Expand description
TLS v1.3 client for the Wiznet W5500 SPI internet offload chip.
This requires roughly 19k of flash for a thumbv7em-none-eabi
target
with -O3
, debug assertions enabled, and the p256-cm4
feature.
Enabling all logging requires an additional ~40k of flash.
§Warning
⚠️ This is in an early alpha state ⚠️
All the usual security disclaimers apply here, read the license, your hamster may explode if you use this, don’t use this code in production, etc.
Additionally this is not secure from side channel attacks.
- Encryption may occur in-place in the socket buffers, anything with access to the physical SPI bus or the SPI device registers can easily intercept data.
- To facilitate the ill-advised encryption in-place in the socket buffers there is a hacky AES implementation that has little thought put towards constant-time evaluation.
§Limitations
At the moment this only supports pre-shared keys. This will not work for majority of web (HTTPS) applications.
- Requires a local buffer equal to the socket buffer size.
- TLS record fragmentation makes implementing socket buffer streaming impractical.
- Limited cryptography support
- Cipher:
TLS_AES_128_GCM_SHA256
- Key Exchange:
secp256r1
- Cipher:
- Does not support certificate validation
- Does not support client certificates (mutual TLS)
- Does not support early data
- Does not support serving TLS
§Feature Flags
All features are disabled by default.
Re-exports§
Structs§
- TLS Alert.
- TLS Client.
- Reader for a TLS application data record.
- Writer for a TLS application data record.
Enums§
- Alert description.
- Alert level.
- TLS errors.
- TLS events.
- Internal TLS client states.