DALLAS DS2432P

Preliminary
DS2432
1k-Bit Protected 1-Wire™
EEPROM with SHA-1 Engine
www.dalsemi.com
FEATURES
PIN ASSIGNMENT
1128 bits of 5V EEPROM memory partitioned into four pages of 256 bits, a 64-bit
write-only secret and up to 5 general purpose
read/write registers
On-chip 512-bit SHA-1 engine to compute
160-bit Message Authentication Codes
(MAC) and to generate secrets
Write access requires knowledge of the secret
and the capability of computing and transmitting a 160-bit MAC as authorization
Secret and data memory can be write-protected (all or page 0 only) or put in EPROMemulation mode (“write to 0”, page 1)
Unique, factory-lasered and tested 64-bit registration number assures absolute traceability
because no two parts are alike
Built-in multidrop controller ensures compatibility with other 1-Wire net products
Reduces control, address, data and power to a
single data pin
Directly connects to a single port pin of a microprocessor and communicates at up to 16.3k
bits per second
Overdrive mode boosts communication speed
to 142k bits per second
Low cost 6-lead TSOC surface mount package, or solder-bumped Flipchip package
Reads and writes over a wide voltage range of
2.8V to 5.25V from -40°C to +85°C
TSOC (150mil)
1
2
3
GND
1-WIRE
NC
6
5
4
NC
NC
NC
top view
top view
side view
See www.dalsemi.com for mechanical
specifications of packages.
ORDERING INFORMATION
DS2432P
DS2432P/T&R
DS2432X
6-lead TSOC package
Tape & Reel DS2432P
Flipchip package, tape & reel
DESCRIPTION
The DS2432 combines 1024 bits of EEPROM, a 64-bit secret, an 8-byte register/control page with up to 5
user read/write bytes, a 512-bit SHA-1 engine and a fully-featured 1-Wire interface in a single chip. Each
DS2432 has its own 64-bit ROM registration number that is factory lasered into the chip to provide a
guaranteed unique identity for absolute traceability. Data is transferred serially via the 1-Wire protocol,
which requires only a single data lead and a ground return. The DS2432 has an additional memory area
called the scratchpad that acts as a buffer when writing to the main memory, the register page or when
installing a new secret. Data is first written to the scratchpad from where it can be read back. After the
data has been verified, a copy scratchpad command will transfer the data to its final memory location,
provided that the DS2432 receives a matching 160-Bit MAC. The computation of the MAC involves the
secret and additional data stored in the DS2432 including the device’s registration number. Only a new
secret can be loaded without providing a MAC. The SHA-1 engine can also be activated to compute
1 of 30
040201
PRELIMINARY
DS2432
160-bit message authentication codes (MAC) when reading a memory page or to compute a new secret,
instead of loading it. Applications of the DS2432 include intellectual property security, after-market
management of consumables, and taper proof data carriers.
OVERVIEW
The block diagram in Figure 1 shows the relationships between the major control and memory sections of
the DS2432. The DS2432 has five main data components: 1) 64-bit lasered ROM, 2) 64-bit scratchpad, 3)
four 32-byte pages of EEPROM, 4) 64-bit register page, 5) 64-bit Secrets Memory, and 6) a 512-bit
SHA-1 Engine (SHA = Secure Hash Algorithm). The hierarchical structure of the 1-Wire protocol is
shown in Figure 2. The bus master must first provide one of the seven ROM Function Commands, 1)
Read ROM, 2) Match ROM, 3) Search ROM, 4) Skip ROM, 5) Resume Communication, 6) OverdriveSkip ROM or 7) Overdrive-Match ROM. Upon completion of an Overdrive ROM command byte
executed at standard speed, the device will enter Overdrive mode where all subsequent communication
occurs at a higher speed. The protocol required for these ROM function commands is described in Figure
9. After a ROM function command is successfully executed, the memory functions become accessible
and the master may provide any one of the seven memory function commands. The protocol for these
memory function commands is described in Figure 7. All data is read and written least significant bit first.
DS2432 BLOCK DIAGRAM Figure 1
PARASITE POWER
1-Wire net
1-Wire
Function Control
Memory and
SHA Function
Control Unit
64-bit
Lasered ROM
512-bit
Secure Hash
Algorithm
Engine
CRC16
Generator
64-bit
Scratchpad
Data Memory
4 Pages of
256 bits each
Register Page
64 bits
Secrets Memory
64 bits
2 of 30
PRELIMINARY
DS2432
64-BIT LASERED ROM
Each DS2432 contains a unique ROM code that is 64 bits long. The first eight bits are a 1-Wire family
code. The next 48 bits are a unique serial number. The last eight bits are a CRC of the first 56 bits. (See
Figure 3). The 1-Wire CRC is generated using a polynomial generator consisting of a shift register and
XOR gates as shown in Figure 4. The polynomial is X8 + X5 + X4 + 1. Additional information about the
Dallas 1-Wire Cyclic Redundancy Check is available in the Book of DS19xx iButton Standards from
Dallas Semiconductor. The shift register bits are initialized to zero. Then starting with the least significant
bit of the family code, one bit at a time is shifted in. After the 8th bit of the family code has been entered,
then the serial number is entered. After the 48th bit of the serial number has been entered, the shift register
contains the CRC value. Shifting in the eight bits of CRC should return the shift register to all zeros.
HIERARCHCAL STRUCTURE FOR 1-WIRE PROTOCOL Figure 2
1-Wire net
BUS
Master
Other
Devices
DS2432
Command
Level:
1-Wire ROM Function
Commands (see Figure 9)
DS2432-specific
Memory Function
Commands (see Figure 7)
Available
Commands:
Data Field
Affected:
Read ROM
Match ROM
Search ROM
Skip ROM
Resume
Overdrive Skip
Overdrive Match
64-bit Reg. #, RC-Flag
64-bit Reg. #, RC-Flag
64-bit Reg. #, RC-Flag
RC-Flag
RC-Flag
64-bit Reg. #, RC-Flag, OD-Flag
64-bit Reg. #, RC-Flag, OD-Flag
Write Scratchpad
Read Scratchpad
Load First Secret
Compute Next Secret
Copy Scratchpad
64-bit Scratchpad, Flags
64-bit Scratchpad
Secret, Flags
Secret, Data Memory, Scratchpad
Data Memory or Register Page,
Secret, Flags, 64-Bit Reg. #,
Data Memory, Secret, 64-bit Reg. #,
3-Byte Challenge in Scratchpad
Data Memory, Register Page, Reg. #
Read Authenticated Page
Read Memory
64-BIT LASERED ROM Figure 3
MSB
LSB
8-Bit CRC Code
MSB
48-Bit Serial Number
LSB
MSB
8-Bit Family Code (33h)
LSB
3 of 30
MSB
LSB
PRELIMINARY
DS2432
1-WIRE CRC GENERATOR Figure 4
8
5
4
Polynomial = X + X + X + 1
st
nd
1
STAGE
X
0
rd
2
STAGE
X
1
th
3
STAGE
X
2
th
4
STAGE
X
3
th
5
STAGE
X
4
th
6
STAGE
X
5
th
7
STAGE
X
6
8
STAGE
X
7
X
8
INPUT DATA
MEMORY MAP
The DS2432 has four memory areas: data memory, secrets memory, register page with special function
registers and user-bytes, and a scratchpad. The data memory is organized in pages of 32 bytes. Secret,
register page and scratchpad are 8 bytes each. The scratchpad acts as a buffer when writing to the data
memory, loading the initial secret or when writing to the register page.
Data memory, secrets memory and register page are located in a linear address space, as shown in
Figure 5. The data memory and the register page have unrestricted read access. Writing to the data
memory and the register page requires the knowledge of the secret.
DS2432 MEMORY MAP Figure 5
Address Range
Description
Note
0000h to 001Fh
Data Memory Page 0
No write-access without secret
0020h to 003Fh
Data Memory Page 1
No write-access without secret
0040h to 005Fh
Data Memory Page 2
No write-access without secret
0060h to 007Fh
Data Memory Page 3
No write-access without secret
0080h to 0087h
Secrets Memory
No read access; no secret for write access
0088h
1)
Write-protect secret, 008Ch to 008Fh
Protection activated by code AAh or 55h
0089h
1)
Write-protect pages 0 to 3
Protection activated by code AAh or 55h
008Ah
1)
User byte, self-protecting
Protection activated by code AAh or 55h
008Bh
Factory byte (read only)
Reads either AAh or 55h; see text
008Ch
1)
User byte/EPROM mode control for page 1
Mode activated by code AAh or 55h
008Dh
1)
User byte/Write-protect page 0 only
Protection activated by code AAh or 55h
008Eh to 008Fh
User Bytes/Manufacturer ID
Function depends on factory byte
0090h to 0097h
64-Bit Registration Number
(Alternate readout)
1)
Once programmed to AAh or 55h this address becomes read-only. All other codes can be stored but
will neither write-protect the address nor activate any function.
