wolfCrypt adds support for cryptographic callbacks that can be registered for replacing stock software calls with your own custom implementations. The goal is to make adding hardware cryptographic support easier.

Currently supported crypto callbacks:

RNG and RNG Seed ECC (key gen, sign/verify and shared secret) RSA (key gen, sign/verify, encrypt/decrypt) AES CBC and GCM SHA1 and SHA256 HMAC

This feature is enabled using “–enable-cryptocb” or “#define WOLF_CRYPTO_CB”.

To register a cryptographic callback function use the “wc_CryptoCb_RegisterDevice” API. This takes a unique device ID (devId), callback function and optional user context.

typedef int (CryptoDevCallbackFunc)(int devId, wc_CryptoInfo info, void* ctx); WOLFSSL_API int wc_CryptoCb_RegisterDevice(     int devId,     CryptoDevCallbackFunc cb,     void* ctx);

To enable use of the crypto callbacks you must supply the “devId” arguments on initialization.

For TLS use:  

wolfSSL_CTX_SetDevId(ctx, devId); wolfSSL_SetDevId(ssl, devId);

For wolfCrypt API’s use the init functions that accept “devId” such as:

wc_InitRsaKey_ex wc_ecc_init_ex wc_AesInit wc_InitSha256_ex wc_InitSha_ex wc_HmacInit

Examples:

STSAFE-A100 ECC Crypto Callbacks: https://github.com/wolfSSL/wolfssl/blob/master/wolfcrypt/src/port/st/stsafe.c#L330 TPM 2.0 wolfTPM Crypto Callbacks: https://github.com/wolfSSL/wolfTPM/blob/master/src/tpm2_wrap.c#L2937 Generic wolfCrypt tests: https://github.com/wolfSSL/wolfssl/blob/master/wolfcrypt/test/test.c#L24304

If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.