samples: mgmt: mcumgr: smp_svr: Add udp_dtls sample

Adds a sample which demonstrates how to use DTLS over UDP. This
copies the certificate files from the echo server sample to use as
dummy certificates

Signed-off-by: Jamie McCrae <[email protected]>

Author: nordicjm

samples/subsys/mgmt/mcumgr/smp_svr/CMakeLists.txt

@@ -14,3 +14,22 @@ project(smp_svr)
 
 target_sources(app PRIVATE src/main.c)
 target_sources_ifdef(CONFIG_MCUMGR_TRANSPORT_BT app PRIVATE src/bluetooth.c)
+
+if(CONFIG_MCUMGR_TRANSPORT_UDP_DTLS)
+  # Use dummy certificate files
+  set(cert_dir certificates)
+  set(cert_files echo-apps-cert.der;echo-apps-key.der)
+  set(gen_dir ${ZEPHYR_BINARY_DIR}/include/generated)
+
+  message(WARNING "Using dummy certificate files, these are provided for demonstration only")
+
+  foreach(inc_file ${cert_files})
+    generate_inc_file_for_target(
+      app
+      ${cert_dir}/${inc_file}
+      ${gen_dir}/${inc_file}.inc
+    )
+  endforeach()
+
+  target_sources(app PRIVATE src/udp_dtls.c)
+endif()

samples/subsys/mgmt/mcumgr/smp_svr/certificates/echo-apps-cert.der

@@ -37,6 +37,16 @@ tests:
       - frdm_k64f
     integration_platforms:
       - frdm_k64f
+  sample.mcumgr.smp_svr.udp_dtls:
+    extra_args:
+      - EXTRA_CONF_FILE="udp_dtls.conf"
+      - CONFIG_IMG_MANAGER=n
+      - SB_CONFIG_BOOTLOADER_NONE=y
+    platform_allow:
+      - native_sim
+    integration_platforms:
+      - native_sim
+    build_only: true
   sample.mcumgr.smp_svr.udp.802154.subg:
     extra_args: EXTRA_CONF_FILE="udp.conf;802154-subg.conf"
     platform_allow: beagleconnect_freedom

samples/subsys/mgmt/mcumgr/smp_svr/certificates/echo-apps-key.der

@@ -5,3 +5,4 @@
  */
 
 void start_smp_bluetooth_adverts(void);
+int setup_udp_dtls(void);

samples/subsys/mgmt/mcumgr/smp_svr/sample.yaml

@@ -17,6 +17,9 @@
 #ifdef CONFIG_MCUMGR_GRP_STAT
 #include <zephyr/mgmt/mcumgr/grp/stat_mgmt/stat_mgmt.h>
 #endif
+#ifdef CONFIG_MCUMGR_TRANSPORT_UDP_DTLS
+#include <zephyr/mgmt/mcumgr/transport/smp_udp.h>
+#endif
 
 #define LOG_LEVEL LOG_LEVEL_DBG
 #include <zephyr/logging/log.h>
@@ -67,6 +70,20 @@ int main(void)
 	}
 #endif
 
+#ifdef CONFIG_MCUMGR_TRANSPORT_UDP_DTLS
+	rc = setup_udp_dtls();
+
+	if (rc == 0) {
+		rc = smp_udp_open();
+
+		if (rc != 0) {
+			LOG_ERR("UDP transport open failed: %d", rc);
+		}
+	} else {
+		LOG_ERR("TLS init failed, cannot start UDP transport");
+	}
+#endif
+
 #ifdef CONFIG_MCUMGR_TRANSPORT_BT
 	start_smp_bluetooth_adverts();
 #endif

