Google Git
Sign in
fuchsia / third_party / openthread / refs/heads/releases/f7 / . / include / openthread / coap_secure.h
blob: 5cb6bd9a02eb2156e6b8b362d5eddcd19ed97a57 [file] [log] [blame]
/*
* Copyright (c) 2018, The OpenThread Authors.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the copyright holder nor the
* names of its contributors may be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
/**
* @file
* @brief
* This file defines the top-level functions for the OpenThread CoAP Secure implementation.
*
* @note
* The functions in this module require the build-time feature `OPENTHREAD_CONFIG_COAP_SECURE_API_ENABLE=1`.
*
* @note
* To enable cipher suite DTLS_PSK_WITH_AES_128_CCM_8, MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
* must be enabled in mbedtls-config.h
* To enable cipher suite DTLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED must be enabled in mbedtls-config.h.
*/
#ifndef OPENTHREAD_COAP_SECURE_H_
#define OPENTHREAD_COAP_SECURE_H_
#include <stdint.h>
#include <openthread/coap.h>
#ifdef __cplusplus
extern "C" {
#endif
/**
* @addtogroup api-coap-secure
*
* @brief
* This module includes functions that control CoAP Secure (CoAP over DTLS) communication.
*
* The functions in this module are available when CoAP Secure API feature
* (`OPENTHREAD_CONFIG_COAP_SECURE_API_ENABLE`) is enabled.
*
* @{
*
*/
#define OT_DEFAULT_COAP_SECURE_PORT 5684 ///< Default CoAP Secure port, as specified in RFC 7252
/**
* This function pointer is called when the DTLS connection state changes.
*
* @param[in] aConnected true, if a connection was established, false otherwise.
* @param[in] aContext A pointer to arbitrary context information.
*
*/
typedef void (*otHandleCoapSecureClientConnect)(bool aConnected, void *aContext);
/**
* This function starts the CoAP Secure service.
*
* @param[in] aInstance A pointer to an OpenThread instance.
* @param[in] aPort The local UDP port to bind to.
*
* @retval OT_ERROR_NONE Successfully started the CoAP Secure server.
*
*/
otError otCoapSecureStart(otInstance *aInstance, uint16_t aPort);
/**
* This function stops the CoAP Secure server.
*
* @param[in] aInstance A pointer to an OpenThread instance.
*
*/
void otCoapSecureStop(otInstance *aInstance);
/**
* This method sets the Pre-Shared Key (PSK) and cipher suite
* DTLS_PSK_WITH_AES_128_CCM_8.
*
* @note This function requires the build-time feature `MBEDTLS_KEY_EXCHANGE_PSK_ENABLED` to be enabled.
*
* @param[in] aInstance A pointer to an OpenThread instance.
* @param[in] aPsk A pointer to the PSK.
* @param[in] aPskLength The PSK length.
* @param[in] aPskIdentity The Identity Name for the PSK.
* @param[in] aPskIdLength The PSK Identity Length.
*
*/
void otCoapSecureSetPsk(otInstance * aInstance,
const uint8_t *aPsk,
uint16_t aPskLength,
const uint8_t *aPskIdentity,
uint16_t aPskIdLength);
/**
* This method returns the peer x509 certificate base64 encoded.
*
* @note This function requires the build-time features `MBEDTLS_BASE64_C` and
* `MBEDTLS_SSL_KEEP_PEER_CERTIFICATE` to be enabled.
*
* @param[in] aInstance A pointer to an OpenThread instance.
* @param[out] aPeerCert A pointer to the base64 encoded certificate buffer.
* @param[out] aCertLength The length of the base64 encoded peer certificate.
* @param[in] aCertBufferSize The buffer size of aPeerCert.
*
* @retval OT_ERROR_INVALID_STATE Not connected yet.
* @retval OT_ERROR_NONE Successfully get the peer certificate.
* @retval OT_ERROR_NO_BUFS Can't allocate memory for certificate.
*
*/
otError otCoapSecureGetPeerCertificateBase64(otInstance * aInstance,
unsigned char *aPeerCert,
size_t * aCertLength,
size_t aCertBufferSize);
/**
* This method sets the authentication mode for the coap secure connection.
*
* Disable or enable the verification of peer certificate.
* Must be called before start.
*
* @param[in] aInstance A pointer to an OpenThread instance.
* @param[in] aVerifyPeerCertificate true, to verify the peer certificate.
