Add TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 to the list for use with x509
certificates. The LWM2M v1.1 specification says that a LWM2M client
which used X509 certificates must support this ciphersuite and
additional ciphersuites may be supported.
Signed-off-by: Jeroen Broersen <jbroersen@interact.nl>
Currently GCC complains that temp64 may be used uninitialized in this
function. Adds a check to ensure time is valid before assignining
and fixes GCC warning.
Signed-off-by: Brandon Allen <brandon.allen@exacttechnology.com>
System lists are not thread safe, therefore all accesses should be
protected with a mutex. Introduce a LwM2M context specific mutex,
and use it whenever lists defined per-context are acessed.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
The LwM2M message allocation was not thread safe, i. e. the message was
acquired by setting the ctx pointer, and it was freed by clearing the
entire message structure.
If preemptive threads were enabled, and memset() clearing the message
content was preempted, the message structure being currently zeroed
migh've been allocated and initialized by some other thread. If the
thread releasing the message resumed work, it would continue clearing
the freshly allocated and initialized message structure.
In order to prevent this, introduce a new global mutex for the lwm2m
engine global variables. The mutex is used when LwM2M message is
allocated/deallocated. This will prevent reallocating the message
during the release process.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
CONFIG_ZVFS_POLL_MAX is now used to control the maximum number of poll()
entires. Thereby, CONFIG_NET_SOCKETS_POLL_MAX is redundant and shall
be deprecated.
Modify the defaults for NET_SOCKETS_POLL_MAX and ZVS_POLL_MAX so that
the deprecation actually makes sense instead of symbol removal. In case
the application still sets the old config, it will modify the
ZVS_POLL_MAX default.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
Signed-off-by: Chris Friedt <cfriedt@tenstorrent.com>
Use security mode (PSK or X509) to detect if we should
set the socket option to verify hostname.
PSK security mode cannot verify hostnames as this information
is coming in the certificate, so don't set the options.
Signed-off-by: Seppo Takalo <seppo.takalo@nordicsemi.no>
For code clarity, this commit adjusts the use of `return` statements
in functions with a void return type as follows:
- Transform `return foo();` into separate statements:
`foo();`
`return;`
- Remove unnecessary `return` statements when
they don't affect control flow.
Signed-off-by: Pisit Sawangvonganan <pisit@ndrsolution.com>
For composite operations, we should always check whether the TLV header
is present. Otherwise, all blocks are assigned to one resource.
Signed-off-by: Simon Walz <simon.walz@autosen.com>
The Block1 context for composite operations is not found, as all path
levels are compared. The incoming path level should therefore always be
taken into account.
Signed-off-by: Simon Walz <simon.walz@autosen.com>
LwM2M 1.1 specification mentions that the enabler version format was
specified wrongly in LwM2M 1.0 specification, and servers only "may"
accept the old format, which no longer seems to be the case for Leshan.
The URI reference ("</>;") before the enabler version is now mandatory,
if it's missing the bootstrap discovery fails with Leshan. Another
problem are quotes around the enabler version, which seems to be
conditionally accepted only for LwM2M version 1.0. Therefore, keep the
quotes only for that version, to prevent any potential issues with other
servers.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
The lwm2m_check_buf_sizes() function was not checking resources of
type LWM2M_RES_TYPE_U16, which could lead to potential overflows
when writing larger data types into U16 resources. Add a case for
LWM2M_RES_TYPE_U16 to properly validate the buffer size.
Fixes#77016
Signed-off-by: Hyunsu Yoon <piedroconti@naver.com>
LwM2M SEND functionality is defined in LwM2M v1.1
So quard the condition with protocol version, not
server object version.
Signed-off-by: Seppo Takalo <seppo.takalo@nordicsemi.no>
Add name to choice symbol, so that default value can be changed
downstream.
Developed-by: Andreas Rudolf <andreas.rudolf@husqvarnagroup.com>
Signed-off-by: Reto Schneider <reto.schneider@husqvarnagroup.com>
SenML is technically a JSON based format which can
be encoded as a CBOR. SenML-CBOR specification in
RFC 8428 section 6 states that numbers can be decoded
as an integer.
