Skip to content
Branch: master
Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

Microchip/Atmel ATECC508A/ATECC608A Support

Support for ATECC508A using these methods:

  • TLS: Using the PK callbacks and reference ATECC508A callbacks. See Coding section below. Requires options HAVE_PK_CALLBACKS and WOLFSSL_ATECC_PKCB or WOLFSSL_ATECC508A
  • wolfCrypt: Native wc_ecc_* API's using the ./configure CFLAGS="-DWOLFSSL_ATECC508A" or #define WOLFSSL_ATECC508A.


Requires the Microchip CryptoAuthLib. The examples in wolfcrypt/src/port/atmel/atmel.c make calls to the atcatls_* API's.


Build Options

  • HAVE_PK_CALLBACKS: Option for enabling wolfSSL's PK callback support for TLS.
  • WOLFSSL_ATECC508A: Enables support for initializing the CryptoAuthLib and setting up the encryption key used for the I2C communication.
  • WOLFSSL_ATECC_PKCB: Enables support for the reference PK callbacks without init.
  • WOLFSSL_ATMEL: Enables ASF hooks seeding random data using the atmel_get_random_number function.
  • WOLFSSL_ATMEL_TIME: Enables the built-in atmel_get_curr_time_and_date function get getting time from ASF RTC.
  • ATECC_GET_ENC_KEY: Macro to define your own function for getting the encryption key.
  • ATECC_SLOT_I2C_ENC: Macro for the default encryption key slot. Can also get via the slot callback with ATMEL_SLOT_ENCKEY.
  • ATECC_MAX_SLOT: Macro for the maximum dynamically allocated slots.

Build Command Examples

./configure --enable-pkcallbacks CFLAGS="-DWOLFSSL_ATECC_PKCB" #define HAVE_PK_CALLBACKS #define WOLFSSL_ATECC_PKCB


./configure CFLAGS="-DWOLFSSL_ATECC508A" #define WOLFSSL_ATECC508A


Setup the PK callbacks for TLS using:

/* Setup PK Callbacks for ATECC508A */
wolfSSL_CTX_SetEccKeyGenCb(ctx, atcatls_create_key_cb);
wolfSSL_CTX_SetEccVerifyCb(ctx, atcatls_verify_signature_cb);
wolfSSL_CTX_SetEccSignCb(ctx, atcatls_sign_certificate_cb);
wolfSSL_CTX_SetEccSharedSecretCb(ctx, atcatls_create_pms_cb);

The reference ATECC508A PK callback functions are located in the wolfcrypt/src/port/atmel/atmel.c file.

Adding a custom context to the callbacks:

/* Setup PK Callbacks context */
void* myOwnCtx;
wolfSSL_SetEccKeyGenCtx(ssl, myOwnCtx);
wolfSSL_SetEccVerifyCtx(ssl, myOwnCtx);
wolfSSL_SetEccSignCtx(ssl, myOwnCtx);
wolfSSL_SetEccSharedSecretCtx(ssl, myOwnCtx);


Supports ECC SECP256R1 (NIST P-256)


TLS Establishment Times:

  • Hardware accelerated ATECC508A: 2.342 seconds average
  • Software only: 13.422 seconds average

The TLS connection establishment time is 5.73 times faster with the ATECC508A.

Cryptographic ECC

Software only implementation (SAMD21 48Mhz Cortex-M0, Fast Math TFM-ASM):

EC-DHE key generation 3123.000 milliseconds, avg over 5 iterations, 1.601 ops/sec EC-DHE key agreement 3117.000 milliseconds, avg over 5 iterations, 1.604 ops/sec EC-DSA sign time 1997.000 milliseconds, avg over 5 iterations, 2.504 ops/sec EC-DSA verify time 5057.000 milliseconds, avg over 5 iterations, 0.988 ops/sec

ATECC508A HW accelerated implementation: EC-DHE key generation 144.400 milliseconds, avg over 5 iterations, 34.722 ops/sec EC-DHE key agreement 134.200 milliseconds, avg over 5 iterations, 37.313 ops/sec EC-DSA sign time 293.400 milliseconds, avg over 5 iterations, 17.065 ops/sec EC-DSA verify time 208.400 milliseconds, avg over 5 iterations, 24.038 ops/sec

For details see our wolfSSL Atmel ATECC508A page.

You can’t perform that action at this time.