*
*/
void otCoapSecureSetSslAuthMode(otInstance *aInstance, bool aVerifyPeerCertificate);
/**
* This method sets the local device's X509 certificate with corresponding private key for
* DTLS session with DTLS_ECDHE_ECDSA_WITH_AES_128_CCM_8.
*
* @note This function requires `MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED=1`.
*
* @param[in] aInstance A pointer to an OpenThread instance.
* @param[in] aX509Cert A pointer to the PEM formatted X509 certificate.
* @param[in] aX509Length The length of certificate.
* @param[in] aPrivateKey A pointer to the PEM formatted private key.
* @param[in] aPrivateKeyLength The length of the private key.
*
*/
void otCoapSecureSetCertificate(otInstance * aInstance,
const uint8_t *aX509Cert,
uint32_t aX509Length,
const uint8_t *aPrivateKey,
uint32_t aPrivateKeyLength);
/**
* This method sets the trusted top level CAs. It is needed for validating the
* certificate of the peer.
*
* DTLS mode "ECDHE ECDSA with AES 128 CCM 8" for Application CoAPS.
*
* @note This function requires `MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED=1`.
*
* @param[in] aInstance A pointer to an OpenThread instance.
* @param[in] aX509CaCertificateChain A pointer to the PEM formatted X509 CA chain.
* @param[in] aX509CaCertChainLength The length of chain.
*
*/
void otCoapSecureSetCaCertificateChain(otInstance * aInstance,
const uint8_t *aX509CaCertificateChain,
uint32_t aX509CaCertChainLength);
/**
* This method initializes DTLS session with a peer.
*
* @param[in] aInstance A pointer to an OpenThread instance.
* @param[in] aSockAddr A pointer to the remote socket address.
* @param[in] aHandler A pointer to a function that will be called when the DTLS connection
* state changes.
* @param[in] aContext A pointer to arbitrary context information.
*
* @retval OT_ERROR_NONE Successfully started DTLS connection.
*
*/
otError otCoapSecureConnect(otInstance * aInstance,
const otSockAddr * aSockAddr,
otHandleCoapSecureClientConnect aHandler,
void * aContext);
/**
* This method stops the DTLS connection.
*
* @param[in] aInstance A pointer to an OpenThread instance.
*
*/
void otCoapSecureDisconnect(otInstance *aInstance);
/**
* This method indicates whether or not the DTLS session is connected.
*
* @param[in] aInstance A pointer to an OpenThread instance.
*
* @retval TRUE The DTLS session is connected.
* @retval FALSE The DTLS session is not connected.
*
*/
bool otCoapSecureIsConnected(otInstance *aInstance);
/**
* This method indicates whether or not the DTLS session is active.
*
* @param[in] aInstance A pointer to an OpenThread instance.
*
* @retval TRUE If DTLS session is active.
* @retval FALSE If DTLS session is not active.
*
*/
bool otCoapSecureIsConnectionActive(otInstance *aInstance);
/**
* This method sends a CoAP request block-wise over secure DTLS connection.
*
* This function is available when OPENTHREAD_CONFIG_COAP_BLOCKWISE_TRANSFER_ENABLE configuration
* is enabled.
*
* If a response for a request is expected, respective function and context information should be provided.
* If no response is expected, these arguments should be NULL pointers.
* If Message Id was not set in the header (equal to 0), this function will assign unique Message Id to the message.
*
* @param[in] aInstance A pointer to an OpenThread instance.
* @param[in] aMessage A reference to the message to send.
* @param[in] aHandler A function pointer that shall be called on response reception or time-out.
* @param[in] aContext A pointer to arbitrary context information.
* @param[in] aTransmitHook A function pointer that is called on Block1 response reception.
* @param[in] aReceiveHook A function pointer that is called on Block2 response reception.
*
* @retval OT_ERROR_NONE Successfully sent CoAP message.
* @retval OT_ERROR_NO_BUFS Failed to allocate retransmission data.
* @retval OT_ERROR_INVALID_STATE DTLS connection was not initialized.
*
*/
otError otCoapSecureSendRequestBlockWise(otInstance * aInstance,
otMessage * aMessage,
otCoapResponseHandler aHandler,
void * aContext,
otCoapBlockwiseTransmitHook aTransmitHook,
otCoapBlockwiseReceiveHook aReceiveHook);
/**
* This method sends a CoAP request over secure DTLS connection.
*
* If a response for a request is expected, respective function and context information should be provided.
* If no response is expected, these arguments should be NULL pointers.
* If Message Id was not set in the header (equal to 0), this function will assign unique Message Id to the message.
*
* @param[in] aInstance A pointer to an OpenThread instance.
