blackbirdhq / rustot Goto Github PK

View Code? Open in Web Editor NEW

12.0 6.0 3.0 9.9 MB

no_std, no_alloc crate for AWS IoT Devices, implementing Jobs, OTA, Device Defender and IoT Shadows

Rust 98.19% Shell 1.31% JavaScript 0.50%

rustot's Introduction

Rust of things (rustot)

Work in progress

no_std, no_alloc crate for AWS IoT Devices, implementing Jobs, OTA, Device Defender and IoT Shadows

This crates strives to implement the sum of:

Any contributions will be welcomed! Even if they are just suggestions, bugs or reviews!

This is a port of the Amazon-FreeRTOS AWS IoT Device SDK (https://github.com/nguyenvuhung/amazon-freertos/tree/master/libraries/freertos_plus/aws/ota), written in pure Rust.

It is written to work with mqttrust, but should work with any other mqtt client, that implements the Mqtt trait from mqttrust.

Tests

The crate is covered by tests. These tests can be run by cargo test --tests --all-features, and are run by the CI on every push to master.

License

Licensed under either of

Apache License, Version 2.0 (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)

at your option.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

rustot's People

Contributors

Stargazers

Watchers

Forkers

jan-br armersong kennethknudsen97

rustot's Issues

Use embedded-storage one available

Relevant discussion, that would get this repo back on master embedded-hal: rust-embedded/embedded-hal#241

Add reasons to reject/abort/failed updates

When an OTA job is rejected, aborted or failed it would be highly beneficial to report the reason to the cloud.

Rustls example

Hi again (probably @MathiasKoch ) :)
I was just wondering if you have by any chance a basic provisioning example with rustls instead of nativetls.
I'm still working on ESP32 and I got ring - which was a real hustle btw - and rustls to run, but not nativetls.

This is quite urgent actually. The company I am working for just got a potential task from another company to build some embedded firmware with aws connectivity. And I would love to use this crate since it is the only one, I can possibly find which I can convince to compile for the xtensa architecture. All other crates use mio in some regard, which is not implemented for esp yet. So if I can get this to work with rustls in the next 1-2 days, I would not have to build that firmware with c++ but could choose rust. Really not looking forward to build that thing with c++.

Add Device Advisor tests to CI

Trace printing unprintable items using defmt

When building with DEFMT_LOG=trace cargo b --features defmt-impl the following errors apear.
Should be an easy fix.

error[E0277]: the trait bound `PayloadFormat: Format` is not satisfied
   --> /home/john/.cargo/git/checkouts/rustot-0a2b845b8ada8da9/f4cecfd/src/fmt.rs:134:13
    |
134 |               ::defmt::trace!($s $(, $x)*);
    |               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ the trait `Format` is not implemented for `PayloadFormat`
    |
   ::: /home/john/.cargo/git/checkouts/rustot-0a2b845b8ada8da9/f4cecfd/src/provisioning/mod.rs:143:17
    |
143 | /                 trace!(
144 | |                     "Topic::CreateKeysAndCertificateAccepted {:?}. Payload len: {:?}",
145 | |                     format,
146 | |                     payload.len()
147 | |                 );
    | |_________________- in this macro invocation
    |
note: required by a bound in `defmt::export::fmt`
   --> /home/john/.cargo/registry/src/github.com-1ecc6299db9ec823/defmt-0.3.1/src/export/mod.rs:137:15
    |
137 | pub fn fmt<T: Format + ?Sized>(f: &T) {
    |               ^^^^^^ required by this bound in `defmt::export::fmt`
    = note: this error originates in the macro `::defmt::trace` (in Nightly builds, run with -Z macro-backtrace for more info)

