SharkSSL-Lite

Users » wini » Code » SharkSSL-Lite

This package includes the SharkSSL lite library and header files.

Dependents: WebSocket-Client-Example SharkMQ-LED-Demo

Description: SharkSSL is an SSL v3.0 TLS v1.0/1.1/1.2 implementation of the TLS and SSL protocol standard. With its array of compile-time options and Raycrypto proprietary cryptographic algorithms, SharkSSL can be fine-tuned to a footprint that occupies less than 20 kB, while maintaining full x.509 authentication. The SharkSSL-Lite download includes a subset of SharkSSL and header files made for use in non-commercial and for evaluation purposes.

Features

SSL|TLS v1.2
Size: 21kB
Encryption: Elliptic Curve Cryptography (ECC) | ChaCha20/Poly1305
SharkSSL Online Documentation
SMQ (Simple Message Queues) Client and SMQ Documentation
Secure WebSocket Client
Secure MQTT Client

Examples

SharkMQ LED Demo: Secure control of LEDs on your mbed board using a browser.
WebSocket Client: Connect to ELIZA the Psychotherapist

Limitations

SharkSSL-Lite includes a limited set of ciphers. To use SharkSSL-Lite, the peer side must support Elliptic Curve Cryptography (ECC) and you must use ECC certificates. The peer side must also support the new ChaCha20/Poly1305 cipher combination.

ChaCha20 and Poly1305 for TLS is published RFC 7905. The development of this new cipher was a response to many attacks discovered against other widely used TLS cipher suites. ChaCha20 is the cipher and Poly1305 is an authenticated encryption mode.

SharkSSL-Lite occupies less than 20kB, while maintaining full x.509 authentication. The ChaCha20/Poly1305 cipher software implementation is equally as fast as many hardware accelerated AES engines.

Creating ECC Certificates for SharkSSL-Lite

The following video shows how to create an Elliptic Curve Cryptography (ECC) certificate for a server, how to install the certificate in the server, and how to make the mbed clients connecting to the server trust this certificate. The server in this video is installed on a private/personal computer on a private network for test purposes. The video was produced for the embedded.com article How to run your own secure IoT cloud server.

src/seLwIP.c@1:d5e0e1dcf0d6, 2016-05-23 (annotated)

Committer:: wini
Date:: Mon May 23 13:56:30 2016 +0000
Revision:: 1:d5e0e1dcf0d6
Parent:: 0:e0adec41ad6b

Type conflict fix (U8-U32) for latest mbed release.

Who changed what in which revision?

