Loading...
Searching...
No Matches
Public Types |
Public Member Functions |
Private Member Functions |
Private Attributes |
List of all members
kcenon::network::internal::dtls_socket Class Reference
A wrapper around ASIO UDP socket with OpenSSL DTLS encryption. More...
#include <dtls_socket.h>
Inheritance diagram for kcenon::network::internal::dtls_socket:
Collaboration diagram for kcenon::network::internal::dtls_socket:
Public Types | |
| enum class | handshake_type { client , server } |
| Handshake type enumeration. More... | |
Public Member Functions | |
| dtls_socket (asio::ip::udp::socket socket, SSL_CTX *ssl_ctx) | |
Constructs a dtls_socket with an existing UDP socket. | |
| ~dtls_socket () | |
| Destructor. Cleans up OpenSSL resources. | |
| dtls_socket (const dtls_socket &)=delete | |
| dtls_socket & | operator= (const dtls_socket &)=delete |
| dtls_socket (dtls_socket &&)=delete | |
| dtls_socket & | operator= (dtls_socket &&)=delete |
| auto | async_handshake (handshake_type type, std::function< void(std::error_code)> handler) -> void |
| Performs asynchronous DTLS handshake. | |
| auto | set_receive_callback (std::function< void(const std::vector< uint8_t > &, const asio::ip::udp::endpoint &)> callback) -> void |
| Sets a callback to receive decrypted inbound datagrams. | |
| auto | set_error_callback (std::function< void(std::error_code)> callback) -> void |
| Sets a callback to handle socket errors. | |
| auto | start_receive () -> void |
| Begins the continuous asynchronous receive loop. | |
| auto | stop_receive () -> void |
| Stops the receive loop. | |
| auto | async_send (std::vector< uint8_t > &&data, std::function< void(std::error_code, std::size_t)> handler) -> void |
| Initiates an asynchronous encrypted send. | |
| auto | async_send_to (std::vector< uint8_t > &&data, const asio::ip::udp::endpoint &endpoint, std::function< void(std::error_code, std::size_t)> handler) -> void |
| Initiates an asynchronous encrypted send to a specific endpoint. | |
| auto | set_peer_endpoint (const asio::ip::udp::endpoint &endpoint) -> void |
| Sets the peer endpoint for connected mode. | |
| auto | peer_endpoint () const -> asio::ip::udp::endpoint |
| Returns the peer endpoint. | |
| auto | socket () -> asio::ip::udp::socket & |
| Provides direct access to the underlying UDP socket. | |
| auto | is_handshake_complete () const -> bool |
| Checks if the DTLS handshake is complete. | |
Private Member Functions | |
| auto | do_receive () -> void |
| Internal function to handle the receive logic. | |
| auto | process_received_data (const std::vector< uint8_t > &data, const asio::ip::udp::endpoint &sender) -> void |
| Processes received encrypted data through DTLS. | |
| auto | flush_bio_output () -> void |
| Flushes pending DTLS output to the network. | |
| auto | continue_handshake () -> void |
| Continues the handshake process. | |
| auto | make_ssl_error () const -> std::error_code |
| Creates an OpenSSL error code from the current error state. | |
Private Attributes | |
| asio::ip::udp::socket | socket_ |
| asio::ip::udp::endpoint | peer_endpoint_ |
| asio::ip::udp::endpoint | sender_endpoint_ |
| SSL_CTX * | ssl_ctx_ |
| SSL * | ssl_ |
| BIO * | rbio_ |
| BIO * | wbio_ |
| std::array< uint8_t, 65536 > | read_buffer_ |
| std::mutex | ssl_mutex_ |
| std::mutex | callback_mutex_ |
| std::mutex | endpoint_mutex_ |
| std::function< void(const std::vector< uint8_t > &, const asio::ip::udp::endpoint &)> | receive_callback_ |
| std::function< void(std::error_code)> | error_callback_ |
| std::function< void(std::error_code)> | handshake_callback_ |
| std::atomic< bool > | is_receiving_ {false} |
| std::atomic< bool > | handshake_complete_ {false} |
| std::atomic< bool > | handshake_in_progress_ {false} |
| handshake_type | handshake_type_ {handshake_type::client} |
Detailed Description
A wrapper around ASIO UDP socket with OpenSSL DTLS encryption.
