M1 Family

ML1-12K-5E, ML1-12K-5F, MC1-18K-60, MC1-36K-61, MC1-8K-62, ML1-80K-63, ML1-80K-67, MC1-36K-68, MC1-36K-73, MC1-8K-R2, MC1-18K-R2, MC1-36K-R2, MC1-36K-R2 Dragon, ML1-20K-R2, ML1-36K-R2, ML1-8K-R2, ML1-12K-R2 on
Infineon SLE66 platform
 

Application Related Characteristics | Primitive Support  | Implementation Specific Characteristics | Codelets Available

External Characteristics

Data Item

Value

Comments

External Specification

MULTOS Version

4.2.1

 

Silicon Provider / manufacturer_id

Infineon / 0x05

 

Implementer / implementer_id

Multos International / 0x02

 

Mask / ic_type(s)

ML1-12K-5E - 0x5E, ML1-12K-5F - 0x5F, MC1-18K-60 - 0x60, MC1-36K-61 - 0x61, MC1-8K-62 - 0x62,  ML1-80K-63 - 0x63, ML1-80K-67 - 0x67, MC1-36K-68 - 0x68, MC1-8K-R2 - 0x6A, MC1-18K-R2 - 0x6B, MC1-36K-R2 - 0x6C, MC1-36K-R2 Dragon  - 0x6F, 

ML1-20K-R2 - 0x69, ML1-36K-R2 - 0x6D, ML1-8K-R2 - 0x71,  ML1-12K-R2 - 0x72, MC1-36K-73 - 0x73

 

 

Technical Data for Contact based interface

Power / External Clock

1.62V to 5.5V / 1 to 7.5 MHz

Applies to all masks

Transport Protocol

T = 0, T = 1,

Applies to all masks

FI/DI

0x01, 0x02, 0x03, 0x08, 0x11, 0x12, 0x13, 0x18, 0x32, 0x33, 0x34, 0x38, 0x92, 0x93, 0x94, 0x95, 0x96, ,0x97, 0xA3, 0xA4, 0xA5, 0xA6, 0xA7

Applies to all masks

Dual ATR

Supported

For all masks Pre-enablement ATR:

3BFF9600FFC00A31FE4D8031E06B04210502xx555555555555yy

 

For ML1-12K-5E xx = 5E, yy = 98

For ML1-36K-5F xx = 5F, yy = 99

For MC1-18K-60 xx = 60, yy = 9A

For MC1-36K-61 xx = 61, yy = 9B

For MC1-8K-62 xx = 62, yy = 9C

For ML1-80K-63 xx = 63, yy = 9D

For ML1-80K-67 xx = 67, yy = A1
For MC1-36K-68 xx = 68, yy = A2

For MC1-36K-73 xx = 73, yy = B5

For MC1-8K-R2, xx = 6A, yy = AC

For MC1-18K-R2, xx = 6B, yy = AD

For MC1-36K-R2, xx = 6C, yy = AA

For MC1-36K-R2 Dragon, xx = 6F, yy = A9

For ML1-20K-R2, xx = 69, yy = AF

For ML1-36K-R2, xx = 6D, yy = AB

For ML1-8K-R2, xx = 71, yy = B7
For ML1-12K-R2, xx = 72, yy = B4

 

PPS

Supported, max speed 447kbps @ 3.58MHz

Applies to all masks

ATR Character Convention Direct LSB (3B)

Supported

Applies to all masks

ATR Character Convention Indirect MSB (3F)

Supported

Applies to all masks

Technical Data for Contactless based interface

Transport Protocol

Type A, Type B, Mifare

Applies to all masks

Pre-enablement contactless protocol

106kB, Type A, CID supported,

Mifare enabled

Pre-enablement ATS:

3B 8F 80 01 80 31 E0 6B 84 21 05 02 xx 55 55 55 55 55 55 yy

 

For ML1-12K-5E xx = 5E, yy = C8

For ML1-36K-5F xx = 5F, yy = C9

For ML1-80K-63 xx = 63, yy = F5 

For ML1-80K-67 xx = 67, yy = F9

For ML1-20K-R2, xx = 69, yy = FF

For ML1-36K-R2, xx = 6D, yy = FB

For ML1-8K-R2, xx = 71, yy = E7
For ML1-12K-R2, xx = 72, yy = E4

 

