This package includes the SharkSSL lite library and header files.
Dependents: WebSocket-Client-Example SharkMQ-LED-Demo
SharkSSL-Lite
Description: SharkSSL is an SSL v3.0 TLS v1.0/1.1/1.2 implementation of the TLS and SSL protocol standard. With its array of compile-time options and Raycrypto proprietary cryptographic algorithms, SharkSSL can be fine-tuned to a footprint that occupies less than 20 kB, while maintaining full x.509 authentication. The SharkSSL-Lite download includes a subset of SharkSSL and header files made for use in non-commercial and for evaluation purposes.
Features
- SSL|TLS v1.2
- Size: 21kB
- Encryption: Elliptic Curve Cryptography (ECC) | ChaCha20/Poly1305
- SharkSSL Online Documentation
- SMQ (Simple Message Queues) Client and SMQ Documentation
- Secure WebSocket Client
- Secure MQTT Client
Examples
- SharkMQ LED Demo: Secure control of LEDs on your mbed board using a browser.
- WebSocket Client: Connect to ELIZA the Psychotherapist
Limitations
SharkSSL-Lite includes a limited set of ciphers. To use SharkSSL-Lite, the peer side must support Elliptic Curve Cryptography (ECC) and you must use ECC certificates. The peer side must also support the new ChaCha20/Poly1305 cipher combination.
ChaCha20 and Poly1305 for TLS is published RFC 7905. The development of this new cipher was a response to many attacks discovered against other widely used TLS cipher suites. ChaCha20 is the cipher and Poly1305 is an authenticated encryption mode.
SharkSSL-Lite occupies less than 20kB, while maintaining full x.509 authentication. The ChaCha20/Poly1305 cipher software implementation is equally as fast as many hardware accelerated AES engines.
Creating ECC Certificates for SharkSSL-Lite
The following video shows how to create an Elliptic Curve Cryptography (ECC) certificate for a server, how to install the certificate in the server, and how to make the mbed clients connecting to the server trust this certificate. The server in this video is installed on a private/personal computer on a private network for test purposes. The video was produced for the embedded.com article How to run your own secure IoT cloud server.
Diff: inc/TargConfig.h
- Revision:
- 0:e0adec41ad6b
- Child:
- 1:d5e0e1dcf0d6
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/inc/TargConfig.h Wed Apr 06 00:46:36 2016 +0000 @@ -0,0 +1,168 @@ +/** + * ____ _________ __ _ + * / __ \___ ____ _/ /_ __(_)___ ___ ___ / / ____ ____ _(_)____ + * / /_/ / _ \/ __ `/ / / / / / __ `__ \/ _ \/ / / __ \/ __ `/ / ___/ + * / _, _/ __/ /_/ / / / / / / / / / / / __/ /___/ /_/ / /_/ / / /__ + * /_/ |_|\___/\__,_/_/ /_/ /_/_/ /_/ /_/\___/_____/\____/\__, /_/\___/ + * /____/ + * + * SharkSSL Embedded SSL/TLS Stack + **************************************************************************** + * PROGRAM MODULE + * + * $Id$ + * + * COPYRIGHT: Real Time Logic LLC, 2016 + * + * This software is copyrighted by and is the sole property of Real + * Time Logic LLC. All rights, title, ownership, or other interests in + * the software remain the property of Real Time Logic LLC. This + * software may only be used in accordance with the terms and + * conditions stipulated in the corresponding license agreement under + * which the software has been supplied. Any unauthorized use, + * duplication, transmission, distribution, or disclosure of this + * software is expressly forbidden. + * + * This Copyright notice may not be removed or modified without prior + * written consent of Real Time Logic LLC. + * + * Real Time Logic LLC. reserves the right to modify this software + * without notice. + * + * http://www.realtimelogic.com + * http://www.sharkssl.com + **************************************************************************** + * + */ +#ifndef _SharkSsl_TargConfig_h +#define _SharkSsl_TargConfig_h + +#include <cmsis_os.h> +#include <time.h> + + +#ifndef NDEBUG +#define baAssert(x) ((x) ? 0 : sharkAssert(__FILE__, __LINE__)) +#else +#define baAssert(x) +#endif + +#ifdef __cplusplus +extern "C" { +#endif +int sharkAssert(const char* file, int line); +#ifdef __cplusplus +} +#endif + +#ifdef _SHARKSSL_C_ +const char* assert_file; +int assert_line; +int sharkAssert(const char* file, int line) +{ + assert_file = file; + assert_line = line; + for(;;); +} +#endif + + + +/* The following is not required by SharkSSL, but is used by some of + the examples. +*/ + +#ifndef TRUE +#define TRUE 1 +#endif + +#ifndef FALSE +#define FALSE 0 +#endif + +/** + * baMalloc should return 32-bit aligned addresses when succesful, + * (void*)0 when not succesful. + * baRealloc should return 32-bit aligned addresses when succesful, + * (void*)0 when not succesful or NOT available. + */ + +#ifdef UMM_MALLOC +#include "../../../examples/malloc/umm_malloc.h" +#define baMalloc(s) umm_malloc(s) +#define baRealloc(m, s) umm_realloc(m, s) +#define baFree(m) umm_free(m) +#else +#include <stdlib.h> +#define baMalloc(s) malloc(s) /* should return 32-bit aligned address */ +#define baRealloc(m, s) realloc(m, s) /* as above */ +#define baFree(m) free(m) +#endif + +#ifndef __MBED__ +#ifndef INTEGRAL_TYPES +#define INTEGRAL_TYPES +#if (__STDC_VERSION__ >= 199901L) || defined( __GNUC__) +#include <stdint.h> +typedef uint8_t U8; +typedef int8_t S8; +typedef uint16_t U16; +typedef int16_t S16; +typedef uint32_t U32; +typedef int32_t S32; +typedef uint64_t U64; +typedef int64_t S64; +#else +typedef unsigned char U8; +typedef signed char S8; +typedef unsigned short U16; +typedef signed short S16; +typedef unsigned int U32; +typedef signed int S32; +typedef unsigned long long U64; +typedef signed long long S64; +#endif +#endif +#endif +typedef U8 BaBool; + +#ifdef EXT_SHARK_LIB +U32 baGetUnixTime(void); +char *sharkStrchr(const char *s, int c); +char *sharkStrstr(const char *haystack, const char *needle); +#else +#define baGetUnixTime() time(0) +#endif + +typedef struct ThreadMutexBase +{ + osMutexId sharkMutex; +} ThreadMutexBase; + +void ThreadMutex_destructor(ThreadMutexBase* o); +void ThreadMutex_set(ThreadMutexBase* o); +void ThreadMutex_release(ThreadMutexBase* o); +void ThreadMutex_constructor(ThreadMutexBase* o); + +#ifdef _SHARKSSL_C_ +osMutexDef(sharkMutexDef); +void ThreadMutex_destructor(ThreadMutexBase* o) +{ + osMutexDelete(o->sharkMutex); +} +void ThreadMutex_set(ThreadMutexBase* o) +{ + osMutexWait(o->sharkMutex, osWaitForever); +} +void ThreadMutex_release(ThreadMutexBase* o) +{ + osMutexRelease(o->sharkMutex); +} +void ThreadMutex_constructor(ThreadMutexBase* o) +{ + o->sharkMutex=osMutexCreate(osMutex(sharkMutexDef)); +} +#endif + + +#endif /* _SharkSsl_TargConfig_h */