Functions

Supported algorithms

ocrypto supports the following cryptographic algorithms:

Algorithm	Specification
SHA (SHA1, SHA224, SHA256, SHA384, SHA512)	FIPS-PUB-180-4
AEAD-ChaCha20-Poly1305	RFC8439
AES (CTR, CCM, GCM, CBC, ECB, EAX with 128/192/256-bit keys)	FIPS-PUB-197, NIST SP 800-38*, EAX
AES-CMAC	RFC4493
HMAC (SHA1, SHA256, SHA512)	RFC2104
HKDF (SHA1, SHA256, SHA512)	RFC5869
PBKDF2 (SHA1, SHA256)	RFC8018
ECDH (P224, P256, P384) **	NIST SP 800-56A
ECDSA (P224, P256, P384) **	FIPS-PUB-186-4
X25519 (aka Curve25519)	RFC7748
Ed25519	RFC8032
RSA (1024/1536/2048/3072/4096/6144/8192-bit keys, RSAES PKCS-v1.5 / OAEP, RSASSA PKCS-v1.5 / PSS)	RFC8017
SRP-6 (SHA512, 3072-bit keys)	RFC2945
EC-JPAKE (P256)	RFC8236
SRTP crypto functions ***	RFC3711

* SHA256 with output truncated to 224 bit / SHA512 with output truncated to 384 bit.

** P224 (aka prime224v1 and secp224r1), P256 (aka prime256v1 and secp256r1) and P384 (aka prime384v1 and secp384r1) are implemented according to RFC5903.

*** Support for SRTP default crypto algorithms (AES-CTR and HMAC-SHA1).

Supported function types

ocrypto supports these three types of functions:

Function type	Description
Single-part	Function is executed in a single call, using only the stack.
Stack-optimized	Function is executed in a single call, using minimal stack space. Additional memory is provided by caller in a context object.
Incremental	Function is executed in multiple calls, to allow for streams of data to be processed in a piecemeal fashion. Additional memory is provided by caller in a context object.

This table shows which function types are supported for which algorithms:

Algorithm	Single-part	Stack-optimized	Incremental
SHA	x		x
AEAD-ChaCha20-Poly1305	x		x
AES	x		x
AES-CMAC	x
HMAC	x
HKDF	x
PBKDF2	x
ECDH	x
ECDSA	x
X25519	x	x
Ed25519	x	x
RSA	x
SRP-6	x	x
EC-JPAKE	x
SRTP crypto functions	x

To learn more about the RAM memory sizes required by the different types of functions, see this page.