Question
STM32H5 running DTLS with netXduo
hi, i trying DTLS on netXduo
my goal is TLS and DLTS running independently (STM32H5 is server, PC is client)
so i success mutual TLS(Ver 1.3) but failed DTLS running
i'm in situation that DTLS connection is completed at client but server is not answer about client hello(3 time ignored)
i check variables and found handler pointer is null
- active_dtls_session->nx_secure_dtls_tls_session.nx_secure_session_cipher_handler_server == null
so i guess DTLS initialization was not completed but i don't know what do i do
i attach my code and variables please help me thank you
DTLS_SESSION_CONFIG g_dtls_session_table[1];
#pragma data_alignment=8
NX_SECURE_DTLS_SERVER dtls_server;
typedef struct {
NX_SECURE_DTLS_SESSION sessions[1];
ULONG padding;
UCHAR metadata[32*1024];
} DTLS_MEMORY_BLOCK;
NX_SECURE_DTLS_SESSION *active_dtls_session = NULL;
UCHAR dtls_reassembly_buffer[32*1024];
UCHAR dtls_client_cert_buffer[20*1024];
#pragma data_alignment=8
DTLS_MEMORY_BLOCK dtls_memory;
#pragma data_alignment=8
UCHAR dtls_verify_stack[40*1024]; // Verification workspace for mTLS
UINT dtls_active_flag = 0;
UINT dtls_connected_flag = 0;
static VOID App_UDP_Server_Thread_Entry(ULONG thread_input)
{
UINT status;
NX_PACKET *packet_ptr;
NX_IP *ip_ptr = (NX_IP*)thread_input;
UCHAR data_buffer[1500];
ULONG data_length;
/* Shared variables */
ULONG src_ip;
UINT src_port;
/* --- 1. Resource Initialization --- */
long found_session = 0;
_nx_secure_dtls_initialize();
/* Create DTLS server instance */
status = _nx_secure_dtls_server_create(&dtls_server, ip_ptr, USER_UDP_SERVER_PORT, NX_IP_TIME_TO_LIVE,
dtls_memory.sessions, sizeof(dtls_memory.sessions),
&nx_crypto_tls_ciphers_ecc,
dtls_memory.metadata, sizeof(dtls_memory.metadata),
dtls_reassembly_buffer, sizeof(dtls_reassembly_buffer),
my_dtls_connect_notify, NULL);
if (status == NX_SUCCESS) {
uart_tx_queuePrint_create("[INFO] Server Created. Session Count: %u\r\n", dtls_server.nx_dtls_server_sessions_count);
USHORT group_count = (USHORT)(sizeof(my_supported_groups) / sizeof(USHORT));
_nx_secure_dtls_server_ecc_initialize(&dtls_server, my_supported_groups, group_count, my_curve_methods);
/* Server Cert & Private Key Registration */
status = _nx_secure_x509_certificate_initialize(&server_cert, (UCHAR*)cert_der, cert_len,
NX_NULL, 0, (UCHAR*)key_der, key_len,
NX_SECURE_X509_KEY_TYPE_EC_DER);
if (status == NX_SUCCESS) {
_nx_secure_dtls_server_local_certificate_add(&dtls_server, &server_cert, 1);
}
else{
uart_tx_queuePrint_create("server local certificate add fail! : %u\r\n", status);
}
} else {
uart_tx_queuePrint_create("DTLS Server Create Failed: 0x%02X\r\n", status);
}
while (1)
{
uart_tx_queuePrint_create("UDP/DTLS Server Ready. Waiting for TCP Signal...\r\n");
/* Wait for mTLS (TCP) authentication to complete */
tx_semaphore_get(&UDPSemaphore, TX_WAIT_FOREVER);
/* Reset session active flag for the new connection */
dtls_active_flag = 0;
dtls_connected_flag = 0;
/* --- 2. Bind & Start Phase --- */
_nx_secure_dtls_server_stop(&dtls_server);
