ST AN2646 Application note
AN2646
Application note
Smartcard interface with the STM8S microcontroller
Introduction
This document describes a firmware and hardware smartcard interface solution based on the STM8 UART1 peripheral. The main purpose of this firmware and hardware package is to provide resources that facilitate the development of an application using the UART1 peripheral in smartcard mode.
The firmware interface consists of library source files developed so as to support the ISO 7816-3/4 specification. An application example is also provided.
This document and its associated firmware are available for download from the STMicroelectronics website: www.st.com.
August 2008 |
Rev 2 |
1/43 |
www.st.com
Contents |
AN2646 - Application note |
|
|
Contents
1 |
Smartcard interface description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
. 4 |
|
|
1.1 |
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
4 |
|
1.2 |
External interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
4 |
|
1.3 |
Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
4 |
|
1.4 |
Smartcard clock generator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
5 |
2 |
Smartcard reader hardware connection . . . . . . . . . . . . . . . . . . . . . . . . . |
6 |
|
3 |
ISO 7816 – protocol overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
8 |
|
|
3.1 |
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
8 |
|
3.2 |
ISO 7816-2 – pin location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
8 |
4 |
ISO 7816-3 – electronic signal and transmission protocol . . . . . . . . . |
10 |
|
|
4.1 |
Card power-up and reset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
11 |
|
4.2 |
Data transfer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
12 |
|
4.3 |
Answer to reset (ATR) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
16 |
5 |
ISO 7816-4 – smartcard commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
18 |
|
|
5.1 |
T0 protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
18 |
|
5.2 |
Application-level protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
20 |
5.2.1 The ISO 7816-4 APDU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 5.2.2 File system API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 5.2.3 ISO 7816-4 functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 5.2.4 Security API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
6 |
Smartcard interface library: description . . . . . . . . . . . . . . . . . . . . . . . . |
26 |
|
|
6.1 |
File organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
26 |
|
6.2 |
Smartcard interface library functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
26 |
6.2.1 SC_Handler function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 6.2.2 SC_PowerCmd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 6.2.3 SC_Reset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 6.2.4 SC_ParityErrorHandler . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 6.2.5 SC_PTSConfig . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
2/43
AN2646 - Application note |
Contents |
|
|
6.3 How to send APDU commands to the smartcard . . . . . . . . . . . . . . . . . . . 32
6.3.1 SC_GET_A2R . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 6.3.2 SELECT_FILE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 6.3.3 SC_GET_RESPONSE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 6.3.4 SC_READ_BINARY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 6.3.5 SC_CREATE_FILE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 6.3.6 SC_UPDATE_BINARY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 6.3.7 SC_VERIFY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
|
6.4 |
Parity error management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
35 |
|
|
|
6.4.1 |
Data sent from card to reader . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
35 |
|
|
6.4.2 |
Data sent from reader to card . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
35 |
7 |
Smartcard interface example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
36 |
||
7.1 Firmware package description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
7.1.1 FWLib folder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 7.1.2 Smartcard_AN folder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
|
7.2 |
Firmware description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
37 |
|
|
|
7.2.1 |
Smartcard startup: answer to reset (A2R) . . . . . . . . . . . . . . . . . . . . . . . |
38 |
|
|
7.2.2 |
Reading a file at a specified path . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
38 |
|
|
7.2.3 |
Enabling/disabling the PIN1 (CHV1) code . . . . . . . . . . . . . . . . . . . . . . . |
40 |
|
|
7.2.4 |
Verifying the PIN1 (CHV1) code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
40 |
8 |
Conclusion . |
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
41 |
|
9 |
Revision history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
42 |
||
3/43
Smartcard interface description |
AN2646 - Application note |
|
|
1 Smartcard interface description
1.1Introduction
The smartcard interface is developed using the UART1 smartcard mode. For the description of the UART1 registers, please refer to the STM8S/STM8A reference manual (RM0009). The UART1 smartcard mode supports asynchronous protocol smartcards as defined in the ISO 7816-3 (Class A) standard, please refer to the ISO 7816-3 specification for more details.
With the smartcard mode enabled, the UART1 must be configured as:
●Eight data bits plus parity
●0.5 or 1.5 stop bits
A 5-bit prescaler and the smartcard clock generator provide the clock to the smartcard. GPIO pins in conjunction with software are used to provide the rest of the functions required to interface to the smartcard.
