This package includes the SharkSSL lite library and header files.
Dependents: WebSocket-Client-Example SharkMQ-LED-Demo
SharkSSL-Lite
Description: SharkSSL is an SSL v3.0 TLS v1.0/1.1/1.2 implementation of the TLS and SSL protocol standard. With its array of compile-time options and Raycrypto proprietary cryptographic algorithms, SharkSSL can be fine-tuned to a footprint that occupies less than 20 kB, while maintaining full x.509 authentication. The SharkSSL-Lite download includes a subset of SharkSSL and header files made for use in non-commercial and for evaluation purposes.
Features
- SSL|TLS v1.2
- Size: 21kB
- Encryption: Elliptic Curve Cryptography (ECC) | ChaCha20/Poly1305
- SharkSSL Online Documentation
- SMQ (Simple Message Queues) Client and SMQ Documentation
- Secure WebSocket Client
- Secure MQTT Client
Examples
- SharkMQ LED Demo: Secure control of LEDs on your mbed board using a browser.
- WebSocket Client: Connect to ELIZA the Psychotherapist
Limitations
SharkSSL-Lite includes a limited set of ciphers. To use SharkSSL-Lite, the peer side must support Elliptic Curve Cryptography (ECC) and you must use ECC certificates. The peer side must also support the new ChaCha20/Poly1305 cipher combination.
ChaCha20 and Poly1305 for TLS is published RFC 7905. The development of this new cipher was a response to many attacks discovered against other widely used TLS cipher suites. ChaCha20 is the cipher and Poly1305 is an authenticated encryption mode.
SharkSSL-Lite occupies less than 20kB, while maintaining full x.509 authentication. The ChaCha20/Poly1305 cipher software implementation is equally as fast as many hardware accelerated AES engines.
Creating ECC Certificates for SharkSSL-Lite
The following video shows how to create an Elliptic Curve Cryptography (ECC) certificate for a server, how to install the certificate in the server, and how to make the mbed clients connecting to the server trust this certificate. The server in this video is installed on a private/personal computer on a private network for test purposes. The video was produced for the embedded.com article How to run your own secure IoT cloud server.
Diff: src/seLwIP.c
- Revision:
- 0:e0adec41ad6b
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/src/seLwIP.c Wed Apr 06 00:46:36 2016 +0000 @@ -0,0 +1,196 @@ +/** + * ____ _________ __ _ + * / __ \___ ____ _/ /_ __(_)___ ___ ___ / / ____ ____ _(_)____ + * / /_/ / _ \/ __ `/ / / / / / __ `__ \/ _ \/ / / __ \/ __ `/ / ___/ + * / _, _/ __/ /_/ / / / / / / / / / / / __/ /___/ /_/ / /_/ / / /__ + * /_/ |_|\___/\__,_/_/ /_/ /_/_/ /_/ /_/\___/_____/\____/\__, /_/\___/ + * /____/ + * + * SharkSSL Embedded SSL/TLS Stack + **************************************************************************** + * PROGRAM MODULE + * + * $Id: seLwIP.c 3871 2016-03-27 01:23:13Z wini $ + * + * COPYRIGHT: Real Time Logic LLC, 2014 - 2016 + * + * This software is copyrighted by and is the sole property of Real + * Time Logic LLC. All rights, title, ownership, or other interests in + * the software remain the property of Real Time Logic LLC. This + * software may only be used in accordance with the terms and + * conditions stipulated in the corresponding license agreement under + * which the software has been supplied. Any unauthorized use, + * duplication, transmission, distribution, or disclosure of this + * software is expressly forbidden. + * + * This Copyright notice may