CoAP Secure#
This module includes functions that control CoAP Secure (CoAP over DTLS) communication.
The functions in this module are available when CoAP Secure API feature (OPENTHREAD_CONFIG_COAP_SECURE_API_ENABLE) is enabled.
Typedefs#
This function pointer is called when the DTLS connection state changes.
Functions#
This function starts the CoAP Secure service.
This function stops the CoAP Secure server.
This method sets the Pre-Shared Key (PSK) and cipher suite DTLS_PSK_WITH_AES_128_CCM_8.
This method returns the peer x509 certificate base64 encoded.
This method sets the authentication mode for the coap secure connection.
This method sets the local device's X509 certificate with corresponding private key for DTLS session with DTLS_ECDHE_ECDSA_WITH_AES_128_CCM_8.
This method sets the trusted top level CAs.
This method initializes DTLS session with a peer.
This method stops the DTLS connection.
This method indicates whether or not the DTLS session is connected.
This method indicates whether or not the DTLS session is active.
This method sends a CoAP request block-wise over secure DTLS connection.
This method sends a CoAP request over secure DTLS connection.
This function adds a resource to the CoAP Secure server.
This function removes a resource from the CoAP Secure server.
This function adds a block-wise resource to the CoAP Secure server.
This function removes a block-wise resource from the CoAP Secure server.
This function sets the default handler for unhandled CoAP Secure requests.
This method sets the connected callback to indicate, when a Client connect to the CoAP Secure server.
This function sends a CoAP response block-wise from the CoAP Secure server.
This function sends a CoAP response from the CoAP Secure server.
Macros#
Default CoAP Secure port, as specified in RFC 7252.
Typedef Documentation#
otHandleCoapSecureClientConnect#
typedef void(* otHandleCoapSecureClientConnect) (bool aConnected, void *aContext) )(bool aConnected, void *aContext)
This function pointer is called when the DTLS connection state changes.
| [in] | aConnected | true, if a connection was established, false otherwise. |
| [in] | aContext | A pointer to arbitrary context information. |
77 of file include/openthread/coap_secure.hFunction Documentation#
otCoapSecureStart#
otError otCoapSecureStart (otInstance *aInstance, uint16_t aPort)
This function starts the CoAP Secure service.
| [in] | aInstance | A pointer to an OpenThread instance. |
| [in] | aPort | The local UDP port to bind to. |
88 of file include/openthread/coap_secure.hotCoapSecureStop#
void otCoapSecureStop (otInstance *aInstance)
This function stops the CoAP Secure server.
| [in] | aInstance | A pointer to an OpenThread instance. |
96 of file include/openthread/coap_secure.hotCoapSecureSetPsk#
void otCoapSecureSetPsk (otInstance *aInstance, const uint8_t *aPsk, uint16_t aPskLength, const uint8_t *aPskIdentity, uint16_t aPskIdLength)
This method sets the Pre-Shared Key (PSK) and cipher suite DTLS_PSK_WITH_AES_128_CCM_8.
| [in] | aInstance | A pointer to an OpenThread instance. |
| [in] | aPsk | A pointer to the PSK. |
| [in] | aPskLength | The PSK length. |
| [in] | aPskIdentity | The Identity Name for the PSK. |
| [in] | aPskIdLength | The PSK Identity Length. |
Note
This function requires the build-time feature
MBEDTLS_KEY_EXCHANGE_PSK_ENABLEDto be enabled.
111 of file include/openthread/coap_secure.hotCoapSecureGetPeerCertificateBase64#
otError otCoapSecureGetPeerCertificateBase64 (otInstance *aInstance, unsigned char *aPeerCert, size_t *aCertLength, size_t aCertBufferSize)
This method returns the peer x509 certificate base64 encoded.
| [in] | aInstance | A pointer to an OpenThread instance. |
| [out] | aPeerCert | A pointer to the base64 encoded certificate buffer. |
| [out] | aCertLength | The length of the base64 encoded peer certificate. |
| [in] | aCertBufferSize | The buffer size of aPeerCert. |
Note
This function requires the build-time features
MBEDTLS_BASE64_CandMBEDTLS_SSL_KEEP_PEER_CERTIFICATEto be enabled.
133 of file include/openthread/coap_secure.hotCoapSecureSetSslAuthMode#
void otCoapSecureSetSslAuthMode (otInstance *aInstance, bool aVerifyPeerCertificate)
This method sets the authentication mode for the coap secure connection.
| [in] | aInstance | A pointer to an OpenThread instance. |
| [in] | aVerifyPeerCertificate | true, to verify the peer certificate. |
Disable or enable the verification of peer certificate. Must be called before start.
