Merge pull request #40 from ARMmbed/release-3.1.0

mbed-cloud-client 3.1.0

CHANGELOG.md

@@ -1,5 +1,18 @@
 ## Changelog for Pelion Device Management Client
 
+### Release 3.1.0 (26.04.2019)
+
+* Fixed client State machine for handling `pause()` handling. Fixes issues when `pause()` call was ignored when other operations were in effect.
+* Implemented network status callback handling for client library. Now client will react to changes in network status callbacks to speed up client connection recovery during reconnection.
+* Improved internal flagging of client library to enable further optimizations and modularization of client components.
+
+#### Platform Adaptation Layer (PAL)
+
+* Improved TLS configuration to optimize RAM usage.
+* Improvement header include handling inside PAL layer.
+* CMake improvements.
+* Improvements for PAL unit tests.
+
 ### Release 3.0.0 (27.03.2019)
 
 #### Device Management Connect client

CMakeLists.txt

@@ -52,6 +52,7 @@ ADD_GLOBALDIR(${MBED_CLIENT_SOURCE_DIR}/mbed-client-mbed-tls/mbed-client-mbedtls
 # pal headers
 
 SET(PAL_SOURCE_DIR ${CMAKE_CURRENT_SOURCE_DIR}/mbed-client-pal/Source)
+ADD_GLOBALDIR(${PAL_SOURCE_DIR})
 ADD_GLOBALDIR(${PAL_SOURCE_DIR}/PAL-Impl/Services-API)
 ADD_GLOBALDIR(${PAL_SOURCE_DIR}/Port/Platform-API)
 

Makefile

@@ -51,6 +51,7 @@ LOCAL_ADD_INCLUDE += \
                     ${LOCAL_NAME}/mbed-client-pal/Configs/pal_config \
                     ${LOCAL_NAME}/mbed-client-pal/Configs/pal_config/SXOS \
                     ${LOCAL_NAME}/mbed-client-pal/Source/PAL-Impl/Services-API \
+                    ${LOCAL_NAME}/mbed-client-pal/Source \
                     ${LOCAL_NAME}/mbed-client-pal/Source/Port/Platform-API \
 # update client
 LOCAL_ADD_INCLUDE += \

doxygen/mbedcloudclient_doxy

@@ -38,7 +38,7 @@ PROJECT_NUMBER         =
 # for a project that appears at the top of each page and should give viewer 
 # a quick idea about the purpose of the project. Keep the description short.
 
-PROJECT_BRIEF          = "mbed Cloud Client C++ library"
+PROJECT_BRIEF          = "Device Management Client C++ library"
 
 # With the PROJECT_LOGO tag one can specify an logo or icon that is 
 # included in the documentation. The maximum height of the logo should not 

mbed-client-pal/Configs/mbedTLS/mbedTLSConfig_ARIA_mbedOS.h

@@ -20,7 +20,7 @@
 #define PAL_MBEDTLS_USER_CONFIG_H
 
 
-/*! All of the following definitions are mandatory requirements for correct 
+/*! All of the following definitions are mandatory requirements for correct
 *   functionality of PAL TLS and Crypto components.
 *   Please do not disable them.
 */
@@ -318,6 +318,10 @@
 #undef MBEDTLS_CHACHAPOLY_C
 #undef MBEDTLS_POLY1305_C
 
+// Do not save a copy of the peer certificate.
+// This will reduce the RAM consumption roughly by 1500 bytes.
+#undef MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
+
 #include "mbedtls/check_config.h"
 
 #endif /* PAL_MBEDTLS_USER_CONFIG_H */

mbed-client-pal/Configs/mbedTLS/mbedTLSConfig_FreeRTOS.h

@@ -43,16 +43,16 @@
         #define MBEDTLS_FREESCALE_LTC_DES       /* Enable use of LTC DES.*/
     #endif
     #define MBEDTLS_FREESCALE_LTC_AES           /* Enable use of LTC AES.*/
-    #if defined(FSL_FEATURE_LTC_HAS_GCM) && FSL_FEATURE_LTC_HAS_GCM 
+    #if defined(FSL_FEATURE_LTC_HAS_GCM) && FSL_FEATURE_LTC_HAS_GCM
         #define MBEDTLS_FREESCALE_LTC_AES_GCM   /* Enable use of LTC AES GCM.*/
     #endif
-    #if defined(FSL_FEATURE_LTC_HAS_PKHA) && FSL_FEATURE_LTC_HAS_PKHA 
+    #if defined(FSL_FEATURE_LTC_HAS_PKHA) && FSL_FEATURE_LTC_HAS_PKHA
         #define MBEDTLS_FREESCALE_LTC_PKHA      /* Enable use of LTC PKHA.*/
     #endif
 #endif
 
