M3 Generic
ML336KR1 / ML336KR1 Jade / MC336KR1 / MC336KR1 Jade / ML380KR1 TSK / MC336KR1 HK UAT / MC336KR1 HK on
SLE78CLXxxxxPM / SLE78CXxxxxP
Application Related Characteristics  Primitive Support  Implementation Specific Characteristics  Codelets Available
External Characteristics
Data Item 
Value 
Comments 

External Specification 

MULTOS Version 
4.31 


Silicon Provider / manufacturer_id 
Infineon / 0x05 


Implementer / implementer_id 
Multos International / 0x02 


Mask / ic_type(s) 
0x77, 0x7D, 0x7F, 0xC0, 0xC1, 0xC2, 0xD7 


MULTOS Type Approval Status 
Received 


CAST Certificate Status 
N/A 


Technical Data for Contact based interface 

Power / External Clock 
1.62V to 5.5V / 1 to 7.5 MHz 
Applies to all masks 

Transport Protocol 
T = 0, T = 1, 
Applies to all masks 

FI/DI 
0x01, 0x02, 0x03, 0x08, 0x11, 0x12, 0x13, 0x18, 0x32, 0x33, 0x34, 0x38, 0x92, 0x93, 0x94, 0x95, 0x96, ,0x97, 0xA3, 0xA4, 0xA5, 0xA6, 0xA8 
Applies to all masks 

Dual ATR 
Supported 
Preenablement ATR: 3B FF 96 00 FF C0 0A 31 FE 4D 80 31 E0 6B 04 31 05 02 xx 55 55 55 55 55 55 yy
For ML336KR1 xx = 77, yy = A1 For MC336KR1 xx = 7D, yy = AB For ML336KR1 Jade xx = 7F, yy = A9 For MC336KR1 Jade xx = C0, yy = 16 For ML380KR1 TSK xx = C1, yy = 17 For ML336KR1 HK UAT xx = C2, yy = 14 For ML336KR1 HK xx = D7, yy = 01 

PPS 
Supported, max speed 447kbps @ 3.58MHz 
Applies to all masks 

ATR Character Convention Direct LSB (3B) 
Supported 
Applies to all masks 

ATR Character Convention Indirect MSB (3F) 
Supported 
Applies to all masks 

Technical Data for Contactless based interface 

Transport Protocol 
Type A, Type B, Mifare 
Mifare only supported when enabled with Type A. 

Preenablement contactless protocol 
848kB, Type B, CID supported, 256 byte frame size, min TR2 set 1, FWT=115ms, NAD not supoprted, standard application data encoding, Iblock number checking 
Preenablement ATQB: 50 <PUPI>00 00 00 00 77 83 95 35 31 PUPI – random; 4 bytes


Postenablement contactless protocol 
848kB, Type B, CID supported

For AMD 0119v001, postenablement ATQB: 50 <PUPI>00 00 00 00 77 83 95 35 31 PUPI – random; 4 bytes
NOTE: IO TCL configuration parameters supported are (selectable via ‘X’ parameter upper most 3 bits X = 000b to 111b) – X = 000b – typeB 848kb/s (default) X = 001b  typeA 848kb/s X = 010b  typeB 424kb/s X = 011b  typeA 424 kb/s X = 100b  typeB 106kb/s FWT:77ms X = 101b  typeA 106kb/s FWT:77ms X = 110b  typeB 106kb/s FWT:38.4ms X = 111b  typeA 106kb/s FWT:38.4ms
For AMD 0134v001, postenablement ATQA (on ML336KR1): 14 78 77 90 02 80 31 E0 6B 04 31 05 02 77 55 55 55 55 55 55 E7 11
NOTE: IO TCL configuration parameters supported are (selectable via ‘X’ parameter upper most 3 bits X = 000b to 111b) – X = 000b  typeB 848kb/s X = 001b  typeA 848kb/s X = 010b  typeB 424kb/s X = 011b  typeA 424 kb/s X = 100b  typeA 848kb/s FWT:77ms Random UID X = 101b  typeB 848kb/s FWT:77ms Random UID X = 110b – typeA 848kb/s Random UID (default) X = 111b  typeB 848kb/s Random PUPI 

Memory Area Sizes 

ROM 
280KB 
Applies to all masks 

RAM Public 
1088 bytes 
Applies to all masks 

RAM Dynamic 
960bytes 
Applies to all masks 

EEPROM Total 
60KB 
For ML336KR1, MC336KR1, ML336KR1 Jade and MC336KR1 Jade enabled with AMD 0119v001 and for ML336KR1 enabled with AMD 0134v001. 