148 of file include/openthread/coap_secure.hotCoapSecureSetCertificate#
void otCoapSecureSetCertificate (otInstance *aInstance, const uint8_t *aX509Cert, uint32_t aX509Length, const uint8_t *aPrivateKey, uint32_t aPrivateKeyLength)
This method sets the local device's X509 certificate with corresponding private key for DTLS session with DTLS_ECDHE_ECDSA_WITH_AES_128_CCM_8.
| [in] | aInstance | A pointer to an OpenThread instance. |
| [in] | aX509Cert | A pointer to the PEM formatted X509 certificate. |
| [in] | aX509Length | The length of certificate. |
| [in] | aPrivateKey | A pointer to the PEM formatted private key. |
| [in] | aPrivateKeyLength | The length of the private key. |
Note
This function requires
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED=1.
163 of file include/openthread/coap_secure.hotCoapSecureSetCaCertificateChain#
void otCoapSecureSetCaCertificateChain (otInstance *aInstance, const uint8_t *aX509CaCertificateChain, uint32_t aX509CaCertChainLength)
This method sets the trusted top level CAs.
| [in] | aInstance | A pointer to an OpenThread instance. |
| [in] | aX509CaCertificateChain | A pointer to the PEM formatted X509 CA chain. |
| [in] | aX509CaCertChainLength | The length of chain. |
It is needed for validating the certificate of the peer.
DTLS mode "ECDHE ECDSA with AES 128 CCM 8" for Application CoAPS.
Note
This function requires
MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED=1.
182 of file include/openthread/coap_secure.hotCoapSecureConnect#
otError otCoapSecureConnect (otInstance *aInstance, const otSockAddr *aSockAddr, otHandleCoapSecureClientConnect aHandler, void *aContext)
This method initializes DTLS session with a peer.
| [in] | aInstance | A pointer to an OpenThread instance. |
| [in] | aSockAddr | A pointer to the remote socket address. |
| [in] | aHandler | A pointer to a function that will be called when the DTLS connection state changes. |
| [in] | aContext | A pointer to arbitrary context information. |
198 of file include/openthread/coap_secure.hotCoapSecureDisconnect#
void otCoapSecureDisconnect (otInstance *aInstance)
This method stops the DTLS connection.
| [in] | aInstance | A pointer to an OpenThread instance. |
209 of file include/openthread/coap_secure.hotCoapSecureIsConnected#
bool otCoapSecureIsConnected (otInstance *aInstance)
This method indicates whether or not the DTLS session is connected.
| [in] | aInstance | A pointer to an OpenThread instance. |
220 of file include/openthread/coap_secure.hotCoapSecureIsConnectionActive#
bool otCoapSecureIsConnectionActive (otInstance *aInstance)
This method indicates whether or not the DTLS session is active.
| [in] | aInstance | A pointer to an OpenThread instance. |
231 of file include/openthread/coap_secure.hotCoapSecureSendRequestBlockWise#
otError otCoapSecureSendRequestBlockWise (otInstance *aInstance, otMessage *aMessage, otCoapResponseHandler aHandler, void *aContext, otCoapBlockwiseTransmitHook aTransmitHook, otCoapBlockwiseReceiveHook aReceiveHook)
This method sends a CoAP request block-wise over secure DTLS connection.
| [in] | aInstance | A pointer to an OpenThread instance. |
| [in] | aMessage | A reference to the message to send. |
| [in] | aHandler | A function pointer that shall be called on response reception or time-out. |
| [in] | aContext | A pointer to arbitrary context information. |
| [in] | aTransmitHook | A function pointer that is called on Block1 response reception. |
| [in] | aReceiveHook | A function pointer that is called on Block2 response reception. |
This function is available when OPENTHREAD_CONFIG_COAP_BLOCKWISE_TRANSFER_ENABLE configuration is enabled.
If a response for a request is expected, respective function and context information should be provided. If no response is expected, these arguments should be NULL pointers. If Message Id was not set in the header (equal to 0), this function will assign unique Message Id to the message.