User	Revision	Line number	New contents of line
wini	0:e0adec41ad6b	1	/**
wini	0:e0adec41ad6b	2	* ____ _________ __ _
wini	0:e0adec41ad6b	3	* / __ \___ ____ _/ /_ __(_)___ ___ ___ / / ____ ____ _(_)____
wini	0:e0adec41ad6b	4	* / /_/ / _ \/ __ `/ / / / / / __ `__ \/ _ \/ / / __ \/ __ `/ / ___/
wini	0:e0adec41ad6b	5	* / _, _/ __/ /_/ / / / / / / / / / / / __/ /___/ /_/ / /_/ / / /__
wini	0:e0adec41ad6b	6	* /_/ \|_\|\___/\__,_/_/ /_/ /_/_/ /_/ /_/\___/_____/\____/\__, /_/\___/
wini	0:e0adec41ad6b	7	* /____/
wini	0:e0adec41ad6b	8	*
wini	0:e0adec41ad6b	9	* SharkSSL Embedded SSL/TLS Stack
wini	0:e0adec41ad6b	10	****************************************************************************
wini	0:e0adec41ad6b	11	* PROGRAM MODULE
wini	0:e0adec41ad6b	12	*
wini	0:e0adec41ad6b	13	* $Id: seLwIP.c 3871 2016-03-27 01:23:13Z wini $
wini	0:e0adec41ad6b	14	*
wini	0:e0adec41ad6b	15	* COPYRIGHT: Real Time Logic LLC, 2014 - 2016
wini	0:e0adec41ad6b	16	*
wini	0:e0adec41ad6b	17	* This software is copyrighted by and is the sole property of Real
wini	0:e0adec41ad6b	18	* Time Logic LLC. All rights, title, ownership, or other interests in
wini	0:e0adec41ad6b	19	* the software remain the property of Real Time Logic LLC. This
wini	0:e0adec41ad6b	20	* software may only be used in accordance with the terms and
wini	0:e0adec41ad6b	21	* conditions stipulated in the corresponding license agreement under
wini	0:e0adec41ad6b	22	* which the software has been supplied. Any unauthorized use,
wini	0:e0adec41ad6b	23	* duplication, transmission, distribution, or disclosure of this
wini	0:e0adec41ad6b	24	* software is expressly forbidden.
wini	0:e0adec41ad6b	25	*
wini	0:e0adec41ad6b	26	* This Copyright notice may not be removed or modified without prior
wini	0:e0adec41ad6b	27	* written consent of Real Time Logic LLC.
wini	0:e0adec41ad6b	28	*
wini	0:e0adec41ad6b	29	* Real Time Logic LLC. reserves the right to modify this software
wini	0:e0adec41ad6b	30	* without notice.
wini	0:e0adec41ad6b	31	*
wini	0:e0adec41ad6b	32	* http://realtimelogic.com
wini	0:e0adec41ad6b	33	* http://sharkssl.com
wini	0:e0adec41ad6b	34	****************************************************************************
wini	0:e0adec41ad6b	35	*/
wini	0:e0adec41ad6b	36
wini	0:e0adec41ad6b	37
wini	0:e0adec41ad6b	38	#include <selib.h>
wini	0:e0adec41ad6b	39	#include <lwip/opt.h>
wini	0:e0adec41ad6b	40	#include <lwip/arch.h>
wini	0:e0adec41ad6b	41	#include <lwip/api.h>
wini	0:e0adec41ad6b	42
wini	0:e0adec41ad6b	43	#ifndef SharkSSLLwIP
wini	0:e0adec41ad6b	44	#error SharkSSLLwIP not defined -> Using incorrect selibplat.h
wini	0:e0adec41ad6b	45	#endif
wini	0:e0adec41ad6b	46
wini	0:e0adec41ad6b	47
wini	0:e0adec41ad6b	48	#if LWIP_SO_RCVTIMEO != 1
wini	0:e0adec41ad6b	49	#error LWIP_SO_RCVTIMEO must be set
wini	0:e0adec41ad6b	50	#endif
wini	0:e0adec41ad6b	51
wini	0:e0adec41ad6b	52	#ifndef netconn_set_recvtimeout
wini	0:e0adec41ad6b	53	#define OLD_LWIP
wini	0:e0adec41ad6b	54	#define netconn_set_recvtimeout(conn, timeout) \