96KB 
For ML380KR1 TSK enabled with AMD 0119v001. 

32KB 
For MC336KR1 HK UAT enabled with AMD 0119v001. 

36KB 
For MC336KR1 HK enabled with AMD 0135v001. 

EEPROM available for applications 
varies as ‘EEPROM Total’ (above) 
The maximum single application’s code + dir rec + fci rec size (including application overhead) is 64K and maximum single application’s static size is limited by the available EEPROM (block loading is required by data sizes greater than 64K) In addition to the above restrictions, any application with the total application size larger than 7FFFh must use "memory copy/fill additional static" primitives to access the additional static data located above 7FFFh. ST[0] for such application only indicates the last static byte located in the normal Static area. It does not indicate the end of Static area, “Get Static Size” primitive must be used to work out the end of Static area. 

AMD 

Default AMD 
AMD 0119v001 
For all MULTOS M3 products except MC336KR1 HK. 

Default AMD 
AMD 0135v001 
For MC336KR1 HK. 

Optional AMD(s) 
AMD 0134v001 
For ML336KR1 only. 

Application Related Characteristics
Data Item 
Value 
Comments 
Application EEPROM Loading Requirements 

Application Header 
258 bytes 
Applies to all masks 
Total temporary space per protected ALU 
128 bytes 
This represents the maximum size. Applies to all masks 
Total temporary space per confidential ALU 
256 bytes 
This represents the maximum size. Applies to all masks 
MULTOS Application Function 

Static Page Size (1 page) 
32 bytes 
Applies to all masks 
Maximum write size in pages 
at least 9 pages 
Limited by available EEPROM. Applies to all masks 
Maximum ATR File record size 
32 bytes 
Applies to all masks 
Maximum ATR Historical Byte record size 
15 bytes 
Applies to all masks 
Maximum DIR File record size 
255 bytes 
Applies to all masks 
Maximum FCI record size 
255 bytes 
Applies to all masks 
Maximum inbound TPDU size 
256 bytes 
Applies to all masks 
Maximum outbound TPDU size 
255 bytes 
Applies to all masks 
Maximum delegation nest count 
Limited by available EEPROM 
Applies to all masks 
Maximum application history list entries 
Limited by available EEPROM 
Applies to all masks 
Retry Counters 

Set MSM Controls 
32 
Test cards set to 255. Applies to all masks 
Create MEL Application 
32 
Test cards set to 255. Applies to all masks 
Delete MEL Application 
32 
Test cards set to 255. Applies to all masks 
Key Lengths 

KCK Public Key length 
128 bytes 
Applies to all masks 
Permitted Application Provider Public Key lengths 
64 to 128 bytes 
KMA accepts APPK lengths between 72 and 128 bytes inclusive. Applies to all masks 
MULTOS TKCK length 
128 bytes 
Maximum size. Applies to all masks. 
Primitive Support
The primitives listed here are those that were included in the target specification. Applies to all masks
Primitive 
Supported 
Optional / Mandatory 

