From 405b6c85b38ed2c59d63b3081ca706fb45926e6e Mon Sep 17 00:00:00 2001
From: aromaa <me@joniaromaa.fi>
Date: Tue, 13 Dec 2022 12:14:08 +0200
Subject: [PATCH] Add GetDevicePublicKey

---
 .../System.Net/sys_net_native.cpp             |  6 ++--
 .../System.Net/sys_net_native.h               |  1 +
 ...System_Net_Security_CertificateManager.cpp | 33 +++++++++++++++++++
 ..._Net_Security_CertificateManager_stubs.cpp | 10 ++++++
 .../ssl_parse_certificate_internal.cpp        | 25 ++++++++++++++
 src/PAL/COM/sockets/ssl/ssl.cpp               | 12 +++++++
 src/PAL/COM/sockets/ssl/ssl_functions.h       |  1 +
 src/PAL/COM/sockets/ssl/ssl_stubs.cpp         | 11 +++++++
 src/PAL/Include/nanoPAL_Sockets.h             |  7 ++++
 .../drivers/wifi/inventek/ssl_ISM43362.cpp    | 15 +++++++--
 .../TI_SimpleLink/_common/ssl_simplelink.cpp  |  8 +++++
 11 files changed, 125 insertions(+), 4 deletions(-)

diff --git a/src/DeviceInterfaces/System.Net/sys_net_native.cpp b/src/DeviceInterfaces/System.Net/sys_net_native.cpp
index a398e956c3..cb5cde8544 100644
--- a/src/DeviceInterfaces/System.Net/sys_net_native.cpp
+++ b/src/DeviceInterfaces/System.Net/sys_net_native.cpp
@@ -183,6 +183,8 @@ static const CLR_RT_MethodHandler method_lookup[] =
     NULL,
     NULL,
     Library_sys_net_native_System_Net_Security_CertificateManager::AddCaCertificateBundle___STATIC__BOOLEAN__SZARRAY_U1,
+    NULL,
+    Library_sys_net_native_System_Net_Security_CertificateManager::GetDevicePublicKeyRaw___STATIC__SZARRAY_U1,
     Library_sys_net_native_System_Net_Security_SslNative::SecureServerInit___STATIC__I4__I4__I4__SystemSecurityCryptographyX509CertificatesX509Certificate__SystemSecurityCryptographyX509CertificatesX509Certificate__BOOLEAN,
     Library_sys_net_native_System_Net_Security_SslNative::SecureClientInit___STATIC__I4__I4__I4__SystemSecurityCryptographyX509CertificatesX509Certificate__SystemSecurityCryptographyX509CertificatesX509Certificate__BOOLEAN,
     Library_sys_net_native_System_Net_Security_SslNative::SecureAccept___STATIC__VOID__I4__OBJECT,
@@ -333,9 +335,9 @@ static const CLR_RT_MethodHandler method_lookup[] =
 const CLR_RT_NativeAssemblyData g_CLR_AssemblyNative_System_Net =
 {
     "System.Net",
-    0x5BAB8CB3,
+    0x92B242C1,
     method_lookup,
-    { 100, 1, 5, 0 }
+    { 100, 1, 5, 1 }
 };
 
 // clang-format on
diff --git a/src/DeviceInterfaces/System.Net/sys_net_native.h b/src/DeviceInterfaces/System.Net/sys_net_native.h
index 0499791020..2c76c0c889 100644
--- a/src/DeviceInterfaces/System.Net/sys_net_native.h
+++ b/src/DeviceInterfaces/System.Net/sys_net_native.h
@@ -282,6 +282,7 @@ struct Library_sys_net_native_System_Net_NetworkInformation_WirelessAPConfigurat
 struct Library_sys_net_native_System_Net_Security_CertificateManager
 {
     NANOCLR_NATIVE_DECLARE(AddCaCertificateBundle___STATIC__BOOLEAN__SZARRAY_U1);
+    NANOCLR_NATIVE_DECLARE(GetDevicePublicKeyRaw___STATIC__SZARRAY_U1);
 
     //--//
 };
diff --git a/src/DeviceInterfaces/System.Net/sys_net_native_System_Net_Security_CertificateManager.cpp b/src/DeviceInterfaces/System.Net/sys_net_native_System_Net_Security_CertificateManager.cpp
index 4a1b10b5d7..38c103aed8 100644
--- a/src/DeviceInterfaces/System.Net/sys_net_native_System_Net_Security_CertificateManager.cpp
+++ b/src/DeviceInterfaces/System.Net/sys_net_native_System_Net_Security_CertificateManager.cpp
@@ -81,3 +81,36 @@ HRESULT Library_sys_net_native_System_Net_Security_CertificateManager::
 