wini	0:e0adec41ad6b	55	((conn)->recv_timeout = (timeout))
wini	0:e0adec41ad6b	56	#endif
wini	0:e0adec41ad6b	57
wini	0:e0adec41ad6b	58
wini	0:e0adec41ad6b	59
wini	0:e0adec41ad6b	60
wini	0:e0adec41ad6b	61	int se_accept(SOCKET listenSock, U32 timeout, SOCKET outSock)
wini	0:e0adec41ad6b	62	{
wini	0:e0adec41ad6b	63	err_t err;
wini	0:e0adec41ad6b	64	memset(*outSock, 0, sizeof(SOCKET));
wini	0:e0adec41ad6b	65	netconn_set_recvtimeout(
wini	0:e0adec41ad6b	66	(*listenSock)->con, timeout == INFINITE_TMO ? 0 : timeout);
wini	0:e0adec41ad6b	67	#ifdef OLD_LWIP
wini	0:e0adec41ad6b	68	(outSock)->con = netconn_accept((listenSock)->con);
wini	0:e0adec41ad6b	69	err = (*outSock)->con->err;
wini	0:e0adec41ad6b	70	if(!(*outSock)->con && !err) err = ERR_CONN;
wini	0:e0adec41ad6b	71	#else
wini	0:e0adec41ad6b	72	err = netconn_accept((listenSock)->con, &(outSock)->con);
wini	0:e0adec41ad6b	73	#endif
wini	0:e0adec41ad6b	74	if(err != ERR_OK)
wini	0:e0adec41ad6b	75	{
wini	0:e0adec41ad6b	76	return err == ERR_TIMEOUT ? 0 : -1;
wini	0:e0adec41ad6b	77	}
wini	0:e0adec41ad6b	78	return 1;
wini	0:e0adec41ad6b	79	}
wini	0:e0adec41ad6b	80
wini	0:e0adec41ad6b	81
wini	0:e0adec41ad6b	82	int se_bind(SOCKET* sock, U16 port)
wini	0:e0adec41ad6b	83	{
wini	0:e0adec41ad6b	84	int err;
wini	0:e0adec41ad6b	85	memset(sock, 0, sizeof(SOCKET));
wini	0:e0adec41ad6b	86	sock->con = netconn_new(NETCONN_TCP);
wini	0:e0adec41ad6b	87	if( ! sock->con )
wini	0:e0adec41ad6b	88	return -1;
wini	0:e0adec41ad6b	89	if(netconn_bind(sock->con, IP_ADDR_ANY, port) == ERR_OK)
wini	0:e0adec41ad6b	90	{
wini	0:e0adec41ad6b	91	if(netconn_listen(sock->con) == ERR_OK)
wini	0:e0adec41ad6b	92	return 0;
wini	0:e0adec41ad6b	93	err = -2;
wini	0:e0adec41ad6b	94	}
wini	0:e0adec41ad6b	95	else
wini	0:e0adec41ad6b	96	err = -3;
wini	0:e0adec41ad6b	97	netconn_delete(sock->con);
wini	0:e0adec41ad6b	98	sock->con=0;
wini	0:e0adec41ad6b	99	return err;
wini	0:e0adec41ad6b	100	}
wini	0:e0adec41ad6b	101
wini	0:e0adec41ad6b	102
wini	0:e0adec41ad6b	103
wini	0:e0adec41ad6b	104	/* Returns 0 on success.
wini	0:e0adec41ad6b	105	Error codes returned:
wini	0:e0adec41ad6b	106	-1: Cannot create socket: Fatal
wini	0:e0adec41ad6b	107	-2: Cannot resolve 'address'
wini	0:e0adec41ad6b	108	-3: Cannot connect
wini	0:e0adec41ad6b	109	*/
wini	0:e0adec41ad6b	110	int se_connect(SOCKET* sock, const char* name, U16 port)
wini	0:e0adec41ad6b	111	{
wini	0:e0adec41ad6b	112	#ifdef OLD_LWIP
wini	0:e0adec41ad6b	113	struct ip_addr addr;
wini	0:e0adec41ad6b	114	#else
wini	0:e0adec41ad6b	115	ip_addr_t addr;
wini	0:e0adec41ad6b	116	#endif
wini	0:e0adec41ad6b	117	memset(sock, 0, sizeof(SOCKET));
wini	0:e0adec41ad6b	118	if(netconn_gethostbyname(name, &addr) != ERR_OK)
wini	0:e0adec41ad6b	119	return -2;
wini	0:e0adec41ad6b	120	sock->con = netconn_new(NETCONN_TCP);
wini	0:e0adec41ad6b	121	if( ! sock->con )
wini	0:e0adec41ad6b	122	return -1;
wini	0:e0adec41ad6b	123	if(netconn_connect(sock->con, &addr, port) == ERR_OK)
wini	0:e0adec41ad6b	124	return 0;
wini	0:e0adec41ad6b	125	netconn_delete(sock->con);
