Update transport interface for compatibility
* Update the network transport that using socket wrapper to depend on socket wrapper only.
* AT command timeout should not be changed for cellular socket buffer access mode.
* mbedTLS config include using MBEDTLS_CONFIG_FILE macro.
* Remove strnlen usage in using_mbedtls_pkcs11.
* Create CloudFormation template for demo setup
* Add CF_ prefix to CloudFormation-created resources to avoid collisions
* Update lexicon.txt
* Create initial python setup script
* Create separate demo_cleanup.py file
* Move setup items to DemoSetup folder
* Add demo_config.h setup to the demo_setup.py script
* Modify error logging on demo_setup.py
* Add file cleanup to demo_cleanup.py
* Rename convert_pem_to_der.py to convert_credentials_to_der.py
* Adjust comment wording on demo_cleanup.py
* added configUSE_TICKLESS_IDLE (#764)
* Fix tests needed for https://github.com/FreeRTOS/FreeRTOS-Kernel/pull/435 (#766)
* Fix tests needed for https://github.com/FreeRTOS/FreeRTOS-Kernel/pull/435
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
* Add tests to cover https://github.com/FreeRTOS/FreeRTOS-Kernel/pull/435 (#768)
Add tests to cover https://github.com/FreeRTOS/FreeRTOS-Kernel/pull/435
This ensures that the coverage does not go down with the PR
https://github.com/FreeRTOS/FreeRTOS-Kernel/pull/435.
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
* Add tests to increase queue code coverage (#770)
These tests cover the following portion in the queue code:
static void prvUnlockQueue( Queue_t * const pxQueue )
{
...
if( prvNotifyQueueSetContainer( pxQueue ) != pdFALSE )
{
/* The queue is a member of a queue set, and posting to
* the queue set caused a higher priority task to unblock.
* A context switch is required. */
vTaskMissedYield();
}
else
{
mtCOVERAGE_TEST_MARKER();
}
...
}
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
* Update FreeRTOS-Kernel submodule pointer (#771)
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
* Add new names to spell check dictionary (#772)
* Return error if invalid input detected in transport layer (Send/Recv) (#773)
* return error if invalid input detected in transport layer
* Create mqtt_pkcs11_demo_helpers for AWS demos (#769)
* Create mqtt_pkcs11_demo_helpers by modifying mqtt_demo_helpers
* Update formatting and variable naming
* Fix multi-line parameter formatting
* Update file headers to match latest release version
* GCC/Rx100 Demo project files update to e2 Studio v8 (#776)
* Upgrade GCC project files for e2 studio v7.8.0 in Demo/RX100-RSK_GCC_e2studio folder
* Update Demo project file to e2 Studio v8 and remove the .bat file.
* Update the choice of toolchain version.
* Update the link in file header.
Co-authored-by: NoMaY (a user of Japan.RenesasRulz.com) <NoMaY-jp@outlook.com>
* Update FreeRTOS-Cellular-Interface submodule pointer (#775)
* Update cellular sub-module pointer
* Add more log in cellular_setup.c to indicate error
* Adjust cellular transport timeout value for demo application
* Add default cellular module specific config in cellular_config.h
* Create separate demo_cleanup.py file
* Move setup items to DemoSetup folder
* Add demo_config.h setup to the demo_setup.py script
* Modify error logging on demo_setup.py
* Add file cleanup to demo_cleanup.py
* Rename convert_pem_to_der.py to convert_credentials_to_der.py
* Adjust comment wording on demo_cleanup.py
* Adjust comment wording on demo_config.h
* Format files and reduce code redundancy
* Update lexicon.txt
* Remove preconfigured fields from demo_config,h
* Update convert_credentials_to_der.py
Co-authored-by: Archit Gupta <71798289+archigup@users.noreply.github.com>
* Make python files executable
Co-authored-by: Joseph Julicher <jjulicher@mac.com>
Co-authored-by: Gaurav-Aggarwal-AWS <33462878+aggarg@users.noreply.github.com>
Co-authored-by: Ravishankar Bhagavandas <bhagavar@amazon.com>
Co-authored-by: ActoryOu <jay2002824@gmail.com>
Co-authored-by: Ming Yue <mingyue86010@gmail.com>
Co-authored-by: NoMaY (a user of Japan.RenesasRulz.com) <NoMaY-jp@outlook.com>
Co-authored-by: chinglee-iot <61685396+chinglee-iot@users.noreply.github.com>
Co-authored-by: Archit Gupta <71798289+archigup@users.noreply.github.com>
* All for the Demo/Cortex_MPU_Simulator_Keil_GCC GCC demo:
+ Update the linker script so the project builds now the heap is part of the privileged data.
