diff --git a/.github/workflows/module.yml b/.github/workflows/module.yml index b4d5fcf..a55f133 100644 --- a/.github/workflows/module.yml +++ b/.github/workflows/module.yml @@ -44,19 +44,17 @@ jobs: # ERROR - qemu_cortex_m3 subsys.greybus.gpio FAILED: Exited with 2 ${WS}/tools/net-tools/loop-socat.sh & - # Disabled to du alignment issues on x86_64 - #- name: GPIO - # timeout-minutes: 5 - # run: | - # cd ${ZEPHYR_BASE} - # west build -b native_posix_64 -p always ${GB}/tests/subsys/greybus/gpio - # ./build/zephyr/zephyr.exe - - - name: GPIO (qemu) + - name: GPIO run: | cd ${ZEPHYR_BASE} twister -i -p qemu_cortex_m3 -T ${GB}/tests/subsys/greybus/gpio + - name: GPIO (TLS) + timeout-minutes: 5 + run: | + cd ${ZEPHYR_BASE} + twister -i -p mps2_an385 -T ${GB}/tests/subsys/greybus/gpio + - name: native_posix_64 [tcp] [gpio] run: | cd ${ZEPHYR_BASE} diff --git a/samples/subsys/greybus/net/prj.conf b/samples/subsys/greybus/net/prj.conf index 963ff23..6c2bb0c 100644 --- a/samples/subsys/greybus/net/prj.conf +++ b/samples/subsys/greybus/net/prj.conf @@ -1,16 +1,15 @@ -#CONFIG_MINIMAL_LIBC_MALLOC_ARENA_SIZE=16384 CONFIG_HEAP_MEM_POOL_SIZE=16384 -CONFIG_NET_HOSTNAME_ENABLE=y -CONFIG_DNS_SD=y CONFIG_NEWLIB_LIBC=y -# Greybus options +# Greybus options and dependencies CONFIG_GREYBUS=y CONFIG_GREYBUS_CONTROL=y +CONFIG_PTHREAD_IPC=y +CONFIG_PTHREAD_DYNAMIC_STACK=y +CONFIG_THREAD_NAME=y # Console options CONFIG_CONSOLE_SUBSYS=y -CONFIG_CONSOLE_GETCHAR=y # Generic networking options CONFIG_NETWORKING=y @@ -26,6 +25,8 @@ CONFIG_NET_CONNECTION_MANAGER=y CONFIG_NET_MAX_CONN=16 # Service advertisement options +CONFIG_DNS_SD=y +CONFIG_NET_HOSTNAME_ENABLE=y CONFIG_MDNS_RESPONDER=y CONFIG_MDNS_RESPONDER_DNS_SD=y diff --git a/subsys/greybus/CMakeLists.txt b/subsys/greybus/CMakeLists.txt index 1eb965c..fb006cd 100644 --- a/subsys/greybus/CMakeLists.txt +++ b/subsys/greybus/CMakeLists.txt @@ -15,6 +15,7 @@ zephyr_library_sources( platform/platform.c platform/service.c + platform/certificate.c platform/bundle.c platform/bus.c @@ -25,7 +26,7 @@ zephyr_library_sources( qsort.c ) -if(${CONFIG_GREYBUS_MANIFEST_BUILTIN}) +if(CONFIG_GREYBUS_MANIFEST_BUILTIN) devicetree_unfixed_h_to_mnfs( ${PROJECT_BINARY_DIR}/include/generated/devicetree_unfixed.h @@ -44,6 +45,30 @@ if(${CONFIG_GREYBUS_MANIFEST_BUILTIN}) ) endif() +if(CONFIG_GREYBUS_TLS_BUILTIN) + set(gen_dir ${ZEPHYR_BINARY_DIR}/include/generated/) + + if(CONFIG_GREYBUS_TLS_CLIENT_VERIFY_OPTIONAL OR CONFIG_GREYBUS_TLS_CLIENT_VERIFY_REQUIRED) + generate_inc_file_for_target( + app + ${CONFIG_GREYBUS_TLS_BUILTIN_CA_CERT} + ${gen_dir}/greybus_tls_builtin_ca_cert.inc + ) + endif() + + generate_inc_file_for_target( + app + ${CONFIG_GREYBUS_TLS_BUILTIN_SERVER_CERT} + ${gen_dir}/greybus_tls_builtin_server_cert.inc + ) + + generate_inc_file_for_target( + app + ${CONFIG_GREYBUS_TLS_BUILTIN_SERVER_PRIVKEY} + ${gen_dir}/greybus_tls_builtin_server_privkey.inc + ) +endif() + zephyr_library_sources_ifdef(CONFIG_GREYBUS_XPORT_TCPIP platform/transport-tcpip.c) zephyr_library_sources_ifdef(CONFIG_GREYBUS_XPORT_UART platform/transport-uart.c) zephyr_library_sources_ifdef(CONFIG_GREYBUS_CONTROL control-gpb.c) diff --git a/subsys/greybus/Kconfig b/subsys/greybus/Kconfig index 1732dcb..7dce701 100644 --- a/subsys/greybus/Kconfig +++ b/subsys/greybus/Kconfig @@ -6,10 +6,8 @@ menuconfig GREYBUS bool "Greybus" - select PTHREAD_IPC - depends on !NET_HOSTNAME_ENABLE || (NET_HOSTNAME_ENABLE && NETWORKING) - select THREAD_NAME - select PTHREAD_DYNAMIC_STACK + depends on PTHREAD_DYNAMIC_STACK + depends on PTHREAD_IPC help This option enables Greybus support. @@ -29,17 +27,113 @@ config GREYBUS_MANIFEST_BUILTIN data. endchoice +config GREYBUS_ENABLE_TLS + bool "Use Transport Layer Security (TLS)" + depends on TLS_CREDENTIALS + help + Choose this option to use industry standard + TLS 1.2 authentication and encryption with + Greybus. + +if GREYBUS_ENABLE_TLS + +config GREYBUS_TLS_HOSTNAME + string "The hostname to use for TLS connections" + default "localhost" + help + This is the hostname that is presented to TLS clients + as specified in the TLS certificate. Currently there + is not a convenient programmatic way to extract this + information from the TLS certificate at runtime, and + so it must be manually specified. + + This has nothing to do with the values of + CONFIG_NET_HOSTNAME or CONFIG_NET_HOSTNAME_ENABLE. + +choice + prompt "How shall the Greybus server verify clients?" + default GREYBUS_TLS_CLIENT_VERIFY_REQUIRED + +config GREYBUS_TLS_CLIENT_VERIFY_NONE + bool "No Client Verification" + help + Choose this option so that Greybus never attmpts to verify + client credentials. This option is insecure. + + If unsure, say N here. + +config GREYBUS_TLS_CLIENT_VERIFY_OPTIONAL + bool "Optional Client Verification" + help + Choose this option so that Greybus only attmpts to verify + client credentials if they provide them. This option is + insecure. + + If unsure, say N here. + +config GREYBUS_TLS_CLIENT_VERIFY_REQUIRED + bool "Required Client Verification" + help + Choose this option so that Greybus requires clients to present + verifiable credentials. This is the only secure option. + + If unsure, say Y here. +endchoice + +choice + prompt "How will TLS credentials be supplied?" + default GREYBUS_TLS_BUILTIN + +config