Merge pull request #82 from PelionIoT/release-4.8.0

mbed-cloud-client 4.8.0

CHANGELOG.md

@@ -1,5 +1,55 @@
 ## Changelog for Pelion Device Management Client
 
+### Release 4.8.0 (19.04.2021)
+
+#### Device Management Client
+
+- Client internal timers were not using event_ids correctly. Previously, if there were two timers running at the same time, cancel might have stopped the wrong timer.
+- Added fallback timer for asynchronous DNS requests (`PAL_DNS_API_VERSION` = 2). The client waits 10 minutes for a response to DNS query before aborting the request and raising a DNS error event.
+- Improved client bootstrap recovery handling.
+- The client doesn't go sleep if update register, unregistering or reconnecting is ongoing.
+- Added LwM2M version as part of the registration message.
+- Added API to get M2MServer instance.
+- tinycbor: Removed the default usage of asserts in input validation. Instead of asserting, the library returns an error if an invalid cbor input is given. Introduced a new `TINYCBOR_USE_ASSERT` flag to save on code size. This saves approximately 200 bytes.
+- Deprecated the `MBED_CLIENT_USER_CONFIG_FILE` macro. An application only needs to use `MBED_CLOUD_CLIENT_USER_CONFIG_FILE`.
+- Allow Write-Attributes to GET resource.
+- Parent resource of resource-instance also set observable flag. Now also parent resource can be observed.
+- Added API `m2mbase::set_confirmable(bool confirmable)` to choose whether notification is sent as a confirmable or non-confirmable way. By default, the confirmable message type is used.
+- M2MDevice now accepts PUT/POST requests, and you can also observe it.
+- Fixed an issue which can cause a crash if there is a lot of network traffic during the `pause()` call.
+- Don't report notification sending timeout to the application. Notification sending can't fail after the message has been created because it has its own queue for resending.
+- Removed deprecated notification delivery status APIs. Use `M2MBase::set_message_delivery_status_cb` instead.
+- Changed default content type from `COAP_CONTENT_OMA_TLV_TYPE_OLD` to` COAP_CONTENT_OMA_TLV_TYPE`.
+- Deprecated `kcm_ecdh_key_agreement()` API for psa configuration, due to `psa_set_key_enrollment_algorithm()` API deprecation in mbed-crypto.
+
+#### Device Management Update client
+
+Add precursor hash check to delta updates. Delta updates generated against wrong original firmware now fail faster.
+- Mesh update: Critical messages are now sent multiple times to improve success rate for Mesh campaigns.
+
+  <span class="notes">**Note:** Due to the multiple message sending, the minimum configurable activate delay is 60min. The border router enforces the minimum value by silently reverting to 60min delay, but longer delays remain unchanged.</span>
+
+- Fixed handling of duplicate messages during the failed bootstrap recovery phase. Client was failing internally with a `NotAllowed` error instead of proceeding to bootstrap.
+
+#### Device Management Update client next generation (FOTA)
+
+- Fixed a bug that prevented update running successfully after devices were provisioned in the production flow.
+- Fixed Linux compilation with "Client URL" (CURL) dynamic linkage.
+- Fixed update flow when the update candidate version is 0.0.10.
+- Changed FOTA application interface APIs:
+   - `fota_app_on_install_authorization(uint32 token)` -> `fota_app_on_install_authorization()` (removed token).
+   - `fota_app_on_download_authorization(uint32_t token, ...)` -> `fota_app_on_download_authorization(...)` (removed token).
+   - `fota_app_authorize_update()` -> `fota_app_authorize()` (reverted to the deprecated API).
+   - `fota_app_reject_update()` -> `fota_app_reject()` (reverted to the deprecated API).
+   - `fota_app_defer_update()` -> `fota_app_defer()` (reverted to the deprecated API).
+- On Linux targets, all FOTA related files (candidate, header and so on) were moved to the the configuration directory (PAL/KVstore).
+- Require defining `MBED_CLOUD_CLIENT_FOTA_LINUX_SINGLE_MAIN_FILE` in Linux MCCE, Testapp or any Linux app that has a single file update.
+
+### Platform Adaptation Layer (PAL)
+
+- [Linux] Fix async sockets after reboot done with execv. After reboot with execv signal, the handler doesn't return, and signals might be blocked. Because the signal mask is inherited, you need to explicitly unblock SIGIO and SIGUSR1.
+- Added a compile-time check to require the mandatory Mbed TLS flags are defined when the Connection ID feature (`PAL_USE_SSL_SESSION_RESUME`) is enabled.
+
 ### Release 4.7.1 (28.01.2021)
 
