M4-P16

MC4-P16 on STMicroelectronics SC23Z Platform

Application Related Characteristics | Primitive Support  | Implementation Specific Characteristics | Codelets Available

  External Characteristics

 

Data Item

Value

Comments

External Specification

MULTOS Version

4.4.0

 

Silicon Provider / manufacturer_id

ST / 0x02

 

Implementers / implementer_id

Multos International / 0x02

 

Mask / ic_type

Contact Multos International.

Contact Multos International for detailed technical information and product configurations.

Technical Data for contact interface

Power / External Clock

2.7V to 5.5V / 1 to 10 MHz

Applies to all masks

Transport Protocol

T = 0, T = 1

Applies to all masks

FI/DI

0x01, 0x02, 0x03, 0x08, 0x11, 0x12, 0x13, 0x18, 0x32, 0x33, 0x34, 0x38, 0x92, 0x93, 0x94, 0x95, 0x96, ,0x97, 0xA3, 0xA4, 0xA5, 0xA6, 0xA8

Applies to all masks

Dual ATR

Supported

Pre-enablement ATR: 

3B FF 96 00 FF C0 0A 31 FE 4D 80 31 E0 6B 04 40 02 02 xx 55 55 55 55 55 55 yy

 

Where xx is the ic_type and yy is checksum

PPS

Supported, max speed 447kbps @ 3.58MHz

Applies to all masks

ATR Character Convention Direct LSB (3B)

Supported

Applies to all masks

ATR Character Convention Indirect MSB (3F)

Supported

Applies to all masks

Memory Area Sizes

AMD

-

Not applicable

ROM

-

Not applicable

RAM Public

530 bytes

Applies to all masks

RAM Dynamic

4360  bytes (max)

Applied to all masks. Please see remarks

EEPROM Total

MC4-P16 (ic_type: 0D) - 12KB

 

 

EEPROM available for applications

MC4-P16 (ic_type: 0D) - 9.27KB

 

 

 

AMD

Available AMD(s)

AMD 0136v002

AMD 0136v003

 

 

 

 

 

Application Related Characteristics

 

Data Item

Value

Comments

Application EEPROM Loading Requirements

Application Header

256 bytes

Applies to all masks

Total temporary space per protected ALU

128 bytes

This represents the maximum size. Applies to all masks

Total temporary space per confidential ALU

256 bytes

This represents the maximum size. Applies to all masks

MULTOS Application Function

Static Page Size (1 page)

32 bytes

Applies to all masks

Maximum write size in pages

at least 9 pages

Limited by available EEPROM. Applies to all masks

Maximum ATR File record size

32 bytes

 

Applies to all masks

Maximum ATR Historical Byte record size

15 bytes

Applies to all masks

Maximum DIR File record size

255 bytes

Applies to all masks

Maximum FCI record size

255 bytes

Applies to all masks

Maximum inbound TPDU size

256 bytes

Applies to all masks

Maximum outbound TPDU size

255 bytes

Applies to all masks

Maximum delegation nest count

Limited by available RAM

Applies to all masks

Maximum application history list entries

Limited by available EEPROM

Applies to all masks

Retry Counters

Set MSM Controls

32

Test cards set to 255. Applies to all masks

Create MEL Application

32

Test cards set to 255. Applies to all masks

Delete MEL Application

32

Test cards set to 255. Applies to all masks

Key Lengths

KCK Public Key length

128 bytes

Applies to all masks

Permitted Application Provider Public Key lengths

64 to 128 bytes

KMA accepts APPK lengths between 72 and 128 bytes inclusive. Applies to all masks

MULTOS TKCK length

128 bytes

Maximum size. Applies to all masks.

 

Primitive Support

The primitives listed here are those that were included in the target specification.

