Skip to content

Commit

Permalink
Merge pull request #83 from PelionIoT/release-4.9.0
Browse files Browse the repository at this point in the history
mbed-cloud-client 4.9.0
  • Loading branch information
Risto Huhtala authored May 21, 2021
2 parents 3f00170 + 982b873 commit 64904a1
Show file tree
Hide file tree
Showing 154 changed files with 6,814 additions and 3,382 deletions.
56 changes: 46 additions & 10 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,26 +1,62 @@
## Changelog for Pelion Device Management Client

### Release 4.9.0 (20.05.2021)

### Device Management Client

- Fixed a race condition in the handling of message status callback (particularly the handling of `MESSAGE_STATUS_SENT`). Previously, it was getting reported just before the operation had finished successfully.
- Added support for TLV to single resource.
- PUT to a resource 1/0/1 now triggers a registration update.
- POST to a resource 1/0/4 now triggers a deregister process.
- Removed deprecated STL APIs. These APIs and classes were removed:
- `SimpleM2MResource*`.
- `MbedCloudClient::set_device_resource_value(M2MDevice::DeviceResource resource, const std::string &value)`.
- `MbedCloudClient::register_update_callback(string route, SimpleM2MResourceBase* resource)`.
- Added new API `MbedCloudClient::alert()` to send high-priority messages.
- In alert mode, Device Management Client halts all data sendings/active operations and waits for priority data to be sent.
- Added new status callback API `MbedCloudClient::on_status_changed()`, which replaces these callback APIs:
- `MbedCloudClient::on_registered()`.
- `MbedCloudClient::on_unregistered()`.
- `MbedCloudClient::on_registration_updated()`.
- The old APIs are deprecated and will be removed in a future release.
- Added option to reduce traffic in bootstrap flow:
- `MBED_CONF_MBED_CLIENT_BOOTSTRAP_PIGGYBACKED_RESPONSE` flag added to control whether delay or piggybacked response is used. By default, piggybacked response type is used.
- Piggybacked response can be disabled by setting `mbed-client.bootstrap-piggybacked-response" : 0` in `mbed_app.json`.
- Fixed register and register update content type to `COAP_CT_LINK_FORMAT` (Core Link Format).
- Fixed a memory leak when `setup()` and `close()` were called multiple times in row.

#### Device Management Update client

- Removed the `need_reboot = false` option in the `fota_component_add()` API. When registering a component, the `need_reboot` option must always be `true`.
- Fixed storage erase calculations for boards with a non-uniform sector map.
- Fixed the FOTA defer download behaviour. Device registration update won't cause the client to resume FOTA download after the application calls the `fota_app_defer()` API.

### Platform Adaptation Layer (PAL)

- Added new PAL_DNS_API_VERSION 3. It's an asynchronous DNS API that can return multiple DNS results.
- This feature is currently implemented only for Linux platform and is disabled by default. You can enable it by defining PAL_DNS_API_VERSION=3. In future releases, this feature will be enabled by default for Linux.