4 of 30
PRELIMINARY
DS2432
The secret can be installed either by copying data from the scratchpad to the secrets memory or by
computation using the current secret and the scratchpad contents as partial secret. The secret cannot be
read directly; only the SHA engine has access to it for computing message authentication codes.
The address range 0088h to 008Fh, also referred to as register page, contains special function registers as
well as general-purpose user-bytes and one factory byte. Once programmed to AAh or 55h, most of these
bytes become write-protected and can no longer be altered. All other codes will neither write-protect the
address nor activate the special function associated to that particular byte. Special functions are: 1) writeprotecting only the secret, 2) write-protecting all four data memory pages simultaneously, 3) activating
EPROM mode for data memory page 1 only, and 4) write-protecting data memory page 0 only. Once the
EPROM mode is activated, bits in the address range 0020h through 003Fh can only be altered from a
logic 1 to a logic 0, provided that the data memory is not write protected.
The factory byte will either read 55H or AAh. Typically, this address will read 55h, indicating that the
addresses 008E and 008F are read/write user-bytes without any special function or locking mechanism.
The code of AAh indicates that these two bytes are programmed with a 16-bit manufacturer ID and then
write-protected at the factory. The manufacturer ID can be a customer-supplied identification code that
assists the application software in identifying the product the DS2432 is associated with and in faster
selection of the applicable secret. To setup and register a manufacturer ID contact the factory.
The address range 0090h to 0097h provides an alternate way to read the device’s ROM registration
number. The family code is stored at the lower address followed by the 48-bit serial number and the 8-bit
CRC, which is stored at address 0097h. In reading through these addresses (0090h to 0097h) the bus
master will receive the individual bits of the registration number in exactly the same sequence as with a
ROM function command.
ADDRESS REGISTERS Figure 6
Bit #
7
6
5
4
3
2
1
0
Target Address (TA1)
T7
T6
T5
T4
T3
T2
(0)
T1
(0)
T0
(0)
Target Address (TA2)
T15
T14
T13
T12
T11
T10
T9
T8
Ending Address with
Data Status (E/S)
(Read Only)
AA
1
PF
1
1
E2
(1)
E1
(1)
E0
(1)
ADDRESS REGISTERS AND TRANSFER STATUS
The DS2432 employs three address registers: TA1, TA2 and E/S (Figure 6). These registers are common
to many other 1-Wire devices but operate slightly differently with the DS2432. Registers TA1 and TA2
must be loaded with the target address to which the data will be written or from which data will be read.
Register E/S is a read-only transfer-status register, used to verify data integrity with write commands.
Since the scratchpad of the DS2432 is designed to accept data in blocks of eight bytes only, the lower
three bits of TA1 will be forced to 0 and the lower three bits of the E/S register (Ending Offset) will
always read 1. This indicates that all the data in the scratchpad will be used for a subsequent copying into
main memory or secret. Bit 5 of the E/S register, called PF or “partial byte flag”, is a logic-1 if the
5 of 30
PRELIMINARY
DS2432
number of data bits sent by the master is not an integer multiple of 8 or if the data in the scratchpad is not
valid due to a loss of power. A valid write to the scratchpad will clear the PF bit. Bits 3, 4 and 6 have no
function; they always read 1. The Partial Flag supports the master checking the data integrity after a
Write command. The highest valued bit of the E/S register, called AA or Authorization Accepted, acts as
a flag to indicate that the data stored in the scratchpad has already been copied to the target memory
address. Writing data to the scratchpad clears this flag.
WRITING WITH VERIFICATION
To write data to the DS2432, the scratchpad has to be used as intermediate storage. First the master issues
the Write Scratchpad command to specify the desired target address, followed by the data to be written to
the scratchpad. Note that writes to data memory must be performed on 8-byte boundaries with the
3 LSBs of the target address (T2..T0) equal to 000b. If T2..T0 are sent with non-zero values, the device
will set these bits to zero and will write to the modified address upon completion of the command
sequence. In addition, the entire 8-byte scratchpad will be copied to memory when commanded,
therefore eight bytes of data should be written into the scratchpad to ensure that the data to be copied is
known. Under certain conditions (see Write Scratchpad command) the master will receive an inverted
CRC16 of the command, address (actual address sent) and data at the end of the write scratchpad
command sequence. Note that the CRC is calculated based on the actual target address sent and not the
modified address in the case of a non-zero T2..T0. Knowing this CRC value, the master can compare it
to the value it has calculated itself to decide if the communication was successful and proceed to the
Copy Scratchpad command. If the master could not receive the CRC16, it should send the Read
Scratchpad command to verify data integrity. As preamble to the scratchpad data, the DS2432 repeats the
target address TA1 and TA2 and sends the contents of the E/S register. If the PF flag is set, data did not
arrive correctly in the scratchpad or there was a loss of power since data was last written to the
scratchpad. The master does not need to continue reading; it can start a new trial to write data to the
scratchpad. Similarly, a set AA flag together with a cleared PF flag indicates that the device did not
recognize the Write command. If everything went correctly, both flags are cleared. Now the master can
continue reading and verifying every data byte. After the master has verified the data, it can send the
Copy Scratchpad command, for example. This command must be followed exactly by the data of the
three address registers TA1, TA2 and E/S. The master should obtain the contents of these registers by
reading the scratchpad.
MEMORY AND SHA FUNCTION COMMANDS
Due to its design as a secure device the DS2432 has to behave differently from other 1-Wire memory
devices. Although most of the memory of the DS2432 can be read the same way as any other 1-Wire
memory, attempts to read the secret will result in FFh-bytes rather than real data. The “Memory and SHA
Function Flow Chart” (Figure 7) describes the protocols necessary for accessing the memory and
operating the SHA engine. The communication between master and DS2432 takes place either at regular
speed (default, OD = 0) or at Overdrive Speed (OD = 1). If not explicitly set into the Overdrive Mode the
DS2432 assumes regular speed.
Write Scratchpad [0Fh]
The Write Scratchpad command applies to the data memory, the secret and the writable addresses in the
register page. If the bus master sends a target address higher than 90h, the command will not be executed.
After issuing the write scratchpad command, the master must first provide the 2-byte target address,
followed by the data to be written to the scratchpad. The data will be written to the scratchpad starting at
the beginning of the scratchpad. Note that the ending offset (E2..E0) will always be 111b regardless of
the number of bytes that the master has transmitted. For this reason the master should always send
6 of 30
PRELIMINARY
DS2432
8 bytes, especially if the data is to be loaded as a secret. If the master sends less than eight data bytes and
does not read back the scratchpad for verification, parts of the new secret may be random data that is
unknown to the master. Only full data bytes are accepted. If the last data byte is incomplete its content
will be ignored and the partial byte flag PF will be set.
When executing the Write Scratchpad command the CRC generator inside the DS2432 (see Figure 12)
calculates a CRC of the entire data stream, starting at the command code and ending at the last data byte
as sent by the master. This CRC is generated using the CRC16 polynomial by first clearing the CRC
generator and then shifting in the command code (0FH) of the Write Scratchpad command, the Target
Addresses (TA1 and TA2), and all the data bytes. Note that the CRC16 calculation is performed with the
actual TA1 sent by the master even though the DS2432 will set TA1 bits T2..T0 to 000b for the actual
Write Scratchpad command. The master may end the Write Scratchpad command at any time. However,
if the scratchpad is filled to its capacity, the master may send 16 read time slots and will receive the CRC
generated by the DS2432.
If a Write Scratchpad is attempted with a target address in data memory (00h-7Fh) or the register page
(88h to 8Fh), then a subsequent Read Scratchpad command will read AAh or 55h for addresses that are
write-protected rather than the value that was written in the Write Scratchpad command. Similarly, if the
target address is within page 1 and the page is in EPROM mode, the read-back from the scratchpad will
produce data that is the logical AND of the original scratchpad data and the current content of the target
memory area.