3DES ECB Decipher 
Yes 

3DES ECB Encipher 
Yes 

Add BCDN 
Yes 

AES ECB Decipher 
Yes 

AES ECB Encipher 
Yes 

Block Decipher 
Yes 

Block Encipher 
Yes 

Bit Manipulate Byte 
Yes 

Bit Manipulate Word 
Yes 

Call Codelet 
Yes 

Call Extension 0, 1, 2, 3, 4, 5, 6 
No 
Optional 
Card Block 
Yes 

Card Unblock 
Yes 

Check Case 
Yes 

Checksum 
Yes 

Configure Read Binary 
Yes 
Optional 
Control Auto Reset WWT 
Yes 

Convert BCDN 
Yes 

Delegate 
Yes 

DES ECB Decipher 
Yes 

DES ECB Encipher 
Yes 

DivideN 
Yes 

ECC Addition 
No 
Optional 
ECC Convert Representation 
No 
Optional 
ECC ECIES Decipher 
No 
Optional 
ECC ECIES Encipher 
No 
Optional 
ECC Elliptic Curve Diffie Hellman 
Yes 
Optional 
ECC Equality Test 
No 
Optional 
ECC Generate Key Pair 
Yes 
Optional 
ECC Generate Signature 
Yes 
Optional 
ECC Inverse 
No 
Optional 
ECC Scalar Multiplication 
No 
Optional 
ECC Verify Point 
Yes 
Optional 
ECC Verify Signature 
Yes 
Optional 
Exchange Data 
Yes 
Optional 
Exit to MULTOS and Restart 
Yes 

Generate Asymmetric Hash General 
Yes 

Generate Asymmetric Signature General 
No 
Optional 
Generate DES CBC Signature 
Yes 

Generate Random Prime 
Yes 

Generate RSA Key Pair 
Yes 

Generate Triple DES CBC Signature 
Yes 

Get Data 
Yes 

Get Delegator AID 
Yes 

Get DIR File Record 
Yes 

Get File Control Information 
Yes 

Get Manufacturer Data 
Yes 

Get Memory Reliability 
Yes 

Get MULTOS Data 
Yes 

Get Purse Type 
Yes 
Optional 
Get Random Number 
Yes 

Get Static Size 
Yes 
Optional 
GSM Authenticate 
No 
Optional 
Load CCR 
Yes 

Lookup 
Yes 

Memory Compare 
Yes 

Memory Compare Fixed Length 
Yes 

Memory Copy 
Yes 

Memory Copy Additional Static 
Yes 
Optional 
Memory Copy Fill Additional Static 
Yes 
Optional 
Memory Copy Fixed Length 
Yes 

Memory Copy NonAtomic 
Yes 

Memory Copy NonAtomic Fixed Length 
Yes 

Memory Fill Additional Static 
Yes 
Optional 
Modular Exponentiation/RSA Sign 
Yes 

Modular Exponentiation CRT/ RSA Sign CRT 
Yes 

Modular Exponentiation CRT Protected/RSA Sign Protected 
Yes 

Modular Inverse 
No 
Optional 
Modular Multiplication 
Yes 
Optional 
Modular Reduction 
Yes 
Optional 
MultiplyN 
Yes 

Pad 
Yes 

Platform Optimized Checksum 
Yes 

Query Channel 
Yes 
Optional 
Query Codelet 
Yes 

Query Cryptographic Algorithm 
Yes 

Query Interface Type 
Yes 

Query0, Query1, Query2, Query3 
Yes 

Reset Session Data 
Yes 

Reset WWT 
Yes 

Return from Codelet 
Yes 

RSA Verify 
Yes 
Optional 
Secure Hash 
Yes 

Secure Hash IV 
Yes 
Optional 
SEED ECB Decipher 
Yes 

SEED ECB Encipher 
Yes 

Set AFI 
Yes 

Set ATR File Record 
Yes 

Set ATR Historical Characters 
Yes 

Set ATS Historical Characters 
Yes 
Optional 
Set FCI Record 
Yes 

Set Select SW 
Yes 

Set Silent Mode 
Yes 
Optional 
Set Transaction Protection 
Yes 

SHA1 
Yes 

Shift Left 
Yes 

Shift Right 
Yes 

Store CCR 
Yes 

Subtract BCDN 
Yes 

Unpad 
Yes 

Verify Asymmetric And Retrieve General 
No 
Optional 
Implementation Specific Characteristics
Zero Block Size
The following instructions and primitives have the block size specified in the code (as opposed to being runtime data). The following table shows how each will perform if a zero block size is specified. Applies to all masks.
Type 
Instruction / Primitive 
Operation 