+ Add simulator.ini to setup the simulator memory map when the debugger starts to prevent invalid access errors.
+ Set configENFORCE_SYSTEM_CALLS_FROM_KERNEL_ONLY to 1 in FreeRTOSConfig.h, then fix up resultant build errors.
+ Set configALLOW_UNPRIVILEGED_CRITICAL_SECTIONS to 0 in FreeRTOSConfig.h, then fix up resultant build errors.
* Fix compiler warning in Arm startup file.
* Update comments in the file headers to pass the git checkin tests.
* Update header comments to pass git checkin tests.
* Second attempt to get file header comments correct for the check-in tests.
* Third attempt to get the header comments correct.
* Fix spelling.
* Fix manifest check
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
Co-authored-by: none <>
Co-authored-by: Gaurav Aggarwal <aggarg@amazon.com>
* Update cellular sub-module pointer
* Add more log in cellular_setup.c to indicate error
* Adjust cellular transport timeout value for demo application
* Add default cellular module specific config in cellular_config.h
* Update History.txt and README.md for December release (#744)
* Update History.txt and README.md for release
* Bump mbedtls submodule to v2.28.0 (#745)
* Patch project files for mbedtls (#751)
* Apply group 1 patches
* Apply patches for group 2
* Update project files for mbedTLS new version
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
* Fix warnings in projects
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
* Fix warnings in HTTP_S3_Download demo
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
Co-authored-by: Gaurav Aggarwal <aggarg@amazon.com>
* Update changelog and history for corePKCS11 update (#752)
* Update submodule pointer and manifest.yml for corePKCS11 (#754)
* Update readme and history.txt to show that Sigv4 is a newly added library (#756)
* Revert update to v143 of VS toolset (#757)
* [AUTO][RELEASE]: Bump file header version to "202112.00"
* Update file headers to satisfy core checks
Co-authored-by: Muneeb Ahmed <54290492+muneebahmed10@users.noreply.github.com>
Co-authored-by: Gaurav Aggarwal <aggarg@amazon.com>
Co-authored-by: johnrhen <johnrhen@users.noreply.github.com>
* Add fleet provisioning and tinycbor submodules
* Copy demo files from FP in CSDK and the Defender Demo
* Modify FP demo files to function in FreeRTOS
* Update styling and formatting of demo files to match FreeRTOS conventions
Co-authored-by: Archit Gupta <71798289+archigup@users.noreply.github.com>
The previous "using_mbedtls_pkcs11.c" implementation requires using the device key and device certificate stored under the labels "pkcs11configLABEL_DEVICE_PRIVATE_KEY_FOR_TLS" and "pkcs11configLABEL_DEVICE_CERTIFICATE_FOR_TLS".
This commit updates the NetworkCredentials to include fields for pClientCertLabel and pPrivateKeyLabel, so other labels can be used with PKCS11. This matches the behavior seen in the CSDK.
This commit also updates the "pkcs11_mqtt_mutual_auth_demo" to set the newly-added NetworkCredentials fields.
Move the contents of FreeRTOS/FreeRTOS-Plus/Source/Application-Protocols/network_transport/using_mbedtls/
to its parent folder i.e. FreeRTOS/FreeRTOS-Plus/Source/Application-Protocols/network_transport/.
This removes one unnecessary folder in the hierarchy.
* [Cellular] Add cellulr lib submodule and demo app
* [Cellular] Fix memory violation in transport layer and add using LoggingPrintf
* Update FreeRTOS Cellular Interface
* Change the mbedtls usage in FreeRTOS-Plus
* [Cellular] Fix missing spell
* [Cellular] Add manifest.yml
* Fix missing spell
* Update manifest.yml
* [Cellular] Add integration test
* Modify the demo log level to LOG_INFO
* Update cellular interface
* The modification of the folder structure for cellular library
* Rename the naming of demo
* Adjust the location of using_mbedtls and socket_wrapper
* Adjust project setting for relocating using_mbedtls and socket_wrapper
* Turn off PSM mode
* Add start marker for CI validation.
