5.1.4.1 Nonce - Random

When the Nonce command is run in Random mode, it generates a new nonce based on the input values shown in the tables below. If Param2 is 0x00 00, then a new random number is generated based on the internal RNG. If Param2 is 0x80 00, a value stored in TempKey is used to generate a new nonce instead and the random number generator is not run. TempKey must be valid prior to running the Nonce command in this case. Upon completion, the TempKey.SourceFlag is set to Rand.

It is recommended that the 20 bytes of data sent to the device be generated from a random source to prevent replay attacks.

Table 5-12. Random Nonce Input Parameters
OpcodeModeParam2DataDescription
0x16

0x00 or 0x01

0x00 0020 bytes
  • 32 bytes written to TempKey
  • Output is from the RNG
  • SHA256 digest includes the random number

0x00 or 0x01

0x80 0020 bytes
  • 32 bytes written to TempKey
  • Output is the SHA256 Hash value
  • SHA256 digest includes the TempKey
Table 5-13. Random Nonce Output Response
NameInput Param2SizeDescription
Response0x00 0032 bytesRandom number
0x80 0032 bytesNew TempKey value
Note:
  1. TempKey.SourceFlag set to ‘0’ on successful completion of the command indicating the nonce value was random source.
  2. TempKey.Valid set to ‘1’ on success.
Table 5-14. Nonce SHA256 HASH Calculation
# of BytesInput Data Param2 = 0x00 00Input Data Param2 = 0x80 00
32RandOut from random number generatorTempKey value from previous command
20NumIn from input streamNumIn from input stream
1Opcode (always 0x16)Opcode (always 0x16)
1Mode (0x00 or 0x01)Mode (0x00 or 0x01)
1LSB of Param2 (always 0x00)LSB of Param2 (always 0x00)