wolfSSL support for STSAFE-A100 crypto coprocessor

wolfSSL supports the STMicroelectronics STSAFE-A100 I2C cryptographic coprocessor. It's capable of ECC sign/verify (ECDSA) and shared secret (ECDH) operations for 256-bit and 384-bit (NIST Prime and Brainpool) curves. It has 2 key slots and 6KB of non-volatile memory for certificate or data storage. 


  • Requires the STSAFE-A Device Library from ST
  • Requires wolfSSL interface and crypto configuration code (available by request and approval from ST)


  • wolfSSL uses PK callbacks for the TLS crypto operations
  • wolfCrypt uses the WOLFSSL_STSAFEA100 macro to enable native `wc_ecc_*` API support

The README.md and reference PK callbacks can be found here: https://github.com/wolfSSL/wolfssl/tree/master/wolfcrypt/src/port/st

Preprocessor Macros:


PK Callbacks:

wolfSSL TLS layer PK callbacks expose API’s to set ECC callbacks.Enabled with: #define HAVE_PK_CALLBACKS or ./configure --enable-pkcallbacks.

Reference API’s:

  • SSL_STSAFE_CreateKeyCb
  • SSL_STSAFE_SignCertificateCb
  • SSL_STSAFE_VerifyPeerCertCb
  • SSL_STSAFE_SharedSecretCb

Reference API for loading device certificate:

  • SSL_STSAFE_LoadDeviceCertificate

For more questions please email us at facts@wolfssl.com.