error[E0277]: the trait bound `PayloadFormat: Format` is not satisfied
   --> /home/john/.cargo/git/checkouts/rustot-0a2b845b8ada8da9/f4cecfd/src/fmt.rs:134:13
    |
134 |             ::defmt::trace!($s $(, $x)*);
    |             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ the trait `Format` is not implemented for `PayloadFormat`
    |
   ::: /home/john/.cargo/git/checkouts/rustot-0a2b845b8ada8da9/f4cecfd/src/provisioning/mod.rs:168:17
    |
168 |                 trace!("Topic::CreateCertificateFromCsrAccepted {:?}", format);
    |                 -------------------------------------------------------------- in this macro invocation
    |
note: required by a bound in `defmt::export::fmt`
   --> /home/john/.cargo/registry/src/github.com-1ecc6299db9ec823/defmt-0.3.1/src/export/mod.rs:137:15
    |
137 | pub fn fmt<T: Format + ?Sized>(f: &T) {
    |               ^^^^^^ required by this bound in `defmt::export::fmt`
    = note: this error originates in the macro `::defmt::trace` (in Nightly builds, run with -Z macro-backtrace for more info)

error[E0277]: the trait bound `PayloadFormat: Format` is not satisfied
   --> /home/john/.cargo/git/checkouts/rustot-0a2b845b8ada8da9/f4cecfd/src/fmt.rs:134:13
    |
134 |             ::defmt::trace!($s $(, $x)*);
    |             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ the trait `Format` is not implemented for `PayloadFormat`
    |
   ::: /home/john/.cargo/git/checkouts/rustot-0a2b845b8ada8da9/f4cecfd/src/provisioning/mod.rs:189:17
    |
189 |                 trace!("Topic::RegisterThingAccepted {:?}", format);
    |                 --------------------------------------------------- in this macro invocation
    |
note: required by a bound in `defmt::export::fmt`
   --> /home/john/.cargo/registry/src/github.com-1ecc6299db9ec823/defmt-0.3.1/src/export/mod.rs:137:15
    |
137 | pub fn fmt<T: Format + ?Sized>(f: &T) {
    |               ^^^^^^ required by this bound in `defmt::export::fmt`
    = note: this error originates in the macro `::defmt::trace` (in Nightly builds, run with -Z macro-backtrace for more info)

error[E0277]: the trait bound `topics::Topic<'_>: Format` is not satisfied
   --> /home/john/.cargo/git/checkouts/rustot-0a2b845b8ada8da9/f4cecfd/src/fmt.rs:134:13
    |
134 |             ::defmt::trace!($s $(, $x)*);
    |             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ the trait `Format` is not implemented for `topics::Topic<'_>`
    |
   ::: /home/john/.cargo/git/checkouts/rustot-0a2b845b8ada8da9/f4cecfd/src/provisioning/mod.rs:224:17
    |
224 |                 trace!("{:?}", t);
    |                 ----------------- in this macro invocation
    |
    = note: required because of the requirements on the impl of `Format` for `core::option::Option<topics::Topic<'_>>`
note: required by a bound in `defmt::export::fmt`
   --> /home/john/.cargo/registry/src/github.com-1ecc6299db9ec823/defmt-0.3.1/src/export/mod.rs:137:15
    |
137 | pub fn fmt<T: Format + ?Sized>(f: &T) {
    |               ^^^^^^ required by this bound in `defmt::export::fmt`
    = note: this error originates in the macro `::defmt::trace` (in Nightly builds, run with -Z macro-backtrace for more info)

[OTA] Seemingly randomly stuck while reporting success

Once in a while something unknown goes wrong when reporting "Success" after swapping & self-testing the newly received image.

Verify OTA suspend/resume

The suspend/resume logic of the OTA agent still needs to be verified as working

Reduce variant size of state machine Event enum

Currently the Events enum is much bigger than it has to be, due to the large variant differences coming from ReceivedJobDocument

It should be fairly trivial to change the implementation of Events in smlang-rs to allow multiple fields rather than a single field, making it much easier to make the OTA job data by reference rather than by value as it is now.