Key Features
- Provides DTLS (Datagram TLS) encryption over UDP transport.
- Uses OpenSSL's DTLS implementation with memory BIOs for async I/O.
- Exposes
set_receive_callback()to handle decrypted inbound datagrams andset_error_callback()for error handling. start_receive()begins an ongoing loop of receiving encrypted datagrams.async_send()encrypts and sends data to the configured peer.
Thread Safety
- All public methods are thread-safe. Callback registration is protected by callback_mutex_.
- ASIO operations are serialized through the io_context.
- OpenSSL operations are protected by ssl_mutex_.
- The provided callbacks will be invoked on an ASIO worker thread; ensure that your callback logic is thread-safe if it shares data.
DTLS Characteristics
- Provides confidentiality and integrity for UDP datagrams.
- Handles packet loss and reordering during handshake.
- Message boundaries are preserved (each receive is one datagram).
- Suitable for real-time applications requiring encryption.
Definition at line 48 of file dtls_socket.h.
Member Enumeration Documentation
◆ handshake_type
|
strong |
Handshake type enumeration.
| Enumerator | |
|---|---|
| client | Client-side handshake |
| server | Server-side handshake |
Definition at line 54 of file dtls_socket.h.
Constructor & Destructor Documentation
◆ dtls_socket() [1/3]
| kcenon::network::internal::dtls_socket::dtls_socket | ( | asio::ip::udp::socket | socket, |
| SSL_CTX * | ssl_ctx ) |
Constructs a dtls_socket with an existing UDP socket.
- Parameters
-
socket An asio::ip::udp::socketthat must be open.ssl_ctx The OpenSSL SSL_CTX configured for DTLS.
The socket should be connected (for client) or bound (for server) before calling handshake methods.
Definition at line 42 of file dtls_socket.cpp.
44 , ssl_ctx_(ssl_ctx)
48{
49 // Create SSL object
52 {
53 throw std::runtime_error("Failed to create SSL object");
54 }
55
56 // Create memory BIOs for non-blocking I/O
57 rbio_ = BIO_new(BIO_s_mem());
58 wbio_ = BIO_new(BIO_s_mem());
60 {
63 SSL_free(ssl_);
64 throw std::runtime_error("Failed to create BIO objects");
65 }
66
67 // Set BIOs to non-blocking mode
68 BIO_set_nbio(rbio_, 1);
69 BIO_set_nbio(wbio_, 1);
70
71 // Connect BIOs to SSL object (SSL takes ownership)
73
74 // Enable DTLS cookie exchange for servers (DoS protection)
75 // This is optional and can be configured later
76}
asio::ip::udp::socket socket_
Definition dtls_socket.h:213
auto socket() -> asio::ip::udp::socket &
Provides direct access to the underlying UDP socket.
Definition dtls_socket.h:171
◆ ~dtls_socket()
| kcenon::network::internal::dtls_socket::~dtls_socket | ( | ) |
Destructor. Cleans up OpenSSL resources.
Definition at line 78 of file dtls_socket.cpp.
79{
80 stop_receive();
81
83 {
84 SSL_shutdown(ssl_);
86 }
87}
References ssl_, and stop_receive().
Here is the call graph for this function:
◆ dtls_socket() [2/3]
|
delete |
◆ dtls_socket() [3/3]
|
delete |
Member Function Documentation
◆ async_handshake()
| auto kcenon::network::internal::dtls_socket::async_handshake | ( | handshake_type | type, |
| std::function< void(std::error_code)> | handler ) -> void |
Performs asynchronous DTLS handshake.
- Parameters
-
type Handshake type (client or server) handler Completion handler with signature void(std::error_code)
Must be called before start_receive() or async_send(). The handshake involves multiple round-trips over UDP.
Definition at line 89 of file dtls_socket.cpp.
