Mbed OS Reference
Loading...
Searching...
No Matches
Public Types | Public Member Functions | Protected Member Functions
DTLSSocket Class Reference
Public API » Connectivity » NetSocket

DTLSSocket implement DTLS stream over UDP Socket. More...

#include <DTLSSocket.h>

Inheritance diagram for DTLSSocket:
DTLSSocketWrapper TLSSocketWrapper Socket

Public Types

enum  control_transport { TRANSPORT_KEEP , TRANSPORT_CONNECT_AND_CLOSE , TRANSPORT_CONNECT , TRANSPORT_CLOSE }
 Transport modes. More...
 

Public Member Functions

 DTLSSocket ()
 Create an uninitialized DTLS socket. More...
 
 ~DTLSSocket () override
 Destroy the DTLSSocket and closes the transport. More...
 
template<typename S >
 DTLSSocket (S *stack, const char *hostname=NULL)
 Create a socket on a network interface. More...
 
nsapi_error_t open (NetworkStack *stack)
 Opens a socket. More...
 
nsapi_error_t close () override
 Closes the socket. More...
 
void set_hostname (const char *hostname)
 Set hostname. More...
 
nsapi_error_t set_root_ca_cert (const void *root_ca, size_t len)
 Sets the certification of Root CA. More...
 
nsapi_error_t set_root_ca_cert (const char *root_ca_pem)
 Sets the certification of Root CA. More...
 
nsapi_error_t set_root_ca_cert_path (const char *root_ca_path)
 Sets the Root CA certificate to a collection of files on the filesystem. More...
 
nsapi_error_t append_root_ca_cert (const void *root_ca, size_t len)
 Appends the certificate to an existing CA chain. More...
 
nsapi_error_t append_root_ca_cert (const char *root_ca_pem)
 Appends the certificate to an existing CA chain. More...
 
nsapi_error_t set_client_cert_key (const void *client_cert, size_t client_cert_len, const void *client_private_key_pem, size_t client_private_key_len)
 Sets client certificate, and client private key. More...
 
nsapi_error_t set_client_cert_key (const char *client_cert_pem, const char *client_private_key_pem)
 Sets client certificate, and client private key. More...
 
nsapi_error_t send (const void *data, nsapi_size_t size) override
 Send data over a TLS socket. More...
 
nsapi_size_or_error_t recv (void *data, nsapi_size_t size) override
 Receive data over a TLS socket. More...
 
nsapi_error_t connect (const SocketAddress &address=SocketAddress()) override
 Connect the transport socket and start handshake. More...
 
nsapi_size_or_error_t sendto (const SocketAddress &address, const void *data, nsapi_size_t size) override
 Send a message on a socket. More...
 
nsapi_size_or_error_t recvfrom (SocketAddress *address, void *data, nsapi_size_t size) override
 Receive a data from a socket. More...
 
nsapi_size_or_error_t sendto_control (const SocketAddress &address, const void *data, nsapi_size_t size, nsapi_msghdr_t *control, nsapi_size_t control_size) override
 Send a message on a socket. More...
 
nsapi_size_or_error_t recvfrom_control (SocketAddress *address, void *data, nsapi_size_t size, nsapi_msghdr_t *control, nsapi_size_t control_size) override
 Receive a data from a socket. More...
 
nsapi_error_t bind (const SocketAddress &address) override
 Bind a specific address to a socket. More...
 
void set_blocking (bool blocking) override
 Set blocking or non-blocking mode of the socket. More...
 
void set_timeout (int timeout) override
 Set timeout on blocking socket operations. More...
 
void sigio (mbed::Callback< void()> func) override
 Register a callback on state change of the socket. More...
 
nsapi_error_t setsockopt (int level, int optname, const void *optval, unsigned optlen) override
 Set socket options. More...
 
nsapi_error_t getsockopt (int level, int optname, void *optval, unsigned *optlen) override
 Get socket options. More...
 