The inverse signalling convention as defined in ISO 7816-3, inverted data and MSB first, is not handled in the software.
There are three types of card that operate at different voltages:
●5V (ISO7816-3 Class A)
●3V (ISO7816-3 Class B)
●1.8V (ISO7816-3 Class C)
1.2External interface
Table 1. |
Smartcard pins |
|
|
STM8S20x pin |
Smartcard pin |
Function |
|
|
|
|
|
UART1_CK |
|
CLK |
Smartcard clock |
|
|
|
|
UART1_TX |
|
IO |
IO serial data: open drain |
|
|
|
|
Any GPIO |
|
RST |
Reset to card |
|
|
|
|
Any GPIO |
|
VCC |
Supply voltage |
Any GPIO |
|
VPP |
Programming voltage |
The Smartcard_RST (Smartcard reset), Smartcard_3/5V (3 V or 5 V), Smartcard_CMDVCC (command for VCC), and Smartcard_OFF signals (signal for card detection) are provided by GPIO bits of the I/O ports under software control. Programming the GPIO bits of the port for alternate function open-drain mode connects the UART1_TX data signal to the Smartcard_IO pin with the correct driver type and the clock generator to the Smartcard_CLK pin configured in output push-pull.
1.3Protocol
The ISO 7816-3 standard defines the bit times for the asynchronous protocol in terms of time units called ETUs (elementary time units), that are related to the clock frequency input
4/43
AN2646 - Application note |
Smartcard interface description |
|
|
to the card. The length of an ETU is a bit time. The UART1 transmitter output and receiver input are internally connected through the Rx_SW line. For the transmission of data from the STM8S20x to the smartcard, the UART1 must be set up in smartcard mode.
Figure 1. ISO 7816-3 asynchronous protocol
1.4Smartcard clock generator
The smartcard clock generator provides a clock signal to the connected smartcard. The smartcard uses this clock to derive the baud rate clock for the serial I/O between the smartcard and another UART1. The clock is also used for the CPU in the card, if present.
Operation of the smartcard interface requires that the clock rate to the card is adjusted while the CPU in the card is running code so that the baud rate can be changed or the performance of the card can be increased. The protocols that govern the negotiation of these clock rates and the altering of the clock rate are detailed in the ISO 7816-3 standard.
The clock is used as the CPU clock for the smartcard, therefore updates to the microcontroller clock rate must be synchronized to the smartcard clock, that is the clock high or low pulse widths must not be shorter than either the old or new programmed value.
5/43
Smartcard reader hardware connection |
AN2646 - Application note |
|
|
2 Smartcard reader hardware connection
To interface to the smartcard, the ST8024 device was used. The ST8024 is a complete lowcost, analog interface for asynchronous 3 V and 5 V smartcards. It is placed between the smartcard and the STM8S20x with few external components to perform all supply protection and control functions.
The M74HC4052 multiplexer/demultiplexer is configured by software to allow the UART1_TX to the Smartcard_IO
Table 2. |
STM8S20x and smartcard connection |
||
STM8S20x pins |
Smartcard pins |
Function |
|
|
|
|
|
UART1_CK: PA6 |
C3: CLK |
Smartcard clock: output push-pull |
|
|
|
|
|
UART1_TX: PA5 |
C7: IO |
IO serial data: output open drain |
|
|
|
|
|
PG5 |
|
C2: RST |
Reset to card: output push-pull |
|
|
|
|
PG7 |
|
C1: VCC |
Supply voltage: output push-pull |
PE0 |
|
OFF |
Smartcard detect: input floating |
|
|
|
|
PG4 |
|
3/5V |
3 V or 5 V: output push-pull |
|
|
|
|
6/43
AN2646 - Application note |
Smartcard reader hardware connection |
|
|
Figure 2. Smartcard interface hardware connection
7/43
ISO 7816 – protocol overview |
AN2646 - Application note |
|
|
3 ISO 7816 – protocol overview
3.1Introduction
"ISO 7816: Identification cards -- Integrated circuit(s) cards with contacts" provides the basis to transition the relatively simple identification card from a token that can be compromised through forgery, theft, or loss into a tamper-resistant and "intelligent" integrated circuit card (ICC), more popularly known as a smartcard. ISO 7816 includes at least six approved parts and has several additional parts under review:
●Part 1: Physical characteristics
●Part 2: Dimensions and location of the contacts
●Part 3: Electrical interface and transmission protocols
●Part 3: Amendment 2-Revision of protocol type selection
●Part 4: Organization, security and commands for interchange
●Part 5: Registration of application providers
3.2ISO 7816-2 – pin location
ISO 7816-2 specifies an ICC with eight electrical contacts present in a standardized position on the front face of the card. These are referred to as C1 through C8. Some of these contacts are electrically connected to the microprocessor chip embedded within the card; some are not, having been defined to allow for enhancements but unused at the present time. Figure 3 shows the contact positions.