Read Scratchpad [AAh]
The Read Scratchpad command allows verifying the target address and the integrity of the scratchpad
data. After issuing the command code, the master begins reading. The first two bytes will be the target
address with T2 to T0 = 0. The next byte will be the ending offset/data status byte (E/S) followed by the
scratchpad data, which may be different from what the master has originally sent. This is of particular
importance if the target address is the secret, the register page or page 1 in EPROM mode. The master
should read through the end of the scratchpad after which it will receive the inverted CRC. This is based
on data as it was sent by the DS2432. If the master continues reading after the CRC all data will be
logic 1’s.
Load First Secret [5Ah]
The Load First Secret command is used to replace the device’s current secret with the contents of the
scratchpad, provided that the secret is not write-protected. This command does not require the knowledge
of the device’s current secret. Before the Load First Secret command can be used the master must have
written the new secret to the scratchpad using the starting address of the secret (0080h). After issuing the
Load First Secret command, the master must provide a 3-byte authorization pattern, which should have
been obtained by an immediately preceding Read Scratchpad command. This 3-byte pattern must exactly
match the data contained in the three address registers (TA1, TA2, E/S, in that order). If the pattern
matches and the secret is not write-protected, the AA (Authorization Accepted) flag will be set and the
copy will begin. All eight bytes of scratchpad contents will be copied to the secret’s memory location.
The device-internal data transfer takes 10 ms maximum during which the voltage on the 1-Wire bus must
not fall below 2.8V. A pattern of alternating 1’s and 0’s will be transmitted after the data has been copied
until the master issues a reset pulse.
Instead of using Load First Secret, a new secret alternatively be loaded with the Copy Scratchpad
command. However, this approach requires the knowledge of the current secret and the computation of a
160-bit MAC.
7 of 30
PRELIMINARY
DS2432
Memory and SHA Functions Flow Chart Figure 7
From ROM Functions
Flow Chart (Figure 9)
Bus Master TX Memory
Function Command
0Fh
Write Scratchpad ?
To Figure 7
nd
2 Part
N
Y
Bus Master TX
TA1 (T7:T0), TA2 (T15:T8)
N
Y
Address
< 90h ?
DS2432 sets Scratchpad
Byte Counter = 0,
Clears PF, AA,
Sets T2:T0 = 0, 0, 0,
Sets E2:E0 = 1, 1, 1
Master TX Data Byte
To Scratchpad
Bus Master
RX “1”s
Master
TX Reset ?
N
DS2432
Increments
Byte Counter
Master
TX Reset ?
Y
Partial
Byte ?
N
Y
N
N
Byte Counter
=7?
Y
Y
PF = 1
DS2432 TX CRC16
of Command, Address,
Data Bytes as they were
sent by the bus master
Bus Master
RX “1”s
N
Master
TX Reset ?
Y
To ROM Functions
Flow Chart (Figure 9)
8 of 30
From Figure 7
nd
2 Part
PRELIMINARY
DS2432
Memory and SHA Functions Flow Chart (continued) Figure 7
From Figure 7
st
1 Part
AAh
Read ScratchPad ?
N
To Figure 7
rd
3 Part
Y
Bus Master RX
TA1 (T7:T0), TA2 (T15:T8)
and E/S Byte
DS2432 sets Scratchpad
Byte Counter = 0
Bus Master RX
Data Byte from Scratchpad
DS2432
Increments
Byte Counter
Master
TX Reset ?
Y
Note:
For write protected data
memory or register page
locations, the master will
read either AAh or 55h. In
EPROM mode the master
will receive scratchpad data
logically ANDed by the
current data of the targeted
memory address.
N
N
Byte Counter
=7?
Y
Bus Master RX CRC16
of Command, Address,
E/S Byte, Data Bytes as
sent by the DS2432
Bus Master
RX “1”s
N
Master
TX Reset ?
Y
To Figure 7
st
1 Part
From Figure 7
rd
3 Part
9 of 30
PRELIMINARY
DS2432
Memory and SHA Functions Flow Chart (continued) Figure 7
From Figure 7
nd
2 Part
5Ah
Load First
Secret ?
To Figure 7
th
4 Part
N
Y
Bus Master TX
TA1 (T7:T0), TA2 (T15:T8)
and E/S Byte
Y
Auth. Code
Match ?
N
Note: The 8-byte secret
must first be written to
the scratchpad.
N
Y
Address of
Secret ?
Y
WriteProtected ?
N
AA = 1
*
DS2432 copies Scratchpad Data to Secret
DS2432 TX “0”
Y
Bus Master
RX “1”s
Master
TX Reset ?
N
DS2432 TX “1”
Master
TX Reset ?
N
Master
TX Reset ?
Y
To Figure 7
nd
2 Part
N
Y
*
1-Wire idle high for power
10 of 30
From Figure 7
th
4 Part
PRELIMINARY
DS2432
Memory and SHA Functions Flow Chart (continued) Figure 7
From Figure 7
rd
3 Part
33h
Compute Next
Secret ?
To Figure 7
th
5 Part
N
Y
Note: The master must first
load the scratchpad with a
partial secret of 8 bytes
Bus Master TX
TA1 (T7:T0),
TA2 (T15:T8)
N
Valid Data
Address ?
Y
Y
WriteProtected ?
N
*
SHA Engine Computes Message
Authentication Code of Current
Secret, Page Data, and 8 Byte
Partial Secret in Scratchpad
DS2432 Copies a Partial MAC
to the Secret Register
*
DS2432 fills Scratchpad with AAh
DS2432 TX “0”
Y
Master
TX Reset ?
N
Bus Master
RX “1”s
Master
TX Reset ?
DS2432 TX “1”
N
N
Y
Y
To Figure 7
rd
3 Part
Master
TX Reset ?
*
1-Wire idle high for power
11 of 30
From Figure 7
th
5 Part
PRELIMINARY
DS2432
Memory and SHA Functions Flow Chart (continued) Figure 7
Note: This command is
applicable to all R/W
memory addresses.
From Figure 7
th
4 Part
55h
Copy Scratchpad ?
To Figure 7
th
6 Part
N
Y
Bus Master TX
TA1 (T7:T0),
TA2 (T15:T8),
E/S Byte
N
Auth. Code
Match ?
Bus Master computes MAC
and sends it to DS2432
Y
WriteProtected ?
*
SHA Engine Computes
Message Authentication
Code of Secret, 28 Bytes of
Page Data, Scratchpad
Data, and Device
Registration Number
N
Bus Master
waits 10 ms
Y
MAC Code
Match ?
N
Y
AA = 1
Bus Master
RX “1”s
N
*
DS2432 Copies Scratchpad
Data to Memory
Master
TX Reset ?
DS2432
TX “0”s
Master
TX Reset ?
DS2432 TX “0”
N
Y
Master
TX Reset ?
Y
Y
N
DS2432 TX “1”
N
Master
TX Reset ?
Y
To Figure 7
th
4 Part
* 1-Wire idle high for power
12 of 30
From Figure 7
th
6 Part
PRELIMINARY
DS2432
Memory and SHA Functions Flow Chart (continued) Figure 7
From Figure 7
th
5 Part
A5h
Read Auth.
Page ?
To Figure 7
th
7 Part
N
Y
Note: Three bytes of the
scratchpad contents are taken
as a challenge to the DS2432.
The master may specify the
challenge or accept the current
scratchpad contents instead.
Bus Master TX
TA1 (T7:T0), TA2 (T15:T8)
N
N
Address
< 80h ?
Bus Master
RX “1”s
Y
DS2432 sets Memory
Address = (T15:T0)
Master
TX Reset ?
Master RX Data Byte
From Memory Address
Y
Y
SHA Engine Computes
Message Authentication
Code of Secret, Data of
Selected Page, Device
Registration Number and
3-Byte Challenge
DS2432
Increments
Address
Counter
Master
TX Reset ?
N
Bus Master RX 160-Bit
Message Auth. Code
Bus Master RX CRC16 of
Message Auth. Code
N
End
Of Page ?
DS2432 TX “0”
Y
Master RX
one byte FFh
Master
TX Reset ?
N
Bus Master RX CRC16
of Command, Address,
Data, and FFh Byte
Master
TX Reset ?
DS2432 TX “1”
N
*
N
Master
TX Reset ?
Y
Y
To Figure 7
th
5 Part
Y
1-Wire idle high for power
13 of 30
From Figure 7
th
7 Part
*
PRELIMINARY
DS2432
Memory and SHA Functions Flow Chart (continued) Figure 7
From Figure 7
th
6 Part
F0h
Read Memory ?
