SharkSSL-Lite

Users » wini » Code » SharkSSL-Lite

This package includes the SharkSSL lite library and header files.

Dependents: WebSocket-Client-Example SharkMQ-LED-Demo

Description: SharkSSL is an SSL v3.0 TLS v1.0/1.1/1.2 implementation of the TLS and SSL protocol standard. With its array of compile-time options and Raycrypto proprietary cryptographic algorithms, SharkSSL can be fine-tuned to a footprint that occupies less than 20 kB, while maintaining full x.509 authentication. The SharkSSL-Lite download includes a subset of SharkSSL and header files made for use in non-commercial and for evaluation purposes.

Features

SSL|TLS v1.2
Size: 21kB
Encryption: Elliptic Curve Cryptography (ECC) | ChaCha20/Poly1305
SharkSSL Online Documentation
SMQ (Simple Message Queues) Client and SMQ Documentation
Secure WebSocket Client
Secure MQTT Client

Examples

SharkMQ LED Demo: Secure control of LEDs on your mbed board using a browser.
WebSocket Client: Connect to ELIZA the Psychotherapist

Limitations

SharkSSL-Lite includes a limited set of ciphers. To use SharkSSL-Lite, the peer side must support Elliptic Curve Cryptography (ECC) and you must use ECC certificates. The peer side must also support the new ChaCha20/Poly1305 cipher combination.

ChaCha20 and Poly1305 for TLS is published RFC 7905. The development of this new cipher was a response to many attacks discovered against other widely used TLS cipher suites. ChaCha20 is the cipher and Poly1305 is an authenticated encryption mode.

SharkSSL-Lite occupies less than 20kB, while maintaining full x.509 authentication. The ChaCha20/Poly1305 cipher software implementation is equally as fast as many hardware accelerated AES engines.

Creating ECC Certificates for SharkSSL-Lite

The following video shows how to create an Elliptic Curve Cryptography (ECC) certificate for a server, how to install the certificate in the server, and how to make the mbed clients connecting to the server trust this certificate. The server in this video is installed on a private/personal computer on a private network for test purposes. The video was produced for the embedded.com article How to run your own secure IoT cloud server.

Diff: inc/SharkSslEx.h

Revision:: 0:e0adec41ad6b

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/inc/SharkSslEx.h	Wed Apr 06 00:46:36 2016 +0000
@@ -0,0 +1,104 @@
+/*
+ *     ____             _________                __                _
+ *    / __ \___  ____ _/ /_  __(_)___ ___  ___  / /   ____  ____ _(_)____
+ *   / /_/ / _ \/ __ `/ / / / / / __ `__ \/ _ \/ /   / __ \/ __ `/ / ___/
+ *  / _, _/  __/ /_/ / / / / / / / / / / /  __/ /___/ /_/ / /_/ / / /__
+ * /_/ |_|\___/\__,_/_/ /_/ /_/_/ /_/ /_/\___/_____/\____/\__, /_/\___/
+ *                                                       /____/
+ *
+ *                 SharkSSL Embedded SSL/TLS Stack
+ ****************************************************************************
+ *   PROGRAM MODULE
+ *
+ *   $Id: SharkSslEx.h 3670 2015-03-28 21:25:15Z gianluca $
+ *
+ *   COPYRIGHT:  Real Time Logic LLC, 2013
+ *
+ *   This software is copyrighted by and is the sole property of Real
+ *   Time Logic LLC.  All rights, title, ownership, or other interests in
+ *   the software remain the property of Real Time Logic LLC.  This
+ *   software may only be used in accordance with the terms and
+ *   conditions stipulated in the corresponding license agreement under
+ *   which the software has been supplied.  Any unauthorized use,
+ *   duplication, transmission, distribution, or disclosure of this
+ *   software is expressly forbidden.
+ *
+ *   This Copyright notice may not be removed or modified without prior
+ *   written consent of Real Time Logic LLC.
+ *
+ *   Real Time Logic LLC. reserves the right to modify this software
+ *   without notice.
+ *
+ *               http://www.realtimelogic.com
+ *               http://www.sharkssl.com
+ ****************************************************************************
+ *
+ */
+#ifndef _SharkSslEx_h
+#define _SharkSslEx_h
+
+#include "SharkSSL.h"
+
+
+/** Case insensitive string compare.
+ */
+int sharkStrCaseCmp(const char *a, const char *b, int len);
+
+/** @addtogroup SharkSslInfoAndCodes
+@{
+*/
+
+/** #SharkSslCon_trusted return values */ 
+typedef enum
+{
+   /** Not a secure connection (SSL handshake not completed).
+    */
+   SharkSslConTrust_NotSSL=10,
+
+   /** The SSL certificate is not trusted and the subject's common
+       name does not matches the host name of the URL.
+   */
+   SharkSslConTrust_None,
+
+   /** Domain mismatch: The SSL certificate is trusted but the
+       subject's common name does not matches the host name of the URL.
+   */
+   SharkSslConTrust_Cert,
+
+   /** The subject's common name matches the host name of the URL, but
+       the certificate is not trusted. This is typical for expired
+       certificates.
+   */
+   SharkSslConTrust_Cn,
+
+   /** The peer's SSL certificate is trusted and the
+       subject's common name matches the host name of the URL.
+   */
+   SharkSslConTrust_CertCn
+} SharkSslConTrust;
+
+/** @} */ /* end group SharkSslInfoAndCodes */ 
+
+/** @addtogroup SharkSslApi
+@{
+*/
+
+/** Returns the peer's "trust" status and certificate.
+
+    \param o the SharkSslCon object
+
+    \param name is the domain name (common name)
+
+    \param cPtr is an optional pointer that will be set to the
+    connections's SharkSslCertInfo object, if provided.
+
+    \returns SharkSslConTrust
+
+    \sa SharkSslConTrust and SharkSslCon_trustedCA
+*/
+SHARKSSL_API SharkSslConTrust SharkSslCon_trusted(
+   SharkSslCon* o, const char* name, SharkSslCertInfo** cPtr);
+
+/** @} */ /* end group SharkSslApi */ 
+
+#endif

Repository toolbox

Export to desktop IDE

Repository details

Type:	Library
Created:	06 Apr 2016
Imports:	66
Forks:	0
Commits:	2
Dependents:	2
Dependencies:	0
Followers:	5