CoAP Secure#

This module includes functions that control CoAP Secure (CoAP over DTLS) communication.

The functions in this module are available when CoAP Secure API feature (OPENTHREAD_CONFIG_COAP_SECURE_API_ENABLE) is enabled.

Typedefs#

typedef void(*
otHandleCoapSecureClientConnect)(bool aConnected, void *aContext)

This function pointer is called when the DTLS connection state changes.

Functions#

otError
otCoapSecureStart(otInstance *aInstance, uint16_t aPort)

This function starts the CoAP Secure service.

void
otCoapSecureStop(otInstance *aInstance)

This function stops the CoAP Secure server.

void
otCoapSecureSetPsk(otInstance *aInstance, const uint8_t *aPsk, uint16_t aPskLength, const uint8_t *aPskIdentity, uint16_t aPskIdLength)

This method sets the Pre-Shared Key (PSK) and cipher suite DTLS_PSK_WITH_AES_128_CCM_8.

otError
otCoapSecureGetPeerCertificateBase64(otInstance *aInstance, unsigned char *aPeerCert, size_t *aCertLength, size_t aCertBufferSize)

This method returns the peer x509 certificate base64 encoded.

void
otCoapSecureSetSslAuthMode(otInstance *aInstance, bool aVerifyPeerCertificate)

This method sets the authentication mode for the coap secure connection.

void
otCoapSecureSetCertificate(otInstance *aInstance, const uint8_t *aX509Cert, uint32_t aX509Length, const uint8_t *aPrivateKey, uint32_t aPrivateKeyLength)

This method sets the local device's X509 certificate with corresponding private key for DTLS session with DTLS_ECDHE_ECDSA_WITH_AES_128_CCM_8.

void
otCoapSecureSetCaCertificateChain(otInstance *aInstance, const uint8_t *aX509CaCertificateChain, uint32_t aX509CaCertChainLength)

This method sets the trusted top level CAs.

otError
otCoapSecureConnect(otInstance *aInstance, const otSockAddr *aSockAddr, otHandleCoapSecureClientConnect aHandler, void *aContext)

This method initializes DTLS session with a peer.

void
otCoapSecureDisconnect(otInstance *aInstance)

This method stops the DTLS connection.

bool
otCoapSecureIsConnected(otInstance *aInstance)

This method indicates whether or not the DTLS session is connected.

bool
otCoapSecureIsConnectionActive(otInstance *aInstance)

This method indicates whether or not the DTLS session is active.

otError
otCoapSecureSendRequestBlockWise(otInstance *aInstance, otMessage *aMessage, otCoapResponseHandler aHandler, void *aContext, otCoapBlockwiseTransmitHook aTransmitHook, otCoapBlockwiseReceiveHook aReceiveHook)

This method sends a CoAP request block-wise over secure DTLS connection.

otError
otCoapSecureSendRequest(otInstance *aInstance, otMessage *aMessage, otCoapResponseHandler aHandler, void *aContext)

This method sends a CoAP request over secure DTLS connection.

void
otCoapSecureAddResource(otInstance *aInstance, otCoapResource *aResource)

This function adds a resource to the CoAP Secure server.

void
otCoapSecureRemoveResource(otInstance *aInstance, otCoapResource *aResource)

This function removes a resource from the CoAP Secure server.

void
otCoapSecureAddBlockWiseResource(otInstance *aInstance, otCoapBlockwiseResource *aResource)

This function adds a block-wise resource to the CoAP Secure server.

void
otCoapSecureRemoveBlockWiseResource(otInstance *aInstance, otCoapBlockwiseResource *aResource)

This function removes a block-wise resource from the CoAP Secure server.

void
otCoapSecureSetDefaultHandler(otInstance *aInstance, otCoapRequestHandler aHandler, void *aContext)

This function sets the default handler for unhandled CoAP Secure requests.

void
otCoapSecureSetClientConnectedCallback(otInstance *aInstance, otHandleCoapSecureClientConnect aHandler, void *aContext)

This method sets the connected callback to indicate, when a Client connect to the CoAP Secure server.

otError
otCoapSecureSendResponseBlockWise(otInstance *aInstance, otMessage *aMessage, const otMessageInfo *aMessageInfo, void *aContext, otCoapBlockwiseTransmitHook aTransmitHook)

This function sends a CoAP response block-wise from the CoAP Secure server.

otError
otCoapSecureSendResponse(otInstance *aInstance, otMessage *aMessage, const otMessageInfo *aMessageInfo)

This function sends a CoAP response from the CoAP Secure server.

