From eafb9b8178118c48554912ca65fc5dccd8d301ee Mon Sep 17 00:00:00 2001
From: Ahmed Ismail <Ahmed.Ismail@arm.com>
Date: Thu, 15 Feb 2024 13:22:04 +0000
Subject: [PATCH] keyword-detection: Add real clock time synchronisation

Add real clock time synchronisation to keyword-detection application
by using `coresntp` and `helpers-time-sync` libraries
This would require using MbedTLS time functions alternatives
to query the correct synchronised real clock time.

This addition would fix AWS TLS Expired Server Cert test
as previously, wrong clock time was fetched which result
in using expired server certificate. Now, correct clock
time would be fetched which results in target rejecting the
server's expired certificate which in turn fixes the test.

Signed-off-by: Ahmed Ismail <Ahmed.Ismail@arm.com>
---
 applications/keyword_detection/CMakeLists.txt |  2 ++
 .../configs/aws_configs/core_pkcs11_config.h  | 10 +++++++-
 .../mbedtls_config/aws_mbedtls_config.h       | 23 ++++++++++++++++---
 applications/keyword_detection/main.c         | 16 +++++++++++++
 docs/project_organisation.md                  |  2 ++
 release_changes/202402221521.change           |  1 +
 6 files changed, 50 insertions(+), 4 deletions(-)
 create mode 100644 release_changes/202402221521.change

diff --git a/applications/keyword_detection/CMakeLists.txt b/applications/keyword_detection/CMakeLists.txt
index cae79214..eb68df81 100644
--- a/applications/keyword_detection/CMakeLists.txt
+++ b/applications/keyword_detection/CMakeLists.txt
@@ -133,11 +133,13 @@ target_link_libraries(keyword-detection
         coremqtt
         coremqtt-agent
         corepkcs11
+        coresntp
         freertos_kernel
         freertos-ota-pal-psa
         fri-bsp
         helpers-device-advisor
         helpers-events
+        helpers-sntp
         mbedtls
         mbedtls-threading-freertos
         ota-for-aws-iot-embedded-sdk
diff --git a/applications/keyword_detection/configs/aws_configs/core_pkcs11_config.h b/applications/keyword_detection/configs/aws_configs/core_pkcs11_config.h
index 93cf984e..a612cd22 100644
--- a/applications/keyword_detection/configs/aws_configs/core_pkcs11_config.h
+++ b/applications/keyword_detection/configs/aws_configs/core_pkcs11_config.h
@@ -1,7 +1,7 @@
 /*
  * Amazon FreeRTOS V1.1.4
  * Copyright (C) 2018 Amazon.com, Inc. or its affiliates.  All Rights Reserved.
- * Copyright (c) 2022, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2022-2024, Arm Limited and Contributors. All rights reserved.
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy of
  * this software and associated documentation files (the "Software"), to deal in
@@ -157,4 +157,12 @@ extern void vPortFree( void * pv );
 
 /* #define pvPortMalloc             MPU_pvPortMalloc */
 /* #define vPortFree                MPU_vPortFree */
+
+/**
+ * @brief The PKCS #11 label for the object to be used for CMAC operations.
+ * It can be used by tasks during setting up the PKCS11 object for AES CMAC
+ * operations.
+ */
+#define pkcs11configLABEL_CMAC_KEY    "CMAC Key"
+
 #endif /* _AWS_PKCS11_CONFIG_H_ include guard. */
diff --git a/applications/keyword_detection/configs/mbedtls_config/aws_mbedtls_config.h b/applications/keyword_detection/configs/mbedtls_config/aws_mbedtls_config.h
index d5be8045..c221573f 100644
--- a/applications/keyword_detection/configs/mbedtls_config/aws_mbedtls_config.h
+++ b/applications/keyword_detection/configs/mbedtls_config/aws_mbedtls_config.h
@@ -25,6 +25,16 @@
  *  limitations under the License.
  */
 
