M3 Generic

ML3-36K-R1 / ML3-36K-R1 Jade / MC3-36K-R1 / MC3-36K-R1 Jade / ML3-80K-R1 TSK /  MC3-36K-R1 HK UAT / MC3-36K-R1 HK on
SLE78CLXxxxxPM / SLE78CXxxxxP

Application Related Characteristics | Primitive Support  | Implementation Specific Characteristics | Codelets Available

 

External Characteristics

 

Data Item

Value

Comments

External Specification

MULTOS Version

4.31

 

Silicon Provider / manufacturer_id

Infineon / 0x05

 

Implementer / implementer_id

Multos International / 0x02

 

Mask / ic_type(s)

0x77, 0x7D, 0x7F, 0xC0, 0xC1, 0xC2, 0xD7

 

MULTOS Type Approval Status

Received

 

CAST Certificate Status

N/A

 

Technical Data for Contact based interface

Power / External Clock

1.62V to 5.5V / 1 to 7.5 MHz

Applies to all masks

Transport Protocol

T = 0, T = 1,

Applies to all masks

FI/DI

0x01, 0x02, 0x03, 0x08, 0x11, 0x12, 0x13, 0x18, 0x32, 0x33, 0x34, 0x38, 0x92, 0x93, 0x94, 0x95, 0x96, ,0x97, 0xA3, 0xA4, 0xA5, 0xA6, 0xA8

Applies to all masks

Dual ATR

Supported

Pre-enablement ATR:

3B FF 96 00 FF C0 0A 31 FE 4D 80 31 E0 6B 04 31 05 02 xx 55 55 55 55 55 55 yy

 

For ML3-36K-R1 xx = 77, yy = A1

For MC3-36K-R1 xx = 7D, yy = AB

For ML3-36K-R1 Jade xx = 7F, yy = A9

For MC3-36K-R1 Jade xx = C0, yy = 16

For ML3-80K-R1 TSK xx = C1, yy = 17

For ML3-36K-R1 HK UAT xx = C2, yy = 14

For ML3-36K-R1 HK xx = D7, yy = 01

PPS

Supported, max speed 447kbps @ 3.58MHz

Applies to all masks

ATR Character Convention Direct LSB (3B)

Supported

Applies to all masks

ATR Character Convention Indirect MSB (3F)

Supported

Applies to all masks

Technical Data for Contactless based interface

Transport Protocol

Type A, Type B, Mifare

 Mifare only supported when enabled with Type A.

Pre-enablement contactless protocol

848kB, Type B, CID supported, 256 byte frame size, min TR2 set 1, FWT=115ms, NAD not supoprted, standard application data encoding, I-block number checking

Pre-enablement ATQB:

50 <PUPI>00 00 00 00 77 83 95 35 31

PUPI – random; 4 bytes

 

Post-enablement contactless protocol

848kB, Type B, CID supported

 

 

 

 

 

For AMD 0119v001, post-enablement ATQB:

50 <PUPI>00 00 00 00 77 83 95 35 31

PUPI – random; 4 bytes

 

NOTE: IO TCL configuration parameters supported are (selectable via ‘X’ parameter upper most 3 bits X = 000b to 111b) –

X = 000b – typeB 848kb/s (default)

X = 001b - typeA 848kb/s

X = 010b - typeB 424kb/s

X = 011b - typeA 424 kb/s

X = 100b - typeB 106kb/s FWT:77ms

X = 101b - typeA 106kb/s FWT:77ms

X = 110b - typeB 106kb/s FWT:38.4ms

X = 111b - typeA 106kb/s FWT:38.4ms

 

For AMD 0134v001, post-enablement ATQA (on ML3-36K-R1):

14 78 77 90 02 80 31 E0 6B 04 31 05 02 77 55 55 55 55 55 55 E7 11

 

NOTE: IO TCL configuration parameters supported are (selectable via ‘X’ parameter upper most 3 bits X = 000b to 111b) –

X = 000b - typeB 848kb/s

X = 001b - typeA 848kb/s

X = 010b - typeB 424kb/s

X = 011b - typeA 424 kb/s

X = 100b - typeA 848kb/s FWT:77ms Random UID

X = 101b - typeB 848kb/s FWT:77ms Random UID

X = 110b – typeA 848kb/s Random UID (default)

X = 111b - typeB 848kb/s Random PUPI

Memory Area Sizes

ROM

280KB

Applies to all masks

RAM Public

1088 bytes

Applies to all masks

RAM Dynamic

960bytes

Applies to all masks

EEPROM Total

60KB

For ML3-36K-R1, MC3-36K-R1, ML3-36K-R1 Jade and MC3-36K-R1 Jade enabled with AMD 0119v001 and for ML3-36K-R1 enabled with AMD 0134v001.

