List of supported algorithms

This table provides an overview of all the algorithms we currently support. This only lists algorithms for which verification is complete. Please refer to documentation for each individual API for the full details.

Algorithm Portable C (HACL*) Intel ASM (Vale) Agile API (EverCrypt)
AEAD      
AES-GCM   ✔︎ (AES-NI + CLMUL) ✔︎
Chacha20-Poly1305 ✔︎ (+ AVX,AVX2)   ✔︎
ECDH      
Curve25519 ✔︎ ✔︎ (BMI2 + ADX)  
P-256 ✔︎    
Signatures      
Ed25519 ✔︎    
P-256 ✔︎    
Hashes      
MD5 ✔︎   ✔︎
SHA1 ✔︎   ✔︎
SHA2-224,256 ✔︎ ✔︎ (SHAEXT) ✔︎
SHA2-384,512 ✔︎   ✔︎
SHA3 ✔︎    
Blake2 ✔︎ (+ AVX,AVX2)    
Key Derivation      
HKDF ✔︎ ✔︎ (see notes below) ✔︎
Ciphers      
Chacha20 ✔︎ (+ AVX,AVX2)    
AES-128,256   ✔︎ (AES-NI + CLMUL)  
MACS      
HMAC ✔︎ ✔︎ (see notes below) ✔︎
Poly1305 ✔︎ (+ AVX,AVX2) ✔︎ (X64)  

Points of interest:

  • Some C implementations also have verified vectorized versions optimized for Intel AVX and AVX2 using compiler intrinsics (there is no inline assembly)
  • MD5 and SHA1 are provided for legacy purposes and backwards-compatibility (e.g. TLS applications); no particular effort has been made to make them efficient
  • HMAC/HKDF only use ASM implementations if the underlying hash algorithm has one