 - Improved CID recovery in case the CID has expired. Client now proceeds with register-update instead of full registration.
@@ -9,6 +59,7 @@
 
 - Fixed a logical issue in update client logic which prevented further updates after it received a manifest with an invalid signature.
 
+
 ### Release 4.7.0 (07.12.2020)
 
 #### Device Management Client

CMakeLists.txt

@@ -110,6 +110,7 @@ include_directories(${FACTORY_CLIENT_SOURCE_DIR}/storage)
 include_directories(${FACTORY_CLIENT_SOURCE_DIR}/storage/storage)
 include_directories(${FACTORY_CLIENT_SOURCE_DIR}/storage/source/include)
 include_directories(${FACTORY_CLIENT_SOURCE_DIR}/key-config-manager)
+include_directories(${FACTORY_CLIENT_SOURCE_DIR}/key-config-manager/key-config-manager)
 include_directories(${FACTORY_CLIENT_SOURCE_DIR}/key-config-manager/source/include)
 include_directories(${FACTORY_CLIENT_SOURCE_DIR}/utils)
 include_directories(${FACTORY_CLIENT_SOURCE_DIR}/utils/utils)
@@ -279,7 +280,6 @@ if (FOTA_ENABLE)
 
     # Generic definitions for FOTA, always enabled
     add_definitions(-DMBED_CLOUD_CLIENT_FOTA_ENABLE=1)
-    add_definitions(-DFOTA_CUSTOM_CURR_FW_STRUCTURE=1)
 
     # Fota trace enable
     if (FOTA_TRACE)
@@ -288,12 +288,11 @@ if (FOTA_ENABLE)
     endif()
 
     include_directories(${FOTA_SOURCE_DIR})
-    include_directories("${CMAKE_CURRENT_SOURCE_DIR}/update-client-hub/delta-tool-internal/include")
 
     FILE(GLOB FOTA_SRC
         "${FOTA_SOURCE_DIR}/*.c"
         "${FOTA_SOURCE_DIR}/*.cpp"
-        "${CMAKE_CURRENT_SOURCE_DIR}/update-client-hub/delta-tool-internal/source/*.c"
+        "${FOTA_SOURCE_DIR}/bspatch/*.c"
     )
     message("FOTA sources = \n ${FOTA_SRC}")
     target_sources(mbedCloudClient PRIVATE "${FOTA_SRC}")

CONTRIBUTING.md

@@ -9,3 +9,5 @@ Due to the release process, all new releases are squashed code drops. Therefore,
 | Author         | Pull Request  | Change title/summary                                     |
 |----------------|---------------|----------------------------------------------------------|
 | Garrett LoVerde (@40Grit) | [#46](https://github.com/ARMmbed/mbed-cloud-client/pull/46) | Remove redundant switch in `get_resource` |
+| Pawel Dunaj ([@pdunaj](https://github.com/pdunaj))            | N/A | Port Pelion Client to Zephyr OS |
+| Emil Obalski ([@emob-nordic](https://github.com/emob-nordic)) | N/A | Port Pelion Client to Zephyr OS | 

factory-configurator-client/CMakeLists.txt

@@ -150,4 +150,8 @@ add_dependencies(factory-configurator-client fccstorage key-config-manager pal t
 # automatically build all the submodules.
 target_link_libraries(factory-configurator-client fccstorage key-config-manager pal tinycbor)
 