* @param[in] aMessage A reference to the message to send.
* @param[in] aHandler A function pointer that shall be called on response reception or time-out.
* @param[in] aContext A pointer to arbitrary context information.
*
* @retval OT_ERROR_NONE Successfully sent CoAP message.
* @retval OT_ERROR_NO_BUFS Failed to allocate retransmission data.
* @retval OT_ERROR_INVALID_STATE DTLS connection was not initialized.
*
*/
otError otCoapSecureSendRequest(otInstance * aInstance,
otMessage * aMessage,
otCoapResponseHandler aHandler,
void * aContext);
/**
* This function adds a resource to the CoAP Secure server.
*
* @param[in] aInstance A pointer to an OpenThread instance.
* @param[in] aResource A pointer to the resource.
*
*/
void otCoapSecureAddResource(otInstance *aInstance, otCoapResource *aResource);
/**
* This function removes a resource from the CoAP Secure server.
*
* @param[in] aInstance A pointer to an OpenThread instance.
* @param[in] aResource A pointer to the resource.
*
*/
void otCoapSecureRemoveResource(otInstance *aInstance, otCoapResource *aResource);
/**
* This function adds a block-wise resource to the CoAP Secure server.
*
* @param[in] aInstance A pointer to an OpenThread instance.
* @param[in] aResource A pointer to the resource.
*
*/
void otCoapSecureAddBlockWiseResource(otInstance *aInstance, otCoapBlockwiseResource *aResource);
/**
* This function removes a block-wise resource from the CoAP Secure server.
*
* @param[in] aInstance A pointer to an OpenThread instance.
* @param[in] aResource A pointer to the resource.
*
*/
void otCoapSecureRemoveBlockWiseResource(otInstance *aInstance, otCoapBlockwiseResource *aResource);
/**
* This function sets the default handler for unhandled CoAP Secure requests.
*
* @param[in] aInstance A pointer to an OpenThread instance.
* @param[in] aHandler A function pointer that shall be called when an unhandled request arrives.
* @param[in] aContext A pointer to arbitrary context information. May be NULL if not used.
*
*/
void otCoapSecureSetDefaultHandler(otInstance *aInstance, otCoapRequestHandler aHandler, void *aContext);
/**
* This method sets the connected callback to indicate, when
* a Client connect to the CoAP Secure server.
*
* @param[in] aInstance A pointer to an OpenThread instance.
* @param[in] aHandler A pointer to a function that will be called once DTLS connection is established.
* @param[in] aContext A pointer to arbitrary context information. May be NULL if not used.
*
*/
void otCoapSecureSetClientConnectedCallback(otInstance * aInstance,
otHandleCoapSecureClientConnect aHandler,
void * aContext);
/**
* This function sends a CoAP response block-wise from the CoAP Secure server.
*
* This function is available when OPENTHREAD_CONFIG_COAP_BLOCKWISE_TRANSFER_ENABLE configuration
* is enabled.
*
* @param[in] aInstance A pointer to an OpenThread instance.
* @param[in] aMessage A pointer to the CoAP response to send.
* @param[in] aMessageInfo A pointer to the message info associated with @p aMessage.
* @param[in] aContext A pointer to arbitrary context information. May be NULL if not used.
* @param[in] aTransmitHook A function pointer that is called on Block1 request reception.
*
* @retval OT_ERROR_NONE Successfully enqueued the CoAP response message.
* @retval OT_ERROR_NO_BUFS Insufficient buffers available to send the CoAP response.
*
*/
otError otCoapSecureSendResponseBlockWise(otInstance * aInstance,
otMessage * aMessage,
const otMessageInfo * aMessageInfo,
void * aContext,
otCoapBlockwiseTransmitHook aTransmitHook);
/**
* This function sends a CoAP response from the CoAP Secure server.
*
* @param[in] aInstance A pointer to an OpenThread instance.
* @param[in] aMessage A pointer to the CoAP response to send.
* @param[in] aMessageInfo A pointer to the message info associated with @p aMessage.
*
* @retval OT_ERROR_NONE Successfully enqueued the CoAP response message.
* @retval OT_ERROR_NO_BUFS Insufficient buffers available to send the CoAP response.
*
*/
otError otCoapSecureSendResponse(otInstance *aInstance, otMessage *aMessage, const otMessageInfo *aMessageInfo);
/**
* @}
*
*/
#ifdef __cplusplus
} // extern "C"
#endif
#endif /* OPENTHREAD_COAP_SECURE_H_ */