This package includes the SharkSSL lite library and header files.
Dependents: WebSocket-Client-Example SharkMQ-LED-Demo
SharkSSL-Lite
Description: SharkSSL is an SSL v3.0 TLS v1.0/1.1/1.2 implementation of the TLS and SSL protocol standard. With its array of compile-time options and Raycrypto proprietary cryptographic algorithms, SharkSSL can be fine-tuned to a footprint that occupies less than 20 kB, while maintaining full x.509 authentication. The SharkSSL-Lite download includes a subset of SharkSSL and header files made for use in non-commercial and for evaluation purposes.
Features
- SSL|TLS v1.2
- Size: 21kB
- Encryption: Elliptic Curve Cryptography (ECC) | ChaCha20/Poly1305
- SharkSSL Online Documentation
- SMQ (Simple Message Queues) Client and SMQ Documentation
- Secure WebSocket Client
- Secure MQTT Client
Examples
- SharkMQ LED Demo: Secure control of LEDs on your mbed board using a browser.
- WebSocket Client: Connect to ELIZA the Psychotherapist
Limitations
SharkSSL-Lite includes a limited set of ciphers. To use SharkSSL-Lite, the peer side must support Elliptic Curve Cryptography (ECC) and you must use ECC certificates. The peer side must also support the new ChaCha20/Poly1305 cipher combination.
ChaCha20 and Poly1305 for TLS is published RFC 7905. The development of this new cipher was a response to many attacks discovered against other widely used TLS cipher suites. ChaCha20 is the cipher and Poly1305 is an authenticated encryption mode.
SharkSSL-Lite occupies less than 20kB, while maintaining full x.509 authentication. The ChaCha20/Poly1305 cipher software implementation is equally as fast as many hardware accelerated AES engines.
Creating ECC Certificates for SharkSSL-Lite
The following video shows how to create an Elliptic Curve Cryptography (ECC) certificate for a server, how to install the certificate in the server, and how to make the mbed clients connecting to the server trust this certificate. The server in this video is installed on a private/personal computer on a private network for test purposes. The video was produced for the embedded.com article How to run your own secure IoT cloud server.
src/seLwIP.c
- Committer:
- wini
- Date:
- 2016-04-06
- Revision:
- 0:e0adec41ad6b
File content as of revision 0:e0adec41ad6b:
/** * ____ _________ __ _ * / __ \___ ____ _/ /_ __(_)___ ___ ___ / / ____ ____ _(_)____ * / /_/ / _ \/ __ `/ / / / / / __ `__ \/ _ \/ / / __ \/ __ `/ / ___/ * / _, _/ __/ /_/ / / / / / / / / / / / __/ /___/ /_/ / /_/ / / /__ * /_/ |_|\___/\__,_/_/ /_/ /_/_/ /_/ /_/\___/_____/\____/\__, /_/\___/ * /____/ * * SharkSSL Embedded SSL/TLS Stack **************************************************************************** * PROGRAM MODULE * * $Id: seLwIP.c 3871 2016-03-27 01:23:13Z wini $ * * COPYRIGHT: Real Time Logic LLC, 2014 - 2016 * * This software is copyrighted by and is the sole property of Real * Time Logic LLC. All rights, title, ownership, or other interests in * the software remain the property of Real Time Logic LLC. This * software may only be used in accordance with the terms and * conditions stipulated in the corresponding license agreement under * which the software has been supplied. Any unauthorized use, * duplication, transmission, distribution, or disclosure of this * software is expressly forbidden. * * This Copyright notice may not be removed or modified without prior * written consent of Real Time Logic LLC. * * Real Time Logic LLC. reserves the right to modify this software * without notice. * * http://realtimelogic.com * http://sharkssl.com **************************************************************************** */ #include <selib.h> #include <lwip/opt.h> #include <lwip/arch.h> #include <lwip/api.h> #ifndef SharkSSLLwIP #error SharkSSLLwIP not defined -> Using incorrect selibplat.h #endif #if LWIP_SO_RCVTIMEO != 1 #error LWIP_SO_RCVTIMEO must be set #endif #ifndef netconn_set_recvtimeout #define OLD_LWIP #define netconn_set_recvtimeout(conn, timeout) \ ((conn)->recv_timeout = (timeout)) #endif int se_accept(SOCKET** listenSock, U32 timeout, SOCKET** outSock) { err_t err; memset(*outSock, 0, sizeof(SOCKET)); netconn_set_recvtimeout( (*listenSock)->con, timeout == INFINITE_TMO ? 0 : timeout); #ifdef OLD_LWIP (*outSock)->con = netconn_accept((*listenSock)->con); err = (*outSock)->con->err; if(!(*outSock)->con && !err) err = ERR_CONN; #else err = netconn_accept((*listenSock)->con, &(*outSock)->con); #endif if(err != ERR_OK) { return err == ERR_TIMEOUT ? 0 : -1; } return 1; } int se_bind(SOCKET* sock, U16 port) { int err; memset(sock, 0, sizeof(SOCKET)); sock->con = netconn_new(NETCONN_TCP); if( ! sock->con ) return -1; if(netconn_bind(sock->con, IP_ADDR_ANY, port) == ERR_OK) { if(netconn_listen(sock->con) == ERR_OK) return 0; err = -2; } else err = -3; netconn_delete(sock->con); sock->con=0; return err; } /* Returns 0 on success. Error codes returned: -1: Cannot create socket: Fatal -2: Cannot resolve 'address' -3: Cannot connect */ int se_connect(SOCKET* sock, const char* name, U16 port) { #ifdef OLD_LWIP struct ip_addr addr; #else ip_addr_t addr; #endif memset(sock, 0, sizeof(SOCKET)); if(netconn_gethostbyname(name, &addr) != ERR_OK) return -2; sock->con = netconn_new(NETCONN_TCP); if( ! sock->con ) return -1; if(netconn_connect(sock->con, &addr, port) == ERR_OK) return 0; netconn_delete(sock->con); sock->con=0; return -3; } void se_close(SOCKET* sock) { if(sock->con) netconn_delete(sock->con); if(sock->nbuf) netbuf_delete(sock->nbuf); memset(sock, 0, sizeof(SOCKET)); } S32 se_send(SOCKET* sock, const void* buf, U32 len) { err_t err=netconn_write(sock->con, buf, len, NETCONN_COPY); if(err != ERR_OK) { se_close(sock); return (S32)err; } return len; } S32 se_recv(SOCKET* sock, void* data, U32 len, U32 timeout) { int rlen; netconn_set_recvtimeout(sock->con, timeout == INFINITE_TMO ? 0 : timeout); if( ! sock->nbuf ) { err_t err; sock->pbOffs = 0; #ifdef OLD_LWIP sock->nbuf = netconn_recv(sock->con); err = sock->con->err; if(!sock->nbuf && !err) err = ERR_CONN; #else err = netconn_recv(sock->con, &sock->nbuf); #endif if(ERR_OK != err) { if(sock->nbuf) netbuf_delete(sock->nbuf); sock->nbuf=0; return err == ERR_TIMEOUT ? 0 : (S32)err; } } rlen=(int)netbuf_copy_partial(sock->nbuf,(U8*)data,len,sock->pbOffs); if(!rlen) return -1; sock->pbOffs += rlen; if(sock->pbOffs >= netbuf_len(sock->nbuf)) { netbuf_delete(sock->nbuf); sock->nbuf=0; } return rlen; } int se_sockValid(SOCKET* sock) { return sock->con != 0; }