1. Development Kit User Guide
  2. Setup, Samples and Tools
  3. Using Cryptography Extensions
  4. Supported Cryptography Classes

Supported Cryptography Classes

The implementation of security and cryptography in the simulator supports the use of the following classes:

  • javacardx.crypto.AEADCipher

  • javacardx.crypto.Cipher

  • javacard.security.Checksum

  • javacardx.security.derivation.DerivationFunction

  • javacardx.security.cert.CertificateParser

  • javacard.security.InitializedMessageDigest

  • javacard.security.KeyAgreement

  • javacard.security.KeyBuilder

  • javacard.security.KeyPair

  • javacard.security.MessageDigest

  • javacard.security.RandomData

  • javacard.security.Signature

  • javacard.security.SignatureMessageRecovery

Table 10-1 lists the cryptography algorithms that are implemented for the simulator.

Table 10-1 Algorithms Implemented by the Cryptography Classes

Class Algorithm

AEADCipher

Supports ALG_AES_CCM and ALG_AES_GCM (supports only the 12 byte IV length, which is the value recommended by NIST)

Checksum

  • ALG_ISO3309_CRC16—ISO/IEC 3309-compliant 16-bit CRC algorithm. This algorithm uses the generator polynomial: x^16+x^12+x^5+1. The default initial checksum value used by this algorithm is 0. This algorithm is also compliant with the frame-checking sequence as specified in section 4.2.5.2 of the ISO/IEC 13239 specification.

  • ALG_ISO3309_CRC32—ISO/IEC 3309-compliant 32-bit CRC algorithm. This algorithm uses the generator polynomial: X^32+X^26+X^23+X^22+X^16+X^12+X^11+X^10+X^8 +X^7+X^5+X^4+X^2+X+1. The default initial checksum value used by this algorithm is 0. This algorithm is also compliant with the frame-checking sequence as specified in section 4.2.5.3 of the ISO/IEC 13239 specification.

Cipher

  • ALG_DES_CBC_ISO9797_M2—provides a cipher using DES in CBC mode. This algorithm uses CBC for DES and 3DES. Input data is padded according to the ISO 9797 method 2 (ISO 7816-4, EMV'96) scheme.

  • ALG_RSA_PKCS1—provides a cipher using RSA. Input data is padded according to the PKCS#1 (v1.5) scheme.

  • ALG_AES_BLOCK_128_CBC_NOPAD—provides a cipher using AES with block size 128 in CBC mode and does not pad input data.

  • ALG_AES_XTS—provides a cipher using AES in XEX Tweakable Block Cipher with Ciphertext Stealing (XTS) mode as defined in IEEE Std 1619. Only the variant with two AES keys of 128-bit length is supported.

  • ALG_AES_CFB—provides a cipher using AES in Cipher Feedback (CFB) mode.

  • AEADCipher—Supports ALG_AES_CCM and ALG_AES_GCM (supports only the 12 byte IV length, which is the value recommended by NIST)

InitializedMessageDigest

Provides the functionality of MessageDigest, with the additional ability to allow for initialization with a starting hash value corresponding to a previously hashed part of the message. Provides for SHA1 and SHA256.

KeyAgreement

  • ALG_EC_SVDP_DH—elliptic curve secret value derivation primitive, Diffie-Hellman version, per [IEEE P1363].

  • ALG_EC_SVDP_DHC—elliptic curve secret value derivation primitive, Diffie-Hellman version, with cofactor multiplication, per [IEEE P1363].

KeyBuilder

The algorithms define the key lengths for:

  • 128-bit AES

  • 64-bit DES

  • 112-, 128-, 160-, 192-bit ECC

  • 128-bit DES3

  • 512-bit RSA

  • Up to 512-bit HMAC

KeyPair

The algorithms define the key lengths for:

  • 112-, 128-, 160-, 192-bit ECC

  • 512-bit RSA

MessageDigest

Message digest algorithm SHA1 and SHA256

RandomData

Pseudo-random number generator with a 48-bit seed, which is modified using a linear congruential formula.

Signature

  • ALG_DES_MAC8_ISO9797_M2—generates an 8-byte MAC (most significant 8 bytes of encrypted block) using DES or 3DES in CBC mode. This algorithm uses CBC for DES and 3DES. Input data is padded according to the ISO 9797 method 2 (ISO 7816-4, EMV'96) scheme.

  • ALG_RSA_SHA_PKCS1—encrypts the 20 byte SHA1 digest using RSA. The digest is padded according to the PKCS#1 (v1.5) scheme.

  • ALG_AES_MAC_128_NOPAD—generates a 16-byte MAC using AES with blocksize 128 in CBC mode and does not pad input data.

  • ALG_ECDSA_SHA—signs/verifies the 20-byte SHA digest using ECDSA.

  • ALG_AES_CMAC_128

  • ALG_HMAC_SHA1 and ALG_HMAC_SHA_256 — generates an HMAC using the steps found in RFC 2104 using the SHA1 and SHA-256 standards, respectively as the hashing algorithm.

SignatureMessageRecovery

  • ALG_RSA_SHA_ISO9796_MR—uses the first part of the input message as padding bytes during signing. During verification, these message bytes (recoverable message) can be recovered to reconstruct the message.

DerivationFunction

  • ALG_KDF_COUNTER_MODE—implements KDF in Counter Mode defined in NIST SP 800-108 (recommendation for Key Derivation Using Pseudorandom Functions) with HMAC-SHA-1 or HMAC-SHA-256 as PRF and with HMAC key up to 512 bits size.

  • ALG_PRF_TLS12—implments the TLS version 1.2 Pseudo Random Function defined in IETF RFC 5246) with HMAC Key up to 512 bits size

CertificateParser

  • TYPE_X509_DER—parser for X.509 v1, v2, and v3 DER-encoded certificates (see RFC 5280).

  • ALG_RSA_SHA_PKCS1—is the supported signature algorithm.