to this command being run, the message should be written to tempkey using the nonce command. in this mode the device merely accelerates the public key computation and returns a boolean result. 2. stored mode the public key to be used is found in the keyid eeprom slot. the message should have been previously stored in tempkey. if the following configuration checks for the public key at keyid succeed, the public key verification computation is performed and a boolean result is returned to the system; otherwise, the command returns an execution error. C if keyconfig.pubinfo is one, then the key must have been previously validated using the verify command. C if keyconfig.reqauth is set, then a previous key authorization must have been performed with either the verify or checkkey commands based on the key in keyconfig.authkey. C if keyconfig.keytype indicates an ecc curve not supported by the device or indicates not an ecc key, then this command will fail. C this mode is used to set the key authorization information when the keyconfig.authkey field within some other slot points to keyid. if the verification succeeds, then an internal authvalid flag will be set and keyid internally retained in authkeyid. see section authorized keys . C data1 and data2 must be 32 bytes, and data3 & data4 should be zero length. 3. validate and invalidate modes the validate and invalidate modes are used to validate or invalidate the public key stored in the eeprom at keyid. the signature is input to the device and a partial message should be in tempkey. the verifying public key is found at slotconfig.readkey, and the ecdsa verify message is composed of keyid and tempkey, formatted as noted below. only keyids 8 C 15 can be validated; therefore, this command will return an error if keyid is 0 C 7. C if the ecc verification passes, then the most significant four bits of the first byte of block 0 of the public key at keyid will be set to 0x5 for validate and 0xa for invalidate. see section ecc key formatting . C key (in)validation takes place regardless of the state of the lockvalue byte and/or the slotlocked bit corresponding to this slot. C if the x509format byte corresponding to the specified key is non-zero, then the verify command will return an error. key invalidation works in conjunction with writeconfig(bit 12) as shown in section write permissions to control update of public keys by limiting the options for a fraudulent write leading to a denial of service. key invalidation is supported on the ATECC508A only. otherdata<17>.bit0 represents the validity of the key being acted on. it must be a 0 (invalid) to permit the validation operation, or a 1 (valid) to permit the invalidation operation. if otherdata<17>.bit0 does not match mode<2> in validate/invalidate modes, then this command will return an error. data1 and data2 sizes are the same as stored mode. 4. validateexternal mode the validateexternal mode is used to validate the public key stored in the eeprom at keyid when x.509 format certificates are to be used. the digest of the message must be tempkey. tempkey must have been generated using the sha(public) command, and the key for that computation must be the same as keyid. the verifying public key is found at slotconfig.readkey, and the ATECC508A security commands ? 2017 microchip technology inc. datasheet complete ds20005927a-page 88
ecdsa verify message is composed of keyid and tempkey, formatted as below. only keyids 8 to 15 can be validated, so this command will return an error if keyid is 0 C 7. C if the ecc verification passes, then the most significant four bits of the first byte of block 0 of the public key at keyid will be set to 0x5 . see section created ecc keys . C key validation takes place regardless of the state of the lockvalue byte and/or the slotlocked bit corresponding to this slot. C if the x509format is zero, then the verify command will return an error. C data1 and data2 sizes must be 32 bytes each. data3 and data4 should both be zero length. table 9-54.?input parameters name size notes opcode verify 1 0x45 param1 mode 1 bits 7-3: must be zero. bits 2-0: 000 = stored mode. 001 = validateexternal mode. 010 = external mode. 011 = validate mode. 111 = invalidate mode. 100-110 = do not use param2 keyid 2 if mode<2:0> is stored mode, keyid contains the number of the slot containing the public key to be used for the verification. keyconfig.keytype determines the curve to be used. if mode<2:0> is validateexternal mode, keyid contains the number of the slot containing the public key to be validated which must have been specified by a previous sha(public) command. the parent key to be