From 5215c3b4a19f5a4d134143e9dd8f494ffd3a5887 Mon Sep 17 00:00:00 2001 From: Andrew Thoelke Date: Wed, 3 Jun 2026 18:14:19 +0100 Subject: [PATCH 1/2] Finalize the Crypto APi for 1.5 (RC 1) Signed-off-by: Andrew Thoelke --- doc/crypto/about/releases | 8 ++++++++ doc/crypto/appendix/history.rst | 8 -------- doc/crypto/conf.py | 6 +++--- doc/crypto/index.rst | 10 +--------- 4 files changed, 12 insertions(+), 20 deletions(-) diff --git a/doc/crypto/about/releases b/doc/crypto/about/releases index cac357e2..51bd37d7 100644 --- a/doc/crypto/about/releases +++ b/doc/crypto/about/releases @@ -102,3 +102,11 @@ :confidentiality: Non-confidential Clarifications. + +.. release:: 1.5.0 Final + :date: June 2026 + :confidentiality: Non-confidential + + Integrated the PQC extension. + + New algorithms for BLAKE2 and multi-part asymmetric signature operations. diff --git a/doc/crypto/appendix/history.rst b/doc/crypto/appendix/history.rst index 8efbbe75..eeed35eb 100644 --- a/doc/crypto/appendix/history.rst +++ b/doc/crypto/appendix/history.rst @@ -28,14 +28,6 @@ Changes to the API See :secref:`multi-part-signature`. -Relaxations -~~~~~~~~~~~ - - -Clarifications and fixes -~~~~~~~~~~~~~~~~~~~~~~~~ - - Other changes ~~~~~~~~~~~~~ diff --git a/doc/crypto/conf.py b/doc/crypto/conf.py index 8f24218b..8ec8d2c2 100644 --- a/doc/crypto/conf.py +++ b/doc/crypto/conf.py @@ -30,9 +30,9 @@ 'issue_no': 0, # Identifies the sequence number of a release candidate of the same issue # default to None - #'release_candidate': 1, + 'release_candidate': 1, # Draft status - use this to indicate the document is not ready for publication - 'draft': True, + #'draft': True, # Arm document confidentiality. Must be either Non-confidential or Confidential # Marked as open issue if not provided @@ -43,7 +43,7 @@ 'license': 'psa-certified-api-license', # Document date, default to build date - 'date': '28/01/2026', + 'date': '03/06/2026', # Default header file for API definitions # default to None, and can be set in documentation source diff --git a/doc/crypto/index.rst b/doc/crypto/index.rst index 55451ec9..05a13b3d 100644 --- a/doc/crypto/index.rst +++ b/doc/crypto/index.rst @@ -1,4 +1,4 @@ -.. SPDX-FileCopyrightText: Copyright 2018-2022 Arm Limited and/or its affiliates +.. SPDX-FileCopyrightText: Copyright 2018-2026 Arm Limited and/or its affiliates .. SPDX-License-Identifier: CC-BY-SA-4.0 AND LicenseRef-Patent-license .. title:: @@ -7,14 +7,6 @@ This document is part of the PSA Certified API specifications. It defines interfaces to provide cryptographic operations and key storage services. - .. banner:: **DRAFT** - - This is a draft version of the documentation. - - Some of the content might be incomplete, including changes and additions to the API. - - It also includes material that is not present in published versions of the specification, providing rationale and commentary on work in progress. - .. front-matter:: about/about From 8900271e4f9038349f40a45a636cd5fee4c69244 Mon Sep 17 00:00:00 2001 From: Andrew Thoelke Date: Thu, 4 Jun 2026 14:19:53 +0100 Subject: [PATCH 2/2] Update signature usage flag API lists Signed-off-by: Andrew Thoelke --- doc/crypto/api/keys/policy.rst | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/doc/crypto/api/keys/policy.rst b/doc/crypto/api/keys/policy.rst index 2601d7a7..afad2bfb 100644 --- a/doc/crypto/api/keys/policy.rst +++ b/doc/crypto/api/keys/policy.rst @@ -208,6 +208,8 @@ The usage flags are encoded in a bitmask, which has the type `psa_key_usage_t`. * `psa_mac_compute()` * `psa_mac_sign_setup()` * `psa_sign_message()` + * `psa_sign_message_with_context()` + * `psa_sign_setup()` For a key pair, this concerns the private key. @@ -222,6 +224,8 @@ The usage flags are encoded in a bitmask, which has the type `psa_key_usage_t`. * `psa_mac_verify()` * `psa_mac_verify_setup()` * `psa_verify_message()` + * `psa_verify_message_with_context()` + * `psa_verify_setup()` For a key pair, this concerns the public key. @@ -234,6 +238,7 @@ The usage flags are encoded in a bitmask, which has the type `psa_key_usage_t`. This cryptographic-operation usage flag is required to use the key to sign a pre-computed message hash in an asymmetric signature operation. The flag must be present on keys used with the following APIs: * `psa_sign_hash()` + * `psa_sign_hash_with_context()` This flag automatically sets `PSA_KEY_USAGE_SIGN_MESSAGE`: if an application sets the flag `PSA_KEY_USAGE_SIGN_HASH` when creating a key, then the key always has the permissions conveyed by `PSA_KEY_USAGE_SIGN_MESSAGE`, and the flag `PSA_KEY_USAGE_SIGN_MESSAGE` will also be present when the application queries the usage flags of the key. @@ -248,6 +253,7 @@ The usage flags are encoded in a bitmask, which has the type `psa_key_usage_t`. This cryptographic-operation usage flag is required to use the key to verify a pre-computed message hash in an asymmetric signature verification operation. The flag must be present on keys used with the following APIs: * `psa_verify_hash()` + * `psa_verify_hash_with_context()` This flag automatically sets `PSA_KEY_USAGE_VERIFY_MESSAGE`: if an application sets the flag `PSA_KEY_USAGE_VERIFY_HASH` when creating a key, then the key always has the permissions conveyed by `PSA_KEY_USAGE_VERIFY_MESSAGE`, and the flag `PSA_KEY_USAGE_VERIFY_MESSAGE` will also be present when the application queries the usage flags of the key.