ST Ports

Support for the STM32 L4, F1, F2, F4 and F7 on-board crypto hardware acceleration for symmetric AES (ECB/CBC/CTR/GCM) and MD5/SHA1/SHA224/SHA256.

Support for the STSAFE-A100 crypto hardware accelerator co-processor via I2C for ECC supporting NIST or Brainpool 256-bit and 384-bit curves. It requires the ST-Safe SDK including wolf stsafe_interface.c/.h files. Please contact ST for these.

For details see our wolfSSL ST page.

STM32 Symmetric Acceleration

We support using the STM32 CubeMX and Standard Peripheral Library.


To enable support define one of the following:

#define WOLFSSL_STM32L4
#define WOLFSSL_STM32F1
#define WOLFSSL_STM32F2
#define WOLFSSL_STM32F4
#define WOLFSSL_STM32F7

To use CubeMX define WOLFSSL_STM32_CUBEMX otherwise StdPeriLib is used.

To disable portions of the hardware acceleration you can optionally define:

#define NO_STM32_RNG
#define NO_STM32_CRYPTO
#define NO_STM32_HASH


In your application you must include <wolfssl/wolfcrypt/settings.h> before any other wolfSSL headers. If building the sources directly we recommend defining WOLFSSL_USER_SETTINGS and adding your own user_settings.h file. You can find a good reference for this in IDE/GCC-ARM/Header/user_settings.h.


See our benchmarks on the wolfSSL website.

STSAFE-A100 ECC Acceleration

Using the wolfSSL PK callbacks and the reference ST Safe reference API's we support an ECC only cipher suite such as ECDHE-ECDSA-AES128-SHA256 for TLS client or server.

At the wolfCrypt level we also support ECC native API's for wc_ecc_* using the ST-Safe.


./configure --enable-pkcallbacks CFLAGS="-DWOLFSSL_STSAFEA100"




Setup the PK callbacks for TLS using:

/* Setup PK Callbacks for STSAFE-A100 */
wolfSSL_CTX_SetEccKeyGenCb(ctx, SSL_STSAFE_CreateKeyCb);
wolfSSL_CTX_SetEccSignCb(ctx, SSL_STSAFE_SignCertificateCb);
wolfSSL_CTX_SetEccVerifyCb(ctx, SSL_STSAFE_VerifyPeerCertCb);
wolfSSL_CTX_SetEccSharedSecretCb(ctx, SSL_STSAFE_SharedSecretCb);
wolfSSL_CTX_SetDevId(ctx, 0); /* enables wolfCrypt `wc_ecc_*` ST-Safe use */

The reference STSAFE-A100 PK callback functions are located in the wolfcrypt/src/port/st/stsafe.c file.

Adding a custom context to the callbacks:

/* Setup PK Callbacks context */
void* myOwnCtx;
wolfSSL_SetEccKeyGenCtx(ssl, myOwnCtx);
wolfSSL_SetEccVerifyCtx(ssl, myOwnCtx);
wolfSSL_SetEccSignCtx(ssl, myOwnCtx);
wolfSSL_SetEccSharedSecretCtx(ssl, myOwnCtx);

Benchmarks and Memory Use

Software only implementation (STM32L4 120Mhz, Cortex-M4, Fast Math):

ECDHE 256 key gen SW 4 ops took 1.278 sec, avg 319.500 ms, 3.130 ops/sec
ECDHE 256 agree SW 4 ops took 1.306 sec, avg 326.500 ms, 3.063 ops/sec
ECDSA 256 sign SW 4 ops took 1.298 sec, avg 324.500 ms, 3.082 ops/sec
ECDSA 256 verify SW 2 ops took 1.283 sec, avg 641.500 ms, 1.559 ops/sec

Memory Use:

Peak Stack: 18456
Peak Heap: 2640
Total: 21096

STSAFE-A100 acceleration:

ECDHE 256 key gen HW 8 ops took 1.008 sec, avg 126.000 ms, 7.937 ops/sec
ECDHE 256 agree HW 6 ops took 1.051 sec, avg 175.167 ms, 5.709 ops/sec
ECDSA 256 sign HW 14 ops took 1.161 sec, avg 82.929 ms, 12.059 ops/sec
ECDSA 256 verify HW 8 ops took 1.184 sec, avg 148.000 ms, 6.757 ops/sec

Memory Use:

Peak Stack: 9592
Peak Heap: 170
Total: 9762


Email us at