1. Developer Kit Simulator User Guide
  2. Appendices
  3. Annex - Using Cryptography Extensions
  4. Supported Cryptography Classes

Supported Cryptography Classes

The implementation of security and cryptography in the simulator supports the use of the following classes:

  • javacardx.crypto.AEADCipher

  • javacardx.crypto.Cipher

  • javacard.security.Checksum

  • javacardx.security.derivation.DerivationFunction

  • javacardx.security.cert.CertificateParser

  • javacard.security.InitializedMessageDigest

  • javacard.security.KeyAgreement

  • javacard.security.KeyBuilder

  • javacard.security.KeyPair

  • javacard.security.MessageDigest

  • javacard.security.RandomData

  • javacard.security.Signature

  • javacard.security.SignatureMessageRecovery

Table A-1 lists the cryptography algorithms that are implemented for the simulator.

Table A-1 Algorithms Implemented by the Cryptography Classes

Class Algorithm

AEADCipher

Supports ALG_AES_CCM and ALG_AES_GCM (supports only the 12 byte IV length, which is the value recommended by NIST)

Checksum

  • ALG_ISO3309_CRC16—ISO/IEC 3309-compliant 16-bit CRC algorithm. This algorithm uses the generator polynomial: x^16+x^12+x^5+1. The default initial checksum value used by this algorithm is 0. This algorithm is also compliant with the frame-checking sequence as specified in section 4.2.5.2 of the ISO/IEC 13239 specification.

  • ALG_ISO3309_CRC32—ISO/IEC 3309-compliant 32-bit CRC algorithm. This algorithm uses the generator polynomial: X^32+X^26+X^23+X^22+X^16+X^12+X^11+X^10+X^8 +X^7+X^5+X^4+X^2+X+1. The default initial checksum value used by this algorithm is 0. This algorithm is also compliant with the frame-checking sequence as specified in section 4.2.5.3 of the ISO/IEC 13239 specification.

Cipher

  • ALG_DES_CBC_NOPAD —provides a cipher using DES in CBC mode without padding. This algorithm uses CBC for DES and 3DES.

  • ALG_DES_CBC_ISO9797_M1—provides a cipher using DES in CBC mode. This algorithm uses CBC for DES and 3DES. Input data is padded according to the ISO 9797 method 1 scheme.

  • ALG_DES_CBC_ISO9797_M2—provides a cipher using DES in CBC mode. This algorithm uses EBC for DES and 3DES. Input data is padded according to the ISO 9797 method 2 (ISO 7816-4, EMV'96) scheme.

  • ALG_DES_ECB_NOPAD —provides a cipher using DES in ECB mode without padding. This algorithm uses ECB for DES and 3DES.

  • ALG_DES_ECB_ISO9797_M1—provides a cipher using DES in ECB mode. This algorithm uses ECB for DES and 3DES. Input data is padded according to the ISO 9797 method 1

  • ALG_DES_ECB_ISO9797_M2—provides a cipher using DES in ECB mode. This algorithm uses ECB for DES and 3DES. Input data is padded according to the ISO 9797 method 2 (ISO 7816-4, EMV'96) scheme.

  • ALG_RSA_NOPAD - provides a cipher using RSA without padding.

  • ALG_RSA_PKCS1_OAEP - provides a cipher using RSA using the Optimal Asymmetric Encryption Padding scheme (OAEP). The following combinations (cipher algorithm, padding algorithm) are also supported:

    (CIPHER_RSA,PAD_PKCS1_OAEP),

    (CIPHER_RSA,PAD_PKCS1_OAEP_SHA256), (CIPHER_RSA,PAD_PKCS1_OAEP_EXT_PARAMETERS)

    The last combination also permits customization of the MGF1 digest algorithm with ALG_SHA or ALG_SHA256.

  • ALG_RSA_PKCS1—provides a cipher using RSA. Input data is padded according to the PKCS#1 (v1.5) scheme.

  • ALG_AES_BLOCK_128_CBC_NOPAD—provides a cipher using AES with block size 128 in CBC mode and does not pad input data.

  • ALG_AES_BLOCK_128_ECB_NOPAD—provides a cipher using AES with block size 128 in ECB mode and does not pad input data.

  • ALG_AES_CBC_ISO9797_M1—provides a cipher using AES with block size 128 in CBC mode. Input data is padded according to the ISO 9797 method 1 scheme.

  • ALG_AES_CBC_ISO9797_M2—provides a cipher using AES with block size 128 in CBC mode. Input data is padded according to the ISO 9797 method 2 (ISO 7816-4, EMV’96) scheme.

  • ALG_AES_ECB_ISO9797_M1—provides a cipher using AES with block size 128 in ECB mode. Input data is padded according to the ISO 9797 method 1 scheme.

