1/7 data brief october 2004 for further information contact your local st sales office. st22t064-a smartcard 32-bit risc mcu with 64 kbytes eeprom & usb 2.0 full speed device controller 7 product features � 32-bit risc cpu with 24-bit linear memory addressing � 228 kbytes user rom � 16 kbytes user ram � 64 kbytes user eeprom 32-bit risc cpu � dual instruction set, javacard? and native � 4-stage pipeline � 16 general purpose 32-bit registers, and special registers � 4 maskable interrupt levels � supervisor and user modes usb 2.0 full speed device controller with on chip clock recovery � up to 12mbits/s bandwidth � 16 dynamically configurable endpoints � all usb transfer modes supported � iso / usb mode detection � ccid and iso 7816-12 compliant security � cpu security instructions ? dedicated instructions for des and triple des implementation ? dedicated instructions (multiply and accumulate) for efficient implementation of modular arithmetic and elliptic curves based cryptosystems ? crc instruction (iso 3309 16-bit checksum) � encryption co-processor � cpu dpa/spa countermeasures � random number generator � eeprom flash programming mode � clock and power management � voltage and clock frequency sensors � advanced memory protection ? memory protection unit for application firewalling and peripheral access control ? domain switching securely controlled by protected context stack ? native/java, code/data memory attributes with 128-byte granularity � four working stacks ? java stack with both 16 and 32-bit accesses ? user and supervisor mode stacks ? security context stack figure 1. delivery form 4 4 4 4 micromodule wafer so20
st22t064-a 2/7 cryptographic library the crypto library is provided as a separate rom area with an access through a unique entry point. this library provides optimized -for the smartj core- and secured implementation of the following features: � asymmetrical algorithms ? rsa signature/verification ? prime number generation (up to 1024-bit) ? rsa key computation (up to 2048-bit) � hash function ? sha-1 � symmetrical algorithms ? des, triple des, aes cryptography performance the following table provides the cryptographic performances of the st22t064-a based on st crypto library. table 1. preliminary cryptographic performances memory � highly reliable cmos eeprom technology ? error correction code for single bit fail within a 32-bit word ? 10 years data retention, 500,000 erase/ write cycles endurance ? 1 to 128 bytes erase or program in 2 ms typical � high performance memory ? dual memory buses for data and instruction ? byte, short (2) and word (4) load and store ? address auto-increment other features � hardware asynchronous serial interface (asi) ? 1m baud rate capability ? 2 serial i/o ports compatible iso 7816-3 t=0 and t=1 � 2 user configurable 12-bit and 16- bit timers with interrupt � central interrupt controller with up to 16 input lines � external clock from 1 mhz to 10 mhz (iso 7816-3 mode) � 1.62 v to 5.5 v supply voltage (iso 7816-3 mode) � 4v to 5.5v in the usb mode � temperature range -25 c to +85 c � power saving standby mode, suspend (usb) � esd protection greater than 5000 v � unique identification per die � typical internal frequency up to 33 mhz � software controlled clock management algorithm function time (1) 1. internal clock at 33 mhz rsa 1024 bits signature with crt 79.0 ms signature without crt (2) 2. crt: chinese reminder theorem 242.0 ms verification (e=0x10001) 3.6 ms rsa 2048 bits signature with crt 485.0 ms signature without crt 1.7 s verification (e=0x10001) 11.0 ms des triple 18 s single 8 s tdes (3) 3. tdes with encryption coprocessor triple (with keys loaded) 1.8 us sha-1 512-bit block 194 s aes-128 encryption including subkey computation 85 s
3/7 st22t064-a description the st22t064-a is a member of the smartj ? platform using a 32-bit reduced instruction set computer (risc) core to execute both native risc instructions and javacard ? 2.x technolo- gy instruction (byte codes) directly (see figure 2. "smartj ? platform eeprom architecture", on page 3) . direct javacard ? byte code execution provides high performance advantage over processors that emulate the javacard ? byte code instruction set. the usb 2.0 full speed device controller allows communication up to 12mbits/s. the interface fea- tures 16 configurable endpoints and supports con- trol, bulk, interrupt and isochronous transfer modes. this makes the st22t064-a suitable for pc and network access control as well as multi- media applications such as secure multimedia content broadcast. the clock recovery eliminates the need for crystals or other external circuitry, thus allowing cost effective usb token design. memory and peripheral accesses are controlled by a memory protection unit that allows to imple- ment firewalls between applications. memories are accessed via two different buses, allowing simultaneous accesses to code and data. memory load and stores can be performed at byte, short (2-bytes), or word (4-bytes) granularity, with optional pointer auto increment. the st22 core includes dedicated instructions to accelerate performances of the following algoriths: ? des and triple des ? modular arithmetic on big numbers, ? characteristic two field arithmetic to support efficiently elliptic curves, ? crc 16-bit iso 3309. cryptography performance can be increased for des thanks to a dedicated des / triple des ac- celerator. the product has clock and power management, 2 user configurable timers, a central interrupt con- troller and a random number generator. figure 2. smartj? platform eeprom architecture power management 32-bit risc core clock management mpu ram bus 1 bus 2 security timer rng asi peripherals iso rom eeprom usb 7816 des
