Algorithms
ocrypto supports the following cryptographic algorithms and key sizes:
| Algorithm | Specification |
| SHA (SHA1, SHA224*, SHA256, SHA384*, SHA512) | FIPS-PUB-180-4 |
| AEAD-ChaCha20-Poly1305 | RFC8439 |
| AES (CTR, CCM, GCM, CBC, ECB, EAX with 128/192/256-bit keys) | FIPS-PUB-197, NIST SP 800-38*, EAX |
| AES-CMAC | RFC4493 |
| HMAC (SHA1, SHA256, SHA512) | RFC2104 |
| HKDF (SHA1, SHA256, SHA512) | RFC5869 |
| PBKDF2 (SHA1, SHA256) | RFC8018 |
| ECDH (P224, P256, P384) ** | NIST SP 800-56A |
| ECDSA (P224, P256, P384) ** | FIPS-PUB-186-4 |
| X25519 (aka Curve25519) | RFC7748 |
| Ed25519 | RFC8032 |
| RSA (1024/1536/2048/3072/4096/6144/8192-bit keys, RSAES PKCS-v1.5 / OAEP, RSASSA PKCS-v1.5 / PSS) | RFC8017 |
| SRP-6 (SHA512, 3072-bit keys) | RFC2945 |
| EC-JPAKE (P256) | RFC8236 |
* SHA256 with output truncated to 224 bit / SHA512 with output truncated to 384 bit.
** P224 (aka prime224v1 and secp224r1), P256 (aka prime256v1 and secp256r1) and P384 (aka prime384v1 and secp384r1) are implemented according to RFC5903.
For all algorithms, ocrypto provides functions that execute in a single call and only use the call stack for storing intermediate values ("single-part functions"). For some algorithms, e.g., Ed25519, additional functions are provided that execute in a single call and use minimal stack space, plus caller-provided context objects for storing intermediate values ("stack-optimized functions"). For some algorithms, e.g., all SHA variants, additional functions are provided that execute in multiple calls for the incremental processing of data streams ("incremental functions"). They use minimal stack space, plus caller-provided context objects for storing intermediate values.