Mbed OS Reference
|
DTLSSocket implement DTLS stream over UDP Socket. More...
#include <DTLSSocket.h>
Public Types | |
enum | control_transport { TRANSPORT_KEEP , TRANSPORT_CONNECT_AND_CLOSE , TRANSPORT_CONNECT , TRANSPORT_CLOSE } |
Transport modes. More... | |
Public Member Functions | |
DTLSSocket () | |
Create an uninitialized DTLS socket. More... | |
~DTLSSocket () override | |
Destroy the DTLSSocket and closes the transport. More... | |
template<typename S > | |
DTLSSocket (S *stack, const char *hostname=NULL) | |
Create a socket on a network interface. More... | |
nsapi_error_t | open (NetworkStack *stack) |
Opens a socket. More... | |
nsapi_error_t | close () override |
Closes the socket. More... | |
void | set_hostname (const char *hostname) |
Set hostname. More... | |
nsapi_error_t | set_root_ca_cert (const void *root_ca, size_t len) |
Sets the certification of Root CA. More... | |
nsapi_error_t | set_root_ca_cert (const char *root_ca_pem) |
Sets the certification of Root CA. More... | |
nsapi_error_t | set_root_ca_cert_path (const char *root_ca_path) |
Sets the Root CA certificate to a collection of files on the filesystem. More... | |
nsapi_error_t | append_root_ca_cert (const void *root_ca, size_t len) |
Appends the certificate to an existing CA chain. More... | |
nsapi_error_t | append_root_ca_cert (const char *root_ca_pem) |
Appends the certificate to an existing CA chain. More... | |
nsapi_error_t | set_client_cert_key (const void *client_cert, size_t client_cert_len, const void *client_private_key_pem, size_t client_private_key_len) |
Sets client certificate, and client private key. More... | |
nsapi_error_t | set_client_cert_key (const char *client_cert_pem, const char *client_private_key_pem) |
Sets client certificate, and client private key. More... | |
nsapi_error_t | send (const void *data, nsapi_size_t size) override |
Send data over a TLS socket. More... | |
nsapi_size_or_error_t | recv (void *data, nsapi_size_t size) override |
Receive data over a TLS socket. More... | |
nsapi_error_t | connect (const SocketAddress &address=SocketAddress()) override |
Connect the transport socket and start handshake. More... | |
nsapi_size_or_error_t | sendto (const SocketAddress &address, const void *data, nsapi_size_t size) override |
Send a message on a socket. More... | |
nsapi_size_or_error_t | recvfrom (SocketAddress *address, void *data, nsapi_size_t size) override |
Receive a data from a socket. More... | |
nsapi_size_or_error_t | sendto_control (const SocketAddress &address, const void *data, nsapi_size_t size, nsapi_msghdr_t *control, nsapi_size_t control_size) override |
Send a message on a socket. More... | |
nsapi_size_or_error_t | recvfrom_control (SocketAddress *address, void *data, nsapi_size_t size, nsapi_msghdr_t *control, nsapi_size_t control_size) override |
Receive a data from a socket. More... | |
nsapi_error_t | bind (const SocketAddress &address) override |
Bind a specific address to a socket. More... | |
void | set_blocking (bool blocking) override |
Set blocking or non-blocking mode of the socket. More... | |
void | set_timeout (int timeout) override |
Set timeout on blocking socket operations. More... | |
void | sigio (mbed::Callback< void()> func) override |
Register a callback on state change of the socket. More... | |
nsapi_error_t | setsockopt (int level, int optname, const void *optval, unsigned optlen) override |
Set socket options. More... | |
nsapi_error_t | getsockopt (int level, int optname, void *optval, unsigned *optlen) override |
Get socket options. More... | |
Socket * | accept (nsapi_error_t *error=NULL) override |
Accepts a connection on a socket. More... | |
nsapi_error_t | listen (int backlog=1) override |
Listen for incoming connections. More... | |
nsapi_error_t | getpeername (SocketAddress *address) override |
Get the remote-end peer associated with this socket. More... | |
mbedtls_x509_crt * | get_own_cert () |
Get own certificate directly from Mbed TLS. More... | |
int | set_own_cert (mbedtls_x509_crt *crt) |
Set own certificate directly to Mbed TLS. More... | |
mbedtls_x509_crt * | get_ca_chain () |
Get CA chain structure. More... | |
void | set_ca_chain (mbedtls_x509_crt *crt) |
Set CA chain directly to Mbed TLS. More... | |
mbedtls_ssl_config * | get_ssl_config () |
Get internal Mbed TLS configuration structure. More... | |
void | set_ssl_config (mbedtls_ssl_config *conf) |
Override Mbed TLS configuration. More... | |
mbedtls_ssl_context * | get_ssl_context () |
Get internal Mbed TLS context structure. More... | |
Protected Member Functions | |
nsapi_error_t | start_handshake (bool first_call) |
Initiates TLS Handshake. More... | |
DTLSSocket implement DTLS stream over UDP Socket.