 /* Enable MMCAU use in library if there is MMCAU on chip. */
-#if defined(FSL_FEATURE_SOC_MMCAU_COUNT) && (FSL_FEATURE_SOC_MMCAU_COUNT > 0) 
+#if defined(FSL_FEATURE_SOC_MMCAU_COUNT) && (FSL_FEATURE_SOC_MMCAU_COUNT > 0)
     #include "fsl_mmcau.h"
 
     #define MBEDTLS_FREESCALE_MMCAU_MD5         /* Enable use of MMCAU MD5.*/
@@ -497,7 +497,7 @@
 #define MBEDTLS_ECP_DP_SECP256R1_ENABLED
 //#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
 //#ifndef MBEDTLS_FREESCALE_LTC_PKHA /* PKHA suports only <=512 */
-//#define MBEDTLS_ECP_DP_SECP521R1_ENABLED 
+//#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
 //#endif
 //#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
 //#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
@@ -2551,6 +2551,10 @@
 #undef MBEDTLS_CHACHAPOLY_C
 #undef MBEDTLS_POLY1305_C
 
+// Do not save a copy of the peer certificate.
+// This will reduce the RAM consumption roughly by 1500 bytes.
+#undef MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
+
 #if defined(TARGET_LIKE_MBED)
 #include "mbedtls/target_config.h"
 #endif

mbed-client-pal/Configs/mbedTLS/mbedTLSConfig_Linux.h

@@ -2652,6 +2652,10 @@
 #undef MBEDTLS_CHACHAPOLY_C
 #undef MBEDTLS_POLY1305_C
 
+// Do not save a copy of the peer certificate.
+// This will reduce the RAM consumption roughly by 1500 bytes.
+#undef MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
+
 #include "check_config.h"
 
 #if defined(MBEDTLS_TEST_NULL_ENTROPY)

mbed-client-pal/Configs/mbedTLS/mbedTLSConfig_SXOS_SW_TRNG.h

@@ -284,6 +284,10 @@
 #undef MBEDTLS_CHACHAPOLY_C
 #undef MBEDTLS_POLY1305_C
 
+// Do not save a copy of the peer certificate.
+// This will reduce the RAM consumption roughly by 1500 bytes.
+#undef MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
+
 /**
  * \def MBEDTLS_SSL_RENEGOTIATION
  *

mbed-client-pal/Configs/mbedTLS/mbedTLSConfig_mbedOS.h

@@ -20,7 +20,7 @@
 #define PAL_MBEDTLS_USER_CONFIG_H
 
 
-/*! All of the following definitions are mandatory requirements for correct 
+/*! All of the following definitions are mandatory requirements for correct
 *   functionality of PAL TLS and Crypto components.
 *   Please do not disable them.
 */
@@ -223,9 +223,13 @@
     #define MBEDTLS_AES_ROM_TABLES
 #endif //MBEDTLS_AES_ROM_TABLES
 
+// Read SN_COAP_MAX_BLOCKWISE_PAYLOAD_SIZE from user config file
+#ifdef MBED_CLIENT_USER_CONFIG_FILE
+#include MBED_CLIENT_USER_CONFIG_FILE
+#endif
 // Reduce IO buffer to save RAM, default is 16KB
 #ifndef MBEDTLS_SSL_MAX_CONTENT_LEN
-    #define MBEDTLS_SSL_MAX_CONTENT_LEN 4096
+    #define MBEDTLS_SSL_MAX_CONTENT_LEN SN_COAP_MAX_BLOCKWISE_PAYLOAD_SIZE * 4
 #endif //MBEDTLS_SSL_MAX_CONTENT_LEN
 