used to perform the validation is stored in slotconfig.readkey and keyconfig.keytype determines the curve to be used. if mode<2:0> is external mode, keyid contains the curve type to be used to verify the signature. the value in this field is encoded identically to the keytype field in the keyconfig words within the configuration zone. if mode<2:0> is validate or invalidate mode, keyid contains the number of the slot containing the public key to be (in)validated. the parent key to be used to perform the (in)validation is stored in slotconfig.readkey. slotconfig.keytype determines the curve to be used. data1 r 32 the r component of the ecdsa signature to be verified. data2 s 32 the s component of the ecdsa signature to be verified. data3 x 0 or 32 the x component of the public key to be used for verification if mode<2:0> is external. data4 y 0 or 32 the y component of the public key to be used for verification if mode<2:0> is external. data5 otherdata 0 or 19 if validate mode, the bytes used to generate the message for the validation. x and y should be zero length in this mode and this parameter comes immediately after s in the input parameter stream. should be zero length for all other modes. ATECC508A security commands ? 2017 microchip technology inc. datasheet complete ds20005927a-page 89
table 9-55.?output parameter name size notes response 1 returns a value of zero if the signature of the message can be verified using the public key. returns a value of one if the signature does not match, or another error code if there is some form of parsing or execution error. the message to be used for the ecdsa verify operation depends on the mode as follows: ? stored, external, and validateexternal modes the contents of tempkey should contain the sha-256 digest of the message. ? validate or invalidate mode the contents of tempkey should contain a digest of the publickey at keyid. it must have been generated using the genkey command over the keyid slot. the device then generates a message based on the same format as the sign(internal) command, except that the parameter and state bytes are copied from the input parameter otherdata. the message is formatted as follows: 32 bytes tempkey (must have been generated by genkey) 1 byte sign opcode 10 bytes otherdata<0:9> 1 byte sn<8> 4 bytes otherdata<10:13> 2 bytes sn<0:1> 5 bytes otherdata<14:18> this message is hashed using sha-256 and used as the message input to the ecc verify operation. 9.21 write command the write command writes either one four byte word or an 8-word block of 32 bytes to one of the eeprom zones on the device. depending upon the value of the writeconfig byte for this slot, the data may be required to be encrypted by the system prior to being sent to the device. this command cannot be used to write slots configured as ecc private keys (see section privwrite command ). the following restrictions apply to writes within zones using this command: ? configuration zone : if the configuration zone is locked or zone<6> is set, then this command returns an error; otherwise the bytes are written as requested. any attempt to write any byte for which writes are permanently prohibited (see section eeprom configuration zone ) results in a command error with no modifications to the eeprom. ? otp zone : if the otp zone is unlocked, then all bytes can be written with this command. if the otp zone is locked and the otpmode byte in the configuration zone is read-only, then this command returns an error; otherwise, otp mode should be consumption and this command sets to zero those bits in the otp zone that correspond to the zero bits in the input parameter value. when the data and otp zones are locked, encrypted writes to the otp zone are never permitted regardless of otpmode. ? data zone : if the data zone is unlocked, then all bytes in all zones can be written with either plain text or encrypted data. after the data zone is locked, the values within the slotconfig.writeconfig bytes control access to the data slots. if the writeconfig bits for this slot are set to always, then the ATECC508A security commands ? 2017 microchip technology inc. datasheet complete ds20005927a-page 90