This is a helper class that uses DTLSSocketWrapper with internal UDPSocket.
Definition at line 39 of file DTLSSocket.h.
|
inherited |
Transport modes.
Enumerator | |
---|---|
TRANSPORT_KEEP | |
TRANSPORT_CONNECT_AND_CLOSE | |
TRANSPORT_CONNECT | Does call only connect() on transport socket. |
TRANSPORT_CLOSE | Does call close() on transport socket. |
Definition at line 62 of file TLSSocketWrapper.h.
DTLSSocket | ( | ) |
Create an uninitialized DTLS socket.
Must call open to initialize the socket on a network stack.
Definition at line 45 of file DTLSSocket.h.
|
override |
Destroy the DTLSSocket and closes the transport.
DTLSSocket | ( | S * | stack, |
const char * | hostname = NULL |
||
) |
Create a socket on a network interface.
Creates and opens a socket on the network stack of the given network interface. If hostname is also given, user is not required to call set_hostname() later.
stack | Network stack as target for socket. |
hostname | Hostname used for certificate verification. |
Definition at line 61 of file DTLSSocket.h.
nsapi_error_t open | ( | NetworkStack * | stack | ) |
Opens a socket.
Creates a network socket on the network stack of the given network interface. Not needed if stack is passed to the socket's constructor.
stack | Network stack as target for socket. |
Definition at line 77 of file DTLSSocket.h.
|
overridevirtualinherited |
Closes the socket.
Closes any open connection and deallocates any memory associated with the socket. Called from destructor if socket is not closed.
Implements Socket.
|
inherited |
Set hostname.
TLSSocket requires hostname used to verify the certificate. If hostname is not given in constructor, this function must be used before starting the TLS handshake.
hostname | Hostname of the remote host, used for certificate checking. |
|
inherited |
Sets the certification of Root CA.
root_ca | Root CA Certificate in any Mbed TLS-supported format. |
len | Length of certificate (including terminating 0 for PEM). |
NSAPI_ERROR_OK | on success. |
NSAPI_ERROR_NO_MEMORY | in case there is not enough memory to allocate certificate. |
NSAPI_ERROR_PARAMETER | in case the provided root_ca parameter failed parsing. |
|
inherited |
Sets the certification of Root CA.
root_ca_pem | Root CA Certificate in PEM format. |
NSAPI_ERROR_OK | on success. |
NSAPI_ERROR_NO_MEMORY | in case there is not enough memory to allocate certificate. |
NSAPI_ERROR_PARAMETER | in case the provided root_ca parameter failed parsing. |
|
inherited |
Sets the Root CA certificate to a collection of files on the filesystem.
All files in the supplied directory will be scanned. Note that to set up a filesystem, you must mount one or more block devices before calling this function.
root_ca_path | Path containing Root CA Certificate files in any Mbed TLS-supported format. This can point to a directory on any mounted filesystem. |
NSAPI_ERROR_OK | on success. |
NSAPI_ERROR_NO_MEMORY | in case there is not enough memory to allocate certificate. |
NSAPI_ERROR_PARAMETER | in case the provided root_ca parameter failed parsing. |
|
inherited |
Appends the certificate to an existing CA chain.
root_ca | Root CA Certificate in any Mbed TLS-supported format. |
len | Length of certificate (including terminating 0 for PEM). |
NSAPI_ERROR_OK | on success. |
NSAPI_ERROR_NO_MEMORY | in case there is not enough memory to allocate certificate. |
NSAPI_ERROR_PARAMETER | in case the provided root_ca parameter failed parsing. |
|
inherited |
Appends the certificate to an existing CA chain.
root_ca_pem | Root CA Certificate in PEM format. |
NSAPI_ERROR_OK | on success. |
NSAPI_ERROR_NO_MEMORY | in case there is not enough memory to allocate certificate. |
NSAPI_ERROR_PARAMETER | in case the provided root_ca parameter failed parsing. |
|
inherited |
Sets client certificate, and client private key.
client_cert | Client certification in PEM or DER format. |
client_cert_len | Certificate size including the terminating null byte for PEM data. |
client_private_key_pem | Client private key in PEM or DER format. |
client_private_key_len | Key size including the terminating null byte for PEM data |
NSAPI_ERROR_OK | on success. |
NSAPI_ERROR_PARAMETER | in case the provided root_ca parameter failed parsing. |
|
inherited |
Sets client certificate, and client private key.
client_cert_pem | Client certification in PEM format. |
client_private_key_pem | Client private key in PEM format. |
NSAPI_ERROR_OK | on success. |
NSAPI_ERROR_PARAMETER | in case the provided root_ca parameter failed parsing. |
|
overridevirtualinherited |
Send data over a TLS socket.