+#include "app_config.h"
+
+/* AWS IoT Core Device Advisor validation is not supported on ARMClang because
+ * ARMClang compiler does not support gmtime() function which is needed when
+ * MBEDTLS_HAVE_TIME macro is defined. MBEDTLS_HAVE_TIME should be defined to
+ * pass TLS Expired Server Cert test which is part of AWS IoT Core Device Advisor validation tests. */
+#if ( ( appCONFIG_DEVICE_ADVISOR_TEST_ACTIVE == 1 ) && ( defined( __ARMCC_VERSION ) ) )
+    #error "AWS IoT Core Device Advisor validation is not supported on Arm Compiler For Embedded (ARMClang)"
+#endif
+
 /**
  * This is an optional version symbol that enables compatibility handling of
  * config files.
@@ -132,7 +142,9 @@
  *
  * Comment if your system does not support time functions
  */
-/*#define MBEDTLS_HAVE_TIME */
+#if ( appCONFIG_DEVICE_ADVISOR_TEST_ACTIVE == 1 )
+    #define MBEDTLS_HAVE_TIME
+#endif
 
 /**
  * \def MBEDTLS_HAVE_TIME_DATE
@@ -153,7 +165,9 @@
  * mbedtls_platform_gmtime_r() at compile-time by using the macro
  * MBEDTLS_PLATFORM_GMTIME_R_ALT.
  */
-/*#define MBEDTLS_HAVE_TIME_DATE */
+#if ( appCONFIG_DEVICE_ADVISOR_TEST_ACTIVE == 1 )
+    #define MBEDTLS_HAVE_TIME_DATE
+#endif
 
 /**
  * \def MBEDTLS_PLATFORM_MEMORY
@@ -227,7 +241,10 @@ void mbedtls_platform_free( void * ptr );
  * platform function
  */
 /*#define MBEDTLS_PLATFORM_EXIT_ALT */
-/*#define MBEDTLS_PLATFORM_TIME_ALT */
+#if ( appCONFIG_DEVICE_ADVISOR_TEST_ACTIVE == 1 )
+    #define MBEDTLS_PLATFORM_TIME_ALT
+    #define MBEDTLS_PLATFORM_MS_TIME_ALT
+#endif
 /*#define MBEDTLS_PLATFORM_FPRINTF_ALT */
 /*#define MBEDTLS_PLATFORM_PRINTF_ALT */
 /*#define MBEDTLS_PLATFORM_SNPRINTF_ALT */
diff --git a/applications/keyword_detection/main.c b/applications/keyword_detection/main.c
index 53f812d0..79e6feb6 100644
--- a/applications/keyword_detection/main.c
+++ b/applications/keyword_detection/main.c
@@ -34,6 +34,10 @@
     #include "Driver_SAI.h"
 #endif
 
+#if ( appCONFIG_DEVICE_ADVISOR_TEST_ACTIVE == 1 )
+    #include "sntp_client_task.h"
+#endif
+
 /*
  * Semihosting is a mechanism that enables code running on an ARM target
  * to communicate and use the Input/Output facilities of a host computer
@@ -210,6 +214,18 @@ int main( void )
             return EXIT_FAILURE;
         }
 
+        #if ( appCONFIG_DEVICE_ADVISOR_TEST_ACTIVE == 1 )
+
+            /* This function call is application specific because it depends on
+             * MBEDTLS_PLATFORM_TIME_ALT and MBEDTLS_PLATFORM_MS_TIME_ALT MbedTLS
+             * configuration macros which are application specific. In case these macros
+             * are disabled then, there is no need to call this function. Also, the application
+             * is free to choose which function would be used for MbedTLS time query. */
+            mbedtls_platform_set_time( systemGetWallClockTime );
+
+            vStartSntpClientTask();
+        #endif
+
         vStartMqttAgentTask();
 
         vStartOtaTask();
diff --git a/docs/project_organisation.md b/docs/project_organisation.md
index 5c3410c7..710aac4d 100644
--- a/docs/project_organisation.md
+++ b/docs/project_organisation.md
@@ -244,11 +244,13 @@ target_link_libraries(keyword-detection
         coremqtt
         coremqtt-agent
         corepkcs11
+        coresntp
         freertos_kernel
         freertos-ota-pal-psa
         fri-bsp
         helpers-device-advisor
         helpers-events
+        helpers-sntp
         kws_api
         kws_model
         mbedtls
diff --git a/release_changes/202402221521.change b/release_changes/202402221521.change
new file mode 100644
index 00000000..dbfbe81d
--- /dev/null
+++ b/release_changes/202402221521.change
@@ -0,0 +1 @@
+keyword-detection: Add real clock time synchronisation to fix AWS TLS Expired Server Cert test.