96KB

For ML3-80K-R1 TSK enabled with AMD 0119v001.

32KB

For MC3-36K-R1 HK UAT enabled with AMD 0119v001.

36KB

For MC3-36K-R1 HK enabled with AMD 0135v001.

EEPROM available for applications

varies as ‘EEPROM Total’ (above)

The maximum single application’s code + dir rec + fci rec size (including application overhead) is 64K and maximum single application’s static size is limited by the available EEPROM (block loading is required by data sizes greater than 64K)

In addition to the above restrictions, any application with the total application size larger than 7FFFh must use "memory copy/fill additional static" primitives to access the additional static data located above 7FFFh. ST[0] for such application only indicates the last static byte located in the normal Static area. It does not indicate the end of Static area, “Get Static Size” primitive must be used to work out the end of Static area.

AMD

Default AMD

AMD 0119v001

For all MULTOS M3 products except MC3-36K-R1 HK.

Default AMD

AMD 0135v001

For MC3-36K-R1 HK.

Optional AMD(s)

AMD 0134v001

For ML3-36K-R1 only.

       

 

Application Related Characteristics

 

Data Item

Value

Comments

Application EEPROM Loading Requirements

Application Header

258 bytes

Applies to all masks

Total temporary space per protected ALU

128 bytes

This represents the maximum size. Applies to all masks

Total temporary space per confidential ALU

256 bytes

This represents the maximum size. Applies to all masks

MULTOS Application Function

Static Page Size (1 page)

32 bytes

Applies to all masks

Maximum write size in pages

at least 9 pages

Limited by available EEPROM. Applies to all masks

Maximum ATR File record size

32 bytes

Applies to all masks

Maximum ATR Historical Byte record size

15 bytes

Applies to all masks

Maximum DIR File record size

255 bytes

Applies to all masks

Maximum FCI record size

255 bytes

Applies to all masks

Maximum inbound TPDU size

256 bytes

Applies to all masks

Maximum outbound TPDU size

255 bytes

Applies to all masks

Maximum delegation nest count

Limited by available EEPROM

Applies to all masks

Maximum application history list entries

Limited by available EEPROM

Applies to all masks

Retry Counters

Set MSM Controls

32

Test cards set to 255. Applies to all masks

Create MEL Application

32

Test cards set to 255. Applies to all masks

Delete MEL Application

32

Test cards set to 255. Applies to all masks

Key Lengths

KCK Public Key length

128 bytes

Applies to all masks

Permitted Application Provider Public Key lengths

64 to 128 bytes

KMA accepts APPK lengths between 72 and 128 bytes inclusive. Applies to all masks

MULTOS TKCK length

128 bytes

Maximum size. Applies to all masks.

 

Primitive Support

 

The primitives listed here are those that were included in the target specification. Applies to all masks

 

Primitive

Supported

Optional / Mandatory

3DES ECB Decipher

Yes

 

3DES ECB Encipher

Yes

 

Add BCDN

Yes

 

AES ECB Decipher

Yes

 

AES ECB Encipher

Yes

 

Block Decipher

Yes

 

Block Encipher

Yes

 

Bit Manipulate Byte

Yes

 

Bit Manipulate Word

Yes

 

Call Codelet

Yes

 

Call Extension 0, 1, 2, 3, 4, 5, 6

No

Optional

Card Block

Yes

 

Card Unblock

Yes

 

Check Case

Yes

 

Checksum

Yes

 

Configure Read Binary

Yes

Optional

Control Auto Reset WWT

Yes

 

Convert BCDN

Yes

 

