SharkSSL-Lite

Users » wini » Code » SharkSSL-Lite

This package includes the SharkSSL lite library and header files.

Dependents: WebSocket-Client-Example SharkMQ-LED-Demo

Description: SharkSSL is an SSL v3.0 TLS v1.0/1.1/1.2 implementation of the TLS and SSL protocol standard. With its array of compile-time options and Raycrypto proprietary cryptographic algorithms, SharkSSL can be fine-tuned to a footprint that occupies less than 20 kB, while maintaining full x.509 authentication. The SharkSSL-Lite download includes a subset of SharkSSL and header files made for use in non-commercial and for evaluation purposes.

Features

SSL|TLS v1.2
Size: 21kB
Encryption: Elliptic Curve Cryptography (ECC) | ChaCha20/Poly1305
SharkSSL Online Documentation
SMQ (Simple Message Queues) Client and SMQ Documentation
Secure WebSocket Client
Secure MQTT Client

Examples

SharkMQ LED Demo: Secure control of LEDs on your mbed board using a browser.
WebSocket Client: Connect to ELIZA the Psychotherapist

Limitations

SharkSSL-Lite includes a limited set of ciphers. To use SharkSSL-Lite, the peer side must support Elliptic Curve Cryptography (ECC) and you must use ECC certificates. The peer side must also support the new ChaCha20/Poly1305 cipher combination.

ChaCha20 and Poly1305 for TLS is published RFC 7905. The development of this new cipher was a response to many attacks discovered against other widely used TLS cipher suites. ChaCha20 is the cipher and Poly1305 is an authenticated encryption mode.

SharkSSL-Lite occupies less than 20kB, while maintaining full x.509 authentication. The ChaCha20/Poly1305 cipher software implementation is equally as fast as many hardware accelerated AES engines.

Creating ECC Certificates for SharkSSL-Lite

The following video shows how to create an Elliptic Curve Cryptography (ECC) certificate for a server, how to install the certificate in the server, and how to make the mbed clients connecting to the server trust this certificate. The server in this video is installed on a private/personal computer on a private network for test purposes. The video was produced for the embedded.com article How to run your own secure IoT cloud server.

inc/SharkSslEx.h

Committer:: wini
Date:: 2016-05-23
Revision:: 1:d5e0e1dcf0d6
Parent:: 0:e0adec41ad6b

File content as of revision 1:d5e0e1dcf0d6:

/*
 *     ____             _________                __                _
 *    / __ \___  ____ _/ /_  __(_)___ ___  ___  / /   ____  ____ _(_)____
 *   / /_/ / _ \/ __ `/ / / / / / __ `__ \/ _ \/ /   / __ \/ __ `/ / ___/
 *  / _, _/  __/ /_/ / / / / / / / / / / /  __/ /___/ /_/ / /_/ / / /__
 * /_/ |_|\___/\__,_/_/ /_/ /_/_/ /_/ /_/\___/_____/\____/\__, /_/\___/
 *                                                       /____/
 *
 *                 SharkSSL Embedded SSL/TLS Stack
 ****************************************************************************
 *   PROGRAM MODULE
 *
 *   $Id: SharkSslEx.h 3670 2015-03-28 21:25:15Z gianluca $
 *
 *   COPYRIGHT:  Real Time Logic LLC, 2013
 *
 *   This software is copyrighted by and is the sole property of Real
 *   Time Logic LLC.  All rights, title, ownership, or other interests in
 *   the software remain the property of Real Time Logic LLC.  This
 *   software may only be used in accordance with the terms and
 *   conditions stipulated in the corresponding license agreement under
 *   which the software has been supplied.  Any unauthorized use,
 *   duplication, transmission, distribution, or disclosure of this
 *   software is expressly forbidden.
 *
 *   This Copyright notice may not be removed or modified without prior
 *   written consent of Real Time Logic LLC.
 *
 *   Real Time Logic LLC. reserves the right to modify this software
 *   without notice.
 *
 *               http://www.realtimelogic.com
 *               http://www.sharkssl.com
 ****************************************************************************
 *
 */
#ifndef _SharkSslEx_h
#define _SharkSslEx_h

#include "SharkSSL.h"


/** Case insensitive string compare.
 */
int sharkStrCaseCmp(const char *a, const char *b, int len);

/** @addtogroup SharkSslInfoAndCodes
@{
*/

/** #SharkSslCon_trusted return values */ 
typedef enum
{
   /** Not a secure connection (SSL handshake not completed).
    */
   SharkSslConTrust_NotSSL=10,

   /** The SSL certificate is not trusted and the subject's common
       name does not matches the host name of the URL.
   */
   SharkSslConTrust_None,

   /** Domain mismatch: The SSL certificate is trusted but the
       subject's common name does not matches the host name of the URL.
   */
   SharkSslConTrust_Cert,

   /** The subject's common name matches the host name of the URL, but
       the certificate is not trusted. This is typical for expired
       certificates.
   */
   SharkSslConTrust_Cn,

   /** The peer's SSL certificate is trusted and the
       subject's common name matches the host name of the URL.
   */
   SharkSslConTrust_CertCn
} SharkSslConTrust;

/** @} */ /* end group SharkSslInfoAndCodes */ 

/** @addtogroup SharkSslApi
@{
*/

/** Returns the peer's "trust" status and certificate.

    \param o the SharkSslCon object

    \param name is the domain name (common name)

    \param cPtr is an optional pointer that will be set to the
    connections's SharkSslCertInfo object, if provided.

    \returns SharkSslConTrust

    \sa SharkSslConTrust and SharkSslCon_trustedCA
*/
SHARKSSL_API SharkSslConTrust SharkSslCon_trusted(
   SharkSslCon* o, const char* name, SharkSslCertInfo** cPtr);

/** @} */ /* end group SharkSslApi */ 

#endif

Repository toolbox

Export to desktop IDE

Repository details

Type:	Library
Created:	06 Apr 2016
Imports:	66
Forks:	0
Commits:	2
Dependents:	2
Dependencies:	0
Followers:	5