Post-enablement contactless protocol

106kB, Type A, CID supported,

Mifare enabled

 

 

 

 

 

 

Post-enablement ATS:

3B 8F 80 01 80 31 E0 6B 84 21 05 02 xx 55 55 55 55 55 55 yy

For ML1-12K-5E xx = 5E, yy = C8

For ML1-36K-5F xx = 5F, yy = C9

For ML1-80K-63 xx = 63, yy = F5

For ML1-80K-67 xx = 67, yy = F9

For ML1-20K-R2, xx = 69, yy = FF

For ML1-36K-R2, xx = 6D, yy = FB

For ML1-8K-R2, xx = 71, yy = E7
For ML1-12K-R2, xx = 72, yy = E4

NOTE: other IO TCL configuration parameters supported via ‘X’ parameter upper most 3 bits are – X = 000: type A 106kb/s  

X = 001: type B 106kb/s

X = 010: type B 106/212/424/848 kb/s

X = 011: type A 106/212/424/848 kb/s

X = 100: type B106/212/424 kb/s

X = 101: type A 106/212/424 kb/s

X = 110: type A 106kb/s 38.5ms

X = 111: type B 106kb/s 38.5ms

 

Memory Area Sizes

ROM

152K

236K

150K

196K

96K

236K
236K
196K

196K

96K

150K

196K

196K

196K

240K
196K
196K

ML1-12K-5E

ML1-36K-5F

MC1-18K-60

MC1-36K-61

MC1-8K-62

ML1-80K-63

ML1-80K-67
MC1-36K-68

MC1-36K-73

MC1-8K-R2

MC1-18K-R2

MC1-36K-R2

MC1-36K-R2 Dragon

ML1-20K-R2

ML1-36K-R2

ML1-8K-R2
ML1-12K-R2

RAM Public

530 bytes

Applies to all masks

RAM Dynamic

960bytes

Applies to all masks

EEPROM Total

Variable

12k on ML1-12K-5E, 36k on ML1-36K-5F,18k on MC1-18K-60, 36k on MC1-36K-61, 8k on MC1-8K-62, 78K on ML1-80K-63, 78k on ML1-80K-67, 36k on MC1-36K-68, 36k on MC1-36K-73, 8k on MC1-8K-R2, 18k on MC1-18K-R2,36k on MC1-36K-R2, 36k on MC1-36K-R2 Dragon, 20k on ML1-20K-R2, 36K on ML1-36K-R2, 8k on ML1-8K-R2, and 12k on ML1-12K-R2

 

       

 

EEPROM available for applications

variable

The maximum single application’s code + dir rec + fci rec size (including application overhead) is 31.5K and maximum single application’s static size is 64K

 

In addition to the above restrictions, any application with the total application size larger than 7F00h must use "memory copy/fill additional static" primitives to access the additional static data located above 7EFFh. ST[0] for such application only indicates the last static byte located in the normal Static area. It does not indicate the end of Static area, “Get Static Size” primitive must be used to work out the end of Static area.

 

For each product, the total EEPROM available for all applications is as follows:
7.1k on ML1-12K-5E with AMD 0096v005,
31.22k on ML1-36K-5F with AMD 0096v004,
31.1k on ML1-36K-5F with AMD 0096v005,
13.22k on MC1-18K-60 with AMD 0096v004,
13.1k on MC1-18K-60 with AMD 0096v005,
31.22k on MC1-36K-61 with AMD 0096v004,
31.1k on MC1-36K-61 with AMD 0096v005,
3.22k on MC1-8K-62 with AMD 0096v004,
3.1k on MC1-8K-62 with AMD 0096v005,
73.22K on ML1-80K-63 with AMD 0096v004,
73.1K on ML1-80K-63 with AMD 0096v005,
73.1k on ML1-80K-67 with AMD 0096v005,
31.1k on MC1-36K-68 with AMD 0096v005,
31.1k on MC1-36K-73 with AMD 0096v005,
5.34k on MC1-8K-R2 with AMD 0109v001,

4.66k on MC1-8K-R2 with AMD 0114v001,
4.4k on MC1-8K-R2 with AMD 0114v002,
15.34k on MC1-18K-R2 with AMD 0109v001,
14.66k on MC1-18K-R2 with AMD 0114v001,
14.4k on MC1-18K-R2 with AMD 0114v002,
14.03k on MC1-18K-R2 with AMD 0127v001,