st22t064-a 4/7 the product has two execution modes. java mode is used when javacard ? 2.x byte codes are be- ing executed. native mode is used for long javac- ard ? byte codes, native methods and system routines. the processor enters java mode when a dispatch ( disp ) instruction is encountered. when executing in native mode, there are two privilege levels, user and supervisor . some instructions can only be executed in supervisor mode. instructions are of variable length, from 1 to 4 bytes in native mode. special instructions exist for single-cycle stack op- erations, a frequent occurrence in java code. short branches and conditional branches within a 1 kbyte block or the entire 16-mbyte instruction space are supported. the product has four stages of pipeline in native mode: fetch, decode, execute and write-back. in java mode, there are five stag- es of pipeline: byte code-fetch, byte code-decode, decode, execute and write-back. the cpu core has 16 32-bit general purpose reg- isters, as well as special registers of variable length. the chip also features a very high performance asynchronous serial interface (asi) to support high speed serial communication protocols com- patible with iso 7816-3 standard. it is manufactured using the highly reliable st cmos eeprom technology. embedded software the hardware software interface (hsi) imple- ments the hardware abstraction layer. it consists of c interfaces to the eeprom memory and pe- ripherals. the drivers are: ? non volatile memory ? asynchronous serial interface ? usb ? central interrupt controller ? timer ? random number generator ? clock manager ? memory protection unit ? sensors ? encryption coprocessor (des) ? security note: ? the hsi driver software layer is a c-oriented api allowing efficient and secure access to the peripherals and non volatile memory for programming or erasing. it is the only way to access to the usb interface. ? only the os and javacard ? virtual machine (jvm) domains can access the hsi software layer (in the following the term os will refer to the software layer that is directly interfaced to the hsi). cryptographic library st proposes a complete set of firmware subrou- tines to allow fast and easy implementation of cryptographic protocols. these subroutines have been optimized according to the st22 core speci- ficities and dedicated instructions. security issues have been addressed to provide state of the art security. the whole library is located in a specific rom area access through a single entry point. following features are available through library: � asymmetrical algorithms: ? basic modular arithmetic for various lengths including modular product for odd modulus. ? more elaborate functions (with separate fast and secure versions) such as exponentiation, rsa signatures and verifications for modulo length up to 2048 bits long. ? full internal rsa key generation. this guarantees that the secret key will never be known outside the chip and will contribute to the overall system security, ? random number generation of big size, ? sha-1. � symmetrical algorithms ? des, triple des including key schedule, ? aes with standalone key schedule for lenght 128, 192 and 256.
5/7 st22t064-a software development environment modularity, flexibility and methodology are the key words for the smartj ? development tools plat- form. using the same interface, the developers are able to create, compile and debug a project. the smartj ? integrated development environ- ment (ide) includes: ? a code generation chain: c/c++ compiler, assembler and linker. the assembler supports both native and javacard ? instruction sets. ? an instruction set simulator, a cycle accurate simulator, a c/c++ source level debugger. software and hardware tools allow to efficiently generate, then validate all code and application embbeded softwares for the smartj ? platform. figure 3. smartj ? ide
st22t064-a 6/7 figure 4. smartj ? code generation tools figure 5. smartj ? code validation tools c/c++ standard libraries c/c++ compiler linker c/c++ source asm source native/java assem bler object f ile s scp 160c/prz hsi library c ryp to . library d ev ice s e t-u p a p p lic a tio n debugger gui debugger core > console.exe third party tools st player integrated development environment smartcard pod smartcard reader cycle accurate simulator instruction set simulator monitor fpga board 160d asi timer random ... pc/sc virtual interface
7/7 st22t064-a information furnished is believed to be accurate and reliable. however, stmicroelectronics assumes no responsibility for the co nsequences of use of such information nor for any infringement of patents or other rights of third parties which may result from its use. no license is granted by implication or otherwise under any patent or patent rights of stmicroelectronics. specifications mentioned in this publicati on are subject to change without notice. this publication supersedes and replaces all information previously supplied. stmicroelectronics prod ucts are not authorized for use as critical components in life support devices or systems without express written approval of stmicroelectro nics. the st logo is a registered trademark of stmicroelectronics. all other names are the property of their respective owners ? 2004 stmicroelectronics - all rights reserved stmicroelectronics group of companies australia - belgium - brazil - canada - china - czech republic - finland - france - germany - hong kong - india - israel - ital y - japan - malaysia - malta - morocco - singapore - spain - sweden - switzerland - united kingdom - united states of america www.st.com
|
