5.3.6.1 Non-Diversified MAC

The MAC is always calculated over a total of 88 bytes and always creates a 32-byte SHA256 digest. A non-diversified MAC does not include the serial number of the device and will therefore be the same across all devices if the input parameters are the same.

Table 5-85. Input Parameters - Non-Diversified MAC

Opcode
(1 Byte)

Mode
(1 Byte)

KeyID
(2 Bytes)

Data(2)
(0-32 Bytes)

Mode Descriptions
0x080x000x00 0[Slot]32 bytes
  • First 32 bytes loaded from data slot
  • Second 32 bytes are taken from the input challenge
0x01 or 0x05(1)0x00 0[Slot]0 bytes
  • First 32 bytes loaded from data slot
  • Second 32 bytes are taken from TempKey
0x02 or 0x06(1)0x00 0032 bytes
  • First 32 bytes loaded with TempKey
  • Second 32 bytes are taken from the input challenge
Note:

(1) Mode[2] must match the TempKey.SourceFlag.
(2) When present, the Data parameter corresponds to the input challenge.

Table 5-86. Output Response - Non-Diversified MAC
NameSizeDescription
Response1 byteIf the command fails
32 bytesSHA-256 digest
Table 5-87. Non-Diversified MAC Calculation
# of BytesMode 0x00Mode 0x01 or 0x05Mode 0x02 or 0x06

32
32
1
1
2
11
1
4
2
2

Data Slot
Input Challenge
Opcode (0x08)
Mode
KeyID
Zeros
SN[8] Varies by vendor
Zeros
SN[0:1] 0x01 0x23
Zeros

Data Slot
TempKey
Opcode (0x08)
Mode
KeyID
Zeros
SN[8] Varies by vendor
Zeros
SN[0:1] 0x01 0x23
Zeros

TempKey
Input Challenge
Opcode (0x08)
Mode
KeyID
Zeros
SN[8] Varies by vendor
Zeros
SN[0:1] 0x01 0x23
Zeros