33.34k on MC1-36K-R2 with AMD 0109v001,
32.66k on MC1-36K-R2 with AMD 0114v001,
32.4k on MC1-36K-R2 with AMD 0114v002,
32.03k on MC1-36K-R2 with AMD 0127v001,

33.34k on MC1-36K-R2 Dragon with AMD 0109v001,
32.66k on MC1-36K-R2 Dragon with AMD 0114v001,
32.4k on MC1-36K-R2 Dragon with AMD 0114v002,
14.66k on ML1-20K-R2 with AMD 0114v001,

14.4k on ML1-20K-R2 with AMD 0114v002,
14.28k on ML1-20K-R2 with AMD 0114v003,

14.22k on ML1-20K-R2 with AMD 0130v001,
30.66K on ML1-36K-R2 with AMD 0114v001,
30.4k on ML1-20K-R2 with AMD 0114v002,
30.28k on ML1-20K-R2 with AMD 0114v003,

6.66k on ML1-8K-R2 with AMD 0114v001,
6.4k on ML1-20K-R2 with AMD 0114v002,
10.66k on ML1-12K-R2 with AMD 0114v001

10.4k on ML1-20K-R2 with AMD 0114v002,
10.28k on ML1-20K-R2 with AMD 0114v003,

 

 

Application Related Characteristics

Data Item

Value

Comments

Application EEPROM Loading Requirements

Application Header

229 bytes

Applies to all masks

Total temporary space per protected ALU

128 bytes

This represents the maximum size. Applies to all masks

Total temporary space per confidential ALU

256 bytes

This represents the maximum size. Applies to all masks

MULTOS Application Function

Static logical page size with Transaction Protection on

32 bytes

Applies to all masks

Maximum write size in logical pages with Transaction Protection on

at least 9 pages

Limited by available EEPROM. Applies to all masks

Physical Static page size (of underlying chip) 64 bytes The start of Static (SB) is aligned to a physical page for all masks.

Maximum ATR File record size

32 bytes

Applies to all masks

Maximum ATR Historical Byte record size

15 bytes

Applies to all masks

Maximum DIR File record size

255 bytes

Applies to all masks

Maximum FCI record size

255 bytes

Applies to all masks

Maximum inbound TPDU size

260 bytes

Applies to all masks

Maximum outbound TPDU size

261 bytes

Applies to all masks

Maximum delegation nest count

Limited by available EEPROM

Applies to all masks

Maximum application history list entries

Limited by available EEPROM

Applies to all masks

Retry Counters

Set MSM Controls

32

Test cards set to 255. Applies to all masks

Create MEL Application

32

Test cards set to 255. Applies to all masks

Delete MEL Application

32

Test cards set to 255. Applies to all masks

Key Lengths

KCK Public Key length

128 bytes

Applies to all masks

Permitted Application Provider Public Key lengths

32 to 128 bytes

KMA accepts APPK lengths between 72 and 128 bytes inclusive. Applies to all masks

MULTOS TKCK length

128 bytes

Maximum size. Applies to all masks.

 

Primitive Support

The primitives listed here are those that were included in the target specification. The list applies to all masks unless otherwise noted.

Primitive

Supported

Optional / Mandatory

Add BCDN

Yes – on ML1-12K-5E, MC1-36K-61, ML1-36K-5F and ML1-80K-63, ML1-80K-67, MC1-36K-68, MC1-36K-73, MC1-36K-R2, MC1-36K-R2 Dragon, ML1-20K-R2, ML1-36K-R2, ML1-8K-R2, ML1-12K-R2

Optional

Bit Manipulate Byte

Yes

 

Bit Manipulate Word

Yes

 

Call Codelet

Yes

 

Call Extension 0, 1, 2, 3, 4, 5, 6

Yes

 

Card Block

Yes

 

Check Case

Yes

 

Checksum

Yes

 

Configure Read Binary

Yes – on ML1-36K-5F, ML1-80K-63, ML1-80K-67, MC1-36K-68, MC1-36K-73, ML1-36K-R2

Optional

Configure Security Checks

Yes – on ML1-12K-5E, ML1-36K-5F, ML1-80K-63, ML1-80K-67, MC1-36K-73, MC1-36K-68, MC1-36K-R2, MC1-36K-R2 Dragon, ML1-20K-R2, ML1-36K-R2, ML1-8K-R2, ML1-12K-R2