 // needed for Base64 encoding Opaque data for
@@ -306,11 +310,20 @@
 #undef MBEDTLS_ECP_DP_BP512R1_ENABLED
 #undef MBEDTLS_ECP_DP_CURVE25519_ENABLED
 
+// Tune elliptic curve configuration.
+// This will hit the performance a bit but will decrease the RAM consumption by 4k.
+#define MBEDTLS_ECP_WINDOW_SIZE 2
+#define MBEDTLS_ECP_FIXED_POINT_OPTIM 0
+
 // Reduces size particularly in case PSA crypto is used
 #undef MBEDTLS_CHACHA20_C
 #undef MBEDTLS_CHACHAPOLY_C
 #undef MBEDTLS_POLY1305_C
 
+// Do not save a copy of the peer certificate.
+// This will reduce the RAM consumption roughly by 1500 bytes.
+#undef MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
+
 #include "mbedtls/check_config.h"
 
 #endif /* PAL_MBEDTLS_USER_CONFIG_H */

mbed-client-pal/Configs/mbedTLS/mbedTLSConfig_mbedOS_SW_TRNG.h

@@ -20,7 +20,7 @@
 #define PAL_MBEDTLS_USER_CONFIG_H
 
 
-/*! All of the following definitions are mandatory requirements for correct 
+/*! All of the following definitions are mandatory requirements for correct
 *   functionality of PAL TLS and Crypto components.
 *   Please do not disable them.
 */
@@ -230,9 +230,13 @@
     #define MBEDTLS_AES_ROM_TABLES
 #endif //MBEDTLS_AES_ROM_TABLES
 
+// Read SN_COAP_MAX_BLOCKWISE_PAYLOAD_SIZE from user config file
+#ifdef MBED_CLIENT_USER_CONFIG_FILE
+#include MBED_CLIENT_USER_CONFIG_FILE
+#endif
 // Reduce IO buffer to save RAM, default is 16KB
 #ifndef MBEDTLS_SSL_MAX_CONTENT_LEN
-    #define MBEDTLS_SSL_MAX_CONTENT_LEN 4096
+    #define MBEDTLS_SSL_MAX_CONTENT_LEN SN_COAP_MAX_BLOCKWISE_PAYLOAD_SIZE * 4
 #endif //MBEDTLS_SSL_MAX_CONTENT_LEN
 
 // needed for Base64 encoding Opaque data for
@@ -256,7 +260,7 @@
 #undef MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
 
 //#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
-   
+
 // Remove error messages, save 10KB of ROM
 #undef MBEDTLS_ERROR_C
 
@@ -326,6 +330,15 @@
 #undef MBEDTLS_CHACHAPOLY_C
 #undef MBEDTLS_POLY1305_C
 
+// Tune elliptic curve configuration.
+// This will hit the performance a bit but will decrease the RAM consumption by 4k.
+#define MBEDTLS_ECP_WINDOW_SIZE 2
+#define MBEDTLS_ECP_FIXED_POINT_OPTIM 0
+
+// Do not save a copy of the peer certificate.
+// This will reduce the RAM consumption roughly by 1500 bytes.
+#undef MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
+
 #include "mbedtls/check_config.h"
 
 #endif /* PAL_MBEDTLS_USER_CONFIG_H */

mbed-client-pal/Configs/mbedTLS/mbedTLSConfig_mbedOS_SW_TRNG_PSA.h

@@ -20,7 +20,7 @@
 #define PAL_MBEDTLS_USER_CONFIG_H
 
 
-/*! All of the following definitions are mandatory requirements for correct 
+/*! All of the following definitions are mandatory requirements for correct
 *   functionality of PAL TLS and Crypto components.
 *   Please do not disable them.
 */
@@ -227,9 +227,13 @@
     #define MBEDTLS_AES_ROM_TABLES
 #endif //MBEDTLS_AES_ROM_TABLES
 
