Host Protocols Direct Protocol SAM AV class
April 13, 2023 at 2:39 AMSpringCore Direct SAM AV class
The SAM AV class conveys direct commands to a NXP® MIFARE SAM AV Secure Element, if the device has one.
CLA value
The SAM AV class uses CLA=5A.
Message format
SpringCore Direct over USB, SpringCore Direct over BLE
The commands and the responses use the same format.
| Field | Length | Description / remark |
|---|---|---|
| Header | 4 or 6 bytes | CLA = 5A, LEN = length of Data |
| INS / STA | 1 byte | Command: opcode of the INStruction Response: STAtus |
| Data | 0 or more bytes | Command data Response data |
Encapsulation in CCID Escape / SCardControl
Commands
| Field | Length | Description / remark |
|---|---|---|
| CLA | 1 byte | 5A |
| INS | 1 byte | opcode of the INStruction |
| Data | 0 or more bytes | Command data |
Note
The length of the Command is not transmitted, as it can be deduced from the CCID header.
Responses
| Item | Length | Description / remark |
|---|---|---|
| STA | 1 byte | STAtus |
| Data | 0 or more bytes | Response data |
Note
The length of the Response is not transmitted, as it can be deduced from the CCID header.
The CLA byte is not transmitted.
List of INStructions
The INS opcodes are defined below:
| INS | Name | Description | Remark |
|---|---|---|---|
00 |
INIT | ||
01 |
BLANK | ||
10 |
POWER_ON | ||
11 |
POWER_OFF | ||
12 |
GET_VERSION | ||
13 |
GET_RANDOM | ||
14 |
HOSTAUTH | ||
15 |
LOCK | ||
16 |
UNLOCK | ||
1E |
FORMAT_AV2 | ||
1F |
RESTORE_FACTORY_DEFAULTS | ||
20 |
GET_ENTRY | ||
21 |
UPDATE_ENTRY | ||
50 |
PKI_GENERATE_HASH | ||
51 |
PKI_VERIFY_SIGNATURE | ||
52 |
PKI_HASH_AND_VERIFY_SIGNATURE | ||
53 |
PKI_GENERATE_SIGNATURE | ||
54 |
PKI_HASH_AND_GENERATE_SIGNATURE | ||
60 |
PKI_GET_ENTRY | ||
61 |
PKI_GET_PUBLIC_KEY | ||
62 |
PKI_GET_PRIVATE_KEY | ||
63 |
PKI_GET_PUBLIC_EXPONENT | ||
64 |
PKI_GET_PUBLIC_MODULUS | ||
65 |
PKI_GET_PRIVATE_PRIME1 | ||
66 |
PKI_GET_PRIVATE_PRIME2 | ||
68 |
PKI_UPDATE_ENTRY | ||
69 |
PKI_SET_PUBLIC_KEY | ||
6D |
PKI_SET_PRIVATE_KEY | ||
6E |
PKI_GENERATE_PRIVATE_KEY |
List of STAtus
The STA values are defines below:
| STA | Name | Description |
|---|---|---|
00 |
SUCCESS | Success |
01 |
UNKNOWN_INSTRUCTION | INStruction code is unknown |
02 |
WRONG_LENGTH | Format of INStruction and data is invalid |
03 |
WRONG_PARAMETER | The SAM has returned SW=6502, 6503 or 6A80 “Wrong parameter” |
04 |
EXECUTION_FAILED | Execution error returned by the SAM library |
05 |
INVALID_CONTEXT | Invalid context when accessing the SAM library |
06 |
BUFFER_TOO_SMALL | Buffer too small in the SAM library |
07 |
INTERNAL_ERROR | Internal error in the SAM library |
08 |
NVM_ERROR | Can’t write into the NVM |
09 |
MBEDTLS_ERROR | Execution error returned by the MBEDTLS library |
10 |
COMM_FAILED | No response from the SAM |
11 |
RESP_INVALID | The SAM’s response is not ISO 7816-4 compliant |
12 |
WRONG_RESP_STATUS | The SAM has returned an unexpected SW |
13 |
WRONG_RESP_LENGTH | The SAM’s response is longer or shorter than expected |
14 |
WRONG_RESP_CONTENT | The SAM’s response contains invalid data |
20 |
WRONG_VERSION | The SAM is not an AV2 / The SAM is not an AV3 |
21 |
EEPROM_ERROR | The SAM has returned SW=6400 or 6581 “E2PROM error” |
23 |
ACCESS_DENIED | The SAM has returned SW=6985 “Access denied” |
24 |
SECURITY_ERROR | SAM’s response is invalid (wrong CMAC/decipher failed) |
25 |
SEQUENCE_ERROR | RFU |
30 |
PKI_VERIFICATION_FAILED | Success |