255 of file include/openthread/coap_secure.hotCoapSecureSendRequest#
otError otCoapSecureSendRequest (otInstance *aInstance, otMessage *aMessage, otCoapResponseHandler aHandler, void *aContext)
This method sends a CoAP request over secure DTLS connection.
| [in] | aInstance | A pointer to an OpenThread instance. |
| [in] | aMessage | A reference to the message to send. |
| [in] | aHandler | A function pointer that shall be called on response reception or time-out. |
| [in] | aContext | A pointer to arbitrary context information. |
If a response for a request is expected, respective function and context information should be provided. If no response is expected, these arguments should be NULL pointers. If Message Id was not set in the header (equal to 0), this function will assign unique Message Id to the message.
279 of file include/openthread/coap_secure.hotCoapSecureAddResource#
void otCoapSecureAddResource (otInstance *aInstance, otCoapResource *aResource)
This function adds a resource to the CoAP Secure server.
| [in] | aInstance | A pointer to an OpenThread instance. |
| [in] | aResource | A pointer to the resource. |
291 of file include/openthread/coap_secure.hotCoapSecureRemoveResource#
void otCoapSecureRemoveResource (otInstance *aInstance, otCoapResource *aResource)
This function removes a resource from the CoAP Secure server.
| [in] | aInstance | A pointer to an OpenThread instance. |
| [in] | aResource | A pointer to the resource. |
300 of file include/openthread/coap_secure.hotCoapSecureAddBlockWiseResource#
void otCoapSecureAddBlockWiseResource (otInstance *aInstance, otCoapBlockwiseResource *aResource)
This function adds a block-wise resource to the CoAP Secure server.
| [in] | aInstance | A pointer to an OpenThread instance. |
| [in] | aResource | A pointer to the resource. |
309 of file include/openthread/coap_secure.hotCoapSecureRemoveBlockWiseResource#
void otCoapSecureRemoveBlockWiseResource (otInstance *aInstance, otCoapBlockwiseResource *aResource)
This function removes a block-wise resource from the CoAP Secure server.
| [in] | aInstance | A pointer to an OpenThread instance. |
| [in] | aResource | A pointer to the resource. |
318 of file include/openthread/coap_secure.hotCoapSecureSetDefaultHandler#
void otCoapSecureSetDefaultHandler (otInstance *aInstance, otCoapRequestHandler aHandler, void *aContext)
This function sets the default handler for unhandled CoAP Secure requests.
| [in] | aInstance | A pointer to an OpenThread instance. |
| [in] | aHandler | A function pointer that shall be called when an unhandled request arrives. |
| [in] | aContext | A pointer to arbitrary context information. May be NULL if not used. |
328 of file include/openthread/coap_secure.hotCoapSecureSetClientConnectedCallback#
void otCoapSecureSetClientConnectedCallback (otInstance *aInstance, otHandleCoapSecureClientConnect aHandler, void *aContext)
This method sets the connected callback to indicate, when a Client connect to the CoAP Secure server.
| [in] | aInstance | A pointer to an OpenThread instance. |
| [in] | aHandler | A pointer to a function that will be called once DTLS connection is established. |
| [in] | aContext | A pointer to arbitrary context information. May be NULL if not used. |
339 of file include/openthread/coap_secure.hotCoapSecureSendResponseBlockWise#
otError otCoapSecureSendResponseBlockWise (otInstance *aInstance, otMessage *aMessage, const otMessageInfo *aMessageInfo, void *aContext, otCoapBlockwiseTransmitHook aTransmitHook)
This function sends a CoAP response block-wise from the CoAP Secure server.
| [in] | aInstance | A pointer to an OpenThread instance. |
| [in] | aMessage | A pointer to the CoAP response to send. |
| [in] | aMessageInfo | A pointer to the message info associated with |
| [in] | aContext | A pointer to arbitrary context information. May be NULL if not used. |
| [in] | aTransmitHook | A function pointer that is called on Block1 request reception. |
This function is available when OPENTHREAD_CONFIG_COAP_BLOCKWISE_TRANSFER_ENABLE configuration is enabled.
359 of file include/openthread/coap_secure.hotCoapSecureSendResponse#
otError otCoapSecureSendResponse (otInstance *aInstance, otMessage *aMessage, const otMessageInfo *aMessageInfo)
This function sends a CoAP response from the CoAP Secure server.
| [in] | aInstance | A pointer to an OpenThread instance. |
| [in] | aMessage | A pointer to the CoAP response to send. |
| [in] | aMessageInfo | A pointer to the message info associated with |
376 of file include/openthread/coap_secure.h