ST22L032, ST22L064 ST22L096, ST22L128 Smartcard 32-Bit RISC MCU with 32, 64, 96, 128 Kbytes EEPROM, Javacard™ HW Execution & Cryptographic Library DATA BRIEF PRODUCT FEATURES ■ ADVANCED MEMORY PROTECTION ■ 32-BIT RISC CPU WITH 24-BIT LINEAR MEMORY ADDRESSING – Memory Protection Unit for application firewalling and peripheral access control ■ 246 KBYTES USER ROM – ■ 8 KBYTES USER RAM Domain switching securely controlled by protected Context Stack ■ 32 (L032), 64 (L064), 96 (L096) or 128 (L128) KBYTES USER EEPROM – Native/Java, Code/Data memory attributes with 128-byte granularity 32-BIT RISC CPU ■ FOUR WORKING STACKS ■ DUAL INSTRUCTION SET, JAVACARD™ AND NATIVE – Java stack with both 16 and 32-bit accesses ■ 4-STAGE PIPELINE – User and Supervisor mode stacks ■ 16 GENERAL PURPOSE 32-BIT REGISTERS, AND SPECIAL REGISTERS – Security Context Stack ■ 4 MASKABLE INTERRUPT LEVELS ■ SUPERVISOR AND USER MODES Figure 1. Delivery Form 4 4 4 4 SECURITY ■ CPU SECURITY INSTRUCTIONS – Dedicated instructions for DES and Triple DES implementation – Dedicated instructions (Multiply and Accumulate) for efficient implementation of modular arithmetic and elliptic curves based cryptosystems – Micromodule Wafer CRC instruction (ISO 3309 16-bit Checksum) ■ RANDOM NUMBER GENERATOR ■ EEPROM FLASH PROGRAMMING MODE ■ CLOCK AND POWER MANAGEMENT ■ VOLTAGE AND CLOCK FREQUENCY SENSORS September 2004 For further information contact your local ST sales office. 1/7 7 ST22L032, L064, L096, L128 CRYPTOGRAPHIC LIBRARY MEMORY The Crypto Library is provided as a separate ROM area with an access through a unique entry point. This library provides optimized -for the SmartJ core- and secured implementation of the following features: ■ ■ HIGHLY RELIABLE CMOS EEPROM TECHNOLOGY – Error Correction Code for single bit fail within a 32-bit word – 10 years data retention, 500,000 Erase/ Write cycles endurance – 1 to 128 bytes Erase or Program in 2 ms typical ASYMMETRICAL ALGORITHMS ■ – RSA signature/verification – Prime number generation (up to 1024-bit) – RSA key computation (up to 2048-bit) ■ HASH FUNCTION – ■ Dual memory buses for data and instruction – Byte, Short (2) and Word (4) load and store – Address auto-increment DES, Triple DES, AES CRYPTOGRAPHY PERFORMANCE The following table provides the cryptographic performances of the ST22Lxxx based on ST Crypto Library. OTHER FEATURES ■ Table 1. Preliminary Cryptographic Performances Algorithm RSA 1024 bits RSA 2048 bits DES SHA-1 AES-128 Function Signature with CRT Signature without CRT(2) Verification (e=0x10001) Signature with CRT Signature without CRT Verification (e=0x10001) Triple Single 512-bit Block Encryption including subkey computation 1. Internal clock at 33 MHz 2. CRT: Chinese Reminder Theorem 2/7 – SHA-1 SYMMETRICAL ALGORITHMS – HIGH PERFORMANCE MEMORY Time(1) 79.0 ms 242.0 ms 3.6 ms 485.0 ms 1.7 s 11.0 ms 18 µs 8 µs 194 µs 85 µs HARDWARE ASYNCHRONOUS SERIAL INTERFACE (ASI) – 1M baud rate capability – 2 serial I/O ports compatible ISO 7816-3 T=0 and T=1 ■ 2 USER CONFIGURABLE 12-BIT AND 16BIT TIMERS WITH INTERRUPT ■ CENTRAL INTERRUPT CONTROLLER WITH UP TO 16 INPUT LINES ■ EXTERNAL CLOCK FROM 1 MHz TO 10 MHz ■ 1.62 V TO 5.5 V SUPPLY VOLTAGE ■ TEMPERATURE RANGE -25° C to +85° C ■ POWER SAVING STANDBY MODE ■ ESD PROTECTION GREATER THAN 5000 V ■ UNIQUE IDENTIFICATION PER DIE ■ TYPICAL INTERNAL FREQUENCY UP TO 33 MHz ■ SOFTWARE CONTROLLED CLOCK MANAGEMENT ST22L032, L064, L096, L128 DESCRIPTION The ST22Lxxx is a member of the SmartJ™ platform using a 32-bit Reduced Instruction Set Computer (RISC) core to execute both Native RISC instructions and JavaCard™ 2.x Technology instruction (byte codes) directly(See Figure 2. "SmartJ™ Platform EEPROM Architecture", on page 3). Direct JavaCard™ byte code execution provides high performance advantage over processors that emulate the JavaCard™ byte code instruction set. The product features a 24-bit wide linear addressing capability and includes User ROM, User RAM, and User EEPROM. Memory and Peripheral accesses are controlled by a Memory Protection Unit that allows to implement firewalls between applications. Memories are accessed via two different buses, allowing simultaneous accesses to code and data. Memory load and stores can be performed at byte, short (2-bytes), or word (4-bytes) granularity, with optional pointer auto increment. The ST22 core includes dedicated instructions to accelerate performances of the following algoriths: – DES and Triple DES – Modular Arithmetic on big numbers, – Characteristic two field arithmetic to support efficiently Elliptic Curves, – CRC 16-bit ISO 3309. The product has clock and power management, 2 User configurable Timers, a Central Interrupt Controller and a Random Number Generator. ASI ... ... RNG RAM TIMER POWER MANAGEMENT SECURITY Figure 2. SmartJ™ Platform EEPROM Architecture ISO 7816 PERIPHERALS 32-bit RISC BUS 1 MPU CORE BUS 2 ROM EEPROM CLOCK MANAGEMENT 3/7 ST22L032, L064, L096, L128 The product has two execution modes. Java mode is used when JavaCard™ 2.x byte codes are being executed. Native mode is used for long JavaCard™ byte codes, Native methods and system routines. The processor enters Java mode when a dispatch (DISP) instruction is encountered. When