* The modification for mbedtls platform send/recv function for cellular
* Change the project file due to the changes of mbedtls platform send/recv function for cellular
* Fix missing newline and remove unused file
* Add missing configuration.
* Make cellular and freertos tcp plus use the same transport implementation
* Add comment for the macro MBEDTLS_SSL_SEND and MBEDTLS_SSL_RECV
* Make changes from the github comment.
* Update submodule pointers
This is needed to address doxygen failures (Which are already fixed in
the submoduled repos).
Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
* Updated submodule libraries to latest release
* Updated pointer for FreeRTOS-Plus-TCP
* Updated README about SNTP
* Updated link for coreSNTP on freertos.org
* Updated corePKCS11 to 'update-pkcs11submodule' branch for testing
* Update corePKCS11 version in manifest.yml
* Updated corePKCS11 pointer to v3.1.0
Co-authored-by: Oscar Michael Abrina <abrinao@amazon.com>
Co-authored-by: Archit Aggarwal <architag@amazon.com>
* Replace library links with the application-protocols one
The ReadMe.txt refers to library link on FreeRTOS.org which will not be available until after the library is released in github. Instead, use top level page https://www.freertos.org/application-protocols.html which lists all the libraries in this directory which is also easy for user to navigate and could avoid this issue when releasing new library.
* Update FreeRTOS-Plus/Source/Application-Protocols/readme.txt
Co-authored-by: Archit Aggarwal <architag@amazon.com>
* Update FreeRTOS-Plus/Source/Application-Protocols/readme.txt
Co-authored-by: Paul Bartell <pbartell@amazon.com>
Co-authored-by: Archit Aggarwal <architag@amazon.com>
Co-authored-by: Paul Bartell <pbartell@amazon.com>
* Remove submodules of community and partner contribution repos, and stale directory of FreeRTOS+UDP
* Obselete NTP demo and rename of HTTP server demo folder
* Update manifest.yml
Since `mbedtls_error.c` is already part of the mbedTLS submodule, the duplicate files are removed from this repository.
Co-authored-by: Cobus van Eeden <35851496+cobusve@users.noreply.github.com>
Issue
The existing clock discipline algorithm in the coreSNTP demo yields an inaccurate wall-clock time (in UTC) that is always behind the astronomical UTC time by the chosen polling interval period of the demo. The issue with the clock discipline algorithm was that it was calculating the slew rate to make the system clock be gradually compensated for the previous time synchronization clock drift over the period of the subsequent polling time interval. Thereby, the clock slew rate correction calculated is always lower than it should be (because it does not incorporate possible clock drift that would occur over another period of time polling interval till the next time synchronization attempt).
Fix
This PR fixes the clock discipline algorithm to make the demo calculate its system time that matches the astronomical UTC time.
The fix involves simplifying the clock discipline algorithm to use a combination of step and slew correction approaches where:
1. Step correction is applied on EVERY time successful synchronization with a time server. This immediately corrects the system time to match server time.
2. Slew rate is calculated ONCE (on the second successful time synchronization with server) and applied henceforth, on every time polling interval period to compensate gradually for the system clock drift during the period.
This PR makes the following changes in the coreSNTP demo:
To suggest the most secure way of using SNTP communication, we are adding a documentation note about the Network Time Security in the SNTP demo.
Hygiene update of using the FreeRTOS/backoffAlgorithm utility library for calculating time polling period interval backoff when time requests are rejected by a time server.
Issue
There is a possible vulnerability of Denial of Service attack by keeping the UDP socket for the SNTP client task always open in the coreSNTP demo. The Denial of Service attack can occur from receiving multiple server response (duplicated or malicious) for a single SNTP time request sent by the client, and thereby, filing the socket network buffer response packets that affect future time requests.