 

Primitive

Supported

Optional / Mandatory

3DES ECB Decipher

No

 

3DES ECB Encipher

No

 

Add BCDN

Yes

 

AES ECB Decipher

No

 

AES ECB Encipher

No

 

Block Decipher

Yes

 

Block Encipher

Yes

 

Bit Manipulate Byte

Yes

 

Bit Manipulate Word

Yes

 

Call Codelet

Yes

 

Call Extension 0, 1, 2, 3, 4, 5, 6

No

Optional

Card Block

Yes

 

Card Unblock

Yes

 

Check Case

Yes

 

Checksum

Yes

 

Configure Read Binary

No

Optional

Control Auto Reset WWT

Yes

 

Convert BCD

Yes

 

Delegate

Yes

 

DES ECB Decipher

Yes

 

DES ECB Encipher

Yes

 

DivideN

Yes

 

ECC Addition

No

Optional

ECC Convert Representation

No

Optional

ECC ECIES Decipher

No

Optional

ECC ECIES Encipher

No

Optional

ECC Elliptic Curve Diffie Hellman

No

Optional

ECC Equality Test

No

Optional

ECC Generate Key Pair

No

Optional

ECC Generate Signature

No

Optional

ECC Inverse

No

Optional

ECC Scalar Multiplication

No

Optional

ECC Verify Point

No

Optional

ECC Verify Signature

No

Optional

Exchange Data

No

Optional

Exit to MULTOS and Restart

No

 

Generate Asymmetric Hash General

No

 

Generate Asymmetric Signature General

No

Optional

Generate DES CBC Signature

Yes

 

Generate Random Prime

No

 

Generate RSA Key Pair

Yes

 

Generate Triple DES CBC Signature

Yes

 

Get Data

Yes

 

Get Delegator AID

Yes

 

Get DIR File Record

Yes

 

Get File Control Information

Yes

 

Get Manufacturer Data

Yes

 

Get Memory Reliability

Yes

 

Get MULTOS Data

Yes

 

Get PIN Data

Yes

 

Get Process Event

Yes

Optional

Get Purse Type

No

Optional

Get Random Number

Yes

 

Get Static Size

No

Optional

GSM Authenticate

No

Optional

Initialise PIN

Yes

 

Load CCR

Yes

 

Lookup

Yes

 

Lookup Word

Yes

 

Memory Compare

Yes

 

Memory Compare Fixed Length

Yes

 

Memory Copy

Yes

 

Memory Copy Additional Static

No

Optional

Memory Copy Fill Additional Static

No

Optional

Memory Copy Fixed Length

Yes

 

Memory Copy Non-Atomic

Yes

 

Memory Copy Non-Atomic Fixed Length

Yes

 

Memory Fill Additional Static

No

Optional

Modular Exponentiation/RSA Sign

Yes

 

Modular Exponentiation CRT/ RSA Sign CRT

Yes

 

Modular Exponentiation CRT Protected/RSA Sign Protected

Yes

 

Modular Inverse

No

Optional

Modular Multiplication

Yes

Optional

Modular Reduction

Yes

Optional

MultiplyN

Yes

 

Pad

Yes

 

Platform Optimized Checksum

Yes

 

Proprietary Primitive: Generate RSA Key Pair

Yes

 

Proprietary Primitive: Query Proprietary Primitive

Yes

 

Query Channel

No

Optional

Query Codelet

Yes

 

Query Cryptographic Algorithm

Yes

 

Query Interface Type

Yes

 

Query0, Query1, Query2, Query3

Yes

 

Read PIN

Yes

 

Reject Process Event

Yes

Optional

Reset Session Data

Yes

 

Reset WWT

Yes

 

Return from Codelet

Yes

 

RSA Verify

Yes

Optional

Secure Hash

Yes

 

Secure Hash IV

No

Optional

SEED ECB Decipher

Yes

 

SEED ECB Encipher

Yes

 

Set AFI

No

 

Set ATR File Record

Yes

 

Set ATR Historical Characters

Yes

 

Set ATS Historical Characters

No

Optional

Set Contactless Select SW

No

 

Set FCI Record

Yes

 

