Algorithms

Oberon PSA Crypto supports the following cryptographic algorithms and key sizes, conforming to the relevant parts of the PSA Certified Crypto API specification:

Message digests (hashes)

  • SHA1
  • SHA224
  • SHA256
  • SHA384
  • SHA512

Message authentication codes (MAC)

  • HMAC
  • AES-CMAC 

Unauthenticated ciphers

  • AES CTR / CCM* / CBC / ECB
  • ChaCha20

Authenticated encryption with associated data (AEAD)

  • AES CCM / GCM
  • AEAD-ChaCha20-Poly1305

Key derivation

  • HKDF
  • PBKDF2-HMAC
  • PBKDF2-CMAC-PRF128
  • TLS-1.2 PRF
  • TLS-1.2 PSK-to-Mastersecret

Asymmetric signature

  • RSASSA PKCS-v1.5 / PSS (1024 / 1536 / 2048 / 3072 / 4096 / 6144 / 8192 bit)
  • ECDSA P224 / P256 / P384
  • Ed25519

Asymmetric encryption

  • RSAES PKCS-v1.5 / OAEP (1024 / 1536 / 2048 / 3072 / 4096 / 6144 / 8192 bit)

Key agreement

  • ECDH P224 / P256 / P384
  • X25519

Password-authenticated key exchange (PAKE)

  • EC-JPAKE P256
  • SPAKE2+ P256 HMAC
  • SRP-6 3072 bit 

Random number generation

  • CTR-DRBG
  • HMAC-DRBG