keyword-detection: Add real clock time synchronisation

Add real clock time synchronisation to keyword-detection application
by using `coresntp` and `helpers-time-sync` libraries
This would require using MbedTLS time functions alternatives
to query the correct synchronised real clock time.

This addition would fix AWS TLS Expired Server Cert test
as previously, wrong clock time was fetched which result
in using expired server certificate. Now, correct clock
time would be fetched which results in target rejecting the
server's expired certificate which in turn fixes the test.

Signed-off-by: Ahmed Ismail <[email protected]>

applications/keyword_detection/CMakeLists.txt

@@ -134,11 +134,13 @@ target_link_libraries(keyword-detection
         coremqtt
         coremqtt-agent
         corepkcs11
+        coresntp
         freertos_kernel
         freertos-ota-pal-psa
         fri-bsp
         helpers-device-advisor
         helpers-events
+        helpers-sntp
         mbedtls
         mbedtls-threading-freertos
         ota-for-aws-iot-embedded-sdk

applications/keyword_detection/configs/aws_configs/core_pkcs11_config.h

@@ -1,7 +1,7 @@
 /*
  * Amazon FreeRTOS V1.1.4
  * Copyright (C) 2018 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
- * Copyright (c) 2022, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2022-2024, Arm Limited and Contributors. All rights reserved.
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy of
  * this software and associated documentation files (the "Software"), to deal in
@@ -157,4 +157,12 @@ extern void vPortFree( void * pv );
 
 /* #define pvPortMalloc             MPU_pvPortMalloc */
 /* #define vPortFree                MPU_vPortFree */
+
+/**
+ * @brief The PKCS #11 label for the object to be used for CMAC operations.
+ * It can be used by tasks during setting up the PKCS11 object for AES CMAC
+ * operations.
+ */
+#define pkcs11configLABEL_CMAC_KEY    "CMAC Key"
+
 #endif /* _AWS_PKCS11_CONFIG_H_ include guard. */

applications/keyword_detection/configs/mbedtls_config/aws_mbedtls_config.h

@@ -25,6 +25,16 @@
  *  limitations under the License.
  */
 
+#include "app_config.h"
+
+/* AWS IoT Core Device Advisor validation is not supported on ARMClang because
+ * ARMClang compiler does not support gmtime() function which is needed when
+ * MBEDTLS_HAVE_TIME macro is defined. MBEDTLS_HAVE_TIME should be defined to
+ * pass TLS Expired Server Cert test which is part of AWS IoT Core Device Advisor validation tests. */
+#if ( ( appCONFIG_DEVICE_ADVISOR_TEST_ACTIVE == 1 ) && ( defined( __ARMCC_VERSION ) ) )
+    #error "AWS IoT Core Device Advisor validation is not supported on Arm Compiler For Embedded (ARMClang)"
+#endif
+
 /**
  * This is an optional version symbol that enables compatibility handling of
  * config files.
@@ -132,7 +142,9 @@
  *
  * Comment if your system does not support time functions
  */
-/*#define MBEDTLS_HAVE_TIME */
+#if ( appCONFIG_DEVICE_ADVISOR_TEST_ACTIVE == 1 )
+    #define MBEDTLS_HAVE_TIME
+#endif
 
 /**
  * \def MBEDTLS_HAVE_TIME_DATE
@@ -153,7 +165,9 @@
  * mbedtls_platform_gmtime_r() at compile-time by using the macro
  * MBEDTLS_PLATFORM_GMTIME_R_ALT.
  */
-/*#define MBEDTLS_HAVE_TIME_DATE */
+#if ( appCONFIG_DEVICE_ADVISOR_TEST_ACTIVE == 1 )
+    #define MBEDTLS_HAVE_TIME_DATE
+#endif
 
 /**
  * \def MBEDTLS_PLATFORM_MEMORY
@@ -227,7 +241,10 @@ void mbedtls_platform_free( void * ptr );
  * platform function
  */
 /*#define MBEDTLS_PLATFORM_EXIT_ALT */
-/*#define MBEDTLS_PLATFORM_TIME_ALT */
+#if ( appCONFIG_DEVICE_ADVISOR_TEST_ACTIVE == 1 )
+    #define MBEDTLS_PLATFORM_TIME_ALT
+    #define MBEDTLS_PLATFORM_MS_TIME_ALT
+#endif
 /*#define MBEDTLS_PLATFORM_FPRINTF_ALT */
 /*#define MBEDTLS_PLATFORM_PRINTF_ALT */
 /*#define MBEDTLS_PLATFORM_SNPRINTF_ALT */

applications/keyword_detection/main.c

@@ -34,6 +34,10 @@
     #include "Driver_SAI.h"
 #endif
 
+#if ( appCONFIG_DEVICE_ADVISOR_TEST_ACTIVE == 1 )
+    #include "sntp_client_task.h"
+#endif
+
 /*
  * Semihosting is a mechanism that enables code running on an ARM target
  * to communicate and use the Input/Output facilities of a host computer
@@ -210,6 +214,18 @@ int main( void )
             return EXIT_FAILURE;
         }
 
+        #if ( appCONFIG_DEVICE_ADVISOR_TEST_ACTIVE == 1 )
+
+            /* This function call is application specific because it depends on
+             * MBEDTLS_PLATFORM_TIME_ALT and MBEDTLS_PLATFORM_MS_TIME_ALT MbedTLS
+             * configuration macros which are application specific. In case these macros
+             * are disabled then, there is no need to call this function. Also, the application
+             * is free to choose which function would be used for MbedTLS time query. */
+            mbedtls_platform_set_time( systemGetWallClockTime );
+
+            vStartSntpClientTask();
+        #endif
+
         vStartMqttAgentTask();
 
         vStartOtaTask();

docs/project_organisation.md

@@ -244,11 +244,13 @@ target_link_libraries(keyword-detection
         coremqtt
         coremqtt-agent
         corepkcs11
+        coresntp
         freertos_kernel
         freertos-ota-pal-psa
         fri-bsp
         helpers-device-advisor
         helpers-events
+        helpers-sntp
         kws_api
         kws_model
         mbedtls

release_changes/202402221521.change

@@ -0,0 +1 @@
+keyword-detection: Add real clock time synchronisation to fix AWS TLS Expired Server Cert test.