92{
93 handshake_type_ = type;
94 handshake_callback_ = std::move(handler);
96
97 {
98 std::lock_guard<std::mutex> lock(ssl_mutex_);
99
101 {
102 SSL_set_connect_state(ssl_);
103 }
104 else
105 {
106 SSL_set_accept_state(ssl_);
107 }
108 }
109
110 // Start receiving for handshake packets
111 start_receive();
112
113 // Initiate handshake
114 continue_handshake();
115}
std::atomic< bool > handshake_in_progress_
Definition dtls_socket.h:237
handshake_type handshake_type_
Definition dtls_socket.h:238
std::function< void(std::error_code)> handshake_callback_
Definition dtls_socket.h:233
auto start_receive() -> void
Begins the continuous asynchronous receive loop.
Definition dtls_socket.cpp:197
◆ async_send()
| auto kcenon::network::internal::dtls_socket::async_send | ( | std::vector< uint8_t > && | data, |
| std::function< void(std::error_code, std::size_t)> | handler ) -> void |
Initiates an asynchronous encrypted send.
- Parameters
-
data The plaintext data to encrypt and send (moved for efficiency). handler A completion handler with signature void(std::error_code, std::size_t)invoked upon completion.
The data is encrypted using DTLS before transmission.
- Note
- Data is moved (not copied) to avoid memory allocation overhead.
Definition at line 371 of file dtls_socket.cpp.
374{
375 asio::ip::udp::endpoint target;
376 {
377 std::lock_guard<std::mutex> lock(endpoint_mutex_);
378 target = peer_endpoint_;
379 }
380
381 async_send_to(std::move(data), target, std::move(handler));
382}
asio::ip::udp::endpoint peer_endpoint_
Definition dtls_socket.h:214
std::mutex endpoint_mutex_
Definition dtls_socket.h:226
auto async_send_to(std::vector< uint8_t > &&data, const asio::ip::udp::endpoint &endpoint, std::function< void(std::error_code, std::size_t)> handler) -> void
Initiates an asynchronous encrypted send to a specific endpoint.
Definition dtls_socket.cpp:384
◆ async_send_to()
| auto kcenon::network::internal::dtls_socket::async_send_to | ( | std::vector< uint8_t > && | data, |
| const asio::ip::udp::endpoint & | endpoint, | ||
| std::function< void(std::error_code, std::size_t)> | handler ) -> void |
Initiates an asynchronous encrypted send to a specific endpoint.
- Parameters
-
data The plaintext data to encrypt and send (moved for efficiency). endpoint The target endpoint. handler A completion handler invoked upon completion.
Useful for server responding to different clients.
Definition at line 384 of file dtls_socket.cpp.
388{
390 {
391 if (handler)
392 {
393 handler(std::make_error_code(std::errc::not_connected), 0);
394 }
395 return;
396 }
397
398 // Encrypt the data
399 int written;
400 {
401 std::lock_guard<std::mutex> lock(ssl_mutex_);
403 }
404
405 if (written <= 0)
406 {
407 if (handler)
408 {
409 handler(make_ssl_error(), 0);
410 }
411 return;
412 }
413
414 // Get encrypted data from write BIO
415 std::vector<uint8_t> encrypted;
416 {
417 std::lock_guard<std::mutex> lock(ssl_mutex_);
419 if (pending <= 0)
420 {
421 if (handler)
422 {
423 handler(std::make_error_code(std::errc::io_error), 0);
424 }
425 return;
426 }
427
428 encrypted.resize(static_cast<std::size_t>(pending));
430 if (read_len <= 0)
431 {
432 if (handler)
433 {
434 handler(std::make_error_code(std::errc::io_error), 0);
435 }
436 return;
437 }
438 encrypted.resize(static_cast<std::size_t>(read_len));
439 }
440
441 // Send encrypted data
442 auto self = shared_from_this();
443 auto buffer = std::make_shared<std::vector<uint8_t>>(std::move(encrypted));
445
446 socket_.async_send_to(
447 asio::buffer(*buffer),
448 endpoint,
449 [handler = std::move(handler), buffer, original_size](
450 std::error_code ec, std::size_t /*bytes_sent*/)
451 {
452 if (handler)
453 {
454 // Report original (plaintext) size to the handler
455 handler(ec, ec ? 0 : original_size);
456 }
457 });
458}
std::atomic< bool > handshake_complete_
Definition dtls_socket.h:236
auto make_ssl_error() const -> std::error_code
Creates an OpenSSL error code from the current error state.
