Real Time Logic LLC / SharkSSL-Lite

This package includes the SharkSSL lite library and header files.

Dependents:   WebSocket-Client-Example SharkMQ-LED-Demo

SharkSSL-Lite

Description: SharkSSL is an SSL v3.0 TLS v1.0/1.1/1.2 implementation of the TLS and SSL protocol standard. With its array of compile-time options and Raycrypto proprietary cryptographic algorithms, SharkSSL can be fine-tuned to a footprint that occupies less than 20 kB, while maintaining full x.509 authentication. The SharkSSL-Lite download includes a subset of SharkSSL and header files made for use in non-commercial and for evaluation purposes.

Features

Examples

Limitations

SharkSSL-Lite includes a limited set of ciphers. To use SharkSSL-Lite, the peer side must support Elliptic Curve Cryptography (ECC) and you must use ECC certificates. The peer side must also support the new ChaCha20/Poly1305 cipher combination.

ChaCha20 and Poly1305 for TLS is published RFC 7905. The development of this new cipher was a response to many attacks discovered against other widely used TLS cipher suites. ChaCha20 is the cipher and Poly1305 is an authenticated encryption mode.

SharkSSL-Lite occupies less than 20kB, while maintaining full x.509 authentication. The ChaCha20/Poly1305 cipher software implementation is equally as fast as many hardware accelerated AES engines.

Creating ECC Certificates for SharkSSL-Lite

The following video shows how to create an Elliptic Curve Cryptography (ECC) certificate for a server, how to install the certificate in the server, and how to make the mbed clients connecting to the server trust this certificate. The server in this video is installed on a private/personal computer on a private network for test purposes. The video was produced for the embedded.com article How to run your own secure IoT cloud server.

inc/SharkSslEx.h@1:d5e0e1dcf0d6, 2016-05-23 (annotated)

Committer:
wini
Date:
Mon May 23 13:56:30 2016 +0000
Revision:
1:d5e0e1dcf0d6
Parent:
0:e0adec41ad6b 
Type conflict fix (U8-U32) for latest mbed release.

Who changed what in which revision?

