* Bump up to MBed-TLS V3.5.1, make changes to Visual Studio Projects to account for this.
* Update MBedTLS Transport files to call psa_crypto_init() if the MBEDTLS_PSA_CRYPTO_C is set.
* Add WIN32_LEAN_AND_MEAN to the corePKCS11_MQTT_Mutual_Auth_Windows_Simulator demo. Add in a check for MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET when making a TLS handshake.
* Change transport interface files from using void * to mbedtls_pk_context * instead per changes in the MbedTLS API.
* Changes to Fleet Provisioning Demo and Demo Setup to use ECDSA keys
* Remove non-32 bit configs from various VisualStudio Projects. Enforce all projects using WIN32_LEAN_AND_MEAN as well as winsock2.h
* Use new version of CI-CD Actions, checkout@v3 instead of checkout@v2 on all jobs
* Use cSpell spell check, and use ubuntu-20.04 for formatting check
* Add in bot formatting action
* Update freertos_demo.yml and freertos_plus_demo.yml files to increase github log readability
* Add in a Qemu demo onto the workflows.
Update transport interface for compatibility
* Update the network transport that using socket wrapper to depend on socket wrapper only.
* AT command timeout should not be changed for cellular socket buffer access mode.
* mbedTLS config include using MBEDTLS_CONFIG_FILE macro.
* Remove strnlen usage in using_mbedtls_pkcs11.
* All for the Demo/Cortex_MPU_Simulator_Keil_GCC GCC demo:
+ Update the linker script so the project builds now the heap is part of the privileged data.
+ Add simulator.ini to setup the simulator memory map when the debugger starts to prevent invalid access errors.
+ Set configENFORCE_SYSTEM_CALLS_FROM_KERNEL_ONLY to 1 in FreeRTOSConfig.h, then fix up resultant build errors.
+ Set configALLOW_UNPRIVILEGED_CRITICAL_SECTIONS to 0 in FreeRTOSConfig.h, then fix up resultant build errors.
* Fix compiler warning in Arm startup file.
* Update comments in the file headers to pass the git checkin tests.
* Update header comments to pass git checkin tests.
* Second attempt to get file header comments correct for the check-in tests.
* Third attempt to get the header comments correct.
* Fix spelling.
* Fix manifest check
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
Co-authored-by: none <>
Co-authored-by: Gaurav Aggarwal <aggarg@amazon.com>
* Update History.txt and README.md for December release (#744)
* Update History.txt and README.md for release
* Bump mbedtls submodule to v2.28.0 (#745)
* Patch project files for mbedtls (#751)
* Apply group 1 patches
* Apply patches for group 2
* Update project files for mbedTLS new version
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
* Fix warnings in projects
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
* Fix warnings in HTTP_S3_Download demo
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
Co-authored-by: Gaurav Aggarwal <aggarg@amazon.com>
* Update changelog and history for corePKCS11 update (#752)
* Update submodule pointer and manifest.yml for corePKCS11 (#754)
* Update readme and history.txt to show that Sigv4 is a newly added library (#756)
* Revert update to v143 of VS toolset (#757)
* [AUTO][RELEASE]: Bump file header version to "202112.00"
* Update file headers to satisfy core checks
Co-authored-by: Muneeb Ahmed <54290492+muneebahmed10@users.noreply.github.com>
Co-authored-by: Gaurav Aggarwal <aggarg@amazon.com>
Co-authored-by: johnrhen <johnrhen@users.noreply.github.com>
The previous "using_mbedtls_pkcs11.c" implementation requires using the device key and device certificate stored under the labels "pkcs11configLABEL_DEVICE_PRIVATE_KEY_FOR_TLS" and "pkcs11configLABEL_DEVICE_CERTIFICATE_FOR_TLS".
This commit updates the NetworkCredentials to include fields for pClientCertLabel and pPrivateKeyLabel, so other labels can be used with PKCS11. This matches the behavior seen in the CSDK.
This commit also updates the "pkcs11_mqtt_mutual_auth_demo" to set the newly-added NetworkCredentials fields.