Socketaccept (nsapi_error_t *error=NULL) override
 Accepts a connection on a socket. More...
 
nsapi_error_t listen (int backlog=1) override
 Listen for incoming connections. More...
 
nsapi_error_t getpeername (SocketAddress *address) override
 Get the remote-end peer associated with this socket. More...
 
mbedtls_x509_crtget_own_cert ()
 Get own certificate directly from Mbed TLS. More...
 
int set_own_cert (mbedtls_x509_crt *crt)
 Set own certificate directly to Mbed TLS. More...
 
mbedtls_x509_crtget_ca_chain ()
 Get CA chain structure. More...
 
void set_ca_chain (mbedtls_x509_crt *crt)
 Set CA chain directly to Mbed TLS. More...
 
mbedtls_ssl_configget_ssl_config ()
 Get internal Mbed TLS configuration structure. More...
 
void set_ssl_config (mbedtls_ssl_config *conf)
 Override Mbed TLS configuration. More...
 
mbedtls_ssl_contextget_ssl_context ()
 Get internal Mbed TLS context structure. More...
 

Protected Member Functions

nsapi_error_t start_handshake (bool first_call)
 Initiates TLS Handshake. More...
 

Detailed Description

DTLSSocket implement DTLS stream over UDP Socket.

This is a helper class that uses DTLSSocketWrapper with internal UDPSocket.

Definition at line 39 of file DTLSSocket.h.

Member Enumeration Documentation

◆ control_transport

enum control_transport
inherited

Transport modes.

Enumerator
TRANSPORT_KEEP 

Doesn't call connect() or close() on transport socket.

TRANSPORT_CONNECT_AND_CLOSE 

Does call connect() and close() on transport socket.

TRANSPORT_CONNECT 

Does call only connect() on transport socket.

TRANSPORT_CLOSE 

Does call close() on transport socket.

Definition at line 62 of file TLSSocketWrapper.h.

Constructor & Destructor Documentation

◆ DTLSSocket() [1/2]

DTLSSocket ( )

Create an uninitialized DTLS socket.

Must call open to initialize the socket on a network stack.

Definition at line 45 of file DTLSSocket.h.

◆ ~DTLSSocket()

~DTLSSocket ( )
override

Destroy the DTLSSocket and closes the transport.

◆ DTLSSocket() [2/2]

DTLSSocket ( S *  stack,
const char *  hostname = NULL 
)

Create a socket on a network interface.

Creates and opens a socket on the network stack of the given network interface. If hostname is also given, user is not required to call set_hostname() later.

Parameters
stackNetwork stack as target for socket.
hostnameHostname used for certificate verification.

Definition at line 61 of file DTLSSocket.h.

Member Function Documentation

◆ open()

nsapi_error_t open ( NetworkStack stack)

Opens a socket.

Creates a network socket on the network stack of the given network interface. Not needed if stack is passed to the socket's constructor.

Parameters
stackNetwork stack as target for socket.
Returns
NSAPI_ERROR_OK on success, negative error code on failure. See UDPSocket::open.

Definition at line 77 of file DTLSSocket.h.

◆ close()

nsapi_error_t close ( )
overridevirtualinherited

Closes the socket.

Closes any open connection and deallocates any memory associated with the socket. Called from destructor if socket is not closed.

Returns
NSAPI_ERROR_OK on success. Negative subclass-dependent error code on failure.

Implements Socket.

◆ set_hostname()

void set_hostname ( const char *  hostname)
inherited

Set hostname.

Note
Implementation is a no-op unless MBEDTLS_X509_CRT_PARSE_C is defined and MBEDTLS_X509_REMOVE_HOSTNAME_VERIFICATION is not defined.

TLSSocket requires hostname used to verify the certificate. If hostname is not given in constructor, this function must be used before starting the TLS handshake.

Parameters
hostnameHostname of the remote host, used for certificate checking.

◆ set_root_ca_cert() [1/2]

nsapi_error_t set_root_ca_cert ( const void *  root_ca,
size_t  len 
)
inherited

Sets the certification of Root CA.

Note
Must be called before calling connect()
Parameters
root_caRoot CA Certificate in any Mbed TLS-supported format.
lenLength of certificate (including terminating 0 for PEM).
Return values
NSAPI_ERROR_OKon success.
NSAPI_ERROR_NO_MEMORYin case there is not enough memory to allocate certificate.
NSAPI_ERROR_PARAMETERin case the provided root_ca parameter failed parsing.