input data should be passed to the device in the clear. if slotconfig<14> is set to one, then the input data should be encrypted and an input mac calculated. if the slot is individually locked using slotlocked, then this command always returns an error. four byte writes are only permitted in the data zone if all of the following conditions are met: ? slotconfig.issecret must be zero. ? slotconfig.writeconfig must be always. ? the input data must not be encrypted, i.e. zone<6> must be zero. ? the data/otp zones must be locked. four byte writes are only permitted in the otp zone if all of the following conditions are met: ? otpmode must be consumption. ? the input data must not be encrypted, i.e. zone<6> must be zero. ? the data/otp zones must be locked. the two input address bytes are formed in a manner to achieve compatibility with the atsha204a (see section address encoding ). the least significant three bits, address<2:0>, indicate the word within the block, or they are ignored if an entire 32 byte block is being written. address<6:3> contains the slot number for writes to the data zone, or the block number for the configuration and otp zones. for the data zones, address<9:8> is used to indicate the block within the slot. address values beyond the size of the specified zone result in the command returning an error. for slots 8 to 15, if keyconfig.pubinfo indicates that the slot contains an ecc public key which can be validated, then the key will be invalidated by writing 0xa to the most significant four bits of byte zero of block 0 of the slot when any block within the slot is written. if keyconfig.pubinfo is zero, then the most significant four bits of byte zero of block 0 of the slot are written with the data from the input parameter. if keyconfig.pubinfo is one and the ecc public key has been validated, then writes will fail if writeconfig is set to 0001 (pubinvalid). use verify(invalidate) to invalidate the public key prior to writing. any attempt to write the otp and/or data zones prior to the configuration zone being locked results in the device returning an error code. when writing to the data zone, if the corresponding slotlocked bit is zero, then this command returns an error regardless of whether or not the otp/data zones have been locked. 9.21.1 input data encryption the input data may be encrypted to prevent snooping on the bus during personalization or system operation. the system should encrypt the data by xoring the plain text with the current value in tempkey. upon receipt, the device will xor the input data with tempkey to restore the plain text prior to writing to the eeprom. whenever the data is encrypted, an authorizing input mac is always required. this mac is computed as follows: sha-256(tempkey, opcode, param1, param2, sn<8>, sn<0:1>, <25 bytes of zeros>, plaintextdata) prior to locking of the otp/data zones, zone<6> is used to indicate to the device whether or not the input data is encrypted. after locking of the otp/data zones, zone<6> is ignored and only bit 14 of the slotconfig corresponding to the slot being written is used to determine whether or not the input data is encrypted. if data encryption is indicated, tempkey must be valid prior to this command being called, and it must be the result of gendig . specifically, this means that tempkey.valid and tempkey.gendigdata must both be set to one. the last slot used by gendig for tempkey creation and stored in tempkey.keyid must ATECC508A security commands ? 2017 microchip technology inc. datasheet complete ds20005927a-page 91
match that in slotconfig.writekey. prior to data locking, any key can be used to generate tempkey and the gendigdata bit is ignored. the keyconfig.reqrandom, keyconfig.reqauth and keyconfig.authkey are ignored by this command because they will have been checked by the gendig command for the parent encrypting key. when performing an encrypted write to a partial block at the end of slots 0 through 7 and 9 through 15, all 32 bytes of input must be sent to the device, with the unused bits being used only as part of the mac calculation. their value will not affect the final contents of the eeprom. table 9-56.?input parameters name size notes opcode write 1 0x12 param1 zone 1 bit 7: 0 = 4 bytes will be written. 1 = 32 bytes will be written. bit 6: 0 = the input data is in the clear. 1 = the input data has been encrypted. this bit is ignored after the data zone is locked. bits 5C2: must be zero. bits 1C0: select among config, otp or data. see section zone encoding . param2 address 2 address of first word to be written within the zone. see section address encoding . data_1 value 4 or 32 information to be written to the zone. may be encrypted. data_2 mac 0 or 32 message authentication code to validate address and data. table 9-57.?output parameter name size notes success 1 upon successful completion, ATECC508A returns a value of zero. ATECC508A security commands ? 2017 microchip technology inc. datasheet complete ds20005927a-page 92
