Merge pull request #17 from ucloud/optimize_config

optomize tls config

README.md

@@ -28,6 +28,8 @@ UCloud IOT SDK for rt-thread Package 是基于[UCloud设备端C-SDK](https://git
 许可协议Apache 2.0。
 
 ### 1.4 依赖
+Ota功能需要fal软件包
+[ ] fal: Flash Abstraction Layer implement. Manage flash device and partition.  --->
 Tls功能需要mbedtls软件包
 [ ] mbedtls: An portable and flexible SSL/TLS library  ----
 
@@ -50,54 +52,50 @@ RT-Thread online packages  --->
 根据产品需求选择合适的应用示例修改新增业务逻辑，也可新增例程编写新的业务逻辑。
 ```	
     --- ucloud-iot-sdk: ucloud iot sdk for uiot-core platform.
-    [*]   Enable mqtt                                                                                             
-            Auth Mode (Enable Static Register)  --->                                                               
+    [*]   Enable Mqtt                                                                                             
           Ucloud Device Config  --->    
-    [ ]   Enable Tls                                                                                            
-    [ ]   Enable Ucloud Mqtt Sample 
-    [ ]   Enable Shadow      
+    [*]   Enable Ucloud Mqtt Sample 
+    [ ]   Enable Ucloud Mqtt Dynamic Auth Sample
+    [*]   Enable Shadow      
     [ ]     Enable Ucloud Shadow Sample
-    [ ]   Enable Dev Model  
+    [*]   Enable Dev Model  
     [ ]     Enable Ucloud Dev Model Sample
-    [ ]   Enable Ota                                                                                                
+    [*]   Enable Ota                                                                                                
     [ ]     Enable Ucloud Ota Sample  
+    [ ]   Enable Tls 
     [ ]   Enable Ucloud Debug
           Version (latest)  --->
 ```
 
 - 选项说明
 
-`Enable mqtt`：使能MQTT功能。
+`Enable Mqtt`：使能MQTT连接云平台功能。
 
-`Auth Mode (Enable static register)`：认证模式，分为静态认证和动态认证模式, (括号内为当前选择的模式)。
+`Ucloud Device Config `：填写当前设备认证要素，当认证模式为动态认证时，设备密钥可以不填写
 
-`Enable Static Register`：静态注册模式使用产品号，设备号，设备密钥认证
+`Enable Ucloud Mqtt Sample`：使能静态注册mqtt和注册成功后收发消息的案例
 
-`Enable Dynamic Register`：动态注册模式使用产品号，设备号，产品密钥认证
-
-`Ucloud Device Config `：根据认证模式填写当前设备认证要素，当认证模式为动态认证时，设备密钥可以不填写
-
-`Enable TLS`： 是否使能TLS，若使能，则会关联选中mbedTLS软件包。
-
-`Enable Ucloud Mqtt Sample`：使能mqtt收发消息的案例
+`Enable Ucloud Mqtt Dynamic Auth Sample`: 使能动态注册mqtt和注册成功后收发消息的案例
 
 `Enable Shadow`：使能设备影子功能
 
-`Enable Ucloud Shadow Sample`：使能物模型的案例
+`Enable Ucloud Shadow Sample`：使能设备影子的案例
 
 `Enable Dev Model`：使能物模型功能
 
 `Enable Ucloud Dev Model Sample`：使能物模型的案例
 
-`Enable Ota`：使能远程升级版本的功能，若使能，则会关联选中ota_downloader软件包。
+`Enable Ota`：使能远程升级版本的功能，若使能，则会关联选中fal软件包。
 
 `Enable Ucloud Ota Sample`：使能远程升级版本的案例
 
-`Enable Ucloud Debug`: 使能打印输出
+`Enable TLS`： 是否使能TLS，若使能，则会关联选中mbedTLS软件包。
+
+`Enable Ucloud Debug`: 使能调试打印输出
 
 `Version (latest)  --->`：
 
-- 使用 `pkgs --update` 命令下载软件包
+- 使用 `pkgs --update` 命令下载需要使用的软件包
 
 ### 2.2 编译及运行
 1. 使用命令 scons --target=xxx 输出对应的工程，编译 

SConscript

@@ -36,17 +36,17 @@ if GetDepend(['PKG_USING_UCLOUD_DEBUG']):
 #Gen MQTT src file
 if GetDepend(['PKG_USING_UCLOUD_MQTT']):
     src_base += Glob('uiot/mqtt/src/*.c')
-    src_base += Glob('uiot/utils/*.c')
+    src_base += Glob('uiot/utils/utils_timer.c')
+    src_base += Glob('uiot/utils/utils_net.c')
+    src_base += Glob('uiot/utils/utils_list.c')
+    src_base += Glob('uiot/utils/json_parser.c')
+    src_base += Glob('uiot/utils/json_token.c')
+    src_base += Glob('uiot/utils/string_utils.c')
     src_base += Glob('ports/rtthread/*.c')
-    src_base += Glob('ports/fal/*.c')
-    SrcRemove(src_base, 'uiot/utils/utils_sha2.c')
-
-#enable dynamic auth
-#if GetDepend(['PKG_USING_UCLOUD_MQTT_DYNAMIC_AUTH']):
 
