This package includes the SharkSSL lite library and header files.
Dependents: WebSocket-Client-Example SharkMQ-LED-Demo
SharkSSL-Lite
Description: SharkSSL is an SSL v3.0 TLS v1.0/1.1/1.2 implementation of the TLS and SSL protocol standard. With its array of compile-time options and Raycrypto proprietary cryptographic algorithms, SharkSSL can be fine-tuned to a footprint that occupies less than 20 kB, while maintaining full x.509 authentication. The SharkSSL-Lite download includes a subset of SharkSSL and header files made for use in non-commercial and for evaluation purposes.
Features
- SSL|TLS v1.2
- Size: 21kB
- Encryption: Elliptic Curve Cryptography (ECC) | ChaCha20/Poly1305
- SharkSSL Online Documentation
- SMQ (Simple Message Queues) Client and SMQ Documentation
- Secure WebSocket Client
- Secure MQTT Client
Examples
- SharkMQ LED Demo: Secure control of LEDs on your mbed board using a browser.
- WebSocket Client: Connect to ELIZA the Psychotherapist
Limitations
SharkSSL-Lite includes a limited set of ciphers. To use SharkSSL-Lite, the peer side must support Elliptic Curve Cryptography (ECC) and you must use ECC certificates. The peer side must also support the new ChaCha20/Poly1305 cipher combination.
ChaCha20 and Poly1305 for TLS is published RFC 7905. The development of this new cipher was a response to many attacks discovered against other widely used TLS cipher suites. ChaCha20 is the cipher and Poly1305 is an authenticated encryption mode.
SharkSSL-Lite occupies less than 20kB, while maintaining full x.509 authentication. The ChaCha20/Poly1305 cipher software implementation is equally as fast as many hardware accelerated AES engines.
Creating ECC Certificates for SharkSSL-Lite
The following video shows how to create an Elliptic Curve Cryptography (ECC) certificate for a server, how to install the certificate in the server, and how to make the mbed clients connecting to the server trust this certificate. The server in this video is installed on a private/personal computer on a private network for test purposes. The video was produced for the embedded.com article How to run your own secure IoT cloud server.
inc/SharkSslEx.h
- Committer:
- wini
- Date:
- 2016-05-23
- Revision:
- 1:d5e0e1dcf0d6
- Parent:
- 0:e0adec41ad6b
File content as of revision 1:d5e0e1dcf0d6:
/* * ____ _________ __ _ * / __ \___ ____ _/ /_ __(_)___ ___ ___ / / ____ ____ _(_)____ * / /_/ / _ \/ __ `/ / / / / / __ `__ \/ _ \/ / / __ \/ __ `/ / ___/ * / _, _/ __/ /_/ / / / / / / / / / / / __/ /___/ /_/ / /_/ / / /__ * /_/ |_|\___/\__,_/_/ /_/ /_/_/ /_/ /_/\___/_____/\____/\__, /_/\___/ * /____/ * * SharkSSL Embedded SSL/TLS Stack **************************************************************************** * PROGRAM MODULE * * $Id: SharkSslEx.h 3670 2015-03-28 21:25:15Z gianluca $ * * COPYRIGHT: Real Time Logic LLC, 2013 * * This software is copyrighted by and is the sole property of Real * Time Logic LLC. All rights, title, ownership, or other interests in * the software remain the property of Real Time Logic LLC. This * software may only be used in accordance with the terms and * conditions stipulated in the corresponding license agreement under * which the software has been supplied. Any unauthorized use, * duplication, transmission, distribution, or disclosure of this * software is expressly forbidden. * * This Copyright notice may not be removed or modified without prior * written consent of Real Time Logic LLC. * * Real Time Logic LLC. reserves the right to modify this software * without notice. * * http://www.realtimelogic.com * http://www.sharkssl.com **************************************************************************** * */ #ifndef _SharkSslEx_h #define _SharkSslEx_h #include "SharkSSL.h" /** Case insensitive string compare. */ int sharkStrCaseCmp(const char *a, const char *b, int len); /** @addtogroup SharkSslInfoAndCodes @{ */ /** #SharkSslCon_trusted return values */ typedef enum { /** Not a secure connection (SSL handshake not completed). */ SharkSslConTrust_NotSSL=10, /** The SSL certificate is not trusted and the subject's common name does not matches the host name of the URL. */ SharkSslConTrust_None, /** Domain mismatch: The SSL certificate is trusted but the subject's common name does not matches the host name of the URL. */ SharkSslConTrust_Cert, /** The subject's common name matches the host name of the URL, but the certificate is not trusted. This is typical for expired certificates. */ SharkSslConTrust_Cn, /** The peer's SSL certificate is trusted and the subject's common name matches the host name of the URL. */ SharkSslConTrust_CertCn } SharkSslConTrust; /** @} */ /* end group SharkSslInfoAndCodes */ /** @addtogroup SharkSslApi @{ */ /** Returns the peer's "trust" status and certificate. \param o the SharkSslCon object \param name is the domain name (common name) \param cPtr is an optional pointer that will be set to the connections's SharkSslCertInfo object, if provided. \returns SharkSslConTrust \sa SharkSslConTrust and SharkSslCon_trustedCA */ SHARKSSL_API SharkSslConTrust SharkSslCon_trusted( SharkSslCon* o, const char* name, SharkSslCertInfo** cPtr); /** @} */ /* end group SharkSslApi */ #endif