Donatien Garnier / MiniTLS-GPL

Important changes to repositories hosted on mbed.com

Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.

To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.

It is also possible to export all your personal repositories from the account settings page.

Dependents:   MiniTLS-HTTPS-Example

Diff: tls/mutls.h

Revision:
0:35aa5be3b78d
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/tls/mutls.h	Fri Jun 06 10:49:02 2014 +0000
@@ -0,0 +1,90 @@
+/*
+MuTLS - A super trimmed down TLS/SSL Library for embedded devices
+Author: Donatien Garnier
+Copyright (C) 2013-2014 AppNearMe Ltd
+
+This program is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License
+as published by the Free Software Foundation; either version 2
+of the License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+*//**
+ * \file mutls.h
+ * \copyright Copyright (c) AppNearMe Ltd 2013
+ * \author Donatien Garnier
+ */
+
+#ifndef MUTLS_H_
+#define MUTLS_H_
+
+/*
+http://tools.ietf.org/html/rfc5246
+http://tools.ietf.org/html/rfc4492
+http://tools.ietf.org/html/rfc4366#page-11 //Limit record length
+http://security.stackexchange.com/questions/3204/computationally-simple-lightweight-replacement-for-ssl-tls
+*/
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+//Implementation of the TLS1.2 protocol with TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA cipher suite
+
+#include "core/fwk.h"
+#include "inc/mutls_config.h"
+#include "inc/mutls_errors.h"
+
+#include "crypto/crypto_ecc.h"
+#include "crypto/crypto_rsa.h"
+#include "crypto/crypto_prng.h"
+
+typedef struct __tls_x509_certificate //If we know the server's certificate, we just have to do a memcmp to "verify" it
+{
+  const uint8_t* certificate;
+  size_t certificate_size;
+
+  //These fields can either be decoded from the certificate (using ASN module -- TODO) or prepopulated
+
+  //Decoded -- or prepopulated
+  //crypto_ecc_curve_type_t ecc_curve;
+  union
+  {
+#if CRYPTO_ECC
+    crypto_ecc_public_key_t ecc;
+#endif
+#if CRYPTO_RSA
+    crypto_rsa_public_key_t rsa;
+#endif
+  } public_key;
+
+  //public_key_type (ECDH-capable)
+  //signature_algorithm (ECDSA-SHA1) -- certificate is encrypted using private key and then hashed with SHA1
+} tls_x509_certificate_t;
+
+
+typedef struct __mutls
+{
+  crypto_prng_t* prng;
+  const tls_x509_certificate_t* certificate; //Certificate is global to all connections
+
+  //tls_cipher_t cipher_null_null;
+  //tls_cipher_t cipher_aes_128_cbc;
+} mutls_t;
+
+
+mutls_err_t mutls_init(mutls_t* mutls, crypto_prng_t* prng);
+mutls_err_t mutls_certificate_add(mutls_t* mutls, const tls_x509_certificate_t* cert); //Only one supported now
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* MUTLS_H_ */