10. compatibility 10.1 microchip atsha204a ATECC508A is fully compatible with the atsha204 and atsha204a devices. if properly configured, it can be used in all situations where the atsha204 or atsha204a is currently employed. because the configuration zone is larger, the personalization procedures for the device must be updated when personalizing the atsha204 or atsha204a. for proper compatibility, care should be taken with the keytype, reqrandom, and reqauth slots containing keys that are used with atsha204 or atsha204a sequences. 10.2 microchip atecc108a ATECC508A is designed to be fully compatible with the atecc108 and atecc108a devices. if properly configured, it can be used in all situations where atecc108 is currently employed. in many situations, the ATECC508A can also be used in an atecc108 application without change. the new revisions provide significant advantages as outlined below: ? additional features in ATECC508A vs. atecc108a C ecdh command C high endurance monotonic counters C public key invalidation via certificate ? minor changes C the gendig command verifies that a random nonce is used when generating transport keys C the info command devrev mode now returns 0x1005 for atecc108a and 0x5000 for ATECC508A. this value should not be used in the software as it will vary with each minor revision. ATECC508A compatibility ? 2017 microchip technology inc. datasheet complete ds20005927a-page 93
11. mechanical 11.1 wiring configuration for single-wire interface using the single-wire interface allows the connection of ATECC508A to a host using only a single pin (sda) to transfer data in both directions. this interface does not use the scl pin, which should be tied to ground. to prevent forward biasing the internal diode and drawing current across power planes in the system, the resistor pull-up on the sda pin should either be connected to the same supply that is connected to the v cc pin or to a lower voltage rail. if the signal levels for sda are different than the v cc voltage, consult the parametric specifications section of this document to ensure that the signal levels are such that excessive leakage current will be minimized when in sleep modes. this situation might occur if the ATECC508A device is physically distant from the bus master device and the supply voltage for the bus master is different than the supply voltage for ATECC508A. figure 11-1.?3-wire configuration for single-wire interface ATECC508A mechanical ? 2017 microchip technology inc. datasheet complete ds20005927a-page 94
12. package marking information as part of microchips overall security features, the part mark for all crypto devices is intentionally vague. the marking on the top of the package does not provide any information as to the actual device type or the manufacturer of the device. the alphanumeric code on the package provides manufacturing information and will vary with the assembly lot. the packaging mark should not be used as part of any incoming inspection procedure. ATECC508A package marking information ? 2017 microchip technology inc. datasheet complete ds20005927a-page 95
13. package drawings 13.1 8-lead soic 0.25 c aCb d c seating plane top view side view view aCa 0.10 c 0.10 c microchip technology drawing no. c04-057-atmel rev d sheet 1 of 2 8x for the most current package drawings, please see the microchip packaging specification located at http://www.microchip.com/packaging note: 8-lead plastic small outline - narrow, 3.90 mm (.150 in.) body [soic] atmel legacy ? 2017 microchip technology inc. r 1 2 n h h a1 a2 a a b e d e e 2 e1 2 e1 note 5 note 5 nx b 0.10 c aCb 2x h 0.23 (l1) l r0.13 r0.13 view c see view c note 1 d ATECC508A package drawings ? 2017 microchip technology inc. datasheet complete ds20005927a-page 96
microchip technology drawing no. c04-057-oa rev d sheet 2 of 2 for the most current package drawings, please see the microchip packaging specification located at http://www.microchip.com/packaging note: ? 2017 microchip technology inc. r foot angle 0 - 8 15-5 mold draft angle bottom 15-5 mold draft angle top 0.51-0.31 b lead width 0.25-0.17 c lead thickness 1.27-0.40lfoot length 0.50-0.25hchamfer (optional) 4.90 bscdoverall length 3.90 bsce1molded package width 6.00 bsceoverall width 0.25-0.10 a1 standoff --1.25a2molded package thickness 1.75--aoverall height 1.27 bsc e pitch 8nnumber of pins maxnommindimension limits millimetersunits protrusions shall not exceed 0.15mm per side. 3. dimensions d and e1 do not include mold flash or protrusions. mold flash or ref: reference dimension, usually without tolerance, for information purposes only. bsc: basic dimension. theoretically exact value shown without tolerances. 1. pi n 1 visual index feature may vary, but must be located within the hatched area. 2. significant characteristic 4. dimensioning and tolerancing per asme y14.5m notes: footprint l1 1.04 ref 5. datums a & b to be determined at datum h. 8-lead plastic small outline - narrow, 3.90 mm (.150 in.) body [soic] atmel legacy ATECC508A package drawings ? 2017 microchip technology inc. datasheet complete ds20005927a-page 97