◆ set_root_ca_cert() [2/2]

nsapi_error_t set_root_ca_cert ( const char *  root_ca_pem)
inherited

Sets the certification of Root CA.

Note
Must be called before calling connect()
Parameters
root_ca_pemRoot CA Certificate in PEM format.
Return values
NSAPI_ERROR_OKon success.
NSAPI_ERROR_NO_MEMORYin case there is not enough memory to allocate certificate.
NSAPI_ERROR_PARAMETERin case the provided root_ca parameter failed parsing.

◆ set_root_ca_cert_path()

nsapi_error_t set_root_ca_cert_path ( const char *  root_ca_path)
inherited

Sets the Root CA certificate to a collection of files on the filesystem.

All files in the supplied directory will be scanned. Note that to set up a filesystem, you must mount one or more block devices before calling this function.

Note
Must be called before calling connect()
Parameters
root_ca_pathPath containing Root CA Certificate files in any Mbed TLS-supported format. This can point to a directory on any mounted filesystem.
Return values
NSAPI_ERROR_OKon success.
NSAPI_ERROR_NO_MEMORYin case there is not enough memory to allocate certificate.
NSAPI_ERROR_PARAMETERin case the provided root_ca parameter failed parsing.

◆ append_root_ca_cert() [1/2]

nsapi_error_t append_root_ca_cert ( const void *  root_ca,
size_t  len 
)
inherited

Appends the certificate to an existing CA chain.

Note
Must be called before calling connect()
Parameters
root_caRoot CA Certificate in any Mbed TLS-supported format.
lenLength of certificate (including terminating 0 for PEM).
Return values
NSAPI_ERROR_OKon success.
NSAPI_ERROR_NO_MEMORYin case there is not enough memory to allocate certificate.
NSAPI_ERROR_PARAMETERin case the provided root_ca parameter failed parsing.

◆ append_root_ca_cert() [2/2]

nsapi_error_t append_root_ca_cert ( const char *  root_ca_pem)
inherited

Appends the certificate to an existing CA chain.

Note
Must be called before calling connect()
Parameters
root_ca_pemRoot CA Certificate in PEM format.
Return values
NSAPI_ERROR_OKon success.
NSAPI_ERROR_NO_MEMORYin case there is not enough memory to allocate certificate.
NSAPI_ERROR_PARAMETERin case the provided root_ca parameter failed parsing.

◆ set_client_cert_key() [1/2]

nsapi_error_t set_client_cert_key ( const void *  client_cert,
size_t  client_cert_len,
const void *  client_private_key_pem,
size_t  client_private_key_len 
)
inherited

Sets client certificate, and client private key.

Parameters
client_certClient certification in PEM or DER format.
client_cert_lenCertificate size including the terminating null byte for PEM data.
client_private_key_pemClient private key in PEM or DER format.
client_private_key_lenKey size including the terminating null byte for PEM data
Return values
NSAPI_ERROR_OKon success.
NSAPI_ERROR_PARAMETERin case the provided root_ca parameter failed parsing.

◆ set_client_cert_key() [2/2]

nsapi_error_t set_client_cert_key ( const char *  client_cert_pem,
const char *  client_private_key_pem 
)
inherited

Sets client certificate, and client private key.

Parameters
client_cert_pemClient certification in PEM format.
client_private_key_pemClient private key in PEM format.
Return values
NSAPI_ERROR_OKon success.
NSAPI_ERROR_PARAMETERin case the provided root_ca parameter failed parsing.

◆ send()

nsapi_error_t send ( const void *  data,
nsapi_size_t  size 
)
overridevirtualinherited

Send data over a TLS socket.

The socket must be connected to a remote host. Returns the number of bytes sent from the buffer.

Parameters
dataBuffer of data to send to the host.
sizeSize of the buffer in bytes.
Return values
intNumber of sent bytes on success
NSAPI_ERROR_NO_SOCKETin case socket was not created correctly.
NSAPI_ERROR_WOULD_BLOCKin case non-blocking mode is enabled and send cannot be performed immediately.
NSAPI_ERROR_DEVICE_ERRORin case of tls-related errors. See mbedtls_ssl_write.