 #Gen shadow src file
 if GetDepend(['PKG_USING_UCLOUD_SHADOW']):
-    src_base += Glob('uiot/shadow/src/*.c')
+    src_base += Glob('uiot/shadow/src/*.c')	
 
 #Gen dev model src file
 if GetDepend(['PKG_USING_UCLOUD_DEV_MODEL']):
@@ -55,6 +55,9 @@ if GetDepend(['PKG_USING_UCLOUD_DEV_MODEL']):
 #Gen ota src file
 if GetDepend(['PKG_USING_UCLOUD_OTA']):
     src_base += Glob('uiot/ota/src/*.c')
+    src_base += Glob('ports/fal/*.c')
+    src_base += Glob('uiot/utils/utils_md5.c')
+    src_base += Glob('uiot/utils/utils_httpc.c')
 
 #TLS used
 if GetDepend(['PKG_USING_UCLOUD_TLS']):

docs/quick_start.md

@@ -42,17 +42,18 @@
 1.  打开mqtt sample
 ```            
     --- ucloud-iot-sdk: ucloud iot sdk for uiot-core platform.
-    [*]   Enable mqtt                                                                                             
-            Auth Mode (Enable Static Register)  --->                                                               
-          Ucloud Device Config  --->    
-    [ ]   Enable Tls                                                                                            
-    [*]   Enable Ucloud Mqtt Sample             
-    [ ]   Enable Shadow      
+    [*]   Enable Mqtt                                                                                             
+          Ucloud Device Config  --->
+    [*]   Enable Ucloud Mqtt Sample 
+    [ ]   Enable Ucloud Mqtt Dynamic Auth Sample
+    [*]   Enable Shadow      
     [ ]     Enable Ucloud Shadow Sample       
-    [ ]   Enable Dev Model  
+    [*]   Enable Dev Model  
     [ ]     Enable Ucloud Dev Model Sample      
-    [ ]   Enable Ota                                                                                                
-    [ ]     Enable Ucloud Ota Sample                                                                                                                                                                                                                                                                                                          
+    [*]   Enable Ota                                                                                                
+    [ ]     Enable Ucloud Ota Sample       
+    [ ]   Enable Tls 
+    [ ]   Enable Ucloud Debug
           Version (latest)  --->
 ```
 
