Nonce - Random

When the Nonce command is run in Random mode, it generates a new nonce based on the input values shown in the tables below. If Param2 is 0x00 00, then a new random number is generated based on the internal RNG. If Param2 is 0x80 00, a value stored in TempKey is used to generate a new nonce instead and the random number generator is not run. TempKey must be valid prior to running the Nonce command in this case. Upon completion, the TempKey.SourceFlag is set to Rand.

It is recommended that the 20 bytes of data sent to the device be generated from a random source to prevent replay attacks.

Table 1. Random Nonce Input Parameters
Opcode Mode Param2 Data Description
0x16

0x00 or 0x01

 0x00 00 20 bytes
  • 32 bytes written to TempKey
  • Output is from the RNG
  • SHA256 digest includes the random number

0x00 or 0x01

 0x80 00 20 bytes
  • 32 bytes written to TempKey
  • Output is the SHA256 Hash value
  • SHA256 digest includes the TempKey
Table 2. Random Nonce Output Response
Name Input Param2 Size Description
Response 0x00 00 32 bytes Random number
0x80 00 32 bytes New TempKey value
Notes:
  1. 1.TempKey.SourceFlag set to ‘0’ on successful completion of the command indicating the nonce value was random source.
  2. 2.TempKey.Valid set to ‘1’ on success.
Table 3. Nonce SHA256 HASH Calculation
# of Bytes Input Data Param2 = 0x00 00 Input Data Param2 = 0x80 00
32 RandOut from random number generator TempKey value from previous command
20 NumIn from input stream NumIn from input stream
1 Opcode (always 0x16) Opcode (always 0x16)
1 Mode (0x00 or 0x01) Mode (0x00 or 0x01)
1 LSB of Param2 (always 0x00) LSB of Param2 (always 0x00)
Parent topic: Nonce Command