Solution
This PR fixes this vulnerability by updating the demo to keep a UDP socket open only for the time period of waiting for server response, closing the socket on either receiving a server response or experiencing server timeout, and re-creating a UDP socket for the next polling try. This PR also adds another security functionality using a random port for UDP socket to protect against spoofing attacks from "off-network path" attackers.
Update the coreSNTP submodule to the latest commit. Also, make updates to the coreSNTP demo for the new changes in the SNTP library which include the following:
1. Update to the type for packet size from size_t to uint16_t for parameters in the transport and authentication interfaces.
2. Change in the call to Sntp_SendTimeRequest API to pass the new blockTimeMs parameter added to the API.
3. Update to the clock-offfset type from int32_t to int64_t for representing information in milliseconds. To accommodate this update in the SntpSetTime_t interface, the mathematical model for representing system clock has been updated to store slew rate as milliseconds/second (instead of second/second). This change improves the accuracy of the WinSim demo time correction (because the milliseconds of time difference between server and client time is corrected over the entire polling interval which makes a significant difference!).
This PR also adds demo config macros for setting the block time values passed to the Sntp_SendTimeRequest and Sntp_ReceiveTimeResponse APIs.
Update the coreSNTP demo to showcase use of symmetric key algorithm of authentication scheme for securing SNTP communication between client and server.
The demo uses the AES-128-CMAC algorithm for the generating Message Authentication Code for the client on sending the SNTP time request to server as well as validating the server response received by verifying if the payload present authentication code can be generated. Use of an authentication mechanism in SNTP communication protects against server spoofing attacks as well as man-in-the-middle attacks of server response modification.
The demo uses corePKCS11 library for the AES-CMAC operations. Also, the demo adds functionality of generating random number, using corePKCS11, for sending as a parameter to the Sntp_SendTimeRequest API.
Note: For symmetric key based security mechanism to be protective against malicious, it is IMPORTANT to securely pre-share the symmetric key between client and server.
Add the FreeRTOS/coreSNTP library as a submodule (along with manifest.yaml file update) and add a demo project to showcase use of the coreSNTP library for having a SNTP client daemon in the system for periodically synchronizing system time with the internet to maintain Coordinated Univeral Time (UTC) in a device. This demo maintains UTC time of system in RAM, thereby, representing systems without a Real-Time Clock (RTC) module in the device.
Note: This demo shows use of coreSNTP library for SNTP communication with NTP/SNTP time servers in non-authenticated mode (i.e. without any security mechanism payload beyond the standard 48 bytes of NTP packet exchange between client-server).
* Added spell check
* All words
* Add a missing word
* Fix header checks
* Fix header checks v1
* Fix header check v2
* Updated freertos link in header
* Fixed afr link in the header
* Fix last of header checks
* Update the spell check script to check amazon licensed files only
* Fixed paths and added comments
* Try with modified repo
* Add inplace substitute option to sed
* Use official repo as the spell checker source
* Add vendor file to the ignored list
Co-authored-by: root <root@ip-172-31-5-28.us-west-2.compute.internal>
This change adds the OTA demos and required dependencies and helper components .
* Add demos , configs and project files
* Add subscription manager
* Add HTTP utils
* Submodules the OTA LTS 3.0 Library.
* Add OTA pal
It is recommended by the AWS IoT Jobs service to use DescribeJobExecution API for scaling purposes instead of StartNextPendingJobExecution API. Thus, update the Jobs demo to replace the latter API call with the former API call.
* Clean up demo config for wolfSSL mutual auth.
* Add comment about picking the correct ROOT CA.
* uncrustify using_wolfSSL.c and some other code style changes.
* Apply suggestions from code review
Co-authored-by: Archit Aggarwal <architag@amazon.com>
ActoryOu
Paul Bartell
chinglee-iot
alfred gedeon
johnrhen
RichardBarry
Muneeb Ahmed
Aniruddha Kanhere
ActoryOu
Bhaumik Jain
Oscar Michael Abrina
andysun2015
tianmc1
aggarg
Shivangi
Gaurav-Aggarwal-AWS
JD
tianmc1
lienng_aws
Archit Aggarwal
thomas-coding
jasonpcarroll
Archit Gupta
Hein Tibosch
Prasad Vyawahare
TakayukiMatsuo
Carl Lundin