This package includes the SharkSSL lite library and header files.
Dependents: WebSocket-Client-Example SharkMQ-LED-Demo
SharkSSL-Lite
Description: SharkSSL is an SSL v3.0 TLS v1.0/1.1/1.2 implementation of the TLS and SSL protocol standard. With its array of compile-time options and Raycrypto proprietary cryptographic algorithms, SharkSSL can be fine-tuned to a footprint that occupies less than 20 kB, while maintaining full x.509 authentication. The SharkSSL-Lite download includes a subset of SharkSSL and header files made for use in non-commercial and for evaluation purposes.
Features
- SSL|TLS v1.2
- Size: 21kB
- Encryption: Elliptic Curve Cryptography (ECC) | ChaCha20/Poly1305
- SharkSSL Online Documentation
- SMQ (Simple Message Queues) Client and SMQ Documentation
- Secure WebSocket Client
- Secure MQTT Client
Examples
- SharkMQ LED Demo: Secure control of LEDs on your mbed board using a browser.
- WebSocket Client: Connect to ELIZA the Psychotherapist
Limitations
SharkSSL-Lite includes a limited set of ciphers. To use SharkSSL-Lite, the peer side must support Elliptic Curve Cryptography (ECC) and you must use ECC certificates. The peer side must also support the new ChaCha20/Poly1305 cipher combination.
ChaCha20 and Poly1305 for TLS is published RFC 7905. The development of this new cipher was a response to many attacks discovered against other widely used TLS cipher suites. ChaCha20 is the cipher and Poly1305 is an authenticated encryption mode.
SharkSSL-Lite occupies less than 20kB, while maintaining full x.509 authentication. The ChaCha20/Poly1305 cipher software implementation is equally as fast as many hardware accelerated AES engines.
Creating ECC Certificates for SharkSSL-Lite
The following video shows how to create an Elliptic Curve Cryptography (ECC) certificate for a server, how to install the certificate in the server, and how to make the mbed clients connecting to the server trust this certificate. The server in this video is installed on a private/personal computer on a private network for test purposes. The video was produced for the embedded.com article How to run your own secure IoT cloud server.
inc/SharkSslCrypto.h
- Committer:
- wini
- Date:
- 2016-05-23
- Revision:
- 1:d5e0e1dcf0d6
- Parent:
- 0:e0adec41ad6b
File content as of revision 1:d5e0e1dcf0d6:
/* * ____ _________ __ _ * / __ \___ ____ _/ /_ __(_)___ ___ ___ / / ____ ____ _(_)____ * / /_/ / _ \/ __ `/ / / / / / __ `__ \/ _ \/ / / __ \/ __ `/ / ___/ * / _, _/ __/ /_/ / / / / / / / / / / / __/ /___/ /_/ / /_/ / / /__ * /_/ |_|\___/\__,_/_/ /_/ /_/_/ /_/ /_/\___/_____/\____/\__, /_/\___/ * /____/ * * SharkSSL Embedded SSL/TLS Stack **************************************************************************** * PROGRAM MODULE * * $Id: SharkSslCrypto.h 3686 2015-04-27 06:35:45Z gianluca $ * * COPYRIGHT: Real Time Logic LLC, 2010 - 2013 * * This software is copyrighted by and is the sole property of Real * Time Logic LLC. All rights, title, ownership, or other interests in * the software remain the property of Real Time Logic LLC. This * software may only be used in accordance with the terms and * conditions