Algorithms

Algorithms that are newly supported since release 3.4.0 (Sep 21, 2023) are shown in green.

ocrypto supports the following cryptographic algorithms, conforming to the relevant RFCs and NIST specifications:

Message digests (hashes)

  • SHA1
  • SHA2 (224, 256, 384, 512)
  • SHA3 (224, 256, 384, 512)
  • SHAKE / cSHAKE (128, 256)

Message authentication codes (MAC)

  • HMAC (SHA1, SHA256, SHA512)
  • AES-CMAC
  • KMAC (128, 256)

Unauthenticated ciphers

  • ChaCha20
  • AES (CTR, ECB, CBC)

Authenticated encryption with associated data (AEAD)

  • AES (CCM, GCM, EAX)
  • ChaCha20-Poly1305

Key derivation

  • HKDF (SHA1, SHA256, SHA512)
  • PBKDF2-HMAC (SHA1, SHA256)
  • PBKDF2-CMAC-PRF128

Asymmetric signature

  • RSA (PKCS1, PSS)
  • ECDSA / deterministic ECDSA (P-224, P-256, P-384, P-521)
  • EdDSA / EdDSAph (Ed25519, Ed448)

Asymmetric encryption

  • RSA (PKCS1, OAEP)

Key agreement

  • ECDH (P-224, P-256, P-384, P-384, P-521)
  • ECDH (X25519, X448)

Password-authenticated key exchange (PAKE)

  • EC-JPAKE (P-256)
  • SPAKE2+ (P-256, HMAC)
  • SRP-6 (SHA512)

The following cryptographic key sizes are supported:

  • AES: 128, 192, and 256 bit keys are supported for all uses of AES, except for PBKDF2-AES-CMAC-PRF128 which uses 128 bit keys.
  • RSA: 1, 1.5, 2, 3, 4, 6, and 8 kbit keys are supported for all uses of RSA.
  • NIST curves: P-224 (aka secp224r1), P-256 (aka secp256r1), P-384 (aka secp384r1) and P-521 (aka secp521r1) support 224/256/384/521 bit keys.
  • Twisted Edwards curves: Ed25519 and Ed448 support 255/448 bit keys.
  • Montgomery curves: X25519 and X448 support 255/448 bit keys.
  • SRP-6: 3072 bit keys are supported.

For all algorithms, ocrypto provides functions that execute in a single call and only use the call stack for storing intermediate values ("single-part functions"). For some algorithms, e.g., Ed25519, additional functions are provided that execute in a single call and use minimal stack space, plus caller-provided context objects for storing intermediate values ("stack-optimized functions"). For some algorithms, e.g., all SHA variants, additional functions are provided that execute in multiple calls for the incremental processing of data streams ("incremental functions"). They use minimal stack space, plus caller-provided context objects for storing intermediate values.