@@ -61,6 +62,7 @@
     Ucloud Device Config    --->
     [*] Device Config  ---- 
     (5xaptnq5is1xt45c) Config Product SN
+    (dy0jndfndj6wvvq0) Config Product Secret
     (tycfyk7697ra5jqs) Config Device SN                                                                           
     (6kh48wf6oq5xktir) Config Device Secret
 ```

docs/rt_config.md

@@ -203,6 +203,7 @@ rtthread配置如下：
     
     #define PKG_USING_UCLOUD_IOT_SDK_CONFIG
     #define PKG_USING_UCLOUD_IOT_SDK_PRODUCT_SN "PRODUCT_SN"
+    #define PKG_USING_UCLOUD_IOT_SDK_PRODUCT_SECRET "PRODUCT_SECRET"
     #define PKG_USING_UCLOUD_IOT_SDK_DEVICE_SN "DEVICE_SN"
     #define PKG_USING_UCLOUD_IOT_SDK_DEVICE_SECRET "DEVICE_SECRET"
     #define PKG_USING_UCLOUD_TLS

ports/ssl/HAL_TLS_config.h

@@ -487,14 +487,14 @@
  *
  * Enable Cipher Feedback mode (CFB) for symmetric ciphers.
  */
-#define MBEDTLS_CIPHER_MODE_CFB
+//#define MBEDTLS_CIPHER_MODE_CFB
 
 /**
  * \def MBEDTLS_CIPHER_MODE_CTR
  *
  * Enable Counter Block Cipher mode (CTR) for symmetric ciphers.
  */
-#define MBEDTLS_CIPHER_MODE_CTR
+//#define MBEDTLS_CIPHER_MODE_CTR
 
 /**
  * \def MBEDTLS_CIPHER_NULL_CIPHER
@@ -540,10 +540,10 @@
  *
  * Enable padding modes in the cipher layer.
  */
-#define MBEDTLS_CIPHER_PADDING_PKCS7
-#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
-#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
-#define MBEDTLS_CIPHER_PADDING_ZEROS
+//#define MBEDTLS_CIPHER_PADDING_PKCS7
+//#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
+//#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
+//#define MBEDTLS_CIPHER_PADDING_ZEROS
 
 /**
  * \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES
@@ -594,7 +594,7 @@
  *
  * Comment this macro to keep 3DES in the default ciphersuite list.
  */
-#define MBEDTLS_REMOVE_3DES_CIPHERSUITES
+//#define MBEDTLS_REMOVE_3DES_CIPHERSUITES
 
 /**
  * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED
@@ -604,18 +604,18 @@
  *
  * Comment macros to disable the curve and functions for it
  */
-#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
-#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
+//#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
+//#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
 #define MBEDTLS_ECP_DP_SECP256R1_ENABLED
-#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
-#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
-#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
-#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
-#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
-#define MBEDTLS_ECP_DP_BP256R1_ENABLED
-#define MBEDTLS_ECP_DP_BP384R1_ENABLED
-#define MBEDTLS_ECP_DP_BP512R1_ENABLED
-#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
+// #define MBEDTLS_ECP_DP_SECP384R1_ENABLED
+// #define MBEDTLS_ECP_DP_SECP521R1_ENABLED
+//#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
+//#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
+//#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
+//#define MBEDTLS_ECP_DP_BP256R1_ENABLED
+//#define MBEDTLS_ECP_DP_BP384R1_ENABLED
+//#define MBEDTLS_ECP_DP_BP512R1_ENABLED
+//#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
 
 /**
  * \def MBEDTLS_ECP_NIST_OPTIM
@@ -640,7 +640,7 @@
  *
  * Comment this macro to disable deterministic ECDSA.
  */
-#define MBEDTLS_ECDSA_DETERMINISTIC
+//#define MBEDTLS_ECDSA_DETERMINISTIC
 
 /**
  * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
@@ -662,7 +662,7 @@
  *      MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
  *      MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
  */
-#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
+//#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
 
 /**
  * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
@@ -693,7 +693,7 @@
  *             See dhm.h for more details.
  *
  */
-#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
+//#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
 
 /**
  * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
@@ -713,7 +713,7 @@
  *      MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
  *      MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
  */
-#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+//#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
 
 /**
  * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
