1. Introduction

Arm’s Platform Security Architecture (PSA) is a holistic set of threat models, security analyses, hardware and firmware architecture specifications, an open source firmware reference implementation, and an independent evaluation and certification scheme. PSA provides a recipe, based on industry best practice, that allows security to be consistently designed in, at both a hardware and firmware level.

The PSA Cryptographic API (Crypto API) described in this document is an important PSA component that provides a portable interface to cryptographic operations on a wide range of hardware. The interface is user-friendly, while still providing access to the low-level primitives used in modern cryptography. It does not require that the user has access to the key material. Instead, it uses opaque key identifiers.

This document is part of the PSA family of specifications. It defines an interface for cryptographic services, including cryptography primitives and a key storage functionality.

This document includes:

PSA Cryptographic API 1.1 PAKE Extension [PSA-PAKE] is a companion document for version 1.1 of this specification. [PSA-PAKE] defines a new API for Password Authenticated Key Establishment (PAKE) algorithms. The PAKE API is an initial proposal at BETA status. The API defined by [PSA-PAKE] is provided in a separate specification to reflect the different status of this API, and indicate that a future version can include incompatible changes to the PAKE API. When the PAKE API is stable, it will be included in a future version of the PSA Cryptographic API specification.

In future, other companion documents will define profiles for this specification. A profile is a minimum mandatory subset of the interface that a compliant implementation must provide.