  • ALG_AES_ECB_ISO9797_M2—provides a cipher using AES with block size 128 in ECB mode. Input data is padded according to the ISO 9797 method 2 (ISO 7816-4, EMV’96) scheme.

  • ALG_AES_CBC_PKCS5—provides a cipher using AES with block size 128 in CBC mode. Input data is padded according to the PKCS#5 scheme.

  • ALG_AES_ECB_PKCS5—provides a cipher using AES with block size 128 in ECB mode. Input data is padded according to the PKCS#5 scheme.

  • ALG_AES_XTS—provides a cipher using AES in XEX Tweakable Block Cipher with Ciphertext Stealing (XTS) mode as defined in IEEE Std 1619. AES keys of 128-bit and 256-bit length are supported.

  • ALG_AES_CFB—provides a cipher using AES in Cipher Feedback (CFB) mode.

  • ALG_KOREAN_SEED_ECB_NOPAD and ALG_KOREAN_SEED_CBC_NOPAD —provides a cipher using Korean Seed in ECB or CBC mode with a 128 bit long Korean Seed key

InitializedMessageDigest

Provides the functionality to create MessageDigest, with the additional ability to allow for initialization with a starting hash value corresponding to a previously hashed part of the message. Supports Message digest algorithms MD5, RIPEMD160, SHA1, SHA_224, SHA_256, SHA_384 and SHA_512.

KeyAgreement
  • ALG_DH_PLAIN — Diffie-Hellman (DH) secret value deviration primitive as per NIST Special Publication 800-56Ar2.
  • ALG_EC_PACE_GM — elliptic curve Generic Mapping according to TR03110 v2.

  • ALG_EC_SVDP_DH_KDF — elliptic curve secret value derivation primitive, Diffie-Hellman version, per [IEEE P1363].

  • ALG_EC_SVDP_DH_PLAIN_XY — elliptic curve secret value derivation primitive Diffie-Hellman version, as per [IEEE P1363].
  • ALG_EC_SVDP_DH_PLAIN — elliptic curve secret value derivation primitive, Diffie-Hellman version, per [IEEE P1363].
  • ALG_EC_SVDP_DHC_PLAIN — elliptic curve secret value derivation primitive, Diffie-Hellman version, with cofactor multiplication, and compatibility mode as per [IEEE P1363].
  • ALG_EC_SVDP_DHC_KDF — elliptic curve secret value derivation primitive, Diffie-Hellman version, with cofactor multiplication, and compatibility mode as per [IEEE P1363].

KeyBuilder

Provide the functionality to create the following supported key types and key length:

  • 128, 192, 256 -bit ALG_TYPE_AES and 512-bit only for AES-XTS
  • 64, 128 and 192-bit ALG_TYPE_DES
  • 112-, up to 521-bit ALG_TYPE_EC_FP
  • 113-, up to 193-bit ALG_TYPE_EC_F2M
  • 512-, up to 4096-bit for ALG_TYPE_RSA and ALG_TYPE_RSA_CRT_PRIVATE
  • 8-, up to 512-bit ALG_TYPE_HMAC
  • 8-, up to 1024-bit ALG_TYPE_GENERIC_SECRET
  • 1024-bit and 2048-bit ALG_TYPE_DH
  • 1024-bit and 2048-bit ALG_TYPE_DSA

KeyPair

Provides the functionality to create the following supported key pairs types and length:

  • 112-, 128-, 160-, 192-, 224-, 256-, 384-, 521-bit ALG_EC_FP
  • 113-, 131-, 163-, 193-bit ALG_EC_F2M
  • 512-, 736-, 768-, 869-, 1024-, 1280-, 1536-, 2048-, 3072-, 4096-bit ALG_RSA and ALG_RSA_CRT
  • 1024-bit and 2048-bit ALG_DH
  • 1024-bit and 2048-bit ALG_DSA

MessageDigest

Message digest supported algorithm: ALG_MD5, ALG_RIPEMD160, ALG_SHA1, ALG_SHA_224, ALG_SHA_256, ALG_SHA_384 and ALG_SHA_512.