### Release 4.8.0 (19.04.2021)

#### Device Management Client

- Client internal timers were not using event_ids correctly. Previously, if there were two timers running at the same time, cancel might have stopped the wrong timer.
- Client internal timers were not using event IDs correctly. Previously, if two timers were running at the same time, cancel might have stopped the wrong timer.
- Added fallback timer for asynchronous DNS requests (`PAL_DNS_API_VERSION` = 2). The client waits 10 minutes for a response to DNS query before aborting the request and raising a DNS error event.
- Improved client bootstrap recovery handling.
- The client doesn't go sleep if update register, unregistering or reconnecting is ongoing.
- The client doesn't go to sleep if update register, unregistering or reconnecting is ongoing.
- Added LwM2M version as part of the registration message.
- Added API to get M2MServer instance.
- tinycbor: Removed the default usage of asserts in input validation. Instead of asserting, the library returns an error if an invalid cbor input is given. Introduced a new `TINYCBOR_USE_ASSERT` flag to save on code size. This saves approximately 200 bytes.
- Deprecated the `MBED_CLIENT_USER_CONFIG_FILE` macro. An application only needs to use `MBED_CLOUD_CLIENT_USER_CONFIG_FILE`.
- Allow Write-Attributes to GET resource.
- Parent resource of resource-instance also set observable flag. Now also parent resource can be observed.
- Added API `m2mbase::set_confirmable(bool confirmable)` to choose whether notification is sent as a confirmable or non-confirmable way. By default, the confirmable message type is used.
- Added API `m2mbase::set_confirmable(bool confirmable)` to choose whether a notification is sent in a confirmable or nonconfirmable way. By default, the confirmable message type is used.
- M2MDevice now accepts PUT/POST requests, and you can also observe it.
- Fixed an issue which can cause a crash if there is a lot of network traffic during the `pause()` call.
- Don't report notification sending timeout to the application. Notification sending can't fail after the message has been created because it has its own queue for resending.
- Removed deprecated notification delivery status APIs. Use `M2MBase::set_message_delivery_status_cb` instead.
- Changed default content type from `COAP_CONTENT_OMA_TLV_TYPE_OLD` to` COAP_CONTENT_OMA_TLV_TYPE`.
- Deprecated `kcm_ecdh_key_agreement()` API for psa configuration, due to `psa_set_key_enrollment_algorithm()` API deprecation in mbed-crypto.
- Fixed an issue that could cause a crash if there were a lot of network traffic during the `pause()` call.
- Do not report notification sending timeout to application. Notification sending can't fail once message has been because since they have own queue for resending.
- Removed deprecated notification delivery status APIs. Use `M2MBase::set_message_delivery_status_cb`, instead.
- Changed default content type from `COAP_CONTENT_OMA_TLV_TYPE_OLD` to `COAP_CONTENT_OMA_TLV_TYPE`.
- Deprecated `kcm_ecdh_key_agreement()` API for PSA configuration, due to `psa_set_key_enrollment_algorithm()` API deprecation in Mbed Crypto.

#### Device Management Update client

Expand Down Expand Up @@ -123,7 +159,7 @@ However, the notification will still be stored internally in client and it will
* Added a compile-time check to prevent configuring the client with LIFETIME values below 60 seconds. 60 seconds is the minimum allowed.
* [Mbed OS] Changed the default storage location for update to `ARM_UCP_FLASHIAP`.
* Added support for Device Sentry feature.
* Added new library flag `MBED_CONF_MBED_CLOUD_CLIENT_NON_PROVISIONED_SECURE_ELEMENT`, The default is `null`. Should be set to `1` if SE hasn't pre-provisioned credentials.
* Added new library flag `MBED_CONF_MBED_CLOUD_CLIENT_NON_PROVISIONED_SECURE_ELEMENT`, The default is `null`. Should be set to `1` if SE hasn't pre-provisioned credentials.

### Release 4.4.0 (17.04.2020)

Expand Down Expand Up @@ -700,7 +736,7 @@ Added a temporary workaround for Cypress PSOC6 target to read each block from an
* Full support for the `device generated keys` mode. You can activate the mode using the Factory Configurator Utility (FCU) or the KCM APIs.

<span class="notes">**Note:** Cloud Client and Mbed Cloud do not yet support this mode.</span>

* A certificate signed request (CSR) that is generated on the device, can be created with the `Extended key usage` extension.
* A new KCM API introduced:
* `kcm_certificate_verify_with_private_key` - a self-generated certificate can be checked against a stored private key.
Expand Down
30 changes: 20 additions & 10 deletions CMakeLists.txt
Original file line number Diff line number Diff line change
Expand Up @@ -288,11 +288,19 @@ if (FOTA_ENABLE)
endif()

include_directories(${FOTA_SOURCE_DIR})
include_directories("${FOTA_SOURCE_DIR}/platform/linux")