N
Y
Bus Master TX
TA1 (T7:T0),
TA2 (T15:T8)
Y
Address
< 98h ?
N
DS2432 sets Memory
Address = (T15:T0)
Y
Address
Of Secret
N
DS2432
Increments
Address
Counter
Bus Master RX
Data Byte from
Memory Address
Master
TX Reset ?
Bus Master
RX FFh Byte
Y
N
Y
Address
< 97h ?
Bus Master
RX “1”s
N
Bus Master
RX “1”s
N
Master
TX Reset ?
Y
To Figure 7
th
6 Part
14 of 30
N
Master
TX Reset ?
Y
PRELIMINARY
DS2432
Compute Next Secret [33h]
Some applications may require a higher level of security than can be achieved by a single, directly written
secret. For additional security the DS2432 can compute a new secret based on the current secret, the
contents of a selected memory page, and a partial secret that consists of all data in the scratchpad. To
install a computed secret the master issues the Compute Next Secret command, which activates the
512-bit SHA-1 engine, provided that the secret is not write-protected. Table 1 shows how the various data
components involved enter the SHA engine and how a portion of the SHA result is loaded into the
secret's memory location. The SHA computation algorithm itself is explained later in this document. The
Compute Next Secret command can be applied as often as desired to increase the level of security. The
bus master does not need to know the device’s current secret in order to successfully compute a new one
and then overwrite the existing secret.
SHA-1 Input Data for Compute Next Secret Command Table 1
M0[31:24] = (SS+0)
M1[31:24] = (PP+0)
M2[31:24] = (PP+4)
M3[31:24] = (PP+8)
M4[31:24] = (PP+12)
M5[31:24] = (PP+16)
M6[31:24] = (PP+20)
M7[31:24] = (PP+24)
M8[31:24] = (PP+28)
M9[31:24] = FFh
M10[31:24] = MPX
M11[31:24] = (SP+4)
M12[31:24] = (SS+4)
M13[31:24] = FFh
M14[31:24] = 00h
M15[31:24] = 00h
M0[23:16] = (SS+1)
M1[23:16] = (PP+1)
M2[23:16] = (PP+5)
M3[23:16] = (PP+9)
M4[23:16] = (PP+13)
M5[23:16] = (PP+17)
M6[23:16] = (PP+21)
M7[23:16] = (PP+25)
M8[23:16] = (PP+29)
M9[23:16] = FFh
M10[23:16] = (SP+1)
M11[23:16] = (SP+5)
M12[23:16] = (SS+5)
M13[23:16] = FFh
M14[23:16] = 00h
M15[23:16] = 00h
M0[15:8] = (SS+2)
M1[15:8] = (PP+2)
M2[15:8] = (PP+6)
M3[15:8] = (PP+10)
M4[15:8] = (PP+14)
M5[15:8] = (PP+18)
M6[15:8] = (PP+22)
M7[15:8] = (PP+26)
M8[15:8] = (PP+30)
M9[15:8] = FFh
M10[15:8] = (SP+2)
M11[15:8] = (SP+6)
M12[15:8] = (SS+6)
M13[15:8] = FFh
M14[15:8] = 00h
M15[15:8] = 01h
M0[7:0] = (SS+3)
M1[7:0] = (PP+3)
M2[7:0] = (PP+7)
M3[7:0] = (PP+11)
M4[7:0] = (PP+15)
M5[7:0] = (PP+19)
M6[7:0] = (PP+23)
M7[7:0] = (PP+27)
M8[7:0] = (PP+31)
M9[7:0] = FFh
M10[7:0] = (SP+3)
M11[7:0] = (SP+7)
M12[7:0] = (SS+7)
M13[7:0] = 80h
M14[7:0] = 00h
M15[7:0] = B8h
(SS+2) := E[23:16]
(SS+6) := D[23:16]
(SS+3) := E[31:24]
(SS+7) := D[31:24]
Result of Compute Next Secret
(SS+0) := E[7:0]
(SS+4) := D[7:0]
(SS+1) := E[15:8]
(SS+5) := D[15:8]
Legend
Mt
SS
PP
(SP+n)
MPX
D, E
Input buffer of SHA engine
0 ≤ t ≤ 15; 32-bit words
Starting address of secret (80h)
Starting address of memory page
See Memory Map, memory pages 0 through 3
Byte n of scratchpad
MPX[7] = 0; MPX[6] = 0; MPX[5:0] = (SP+0)[5:0]
32-bit words, portions of the 160-bit SHA result
After issuing the Compute Next Secret command the master must provide a 2-byte target address to select
the memory page that contributes 256 bits of the SHA input data. The lower five bits of the target address
TA1 are not relevant. If the target address is valid, i. e. is in the range of 0000h to 007Fh, and the secret is
15 of 30
PRELIMINARY
DS2432
not write-protected the SHA engine will start and within 2.0 ms compute a new secret that is then
automatically copied to the secrets register. Replacing the secret takes maximum 10 ms. During this time
and the computation of the secret the voltage on the 1-Wire bus must not fall below 2.8V. After copying
is finished the DS2432 fills the scratchpad with AAh bytes. Now a pattern of alternating 1’s and 0’s will
be transmitted until the master issues a reset pulse.
Since the content of the scratchpad is used as a partial secret, the master must fill the scratchpad with a
known 8-byte data pattern using the Write Scratchpad command before it issues the Compute Next
Secret command. Otherwise the new secret will depend on data that was unintentionally left in the
scratchpad from previous commands.
Copy Scratchpad [55h]
The data memory of the DS2432 can be read without any restrictions. Executing the Copy Scratchpad
command to write new data to the memory or register page, however, requires the knowledge of the
device’s secret and the ability to perform a SHA-1 computation to generate the 160-bit Message
Authentication Code (MAC) to start the data transfer from the scratchpad to the memory. The master may
perform the MAC computation in software or use a DS1963S as a coprocessor. The coprocessor approach
has the benefit that the secret remains hidden in the coprocessor iButton. The sequence in which the
resulting MAC needs to be sent to the DS2432 is shown in Table 2. Table 3 shows how the various data
components are entered into the SHA engine. The SHA computation algorithm is explained later in this
document.
Message Authentication Code Transmission Sequence Table 2
E[31:24]
E[23:16]
E[15:8]
E[7:0]
D[31:24]
D[23:16]
D[15:8]
D[7:0]
C[31:24]
C[23:16]
C[15:8]
C[7:0]
B[31:24]
B[23:16]
B[15:8]
B[7:0]
A[31:24]
A[23:16]
A[15:8]
A[7:0]
Shift
Direction
The transmission is least significant bit first starting with Register E.
After issuing the Copy Scratchpad command, the master must provide a 3-byte authorization pattern,
which should have been obtained by an immediately preceding Read Scratchpad command. This 3-byte
pattern must exactly match the data contained in the three address registers (TA1, TA2, E/S, in that
order). If the authorization code matches and the target memory is not write-protected, the DS2432 will
start its SHA engine to compute a 160-bit MAC that is based on the current secret, all of the scratchpad
data, the first 28 bytes of the addressed memory page, and the DS2432's registration number (without the
CRC). Simultaneously the master computes a MAC from the same data and sends it to the DS2432 as
evidence that it is authorized to write to the EEPROM. Now the master waits for 10 ms during which the
voltage on the 1-Wire bus must not fall below 2.8V. If the MAC generated by the DS2432 matches the
MAC that the master computed, the DS2432 will set its AA (Authorization Accepted) flag, and copy the
entire scratchpad contents to the data EEPROM. As indication for a successful copy the master will be
able to read a pattern of alternating 1’s and 0’s until it issues a Reset Pulse. A pattern of all zeros tells the
master that the copy did not take place.
16 of 30
PRELIMINARY
DS2432
Special attention is required when copying data to the register page. In order to prevent unintentional
locking of a special function register or user byte it is recommended to first read the register page and
then write it all with the intended modification to the scratchpad. When writing to the register page (or the
secret using Copy Scratchpad), the input data for M1 to M7 of the SHA engine will be the current secret
(M1, M2), the current content of the register page (M3, M4), the full 64-bit registration number (M5,
M6), and 4 bytes FFh (M7).
