This package includes the SharkSSL lite library and header files.
Dependents: WebSocket-Client-Example SharkMQ-LED-Demo
SharkSSL-Lite
Description: SharkSSL is an SSL v3.0 TLS v1.0/1.1/1.2 implementation of the TLS and SSL protocol standard. With its array of compile-time options and Raycrypto proprietary cryptographic algorithms, SharkSSL can be fine-tuned to a footprint that occupies less than 20 kB, while maintaining full x.509 authentication. The SharkSSL-Lite download includes a subset of SharkSSL and header files made for use in non-commercial and for evaluation purposes.
Features
- SSL|TLS v1.2
- Size: 21kB
- Encryption: Elliptic Curve Cryptography (ECC) | ChaCha20/Poly1305
- SharkSSL Online Documentation
- SMQ (Simple Message Queues) Client and SMQ Documentation
- Secure WebSocket Client
- Secure MQTT Client
Examples
- SharkMQ LED Demo: Secure control of LEDs on your mbed board using a browser.
- WebSocket Client: Connect to ELIZA the Psychotherapist
Limitations
SharkSSL-Lite includes a limited set of ciphers. To use SharkSSL-Lite, the peer side must support Elliptic Curve Cryptography (ECC) and you must use ECC certificates. The peer side must also support the new ChaCha20/Poly1305 cipher combination.
ChaCha20 and Poly1305 for TLS is published RFC 7905. The development of this new cipher was a response to many attacks discovered against other widely used TLS cipher suites. ChaCha20 is the cipher and Poly1305 is an authenticated encryption mode.
SharkSSL-Lite occupies less than 20kB, while maintaining full x.509 authentication. The ChaCha20/Poly1305 cipher software implementation is equally as fast as many hardware accelerated AES engines.
Creating ECC Certificates for SharkSSL-Lite
The following video shows how to create an Elliptic Curve Cryptography (ECC) certificate for a server, how to install the certificate in the server, and how to make the mbed clients connecting to the server trust this certificate. The server in this video is installed on a private/personal computer on a private network for test purposes. The video was produced for the embedded.com article How to run your own secure IoT cloud server.
src/seLwIP.c@0:e0adec41ad6b, 2016-04-06 (annotated)
- Committer:
- wini
- Date:
- Wed Apr 06 00:46:36 2016 +0000
- Revision:
- 0:e0adec41ad6b
SharkSSL-Lite V1.0 for mbed
Who changed what in which revision?
User | Revision | Line number | New contents of line |
---|---|---|---|
wini | 0:e0adec41ad6b | 1 | /** |
wini | 0:e0adec41ad6b | 2 | * ____ _________ __ _ |
wini | 0:e0adec41ad6b | 3 | * / __ \___ ____ _/ /_ __(_)___ ___ ___ / / ____ ____ _(_)____ |
wini | 0:e0adec41ad6b | 4 | * / /_/ / _ \/ __ `/ / / / / / __ `__ \/ _ \/ / / __ \/ __ `/ / ___/ |
wini | 0:e0adec41ad6b | 5 | * / _, _/ __/ /_/ / / / / / / / / / / / __/ /___/ /_/ / /_/ / / /__ |
wini | 0:e0adec41ad6b | 6 | * /_/ |_|\___/\__,_/_/ /_/ /_/_/ /_/ /_/\___/_____/\____/\__, /_/\___/ |
wini | 0:e0adec41ad6b | 7 | * /____/ |
wini | 0:e0adec41ad6b | 8 | * |
wini | 0:e0adec41ad6b | 9 | * SharkSSL Embedded SSL/TLS Stack |
wini | 0:e0adec41ad6b | 10 | **************************************************************************** |
wini | 0:e0adec41ad6b | 11 | * PROGRAM MODULE |