Move the contents of FreeRTOS/FreeRTOS-Plus/Source/Application-Protocols/network_transport/using_mbedtls/
to its parent folder i.e. FreeRTOS/FreeRTOS-Plus/Source/Application-Protocols/network_transport/.
This removes one unnecessary folder in the hierarchy.
* [Cellular] Add cellulr lib submodule and demo app
* [Cellular] Fix memory violation in transport layer and add using LoggingPrintf
* Update FreeRTOS Cellular Interface
* Change the mbedtls usage in FreeRTOS-Plus
* [Cellular] Fix missing spell
* [Cellular] Add manifest.yml
* Fix missing spell
* Update manifest.yml
* [Cellular] Add integration test
* Modify the demo log level to LOG_INFO
* Update cellular interface
* The modification of the folder structure for cellular library
* Rename the naming of demo
* Adjust the location of using_mbedtls and socket_wrapper
* Adjust project setting for relocating using_mbedtls and socket_wrapper
* Turn off PSM mode
* Add start marker for CI validation.
* The modification for mbedtls platform send/recv function for cellular
* Change the project file due to the changes of mbedtls platform send/recv function for cellular
* Fix missing newline and remove unused file
* Add missing configuration.
* Make cellular and freertos tcp plus use the same transport implementation
* Add comment for the macro MBEDTLS_SSL_SEND and MBEDTLS_SSL_RECV
* Make changes from the github comment.
* Update submodule pointers
This is needed to address doxygen failures (Which are already fixed in
the submoduled repos).
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
* Updated submodule libraries to latest release
* Updated pointer for FreeRTOS-Plus-TCP
* Updated README about SNTP
* Updated link for coreSNTP on freertos.org
* Updated corePKCS11 to 'update-pkcs11submodule' branch for testing
* Update corePKCS11 version in manifest.yml
* Updated corePKCS11 pointer to v3.1.0
Co-authored-by: Oscar Michael Abrina <abrinao@amazon.com>
Co-authored-by: Archit Aggarwal <architag@amazon.com>
* Replace library links with the application-protocols one
The ReadMe.txt refers to library link on FreeRTOS.org which will not be available until after the library is released in github. Instead, use top level page https://www.freertos.org/application-protocols.html which lists all the libraries in this directory which is also easy for user to navigate and could avoid this issue when releasing new library.
* Update FreeRTOS-Plus/Source/Application-Protocols/readme.txt
Co-authored-by: Archit Aggarwal <architag@amazon.com>
* Update FreeRTOS-Plus/Source/Application-Protocols/readme.txt
Co-authored-by: Paul Bartell <pbartell@amazon.com>
Co-authored-by: Archit Aggarwal <architag@amazon.com>
Co-authored-by: Paul Bartell <pbartell@amazon.com>
Since `mbedtls_error.c` is already part of the mbedTLS submodule, the duplicate files are removed from this repository.
Co-authored-by: Cobus van Eeden <35851496+cobusve@users.noreply.github.com>
Update the coreSNTP submodule to the latest commit. Also, make updates to the coreSNTP demo for the new changes in the SNTP library which include the following:
1. Update to the type for packet size from size_t to uint16_t for parameters in the transport and authentication interfaces.
2. Change in the call to Sntp_SendTimeRequest API to pass the new blockTimeMs parameter added to the API.
3. Update to the clock-offfset type from int32_t to int64_t for representing information in milliseconds. To accommodate this update in the SntpSetTime_t interface, the mathematical model for representing system clock has been updated to store slew rate as milliseconds/second (instead of second/second). This change improves the accuracy of the WinSim demo time correction (because the milliseconds of time difference between server and client time is corrected over the entire polling interval which makes a significant difference!).
This PR also adds demo config macros for setting the block time values passed to the Sntp_SendTimeRequest and Sntp_ReceiveTimeResponse APIs.
Add the FreeRTOS/coreSNTP library as a submodule (along with manifest.yaml file update) and add a demo project to showcase use of the coreSNTP library for having a SNTP client daemon in the system for periodically synchronizing system time with the internet to maintain Coordinated Univeral Time (UTC) in a device. This demo maintains UTC time of system in RAM, thereby, representing systems without a Real-Time Clock (RTC) module in the device.
