5.3.2 CheckMac Command

The CheckMac command calculates a MAC response that would have been generated on a different CryptoAuthentication™ (ATECC608B, ATECC508A, ATSHA204A) device and then compares the result with the input value. The command returns a boolean result to indicate the success or failure of the comparison.

If a value in TempKey is used as an input to the CheckMac, then a Nonce and/or GenDig command must be run prior to the CheckMac command.

Table 5-61. Input Parameters CheckMac

Opcode
(1 Byte)

Mode
(1 Byte)(2)

KeyID
(2 Bytes)

Data
(77 Bytes)(1)

Description
0x280x000x00 0[Slot]
  • 32-byte client challenge
  • 32-byte response generated by the client
  • 13 bytes other data
0x010x00 0[Slot]
  • 32 bytes ignored but must be present
  • 32-byte client response
  • 13 bytes other data
Use if TempKey.SourceFlag was random
0x050x00 0[Slot]Use if TempKey.SourceFlag was fixed
0x020x00 00
  • 32-byte client challenge
  • 32-byte client response
  • 13 bytes other data
Use if TempKey.SourceFlag was random
0x060x00 00Use if TempKey.SourceFlag was fixed
Note:
  1. OtherData[0:12] values must match the values used in the original MAC command.
  2. For modes other than 0x00, Mode[2] must match the TempKey.SourceFlag.
Table 5-62. Output Response CheckMac
NameSizeDescription
Response1 byte
  • 0x00 - If successful
  • 0x01 - If there is a mismatch
  • Error Code - If there is a failure
Table 5-63. SHA256 CheckMac Hash
# of BytesMode 0x00Mode 0x01 or 0x05Mode 0x02 or 0x06
32Key[KeyID]Key[KeyID]TempKey
32Input Client ChallengeTempKeyInput Client Challenge
4OtherData[0:3]OtherData[0:3]OtherData[0:3]
8ZerosZerosZeros
3OtherData[4:6]OtherData[4:6]OtherData[4:6]
1SN[8] = Varies by vendorSN[8] = Varies by vendorSN[8] = Varies by vendor
4OtherData[7:10]OtherData[7:10]OtherData[7:10]
2SN[0:1] = 0x01 0x23SN[0:1] = 0x01 0x23SN[0:1] = 0x01 0x23
2OtherData[11:12]OtherData[11:12]OtherData[11:12]