Non-Diversified MAC

The MAC is always calculated over a total of 88 bytes and always creates a 32-byte SHA256 digest. A non-diversified MAC does not include the serial number of the device and will therefore be the same across all devices if the input parameters are the same.

Table 1. Input Parameters - Non-Diversified MAC

Opcode
(1 Byte)

Mode
(1 Byte)

KeyID
(2 Bytes)

Data(2)
(0-32 Bytes)

 Mode Descriptions
0x08 0x00 0x00 0[Slot] 32 bytes
  • First 32 bytes loaded from data slot
  • Second 32 bytes are taken from the input challenge
  0x01 or 0x05(1) 0x00 0[Slot] 0 bytes
  • First 32 bytes loaded from data slot
  • Second 32 bytes are taken from TempKey
  0x02 or 0x06(1) 0x00 00 32 bytes
  • First 32 bytes loaded with TempKey
  • Second 32 bytes are taken from the input challenge
Note:

(1) Mode[2] must match the TempKey.SourceFlag.
(2) When present, the Data parameter corresponds to the input challenge.

Table 2. Output Response - Non-Diversified MAC
Name Size Description
Response 1 byte If the command fails
32 bytes SHA-256 digest
Table 3. Non-Diversified MAC Calculation
# of Bytes Mode 0x00 Mode 0x01 or 0x05 Mode 0x02 or 0x06

32
32
1
1
2
11
1
4
2
2

Data Slot
Input Challenge
Opcode (0x08)
Mode
KeyID
Zeros
SN[8] 0x01
Zeros
SN[0:1] 0x01 0x23
Zeros

Data Slot
TempKey
Opcode (0x08)
Mode
KeyID
Zeros
SN[8] 0x01
Zeros
SN[0:1] 0x01 0x23
Zeros

TempKey
Input Challenge
Opcode (0x08)
Mode
KeyID
Zeros
SN[8] 0x01
Zeros
SN[0:1] 0x01 0x23
Zeros
Parent topic: MAC Command