Merge pull request #8 from ARMmbed/release-1.4.0

mbed-cloud-client 1.4.0

Author: teetak01

CHANGELOG.md

@@ -1,12 +1,50 @@
 ## Changelog for Mbed Cloud Client
 
-### Release 1.3.3 (11.06.2018)
+### Release 1.4.0 (13.07.2018)
+* Fixed a timer initialization bug under connection handler.
+* Linux: Updated mbed-coap to 4.5.0.
+* This version of Cloud Client has been tested with Mbed OS 5.9.2.
+
+#### Platform Adaptation Layer (PAL)
+
+* Introduced support for ARIA cipher suite introduced in mbedTLS 2.10.0.
+* Introduced MbedTLS configuration support for non-TRNG boards like NUCLEO-F411RE.
+* Hook-up point for allowing application to provide its own reboot function.
+  * Defining `PAL_USE_APPLICATION_REBOOT` activates this feature.
+  * You must define the function `void pal_plat_osApplicationReboot(void)` in your application to provide the required functionality.
+* Introduced the feature flag `PAL_USE_APPLICATION_REBOOT` for application to override generic reboot functionality, which is useful for different Linux flavors.
+* New asynchronous DNS API (activated in application mbed_app.json via `mbed-client-pal.pal-dns-api-version : 2`) with Mbed OS 5.9.x.
+
+#### Factory configurator client
+
+* Chain verification failure will result in `KCM_STATUS_CERTIFICATE_CHAIN_VERIFICATION_FAILED` error instead of `FCC_STATUS_CERTIFICATE_CHAIN_VERIFICATION_FAILED`.
+* Improved robustness of factory serial communication layer.
+* Define `KCM_MAX_NUMBER_OF_CERTITICATES_IN_CHAIN` was renamed to `KCM_MAX_NUMBER_OF_CERTIFICATES_IN_CHAIN`.
+
+#### Mbed Cloud Update
+
+* Improved Linux shell scripts for compatibility and robustness.
+* Fixed an issue in `ARM_UC_HUB_Initialize()` and `ARM_UC_HUB_Uninitialize()` to prevent these functions being called when Update client is in the wrong state.
+* Fixed compiler warnings.
+* Removed designated initialisers from C++ code.
+* Update results are now sent synchronously to ensure that the Update Client hub is in the correct state if several LWM2M operations are performed in rapid succession.
+* Added error messages for missing commands in `arm_update_activate.sh`.
+* Added error reporting when there is not enough space on the device to store the firmware image candidate.
+* Added registration for the scheduler error handler.
+
+#### PAL Platform
+
+* Introducing mbedTLS 2.10.0 support for ARIA cipher suite.
+
+### Release 1.3.3 (08.06.2018)
 
 #### Mbed Cloud Client
 
 * Fixed issue: Wrong CoAP ping message. CoAP ping must be sent as an empty confirmable message.
 * In the previous versions, the client in queue mode went to sleep while in reconnection mode. Now, it completes the connection before going to sleep.
 * This version of Cloud Client supports Mbed OS 5.8.5 and onwards patch releases.
+* Improvements for connection handler, removed usage of static pointer to class. There is now possible to allocate more than one class M2MConnectionSecurityPimpl pareller.
+* Support for new asynchronous DNS API ("mbed-client-pal.pal-dns-api-version : 2") with Mbed OS 5.9.x. 
 
 #### Factory configurator client
 

CMakeLists.txt

@@ -12,7 +12,7 @@ else()
 endif()
 
 
-SET(MBED_CLOUD_CLIENT_SOURCE_DIR ${CMAKE_CURRENT_SOURCE_DIR}/mbed-cloud-client) 
+SET(MBED_CLOUD_CLIENT_SOURCE_DIR ${CMAKE_CURRENT_SOURCE_DIR}/mbed-cloud-client)
 