recommended land pattern microchip technology drawing c04-2057-m6b rev b 8-lead plastic small outline - narrow, 3.90 mm (.150 in.) body [soic] bsc: basic dimension. theoretically exact value shown without tolerances. notes: dimensioning and tolerancing per asme y14.5m1. for the most current package drawings, please see the microchip packaging specification located at http://www.microchip.com/packaging note: ? 2017 microchip technology inc. r dimension limits units ccontact pad spacing contact pitch millimeters 1.27 bsc min e max 5.40 contact pad length (x8) contact pad width (x8) y1 x1 1.55 0.60 nom e x1 c y1 silk screen atmel legacy ATECC508A package drawings ? 2017 microchip technology inc. datasheet complete ds20005927a-page 98
13.2 8-pad udfn b a 0.10 c 0.10 c (datum b) (datum a) c seating plane 1 2 n 2x top view side view note 1 1 2 n 0.10 c a b 0.10 c a b 0.10 c 0.08 c microchip technology drawing c04-21355-q4b rev a sheet 1 of 2 2x 8x for the most current package drawings, please see the microchip packaging specification located at http://www.microchip.com/packaging note: 8-lead ultra thin plastic dual flat, no lead package (q4b) - 2x3 mm body [udfn] atmel legacy ynz package ? 2017 microchip technology inc. d e d2 e2 k l 8x b e e 2 0.10 c a b 0.05 c a (a3) a1 bottom view ATECC508A package drawings ? 2017 microchip technology inc. datasheet complete ds20005927a-page 99
ref: reference dimension, usually without tolerance, for information purposes only. bsc: basic dimension. theoretically exact value shown without tolerances. 1. 2. 3. notes : pin 1 visual index feature may vary, but must be located within the hatched area. package is saw singulated dimensioning and tolerancing per asme y14.5m for the most current package drawings, please see the microchip packaging specification located at http://www.microchip.com/packaging note: ? 2017 microchip technology inc. number of terminals overall height terminal width overall width terminal length exposed pad width terminal thickness pitch standoff units dimension limits a1 a b e2 a3 e l e n 0.50 bsc 0.152 ref 1.20 0.35 0.18 0.50 0.00 0.25 0.40 1.30 0.55 0.02 3.00 bsc millimeters min nom 8 1.40 0.45 0.30 0.60 0.05 max k -0.20 - terminal-to-exposed-pad overall length exposed pad length d d2 1.40 2.00 bsc 1.50 1.60 microchip technology drawing c04-21355-q4b rev a sheet 2 of 2 8-lead ultra thin plastic dual flat, no lead package (q4b) - 2x3 mm body [udfn] atmel legacy ynz package ATECC508A package drawings ? 2017 microchip technology inc. datasheet complete ds20005927a-page 100
recommended land pattern dimension limits units optional center pad width optional center pad length contact pitch y2 x2 1.40 1.60 millimeters 0.50 bsc min e max contact pad length (x8) contact pad width (x8) y1 x1 0.85 0.30 nom 1 2 8 ccontact pad spacing 2.90 contact pad to center pad (x8) g1 0.20 thermal via diameter v thermal via pitch ev 0.30 1.00 bsc: basic dimension. theoretically exact value shown without tolerances. notes: dimensioning and tolerancing per asme y14.5m for best soldering results, thermal vias, if used, should be filled or tented to avoid solder loss during reflow process 1. 2. for the most current package drawings, please see the microchip packaging specification located at http://www.microchip.com/packaging note: ? 2017 microchip technology inc. microchip technology drawing c04-21355-q4b rev a 8-lead ultra thin plastic dual flat, no lead package (q4b) - 2x3 mm body [udfn] atmel legacy ynz package x2 y2 y1 silk screen x1 e c ev g2 g1 ?v contact pad to contact pad (x6) g2 0.33 ATECC508A package drawings ? 2017 microchip technology inc. datasheet complete ds20005927a-page 101
13.3 3-lead contact b a 0.10 c 0.10 c 0.10 c a b (datum b) (datum a) c seating plane note 1 2x top view side view bottom view 0.10 c 0.08 c microchip technology drawing c04-21303 rev a sheet 1 of 2 2x 3x for the most current package drawings, please see the microchip packaging specification located at http://www.microchip.com/packaging note: 3-lead contact package (lab) - 6.54x2.5 mm body [contact] atmel legacy global package code rhb ? 2017 microchip technology inc. d e note 1 e 3x b 3x l (k) (k) a a1 1 2 3 g f ATECC508A package drawings ? 2017 microchip technology inc. datasheet complete ds20005927a-page 102