Implements Socket.

◆ recv()

nsapi_size_or_error_t recv ( void *  data,
nsapi_size_t  size 
)
overridevirtualinherited

Receive data over a TLS socket.

The socket must be connected to a remote host. Returns the number of bytes received into the buffer.

Parameters
dataDestination buffer for data received from the host.
sizeSize of the buffer in bytes.
Return values
intNumber of sent bytes on success
NSAPI_ERROR_NO_SOCKETin case socket was not created correctly.
NSAPI_ERROR_WOULD_BLOCKin case non-blocking mode is enabled and send cannot be performed immediately.
NSAPI_ERROR_DEVICE_ERRORin case of tls-related errors. See mbedtls_ssl_read.
Returns
0 if no data is available to be received and the peer has performed an orderly shutdown.

Implements Socket.

◆ connect()

nsapi_error_t connect ( const SocketAddress address = SocketAddress())
overridevirtualinherited

Connect the transport socket and start handshake.

Note
: In case connect() returns an error, the state of the socket is unspecified. A new socket should be created before reconnecting.

See Socket::connect and start_handshake

Implements Socket.

Reimplemented in TLSSocket.

◆ sendto()

nsapi_size_or_error_t sendto ( const SocketAddress address,
const void *  data,
nsapi_size_t  size 
)
overridevirtualinherited

Send a message on a socket.

The sendto() function sends a message through a connection-mode or connectionless-mode socket. If the socket is a connectionless-mode socket, the message is sent to the address specified. If the socket is a connected-mode socket, address is ignored.

By default, sendto blocks until data is sent. If socket is set to non-blocking or times out, NSAPI_ERROR_WOULD_BLOCK is returned immediately.

Parameters
addressRemote address
dataBuffer of data to send to the host
sizeSize of the buffer in bytes
Returns
Number of sent bytes on success, negative subclass-dependent error code on failure

Implements Socket.

◆ recvfrom()

nsapi_size_or_error_t recvfrom ( SocketAddress address,
void *  data,
nsapi_size_t  size 
)
overridevirtualinherited

Receive a data from a socket.

Receives a data and stores the source address in address if address is not NULL. Returns the number of bytes written into the buffer.

If socket is connected, only packets coming from connected peer address are accepted.

Note
recvfrom() is allowed write to address and data buffers even if error occurs.

By default, recvfrom blocks until a datagram is received. If socket is set to non-blocking or times out with no data, NSAPI_ERROR_WOULD_BLOCK is returned.

Parameters
addressDestination for the source address or NULL
dataDestination buffer for datagram received from the host
sizeSize of the buffer in bytes
Returns
Number of received bytes on success, negative subclass-dependent error code on failure

Implements Socket.

◆ sendto_control()

nsapi_size_or_error_t sendto_control ( const SocketAddress address,
const void *  data,
nsapi_size_t  size,
nsapi_msghdr_t control,
nsapi_size_t  control_size 
)
overridevirtualinherited

Send a message on a socket.

The sendto_control() function sends a message through a connection-mode or connectionless-mode socket. If the socket is a connectionless-mode socket, the message is sent to the address specified. If the socket is a connected-mode socket, address is ignored.

Additional control information can be passed to the stack for specific operations.

By default, sendto blocks until data is sent. If socket is set to non-blocking or times out, NSAPI_ERROR_WOULD_BLOCK is returned immediately.

Parameters
addressRemote address
dataBuffer of data to send to the host
sizeSize of the buffer in bytes
controlControl data, for instance a populated nsapi_pktinfo structure.
control_sizeSize of control in bytes.
Returns
Number of sent bytes on success, negative subclass-dependent error code on failure

Implements Socket.

◆ recvfrom_control()

nsapi_size_or_error_t recvfrom_control ( SocketAddress address,
void *  data,
nsapi_size_t  size,
nsapi_msghdr_t control,
nsapi_size_t  control_size 
)
overridevirtualinherited

Receive a data from a socket.

Receives a data and stores the source address in address if address is not NULL. Returns the number of bytes written into the buffer.

If socket is connected, only packets coming from connected peer address are accepted.