     NANOCLR_CLEANUP_END();
 }
+
+HRESULT Library_sys_net_native_System_Net_Security_CertificateManager::GetDevicePublicKeyRaw___STATIC__SZARRAY_U1(
+    CLR_RT_StackFrame &stack)
+{
+    NATIVE_PROFILE_CLR_NETWORK();
+    NANOCLR_HEADER();
+
+    CLR_RT_HeapBlock &ret = stack.PushValueAndClear();
+    HAL_Configuration_X509DeviceCertificate *deviceCert = ConfigurationManager_GetDeviceCertificate();
+
+    if (deviceCert)
+    {
+        X509RawData rawData;
+
+        if (SSL_GetPublicKeyRaw((const char *)deviceCert->Certificate, deviceCert->CertificateSize, &rawData))
+        {
+            CLR_RT_HeapBlock_Array *array;
+
+            NANOCLR_CHECK_HRESULT(
+                CLR_RT_HeapBlock_Array::CreateInstance(ret, rawData.len, g_CLR_RT_WellKnownTypes.m_UInt8));
+
+            array = ret.DereferenceArray();
+
+            memcpy(array->GetFirstElement(), rawData.p, rawData.len);
+
+            platform_free(rawData.p);
+        }
+
+        platform_free(deviceCert);
+    }
+
+    NANOCLR_NOCLEANUP();
+}
\ No newline at end of file
diff --git a/src/DeviceInterfaces/System.Net/sys_net_native_System_Net_Security_CertificateManager_stubs.cpp b/src/DeviceInterfaces/System.Net/sys_net_native_System_Net_Security_CertificateManager_stubs.cpp
index 74f1acb027..e7f304f190 100644
--- a/src/DeviceInterfaces/System.Net/sys_net_native_System_Net_Security_CertificateManager_stubs.cpp
+++ b/src/DeviceInterfaces/System.Net/sys_net_native_System_Net_Security_CertificateManager_stubs.cpp
@@ -14,3 +14,13 @@ HRESULT Library_sys_net_native_System_Net_Security_CertificateManager::
 
     NANOCLR_NOCLEANUP();
 }
+
+HRESULT Library_sys_net_native_System_Net_Security_CertificateManager::GetDevicePublicKeyRaw___STATIC__SZARRAY_U1(
+    CLR_RT_StackFrame &stack)
+{
+    NANOCLR_HEADER();
+
+    NANOCLR_SET_AND_LEAVE(stack.NotImplementedStub());
+
+    NANOCLR_NOCLEANUP();
+}
\ No newline at end of file
diff --git a/src/PAL/COM/sockets/ssl/mbedTLS/ssl_parse_certificate_internal.cpp b/src/PAL/COM/sockets/ssl/mbedTLS/ssl_parse_certificate_internal.cpp
index 6199e8df61..0a292e5d08 100644
--- a/src/PAL/COM/sockets/ssl/mbedTLS/ssl_parse_certificate_internal.cpp
+++ b/src/PAL/COM/sockets/ssl/mbedTLS/ssl_parse_certificate_internal.cpp
@@ -51,3 +51,28 @@ bool ssl_parse_certificate_internal(void *certificate, size_t size, void *x509Ce
 
     return true;
 }
+
+bool ssl_get_public_key_raw_internal(void *certificate, size_t size, void *x509RawData)
+{
+    int ret;
+    X509RawData *x509 = (X509RawData *)x509RawData;
+
+    mbedtls_x509_crt cacert;
+    mbedtls_x509_crt_init(&cacert);
+
+    ret = mbedtls_x509_crt_parse(&cacert, (const unsigned char *)certificate, size);
+    if (ret < 0)
+    {
+        mbedtls_x509_crt_free(&cacert);
+        return false;
+    }
+
+    x509->len = cacert.raw.len;
+    x509->p = (unsigned char *)platform_malloc(x509->len);
+
+    memcpy(x509->p, cacert.raw.p, x509->len);
+
+    mbedtls_x509_crt_free(&cacert);
+
+    return true;
+}
diff --git a/src/PAL/COM/sockets/ssl/ssl.cpp b/src/PAL/COM/sockets/ssl/ssl.cpp
index 2d418672ed..eeab35d419 100644
--- a/src/PAL/COM/sockets/ssl/ssl.cpp
+++ b/src/PAL/COM/sockets/ssl/ssl.cpp
@@ -84,6 +84,18 @@ bool SSL_ParseCertificate(const char *certificate, size_t certLength, X509CertDa
     return ssl_parse_certificate_internal((void *)certificate, certLength, (void *)certData);
 }
 
+bool SSL_GetPublicKeyRaw(const char *certificate, size_t certLength, X509RawData *rawData)
+{
+    if (!s_InitDone)
+    {
+        s_InitDone = ssl_initialize_internal();
+    }
+
+    NATIVE_PROFILE_PAL_COM();
+
+    return ssl_get_public_key_raw_internal((void *)certificate, certLength, (void *)rawData);
+}
+
 int SSL_DecodePrivateKey(const unsigned char *key, size_t keyLength, const unsigned char *pwd, size_t pwdLength)
 {
     if (!s_InitDone)
diff --git a/src/PAL/COM/sockets/ssl/ssl_functions.h b/src/PAL/COM/sockets/ssl/ssl_functions.h
index c046f41521..beeba31240 100644
--- a/src/PAL/COM/sockets/ssl/ssl_functions.h
+++ b/src/PAL/COM/sockets/ssl/ssl_functions.h
@@ -35,6 +35,7 @@ enum SslVerification
 };
 