for the most current package drawings, please see the microchip packaging specification located at http://www.microchip.com/packaging note: ? 2017 microchip technology inc. ref: reference dimension, usually without tolerance, for information purposes only. bsc: basic dimension. theoretically exact value shown without tolerances. notes : 1. 2. pin 1 visual index feature may vary, but must be located within the hatched area. dimensioning and tolerancing per asme y14.5m microchip technology drawing c04-21303 rev a sheet 2 of 2 3-lead contact package (lab) - 6.54x2.5 mm body [contact] atmel legacy global package code rhb number of terminals overall height terminal width overall width terminal length pitch standoff units dimension limits a1 a b e l e n 2.00 bsc 2.10 1.60 0.45 0.00 1.70 2.20 0.50 0.02 2.50 bsc millimeters min nom 3 2.30 1.80 0.55 0.05 max k 0.30 refterminal-to-terminal spacing overall length d 6.50 bsc f 0.400.30 0.50 package edge to terminal edge g 0.150.05 0.25 package edge to terminal edge ATECC508A package drawings ? 2017 microchip technology inc. datasheet complete ds20005927a-page 103
14. revision history revision a (december 2017) original release of the document this version replaces atmel document revision 8923fx from 03.08.2016 ATECC508A revision history ? 2017 microchip technology inc. datasheet complete ds20005927a-page 104
the microchip web site microchip provides online support via our web site at http://www.microchip.com/ . this web site is used as a means to make files and information easily available to customers. accessible by using your favorite internet browser, the web site contains the following information: ? product support C data sheets and errata, application notes and sample programs, design resources, users guides and hardware support documents, latest software releases and archived software ? general technical support C frequently asked questions (faq), technical support requests, online discussion groups, microchip consultant program member listing ? business of microchip C product selector and ordering guides, latest microchip press releases, listing of seminars and events, listings of microchip sales offices, distributors and factory representatives customer change notification service microchips customer notification service helps keep customers current on microchip products. subscribers will receive e-mail notification whenever there are changes, updates, revisions or errata related to a specified product family or development tool of interest. to register, access the microchip web site at http://www.microchip.com/ . under support, click on customer change notification and follow the registration instructions. customer support users of microchip products can receive assistance through several channels: ? distributor or representative ? local sales office ? field application engineer (fae) ? technical support customers should contact their distributor, representative or field application engineer (fae) for support. local sales offices are also available to help customers. a listing of sales offices and locations is included in the back of this document. technical support is available through the web site at: http://www.microchip.com/support ATECC508A ? 2017 microchip technology inc. datasheet complete ds20005927a-page 105
product identification system to order or obtain information, e.g., on pricing or delivery, refer to the factory or the listed sales office. device: ATECC508A: cryptographic co-processor with secure hardware- based key storage package options ssh = 8s1, 8-lead (0.150 wide body), plastic gull wing small outline (jedec soic) mah = 8ma2, 8-pad 2 x 3 x 0.6 mm body, thermally enhanced plastic ultra thin dual flat no- lead package (udfn) rbh = 3rb, 3-lead 2.5 x 6.5 mm body, 2.0 mm pitch, contact package (sawn). i/o type cz = single wire interface da = i 2 c interface tape and reel options b = tube t = large reel (size varies by package type) s = small reel (only available for mah) examples: ? ATECC508A-sshcz-t: single-wire, tape and reel, 4,000 per reel, 8-lead soic package ? ATECC508A-sshcz-b: single-wire, tube, 100 per tube, 8-lead soic package ? ATECC508A-sshda-t: i 2 c, tape and reel, 4,000 per reel, 8-lead soic package ? ATECC508A-sshda-b: i 2 c, tube, 100 per tube, 8-lead soic package ? ATECC508A-mahcz-t: single-wire, tape and reel, 15,000 per reel, 8-pad udfn package ? ATECC508A-mahda-t: i 2 c, tape and reel, 15,000 per reel, 8-pad udfn package ? ATECC508A-mahcz-s: single-wire, tape and reel, 3,000 per reel, 8-pad udfn package ? ATECC508A-mahda-s: i 2 c, tape and reel, 3,000 per reel, 8-pad udfn package ? ATECC508A-rbhcz-t: single-wire, tape and reel, 5,000 per reel, 3-lead contact package ? ATECC508A-rbhcz-b: single-wire, tube, 56 per tube, 3-lead contact package note:? 1. tape and reel identifier only appears in the catalog part number description. this identifier is used for ordering purposes and is not printed on the device package. check with your microchip sales office for package availability with the tape and reel option. ATECC508A ? 2017 microchip technology inc. datasheet complete ds20005927a-page 106
