ST22FJ1M Smartcard 32-Bit RISC MCU with 1 Mbytes FLASH & Javacard™ HW Execution DATA BRIEF Figure 1. Delivery Form 4 4 4 4 PRODUCT FEATURES ■ 32-BIT RISC CPU WITH 24-BIT LINEAR MEMORY ADDRESSING ■ 768 KBYTES USER FLASH ■ 16 KBYTES USER RAM ■ 16 KBYTES USER SECONDARY RAM ■ 256 KBYTES USER PAGE-FLASH 32-BIT RISC CPU ■ DUAL INSTRUCTION SET, JAVACARD™ AND NATIVE ■ 4-STAGE PIPELINE ■ 16 GENERAL PURPOSE 32-BIT REGISTERS, AND 11 SPECIAL REGISTERS ■ 4 MASKABLE INTERRUPT LEVELS ■ SUPERVISOR AND USER MODES SECURITY ■ CPU SECURITY INSTRUCTIONS – DES and 3DES instructions – Fast Multiply and Accumulate instructions for Public Key and Elliptic Curve Cryptography ■ CPU DPA/SPA COUNTERMEASURES ■ RANDOM NUMBER GENERATOR ■ HARDWARE RAM DESTRUCTION ■ CLOCK AND POWER MANAGEMENT ■ VOLTAGE AND CLOCK FREQUENCY SENSORS ■ ADVANCED MEMORY PROTECTION – Memory Protection Unit for application firewalling and peripheral access control – Domain switching securely controlled by protected Context Stack – Native/Java, Code/Data memory attributes with 256-byte granularity for Page-Flash, and 8-Kbyte granularity for Flash and ROM – Each FLASH sector can be independently set as read-only ■ FOUR WORKING STACKS – Java stack with both 16 and 32-bit accesses – User and Supervisor mode stacks – Security Context stack Micromodule Wafer CRYPTOGRAPHIC LIBRARY ASYMMETRICAL ALGORITHMS – Software Crypto libraries in separate ROM area for efficient algorithm coding using a set of advanced functions. RSA, signature/ verification – RSA key calculation including Prime number generation SHA-1 ■ SYMMETRICAL ALGORITHMS – DES, Triple DES, AES CRYPTOGRAPHY PERFORMANCE The following table provides the cryptographic performances of the ST22FJ1M based on ST Crypto Library. ■ Table 1. Preliminary Cryptographic Performances Algorithm RSA 1024 bits RSA 2048 bits DES SHA-1 AES-128 Function Signature with CRT Signature without CRT 2) Verification (e=0x10001) Signature with CRT Signature without CRT Verification (e=0x10001) Triple Single 512-bit Block Encryption including subkey computation Time 1) 79.0 ms 242.0 ms 3.6 ms 485.0 ms 1.7 s 11.0 ms 18 µs 8 µs 194 µs 85 µs Note: 1) Internal clock at 33 MHz Note: 2) CRT: Chinese Reminder Theorem December 2003 This is Brief Data from STMicroelectronics. Details are subject to change without notice. For complete data, please contact your nearest Sales Office or SmartCard Products Divison, Rousset, France. Fax: (+33) 4 42 68 87 29. 1/8 ST22FJ1M MEMORY ■ HIGHLY RELIABLE CMOS FLASHTECHNOLOGY – 10 years data retention, 100,000 Erase/Write cycles endurance – 64 Kbytes sector Erase in 1.5 s typical – 32-bit word program in 100 µs for FLASH Div 2 jittsi update and 200 µs for Page-Flash typical in User mode ■ HIGHLY RELIABLE CMOS PAGE-FLASH TECHNOLOGY – 10 years data retention, 100,000 Erase/Write cycles endurance – 32-bit word Erase in 2 ms typical – 2K byte sector erase in 50 ms typical – 32-bit word program in 30 µs typical in User mode, 10 µs in Issuer mode ■ FAST AND SECURE FLASH LOADER ■ HIGH PERFORMANCE MEMORY – Dual memory buses for data and instruction – Byte, Short (2) and Word (4) load and store – Address auto-increment 2/8 OTHER FEATURES HARDWARE ASYNCHRONOUS SERIAL INTERFACE (ASI) – 1M baud rate capability – 2 serial I/O ports compatible ISO 7816-3 T=0 and T=1 ■ 2 USER CONFIGURABLE 12-BIT AND 16-BIT TIMERS WITH INTERRUPT ■ CENTRAL INTERRUPT CONTROLLER WITH UP TO 16 INPUT LINES ■ UP TO 8 MHZ BIG JITTER DIV 4 ■ EXTERNAL CLOCK FROM 1 MHz TO 10 MHz ■ 3 V TO 5.5 V SUPPLY VOLTAGE ■ TEMPERATURE RANGE -25° C to +85° C ■ POWER SAVING STANDBY MODE ■ ESD PROTECTION GREATER THAN 4000 V ■ UNIQUE IDENTIFICATION PER DIE ■ ST22FJ1M DESCRIPTION The ST22FJ1M is a member of the SmartJ™ platform using a 32-bit Reduced Instruction Set Computer (RISC) core to execute both Native RISC instructions and JavaCard™ 2.x Technology instruction (byte codes) directly. Direct JavaCard™ byte code execution provides high performance advantage over processors that