Where to Download


The wolfSSL/wolfCrypt ATECC508A port can be downloaded from the wolfSSL More Downloads page.




Benchmarks


TLS Establishment Times:

  1. Hardware accelerated ATECC508A: 2.342 seconds average

  2. Software only: 13.422 seconds average


The TLS connection establishment time is 5.73 times faster with the ATECC508A.


Software only implementation (SAMD21 48Mhz Cortex-M0, Fast Math TFM-ASM):


ECC 256 key generation 3123.000 milliseconds, avg over 5 iterations

EC-DHE key agreement 3117.000 milliseconds, avg over 5 iterations

EC-DSA sign time 1997.000 milliseconds, avg over 5 iterations

EC-DSA verify time 5057.000 milliseconds, avg over 5 iterations


ATECC508A HW accelerated implementation:


ECC 256 key generation 144.400 milliseconds, avg over 5 iterations

EC-DHE key agreement 134.200 milliseconds, avg over 5 iterations

EC-DSA sign time 293.400 milliseconds, avg over 5 iterations

EC-DSA verify time 208.400 milliseconds, avg over 5 iterations


For reference the benchmarks for RNG, AES, MD5, SHA and SHA256 are:


RNG 25 kB took 0.784 seconds, 0.031 MB/s (coming from the ATECC508A)

AES 25 kB took 0.177 seconds, 0.138 MB/s

MD5 25 kB took 0.050 seconds, 0.488 MB/s

SHA 25 kB took 0.141 seconds, 0.173 MB/s

SHA-256 25 kB took 0.352 seconds, 0.069 MB/s




Installation


This package contains the following.  Instructions / README for each is included below as well as in the download package mentioned above.


  1. 1.Atmel Studio client / server TLS examples using PK_CALLBACKS.

  2. 2.Atmel ASF Framework wolfCrypt example using GCC ARM Makefile.




Atmel Studio Client / Server TLS Examples


TLS Demo Project using ATECC508A and WINC1500


The end goal of this project is to show that the "TLS-ECDH-ECDSA-AES128-GCM-SHA256" cipher suite can be fully implemented using the ATECC508A without exposing a private key. This project fullfills the RFC4492 for "ECDH_ECDSA" Transport Layer Security.


Prerequisites for this demo


Software:

  1. Atmel Studio 6.2 or

  2. Atmel Studio 7


Hardware:

  1. Atmel SAMD21 Xplained Pro(2 pcs)

  2. Atmel CryptoAuth Xplained Pro extension board(2 pcs)

  3. Atmel WINC1500 extension board(2 pcs)


How to Run This Project


  1. 1.The Atmel ATECC508A chips come from the factory un-programmed and need to be provisioned. Atmel provided us code as reference which exists in cryptoauthlib/certs/provision.c. The function isatcatls_device_provision and can be called more than once. If the device is not provisioned it will set it up with default slot settings. If its already provisioned it will skip.

  2. 2.Load the "samd21_winc1500_wolf_tls_ecc508a_server.atsln" using Atmel Studio 7.

  3. 3.Open "tls_demo/tls_common.h", And then edit MAIN_WLAN_SSID and MAIN_WLAN_PSK to access to your WI-FI AP. #define MAIN_WLAN_SSID "AVRGUEST" #define MAIN_WLAN_PSK "MicroController"

  4. 4.Configure your UART port in "config/conf_uart_serial.h". By default its setup to use the UART at PTB10/PTB11 on EXT2/EXT3. The configuration can easily be changed to use the built-in EDBG CDC UART. The default baud rate is 115200. Use terminal software such as CoolTerm or Putty.

  5. 5.Build this project and run.

  6. 6.Once dynamic IP is assigned correctly it will be displayed on the terminal. M2M_WIFI_RESP_CON_STATE_CHANGED: CONNECTED M2M_WIFI_REQ_DHCP_CONF: IP is 192.168.1.241 WINC is connected to ATMEL_409_2G successfully!