FILE(GLOB FOTA_SRC
"${FOTA_SOURCE_DIR}/*.c"
"${FOTA_SOURCE_DIR}/*.cpp"
"${FOTA_SOURCE_DIR}/bspatch/*.c"
if ( (${OS_BRAND} MATCHES "Linux"))
"${FOTA_SOURCE_DIR}/platform/linux/*.c*"
else
if ( (${OS_BRAND} MATCHES "NXP"))
"${FOTA_SOURCE_DIR}/platform/nxp/*.c*"
endif
endif
)
message("FOTA sources = \n ${FOTA_SRC}")
target_sources(mbedCloudClient PRIVATE "${FOTA_SRC}")
Expand All @@ -301,16 +309,18 @@ if (FOTA_ENABLE)

add_library(fota STATIC ${FOTA_SRC})

if (MBED_CLOUD_CLIENT_CURL_DYNAMIC_LINK)
include(FindPkgConfig)
pkg_check_modules(CURL libcurl REQUIRED)
message("curl include at: ${CURL_INCLUDE_DIRS}")
message("curl link: ${CURL_LIBRARIES}")
include_directories(SYSTEM ${CURL_LIBRARIES})
target_link_libraries(fota ${CURL_LIBRARIES})
else()
add_dependencies(fota libcurl)
target_link_libraries(fota libcurl)
if ( NOT FOTA_COAP_DOWNLOAD)
if (MBED_CLOUD_CLIENT_CURL_DYNAMIC_LINK)
include(FindPkgConfig)
pkg_check_modules(CURL libcurl REQUIRED)
message("curl include at: ${CURL_INCLUDE_DIRS}")
message("curl link: ${CURL_LIBRARIES}")
include_directories(SYSTEM ${CURL_LIBRARIES})
target_link_libraries(fota ${CURL_LIBRARIES})
else()
add_dependencies(fota libcurl)
target_link_libraries(fota libcurl)
endif()
endif()
add_dependencies(mbedCloudClient fota)
target_link_libraries(mbedCloudClient fota)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@
#include "ce_internal.h"
#include "est_defs.h"
#include "storage_kcm.h"
#include "pal_Crypto.h"
#include "cs_pal_crypto.h"

const char g_lwm2m_name[] = "LWM2M";
const char g_renewal_status_file[] = "renewal_status";
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ extern "C" {
#include <stdint.h>
#include "kcm_status.h"
#include "storage_kcm.h"
#include "pal_Crypto.h"
#include "cs_pal_crypto.h"

/*
* Types certificate's attributes
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@
#include <stdint.h>

#include "kcm_status.h"
#include "pal_Crypto.h"
#include "cs_pal_crypto.h"

#ifdef __cplusplus
extern "C" {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,8 +16,8 @@
// limitations under the License.
// ----------------------------------------------------------------------------

#ifndef _FCC_PAL_CRYPTO_H_
#define _FCC_PAL_CRYPTO_H_
#ifndef _CS_PAL_CRYPTO_H_
#define _CS_PAL_CRYPTO_H_

#ifdef __cplusplus
extern "C" {
Expand All @@ -27,7 +27,7 @@ extern "C" {
#include <stdbool.h>
#include <inttypes.h>
#include <stddef.h>
#include <pal_crypto_configuration.h>
#include "cs_pal_crypto_configuration.h"
#include "mbed-trace/mbed_trace.h"
#if !defined(MBED_CONF_MBED_CLOUD_CLIENT_EXTERNAL_SST_SUPPORT) || defined(MBED_CONF_MBED_CLOUD_CLIENT_PSA_SUPPORT)
#include "pal.h"
Expand All @@ -36,7 +36,7 @@ extern "C" {
#define NULLPTR 0
typedef int32_t palStatus_t;

/*! \file pal_Crypto.h
/*! \file cs_pal_crypto.h
* \brief PAL cryptographic.
* This file contains cryptographic APIs and is part of the PAL service API.
*
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,8 +16,8 @@
// limitations under the License.
// ----------------------------------------------------------------------------

#ifndef _FCC_PAL_CRYPTO_COFIGURATION_H
#define _FCC_PAL_CRYPTO_COFIGURATION_H
#ifndef _CS_PAL_CRYPTO_CONFIGURATION_H
#define _CS_PAL_CRYPTO_CONFIGURATION_H
#include "limits.h"