@@ -738,7 +738,7 @@
  *      MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
  *      MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
  */
-#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
+//#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
 
 /**
  * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
@@ -799,7 +799,7 @@
  *             See dhm.h for more details.
  *
  */
-#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
+//#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
 
 /**
  * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
@@ -824,7 +824,7 @@
  *      MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
  *      MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
  */
-#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+//#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
 
 /**
  * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
@@ -848,7 +848,7 @@
  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
  *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
  */
-#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+//#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
 
 /**
  * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
@@ -872,7 +872,7 @@
  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
  *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
  */
-#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+//#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
 
 /**
  * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
@@ -896,7 +896,7 @@
  *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
  *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
  */
-#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+//#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
 
 /**
  * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
@@ -929,7 +929,7 @@
  *
  * Disable if you only need to support RFC 5915 + 5480 key formats.
  */
-#define MBEDTLS_PK_PARSE_EC_EXTENDED
+//#define MBEDTLS_PK_PARSE_EC_EXTENDED
 
 /**
  * \def MBEDTLS_ERROR_STRERROR_DUMMY
@@ -944,7 +944,7 @@
  * Disable if you run into name conflicts and want to really remove the
  * mbedtls_strerror()
  */
-#define MBEDTLS_ERROR_STRERROR_DUMMY
+//#define MBEDTLS_ERROR_STRERROR_DUMMY
 
 /**
  * \def MBEDTLS_GENPRIME
@@ -953,14 +953,14 @@
  *
  * Requires: MBEDTLS_BIGNUM_C
  */
-#define MBEDTLS_GENPRIME
+//#define MBEDTLS_GENPRIME
 
 /**
  * \def MBEDTLS_FS_IO
  *
  * Enable functions that use the filesystem.
  */
-#define MBEDTLS_FS_IO
+//#define MBEDTLS_FS_IO
 
 /**
  * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
@@ -1062,7 +1062,7 @@
  *
  * Comment this macro to disable support for external private RSA keys.
  */
-#define MBEDTLS_PK_RSA_ALT_SUPPORT
+//#define MBEDTLS_PK_RSA_ALT_SUPPORT
 
 /**
  * \def MBEDTLS_PKCS1_V15
@@ -1084,7 +1084,7 @@
  *
  * This enables support for RSAES-OAEP and RSASSA-PSS operations.
  */
-#define MBEDTLS_PKCS1_V21
+//#define MBEDTLS_PKCS1_V21
 
 /**
  * \def MBEDTLS_RSA_NO_CRT
@@ -1102,7 +1102,7 @@
  *
  * Enable the checkup functions (*_self_test).
  */
-#define MBEDTLS_SELF_TEST
+//#define MBEDTLS_SELF_TEST
 
 /**
  * \def MBEDTLS_SHA256_SMALLER
@@ -1132,7 +1132,7 @@
  *
  * Enable sending of all alert messages
  */
-#define MBEDTLS_SSL_ALL_ALERT_MESSAGES
+//#define MBEDTLS_SSL_ALL_ALERT_MESSAGES
 
 /**
  * \def MBEDTLS_SSL_DEBUG_ALL
@@ -1166,7 +1166,7 @@
  *
  * Comment this macro to disable support for Encrypt-then-MAC
  */
-#define MBEDTLS_SSL_ENCRYPT_THEN_MAC
+//#define MBEDTLS_SSL_ENCRYPT_THEN_MAC
 
 /** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET
  *
@@ -1184,7 +1184,7 @@
  *
  * Comment this macro to disable support for Extended Master Secret.
  */
-#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
+//#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
 
 /**
  * \def MBEDTLS_SSL_FALLBACK_SCSV
@@ -1201,7 +1201,7 @@
  *
  * Comment this macro to disable support for FALLBACK_SCSV
  */
-#define MBEDTLS_SSL_FALLBACK_SCSV
+//#define MBEDTLS_SSL_FALLBACK_SCSV
 
 /**
  * \def MBEDTLS_SSL_HW_RECORD_ACCEL
@@ -1223,7 +1223,7 @@
  *
  * Comment this macro to disable 1/n-1 record splitting.
  */
-#define MBEDTLS_SSL_CBC_RECORD_SPLITTING
+//#define MBEDTLS_SSL_CBC_RECORD_SPLITTING
 
 /**
  * \def MBEDTLS_SSL_RENEGOTIATION
@@ -1245,7 +1245,7 @@