  7. 7.Load the "samd21_winc1500_wolf_tls_ecc508a_client.atsln" using Atmel Studio 7.

  8. 8.Open "tls_demo/tls_client.h" and define TLS_SERVER_IP to address that your server was assigned.

  9. 9.Build and run this project.

  10. 10. The TLS client should connect to the TLS server using ECDH-ECDSA.


Example output is included in the README.md included in the download package.




Atmel ASF Framework wolfCrypt Example


This example demonstrates the wolfCrypt test and benchmark applications with the Atmel ATECC508 ECC 256-bit hardware accelerator.


Setup


The Atmel ATECC508A chips come from the factory un-programmed and need to be provisioned. Atmel provided us code as reference which exists in cryptoauthlib/certs/provision.c. The function is atcatls_device_provision and can be called more than once. If the device is not provisioned it will set it up with default slot settings. If its already provisioned it will skip.


The programming interface is SWD. The SAMD21 Xplained Pro board has a built in J-Link programmer.


You can configure your UART port in "config/conf_uart_serial.h" as either the UART at EXT2/EXT3 (PTB11 and PTB10 - default) or the EDBG CDC UART. The default baud rate is 115200. Use terminal software such as CoolTerm or Putty to interface to the console.


Building


The wolfCrypt test example is setup to be built from a terminal using GCC ARM and a Makefile in thewolfcrypt_test/build/gcc directory.