stipulated in the corresponding license agreement under * which the software has been supplied. Any unauthorized use, * duplication, transmission, distribution, or disclosure of this * software is expressly forbidden. * * This Copyright notice may not be removed or modified without prior * written consent of Real Time Logic LLC. * * Real Time Logic LLC. reserves the right to modify this software * without notice. * * http://www.realtimelogic.com * http://www.sharkssl.com **************************************************************************** * */ #ifndef _SharkSslCrypto_h #define _SharkSslCrypto_h #define SHARKSSL_LIB 1 #include "SharkSSL.h" #define SHARKSSL_MD5_HASH_LEN 16 #define SHARKSSL_SHA1_HASH_LEN 20 #define SHARKSSL_SHA256_HASH_LEN 32 #define SHARKSSL_SHA384_HASH_LEN 48 #define SHARKSSL_SHA512_HASH_LEN 64 #define SHARKSSL_POLY1305_HASH_LEN 16 #if SHARKSSL_USE_MD5 /** MD5 \ingroup RayCryptoMD5 */ typedef struct SharkSslMd5Ctx { U32 total[2]; U32 state[4]; U8 buffer[64]; } SharkSslMd5Ctx; #endif #if SHARKSSL_USE_SHA1 /** SHA1 \ingroup RayCryptoSHA1 */ typedef struct SharkSslSha1Ctx { U32 total[2]; U32 state[5]; U8 buffer[64]; } SharkSslSha1Ctx; #endif #if SHARKSSL_USE_SHA_256 /** SHA256 \ingroup RayCryptoSHA256 */ typedef struct SharkSslSha256Ctx { U32 total[2]; U32 state[8]; U8 buffer[64]; } SharkSslSha256Ctx; #endif #if (SHARKSSL_USE_SHA_384 || SHARKSSL_USE_SHA_512) /** SHA384 \ingroup RayCryptoSHA384 */ typedef struct SharkSslSha384Ctx { U32 total[4]; U64 state[8]; U8 buffer[128]; } SharkSslSha384Ctx; #endif #if SHARKSSL_USE_SHA_512 /** SHA512 \ingroup RayCryptoSHA512 */ typedef struct SharkSslSha384Ctx SharkSslSha512Ctx; #endif #if SHARKSSL_USE_POLY1305 /** POLY1305 \ingroup RayCryptoPOLY1305 */ typedef struct SharkSslPoly1305Ctx { U32 r[5]; U32 key[4]; U32 nonce[4]; U8 buffer[16]; U8 flag, blen; } SharkSslPoly1305Ctx; #endif #if SHARKSSL_USE_CHACHA20 /** CHACHA20 \ingroup RayCryptoCHACHA20 */ typedef struct { U32 state[16]; } SharkSslChaChaCtx; #endif #if SHARKSSL_USE_ARC4 /** ARC4 \ingroup RayCryptoARC4 */ typedef struct SharkSslArc4Ctx { U8 x; U8 y; U8 b[256]; } SharkSslArc4Ctx; #endif #if (SHARKSSL_USE_DES || SHARKSSL_USE_3DES) /** DES \ingroup RayCryptoDES */ typedef struct SharkSslDesCtx { #if SHARKSSL_NOPACK U32 key[96]; /* Max size == 3DES */ U8 tdea; #else #if (SHARKSSL_USE_CAU || SHARKSSL_USE_MMCAU) #if SHARKSSL_USE_3DES U32 key[6]; #else U32 key[2]; #endif #else #if SHARKSSL_USE_3DES U32 key[96]; #else U32 key[32]; #endif #endif #if (SHARKSSL_USE_DES && SHARKSSL_USE_3DES) U8 tdea; #endif #endif } SharkSslDesCtx; /* Encrypt/decrypt type */ typedef enum { SharkSslDesCtx_Decrypt, /*!< Decrypt */ SharkSslDesCtx_Encrypt /*!