The socket must be connected to a remote host. Returns the number of bytes sent from the buffer.
data | Buffer of data to send to the host. |
size | Size of the buffer in bytes. |
int | Number of sent bytes on success |
NSAPI_ERROR_NO_SOCKET | in case socket was not created correctly. |
NSAPI_ERROR_WOULD_BLOCK | in case non-blocking mode is enabled and send cannot be performed immediately. |
NSAPI_ERROR_DEVICE_ERROR | in case of tls-related errors. See mbedtls_ssl_write. |
Implements Socket.
|
overridevirtualinherited |
Receive data over a TLS socket.
The socket must be connected to a remote host. Returns the number of bytes received into the buffer.
data | Destination buffer for data received from the host. |
size | Size of the buffer in bytes. |
int | Number of sent bytes on success |
NSAPI_ERROR_NO_SOCKET | in case socket was not created correctly. |
NSAPI_ERROR_WOULD_BLOCK | in case non-blocking mode is enabled and send cannot be performed immediately. |
NSAPI_ERROR_DEVICE_ERROR | in case of tls-related errors. See mbedtls_ssl_read. |
Implements Socket.
|
overridevirtualinherited |
Connect the transport socket and start handshake.
See Socket::connect and start_handshake
Implements Socket.
Reimplemented in TLSSocket.
|
overridevirtualinherited |
Send a message on a socket.
The sendto() function sends a message through a connection-mode or connectionless-mode socket. If the socket is a connectionless-mode socket, the message is sent to the address specified. If the socket is a connected-mode socket, address is ignored.
By default, sendto blocks until data is sent. If socket is set to non-blocking or times out, NSAPI_ERROR_WOULD_BLOCK is returned immediately.
address | Remote address |
data | Buffer of data to send to the host |
size | Size of the buffer in bytes |
Implements Socket.
|
overridevirtualinherited |
Receive a data from a socket.
Receives a data and stores the source address in address if address is not NULL. Returns the number of bytes written into the buffer.
If socket is connected, only packets coming from connected peer address are accepted.
By default, recvfrom blocks until a datagram is received. If socket is set to non-blocking or times out with no data, NSAPI_ERROR_WOULD_BLOCK is returned.
address | Destination for the source address or NULL |
data | Destination buffer for datagram received from the host |
size | Size of the buffer in bytes |
Implements Socket.
|
overridevirtualinherited |
Send a message on a socket.
The sendto_control() function sends a message through a connection-mode or connectionless-mode socket. If the socket is a connectionless-mode socket, the message is sent to the address specified. If the socket is a connected-mode socket, address is ignored.
Additional control information can be passed to the stack for specific operations.
By default, sendto blocks until data is sent. If socket is set to non-blocking or times out, NSAPI_ERROR_WOULD_BLOCK is returned immediately.
address | Remote address |
data | Buffer of data to send to the host |
size | Size of the buffer in bytes |
control | Control data, for instance a populated nsapi_pktinfo structure. |
control_size | Size of control in bytes. |
Implements Socket.
|
overridevirtualinherited |
Receive a data from a socket.
Receives a data and stores the source address in address if address is not NULL. Returns the number of bytes written into the buffer.
If socket is connected, only packets coming from connected peer address are accepted.
Ancillary data is stored into control
. The caller needs to allocate a buffer that is large enough to contain the data they want to receive, then pass the pointer in through the control
member. The data will be filled into control
, beginning with a header specifying what data was received. See MsgHeaderIterator for how to parse this data.
By default, recvfrom blocks until a datagram is received. If socket is set to non-blocking or times out with no data, NSAPI_ERROR_WOULD_BLOCK is returned.
address | Destination for the source address or NULL |
data | Destination buffer for datagram received from the host |
size | Size of the buffer in bytes |
control | Caller-allocated buffer to store ancillary data. |
control_size | Size of the control buffer that the caller has allocated. |
Implements Socket.
|
overridevirtualinherited |
Bind a specific address to a socket.
Binding a socket specifies the address and port on which to receive data. If the IP address is zeroed, only the port is bound.
address | Local address to bind. |
Implements Socket.
|
overridevirtualinherited |
Set blocking or non-blocking mode of the socket.
Initially all sockets are in blocking mode. In non-blocking mode blocking operations such as send/recv/accept return NSAPI_ERROR_WOULD_BLOCK if they cannot continue.
set_blocking(false) is equivalent to set_timeout(0) set_blocking(true) is equivalent to set_timeout(-1)
blocking | true for blocking mode, false for non-blocking mode. |
Implements Socket.
|
overridevirtualinherited |
Set timeout on blocking socket operations.