Figure 3. Contact definitions for smartcards
8/43
AN2646 - Application note |
ISO 7816 – protocol overview |
||
|
|
|
|
|
Table 3. |
Pin assignment |
|
|
|
|
|
|
|
Pins |
Functions |
|
|
|
|
|
|
C1 |
VCC = 5 V or 3.3 V |
|
|
C2 |
Reset |
|
|
|
|
|
|
C3 |
Clock |
|
|
|
|
|
|
C4 |
RFU |
|
|
|
|
|
|
C5 |
GND |
|
|
|
|
|
|
C6 |
VPP |
|
|
C7 |
I/O |
|
|
|
|
|
|
C8 |
RFU |
|
|
|
|
9/43
ISO 7816-3 – electronic signal and transmission protocol |
AN2646 - Application note |
|
|
4ISO 7816-3 – electronic signal and transmission protocol
ISO 7816-3 begins to delve into the specification of the "intelligent" aspects of the smartcard. This standard describes the relationship between the smartcard and the reader as one of "slave" (the smartcard) and "master" (the reader). Communications are established by the reader signaling to the smartcard through the contacts noted previously and are continued by the smartcard responding accordingly.
Communication between the card and reader proceed according to various state transitions illustrated in Figure 4.
Figure 4. Reader and card FSM
The communication channel is single-threaded; once the reader sends a command to the smartcard, it blocks until a response is received.
10/43
AN2646 - Application note |
ISO 7816-3 – electronic signal and transmission protocol |
|
|
4.1Card power-up and reset
When a card is inserted into a reader, no power is applied to any of the contacts. The chip on the card could be seriously damaged by applying power to the wrong contacts, and this situation could easily occur if a card were inserted across powered contact points. The contacts remain unpowered until an edge detector determines that the card is properly aligned with the contact points to within some acceptable (for the reader) mechanical tolerance.
When the reader detects that the card is properly inserted, power is applied to the card. First, the contacts are brought to a coherent idle state, as shown in Table 3. A reset signal is then sent to the card via the RST contact line. The idle state occurs when the power (VCC) contact is brought up to a normal, stable operating voltage of 5 V. An initial power setting of 5 V is always applied first, even though some microprocessor chips being introduced operate at 3 V when in an I/O state. The I/O contact is set to a reception mode on the reader side and a stable clock (CLK) is applied. The reset line is in a low state. It must remain in a low state for at least 40 000 CLK cycles before a valid reset sequence can be started by the reader, raising the reset line to a high state.
Figure 5. Answer to reset
1.t3 = 40 000 clock cycles.
2.ATR must be issued by card between 400 clock cycles and 40 000 clock cycles after RST goes high.
11/43
ISO 7816-3 – electronic signal and transmission protocol |
AN2646 - Application note |
|
|
4.2Data transfer
Data transfer between the reader and the card occurs through the concerted action of two of the contact lines: CLK and I/O. The I/O line conveys a single bit of information per unit of time as defined by the CLK depending on its voltage relative to GND. A 1 bit can be conveyed either through a +5 V value or through a 0 V value. The actual convention used is determined by the card and is conveyed to the reader through the "initial character" of the ATR, which is referenced as TS. To transfer 1 byte of information, 10 bits are actually moved across the I/O line; the first is always a "start bit" and the last is always a parity bit used to convey even parity. Considering that the I/O line can be (in one bit period) either in a high
(H) state or a low (L) state, the TS character of the form HLHHLLLLLLH signals that the card wants to use the "inverse convention," meaning that H corresponds to a 0 and L corresponds to a 1. A TS character of the form HLHHLHHHLLH signals that the card wants to use the "direct convention," meaning that H corresponds to a 1 and L corresponds to a 0.