 add_definitions(-DMBED_CONF_NANOSTACK_EVENTLOOP_EXCLUDE_HIGHRES_TIMER)
 add_definitions(-DMBED_CONF_NANOSTACK_EVENTLOOP_USE_PLATFORM_TICK_TIMER)
@@ -127,6 +127,8 @@ ADD_GLOBALDIR(${UPDATE_SOURCE_DIR}/modules/atomic-queue)
 ADD_GLOBALDIR(${UPDATE_SOURCE_DIR}/modules/atomic-queue/atomic-queue)
 ADD_GLOBALDIR(${UPDATE_SOURCE_DIR}/modules/common)
 ADD_GLOBALDIR(${UPDATE_SOURCE_DIR}/modules/common/update-client-common)
+ADD_GLOBALDIR(${UPDATE_SOURCE_DIR}/modules/resume-engine)
+ADD_GLOBALDIR(${UPDATE_SOURCE_DIR}/modules/resume-engine/resume-engine)
 ADD_GLOBALDIR(${UPDATE_SOURCE_DIR}/modules/control-center)
 ADD_GLOBALDIR(${UPDATE_SOURCE_DIR}/modules/control-center/update-client-control-center)
 ADD_GLOBALDIR(${UPDATE_SOURCE_DIR}/modules/device-identity)
@@ -163,6 +165,7 @@ FILE(GLOB MBED_CLOUD_CLIENT_SRC
     "${CMAKE_CURRENT_SOURCE_DIR}/source/*.c"
     "${CMAKE_CURRENT_SOURCE_DIR}/source/*.cpp"
     "${MBED_CLIENT_SOURCE_DIR}/source/*.cpp"
+    "${MBED_CLIENT_SOURCE_DIR}/source/*.c"
     "${MBED_CLIENT_SOURCE_DIR}/mbed-client-c/source/*.c"
     "${MBED_CLIENT_SOURCE_DIR}/mbed-client-classic/source/*.cpp"
     "${MBED_CLIENT_SOURCE_DIR}/mbed-client-mbed-tls/source/*.cpp"
@@ -206,10 +209,12 @@ if ((${OS_BRAND} MATCHES "Linux"))
     "${UPDATE_SOURCE_DIR}/source/*.c"
     "${UPDATE_SOURCE_DIR}/modules/atomic-queue/source/*.c"
     "${UPDATE_SOURCE_DIR}/modules/common/source/*.c"
+    "${UPDATE_SOURCE_DIR}/modules/resume-engine/source/*.c"
     "${UPDATE_SOURCE_DIR}/modules/control-center/source/*.c"
     "${UPDATE_SOURCE_DIR}/modules/device-identity/source/*.c"
     "${UPDATE_SOURCE_DIR}/modules/firmware-manager/source/*.c"
     "${UPDATE_SOURCE_DIR}/modules/lwm2m-mbed/source/*.cpp"
+    "${UPDATE_SOURCE_DIR}/modules/lwm2m-mbed/source/*.c"
     "${UPDATE_SOURCE_DIR}/modules/manifest-manager/source/*.c"
     "${UPDATE_SOURCE_DIR}/modules/source-http/source/*.c"
     "${UPDATE_SOURCE_DIR}/modules/source-http-socket/source/*.c"

factory-configurator-client/factory-configurator-client/factory-configurator-client/fcc_status.h

@@ -60,8 +60,7 @@ extern "C" {
         FCC_STATUS_OUTPUT_INFO_ERROR,          //!< The process failed in output info creation.
         FCC_STATUS_WARNING_CREATE_ERROR,       //!< The process failed in output info creation.
         FCC_STATUS_UTC_OFFSET_WRONG_FORMAT,    //!< Current UTC is wrong.
-        FCC_STATUS_CERTIFICATE_PUBLIC_KEY_CORRELATION_ERROR, //!< Certificate's public key failed do not matches to corresponding private key
-        FCC_STATUS_CERTIFICATE_CHAIN_VERIFICATION_FAILED, //!< One of the certificates in the chain does not match its predecessor 
+        FCC_STATUS_CERTIFICATE_PUBLIC_KEY_CORRELATION_ERROR, //!< Certificate's public key failed do not matches to corresponding private key        
         FCC_STATUS_BUNDLE_INVALID_KEEP_ALIVE_SESSION_STATUS,//!< The message status is invalid.
         FCC_STATUS_TOO_MANY_CSR_REQUESTS,     //!< The message contained more than CSR_MAX_NUMBER_OF_CSRS CSR requests
         FCC_MAX_STATUS = 0x7fffffff

factory-configurator-client/factory-configurator-client/source/fcc_utils.c

@@ -104,8 +104,9 @@ fcc_status_e fcc_convert_kcm_to_fcc_status(kcm_status_e kcm_result)
             break;
         case KCM_STATUS_SELF_GENERATED_CERTIFICATE_VERIFICATION_ERROR:
             fcc_status = FCC_STATUS_CERTIFICATE_PUBLIC_KEY_CORRELATION_ERROR;
+            break;
         case KCM_STATUS_FILE_EXIST:
-        case (KCM_STATUS_KEY_EXIST):
+        case KCM_STATUS_KEY_EXIST:
             fcc_status = FCC_STATUS_KCM_FILE_EXIST_ERROR;
             break;
         case KCM_CRYPTO_STATUS_UNSUPPORTED_HASH_MODE:

factory-configurator-client/factory-configurator-client/source/fcc_verification.c

