DeriveKey Command

The device combines the current value of a key with the nonce stored in TempKey using SHA-256 and places the result into the target key slot. Specific bits of the Slot Configurations affect the way this command works.

SlotConfig[TargetKey].Bit13 must be set or DeriveKey will return an error.
DeriveKey always returns an error if KeyConfig indicates that the slot contains an ECC private key, if the Configuration zone has not been locked, or if the TargetKey slot is individually locked using SlotLocked.
SlotConfig[TargetKey].Bit 12
- 0: The source key that will be combined with TempKey is the target key as specified in the command line (Roll Key operation)
- 1: The source key is the parent key of the target key, which is found in SlotConfig[TargetKey].WriteKey (Create Key operation).
If SlotConfig[TargetKey].Bit15 is set, an input MAC must be present and have been computed as follows:
- SHA-256(ParentKey, Opcode, Param1, Param2, SN[8], SN[0:1]) 
  where the ParentKey ID is always SlotConfig[TargetKey].WriteKey.
If performing a Roll Key operation and KeyConfig[TargetKey].ReqAuth is one, then the appropriate authorization must have been performed using KeyConfig[TargetKey].AuthKey prior to the execution of DeriveKey. If performing a Create Key operation and KeyConfig[ParentKey].ReqAuth is one, then the appropriate authorization must have been performed using KeyConfig[ParentKey].AuthKey prior to the execution of DeriveKey.

Prior to execution of this command, the Nonce command must have been run to create a valid nonce in TempKey. If KeyConfig.ReqRandom is one for the source key, this nonce must have been created with the internal RNG or an error will be returned. In all cases, Mode[2] must match the state of TempKey.SourceFlag or the command will return an error.

If performing a Roll Key operation and KeyConfig[TargetKey].ReqAuth is one, then the appropriate authorization must have been performed using KeyConfig[TargetKey].AuthKey prior to the execution of DeriveKey. If performing a Create Key operation and KeyConfig[ParentKey].ReqAuth is one, then the appropriate authorization must have been performed using KeyConfig[ParentKey].AuthKey prior to the execution of DeriveKey.

If an input MAC is required and KeyConfig[ParentKey].ReqAuth is one, then the appropriate authorization must have been performed using KeyConfig[ParentKey].AuthKey prior to the execution of DeriveKey.

If a parent key is involved in the operation (either SlotConfig[TargetKey].Bit12 or SlotConfig[TargetKey].Bit15 are set) and SlotConfig[ParentKey].LimitedUse is also set, DeriveKey returns an error if Counter[0] has reached its limit. DeriveKey always ignores LimitedUse for the target key.

Warning: If the source and target key are the same, then there is a risk of permanent loss of the key value if power is interrupted during the write operation. If the Configuration bits permit it, then the key value may be recovered using an authenticated and encrypted write based on the parent key.

For the ATECC608A-TNGLoRaWAN, the DeriveKey command can be run on Slot 0. Slot 13 is the parent key used for the key derivation and an authorizing MAC is always required.

Table 1. Input Parameters DeriveKey
Opcode (1 Byte)	Mode (1 Byte)	TargetKey (2 Bytes)	Data (0 or 32 Bytes)	Description
0x1C	0x00	0x00 0[Slot]	Optional MAC data	Use if TempKey Source was Random
0x1C	0x04	0x00 0[Slot]	Optional MAC data	Use if TempKey Source was fixed

Table 2. Output Response DeriveKey
Name	Size	Notes
Response	1 Byte	0x00 - If successful Error code if there is a failure

The key written to the target slot is the result of SHA-256 of the following message:

Table 3. Generated Key from DeriveKey
# of Bytes	SlotConfig[12]=0	SlotConfig[12]=1
32	TargetKey	ParentKey
1	OpCode = `0x1C`	OpCode = `0x1C`
1	Mode	Mode
2	TargetKey	TargetKey
1	SN[8] = Varies by vendor	SN[8] = Varies by vendor
2	SN[0:1] = 0x01 0x23	SN[0:1] = 0x01 0x23
25	Zeros	Zeros
32	TempKey.Value	TempKey.Value

The data flow for this command is illustrated in Figure 1.

Figure 1. Data Flow for DeriveKey Command