< Encrypt */ } SharkSslDesCtx_Type; #endif #if (SHARKSSL_USE_AES_256 || SHARKSSL_USE_AES_192 || SHARKSSL_USE_AES_128) /** AES \ingroup RayCryptoAES */ typedef struct SharkSslAesCtx { #if (SHARKSSL_USE_AES_256 || SHARKSSL_NOPACK) U32 key[60]; #elif SHARKSSL_USE_AES_192 U32 key[52]; #else U32 key[44]; #endif U16 nr; } SharkSslAesCtx; typedef enum { SharkSslAesCtx_Decrypt, SharkSslAesCtx_Encrypt } SharkSslAesCtx_Type; #if SHARKSSL_ENABLE_AES_GCM /** AesGcmCtx \ingroup RayCryptoAesGcm */ typedef struct SharkSslAesGcmCtx { SharkSslAesCtx super; U8 M0[16][16]; } SharkSslAesGcmCtx; #endif #if SHARKSSL_ENABLE_AES_CCM /** AesCcmCtx \ingroup RayCryptoAesCcm */ typedef struct SharkSslAesCcmCtx { SharkSslAesCtx super; U8 tagLen; } SharkSslAesCcmCtx; #endif #endif /* SHARKSSL_USE_AES_256 || SHARKSSL_USE_AES_192 || SHARKSSL_USE_AES_128 */ #ifdef __cplusplus extern "C" { #endif /* SharkSslCrypto.c */ SHARKSSL_API int sharkssl_entropy(U32); SHARKSSL_API int sharkssl_rng(U8*, U16); SHARKSSL_API int sharkssl_kmemcmp(const void *a, const void *b, U32 n); #if SHARKSSL_USE_MD5 /** Initialize \ingroup RayCryptoMD5 \param ctx Uninitialized data of size sizeof(SharkSslMd5Ctx). */ SHARKSSL_API void SharkSslMd5Ctx_constructor(SharkSslMd5Ctx* ctx); /** append \ingroup RayCryptoMD5 */ SHARKSSL_API void SharkSslMd5Ctx_append(SharkSslMd5Ctx* ctx, const U8* data, U32 len); /** finish \ingroup RayCryptoMD5 */ SHARKSSL_API void SharkSslMd5Ctx_finish(SharkSslMd5Ctx* ctx, U8 digest[SHARKSSL_MD5_HASH_LEN]); /** md5 \ingroup RayCryptoMD5 */ SHARKSSL_API int sharkssl_md5(const U8*, U16, U8*); #endif #if SHARKSSL_USE_SHA1 /** Initialize \ingroup RayCryptoSHA1 \param ctx Uninitialized data of size sizeof(SharkSslSha1Ctx). */ SHARKSSL_API void SharkSslSha1Ctx_constructor(SharkSslSha1Ctx* ctx); /** append \ingroup RayCryptoSHA1 */ SHARKSSL_API void SharkSslSha1Ctx_append(SharkSslSha1Ctx* ctx, const U8* data, U32 len); /** finish \ingroup RayCryptoSHA1 */ SHARKSSL_API void SharkSslSha1Ctx_finish(SharkSslSha1Ctx*, U8 digest[SHARKSSL_SHA1_HASH_LEN]); /** sha1 \ingroup RayCryptoSHA1 */ SHARKSSL_API int sharkssl_sha1(const U8*, U16, U8*); #endif #if SHARKSSL_USE_SHA_256 /** Initialize \ingroup RayCryptoSHA256 \param ctx Uninitialized data of size sizeof(SharkSslSha256Ctx). */ SHARKSSL_API void SharkSslSha256Ctx_constructor(SharkSslSha256Ctx* ctx); /** append \ingroup RayCryptoSHA256 */ SHARKSSL_API void SharkSslSha256Ctx_append(SharkSslSha256Ctx*, const U8* data, U32 len); /** finish \ingroup RayCryptoSHA256 */ SHARKSSL_API void SharkSslSha256Ctx_finish(SharkSslSha256Ctx*, U8 digest[SHARKSSL_SHA256_HASH_LEN]); /** sha256 \ingroup RayCryptoSHA256 */ SHARKSSL_API int sharkssl_sha256(const U8*, U16, U8*); #endif #if SHARKSSL_USE_SHA_384 /** Initialize \ingroup RayCryptoSHA384 \param ctx Uninitialized data of size sizeof(SharkSslSha384Ctx). */ SHARKSSL_API void SharkSslSha384Ctx_constructor(SharkSslSha384Ctx* ctx); /** append \ingroup RayCryptoSHA384 */ SHARKSSL_API void SharkSslSha384Ctx_append(SharkSslSha384Ctx*, const U8* data, U32 len); /** finish \ingroup RayCryptoSHA384 */ SHARKSSL_API void SharkSslSha384Ctx_finish(SharkSslSha384Ctx*, U8 digest[SHARKSSL_SHA384_HASH_LEN]); /** sha384 \ingroup RayCryptoSHA384 */ SHARKSSL_API int sharkssl_sha384(const U8*, U16, U8*); #endif #if SHARKSSL_USE_SHA_512 /** Initialize \ingroup RayCryptoSHA512 \param ctx Uninitialized data of size sizeof(SharkSslSha512Ctx). */ SHARKSSL_API void SharkSslSha512Ctx_constructor(SharkSslSha512Ctx* ctx); /** append \ingroup RayCryptoSHA512 */ #define SharkSslSha512Ctx_append(ctx, d, l) \ SharkSslSha384Ctx_append((SharkSslSha384Ctx*)ctx, d, l) /** finish \ingroup RayCryptoSHA512 */ SHARKSSL_API void SharkSslSha512Ctx_finish(SharkSslSha512Ctx*, U8 digest[SHARKSSL_SHA512_HASH_LEN]); /** sha512 \ingroup RayCryptoSHA512 */ SHARKSSL_API int sharkssl_sha512(const U8*, U16, U8*); #endif #if SHARKSSL_USE_POLY1305 /** Initialize \ingroup RayCryptoPOLY1305 \param ctx Uninitialized data of size sizeof(SharkSslPoly1305Ctx). \param key 16-byte key + 16-byte nonce */ SHARKSSL_API void SharkSslPoly1305Ctx_constructor(SharkSslPoly1305Ctx *ctx, const U8 key[32]); #define SharkSslPoly1305Ctx_destructor(o) memset(o, 0, sizeof(SharkSslPoly1305Ctx)) /** append \ingroup RayCryptoPOLY1305 */ SHARKSSL_API void SharkSslPoly1305Ctx_append(SharkSslPoly1305Ctx *ctx, const U8 *in, U32 len); /** finish \ingroup RayCryptoPOLY1305 */ SHARKSSL_API void SharkSslPoly1305Ctx_finish(SharkSslPoly1305Ctx *ctx, U8 digest[SHARKSSL_POLY1305_HASH_LEN]); /** poly1305 \ingroup RayCryptoPOLY1305 */ SHARKSSL_API int sharkssl_poly1305(const U8 *data, U16 len, U8 *digest, const U8 key[32]); #endif #if SHARKSSL_USE_CHACHA20 /** Initialize \ingroup RayCryptoCHACHA20 \param ctx Uninitialized data of size sizeof(SharkSslChaChaCtx) \param key 16- or 32-byte key \param keyLen the key length in bytes (either 16 or 32) */ SHARKSSL_API void SharkSslChaChaCtx_constructor(SharkSslChaChaCtx *ctx, const U8 *key, U8 keyLen); #define SharkSslChaChaCtx_destructor(ctx) memset(ctx, 0, sizeof(SharkSslChaChaCtx)) /** Initialize \ingroup RayCryptoCHACHA20 \param ctx Initialized data of size sizeof(SharkSslChaChaCtx) \param IV 8-byte initialization vector */ SHARKSSL_API void SharkSslChaChaCtx_setIV(SharkSslChaChaCtx *ctx, const U8 IV[8]); /** Encrypt or decrypt \ingroup RayCryptoCHACHA20 */ SHARKSSL_API void SharkSslChaChaCtx_crypt( SharkSslChaChaCtx *ctx, const U8 *input, U8 *output, U32 len); #endif #if SHARKSSL_USE_ARC4 /** Initialize \ingroup RayCryptoARC4 */ SHARKSSL_API void SharkSslArc4Ctx_constructor(SharkSslArc4Ctx *ctx, const U8 *key, U8 keyLen); #define SharkSslArc4Ctx_destructor(ctx) memset(ctx, 0, sizeof(SharkSslArc4Ctx)) /** Encrypt or decrypt \ingroup RayCryptoARC4 */ SHARKSSL_API void SharkSslArc4Ctx_crypt( SharkSslArc4Ctx *ctx, U8 *input, U8 *output, U16 len); #endif #if (SHARKSSL_USE_DES || SHARKSSL_USE_3DES) /** Initialize \ingroup RayCryptoDES \param ctx Uninitialized data of size sizeof(SharkSslDesCtx) \param type encrypt/decrypt \param key the encryption/decryption key \param keyLen 'key' length */ SHARKSSL_API void SharkSslDesCtx_constructor(SharkSslDesCtx *ctx, SharkSslDesCtx_Type type, const U8 *key, U8 keyLen); #define SharkSslDesCtx_destructor(ctx) memset(ctx, 0, sizeof(SharkSslDesCtx)) /** Encrypt \ingroup RayCryptoDES */ SHARKSSL_API void SharkSslDesCtx_encrypt( SharkSslDesCtx *ctx, U8 input[8], U8 output[8]); #if (SHARKSSL_USE_CAU || SHARKSSL_USE_MMCAU) /** Decrypt \ingroup RayCryptoDES */ SHARKSSL_API void SharkSslDesCtx_decrypt( SharkSslDesCtx *ctx, U8 input[8], U8 output[8]); #else #define SharkSslDesCtx_decrypt(ctx,i,o) SharkSslDesCtx_encrypt((ctx),(i),(o)) #endif /** Encrypt \ingroup RayCryptoDES */ SHARKSSL_API void