Merge pull request #16861 from miri64/sock_dodtls/feat/initial

sock_dodtls: Initial import of a DNS over DTLS client

sys/Makefile

@@ -146,6 +146,9 @@ endif
 ifneq (,$(filter sock_dns_mock,$(USEMODULE)))
   DIRS += net/application_layer/sock_dns_mock
 endif
+ifneq (,$(filter sock_dodtls,$(USEMODULE)))
+  DIRS += net/application_layer/sock_dodtls
+endif
 ifneq (,$(filter sock_util,$(USEMODULE)))
   DIRS += net/sock
 endif

sys/Makefile.dep

@@ -602,6 +602,15 @@ ifneq (,$(filter sock_dns,$(USEMODULE)))
   USEMODULE += posix_headers
 endif
 
+ifneq (,$(filter sock_dodtls,$(USEMODULE)))
+  USEMODULE += dns_msg
+  USEMODULE += sock_dtls
+  USEMODULE += sock_udp
+  USEMODULE += sock_util
+  USEMODULE += posix_headers
+  USEMODULE += ztimer_msec
+endif
+
 ifneq (,$(filter dns_cache,$(USEMODULE)))
   USEMODULE += ztimer_msec
   USEMODULE += checksum

sys/include/net/sock/dodtls.h

@@ -0,0 +1,147 @@
+/*
+ * Copyright (C) 2021 Freie Universität Berlin
+ *
+ * This file is subject to the terms and conditions of the GNU Lesser
+ * General Public License v2.1. See the file LICENSE in the top level
+ * directory for more details.
+ */
+
+/**
+ * @defgroup    net_sock_dodtls     DNS over DTLS sock API
+ * @ingroup     net_sock
+ *
+ * @brief       Sock DNS over DTLS client
+ *
+ * @see         [RFC 8094](https://datatracker.ietf.org/doc/html/rfc8094)
+ *
+ * @experimental    This implementation is in an experimental state.
+ *                  RFC 8094 requires DNS over TLS (DoT) as a fall-back for the
+ *                  [PMTU issues](https://datatracker.ietf.org/doc/html/rfc8094#section-5)).
+ *                  This fallback is not in place in this implementation.
+ *                  Consequently, [EDNS(0)](https://datatracker.ietf.org/doc/html/rfc6891)
+ *                  to negotiate maximum response size is also not in place.
+ *
+ * @{
+ *
+ * @file
+ * @brief   DNS over DTLS sock definitions
+ *
+ * @author  Martine S. Lenders <[email protected]>
+ */
+
+#ifndef NET_SOCK_DODTLS_H
+#define NET_SOCK_DODTLS_H
+
+#include "net/sock/dtls.h"
+#include "net/sock/udp.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @name DNS over DTLS defines
+ * @{
+ */
+#define SOCK_DODTLS_PORT                    (853)   /**< Default DNS over DTLS server port */
+
+/**
+ * @defgroup    net_sock_dodtls_conf DNS over DTLS compile-time configuration
+ * @ingroup     config
+ * @{
+ */
+#ifndef CONFIG_SOCK_DODTLS_RETRIES
+#define CONFIG_SOCK_DODTLS_RETRIES          (2)     /**< Number of DNS over DTLS query retries */
+#endif
+
+/**
+ * @brief   Timeout for DNS over DTLS queries in milliseconds
+ */
+#ifndef CONFIG_SOCK_DODTLS_TIMEOUT_MS
+#define CONFIG_SOCK_DODTLS_TIMEOUT_MS       (1000U)
+#endif
+/** @} */
+
+/**
+ * @brief   Maximum name length for a DNS over DTLS query
+ */
+#define SOCK_DODTLS_MAX_NAME_LEN            (CONFIG_DNS_MSG_LEN - sizeof(dns_hdr_t) - 4)
+/** @} */
+
+/**
+ * @brief Get IP address for DNS name
+ *
+ * This function will synchronously try to resolve a DNS A or AAAA record by contacting
+ * the DNS server specified in the global variable @ref sock_dns_server.
+ *
+ * By supplying AF_INET, AF_INET6 or AF_UNSPEC in @p family requesting of A
+ * records (IPv4), AAAA records (IPv6) or both can be selected.
+ *
+ * This function will return the first DNS record it receives. IF both A and
+ * AAAA are requested, AAAA will be preferred.
+ *
+ * @note @p addr_out needs to provide space for any possible result!
+ *       (4byte when family==AF_INET, 16byte otherwise)
+ *
+ * @param[in]   domain_name     DNS name to resolve into address
+ * @param[out]  addr_out        buffer to write result into
+ * @param[in]   family          Either AF_INET, AF_INET6 or AF_UNSPEC
+ *
+ * @return      the size of the resolved address on success
+ * @return      -ECONNREFUSED, when a DNS over DTLS server  is not configured.
+ * @return      -ENOSPC, when the length of @p domain_name is greater than @ref
+ *              SOCK_DODTLS_MAX_NAME_LEN.
+ * @return      -EBADSG, when the DNS reply is not parseable.
+ */
+int sock_dodtls_query(const char *domain_name, void *addr_out, int family);
+
+/**
+ * @brief       Get currently configured DNS over DTLS server endpoint
+ *
+ * @param[out] server   The currently configured DNS over DTLS server endpoint.
+ *                      May not be NULL on input.
+ *
+ * @return  0 if @p server was set.
+ * @return  -ENOTCONN, when currently no server is configured.
+ */
+int sock_dodtls_get_server(sock_udp_ep_t *server);
+
+/**
+ * @brief   Return the sock used by the DNS over DTLS client
+ *
+ * @return  The sock used by the DNS over DTLS client
+ */
+sock_dtls_t *sock_dodtls_get_dtls_sock(void);
+
+/**
+ * @brief   Return the DTLS ssession used by the DNS over DTLS client
+ *
+ * @return  The DTLS session used by the DNS over DTLS client
+ */
+sock_dtls_session_t *sock_dodtls_get_server_session(void);
+
+/**
+ * @brief       Configure and establish session with DNS over DTLS server
+ *
+ * @param[in] server    A DNS over DTLS server endpoint. May be NULL to
+ *                      destroy the session with and unset the currently
+ *                      configured server.
+ * @param[in] creds     DTLS credentials for the server (see @ref net_credman).
+ *                      May be NULL, when @p server is also NULL.
+ *
+ * @return  0 on success.
+ * @return  -EINVAL, if @p cred contains invalid values.
+ * @return  -ENOSPC, if @p cred does not fit into @ref net_credman.
+ * @return  Any other negative errno potentially returned by @ref sock_udp_create(),
+ *          @ref sock_dtls_create(), @ref sock_dtls_session_init() or
+ *          @ref sock_dtls_recv().
+ */
+int sock_dodtls_set_server(const sock_udp_ep_t *server,
+                           const credman_credential_t *creds);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* NET_SOCK_DODTLS_H */
+/** @} */