+// Read SN_COAP_MAX_BLOCKWISE_PAYLOAD_SIZE from user config file
+#ifdef MBED_CLIENT_USER_CONFIG_FILE
+#include MBED_CLIENT_USER_CONFIG_FILE
+#endif
 // Reduce IO buffer to save RAM, default is 16KB
 #ifndef MBEDTLS_SSL_MAX_CONTENT_LEN
-    #define MBEDTLS_SSL_MAX_CONTENT_LEN 4096
+    #define MBEDTLS_SSL_MAX_CONTENT_LEN SN_COAP_MAX_BLOCKWISE_PAYLOAD_SIZE * 4
 #endif //MBEDTLS_SSL_MAX_CONTENT_LEN
 
 // needed for Base64 encoding Opaque data for
@@ -266,7 +270,7 @@
 #undef MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
 
 //#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
-   
+
 // Remove error messages, save 10KB of ROM
 #undef MBEDTLS_ERROR_C
 
@@ -331,6 +335,16 @@
 
 #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
 
+
+// Tune elliptic curve configuration.
+// This will hit the performance a bit but will decrease the RAM consumption by 4k.
+#define MBEDTLS_ECP_WINDOW_SIZE 2
+#define MBEDTLS_ECP_FIXED_POINT_OPTIM 0
+
+// Do not save a copy of the peer certificate.
+// This will reduce the RAM consumption roughly by 1500 bytes.
+#undef MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
+
 #include "mbedtls/check_config.h"
 
 #endif /* PAL_MBEDTLS_USER_CONFIG_H */

mbed-client-pal/Makefile

@@ -12,6 +12,7 @@ LOCAL_API_DEPENDS := \
                     ${API_PLATFORM_DEPENDS} \
 
 LOCAL_ADD_INCLUDE := \
+                    ${LOCAL_NAME}/Source \
                     ${LOCAL_NAME}/Source/PAL-Impl \
                     ${LOCAL_NAME}/Source/PAL-Impl/Services-API \
                     ${LOCAL_NAME}/Source/Port/Platform-API \

mbed-client-pal/Source/CMakeLists.txt

@@ -1,6 +1,12 @@
 include_directories(Port/Platform-API)
+
+# This is so other modules could include pal.h
 ADD_GLOBALDIR( ${CMAKE_CURRENT_SOURCE_DIR}/PAL-Impl/Services-API)
 
+# Add the current the directory of this of this file as a global dir pal.h could include more qualified paths 
+# and modules that use PAL could still include pal.h
+ADD_GLOBALDIR( ${CMAKE_CURRENT_SOURCE_DIR})
+
 set (PAL_MODULES_SOURCE_DIR ${CMAKE_CURRENT_SOURCE_DIR}/PAL-Impl/Modules)
 set (PAL_PORT_SOURCE_DIR ${CMAKE_CURRENT_SOURCE_DIR}/Port/Reference-Impl/OS_Specific/${OS_BRAND})
 set (PAL_PORT_GENERIC_SOURCE_DIR ${CMAKE_CURRENT_SOURCE_DIR}/Port/Reference-Impl/Generic)

mbed-client-pal/Source/PAL-Impl/Modules/Networking/pal_network.c

@@ -63,10 +63,14 @@ palStatus_t pal_registerNetworkInterface(void* networkInterfaceContext, uint32_t
 {
     PAL_VALIDATE_ARGUMENTS((networkInterfaceContext == NULL) || (interfaceIndex == NULL));
     palStatus_t result = pal_plat_registerNetworkInterface(networkInterfaceContext, interfaceIndex);
-
     return result;
 }
 
+palStatus_t pal_setConnectionStatusCallback(uint32_t interfaceIndex, connectionStatusCallback callback, void *client_arg)
+{
+    return pal_plat_setConnectionStatusCallback(interfaceIndex, callback, client_arg);
+}
+
 palStatus_t pal_unregisterNetworkInterface(uint32_t interfaceIndex)
 {
     PAL_VALIDATE_ARGUMENTS(interfaceIndex > PAL_MAX_SUPORTED_NET_INTERFACES - 1);

mbed-client-pal/Source/PAL-Impl/Modules/TLS/pal_TLS.c

@@ -25,7 +25,6 @@
 
 #define TRACE_GROUP "PAL"
 