for (int i = 0; i < USER_SERVER_MAX_CLIENTS; i++) {
// NX_SECURE_DTLS_SESSION *s = &dtls_server.nx_dtls_server_sessions[i];
NX_SECURE_DTLS_SESSION *s = &dtls_memory.sessions[i];
if (s->nx_secure_dtls_server_parent == NULL) {
s->nx_secure_dtls_server_parent = &dtls_server;
}
s->nx_secure_dtls_tls_session.nx_secure_tls_packet_pool = ip_ptr->nx_ip_default_packet_pool;
}
status = _nx_secure_dtls_server_start(&dtls_server);
uart_tx_queuePrint_create("DTLS Server Started. Listening on port %d...\r\n", dtls_server.nx_dtls_server_udp_socket.nx_udp_socket_port);
if (status != NX_SUCCESS) {
uart_tx_queuePrint_create("Server Start/Bind Failed: 0x%02X\r\n", status);
continue;
}
uart_tx_queuePrint_create("Waiting for DTLS Handshake...\r\n");
while(dtls_connected_flag == 0) {
tx_thread_sleep(1);
}
uart_tx_queuePrint_create("[DTLS] Starting Handshake Session in Thread...\r\n");
status = _nx_secure_dtls_server_session_start(active_dtls_session, NX_WAIT_FOREVER);
if (status != NX_SUCCESS) {
uart_tx_queuePrint_create("[ERROR] DTLS Handshake Failed: 0x%02X\r\n", status);
_nxe_secure_dtls_session_end(active_dtls_session, NX_NO_WAIT);
_nx_secure_dtls_session_reset(active_dtls_session);
dtls_connected_flag = 0;
continue;
}
else {
uart_tx_queuePrint_create("[DTLS] Handshake Success!\r\n");
}
/* --- 3. Unified Data Loop --- */
uart_tx_queuePrint_create("Entering UDP/DTLS Data Loop\r\n");
while (UserTCPSocket.nx_tcp_socket_state == NX_TCP_ESTABLISHED)
{
if (active_dtls_session->nx_secure_dtls_tls_session.nx_secure_session_cipher_handler_server == NULL) {
static ULONG last_warn_time = 0;
if (tx_time_get() - last_warn_time > 200) {
uart_tx_queuePrint_create("[GUARD] Cipher Handler is NULL! (Session: %p)\r\n", active_dtls_session);
last_warn_time = tx_time_get();
}
tx_thread_sleep(10);
//status = _nx_secure_dtls_session_receive(active_dtls_session, &packet_ptr, 20);
continue;
}
packet_ptr = NULL;
status = _nx_secure_dtls_session_receive(active_dtls_session, &packet_ptr, 20);
if (status == NX_SUCCESS)
{
nx_packet_data_retrieve(packet_ptr, data_buffer, &data_length);
if(data_length < sizeof(data_buffer)) data_buffer[data_length] = '\0';
if (dtls_active_flag == 0) {
uart_tx_queuePrint_create("DTLS Handshake Success & Session Active!\r\n");
dtls_active_flag = 1;
}
src_ip = dtls_memory.sessions[0].nx_secure_dtls_remote_ip_address.nxd_ip_address.v4;
src_port = dtls_memory.sessions[0].nx_secure_dtls_remote_port;
uart_tx_queuePrint_create("\n[UDP RX] %lu.%lu.%lu.%lu:%u_%s\r\n",
(src_ip >> 24) & 0xFF, (src_ip >> 16) & 0xFF,
(src_ip >> 8) & 0xFF, (src_ip & 0xFF), src_port, data_buffer);
UDP_Server_Send_Data(&dtls_memory.sessions[0], ip_ptr->nx_ip_default_packet_pool, data_buffer, data_length);
nx_packet_release(packet_ptr);
}
}
/* --- 4. Cleanup --- */
uart_tx_queuePrint_create("Cleaning up UDP/DTLS session...\r\n");
_nxe_secure_dtls_session_end(&dtls_memory.sessions[0], 128);
_nx_secure_dtls_session_reset(&dtls_memory.sessions[0]);
_nx_secure_dtls_server_stop(&dtls_server);
dtls_active_flag = 0;
uart_tx_queuePrint_create("UDP Session Closed due to TCP Disconnect.\r\n");
}
}