Add write-only socket option to set role for DTLS connection. This
option is irrelevant for TLS connections.
This options accepts and integer with a TLS role, compatible with
mbedTLS values:
0 - client,
1 - server.
By default, DTLS will assume client role.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
- Remove redundant 'n' defaults. 'n' is the default value for bool
symbols.
This makes the auto-generated documentation clearer as well: You get
"implicitly defaults to n" instead of
"- n if <propagated dependencies>".
- Shorten
<type>
prompt "foo"
to
<type> "foo"
This works for all types, not just bool.
- Various formatting nits.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
Add write only TLS secure option to set peer verification level for
TLS connection.
This option accepts an integer with a peer verification
level, compatible with mbedtls values (0 - none, 1 - optional, 2 -
required.
By default, socket mimics mebdTLS behavior - (none for server, required
for client).
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add TLS secure socket option to read a ciphersuite chosen during TLS
handshake. Might be useful during development.
This is a read-only option that returns an integer containing an
IANA assigned ciphersuite identifier of chosen ciphersuite.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add TLS secure socket option that enables to narrow list of ciphersuites
available for TLS connection.
This option accepts an array of integers with IANA assigned ciphersuite
identifiers and returns such.
By default, every statically configured ciphersuite is available for a
socket and getsockopt returns an array of these.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add write-only TLS secure socket option to set hostname.
This option accepts a string containing the hostname. May be NULL, to
disable hostname verification.
By default, an empty string is set as a hostname for TLS clients,
to enforce hostname verification in mbedTLS.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add TLS secure socket option to select TLS credentials to use.
This option accepts and returns an array of sec_tag_t that indicate
which TLS credentials should be used with specific socket.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add TLS credential management subsystem that enables to register TLS
credentials in the system. Once specific credentials are registered in
the system, they will be available for TLS secure sockets to use.
To use a TLS credential with a socket, the following steps have to be
taken:
1. TLS credential has to be registered in a system-wide pool, using the
API provided in "net/tls_credentials.h" header file.
2. TLS credential (and other TLS parameters) should be set on a socket
using setsockopt().
Note, that there is no need to repeat step 1 for different sockets using
the same credentials. Once TLS credential is registered in the system,
it can be used with mulitple sockets, as long as it's not deleted.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
CONFIG_DNS_RESOLVER is the master switch for DNS resolution support,
for both native and socket APIs. Avoid confusing link errors by
compiling out both dns_resolve_name() and getaddrinfo() if that
option is not enabled.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Initial implementation of poll() was more of a proof of concept, so
was coded with a single-thread application in mind. As we move to
sockets as the main networking API, make it possible to use poll()
from different threads.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Implement socket poll function for TLS socket. In addition to regular
poll checks, we have to check if there is some decrypted data pending on
mbedTLS.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add entropy source for mbedTLS. If no entropy driver is available, use
non-secure, software entropy source.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add tls_context structure that stored data required by TLS socket
implementation. This structure is allocated from global pool during
socket creation and freed during socket closure.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Add switch to a socket layer that will enable switching socket API to
TLS secure sockets. At this point there is no secure sockets
implementation, so secure socket calls redirect to regular socket calls.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Bool symbols implicitly default to 'n'.
A 'default n' can make sense e.g. in a Kconfig.defconfig file, if you
want to override a 'default y' on the base definition of the symbol. It
isn't used like that on any of these symbols though.
Remove some 'default ""' properties on string symbols too.
Also make definitions more consistent by converting some
config FOO
<type>
prompt "foo"
definitions to a shorter form:
config FOO
<type> "foo"
This shorthand works for int/hex/string symbols too, not just for bool
symbols.
Signed-off-by: Ulf Magnusson <Ulf.Magnusson@nordicsemi.no>
When dns_get_addr_info() returns an error it does not call the
resolve callback, and thus the semaphore will not be given.
This fix will avoid a deadlock situation for various errors.
Added some small tests for getaddrinfo().
Signed-off-by: Stig Bjørlykke <stig.bjorlykke@nordicsemi.no>
Do not lookup DNS AAAA entries if IPv6 is disabled. The result can not
be used anyway because "struct sockaddr" does not have enough space for
IPv6 address in that case.
Signed-off-by: Stig Bjørlykke <stig.bjorlykke@nordicsemi.no>
Make the service parameter optional in getaddrinfo().
The application should be able to use NULL as service when only
interested in the host lookup.
Signed-off-by: Stig Bjørlykke <stig.bjorlykke@nordicsemi.no>
Add support for MSG_DONTWAIT flag in send() and sendto(). This
aligns with the same flag used in recv() and recvfrom().
