Algorithms

ocrypto supports the following cryptographic algorithms, conforming to the relevant RFCs and NIST specifications:

Message digests (hashes)

  • SHA1
  • SHA2 (224, 256, 384, 512)
  • SHA3 (224, 256, 384, 512)
  • SHAKE / cSHAKE (128, 256)

Message authentication codes (MAC)

  • HMAC (SHA1, SHA256, SHA512)
  • AES-CMAC
  • KMAC (128, 256)

Unauthenticated ciphers

  • ChaCha20
  • AES CTR / ECB no padding / CBC no padding / CBC PKCS7

Authenticated encryption with associated data (AEAD)

  • AES CCM / GCM / EAX
  • ChaCha20-Poly1305

Key derivation

  • HKDF (SHA1, SHA256, SHA512)
  • PBKDF2-HMAC (SHA1, SHA256)
  • PBKDF2-CMAC-PRF128

Asymmetric signature

  • RSA (PKCS1, PSS)
  • ECDSA / deterministic ECDSA (P-224, P-256, P-384, P-521)
  • EdDSA / EdDSAph (Ed25519, Ed448)

Asymmetric encryption

  • RSA (PKCS1, OAEP)

Key agreement

  • ECDH (P-224, P-256, P-384, P-384, P-521)
  • ECDH (X25519, X448)

Password-authenticated key exchange (PAKE)

  • EC-JPAKE (P-256)
  • SPAKE2+ (P-256, HMAC)
  • SRP-6 (SHA512)

The following cryptographic key sizes are supported:

  • AES: 128, 192, and 256 bit keys are supported for all uses of AES, except for PBKDF2-AES-CMAC-PRF128 which uses 128 bit keys.
  • RSA: 1, 1.5, 2, 3, 4, 6, and 8 kbit keys are supported for all uses of RSA.
  • NIST curves: P-224 (aka secp224r1), P-256 (aka secp256r1), P-384 (aka secp384r1) and P-521 (aka secp521r1) support 224/256/384/521 bit keys.
  • Twisted Edwards curves: Ed25519 and Ed448 support 255/448 bit keys.
  • Montgomery curves: X25519 and X448 support 255/448 bit keys.
  • SRP-6: 3072 bit keys are supported.

For all algorithms, ocrypto provides functions that execute in a single call and only use the call stack for storing intermediate values ("single-part functions"). For some algorithms, e.g., Ed25519, additional functions are provided that execute in a single call and use minimal stack space, plus caller-provided context objects for storing intermediate values ("stack-optimized functions"). For some algorithms, e.g., all SHA variants, additional functions are provided that execute in multiple calls for the incremental processing of data streams ("incremental functions"). They use minimal stack space, plus caller-provided context objects for storing intermediate values.