  *          configuration of this extension).
  *
  */
-#define MBEDTLS_SSL_RENEGOTIATION
+//#define MBEDTLS_SSL_RENEGOTIATION
 
 /**
  * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
@@ -1274,7 +1274,7 @@
  *
  * Comment this macro to disable support for the max_fragment_length extension
  */
-#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
+//#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
 
 /**
  * \def MBEDTLS_SSL_PROTO_SSL3
@@ -1298,7 +1298,7 @@
  *
  * Comment this macro to disable support for TLS 1.0
  */
-#define MBEDTLS_SSL_PROTO_TLS1
+//#define MBEDTLS_SSL_PROTO_TLS1
 
 /**
  * \def MBEDTLS_SSL_PROTO_TLS1_1
@@ -1310,7 +1310,7 @@
  *
  * Comment this macro to disable support for TLS 1.1 / DTLS 1.0
  */
-#define MBEDTLS_SSL_PROTO_TLS1_1
+//#define MBEDTLS_SSL_PROTO_TLS1_1
 
 /**
  * \def MBEDTLS_SSL_PROTO_TLS1_2
@@ -1337,7 +1337,7 @@
  *
  * Comment this macro to disable support for DTLS
  */
-#define MBEDTLS_SSL_PROTO_DTLS
+//#define MBEDTLS_SSL_PROTO_DTLS
 
 /**
  * \def MBEDTLS_SSL_ALPN
@@ -1346,7 +1346,7 @@
  *
  * Comment this macro to disable support for ALPN.
  */
-#define MBEDTLS_SSL_ALPN
+//#define MBEDTLS_SSL_ALPN
 
 /**
  * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY
@@ -1361,7 +1361,7 @@
  *
  * Comment this to disable anti-replay in DTLS.
  */
-#define MBEDTLS_SSL_DTLS_ANTI_REPLAY
+//#define MBEDTLS_SSL_DTLS_ANTI_REPLAY
 
 /**
  * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY
@@ -1379,7 +1379,7 @@
  *
  * Comment this to disable support for HelloVerifyRequest.
  */
-#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
+//#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
 
 /**
  * \def MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
@@ -1395,7 +1395,7 @@
  *
  * Comment this to disable support for clients reusing the source port.
  */
-#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
+//#define MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
 
 /**
  * \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT
@@ -1406,7 +1406,7 @@
  *
  * Requires: MBEDTLS_SSL_PROTO_DTLS
  */
-#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT
+//#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT
 
 /**
  * \def MBEDTLS_SSL_SESSION_TICKETS
@@ -1420,7 +1420,7 @@
  *
  * Comment this macro to disable support for SSL session tickets
  */
-#define MBEDTLS_SSL_SESSION_TICKETS
+//#define MBEDTLS_SSL_SESSION_TICKETS
 
 /**
  * \def MBEDTLS_SSL_EXPORT_KEYS
@@ -1430,7 +1430,7 @@
  *
  * Comment this macro to disable support for key export
  */
-#define MBEDTLS_SSL_EXPORT_KEYS
+//#define MBEDTLS_SSL_EXPORT_KEYS
 
 /**
  * \def MBEDTLS_SSL_SERVER_NAME_INDICATION
@@ -1441,7 +1441,7 @@
  *
  * Comment this macro to disable support for server name indication in SSL
  */
-#define MBEDTLS_SSL_SERVER_NAME_INDICATION
+//#define MBEDTLS_SSL_SERVER_NAME_INDICATION
 
 /**
  * \def MBEDTLS_SSL_TRUNCATED_HMAC
@@ -1450,7 +1450,7 @@
  *
  * Comment this macro to disable support for truncated HMAC in SSL
  */
-#define MBEDTLS_SSL_TRUNCATED_HMAC
+//#define MBEDTLS_SSL_TRUNCATED_HMAC
 
 /**
  * \def MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT
@@ -1509,7 +1509,7 @@
  *
  * Comment this to disable run-time checking and save ROM space
  */
-#define MBEDTLS_VERSION_FEATURES
+//#define MBEDTLS_VERSION_FEATURES
 
 /**
  * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
@@ -1545,7 +1545,7 @@
  *
  * Comment to skip keyUsage checking for both CA and leaf certificates.
  */
-#define MBEDTLS_X509_CHECK_KEY_USAGE
+//#define MBEDTLS_X509_CHECK_KEY_USAGE
 
 /**
  * \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
@@ -1558,7 +1558,7 @@
  *
  * Comment to skip extendedKeyUsage checking for certificates.
  */
-#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
+//#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
 
 /**
  * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT
@@ -1568,7 +1568,7 @@
  *
  * Comment this macro to disallow using RSASSA-PSS in certificates.
  */
-#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
+//#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
 
 /**
  * \def MBEDTLS_ZLIB_SUPPORT
@@ -1612,7 +1612,7 @@
  *
  * This modules adds support for the AES-NI instructions on x86-64
  */
-#define MBEDTLS_AESNI_C
+//#define MBEDTLS_AESNI_C
 
 /**
  * \def MBEDTLS_AES_C
@@ -1715,7 +1715,7 @@