Signed-off-by: Stig Bjørlykke <stig.bjorlykke@nordicsemi.no>
Add support for MSG_PEEK flag in recv and recvfrom.
This flag is needed when using non-zephyr embedded applications with
Zephyr's socket API.
Signed-off-by: Stig Bjørlykke <stig.bjorlykke@nordicsemi.no>
Add support for MSG_DONTWAIT flag in recv and recvfrom.
This flag is needed when using non-zephyr embedded applications with
Zephyr's socket API.
Signed-off-by: Stig Bjørlykke <stig.bjorlykke@nordicsemi.no>
Refactor recvfrom code for handling SOCK_DGRAM into zsock_recv_dgram
to align with SOCK_STREAM. Add flags parameter, will be used later.
Signed-off-by: Stig Bjørlykke <stig.bjorlykke@nordicsemi.no>
We use ctx->user_data to hold socket flags. As each call to
net_context_recv() and net_context_send() overwrites its previous
value, we explicitly must pass the current ctx value there.
Without this, non-blocking socket was turned into blocking after
e.g. switching from receiving to sending.
Fixes: #6309
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
If accept callback is called with error, don't treat the context
passed to the callback as a new accepted context.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
We pass normal 1-based mask, and mask invert it before logically
AND'ing with the value. This apparently a mix-up between how the
mask was intended to be passed initially and how it was in the end.
This issue actually didn't have an effect, because currently defined
flags have mutually exclusive lifetime (when "eof" flag is set,
"non-blocking" flag value is no longer import). Anyway, that's a
bug and needs fixing.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Assertions should only be used to check invariants. Things that may
change value in runtime are better left to proper checks.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
The existing implementation assumed DNS resolv callback will be
called just once, but that's not always the case (apparently,
for multi-homes hosts or something). So, apply array bounds
checking (and do pointer arithmetic only after it, as the C
standard otherwise warns of "undefined behavior"). In such a case,
the port number wasn't set in each entry too, so rework how it's
done.
The issues discovered while resolving archive.ubuntu.com.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
In 90b471fe4, there was a change to make k_poll() return EINTR error
if it was cancelled with k_fifo_cancel_wait(). Handle this change, or
otherwise sockets EOF handling was broken.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
If net_context_recv() returns a error, net pkt will not be released. For
example, net_context_recv() returns -EBADF because the TCP connection is
closed by the peer.
Handle the return value instead of using SET_ERRNO().
Signed-off-by: Aska Wu <aska.wu@linaro.org>
Introducing CMake is an important step in a larger effort to make
Zephyr easy to use for application developers working on different
platforms with different development environment needs.
Simplified, this change retains Kconfig as-is, and replaces all
Makefiles with CMakeLists.txt. The DSL-like Make language that KBuild
offers is replaced by a set of CMake extentions. These extentions have
either provided simple one-to-one translations of KBuild features or
introduced new concepts that replace KBuild concepts.
This is a breaking change for existing test infrastructure and build
scripts that are maintained out-of-tree. But for FW itself, no porting
should be necessary.
For users that just want to continue their work with minimal
disruption the following should suffice:
Install CMake 3.8.2+
Port any out-of-tree Makefiles to CMake.
Learn the absolute minimum about the new command line interface:
$ cd samples/hello_world
$ mkdir build && cd build
$ cmake -DBOARD=nrf52_pca10040 ..
$ cd build
$ make
PR: zephyrproject-rtos#4692
docs: http://docs.zephyrproject.org/getting_started/getting_started.html
Signed-off-by: Sebastian Boe <sebastian.boe@nordicsemi.no>
The addrlen of accept() and recvfrom() is a value-result argument. It
should be updated to the actual size of the source address after
calling accept() and recvfrom().
Signed-off-by: Aska Wu <aska.wu@linaro.org>
Due to parameters used, net_context_recv() call cannot fail (it just
installs a callback, no I/O performed).
Coverity-CID: 178247
Fixes: #4581
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
net_context_sendto() returns an error if dest address is NULL.
If dest address is available, net_conext_sendto() should be used.
Otherwise, net_context_send() should be used.
Fixes#4347
Signed-off-by: Aska Wu <aska.wu@linaro.org>
send()/sendto() aren't "front facing" functions, so when user calls
them, context type hopefully should be already validated by other
functions. They are also on critical path of app/network performance,
so getting rid of extra check helps a little bit too. This also
fixes a warning of "err" possibly being used non-initialized.
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
