Oberon PSA Crypto implements a refinement of the PSA Crypto architecture, which Arm has created initially and has become a de-facto industry standard managed by the PSA Certified organization. This document first introduces the generic architecture of PSA Crypto, followed by a description of the variant of this architecture as implemented by Oberon PSA Crypto.
To advance the state of security for embedded systems, Arm has created a comprehensive Platform Security Architecture (PSA). PSA Crypto is the part of PSA that covers the cryptographic needs of embedded software. Figure 1 gives an overview of PSA Crypto:
Figure 1 - Architecture of PSA Crypto
An application calls a PSA Crypto implementation through the PSA Certified Crypto API. Thanks to the standardization of this API, an application can easily switch between different PSA Crypto implementations that have different quality attributes. This makes it easier to reuse application code for new versions of a product, or across different products in a product line.
For information on how to write application code that calls the PSA Certified Crypto API, please consult the documentation of the PSA Certified organization.
Note: A protocol stack that uses cryptographic functions is considered part of the application and is not discussed separately. Mbed TLS is an example of a (TLS) protocol stack that can use the PSA Certified Crypto API. Currently, Mbed TLS also contains an implementation of PSA Crypto. This is subject to change in the next major release of Mbed TLS.
A PSA Crypto implementation may also support the PSA Crypto Driver API. Through this API, a PSA Crypto implementation can delegate actual cryptographic processing to suitable crypto drivers. Such a driver can take advantage of a chip's hardware crypto accelerator where available.
For building an application and enabling dead code elimination (no unnecessary drivers and no unnecessary code within the PSA Crypto implementation), a crypto configuration must be provided for every application. On the one hand, it defines the set of crypto algorithms called by the application. On the other hand, it defines the set of crypto drivers to be used for the given target platform.
For information on how to write drivers that implement the PSA Crypto Driver API, please consult the official PSA Crypto documentation.
A storage module needs to be provided by a target platform's platform integrator. It should provide protected storage in particular for secret keys. If the storage module implements the PSA Secure Storage API, it can be directly used with Oberon PSA Crypto.
Note: The PSA Certified Crypto API "at the top" of a PSA Crypto implementation is the relevant API for application developers. The PSA Crypto Driver API "at the bottom" is relevant for crypto driver developers, and for platform integrators who adapt crypto drivers to their specific target platforms.
Today, inexpensive microcontrollers usually do not provide comprehensive hardware crypto accelerators for modern crypto algorithms. Often, they only support AES, and only a limited number of AES modes. Therefore, no hardware drivers can be provided, and many applications will need a software fallback for some or all of the cryptographic operations.
Oberon PSA Crypto provides Oberon drivers as a software fallback that is footprint- and speed-optimized for inexpensive 32-bit microcontrollers. Oberon drivers are crypto drivers that provide cryptographic functionality purely in software, based on Oberon microsystems' lightweight ocrypto library. They are genuine crypto drivers, as they implement the standard PSA Crypto Driver API.
Figure 2 is an illustration of the Oberon PSA Crypto architecture:
Figure 2 - Architecture of Oberon PSA Crypto
For the hardware crypto accelerators of their target platform, platform integrators provide the hardware drivers. They are not specific to Oberon PSA Crypto or its configuration mechanism, so they can be used with any PSA Crypto implementation that supports the PSA Crypto Driver API. The Oberon drivers then fill the gaps in crypto functionality that the target platforms do not support through dedicated hardware.
Within Oberon PSA Crypto, there are two major modules in addition to the Oberon drivers that have already been discussed above: the crypto core and the driver wrappers.
The crypto core exposes the PSA Certified Crypto API to applications. It performs parameter validation, handles key management, and forwards calls to the driver wrappers.
The driver wrappers determine what actual crypto driver is called for a given type of cryptographic operation. For example, guided by the crypto configuration, they may either select a hardware driver for an RSA signature check in hardware, or an Oberon driver for an ECDSA signature check in software.
The driver wrappers provide an internal API whose client is the crypto core. They depend on crypto drivers that adhere to the PSA Crypto Driver API.
Figure 3 is a more detailed illustration of the Oberon PSA Crypto architecture:
Figure 3 - Detailed Architecture of Oberon PSA Crypto
In Figure 3, the locations of the various APIs are illustrated. The upcalls of some Oberon drivers into the driver wrappers will be discussed later.
Read more about how to configure Oberon PSA Crypto for an application and target platform, in Crypto Configuration.