Optional

Control Auto Reset WWT

Yes

 

Convert BCDN

Yes – on ML1-12K-5E, MC1-36K-61, ML1-36K-5F, ML1-80K-63, ML1-80K-67, MC1-36K-68, MC1-36K-73, MC1-36K-R2, MC1-36K-R2 Dragon, ML1-20K-R2, ML1-36K-R2, ML1-8K-R2, ML1-12K-R2

Optional

Delegate

Yes

 

DES ECB Decipher

Yes

 

DES ECB Encipher

Yes

 

DivideN

Yes

 

ECC Addition

No

Optional

ECC Convert Representation

No

Optional

ECC Equality Test

No

Optional

ECC Inverse

No

Optional

ECC Scalar Multiplication

No

Optional

ECC Verify Point

No

Optional

Exchange Data

Yes – on ML1-12K-5E, ML1-36K-5F, ML1-80K-63, ML1-80K-67, ML1-20K-R2, ML1-36K-R2, ML1-8K-R2, and ML1-12K-R2

Optional

Exit to MULTOS and Restart

Yes - on MC1-36K-61, ML1-36K-5F, ML1-80K-63, ML1-80K-67, MC1-36K-68, MC1-36K-73, MC1-36K-R2, MC1-36K-R2 Dragon and ML1-36K-R2

Optional

Generate Asymmetric Hash General

Yes

 

Generate Asymmetric Signature General

No

Optional

Generate DES CBC Signature

Yes

 

Generate Random Prime

Yes - on MC1-36K-61, ML1-36K-5F, ML1-80K-63, ML1-80K-67, MC1-36K-68, MC1-36K-73, MC1-36K-R2, MC1-36K-R2 Dragon and ML1-36K-R2

Optional

Generate Triple DES CBC Signature

Yes

 

Get Data

Yes

 

Get Delegator AID

Yes

 

Get DIR File Record

Yes

 

Get File Control Information

Yes

 

Get Manufacturer Data

Yes

 

Get Memory Reliability

Yes

 

Get MULTOS Data

Yes

 

Get Purse Type

Yes

 

Get Random Number

Yes

 

Get Static Size

Yes - on MC1-36K-61, ML1-36K-5F, ML1-80K-63, ML1-80K-67, MC1-36K-68, MC1-36K-73, MC1-36K-R2, MC1-36K-R2 Dragon and ML1-36K-R2

Optional

Load CCR

Yes

 

Lookup

Yes

 

Memory Compare

Yes

 

Memory Compare Fixed Length

Yes

 

Memory Copy

Yes

 

Memory Copy Additional Static

Yes - on MC1-36K-61, ML1-36K-5F, ML1-80K-63, ML1-80K-67, MC1-36K-68, MC1-36K-73, MC1-36K-R2, MC1-36K-R2 Dragon and ML1-36K-R2

Optional

Memory Copy Fill Additional Static

Yes - on MC1-36K-61, ML1-36K-5F, ML1-80K-63, ML1-80K-67, MC1-36K-68, MC1-36K-73, MC1-36K-R2, MC1-36K-R2 Dragon and ML1-36K-R2

Optional

Memory Copy Fixed Length

Yes

 

Modular Exponentiation

Yes

 

Modular Exponentiation CRT

Yes

 

Modular Exponentiation CRT Protected

Yes

Optional

Modular Inverse

No

Optional

Modular Multiplication

Yes - on MC1-36K-61, ML1-36K-5F, ML1-80K-63, ML1-80K-67, MC1-36K-68, MC1-36K-73, MC1-36K-R2, MC1-36K-R2 Dragon and ML1-36K-R2

Optional

Modular Reduction

Yes - on MC1-36K-61, ML1-36K-5F, ML1-80K-63, ML1-80K-67, MC1-36K-68, MC1-36K-73, MC1-36K-R2, MC1-36K-R2 Dragon and ML1-36K-R2

Optional

MultiplyN

Yes

 

Process Proprietary Extension Primitives (0-6)

Yes – on ML1-12K-5E, ML1-36K-5F, MC1-36K-61, ML1-80K-63, ML1-80K-67, MC1-36K-68, MC1-36K-73, MC1-36K-R2, MC1-36K-R2 Dragon, ML1-20K-R2, ML1-36K-R2, ML1-8K-R2, ML1-12K R2

