For a list of the most important external links to third-party documentation and software, see the Developer Resources section in Documentation Overview.
Application developer: Developer who writes application code that calls the PSA Certified Crypto API.
Crypto configuration: Configuration elements that determine what crypto code ends up in the firmware image of an application. It consists of the system crypto configuration, the platform crypto configuration, the Oberon driver crypto configuration, and the hardware driver crypto configuration.
Crypto core: The component of a PSA Crypto implementation that provides the PSA Certified Crypto API "at the top" and uses crypto drivers "at the bottom". It handles key management, enforces key usage policies, and (statically) dispatches cryptographic operations to the appropriate crypto driver via the driver wrappers.
Crypto driver: A software component that implements the PSA Crypto Driver API. It can be either a hardware driver or an Oberon driver.
Crypto driver developer: A developer who implements a crypto driver and, for hardware drivers, provides a hardware driver crypto configuration file.
Driver chaining: Delegating part of an Oberon driver's processing to another crypto driver.
Driver wrappers: A software component used by the crypto core as an adaptor
to one or more crypto drivers. In Oberon PSA Crypto, its API is also an
internal standard API that allows for Oberon drivers to execute upcalls into
the driver wrappers, to enable driver chaining. The driver wrappers
component is implemented in the library/psa_crypto_driver_wrappers.c file.
Entropy driver: A hardware driver that generates entropy that is needed for random number generation.
Hardware driver: A crypto driver that is implemented as a software wrapper for a hardware crypto accelerator. It must be accompanied with a corresponding hardware driver crypto configuration, and possibly some additional C files needed for driver integration.
Hardware driver crypto configuration: Part of the crypto configuration that
indicates which crypto features are hardware-accelerated, and provides C
directives that are needed by Oberon PSA Crypto for dead code elimination in
the crypto core and in the driver wrappers. A simple mock example is located
in file oberon/platforms/demo/drivers/demo_driver_config.h.
Mbed TLS: Arm's open source implementation of the TLS protocol standard. It contains a cryptographic part that is currently being migrated towards PSA Certified Crypto API and PSA Crypto Driver API compatibility.
Oberon driver: A software-only crypto driver that is provided as part of Oberon PSA Crypto. It implements the PSA Crypto Driver API so that it can be treated by the driver wrappers in the same way as a hardware driver. It provides a fallback implementation for target platforms that do not support hardware crypto acceleration for all required algorithms, key types, or key sizes. It may use Oberon microsystems' ocrypto for the actual cryptographic functions, may implement some cryptographic functions on its own, and may delegate part of its processing to other crypto drivers through the API of the driver wrappers (see driver chaining).
Oberon driver crypto configuration: Part of the crypto configuration that
configures the Oberon drivers. It is located in file
oberon/drivers/oberon_config.h and must not be modified.
Oberon microsystems: Swiss company that has developed the ocrypto software library, and based upon ocrypto the Oberon PSA Crypto product.
Oberon PSA Crypto: A software library developed by Oberon microsystems as a derivative of the crypto component within Arm's Mbed TLS. It provides PSA Certified API Compliance for its software-optimized implementation of the PSA Certified Crypto API.
ocrypto: A software library developed by Oberon microsystems, designed to provide tiny footprint, high speed and resistance against common side-channel attacks and is optimized for 32-bit microcontrollers. It is used through Oberon drivers in Oberon PSA Crypto to provide a small and fast software implementation for cryptographic functions on hardware platforms where no complete hardware crypto acceleration is available.
Platform crypto configuration: A C file that contains #include statements to
hardware driver crypto configurations for all hardware drivers supported for
the target platform. It is located at include/psa/crypto_driver_config.h.
The rest of this file must not be modified.
Platform integration: Adapting Oberon PSA Crypto to the target platform. The result is typically delivered as a software development kit (SDK) to application developers and system crypto configurators. The following tasks are involved:
- Provide an implementation of the PSA Certified Secure Storage API for key storage on the target platform.
- Provide an implementation of an entropy driver.
- Provide hardware drivers for the target platform, with their hardware driver crypto configuration header files.
- Adapt the driver wrappers so that they call the supported hardware drivers.
- Modify the platform crypto configuration file to refer to the hardware driver crypto configurations for the set of supported hardware drivers.
- Optionally: provide a template for the "use" part of system crypto configuration, so that the system crypto configurator need not touch that part of the configuration file but can fully focus on what the application "wants".
- Optionally: provide configuration tools that hide parts of the crypto configuration mechanism.
Platform integrator: Developer who performs platform integration.
PSA: Short for Platform Security Architecture. An initiative and framework started by Arm to improve the state of security in embedded systems.
PSA Certified: Organization that owns and manages the PSA standard.
PSA Certified APIs: A set of standardized APIs as part of PSA. Certification tests and services are available for implementations of these APIs. For Oberon PSA Crypto, only the PSA Certified Crypto API and PSA Certified Secure Storage API are relevant.
PSA Certified APIs Architecture Test Suite: Suite of tests for the functionality of an implementation of PSA Certified APIs against the specification of these APIs. For Oberon PSA Crypto, only the cryptography-related part of the test suite is relevant.
PSA Certified Crypto API: Specification of a crypto API standard that is one of the PSA APIs. It defines a high-level crypto interface for use by application developers. An implementation of the PSA Certified Crypto API requires a crypto core plus one or more crypto drivers.
PSA Certified Secure Storage API: Specification of a storage API standard that is one of the PSA APIs. It defines key/value storage interfaces for the protected storage of keys and other confidential material. For a target platform, an implementation of this API must be provided by the platform integrator. How to develop such an implementation is outside of the scope of Oberon PSA Crypto.
PSA Crypto: Element of the PSA framework that defines a cryptography component and API for embedded applications.
PSA Crypto Driver API: API specification that is part of PSA Crypto. It defines a low-level driver interface that allows combining hardware drivers with software-only fallback crypto drivers. The specification is not (yet) part of the PSA Certified APIs.
PSA Cryptoprocessor Driver Interface: Deprecated name, see PSA Crypto Driver API.
PSA Unified Driver Interface: Deprecated name, see PSA Crypto Driver API.
System crypto configuration: Part of the crypto configuration that configures
what cryptographic algorithms, key types, and key sizes an application "wants".
Furthermore, it configures what hardware drivers should be used for which
crypto features that an application actually "wants". There are examples of such
configuration files in oberon/platforms/demo/example_config.
The use of Oberon drivers must not be specified, as they will be included
automatically as fallbacks - as needed if the hardware drivers don't provide
all necessary algorithms, key types or key sizes. If the application consists of
several clients of the PSA Certified Crypto Driver API, then the union of all
their "wants" must be specified.
System crypto configurator: Developer or systems integrator who sets up the system crypto configuration for an application. Needs insight into what crypto features the application "wants" - through the PSA Certified Crypto API - and what hardware drivers are available for the target platform.
Target platform: Hardware chip(s) or device(s), with or without a real-time operating system, on which an application can run using Oberon PSA Crypto. The hardware may or may not have hardware accelerators for cryptographic operations.