  *            it, and considering stronger ciphers instead.
  *
  */
-#define MBEDTLS_ARC4_C
+//#define MBEDTLS_ARC4_C
 
 /**
  * \def MBEDTLS_ASN1_PARSE_C
@@ -1781,7 +1781,7 @@
  *
  * Module:  library/blowfish.c
  */
-#define MBEDTLS_BLOWFISH_C
+//#define MBEDTLS_BLOWFISH_C
 
 /**
  * \def MBEDTLS_CAMELLIA_C
@@ -1836,7 +1836,7 @@
  *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
  *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
  */
-#define MBEDTLS_CAMELLIA_C
+//#define MBEDTLS_CAMELLIA_C
 
 /**
  * \def MBEDTLS_CCM_C
@@ -1850,7 +1850,7 @@
  * This module enables the AES-CCM ciphersuites, if other requisites are
  * enabled as well.
  */
-#define MBEDTLS_CCM_C
+//#define MBEDTLS_CCM_C
 
 /**
  * \def MBEDTLS_CERTS_C
@@ -1862,7 +1862,7 @@
  *
  * This module is used for testing (ssl_client/server).
  */
-#define MBEDTLS_CERTS_C
+// #define MBEDTLS_CERTS_C
 
 /**
  * \def MBEDTLS_CIPHER_C
@@ -1915,7 +1915,7 @@
  *
  * This module provides debugging functions.
  */
- 
+
 #ifdef PKG_USING_MBEDTLS_DEBUG
 #define MBEDTLS_DEBUG_C
 #endif
@@ -1947,7 +1947,7 @@
  * \warning   DES is considered a weak cipher and its use constitutes a
  *            security risk. We recommend considering stronger ciphers instead.
  */
-#define MBEDTLS_DES_C
+//#define MBEDTLS_DES_C
 
 /**
  * \def MBEDTLS_DHM_C
@@ -1968,7 +1968,7 @@
  *             See dhm.h for more details.
  *
  */
-#define MBEDTLS_DHM_C
+//#define MBEDTLS_DHM_C
 
 /**
  * \def MBEDTLS_ECDH_C
@@ -1984,7 +1984,7 @@
  *
  * Requires: MBEDTLS_ECP_C
  */
-#define MBEDTLS_ECDH_C
+//#define MBEDTLS_ECDH_C
 
 /**
  * \def MBEDTLS_ECDSA_C
@@ -1999,7 +1999,7 @@
  *
  * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C
  */
-#define MBEDTLS_ECDSA_C
+//#define MBEDTLS_ECDSA_C
 
 /**
  * \def MBEDTLS_ECJPAKE_C
@@ -2058,7 +2058,7 @@
  *
  * This module enables mbedtls_strerror().
  */
-#define MBEDTLS_ERROR_C
+//#define MBEDTLS_ERROR_C
 
 /**
  * \def MBEDTLS_GCM_C
@@ -2072,7 +2072,7 @@
  * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other
  * requisites are enabled as well.
  */
-#define MBEDTLS_GCM_C
+//#define MBEDTLS_GCM_C
 
 /**
  * \def MBEDTLS_HAVEGE_C
@@ -2109,7 +2109,7 @@
  *
  * Uncomment to enable the HMAC_DRBG random number geerator.
  */
-#define MBEDTLS_HMAC_DRBG_C
+//#define MBEDTLS_HMAC_DRBG_C
 
 /**
  * \def MBEDTLS_MD_C
@@ -2249,7 +2249,7 @@
  *
  * This modules adds support for the VIA PadLock on x86.
  */
-#define MBEDTLS_PADLOCK_C
+//#define MBEDTLS_PADLOCK_C
 
 /**
  * \def MBEDTLS_PEM_PARSE_C
@@ -2283,7 +2283,7 @@
  *
  * This modules adds support for encoding / writing PEM files.
  */
-#define MBEDTLS_PEM_WRITE_C
+//#define MBEDTLS_PEM_WRITE_C
 
 /**
  * \def MBEDTLS_PK_C
@@ -2328,7 +2328,7 @@
  *
  * Uncomment to enable generic public key write functions.
  */
-#define MBEDTLS_PK_WRITE_C
+//#define MBEDTLS_PK_WRITE_C
 
 /**
  * \def MBEDTLS_PKCS5_C
@@ -2341,7 +2341,7 @@
  *
  * This module adds support for the PKCS#5 functions.
  */
-#define MBEDTLS_PKCS5_C
+//#define MBEDTLS_PKCS5_C
 
 /**
  * \def MBEDTLS_PKCS11_C
@@ -2372,7 +2372,7 @@
  *
  * This module enables PKCS#12 functions.
  */
-#define MBEDTLS_PKCS12_C
+//#define MBEDTLS_PKCS12_C
 
 /**
  * \def MBEDTLS_PLATFORM_C
@@ -2403,7 +2403,7 @@
  * Caller:  library/md.c
  *
  */
-#define MBEDTLS_RIPEMD160_C
+//#define MBEDTLS_RIPEMD160_C
 
 /**
  * \def MBEDTLS_RSA_C
@@ -2476,7 +2476,7 @@
  *
  * This module adds support for SHA-384 and SHA-512.
  */
-#define MBEDTLS_SHA512_C
+//#define MBEDTLS_SHA512_C
 
 /**
  * \def MBEDTLS_SSL_CACHE_C
@@ -2488,7 +2488,7 @@
  *
  * Requires: MBEDTLS_SSL_CACHE_C
  */
-#define MBEDTLS_SSL_CACHE_C
+//#define MBEDTLS_SSL_CACHE_C
 
 /**
  * \def MBEDTLS_SSL_COOKIE_C
@@ -2498,7 +2498,7 @@
  * Module:  library/ssl_cookie.c
  * Caller:
  */
-#define MBEDTLS_SSL_COOKIE_C
+//#define MBEDTLS_SSL_COOKIE_C
 
 /**
  * \def MBEDTLS_SSL_TICKET_C
@@ -2510,7 +2510,7 @@
  *
  * Requires: MBEDTLS_CIPHER_C
  */
-#define MBEDTLS_SSL_TICKET_C
+//#define MBEDTLS_SSL_TICKET_C
 
 /**
  * \def MBEDTLS_SSL_CLI_C
@@ -2610,7 +2610,7 @@
  *
  * This module provides run-time version information.
  */
-#define MBEDTLS_VERSION_C
+//#define MBEDTLS_VERSION_C
 
 /**
  * \def MBEDTLS_X509_USE_C
@@ -2657,7 +2657,7 @@
  *
  * This module is required for X.509 CRL parsing.
  */
-#define MBEDTLS_X509_CRL_PARSE_C