cd wolfcrypt_test/build/gcc

make

MKDIR   common/utils/interrupt/

CC      common/utils/interrupt/interrupt_sam_nvic.o

MKDIR   common2/services/delay/sam0/

CC      common2/services/delay/sam0/systick_counter.o

MKDIR   ../wolfcrypt_test/

CC      ../wolfcrypt_test/main.o

MKDIR   sam0/boards/samd21_xplained_pro/

CC      sam0/boards/samd21_xplained_pro/board_init.o

MKDIR   sam0/drivers/port/

CC      sam0/drivers/port/port.o

MKDIR   sam0/drivers/sercom/i2c/i2c_sam0/

CC      sam0/drivers/sercom/i2c/i2c_sam0/i2c_master.o

CC      sam0/drivers/sercom/sercom.o

CC      sam0/drivers/sercom/sercom_interrupt.o

MKDIR   sam0/drivers/rtc/rtc_sam_d_r/

CC      sam0/drivers/rtc/rtc_sam_d_r/rtc_count.o

CC      sam0/drivers/rtc/rtc_sam_d_r/rtc_count_interrupt.o

CC      sam0/drivers/rtc/rtc_sam_d_r/rtc_calendar.o

MKDIR   sam0/drivers/tcc/

CC      sam0/drivers/tcc/tcc.o

CC      sam0/drivers/tcc/tcc_callback.o

MKDIR   sam0/drivers/sercom/usart/

CC      sam0/drivers/sercom/usart/usart.o

CC      sam0/drivers/sercom/usart/usart_interrupt.o

MKDIR   sam0/drivers/system/clock/clock_samd21_r21_da/

CC      sam0/drivers/system/clock/clock_samd21_r21_da/clock.o

CC      sam0/drivers/system/clock/clock_samd21_r21_da/gclk.o

MKDIR   sam0/drivers/system/interrupt/

CC      sam0/drivers/system/interrupt/system_interrupt.o

MKDIR   sam0/drivers/system/pinmux/

CC      sam0/drivers/system/pinmux/pinmux.o

CC      sam0/drivers/system/system.o

MKDIR   sam0/utils/cmsis/samd21/source/gcc/

CC      sam0/utils/cmsis/samd21/source/gcc/startup_samd21.o

CC      sam0/utils/cmsis/samd21/source/system_samd21.o

MKDIR   sam0/utils/stdio/

CC      sam0/utils/stdio/read.o

CC      sam0/utils/stdio/write.o

MKDIR   sam0/utils/syscalls/gcc/

CC      sam0/utils/syscalls/gcc/syscalls.o

MKDIR   ../wolfssl/wolfcrypt/src/

CC      ../wolfssl/wolfcrypt/src/random.o

CC      ../wolfssl/wolfcrypt/src/logging.o

CC      ../wolfssl/wolfcrypt/src/memory.o

CC      ../wolfssl/wolfcrypt/src/wc_encrypt.o

CC      ../wolfssl/wolfcrypt/src/wc_port.o

CC      ../wolfssl/wolfcrypt/src/error.o

CC      ../wolfssl/wolfcrypt/src/signature.o

CC      ../wolfssl/wolfcrypt/src/hash.o

CC      ../wolfssl/wolfcrypt/src/asn.o

CC      ../wolfssl/wolfcrypt/src/aes.o

CC      ../wolfssl/wolfcrypt/src/dh.o

CC      ../wolfssl/wolfcrypt/src/md5.o

CC      ../wolfssl/wolfcrypt/src/hmac.o

CC      ../wolfssl/wolfcrypt/src/rsa.o

CC      ../wolfssl/wolfcrypt/src/sha.o

CC      ../wolfssl/wolfcrypt/src/sha256.o

CC      ../wolfssl/wolfcrypt/src/sha512.o

CC      ../wolfssl/wolfcrypt/src/curve25519.o

CC      ../wolfssl/wolfcrypt/src/ed25519.o

CC      ../wolfssl/wolfcrypt/src/ecc.o

CC      ../wolfssl/wolfcrypt/src/tfm.o

CC      ../wolfssl/wolfcrypt/src/integer.o

CC      ../wolfssl/wolfcrypt/src/fe_low_mem.o

CC      ../wolfssl/wolfcrypt/src/ge_low_mem.o

MKDIR   ../wolfssl/wolfcrypt/src/port/atmel/

CC      ../wolfssl/wolfcrypt/src/port/atmel/atmel.o

MKDIR   ../wolfssl/wolfcrypt/test/

CC      ../wolfssl/wolfcrypt/test/test.o

MKDIR   ../wolfssl/wolfcrypt/benchmark/

CC      ../wolfssl/wolfcrypt/benchmark/benchmark.o

MKDIR   ../cryptoauthlib/basic/

CC      ../cryptoauthlib/basic/atca_basic.o

CC      ../cryptoauthlib/basic/atca_helpers.o

MKDIR   ../cryptoauthlib/tls/

CC      ../cryptoauthlib/tls/atcatls.o

CC      ../cryptoauthlib/atca_iface.o

CC      ../cryptoauthlib/atca_command.o

CC      ../cryptoauthlib/atca_device.o

CC      ../cryptoauthlib/atca_cfgs.o

MKDIR   ../cryptoauthlib/host/

CC      ../cryptoauthlib/host/atca_host.o

MKDIR   ../cryptoauthlib/hal/

CC      ../cryptoauthlib/hal/atca_hal.o

CC      ../cryptoauthlib/hal/hal_samd21_i2c_asf.o

CC      ../cryptoauthlib/hal/hal_samd21_timer_asf.o

MKDIR   ../cryptoauthlib/certs/