Macros#

#define
OT_DEFAULT_COAP_SECURE_PORT 5684

Default CoAP Secure port, as specified in RFC 7252.

Typedef Documentation#

otHandleCoapSecureClientConnect#

typedef void(* otHandleCoapSecureClientConnect) (bool aConnected, void *aContext) )(bool aConnected, void *aContext)

This function pointer is called when the DTLS connection state changes.

Parameters
TypeDirectionArgument NameDescription
[in]aConnected

true, if a connection was established, false otherwise.

[in]aContext

A pointer to arbitrary context information.


Function Documentation#

otCoapSecureStart#

otError otCoapSecureStart (otInstance * aInstance, uint16_t aPort)

This function starts the CoAP Secure service.

Parameters
TypeDirectionArgument NameDescription
otInstance *[in]aInstance

A pointer to an OpenThread instance.

uint16_t[in]aPort

The local UDP port to bind to.


otCoapSecureStop#

void otCoapSecureStop (otInstance * aInstance)

This function stops the CoAP Secure server.

Parameters
TypeDirectionArgument NameDescription
otInstance *[in]aInstance

A pointer to an OpenThread instance.


otCoapSecureSetPsk#

void otCoapSecureSetPsk (otInstance * aInstance, const uint8_t * aPsk, uint16_t aPskLength, const uint8_t * aPskIdentity, uint16_t aPskIdLength)

This method sets the Pre-Shared Key (PSK) and cipher suite DTLS_PSK_WITH_AES_128_CCM_8.

Parameters
TypeDirectionArgument NameDescription
otInstance *[in]aInstance

A pointer to an OpenThread instance.

const uint8_t *[in]aPsk

A pointer to the PSK.

uint16_t[in]aPskLength

The PSK length.

const uint8_t *[in]aPskIdentity

The Identity Name for the PSK.

uint16_t[in]aPskIdLength

The PSK Identity Length.

Note

  • This function requires the build-time feature MBEDTLS_KEY_EXCHANGE_PSK_ENABLED to be enabled.


otCoapSecureGetPeerCertificateBase64#

otError otCoapSecureGetPeerCertificateBase64 (otInstance * aInstance, unsigned char * aPeerCert, size_t * aCertLength, size_t aCertBufferSize)

This method returns the peer x509 certificate base64 encoded.

Parameters
TypeDirectionArgument NameDescription
otInstance *[in]aInstance

A pointer to an OpenThread instance.

unsigned char *[out]aPeerCert

A pointer to the base64 encoded certificate buffer.

size_t *[out]aCertLength

The length of the base64 encoded peer certificate.

size_t[in]aCertBufferSize

The buffer size of aPeerCert.

Note

  • This function requires the build-time features MBEDTLS_BASE64_C and MBEDTLS_SSL_KEEP_PEER_CERTIFICATE to be enabled.


otCoapSecureSetSslAuthMode#

void otCoapSecureSetSslAuthMode (otInstance * aInstance, bool aVerifyPeerCertificate)

This method sets the authentication mode for the coap secure connection.

Parameters
TypeDirectionArgument NameDescription
otInstance *[in]aInstance

A pointer to an OpenThread instance.

bool[in]aVerifyPeerCertificate

true, to verify the peer certificate.

Disable or enable the verification of peer certificate. Must be called before start.


otCoapSecureSetCertificate#

void otCoapSecureSetCertificate (otInstance * aInstance, const uint8_t * aX509Cert, uint32_t aX509Length, const uint8_t * aPrivateKey, uint32_t aPrivateKeyLength)

This method sets the local device's X509 certificate with corresponding private key for DTLS session with DTLS_ECDHE_ECDSA_WITH_AES_128_CCM_8.

Parameters
TypeDirectionArgument NameDescription
otInstance *[in]aInstance

A pointer to an OpenThread instance.

const uint8_t *[in]aX509Cert

A pointer to the PEM formatted X509 certificate.

uint32_t[in]aX509Length

The length of certificate.

const uint8_t *[in]aPrivateKey

A pointer to the PEM formatted private key.

uint32_t[in]aPrivateKeyLength

The length of the private key.