GREYBUS_TLS_BUILTIN + bool "Compile certificates into the application" + help + This option compiles all certificates into the application + by converting the specified files into C arrays. + + Note, security may be compromised if an attacker has + physical access to the device. As such this option is insecure. +endchoice + +if GREYBUS_TLS_BUILTIN +config GREYBUS_TLS_BUILTIN_CA_CERT + string "Path to the CA certificate (for client verification)" + depends on GREYBUS_TLS_CLIENT_VERIFY_OPTIONAL || GREYBUS_TLS_CLIENT_VERIFY_REQUIRED + default "${ZEPHYR_BASE}/samples/net/sockets/echo_server/src/ca.der" + help + The path to the Certificate Signing-Authority certificate + +config GREYBUS_TLS_BUILTIN_SERVER_CERT + string "Path to the Greybus server certificate" + default "${ZEPHYR_BASE}/samples/net/sockets/echo_server/src/server.der" + help + The path to the Greybus Server certificate (public key) + +config GREYBUS_TLS_BUILTIN_SERVER_PRIVKEY + string "Path to the Greybus server private key" + default "${ZEPHYR_BASE}/samples/net/sockets/echo_server/src/server_privkey.der" + help + The path to the Greybus Server private key + +endif # GREYBUS_TLS_BUILTIN +endif # GREYBUS_ENABLE_TLS + choice prompt "Which transport shall be used for Greybus?" default GREYBUS_XPORT_TCPIP config GREYBUS_XPORT_TCPIP bool "Use the TCP/IP Transport for Greybus" + depends on NET_TCP + depends on NET_SOCKETS + depends on NET_SOCKETS_POSIX_NAMES + depends on !GREYBUS_ENABLE_TLS || (GREYBUS_ENABLE_TLS && NET_SOCKETS_SOCKOPT_TLS) help This creates a TCP/IP service for Greybus. config GREYBUS_XPORT_UART bool "Use the UART Transport for Greybus" + depends on SERIAL + depends on SERIAL_HAS_DRIVER help This creates a thread for Greybus on a specific UART. @@ -50,114 +144,80 @@ config GREYBUS_XPORT_UART_DEV help This setting specifies which UART the Greybus service will use. endif # GREYBUS_XPORT_UART - endchoice config GREYBUS_AUDIO bool "Greybus Audio" - default n help Select this for Greybus Audio support. config GREYBUS_CAMERA bool "Greybus Camera" - default n help Select this for Greybus Camera support. config GREYBUS_CONTROL bool "Greybus Control" - default n help Select this for a Greybus Control cport. -config GREYBUS_DEBUG - bool "Debug Greybus" - default n - help - Select this to debug Greybus. - -config GREYBUS_LOG_FUNC - bool "Greybus Debug with Function Name" - default n - help - Select this option to show the function name in Greybus debug messages. - -config GREYBUS_LOG_FILE - bool "Greybus Debug with File Name" - default y - help - Select this option to show the filename and line number in Greybus debug messages. - config GREYBUS_GPIO bool "Greybus GPIO" - default n help Select this for Greybus GPIO support. config GREYBUS_HID bool "Greybus HID" - default n help Select this for Greybus HID support. config GREYBUS_I2C - bool "Greybus I2C support" - default n + bool "Greybus I2C" help Select this for Greybus I2C support. config GREYBUS_LIGHTS bool "Greybus Lights" - default n help Select this for Greybus Light support. config GREYBUS_LOOPBACK bool "Greybus Loopback" - default n help Select this for Greybus Loopback support. config GREYBUS_POWER_SUPPLY bool "Greybus Power Supply" - default n help Select this for Greybus Power Supply support. config GREYBUS_PWM bool "Greybus PWM" - default n help Select this for Greybus Pulse Width Modulation support. config GREYBUS_SDIO bool "Greybus SDIO" - default n help Select this for Greybus Secure Digital IO support. config GREYBUS_SPI bool "Greybus SPI" - default n help Select this for Greybus Serial Peripheral Interface support. config GREYBUS_UART bool "Greybus UART" - default n help Select this for Greybus Universal Asynchronous Receiver Transmitter support. config GREYBUS_USB bool "Greybus USB" - default n help Select this for Greybus Universal Serial Bus support. config GREYBUS_VIBRATOR bool "Greybus Vibrator" - default n help Select this for Greybus Vibrator support. @@ -197,7 +257,7 @@ config GREYBUS_CPORT_INIT_PRIORITY Greybus cport init priority to ensure device initialization order. module = GREYBUS -module-str = gb +module-str = Greybus source "subsys/logging/Kconfig.template.log_config" endif # GREYBUS diff --git a/subsys/greybus/greybus-core.c b/subsys/greybus/greybus-core.c index a2e2b32..80f77ff 100644 --- a/subsys/greybus/greybus-core.c +++ b/subsys/greybus/greybus-core.c @@ -53,9 +53,15 @@ extern int pthread_setname_np(pthread_t thread, const char *name); #define DEFAULT_STACK_SIZE PTHREAD_STACK_MIN #else + #include #include + #define DEFAULT_STACK_SIZE CONFIG_PTHREAD_DYNAMIC_STACK_DEFAULT_SIZE + +void qsort(void *base, size_t nmemb, size_t size, + int (*compar)(const void *, const void *)); + #endif #include @@ -553,6 +559,7 @@ int _gb_register_driver(unsigned int cport, int bundle_id, pthread_attr_t thread_attr; pthread_attr_t *thread_attr_ptr = &thread_attr; struct gb_bundle *bundle; + char thread_name[CONFIG_THREAD_MAX_NAME_LEN]; int retval; LOG_DBG("Registering Greybus driver on CP%u", cport); @@ -643,9 +650,8 @@ int _gb_register_driver(unsigned int cport, int bundle_id, goto pthread_create_error; } - char thread_name[CONFIG_THREAD_MAX_NAME_LEN]; - (void)snprintf(thread_name, sizeof(thread_name), "greybus[%u]", cport); - (void)pthread_setname_np(g_cport[cport].thread, thread_name); + snprintf(thread_name, sizeof(thread_name), "greybus[%u]", cport); + pthread_setname_np(g_cport[cport].thread, thread_name); pthread_attr_destroy(&thread_attr); thread_attr_ptr = NULL; diff --git a/subsys/greybus/platform/certificate.c b/subsys/greybus/platform/certificate.c new file mode 100644 index 0000000..295b5d3 --- /dev/null +++ b/subsys/greybus/platform/certificate.c @@ -0,0 +1,72 @@ +/* + * Copyright (c) 2020 Friedt Professional Engineering Services, Inc + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#include +#include "certificate.h" + +#include +LOG_MODULE_REGISTER(greybus_tls, CONFIG_GREYBUS_LOG_LEVEL); + +#ifdef CONFIG_GREYBUS_TLS_BUILTIN +#if defined(CONFIG_GREYBUS_TLS_CLIENT_VERIFY_OPTIONAL) \ + || defined(CONFIG_GREYBUS_TLS_CLIENT_VERIFY_REQUIRED) +static const unsigned char greybus_tls_builtin_ca_cert[] = { +#include "greybus_tls_builtin_ca_cert.inc" +}; +#else /* CONFIG_GREYBUS_TLS_TLS_CLIENT_VERIFY.. */ +#define greybus_tls_builtin_ca_cert NULL +#endif /* CONFIG_GREYBUS_TLS_TLS_CLIENT_VERIFY.. */ + +static const unsigned char greybus_tls_builtin_server_cert[] = { +#include "greybus_tls_builtin_server_cert.inc" +}; + +static const unsigned char greybus_tls_builtin_server_privkey[] = { +#include "greybus_tls_builtin_server_privkey.inc" +}; +#else +#define greybus_tls_builtin_ca_cert NULL +#define greybus_tls_builtin_server_cert NULL +#define greybus_tls_builtin_server_privkey NULL +#endif /* GREYBUS_TLS_BUILTIN */ + +int greybus_tls_init(void) +{ + if (IS_ENABLED(CONFIG_GREYBUS_TLS_BUILTIN)) { + int r; + + LOG_INF("Initializing built-in certificates"); + + if (IS_ENABLED(CONFIG_GREYBUS_TLS_CLIENT_VERIFY_OPTIONAL) + || IS_ENABLED(CONFIG_GREYBUS_TLS_CLIENT_VERIFY_REQUIRED)) { + LOG_DBG("Adding CA Certificate (%zu bytes)", sizeof(greybus_tls_builtin_ca_cert)); + r = tls_credential_add(GB_TLS_CA_CERT_TAG, TLS_CREDENTIAL_CA_CERTIFICATE, + greybus_tls_builtin_ca_cert, sizeof(greybus_tls_builtin_ca_cert)); + if (r < 0) { + LOG_ERR("Failed to add CA Certificate: %d", r); + return r; + } + } + + LOG_DBG("Adding Server Certificate (Public Key) (%zu bytes)", sizeof(greybus_tls_builtin_server_cert)); + r = tls_credential_add(GB_TLS_SERVER_CERT_TAG, TLS_CREDENTIAL_SERVER_CERTIFICATE, + greybus_tls_builtin_server_cert, sizeof(greybus_tls_builtin_server_cert)); + if (r < 0) { + LOG_ERR("Failed to add Server Certificate (Public Key): %d", r); + return r; + } + + LOG_DBG("Adding Server Certificate (Private Key) (%zu bytes)", sizeof(greybus_tls_builtin_server_privkey)); + r = tls_credential_add(GB_TLS_SERVER_CERT_TAG, TLS_CREDENTIAL_PRIVATE_KEY, + greybus_tls_builtin_server_privkey, sizeof(greybus_tls_builtin_server_privkey)); + if (r < 0) { + LOG_ERR("Failed to add Server Certificate (Private Key): %d", r); + return r; + } + } + + return 0; +} diff --git a/subsys/greybus/platform/certificate.h b/subsys/greybus/platform/certificate.h new file mode 100644 index 0000000..ed120fd --- /dev/null +++ b/subsys/greybus/platform/certificate.h @@ -0,0 +1,20 @@ +/* + * Copyright (c) 2020 Friedt Professional Engineering Services, Inc + * + * SPDX-License-Identifier: BSD-3-Clause + */ + +#ifndef SUBSYS_GREYBUS_PLATFORM_CERTIFICATE_H_ +#define SUBSYS_GREYBUS_PLATFORM_CERTIFICATE_H_ + +#include + +enum greybus_tls_certificate_type { + GB_TLS_CA_CERT_TAG, + GB_TLS_SERVER_CERT_TAG, + GB_TLS_CLIENT_CERT_TAG, +}; + +int greybus_tls_init(void); + +#endif /* SUBSYS_GREYBUS_PLATFORM_CERTIFICATE_H_ */ diff --git a/subsys/greybus/platform/i2c.c b/subsys/greybus/platform/i2c.c index 94c4f56..8c9fd89 100644 --- a/subsys/greybus/platform/i2c.c +++ b/subsys/greybus/platform/i2c.c @@ -89,10 +89,10 @@ static int greybus_i2c_control_init(const struct device *dev) { static struct greybus_i2c_control_data \ greybus_i2c_control_data_##_num; \ \ - DEVICE_INIT(i2c_i2c_control_##_num, "GBI2C_" #_num, \ - greybus_i2c_control_init, \ + DEVICE_DT_INST_DEFINE(_num, \ + greybus_i2c_control_init, NULL, \ &greybus_i2c_control_data_##_num, \ &greybus_i2c_control_config_##_num, POST_KERNEL, \ - CONFIG_GREYBUS_CPORT_INIT_PRIORITY); + CONFIG_GREYBUS_CPORT_INIT_PRIORITY, NULL); DT_INST_FOREACH_STATUS_OKAY(DEFINE_GREYBUS_I2C_CONTROL); diff --git a/subsys/greybus/platform/service.c b/subsys/greybus/platform/service.c index 07c3fb2..5e03ee4 100644 --- a/subsys/greybus/platform/service.c +++ b/subsys/greybus/platform/service.c @@ -19,13 +19,11 @@ LOG_MODULE_REGISTER(greybus_service, CONFIG_GREYBUS_LOG_LEVEL); #include "transport.h" #include "manifest.h" +#include "certificate.h" /* Currently only one greybus instance is supported */ #define GREYBUS_BUS_NAME "GREYBUS_0" -/* Deferred init of some DT nodes required - see defer_init.c */ -extern int gb_service_deferred_init(void); - static struct gb_transport_backend *xport; static size_t num_cports; @@ -52,12 +50,19 @@ static int greybus_service_init(const struct device *bus) return -EALREADY; } + r = greybus_tls_init(); + if (r < 0) { + LOG_ERR("gb_tls_init() failed: %d", r); + goto out; + } + LOG_DBG("Greybus initializing.."); bus = device_get_binding(GREYBUS_BUS_NAME); if (NULL == bus) { r = -ENODEV; LOG_ERR("failed to get " GREYBUS_BUS_NAME " device"); + r = -ENODEV; goto out; } @@ -111,6 +116,7 @@ static int greybus_service_init(const struct device *bus) if (cports != NULL) { free(cports); } + return r; } diff --git a/subsys/greybus/platform/transport-tcpip.c b/subsys/greybus/platform/transport-tcpip.c index 0c8958e..33b00d0 100644 --- a/subsys/greybus/platform/transport-tcpip.c +++ b/subsys/greybus/platform/transport-tcpip.c @@ -26,11 +26,21 @@ #include #include -/* For some reason, not declared even with _GNU_SOURCE */ -extern int pthread_setname_np(pthread_t thread, const char *name); +/* + * There seem to be a number of conflicts between Linux and + * Zephyr headers for networking things. So a few things are + * defined manually. + */ +#define IPPROTO_TLS_1_2 258 +#define TLS_SEC_TAG_LIST 1 +#define TLS_HOSTNAME 2 +#define TLS_PEER_VERIFY 5 +#define TLS_PEER_VERIFY_NONE 0 +#define TLS_PEER_VERIFY_OPTIONAL 1 +#define TLS_PEER_VERIFY_REQUIRED 2 + +typedef int sec_tag_t; -/* For some reason, including breaks everything - * I only need these */ static inline struct sockaddr_in *net_sin(struct sockaddr *sa) { return (struct sockaddr_in *)sa; @@ -41,6 +51,9 @@ static inline struct sockaddr_in6 *net_sin6(struct sockaddr *sa) return (struct sockaddr_in6 *)sa; } +/* For some reason, not declared even with _GNU_SOURCE */ +extern int pthread_setname_np(pthread_t thread, const char *name); + extern int usleep(useconds_t usec); #else @@ -68,6 +81,11 @@ int usleep(useconds_t usec) { LOG_MODULE_REGISTER(greybus_transport_tcpip, CONFIG_GREYBUS_LOG_LEVEL); #include "transport.h" +#include "certificate.h" + +#ifndef CONFIG_GREYBUS_ENABLE_TLS +#define CONFIG_GREYBUS_TLS_HOSTNAME "" +#endif /* Based on UniPro, from Linux */ #define CPORT_ID_MAX 4095 @@ -75,6 +93,12 @@ LOG_MODULE_REGISTER(greybus_transport_tcpip, CONFIG_GREYBUS_LOG_LEVEL); #define GB_TRANSPORT_TCPIP_BASE_PORT 4242 #define GB_TRANSPORT_TCPIP_BACKLOG 10 +#ifdef CONFIG_GREYBUS_ENABLE_TLS +#define XPORT "TLS" +#else +#define XPORT "TCP/IP" +#endif + enum fd_context_type { FD_CONTEXT_SERVER = 1, FD_CONTEXT_CLIENT = 2, @@ -89,8 +113,13 @@ struct fd_context { enum fd_context_type type; }; +#ifdef CONFIG_GREYBUS_ENABLE_TLS +DNS_SD_REGISTER_TCP_SERVICE(gb_service_advertisement, CONFIG_NET_HOSTNAME, + "_greybuss", "local", DNS_SD_EMPTY_TXT, GB_TRANSPORT_TCPIP_BASE_PORT); +#else /* CONFIG_GREYBUS_ENABLE_TLS */ DNS_SD_REGISTER_TCP_SERVICE(gb_service_advertisement, CONFIG_NET_HOSTNAME, "_greybus", "local", DNS_SD_EMPTY_TXT, GB_TRANSPORT_TCPIP_BASE_PORT); +#endif /* CONFIG_GREYBUS_ENABLE_TLS */ static sys_dlist_t fd_list; static pthread_mutex_t fd_list_mutex; @@ -553,6 +582,7 @@ static int sendMessage(int fd, struct gb_operation_hdr *msg) for (remaining = sys_le16_to_cpu(msg->size), offset = 0, written = 0; remaining; remaining -= written, offset += written, written = 0) { + LOG_DBG("gb: send(%d, %p, %zu, 0)", fd, &((uint8_t *)msg)[offset], remaining); r = send(fd, &((uint8_t *)msg)[offset], remaining, 0); if (r < 0) { @@ -656,9 +686,15 @@ static int netsetup(size_t num_cports) const int yes = true; int family; uint16_t *port; + int proto = IPPROTO_TCP; struct sockaddr sa; socklen_t sa_len; + if (IS_ENABLED(CONFIG_GREYBUS_TLS_BUILTIN)) { + proto = IPPROTO_TLS_1_2; + } + + memset(&sa, 0, sizeof(sa)); if (IS_ENABLED(CONFIG_NET_IPV6)) { family = AF_INET6; net_sin6(&sa)->sin6_family = AF_INET6; @@ -678,7 +714,7 @@ static int netsetup(size_t num_cports) *port = htons(GB_TRANSPORT_TCPIP_BASE_PORT); for(i = 0; i < num_cports; ++i) { - fd = socket(family, SOCK_STREAM, 0); + fd = socket(family, SOCK_STREAM, proto); if (fd == -1) { LOG_ERR("socket: %d", errno); return -errno; @@ -692,10 +728,50 @@ static int netsetup(size_t num_cports) r = setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(yes)); if (-1 == r) { - LOG_ERR("setsockopt: %d", errno); + LOG_ERR("setsockopt: Failed to set SO_REUSEADDR (%d)", errno); return -errno; } + if (IS_ENABLED(CONFIG_GREYBUS_ENABLE_TLS)) { + static const sec_tag_t sec_tag_opt[] = { +#if defined(CONFIG_GREYBUS_TLS_CLIENT_VERIFY_OPTIONAL) \ + || defined(CONFIG_GREYBUS_TLS_CLIENT_VERIFY_REQUIRED) + GB_TLS_CA_CERT_TAG, +#endif + GB_TLS_SERVER_CERT_TAG, + }; + + r = setsockopt(fd, SOL_TLS, TLS_SEC_TAG_LIST, sec_tag_opt, sizeof(sec_tag_opt)); + if (-1 == r) { + LOG_ERR("setsockopt: Failed to set SEC_TAG_LIST (%d)", errno); + return -errno; + } + + r = setsockopt(fd, SOL_TLS, TLS_HOSTNAME, CONFIG_GREYBUS_TLS_HOSTNAME, + strlen(CONFIG_GREYBUS_TLS_HOSTNAME)); + if (-1 == r) { + LOG_ERR("setsockopt: Failed to set TLS_HOSTNAME (%d)", errno); + return -errno; + } + + /* default to no client verification */ + int verify = TLS_PEER_VERIFY_NONE; + + if (IS_ENABLED(CONFIG_GREYBUS_TLS_CLIENT_VERIFY_OPTIONAL)) { + verify = TLS_PEER_VERIFY_OPTIONAL; + } + + if (IS_ENABLED(CONFIG_GREYBUS_TLS_CLIENT_VERIFY_REQUIRED)) { + verify = TLS_PEER_VERIFY_REQUIRED; + } + + r = setsockopt(fd, SOL_TLS, TLS_PEER_VERIFY, &verify, sizeof(verify)); + if (-1 == r) { + LOG_ERR("setsockopt: Failed to set TLS_PEER_VERIFY (%d)", errno); + return -errno; + } + } + *port = htons(GB_TRANSPORT_TCPIP_BASE_PORT + i); r = bind(fd, &sa, sa_len); if (-1 == r) { @@ -709,7 +785,7 @@ static int netsetup(size_t num_cports) return -errno; } - LOG_INF("CPort %zu mapped to TCP/IP port %zu", + LOG_INF("CPort %zu mapped to " XPORT " port %zu", i, GB_TRANSPORT_TCPIP_BASE_PORT + i); } @@ -721,7 +797,7 @@ struct gb_transport_backend *gb_transport_backend_init(size_t num_cports) { int r; struct gb_transport_backend *ret = NULL; - LOG_DBG("Greybus TCP/IP Transport initializing.."); + LOG_DBG("Greybus " XPORT " Transport initializing.."); pthread_mutex_init(&fd_list_mutex, NULL); sys_dlist_init(&fd_list); @@ -736,17 +812,18 @@ struct gb_transport_backend *gb_transport_backend_init(size_t num_cports) { goto cleanup; } - r = pthread_create(&accept_thread, NULL, service_thread, NULL); - if (r != 0) { + r = pthread_create(&accept_thread, NULL, service_thread, NULL); + if (r != 0) { LOG_ERR("pthread_create: %d", r); goto cleanup; } - (void)pthread_setname_np(accept_thread, "greybus"); + pthread_setname_np(accept_thread, "greybus"); ret = (struct gb_transport_backend *)&gb_xport; - LOG_INF("Greybus TCP/IP Transport initialized"); + LOG_INF("Greybus " XPORT " Transport initialized"); + goto out; cleanup: diff --git a/subsys/greybus/platform/transport-uart.c b/subsys/greybus/platform/transport-uart.c index 2948aa5..d4bedfd 100644 --- a/subsys/greybus/platform/transport-uart.c +++ b/subsys/greybus/platform/transport-uart.c @@ -30,7 +30,7 @@ LOG_MODULE_REGISTER(greybus_xsport_uart, CONFIG_GREYBUS_LOG_LEVEL); static int sendMessage(struct device *dev, struct gb_operation_hdr *msg); static void uart_work_fn(struct k_work *work); -static struct device *uart_dev; +static const struct device *uart_dev; RING_BUF_DECLARE(uart_rb, UART_RB_SIZE); static K_WORK_DEFINE(uart_work, uart_work_fn); diff --git a/tests/subsys/greybus/gpio/CMakeLists.txt b/tests/subsys/greybus/gpio/CMakeLists.txt index 112ae66..3a18271 100644 --- a/tests/subsys/greybus/gpio/CMakeLists.txt +++ b/tests/subsys/greybus/gpio/CMakeLists.txt @@ -6,5 +6,36 @@ cmake_minimum_required(VERSION 3.13.1) find_package(Zephyr REQUIRED HINTS $ENV{ZEPHYR_BASE}) project(greybus) +if(CONFIG_GREYBUS_ENABLE_TLS) + + set(gen_dir ${ZEPHYR_BINARY_DIR}/include/generated/) + + if(CONFIG_GREYBUS_TLS_CLIENT_VERIFY_OPTIONAL OR CONFIG_GREYBUS_TLS_CLIENT_VERIFY_REQUIRED) + + generate_inc_file_for_target( + app + ${ZEPHYR_BASE}/samples/net/sockets/echo_server/src/server.der + ${gen_dir}/greybus_client.inc + ) + + generate_inc_file_for_target( + app + ${ZEPHYR_BASE}/samples/net/sockets/echo_server/src/server_privkey.der + ${gen_dir}/greybus_client_privkey.inc + ) + + else() + + # if client verification is not needed, then the client needs to + # load these credentials + generate_inc_file_for_target( + app + ${ZEPHYR_BASE}/samples/net/sockets/echo_server/src/ca.der + ${gen_dir}/greybus_ca.inc + ) + + endif() +endif() + FILE(GLOB_RECURSE app_sources src/*.c) target_sources(app PRIVATE ${app_sources}) diff --git a/tests/subsys/greybus/gpio/boards/mps2_an385.conf b/tests/subsys/greybus/gpio/boards/mps2_an385.conf new file mode 100644 index 0000000..5b180b1 --- /dev/null +++ b/tests/subsys/greybus/gpio/boards/mps2_an385.conf @@ -0,0 +1,14 @@ +# Copyright (c) 2020 Friedt Professional Engineering Services, Inc +# SPDX-License-Identifier: BSD-3-Clause + +# the qemu gpio driver does not seemt to handle tests properly +CONFIG_GPIO_EMUL=y + +# for a loopback connection, ipv4 is fine +CONFIG_NET_IPV6=n +CONFIG_NET_CONFIG_NEED_IPV6=n + +# Networking Options +CONFIG_NET_LOOPBACK=y +CONFIG_NET_L2_DUMMY=y +CONFIG_TEST_RANDOM_GENERATOR=y diff --git a/tests/subsys/greybus/gpio/boards/mps2_an385.overlay b/tests/subsys/greybus/gpio/boards/mps2_an385.overlay new file mode 100644 index 0000000..8d2c3ed --- /dev/null +++ b/tests/subsys/greybus/gpio/boards/mps2_an385.overlay @@ -0,0 +1,117 @@ +/* + * Copyright (c) 2020 Friedt Professional Engineering Services, Inc + * + * SPDX-License-Identifier: BSD-3-Clause + */ + #include + +/ { + resources { + compatible = "test,greybus-gpio"; + out-gpios = <&gpio42 0 0>; + in-gpios = <&gpio42 1 0>; + }; + + greybus0: greybus0 { + compatible = "zephyr,greybus"; + label = "GREYBUS_0"; + greybus; + }; + + gpio42: gpio@4200 { + status = "okay"; + compatible = "zephyr,gpio-emul"; + reg = <0x4200 0x4>; + label = "GPIO_42"; + rising-edge; + falling-edge; + high-level; + low-level; + gpio-controller; + #gpio-cells = <2>; + }; +}; + +&gpio42 { + status = "okay"; + ngpios = <2>; +}; + +&greybus0 { + label = "GREYBUS_0"; + status = "okay"; + /* defaults in effect, so this isn't necessary */ + version-major = ; + version-minor = ; + + gbstring1: gbstring1 { + label = "GBSTRING_1"; + status = "okay"; + compatible = "zephyr,greybus-string"; + id = <1>; + greybus-string = "Zephyr Project RTOS"; + }; + + gbstring2: gbstring2 { + label = "GBSTRING_2"; + status = "okay"; + compatible = "zephyr,greybus-string"; + id = <2>; + greybus-string = "Greybus Service Sample Application"; + }; + + gbinterface0 { + label = "GBINTERFACE_0"; + status = "okay"; + compatible = "zephyr,greybus-interface"; + vendor-string-id = <&gbstring1>; + product-string-id = <&gbstring2>; + greybus-interface; + }; + + gbbundle0 { + label = "GBBUNDLE_0"; + status = "okay"; + compatible = "zephyr,greybus-bundle"; + greybus-bundle; + /* Control Bundle 0 + * Note: control bundle 0 and control cport 0 are optional + * Since instance numbers automatically begin at 0, the id + * is a mandatory field for bundles and cports. + */ + id = ; + bundle-class = ; + + gbcontrol0 { + label = "GBCONTROL_0"; + status = "okay"; + compatible = "zephyr,greybus-control"; + greybus-controller; + /* Control CPort 0 + * Note: control bundle 0 and control cport 