5.3.6 MAC
Command
The Message Authentication Code (MAC
) command is used to generate a
SHA256 digest of a message, which consists of a key stored in the device, a challenge,
and other information on the device. The output of this command is the digest of this
message.
The normal command flow to use this command is as follows:
- Run the
Nonce
command to load input challenge and optionally combine it with a generated random number. The result of this operation is a nonce stored internally on the device. - Optionally run the
GenDig
command one or more times to combine stored EEPROM locations in the device with the nonce. The result is stored internally in the device. This capability permits two or more keys to be used as part of the response generation. - Run this
MAC
command to combine the output of step 1 (and step 2 if desired) with an EEPROM key to generate an output response (i.e., digest).
Alternatively, data in any slot (which does not have to be secret) can be accumulated into the response through the same GenDig mechanism. This has the effect of authenticating the value stored in that location.