Delegate

Yes

 

DES ECB Decipher

Yes

 

DES ECB Encipher

Yes

 

DivideN

Yes

 

ECC Addition

No

Optional

ECC Convert Representation

No

Optional

ECC ECIES Decipher

No

Optional

ECC ECIES Encipher

No

Optional

ECC Elliptic Curve Diffie Hellman

Yes

Optional

ECC Equality Test

No

Optional

ECC Generate Key Pair

Yes

Optional

ECC Generate Signature

Yes

Optional

ECC Inverse

No

Optional

ECC Scalar Multiplication

No

Optional

ECC Verify Point

Yes

Optional

ECC Verify Signature

Yes

Optional

Exchange Data

Yes

Optional

Exit to MULTOS and Restart

Yes

 

Generate Asymmetric Hash General

Yes

 

Generate Asymmetric Signature General

No

Optional

Generate DES CBC Signature

Yes

 

Generate Random Prime

Yes

 

Generate RSA Key Pair

Yes

 

Generate Triple DES CBC Signature

Yes

 

Get Data

Yes

 

Get Delegator AID

Yes

 

Get DIR File Record

Yes

 

Get File Control Information

Yes

 

Get Manufacturer Data

Yes

 

Get Memory Reliability

Yes

 

Get MULTOS Data

Yes

 

Get Purse Type

Yes

Optional

Get Random Number

Yes

 

Get Static Size

Yes

Optional

GSM Authenticate

No

Optional

Load CCR

Yes

 

Lookup

Yes

 

Memory Compare

Yes

 

Memory Compare Fixed Length

Yes

 

Memory Copy

Yes

 

Memory Copy Additional Static

Yes

Optional

Memory Copy Fill Additional Static

Yes

Optional

Memory Copy Fixed Length

Yes

 

Memory Copy Non-Atomic

Yes

 

Memory Copy Non-Atomic Fixed Length

Yes

 

Memory Fill Additional Static

Yes

Optional

Modular Exponentiation/RSA Sign

Yes

 

Modular Exponentiation CRT/ RSA Sign CRT

Yes

 

Modular Exponentiation CRT Protected/RSA Sign Protected

Yes

 

Modular Inverse

No

Optional

Modular Multiplication

Yes

Optional

Modular Reduction

Yes

Optional

MultiplyN

Yes

 

Pad

Yes

 

Platform Optimized Checksum

Yes

 

Query Channel

Yes

Optional

Query Codelet

Yes

 

Query Cryptographic Algorithm

Yes

 

Query Interface Type

Yes

 

Query0, Query1, Query2, Query3

Yes

 

Reset Session Data

Yes

 

Reset WWT

Yes

 

Return from Codelet

Yes

 

RSA Verify

Yes

Optional

Secure Hash

Yes

 

Secure Hash IV

Yes

Optional

SEED ECB Decipher

Yes

 

SEED ECB Encipher

Yes

 

Set AFI

Yes

 

Set ATR File Record

Yes

 

Set ATR Historical Characters

Yes

 

Set ATS Historical Characters

Yes

Optional

Set FCI Record

Yes

 

Set Select SW

Yes

 

Set Silent Mode

Yes

Optional

Set Transaction Protection

Yes

 

SHA-1

Yes

 

Shift Left

Yes

 

Shift Right

Yes

 

Store CCR

Yes

 

Subtract BCDN

Yes

 

Unpad

Yes

 

Verify Asymmetric And Retrieve General

No

Optional

 

Implementation Specific Characteristics

 

Zero Block Size

The following instructions and primitives have the block size specified in the code (as opposed to being run-time data). The following table shows how each will perform if a zero block size is specified. Applies to all masks.