Extension used is 2

Platform Optimized Checksum

Yes – on ML1-12K-5E, MC1-36K-61, ML1-36K-5F, ML1-80K-63, ML1-80K-67, MC1-36K-68, MC1-36K-73, MC1-36K-R2, MC1-36K-R2 Dragon, ML1-20K-R2, ML1-36K-R2, ML1-8K-R2, ML1-12K-R2

Optional

Query Channel

Yes

Optional

Query Codelet

Yes

 

Query Interface Type

Yes

 

Query0, Query1, Query2, Query3

Yes

 

Reset Session Data

Yes

 

Reset WWT

Yes

 

Return from Codelet

Yes

 

SEED ECB Decipher

Yes - on MC1-36K-61, ML1-36K-5F, ML1-80K-63, ML1-80K-67, MC1-36K-68, MC1-36K-73, MC1-36K-R2, MC1-36K-R2 Dragon and ML1-36K-R2

 

SEED ECB Encipher

Yes - on MC1-36K-61, ML1-36K-5F, ML1-80K-63, ML1-80K-67, MC1-36K-68, MC1-36K-73, MC1-36K-R2, MC1-36K-R2 Dragon and ML1-36K-R2

 

Set AFI

Yes

Optional

Set ATR File Record

Yes

 

Set ATR Historical Characters

Yes

 

Set ATS Historical Characters

Yes

Optional

Set FCI Record

Yes

 

Set Select SW

Yes

 

Set Transaction Protection

Yes

 

SHA-1

Yes

 

Shift Left

Yes

 

Shift Right

Yes

 

Store CCR

Yes

 

Subtract BCDN

Yes – on ML1-12K-5E, MC1-36K-61, ML1-36K-5F, ML1-80K-63, ML1-80K-67, MC1-36K-68, MC1-36K-73, MC1-36K-R2, MC1-36K-R2 Dragon, ML1-20K-R2, ML1-36K-R2, ML1-8K-R2, ML1-12K-R2

Optional

Verify Asymmetric And Retrieve General

No

Optional

 

 

Implementation Specific Characteristics

Zero Block Size

The following instructions and primitives have the block size specified in the code (as opposed to being run-time data). The following table shows how each will perform if a zero block size is specified.

 

Type

Instruction / Primitive

Operation

Instruction

LOAD, STORE, LOADI, STOREI

no operation

CLEARN

no operation

TESTN, INCN, DECN, NOTN

Z = 1

CMPN, ADDN, SUBN

C = 0, Z = 1

ANDN, ORN, XORN

Z = 1

Primitive

MultiplyN

Z = 1

DivideN

C = 1, Z = unchanged

ShiftLeft, ShiftRight

C = 0, Z = 1

GetDIRFileRecord
GetFileControlInformation

One byte set to zero pushed onto stack,

If the application specified does not exist, C = 1, Z = 1

If the application specified exists, C = 0, Z = 0

GetManufacturerData
GetMULTOSData
GetPurseType

One byte set to zero pushed onto stack, C = 0

Undefined: implementation specific handling

Undefined: implementation specific handling

MemoryCompareFixedLength

DT’ = DT - 4, C = 0, Z = 1

MemoryCopyFixedLength

DT’ = DT – 4

 

AddBCDN / SubBCDN

Max operand length = 6bytes

 

 

Maximum Number of Pages Permitted in a Single Write

The maximum number of pages is at least nine when transaction protection is used. It is possible to write more than nine pages if there is free EEPROM. Note that if an attempt is made to write more than 9 pages and if there is insufficient free EEPROM, then an abnormal end to processing to will occur.

 

Condition Code Register

This implementation does support signed arithmetic. The N and V flags are present in the CCR, and they may be changed by some instructions. However, signed arithmetic is not guaranteed and should be avoided. They may be used by an application using the Load CCR and Store CCR primitives, but this may affect the portability of the application.

 

Supported Modulus Lengths of Cryptographic Primitives

All values given are in bytes.