@@ -729,18 +729,17 @@ static fcc_status_e verify_firmware_update_certificate(void)
     uint8_t *parameter_name = (uint8_t*)g_fcc_update_authentication_certificate_name;
     size_t size_of_parameter_name = strlen(g_fcc_update_authentication_certificate_name);
     palX509Handle_t x509_cert_handle = NULLPTR;
-    kcm_cert_chain_context_int_s *cert_chain;
+    kcm_cert_chain_context_int_s *cert_chain = NULL;
     kcm_cert_chain_handle chain_handle;
     size_t chain_len = 0;
 
     SA_PV_LOG_TRACE_FUNC_ENTER_NO_ARGS();
 
     // Open device certificate as chain. 
     kcm_status = kcm_cert_chain_open(&chain_handle, parameter_name, size_of_parameter_name, &chain_len);
-    cert_chain = (kcm_cert_chain_context_int_s *)chain_handle;
 
     // If item does not exist or is empty -set warning
-    if (kcm_status == KCM_STATUS_ITEM_NOT_FOUND || kcm_status == KCM_STATUS_ITEM_IS_EMPTY) {
+    if (kcm_status == KCM_STATUS_ITEM_NOT_FOUND ) {
         fcc_output_status = fcc_store_warning_info((const uint8_t*)parameter_name, size_of_parameter_name, g_fcc_item_not_set_warning_str);
         SA_PV_ERR_RECOVERABLE_GOTO_IF((fcc_output_status != FCC_STATUS_SUCCESS),
                                       fcc_status = FCC_STATUS_WARNING_CREATE_ERROR,
@@ -749,9 +748,12 @@ static fcc_status_e verify_firmware_update_certificate(void)
                                       g_fcc_item_not_set_warning_str);
         fcc_status = FCC_STATUS_SUCCESS;
     } else {
+
         //If get kcm data returned error, exit with error
         SA_PV_ERR_RECOVERABLE_GOTO_IF((kcm_status != KCM_STATUS_SUCCESS), fcc_status = fcc_convert_kcm_to_fcc_status(kcm_status), exit, "Failed to get update certificate data");
 
+        cert_chain = (kcm_cert_chain_context_int_s *)chain_handle;
+
         // Verify expiration of all certificates in firmware chain
         // ADAM: Maybe change to function that gets verify_certificate_expiration as callback function (seems unnecessary for now...)
         while (cert_chain->current_cert_index < cert_chain->num_of_certificates_in_chain) {
@@ -773,7 +775,10 @@ static fcc_status_e verify_firmware_update_certificate(void)
     }
 
 exit:
-    kcm_cert_chain_close(chain_handle);
+    //Close the chain in case it was created
+    if ( cert_chain != NULL) {
+        kcm_cert_chain_close(chain_handle);
+    }
     if (x509_cert_handle != NULLPTR) {
         cs_close_handle_x509_cert(&x509_cert_handle);
     }

factory-configurator-client/fcc-bundle-handler/source/fcc_bundle_certificate_chain_utils.c

@@ -13,7 +13,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 // ----------------------------------------------------------------------------
-
+#ifndef USE_TINY_CBOR
 #include "fcc_bundle_handler.h"
 #include "cn-cbor.h"
 #include "pv_error_handling.h"
@@ -22,6 +22,7 @@
 #include "fcc_output_info_handler.h"
 #include "fcc_malloc.h"
 #include "fcc_time_profiling.h"
+#include "fcc_utils.h"
 
 
 /** Processes  certificate chain list.
@@ -59,7 +60,6 @@ fcc_status_e fcc_bundle_process_certificate_chains(const cn_cbor *cert_chains_li
 
         certificate_data = NULL;
 
-        //fcc_bundle_clean_and_free_data_param(&certificate_chain);
 