Instruction 
LOAD, STORE, LOADI, STOREI 
no operation 
CLEARN 
no operation 

TESTN, INCN, DECN, NOTN 
Z = 1 

CMPN, ADDN, SUBN 
C = 0, Z = 1 

ANDN, ORN, XORN 
Z = 1 

Primitive 
MultiplyN 
Z = 1 
DivideN 
C = 1, Z = unchanged 

ShiftLeft, ShiftRight 
C = 0, Z = 1 

GetDIRFileRecord 
One byte set to zero pushed onto stack, If the application specified does not exist, C = 1, Z = 1 If the application specified exists, C = 0, Z = 0 

GetManufacturerData 
One byte set to zero pushed onto stack, C = 0 Undefined: implementation specific handling Undefined: implementation specific handling 

MemoryCompareFixedLength 
DT’ = DT – 4, C = 0, Z = 1 

MemoryCopyFixedLength 
DT’ = DT – 4 


AddBCDN / SubBCDN 
Max operand length = 6 bytes 
Maximum Number of Pages Permitted in a Single Write
The maximum number of pages is at least nine when transaction protection is used. It is possible to write more than nine pages if there is free EEPROM. Note that if an attempt is made to write more than 9 pages and if there is insufficient free EEPROM, then an abnormal end to processing to will occur.
Condition Code Register
This implementation does support signed arithmetic. The N and V flags are present in the CCR, and they may be changed by some instructions. However, signed arithmetic is not guaranteed and should be avoided. They may be used by an application using the Load CCR and Store CCR primitives, but this may affect the portability of the application.
Supported Modulus Lengths of Cryptographic Primitives
All values given are in bytes.
Primitive 
Lengths supported 
Modular Exponentiation, public exponent not 3 
Greater than 512 bits, but less then or equal to 2048 bytes 
Modular Exponentiation CRT 
Between 512 and 2048 bits inclusive 
RSA Verify 
Greater than 512 bits, but less then or equal to 2048 bytes 
Modular Multiplication 
Greater than 0, but less then or equal to 256 bytes 
Modular Reduction 
Greater than 0, but less then or equal to 256 bytes 
Generate Random Prime 
Prime must be > 16 bytes and less than or equal to 128 bytes 
RSA key pair Generation 
Modulus size be between 512 and 2048 bits inclusive 
ECC key gen, verify point, signature generate, signature verify, Diffie Hellman 
Between 160 and 512 bits inclusive 
AES ECB Encipher / Decipher 
Supported key lengths are 128, 192, 256 bits 
Confidential Application
A confidential application > 64k which requires area at an offset beyond 64K into the ALU needs to be encrypted then the area must start at an offset < 64K and area length can be increased to cover the required areas. This restriction is due the area start item in the KTU area descriptors is specified to be a word value by the MULTOS specification.
Important Remarks
This section contains important remarks about the Primitives and IFD commands of this implementation. Applies to all masks.
Functionality 
Operation 

Automated sending of Work Wait Time extension 
The chip returns WWT extension request bytes when 75% of the WWT has expired. 
Bit Manipulate Byte Bit Manipulate Word 
Bits 6 to 2 of b2 are ignored. That is, the primitives return the expected result regardless of the value of bits 6 to 2 of b2. 
Block Decipher Block Encipher 
All algorithms and key lengths are supported 
Checksum 
If the checksummed area includes the parameters (the top four bytes of Dynamic), the checksum will be correctly calculated. 
Convert BCD 
Max operand length = 6 bytes 
Default Application 
This version 4.31 functionality is supported 
DivideN 
Numerator: min  1 byte, max = 256 bytes, granularity = 1 byte Denominator: min = 1 byte, max 128 bytes, granularity = 1 byte 
ECC key gen, verify point, generate signature, verify signature, Diffie Hellman 
Supported field lengths are between 160 and 512 bits inclusive. Prime P and Order N must not contain leading zeros.
For ECC key generation and ECC verify signature primitives, an invalid option byte will result in an abend.
For ECC Verify Point, verification type of 0 is supported (no group order checking). Other verification types will result in an abend. 
ECC Diffie Hellman 
The memory allocated to the private key must be prime length * 2 even though the private key has length of prime. This is required to guarantee that the primitive executes successfully. 
Exchange Data 
This primitive only support Mifare channel (channel number of 1). Access to channels other than 1 will cause abend.
Return Mifare status code : 0000_{H}  Operation completed without errors 0502_{H}  Mifare Not Available 0505_{H} – Authentication Process Failed 0508_{H}  Invalid Block Number 0509_{H} – Communication Error Occurred 0510_{H} – General Error Occurred 0511_{H} – Access Rights Not Set for the Desired Action 0515_{H} – Wrong Password 
Generate Asymmetric Hash General 
If b2 (mode) takes an unsupported value, this primitive performs no operation. In particular, no bytes are popped from the stack.
This primitive supports a hash modulus length of 72 bytes in conjunction with a 16byte hash digest or a 128bytet modulus with a hash chain length of 20 bytes. 
Generate Random Prime 
To avoid abend:
Note: Conf = 80 ensures probability of prime being composite is <= 2^{80} If suitable prime is not found function does not return (abend) 
Get Manufacturer Data Get MULTOS Data Get Purse Type 
If the destination is stack top, the last byte of retrieved data will be overwritten by the length of data retrieved. That is, the number of bytes copied is always returned on the stack regardless of the destination segment address.