 

Primitive

Lengths supported

Modular Exponentiation, public exponent not 3

Greater than 0, but less then or equal to 256 bytes

Modular Exponentiation, public exponent of 3

Greater than 0, but less then or equal to 256 bytes

Modular Exponentiation CRT

Between 2 and 256 bytes inclusive

 

 

Modular Multiplication

Greater than 0, but less then or equal to 256 bytes

Modular Reduction

Greater than 0, but less then or equal to 256 bytes

Generate Random Prime

Prime must be > 5 bytes and less than or equal to 128 bytes

RSA key pair Generation

Modulus size must be less than or equal to 256 bytes

 

Confidential Application

A confidential application > 64k which requires area at an offset beyond 64K into the ALU needs to be encrypted then the area must start at an offset < 64K and area length can be increased to cover the required areas. This restriction is due the area start item in the KTU area descriptors is specified to be a word value by the MULTOS specification.

 


Important Remarks

This section contains important remarks about the Primitives and IFD commands of this implementation. Applies to all masks.

 

Functionality

Operation

Automated sending of Work  Wait Time extension

The chip returns WWT extension request bytes when 80% of the WWT has expired when operating in contact mode. In contactless mode, the WWT extension will be sent between 2 and 10 ms before the expiry.

Bit Manipulate Byte

Bit Manipulate Word

Bits 6 to 2 of b2 are ignored. That is, the primitives return the expected result regardless of the value of bits 6 to 2 of b2.

Checksum

If the checksummed area includes the parameters (the top four bytes of Dynamic), the checksum will be correctly calculated.

Default Application

This version 4.21 functionality is supported

DivideN

The length of each operand must not be greater than 128 bytes

Exchange Data

This primitive only support Mifare channel (channel number of 1). Access to channels other than 1 will cause abend.

 

Return Mifare  status code :

00H - Operation completed without errors

01H - invalid operation

02H - invalid block number

43H - Password check failed

60H - Programming error

63H - Wrong Block Index

D0H - Mifare Disabled

FFH - access prohibited (The accessed Mifare sector is disabled)

 

Generate Asymmetric Hash General

If b2 (mode) takes an unsupported value, this primitive performs no operation. In particular, no bytes are popped from the stack.

 

This primitive supports a hash modulus length of 72 bytes in conjunction with a 16-byte hash digest or a 128-bytet modulus with a hash chain length of 20 bytes.

Generate Random Prime

To avoid abend:

 

  • Timeout must be 0
  • RgMax must be greater than RgMin
  • Prime length must be greater than 5 and less than or equal to 128 bytes
  • Flag must be 0x00 or 0x80 only
  • Conf must be 80

 

Note: Conf = 80 ensures probability of prime being composite is <= 2-80

If suitable prime is not found function does not return (abend)

Get Manufacturer Data

Get MULTOS Data

Get Purse Type

If the destination is stack top, the last byte of retrieved data will be overwritten by the length of data retrieved. That is, the number of bytes copied is always returned on the stack regardless of the destination segment address.

 

 

Get Memory Reliability

MULTOS 4 always indicates memory is reliable: C = 0, Z = 0.

Lookup

If the target value appears more than once in the list, the location of the first is reported. The list need not be sorted. If the target value is not found, it is left unchanged on the stack.

Modular Exponentiation

The least significant bit of the modulus must be 1.

The exponent length and value must be greater than 0.

The modulus length must be greater than 0 and less than or equal to 256 bytes.

The modulus must not contain any full byte zeros at the most significant end.

Modulus Length must be >= Exponent Length

If Modulus Length is > 128 bytes then Exponent Length must not be > 4 bytes

If any of the conditions above are not met, an abnormal end will occur.

 

Modular Exponentiation CRT

The modulus length must be greater than 0, but not greater than 256 bytes. The length must also be an even number. 

The length of each item must be modulus length divided by 2.

The most significant byte of primes p and q must not be 0.

The least significant bits of the primes p and q must be 1.

X (in calculation Y=XdmodN) must not be equal to 0.

If any of these conditions are not met, an abnormal end to processing will occur.

X (in calculation Y=XdmodN) must not be equal to 1.

If the above condition is not met, undefined results will occur.

Modular Multiplication

The modulus length must be greater than 0 and less than or equal to 256 bytes. Note this length does not include any leading zero bytes.

Modular Reduction

The modulus length must be greater than 0 and less than or equal to 256 bytes.

The data length must be equal to or greater than the modulus length.

The modulus must not have any leading zero bytes.

If any of these conditions are not met, an abnormal end will occur.