+//#define MBEDTLS_X509_CRL_PARSE_C
 
 /**
  * \def MBEDTLS_X509_CSR_PARSE_C
@@ -2671,7 +2671,7 @@
  *
  * This module is used for reading X.509 certificate request.
  */
-#define MBEDTLS_X509_CSR_PARSE_C
+//#define MBEDTLS_X509_CSR_PARSE_C
 
 /**
  * \def MBEDTLS_X509_CREATE_C
@@ -2684,7 +2684,7 @@
  *
  * This module is the basis for creating X.509 certificates and CSRs.
  */
-#define MBEDTLS_X509_CREATE_C
+//#define MBEDTLS_X509_CREATE_C
 
 /**
  * \def MBEDTLS_X509_CRT_WRITE_C
@@ -2697,7 +2697,7 @@
  *
  * This module is required for X.509 certificate creation.
  */
-#define MBEDTLS_X509_CRT_WRITE_C
+//#define MBEDTLS_X509_CRT_WRITE_C
 
 /**
  * \def MBEDTLS_X509_CSR_WRITE_C
@@ -2710,7 +2710,7 @@
  *
  * This module is required for X.509 certificate request writing.
  */
-#define MBEDTLS_X509_CSR_WRITE_C
+//#define MBEDTLS_X509_CSR_WRITE_C
 
 /**
  * \def MBEDTLS_XTEA_C
@@ -2720,7 +2720,7 @@
  * Module:  library/xtea.c
  * Caller:
  */
-#define MBEDTLS_XTEA_C
+//#define MBEDTLS_XTEA_C
 
 /* \} name SECTION: mbed TLS modules */
 
@@ -2821,6 +2821,7 @@
  *
  * The value below is only an example, not the default.
  */
+#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
 //#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
 
 /* X509 options */
@@ -2856,7 +2857,7 @@
  *            on it, and considering stronger message digests instead.
  *
  */
-#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE
+//#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE
 
 /* \} name SECTION: Customisation configuration options */
 
@@ -2884,9 +2885,9 @@
  * !!!!! The following two macros are added to the porting code !!!!!
  * !!!!! The following two macros are added to the porting code !!!!!
  * !!!!! The following two macros are added to the porting code !!!!!
- * 
+ *
  * Upgraded version handles the following two macro definitions
- * 
+ *
  * These two macros are defined in the ctr_drbg.c file
  *
  * #if !defined(MBEDTLS_CTR_DRBG_BLOCKSIZE)
@@ -2894,8 +2895,8 @@
  * #endif
  * #if !defined(MBEDTLS_CTR_DRBG_KEYSIZE)
  * #define MBEDTLS_CTR_DRBG_KEYSIZE            32
- * #endif 
- * 
+ * #endif
+ *
 */
 
 #include "mbedtls/check_config.h"

samples/dev_model/dev_model_sample.c

@@ -96,12 +96,7 @@ static int _setup_connect_init_params(MQTTInitParams* initParams)
 {
     initParams->device_sn = PKG_USING_UCLOUD_IOT_SDK_DEVICE_SN;
     initParams->product_sn = PKG_USING_UCLOUD_IOT_SDK_PRODUCT_SN;
-#ifdef PKG_USING_UCLOUD_MQTT_DYNAMIC_AUTH
-    initParams->device_secret = (char *) malloc(IOT_DEVICE_SN_LEN + 1);
-    HAL_GetDeviceSecret(initParams->device_secret);
-#else    
     initParams->device_secret = PKG_USING_UCLOUD_IOT_SDK_DEVICE_SECRET;
-#endif
     initParams->command_timeout = UIOT_MQTT_COMMAND_TIMEOUT;
     initParams->keep_alive_interval = UIOT_MQTT_KEEP_ALIVE_INTERNAL;
     initParams->auto_connect_enable = 1;

samples/mqtt/mqtt_sample.c

@@ -125,13 +125,8 @@ static int _setup_connect_init_params(MQTTInitParams* initParams)
 {
     initParams->device_sn = PKG_USING_UCLOUD_IOT_SDK_DEVICE_SN;
     initParams->product_sn = PKG_USING_UCLOUD_IOT_SDK_PRODUCT_SN;
-    
-#ifdef PKG_USING_UCLOUD_MQTT_DYNAMIC_AUTH
-    initParams->device_secret = (char *) malloc(IOT_DEVICE_SN_LEN + 1);
-    HAL_GetDeviceSecret(initParams->device_secret);
-#else
     initParams->device_secret = PKG_USING_UCLOUD_IOT_SDK_DEVICE_SECRET;
-#endif
+
     initParams->command_timeout = UIOT_MQTT_COMMAND_TIMEOUT;
     initParams->keep_alive_interval = UIOT_MQTT_KEEP_ALIVE_INTERNAL;
 

samples/ota/ota_sample.c

@@ -74,12 +74,8 @@ static int _setup_connect_init_params(MQTTInitParams* initParams)
 {
     initParams->device_sn = PKG_USING_UCLOUD_IOT_SDK_DEVICE_SN;
     initParams->product_sn = PKG_USING_UCLOUD_IOT_SDK_PRODUCT_SN;
-#ifdef PKG_USING_UCLOUD_MQTT_DYNAMIC_AUTH
-    initParams->device_secret = (char *) malloc(IOT_DEVICE_SN_LEN + 1);
-    HAL_GetDeviceSecret(initParams->device_secret);
-#else     
     initParams->device_secret = PKG_USING_UCLOUD_IOT_SDK_DEVICE_SECRET;
-#endif
+
     initParams->command_timeout = UIOT_MQTT_COMMAND_TIMEOUT;    
     initParams->keep_alive_interval = UIOT_MQTT_KEEP_ALIVE_INTERNAL;
     initParams->auto_connect_enable = 1;

samples/shadow/shadow_sample.c

@@ -77,12 +77,7 @@ static int _setup_connect_init_params(MQTTInitParams* initParams)
     int ret = SUCCESS_RET;