executing in Native mode, there are two privilege levels, User and Supervisor. Some instructions can only be executed in Supervisor mode. Instructions are of variable length, from 1 to 4 bytes in Native mode. Special instructions exist for single-cycle stack operations, a frequent occurrence in Java code. Short branches and conditional branches within a 1 KByte block or the entire 16-MByte instruction space are supported. The product has four stages of pipeline in Native mode: fetch, decode, execute and write-back. In Java mode, there are five stages of pipeline: byte code-fetch, byte code-decode, decode, execute and write-back. The CPU core has 16 32-bit general purpose registers, as well as special registers of variable length. Note: – The HSI driver software layer is a C-oriented API allowing efficient and secureaccess to the peripherals and Non Volatile Memory for programming or erasing. – Only the OS and JavaCard™ Virtual Machine (JVM) domains can access the HSI software layer (In the following the term OS will refer to the software layer that is directly interfaced to the HSI). CRYPTOGRAPHIC LIBRARY ST proposes a complete set of firmware subroutines to allow fast and easy implementation of cryptographic protocols. These subroutines have been optimized according to the ST22 core specificities and dedicated instructions. Security issues have been addressed to provide state of the art security. The whole library is located in a specific ROM area access through a single entry point. Following features are available through library: ■ The chip also features a very high performance Asynchronous Serial Interface (ASI) to support high speed serial communication protocols compatible with ISO 7816 standard. ASYMMETRICAL ALGORITHMS: – Basic modular arithmetic for various lengths including modular product for odd modulus. – More elaborate functions (with separate fast and secure versions) such as exponentiation, RSA signatures and verifications for modulo length up to 2048 bits long. – Full internal RSA key generation. This guarantees that the secret key will never be known outside the chip and will contribute to the overall system security. – Long random number generation – SHA-1 It is manufactured using the highly reliable ST CMOS EEPROM technology. EMBEDDED SOFTWARE The Hardware Software Interface (HSI) implements the Hardware abstraction layer. It consists of C interfaces to the EEPROM memory and peripherals. The drivers are: – Non Volatile Memory – Asynchronous Serial Interface – Central Interrupt Controller – Timer – Random Number Generator – Clock Manager – Memory Protection Unit – Sensors – Security 4/7 ■ SYMMETRICAL ALGORITHMS – DES, Triple DES – AES-128, 192, 256 ST22L032, L064, L096, L128 SOFTWARE DEVELOPMENT ENVIRONMENT Modularity, flexibility and methodology are the key words for the SmartJ™ Development Tools Platform. Using the same interface, the developers are able to create, compile and debug a project. The SmartJ™ Integrated Development environment (IDE) includes: – – An instruction set simulator, a cycle accurate simulator, a C/C++ source level debugger. Software and Hardware tools allow to efficiently generate, then validate all code and application embbeded softwares for the SmartJ™ platform. A code Generation chain: C/C++ compiler, assembler and linker. The assembler supports both native and JavaCard™ instruction sets. Figure 3. SmartJ™ IDE 5/7 ST22L032, L064, L096, L128 Figure 4. SmartJ™ Code Generation Tools A s m S o u rc e C /C + + S o u rc e C / C + + C o m p ile r N a t iv e /J a v a A s s e m b le r C /C + + S ta n d a rd L ib r a rie s HSI L ib r a r y O b je c t F ile s L in k e r C ry p to . L ib r a ry D e v ic e S e t - u p A p p lic a tio n S C P 1 6 0 c/P R Z Figure 5. SmartJ™ Code Validation Tools Integrated Development Environment > Console.exe Debugger GUI Third party tools ST PLAYER PC/SC Virtual interface DEBUGGER CORE Cycle accurate Simulator ... Random Instruction Set Simulator Timer ASI Monitor FPGA Board SmartCard Reader SmartCard Pod 160d 6/7 ST22L032, L064, L096, L128 Information furnished is believed to be accurate and reliable. However, STMicroelectronics assumes no responsibility for the consequences of use of such information nor for any infringement of patents or other rights of third parties which may result from its use. No license is granted by implication or otherwise under any patent or patent rights of STMicroelectronics. Specifications mentioned in this publication are subject to change without notice. This publication supersedes and replaces all information previously supplied. STMicroelectronics products are not authorized for use as critical components in life support devices or systems without express written approval of STMicroelectronics. The ST logo is a registered trademark of STMicroelectronics. All other names are the property of their respective owners © 2004 STMicroelectronics - All rights reserved STMicroelectronics group of companies Australia - Belgium - Brazil - Canada - China - Czech Republic - Finland - France - Germany - Hong Kong - India - Israel - Italy - Japan Malaysia - Malta - Morocco - Singapore - Spain - Sweden - Switzerland - United Kingdom - United States of America www.st.com 7/7