Note

  • This function requires MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED=1.


otCoapSecureSetCaCertificateChain#

void otCoapSecureSetCaCertificateChain (otInstance * aInstance, const uint8_t * aX509CaCertificateChain, uint32_t aX509CaCertChainLength)

This method sets the trusted top level CAs.

Parameters
TypeDirectionArgument NameDescription
otInstance *[in]aInstance

A pointer to an OpenThread instance.

const uint8_t *[in]aX509CaCertificateChain

A pointer to the PEM formatted X509 CA chain.

uint32_t[in]aX509CaCertChainLength

The length of chain.

It is needed for validating the certificate of the peer.

DTLS mode "ECDHE ECDSA with AES 128 CCM 8" for Application CoAPS.

Note

  • This function requires MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED=1.


otCoapSecureConnect#

otError otCoapSecureConnect (otInstance * aInstance, const otSockAddr * aSockAddr, otHandleCoapSecureClientConnect aHandler, void * aContext)

This method initializes DTLS session with a peer.

Parameters
TypeDirectionArgument NameDescription
otInstance *[in]aInstance

A pointer to an OpenThread instance.

const otSockAddr *[in]aSockAddr

A pointer to the remote socket address.

otHandleCoapSecureClientConnect[in]aHandler

A pointer to a function that will be called when the DTLS connection state changes.

void *[in]aContext

A pointer to arbitrary context information.


otCoapSecureDisconnect#

void otCoapSecureDisconnect (otInstance * aInstance)

This method stops the DTLS connection.

Parameters
TypeDirectionArgument NameDescription
otInstance *[in]aInstance

A pointer to an OpenThread instance.


otCoapSecureIsConnected#

bool otCoapSecureIsConnected (otInstance * aInstance)

This method indicates whether or not the DTLS session is connected.

Parameters
TypeDirectionArgument NameDescription
otInstance *[in]aInstance

A pointer to an OpenThread instance.


otCoapSecureIsConnectionActive#

bool otCoapSecureIsConnectionActive (otInstance * aInstance)

This method indicates whether or not the DTLS session is active.

Parameters
TypeDirectionArgument NameDescription
otInstance *[in]aInstance

A pointer to an OpenThread instance.


otCoapSecureSendRequestBlockWise#

otError otCoapSecureSendRequestBlockWise (otInstance * aInstance, otMessage * aMessage, otCoapResponseHandler aHandler, void * aContext, otCoapBlockwiseTransmitHook aTransmitHook, otCoapBlockwiseReceiveHook aReceiveHook)

This method sends a CoAP request block-wise over secure DTLS connection.

Parameters
TypeDirectionArgument NameDescription
otInstance *[in]aInstance

A pointer to an OpenThread instance.

otMessage *[in]aMessage

A reference to the message to send.

otCoapResponseHandler[in]aHandler

A function pointer that shall be called on response reception or time-out.

void *[in]aContext

A pointer to arbitrary context information.

otCoapBlockwiseTransmitHook[in]aTransmitHook

A function pointer that is called on Block1 response reception.

otCoapBlockwiseReceiveHook[in]aReceiveHook

A function pointer that is called on Block2 response reception.

This function is available when OPENTHREAD_CONFIG_COAP_BLOCKWISE_TRANSFER_ENABLE configuration is enabled.

If a response for a request is expected, respective function and context information should be provided. If no response is expected, these arguments should be NULL pointers. If Message Id was not set in the header (equal to 0), this function will assign unique Message Id to the message.


otCoapSecureSendRequest#

otError otCoapSecureSendRequest (otInstance * aInstance, otMessage * aMessage, otCoapResponseHandler aHandler, void * aContext)

This method sends a CoAP request over secure DTLS connection.

Parameters
TypeDirectionArgument NameDescription
otInstance *[in]aInstance

A pointer to an OpenThread instance.

otMessage *[in]aMessage

A reference to the message to send.

otCoapResponseHandler[in]aHandler

A function pointer that shall be called on response reception or time-out.

void *[in]aContext

A pointer to arbitrary context information.

