Supported algorithms

ocrypto supports the following cryptographic algorithms:

Algorithm Specification
SHA (SHA512, SHA384*, SHA256, SHA224*, SHA1) FIPS-PUB-180-4
AEAD-ChaCha20-Poly1305 RFC8439
AES (CTR, CCM, GCM, CBC, ECB, EAX with 128/192/256-bit keys) FIPS-PUB-197, NIST SP 800-38*, EAX
AES-CMAC RFC4493
HMAC (SHA512, SHA256, SHA1) RFC2104
HKDF (SHA512, SHA256, SHA1) RFC5869
PBKDF2 (SHA256, SHA1) RFC8018
ECDH (P224, P256) ** NIST SP 800-56A
ECDSA (P224, P256) ** FIPS-PUB-186-4
X25519 (aka Curve25519) RFC7748
Ed25519 RFC8032
RSA (1024- and 2048-bit keys, PKCS1 V1.5, OAEP, PSS) RFC8017
SRP-6 (SHA512, 3072-bit keys) RFC2945
EC-JPAKE (P256)

RFC8236

SRTP crypto functions *** RFC3711

* SHA512 with output truncated to 384 bit / SHA256 with output truncated to 224 bit.

** P224 (aka prime224v1 and secp224r1) and P256 (aka prime256v1 and secp256r1) are implemented according to RFC5903.

*** Support for SRTP default crypto algorithms (AES-CTR and HMAC-SHA1).

Supported function types

ocrypto supports these three types of functions:

Function type Description
Single-part Function is executed in a single call, using only the stack.
Stack-optimized Function is executed in a single call, using minimal stack space.
Additional memory is provided by caller in a context object.
Incremental

Function is executed in multiple calls, to allow for streams of data to be processed in a piecemeal fashion.

Additional memory is provided by caller in a context object.

This table shows which function types are supported for which algorithms:

Algorithm Single-part             Stack-optimized    Incremental  
SHA x   x
AEAD-ChaCha20-Poly1305 x   x
AES x   x
AES-CMAC x    
HMAC

x

   
HKDF x    
PBKDF2 x    
ECDH x    
ECDSA x    
X25519 x x  
Ed25519 x x  
RSA x    
SRP-6 x x  
EC-JPAKE x    
SRTP crypto functions x    

To learn more about the RAM memory sizes required by the different types of functions, see this page.