MultiplyN

The length of each operand must not be greater than 128 bytes

Proprietary Primitive Extension

There are five such primitives. They are:

 

  • Query (proprietary) primitive type (on ML1-12K-5E, MC1-36K-61, ML1-36K-5F, ML1-80K-63, ML1-80K-67, MC1-36K-68, MC1-36K-73, MC1-36K-R2, MC1-36K-R2 Dragon, ML1-20K-R2, ML1-36K-R2, ML1-8K-R2, ML1-12K-R2 only)
  • Precise Biometrics match-on-card fingerprint verification algorithm (on MC1-36K-61, ML1-36K-5F, ML1-80K-63, ML1-80K-67, MC1-36K-68, MC1-36K-73, MC1-36K-R2, MC1-36K-R2 Dragon and ML1-36K-R2 only)
  • RSA key pair generation for keys up to 2048-bit (on MC1-36K-61, ML1-36K-5F, ML1-80K-63, ML1-80K-67, MC1-36K-68, MC1-36K-73, MC1-36K-R2, MC1-36K-R2 Dragon and ML1-36K-R2 only)
  • 128-bit KSA SEED algorithm encrypt / decrypt (on MC1-36K-61, ML1-36K-5F, ML1-80K-63, ML1-80K-67, MC1-36K-68, MC1-36K-73, MC1-36K-R2, MC1-36K-R2 Dragon and ML1-36K-R2 only)
  • Platform optimised fast checksum (on ML1-12K-5E, MC1-36K-61, ML1-36K-5F, ML1-80K-63, ML1-80K-67, MC1-36K-68, MC1-36K-73, MC1-36K-R2, MC1-36K-R2 Dragon and ML1-36K-R2 only)

 

Note:

  1. the Query function sets CCR Z = 1 if the proprietary primitive is supported, otherwise CCR Z = 0

 

RSA Key Pair Generation (proprietary)

Two optional key generation algorithms are supported

  • Infineon version – random prime search with increment by 2 search algorithm used. This is same as for previous Keycorp Multos versions (enabled by default by AMD 0096v004).
  • FIPS140-2 X9.31 compliant version (This may be enabled in future AMDs).

To avoid abend:

  • Key length must be less than or equal to 256 bytes
  • Key length must be even
  • Key length must be greater than or equal to the Public Exponent length
  • Modulus length must be equal to the key length or be equal to 0. Note that if modulus length is 0 then N is not returned
  • Note: if public exponent provided is not invertible over (p-1)*(q-1) then CCR.C is set to 1 to indicate failure, otherwise CCR.C is set to 0 to indicate success.
  • In case of failure, the application should try again

In both versions modulus N generated has msbit = 1.

Set Transaction Protection

Bits 7 to 2 of b2 are ignored. That is, the primitive returns the expected result regardless of the value of bits 7 to 2 of b2.

Infineon chips copy the source data to a temporary store and any updates are made to the source data. In the case of a rollback, the copy of the original source data is written to the source.

Shift Left and Shift Right

  • With b2 > 0, if b3 = 0, C= 0 and Z is set appropriately.
    The output block is equal to the input block (the input block is not changed).
  • With b2 > 0, if b3 > 8 * b2, C = 0 and Z = 1.
    The output block is zero.

Responses to unsupported commands

When a command with an unsupported CLA or INS byte is received, the following responses will be returned:
When Master File selected : 6D00 will be returned as SW1 and SW2.

When the  DIR or ATR file selected : For those unsupported INS values when CLA byte is set to  00 command is sent,  6D00 shall be returned. For all other combinations of unsupported CLA or INS bytes, 6E00 shall be returned. Notably, this includes the situation where the CLA byte to 0xBE is sent with an unsupported INS byte value

Functionallity included from MULTOS v4.3

  • Modular Exponentiation CRT Protected

 

 

 

 

 

  • Convert BCD
  • Platform optimised fast checksum
  • Exit to MULTOS and Restart

 

 

  • Modulus length between 2 and 256 b supported. In addition to the conditions of Modular Exponentiation CRT primitive, Modular Exponentiation CRT Protected primitive also has the following conditions: When the keys are encrypted or decrypted, it is required that the keys are stored with dpdq and pqu in contiguous memory.

 

  • Max operand length = 6 bytes.

 

 

Checksum primitive

When running in TCL ResetWWT primitive must be called before calling Checksum primitive. If the checksum is to be done over large blocks, then the block must be broken into blocks of maximum length 0x7500, with each call preceded by a call to ResetWWT.

 

Codelets Available

Click here for a table of codelets available.