 

Type

Instruction / Primitive

Operation

Instruction

LOAD, STORE, LOADI, STOREI

no operation

CLEARN

no operation

TESTN, INCN, DECN, NOTN

Z = 1

CMPN, ADDN, SUBN

C = 0, Z = 1

ANDN, ORN, XORN

Z = 1

Primitive

MultiplyN

Z = 1

DivideN

C = 1, Z = unchanged

ShiftLeft, ShiftRight

C = 0, Z = 1

GetDIRFileRecord
GetFileControlInformation

One byte set to zero pushed onto stack,

If the application specified does not exist, C = 1, Z = 1

If the application specified exists, C = 0, Z = 0

GetManufacturerData
GetMULTOSData
GetPurseType

One byte set to zero pushed onto stack, C = 0

Undefined: implementation specific handling

Undefined: implementation specific handling

MemoryCompareFixedLength

DT’ = DT – 4, C = 0, Z = 1

MemoryCopyFixedLength

DT’ = DT – 4

 

AddBCDN / SubBCDN

Max operand length = 6 bytes

 

Maximum Number of Pages Permitted in a Single Write

The maximum number of pages is at least nine when transaction protection is used. It is possible to write more than nine pages if there is free EEPROM. Note that if an attempt is made to write more than 9 pages and if there is insufficient free EEPROM, then an abnormal end to processing to will occur.

 

 

Condition Code Register

This implementation does support signed arithmetic. The N and V flags are present in the CCR, and they may be changed by some instructions. However, signed arithmetic is not guaranteed and should be avoided. They may be used by an application using the Load CCR and Store CCR primitives, but this may affect the portability of the application.

 

Supported Modulus Lengths of Cryptographic Primitives

All values given are in bytes.

 

Primitive

Lengths supported

Modular Exponentiation, public exponent not 3

Greater than 512 bits, but less then or equal to 2048 bytes

Modular Exponentiation CRT

Between 512 and 2048 bits inclusive

RSA Verify

Greater than 512 bits, but less then or equal to 2048 bytes

Modular Multiplication

Greater than 0, but less then or equal to 256 bytes

Modular Reduction

Greater than 0, but less then or equal to 256 bytes

Generate Random Prime

Prime must be > 16 bytes and less than or equal to 128 bytes

RSA key pair Generation

Modulus size be between 512 and 2048 bits inclusive

ECC key gen, verify point, signature generate, signature verify, Diffie Hellman

Between 160 and 512 bits inclusive

AES ECB Encipher / Decipher

Supported key lengths are 128, 192, 256 bits

 

Confidential Application

A confidential application > 64k which requires area at an offset beyond 64K into the ALU needs to be encrypted then the area must start at an offset < 64K and area length can be increased to cover the required areas. This restriction is due the area start item in the KTU area descriptors is specified to be a word value by the MULTOS specification.

 

Important Remarks

This section contains important remarks about the Primitives and IFD commands of this implementation. Applies to all masks.

 

Functionality

Operation

Automated sending of Work  Wait Time extension

The chip returns WWT extension request bytes when 75% of the WWT has expired.

Bit Manipulate Byte

Bit Manipulate Word

Bits 6 to 2 of b2 are ignored. That is, the primitives return the expected result regardless of the value of bits 6 to 2 of b2.

Block Decipher

Block Encipher

All algorithms and key lengths are supported

Checksum

If the checksummed area includes the parameters (the top four bytes of Dynamic), the checksum will be correctly calculated.

Convert BCD

Max operand length = 6 bytes

Default Application

This version 4.31 functionality is supported

DivideN

Numerator: min - 1 byte,  max = 256 bytes, granularity = 1 byte

Denominator: min = 1 byte, max 128 bytes, granularity = 1 byte

ECC key gen, verify point, generate signature, verify signature, Diffie Hellman

Supported field lengths are between 160 and 512 bits inclusive.

Prime P and Order N must not contain leading zeros.

 

For ECC key generation and ECC verify signature primitives, an invalid option byte will result in an abend.

 

For ECC Verify Point, verification type of 0 is supported (no group order checking). Other verification types will result in an abend.

ECC Diffie Hellman

The memory allocated to the private key must be prime length * 2 even though the private key has length of prime. This is required to guarantee that the primitive executes successfully.

Exchange Data

This primitive only support Mifare channel (channel number of 1). Access to channels other than 1 will cause abend.