+if (${OS_BRAND} MATCHES "Zephyr")
+    target_link_libraries(crypto-service PUBLIC ${TLS_LIBRARY})
+endif()
+
 ADDSUBDIRS()

factory-configurator-client/crypto-service/source/pal_plat_Crypto.c

@@ -1180,6 +1180,12 @@ palStatus_t pal_plat_CtrDRBGInit(palCtrDrbgCtxHandle_t* ctx)
     }
     else
     {
+        /**
+         * Clean buffer before initialization. Some platform implementations
+         * does not handle mutex initialization correctly when buffers are
+         * dirty.
+         */
+        memset(palCtrDrbgCtx, 0, sizeof(palCtrDrbgCtx_t));
         mbedtls_ctr_drbg_init(&palCtrDrbgCtx->ctrDrbgCtx);
         mbedtls_entropy_init(&palCtrDrbgCtx->entropy);
         *ctx = (palCtrDrbgCtxHandle_t)palCtrDrbgCtx;

factory-configurator-client/key-config-manager/key-config-manager/key_config_manager.h

@@ -638,6 +638,33 @@ extern "C" {
     */
     kcm_status_e kcm_generate_random(uint8_t *buffer, size_t buffer_size);
 
+#ifndef MBED_CONF_MBED_CLOUD_CLIENT_PSA_SUPPORT
+    /* Computes a shared secret using the elliptic curve Diffie-Hellman algorithm.
+    *
+    *    @param[in] private_key_name                            The private key name to fetch from storage.
+    *    @param[in] private_key_name_len                        The length of the private key name.
+    *    @param[in] peer_public_key                             The public key from a peer in DER format.
+    *    @param[in] peer_public_key_size                        The length of the public key from a peer.
+    *    @param[out] shared_secret                              A pointer to the output shared secret buffer.
+    *    @param[in] shared_secret_max_size                      The size of the shared secret buffer. Must be at least ::KCM_EC_SECP256R1_SHARED_SECRET_SIZE bytes.
+    *    @param[out] shared_secret_act_size_out                 The actual size of the shared secret buffer.
+    *
+    *    @returns
+    *        KCM_STATUS_SUCCESS on success.
+    *        KCM_STATUS_INVALID_PARAMETER if one of the parameters is illegal.
+    *        One of the ::kcm_status_e errors otherwise.
+    *
+    */
+    kcm_status_e kcm_ecdh_key_agreement(
+        const uint8_t              *private_key_name,
+        size_t                      private_key_name_len,
+        const uint8_t               *peer_public_key,
+        size_t                      peer_public_key_size,
+        uint8_t                     *shared_secret,
+        size_t                      shared_secret_max_size,
+        size_t                      *shared_secret_act_size_out);
+#else //MBED_CONF_MBED_CLOUD_CLIENT_PSA_SUPPORT
+
     /* Computes a shared secret using the elliptic curve Diffie-Hellman algorithm.
     *
     * A few limitations to consider:
@@ -656,6 +683,8 @@ extern "C" {
     *        KCM_STATUS_SUCCESS on success.
     *        KCM_STATUS_INVALID_PARAMETER if one of the parameters is illegal.
     *        One of the ::kcm_status_e errors otherwise.
+    *
+    * \deprecated for PSA configuration, due to `psa_set_key_enrollment_algorithm()` API deprecation in mbed-crypto that is used by `kcm_ecdh_key_agreement`.
     */
     kcm_status_e kcm_ecdh_key_agreement(
         const uint8_t              *private_key_name,
@@ -666,6 +695,8 @@ extern "C" {
         size_t                      shared_secret_max_size,
         size_t                      *shared_secret_act_size_out);
 
+#endif //MBED_CONF_MBED_CLOUD_CLIENT_PSA_SUPPORT
+
 #ifdef __cplusplus
 }
 #endif

fota/.mbedignore

@@ -0,0 +1 @@
+bspatch/*