SLUS696C June 2006 – February 2019
PRODUCTION DATA.
The bq26100 device contains a SHA-1 engine to generate a modified version of the FIPS 180 HMAC. The authentication uses a challenge or public message transmitted from the host and a secret key stored on the bq26100 device to generate a 160-bit hash that will be unique. The contents of the challenge are unimportant, but each challenge should be generated randomly to improve the security of the authentication.
To compute the HMAC, let H designate the SHA-1 hash function, M designate the message transmitted to the bq26100 device, and KD designate the unique 128 bit device key of the device. HMAC(M) is defined as:
where
The message, M, is appended to the device key, KD, and padded to become the input to the SHA-1 hash. The output of this first calculation is then appended to the device key, KD, padded again, and cycled through the SHA-1 hash a second time. The output is the HMAC digest value.
The secret key is stored in separate OTP available in bq26100 . The key space is split into two 64-bit spaces that can be programmed and locked at separate times, providing an opportunity to split the key between two different programming entities to ensure that no key leak can occur from a single source.