wini | 0:e0adec41ad6b | 12 | * |
wini | 0:e0adec41ad6b | 13 | * $Id: seLwIP.c 3871 2016-03-27 01:23:13Z wini $ |
wini | 0:e0adec41ad6b | 14 | * |
wini | 0:e0adec41ad6b | 15 | * COPYRIGHT: Real Time Logic LLC, 2014 - 2016 |
wini | 0:e0adec41ad6b | 16 | * |
wini | 0:e0adec41ad6b | 17 | * This software is copyrighted by and is the sole property of Real |
wini | 0:e0adec41ad6b | 18 | * Time Logic LLC. All rights, title, ownership, or other interests in |
wini | 0:e0adec41ad6b | 19 | * the software remain the property of Real Time Logic LLC. This |
wini | 0:e0adec41ad6b | 20 | * software may only be used in accordance with the terms and |
wini | 0:e0adec41ad6b | 21 | * conditions stipulated in the corresponding license agreement under |
wini | 0:e0adec41ad6b | 22 | * which the software has been supplied. Any unauthorized use, |
wini | 0:e0adec41ad6b | 23 | * duplication, transmission, distribution, or disclosure of this |
wini | 0:e0adec41ad6b | 24 | * software is expressly forbidden. |
wini | 0:e0adec41ad6b | 25 | * |
wini | 0:e0adec41ad6b | 26 | * This Copyright notice may not be removed or modified without prior |
wini | 0:e0adec41ad6b | 27 | * written consent of Real Time Logic LLC. |
wini | 0:e0adec41ad6b | 28 | * |
wini | 0:e0adec41ad6b | 29 | * Real Time Logic LLC. reserves the right to modify this software |
wini | 0:e0adec41ad6b | 30 | * without notice. |
wini | 0:e0adec41ad6b | 31 | * |
wini | 0:e0adec41ad6b | 32 | * http://realtimelogic.com |
wini | 0:e0adec41ad6b | 33 | * http://sharkssl.com |
wini | 0:e0adec41ad6b | 34 | **************************************************************************** |
wini | 0:e0adec41ad6b | 35 | */ |
wini | 0:e0adec41ad6b | 36 | |
wini | 0:e0adec41ad6b | 37 | |
wini | 0:e0adec41ad6b | 38 | #include <selib.h> |
wini | 0:e0adec41ad6b | 39 | #include <lwip/opt.h> |
wini | 0:e0adec41ad6b | 40 | #include <lwip/arch.h> |
wini | 0:e0adec41ad6b | 41 | #include <lwip/api.h> |
wini | 0:e0adec41ad6b | 42 | |
wini | 0:e0adec41ad6b | 43 | #ifndef SharkSSLLwIP |
wini | 0:e0adec41ad6b | 44 | #error SharkSSLLwIP not defined -> Using incorrect selibplat.h |
wini | 0:e0adec41ad6b | 45 | #endif |
wini | 0:e0adec41ad6b | 46 | |
wini | 0:e0adec41ad6b | 47 | |
wini | 0:e0adec41ad6b | 48 | #if LWIP_SO_RCVTIMEO != 1 |
wini | 0:e0adec41ad6b | 49 | #error LWIP_SO_RCVTIMEO must be set |
wini | 0:e0adec41ad6b | 50 | #endif |
wini | 0:e0adec41ad6b | 51 | |
wini | 0:e0adec41ad6b | 52 | #ifndef netconn_set_recvtimeout |
wini | 0:e0adec41ad6b | 53 | #define OLD_LWIP |
wini | 0:e0adec41ad6b | 54 | #define netconn_set_recvtimeout(conn, timeout) \ |
wini | 0:e0adec41ad6b | 55 | ((conn)->recv_timeout = (timeout)) |
wini | 0:e0adec41ad6b | 56 | #endif |
wini | 0:e0adec41ad6b | 57 | |
wini | 0:e0adec41ad6b | 58 | |
wini | 0:e0adec41ad6b | 59 | |
wini | 0:e0adec41ad6b | 60 | |
wini | 0:e0adec41ad6b | 61 | int se_accept(SOCKET** listenSock, U32 timeout, SOCKET** outSock) |
wini | 0:e0adec41ad6b | 62 | { |
wini | 0:e0adec41ad6b | 63 | err_t err; |
wini | 0:e0adec41ad6b | 64 | memset(*outSock, 0, sizeof(SOCKET)); |
wini | 0:e0adec41ad6b | 65 | netconn_set_recvtimeout( |
wini | 0:e0adec41ad6b | 66 | (*listenSock)->con, timeout == INFINITE_TMO ? 0 : timeout); |