Initially all sockets have unbounded timeouts. NSAPI_ERROR_WOULD_BLOCK is returned if a blocking operation takes longer than the specified timeout. A timeout of 0 removes the timeout from the socket. A negative value gives the socket an unbounded timeout.
set_timeout(0) is equivalent to set_blocking(false) set_timeout(-1) is equivalent to set_blocking(true)
timeout | Timeout in milliseconds |
Implements Socket.
|
overridevirtualinherited |
Register a callback on state change of the socket.
The specified callback is called on state changes, such as when the socket can receive/send/accept successfully and when an error occurs. The callback may also be called spuriously without reason.
The callback may be called in an interrupt context and should not perform expensive operations such as receive/send calls.
Note! This is not intended as a replacement for a poll or attach-like asynchronous API, but rather as a building block for constructing such functionality. The exact timing of the registered function is not guaranteed and susceptible to change.
func | Function to call on state change. |
Implements Socket.
|
overridevirtualinherited |
Set socket options.
setsockopt() allows an application to pass stack-specific options to the underlying stack using stack-specific level and option names, or to request generic options using levels from nsapi_socket_level_t.
For unsupported options, NSAPI_ERROR_UNSUPPORTED is returned and the socket is unmodified.
level | Stack-specific protocol level or nsapi_socket_level_t. |
optname | Level-specific option name. |
optval | Option value. |
optlen | Length of the option value. |
NSAPI_ERROR_OK | on success. |
NSAPI_ERROR_NO_SOCKET | if socket is not open. |
Negative | error code on failure, see NetworkStack::setsockopt |
Implements Socket.
|
overridevirtualinherited |
Get socket options.
getsockopt() allows an application to retrieve stack-specific options from the underlying stack using stack-specific level and option names, or to request generic options using levels from nsapi_socket_level_t.
For unsupported options, NSAPI_ERROR_UNSUPPORTED is returned and the socket is unmodified.
level | Stack-specific protocol level or nsapi_socket_level_t. |
optname | Level-specific option name. |
optval | Destination for option value. |
optlen | Length of the option value. |
NSAPI_ERROR_OK | on success. |
NSAPI_ERROR_NO_SOCKET | if socket is not open. |
Negative | error code on failure, see NetworkStack::getsockopt |
Implements Socket.
|
overridevirtualinherited |
Accepts a connection on a socket.
The server socket must be bound and set to listen for connections. On a new connection, returns connected network socket to call close() that deallocates the resources. Referencing a returned pointer after a close() call is not allowed and leads to undefined behavior.
By default, accept blocks until incoming connection occurs. If socket is set to non-blocking or times out, error is set to NSAPI_ERROR_WOULD_BLOCK.
error | Pointer to storage of the error value or NULL. |
Implements Socket.
|
overridevirtualinherited |
Listen for incoming connections.
Marks the socket as a passive socket that can be used to accept incoming connections.
backlog | Number of pending connections that can be queued simultaneously, defaults to 1. |
Implements Socket.
|
overridevirtualinherited |
Get the remote-end peer associated with this socket.
Copy the remote peer address to a SocketAddress structure pointed by address parameter. Socket must be connected to have a peer address associated.
address | Pointer to SocketAddress structure. |
NSAPI_ERROR_OK | on success. |
NSAPI_ERROR_NO_SOCKET | if socket is not connected. |
NSAPI_ERROR_NO_CONNECTION | if the remote peer was not set. |
Implements Socket.
|
inherited |
Get own certificate directly from Mbed TLS.
|
inherited |
Set own certificate directly to Mbed TLS.
crt | Mbed TLS X509 certificate chain. |
|
inherited |
Get CA chain structure.
|
inherited |
Set CA chain directly to Mbed TLS.
crt | Mbed TLS X509 certificate chain. |
|
inherited |
Get internal Mbed TLS configuration structure.
|
inherited |
Override Mbed TLS configuration.
conf | Mbed TLS SSL configuration structure. |
|
inherited |
Get internal Mbed TLS context structure.
|
protectedinherited |
Initiates TLS Handshake.
Initiates a TLS handshake to a remote peer. Underlying transport socket should already be connected.
Root CA certification must be set by set_ssl_ca_pem() before calling this function.
For non-blocking purposes, this functions needs to know whether this was a first call to Socket::connect() API so that NSAPI_ERROR_INPROGRESS does not happen twice.
first_call | is this a first call to Socket::connect() API. |
NSAPI_ERROR_OK | if we happen to complete the request on the first call. |
NSAPI_ERROR_IN_PROGRESS | if the first call did not complete the request. |
NSAPI_ERROR_NO_SOCKET | in case the transport socket was not created correctly. |
NSAPI_ERROR_AUTH_FAILURE | in case of tls-related authentication errors. See mbedtls_ctr_drbg_seed or mbedtls_hmac_drbg_seed, mbedtls_ssl_setup. mbedtls_ssl_handshake. |