SHA-1 Input Data for Copy Scratchpad Command Table 3
M0[31:24] = (SS+0)
M1[31:24] = (PP+0)
M2[31:24] = (PP+4)
M3[31:24] = (PP+8)
M4[31:24] = (PP+12)
M5[31:24] = (PP+16)
M6[31:24] = (PP+20)
M7[31:24] = (PP+24)
M8[31:24] = (SP+0)
M9[31:24] = (SP+4)
M10[31:24] = MP
M11[31:24] = SN2
M12[31:24] = (SS+4)
M13[31:24] = FFh
M14[31:24] = 00h
M15[31:24] = 00h
M0[23:16] = (SS+1)
M1[23:16] = (PP+1)
M2[23:16] = (PP+5)
M3[23:16] = (PP+9)
M4[23:16] = (PP+13)
M5[23:16] = (PP+17)
M6[23:16] = (PP+21)
M7[23:16] = (PP+25)
M8[23:16] = (SP+1)
M9[23:16] = (SP+5)
M10[23:16] = FAMC
M11[23:16] = SN3
M12[23:16] = (SS+5)
M13[23:16] = FFh
M14[23:16] = 00h
M15[23:16] = 00h
M0[15:8] = (SS+2)
M1[15:8] = (PP+2)
M2[15:8] = (PP+6)
M3[15:8] = (PP+10)
M4[15:8] = (PP+14)
M5[15:8] = (PP+18)
M6[15:8] = (PP+22)
M7[15:8] = (PP+26)
M8[15:8] = (SP+2)
M9[15:8] = (SP+6)
M10[15:8] = SN0
M11[15:8] = SN4
M12[15:8] = (SS+6)
M13[15:8] = FFh
M14[15:8] = 00h
M15[15:8] = 01h
M0[7:0] = (SS+3)
M1[7:0] = (PP+3)
M2[7:0] = (PP+7)
M3[7:0] = (PP+11)
M4[7:0] = (PP+15)
M5[7:0] = (PP+19)
M6[7:0] = (PP+23)
M7[7:0] = (PP+27)
M8[7:0] = (SP+3)
M9[7:0] = (SP+7)
M10[7:0] = SN1
M11[7:0] = SN5
M12[7:0] = (SS+7)
M13[7:0] = 80h
M14[7:0] = 00h
M15[7:0] = B8h
Legend
Mt
SS
PP
(SP+n)
MP
FAMC
SNx
Input buffer of SHA engine
0 ≤ t ≤ 15; 32-bit words
Starting address of secret (80h)
Starting address of memory page
See Memory Map, memory pages 0 through 3
Byte n of scratchpad
MP[7:4] = 0000 for Copy Scratchpad
MP[3:0] = T8:T5 (equivalent to page number in hex)
Family Code = 33h
Serial number of device
SN0 = least significant byte, SN5 = most significant byte.
The CRC is not used
Read Authenticated Page [A5h]
The Read Authenticated Page command provides the master with the data of a full or partial memory
page plus a message authentication code (MAC). The MAC allows the master to determine whether the
secret stored in the DS2432 is valid within the application. The DS2432 computes the MAC from its
secret, all the data of the selected memory page, its registration number and a 3-byte challenge, which the
master should write to the scratchpad prior to issuing the Read Authenticated Page command. To do this,
the master can use the write scratchpad command with any target address within the data memory. The
relevant portions of the challenge are the 5th, 6th and 7th byte. Alternatively, the master can accept the data
17 of 30
PRELIMINARY
DS2432
that happens to reside in the scratchpad from a previous command as a challenge. The 160-bit MAC is
transmitted in the same way as with the Copy Scratchpad command, Table 2, but the data flows from the
DS2432 to the master. The data input to the SHA engine as it applies to the Read Authenticated Page
command is shown in Table 4.
After the master has issued the command code and specified a valid target address it will receive the page
data beginning at the target address through the end of the data page, one byte FFh and the inverted CRC
of the command code, target address, transmitted page data and FFh byte. Immediately after the CRC is
received the master waits for 2.0 ms during which the voltage on the 1-Wire bus must not fall below
2.8V. During this time the SHA engine of the DS2432 computes the message authentication code over
the secret, all 32 data bytes of the selected page, the device’s registration number (without the CRC) and
the 3-byte challenge. Now the master reads the 160-bit MAC, which is followed by an inverted CRC as a
means to safeguard the data transfer. If the master continues reading after the CRC it will receive a
pattern of alternating 0’s and 1’s until it issues a Reset Pulse.
SHA-1 Input Data for Read Authenticated Page Command Table 4
M0[31:24] = (SS+0)
M1[31:24] = (PP+0)
M2[31:24] = (PP+4)
M3[31:24] = (PP+8)
M4[31:24] = (PP+12)
M5[31:24] = (PP+16)
M6[31:24] = (PP+20)
M7[31:24] = (PP+24)
M8[31:24] = (PP+28)
M9[31:24] = FFh
M10[31:24] = MP
M11[31:24] = SN2
M12[31:24] = (SS+4)
M13[31:24] = (SP+4)
M14[31:24] = 00h
M15[31:24] = 00h
M0[23:16] = (SS+1)
M1[23:16] = (PP+1)
M2[23:16] = (PP+5)
M3[23:16] = (PP+9)
M4[23:16] = (PP+13)
M5[23:16] = (PP+17)
M6[23:16] = (PP+21)
M7[23:16] = (PP+25)
M8[23:16] = (PP+29)
M9[23:16] = FFh
M10[23:16] = FAMC
M11[23:16] = SN3
M12[23:16] = (SS+5)
M13[23:16] = (SP+5)
M14[23:16] = 00h
M15[23:16] = 00h
M0[15:8] = (SS+2)
M1[15:8] = (PP+2)
M2[15:8] = (PP+6)
M3[15:8] = (PP+10)
M4[15:8] = (PP+14)
M5[15:8] = (PP+18)
M6[15:8] = (PP+22)
M7[15:8] = (PP+26)
M8[15:8] = (PP+30)
M9[15:8] = FFh
M10[15:8] = SN0
M11[15:8] = SN4
M12[15:8] = (SS+6)
M13[15:8] = (SP+6)
M14[15:8] = 00h
M15[15:8] = 01h
M0[7:0] = (SS+3)
M1[7:0] = (PP+3)
M2[7:0] = (PP+7)
M3[7:0] = (PP+11)
M4[7:0] = (PP+15)
M5[7:0] = (PP+19)
M6[7:0] = (PP+23)
M7[7:0] = (PP+27)
M8[7:0] = (PP+31)
M9[7:0] = FFh
M10[7:0] = SN1
M11[7:0] = SN5
M12[7:0] = (SS+7)
M13[7:0] = 80h
M14[7:0] = 00h
M15[7:0] = B8h
Legend
Mt
SS
PP
FAMC
MP
SNx
(SP+n)
Input buffer of SHA engine
0 ≤ t ≤ 15; 32-bit words
Starting address of secret (80h)
Starting address of memory page
See Memory Map, memory pages 0 through 3
Family Code = 33h
MP[7:4] = 0100
MP[3:0] = T8:T5 (equivalent to page number in hex)
ROM Serial number of device
SN0 = least significant byte, SN5 = most significant byte
The CRC is not used
Byte n of Scratchpad
18 of 30
PRELIMINARY
DS2432
Read Memory [F0h]
The read memory command may be used to read all memory except for the secret. Attempting to read the
secret will not reveal any data. After issuing the command, the master must provide the 2-byte target
address. After these two bytes, the master reads data beginning from the target address and may continue
until address 0097h. If the master continues reading the result will be logic 1’s. It is important to realize
that the target address registers will point to the last byte read. The ending offset/data status byte and the
scratchpad are unaffected.
The hardware of the DS2432 provides a means to accomplish error-free writing to the memory section.
To safeguard reading data in the 1-Wire environment and to simultaneously speed up data transfers, it is
recommended to packetize data into data packets of the size of one memory page each. Such a packet
would typically store a master-calculated 16-bit CRC with each page of data to ensure rapid, error-free
data transfers that eliminate having to read a page multiple times to determine if the received data is
correct or not. (See Application Note 114 for the recommended file structure, which is also referred to as
TMEX Format.)
