Real Time Logic LLC / SharkSSL-Lite

This package includes the SharkSSL lite library and header files.

Dependents:   WebSocket-Client-Example SharkMQ-LED-Demo

SharkSSL-Lite

Description: SharkSSL is an SSL v3.0 TLS v1.0/1.1/1.2 implementation of the TLS and SSL protocol standard. With its array of compile-time options and Raycrypto proprietary cryptographic algorithms, SharkSSL can be fine-tuned to a footprint that occupies less than 20 kB, while maintaining full x.509 authentication. The SharkSSL-Lite download includes a subset of SharkSSL and header files made for use in non-commercial and for evaluation purposes.

Features

• SSL|TLS v1.2
• Size: 21kB
• Encryption: Elliptic Curve Cryptography (ECC) | ChaCha20/Poly1305
• SharkSSL Online Documentation
• SMQ (Simple Message Queues) Client and SMQ Documentation
• Secure WebSocket Client
• Secure MQTT Client

Examples

• SharkMQ LED Demo: Secure control of LEDs on your mbed board using a browser.
• WebSocket Client: Connect to ELIZA the Psychotherapist

Limitations

SharkSSL-Lite includes a limited set of ciphers. To use SharkSSL-Lite, the peer side must support Elliptic Curve Cryptography (ECC) and you must use ECC certificates. The peer side must also support the new ChaCha20/Poly1305 cipher combination.

ChaCha20 and Poly1305 for TLS is published RFC 7905. The development of this new cipher was a response to many attacks discovered against other widely used TLS cipher suites. ChaCha20 is the cipher and Poly1305 is an authenticated encryption mode.

SharkSSL-Lite occupies less than 20kB, while maintaining full x.509 authentication. The ChaCha20/Poly1305 cipher software implementation is equally as fast as many hardware accelerated AES engines.

Creating ECC Certificates for SharkSSL-Lite

The following video shows how to create an Elliptic Curve Cryptography (ECC) certificate for a server, how to install the certificate in the server, and how to make the mbed clients connecting to the server trust this certificate. The server in this video is installed on a private/personal computer on a private network for test purposes. The video was produced for the embedded.com article How to run your own secure IoT cloud server.

--- a/inc/TargConfig.h	Wed Apr 06 00:46:36 2016 +0000
+++ b/inc/TargConfig.h	Mon May 23 13:56:30 2016 +0000
@@ -99,7 +99,12 @@
 #define baFree(m)          free(m)
 #endif
 
-#ifndef __MBED__
+/* Some mbed releases use conflicting types. Undo the two macro
+   definitions commented out below if you get 'undefined' compile
+   errors.
+*/
+/* #ifndef __MBED__ */
+
 #ifndef INTEGRAL_TYPES
 #define INTEGRAL_TYPES
 #if (__STDC_VERSION__ >= 199901L) || defined( __GNUC__)
@@ -123,7 +128,9 @@
 typedef signed   long long S64;
 #endif
 #endif
-#endif
+
+/* #endif */ /* __MBED__ */
+
 typedef U8 BaBool;
 
 #ifdef EXT_SHARK_LIB