0 are optional + * Since instance numbers automatically begin at 0, the id + * is a mandatory field for bundles and cports. + */ + id = ; + cport-protocol = ; + }; + }; + + gbbundle1 { + label = "GBBUNDLE_1"; + status = "okay"; + compatible = "zephyr,greybus-bundle"; + greybus-bundle; + id = <1>; + bundle-class = ; + + gbgpio0 { + label = "GBGPIO_0"; + status = "okay"; + compatible = "zephyr,greybus-gpio-controller"; + greybus-gpio-controller = <&gpio42>; + id = <1>; + cport-protocol = ; + }; + }; +}; diff --git a/tests/subsys/greybus/gpio/boards/qemu_cortex_m3.conf b/tests/subsys/greybus/gpio/boards/qemu_cortex_m3.conf index 0a1ba81..5b180b1 100644 --- a/tests/subsys/greybus/gpio/boards/qemu_cortex_m3.conf +++ b/tests/subsys/greybus/gpio/boards/qemu_cortex_m3.conf @@ -12,5 +12,3 @@ CONFIG_NET_CONFIG_NEED_IPV6=n CONFIG_NET_LOOPBACK=y CONFIG_NET_L2_DUMMY=y CONFIG_TEST_RANDOM_GENERATOR=y -CONFIG_NET_CONFIG_MY_IPV4_ADDR="127.0.0.1" -CONFIG_NET_CONFIG_MY_IPV6_ADDR="::1" diff --git a/tests/subsys/greybus/gpio/boards/qemu_x86_64.conf b/tests/subsys/greybus/gpio/boards/qemu_x86_64.conf new file mode 100644 index 0000000..5b180b1 --- /dev/null +++ b/tests/subsys/greybus/gpio/boards/qemu_x86_64.conf @@ -0,0 +1,14 @@ +# Copyright (c) 2020 Friedt Professional Engineering Services, Inc +# SPDX-License-Identifier: BSD-3-Clause + +# the qemu gpio driver does not seemt to handle tests properly +CONFIG_GPIO_EMUL=y + +# for a loopback connection, ipv4 is fine +CONFIG_NET_IPV6=n +CONFIG_NET_CONFIG_NEED_IPV6=n + +# Networking Options +CONFIG_NET_LOOPBACK=y +CONFIG_NET_L2_DUMMY=y +CONFIG_TEST_RANDOM_GENERATOR=y diff --git a/tests/subsys/greybus/gpio/boards/qemu_x86_64.overlay b/tests/subsys/greybus/gpio/boards/qemu_x86_64.overlay new file mode 100644 index 0000000..8d2c3ed --- /dev/null +++ b/tests/subsys/greybus/gpio/boards/qemu_x86_64.overlay @@ -0,0 +1,117 @@ +/* + * Copyright (c) 2020 Friedt Professional Engineering Services, Inc + * + * SPDX-License-Identifier: BSD-3-Clause + */ + #include + +/ { + resources { + compatible = "test,greybus-gpio"; + out-gpios = <&gpio42 0 0>; + in-gpios = <&gpio42 1 0>; + }; + + greybus0: greybus0 { + compatible = "zephyr,greybus"; + label = "GREYBUS_0"; + greybus; + }; + + gpio42: gpio@4200 { + status = "okay"; + compatible = "zephyr,gpio-emul"; + reg = <0x4200 0x4>; + label = "GPIO_42"; + rising-edge; + falling-edge; + high-level; + low-level; + gpio-controller; + #gpio-cells = <2>; + }; +}; + +&gpio42 { + status = "okay"; + ngpios = <2>; +}; + +&greybus0 { + label = "GREYBUS_0"; + status = "okay"; + /* defaults in effect, so this isn't necessary */ + version-major = ; + version-minor = ; + + gbstring1: gbstring1 { + label = "GBSTRING_1"; + status = "okay"; + compatible = "zephyr,greybus-string"; + id = <1>; + greybus-string = "Zephyr Project RTOS"; + }; + + gbstring2: gbstring2 { + label = "GBSTRING_2"; + status = "okay"; + compatible = "zephyr,greybus-string"; + id = <2>; + greybus-string = "Greybus Service Sample Application"; + }; + + gbinterface0 { + label = "GBINTERFACE_0"; + status = "okay"; + compatible = "zephyr,greybus-interface"; + vendor-string-id = <&gbstring1>; + product-string-id = <&gbstring2>; + greybus-interface; + }; + + gbbundle0 { + label = "GBBUNDLE_0"; + status = "okay"; + compatible = "zephyr,greybus-bundle"; + greybus-bundle; + /* Control Bundle 0 + * Note: control bundle 0 and control cport 0 are optional + * Since instance numbers automatically begin at 0, the id + * is a mandatory field for bundles and cports. + */ + id = ; + bundle-class = ; + + gbcontrol0 { + label = "GBCONTROL_0"; + status = "okay"; + compatible = "zephyr,greybus-control"; + greybus-controller; + /* Control CPort 0 + * Note: control bundle 0 and control cport 0 are optional + * Since instance numbers automatically begin at 0, the id + * is a mandatory field for bundles and cports. + */ + id = ; + cport-protocol = ; + }; + }; + + gbbundle1 { + label = "GBBUNDLE_1"; + status = "okay"; + compatible = "zephyr,greybus-bundle"; + greybus-bundle; + id = <1>; + bundle-class = ; + + gbgpio0 { + label = "GBGPIO_0"; + status = "okay"; + compatible = "zephyr,greybus-gpio-controller"; + greybus-gpio-controller = <&gpio42>; + id = <1>; + cport-protocol = ; + }; + }; +}; diff --git a/tests/subsys/greybus/gpio/prj.conf b/tests/subsys/greybus/gpio/prj.conf index 408578f..e6b8b4d 100644 --- a/tests/subsys/greybus/gpio/prj.conf +++ b/tests/subsys/greybus/gpio/prj.conf @@ -1,54 +1,43 @@ +CONFIG_NET_TEST=y CONFIG_ZTEST=y CONFIG_ZTEST_STACKSIZE=2048 +CONFIG_HEAP_MEM_POOL_SIZE=8192 CONFIG_NEWLIB_LIBC=y -CONFIG_HEAP_MEM_POOL_SIZE=8192 -CONFIG_GPIO=y +# Greybus options and dependencies +CONFIG_PTHREAD_IPC=y +CONFIG_PTHREAD_DYNAMIC_STACK=y +CONFIG_THREAD_NAME=y CONFIG_GREYBUS=y -#CONFIG_GB_LOG_LEVEL=4 -#CONFIG_GREYBUS_AUDIO=y -#CONFIG_GREYBUS_CAMERA=y CONFIG_GREYBUS_CONTROL=y +CONFIG_GPIO=y CONFIG_GREYBUS_GPIO=y -#CONFIG_GREYBUS_DEBUG=y -#CONFIG_GREYBUS_HID=y -#CONFIG_GREYBUS_I2C=y -#CONFIG_GREYBUS_LIGHTS=y -#CONFIG_GREYBUS_LOOPBACK=y -#CONFIG_GREYBUS_POWER_SUPPLY=y -#CONFIG_GREYBUS_PWM=y -#CONFIG_GREYBUS_SDIO=y -#CONFIG_GREYBUS_SPI=y -#CONFIG_GREYBUS_UART=y -#CONFIG_GREYBUS_USB=y -#CONFIG_GREYBUS_VIBRATOR=y -CONFIG_CONSOLE_SUBSYS=y -#CONFIG_CONSOLE_GETCHAR=y # Generic networking options CONFIG_NET_HOSTNAME_ENABLE=y