Real Time Logic LLC
This package includes the SharkSSL lite library and header files.
Dependents: WebSocket-Client-Example SharkMQ-LED-Demo
SharkSSL-Lite
Description: SharkSSL is an SSL v3.0 TLS v1.0/1.1/1.2 implementation of the TLS and SSL protocol standard. With its array of compile-time options and Raycrypto proprietary cryptographic algorithms, SharkSSL can be fine-tuned to a footprint that occupies less than 20 kB, while maintaining full x.509 authentication. The SharkSSL-Lite download includes a subset of SharkSSL and header files made for use in non-commercial and for evaluation purposes.
Features
- SSL|TLS v1.2
- Size: 21kB
- Encryption: Elliptic Curve Cryptography (ECC) | ChaCha20/Poly1305
- SharkSSL Online Documentation
- SMQ (Simple Message Queues) Client and SMQ Documentation
- Secure WebSocket Client
- Secure MQTT Client
Examples
- SharkMQ LED Demo: Secure control of LEDs on your mbed board using a browser.
- WebSocket Client: Connect to ELIZA the Psychotherapist
Limitations
SharkSSL-Lite includes a limited set of ciphers. To use SharkSSL-Lite, the peer side must support Elliptic Curve Cryptography (ECC) and you must use ECC certificates. The peer side must also support the new ChaCha20/Poly1305 cipher combination.
ChaCha20 and Poly1305 for TLS is published RFC 7905. The development of this new cipher was a response to many attacks discovered against other widely used TLS cipher suites. ChaCha20 is the cipher and Poly1305 is an authenticated encryption mode.
SharkSSL-Lite occupies less than 20kB, while maintaining full x.509 authentication. The ChaCha20/Poly1305 cipher software implementation is equally as fast as many hardware accelerated AES engines.
Creating ECC Certificates for SharkSSL-Lite
The following video shows how to create an Elliptic Curve Cryptography (ECC) certificate for a server, how to install the certificate in the server, and how to make the mbed clients connecting to the server trust this certificate. The server in this video is installed on a private/personal computer on a private network for test purposes. The video was produced for the embedded.com article How to run your own secure IoT cloud server.
inc/SharkSSL_opts.h@1:d5e0e1dcf0d6, 2016-05-23 (annotated)
- Committer:
- wini
- Date:
- Mon May 23 13:56:30 2016 +0000
- Revision:
- 1:d5e0e1dcf0d6
- Parent:
- 0:e0adec41ad6b
Type conflict fix (U8-U32) for latest mbed release.
Who changed what in which revision?
| User | Revision | Line number | New contents of line |
|---|---|---|---|
| wini | 0:e0adec41ad6b | 1 | |
| wini | 0:e0adec41ad6b | 2 | /* |
| wini | 0:e0adec41ad6b | 3 | |
| wini | 0:e0adec41ad6b | 4 | DO NOT EDIT THIS FILE! |
| wini | 0:e0adec41ad6b | 5 | |
| wini | 0:e0adec41ad6b | 6 | The pre-compiled SharkSSL library is compiled with these options and |
| wini | 0:e0adec41ad6b | 7 | modifying these options may cause system failure. |
| wini | 0:e0adec41ad6b | 8 | |
| wini | 0:e0adec41ad6b | 9 | */ |
| wini | 0:e0adec41ad6b | 10 | |
| wini | 0:e0adec41ad6b | 11 | |
| wini | 0:e0adec41ad6b | 12 | #define SHARKSSL_UNALIGNED_ACCESS 1 |
| wini | 0:e0adec41ad6b | 13 | |
| wini | 0:e0adec41ad6b | 14 | #define SHARKSSL_ACCEPT_CLIENT_HELLO_2_0 0 |
| wini | 0:e0adec41ad6b | 15 | #define SHARKSSL_AES_CIPHER_LOOP_UNROLL 0 |
| wini | 0:e0adec41ad6b | 16 | #define SHARKSSL_BIGINT_EXP_SLIDING_WINDOW_K 1 |
| wini | 0:e0adec41ad6b | 17 | #define SHARKSSL_BIGINT_WORDSIZE 32 |
| wini | 0:e0adec41ad6b | 18 | #define SHARKSSL_DES_CIPHER_LOOP_UNROLL 0 |
| wini | 0:e0adec41ad6b | 19 | #define SHARKSSL_ECC_USE_SECP192R1 0 |
| wini | 0:e0adec41ad6b | 20 | #define SHARKSSL_ECC_USE_SECP224R1 0 |