2. small form-factor packaging options may be available. please check http://www.microchip.com/ packaging for small-form factor package availability, or contact your local sales office. microchip devices code protection feature note the following details of the code protection feature on microchip devices: ? microchip products meet the specification contained in their particular microchip data sheet. ? microchip believes that its family of products is one of the most secure families of its kind on the market today, when used in the intended manner and under normal conditions. ? there are dishonest and possibly illegal methods used to breach the code protection feature. all of these methods, to our knowledge, require using the microchip products in a manner outside the operating specifications contained in microchips data sheets. most likely, the person doing so is engaged in theft of intellectual property. ? microchip is willing to work with the customer who is concerned about the integrity of their code. ? neither microchip nor any other semiconductor manufacturer can guarantee the security of their code. code protection does not mean that we are guaranteeing the product as unbreakable. code protection is constantly evolving. we at microchip are committed to continuously improving the code protection features of our products. attempts to break microchips code protection feature may be a violation of the digital millennium copyright act. if such acts allow unauthorized access to your software or other copyrighted work, you may have a right to sue for relief under that act. legal notice information contained in this publication regarding device applications and the like is provided only for your convenience and may be superseded by updates. it is your responsibility to ensure that your application meets with your specifications. microchip makes no representations or warranties of any kind whether express or implied, written or oral, statutory or otherwise, related to the information, including but not limited to its condition, quality, performance, merchantability or fitness for purpose. microchip disclaims all liability arising from this information and its use. use of microchip devices in life support and/or safety applications is entirely at the buyers risk, and the buyer agrees to defend, indemnify and hold harmless microchip from any and all damages, claims, suits, or expenses resulting from such use. no licenses are conveyed, implicitly or otherwise, under any microchip intellectual property rights unless otherwise stated. trademarks the microchip name and logo, the microchip logo, anyrate, avr, avr logo, avr freaks, beaconthings, bitcloud, cryptomemory, cryptorf, dspic, flashflex, flexpwr, heldo, jukeblox, keeloq, keeloq logo, kleer, lancheck, link md, maxstylus, maxtouch, medialb, megaavr, most, most logo, mplab, optolyzer, pic, picopower, picstart, pic32 logo, prochip designer, qtouch, righttouch, sam-ba, spynic, sst, sst logo, superflash, tinyavr, uni/o, and xmega are registered trademarks of microchip technology incorporated in the u.s.a. and other countries. clockworks, the embedded control solutions company, ethersynch, hyper speed control, hyperlight load, intellimos, mtouch, precision edge, and quiet-wire are registered trademarks of microchip technology incorporated in the u.s.a. ATECC508A ? 2017 microchip technology inc. datasheet complete ds20005927a-page 107
adjacent key suppression, aks, analog-for-the-digital age, any capacitor, anyin, anyout, bodycom, chipkit, chipkit logo, codeguard, cryptoauthentication, cryptocompanion, cryptocontroller, dspicdem, dspicdem.net, dynamic average matching, dam, ecan, ethergreen, in-circuit serial programming, icsp, inter-chip connectivity, jitterblocker, kleernet, kleernet logo, mindi, miwi, motorbench, mpasm, mpf, mplab certified logo, mplib, mplink, multitrak, netdetach, omniscient code generation, picdem, picdem.net, pickit, pictail, puresilicon, qmatrix, righttouch logo, real ice, ripple blocker, sam-ice, serial quad i/o, smart-i.s., sqi, superswitcher, superswitcher ii, total endurance, tsharc, usbcheck, varisense, viewspan, wiperlock, wireless dna, and zena are trademarks of microchip technology incorporated in the u.s.a. and other countries. sqtp is a service mark of microchip technology incorporated in the u.s.a. silicon storage technology is a registered trademark of microchip technology inc. in other countries. gestic is a registered trademark of microchip technology germany ii gmbh & co. kg, a subsidiary of microchip technology inc., in other countries. all other trademarks mentioned herein are property of their respective companies. ? 