-PAL_PRIVATE uint8_t g_storedCertSerial[PAL_CERT_ID_SIZE] __attribute__ ((aligned(4))) = {0};
 PAL_PRIVATE bool g_trustedServerValid = false;
 PAL_PRIVATE palMutexID_t g_palTLSHandshakeMutex = NULLPTR;
 
@@ -98,7 +97,6 @@ palStatus_t pal_initTLS(palTLSConfHandle_t palTLSConf, palTLSHandle_t* palTLSHan
         *palTLSHandle = (palTLSHandle_t)palTLSCtx;
     }
 
-    memset(g_storedCertSerial, 0, sizeof(g_storedCertSerial));
     g_trustedServerValid = false;
     palTLSCtx->retryHandShake = false;
 
@@ -246,22 +244,6 @@ palStatus_t pal_addEntropySource(palEntropySource_f entropyCallback)
     return status;
 }
 
-palStatus_t pal_setOwnCertAndPrivateKey(palTLSConfHandle_t palTLSConf, palX509_t* ownCert, palPrivateKey_t* privateKey)
-{
-#if (PAL_ENABLE_X509 == 1)
-    palStatus_t status = PAL_SUCCESS;
-    palTLSConfService_t* palTLSConfCtx =  (palTLSConfService_t*)palTLSConf;
-
-    PAL_VALIDATE_ARGUMENTS (NULLPTR == palTLSConf);
-    PAL_VALIDATE_ARGUMENTS (NULLPTR == palTLSConfCtx->platTlsConfHandle || NULL == ownCert || NULL == privateKey);
-
-    status = pal_plat_setOwnCertAndPrivateKey(palTLSConfCtx->platTlsConfHandle, ownCert, privateKey);
-    return status;
-#else
-    return PAL_ERR_NOT_SUPPORTED;
-#endif
-}
-
 palStatus_t pal_setOwnCertChain(palTLSConfHandle_t palTLSConf, palX509_t* ownCert)
 {
 #if (PAL_ENABLE_X509 == 1)
@@ -348,6 +330,7 @@ palStatus_t pal_setCAChain(palTLSConfHandle_t palTLSConf, palX509_t* caChain, pa
             goto finish;
         }
 
+        uint8_t g_storedCertSerial[PAL_CERT_ID_SIZE] __attribute__ ((aligned(4))) = {0};
         if (!g_trustedServerValid)
         {
             size_t actualLenBytes;

mbed-client-pal/Source/PAL-Impl/Services-API/pal.h

@@ -23,24 +23,24 @@
 extern "C" {
 #endif
 //includes for common headers in PAL
-#include "pal_configuration.h"
-#include "pal_macros.h"
-#include "pal_errors.h"
-#include "pal_types.h"
+#include "PAL-Impl/Services-API/pal_configuration.h"
+#include "PAL-Impl/Services-API/pal_macros.h"
+#include "PAL-Impl/Services-API/pal_errors.h"
+#include "PAL-Impl/Services-API/pal_types.h"
 
 //includes for modules headers.
-#include "pal_drbg.h"
-#include "pal_fileSystem.h"
-#include "pal_rot.h"
-#include "pal_rtos.h"
-#include "pal_network.h"
-#include "pal_time.h"
-#include "pal_TLS.h"
-#include "pal_Crypto.h"
-#include "pal_entropy.h"
-#include "pal_update.h"
-#include "pal_internalFlash.h"
-#include "pal_sst.h"
+#include "PAL-Impl/Services-API/pal_drbg.h"
+#include "PAL-Impl/Services-API/pal_fileSystem.h"
+#include "PAL-Impl/Services-API/pal_rot.h"
+#include "PAL-Impl/Services-API/pal_rtos.h"
+#include "PAL-Impl/Services-API/pal_network.h"
+#include "PAL-Impl/Services-API/pal_time.h"
+#include "PAL-Impl/Services-API/pal_TLS.h"
+#include "PAL-Impl/Services-API/pal_Crypto.h"
+#include "PAL-Impl/Services-API/pal_entropy.h"
+#include "PAL-Impl/Services-API/pal_update.h"
+#include "PAL-Impl/Services-API/pal_internalFlash.h"
+#include "PAL-Impl/Services-API/pal_sst.h"
 
 
 /*! \file pal.h