Ancillary data is stored into control. The caller needs to allocate a buffer that is large enough to contain the data they want to receive, then pass the pointer in through the control member. The data will be filled into control, beginning with a header specifying what data was received. See MsgHeaderIterator for how to parse this data.

Note
recvfrom_control() is allowed write to address and data buffers even if error occurs.

By default, recvfrom blocks until a datagram is received. If socket is set to non-blocking or times out with no data, NSAPI_ERROR_WOULD_BLOCK is returned.

Parameters
addressDestination for the source address or NULL
dataDestination buffer for datagram received from the host
sizeSize of the buffer in bytes
controlCaller-allocated buffer to store ancillary data.
control_sizeSize of the control buffer that the caller has allocated.
Returns
Number of received bytes on success, negative subclass-dependent error code on failure

Implements Socket.

◆ bind()

nsapi_error_t bind ( const SocketAddress address)
overridevirtualinherited

Bind a specific address to a socket.

Binding a socket specifies the address and port on which to receive data. If the IP address is zeroed, only the port is bound.

Parameters
addressLocal address to bind.
Returns
NSAPI_ERROR_OK on success, negative subclass-dependent error code on failure.

Implements Socket.

◆ set_blocking()

void set_blocking ( bool  blocking)
overridevirtualinherited

Set blocking or non-blocking mode of the socket.

Initially all sockets are in blocking mode. In non-blocking mode blocking operations such as send/recv/accept return NSAPI_ERROR_WOULD_BLOCK if they cannot continue.

set_blocking(false) is equivalent to set_timeout(0) set_blocking(true) is equivalent to set_timeout(-1)

Parameters
blockingtrue for blocking mode, false for non-blocking mode.

Implements Socket.

◆ set_timeout()

void set_timeout ( int  timeout)
overridevirtualinherited

Set timeout on blocking socket operations.

Initially all sockets have unbounded timeouts. NSAPI_ERROR_WOULD_BLOCK is returned if a blocking operation takes longer than the specified timeout. A timeout of 0 removes the timeout from the socket. A negative value gives the socket an unbounded timeout.

set_timeout(0) is equivalent to set_blocking(false) set_timeout(-1) is equivalent to set_blocking(true)

Parameters
timeoutTimeout in milliseconds

Implements Socket.

◆ sigio()

void sigio ( mbed::Callback< void()>  func)
overridevirtualinherited

Register a callback on state change of the socket.

The specified callback is called on state changes, such as when the socket can receive/send/accept successfully and when an error occurs. The callback may also be called spuriously without reason.

The callback may be called in an interrupt context and should not perform expensive operations such as receive/send calls.

Note! This is not intended as a replacement for a poll or attach-like asynchronous API, but rather as a building block for constructing such functionality. The exact timing of the registered function is not guaranteed and susceptible to change.

Parameters
funcFunction to call on state change.

Implements Socket.

◆ setsockopt()

nsapi_error_t setsockopt ( int  level,
int  optname,
const void *  optval,
unsigned  optlen 
)
overridevirtualinherited

Set socket options.

setsockopt() allows an application to pass stack-specific options to the underlying stack using stack-specific level and option names, or to request generic options using levels from nsapi_socket_level_t.

For unsupported options, NSAPI_ERROR_UNSUPPORTED is returned and the socket is unmodified.

Parameters
levelStack-specific protocol level or nsapi_socket_level_t.
optnameLevel-specific option name.
optvalOption value.
optlenLength of the option value.
Return values
NSAPI_ERROR_OKon success.
NSAPI_ERROR_NO_SOCKETif socket is not open.
Negativeerror code on failure, see NetworkStack::setsockopt

Implements Socket.

◆ getsockopt()

nsapi_error_t getsockopt ( int  level,
int  optname,
void *  optval,
unsigned *  optlen 
)
overridevirtualinherited

Get socket options.

getsockopt() allows an application to retrieve stack-specific options from the underlying stack using stack-specific level and option names, or to request generic options using levels from nsapi_socket_level_t.

For unsupported options, NSAPI_ERROR_UNSUPPORTED is returned and the socket is unmodified.