If a response for a request is expected, respective function and context information should be provided. If no response is expected, these arguments should be NULL pointers. If Message Id was not set in the header (equal to 0), this function will assign unique Message Id to the message.


otCoapSecureAddResource#

void otCoapSecureAddResource (otInstance * aInstance, otCoapResource * aResource)

This function adds a resource to the CoAP Secure server.

Parameters
TypeDirectionArgument NameDescription
otInstance *[in]aInstance

A pointer to an OpenThread instance.

otCoapResource *[in]aResource

A pointer to the resource.


otCoapSecureRemoveResource#

void otCoapSecureRemoveResource (otInstance * aInstance, otCoapResource * aResource)

This function removes a resource from the CoAP Secure server.

Parameters
TypeDirectionArgument NameDescription
otInstance *[in]aInstance

A pointer to an OpenThread instance.

otCoapResource *[in]aResource

A pointer to the resource.


otCoapSecureAddBlockWiseResource#

void otCoapSecureAddBlockWiseResource (otInstance * aInstance, otCoapBlockwiseResource * aResource)

This function adds a block-wise resource to the CoAP Secure server.

Parameters
TypeDirectionArgument NameDescription
otInstance *[in]aInstance

A pointer to an OpenThread instance.

otCoapBlockwiseResource *[in]aResource

A pointer to the resource.


otCoapSecureRemoveBlockWiseResource#

void otCoapSecureRemoveBlockWiseResource (otInstance * aInstance, otCoapBlockwiseResource * aResource)

This function removes a block-wise resource from the CoAP Secure server.

Parameters
TypeDirectionArgument NameDescription
otInstance *[in]aInstance

A pointer to an OpenThread instance.

otCoapBlockwiseResource *[in]aResource

A pointer to the resource.


otCoapSecureSetDefaultHandler#

void otCoapSecureSetDefaultHandler (otInstance * aInstance, otCoapRequestHandler aHandler, void * aContext)

This function sets the default handler for unhandled CoAP Secure requests.

Parameters
TypeDirectionArgument NameDescription
otInstance *[in]aInstance

A pointer to an OpenThread instance.

otCoapRequestHandler[in]aHandler

A function pointer that shall be called when an unhandled request arrives.

void *[in]aContext

A pointer to arbitrary context information. May be NULL if not used.


otCoapSecureSetClientConnectedCallback#

void otCoapSecureSetClientConnectedCallback (otInstance * aInstance, otHandleCoapSecureClientConnect aHandler, void * aContext)

This method sets the connected callback to indicate, when a Client connect to the CoAP Secure server.

Parameters
TypeDirectionArgument NameDescription
otInstance *[in]aInstance

A pointer to an OpenThread instance.

otHandleCoapSecureClientConnect[in]aHandler

A pointer to a function that will be called once DTLS connection is established.

void *[in]aContext

A pointer to arbitrary context information. May be NULL if not used.


otCoapSecureSendResponseBlockWise#

otError otCoapSecureSendResponseBlockWise (otInstance * aInstance, otMessage * aMessage, const otMessageInfo * aMessageInfo, void * aContext, otCoapBlockwiseTransmitHook aTransmitHook)

This function sends a CoAP response block-wise from the CoAP Secure server.

Parameters
TypeDirectionArgument NameDescription
otInstance *[in]aInstance

A pointer to an OpenThread instance.

otMessage *[in]aMessage

A pointer to the CoAP response to send.

const otMessageInfo *[in]aMessageInfo

A pointer to the message info associated with aMessage.

void *[in]aContext

A pointer to arbitrary context information. May be NULL if not used.

otCoapBlockwiseTransmitHook[in]aTransmitHook

A function pointer that is called on Block1 request reception.

This function is available when OPENTHREAD_CONFIG_COAP_BLOCKWISE_TRANSFER_ENABLE configuration is enabled.


otCoapSecureSendResponse#

otError otCoapSecureSendResponse (otInstance * aInstance, otMessage * aMessage, const otMessageInfo * aMessageInfo)

This function sends a CoAP response from the CoAP Secure server.

Parameters
TypeDirectionArgument NameDescription
otInstance *[in]aInstance

A pointer to an OpenThread instance.

otMessage *[in]aMessage

A pointer to the CoAP response to send.

const otMessageInfo *[in]aMessageInfo

A pointer to the message info associated with aMessage.