samples/subsys/mgmt/mcumgr/smp_svr/src/common.h

@@ -0,0 +1,43 @@
+/*
+ * Copyright (c) 2025 Nordic Semiconductor ASA
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+#include <zephyr/kernel.h>
+#include <zephyr/net/tls_credentials.h>
+#include <zephyr/logging/log.h>
+
+LOG_MODULE_DECLARE(smp_sample);
+
+static const unsigned char server_certificate[] = {
+#include "echo-apps-cert.der.inc"
+};
+
+/* This is the private key in pkcs#8 format. */
+static const unsigned char private_key[] = {
+#include "echo-apps-key.der.inc"
+};
+
+int setup_udp_dtls(void)
+{
+	int rc;
+
+	rc = tls_credential_add(CONFIG_MCUMGR_TRANSPORT_UDP_DTLS_TLS_TAG,
+				TLS_CREDENTIAL_PUBLIC_CERTIFICATE, server_certificate,
+				sizeof(server_certificate));
+
+	if (rc < 0) {
+		LOG_ERR("Failed to register public certificate: %d", rc);
+		return rc;
+	}
+
+	rc = tls_credential_add(CONFIG_MCUMGR_TRANSPORT_UDP_DTLS_TLS_TAG,
+				TLS_CREDENTIAL_PRIVATE_KEY, private_key, sizeof(private_key));
+
+	if (rc < 0) {
+		LOG_ERR("Failed to register private key: %d", rc);
+	}
+
+	return rc;
+}

samples/subsys/mgmt/mcumgr/smp_svr/src/main.c

@@ -0,0 +1,38 @@
+# Enable the UDP DTLS MCUmgr transport.
+CONFIG_MCUMGR_TRANSPORT_UDP=y
+CONFIG_MCUMGR_TRANSPORT_UDP_DTLS=y
+CONFIG_MCUMGR_TRANSPORT_UDP_IPV4=y
+CONFIG_MCUMGR_TRANSPORT_UDP_IPV6=y
+
+# Network settings
+CONFIG_NETWORKING=y
+CONFIG_NET_UDP=y
+CONFIG_NET_IPV4=y
+CONFIG_NET_IPV6=y
+CONFIG_NET_SOCKETS=y
+CONFIG_NET_SOCKETS_SOCKOPT_TLS=y
+CONFIG_NET_SOCKETS_ENABLE_DTLS=y
+CONFIG_NET_SOCKETS_DTLS_TIMEOUT=30000
+CONFIG_NET_SOCKETS_DTLS_MAX_FRAGMENT_LENGTH=2048
+CONFIG_NET_SOCKETS_DTLS_SENDMSG_BUF_SIZE=0
+CONFIG_NET_SOCKETS_TLS_MAX_CONTEXTS=4
+CONFIG_NET_SOCKETS_TLS_MAX_CREDENTIALS=4
+CONFIG_NET_SOCKETS_TLS_MAX_CIPHERSUITES=4
+CONFIG_NET_SOCKETS_TLS_MAX_CLIENT_SESSION_COUNT=1
+CONFIG_NET_CONNECTION_MANAGER=y
+CONFIG_NET_CONFIG_SETTINGS=y
+CONFIG_TEST_RANDOM_GENERATOR=y
+CONFIG_NET_CONFIG_MY_IPV4_ADDR="192.168.1.1"
+CONFIG_NET_CONFIG_MY_IPV6_ADDR="2001:db8::1"
+
+# mbedtls settings
+CONFIG_MBEDTLS_TLS_VERSION_1_2=y
+CONFIG_MBEDTLS_DTLS=y
+CONFIG_MBEDTLS_RSA_C=y
+CONFIG_MBEDTLS_PKCS1_V15=y
+CONFIG_MBEDTLS_PKCS1_V21=y
+CONFIG_MBEDTLS_KEY_EXCHANGE_RSA_ENABLED=y
+CONFIG_MBEDTLS_MD=y
+CONFIG_MBEDTLS_SSL_MAX_CONTENT_LEN=2048
+CONFIG_MBEDTLS_ENABLE_HEAP=y
+CONFIG_MBEDTLS_HEAP_SIZE=60000