Also RFC 7049 section 4.2 states that JSON numbers
without fractional part can be decoded as an integer.
I have seen with one commercial LwM2M platform that
the decoder they use, sends floating point values as
integers, if there is no fractional part.
So LwM2M engine cannot assume from the path that
the incomming number is either float or int. Accept both.
Signed-off-by: Seppo Takalo <seppo.takalo@nordicsemi.no>
On a successful update we should reset the retry counter, similarly
like we do on successful registration.
Signed-off-by: Seppo Takalo <seppo.takalo@nordicsemi.no>
When socket errors call sm_handle_timeout_state() we might be
in a state where application assumes we are in registered state
but we are dropping it.
Therefore we must ensure that all registration states emit either
REGISTRATION_TIMEOUT event for application to indicate that
we have lost the connection to server.
Signed-off-by: Seppo Takalo <seppo.takalo@nordicsemi.no>
Parse the more flag in coap_get_block2_option(), so that the function
can be used not only with requests but also with replies (where the more
flag should not be ignored).
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
The block number in block1/2 options can be encoded on up to 20 bits
according to RFC 7959, therefore the underlying type used in helper
functions to retrieve the block number should be large enough to hold
the result. Therefore, replace the container for block number with
uint32_t instead of uint8_t.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
When LwM2M engine is requested to stop,
emit the disconnected event unconditionally.
There is really no reason to skip the event
on network error, or if we have never been registered.
Fixes#76422
Signed-off-by: Seppo Takalo <seppo.takalo@nordicsemi.no>
Changes include:
- Introducing a local `ctx` variable to replace multiple
`sock_ctx[i]` references.
- Using a local `revents` variable to simplify repeated
`sock_fds[i].revents` checks.
- Consolidating conditional checks for socket events
(ZSOCK_POLLERR, ZSOCK_POLLNVAL, and ZSOCK_POLLHUP) as they are
individual bit definitions, allowing them to be checked simultaneously.
Signed-off-by: Pisit Sawangvonganan <pisit@ndrsolution.com>
Enable hostname verification in DTLS handshake when server URI contains
valid hostname.
When URI is given just as IP address, don't fill up the
ctx->desthosname or enable hostname verification.
Signed-off-by: Seppo Takalo <seppo.takalo@nordicsemi.no>
Utilize a code spell-checking tool to scan for and correct spelling errors
in all files within the `subsys/net/lib/lwm2m` directory.
Signed-off-by: Pisit Sawangvonganan <pisit@ndrsolution.com>
Coverity reported that a formula used to calculate the next expected
block in case the block size from the request differs our own block size
has a bug. The expression used to calculate the block size diff would
evaluate to an unsigned integer, giving (wrongly) enormous results in
case block size from the request is smaller than the Zephyr's default.
It turns out however, that this formula is no longer needed at all.
Since commit d3081e2f30, Zephyr's LwM2M
implementation will no longer negotiate the block size in case of write
operation, but simply comply with the block size included in the
request. This means that calculating the diff makes no longer sense and
can be safely removed - the next expected block number should be simply
increased by 1.
Signed-off-by: Robert Lubos <robert.lubos@nordicsemi.no>
`lwm2m_engine_get_resource()` has been mark for deprecation for
more than 2 releases, but we are still using it in tree now,
because the `__deprecated` marker was probably forgotten in the
initial deprecation commit.
Signed-off-by: Yong Cong Sin <ycsin@meta.com>
Allow DTLS handshake to be retried before the engine
drops into bootstrap. Otherwise any termporary failure,
for example DNS failure might drop us into bootstrap
without retrying.
Now all the retry logic should be in sm_do_network_error().
sm_do_registration() should only fall back to bootstrap
if there is configuration error.
Signed-off-by: Seppo Takalo <seppo.takalo@nordicsemi.no>
In case we want to immediately send empty Ack to server,
we should bypass all send queues.
This is required when we try to send Ack from callbacks
that happen from socket-loop context. On those cases
the Ack would have not been send because the callback
might be blocking the socket-loop while processing
a request (like write callbacks).