UserRevisionLine numberNew contents of line
wini 0:e0adec41ad6b 1 /*
wini 0:e0adec41ad6b 2 * ____ _________ __ _
wini 0:e0adec41ad6b 3 * / __ \___ ____ _/ /_ __(_)___ ___ ___ / / ____ ____ _(_)____
wini 0:e0adec41ad6b 4 * / /_/ / _ \/ __ `/ / / / / / __ `__ \/ _ \/ / / __ \/ __ `/ / ___/
wini 0:e0adec41ad6b 5 * / _, _/ __/ /_/ / / / / / / / / / / / __/ /___/ /_/ / /_/ / / /__
wini 0:e0adec41ad6b 6 * /_/ |_|\___/\__,_/_/ /_/ /_/_/ /_/ /_/\___/_____/\____/\__, /_/\___/
wini 0:e0adec41ad6b 7 * /____/
wini 0:e0adec41ad6b 8 *
wini 0:e0adec41ad6b 9 * SharkSSL Embedded SSL/TLS Stack
wini 0:e0adec41ad6b 10 ****************************************************************************
wini 0:e0adec41ad6b 11 * PROGRAM MODULE
wini 0:e0adec41ad6b 12 *
wini 0:e0adec41ad6b 13 * $Id: SharkSslEx.h 3670 2015-03-28 21:25:15Z gianluca $
wini 0:e0adec41ad6b 14 *
wini 0:e0adec41ad6b 15 * COPYRIGHT: Real Time Logic LLC, 2013
wini 0:e0adec41ad6b 16 *
wini 0:e0adec41ad6b 17 * This software is copyrighted by and is the sole property of Real
wini 0:e0adec41ad6b 18 * Time Logic LLC. All rights, title, ownership, or other interests in
wini 0:e0adec41ad6b 19 * the software remain the property of Real Time Logic LLC. This
wini 0:e0adec41ad6b 20 * software may only be used in accordance with the terms and
wini 0:e0adec41ad6b 21 * conditions stipulated in the corresponding license agreement under
wini 0:e0adec41ad6b 22 * which the software has been supplied. Any unauthorized use,
wini 0:e0adec41ad6b 23 * duplication, transmission, distribution, or disclosure of this
wini 0:e0adec41ad6b 24 * software is expressly forbidden.
wini 0:e0adec41ad6b 25 *
wini 0:e0adec41ad6b 26 * This Copyright notice may not be removed or modified without prior
wini 0:e0adec41ad6b 27 * written consent of Real Time Logic LLC.
wini 0:e0adec41ad6b 28 *
wini 0:e0adec41ad6b 29 * Real Time Logic LLC. reserves the right to modify this software
wini 0:e0adec41ad6b 30 * without notice.
wini 0:e0adec41ad6b 31 *
wini 0:e0adec41ad6b 32 * http://www.realtimelogic.com
wini 0:e0adec41ad6b 33 * http://www.sharkssl.com
wini 0:e0adec41ad6b 34 ****************************************************************************
wini 0:e0adec41ad6b 35 *
wini 0:e0adec41ad6b 36 */
wini 0:e0adec41ad6b 37 #ifndef _SharkSslEx_h
wini 0:e0adec41ad6b 38 #define _SharkSslEx_h
wini 0:e0adec41ad6b 39
wini 0:e0adec41ad6b 40 #include "SharkSSL.h"
wini 0:e0adec41ad6b 41
wini 0:e0adec41ad6b 42
wini 0:e0adec41ad6b 43 /** Case insensitive string compare.
wini 0:e0adec41ad6b 44 */
wini 0:e0adec41ad6b 45 int sharkStrCaseCmp(const char *a, const char *b, int len);
wini 0:e0adec41ad6b 46
wini 0:e0adec41ad6b 47 /** @addtogroup SharkSslInfoAndCodes
wini 0:e0adec41ad6b 48 @{
wini 0:e0adec41ad6b 49 */
wini 0:e0adec41ad6b 50
wini 0:e0adec41ad6b 51 /** #SharkSslCon_trusted return values */
wini 0:e0adec41ad6b 52 typedef enum
wini 0:e0adec41ad6b 53 {
wini 0:e0adec41ad6b 54 /** Not a secure connection (SSL handshake not completed).
wini 0:e0adec41ad6b 55 */
wini 0:e0adec41ad6b 56 SharkSslConTrust_NotSSL=10,
wini 0:e0adec41ad6b 57
wini 0:e0adec41ad6b 58 /** The SSL certificate is not trusted and the subject's common
wini 0:e0adec41ad6b 59 name does not matches the host name of the URL.
wini 0:e0adec41ad6b 60 */
wini 0:e0adec41ad6b 61 SharkSslConTrust_None,
wini 0:e0adec41ad6b 62
wini 0:e0adec41ad6b 63 /** Domain mismatch: The SSL certificate is trusted but the
wini 0:e0adec41ad6b 64 subject's common name does not matches the host name of the URL.
wini 0:e0adec41ad6b 65 */
wini 0:e0adec41ad6b 66 SharkSslConTrust_Cert,
wini 0:e0adec41ad6b 67
wini 0:e0adec41ad6b 68 /** The subject's common name matches the host name of the URL, but
wini 0:e0adec41ad6b 69 the certificate is not trusted. This is typical for expired
wini 0:e0adec41ad6b 70 certificates.
wini 0:e0adec41ad6b 71 */
wini 0:e0adec41ad6b 72 SharkSslConTrust_Cn,
wini 0:e0adec41ad6b 73
wini 0:e0adec41ad6b 74 /** The peer's SSL certificate is trusted and the
wini 0:e0adec41ad6b 75 subject's common name matches the host name of the URL.
wini 0:e0adec41ad6b 76 */
wini 0:e0adec41ad6b 77 SharkSslConTrust_CertCn
wini 0:e0adec41ad6b 78 } SharkSslConTrust;
wini 0:e0adec41ad6b 79
wini 0:e0adec41ad6b 80 /** @} */ /* end group SharkSslInfoAndCodes */
wini 0:e0adec41ad6b 81
wini 0:e0adec41ad6b 82 /** @addtogroup SharkSslApi
wini 0:e0adec41ad6b 83 @{
wini 0:e0adec41ad6b 84 */
wini 0:e0adec41ad6b 85
wini 0:e0adec41ad6b 86 /** Returns the peer's "trust" status and certificate.
wini 0:e0adec41ad6b 87
wini 0:e0adec41ad6b 88 \param o the SharkSslCon object
wini 0:e0adec41ad6b 89
wini 0:e0adec41ad6b 90 \param name is the domain name (common name)
wini 0:e0adec41ad6b 91
wini 0:e0adec41ad6b 92 \param cPtr is an optional pointer that will be set to the
wini 0:e0adec41ad6b 93 connections's SharkSslCertInfo object, if provided.
wini 0:e0adec41ad6b 94
wini 0:e0adec41ad6b 95 \returns SharkSslConTrust
wini 0:e0adec41ad6b 96
wini 0:e0adec41ad6b 97 \sa SharkSslConTrust and SharkSslCon_trustedCA
wini 0:e0adec41ad6b 98 */
wini 0:e0adec41ad6b 99 SHARKSSL_API SharkSslConTrust SharkSslCon_trusted(
wini 0:e0adec41ad6b 100 SharkSslCon* o, const char* name, SharkSslCertInfo** cPtr);
wini 0:e0adec41ad6b 101
wini 0:e0adec41ad6b 102 /** @} */ /* end group SharkSslApi */
wini 0:e0adec41ad6b 103
wini 0:e0adec41ad6b 104 #endif