Definition dtls_socket.cpp:472
◆ continue_handshake()
|
private |
Continues the handshake process.
Definition at line 117 of file dtls_socket.cpp.
118{
120 {
121 return;
122 }
123
124 int result;
125 {
126 std::lock_guard<std::mutex> lock(ssl_mutex_);
127 result = SSL_do_handshake(ssl_);
128 }
129
130 if (result == 1)
131 {
132 // Handshake complete
135
136 // Flush any remaining output
137 flush_bio_output();
138
139 std::function<void(std::error_code)> callback;
140 {
141 std::lock_guard<std::mutex> lock(callback_mutex_);
142 callback = std::move(handshake_callback_);
143 }
144
145 if (callback)
146 {
147 callback(std::error_code{});
148 }
149 return;
150 }
151
152 int ssl_error;
153 {
154 std::lock_guard<std::mutex> lock(ssl_mutex_);
155 ssl_error = SSL_get_error(ssl_, result);
156 }
157
158 // Flush any output generated by the handshake
159 flush_bio_output();
160
161 if (ssl_error == SSL_ERROR_WANT_READ || ssl_error == SSL_ERROR_WANT_WRITE)
162 {
163 // Need more data - continue receiving
164 return;
165 }
166
167 // Handshake failed
169
170 std::function<void(std::error_code)> callback;
171 {
172 std::lock_guard<std::mutex> lock(callback_mutex_);
173 callback = std::move(handshake_callback_);
174 }
175
176 if (callback)
177 {
178 callback(make_ssl_error());
179 }
180}
std::mutex callback_mutex_
Definition dtls_socket.h:225
auto flush_bio_output() -> void
Flushes pending DTLS output to the network.
Definition dtls_socket.cpp:330
◆ do_receive()
|
private |
Internal function to handle the receive logic.
Definition at line 211 of file dtls_socket.cpp.
212{
214 {
215 return;
216 }
217
218 auto self = shared_from_this();
219 socket_.async_receive_from(
220 asio::buffer(read_buffer_),
221 sender_endpoint_,
222 [this, self](std::error_code ec, std::size_t length)
223 {
225 {
226 return;
227 }
228
229 if (ec)
230 {
231 std::function<void(std::error_code)> callback;
232 {
233 std::lock_guard<std::mutex> lock(callback_mutex_);
234 callback = error_callback_;
235 }
236 if (callback)
237 {
238 callback(ec);
239 }
240 return;
241 }
242
243 if (length > 0)
244 {
246 read_buffer_.begin() + length);
248 }
249
250 // Continue receiving
252 {
253 do_receive();
254 }
255 });
256}
std::array< uint8_t, 65536 > read_buffer_
Definition dtls_socket.h:222
asio::ip::udp::endpoint sender_endpoint_
Definition dtls_socket.h:215
auto process_received_data(const std::vector< uint8_t > &data, const asio::ip::udp::endpoint &sender) -> void
Processes received encrypted data through DTLS.
Definition dtls_socket.cpp:258
std::function< void(std::error_code)> error_callback_
Definition dtls_socket.h:231
auto do_receive() -> void
Internal function to handle the receive logic.
Definition dtls_socket.cpp:211
std::atomic< bool > is_receiving_
Definition dtls_socket.h:235
◆ flush_bio_output()
|
private |
Flushes pending DTLS output to the network.
Definition at line 330 of file dtls_socket.cpp.