| wini | 0:e0adec41ad6b | 21 | #define SHARKSSL_ECC_USE_SECP384R1 0 |
| wini | 0:e0adec41ad6b | 22 | #define SHARKSSL_ECC_USE_SECP521R1 0 |
| wini | 0:e0adec41ad6b | 23 | #define SHARKSSL_ENABLE_AES_CCM 0 |
| wini | 0:e0adec41ad6b | 24 | #define SHARKSSL_ENABLE_AES_CTR_MODE 0 |
| wini | 0:e0adec41ad6b | 25 | #define SHARKSSL_ENABLE_AES_GCM 0 |
| wini | 0:e0adec41ad6b | 26 | #define SHARKSSL_ENABLE_CERTSTORE_API 0 |
| wini | 0:e0adec41ad6b | 27 | #define SHARKSSL_ENABLE_CERT_CHAIN 0 |
| wini | 0:e0adec41ad6b | 28 | #define SHARKSSL_ENABLE_CLONE_CERTINFO 0 |
| wini | 0:e0adec41ad6b | 29 | #define SHARKSSL_ENABLE_DHE_RSA 0 |
| wini | 0:e0adec41ad6b | 30 | #define SHARKSSL_ENABLE_ECDHE_RSA 0 |
| wini | 0:e0adec41ad6b | 31 | #define SHARKSSL_ENABLE_ECDH_ECDSA 0 |
| wini | 0:e0adec41ad6b | 32 | #define SHARKSSL_ENABLE_ECDH_RSA 0 |
| wini | 0:e0adec41ad6b | 33 | #define SHARKSSL_ENABLE_MD5_CIPHERSUITES 0 |
| wini | 0:e0adec41ad6b | 34 | #define SHARKSSL_ENABLE_PEM_API 0 |
| wini | 0:e0adec41ad6b | 35 | #define SHARKSSL_ENABLE_PSK 0 |
| wini | 0:e0adec41ad6b | 36 | #define SHARKSSL_ENABLE_RSA 0 |
| wini | 0:e0adec41ad6b | 37 | #define SHARKSSL_ENABLE_RSA_API 0 |
| wini | 0:e0adec41ad6b | 38 | #define SHARKSSL_ENABLE_RSA_BLINDING 1 |
| wini | 0:e0adec41ad6b | 39 | #define SHARKSSL_ENABLE_SELECT_CIPHERSUITE 0 |
| wini | 0:e0adec41ad6b | 40 | #define SHARKSSL_ENABLE_SESSION_CACHE 0 |
| wini | 0:e0adec41ad6b | 41 | #define SHARKSSL_ENABLE_SSL_3_0 0 |
| wini | 0:e0adec41ad6b | 42 | #define SHARKSSL_ENABLE_TLS_1_1 0 |
| wini | 0:e0adec41ad6b | 43 | #define SHARKSSL_MD5_SMALL_FOOTPRINT 1 |
| wini | 0:e0adec41ad6b | 44 | #define SHARKSSL_SHA256_SMALL_FOOTPRINT 1 |
| wini | 0:e0adec41ad6b | 45 | #define SHARKSSL_SSL_SERVER_CODE 0 |
| wini | 0:e0adec41ad6b | 46 | #define SHARKSSL_USE_3DES 0 |
| wini | 0:e0adec41ad6b | 47 | #define SHARKSSL_USE_AES_128 0 |
| wini | 0:e0adec41ad6b | 48 | #define SHARKSSL_USE_ARC4 0 |
| wini | 0:e0adec41ad6b | 49 | #define SHARKSSL_USE_DES 0 |
| wini | 0:e0adec41ad6b | 50 | #define SHARKSSL_USE_ECC 1 |
| wini | 0:e0adec41ad6b | 51 | #define SHARKSSL_USE_MD5 0 |
| wini | 0:e0adec41ad6b | 52 | #define SHARKSSL_USE_NULL_CIPHER 0 |
| wini | 0:e0adec41ad6b | 53 | #define SHARKSSL_USE_RNG_TINYMT 1 |
| wini | 0:e0adec41ad6b | 54 | #define SHARKSSL_USE_SHA1 0 |
| wini | 0:e0adec41ad6b | 55 | #define SHARKSSL_USE_SHA_256 0 |
| wini | 0:e0adec41ad6b | 56 | #define SHARKSSL_USE_SHA_512 0 |
| wini | 0:e0adec41ad6b | 57 | #define SHARKSSL_USE_SHA_384 0 |
| wini | 0:e0adec41ad6b | 58 | #define SHARKSSL_ENABLE_CLIENT_AUTH 0 |
| wini | 0:e0adec41ad6b | 59 | #define SHARKSSL_ENABLE_SECURE_RENEGOTIATION 0 |
| wini | 0:e0adec41ad6b | 60 | #define SHARKSSL_ENABLE_CERT_KEYUSAGE 0 |
| wini | 0:e0adec41ad6b | 61 | #define SHARKSSL_DISABLE_INBUF_EXPANSION 0 |
| wini | 0:e0adec41ad6b | 62 | #define SHARKSSL_ONLY_POLYCHACHA 1 |
| wini | 0:e0adec41ad6b | 63 | #define SHARKSSL_ECC_VERIFY_POINT 0 |
| wini | 0:e0adec41ad6b | 64 | #define SHARKSSL_ECC_TIMING_RESISTANT 0 |
| wini | 0:e0adec41ad6b | 65 | #define SHARKSSL_ENABLE_INFO_API 0 |
| wini | 0:e0adec41ad6b | 66 | #define SHARKSSL_USE_AES_256 0 |
| wini | 0:e0adec41ad6b | 67 | #define SHARKSSL_ENABLE_ECDSA 1 |
| wini | 0:e0adec41ad6b | 68 | #define SHARKSSL_ENABLE_ECDHE_ECDSA 1 |
| wini | 0:e0adec41ad6b | 69 | #define SHARKSSL_ENABLE_CA_LIST 1 |
| wini | 0:e0adec41ad6b | 70 | |
| wini | 0:e0adec41ad6b | 71 | #define BASIC_TRUST_CHECK |
| wini | 0:e0adec41ad6b | 72 | |
| wini | 0:e0adec41ad6b | 73 | #ifndef NDEBUG |
| wini | 0:e0adec41ad6b | 74 | #define NDEBUG |
| wini | 0:e0adec41ad6b | 75 | #endif |