Donatien Garnier / MiniTLS-GPL

Important changes to repositories hosted on mbed.com

Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.

To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.

It is also possible to export all your personal repositories from the account settings page.

Dependents:   MiniTLS-HTTPS-Example

tls/mutls.h@0:35aa5be3b78d, 2014-06-06 (annotated)

Committer:
MiniTLS
Date:
Fri Jun 06 10:49:02 2014 +0000
Revision:
0:35aa5be3b78d
Initial commit

Who changed what in which revision?

UserRevisionLine numberNew contents of line
MiniTLS 0:35aa5be3b78d 1 /*
MiniTLS 0:35aa5be3b78d 2 MuTLS - A super trimmed down TLS/SSL Library for embedded devices
MiniTLS 0:35aa5be3b78d 3 Author: Donatien Garnier
MiniTLS 0:35aa5be3b78d 4 Copyright (C) 2013-2014 AppNearMe Ltd
MiniTLS 0:35aa5be3b78d 5
MiniTLS 0:35aa5be3b78d 6 This program is free software; you can redistribute it and/or
MiniTLS 0:35aa5be3b78d 7 modify it under the terms of the GNU General Public License
MiniTLS 0:35aa5be3b78d 8 as published by the Free Software Foundation; either version 2
MiniTLS 0:35aa5be3b78d 9 of the License, or (at your option) any later version.
MiniTLS 0:35aa5be3b78d 10
MiniTLS 0:35aa5be3b78d 11 This program is distributed in the hope that it will be useful,
MiniTLS 0:35aa5be3b78d 12 but WITHOUT ANY WARRANTY; without even the implied warranty of
MiniTLS 0:35aa5be3b78d 13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
MiniTLS 0:35aa5be3b78d 14 GNU General Public License for more details.
MiniTLS 0:35aa5be3b78d 15
MiniTLS 0:35aa5be3b78d 16 You should have received a copy of the GNU General Public License
MiniTLS 0:35aa5be3b78d 17 along with this program; if not, write to the Free Software
MiniTLS 0:35aa5be3b78d 18 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
MiniTLS 0:35aa5be3b78d 19 *//**
MiniTLS 0:35aa5be3b78d 20 * \file mutls.h
MiniTLS 0:35aa5be3b78d 21 * \copyright Copyright (c) AppNearMe Ltd 2013
MiniTLS 0:35aa5be3b78d 22 * \author Donatien Garnier
MiniTLS 0:35aa5be3b78d 23 */
MiniTLS 0:35aa5be3b78d 24
MiniTLS 0:35aa5be3b78d 25 #ifndef MUTLS_H_
MiniTLS 0:35aa5be3b78d 26 #define MUTLS_H_
MiniTLS 0:35aa5be3b78d 27
MiniTLS 0:35aa5be3b78d 28 /*
MiniTLS 0:35aa5be3b78d 29 http://tools.ietf.org/html/rfc5246
MiniTLS 0:35aa5be3b78d 30 http://tools.ietf.org/html/rfc4492
MiniTLS 0:35aa5be3b78d 31 http://tools.ietf.org/html/rfc4366#page-11 //Limit record length
MiniTLS 0:35aa5be3b78d 32 http://security.stackexchange.com/questions/3204/computationally-simple-lightweight-replacement-for-ssl-tls
MiniTLS 0:35aa5be3b78d 33 */
MiniTLS 0:35aa5be3b78d 34
MiniTLS 0:35aa5be3b78d 35 #ifdef __cplusplus
MiniTLS 0:35aa5be3b78d 36 extern "C" {
MiniTLS 0:35aa5be3b78d 37 #endif