         //Get certificate chain CBOR struct at index cert_chain_index
         cert_chain_cb = cn_cbor_index(cert_chains_list_cb, cert_chain_index);
@@ -92,9 +92,8 @@ fcc_status_e fcc_bundle_process_certificate_chains(const cn_cbor *cert_chains_li
                     certificate_chain.private_key_name_len);
                     SA_PV_ERR_RECOVERABLE_GOTO_IF((kcm_result != KCM_STATUS_SUCCESS), fcc_status = FCC_STATUS_CERTIFICATE_PUBLIC_KEY_CORRELATION_ERROR, exit, "Failed to verify leaf certificate against given private key (%" PRIu32 ") ", cert_chain_index);
             }
-            kcm_result = kcm_cert_chain_add_next(cert_chain_handle, certificate_data, certificate_data_size);
-            SA_PV_ERR_RECOVERABLE_GOTO_IF((kcm_result == KCM_STATUS_CERTIFICATE_CHAIN_VERIFICATION_FAILED), fcc_status = FCC_STATUS_CERTIFICATE_CHAIN_VERIFICATION_FAILED, exit, "Failed to add certificate chain at index (%" PRIu32 "): PK does not match signature", cert_chain_index);
-            SA_PV_ERR_RECOVERABLE_GOTO_IF((kcm_result != KCM_STATUS_SUCCESS), fcc_status = FCC_STATUS_KCM_ERROR, exit, "Failed to add certificate chain at index (%" PRIu32 ") ", cert_chain_index);
+            kcm_result = kcm_cert_chain_add_next(cert_chain_handle, certificate_data, certificate_data_size);            
+            SA_PV_ERR_RECOVERABLE_GOTO_IF((kcm_result != KCM_STATUS_SUCCESS), fcc_status = fcc_convert_kcm_to_fcc_status(kcm_result), exit, "Failed to add certificate chain at index (%" PRIu32 ") ", cert_chain_index);
         }
         // close chain
         kcm_result = kcm_cert_chain_close(cert_chain_handle);
@@ -125,3 +124,4 @@ fcc_status_e fcc_bundle_process_certificate_chains(const cn_cbor *cert_chains_li
 
     return fcc_status;
 }
+#endif

factory-configurator-client/fcc-bundle-handler/source/fcc_bundle_certificate_utils.c

@@ -13,7 +13,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 // ----------------------------------------------------------------------------
-
+#ifndef USE_TINY_CBOR
 #include "fcc_bundle_handler.h"
 #include "cn-cbor.h"
 #include "pv_error_handling.h"
@@ -98,3 +98,4 @@ fcc_status_e fcc_bundle_process_certificates(const cn_cbor *certs_list_cb)
     SA_PV_LOG_TRACE_FUNC_EXIT_NO_ARGS();
     return fcc_status;
 }
+#endif

factory-configurator-client/fcc-bundle-handler/source/fcc_bundle_common_utils.c

@@ -13,7 +13,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 // ----------------------------------------------------------------------------
-
+#ifndef USE_TINY_CBOR
 #include "fcc_bundle_handler.h"
 #include "cn-cbor.h"
 #include "pv_error_handling.h"
@@ -312,3 +312,4 @@ fcc_status_e fcc_bundle_factory_disable( void )
     }
     return fcc_status;
 }
+#endif

factory-configurator-client/fcc-bundle-handler/source/fcc_bundle_config_params_utils.c

@@ -13,7 +13,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 // ----------------------------------------------------------------------------
-
+#ifndef USE_TINY_CBOR
 #include "fcc_bundle_handler.h"
 #include "cn-cbor.h"
 #include "pv_error_handling.h"
@@ -101,3 +101,4 @@ fcc_status_e fcc_bundle_process_config_params(const cn_cbor *config_params_list_
 
     return fcc_status;
 }
+#endif

factory-configurator-client/fcc-bundle-handler/source/fcc_bundle_csr_utils.c

@@ -13,7 +13,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 // ----------------------------------------------------------------------------
-
+#ifndef USE_TINY_CBOR
 #include "fcc_bundle_utils.h"
 #include "fcc_bundle_handler.h"
 #include "fcc_malloc.h"
@@ -336,3 +336,4 @@ fcc_status_e fcc_bundle_process_csrs(const cn_cbor *csrs_list_cb, cn_cbor *respo
 
     return fcc_status;
 }
+#endif