This package includes the SharkSSL lite library and header files.
Dependents: WebSocket-Client-Example SharkMQ-LED-Demo
SharkSSL-Lite
Description: SharkSSL is an SSL v3.0 TLS v1.0/1.1/1.2 implementation of the TLS and SSL protocol standard. With its array of compile-time options and Raycrypto proprietary cryptographic algorithms, SharkSSL can be fine-tuned to a footprint that occupies less than 20 kB, while maintaining full x.509 authentication. The SharkSSL-Lite download includes a subset of SharkSSL and header files made for use in non-commercial and for evaluation purposes.
Features
- SSL|TLS v1.2
- Size: 21kB
- Encryption: Elliptic Curve Cryptography (ECC) | ChaCha20/Poly1305
- SharkSSL Online Documentation
- SMQ (Simple Message Queues) Client and SMQ Documentation
- Secure WebSocket Client
- Secure MQTT Client
Examples
- SharkMQ LED Demo: Secure control of LEDs on your mbed board using a browser.
- WebSocket Client: Connect to ELIZA the Psychotherapist
Limitations
SharkSSL-Lite includes a limited set of ciphers. To use SharkSSL-Lite, the peer side must support Elliptic Curve Cryptography (ECC) and you must use ECC certificates. The peer side must also support the new ChaCha20/Poly1305 cipher combination.
ChaCha20 and Poly1305 for TLS is published RFC 7905. The development of this new cipher was a response to many attacks discovered against other widely used TLS cipher suites. ChaCha20 is the cipher and Poly1305 is an authenticated encryption mode.
SharkSSL-Lite occupies less than 20kB, while maintaining full x.509 authentication. The ChaCha20/Poly1305 cipher software implementation is equally as fast as many hardware accelerated AES engines.
Creating ECC Certificates for SharkSSL-Lite
The following video shows how to create an Elliptic Curve Cryptography (ECC) certificate for a server, how to install the certificate in the server, and how to make the mbed clients connecting to the server trust this certificate. The server in this video is installed on a private/personal computer on a private network for test purposes. The video was produced for the embedded.com article How to run your own secure IoT cloud server.
Diff: inc/SharkSslEx.h
- Revision:
- 0:e0adec41ad6b
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/inc/SharkSslEx.h Wed Apr 06 00:46:36 2016 +0000 @@ -0,0 +1,104 @@ +/* + * ____ _________ __ _ + * / __ \___ ____ _/ /_ __(_)___ ___ ___ / / ____ ____ _(_)____ + * / /_/ / _ \/ __ `/ / / / / / __ `__ \/ _ \/ / / __ \/ __ `/ / ___/ + * / _, _/ __/ /_/ / / / / / / / / / / / __/ /___/ /_/ / /_/ / / /__ + * /_/ |_|\___/\__,_/_/ /_/ /_/_/ /_/ /_/\___/_____/\____/\__, /_/\___/ + * /____/ + * + * SharkSSL Embedded SSL/TLS Stack + **************************************************************************** + * PROGRAM MODULE + * + * $Id: SharkSslEx.h 3670 2015-03-28 21:25:15Z gianluca $ + * + * COPYRIGHT: Real Time Logic LLC, 2013 + * + * This software is copyrighted by and is the sole property of Real + * Time Logic LLC. All rights, title, ownership, or other interests in + * the software remain the property of Real Time Logic LLC. This + * software may only be used in accordance with the terms and + * conditions stipulated in the corresponding license agreement under + * which the software has been supplied. Any unauthorized use, + * duplication, transmission, distribution, or disclosure of this + * software is expressly forbidden. + * + * This Copyright notice may not be removed or modified without prior + * written consent of Real Time Logic LLC. + * + * Real Time Logic LLC. reserves the right to modify this software + * without notice. + * + * http://www.realtimelogic.com + * http://www.sharkssl.com + **************************************************************************** + * + */ +#ifndef _SharkSslEx_h +#define _SharkSslEx_h + +#include "SharkSSL.h" + + +/** Case insensitive string compare. + */ +int sharkStrCaseCmp(const char *a, const char *b, int len); + +/** @addtogroup SharkSslInfoAndCodes +@{ +*/ + +/** #SharkSslCon_trusted return values */ +typedef enum +{ + /** Not a secure connection (SSL handshake not completed). + */ + SharkSslConTrust_NotSSL=10, + + /** The SSL certificate is not trusted and the subject's common + name does not matches the host name of the URL. + */ + SharkSslConTrust_None, + + /** Domain mismatch: The SSL certificate is trusted but the + subject's common name does not matches the host name of the URL. + */ + SharkSslConTrust_Cert, + + /** The subject's common name matches the host name of the URL, but + the certificate is not trusted. This is typical for expired + certificates. + */ + SharkSslConTrust_Cn, + + /** The peer's SSL certificate is trusted and the + subject's common name matches the host name of the URL. + */ + SharkSslConTrust_CertCn +} SharkSslConTrust; + +/** @} */ /* end group SharkSslInfoAndCodes */ + +/** @addtogroup SharkSslApi +@{ +*/ + +/** Returns the peer's "trust" status and certificate. + + \param o the SharkSslCon object + + \param name is the domain name (common name) + + \param cPtr is an optional pointer that will be set to the + connections's SharkSslCertInfo object, if provided. + + \returns SharkSslConTrust + + \sa SharkSslConTrust and SharkSslCon_trustedCA +*/ +SHARKSSL_API SharkSslConTrust SharkSslCon_trusted( + SharkSslCon* o, const char* name, SharkSslCertInfo** cPtr); + +/** @} */ /* end group SharkSslApi */ + +#endif