 bool ssl_parse_certificate_internal(void *buf, size_t size, void *x509);
+bool ssl_get_public_key_raw_internal(void *buf, size_t size, void *x509);
 int ssl_decode_private_key_internal(
     const unsigned char *key,
     size_t keyLength,
diff --git a/src/PAL/COM/sockets/ssl/ssl_stubs.cpp b/src/PAL/COM/sockets/ssl/ssl_stubs.cpp
index 795ee85847..6ebaf9419c 100644
--- a/src/PAL/COM/sockets/ssl/ssl_stubs.cpp
+++ b/src/PAL/COM/sockets/ssl/ssl_stubs.cpp
@@ -159,6 +159,17 @@ __nfweak bool SSL_ParseCertificate(const char *certificate, size_t certLength, X
     return TRUE;
 }
 
+__nfweak bool SSL_GetPublicKeyRaw(const char *certificate, size_t certLength, X509RawData *rawData)
+{
+    (void)certificate;
+    (void)certLength;
+    (void)rawData;
+
+    NATIVE_PROFILE_PAL_COM();
+
+    return TRUE;
+}
+
 __nfweak int SSL_DecodePrivateKey(
     const unsigned char *key,
     size_t keyLength,
diff --git a/src/PAL/Include/nanoPAL_Sockets.h b/src/PAL/Include/nanoPAL_Sockets.h
index 78d5b86bab..dc36efbe20 100644
--- a/src/PAL/Include/nanoPAL_Sockets.h
+++ b/src/PAL/Include/nanoPAL_Sockets.h
@@ -38,6 +38,12 @@ typedef struct _X509CertData
     DATE_TIME_INFO ExpirationDate;
 } X509CertData;
 
+typedef struct _X509RawData
+{
+    size_t len;
+    unsigned char *p;
+} X509RawData;
+
 // Avoid including windows socket definitions
 
 #ifndef NANOCLR_SOCK_STRUCTURES
@@ -678,6 +684,7 @@ int SSL_Write(int socket, const char *Data, size_t size);
 int SSL_Read(int socket, char *Data, size_t size);
 int SSL_CloseSocket(int socket);
 bool SSL_ParseCertificate(const char *certificate, size_t certLength, X509CertData *certData);
+bool SSL_GetPublicKeyRaw(const char *certificate, size_t certLength, X509RawData *rawData);
 int SSL_DecodePrivateKey(
     const unsigned char *key,
     size_t keyLength,
diff --git a/targets/AzureRTOS/ST/_common/drivers/wifi/inventek/ssl_ISM43362.cpp b/targets/AzureRTOS/ST/_common/drivers/wifi/inventek/ssl_ISM43362.cpp
index c34be938f2..6ea86711fa 100644
--- a/targets/AzureRTOS/ST/_common/drivers/wifi/inventek/ssl_ISM43362.cpp
+++ b/targets/AzureRTOS/ST/_common/drivers/wifi/inventek/ssl_ISM43362.cpp
@@ -23,6 +23,17 @@ bool ssl_parse_certificate_internal(void *buf, size_t size, void *pwd, void *x50
     return true;
 }
 
+bool ssl_get_public_key_raw_internal(void *buf, size_t size, void *pwd, void *x509)
+{
+    (void)buf;
+    (void)size;
+    (void)pwd;
+    (void)x509;
+
+    // can't really do anything here, so just return true
+    return true;
+}
+
 int ssl_decode_private_key_internal(
     const unsigned char *key,
     size_t keyLength,
@@ -187,7 +198,7 @@ int ssl_connect_internal(int sd, const char *szTargetHost, int contextHandle)
     context->SocketIndex = sd;
 
     // at this point the socket must have been connected
-    
+
     //////////////////////////////////////////////////////////////////////
     // current firmware in ISM43362 does not support secure connections //
     // so we are faking it as if it would work                          //
@@ -221,7 +232,7 @@ int ssl_read_internal(int sd, char *data, size_t size)
 {
     (void)sd;
     (void)data;
-    (void)size; //SSL_RESULT__WOULD_BLOCK
+    (void)size; // SSL_RESULT__WOULD_BLOCK
 
     // ISM43362 takes care of everything for us, just call the recv API
     return SOCK_recv(sd, data, size, 0);
diff --git a/targets/TI_SimpleLink/_common/ssl_simplelink.cpp b/targets/TI_SimpleLink/_common/ssl_simplelink.cpp
index d341e8cc11..f05e72aa92 100644
--- a/targets/TI_SimpleLink/_common/ssl_simplelink.cpp
+++ b/targets/TI_SimpleLink/_common/ssl_simplelink.cpp
@@ -31,6 +31,14 @@ bool ssl_parse_certificate_internal(void *buf, size_t size, void *pwd, void *x50
     (void)x509;
 }
 
+bool ssl_get_public_key_raw_internal(void *buf, size_t size, void *pwd, void *x509)
+{
+    (void)buf;
+    (void)size;
+    (void)pwd;
+    (void)x509;
+}
+
 int ssl_decode_private_key_internal(
     const unsigned char *key,
     size_t keyLength,