wini | 0:e0adec41ad6b | 67 | #ifdef OLD_LWIP |
wini | 0:e0adec41ad6b | 68 | (*outSock)->con = netconn_accept((*listenSock)->con); |
wini | 0:e0adec41ad6b | 69 | err = (*outSock)->con->err; |
wini | 0:e0adec41ad6b | 70 | if(!(*outSock)->con && !err) err = ERR_CONN; |
wini | 0:e0adec41ad6b | 71 | #else |
wini | 0:e0adec41ad6b | 72 | err = netconn_accept((*listenSock)->con, &(*outSock)->con); |
wini | 0:e0adec41ad6b | 73 | #endif |
wini | 0:e0adec41ad6b | 74 | if(err != ERR_OK) |
wini | 0:e0adec41ad6b | 75 | { |
wini | 0:e0adec41ad6b | 76 | return err == ERR_TIMEOUT ? 0 : -1; |
wini | 0:e0adec41ad6b | 77 | } |
wini | 0:e0adec41ad6b | 78 | return 1; |
wini | 0:e0adec41ad6b | 79 | } |
wini | 0:e0adec41ad6b | 80 | |
wini | 0:e0adec41ad6b | 81 | |
wini | 0:e0adec41ad6b | 82 | int se_bind(SOCKET* sock, U16 port) |
wini | 0:e0adec41ad6b | 83 | { |
wini | 0:e0adec41ad6b | 84 | int err; |
wini | 0:e0adec41ad6b | 85 | memset(sock, 0, sizeof(SOCKET)); |
wini | 0:e0adec41ad6b | 86 | sock->con = netconn_new(NETCONN_TCP); |
wini | 0:e0adec41ad6b | 87 | if( ! sock->con ) |
wini | 0:e0adec41ad6b | 88 | return -1; |
wini | 0:e0adec41ad6b | 89 | if(netconn_bind(sock->con, IP_ADDR_ANY, port) == ERR_OK) |
wini | 0:e0adec41ad6b | 90 | { |
wini | 0:e0adec41ad6b | 91 | if(netconn_listen(sock->con) == ERR_OK) |
wini | 0:e0adec41ad6b | 92 | return 0; |
wini | 0:e0adec41ad6b | 93 | err = -2; |
wini | 0:e0adec41ad6b | 94 | } |
wini | 0:e0adec41ad6b | 95 | else |
wini | 0:e0adec41ad6b | 96 | err = -3; |
wini | 0:e0adec41ad6b | 97 | netconn_delete(sock->con); |
wini | 0:e0adec41ad6b | 98 | sock->con=0; |
wini | 0:e0adec41ad6b | 99 | return err; |
wini | 0:e0adec41ad6b | 100 | } |
wini | 0:e0adec41ad6b | 101 | |
wini | 0:e0adec41ad6b | 102 | |
wini | 0:e0adec41ad6b | 103 | |
wini | 0:e0adec41ad6b | 104 | /* Returns 0 on success. |
wini | 0:e0adec41ad6b | 105 | Error codes returned: |
wini | 0:e0adec41ad6b | 106 | -1: Cannot create socket: Fatal |
wini | 0:e0adec41ad6b | 107 | -2: Cannot resolve 'address' |
wini | 0:e0adec41ad6b | 108 | -3: Cannot connect |
wini | 0:e0adec41ad6b | 109 | */ |
wini | 0:e0adec41ad6b | 110 | int se_connect(SOCKET* sock, const char* name, U16 port) |
wini | 0:e0adec41ad6b | 111 | { |
wini | 0:e0adec41ad6b | 112 | #ifdef OLD_LWIP |
wini | 0:e0adec41ad6b | 113 | struct ip_addr addr; |
wini | 0:e0adec41ad6b | 114 | #else |
wini | 0:e0adec41ad6b | 115 | ip_addr_t addr; |
wini | 0:e0adec41ad6b | 116 | #endif |
wini | 0:e0adec41ad6b | 117 | memset(sock, 0, sizeof(SOCKET)); |
wini | 0:e0adec41ad6b | 118 | if(netconn_gethostbyname(name, &addr) != ERR_OK) |
wini | 0:e0adec41ad6b | 119 | return -2; |
wini | 0:e0adec41ad6b | 120 | sock->con = netconn_new(NETCONN_TCP); |
wini | 0:e0adec41ad6b | 121 | if( ! sock->con ) |
wini | 0:e0adec41ad6b | 122 | return -1; |
wini | 0:e0adec41ad6b | 123 | if(netconn_connect(sock->con, &addr, port) == ERR_OK) |
wini | 0:e0adec41ad6b | 124 | return 0; |
wini | 0:e0adec41ad6b | 125 | netconn_delete(sock->con); |
wini | 0:e0adec41ad6b | 126 | sock->con=0; |
wini | 0:e0adec41ad6b | 127 | return -3; |
wini | 0:e0adec41ad6b | 128 | } |
wini | 0:e0adec41ad6b | 129 | |
wini | 0:e0adec41ad6b | 130 | |
