From 00a69bf9bb5865eb215920f59631c305ae48a22e Mon Sep 17 00:00:00 2001 From: Robert Lubos Date: Mon, 2 Jul 2018 15:41:22 +0200 Subject: [PATCH] net: socket: Add switch to enable TLS socket option support Add switch to a socket layer that will enable switching socket API to TLS secure sockets. At this point there is no secure sockets implementation, so secure socket calls redirect to regular socket calls. Signed-off-by: Robert Lubos --- include/net/socket.h | 67 +++++++++++++++++++++++++ subsys/net/lib/sockets/CMakeLists.txt | 2 + subsys/net/lib/sockets/Kconfig | 7 +++ subsys/net/lib/sockets/sockets_tls.c | 71 +++++++++++++++++++++++++++ 4 files changed, 147 insertions(+) create mode 100644 subsys/net/lib/sockets/sockets_tls.c diff --git a/include/net/socket.h b/include/net/socket.h index f7890ab1cc0..55d4c88184a 100644 --- a/include/net/socket.h +++ b/include/net/socket.h @@ -76,67 +76,134 @@ int zsock_getaddrinfo(const char *host, const char *service, const struct zsock_addrinfo *hints, struct zsock_addrinfo **res); +#if defined(CONFIG_NET_SOCKETS_SOCKOPT_TLS) + +int ztls_socket(int family, int type, int proto); +int ztls_close(int sock); +int ztls_bind(int sock, const struct sockaddr *addr, socklen_t addrlen); +int ztls_connect(int sock, const struct sockaddr *addr, socklen_t addrlen); +int ztls_listen(int sock, int backlog); +int ztls_accept(int sock, struct sockaddr *addr, socklen_t *addrlen); +ssize_t ztls_send(int sock, const void *buf, size_t len, int flags); +ssize_t ztls_recv(int sock, void *buf, size_t max_len, int flags); +ssize_t ztls_sendto(int sock, const void *buf, size_t len, int flags, + const struct sockaddr *dest_addr, socklen_t addrlen); +ssize_t ztls_recvfrom(int sock, void *buf, size_t max_len, int flags, + struct sockaddr *src_addr, socklen_t *addrlen); +int ztls_fcntl(int sock, int cmd, int flags); +int ztls_poll(struct zsock_pollfd *fds, int nfds, int timeout); + +#endif /* defined(CONFIG_NET_SOCKETS_SOCKOPT_TLS) */ + #if defined(CONFIG_NET_SOCKETS_POSIX_NAMES) static inline int socket(int family, int type, int proto) { +#if defined(CONFIG_NET_SOCKETS_SOCKOPT_TLS) + return ztls_socket(family, type, proto); +#else return zsock_socket(family, type, proto); +#endif /* defined(CONFIG_NET_SOCKETS_SOCKOPT_TLS) */ } static inline int close(int sock) { +#if defined(CONFIG_NET_SOCKETS_SOCKOPT_TLS) + return ztls_close(sock); +#else return zsock_close(sock); +#endif /* defined(CONFIG_NET_SOCKETS_SOCKOPT_TLS) */ } static inline int bind(int sock, const struct sockaddr *addr, socklen_t addrlen) { +#if defined(CONFIG_NET_SOCKETS_SOCKOPT_TLS) + return ztls_bind(sock, addr, addrlen); +#else return zsock_bind(sock, addr, addrlen); +#endif /* defined(CONFIG_NET_SOCKETS_SOCKOPT_TLS) */ } static inline int connect(int sock, const struct sockaddr *addr, socklen_t addrlen) { +#if defined(CONFIG_NET_SOCKETS_SOCKOPT_TLS) + return ztls_connect(sock, addr, addrlen); +#else return zsock_connect(sock, addr, addrlen); +#endif /* defined(CONFIG_NET_SOCKETS_SOCKOPT_TLS) */ } static inline int listen(int sock, int backlog) { +#if defined(CONFIG_NET_SOCKETS_SOCKOPT_TLS) + return ztls_listen(sock, backlog); +#else return zsock_listen(sock, backlog); +#endif /* defined(CONFIG_NET_SOCKETS_SOCKOPT_TLS) */ } static inline int accept(int sock, struct sockaddr *addr, socklen_t *addrlen) { +#if defined(CONFIG_NET_SOCKETS_SOCKOPT_TLS) + return ztls_accept(sock, addr, addrlen); +#else return zsock_accept(sock, addr, addrlen); +#endif /* defined(CONFIG_NET_SOCKETS_SOCKOPT_TLS) */ } static inline ssize_t send(int sock, const void *buf, size_t len, int flags) { +#if defined(CONFIG_NET_SOCKETS_SOCKOPT_TLS) + return ztls_send(sock, buf, len, flags); +#else return zsock_send(sock, buf, len, flags); +#endif /* defined(CONFIG_NET_SOCKETS_SOCKOPT_TLS) */ } static inline ssize_t recv(int sock, void *buf, size_t max_len, int flags) { +#if defined(CONFIG_NET_SOCKETS_SOCKOPT_TLS) + return ztls_recv(sock, buf, max_len, flags); +#else return zsock_recv(sock, buf, max_len, flags); +#endif /* defined(CONFIG_NET_SOCKETS_SOCKOPT_TLS) */ } /* This conflicts with fcntl.h, so code must include fcntl.h before socket.h: */ +#if defined(CONFIG_NET_SOCKETS_SOCKOPT_TLS) +#define fcntl ztls_fcntl +#else #define fcntl zsock_fcntl +#endif /* defined(CONFIG_NET_SOCKETS_SOCKOPT_TLS) */ static inline ssize_t sendto(int sock, const void *buf, size_t len, int flags, const struct sockaddr *dest_addr, socklen_t addrlen) { +#if defined(CONFIG_NET_SOCKETS_SOCKOPT_TLS) + return ztls_sendto(sock, buf, len, flags, dest_addr, addrlen); +#else return zsock_sendto(sock, buf, len, flags, dest_addr, addrlen); +#endif /* defined(CONFIG_NET_SOCKETS_SOCKOPT_TLS) */ } static inline ssize_t recvfrom(int sock, void *buf, size_t max_len, int flags, struct sockaddr *src_addr, socklen_t *addrlen) { +#if defined(CONFIG_NET_SOCKETS_SOCKOPT_TLS) + return ztls_recvfrom(sock, buf, max_len, flags, src_addr, addrlen); +#else return zsock_recvfrom(sock, buf, max_len, flags, src_addr, addrlen); +#endif /* defined(CONFIG_NET_SOCKETS_SOCKOPT_TLS) */ } static inline int poll(struct zsock_pollfd *fds, int nfds, int timeout) { +#if defined(CONFIG_NET_SOCKETS_SOCKOPT_TLS) + return ztls_poll(fds, nfds, timeout); +#else return zsock_poll(fds, nfds, timeout); +#endif /* defined(CONFIG_NET_SOCKETS_SOCKOPT_TLS) */ } #define pollfd zsock_pollfd diff --git a/subsys/net/lib/sockets/CMakeLists.txt b/subsys/net/lib/sockets/CMakeLists.txt index 94ed549b221..a2f1b942d9e 100644 --- a/subsys/net/lib/sockets/CMakeLists.txt +++ b/subsys/net/lib/sockets/CMakeLists.txt @@ -3,3 +3,5 @@ zephyr_sources( getaddrinfo.c sockets.c ) + +zephyr_sources_ifdef(CONFIG_NET_SOCKETS_SOCKOPT_TLS sockets_tls.c) diff --git a/subsys/net/lib/sockets/Kconfig b/subsys/net/lib/sockets/Kconfig index 38e3dbd2a36..12eb1657fd7 100644 --- a/subsys/net/lib/sockets/Kconfig +++ b/subsys/net/lib/sockets/Kconfig @@ -30,6 +30,13 @@ config NET_SOCKETS_POLL_MAX help Maximum number of entries supported for poll() call. +config NET_SOCKETS_SOCKOPT_TLS + bool "Enable TCP TLS socket option support [EXPERIMENTAL]" + default n + help + Enable TLS socket option support which automatically establishes + a TLS connection to the remote host. + config NET_DEBUG_SOCKETS bool "Debug BSD Sockets compatible API calls" default y if NET_LOG_GLOBAL diff --git a/subsys/net/lib/sockets/sockets_tls.c b/subsys/net/lib/sockets/sockets_tls.c new file mode 100644 index 00000000000..5ac79e29e39 --- /dev/null +++ b/subsys/net/lib/sockets/sockets_tls.c @@ -0,0 +1,71 @@ +/* + * Copyright (c) 2018 Intel Corporation + * Copyright (c) 2018 Nordic Semiconductor ASA + * + * SPDX-License-Identifier: Apache-2.0 + */ + +#include +#include + +int ztls_socket(int family, int type, int proto) +{ + return zsock_socket(family, type, proto); +} + +int ztls_close(int sock) +{ + return zsock_close(sock); +} + +int ztls_bind(int sock, const struct sockaddr *addr, socklen_t addrlen) +{ + return zsock_bind(sock, addr, addrlen); +} + +int ztls_connect(int sock, const struct sockaddr *addr, socklen_t addrlen) +{ + return zsock_connect(sock, addr, addrlen); +} + +int ztls_listen(int sock, int backlog) +{ + return zsock_listen(sock, backlog); +} + +int ztls_accept(int sock, struct sockaddr *addr, socklen_t *addrlen) +{ + return zsock_accept(sock, addr, addrlen); +} + +ssize_t ztls_send(int sock, const void *buf, size_t len, int flags) +{ + return zsock_send(sock, buf, len, flags); +} + +ssize_t ztls_recv(int sock, void *buf, size_t max_len, int flags) +{ + return zsock_recv(sock, buf, max_len, flags); +} + +ssize_t ztls_sendto(int sock, const void *buf, size_t len, int flags, + const struct sockaddr *dest_addr, socklen_t addrlen) +{ + return zsock_sendto(sock, buf, len, flags, dest_addr, addrlen); +} + +ssize_t ztls_recvfrom(int sock, void *buf, size_t max_len, int flags, + struct sockaddr *src_addr, socklen_t *addrlen) +{ + return zsock_recvfrom(sock, buf, max_len, flags, src_addr, addrlen); +} + +int ztls_fcntl(int sock, int cmd, int flags) +{ + return zsock_fcntl(sock, cmd, flags); +} + +int ztls_poll(struct zsock_pollfd *fds, int nfds, int timeout) +{ + return zsock_poll(fds, nfds, timeout); +}