PDF《应用笔记 156》

64 位ROM ID仍具有较低的 安全性. AN156

3 of

23 2.1 初始化协处理器 初始化协处理器有两个重要的步骤:安装系统鉴别密钥和安装系统签名密钥.第三步是可选的, 就是把所有的系统配置数据以文件的形式写入iButton (参见AN114).这些配置数据不是必须要保 存在协处理器iButton上,但这样做可以方便地使系统参数像协处理器一样具有便携特性.还有一 种可供选择的方法是把文件保存在磁盘驱动器上或者把参数硬编码到应用程序中. 下面的代码用于示范协处理器的初始化.每段代码都给出了详细的注释,并对所有用到的变量进 行了声明.这样,只需对其进行很少的编辑,就可以把它们应用到其它系统中. SHA 应用的必要的系统参数 图2/* The input data to be used for calculating the master authentication and signing * secrets. The calculation involves splitting the secret into blocks of

47 bytes * (32 bytes to the data page,

15 bytes to the scratchpad) and then performing the * SHA command Compute First Secret, followed by Compute Next Secret for each

47 * byte block after the first. */ byte[] inputAuthSecret, inputSignSecret;

initialize from user input /* The page to use for the signing secret must be page 8, because secret

0 is the * only secret that can be used for the SHA command Sign Data Page. For a list of * SHA commands, and wha int signPageNumber = 8;

t pages they can be used on, see the DS1963S datasheet. */ /* The authentication secret can be on any page as long as it doesn'

t collide with * the file holding coprocessor configuration information and not secret

0 */ int authPageNumber = 7;

/* The workspace page is the page the coprocessor will use for recreating a user'

s * unique authentication secret and its authentication response. */ int wspcPageNumber = 9;

/* The binding information is used to create the unique secret for each button. * bindData is written to the data page of the user token, and bindCode is written * to the scratchpad. The result of a Compute Next Secret using the system * authentication secret, the account page number, the ROM ID of the user token, the * bind data, and the bind code becomes the user'

s unique authentication secret. * This is used to initialize a user token and the coprocessor must use the same * data to recreate the user token'

s unique secret. */ byte[] bindData = new byte[32], bindCode = new byte[7]user input /* Initial signature to use when signing the certificate */ byte[] initSignature = new byte[20]user input /* Three byte challenge used when signing the certificate */ byte[] signingChlg = new byte[3]one time random calculation or user input /* Name of the account file (and file extension) to create on user tokens */ byte[] acctFilename = ( DLSM ).getBytes();

int acctFileExt = 102;

// extension for money files 一个系统还有一些其它最基本的参数存储在服务配置文件中.例如,提供者的姓名和系统的版本 号,但它们对于最小功能的借方应用来说不是必要的.可以调用 SHAiButtonCopr 构造器对协处理 器进行初始化,把这些参数作为变量赋值.至于更详细的全部参数列表,请参阅 Java 1-Wire API 的JavaDocs. AN156

4 of

23 使用 SHAiButtonCopr 初始化协处理器 图3Find the DS1963S iButton on the 1-Wire Network OneWireContainer18 coprDevice = // see '

overview'

in the JavaDocs for finding devices /* Create the new instance of SHAiButtonCopr, ready to perform transactions! */ SHAiButtonCopr copr = new SHAiButtonCopr(coprDevice, COPR.0 , true, signPageNumber, authPageNumber, wspcPageNumber, 1, 1, acctFileExt, acctFilename, Maxim , bindData, bindCode, , initSignature, signingChlg, inputSignSecret, inputAuthSecret);