Risk: over-authorization of AWS IoT policy

We are a security research team and we recently discovered that there is an over-authorization security issue with this project's IoT policy.
The affected file is as following:

1. rustot/examples/provisioning_infrastructure/full_iot_policy.json

Add support for AWS IoT Device Defender

See https://github.com/aws/Device-Defender-for-AWS-IoT-embedded-sdk for C implementation

Add firmware version check before initiating download

Currently the firmware semantic versioning is only encoded in the firmware header, not in the OTA Jobs description, as there is not explicit field for this in the Job description.

FreeRTOS uses a custom field called updatedBy

https://github.com/nguyenvuhung/amazon-freertos/blob/05b7dcf278b8f470e915da3087ba79e7a46b922a/libraries/freertos_plus/aws/ota/src/aws_iot_ota_agent.c#L140-L156

Add complex enum support to shadow-derive

Add fuzz testing to shadows, to make sure invalid json doesn't panic

Entering invalid json, or valid json that cannot be deserialized to the shadow state type, should never cause a panic.

Rather it would make sense to make a clean report shadow, while propagating some error to the user through handle_message

Add remaining infrastructure for self-testing states

The self test states of the OTA update process is currently not fully implemented, and 0% tested.

No panicking branches

Eliminate most if not all of the potential panicking branching during OTA, as it is considered a MUST recover feature

Add support for AWS IoT Device Shadows

Developer guide: https://docs.aws.amazon.com/iot/latest/developerguide/iot-device-shadows.html
Reference implementation: https://github.com/aws/Device-Shadow-for-AWS-IoT-embedded-sdk

This implementation might be of interest: https://github.com/aws-greengrass/aws-greengrass-shadow-manager

Validate client-token?

Should round-trip client tokens be validated? Otherwise it might make sense to scrap them completely.

Unit tests

Add more unit tests covering:

Jobs
OTA

statemachine! {
    guard_error: OtaError,
    transitions: {
        *Ready + Start [start_handler] = RequestingJob,
        RequestingJob | WaitingForFileBlock + RequestJobDocument [request_job_handler] = WaitingForJob,
        RequestingJob + RequestTimer [request_job_handler] = WaitingForJob,
        WaitingForJob + ReceivedJobDocument(JobEventData<'a>) [process_job_handler] = CreatingFile,
        WaitingForJob + Start [request_job_handler] = WaitingForJob,
        CreatingFile + StartSelfTest [in_self_test_handler] = WaitingForJob,
        CreatingFile + CreateFile [init_file_handler] = RequestingFileBlock,
        CreatingFile + RequestTimer [init_file_handler] = RequestingFileBlock,
        CreatingFile | WaitingForJob | Restarting + Restart(RestartReason) [restart_handler] = Restarting,
        RequestingFileBlock | WaitingForFileBlock + RequestFileBlock [request_data_handler] = WaitingForFileBlock,
        RequestingFileBlock | WaitingForFileBlock + RequestTimer [request_data_handler] = WaitingForFileBlock,
        WaitingForFileBlock + ReceivedFileBlock(&'a mut [u8]) [process_data_handler]  = WaitingForFileBlock,
        WaitingForFileBlock + ReceivedJobDocument(JobEventData<'a>) [job_notification_handler] = RequestingJob,
        WaitingForFileBlock + CloseFile [close_file_handler] = WaitingForJob,
        Suspended + Resume [resume_job_handler] = RequestingJob,
        Ready | RequestingJob | WaitingForJob | CreatingFile | RequestingFileBlock | WaitingForFileBlock + Suspend = Suspended,
        Ready | RequestingJob | WaitingForJob | CreatingFile | RequestingFileBlock | WaitingForFileBlock + UserAbort [user_abort_handler] = WaitingForJob,
        Ready | RequestingJob | WaitingForJob | CreatingFile | RequestingFileBlock | WaitingForFileBlock + Shutdown [shutdown_handler] = Ready,
    }
}