Get Memory Reliability 
MULTOS 4 always indicates memory is reliable: C = 0, Z = 0. 
Get Static Size 
Option 0 (32 bit static size returned) is supported only. Any other option will result in an abend. 
Lookup 
If the target value appears more than once in the list, the location of the first is reported. The list need not be sorted. If the target value is not found, it is left unchanged on the stack. 
Modular Exponentiation 
The least significant bit of the modulus must be 1. The exponent length must be greater than 1 byte. The exponent value must be greater than 1. The modulus length must be greater than 512 bits and less than or equal to 2048 bits. The modulus must not contain any full byte zeros at the most significant end. If any of the conditions above are not met, an abnormal end will occur. It is highly recommended that the modulus length and exponent length are equal. For modular exponentiation using a public exponent use RSA Verify

Modular Exponentiation CRT 
The modulus length must be greater than 512 bits, but not greater than 2048 bits. The length must also be an even number. The length of each item must be modulus length divided by 2. The most significant byte of primes p and q must not be 0. The least significant bits of the primes p and q must be 1. X (in calculation Y=X^{d}modN) must not be equal to 0. If any of these conditions are not met, an abnormal end to processing will occur. X (in calculation Y=X^{d}modN) must not be equal to 1. If the above condition is not met, undefined results will occur. 
Modular Multiplication 
The modulus length must be greater than 0 and less than or equal to 256 bytes. Note this length does not include any leading zero bytes. 
Modular Reduction 
The modulus length must be greater than 0 and less than or equal to 256 bytes. The data length must be equal to or greater than the modulus length. The modulus must not have any leading zero bytes. If any of these conditions are not met, an abnormal end will occur. 
MultiplyN 
The length of each operand must not be greater than 128 bytes 
Query Cryptographic Algorithm 
DES, Triple DES, SEED, AES, RSA supported. Comp128 is not supported. 
RSA Key Pair Generation 
Generates key pair when private key in CRT format. Only method 0 and balance mode are supported. Other methods and modes will result in an abend. When the primitive is called with a zero length modulus a valid block should nevertheless be specified for the modulus. Specifying an invalid block will result in an abend if the modulus length supplied is zero. 
RSA Verify 
This primitive performs modular exponentiation optimised for public exponents. Use the modular exponentiation with private exponents in standard format use the secure Modular Exponentiation primitive. 
Secure Hash Secure Hash IV 
SHA1, SHA224, SHA256, SHA384 and SHA512 algorithms supported. 
Set Silent Mode 
Option 1 supported only. Any other option will result in an abend. 
Set Transaction Protection 
Bits 7 to 2 of b2 are ignored. That is, the primitive returns the expected result regardless of the value of bits 7 to 2 of b2. Infineon chips copy the source data to a temporary store and any updates are made to the source data. In the case of a rollback, the copy of the original source data is written to the source. 
Shift Left and Shift Right 

Codelets available
None