SharkSslDesCtx_cbc_encrypt(SharkSslDesCtx *ctx, U8 vect[8], U8 *input, U8 *output, U16 len); /** Decrypt \ingroup RayCryptoDES */ SHARKSSL_API void SharkSslDesCtx_cbc_decrypt(SharkSslDesCtx *ctx, U8 vect[8], U8 *input, U8 *output, U16 len); #endif #if (SHARKSSL_USE_AES_256 || SHARKSSL_USE_AES_192 || SHARKSSL_USE_AES_128) /** Initialize \ingroup RayCryptoAES \param ctx Uninitialized data of size sizeof(SharkSslAesCtx) \param type encrypt/decrypt \param key the encryption/decryption key \param keyLen 'key' length */ SHARKSSL_API void SharkSslAesCtx_constructor(SharkSslAesCtx *ctx, SharkSslAesCtx_Type type, const U8 *key, U8 keyLen); #define SharkSslAesCtx_destructor(ctx) memset(ctx, 0, sizeof(SharkSslAesCtx)) #if (!SHARKSSL_DISABLE_AES_ECB_DECRYPT) /** Decrypt \ingroup RayCryptoAES */ SHARKSSL_API void SharkSslAesCtx_decrypt(SharkSslAesCtx *ctx, U8 input[16], U8 output[16]); #endif /** Encrypt \ingroup RayCryptoAES */ SHARKSSL_API void SharkSslAesCtx_encrypt(SharkSslAesCtx *ctx, U8 input[16], U8 output[16]); #if (!SHARKSSL_DISABLE_AES_CBC_MODE) /** Encrypt \ingroup RayCryptoAES */ SHARKSSL_API void SharkSslAesCtx_cbc_encrypt(SharkSslAesCtx *ctx, U8 vect[16], U8 *input, U8 *output, U16 len); /** Decrypt \ingroup RayCryptoAES */ SHARKSSL_API void SharkSslAesCtx_cbc_decrypt(SharkSslAesCtx *ctx, U8 vect[16], U8 *input, U8 *output, U16 len); #endif #if SHARKSSL_ENABLE_AES_CTR_MODE /** \ingroup RayCryptoAES */ SHARKSSL_API void SharkSslAesCtx_ctr_mode(SharkSslAesCtx *ctx, U8 ctr[16], U8 *input, U8 *output, U16 len); #endif #if SHARKSSL_ENABLE_AES_GCM /** Initialize \ingroup RayCryptoAesGcm \param ctx Uninitialized data of size sizeof(SharkSslAesGcmCtx). \param key the encryption/decryption key \param keyLen 'key' length */ SHARKSSL_API void SharkSslAesGcmCtx_constructor(SharkSslAesGcmCtx *ctx, const U8 *key, U8 keyLen); #define SharkSslAesGcmCtx_destructor(ctx) \ memset(ctx, 0, sizeof(SharkSslAesGcmCtx)) /** Encrypt \ingroup RayCryptoAesGcm */ SHARKSSL_API int SharkSslAesGcmCtx_encrypt(SharkSslAesGcmCtx *ctx, const U8 vect[12], U8 tagout[16], const U8 *auth, U16 authlen, U8 *input, U8 *output, U16 len); /** Decrypt \ingroup RayCryptoAesGcm */ SHARKSSL_API int SharkSslAesGcmCtx_decrypt(SharkSslAesGcmCtx *ctx, const U8 vect[12], U8 tagin[16], const U8 *auth, U16 authlen, U8 *input, U8 *output, U16 len); #endif #if SHARKSSL_ENABLE_AES_CCM /** Initialize \ingroup RayCryptoAesCcm \param ctx Uninitialized data of size sizeof(SharkSslAesCcmCtx). */ SHARKSSL_API void SharkSslAesCcmCtx_constructor(SharkSslAesCcmCtx *ctx, const U8 *key, U8 keyLen, U8 tagLen); #define SharkSslAesCcmCtx_destructor(ctx) memset(ctx, 0, sizeof(SharkSslAesCcmCtx)) /** Encrypt \ingroup RayCryptoAesCcm */ SHARKSSL_API int SharkSslAesCcmCtx_encrypt(SharkSslAesCcmCtx *ctx, const U8 vect[12], U8 *tagout, const U8 *auth, U16 authlen, U8 *input, U8 *output, U16 len); /** Decrypt \ingroup RayCryptoAesCcm */ SHARKSSL_API int SharkSslAesCcmCtx_decrypt(SharkSslAesCcmCtx *ctx, const U8 vect[12], U8 *tagin, const U8 *auth, U16 authlen, U8 *input, U8 *output, U16 len); #endif #endif #ifdef __cplusplus } #endif #endif /* _SharkSslCrypto_h */