Note: This demo shows use of coreSNTP library for SNTP communication with NTP/SNTP time servers in non-authenticated mode (i.e. without any security mechanism payload beyond the standard 48 bytes of NTP packet exchange between client-server).
* Clean up demo config for wolfSSL mutual auth.
* Add comment about picking the correct ROOT CA.
* uncrustify using_wolfSSL.c and some other code style changes.
* Apply suggestions from code review
Co-authored-by: Archit Aggarwal <architag@amazon.com>
FreeRTOS_send adds the packet to be sent to the IP task's queue for
later processing. The packet is sent later by the IP task. When
FreeRTOS is used in collaborative mode (i.e. configUSE_PREEMPTION is 0),
the Plaintext_FreeRTOS_send function returns without actually sending
the packet as the IP task never gets a chance to run.
The fact that Plaintext_FreeRTOS_send returns without actually sending
the packet causes an issue in the MQTT_Connect which expects the CONNECT
packet to be actually sent and waits for CONNACK.
This commit adds a taskYIELD call after calling FreeRTOS_send to ensure
that the IP task gets a chance to run and send the packet before the
Plaintext_FreeRTOS_send function returns.
Add URL file links to the MQTT agent documentation page.
Add comment blocks into each demo that also point toward the MQTT agent documentation to ensure users are aware the agent method exists.
From the FreeRTOS documentation, pdFREERTOS_ERRNO_ENOSPC means that timeout occurred before any data could be sent or received.
- In the plaintext transport-interface implementation, we would directly return `-pdFREERTOS_ERRNO_ENOSPC`. However, an error like this can occur when the TCP buffer is full, so this ought to be retriable. Libraries that consume the transport interface interpret a return value of 0 to mean that send/recv can be invoked again to get the data. As such, we should appropriately set the return value as 0 when the status is `-pdFREERTOS_ERRNO_ENOSPC`.
- In the mbedTLS port, we would directly return whatever `FreeRTOS_send` or `FreeRTOS_recv` returns. However, sometimes, the return value can be an error. In such cases, we ought to map an error from FreeRTOS+TCP to an equivalent error in mbedTLS. In the case of `-pdFREERTOS_ERRNO_ENOSPC`, we map that to `MBEDTLS_ERR_SSL_TIMEOUT`. When the mbedTLS transport-interface send/recv wrapper sees that value, it appropriately returns 0, so that the library can retry the send/recv. I've verified that when the mbedTLS port returns an error, that same error is returned by `mbedtls_ssl_write` & `mbedtls_ssl_read`.
- The TCP socket may have a receive block time. If bytesToRecv is greater than 1 then a frame is likely already part way through reception and blocking to wait for the desired number of bytes to be available is the
most efficient thing to do. If bytesToRecv is 1 then this may be a speculative call to read to find the start of a new frame, in which case blocking is not desirable as it could block an entire protocol agent task for the duration of the read block time and therefore negatively impact performance. So if bytesToRecv is 1 then don't call recv unless it is known that bytes are already available.
Co-authored-by: abhidixi11 <44424462+abhidixi11@users.noreply.github.com>
Co-authored-by: RichardBarry <3073890+RichardBarry@users.noreply.github.com>
Small change that simply specifies why the NetworkContext must be defined by each compilation unit along with details on how to include it to your project.
Co-authored-by: Cobus van Eeden <35851496+cobusve@users.noreply.github.com>
Soren Ptak
Tony Josi
Monika Singh
Gaurav-Aggarwal-AWS
chinglee-iot
jasonpcarroll
Paul Bartell
ActoryOu
Soren Ptak
RichardBarry
Muneeb Ahmed
ActoryOu
johnrhen
andysun2015
aggarg
Shivangi
tianmc1
tianmc1
lienng_aws
Oscar Michael Abrina
Archit Aggarwal
TakayukiMatsuo
Carl Lundin
Marc-Antoine Lalonde
Joseph Julicher