Algorithms
Oberon PSA Crypto supports the following cryptographic algorithms, conforming to the relevant parts of the PSA Certified Crypto API specification:
Message digests (hashes)
- SHA1
- SHA2 (224, 256, 384, 512)
- SHA3 (224, 256, 384, 512)
- SHAKE256-512
Message authentication codes (MAC)
- HMAC
- AES-CMAC
Unauthenticated ciphers
- ChaCha20
- AES CTR / ECB no padding / CBC no padding / CBC PKCS7 / CCM* tag / KW / KWP
Authenticated encryption with associated data (AEAD)
- AES CCM / GCM
- ChaCha20-Poly1305
Key derivation
- HKDF / HKDF extract / HKDF expand
- PBKDF2-HMAC
- PBKDF2-CMAC-PRF128
- TLS-1.2 PRF
- TLS-1.2 PSK-to-Mastersecret
- NIST SP 800-108 counter-mode KDF (CMAC, HMAC)
Asymmetric signature
- RSASSA PKCS-v1.5 sign / PSS
- ECDSA / deterministic ECDSA (P-224, P-256, P-384, P-521)
- EdDSA (Ed25519, Ed448)
Asymmetric encryption
- RSAES PKCS-v1.5 crypt / OAEP
Key agreement
- ECDH (P-224, P-256, P-384, P-521)
- ECDH (X25519, X448)
Password-authenticated key exchange (PAKE)
- EC-JPAKE (P-256)
- SPAKE2+ (P-256, HMAC)
- SRP-6 (SHA512)
Random number generation
- CTR-DRBG
- HMAC-DRBG
The following cryptographic key sizes are supported:
- AES: 128, 192, and 256 bit keys are supported for all uses of AES, except for PBKDF2-AES-CMAC-PRF128 which uses 128 bit keys.
- RSA: 1, 1.5, 2, 3, 4, 6, and 8 kbit keys are supported for all uses of RSA.
- NIST curves: P-224 (aka secp224r1), P-256 (aka secp256r1) and P-384 (aka secp384r1) support 224/256/384 bit keys.
- Twisted Edwards curves: Ed25519 supports 255 bit keys.
- Montgomery curves: X25519 supports 255 bit keys.
- SRP-6: 3072 bit keys are supported.