emulate the JavaCard™ byte code instruction set. – The product features a 24-bit wide linear addressing capability and includes 768 Kbytes of User Flash, 16 KBytes of User RAM, 16 Kbytes of User secondary RAM, and 256 KBytes of User Page-Flash. – The Flash memory is organized in 12 sectors of 64 Kbytes each, with 8 Kbytes sub-sectors. Each sector can be erased in 1.5 s typical. All 32-bit words are programmed in 100 µs typical in User mode. One of the Flash sector is reserved by the HSI for saving data, when modifying a sector. The Page-Flash memory is organized in 128 sub-sectors of 2 Kbytes each. Each sub-sector can be erased in 50 ms typical. All 32-bit words are programmed in 200 µs typical in User mode. The secondary RAM memory can be used as a regular RAM, or dynamically mapped to the address of any of the 96 Flash sub-sectors, or mapped to two consecutive Flash sub-sectors. This memory can be used to speed-up processing and decrease power consumption. – The product includes a fast and secure Flash loader. The OS code is received from the OS manufacturer in an encrypted form, and decrypted on-chip before programming the Flash. Memory and Peripheral accesses are controlled by a Memory Protection Unit that allows to implement firewalls between applications. Memories are accessed via two different buses, allowing simultaneous accesses to code and data. Memory load and stores can be performed at byte, short (2-bytes), or word (4-bytes) granularity, with optional pointer auto increment. The ST22 core includes dedicated DES instructions for Secret Key cryptography, a fast Multiply and Accumulate instruction for Public Key cryptography (RSA) and Elliptic Curve cryptography. The ST22 core also includes specific instructions for security. The product has clock and power management, 2 User configurable Timers, a Central Interrupt Controller and a Random Number Generator. P-FLASH ISO 7816 ASI RAM RNG .... .... .... SECURITY POWER MNGT. TIMER Figure 2. SmartJ™ Platform FLASH Architecture PERIPHERALS MPU BUS 2 32-bit RISC CORE BUS 1 ST ROM SECONDARY RAM FLASH CLOCK MNGT. SCP 160b/PRZ 3/8 ST22FJ1M The product has two execution modes. Java mode is used when JavaCard™ 2.x byte codes are being executed. Native mode is used for long JavaCard™ byte codes, Native methods and system routines. The processor enters Java mode when a dispatch (DISP) instruction is encountered. When executing in Native mode, there are two privilege levels, User and Supervisor. Some instructions can only be executed in Supervisor mode. Instructions are of variable length, from 1 to 4 bytes in Native mode. Special instructions exist for single-cycle stack operations, a frequent occurrence in Java code. Short branches and conditional branches within a 1 KByte block or the entire 16-MByte instruction space are supported. The product has four stages of pipeline in Native mode: fetch, decode, execute and write-back. In Java mode, there are five stages of pipeline: byte code-fetch, byte code-decode, decode, execute and write-back. The CPU core has 16 32-bit general purpose registers, as well as 11 special registers of variable length. The chip also features a very high performance Asynchronous Serial Interface (ASI) to support high speed serial communication protocols compatible with ISO 7816 standards. It is manufactured using the highly reliable ST CMOS FLASH technology. EMBEDDED SOFTWARE The Hardware Software Interface (HSI) implements the Hardware abstraction layer. It consists of C interfaces to the FLASH memory and peripherals. The drivers are: – Non Volatile Memory – Flash memory – Asynchronous Serial Interface – Central Interrupt Controller – Timer – Random Number Generator – Clock Manager 4/8 – Memory Protection Unit – Sensors – Security Note: – The HSI driver software layer is access to the peripherals and Non Volatile Memory for programming or erasing. – Only the OS and JavaCard™ Virtual Machine (JVM) domains can access the HSI software layer (In