#ifdef PAL_USER_DEFINED_CONFIGURATION
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -14,16 +14,15 @@
* limitations under the License.
*******************************************************************************/

#ifndef _PAL_PLAT_CRYPTO_H_
#define _PAL_PLAT_CRYPTO_H_
#ifndef _CS_PAL_PLAT_CRYPTO_H_
#define _CS_PAL_PLAT_CRYPTO_H_

#ifdef __cplusplus
extern "C" {
#endif

#include "pal_Crypto.h"
//#include "pal_crypto_configuration.h"
/*! \file pal_plat_Crypto.h
#include "cs_pal_crypto.h"
/*! \file cs_pal_plat_crypto.h
* \brief PAL cryptographic - platform.
* This file contains cryptographic APIs that need to be implemented in the platform layer.
*/
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@

#include "pv_error_handling.h"
#include "cs_hash.h"
#include "pal_Crypto.h"
#include "cs_pal_crypto.h"
#include "cs_utils.h"
#include "pv_macros.h"

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*******************************************************************************/
#include "pal_plat_Crypto.h"
#include "cs_pal_plat_crypto.h"
#include "pv_macros.h"
#include <stdio.h>

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*******************************************************************************/
#include "pal_plat_Crypto.h"
#include "cs_pal_plat_crypto.h"
#if !defined(MBED_CONF_MBED_CLOUD_CLIENT_EXTERNAL_SST_SUPPORT) || defined(MBED_CONF_MBED_CLOUD_CLIENT_PSA_SUPPORT)
#include "pal.h"
#endif
Expand Down Expand Up @@ -1230,7 +1230,7 @@ palStatus_t pal_plat_CtrDRBGIsSeeded(palCtrDrbgCtxHandle_t ctx)
#endif
}

// FIXME: Currently not public in pal_plat_Crypto.h and is called from pal_plat_drbg_w_entropy_sources.c
// FIXME: Currently not public in cs_pal_plat_crypto.h and is called from pal_plat_drbg_w_entropy_sources.c
// With a forward declaration
// This function will later be public, deprecating pal_plat_CtrDRBGSeed() (pal_plat_CtrDRBGInit will call this directly).
// Changing this requires some work - therefore not done yet
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -28,16 +28,15 @@
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/entropy.h"
#include "mbedtls/config.h"
#include "pal_plat_Crypto.h"
#include "cs_pal_plat_crypto.h"
#ifndef FCC_NANOCLIENT_ENABLED
#if PAL_USE_HW_TRNG
#include "pal_plat_drbg_noise.h"
#endif
#endif
#include "mbed_trace.h"
#include <stdlib.h>
#include "pal_Crypto.h"
#include "pal_plat_Crypto.h"
#include "cs_pal_crypto.h"


#define TRACE_GROUP "DRBG"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
#include "pv_log.h"
#include "cs_der_keys_and_csrs.h"
#include "cs_der_certs.h"
#include "pal_Crypto.h"
#include "cs_pal_crypto.h"
#include "pv_error_handling.h"
#include "key_slot_allocator.h"

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@

#include <stdlib.h>
#include <stdbool.h>
#include "pal_Crypto.h"
#include "cs_pal_crypto.h"
#include "kcm_status.h"
#include "kcm_defs.h"

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@
#ifndef FCC_NANOCLIENT_ENABLED
#include "pal.h"
#endif
#include "pal_plat_Crypto.h"
#include "cs_pal_plat_crypto.h"
#include "fcc_utils.h"

/**
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@
#ifndef FCC_NANOCLIENT_ENABLED
#include "pal.h"
#endif
#include "pal_Crypto.h"
#include "cs_pal_crypto.h"