not be removed or modified without prior + * written consent of Real Time Logic LLC. + * + * Real Time Logic LLC. reserves the right to modify this software + * without notice. + * + * http://realtimelogic.com + * http://sharkssl.com + **************************************************************************** + */ + + +#include <selib.h> +#include <lwip/opt.h> +#include <lwip/arch.h> +#include <lwip/api.h> + +#ifndef SharkSSLLwIP +#error SharkSSLLwIP not defined -> Using incorrect selibplat.h +#endif + + +#if LWIP_SO_RCVTIMEO != 1 +#error LWIP_SO_RCVTIMEO must be set +#endif + +#ifndef netconn_set_recvtimeout +#define OLD_LWIP +#define netconn_set_recvtimeout(conn, timeout) \ + ((conn)->recv_timeout = (timeout)) +#endif + + + + +int se_accept(SOCKET** listenSock, U32 timeout, SOCKET** outSock) +{ + err_t err; + memset(*outSock, 0, sizeof(SOCKET)); + netconn_set_recvtimeout( + (*listenSock)->con, timeout == INFINITE_TMO ? 0 : timeout); +#ifdef OLD_LWIP + (*outSock)->con = netconn_accept((*listenSock)->con); + err = (*outSock)->con->err; + if(!(*outSock)->con && !err) err = ERR_CONN; +#else + err = netconn_accept((*listenSock)->con, &(*outSock)->con); +#endif + if(err != ERR_OK) + { + return err == ERR_TIMEOUT ? 0 : -1; + } + return 1; +} + + +int se_bind(SOCKET* sock, U16 port) +{ + int err; + memset(sock, 0, sizeof(SOCKET)); + sock->con = netconn_new(NETCONN_TCP); + if( ! sock->con ) + return -1; + if(netconn_bind(sock->con, IP_ADDR_ANY, port) == ERR_OK) + { + if(netconn_listen(sock->con) == ERR_OK) + return 0; + err = -2; + } + else + err = -3; + netconn_delete(sock->con); + sock->con=0; + return err; +} + + + +/* Returns 0 on success. + Error codes returned: + -1: Cannot create socket: Fatal + -2: Cannot resolve 'address' + -3: Cannot connect +*/ +int se_connect(SOCKET* sock, const char* name, U16 port) +{ +#ifdef OLD_LWIP + struct ip_addr addr; +#else + ip_addr_t addr; +#endif + memset(sock, 0, sizeof(SOCKET)); + if(netconn_gethostbyname(name, &addr) != ERR_OK) + return -2; + sock->con = netconn_new(NETCONN_TCP); + if( ! sock->con ) + return -1; + if(netconn_connect(sock->con, &addr, port) == ERR_OK) + return 0; + netconn_delete(sock->con); + sock->con=0; + return -3; +} + + + +void se_close(SOCKET* sock) +{ + if(sock->con) + netconn_delete(sock->con); + if(sock->nbuf) + netbuf_delete(sock->nbuf); + memset(sock, 0, sizeof(SOCKET)); +} + + + +S32 se_send(SOCKET* sock, const void* buf, U32 len) +{ + err_t err=netconn_write(sock->con, buf, len, NETCONN_COPY); + if(err != ERR_OK) + { + se_close(sock); + return (S32)err; + } + return len; +} + + + +S32 se_recv(SOCKET* sock, void* data, U32 len, U32 timeout) +{ + int rlen; + netconn_set_recvtimeout(sock->con, timeout == INFINITE_TMO ? 0 : timeout); + if( ! sock->nbuf ) + { + err_t err; + sock->pbOffs = 0; +#ifdef OLD_LWIP + sock->nbuf = netconn_recv(sock->con); + err = sock->con->err; + if(!sock->nbuf && !err) err = ERR_CONN; +#else + err = netconn_recv(sock->con, &sock->nbuf); +#endif + if(ERR_OK != err) + { + if(sock->nbuf) + netbuf_delete(sock->nbuf); + sock->nbuf=0; + return err == ERR_TIMEOUT ? 0 : (S32)err; + } + } + rlen=(int)netbuf_copy_partial(sock->nbuf,(U8*)data,len,sock->pbOffs); + if(!rlen) + return -1; + sock->pbOffs += rlen; + if(sock->pbOffs >= netbuf_len(sock->nbuf)) + { + netbuf_delete(sock->nbuf); + sock->nbuf=0; + } + return rlen; +} + + + +int se_sockValid(SOCKET* sock) +{ + return sock->con != 0; +}