 

Return Mifare  status code :

0000H - Operation completed without errors

0502H - Mifare Not Available

0505H – Authentication Process Failed

0508H - Invalid Block Number

0509H – Communication Error Occurred

0510H – General Error Occurred

0511H – Access Rights Not Set for the Desired Action

0515H – Wrong Password

Generate Asymmetric Hash General

If b2 (mode) takes an unsupported value, this primitive performs no operation. In particular, no bytes are popped from the stack.

 

This primitive supports a hash modulus length of 72 bytes in conjunction with a 16-byte hash digest or a 128-bytet modulus with a hash chain length of 20 bytes.

Generate Random Prime

To avoid abend:

 

  • Timeout must be 0
  • RgMax must be greater than RgMin and RgMax must equal 0xFFFFFFFF
  • Prime length must be greater than 16 and less than or equal to 128 bytes
  • Flag must be 0x00 or 0x80 only
  • Conf must be 80

 

Note: Conf = 80 ensures probability of prime being composite is <= 2-80

If suitable prime is not found function does not return (abend)

Get Manufacturer Data

Get MULTOS Data

Get Purse Type

If the destination is stack top, the last byte of retrieved data will be overwritten by the length of data retrieved. That is, the number of bytes copied is always returned on the stack regardless of the destination segment address.

 

 

Get Memory Reliability

MULTOS 4 always indicates memory is reliable: C = 0, Z = 0.

Get Static Size

Option 0 (32 bit static size returned) is supported only. Any other option will result in an abend.

Lookup

If the target value appears more than once in the list, the location of the first is reported. The list need not be sorted. If the target value is not found, it is left unchanged on the stack.

Modular Exponentiation

The least significant bit of the modulus must be 1.

The exponent length must be greater than 1 byte.

The exponent value must be greater than 1.

The modulus length must be greater than 512 bits and less than or equal to 2048 bits.

The modulus must not contain any full byte zeros at the most significant end.

If any of the conditions above are not met, an abnormal end will occur.

It is highly recommended that the modulus length and exponent length are equal. For modular exponentiation using a public exponent use RSA Verify

 

Modular Exponentiation CRT

The modulus length must be greater than 512 bits, but not greater than 2048 bits. The length must also be an even number. 

The length of each item must be modulus length divided by 2.

The most significant byte of primes p and q must not be 0.

The least significant bits of the primes p and q must be 1.

X (in calculation Y=XdmodN) must not be equal to 0.

If any of these conditions are not met, an abnormal end to processing will occur.

X (in calculation Y=XdmodN) must not be equal to 1.

If the above condition is not met, undefined results will occur.

Modular Multiplication

The modulus length must be greater than 0 and less than or equal to 256 bytes. Note this length does not include any leading zero bytes.

Modular Reduction

The modulus length must be greater than 0 and less than or equal to 256 bytes.

The data length must be equal to or greater than the modulus length.

The modulus must not have any leading zero bytes.

If any of these conditions are not met, an abnormal end will occur.

MultiplyN

The length of each operand must not be greater than 128 bytes

Query Cryptographic Algorithm

DES, Triple DES, SEED, AES, RSA supported. Comp-128 is not supported.

RSA Key Pair Generation

Generates key pair when private key in CRT format. Only method 0 and balance mode are supported. Other methods and modes will result in an abend. When the primitive is called with a zero length modulus a valid block should nevertheless be specified for the modulus. Specifying an invalid block will result in an abend if the modulus length supplied is zero.

RSA Verify

This primitive performs modular exponentiation optimised for public exponents. Use the modular exponentiation with private exponents in standard format use the secure Modular Exponentiation primitive.

Secure Hash

Secure Hash IV

SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512 algorithms supported.

Set Silent Mode

Option 1 supported only. Any other option will result in an abend.

Set Transaction Protection

Bits 7 to 2 of b2 are ignored. That is, the primitive returns the expected result regardless of the value of bits 7 to 2 of b2.

Infineon chips copy the source data to a temporary store and any updates are made to the source data. In the case of a rollback, the copy of the original source data is written to the source.

Shift Left and Shift Right

  • With b2 > 0, if b3 = 0, C= 0 and Z is set appropriately.
    The output block is equal to the input block (the input block is not changed).
  • With b2 > 0, if b3 > 8 * b2, C = 0 and Z = 1.
    The output block is zero.

 

 

Codelets available

None