ARM Shanghai IoT Team (Internal) / newMiniTLS-GPL

Important changes to repositories hosted on mbed.com

Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.

To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.

It is also possible to export all your personal repositories from the account settings page.

Fork of MiniTLS-GPL by Donatien Garnier

tls/minitls.h@4:cbaf466d717d, 2014-06-10 (annotated)

Committer:
MiniTLS
Date:
Tue Jun 10 14:23:09 2014 +0000
Revision:
4:cbaf466d717d
Parent:
1:27b41ba7e847 
Fixes for mbed

Who changed what in which revision?

UserRevisionLine numberNew contents of line
MiniTLS 1:27b41ba7e847 1 /*
MiniTLS 1:27b41ba7e847 2 MiniTLS - A super trimmed down TLS/SSL Library for embedded devices
MiniTLS 1:27b41ba7e847 3 Author: Donatien Garnier
MiniTLS 1:27b41ba7e847 4 Copyright (C) 2013-2014 AppNearMe Ltd
MiniTLS 1:27b41ba7e847 5
MiniTLS 1:27b41ba7e847 6 This program is free software; you can redistribute it and/or
MiniTLS 1:27b41ba7e847 7 modify it under the terms of the GNU General Public License
MiniTLS 1:27b41ba7e847 8 as published by the Free Software Foundation; either version 2
MiniTLS 1:27b41ba7e847 9 of the License, or (at your option) any later version.
MiniTLS 1:27b41ba7e847 10
MiniTLS 1:27b41ba7e847 11 This program is distributed in the hope that it will be useful,
MiniTLS 1:27b41ba7e847 12 but WITHOUT ANY WARRANTY; without even the implied warranty of
MiniTLS 1:27b41ba7e847 13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
MiniTLS 1:27b41ba7e847 14 GNU General Public License for more details.
MiniTLS 1:27b41ba7e847 15
MiniTLS 1:27b41ba7e847 16 You should have received a copy of the GNU General Public License
MiniTLS 1:27b41ba7e847 17 along with this program; if not, write to the Free Software
MiniTLS 1:27b41ba7e847 18 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
MiniTLS 1:27b41ba7e847 19 *//**
MiniTLS 1:27b41ba7e847 20 * \file minitls.h
MiniTLS 1:27b41ba7e847 21 * \copyright Copyright (c) AppNearMe Ltd 2013
MiniTLS 1:27b41ba7e847 22 * \author Donatien Garnier
MiniTLS 1:27b41ba7e847 23 */
MiniTLS 1:27b41ba7e847 24
MiniTLS 1:27b41ba7e847 25 #ifndef MINITLS_H_
MiniTLS 1:27b41ba7e847 26 #define MINITLS_H_
MiniTLS 1:27b41ba7e847 27
MiniTLS 1:27b41ba7e847 28 /*
MiniTLS 1:27b41ba7e847 29 http://tools.ietf.org/html/rfc5246
MiniTLS 1:27b41ba7e847 30 http://tools.ietf.org/html/rfc4492
MiniTLS 1:27b41ba7e847 31 http://tools.ietf.org/html/rfc4366#page-11 //Limit record length
MiniTLS 1:27b41ba7e847 32 http://security.stackexchange.com/questions/3204/computationally-simple-lightweight-replacement-for-ssl-tls
MiniTLS 1:27b41ba7e847 33 */
MiniTLS 1:27b41ba7e847 34
MiniTLS 1:27b41ba7e847 35 #ifdef __cplusplus
MiniTLS 1:27b41ba7e847 36 extern "C" {
MiniTLS 1:27b41ba7e847 37 #endif
MiniTLS 1:27b41ba7e847 38
MiniTLS 1:27b41ba7e847 39 //Implementation of the TLS1.2 protocol with TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA cipher suite
MiniTLS 1:27b41ba7e847 40
MiniTLS 1:27b41ba7e847 41 #include "core/fwk.h"
MiniTLS 1:27b41ba7e847 42 #include "inc/minitls_config.h"
MiniTLS 1:27b41ba7e847 43 #include "inc/minitls_errors.h"
MiniTLS 1:27b41ba7e847 44
MiniTLS 1:27b41ba7e847 45 #include "crypto/crypto_ecc.h"
MiniTLS 1:27b41ba7e847 46 #include "crypto/crypto_rsa.h"
MiniTLS 1:27b41ba7e847 47 #include "crypto/crypto_prng.h"
MiniTLS 1:27b41ba7e847 48
MiniTLS 1:27b41ba7e847 49 typedef struct __tls_x509_certificate //If we know the server's certificate, we just have to do a memcmp to "verify" it
MiniTLS 1:27b41ba7e847 50 {
MiniTLS 1:27b41ba7e847 51 const uint8_t* certificate;
MiniTLS 1:27b41ba7e847 52 size_t certificate_size;
MiniTLS 1:27b41ba7e847 53
MiniTLS 1:27b41ba7e847 54 //These fields can either be decoded from the certificate (using ASN module -- TODO) or prepopulated
MiniTLS 1:27b41ba7e847 55
MiniTLS 1:27b41ba7e847 56 //Decoded -- or prepopulated
MiniTLS 1:27b41ba7e847 57 //crypto_ecc_curve_type_t ecc_curve;
MiniTLS 1:27b41ba7e847 58 union
MiniTLS 1:27b41ba7e847 59 {
MiniTLS 1:27b41ba7e847 60 #if CRYPTO_ECC
MiniTLS 1:27b41ba7e847 61 crypto_ecc_public_key_t ecc;
MiniTLS 1:27b41ba7e847 62 #endif
MiniTLS 1:27b41ba7e847 63 #if CRYPTO_RSA
MiniTLS 1:27b41ba7e847 64 crypto_rsa_public_key_t rsa;
MiniTLS 1:27b41ba7e847 65 #endif
MiniTLS 1:27b41ba7e847 66 } public_key;
MiniTLS 1:27b41ba7e847 67
MiniTLS 1:27b41ba7e847 68 //public_key_type (ECDH-capable)
MiniTLS 1:27b41ba7e847 69 //signature_algorithm (ECDSA-SHA1) -- certificate is encrypted using private key and then hashed with SHA1
MiniTLS 1:27b41ba7e847 70 } tls_x509_certificate_t;
MiniTLS 1:27b41ba7e847 71
MiniTLS 1:27b41ba7e847 72
MiniTLS 1:27b41ba7e847 73 typedef struct __minitls
MiniTLS 1:27b41ba7e847 74 {
MiniTLS 1:27b41ba7e847 75 crypto_prng_t* prng;
MiniTLS 1:27b41ba7e847 76 const tls_x509_certificate_t* certificate; //Certificate is global to all connections
MiniTLS 1:27b41ba7e847 77 } minitls_t;
MiniTLS 1:27b41ba7e847 78
MiniTLS 1:27b41ba7e847 79
MiniTLS 1:27b41ba7e847 80 minitls_err_t minitls_init(minitls_t* minitls, crypto_prng_t* prng);
MiniTLS 1:27b41ba7e847 81 minitls_err_t minitls_certificate_add(minitls_t* minitls, const tls_x509_certificate_t* cert); //Only one supported now
MiniTLS 1:27b41ba7e847 82
MiniTLS 1:27b41ba7e847 83 #ifdef __cplusplus
MiniTLS 1:27b41ba7e847 84 }
MiniTLS 1:27b41ba7e847 85 #endif
MiniTLS 1:27b41ba7e847 86
MiniTLS 1:27b41ba7e847 87 #endif /* MINITLS_H_ */