5.2.4.1 Verify - External Public Key Mode

The Verify command may be used to verify a message generated externally to the ATECC608A-TNGLoRaWAN with a public key that is passed to the command. The output of the command will either be a code indicating success, failure or error or a 32-byte MAC. Prior to this command being run, the message should be written using the Nonce command in Fixed mode to either TempKey or the Message Digest Buffer. In this mode, the device merely accelerates the public key computation and returns a boolean result.

Procedure to Verify a Message with an External Public Key

  1. Write the 32-byte digest of the message to either the TempKey or Message Digest Buffer using the Nonce command in Fixed mode.
  2. Optional: System Nonce - Nonce generated by the system.
    1. If the external message digest is stored in TempKey, the nonce generated by the system must be stored in the lower 32 bytes of the Message Digest Buffer.
    2. If the external message is stored in the MessageDigestBuffer[31:0], then the System Nonce must be stored in the upper 32 bytes of the MessageDigest Buffer[63:32]. To do this, the external message and nonce value should be written as a 64-byte value.
  3. Issue the Verify command. Include the Mode, KeyID, which specifies the P256 ECC Curve, the 64-byte signature and the 64-byte external public key.
  4. The output will return:
    1. One byte success, fail or error code if MAC is not required.
    2. A 32-byte MAC if specified by the mode.
Table 5-50. Command Parameters

Opcode
(1 Byte)

Mode
(1 Byte)

Key ID
(2 Bytes)

Data Field (128 Bytes)Comment

Signature
(64 Bytes)

Public Key
(64 Bytes)

0x450x020x00 04

R value
S value

X value
Y value

Message stored in TempKey
0x220x00 04

R value
S value

X value
Y value

Message stored in Message Digest Buffer
0xA20x00 04

R value
S value

X value
Y value

  • Message stored in TempKey
  • System Nonce stored in MDB[31:0]
  • Validation MAC is returned
0x820x00 04

R value
S value

X value
Y value

  • Message stored in Message Digest Buffer
  • System Nonce stored in MDB[63:32]
  • Validation MAC is returned
Table 5-51. Output Response - Verify External
NameModeSizeResponse
Response0x02 or 0x221 byte
  • 0x00 - If signature is verified
  • 0x01 - If signature does not match
  • Error code - If there is a failure due to some other reason
0x82 or 0xA21 byte or 32 bytes
  • Validation MAC - If signature is verified
  • 0x01 - If signature does not match
  • Error code - If there is a failure due to some other reason
Table 5-52. Validation MAC - Verify External

Size
(Bytes)

Message in TempKeyMessage in Message Digest Buffer
32Contents of the IO protection keyContents of the IO protection key
32Message stored in TempKeyMessage stored in the first 32 bytes of the Message Digest Buffer
32System Nonce stored in the first 32 bytes of the Message Digest BufferSystem Nonce stored in the second 32 bytes of the Message Digest Buffer
32R Data of the passed signatureR Data of the passed signature
32S Data of the passed signatureS Data of the passed signature
1OpcodeOpcode
1ModeMode
2Param2 [LSB,MSB]Param2 [LSB,MSB]