Real Time Logic LLC / SharkSSL-Lite

This package includes the SharkSSL lite library and header files.

Dependents:   WebSocket-Client-Example SharkMQ-LED-Demo

SharkSSL-Lite

Description: SharkSSL is an SSL v3.0 TLS v1.0/1.1/1.2 implementation of the TLS and SSL protocol standard. With its array of compile-time options and Raycrypto proprietary cryptographic algorithms, SharkSSL can be fine-tuned to a footprint that occupies less than 20 kB, while maintaining full x.509 authentication. The SharkSSL-Lite download includes a subset of SharkSSL and header files made for use in non-commercial and for evaluation purposes.

Features

Examples

Limitations

SharkSSL-Lite includes a limited set of ciphers. To use SharkSSL-Lite, the peer side must support Elliptic Curve Cryptography (ECC) and you must use ECC certificates. The peer side must also support the new ChaCha20/Poly1305 cipher combination.

ChaCha20 and Poly1305 for TLS is published RFC 7905. The development of this new cipher was a response to many attacks discovered against other widely used TLS cipher suites. ChaCha20 is the cipher and Poly1305 is an authenticated encryption mode.

SharkSSL-Lite occupies less than 20kB, while maintaining full x.509 authentication. The ChaCha20/Poly1305 cipher software implementation is equally as fast as many hardware accelerated AES engines.

Creating ECC Certificates for SharkSSL-Lite

The following video shows how to create an Elliptic Curve Cryptography (ECC) certificate for a server, how to install the certificate in the server, and how to make the mbed clients connecting to the server trust this certificate. The server in this video is installed on a private/personal computer on a private network for test purposes. The video was produced for the embedded.com article How to run your own secure IoT cloud server.

inc/WsClientLib.h

Committer:
wini
Date:
2016-05-23
Revision:
1:d5e0e1dcf0d6
Parent:
0:e0adec41ad6b

File content as of revision 1:d5e0e1dcf0d6:

/*
 *     ____             _________                __                _
 *    / __ \___  ____ _/ /_  __(_)___ ___  ___  / /   ____  ____ _(_)____
 *   / /_/ / _ \/ __ `/ / / / / / __ `__ \/ _ \/ /   / __ \/ __ `/ / ___/
 *  / _, _/  __/ /_/ / / / / / / / / / / /  __/ /___/ /_/ / /_/ / / /__
 * /_/ |_|\___/\__,_/_/ /_/ /_/_/ /_/ /_/\___/_____/\____/\__, /_/\___/
 *                                                       /____/
 *
 *                 SharkSSL Embedded SSL/TLS Stack
 ****************************************************************************
 *   PROGRAM MODULE
 *
 *   $Id: WsClientLib.h 3616 2014-12-03 00:40:53Z wini $
 *
 *   COPYRIGHT:  Real Time Logic LLC, 2013
 *
 *   This software is copyrighted by and is the sole property of Real
 *   Time Logic LLC.  All rights, title, ownership, or other interests in
 *   the software remain the property of Real Time Logic LLC.  This
 *   software may only be used in accordance with the terms and
 *   conditions stipulated in the corresponding license agreement under
 *   which the software has been supplied.  Any unauthorized use,
 *   duplication, transmission, distribution, or disclosure of this
 *   software is expressly forbidden.
 *
 *   This Copyright notice may not be removed or modified without prior
 *   written consent of Real Time Logic LLC.
 *
 *   Real Time Logic LLC. reserves the right to modify this software
 *   without notice.
 *
 *               http://realtimelogic.com
 *               http://sharkssl.com
 ****************************************************************************
 *
 */

#ifndef _WsClientLib_h
#define _WsClientLib_h


#include "selib.h"

/** @addtogroup WsClientLib
@{
*/

/** @defgroup WebSocketOpcodes WebSocket Opcodes
    @ingroup WsClientLib

    \brief WebSocket Opcodes

    RFC6455 Page 29 - Opcode -  4 bits

    WebSocket Opcodes with FIN=1. We do not manage WebSocket fragments
    (FIN=0/1) since it is rarely used and the complexity is not
    something you want in a tiny device.
@{
*/

/** Text */
#define WSOP_Text   0x81
/** Binary */
#define WSOP_Binary 0x82
/** RFC6455 5.5 -  Control Frame - Close */
#define WSOP_Close  0x88
/** RFC6455 5.5 -  Control Frame - Ping */
#define WSOP_Ping   0x89
/** RFC6455 5.5 - Control Frame - Pong */
#define WSOP_Pong   0x8A