#ifdef __cplusplus
extern "C" {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -32,8 +32,8 @@ extern "C" {
* KCM item types.
*/
typedef enum {
KCM_PRIVATE_KEY_ITEM, //!< KCM private key item type. KCM supports ECC keys with curves defined in palGroupIndex_t (pal_Crypto.h).
KCM_PUBLIC_KEY_ITEM, //!< KCM public key item type. KCM supports ECC keys with curves defined in palGroupIndex_t (pal_Crypto.h).
KCM_PRIVATE_KEY_ITEM, //!< KCM private key item type. KCM supports ECC keys with curves defined in palGroupIndex_t (cs_pal_crypto.h).
KCM_PUBLIC_KEY_ITEM, //!< KCM public key item type. KCM supports ECC keys with curves defined in palGroupIndex_t (cs_pal_crypto.h).
KCM_SYMMETRIC_KEY_ITEM, //!< KCM symmetric key item type.
KCM_CERTIFICATE_ITEM, //!< KCM certificate item type. Supports x509 certificates in DER format.
KCM_CONFIG_ITEM, //!< KCM configuration parameter item type.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@
#ifndef FCC_NANOCLIENT_ENABLED
#include "pal.h"
#endif
#include "pal_plat_Crypto.h"
#include "cs_pal_plat_crypto.h"
#include "cs_utils.h"
#include "pv_macros.h"
#include "key_slot_allocator.h"
Expand Down Expand Up @@ -782,7 +782,7 @@ kcm_status_e kcm_generate_random(uint8_t *buffer, size_t buffer_size)
return kcm_status;
}


#ifndef MBED_CONF_MBED_CLOUD_CLIENT_PSA_SUPPORT
kcm_status_e kcm_ecdh_key_agreement(const uint8_t *private_key_name, size_t private_key_name_len, const uint8_t *peer_public_key, size_t peer_public_key_size,
uint8_t *shared_secret, size_t shared_secret_max_size, size_t *shared_secret_act_size_out)
{
Expand Down Expand Up @@ -830,5 +830,6 @@ kcm_status_e kcm_ecdh_key_agreement(const uint8_t *private_key_name, size_t priv

return kcm_status;
}
#endif


Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@

#include <stdint.h>
#include "pal.h"
#include "pal_Crypto.h"
#include "cs_pal_crypto.h"



Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -75,23 +75,10 @@ static void set_generic_attr(uint32_t extra_flags, psa_key_attributes_t *psa_key
}

//Set algorithm and usage flags
#if !defined(TARGET_LPC55S69_NS)
/* FIXME - we should skip this if key should be generated into secure element */
/* FIXME: currently, mbed-os has no SPM (Secure Partitioning Manager) support for LPC55S69_NS platforms.
* that is why we mask the PSA multiple usage for those platforms, however, this workaround should be reverted once mbed-os
* team will add the necessary implementation to support the psa_key_policy_set_enrollment_algorithm API.
*/
// Set policy for ECDH (key agreement)
psa_key_usage |= (PSA_KEY_USAGE_DERIVE);
#endif

// set key usage
psa_set_key_usage_flags(psa_key_attr, psa_key_usage);
// set key algorithm
psa_set_key_algorithm(psa_key_attr, PSA_ALG_ECDSA(PSA_ALG_SHA_256));
#if !defined(TARGET_LPC55S69_NS)
psa_set_key_enrollment_algorithm(psa_key_attr, PSA_ALG_ECDH);
#endif
}

#ifdef MBED_CONF_MBED_CLOUD_CLIENT_SECURE_ELEMENT_SUPPORT
Expand Down Expand Up @@ -236,7 +223,7 @@ kcm_status_e psa_drv_crypto_init(void)

#ifdef MBED_CONF_MBED_CLOUD_CLIENT_SECURE_ELEMENT_SUPPORT
//Register se driver before calling to psa_crypto_init
psa_status = psa_register_se_driver(PSA_DRIVER_SE_DRIVER_LIFETIME_VALUE, g_se_driver_info);
psa_status = psa_register_se_driver(PSA_DRIVER_SE_DRIVER_LOCATION_VALUE, g_se_driver_info);
SA_PV_ERR_RECOVERABLE_RETURN_IF((psa_status != PSA_SUCCESS), psa_drv_translate_to_kcm_error(psa_status), "Failed psa_register_se_driver (%" PRIu32 ")", (uint32_t)psa_status);
#endif

Expand Down
Loading

0 comments on commit 64904a1

Please sign in to comment.