CryptoSPI +Overview (weak build)

Purpose

This is an overview of the weak CryptoSPI +APIs. An overview and other documents for the strong CryptoSPI APIs are available +in the Security Supplement, which is delivered to device creators with the +CBR.

Introduction

CryptoSPI (cryptospi.dll) +is a framework for implementing cryptographic algorithms, hash algorithms +and random number generation. It allows alternative implementations to be +added by Symbian platform device creators as plug-in DLLs.

Weak +and strong builds

The cryptography APIs are subject to export +control regulations. The export of cryptography refers to the transfer from +one country to another of technology related to cryptography. Export control +regulations are for national security considerations.

Export control +applies to key sizes that are greater than a size specified by the UK Government. +Currently, symmetric algorithms with keys greater than 56 bits and asymmetric +algorithms with keys greater than 512 bits are export controlled. To comply +with government export control rules, the Cryptography library is delivered +in two builds:

A weak build

The +weak build (weak_cryptography.dll) includes cryptography algorithms that are +not export controlled. The weak build rejects requests to apply an encryption +scheme with key sizes greater than 56 bits for symmetric algorithms and 512 +bits for asymmetric algorithms.
A strong build

The +strong build (strong_cryptography.dll) includes cryptography algorithms that +are export controlled.

Note: The API guide and other documentation for cryptography +is broken up in the same way as the cryptography library. This document provides +information on the weak build. It also gives a brief summary of the algorithms +provided in the strong build. The strong cryptography API guide and other +documentation is not available from the Symbian Developer Library. It is delivered +to device creators with the CBR.

Architectural relationships

Before the introduction +of CryptoSPI, features such as cryptographic algorithms, hash algorithms and +random number generation were provided by the Symbian platform in cryptography.dll, hash.dll and random.dll.

softwarecrypto.dll is +a plug-in module (implemented in the Symbian platform) that provides software-based +implementations of all the cryptographic algorithms that were previously implemented +by the legacy components (cryptography.dll, hash.dll and random.dll). +The legacy APIs have been re-implemented internally to use the new framework +via shim classes. hardwarecrypto.dll is an arbitrary +name used in the diagram to represent a plug-in module provided by device +creators. The plug-ins and cryptospi.dll have a dependency +on cryptography.dll because it implements big integers.

+ CryptoSPI dependencies + +

API summary

The CryptoSpi namespace +is defined for all CryptoSPI classes to differentiate them from the legacy +APIs with the same names.

CryptoSPI scope

CryptoSPI +provides equivalent implementations of all algorithms supported by the legacy +APIs, including hashing and random number generation. The following algorithms +are implemented in softwarecrypto.dll:

This +section includes summary details of the following (For more information on +the strong APIs, see the Security Supplement, which is delivered to device +creators with the CBR):

cryptographic algorithms
hash algorithms
random number generator

Cryptographic algorithms

Cryptographic +algorithms allow data to be encrypted and decrypted. They include:

Symmetric ciphers — +algorithms that require communicating parties to hold a shared secret. They +are fast and are used for the transmission of bulk data.
Asymmetric ciphers — +algorithms which have two keys, one private to the keys' owner and one which +can be published. They are slow compared to symmetric ciphers and are used +to exchange a symmetric key before transmission of data encrypted using that +key.

The Cryptography algorithms are part of the strong build. To access +details of how to implement them you need to access the Security Supplement, +which is delivered to device creators with the CBR.

Hash +algorithms

Hash +algorithms compact a message down to a short series of bytes from which +it is impossible to regenerate the message. They are used with an asymmetric +cipher to generate signatures.

The following hash algorithms are supported:

+ + + +Hash algorithms +Specified in + + + + +

MD2

RFC +1319

+ + +

MD4

RFC +1320

+ + +

MD5

RFC +1321

+ + +

SHA1

FIPS +180-1 and RFC +3174

+ + + +

Hashes in HMAC mode

MD2
MD4
MD5
SHA1
SHA-224
SHA-256
SHA-384
SHA-512

HMAC mode is specified in RFC 2104.

Random +Number Generator (RNG)

RNG is +the basis for the cryptographic key generation. It uses the RANROT algorithm +seeded by random data available on the target hardware (for example free running +counters available on ARM processers).

Supporting +APIs

Password Based Encryption +(PBE) — provides an API to encrypt and decrypt data with a user-supplied +password
Padding — is +extra bits concatenated with a key, password, or plaintext to make their length +equal to the block size. It defines the way blocks are filled with data when +the data to be encrypted is smaller than the block size. Padding is added +at encryption and checked on decryption.
Big integers — +arbitrarily large integers.

Note that although some functions are +exported, the intent is that big integers are only for use by the Cryptography +library and not by application code. Big integers are implemented in cryptography.dll.

Implementing CryptoSPI algorithms

The guide to CryptoSPI +is not publicly available, but the following documents show how to use CryptoSPI +to generate random numbers and create a hash:

Generating +random bytes