Signed-off-by: Seppo Takalo <seppo.takalo@nordicsemi.no>
When we receive CoAP packets, it is in input buffer
that is size of NET_IPV6_MTU.
So in reality, we can handle bigger Block-Wise writes
than CONFIG_LWM2M_COAP_BLOCK_SIZE.
So if parsing of CoAP packet has passed, continue
with the same block-size instead of going to default.
Signed-off-by: Seppo Takalo <seppo.takalo@nordicsemi.no>
The POSIX_CLOCK option does not correspond to any standard
option. It was used to active features of several distinct
POSIX Options and Option Groups, which complicated API and
application configuration as a result.
POSIX_CLOCK is being deprecated in order to ensure that Zephyr's
POSIX Kconfig variables correspond to those defined in the
specification, as of IEEE 1003.1-2017.
Additionally, CONFIG_TIMER is being deprecated because it does
not match the corresponding POSIX Option (_POSIX_TIMERS).
With this deprecation, we introduce the following Kconfig
options that map directly to standard POSIX Option Groups by
simply removing "CONFIG_":
* CONFIG_POSIX_TIMERS
Similarly, we introduce the following Kconfig options that
map directly to standard POSIX Options by simply removing
"CONFIG":
* CONFIG_POSIX_CLOCK_SELECTION
* CONFIG_POSIX_CPUTIME
* CONFIG_POSIX_DELAYTIMER_MAX
* CONFIG_POSIX_MONOTONIC_CLOCK
* CONFIG_POSIX_TIMEOUTS
* CONFIG_POSIX_TIMER_MAX
In order to maintain parity with the current feature set, we
introduce the following Kconfig options that map directly to
standard POSIX Option Groups by simply removing "CONFIG_":
* CONFIG_POSIX_MULTI_PROCESS - sleep()
Similarly, in order to maintain parity with the current feature
set, we introduce the following additional Kconfig options that
map directly to standard POSIX Options by simply removing
"CONFIG":
* CONFIG_XSI_SINGLE_PROCESS - gettimeofday()
Signed-off-by: Chris Friedt <cfriedt@tenstorrent.com>
When calculating the offset for blockwise writes,
we should not advance the block_ctx->current field
past the block boundary.
It causes CoAP layer to reply with the next NUM field
instead of the current one being processed.
Signed-off-by: Seppo Takalo <seppo.takalo@nordicsemi.no>
When tests control the LwM2M client entirely through
shell, we should be able to set the RD client context
from the application without causing RD client to
start registration.
Signed-off-by: Seppo Takalo <seppo.takalo@nordicsemi.no>
When opaque resources have post-write callback set, but
the write is not a Block-Wise write, there is no block_ctx
and the code causes null pointer dereference when calculating
the offset of the data.
Signed-off-by: Seppo Takalo <seppo.takalo@nordicsemi.no>
Allow Block-Wise writes to resources that have enough buffer for
the whole content. Calculate the offset before calling the
content specific write handlers when callback is not set.
Previously only resources with post-write callback were able to
assemble the content.
Signed-off-by: Seppo Takalo <seppo.takalo@nordicsemi.no>
When Block-Wise transfer restarts, the post-write callback should
receive some indication that the block is actually a beginning of new,
instead of part of previous transfer.
Fixes#71351
Signed-off-by: Seppo Takalo <seppo.takalo@nordicsemi.no>
Two issues fixed:
When pull-context is created, it does not have to wake up the RD
client context. Ignore the EPERM warning.
When new pull-context creates a new socket, sometimes socket-loop
gets to recvfrom() before we have set O_NONBLOCK on the socket.
So use ZSOCK_MSG_DONTWAIT on zsock_recvfrom() so it does not
block the socket loop.
Fixes#71450
Signed-off-by: Seppo Takalo <seppo.takalo@nordicsemi.no>
Kconfig option to enable object version reporting should
be moved into sub section "Engine features" so
it does not clutter up the main LwM2M menu.
Signed-off-by: Seppo Takalo <seppo.takalo@nordicsemi.no>
Jeroen Broersen