FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

STM32H5 running DTLS with netXduo

skim.5
Associate

‎2026-02-18 3:07 PM

hi, i trying DTLS on netXduo

my goal is TLS and DLTS running independently (STM32H5 is server, PC is client)

 

so i success mutual TLS(Ver 1.3) but failed DTLS running

i'm in situation that DTLS connection is completed at client but server is not answer about client hello(3 time ignored)

 

i check variables and found handler pointer is null

 - active_dtls_session->nx_secure_dtls_tls_session.nx_secure_session_cipher_handler_server == null

so i guess DTLS initialization was not completed but i don't know what do i do

 

i attach my code and variables please help me thank you

 

DTLS_SESSION_CONFIG g_dtls_session_table[1];

#pragma data_alignment=8
NX_SECURE_DTLS_SERVER dtls_server;

typedef struct {
    NX_SECURE_DTLS_SESSION sessions[1]; 
    ULONG padding; 
    UCHAR metadata[32*1024]; 
} DTLS_MEMORY_BLOCK;

NX_SECURE_DTLS_SESSION *active_dtls_session = NULL;
UCHAR dtls_reassembly_buffer[32*1024];
UCHAR dtls_client_cert_buffer[20*1024];

#pragma data_alignment=8
DTLS_MEMORY_BLOCK dtls_memory;

#pragma data_alignment=8
UCHAR dtls_verify_stack[40*1024]; // Verification workspace for mTLS

UINT dtls_active_flag = 0;
UINT dtls_connected_flag = 0;

static VOID App_UDP_Server_Thread_Entry(ULONG thread_input)
{
  UINT status;
  NX_PACKET *packet_ptr;
  NX_IP *ip_ptr = (NX_IP*)thread_input;
  UCHAR data_buffer[1500];
  ULONG data_length;

  /* Shared variables */
  ULONG src_ip;
  UINT src_port;

  /* --- 1. Resource Initialization --- */
  long found_session = 0;
  
  _nx_secure_dtls_initialize();

  /* Create DTLS server instance */
  status = _nx_secure_dtls_server_create(&dtls_server, ip_ptr, USER_UDP_SERVER_PORT, NX_IP_TIME_TO_LIVE,
                                          dtls_memory.sessions, sizeof(dtls_memory.sessions), 
                                          &nx_crypto_tls_ciphers_ecc,
                                          dtls_memory.metadata, sizeof(dtls_memory.metadata),
                                          dtls_reassembly_buffer, sizeof(dtls_reassembly_buffer),
                                          my_dtls_connect_notify, NULL);

  if (status == NX_SUCCESS) {
    uart_tx_queuePrint_create("[INFO] Server Created. Session Count: %u\r\n", dtls_server.nx_dtls_server_sessions_count);
    
    USHORT group_count = (USHORT)(sizeof(my_supported_groups) / sizeof(USHORT));
    _nx_secure_dtls_server_ecc_initialize(&dtls_server, my_supported_groups, group_count, my_curve_methods);

    /* Server Cert & Private Key Registration */
    status = _nx_secure_x509_certificate_initialize(&server_cert, (UCHAR*)cert_der, cert_len, 
                                                    NX_NULL, 0, (UCHAR*)key_der, key_len, 
                                                    NX_SECURE_X509_KEY_TYPE_EC_DER);
    if (status == NX_SUCCESS) {
      _nx_secure_dtls_server_local_certificate_add(&dtls_server, &server_cert, 1);
    }
    else{
      uart_tx_queuePrint_create("server local certificate add fail! : %u\r\n", status);
    }
  } else {
    uart_tx_queuePrint_create("DTLS Server Create Failed: 0x%02X\r\n", status);
  }

  while (1)
  {
    uart_tx_queuePrint_create("UDP/DTLS Server Ready. Waiting for TCP Signal...\r\n");
    
    /* Wait for mTLS (TCP) authentication to complete */
    tx_semaphore_get(&UDPSemaphore, TX_WAIT_FOREVER);

    /* Reset session active flag for the new connection */
    dtls_active_flag = 0;
    dtls_connected_flag = 0; 

    /* --- 2. Bind & Start Phase --- */
    _nx_secure_dtls_server_stop(&dtls_server);
    
    for (int i = 0; i < USER_SERVER_MAX_CLIENTS; i++) {
      // NX_SECURE_DTLS_SESSION *s = &dtls_server.nx_dtls_server_sessions[i];
      