wini | 0:e0adec41ad6b | 131 | |
wini | 0:e0adec41ad6b | 132 | void se_close(SOCKET* sock) |
wini | 0:e0adec41ad6b | 133 | { |
wini | 0:e0adec41ad6b | 134 | if(sock->con) |
wini | 0:e0adec41ad6b | 135 | netconn_delete(sock->con); |
wini | 0:e0adec41ad6b | 136 | if(sock->nbuf) |
wini | 0:e0adec41ad6b | 137 | netbuf_delete(sock->nbuf); |
wini | 0:e0adec41ad6b | 138 | memset(sock, 0, sizeof(SOCKET)); |
wini | 0:e0adec41ad6b | 139 | } |
wini | 0:e0adec41ad6b | 140 | |
wini | 0:e0adec41ad6b | 141 | |
wini | 0:e0adec41ad6b | 142 | |
wini | 0:e0adec41ad6b | 143 | S32 se_send(SOCKET* sock, const void* buf, U32 len) |
wini | 0:e0adec41ad6b | 144 | { |
wini | 0:e0adec41ad6b | 145 | err_t err=netconn_write(sock->con, buf, len, NETCONN_COPY); |
wini | 0:e0adec41ad6b | 146 | if(err != ERR_OK) |
wini | 0:e0adec41ad6b | 147 | { |
wini | 0:e0adec41ad6b | 148 | se_close(sock); |
wini | 0:e0adec41ad6b | 149 | return (S32)err; |
wini | 0:e0adec41ad6b | 150 | } |
wini | 0:e0adec41ad6b | 151 | return len; |
wini | 0:e0adec41ad6b | 152 | } |
wini | 0:e0adec41ad6b | 153 | |
wini | 0:e0adec41ad6b | 154 | |
wini | 0:e0adec41ad6b | 155 | |
wini | 0:e0adec41ad6b | 156 | S32 se_recv(SOCKET* sock, void* data, U32 len, U32 timeout) |
wini | 0:e0adec41ad6b | 157 | { |
wini | 0:e0adec41ad6b | 158 | int rlen; |
wini | 0:e0adec41ad6b | 159 | netconn_set_recvtimeout(sock->con, timeout == INFINITE_TMO ? 0 : timeout); |
wini | 0:e0adec41ad6b | 160 | if( ! sock->nbuf ) |
wini | 0:e0adec41ad6b | 161 | { |
wini | 0:e0adec41ad6b | 162 | err_t err; |
wini | 0:e0adec41ad6b | 163 | sock->pbOffs = 0; |
wini | 0:e0adec41ad6b | 164 | #ifdef OLD_LWIP |
wini | 0:e0adec41ad6b | 165 | sock->nbuf = netconn_recv(sock->con); |
wini | 0:e0adec41ad6b | 166 | err = sock->con->err; |
wini | 0:e0adec41ad6b | 167 | if(!sock->nbuf && !err) err = ERR_CONN; |
wini | 0:e0adec41ad6b | 168 | #else |
wini | 0:e0adec41ad6b | 169 | err = netconn_recv(sock->con, &sock->nbuf); |
wini | 0:e0adec41ad6b | 170 | #endif |
wini | 0:e0adec41ad6b | 171 | if(ERR_OK != err) |
wini | 0:e0adec41ad6b | 172 | { |
wini | 0:e0adec41ad6b | 173 | if(sock->nbuf) |
wini | 0:e0adec41ad6b | 174 | netbuf_delete(sock->nbuf); |
wini | 0:e0adec41ad6b | 175 | sock->nbuf=0; |
wini | 0:e0adec41ad6b | 176 | return err == ERR_TIMEOUT ? 0 : (S32)err; |
wini | 0:e0adec41ad6b | 177 | } |
wini | 0:e0adec41ad6b | 178 | } |
wini | 0:e0adec41ad6b | 179 | rlen=(int)netbuf_copy_partial(sock->nbuf,(U8*)data,len,sock->pbOffs); |
wini | 0:e0adec41ad6b | 180 | if(!rlen) |
wini | 0:e0adec41ad6b | 181 | return -1; |
wini | 0:e0adec41ad6b | 182 | sock->pbOffs += rlen; |
wini | 0:e0adec41ad6b | 183 | if(sock->pbOffs >= netbuf_len(sock->nbuf)) |
wini | 0:e0adec41ad6b | 184 | { |
wini | 0:e0adec41ad6b | 185 | netbuf_delete(sock->nbuf); |
wini | 0:e0adec41ad6b | 186 | sock->nbuf=0; |
wini | 0:e0adec41ad6b | 187 | } |
wini | 0:e0adec41ad6b | 188 | return rlen; |
wini | 0:e0adec41ad6b | 189 | } |
wini | 0:e0adec41ad6b | 190 | |
wini | 0:e0adec41ad6b | 191 | |
wini | 0:e0adec41ad6b | 192 | |
wini | 0:e0adec41ad6b | 193 | int se_sockValid(SOCKET* sock) |
wini | 0:e0adec41ad6b | 194 | { |
wini | 0:e0adec41ad6b | 195 | return sock->con != 0; |
wini | 0:e0adec41ad6b | 196 | } |