RandomData

Supported random byte generation algorithms: ALG_FAST, ALG_KEYGENERATION, ALG_PRESEEDED_DRBG, ALG_TRNG, ALG_PSEUDO_RANDOM and ALG_SECURE_RANDOM

Signature
  • ALG_DES_MAC8_NOPAD—generates an 8-byte MAC (most significant 8 bytes of encrypted block) using DES or 3DES in CBC mode with no padding applied. The following combination of (cipher algorithm, digest algorithm, padding algorithm) is also supported: (SIG_CIPHER_DES_MAC8,ALG_NULL,PAD_NOPAD)
  • ALG_DES_MAC8_ISO9797_M2—generates an 8-byte MAC (most significant 8 bytes of encrypted block) using DES or 3DES in CBC mode. This algorithm uses CBC for DES and 3DES. Input data is padded according to the ISO 9797 method 2 (ISO 7816-4, EMV'96) scheme. The following combination of (cipher algorithm, digest algorithm, padding algorithm) is also supported:

    (SIG_CIPHER_DES_MAC8,ALG_NULL,PAD_ISO9797_M2)

  • ALG_DES_MAC8_ISO9797_1_M2_ALG3— generates an 8-byte MAC using triple DES with 2 keys. The MAC is according to “MAC algorithm 3” of ISO 9797-1 with padding according to method 2 (see also EMV 3.0 and EMV 4.0). The following combination of (cipher algorithm, digest algorithm, padding algorithm) is also supported:

    (SIG_CIPHER_DES_MAC8,ALG_NULL,PAD_ISO9797_M2)

  • ALG_DES_MAC8_PKCS5—generates an 8-byte MAC (most significant 8 bytesof encrypted block) using DES or 3DES in CBC mode.This algorithm uses CBC for DES and 3DES. Input data is padded according to PKCS#5. The following combination of (cipher algorithm, digest algorithm, padding algorithm) is also supported:

    (SIG_CIPHER_DES_MAC8,ALG_NULL,PAD_PKCS5)

  • ALG_DSA_SHA, ALG_DSA_SHA224, ALG_DSA_SHA256 signs or verifies a message that is hashed with SHA1, SHA_224 or SHA-256. The following combinations (cipher algorithm, digest algorithm, padding algorithm) are also supported:

    (SIG_CIPHER_DSA,ALG_SHA,PAD_NULL),

    (SIG_CIPHER_DSA,ALG_SHA_224,PAD_NULL),

    (SIG_CIPHER_DSA,ALG_SHA_256,PAD_NULL)

  • ALG_RSA_MD5_PKCS1, ALG_RSA_RIPEMD160_PKCS1—encrypts the MD5 or the RIPEMD160 message digest using RSA. The digest is padded according to the PKCS#1(v1.5) scheme. The following combinations (cipher algorithm, digest algorithm, padding algorithm) are also supported:

    (SIG_CIPHER_RSA,ALG_MD5,PAD_NULL),

    (SIG_CIPHER_RSA,ALG_RIPEMD160,PAD_NULL

  • ALG_RSA_SHA_PKCS1, ALG_RSA_SHA_224_PKCS1, ALG_RSA_SHA_256_PKCS1, ALG_RSA_SHA_384_PKCS1, ALG_RSA_SHA_512_PKCS1— Providing a Signature using the RSA algorithm for signing or verifying a message . The message digest is padded according to the PKCS#1(v1.5) scheme. The following combinations of (cipher algorithm, digest algorithm, padding algorithm) are also supported:

    (SIG_CIPHER_RSA,ALG_SHA,PAD_PKCS1),

    (SIG_CIPHER_RSA, ALG_SHA_224, PAD_PKCS1), (SIG_CIPHER_RSA,ALG_SHA_256, PAD_PKCS1),

    (SIG_CIPHER_RSA,ALG_SHA_384, PAD_PKCS1),

    (SIG_CIPHER_RSA,ALG_SHA_512, PAD_PKCS1)

  • ALG_RSA_SHA_PKCS1_PSS, ALG_RSA_SHA_224_PKCS1_PSS, ALG_RSA_SHA_256_PKCS1_PSS, ALG_RSA_SHA_384_PKCS1_PSS, ALG_RSA_SHA_512_PKCS1_PSS— provides a Signature using the Probabilistic Signature Scheme (PSS) for signing or verifying a message. The following combinations of (cipher algorithm, digest algorithm, padding algorithm) are also supported:

    (SIG_CIPHER_RSA,ALG_SHA,PAD_PKCS1_PSS),

    (SIG_CIPHER_RSA, ALG_SHA224, PAD_PKCS1_PSS),

    (SIG_CIPHER_RSA, ALG_SHA256, PAD_PKCS1_PSS),

    (SIG_CIPHER_RSA, ALG_SHA384, PAD_PKCS1_PSS),

    (SIG_CIPHER_RSA, ALG_SHA512, PAD_PKCS1_PSS),

    (SIG_CIPHER_RSA,ALG_SHA, PAD_PKCS1_PSS_EXT_PARAMETERS),

    (SIG_CIPHER_RSA, ALG_SHA224, PAD_PCKS1_PSS_EXT_PARAMETERS),

    (SIG_CIPHER_RSA, ALG_SHA256, PAD_PCKS1_PSS_EXT_PARAMETERS),

    (SIG_CIPHER_RSA, ALG_SHA384, PAD_PCKS1_PSS_EXT_PARAMETERS),

    (SIG_CIPHER_RSA, ALG_SHA512, PAD_PCKS1_PSS_EXT_PARAMETERS).