SHA-1 COMPUTATION ALGORITHM
This description of the SHA computation is adapted from the Secure Hash Standard SHA-1 document as
it can be downloaded from the NIST web site (http://www.itl.nist.gov/fipspubs/fip180-1.htm). The
algorithm takes as its input data sixteen 32-bit words Mt (0 ≤ t ≤ 15), as shown in Tables 1, 2 and 4 for
the Compute Next Secret, Copy Scratchpad and Read Authenticated Page command, respectively. The
SHA computation involves a sequence of eighty 32-bit words called Wt (0 ≤ t ≤ 79), a sequence of eighty
32-bit words called Kt (0 ≤ t ≤ 79), a Boolean function ft (B, C, D) (0 ≤ t ≤ 79) with B, C and D being
32-bit words, and three more 32-bit words called A, E and TMP. The operations required for the SHA
computation are arithmetic addition without carry (“+”), logical inversion or 1’s complement (“\”),
EXCLUSIVE OR (“⊕”), logical AND (“∧”), logical OR (“∨”), assignment (“:=”), and circular shifting
within a 32-bit word. The expression “Sn(X)” represents a circular shift of X by n positions to the left,
with X being a 32-bit word.
The function ft is defined as follows:
ft(B,C,D) = (B ∧ C) ∨ ((B\) ∧ D)
B⊕C⊕D
(B ∧ C) ∨ (B ∧ D) ∨ (C ∧ D)
B⊕C⊕D
(0 ≤ t ≤ 19)
(20 ≤ t ≤ 39)
(40 ≤ t ≤ 59)
(60 ≤ t ≤ 79)
The sequence Wt (0 ≤ t ≤ 79) is defined as follows:
Wt := Mt
(0 ≤ t ≤ 15)
S1(Wt-3 ⊕ Wt-8 ⊕ Wt-14 ⊕ Wt-16)
(16 ≤ t ≤ 79)
The sequence Kt (0 ≤ t ≤ 79) is defined as follows:
Kt
:=
5A827999h (0 ≤ t ≤ 19)
6ED9EBA1h (20 ≤ t ≤ 39)
8F1BBCDCh (40 ≤ t ≤ 59)
CA62C1D6h (60 ≤ t ≤ 79)
19 of 30
PRELIMINARY
DS2432
The variables A, B, C, D, E are initialized as follows:
A
:=
67452301h
B
:=
EFCDAB89h
C
:=
98BADCFEh
D
:=
10325476h
E
:=
C3D2E1F0h
The 160-bit MAC is the concatenation of A, B, C, D, and E after looping through the following set of
computations for t = 0 to 79 (discarding any carry-out):
TMP :=
S5(A) + ft(B,C,D) + Wt + Kt + E
E
:=
D
D
:=
C
C
:=
S30(B)
B
:=
A
A
:=
TMP
The master can read the Message Authentication Code (MAC) with the Read Authenticated Page command in a register and bit sequence as shown in Table 3. With the Copy Scratchpad command the bit
transmission sequence is the same, however, the master has to compute the MAC and send it to the
DS2432. With the Compute Next Secret command the MAC is not exposed. Instead, the content of the
SHA computation registers E and D is directly copied to the secret register, as shown in Table 1.
1-WIRE BUS SYSTEM
The 1-Wire bus is a system, which has a single bus master and one or more slaves. In all instances the
DS2432 is a slave device. The bus master is typically a microcontroller. The discussion of this bus system
is broken down into three topics: hardware configuration, transaction sequence, and 1-Wire signaling
(signal types and timing). A 1-Wire protocol defines bus transactions in terms of the bus state during
specific time slots that are initiated on the falling edge of sync pulses from the bus master. For a more
detailed protocol description, refer to Chapter 4 of the Book of DS19xx iButton Standards.
HARDWARE CONFIGURATION
The 1-Wire bus has only a single line by definition; it is important that each device on the bus be able to
drive it at the appropriate time. To facilitate this, each device attached to the 1-Wire bus must have open
drain or 3-state outputs. The 1-Wire port of the DS2432 is open drain with an internal circuit equivalent
to that shown in Figure 8. A multidrop bus consists of a 1-Wire bus with multiple slaves attached. At
regular speed the 1-Wire bus has a maximum data rate of 16.3k bits per second. The speed can be boosted
to 142k bits per second by activating the Overdrive Mode. The DS2432 requires a 1-Wire pull-up resistor
of maximum 2.2 kΩ for executing any of its memory and SHA function commands at any speed. When
communicating with several DS2432 simultaneously, e. g., to install the same secret in several devices,
the resistor should be bypassed by a low-impedance pull-up to VPUP while the device transfers data from
the scratchpad to the EEPROM and updates the tamper-detect register.
The idle state for the 1-Wire bus is high. If for any reason a transaction needs to be suspended, the bus
MUST be left in the idle state if the transaction is to resume. If this does not occur and the bus is left low
for more than 16 µs (Overdrive Speed) or more than 120 µs (regular speed), one or more devices on the
bus may be reset.
20 of 30
PRELIMINARY
DS2432
HARDWARE CONFIGURATION Figure 8
BUS MASTER
VPUP
DS2432 1-Wire PORT
RPU
RX
DATA
TX
RX = RECEIVE
Open Drain
Port Pin
RX
TX
5 µA
Typ.
TX = TRANSMIT
100 Ω
MOSFET
TRANSACTION SEQUENCE
The protocol for accessing the DS2432 via the 1-Wire port is as follows:
• Initialization
• ROM Function Command
• Memory or SHA Function Command
• Transaction/Data
INITIALIZATION
All transactions on the 1-Wire bus begin with an initialization sequence. The initialization sequence
consists of a reset pulse transmitted by the bus master followed by presence pulse(s) transmitted by the
slave(s). The presence pulse lets the bus master know that the DS2432 is on the bus and is ready to
operate. For more details, see the “1-Wire Signaling” section.
ROM FUNCTION COMMANDS
Once the bus master has detected a presence, it can issue one of the seven ROM function commands that
the DS2432 supports. All ROM function commands are eight bits long. A list of these commands follows
(refer to flowchart in Figure 9):
Read ROM [33h]
This command allows the bus master to read the DS2432’s 8-bit family code, unique 48-bit serial
number, and 8-bit CRC. This command should only be used if there is a single slave on the bus. If more
than one slave is present on the bus, a data collision will occur when all slaves try to transmit at the same
time (open drain will produce a wired-AND result). The resultant family code and 48-bit serial number
read by the master will be invalid.
Match ROM [55h]
The match ROM command, followed by a 64-bit registration number, allows the bus master to address a
specific DS2432 on a multidrop bus. Only the DS2432 that exactly matches the 64-bit registration
number will respond to the following memory function command. All other slaves will wait for a reset
pulse. This command can be used with a single or multiple devices on the bus.
21 of 30
PRELIMINARY
DS2432
ROM FUNCTIONS FLOW CHART Figure 9
Bus Master TX
Reset Pulse
From Figure 9, 2
From Memory Functions
Flow Chart (Figure 9)
OD
Reset Pulse ?
nd
Part
N
OD = 0
Y
Bus Master TX ROM
Function Command
33h
Read ROM
Command ?
Y
RC = 0
DS2432 TX
Family Code
(1 Byte)
DS2432 TX
Presence Pulse
N
55h
Match ROM
Command ?
F0h
Search ROM
Command ?
N
Y
Y
RC = 0
To Figure 9
nd
CCh
2 Part
Skip ROM
Command ?
N
Y
RC = 0
RC = 0
DS2432 TX Bit 0
Master TX Bit 0
DS2432 TX Bit 0
Master TX Bit 0
N
Bit 0
Match ?
N
Bit 0
Match ?
Y
DS2432 TX
Serial Number
(6 Bytes)
N
Y
DS2432 TX Bit 1
Master TX Bit 1
DS2432 TX Bit 1
Master TX Bit 1
N
Bit 1
Match ?
N
Bit 1
Match ?
Y
Y
DS2432 TX Bit 63
DS2432 TX
CRC Byte
Master TX Bit 63
DS2432 TX Bit 63
Master TX Bit 63
N
Bit 63
Match ?
N
Bit 63
Match ?
Y
Y
RC = 1
RC = 1
To Memory Functions
Flow Chart (Figure 7)
22 of 30
To Figure 9
nd
2 Part
From Figure 9
nd
2 Part
PRELIMINARY
DS2432
ROM FUNCTIONS FLOW CHART (continued) Figure 9
st
To Figure 9, 1 Part
From Figure 9
st
1 Part
A5h
Resume
Command ?
3Ch
Overdrive
Skip ROM ?
N
Y
N
Y
69h
Overdrive Match
ROM ?
N
Y
RC = 0 ; OD = 1
RC = 0 ; OD = 1
N
RC = 1 ?
Master TX Bit 0
Y
Master
TX Reset ?
N
Y
Bit 0
Match ?
N
Y
Master TX Bit 1
Master
TX Reset ?
Y
Bit 1
Match ?
N
Y
N
Master TX Bit 63
Bit 63
Match ?