Parameters
levelStack-specific protocol level or nsapi_socket_level_t.
optnameLevel-specific option name.
optvalDestination for option value.
optlenLength of the option value.
Return values
NSAPI_ERROR_OKon success.
NSAPI_ERROR_NO_SOCKETif socket is not open.
Negativeerror code on failure, see NetworkStack::getsockopt

Implements Socket.

◆ accept()

Socket * accept ( nsapi_error_t error = NULL)
overridevirtualinherited

Accepts a connection on a socket.

The server socket must be bound and set to listen for connections. On a new connection, returns connected network socket to call close() that deallocates the resources. Referencing a returned pointer after a close() call is not allowed and leads to undefined behavior.

By default, accept blocks until incoming connection occurs. If socket is set to non-blocking or times out, error is set to NSAPI_ERROR_WOULD_BLOCK.

Parameters
errorPointer to storage of the error value or NULL.
Returns
Pointer to a socket.

Implements Socket.

◆ listen()

nsapi_error_t listen ( int  backlog = 1)
overridevirtualinherited

Listen for incoming connections.

Marks the socket as a passive socket that can be used to accept incoming connections.

Parameters
backlogNumber of pending connections that can be queued simultaneously, defaults to 1.
Returns
NSAPI_ERROR_OK on success, negative error code on failure.

Implements Socket.

◆ getpeername()

nsapi_error_t getpeername ( SocketAddress address)
overridevirtualinherited

Get the remote-end peer associated with this socket.

Copy the remote peer address to a SocketAddress structure pointed by address parameter. Socket must be connected to have a peer address associated.

Parameters
addressPointer to SocketAddress structure.
Return values
NSAPI_ERROR_OKon success.
NSAPI_ERROR_NO_SOCKETif socket is not connected.
NSAPI_ERROR_NO_CONNECTIONif the remote peer was not set.

Implements Socket.

◆ get_own_cert()

mbedtls_x509_crt * get_own_cert ( )
inherited

Get own certificate directly from Mbed TLS.

Returns
Internal Mbed TLS X509 structure.

◆ set_own_cert()

int set_own_cert ( mbedtls_x509_crt crt)
inherited

Set own certificate directly to Mbed TLS.

Parameters
crtMbed TLS X509 certificate chain.
Returns
error code from mbedtls_ssl_conf_own_cert().

◆ get_ca_chain()

mbedtls_x509_crt * get_ca_chain ( )
inherited

Get CA chain structure.

Returns
Mbed TLS X509 certificate chain.

◆ set_ca_chain()

void set_ca_chain ( mbedtls_x509_crt crt)
inherited

Set CA chain directly to Mbed TLS.

Parameters
crtMbed TLS X509 certificate chain.

◆ get_ssl_config()

mbedtls_ssl_config * get_ssl_config ( )
inherited

Get internal Mbed TLS configuration structure.

Returns
Mbed TLS SSL config.

◆ set_ssl_config()

void set_ssl_config ( mbedtls_ssl_config conf)
inherited

Override Mbed TLS configuration.

Parameters
confMbed TLS SSL configuration structure.

◆ get_ssl_context()

mbedtls_ssl_context * get_ssl_context ( )
inherited

Get internal Mbed TLS context structure.

Returns
SSL context.

◆ start_handshake()

nsapi_error_t start_handshake ( bool  first_call)
protectedinherited

Initiates TLS Handshake.

Initiates a TLS handshake to a remote peer. Underlying transport socket should already be connected.

Root CA certification must be set by set_ssl_ca_pem() before calling this function.

For non-blocking purposes, this functions needs to know whether this was a first call to Socket::connect() API so that NSAPI_ERROR_INPROGRESS does not happen twice.

Parameters
first_callis this a first call to Socket::connect() API.
Return values
NSAPI_ERROR_OKif we happen to complete the request on the first call.
NSAPI_ERROR_IN_PROGRESSif the first call did not complete the request.
NSAPI_ERROR_NO_SOCKETin case the transport socket was not created correctly.
NSAPI_ERROR_AUTH_FAILUREin case of tls-related authentication errors. See mbedtls_ctr_drbg_seed or mbedtls_hmac_drbg_seed, mbedtls_ssl_setup. mbedtls_ssl_handshake.