Oberon PSA Crypto supports the following cryptographic algorithms, conforming to the relevant parts of the PSA Certified Crypto API specification:
Message digests (hashes)
- SHA1
- SHA2 (224, 256, 384, 512)
- SHA3 (224, 256, 384, 512)
- SHAKE256-512
Message authentication codes (MAC)
Unauthenticated ciphers
- ChaCha20, XChaCha20
- AES (CTR, ECB no padding, CBC no padding, CBC PKCS7, CCM* tag, KW, KWP)
Authenticated encryption with associated data (AEAD)
- AES (CCM, GCM)
- ChaCha20-Poly1305, XChaCha20-Poly1305
Key derivation
- HKDF / HKDF extract / HKDF expand
- PBKDF2-HMAC
- PBKDF2-CMAC-PRF128
- TLS-1.2 PRF
- TLS-1.2 PSK-to-Mastersecret
- NIST SP 800-108 counter-mode KDF (CMAC, HMAC)
Asymmetric signature
- RSASSA (PKCS-v1.5, PSS)
- ECDSA / deterministic ECDSA (P-224, P-256, P-384, P-521, secp256k1)
- EdDSA (Ed25519, Ed448)
- LMS / HSS signature verification only (SHA256, SHAKE256)
- XMSS / XMSS^MT signature verification only (SHA256, SHAKE256)
Asymmetric encryption
Key agreement
- ECDH (P-224, P-256, P-384, P-521)
- ECDH (X25519, X448)
Password-authenticated key exchange (PAKE)
- EC-JPAKE (P-256)
- SPAKE2+ (P-256, HMAC)
- SRP-6 (SHA512)
- WPA3-SAE
Random number generation
The following cryptographic key sizes are supported:
- AES: 128, 192, and 256 bit keys are supported for all uses of AES, except for PBKDF2-AES-CMAC-PRF128 which uses 128 bit keys.
- RSA: 1, 1.5, 2, 3, 4, 6, and 8 kbit keys are supported for all uses of RSA.
- NIST curves: P-224 (aka secp224r1), P-256 (aka secp256r1) and P-384 (aka secp384r1) support 224/256/384 bit keys.
- Twisted Edwards curves: Ed25519 supports 255 bit keys.
- Montgomery curves: X25519 supports 255 bit keys.
- SRP-6: 3072 bit keys are supported.