Diversified MAC

A diversified MAC includes the serial number of the device. The serial number will be unique for each device and therefore, will always generate a unique SHA256 digest. The MAC is always calculated over a total of 88 bytes and always creates a 32-byte SHA256 digest.

Table 1. Input Parameters - Diversified MAC

Opcode
(1 Byte)

Mode
(1 Byte)

KeyID
(2 Bytes)

Data(2)
(0-32 Bytes)

 Mode Descriptions
0x08 0x40 0x00 0[Slot] 32 bytes
  • First 32 bytes loaded from data slot
  • Second 32 bytes are taken from the input challenge
0x41 or 0x45(1) 0x00 0[Slot] 0 bytes
  • First 32 bytes loaded from data slot
  • Second 32 bytes are taken from TempKey
0x42 or 0x46(1) 0x00 00 32 bytes
  • First 32 bytes loaded with TempKey
  • Second 32 bytes are taken from the input challenge
Note:

(1) Mode[2] must match the TempKey.SourceFlag.
(2) When present, the Data parameter corresponds to the input challenge.

Table 2. Output Response - Diversified MAC
Name Size Description
Response 1 byte If the command fails
32 bytes SHA-256 digest
Table 3. Diversified MAC Calculation
# of Bytes Mode 0x40 Mode 0x41 or 0x45 Mode 0x42 or 0x46

32
32
1
1
2
11
1
4
2
2

Data Slot
Input Challenge
Opcode (0x08)
Mode
KeyID
Zeros
SN[8]0x01
SN[4:7]
SN[0:1] 0x01 0x23
SN[2:3]

Data Slot
TempKey
Opcode (0x08)
Mode
KeyID
Zeros
SN[8]  0x01
SN[4:7]
SN[0:1] 0x01 0x23
SN[2:3]

TempKey
Input Challenge
Opcode (0x08)
Mode
KeyID
Zeros
SN[8]  0x01
SN[4:7]
SN[0:1] 0x01 0x23
SN[2:3]
Parent topic: MAC Command