331{
332 // Check if there's data to send in the write BIO
333 std::vector<uint8_t> output;
334 {
335 std::lock_guard<std::mutex> lock(ssl_mutex_);
337 if (pending <= 0)
338 {
339 return;
340 }
341
342 output.resize(static_cast<std::size_t>(pending));
344 if (read_len <= 0)
345 {
346 return;
347 }
348 output.resize(static_cast<std::size_t>(read_len));
349 }
350
351 // Send the encrypted data
352 asio::ip::udp::endpoint target;
353 {
354 std::lock_guard<std::mutex> lock(endpoint_mutex_);
355 target = peer_endpoint_;
356 }
357
358 if (target.port() != 0)
359 {
360 auto buffer = std::make_shared<std::vector<uint8_t>>(std::move(output));
361 socket_.async_send_to(
362 asio::buffer(*buffer),
363 target,
364 [buffer](std::error_code /*ec*/, std::size_t /*bytes*/)
365 {
366 // Fire and forget for handshake messages
367 });
368 }
369}
◆ is_handshake_complete()
|
inline |
Checks if the DTLS handshake is complete.
- Returns
- true if handshake completed successfully.
Definition at line 177 of file dtls_socket.h.
References handshake_complete_.
◆ make_ssl_error()
|
private |
Creates an OpenSSL error code from the current error state.
- Returns
- std::error_code representing the SSL error.
Definition at line 472 of file dtls_socket.cpp.
473{
474 unsigned long err = ERR_get_error();
475 if (err == 0)
476 {
477 return std::make_error_code(std::errc::io_error);
478 }
479 return make_ssl_error_code(static_cast<int>(err));
480}
◆ operator=() [1/2]
|
delete |
◆ operator=() [2/2]
|
delete |
◆ peer_endpoint()
| auto kcenon::network::internal::dtls_socket::peer_endpoint | ( | ) | const -> asio::ip::udp::endpoint |
Returns the peer endpoint.
- Returns
- The configured peer endpoint.
Definition at line 466 of file dtls_socket.cpp.
467{
470}
References endpoint_mutex_, and peer_endpoint_.
◆ process_received_data()
|
private |
Processes received encrypted data through DTLS.
- Parameters
-
data The encrypted datagram. sender The sender's endpoint.
Definition at line 258 of file dtls_socket.cpp.
260{
261 // Write received data to the read BIO
262 {
263 std::lock_guard<std::mutex> lock(ssl_mutex_);
265 if (written <= 0)
266 {
267 // BIO write failed
268 return;
269 }
270 }
271
272 // If handshake is in progress, continue it
274 {
275 continue_handshake();
276 return;
277 }
278
279 // Handshake complete, try to read decrypted data
281 {
282 std::vector<uint8_t> decrypted;
283 decrypted.resize(65536);
284
285 int read_len;
286 {
287 std::lock_guard<std::mutex> lock(ssl_mutex_);
289 }
290
291 if (read_len > 0)
292 {
293 decrypted.resize(static_cast<std::size_t>(read_len));
294
295 std::function<void(const std::vector<uint8_t>&, const asio::ip::udp::endpoint&)> callback;
296 {
297 std::lock_guard<std::mutex> lock(callback_mutex_);
298 callback = receive_callback_;
299 }
300 if (callback)
301 {
302 callback(decrypted, sender);
303 }
304 }
305 else
306 {
307 int ssl_error;
308 {
309 std::lock_guard<std::mutex> lock(ssl_mutex_);
310 ssl_error = SSL_get_error(ssl_, read_len);
311 }
312
313 if (ssl_error != SSL_ERROR_WANT_READ && ssl_error != SSL_ERROR_WANT_WRITE)
314 {
315 // Real error
316 std::function<void(std::error_code)> callback;
317 {
318 std::lock_guard<std::mutex> lock(callback_mutex_);
319 callback = error_callback_;
320 }
321 if (callback)
322 {
323 callback(make_ssl_error());
324 }
325 }
326 }
327 }
328}
std::function< void(const std::vector< uint8_t > &, const asio::ip::udp::endpoint &)> receive_callback_
Definition dtls_socket.h:229
◆ set_error_callback()
| auto kcenon::network::internal::dtls_socket::set_error_callback | ( | std::function< void(std::error_code)> | callback | ) | -> void |
Sets a callback to handle socket errors.
- Parameters
-
callback A function with signature void(std::error_code), invoked when any asynchronous operation fails.