    The last five combinations permit also to customize the mask generation function (MGF1) digest algorithm with ALG_SHA or ALG_SHA256.

  • ALG_AES_MAC_128_NOPAD—generates a 16-byte MAC using AES with block size 128 in CBC mode and does not pad input data. The following combination of (cipher algorithm, digest algorithm, padding algorithm) is also supported:

    (SIG_CIPHER_AES_MAC128,ALG_NULL,PAD_NOPAD)

  • ALG_AES_CMAC_128 —generates a 16-byte Cipher base MAC using AES with block size 128 in CBC with ISO9797-M2 padding. The following combination of (cipher algorithm, digest algorithm, padding algorithm) is also supported:

    (SIG_CIPHER_AES_CMAC128,ALG_NULL,PAD_ISO9797_M2)

  • ALG_ECDSA_SHA, ALG_ECDSA_SHA_224, ALG_ECDSA_SHA_256, ALG_ECDSA_SHA_384, ALG_ECDSA_SHA_512 — Provides a Signature using ECDSA for signing or verifying a message. . The following combinations of (cipher algorithm, digest algorithm, padding algorithm) are also supported with the signatures as ASN.1 SEQUENCE:

    (SIG_CIPHER_ECDSA,ALG_SHA, PAD_NULL),

    (SIG_CIPHER_ECDSA,ALG_SHA_224, PAD_NULL),

    (SIG_CIPHER_ECDSA,ALG_SHA_256, PAD_NULL),

    (SIG_CIPHER_ECDSA,ALG_SHA_384, PAD_NULL),

    (SIG_CIPHER_ECDSA,ALG_SHA_512, PAD_NULL)

    And the following combination for a ECDSA signature encoded as octet string:

    (SIG_CIPHER_ECDSA_PLAIN,ALG_SHA, PAD_NULL),

    (SIG_CIPHER_ECDSA_PLAIN,ALG_SHA_224, PAD_NULL),

    ,(SIG_CIPHER_ECDSA_PLAIN,ALG_SHA_256, PAD_NULL),

    (SIG_CIPHER_ECDSA_PLAIN,ALG_SHA_384, PAD_NULL),

    (SIG_CIPHER_ECDSA_PLAIN,ALG_SHA_512, PAD_NULL)

  • ALG_HMAC_SHA1 and ALG_HMAC_SHA_256— generates an HMAC using the steps found in RFC 2104 using the SHA1 and SHA-256 standards, respectively as the hashing algorithm. The following combinations of (cipher algorithm, digest algorithm, padding algorithm) are also supported:

    (SIG_CIPHER_HMAC,ALG_SHA,PAD_NULL),

    (SIG_CIPHER_HMAC,ALG_SHA_256, PAD_NULL)

SignatureMessageRecovery

  • ALG_RSA_SHA_ISO9796_MR or (CIPHER_RSA, ALG_SHA, PAD_ISO9796_MR) — RSA ISO9796 signature with message recovery scheme1 trailer field option1 and SHA1 algorithm uses the first part of the input message as padding bytes during signing. During verification, these message bytes (recoverable message) can be recovered to reconstruct the message. The following combinations of (cipher algorithm, digest algorithm, padding algorithm) is also supported:

    (SIG_CIPHER_RSA,ALG_SHA,PAD_ISO9796_MR)

  • The following combinations of (cipher algorithm, digest algorithm, padding algorithm) (SIG_CIPHER_RSA, ALG_SHA, PAD_ISO9796_MR_SCHEME_1_OPT_2) RSA ISO9796 signature with message recovery scheme1 trailer field option2 and SHA1 algorithm is supported.
DerivationFunction
  • ALG_HKDF_EXPAND_LABEL_TLS13 — Algorithm implementing the HKDF Expand Label version 1.3 for both TLS 1.3 (RFC 8446) and DTLS 1.3 (RFC 9147) cases.
  • ALG_KDF_HKDF — Algorithm implementing the HKDF Key Derivation function defined in IETF RFC 5869 with HMAC-SHA-1 or HMAC-SHA-256.
CertificateParser

  • TYPE_X509_DER—parser for X.509 v1, v2, and v3 DER-encoded certificates (see RFC 5280).

  • ALG_RSA_SHA_PKCS1—is the supported signature algorithm.