Oberon PSA Crypto is a software library developed by Oberon microsystems. It supports cryptographic APIs that adhere to the PSA Certified Crypto API standard.
There are several developer and system integrator roles when working with Oberon PSA Crypto. The most important are application developer, system crypto configurator, platform integrator, and crypto driver developer:
-
An application developer typically works for a device manufacturer and writes application code that calls cryptographic functions through the API defined by PSA Crypto. For information on this PSA Certified Crypto API, the reader is referred to the PSA Crypto specification on the Internet (see Developer resources below).
-
A system crypto configurator typically also works for a device manufacturer and determines the crypto features used by an application (algorithms, key types, key sizes) and sets up the system crypto configuration using an SDK for the target platform. This configuration is necessary for selecting and building the crypto driver code that needs to be included in the final firmware image. The system crypto configuration should specify only the actually used crypto features, to avoid cryptography-related dead code.
-
A platform integrator typically works for a chip vendor and creates an SDK that includes Oberon PSA Crypto together with hardware drivers for cryptographic operations, random number generation, and secure key storage.
-
A crypto driver developer typically works for a vendor of crypto hardware IP and develops a hardware driver for PSA Crypto and a corresponding hardware crypto driver configuration. For information on the PSA Crypto Driver API, the reader is referred to documentation on the Internet (see Developer resources below).
The documentation in this directory focuses on the system crypto configurator and platform integrator roles. It contains the following documentation chapters:
-
Architecture describes the main elements of Oberon PSA Crypto and their interactions. It gives an architecture overview and introduces the most important terms used in the rest of the documentation.
-
Crypto Configuration introduces the mechanism that is used for the system crypto configuration and other elements of the overall crypto configuration of a system.
-
Platform Integration summarizes what a platform integrator needs to do in order to provide Oberon PSA Crypto support for a target platform, i.e., for specific chips and real-time operation system (if used).
-
Crypto Driver Development provides some information for crypto driver developers, as far as this is relevant specifically for Oberon PSA Crypto.
Special topics are discussed in the following appendices:
-
Appendix A: Supported Crypto Features provides a list of crypto features that are supported by Oberon PSA Crypto as software implementations, and therefore can be used even on target platforms without support for hardware crypto acceleration.
-
Appendix B: Crypto Configuration Directives provides a list of crypto configuration C directives that are supported by Oberon PSA Crypto.
-
Appendix C: System Crypto Configuration Examples gives several examples of system crypto configurations.
-
Appendix D: Mbed TLS gives information on how to use the TLS stack of Mbed TLS, while using Oberon PSA Crypto for its size-optimized cryptography implementation.
-
Appendix E: Bug Tracking tracks bugs in Oberon PSA Crypto releases.
-
Appendix F: Testing provides information useful for testing Oberon PSA Crypto.
-
Appendix G: Glossary provides a glossary that briefly explains the most important terms used in the documentation.
Developer resources:
- PSA Certified organization: https://www.psacertified.org/what-is-psa-certified/about/
- PSA Certified APIs: https://arm-software.github.io/psa-api/
- PSA Crypto Driver API as proposed: https://github.com/Mbed-TLS/mbedtls/tree/development/docs/proposed.
- PSA Certified APIs Architecture Test Suite: https://github.com/ARM-software/psa-arch-tests/tree/main/api-tests/dev_apis
- Mbed TLS repo: https://github.com/Mbed-TLS/mbedtls#psa-implementation-in-mbed-tls
- Mbed TLS test suite: https://github.com/Mbed-TLS/mbedtls/tree/development/tests/suites
- Random number generator test suite: https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-22r1a.pdf
To read the documentation sequentially, continue with the architecture chapter Architecture.