The direct convention and the inverse convention also control the bit ordering with each byte transferred between the card and the reader. In the direct convention, the first bit following the start bit is the low-order bit of the byte. Successively higher-order bits follow in sequence. In the inverse convention, the first bit following the start bit is the high-order bit of the byte. Successively lower-order bits follow in sequence. Parity for each byte transferred should be even; this means that the total number of 1 bits in the byte, including the parity bit, must be an even number.
The I/O line comprises a half-duplex channel; that is, either the card or the reader can transmit data over the same channel, but they both cannot be transmitting at the same time. So as part of the power-up sequence, both the reader and the card enter a receive state in which they are listening to the I/O line. With the start of the reset operation, the reader remains in the receive state while the card must enter a send state in order to send the ATR back to the reader. From this point on, the two ends of the channel alternate between send states and receive states. With a half-duplex channel, there is no reliable way for either end to asynchronously change a state from send to receive or from receive to send. Rather, if this is desired, that end must go into a receive state and allow a timeout of the operation in progress; then a reader end will always try to re-establish a known sequence by re-entering a send state. The CLK and I/O lines can support a wide variety of data transmission speeds. The specific speed is defined by the card and is conveyed back to the reader through an optional character in the ATR. The transmission speed is set through the establishment of one bit time on the I/O line, which means that an interval is established at which the I/O line may be sampled in order to read a bit and then each successive bit. This time is defined as an elementary time unit (ETU) and is established through a linear relationship between several factors. Note that the TS character is returned before any definition of the ETU can be made. This is possible because the ETU during the ATR sequence is always specified to be ETU0=372/(CLK frequency) where the CLK frequency is always between 1 MHz and 5 MHz; in fact, the frequency is almost always selected such that the initial data transfer rate is 9,600 bits per second.
This initial etu is used during answer to reset and is replaced by the work etu during subsequent transmission. F is the clock rate conversion factor and D is the bit rate adjustment factor used to determine the work etu in subsequent transmissions.
For internal clock cards:
initial etu = 1/9600 s
work etu = (1/D)*(1/9600) s
12/43
AN2646 - Application note |
ISO 7816-3 – electronic signal and transmission protocol |
|
|
For external clock cards:
initial etu = 372/fi s
work etu = (1/D)*(F/fs) s
The minimum value of fs must be 1 MHz.
The maximum value of fs is given in Table 4.
I and P define the active state on VPP.
●Maximum programming current: Ipp = 1 mA
●Programming voltage : Vpp = P.V
N is an extra guardtime requested by the card. Before receiving the next character, the card requires a delay of at least (12+N) etu from the leading edge of the previous character. No extra guardtime is used to send characters from the card to the interface device.
The default values of these parameters are:
F = 372; D = 1; I = 50; P = 5; N = 0
Integer values represent the number of global interface bytes
The global interface bytes, TA1, TB1, TC1, TB2 contain integer values FI,DI, II, PI1, N and PI2 which either directly contain or are used to compute the values of the parameters F, D, I, P, N presented above.
TA1 codes FI over the most significant half byte (b8 to b5) and DI over the least significant half byte (b4 to b1).
TB1 codes II over bits b7 and b6, and PI1 over the 5 least significant bits b5 to b1. The most significant bit b8 has a value of 0.
Note: |
The interface device may ignore bit b8 of TB1. |
|
|
|
|
|
|
|
|||||||||
|
TC1 codes N over the eight bits (b8 to b1). |
|
|
|
|
|
|
|
|
||||||||
|
TB2 codes PI2 over the eight bits (b8 to b1). |
|
|
|
|
|
|
|
|
||||||||
Table 4. |
Clock rate conversion factor F |
|
|
|
|
|
|
|
|
|
|
||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Parameter |
|
|
|
|
|
|
|
Values |
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
FI |
0000 |
0001 |
0010 |
0011 |
0100 |
0101 |
0110 |
0111 |
1000 |
1001 |
1010 |
1011 |
1100 |
1101 |
1110 |
1111 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
clk |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
F |
Internal |
372 |
558 |
774 |
1116 |
1488 |
1860 |
RFU |
RFU |
512 |
768 |
1024 |
1536 |
2048 |
RFU |
RFU |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Freq |
- |
5 |
6 |
8 |
12 |
16 |
20 |
- |
- |
5 |
7.5 |
10 |
15 |
20 |
- |
- |
|
max |
|||||||||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
RFU : Reserved for Future Use |
|
|
|
|
|
|
|
|
|
|
||||||
13/43
Loading...