      NX_SECURE_DTLS_SESSION *s = &dtls_memory.sessions[i];
      
      if (s->nx_secure_dtls_server_parent == NULL) {
        s->nx_secure_dtls_server_parent = &dtls_server;
      }
      s->nx_secure_dtls_tls_session.nx_secure_tls_packet_pool = ip_ptr->nx_ip_default_packet_pool;
    }
    status = _nx_secure_dtls_server_start(&dtls_server);
    uart_tx_queuePrint_create("DTLS Server Started. Listening on port %d...\r\n", dtls_server.nx_dtls_server_udp_socket.nx_udp_socket_port);

    if (status != NX_SUCCESS) {
      uart_tx_queuePrint_create("Server Start/Bind Failed: 0x%02X\r\n", status);
      continue;
    }
    
    uart_tx_queuePrint_create("Waiting for DTLS Handshake...\r\n");
    
    while(dtls_connected_flag == 0) {
        tx_thread_sleep(1); 
    }
    
    uart_tx_queuePrint_create("[DTLS] Starting Handshake Session in Thread...\r\n");
    status = _nx_secure_dtls_server_session_start(active_dtls_session, NX_WAIT_FOREVER);
    
    if (status != NX_SUCCESS) {
          uart_tx_queuePrint_create("[ERROR] DTLS Handshake Failed: 0x%02X\r\n", status);
          _nxe_secure_dtls_session_end(active_dtls_session, NX_NO_WAIT);
          _nx_secure_dtls_session_reset(active_dtls_session);
          dtls_connected_flag = 0;
          continue; 
    }
    else {
      uart_tx_queuePrint_create("[DTLS] Handshake Success!\r\n");
    }
    
    
    /* --- 3. Unified Data Loop --- */
    uart_tx_queuePrint_create("Entering UDP/DTLS Data Loop\r\n");
    
    while (UserTCPSocket.nx_tcp_socket_state == NX_TCP_ESTABLISHED)
    {
      if (active_dtls_session->nx_secure_dtls_tls_session.nx_secure_session_cipher_handler_server == NULL) {
          static ULONG last_warn_time = 0;
          if (tx_time_get() - last_warn_time > 200) { 
              uart_tx_queuePrint_create("[GUARD] Cipher Handler is NULL! (Session: %p)\r\n", active_dtls_session);
              last_warn_time = tx_time_get();
          }
          tx_thread_sleep(10); 
          //status = _nx_secure_dtls_session_receive(active_dtls_session, &packet_ptr, 20);
          continue; 
      }

      packet_ptr = NULL;
      status = _nx_secure_dtls_session_receive(active_dtls_session, &packet_ptr, 20);

      if (status == NX_SUCCESS)
      {
        nx_packet_data_retrieve(packet_ptr, data_buffer, &data_length);
        if(data_length < sizeof(data_buffer)) data_buffer[data_length] = '\0';
        
        if (dtls_active_flag == 0) {
          uart_tx_queuePrint_create("DTLS Handshake Success & Session Active!\r\n");
          dtls_active_flag = 1; 
        }

        src_ip = dtls_memory.sessions[0].nx_secure_dtls_remote_ip_address.nxd_ip_address.v4;
        src_port = dtls_memory.sessions[0].nx_secure_dtls_remote_port;
        
        uart_tx_queuePrint_create("\n[UDP RX] %lu.%lu.%lu.%lu:%u_%s\r\n", 
                                  (src_ip >> 24) & 0xFF, (src_ip >> 16) & 0xFF,
                                  (src_ip >> 8) & 0xFF, (src_ip & 0xFF), src_port, data_buffer);

        UDP_Server_Send_Data(&dtls_memory.sessions[0], ip_ptr->nx_ip_default_packet_pool, data_buffer, data_length);
        nx_packet_release(packet_ptr);
      }
    }

    /* --- 4. Cleanup --- */
    uart_tx_queuePrint_create("Cleaning up UDP/DTLS session...\r\n");
    _nxe_secure_dtls_session_end(&dtls_memory.sessions[0], 128);
    _nx_secure_dtls_session_reset(&dtls_memory.sessions[0]);
    _nx_secure_dtls_server_stop(&dtls_server);
    dtls_active_flag = 0;
    uart_tx_queuePrint_create("UDP Session Closed due to TCP Disconnect.\r\n");
  }
}
Labels:
0 Kudos
0 REPLIES 0
Top