Set PIN Data

Yes

 

Set Select SW

Yes

 

Set Silent Mode

No

Optional

Set Transaction Protection

Yes

 

SHA-1

Yes

 

Shift Left

Yes

 

Shift Right

Yes

 

Store CCR

Yes

 

Subtract BCDN

Yes

 

Unpad

Yes

 

Verify PIN

Yes

 

Verify Asymmetric And Retrieve General

No

Optional

 Implementation Specific Characteristics

Zero Block Size

The following instructions and primitives have the block size specified in the code (as opposed to being run-time data). The following table shows how each will perform if a zero block size is specified.

 

 

Type

Instruction / Primitive

Operation

Instruction

LOAD, STORE, LOADI, STOREI

no operation

CLEARN

no operation

TESTN, INCN, DECN, NOTN

Z = 1

CMPN, ADDN, SUBN

C = 0, Z = 1

ANDN, ORN, XORN

Z = 1

Primitive

MultiplyN

Z = 1

DivideN

C = 1, Z = unchanged

ShiftLeft, ShiftRight

C = 0, Z = 1

GetDIRFileRecord
GetFileControlInformation

One byte set to zero pushed onto stack,

If the application specified does not exist, C = 1, Z = 1

If the application specified exists, C = 0, Z = 0

GetManufacturerData
GetMULTOSData
GetPurseType

One byte set to zero pushed onto stack, C = 0

Undefined: implementation specific handling

Undefined: implementation specific handling

MemoryCompareFixedLength

DT’ = DT – 4, C = 0, Z = 1

MemoryCopyFixedLength

DT’ = DT – 4

AddBCDN / SubBCDN

Max operand length = 6 bytes

Maximum Number of Pages Permitted in a Single Write

The maximum number of pages is at least nine when transaction protection is used. It is possible to write more than nine pages if there is free EEPROM. Note that if an attempt is made to write more than nine pages and if there is insufficient free EEPROM, then an abnormal end to processing to will occur.

 

Condition Code Register

This implementation does support signed arithmetic. The N and V flags are present in the CCR, and they may be changed by some instructions. However, signed arithmetic is not guaranteed and should be avoided. They may be used by an application using the Load CCR and Store CCR primitives, but this may affect the portability of the application.

 

Important Remarks

This section contains important remarks about the Primitives and IFD commands of this implementation. 

 

Functionality

Operation

Bit Manipulate Byte

Bit Manipulate Word

Bits 6 to 2 of b2 are ignored. That is, the primitives return the expected result regardless of the value of bits 6 to 2 of b2.

Block Decipher

Block Encipher

Supports DES, 3DES, AES, SEED in CBC and ECB modes

Checksum

If the checksummed area includes the parameters (the top four bytes of Dynamic), the checksum will be correctly calculated.

Convert BCD

Max operand length = 6 bytes

Default Application

This version 4.4 functionality is supported

DivideN

Numerator: min – 1 byte,  max = 128 bytes, granularity = 1 byte

Denominator: min = 1 byte, max 128 bytes, granularity = 1 byte

Get Manufacturer Data

Get MULTOS Data

Get Purse Type

If the destination is stack top, the last byte of retrieved data will be overwritten by the length of data retrieved. That is, the number of bytes copied is always returned on the stack regardless of the destination segment address.

 

 

Get Memory Reliability

MULTOS 4 always indicates memory is reliable: C = 0, Z = 0.

Lookup

If the target value appears more than once in the list, the location of the first is reported. The list need not be sorted. If the target value is not found, it is left unchanged on the stack.

Modular Exponentiation

The modulus length must be greater than or equal to 512 bits and less than or equal to 2048 bits.

The least significant bit of the modulus must be 1.

The modulus must not contain any zero bytes at the most significant end.

The exponent length must be greater than or equal to 512 bits.

The length of the modulus must be greater or equal to the length of the exponent.

If the length of the modulus and exponent are the same then the value of the modulus must be greater than the value of the exponent.