MiniTLS 0:35aa5be3b78d 38
MiniTLS 0:35aa5be3b78d 39 //Implementation of the TLS1.2 protocol with TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA cipher suite
MiniTLS 0:35aa5be3b78d 40
MiniTLS 0:35aa5be3b78d 41 #include "core/fwk.h"
MiniTLS 0:35aa5be3b78d 42 #include "inc/mutls_config.h"
MiniTLS 0:35aa5be3b78d 43 #include "inc/mutls_errors.h"
MiniTLS 0:35aa5be3b78d 44
MiniTLS 0:35aa5be3b78d 45 #include "crypto/crypto_ecc.h"
MiniTLS 0:35aa5be3b78d 46 #include "crypto/crypto_rsa.h"
MiniTLS 0:35aa5be3b78d 47 #include "crypto/crypto_prng.h"
MiniTLS 0:35aa5be3b78d 48
MiniTLS 0:35aa5be3b78d 49 typedef struct __tls_x509_certificate //If we know the server's certificate, we just have to do a memcmp to "verify" it
MiniTLS 0:35aa5be3b78d 50 {
MiniTLS 0:35aa5be3b78d 51 const uint8_t* certificate;
MiniTLS 0:35aa5be3b78d 52 size_t certificate_size;
MiniTLS 0:35aa5be3b78d 53
MiniTLS 0:35aa5be3b78d 54 //These fields can either be decoded from the certificate (using ASN module -- TODO) or prepopulated
MiniTLS 0:35aa5be3b78d 55
MiniTLS 0:35aa5be3b78d 56 //Decoded -- or prepopulated
MiniTLS 0:35aa5be3b78d 57 //crypto_ecc_curve_type_t ecc_curve;
MiniTLS 0:35aa5be3b78d 58 union
MiniTLS 0:35aa5be3b78d 59 {
MiniTLS 0:35aa5be3b78d 60 #if CRYPTO_ECC
MiniTLS 0:35aa5be3b78d 61 crypto_ecc_public_key_t ecc;
MiniTLS 0:35aa5be3b78d 62 #endif
MiniTLS 0:35aa5be3b78d 63 #if CRYPTO_RSA
MiniTLS 0:35aa5be3b78d 64 crypto_rsa_public_key_t rsa;
MiniTLS 0:35aa5be3b78d 65 #endif
MiniTLS 0:35aa5be3b78d 66 } public_key;
MiniTLS 0:35aa5be3b78d 67
MiniTLS 0:35aa5be3b78d 68 //public_key_type (ECDH-capable)
MiniTLS 0:35aa5be3b78d 69 //signature_algorithm (ECDSA-SHA1) -- certificate is encrypted using private key and then hashed with SHA1
MiniTLS 0:35aa5be3b78d 70 } tls_x509_certificate_t;
MiniTLS 0:35aa5be3b78d 71
MiniTLS 0:35aa5be3b78d 72
MiniTLS 0:35aa5be3b78d 73 typedef struct __mutls
MiniTLS 0:35aa5be3b78d 74 {
MiniTLS 0:35aa5be3b78d 75 crypto_prng_t* prng;
MiniTLS 0:35aa5be3b78d 76 const tls_x509_certificate_t* certificate; //Certificate is global to all connections
MiniTLS 0:35aa5be3b78d 77
MiniTLS 0:35aa5be3b78d 78 //tls_cipher_t cipher_null_null;
MiniTLS 0:35aa5be3b78d 79 //tls_cipher_t cipher_aes_128_cbc;
MiniTLS 0:35aa5be3b78d 80 } mutls_t;
MiniTLS 0:35aa5be3b78d 81
MiniTLS 0:35aa5be3b78d 82
MiniTLS 0:35aa5be3b78d 83 mutls_err_t mutls_init(mutls_t* mutls, crypto_prng_t* prng);
MiniTLS 0:35aa5be3b78d 84 mutls_err_t mutls_certificate_add(mutls_t* mutls, const tls_x509_certificate_t* cert); //Only one supported now
MiniTLS 0:35aa5be3b78d 85
MiniTLS 0:35aa5be3b78d 86 #ifdef __cplusplus
MiniTLS 0:35aa5be3b78d 87 }
MiniTLS 0:35aa5be3b78d 88 #endif
MiniTLS 0:35aa5be3b78d 89
MiniTLS 0:35aa5be3b78d 90 #endif /* MUTLS_H_ */