If no callback is set, errors are not explicitly handled here.
Definition at line 190 of file dtls_socket.cpp.
192{
193 std::lock_guard<std::mutex> lock(callback_mutex_);
194 error_callback_ = std::move(callback);
195}
◆ set_peer_endpoint()
| auto kcenon::network::internal::dtls_socket::set_peer_endpoint | ( | const asio::ip::udp::endpoint & | endpoint | ) | -> void |
Sets the peer endpoint for connected mode.
- Parameters
-
endpoint The peer's UDP endpoint.
Definition at line 460 of file dtls_socket.cpp.
◆ set_receive_callback()
| auto kcenon::network::internal::dtls_socket::set_receive_callback | ( | std::function< void(const std::vector< uint8_t > &, const asio::ip::udp::endpoint &)> | callback | ) | -> void |
Sets a callback to receive decrypted inbound datagrams.
- Parameters
-
callback A function with signature void(const std::vector<uint8_t>&, const asio::ip::udp::endpoint&), called whenever a datagram is successfully received and decrypted.
If no callback is set, received data is effectively discarded.
Definition at line 182 of file dtls_socket.cpp.
185{
186 std::lock_guard<std::mutex> lock(callback_mutex_);
187 receive_callback_ = std::move(callback);
188}
◆ socket()
|
inline |
Provides direct access to the underlying UDP socket.
- Returns
- A reference to the wrapped
asio::ip::udp::socket.
Definition at line 171 of file dtls_socket.h.
References socket_.
◆ start_receive()
| auto kcenon::network::internal::dtls_socket::start_receive | ( | ) | -> void |
Begins the continuous asynchronous receive loop.
Once called, the class repeatedly receives encrypted datagrams, decrypts them, and invokes the receive callback. If an error occurs, the error callback is triggered.
Definition at line 197 of file dtls_socket.cpp.
◆ stop_receive()
| auto kcenon::network::internal::dtls_socket::stop_receive | ( | ) | -> void |
Stops the receive loop.
Definition at line 206 of file dtls_socket.cpp.
Referenced by ~dtls_socket().
Here is the caller graph for this function:
Member Data Documentation
◆ callback_mutex_
|
private |
Protects callback registration.
Definition at line 225 of file dtls_socket.h.
◆ endpoint_mutex_
|
private |
Protects endpoint access.
Definition at line 226 of file dtls_socket.h.
Referenced by peer_endpoint().
◆ error_callback_
|
private |
Error callback.
Definition at line 231 of file dtls_socket.h.
◆ handshake_callback_
|
private |
Handshake completion callback.
Definition at line 233 of file dtls_socket.h.
◆ handshake_complete_
|
private |
Handshake completed flag.
Definition at line 236 of file dtls_socket.h.
236{false};
Referenced by is_handshake_complete().
◆ handshake_in_progress_
|
private |
◆ handshake_type_
|
private |
◆ is_receiving_
|
private |
◆ peer_endpoint_
|
private |
Peer endpoint for connected mode.
Definition at line 214 of file dtls_socket.h.
Referenced by peer_endpoint().
◆ rbio_
|
private |
◆ read_buffer_
|
private |
Buffer for receiving datagrams.
Definition at line 222 of file dtls_socket.h.
◆ receive_callback_
|
private |
Inbound data callback.
Definition at line 229 of file dtls_socket.h.
◆ sender_endpoint_
|
private |
Sender endpoint for receives.
Definition at line 215 of file dtls_socket.h.
◆ socket_
|
private |
◆ ssl_
|
private |
OpenSSL SSL object.
Definition at line 218 of file dtls_socket.h.
Referenced by dtls_socket(), and ~dtls_socket().
◆ ssl_ctx_
|
private |
OpenSSL context (not owned).
Definition at line 217 of file dtls_socket.h.
Referenced by dtls_socket().
◆ ssl_mutex_
|
private |
Protects SSL operations.
Definition at line 224 of file dtls_socket.h.
◆ wbio_
|
private |
The documentation for this class was generated from the following files:
- src/internal/tcp/dtls_socket.h
- src/internal/dtls_socket.cpp