If any of the conditions above are not met, an abnormal end will occur.

It is highly recommended that the modulus length and exponent length are equal. For modular exponentiation using a public exponent use RSA Verify

Modular Exponentiation CRT

The modulus length must be greater than 512 bits, but not greater than 2048 bits. The length must also be an even number. 

The length of each item must be modulus length divided by 2.

The most significant byte of primes p and q must not be 0.

The least significant bits of the primes p and q must be 1.

X (in calculation Y=XdmodN) must not be equal to 0.

If any of these conditions are not met, an abnormal end to processing will occur.

X (in calculation Y=XdmodN) must not be equal to 1.

If the above condition is not met, undefined results will occur.

MultiplyN

The length of each operand must not be greater than 128 bytes

Proprietary Primitive Extension

There are two such primitives. They are:

Query (proprietary) primitive type (All masks)

RSA key pair generation for keys up to 2048-bit (All Masks)

 

RSA Key Pair Generation (proprietary)

Supports the same method, mode and keylengths (upto 2048) as the MULTOS Generate RSA KeyPair primitive. This proprietary interface is maintained only for backwards compatibility and any new developments should use the official MULTOS primitive.

RSA Key Pair Generation

Generates key pair when private key in CRT format. Only method 0 and balance mode are supported. Other methods and modes will result in an abend. When the primitive is called with a zero length modulus a valid block should nevertheless be specified for the modulus. Specifying an invalid block will result in an abend if the modulus length supplied is zero.

RSA Verify

This primitive performs modular exponentiation optimised for public exponents. Use the modular exponentiation with private exponents in standard format use the secure Modular Exponentiation primitive.

Secure Hash

SHA-1, SHA-224, and SHA-256 algorithms supported.

Set Transaction Protection

Bits 7 to 2 of b2 are ignored. That is, the primitive returns the expected result regardless of the value of bits 7 to 2 of b2.

Infineon chips copy the source data to a temporary store and any updates are made to the source data. In the case of a rollback, the copy of the original source data is written to the source.

Shift Left and Shift Right

             

With b2 > 0, if b3 = 0, C= 0 and Z is set appropriately.
The output block is equal to the input block (the input block is not changed).

With b2 > 0, if b3 > 8 * b2, C = 0 and Z = 1.
The output block is zero.

Available RAM

MULTOS M4 has a total of 4360-bytes of RAM available. However, This RAM is shared between application dynamic, the delegation mechanism, transaction protection mechanism and crypto functions. If at any point MULTOS runs out of resources then an abend will occur. An example scenario is as follows:

 

  • MULTOS M4 running with 2 applications loaded (app1 & app2). Both apps use 256-bytes session data.
  • App1 is selected. Now the total RAM available is 4360 – 256 (app1 session data) = 4104
  • App1 delegates to App2. Total RAM available is 4104 – 256 (app2 session data) – 42 (delegation overhead) = 3806
  • App2 performs DES operation. For the duration of the DES op RAM is reduced by 136-bytes
  • So, in the case where there were multiple apps loaded with large amounts of session data and multiple delegations occurring followed by a crypto primitive call, then there must be enough RAM available to complete the crypto operation, otherwise MULTOS will abend.
  • DES requires 136-bytes of RAM to be available.
  • SEED requires 806-bytes of RAM.
  • AES requires 446-bytes of RAM
  • RSA (ModExp/ModExpCRT/RSAVerify) requires 1908-bytes of RAM.
  • RNG generation requires 462-bytes of RAM.
  • SHA primitives require 156-bytes of RAM.
  • RSA KeyGen requires 2004-bytes of RAM.
  • MultiplyN primitive requires 178-bytes of RAM.
  • DivideN requires 306-bytes of RAM.
  • ConvertBCD requires 178-bytes of RAM.

 

Codelets Available

Contact Multos International for detailed technical information and product configurations.

Romlets Available

There are no romlets available.