     initParams->device_sn = (char *)PKG_USING_UCLOUD_IOT_SDK_DEVICE_SN;
     initParams->product_sn = (char *)PKG_USING_UCLOUD_IOT_SDK_PRODUCT_SN;
-#ifdef PKG_USING_UCLOUD_MQTT_DYNAMIC_AUTH
-    initParams->device_secret = (char *) malloc(IOT_DEVICE_SN_LEN + 1);
-    HAL_GetDeviceSecret(initParams->device_secret);
-#else    
     initParams->device_secret = (char *)PKG_USING_UCLOUD_IOT_SDK_DEVICE_SECRET;
-#endif
     initParams->command_timeout = UIOT_MQTT_COMMAND_TIMEOUT;
     initParams->keep_alive_interval = UIOT_MQTT_KEEP_ALIVE_INTERNAL;
     initParams->auto_connect_enable = 1;
@@ -231,6 +226,93 @@ static void shadow_test_thread(void)
     ack_update = ACK_NONE;
     ret = IOT_Shadow_Get_Sync(sg_pshadow, _update_ack_cb, time_sec, &ack_update);
 
+    while (ACK_NONE == ack_update) {
+        IOT_Shadow_Yield(sg_pshadow, MAX_WAIT_TIME_MS);
+    }
+
+    /* update */    
+    num1 = 123;
+    Property1->data = &num1;
+
+    char num9[5] = "num9";
+    Property4->data = num9;
+
+    ack_update = ACK_NONE;
+    ret = IOT_Shadow_Update(sg_pshadow, _update_ack_cb, time_sec, &ack_update, 2, Property1, Property4);
+    if(SUCCESS_RET != ret)
+    {
+        HAL_Printf("Update Property1 Property4 fail:%d\n", ret);
+        return;
+    }
+    
+    while (ACK_NONE == ack_update) {
+        IOT_Shadow_Yield(sg_pshadow, MAX_WAIT_TIME_MS);
+    }
+
+    /* delete */    
+    ack_update = ACK_NONE;
+    ret = IOT_Shadow_Delete(sg_pshadow, _update_ack_cb, time_sec, &ack_update, 2, Property1, Property2);
+    if(SUCCESS_RET != ret)
+    {
+        HAL_Printf("Delete Property1 Property2 fail:%d\n", ret);
+        return;
+    }
+
+    while (ACK_NONE == ack_update) {
+        IOT_Shadow_Yield(sg_pshadow, MAX_WAIT_TIME_MS);
+    }
+
+    ack_update = ACK_NONE;
+    ret = IOT_Shadow_Get_Sync(sg_pshadow, _update_ack_cb, time_sec, &ack_update);
+
+
+    while (ACK_NONE == ack_update) {
+        IOT_Shadow_Yield(sg_pshadow, MAX_WAIT_TIME_MS);
+    }
+
+    /* delete all */
+    ack_update = ACK_NONE;
+    ret = IOT_Shadow_Delete_All(sg_pshadow, _update_ack_cb, time_sec, &ack_update);
+    if(SUCCESS_RET != ret)
+    {
+        HAL_Printf("Delete All fail:%d\n", ret);
+        return;
+    }
+
+
+    while (ACK_NONE == ack_update) {
+        IOT_Shadow_Yield(sg_pshadow, MAX_WAIT_TIME_MS);
+    }
+
+    ack_update = ACK_NONE;
+    ret = IOT_Shadow_Get_Sync(sg_pshadow, _update_ack_cb, time_sec, &ack_update);
+
+
+    while (ACK_NONE == ack_update) {
+        IOT_Shadow_Yield(sg_pshadow, MAX_WAIT_TIME_MS);
+    }
+
+    Property1->data = &num1;
+    Property4->data = num4;
+    Property5->data = &num5;
+    Property6->data = num6;
+
+    /* update */    
+    ack_update = ACK_NONE;
+    ret = IOT_Shadow_Update_And_Reset_Version(sg_pshadow, _update_ack_cb, time_sec, &ack_update, 4, Property1, Property4, Property5, Property6);
+    if(SUCCESS_RET != ret)
+    {
+        HAL_Printf("Update and Reset Ver fail:%d\n", ret);
+        return;
+    }
+    
+    while (ACK_NONE == ack_update) {
+        IOT_Shadow_Yield(sg_pshadow, MAX_WAIT_TIME_MS);
+    }
+
+    ack_update = ACK_NONE;
+    ret = IOT_Shadow_Get_Sync(sg_pshadow, _update_ack_cb, time_sec, &ack_update);
+
     while (ACK_NONE == ack_update) {
         IOT_Shadow_Yield(sg_pshadow, MAX_WAIT_TIME_MS);
     }

uiot/mqtt/src/mqtt_client.c

@@ -46,9 +46,6 @@ void* IOT_MQTT_Construct(MQTTInitParams *pParams)
     POINTER_VALID_CHECK(pParams, NULL);
     STRING_PTR_VALID_CHECK(pParams->product_sn, NULL);
     STRING_PTR_VALID_CHECK(pParams->device_sn, NULL);
-#ifndef PKG_USING_UCLOUD_MQTT_DYNAMIC_AUTH
-    STRING_PTR_VALID_CHECK(pParams->device_secret, NULL);
-#endif
 
     UIoT_Client* mqtt_client = NULL;
 
@@ -81,9 +78,8 @@ void* IOT_MQTT_Construct(MQTTInitParams *pParams)
     }
 
     int auth_mode = 0;
-#ifdef PKG_USING_UCLOUD_MQTT_DYNAMIC_AUTH
     //动态认证时如果还未获取设备密钥则先使用产品密钥进行预认证
-    if(NULL == pParams->device_secret)
+    if((NULL == pParams->device_secret) && (NULL != pParams->product_secret))
     {
         auth_mode = DYNAMIC_AUTH;
         int password_len = strlen(pParams->product_secret) + 1;
@@ -96,7 +92,6 @@ void* IOT_MQTT_Construct(MQTTInitParams *pParams)
         }
         HAL_Snprintf(connect_params.password, password_len, "%s", pParams->product_secret);
     }
-#endif
     //使用获取到的设备密钥进行静态注册
     if(NULL != pParams->device_secret)
     {