net: tls: Add DTLS protocol types

Define DTLS protocol types and and Kconfig option to enable DTLS support. Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
2018-08-06 14:31:07 +02:00 · 2018-08-06 14:31:07 +02:00 · 85db974ec3
commit 85db974ec3
parent 8b1f966b12
3 changed files with 13 additions and 5 deletions
--- a/include/net/net_ip.h
+++ b/include/net/net_ip.h
@ -59,6 +59,8 @@ enum net_ip_protocol_secure {
 	IPPROTO_TLS_1_0 = 256,
 	IPPROTO_TLS_1_1 = 257,
 	IPPROTO_TLS_1_2 = 258,
+	IPPROTO_DTLS_1_0 = 272,
+	IPPROTO_DTLS_1_2 = 273,
 };

 /** Socket type */
--- a/subsys/net/lib/sockets/Kconfig
+++ b/subsys/net/lib/sockets/Kconfig
@ -36,6 +36,13 @@ config NET_SOCKETS_SOCKOPT_TLS
 	  Enable TLS socket option support which automatically establishes
 	  a TLS connection to the remote host.

+config NET_SOCKETS_ENABLE_DTLS
+	bool "Enable DTLS socket support [EXPERIMENTAL]"
+	depends on NET_SOCKETS_SOCKOPT_TLS
+	select TLS_DTLS
+	help
+	  Enable DTLS socket support. By default only TLS over TCP is supported.
+
 config NET_SOCKETS_TLS_MAX_CONTEXTS
 	int "Maximum number of TLS/DTLS contexts"
 	default 1
--- a/subsys/net/lib/sockets/sockets_tls.c
+++ b/subsys/net/lib/sockets/sockets_tls.c
@ -738,15 +738,14 @@ int ztls_socket(int family, int type, int proto)
 	enum net_ip_protocol_secure tls_proto = 0;
 	int sock, ret, err;

-	if (proto  >= IPPROTO_TLS_1_0 && proto <= IPPROTO_TLS_1_2) {
-		/* Currently DTLS is not supported,
-		 * so do not allow to create datagram socket
-		 */
+	if ((proto >= IPPROTO_TLS_1_0 && proto <= IPPROTO_TLS_1_2) ||
+	    (proto >= IPPROTO_DTLS_1_0 && proto <= IPPROTO_DTLS_1_2)) {
+#if !defined(CONFIG_NET_SOCKETS_ENABLE_DTLS)
 		if (type == SOCK_DGRAM) {
 			errno = ENOTSUP;
 			return -1;
 		}
-
+#endif
 		tls_proto = proto;
 		proto = (type == SOCK_STREAM) ? IPPROTO_TCP : IPPROTO_UDP;
 	}