wini	0:e0adec41ad6b	126	sock->con=0;
wini	0:e0adec41ad6b	127	return -3;
wini	0:e0adec41ad6b	128	}
wini	0:e0adec41ad6b	129
wini	0:e0adec41ad6b	130
wini	0:e0adec41ad6b	131
wini	0:e0adec41ad6b	132	void se_close(SOCKET* sock)
wini	0:e0adec41ad6b	133	{
wini	0:e0adec41ad6b	134	if(sock->con)
wini	0:e0adec41ad6b	135	netconn_delete(sock->con);
wini	0:e0adec41ad6b	136	if(sock->nbuf)
wini	0:e0adec41ad6b	137	netbuf_delete(sock->nbuf);
wini	0:e0adec41ad6b	138	memset(sock, 0, sizeof(SOCKET));
wini	0:e0adec41ad6b	139	}
wini	0:e0adec41ad6b	140
wini	0:e0adec41ad6b	141
wini	0:e0adec41ad6b	142
wini	0:e0adec41ad6b	143	S32 se_send(SOCKET* sock, const void* buf, U32 len)
wini	0:e0adec41ad6b	144	{
wini	0:e0adec41ad6b	145	err_t err=netconn_write(sock->con, buf, len, NETCONN_COPY);
wini	0:e0adec41ad6b	146	if(err != ERR_OK)
wini	0:e0adec41ad6b	147	{
wini	0:e0adec41ad6b	148	se_close(sock);
wini	0:e0adec41ad6b	149	return (S32)err;
wini	0:e0adec41ad6b	150	}
wini	0:e0adec41ad6b	151	return len;
wini	0:e0adec41ad6b	152	}
wini	0:e0adec41ad6b	153
wini	0:e0adec41ad6b	154
wini	0:e0adec41ad6b	155
wini	0:e0adec41ad6b	156	S32 se_recv(SOCKET* sock, void* data, U32 len, U32 timeout)
wini	0:e0adec41ad6b	157	{
wini	0:e0adec41ad6b	158	int rlen;
wini	0:e0adec41ad6b	159	netconn_set_recvtimeout(sock->con, timeout == INFINITE_TMO ? 0 : timeout);
wini	0:e0adec41ad6b	160	if( ! sock->nbuf )
wini	0:e0adec41ad6b	161	{
wini	0:e0adec41ad6b	162	err_t err;
wini	0:e0adec41ad6b	163	sock->pbOffs = 0;
wini	0:e0adec41ad6b	164	#ifdef OLD_LWIP
wini	0:e0adec41ad6b	165	sock->nbuf = netconn_recv(sock->con);
wini	0:e0adec41ad6b	166	err = sock->con->err;
wini	0:e0adec41ad6b	167	if(!sock->nbuf && !err) err = ERR_CONN;
wini	0:e0adec41ad6b	168	#else
wini	0:e0adec41ad6b	169	err = netconn_recv(sock->con, &sock->nbuf);
wini	0:e0adec41ad6b	170	#endif
wini	0:e0adec41ad6b	171	if(ERR_OK != err)
wini	0:e0adec41ad6b	172	{
wini	0:e0adec41ad6b	173	if(sock->nbuf)
wini	0:e0adec41ad6b	174	netbuf_delete(sock->nbuf);
wini	0:e0adec41ad6b	175	sock->nbuf=0;
wini	0:e0adec41ad6b	176	return err == ERR_TIMEOUT ? 0 : (S32)err;
wini	0:e0adec41ad6b	177	}
wini	0:e0adec41ad6b	178	}
wini	0:e0adec41ad6b	179	rlen=(int)netbuf_copy_partial(sock->nbuf,(U8*)data,len,sock->pbOffs);
wini	0:e0adec41ad6b	180	if(!rlen)
wini	0:e0adec41ad6b	181	return -1;
wini	0:e0adec41ad6b	182	sock->pbOffs += rlen;
wini	0:e0adec41ad6b	183	if(sock->pbOffs >= netbuf_len(sock->nbuf))
wini	0:e0adec41ad6b	184	{
wini	0:e0adec41ad6b	185	netbuf_delete(sock->nbuf);
wini	0:e0adec41ad6b	186	sock->nbuf=0;
wini	0:e0adec41ad6b	187	}
wini	0:e0adec41ad6b	188	return rlen;
wini	0:e0adec41ad6b	189	}
wini	0:e0adec41ad6b	190
wini	0:e0adec41ad6b	191
wini	0:e0adec41ad6b	192
wini	0:e0adec41ad6b	193	int se_sockValid(SOCKET* sock)
wini	0:e0adec41ad6b	194	{
wini	0:e0adec41ad6b	195	return sock->con != 0;
wini	0:e0adec41ad6b	196	}

Repository toolbox

Export to desktop IDE

Repository details

Type:	Library
Created:	06 Apr 2016
Imports:	66
Forks:	0
Commits:	2
Dependents:	2
Dependencies:	0
Followers:	5