/** @} */ /* end group WebSocketOpcodes */ 



/** The WebSocket protocol is frame based and the following struct keeps state
    information for #wscRead.
*/
typedef struct
{
   /** The WebSocket frame length */
   int frameLen;
   /** Read frame data until: frameLen - bytesRead = 0 */
   int bytesRead;

   U8* overflowPtr; /* Set if: consumed more data from stream than frame len */ 
   int overflowLen; /* overflowPtr len is used internally in wsRawRead */
   int frameHeaderIx; /* Cursor used when reading frameHeader from socket */
   U8 frameHeader[4]; /*[0] FIN+opcode, [1] Payload len, [2-3] Ext payload len*/

   /** Set when the read function returns due to a timeout. */
   U8 isTimeout;
} WscReadState;


#ifdef __cplusplus
extern "C" {
#endif


/** Upgrades (morphs) an HTTPS request/response pair to a WebSocket
  connection. Sends the HTTP request header to the server and
  validates the server's HTTP response header -- the function
  simulates a very basic HTTP client library. The function is designed
  to be as simple as possible and the code is, for this reason, making
  a few assumptions that could fail when used with a non traditional
  HTTP server. Read the comments in the source code file WsClientLib.c
  if you should experience problems.

  \param wss the WebSocket protocol state information is stored in this
  structure. All wss attributes must be initialized to zero before
  calling this function for the first time.
  \param s the SharkSslCon object
  \param sock the SOCKET object
  \param tmo in milliseconds. The timeout can be set to #INFINITE_TMO.
  \param host is the server's host name
  \param path is the path component of the wss URL and the path must
  be to the server's WebSocket service.
  \param origin some WebSocket server's may require an origin URL:
  http://tools.ietf.org/html/rfc6455#section-10.2. Set the parameter
  to NULL if it's not required by the server. The Origin header should
  only be required by a server when the request is sent from a
  browser.
   \return Zero success.
 */
int wscProtocolHandshake(WscReadState* wss,SharkSslCon *s,SOCKET* sock,U32 tmo,
                         const char* host,const char* path,const char* origin);


/** Sends binary data to server.

    The function sets the WS frame header's opcode to binary. The WS
    protocol supports two payload frame types, UTF8 and binary (RFC6455:
    5.6 Data Frames). We are assuming that you will be using the binary
    protocol for all data exchange.
*/
int wscSendBin(SharkSslCon *s, SOCKET* sock, U8* buf, int len);

/** Sends a WebSocket control frame.

    The code is used internally by the WebSocket functions. You can also use
    this function to send your own control frames such as #WSOP_Ping.
 
    See RFC6455: 5.5.  Control Frames
 */
int wscSendCtrl(
   SharkSslCon *s,SOCKET* sock,U8 opCode, const U8* buf,int len);

/** Sends a WebSocket close control frame to the server and closes the
    connection.

    \param s the SharkSslCon object.
    \param sock the SOCKET object.

    \param statusCode is a <a target="_blank" href=
    "http://tools.ietf.org/html/rfc6455#section-7.4">
    WebSocket status code</a>.
 */
int wscClose(SharkSslCon *s, SOCKET* sock, int statusCode);


/** Wait for WebSocket frames sent by the server. The function
    returns when data is available or on timeout. The function returns
    zero on timeout, but the peer can send zero length frames so you must
    verify that it is a timeout by checking the status of
    WscReadState#isTimeout.
  
    The WebSocket protocol is frame based, but the function can return
    a fragment before the complete WebSocket frame is received if the frame
    sent by the peer is larger than the SharkSSL receive buffer. The
    frame length is returned in WscReadState#frameLen and the data
    consumed thus far is returned in WscReadState#bytesRead. The
    complete frame is consumed when frameLen == bytesRead.

    \param wss is the WebSocket read state.

    \param s the SharkSslCon object.
    \param sock the SOCKET object.

    \param buf is a pointer set to the SharkSSL receive buffer offset to
    the start of the WebSocket payload data.

    \param timeout in milliseconds. The timeout can be set to #INFINITE_TMO.

    \return The payload data length or zero for zero length frames and
    timeout. The function returns a negative value on error.
*/
int wscRead(
   WscReadState* wss, SharkSslCon *s,SOCKET* sock, U8 **buf, U32 timeout);

#ifdef __cplusplus
}
#endif

/** @} */ /* end group WsClientLib */ 

#endif