Y
RC = 1
From Figure 9
st
1 Part
To Figure 9
st
1 Part
23 of 30
N
PRELIMINARY
DS2432
Search ROM [F0h]
When a system is initially brought up, the bus master might not know the number of devices on the
1-Wire bus or their 64-bit registration numbers. The search ROM command allows the bus master to use
a process of elimination to identify the 64-bit numbers of all slave devices on the bus. The search ROM
process is the repetition of a simple 3-step routine: read a bit, read the complement of the bit, then write
the desired value of that bit. The bus master performs this 3-step routine on each bit of the registration
number. After one complete pass, the bus master knows the 64-bit number of one device. Additional
passes will identify the registration numbers of the remaining devices. See Chapter 5 of the Book of
DS19xx iButton Standards for a detailed discussion of a search ROM, including an actual example.
Skip ROM [CCh]
This command can save time in a single drop bus system by allowing the bus master to access the
memory and SHA functions without providing the 64-bit registration number. If more than one slave is
present on the bus and, for example, a read command is issued following the Skip ROM command, data
collision will occur on the bus as multiple slaves transmit simultaneously (open drain pull-downs will
produce a wired-AND result).
Overdrive Skip ROM [3Ch]
On a single-drop bus this command can save time by allowing the bus master to access the memory and
SHA functions without providing the 64-bit registration number. Unlike the normal Skip ROM command
the Overdrive Skip ROM sets the DS2432 in the Overdrive Mode (OD = 1). All communication
following this command code has to occur at Overdrive Speed until a reset pulse of minimum 480 µs
duration resets all devices on the bus to regular speed (OD = 0).
When issued on a multidrop bus this command will set all Overdrive-supporting devices into Overdrive
mode. To subsequently address a specific Overdrive-supporting device, a reset pulse at Overdrive speed
has to be issued followed by a Match ROM or Search ROM command sequence. This will speed up the
search process. If more than one Overdrive-supporting slave is present on the bus and the Overdrive Skip
ROM command is followed by a read command, data collision will occur on the bus as multiple slaves
transmit simultaneously (open drain pull-downs will produce a wired-AND result).
Overdrive Match ROM [69h]
The Overdrive Match ROM command, followed by a 64-bit registration number transmitted at Overdrive
Speed, allows the bus master to address a specific DS2432 on a multidrop bus and to simultaneously set it
in Overdrive Mode. Only the DS2432 that exactly matches the 64-bit number will respond to the
subsequent memory or SHA function command. Slaves already in Overdrive mode from a previous
Overdrive Skip or a successful Overdrive Match command will remain in Overdrive mode. All Overdrive-capable slaves will return to regular speed at the next Reset Pulse of minimum 480 µs duration. The
Overdrive Match ROM command can be used with a single or multiple devices on the bus.
Resume Command [A5h]
In a typical application the DS2432 needs to be accessed several times to write a full 32-byte page. In a
multidrop environment this means that the 64-bit registration number of a Match ROM command has to
be repeated for every access. To maximize the data throughput in a multidrop environment the Resume
Command function was implemented. This function checks the status of the RC bit and, if it is set,
directly transfers control to the Memory and SHA functions, similar to a Skip ROM command. The only
way to set the RC bit is through successfully executing the Match ROM, Search ROM or Overdrive
Match ROM command. Once the RC bit is set, the device can repeatedly be accessed through the Resume
Command function. Accessing another device on the bus will clear the RC bit, preventing two or more
devices from simultaneously responding to the Resume Command function.
24 of 30
PRELIMINARY
DS2432
1-WIRE SIGNALING
The DS2432 requires strict protocols to ensure data integrity. The protocol consists of four types of signaling on one line: Reset Sequence with Reset Pulse and Presence Pulse, Write 0, Write 1 and Read Data.
Except for the presence pulse the bus master initiates all these signals. The DS2432 can communicate at
two different speeds, regular speed and Overdrive Speed. If not explicitly set into the Overdrive mode,
the DS2432 will communicate at regular speed. While in Overdrive Mode the fast timing applies to all
waveforms.
The initialization sequence required to begin any communication with the DS2432 is shown in Figure 10.
A Reset Pulse followed by a Presence Pulse indicates the DS2432 is ready to send or receive data. The
bus master transmits (TX) a reset pulse (tRSTL, minimum 480 µs at regular speed, 48 µs at Overdrive
Speed). The bus master then releases the line and goes into receive mode (RX). The 1-Wire bus is pulled
to a high state via the pull-up resistor. After detecting the rising edge on the data pin, the DS2432 waits
(tPDH, 15-60 µs at regular speed, 2-6 µs at Overdrive speed) and then transmits the Presence Pulse (tPDL,
60-240 µs at regular speed, 8-24 µs at Overdrive Speed). A Reset Pulse of 480 µs or longer will exit the
Overdrive Mode returning the device to regular speed. If the DS2432 is in Overdrive Mode and the Reset
Pulse is no longer than 80 µs the device will remain in Overdrive Mode.
INITIALIZATION PROCEDURE “RESET AND PRESENCE PULSES” Figure 10
MASTER TX “RESET PULSE” MASTER RX “PRESENCE PULSE”
tRSTH
VPULLUP
VPULLUP MIN
VIH MIN
VIL MAX
0V
tRSTL
tPDL
tR
tPDH
RESISTOR
MASTER
DS2432
*
**
REGULAR SPEED
480 µs ≤ tRSTL < ∞*
480 µs ≤ tRSTH < ∞**
15 ≤ tPDH < 60 µs
60 µs ≤ tPDL < 240
OVERDRIVE SPEED
48 µs ≤ tRSTL < 80 µs
48 µs ≤ tRSTH < ∞ **
15 ≤ tPDH < 6 µs
8 µs ≤ tPDL < 24
In order not to mask interrupt signaling by other devices on the 1-Wire bus, tRSTL + tR should
always be less than 960 µs.
Includes recovery time
25 of 30
PRELIMINARY
DS2432
Read/Write Time Slots
The definitions of write and read time slots are illustrated in Figure 11. The master initiates all time slots
by driving the data line low. The falling edge of the data line synchronizes the DS2432 to the master by
triggering an internal delay circuit. During write time slots, the delay circuit determines when the DS2432
will sample the data line. For a read data time slot, if a “0” is to be transmitted, the delay circuit
determines how long the DS2432 will hold the data line low. If the data bit is a “1”, the DS2432 will not
hold the data line low at all.
READ/WRITE TIMING DIAGRAM Figure 11
Write-one Time Slot
tSLOT
VPULLUP
VPULLUP MIN
VIH MIN
tREC
DS2432
Sampling Window
VIL MAX
0V
tLOW1
15 µs
(OD: 2 µs)
RESISTOR
MASTER
60 µs
(OD: 6 µs)
REGULAR SPEED
60 µs ≤ tSLOT < 120 µs
1 µs ≤ tLOW1 < 15 µs
1 µs ≤ tREC < ∞
OVERDRIVE SPEED
6 µs ≤ tSLOT < 16 µs
1 µs ≤ tLOW1 < 2 µs
1 µs ≤ tREC < ∞
Write-zero Time Slot
tSLOT
VPULLUP
VPULLUP MIN
VIH MIN
tREC
DS2432
Sampling Window
VIL MAX
0V
15 µs
(OD: 2 µs)
60 µs
(OD: 6 µs)
tLOW0
RESISTOR
MASTER
REGULAR SPEED
60 µs ≤ tLOW0 < tSLOT < 120 µs
1 µs ≤ tREC < ∞
26 of 30
OVERDRIVE SPEED
6 µs ≤ tLOW0 < tSLOT < 16 µs
1 µs ≤ tREC < ∞
PRELIMINARY
DS2432
Read-data Time Slot
tSLOT
VPULLUP
VPULLUP MIN
VIH MIN
tREC
MASTER *
SAMPLING
WINDOW
VIL MAX
0V
tSU
tLOWR
tRELEASE
tRDV
Waveform Legend:
RESISTOR
MASTER
DS2432
REGULAR SPEED
60 µs ≤ tSLOT < 120 µs
1µs ≤ tLOWR < 15 µs
0 µs ≤ tRELEASE < 45 µs
1µs ≤ tREC < ∞
tRDV = 15 µs *
tSU < 1µs
OVERDRIVE SPEED
6 µs ≤ tSLOT < 16 µs
1µs ≤ tLOWR < 2 µs
0µs ≤ tRELEASE < 4 µs
1µs ≤ tREC < ∞
tRDV = 2µs *
tSU < 1µs
*The optimal sampling point for the master is as close as possible to the end time of the tRDV period
without exceeding tRDV. For the case of a Read-one time slot, this maximizes the amount of time for the
pull-up resistor to recover the line to a high level. For a Read-zero time slot it ensures that a read will
occur before the fastest 1-Wire device releases the line (tRELEASE = 0).