CONFIG_NETWORKING=y -CONFIG_NET_UDP=y +CONFIG_NET_UDP=n CONFIG_NET_TCP=y -CONFIG_NET_IPV6=y +CONFIG_NET_IPV6=n CONFIG_NET_IPV4=y CONFIG_NET_SOCKETS=y CONFIG_NET_SOCKETS_POSIX_NAMES=y -CONFIG_POSIX_MAX_FDS=16 +CONFIG_POSIX_MAX_FDS=10 CONFIG_NET_SOCKETS_POLL_MAX=16 +CONFIG_NET_STATISTICS=y # Kernel options -CONFIG_MAIN_STACK_SIZE=1024 -#CONFIG_ENTROPY_GENERATOR=y +CONFIG_MAIN_STACK_SIZE=2048 CONFIG_TEST_RANDOM_GENERATOR=y CONFIG_INIT_STACKS=y -# Logging -CONFIG_NET_LOG=y -CONFIG_LOG=y -CONFIG_NET_STATISTICS=y -CONFIG_PRINTK=y +# Logging / Debugging +#CONFIG_NET_LOG=y +#CONFIG_NET_SOCKETS_LOG_LEVEL_DBG=y +#CONFIG_GREYBUS_LOG_LEVEL_DBG=y +#CONFIG_MBEDTLS_DEBUG=y +#CONFIG_MBEDTLS_DEBUG_LEVEL=4 # Network buffers CONFIG_NET_PKT_RX_COUNT=16 @@ -57,21 +46,23 @@ CONFIG_NET_BUF_RX_COUNT=16 CONFIG_NET_BUF_TX_COUNT=16 CONFIG_NET_CONTEXT_NET_PKT_POOL=y -# IP address options -CONFIG_NET_IF_UNICAST_IPV6_ADDR_COUNT=3 -CONFIG_NET_IF_MCAST_IPV6_ADDR_COUNT=4 -CONFIG_NET_MAX_CONTEXTS=10 +# TLS Options +#CONFIG_GREYBUS_ENABLE_TLS=y +#CONFIG_GREYBUS_TLS_BUILTIN=y +#CONFIG_NET_SOCKETS_SOCKOPT_TLS=y +#CONFIG_TLS_CREDENTIALS=y +#CONFIG_NET_PKT_RX_COUNT=64 +#CONFIG_NET_PKT_TX_COUNT=64 +#CONFIG_NET_BUF_RX_COUNT=64 +#CONFIG_NET_BUF_TX_COUNT=64 +#CONFIG_NET_SOCKETS_TLS_MAX_CONTEXTS=10 +#CONFIG_ZTEST_STACKSIZE=8192 +#CONFIG_PTHREAD_DYNAMIC_STACK_DEFAULT_SIZE=8192 +#CONFIG_HEAP_MEM_POOL_SIZE=16384 -# Network shell -CONFIG_NET_SHELL=y -CONFIG_SHELL=y +# IP address options +CONFIG_NET_MAX_CONTEXTS=16 # Network application options and configuration CONFIG_NET_CONFIG_SETTINGS=y -CONFIG_NET_CONFIG_MY_IPV6_ADDR="2001:db8::1" -CONFIG_NET_CONFIG_PEER_IPV6_ADDR="2001:db8::2" CONFIG_NET_CONFIG_MY_IPV4_ADDR="192.0.2.1" -CONFIG_NET_CONFIG_PEER_IPV4_ADDR="192.0.2.2" - -# How many client can connect to echo-server simultaneously -#CONFIG_NET_SAMPLE_NUM_HANDLERS=1 diff --git a/tests/subsys/greybus/gpio/src/gpio.c b/tests/subsys/greybus/gpio/src/gpio.c index 57b6ef2..26f2df3 100644 --- a/tests/subsys/greybus/gpio/src/gpio.c +++ b/tests/subsys/greybus/gpio/src/gpio.c @@ -24,6 +24,8 @@ #include #include +#define IPPROTO_TLS_1_2 258 + /* For some reason, including breaks everything * I only need these */ static inline struct sockaddr_in *net_sin(struct sockaddr *sa) @@ -51,6 +53,7 @@ static inline struct sockaddr_in6 *net_sin6(struct sockaddr *sa) LOG_MODULE_REGISTER(greybus_test_gpio, CONFIG_GREYBUS_LOG_LEVEL); /* slightly annoying */ +#include "../../../../../subsys/greybus/platform/certificate.h" #include "../../../../../subsys/greybus/gpio-gb.h" #include "test-greybus-gpio.h" @@ -71,27 +74,60 @@ LOG_MODULE_REGISTER(greybus_test_gpio, CONFIG_GREYBUS_LOG_LEVEL); #endif static struct device *gpio_dev; - static int fd = -1; +#ifdef CONFIG_GREYBUS_ENABLE_TLS +#if defined(CONFIG_GREYBUS_TLS_CLIENT_VERIFY_OPTIONAL) \ + || defined(CONFIG_GREYBUS_TLS_CLIENT_VERIFY_REQUIRED) +#define greybus_ca NULL +static const unsigned char greybus_client[] = { +#include "greybus_client.inc" +}; +static const unsigned char greybus_client_privkey[] = { +#include "greybus_client_privkey.inc" +}; +#else /* GREYBUS_CLIENT_VERIFY_.. */ +static const unsigned char greybus_ca[] = { +#include "greybus_ca.inc" +}; +#define greybus_client NULL +#define greybus_client_privkey NULL +#endif /* GREYBUS_CLIENT_VERIFY_.. */ +#else /* CONFIG_GREYBUS_ENABLE_TLS */ +#define greybus_ca NULL +#define greybus_client NULL +#define greybus_client_privkey NULL +#endif /* CONFIG_GREYBUS_ENABLE_TLS */ + void test_greybus_setup(void) { struct sockaddr sa; socklen_t sa_len; int family; uint16_t *port; + int proto = IPPROTO_TCP; int r; + if (IS_ENABLED(CONFIG_GREYBUS_ENABLE_TLS)) { + proto = IPPROTO_TLS_1_2; + } + if (IS_ENABLED(CONFIG_NET_IPV6)) { family = AF_INET6; net_sin6(&sa)->sin6_family = AF_INET6; - inet_pton(family, MY_IPV6_ADDR, &net_sin6(&sa)->sin6_addr); + r = inet_pton(family, MY_IPV6_ADDR, + &net_sin6(&sa)->sin6_addr); + __ASSERT(r == 1, "%s is not a valid IPv6 address", + MY_IPV6_ADDR); port = &net_sin6(&sa)->sin6_port; sa_len = sizeof(struct sockaddr_in6); } else if (IS_ENABLED(CONFIG_NET_IPV4)) { family = AF_INET; net_sin(&sa)->sin_family = AF_INET; - inet_pton(family, MY_IPV4_ADDR, &net_sin(&sa)->sin_addr); + r = inet_pton(family, MY_IPV4_ADDR, + &net_sin(&sa)->sin_addr); + __ASSERT(r == 1, "%s is not a valid IPv4 address", + MY_IPV4_ADDR); port = &net_sin(&sa)->sin_port; sa_len = sizeof(struct sockaddr_in); } else { @@ -103,12 +139,47 @@ void test_greybus_setup(void) { gpio_dev = (struct device *)device_get_binding(GPIO_DEV_NAME); zassert_not_equal(gpio_dev, NULL, "failed to get device binding for " GPIO_DEV_NAME); - r = socket(family, SOCK_STREAM, 0); - __ASSERT(r >= 0, "connect: %d", errno); - fd = r; + r = socket(family, SOCK_STREAM, proto); + __ASSERT(r >= 0, "socket: %d", errno); + fd = r; + + if (IS_ENABLED(CONFIG_GREYBUS_ENABLE_TLS)) { + + if(IS_ENABLED(CONFIG_GREYBUS_TLS_CLIENT_VERIFY_OPTIONAL) + || IS_ENABLED(CONFIG_GREYBUS_TLS_CLIENT_VERIFY_REQUIRED)) { + LOG_DBG("Adding Client Certificate (Public Key) (%zu bytes)", sizeof(greybus_client)); + r = tls_credential_add(GB_TLS_CLIENT_CERT_TAG, TLS_CREDENTIAL_SERVER_CERTIFICATE, + greybus_client, sizeof(greybus_client)); + __ASSERT(r == 0, "tls_credential_add: %d", r); + LOG_DBG("Adding Client Certificate (Private Key) (%zu