2017, microchip technology incorporated, printed in the u.s.a., all rights reserved. isbn: 978-1-5224-2484-0 quality management system certified by dnv iso/ts 16949 microchip received iso/ts-16949:2009 certification for its worldwide headquarters, design and wafer fabrication facilities in chandler and tempe, arizona; gresham, oregon and design centers in california and india. the companys quality system processes and procedures are for its pic ? mcus and dspic ? dscs, keeloq ? code hopping devices, serial eeproms, microperipherals, nonvolatile memory and analog products. in addition, microchips quality system for the design and manufacture of development systems is iso 9001:2000 certified. ATECC508A ? 2017 microchip technology inc. datasheet complete ds20005927a-page 108
americas asia/pacific asia/pacific europe corporate office 2355 west chandler blvd. chandler, az 85224-6199 tel: 480-792-7200 fax: 480-792-7277 technical support: http://www.microchip.com/ support web address: www.microchip.com atlanta duluth, ga tel: 678-957-9614 fax: 678-957-1455 austin, tx tel: 512-257-3370 boston westborough, ma tel: 774-760-0087 fax: 774-760-0088 chicago itasca, il tel: 630-285-0071 fax: 630-285-0075 dallas addison, tx tel: 972-818-7423 fax: 972-818-2924 detroit novi, mi tel: 248-848-4000 houston, tx tel: 281-894-5983 indianapolis noblesville, in tel: 317-773-8323 fax: 317-773-5453 tel: 317-536-2380 los angeles mission viejo, ca tel: 949-462-9523 fax: 949-462-9608 tel: 951-273-7800 raleigh, nc tel: 919-844-7510 new york, ny tel: 631-435-6000 san jose, ca tel: 408-735-9110 tel: 408-436-4270 canada - toronto tel: 905-695-1980 fax: 905-695-2078 australia - sydney tel: 61-2-9868-6733 china - beijing tel: 86-10-8569-7000 china - chengdu tel: 86-28-8665-5511 china - chongqing tel: 86-23-8980-9588 china - dongguan tel: 86-769-8702-9880 china - guangzhou tel: 86-20-8755-8029 china - hangzhou tel: 86-571-8792-8115 china - hong kong sar tel: 852-2943-5100 china - nanjing tel: 86-25-8473-2460 china - qingdao tel: 86-532-8502-7355 china - shanghai tel: 86-21-3326-8000 china - shenyang tel: 86-24-2334-2829 china - shenzhen tel: 86-755-8864-2200 china - suzhou tel: 86-186-6233-1526 china - wuhan tel: 86-27-5980-5300 china - xian tel: 86-29-8833-7252 china - xiamen tel: 86-592-2388138 china - zhuhai tel: 86-756-3210040 india - bangalore tel: 91-80-3090-4444 india - new delhi tel: 91-11-4160-8631 india - pune tel: 91-20-4121-0141 japan - osaka tel: 81-6-6152-7160 japan - tokyo tel: 81-3-6880- 3770 korea - daegu tel: 82-53-744-4301 korea - seoul tel: 82-2-554-7200 malaysia - kuala lumpur tel: 60-3-7651-7906 malaysia - penang tel: 60-4-227-8870 philippines - manila tel: 63-2-634-9065 singapore tel: 65-6334-8870 taiwan - hsin chu tel: 886-3-577-8366 taiwan - kaohsiung tel: 886-7-213-7830 taiwan - taipei tel: 886-2-2508-8600 thailand - bangkok tel: 66-2-694-1351 vietnam - ho chi minh tel: 84-28-5448-2100 austria - wels tel: 43-7242-2244-39 fax: 43-7242-2244-393 denmark - copenhagen tel: 45-4450-2828 fax: 45-4485-2829 finland - espoo tel: 358-9-4520-820 france - paris tel: 33-1-69-53-63-20 fax: 33-1-69-30-90-79 germany - garching tel: 49-8931-9700 germany - haan tel: 49-2129-3766400 germany - heilbronn tel: 49-7131-67-3636 germany - karlsruhe tel: 49-721-625370 germany - munich tel: 49-89-627-144-0 fax: 49-89-627-144-44 germany - rosenheim tel: 49-8031-354-560 israel - raanana tel: 972-9-744-7705 italy - milan tel: 39-0331-742611 fax: 39-0331-466781 italy - padova tel: 39-049-7625286 netherlands - drunen tel: 31-416-690399 fax: 31-416-690340 norway - trondheim tel: 47-7289-7561 poland - warsaw tel: 48-22-3325737 romania - bucharest tel: 40-21-407-87-50 spain - madrid tel: 34-91-708-08-90 fax: 34-91-708-08-91 sweden - gothenberg tel: 46-31-704-60-40 sweden - stockholm tel: 46-8-5090-4654 uk - wokingham tel: 44-118-921-5800 fax: 44-118-921-5820 worldwide sales and service ? 2017 microchip technology inc. datasheet complete ds20005927a-page 109

▲Up To Search▲

Price & Availability of ATECC508A

	To Download ATECC508A Datasheet File
If you can't view the Datasheet, Please click here to try to view without PDF Reader .