Sean Parkinson d2afe9e5e0 Memory usage improvements | 1 year ago | |
---|---|---|
.. | ||
README.md | 2 years ago | |
stm32.c | 1 year ago | |
stsafe.c | 1 year ago |
Support for the STM32 L4, F1, F2, F4 and F7 on-board crypto hardware acceleration:
Support for the STM32 PKA on WB55, H7 and other devices with on-board public-key acceleration:
Support for the STSAFE-A100 crypto hardware accelerator co-processor via I2C for ECC supporting NIST or Brainpool 256-bit and 384-bit curves. It requires the ST-Safe SDK including wolf stsafe_interface.c/.h files. Please contact ST for these.
For details see our wolfSSL ST page.
We support using the STM32 CubeMX and Standard Peripheral Library.
To enable support define one of the following:
#define WOLFSSL_STM32L4
#define WOLFSSL_STM32F1
#define WOLFSSL_STM32F2
#define WOLFSSL_STM32F4
#define WOLFSSL_STM32F7
To use CubeMX define WOLFSSL_STM32_CUBEMX
otherwise StdPeriLib is used.
To disable portions of the hardware acceleration you can optionally define:
#define NO_STM32_RNG
#define NO_STM32_CRYPTO
#define NO_STM32_HASH
In your application you must include before any other wolfSSL headers. If building the sources directly we recommend defining WOLFSSL_USER_SETTINGS
and adding your own user_settings.h
file. You can find a good reference for this in IDE/GCC-ARM/Header/user_settings.h
.
See our benchmarks on the wolfSSL website.
STM32 PKA is present in STM32WB55 as well as STM32H7 series.
To enable support define the following
WOLFSSL_STM32_PKA
When the support is enabled, the ECC operations will be accelerated using the PKA crypto co-processor.
Using the wolfSSL PK callbacks and the reference ST Safe reference API's we support an ECC only cipher suite such as ECDHE-ECDSA-AES128-SHA256 for TLS client or server.
At the wolfCrypt level we also support ECC native API's for wc_ecc_*
using the ST-Safe.
./configure --enable-pkcallbacks CFLAGS="-DWOLFSSL_STSAFEA100"
or
#define HAVE_PK_CALLBACKS
#define WOLFSSL_STSAFEA100
Setup the PK callbacks for TLS using:
/* Setup PK Callbacks for STSAFE-A100 */
WOLFSSL_CTX* ctx;
wolfSSL_CTX_SetEccKeyGenCb(ctx, SSL_STSAFE_CreateKeyCb);
wolfSSL_CTX_SetEccSignCb(ctx, SSL_STSAFE_SignCertificateCb);
wolfSSL_CTX_SetEccVerifyCb(ctx, SSL_STSAFE_VerifyPeerCertCb);
wolfSSL_CTX_SetEccSharedSecretCb(ctx, SSL_STSAFE_SharedSecretCb);
wolfSSL_CTX_SetDevId(ctx, 0); /* enables wolfCrypt `wc_ecc_*` ST-Safe use */
The reference STSAFE-A100 PK callback functions are located in the wolfcrypt/src/port/st/stsafe.c
file.
Adding a custom context to the callbacks:
/* Setup PK Callbacks context */
WOLFSSL* ssl;
void* myOwnCtx;
wolfSSL_SetEccKeyGenCtx(ssl, myOwnCtx);
wolfSSL_SetEccVerifyCtx(ssl, myOwnCtx);
wolfSSL_SetEccSignCtx(ssl, myOwnCtx);
wolfSSL_SetEccSharedSecretCtx(ssl, myOwnCtx);
Software only implementation (STM32L4 120Mhz, Cortex-M4, Fast Math):
ECDHE 256 key gen SW 4 ops took 1.278 sec, avg 319.500 ms, 3.130 ops/sec
ECDHE 256 agree SW 4 ops took 1.306 sec, avg 326.500 ms, 3.063 ops/sec
ECDSA 256 sign SW 4 ops took 1.298 sec, avg 324.500 ms, 3.082 ops/sec
ECDSA 256 verify SW 2 ops took 1.283 sec, avg 641.500 ms, 1.559 ops/sec
Memory Use:
Peak Stack: 18456
Peak Heap: 2640
Total: 21096
STSAFE-A100 acceleration:
ECDHE 256 key gen HW 8 ops took 1.008 sec, avg 126.000 ms, 7.937 ops/sec
ECDHE 256 agree HW 6 ops took 1.051 sec, avg 175.167 ms, 5.709 ops/sec
ECDSA 256 sign HW 14 ops took 1.161 sec, avg 82.929 ms, 12.059 ops/sec
ECDSA 256 verify HW 8 ops took 1.184 sec, avg 148.000 ms, 6.757 ops/sec
Memory Use:
Peak Stack: 9592
Peak Heap: 170
Total: 9762
Email us at support@wolfssl.com.