sys/net/application_layer/Kconfig

@@ -15,6 +15,7 @@ endmenu # CoAP
 rsource "cord/Kconfig"
 rsource "dhcpv6/Kconfig"
 rsource "dns/Kconfig"
+rsource "sock_dodtls/Kconfig"
 
 menu "MQTT-SN"
 

sys/net/application_layer/sock_dodtls/Kconfig

@@ -0,0 +1,24 @@
+# Copyright (C) 2021 Freie Universität Berlin
+#
+#
+# This file is subject to the terms and conditions of the GNU Lesser
+# General Public License v2.1. See the file LICENSE in the top level
+# directory for more details.
+#
+menuconfig KCONFIG_USEMODULE_SOCK_DODTLS
+    bool "Configure DNS over DTLS"
+    depends on USEMODULE_SOCK_DODTLS
+    help
+        Configure DNS over DTLS using Kconfig.
+
+if KCONFIG_USEMODULE_SOCK_DODTLS
+
+config SOCK_DODTLS_RETRIES
+    int "Number of DNS over DTLS query retries"
+    default 2
+
+config SOCK_DODTLS_TIMEOUT_MS
+    int "Timeout for DNS over DTLS queries in milliseconds"
+    default 1000
+
+endif # KCONFIG_USEMODULE_SOCK_DODTLS

sys/net/application_layer/sock_dodtls/Makefile

@@ -0,0 +1 @@
+include $(RIOTBASE)/Makefile.base