CRC GENERATION
With the DS2432 there are two different types of CRCs (Cyclic Redundancy Checks). One CRC is an
8-bit type. It is computed at the factory and lasered into the most significant byte of the 64-bit ROM. The
8
5
4
equivalent polynomial function of this CRC is X + X + X + 1. To determine whether the ROM data has
been read without error the bus master can compute the CRC value from the first 56 bits of the 64-bit
ROM and compare it to the value read from the DS2432. This 8-bit CRC is received in the true form
(non-inverted) when reading the ROM.
The other CRC is a 16-bit type, generated according to the standardized CRC16-polynomial function
16
15
2
X + X + X + 1. This CRC is used for error detection with the Read Authenticated Page command,
when reading the scratchpad and for fast verification of a data transfer when writing to the scratchpad. It
is the same type of CRC as is used for error detection within the iButton Extended File Structure. In
contrast to the 8-bit CRC, the 16-bit CRC is always returned or sent in the complemented (inverted) form.
A CRC-generator inside the DS2432 chip (Figure 12) will calculate a new 16-bit CRC as shown in the
command flow chart of Figure 7. The bus master may compare the CRC value read from the device to the
one it calculates from the data and decide whether to continue with an operation or to re-read the portion
of the data with the CRC error.
With the Write Scratchpad command the CRC is generated by first clearing the CRC generator and then
shifting in the command code, the Target Addresses TA1 (with T2 to T0 set to 0) and TA2, and all data
bytes as sent by the master. The DS2432 will transmit this CRC only if the scratchpad is filled to its
capacity.
27 of 30
PRELIMINARY
DS2432
With the Read Scratchpad command the CRC is generated by first clearing the CRC generator and then
shifting in the command code, the Target Addresses TA1 and TA2, the E/S byte, and the scratchpad data,
which may have been modified by the DS2432 (see Write Scratchpad command). The DS2432 will
transmit this CRC only if the reading continues through the end of the scratchpad.
With the Read Authenticated Page command the 16-bit CRC value is the result of shifting the command
byte into the cleared CRC generator, followed by the two address bytes, the data bytes, and the FFh byte.
The CRC that follows the Message Authentication Code (MAC) results from clearing the CRC generator
and then shifting in the 160-bit MAC in the same bit sequence as the master receives it.
For more details on generating CRC values including example implementations in both hardware and
software, see the “Book of DS19xx iButton Standards”.
CRC-16 HARDWARE DESCRIPTION AND POLYNOMIAL Figure 12
Polynomial = X
st
nd
1
STAGE
X
0
X
th
8
X
10
STAGE
X
9
X
th
3
STAGE
1
th
9
STAGE
X
rd
2
STAGE
th
11
12
13
th
X
th
6
STAGE
X
14
STAGE
X
2
+X +1
4
th
13
STAGE
X
15
5
STAGE
X
th
12
STAGE
X
3
+X
th
4
STAGE
X
th
11
STAGE
10
2
16
5
th
7
STAGE
X
6
8
STAGE
X
th
th
15
STAGE
14
16
STAGE
X
15
INPUT DATA
28 of 30
7
X
16
CRC
OUTPUT
PRELIMINARY
DS2432
ABSOLUTE MAXIMUM RATINGS*
Voltage on Any Pin Relative to Ground
Operating Temperature
Storage Temperature
Soldering Temperature
-0.5V to +5.5V
-40°C to +85°C
-55°C to +125°C
See J-STD-020A specification
* This is a stress rating only and functional operation of the device at these or any other conditions above
those indicated in the operation sections of this specification is not implied. Exposure to absolute
maximum rating conditions for extended periods of time may affect reliability.
DC ELECTRICAL CHARACTERISTICS
PARAMETER
1-Wire Input High
1-Wire Input Low
1-Wire Output Low @ 4 mA
1-Wire Output High
Input Load Current
Programming Current
SYMBOL
VIH
VIL
VOL
VOH
IL
ILPROG
(VPUP =2.8V to 5.25V; -40°C to +85°C)
MIN
2.2
-0.3
TYP
MAX
TBD
0.4
VPUP
5
500
UNITS
V
V
V
V
µA
µA
CAPACITANCE
PARAMETER
1-Wire I/O
(tA = 25°C)
SYMBOL
CIN/OUT
MIN
TYP
100
ENDURANCE
PARAMETER
Write/Erase Cycles
Data Retention
MAX
800
UNITS
pF
NOTES
5
(VPUP =5.0V; TA = 25°C)
SYMBOL
NCYCLE
tDRET
MIN
50k
10
AC ELECTRICAL CHARACTERISTICS
REGULAR SPEED
PARAMETER
Time Slot
Write 1 Low Time
Write 0 Low Time
Read Low Time
Read Data Valid
Release Time
Read Data Setup
Recovery Time
Reset High Time
Reset Low Time
Presence Detect High
Presence Detect Low
Programming Time
SHA Computation Time
NOTES
1, 7
1, 8
1
1, 2
3
9
SYMBOL
tSLOT
tLOW1
tLOW0
tLOWR
tRDV
tRELEASE
tSU
tREC
tRSTH
tRSTL
tPDHIGH
tPDLOW
tPROG
tCSHA
TYP
MAX
UNITS
—
years
NOTES
(VPUP=2.8V to 5.25V; -40°C to +85°C)
MIN
60
1
60
1
0
TYP
15
15
1
480
480
15
60
1.0
29 of 30
MAX
120
15
120
15
45
1
60
240
10
2.0
UNITS
µs
µs
µs
µs
µs
µs
µs
µs
µs
µs
µs
µs
ms
ms
NOTES
10
4
6
9
PRELIMINARY
DS2432
AC ELECTRICAL CHARACTERISTICS
OVERDRIVE SPEED
PARAMETER
Time Slot
Write 1 Low Time
Write 0 Low Time
Read Low Time
Read Data Valid
Release Time
Read Data Setup
Recovery Time
Reset High Time
Reset Low Time
Presence Detect High
Presence Detect Low
Programming Time
SHA Computation Time
SYMBOL
tSLOT
tLOW1
tLOW0
tLOWR
tRDV
tRELEASE
tSU
tREC
tRSTH
tRSTL
tPDHIGH
tPDLOW
tPROG
tCSHA
(VPUP=2.8V to 5.25V; -40°C to +85°C)
MIN
6
1
6
1
0
TYP
2
1.5
1
48
48
2
8
1.0
MAX
16
2
16
2
4
1
80
6
24
10
2.0
UNITS
µs
µs
µs
µs
µs
µs
µs
µs
µs
µs
µs
µs
ms
ms
NOTES
10
4
9
NOTES:
1. All voltages are referenced to ground.
2. VPUP = external pull-up voltage.
3. Input load is to ground.
4. Read data setup time refers to the time the host must pull the 1-Wire bus low to read a bit. Data is
guaranteed to be valid within 1 µs of this falling edge.
5. Capacitance on the data pin could be 800 pF when power is first applied. If a 5 kΩ resistor is used to
pull up the data line to VPUP, 5 µs after power has been applied the parasite capacitance will not affect
normal communications.
6. The reset low time (tRSTL) should be restricted to a maximum of 960 µs, to allow interrupt signaling,
otherwise, it could mask or conceal interrupt pulses.
7. VIH is a function of the external pull-up resistor and VPUP.
8. Under certain low voltage conditions VILMAX may have to be reduced to as much as 0.5V to always
guarantee a Presence Pulse. VIL is a function of VPUP and the reset low time.
9. During write operations to the EEPROM and during the computation of Message Authentication
Codes (MAC) the voltage on the 1-Wire bus must not fall below 2.8V. The computation of a MAC
takes maximum 2.0 ms. Copying scratchpad data to the EEPROM takes max. 10 ms.
10. The optimal sampling point for the master is as close as possible to the end time of the tRDV period
without exceeding tRDV. For the case of a Read-one time slot, this maximizes the amount of time for
the pull-up resistor to recover the line to a high level. For a Read-zero time slot it ensures that a read
will occur before the fastest 1-Wire device releases the line (tRELEASE = 0).
30 of 30