Support for ATECC508A using these methods:
- TLS: Using the PK callbacks and reference ATECC508A callbacks. See Coding section below. Requires options HAVE_PK_CALLBACKS and WOLFSSL_ATECC_PKCB or WOLFSSL_ATECC508A
- wolfCrypt: Native wc_ecc_* API's using the ./configure CFLAGS="-DWOLFSSL_ATECC508A" or #define WOLFSSL_ATECC508A.
Dependency
Requires the Microchip CryptoAuthLib. The examples in wolfcrypt/src/port/atmel/atmel.c make calls to the atcatls_* API's.
Building
- HAVE_PK_CALLBACKS: Option for enabling wolfSSL's PK callback support for TLS.
- WOLFSSL_ATECC508A: Enables support for initializing the CryptoAuthLib and setting up the encryption key used for the I2C communication.
- WOLFSSL_ATECC_PKCB: Enables support for the reference PK callbacks without init.
- WOLFSSL_ATMEL: Enables ASF hooks seeding random data using the atmel_get_random_number function.
- WOLFSSL_ATMEL_TIME: Enables the built-in atmel_get_curr_time_and_date function get getting time from ASF RTC.
- ATECC_GET_ENC_KEY: Macro to define your own function for getting the encryption key.
- ATECC_SLOT_I2C_ENC: Macro for the default encryption key slot. Can also get via the slot callback with ATMEL_SLOT_ENCKEY.
- ATECC_MAX_SLOT: Macro for the maximum dynamically allocated slots.
Build Command Examples
./configure --enable-pkcallbacks CFLAGS="-DWOLFSSL_ATECC_PKCB" #define HAVE_PK_CALLBACKS #define WOLFSSL_ATECC_PKCB
or
./configure CFLAGS="-DWOLFSSL_ATECC508A" #define WOLFSSL_ATECC508A
Coding
Setup the PK callbacks for TLS using:
/* Setup PK Callbacks for ATECC508A */
WOLFSSL_CTX* ctx;
wolfSSL_CTX_SetEccKeyGenCb(ctx, atcatls_create_key_cb);
wolfSSL_CTX_SetEccVerifyCb(ctx, atcatls_verify_signature_cb);
wolfSSL_CTX_SetEccSignCb(ctx, atcatls_sign_certificate_cb);
wolfSSL_CTX_SetEccSharedSecretCb(ctx, atcatls_create_pms_cb);
The reference ATECC508A PK callback functions are located in the wolfcrypt/src/port/atmel/atmel.c file.
Adding a custom context to the callbacks:
/* Setup PK Callbacks context */
WOLFSSL* ssl;
void* myOwnCtx;
wolfSSL_SetEccKeyGenCtx(ssl, myOwnCtx);
wolfSSL_SetEccVerifyCtx(ssl, myOwnCtx);
wolfSSL_SetEccSignCtx(ssl, myOwnCtx);
wolfSSL_SetEccSharedSecretCtx(ssl, myOwnCtx);
Benchmarks
Supports ECC SECP256R1 (NIST P-256)
TLS
TLS Establishment Times:
- Hardware accelerated ATECC508A: 2.342 seconds average
- Software only: 13.422 seconds average
The TLS connection establishment time is 5.73 times faster with the ATECC508A.
Cryptographic ECC
Software only implementation (SAMD21 48Mhz Cortex-M0, Fast Math TFM-ASM):
EC-DHE key generation 3123.000 milliseconds, avg over 5 iterations, 1.601 ops/sec EC-DHE key agreement 3117.000 milliseconds, avg over 5 iterations, 1.604 ops/sec EC-DSA sign time 1997.000 milliseconds, avg over 5 iterations, 2.504 ops/sec EC-DSA verify time 5057.000 milliseconds, avg over 5 iterations, 0.988 ops/sec
ATECC508A HW accelerated implementation: EC-DHE key generation 144.400 milliseconds, avg over 5 iterations, 34.722 ops/sec EC-DHE key agreement 134.200 milliseconds, avg over 5 iterations, 37.313 ops/sec EC-DSA sign time 293.400 milliseconds, avg over 5 iterations, 17.065 ops/sec EC-DSA verify time 208.400 milliseconds, avg over 5 iterations, 24.038 ops/sec
For details see our wolfSSL Atmel ATECC508A page.
