CheckMac Command

The CheckMac command calculates a MAC response that would have been generated on a different CryptoAuthenticationâ„¢ (ATECC608A, ATECC508A, ATSHA204A) device and then compares the result with the input value. The command returns a boolean result to indicate the success or failure of the comparison.

If a value in TempKey is used as an input to the CheckMac, then a Nonce and/or GenDig command must be run prior to the CheckMac command.

Table 1. Input Parameters CheckMac

Opcode
(1 Byte)

Mode
(1 Byte)(2)

KeyID
(2 Bytes)

Data
(77 Bytes)(1)

Description
0x28 0x00 0x00 0[Slot]
  • 32-byte client challenge
  • 32-byte response generated by the client
  • 13 bytes other data
 
0x01 0x00 0[Slot]
  • 32 bytes ignored but must be present
  • 32-byte client response
  • 13 bytes other data
Use if TempKey.SourceFlag was random
0x05 0x00 0[Slot] Use if TempKey.SourceFlag was fixed
0x02 0x00 00
  • 32-byte client challenge
  • 32-byte client response
  • 13 bytes other data
Use if TempKey.SourceFlag was random
0x06 0x00 00 Use if TempKey.SourceFlag was fixed
Notes:
  1. 1.OtherData[0:12] values must match the values used in the original MAC command.
  2. 2.For modes other than 0x00, Mode[2] must match the TempKey.SourceFlag.
Table 2. Output Response CheckMac
Name Size Description
Response 1 byte
  • 0x00 - If successful
  • 0x01 - If there is a mismatch
  • Error Code - If there is a failure
Table 3. SHA256 CheckMac Hash
# of Bytes Mode 0x00 Mode 0x01 or 0x05 Mode 0x02 or 0x06
32 Key[KeyID] Key[KeyID] TempKey
32 Input Client Challenge TempKey Input Client Challenge
4 OtherData[0:3] OtherData[0:3] OtherData[0:3]
8 Zeros Zeros Zeros
3 OtherData[4:6] OtherData[4:6] OtherData[4:6]
1 SN[8] = 0x01 SN[8] = 0x01 SN[8] = 0x01
4 OtherData[7:10] OtherData[7:10] OtherData[7:10]
2 SN[0:1] = 0x01 0x23 SN[0:1] = 0x01 0x23 SN[0:1] = 0x01 0x23
2 OtherData[11:12] OtherData[11:12] OtherData[11:12]