Is it possible to use 'ALG_HMAC_SHA1' method from 'Signature' class in javacard framework 2.2.1 version?

Question

I want to use ALG_HMAC_SHA1 method from javacard.security.Signature class. But my javacard framework version is 2.2.1 so Signature class does not include this method for this version. it includes this method after 2.2.2. Is it possible to use this method without upgrading framework version?

Answer 1

You could always just use the value that you find in the 2.2.2 framework for the constant ALG_HMAC_SHA1 (= (byte)24) and pass it to the Signature.getInstance() method. So using the value is not a problem. However, the smartcard hardware on which you want to run your applet needs to support this algorithm in order for you to be able to use.

So if your smartcard hardware supports JC 2.2.1, calling the getInstance() method with the value of ALG_HMAC_SHA1 will typically cause a CryptoException with reason (CryptoException.NO_SUCH_ALGORITHM) indicating that the algorithm is not supported and JC 2.2.1 does not support any HMAC algorithms). Using the public constant directly will likely result in upload or installation failure.

Just to be clear here, I'm not suggesting that compiling for a different framework version might suddenly solve your problem. I'm rather suggesting that you can not simply upgrade the functionality that is available on your card.

Answer 2

The HMAC algorithm is not a big deal. As long as your card supports SHA-1 you can simply implement the algorithm on your own. See RFC2104 for details and RFC2202 for test vectors.

BTW: You can not "upgrade the framework version" of a JavaCard - the Card OS and the JavaCard framework is usually not changeable (stored in ROM). You can only buy a different card...