diff --git a/src/DeviceInterfaces/System.Net/sys_net_native.cpp b/src/DeviceInterfaces/System.Net/sys_net_native.cpp index a398e956c3..cb5cde8544 100644 --- a/src/DeviceInterfaces/System.Net/sys_net_native.cpp +++ b/src/DeviceInterfaces/System.Net/sys_net_native.cpp @@ -183,6 +183,8 @@ static const CLR_RT_MethodHandler method_lookup[] = NULL, NULL, Library_sys_net_native_System_Net_Security_CertificateManager::AddCaCertificateBundle___STATIC__BOOLEAN__SZARRAY_U1, + NULL, + Library_sys_net_native_System_Net_Security_CertificateManager::GetDevicePublicKeyRaw___STATIC__SZARRAY_U1, Library_sys_net_native_System_Net_Security_SslNative::SecureServerInit___STATIC__I4__I4__I4__SystemSecurityCryptographyX509CertificatesX509Certificate__SystemSecurityCryptographyX509CertificatesX509Certificate__BOOLEAN, Library_sys_net_native_System_Net_Security_SslNative::SecureClientInit___STATIC__I4__I4__I4__SystemSecurityCryptographyX509CertificatesX509Certificate__SystemSecurityCryptographyX509CertificatesX509Certificate__BOOLEAN, Library_sys_net_native_System_Net_Security_SslNative::SecureAccept___STATIC__VOID__I4__OBJECT, @@ -333,9 +335,9 @@ static const CLR_RT_MethodHandler method_lookup[] = const CLR_RT_NativeAssemblyData g_CLR_AssemblyNative_System_Net = { "System.Net", - 0x5BAB8CB3, + 0x92B242C1, method_lookup, - { 100, 1, 5, 0 } + { 100, 1, 5, 1 } }; // clang-format on diff --git a/src/DeviceInterfaces/System.Net/sys_net_native.h b/src/DeviceInterfaces/System.Net/sys_net_native.h index 0499791020..2c76c0c889 100644 --- a/src/DeviceInterfaces/System.Net/sys_net_native.h +++ b/src/DeviceInterfaces/System.Net/sys_net_native.h @@ -282,6 +282,7 @@ struct Library_sys_net_native_System_Net_NetworkInformation_WirelessAPConfigurat struct Library_sys_net_native_System_Net_Security_CertificateManager { NANOCLR_NATIVE_DECLARE(AddCaCertificateBundle___STATIC__BOOLEAN__SZARRAY_U1); + NANOCLR_NATIVE_DECLARE(GetDevicePublicKeyRaw___STATIC__SZARRAY_U1); //--// }; diff --git a/src/DeviceInterfaces/System.Net/sys_net_native_System_Net_Security_CertificateManager.cpp b/src/DeviceInterfaces/System.Net/sys_net_native_System_Net_Security_CertificateManager.cpp index 4a1b10b5d7..09c89fde9d 100644 --- a/src/DeviceInterfaces/System.Net/sys_net_native_System_Net_Security_CertificateManager.cpp +++ b/src/DeviceInterfaces/System.Net/sys_net_native_System_Net_Security_CertificateManager.cpp @@ -81,3 +81,36 @@ HRESULT Library_sys_net_native_System_Net_Security_CertificateManager:: NANOCLR_CLEANUP_END(); } + +HRESULT Library_sys_net_native_System_Net_Security_CertificateManager::GetDevicePublicKeyRaw___STATIC__SZARRAY_U1( + CLR_RT_StackFrame &stack) +{ + NATIVE_PROFILE_CLR_NETWORK(); + NANOCLR_HEADER(); + + CLR_RT_HeapBlock &ret = stack.PushValueAndClear(); + HAL_Configuration_X509DeviceCertificate *deviceCert = ConfigurationManager_GetDeviceCertificate(); + + if (deviceCert) + { + X509RawData rawData; + + if (SSL_GetPublicKeyRaw((const char *)deviceCert->Certificate, deviceCert->CertificateSize, &rawData)) + { + CLR_RT_HeapBlock_Array *array; + + NANOCLR_CHECK_HRESULT( + CLR_RT_HeapBlock_Array::CreateInstance(ret, rawData.len, g_CLR_RT_WellKnownTypes.m_UInt8)); + + array = ret.DereferenceArray(); + + memcpy(array->GetFirstElement(), rawData.p, rawData.len); + + platform_free(rawData.p); + } + + platform_free(deviceCert); + } + + NANOCLR_NOCLEANUP(); +} diff --git a/src/DeviceInterfaces/System.Net/sys_net_native_System_Net_Security_CertificateManager_stubs.cpp b/src/DeviceInterfaces/System.Net/sys_net_native_System_Net_Security_CertificateManager_stubs.cpp index 74f1acb027..e7f304f190 100644 --- a/src/DeviceInterfaces/System.Net/sys_net_native_System_Net_Security_CertificateManager_stubs.cpp +++ b/src/DeviceInterfaces/System.Net/sys_net_native_System_Net_Security_CertificateManager_stubs.cpp @@ -14,3 +14,13 @@ HRESULT Library_sys_net_native_System_Net_Security_CertificateManager:: NANOCLR_NOCLEANUP(); } + +HRESULT Library_sys_net_native_System_Net_Security_CertificateManager::GetDevicePublicKeyRaw___STATIC__SZARRAY_U1( + CLR_RT_StackFrame &stack) +{ + NANOCLR_HEADER(); + + NANOCLR_SET_AND_LEAVE(stack.NotImplementedStub()); + + NANOCLR_NOCLEANUP(); +} \ No newline at end of file diff --git a/src/PAL/COM/sockets/ssl/MbedTLS/ssl_parse_certificate_internal.cpp b/src/PAL/COM/sockets/ssl/MbedTLS/ssl_parse_certificate_internal.cpp index 6199e8df61..0a292e5d08 100644 --- a/src/PAL/COM/sockets/ssl/MbedTLS/ssl_parse_certificate_internal.cpp +++ b/src/PAL/COM/sockets/ssl/MbedTLS/ssl_parse_certificate_internal.cpp @@ -51,3 +51,28 @@ bool ssl_parse_certificate_internal(void *certificate, size_t size, void *x509Ce return true; } + +bool ssl_get_public_key_raw_internal(void *certificate, size_t size, void *x509RawData) +{ + int ret; + X509RawData *x509 = (X509RawData *)x509RawData; + + mbedtls_x509_crt cacert; + mbedtls_x509_crt_init(&cacert); + + ret = mbedtls_x509_crt_parse(&cacert, (const unsigned char *)certificate, size); + if (ret < 0) + { + mbedtls_x509_crt_free(&cacert); + return false; + } + + x509->len = cacert.raw.len; + x509->p = (unsigned char *)platform_malloc(x509->len); + + memcpy(x509->p, cacert.raw.p, x509->len); + + mbedtls_x509_crt_free(&cacert); + + return true; +} diff --git a/src/PAL/COM/sockets/ssl/ssl.cpp b/src/PAL/COM/sockets/ssl/ssl.cpp index 2d418672ed..eeab35d419 100644 --- a/src/PAL/COM/sockets/ssl/ssl.cpp +++ b/src/PAL/COM/sockets/ssl/ssl.cpp @@ -84,6 +84,18 @@ bool SSL_ParseCertificate(const char *certificate, size_t certLength, X509CertDa return ssl_parse_certificate_internal((void *)certificate, certLength, (void *)certData); } +bool SSL_GetPublicKeyRaw(const char *certificate, size_t certLength, X509RawData *rawData) +{ + if (!s_InitDone) + { + s_InitDone = ssl_initialize_internal(); + } + + NATIVE_PROFILE_PAL_COM(); + + return ssl_get_public_key_raw_internal((void *)certificate, certLength, (void *)rawData); +} + int SSL_DecodePrivateKey(const unsigned char *key, size_t keyLength, const unsigned char *pwd, size_t pwdLength) { if (!s_InitDone) diff --git a/src/PAL/COM/sockets/ssl/ssl_functions.h b/src/PAL/COM/sockets/ssl/ssl_functions.h index c046f41521..beeba31240 100644 --- a/src/PAL/COM/sockets/ssl/ssl_functions.h +++ b/src/PAL/COM/sockets/ssl/ssl_functions.h @@ -35,6 +35,7 @@ enum SslVerification }; bool ssl_parse_certificate_internal(void *buf, size_t size, void *x509); +bool ssl_get_public_key_raw_internal(void *buf, size_t size, void *x509); int ssl_decode_private_key_internal( const unsigned char *key, size_t keyLength, diff --git a/src/PAL/COM/sockets/ssl/ssl_stubs.cpp b/src/PAL/COM/sockets/ssl/ssl_stubs.cpp index 795ee85847..42e8a0f767 100644 --- a/src/PAL/COM/sockets/ssl/ssl_stubs.cpp +++ b/src/PAL/COM/sockets/ssl/ssl_stubs.cpp @@ -159,6 +159,17 @@ __nfweak bool SSL_ParseCertificate(const char *certificate, size_t certLength, X return TRUE; } +__nfweak bool SSL_GetPublicKeyRaw(const char *certificate, size_t certLength, X509RawData *rawData) +{ + (void)certificate; + (void)certLength; + (void)rawData; + + NATIVE_PROFILE_PAL_COM(); + + return FALSE; +} + __nfweak int SSL_DecodePrivateKey( const unsigned char *key, size_t keyLength, diff --git a/src/PAL/Include/nanoPAL_Sockets.h b/src/PAL/Include/nanoPAL_Sockets.h index 78d5b86bab..dc36efbe20 100644 --- a/src/PAL/Include/nanoPAL_Sockets.h +++ b/src/PAL/Include/nanoPAL_Sockets.h @@ -38,6 +38,12 @@ typedef struct _X509CertData DATE_TIME_INFO ExpirationDate; } X509CertData; +typedef struct _X509RawData +{ + size_t len; + unsigned char *p; +} X509RawData; + // Avoid including windows socket definitions #ifndef NANOCLR_SOCK_STRUCTURES @@ -678,6 +684,7 @@ int SSL_Write(int socket, const char *Data, size_t size); int SSL_Read(int socket, char *Data, size_t size); int SSL_CloseSocket(int socket); bool SSL_ParseCertificate(const char *certificate, size_t certLength, X509CertData *certData); +bool SSL_GetPublicKeyRaw(const char *certificate, size_t certLength, X509RawData *rawData); int SSL_DecodePrivateKey( const unsigned char *key, size_t keyLength, diff --git a/targets/AzureRTOS/ST/_common/drivers/wifi/inventek/ssl_ISM43362.cpp b/targets/AzureRTOS/ST/_common/drivers/wifi/inventek/ssl_ISM43362.cpp index c34be938f2..a7a1333a91 100644 --- a/targets/AzureRTOS/ST/_common/drivers/wifi/inventek/ssl_ISM43362.cpp +++ b/targets/AzureRTOS/ST/_common/drivers/wifi/inventek/ssl_ISM43362.cpp @@ -23,6 +23,16 @@ bool ssl_parse_certificate_internal(void *buf, size_t size, void *pwd, void *x50 return true; } +bool ssl_get_public_key_raw_internal(void *certificate, size_t size, void *x509RawData) +{ + (void)certificate; + (void)size; + (void)x509RawData; + + // can't really do anything here, so just return false + return false; +} + int ssl_decode_private_key_internal( const unsigned char *key, size_t keyLength, @@ -187,7 +197,7 @@ int ssl_connect_internal(int sd, const char *szTargetHost, int contextHandle) context->SocketIndex = sd; // at this point the socket must have been connected - + ////////////////////////////////////////////////////////////////////// // current firmware in ISM43362 does not support secure connections // // so we are faking it as if it would work // @@ -221,7 +231,7 @@ int ssl_read_internal(int sd, char *data, size_t size) { (void)sd; (void)data; - (void)size; //SSL_RESULT__WOULD_BLOCK + (void)size; // SSL_RESULT__WOULD_BLOCK // ISM43362 takes care of everything for us, just call the recv API return SOCK_recv(sd, data, size, 0); diff --git a/targets/TI_SimpleLink/_common/ssl_simplelink.cpp b/targets/TI_SimpleLink/_common/ssl_simplelink.cpp index 9b4a200d6b..62fa8b9e58 100644 --- a/targets/TI_SimpleLink/_common/ssl_simplelink.cpp +++ b/targets/TI_SimpleLink/_common/ssl_simplelink.cpp @@ -31,6 +31,16 @@ bool ssl_parse_certificate_internal(void *buf, size_t size, void *pwd, void *x50 (void)x509; } +bool ssl_get_public_key_raw_internal(void *certificate, size_t size, void *x509RawData) +{ + (void)certificate; + (void)size; + (void)x509RawData; + + // can't really do anything here, so just return false + return false; +} + int ssl_decode_private_key_internal( const unsigned char *key, size_t keyLength,