CC      ../cryptoauthlib/certs/provision.o

CC      ../cryptoauthlib/certs/cert_def_1_signer.o

CC      ../cryptoauthlib/certs/cert_def_2_device.o

MKDIR   ../cryptoauthlib/crypto/

CC      ../cryptoauthlib/crypto/atca_crypto_sw_sha1.o

CC      ../cryptoauthlib/crypto/atca_crypto_sw_sha2.o

MKDIR   ../cryptoauthlib/crypto/hashes/

CC      ../cryptoauthlib/crypto/hashes/sha1_routines.o

CC      ../cryptoauthlib/crypto/hashes/sha2_routines.o

MKDIR   ../cryptoauthlib/atcacert/

CC      ../cryptoauthlib/atcacert/atcacert_date.o

CC      ../cryptoauthlib/atcacert/atcacert_client.o

CC      ../cryptoauthlib/atcacert/atcacert_def.o

CC      ../cryptoauthlib/atcacert/atcacert_der.o

CC      ../cryptoauthlib/atcacert/atcacert_host_hw.o

CC      ../cryptoauthlib/atcacert/atcacert_host_sw.o

LN      wolfcrypt_flash.elf

SIZE    wolfcrypt_flash.elf

wolfcrypt_flash.elf  :

section               size         addr

.text              0x1b598          0x0

.relocate            0x1b8   0x20000000

.bss                 0x984   0x200001b8

.stack              0x4004   0x20000b3c

.ARM.attributes       0x28          0x0

.comment              0x6e          0x0

.debug_info        0x400cd          0x0

.debug_abbrev       0x5ea8          0x0

.debug_aranges      0x19b0          0x0

.debug_ranges       0x16d0          0x0

.debug_macro       0x227b2          0x0

.debug_line        0x1a9a1          0x0

.debug_str         0x9f0f2          0x0

.debug_frame        0x6670          0x0

Total             0x14ba18



   text    data     bss     dec     hex filename

0x1b598   0x1b8  0x4988  131288   200d8 wolfcrypt_flash.elf

OBJDUMP wolfcrypt_flash.lss

NM      wolfcrypt_flash.sym

OBJCOPY wolfcrypt_flash.hex

OBJCOPY wolfcrypt_flash.bin


Programming


Use the resulting wolfcrypt_flash.bin to program your microcontroller using JTAG.

Using edgb (see included wolfcrypt_test/build/gcc/flash.sh script):


edbg -bpv -t atmel_cm0p -f ./wolfcrypt_flash.bin


Debugging


GDB with pipe (see included wolfcrypt_test/build/gcc/debug.sh script):


arm-none-eabi-gdb wolfcrypt_flash.elf -ex 'target remote | openocd -c "gdb_port pipe;" -f ../../../../utils/openocd/atmel_samd21_xplained_pro.cfg' load


GDB with remote port:


arm-none-eabi-gdb wolfcrypt_flash.elf -ex 'target remote localhost:9993' openocd -c "gdb_port 9993;" -f ../../../../utils/openocd/atmel_samd21_xplained_pro.cfg





Resources


wolfSSL Product Page

Atmel Hardware-TLS Platform

 

wolfCrypt FIPS Module

The CMVP has issued FIPS 140-2 Certificate #2425 for the wolfCrypt Module developed by wolfSSL Inc.

wolfSSL Atmel ATECC508A

Copyright 2017 wolfSSL Inc.  All rights reserved.

Questions?

Please feel free to contact us with any questions you might have.

wolfSSL 3.10.2

Release 3.10.2 includes vulnerability fixes, expanded OpenSSL compatibility, OCSP improvements, IAR EWARM updates, Windows fixes, and more.

embedded ssl

Questions? +1 (425) 245-8247

Overview


The wolfSSL embedded SSL/TLS library and wolfCrypt embedded crypto engine have been integrated into the Atmel ATECC508A crypto element, adding support for ECC hardware acceleration and protected private key storage on the ATECC508A.


Using wolfSSL, ATECC508A users can benefit from both increased ECC performance and secure key storage, thus hardening their TLS connections.  The wolfCrypt ATECC508A port adds:


  1. wolfCrypt support for ECC hardware acceleration using the ATECC508A.  The new defines for this port are WOLFSSL_ATMEL and WOLFSSL_ATECC508A

  2. New PK callback for Pre Master Secret


wolfSSL is dual licensed under both the GPLv2 as well as a standard commercial license.  For licensing information, please see the wolfSSL License Page, or contact us directly.

wolfSSL + ATECC508A

August 2016