Enterprise_mode_+_wifi_configuraiton_api: update ODIN drivers to v3.7.0 RC1

[aqib-ublox]

Description

This pull requests contains

• Enterprise mode supporting EAP_TLS and PEAP methods for enterprise security.

• A new private API for wifi connect() as enterprise mode require certificates such as CA server and client certificate along with private key in addition to credentials for connection.

• Wifi configuration API.

This release also contains following fixes

• Ublox: Ublox Odin W2 WIFI asserts during firmware download #9621

• UBLOX_EVK_ODIN_W2 with IAR returns DEVICE_ERROR instead of AUTH_ERROR/NO_CONNECTION when wrong channel is set #10312

Tests Results

iar_mbed_os_log.txt
arm_mbed_os_logs.txt
gcc_arm_mbed_os_log.txt
arm_driver_log.txt
iar_driver_logs.txt
gcc_arm_driver_logs.txt
iar_ble_gatt_server.txt
gcc_arm_ble_gatt_server.txt
arm_ble_gatt_server.txt

Pull request type

[ ] Fix
[ ] Refactor
[ ] Target update
[X] Functionality change
[ ] Docs update
[ ] Test update
[ ] Breaking change

Reviewers

Release Notes

A private API is provided for ODIN_W2 target against enterprise mode.

    nsapi_error_t connect(
        const char          *ssid,
        const char          *pass,
        nsapi_security_t  security,
        auth_cert_s         *cert_handle,
        const char          *username = NULL,
        const char          *user_pswd = NULL,
        uint8_t               channel = 0);

Application is required to pass certificate(CA cert or client cert) and key (private key) in PEM format currently. User is required to pass those certificates through cert_handle auth_cert_s and an appropriate security should be selected either NSAPI_SECURITY_EAP_TLS or NSAPI_SECURITY_PEAP.

For example:

static auth_cert_s   certificates;
_wifi = new OdinWiFiInterface(true);
#ifdef EAP_TLS_TESTING
    certificates.client_cert = &cert_data[0];
    certificates.client_prvt_key = &cert_data_key[0];
    certificates.ca_cert = NULL;
#elif defined(PEAP_TESTING)
    certificates.client_cert = NULL;
    certificates.client_prvt_key = NULL;
    certificates.ca_cert = &ca_cert_data[0];
#endif
_wifi->connect(ssid, pass, security, &certificates, _peap_username, _peap_user_pass, channel);

NOTE:
security could be NSAPI_SECURITY_EAP_TLS or NSAPI_SECURITY_PEAP

Configuration API

    virtual unsigned int get_config(void *setting);
    virtual void set_config(void *setting, cb_uint32 value);

• description of parameters available in
  https://github.com/u-blox/mbed-os/blob/0dda8c447c644cb8ee5063099ad09226a6caf746/targets/TARGET_STM/TARGET_STM32F4/TARGET_STM32F439xI/TARGET_MODULE_UBLOX_ODIN_W2/sdk/ublox-odin-w2-drivers/cb_wlan_driver_config.h

[aqib-ublox]

@MarceloSalazar can u ask ur team to start review as we need to target it in coming release i-e 12.2 most likely

[ciarmcom]

@aqib-ublox, thank you for your changes.
@ARMmbed/mbed-os-tls @ARMmbed/mbed-os-crypto @ARMmbed/mbed-os-ipcore @ARMmbed/mbed-os-maintainers please review.

[adbridge]

@michalpasztamobica could you re-review please ?

[michalpasztamobica]

I still think NSAPI_ERROR_CERT_SIZE is not necessary and NSAPI_ERROR_PARAMETER should be used instead.
@SeppoTakalo , what do you think?

[aqib-ublox]

@SeppoTakalo what u suggest?

[SeppoTakalo]

@SeppoTakalo what u suggest?

Use NSAPI_ERROR_PARAMETER so you are then not causing any changes to public Mbed OS APIs.

[aqib-ublox]

@SeppoTakalo what u suggest?

Use NSAPI_ERROR_PARAMETER so you are then not causing any changes to public Mbed OS APIs.

it's removed and replaced with NSAPI_ERROR_PARAMETER

[aqib-ublox]

@MarceloSalazar waiting for review to be finalised?

[MarceloSalazar]

@ARMmbed/mbed-os-maintainers please review

[0xc0170]

The main concern is about tls config change, requested help from tls team.

[0xc0170]

year should be 2019

Add please SPDX identifier as well

[aqib-ublox]

also here, SPDX identifier

already there LICENSE-2.0 ?

[0xc0170]

SPDX-License-Identifier: Apache-2.0 is needed, as in other files

[0xc0170]

also here, SPDX identifier

[aqib-ublox]

@0xc0170 corrected

[0xc0170]

Functionality change

Only in targets code - can go to the patch release ? I see above note about 5.12.2 .

[aqib-ublox]

Functionality change

Only in targets code - can go to the patch release ? I see above note about 5.12.2 .

@0xc0170 couldn't get it? 5.12.2 is released so might be target in next patch release or u prefer it to be part of full release? in that case as per @MarceloSalazar code freeze for that is 30 May and that's too far. Please correct me if i am wrong

[0xc0170]

Edited: this is extending security type, therefore it was as "functionality change". In this case, 5.13 would be appropriate.

@RonEld If you can help how to resolve that mbed config - it is the main outstanding one in this PR.

[0xc0170]

Waiting for mbedtls config change

[aqib-ublox]

@0xc0170 and @RonEld can u please acknowledge recent changset

[aqib-ublox]

@0xc0170, @RonEld any update?

[RonEld]

LGTM
The configuration for MBEDTLS_MPI_WINDOW_SIZE should be documented though, in case your users would like to change it in their user defined configuration.

[aqib-ublox]

@0xc0170 ?

[MarceloSalazar]

@ARMmbed/mbed-os-maintainers please review and comment.
If possible, we'd like this to be released in the next patch release.

[k-stachowiak]

I left a question regarding a curious construct; otherwise I did not find any Mbed TLS related issues.

[k-stachowiak]

Is this supposed to be asserting true? It would seem more natural to assert false upon encountering an unrecognized identifier.

Edit: there is one more such case.

[aqib-ublox]

Yes that's right @AmmadRehmat please see this

[aqib-ublox]

@k-stachowiak it's corrected thanks for pointing out

[aqib-ublox]

@k-stachowiak corrected

[aqib-ublox]

@k-stachowiak corrected

[aqib-ublox]

@0xc0170 any update?

[aqib-ublox]

@0xc0170 ?

[aqib-ublox]

@MarceloSalazar whats status?

[adbridge]

@0xc0170 please confirm you are happy with the licence updates. Running the CI in the meantime

[mbed-ci]

Test run: SUCCESS

Summary: 11 of 11 test jobs passed
Build number : 1
Build artifacts

[terrier1-github]

Hello, I'm working on IoT project and I want to use WiFi enterprise protocole (eap-tls) to connect my device, I recovered a EKV-ODIN-W2 board, but regarding the software part I don't know how to start, is it possible to recover a getting started for Enterprise mode for ODIN-W2 ?

[JanneKiiskila]

@aqib-ublox @adbridge @0xc0170 to comment.

[0xc0170]

cc @ARMmbed/team-ublox if anyone can help with the above question