minitls.h

00001 /*
00002 MiniTLS - A super trimmed down TLS/SSL Library for embedded devices
00003 Author: Donatien Garnier
00004 Copyright (C) 2013-2014 AppNearMe Ltd
00005 
00006 This program is free software; you can redistribute it and/or
00007 modify it under the terms of the GNU General Public License
00008 as published by the Free Software Foundation; either version 2
00009 of the License, or (at your option) any later version.
00010 
00011 This program is distributed in the hope that it will be useful,
00012 but WITHOUT ANY WARRANTY; without even the implied warranty of
00013 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00014 GNU General Public License for more details.
00015 
00016 You should have received a copy of the GNU General Public License
00017 along with this program; if not, write to the Free Software
00018 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
00019 *//**
00020  * \file minitls.h
00021  * \copyright Copyright (c) AppNearMe Ltd 2013
00022  * \author Donatien Garnier
00023  */
00024 
00025 #ifndef MINITLS_H_
00026 #define MINITLS_H_
00027 
00028 /*
00029 http://tools.ietf.org/html/rfc5246
00030 http://tools.ietf.org/html/rfc4492
00031 http://tools.ietf.org/html/rfc4366#page-11 //Limit record length
00032 http://security.stackexchange.com/questions/3204/computationally-simple-lightweight-replacement-for-ssl-tls
00033 */
00034 
00035 #ifdef __cplusplus
00036 extern "C" {
00037 #endif
00038 
00039 //Implementation of the TLS1.2 protocol with TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA cipher suite
00040 
00041 #include "core/fwk.h"
00042 #include "inc/minitls_config.h"
00043 #include "inc/minitls_errors.h"
00044 
00045 #include "crypto/crypto_ecc.h"
00046 #include "crypto/crypto_rsa.h"
00047 #include "crypto/crypto_prng.h"
00048 
00049 typedef struct __tls_x509_certificate //If we know the server's certificate, we just have to do a memcmp to "verify" it
00050 {
00051   const uint8_t* certificate;
00052   size_t certificate_size;
00053 
00054   //These fields can either be decoded from the certificate (using ASN module -- TODO) or prepopulated
00055 
00056   //Decoded -- or prepopulated
00057   //crypto_ecc_curve_type_t ecc_curve;
00058   union
00059   {
00060 #if CRYPTO_ECC
00061     crypto_ecc_public_key_t ecc;
00062 #endif
00063 #if CRYPTO_RSA
00064     crypto_rsa_public_key_t rsa;
00065 #endif
00066   } public_key;
00067 
00068   //public_key_type (ECDH-capable)
00069   //signature_algorithm (ECDSA-SHA1) -- certificate is encrypted using private key and then hashed with SHA1
00070 } tls_x509_certificate_t;
00071 
00072 
00073 typedef struct __minitls
00074 {
00075   crypto_prng_t* prng;
00076   const tls_x509_certificate_t* certificate; //Certificate is global to all connections
00077 } minitls_t;
00078 
00079 
00080 minitls_err_t minitls_init(minitls_t* minitls, crypto_prng_t* prng);
00081 minitls_err_t minitls_certificate_add(minitls_t* minitls, const tls_x509_certificate_t* cert); //Only one supported now
00082 
00083 #ifdef __cplusplus
00084 }
00085 #endif
00086 
00087 #endif /* MINITLS_H_ */