bytes)", sizeof(greybus_client_privkey)); + r = tls_credential_add(GB_TLS_CLIENT_CERT_TAG, TLS_CREDENTIAL_PRIVATE_KEY, + greybus_client_privkey, sizeof(greybus_client_privkey)); + __ASSERT(r == 0, "tls_credential_add: %d", r); + } else { + LOG_DBG("Adding CA Certificate (%zu bytes)", sizeof(greybus_client)); + r = tls_credential_add(GB_TLS_CA_CERT_TAG, TLS_CREDENTIAL_CA_CERTIFICATE, + greybus_ca, sizeof(greybus_ca)); + __ASSERT(r == 0, "tls_credential_add: %d", r); + } + + static const sec_tag_t sec_tag_opt[] = { + GB_TLS_CA_CERT_TAG, +#if defined(CONFIG_GREYBUS_TLS_CLIENT_VERIFY_OPTIONAL) \ + || defined(CONFIG_GREYBUS_TLS_CLIENT_VERIFY_REQUIRED) + GB_TLS_CLIENT_CERT_TAG, +#endif + }; + + r = setsockopt(fd, SOL_TLS, TLS_SEC_TAG_LIST, sec_tag_opt, sizeof(sec_tag_opt)); + __ASSERT(r != -1, "setsockopt: Failed to set SEC_TAG_LIST (%d)", errno); - r = connect(fd, &sa, sa_len); - __ASSERT(r == 0, "connect: %d", errno); + r = setsockopt(fd, SOL_TLS, TLS_HOSTNAME, "localhost", + strlen("localhost")); + __ASSERT(r != -1, "setsockopt: Failed to set TLS_HOSTNAME (%d)", errno); + } + + r = connect(fd, &sa, sa_len); + __ASSERT(r == 0, "connect: %d", errno); } void test_greybus_teardown(void) { @@ -129,7 +200,7 @@ static void tx_rx(const struct gb_operation_hdr *req, struct gb_operation_hdr *r size = sys_le16_to_cpu(req->size); r = send(fd, req, size, 0); - zassert_not_equal(r, -1, "send: %s", errno); + zassert_not_equal(r, -1, "send: %d", errno); zassert_equal(r, size, "write: expected: %d actual: %d", size, r); for(;;) { @@ -137,20 +208,17 @@ static void tx_rx(const struct gb_operation_hdr *req, struct gb_operation_hdr *r pollfd.fd = fd; pollfd.events = POLLIN; - LOG_DBG("calling poll on 1 file"); r = poll(&pollfd, 1, TIMEOUT_MS); - LOG_DBG("poll returned %d", r); if (r == 0) { - LOG_DBG("poll returned 0 (timeout?)"); + // there was a timeout... wait, really?? continue; } + zassert_not_equal(r, -1, "poll: %s", errno); //zassert_not_equal(r, 0, "timeout waiting for response"); zassert_equal(r, 1, "invalid number of pollfds with data: %d", r); - LOG_DBG("calling recv on fd %d", fd); r = recv(fd, rsp, hdr_size, 0); - LOG_DBG("recv returned %d", r); zassert_not_equal(r, -1, "recv: %s", errno); zassert_equal(hdr_size, r, "recv: expected: %u actual: %u", (unsigned)hdr_size, r); diff --git a/tests/subsys/greybus/gpio/testcase.yaml b/tests/subsys/greybus/gpio/testcase.yaml index 882f621..466350c 100644 --- a/tests/subsys/greybus/gpio/testcase.yaml +++ b/tests/subsys/greybus/gpio/testcase.yaml @@ -2,3 +2,25 @@ tests: subsys.greybus.gpio: tags: greybus harness: ztest + platform_allow: mps2_an385 qemu_cortex_m3 + subsys.greybus.gpio.tls: + tags: greybus tls + harness: ztest + # build_only for now due to issues in Zephyr mbedTLS / IPPROTO_TLS_1_2 + # for details see cfriedt/greybus-for-zephyr#34 + build_only: True + platform_allow: mps2_an385 qemu_x86_64 + extra_configs: + - CONFIG_GREYBUS_ENABLE_TLS=y + - CONFIG_GREYBUS_TLS_BUILTIN=y + - CONFIG_NET_SOCKETS_SOCKOPT_TLS=y + - CONFIG_TLS_CREDENTIALS=y + - CONFIG_NET_PKT_RX_COUNT=64 + - CONFIG_NET_PKT_TX_COUNT=64 + - CONFIG_NET_BUF_RX_COUNT=64 + - CONFIG_NET_BUF_TX_COUNT=64 + - CONFIG_TLS_MAX_CREDENTIALS_NUMBER=5 + - CONFIG_NET_SOCKETS_TLS_MAX_CONTEXTS=10 + - CONFIG_ZTEST_STACKSIZE=8192 + - CONFIG_HEAP_MEM_POOL_SIZE=32768 + - CONFIG_PTHREAD_DYNAMIC_STACK_DEFAULT_SIZE=8192 diff --git a/zephyr-sys-byteorder-posix.patch b/zephyr-sys-byteorder-posix.patch index 95034d1..4df2c2e 100644 --- a/zephyr-sys-byteorder-posix.patch +++ b/zephyr-sys-byteorder-posix.patch @@ -68,25 +68,25 @@ index fc5c56056e..7830d7dde2 100644 +#define sys_cpu_to_le64(val) (val) +#define sys_be16_to_cpu(val) __builtin_bswap16(val) +#define sys_cpu_to_be16(val) __builtin_bswap16(val) -+#define sys_be24_to_cpu(val) __builtin_bswap24(val) -+#define sys_cpu_to_be24(val) __builtin_bswap24(val) ++#define sys_be24_to_cpu(val) __bswap_24(val) ++#define sys_cpu_to_be24(val) __bswap_24(val) +#define sys_be32_to_cpu(val) __builtin_bswap32(val) +#define sys_cpu_to_be32(val) __builtin_bswap32(val) -+#define sys_be48_to_cpu(val) __builtin_bswap48(val) -+#define sys_cpu_to_be48(val) __builtin_bswap48(val) ++#define sys_be48_to_cpu(val) __bswap_48(val) ++#define sys_cpu_to_be48(val) __bswap_48(val) +#define sys_be64_to_cpu(val) __builtin_bswap64(val) +#define sys_cpu_to_be64(val) __builtin_bswap64(val) +#elif __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ -+#define sys_le16_to_cpu(val) __bswap_16(val) -+#define sys_cpu_to_le16(val) __bswap_16(val) ++#define sys_le16_to_cpu(val) __builtin_bswap_16(val) ++#define sys_cpu_to_le16(val) __builtin_bswap_16(val) +#define sys_le24_to_cpu(val) __bswap_24(val) +#define sys_cpu_to_le24(val) __bswap_24(val) -+#define sys_le32_to_cpu(val) __bswap_32(val) -+#define sys_cpu_to_le32(val) __bswap_32(val) ++#define sys_le32_to_cpu(val) __builtin_bswap_32(val) ++#define sys_cpu_to_le32(val) __builtin_bswap_32(val) +#define sys_le48_to_cpu(val) __bswap_48(val) +#define sys_cpu_to_le48(val) __bswap_48(val) -+#define sys_le64_to_cpu(val) __bswap_64(val) -+#define sys_cpu_to_le64(val) __bswap_64(val) ++#define sys_le64_to_cpu(val) __builtin_bswap_64(val) ++#define sys_cpu_to_le64(val) __builtin_bswap_64(val) +#define sys_be16_to_cpu(val) (val) +#define sys_cpu_to_be16(val) (val) +#define sys_be24_to_cpu(val) (val)