the following the term OS will refer to the software layer that is directly interfaced to the HSI). CRYPTOGRAPHIC LIBRARY ST proposes a complete set of firmware subroutines. This library is located in a specific ROM area. It saves the operating system designer from coding first layer functions and allows him to concentrate on algorithms, Public Key Cryptography and Secret Key Cryptography protocols implementation. The cryptographic library, located in a specific ROM area, contains firmware functions for: ■ ASYMMETRICAL ALGORITHMS: – basic mathematics including modular squaring and multiplication for various lengths; – modular exponentionation; – more elaborate functions such as RSA signatures and verifications for modulo length up to 2048 bits long; – full internal key generation for signatures/ verifications. This guarantees that the secret key will never be known outside the chip and contributes to the overall system security. – long random number generation – SHA-1 – RSA key generation ■ SYMMETRICAL ALGORITHMS – DES, Triple DES – AES-128, AES-192, AES-256 ST22FJ1M SOFTWARE DEVELOPMENT ENVIRONMENT Modularity, flexibility and methodology are the key words for the SmartJ™ Development Tools Platform. Using the same interface, the developers are able to create, compile and debug a project. The SmartJ™ Integrated Development environment (IDE) includes: – A code Generation chain: C/C++ compiler, assembler and linker. The assembler supports both native and JavaCard™ instruction sets. – An instruction set simulator, a cycle accurate simulator, a C/C++ source level debugger. Figure 3. SmartJ™ Platform Concept SmartJ Platform ST22 Core Plus ROM RAM NVM Size Definition SmartJ IDE SmartJ-Tools Pack-CD SmartJ H/W Development (not yet available) VHDL Library (1) STD PERIPHERALS & SECURITY ASI, Timers, Security Mechanisms,... SmartJ ISO 15408 Certified Embedded Library HSI (2) Memory & Std Peripherals Drivers CRYPTO (2) Certified Crypto Library (DES, 3DES, RSA, SHA, AES...) CUSTOMS PLUGS-IN (1) 484 Note: 1) SmartJ™ Platform Technology License Agreement required Note: 2) SmartJ™ Technology License and Distribution Agreement required 5/8 ST22FJ1M Figure 4. SmartJ™ IDE 6/8 ST22FJ1M Figure 5. SmartJ™ Code Generation Tools A s m S o u rc e C /C + + S o u rc e C / C + + C o m p ile r N a t iv e /J a v a A s s e m b le r C /C + + S ta n d a rd L ib r a rie s HSI L ib r a r y O b je c t F ile s L in k e r C ry p to . L ib r a ry D e v ic e S e t - u p A p p lic a tio n S C P 1 6 0 c/P R Z Figure 6. SmartJ™ Code Validation Tools Integrated Development Environment > Console.exe Debugger GUI Third party tools ST PLAYER PC/SC DEBUGGER CORE Cycle accurate Simulator ... Random Instruction Set Simulator Timer ASI Monitor SMARTJ SmartCard SmartCard Reader SmartCard Pod 160e 7/8 ST22FJ1M Information furnished is believed to be accurate and reliable. However, STMicroelectronics assumes no responsibility for the consequences of use of such information nor for any infringement of patents or other rights of third parties which may result from its use. No license is granted by implication or otherwise under any patent or patent rights of STMicroelectronics. Specifications mentioned in this publication are subject to change without notice. This publication supersedes and replaces all information previously supplied. STMicroelectronics products are not authorized for use as critical components in life support devices or systems without express written approval of STMicroelectronics. The ST logo is a registered trademark of STMicroelectronics. All other names are the property of their respective owners © 2003 STMicroelectronics - All rights reserved BULL CP8 Patents STMicroelectronics GROUP OF COMPANIES Australia - Belgium - Brazil - Canada - China - Czech Republic - Finland - France - Germany Hong Kong - India - Israel - Italy - Japan - Malaysia - Malta - Morocco - Singapore Spain - Sweden - Switzerland - United Kingdom - United States www.st.com 8/8