ATSHA204 [DATASHEET]
Atmel-8740H-CryptoAuth-ATSHA204-Datasheet_072014
76
In practice, this procedure permits SingleUse keys to be used eight times between “refreshes” using the DeriveKey
command. If power is lost during the execution of any command referencing a key that has this feature enabled, one of
the use bits in UseFlag may still be cleared even though the command did not complete. For this reason, Atmel
recommends that the key be used a single time only, with the other bits providing a safety margin for errors.
Under normal circumstances, all eight UseFlag bytes should be initialized to 0xFF. If it is the intention to permit fewer
than eight uses of a particular key, these bytes should be initialized to 0x7F (seven uses), 0x3F (six uses), 0x1F (five
uses), 0x0F (four uses), 0x07 (three uses), 0x03 (two uses), or 0x01 (one use). Initialization to any other value besides
these values or 0xFF is prohibited.
The Read, Write, and DeriveKey commands operate slightly differently:
Read and Write
These commands ignore the state of the SingleUse bit and the UseFlag byte does not change as a result of their
execution. SingleUse slots in which the UseFlag is exhausted (value of 0x00) can still be read or written (subject to
the appropriate SlotConfig limitations) although the value in the slot cannot ever be used as a key for cryptographic
commands.
If SlotConfig.WriteKey for slot X points back to X, but UseFlag[X] is exhausted, encrypted writes to the slot will
never succeed because the prior GenDig command will have returned an error due to the usage limitation. A
similar situation occurs with reads and ReadKey. Slots used as keys should never have IsSecret set to zero or
WriteConfig set to always.
DeriveKey
If the parent key is used for either authentication or as the source, then if SingleUse (for the parent) is set and
UseFlag (also for the parent) is 0x00, the DeriveKey command returns an error. The SingleUse and UseFlag bits
are ignored for the target key. When successfully executed, DeriveKey always resets the UseFlag to 0xFF for the
target key — this is the only mechanism to reset the UseFlag bits.
Use of the DeriveKey command is optional. It is legal to be run only if WriteConfig: 13 is set for this slot. In some
situations, it may be advantageous to simply have a key that can be used eight times, in which case the other
crypto commands will clear the bits in UseFlag one at a time until all are cleared, and at which time the key is
disabled.
14.3.5 Limited-use Key
If Slot[15].SingleUse is set, usage of key number 15 is limited through a different mechanism than the single-use
limitation described above, which applies only to slots 0 – 7.
Prior to any use of key 15 by a cryptographic command, the following takes place:
If all bytes in LastKeyUse are 0x00, return error.
Starting at bit 7 of the first byte of LastKeyUse (byte 68 in config zone), clear to zero the first bit that is currently an
one. If byte 68 is 0x00, check bit seven of byte 69, and so on up through byte 83. Only a single bit is cleared each
time prior to using key 15.
There is no reset mechanism for this limitation — after 128 uses (or the number of one bits set in LastKeyUse on
personalization), key 15 is permanently disabled. This capability is not susceptible to power interruptions. Even if the
power is interrupted during execution of the command, only a single bit in LastKeyUse will be unknown; all other bits in
LastKeyUse will be unchanged and the key will remain unchanged.
If fewer than 128 uses are desired for key 15, then some of the bytes within this array should not be initialized to 0xFF. As
with UseFlag, the only legal values for bytes within this field (besides 0xFF) are 0x7F, 0x3F, 0x1F, 0x0F, 0x07, 0x03,
0x01, or 0x00. The total number of bits set to one indicates the number of uses.
Example: How to set 16 uses is as follows:
0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00.
The SingleUse bit is ignored by the Read and Write commands, and lastKeyUse does not change as a result of their
execution. The SingleUse bit is ignored by the copy function of the CheckMac command. The SingleUse bit is honored
for the parent key in the DeriveKey command, but is ignored for the target key.