Add GetDevicePublicKey

src/DeviceInterfaces/System.Net/sys_net_native.cpp

@@ -183,6 +183,8 @@ static const CLR_RT_MethodHandler method_lookup[] =
     NULL,
     NULL,
     Library_sys_net_native_System_Net_Security_CertificateManager::AddCaCertificateBundle___STATIC__BOOLEAN__SZARRAY_U1,
+    NULL,
+    Library_sys_net_native_System_Net_Security_CertificateManager::GetDevicePublicKeyRaw___STATIC__SZARRAY_U1,
     Library_sys_net_native_System_Net_Security_SslNative::SecureServerInit___STATIC__I4__I4__I4__SystemSecurityCryptographyX509CertificatesX509Certificate__SystemSecurityCryptographyX509CertificatesX509Certificate__BOOLEAN,
     Library_sys_net_native_System_Net_Security_SslNative::SecureClientInit___STATIC__I4__I4__I4__SystemSecurityCryptographyX509CertificatesX509Certificate__SystemSecurityCryptographyX509CertificatesX509Certificate__BOOLEAN,
     Library_sys_net_native_System_Net_Security_SslNative::SecureAccept___STATIC__VOID__I4__OBJECT,
@@ -333,9 +335,9 @@ static const CLR_RT_MethodHandler method_lookup[] =
 const CLR_RT_NativeAssemblyData g_CLR_AssemblyNative_System_Net =
 {
     "System.Net",
-    0x5BAB8CB3,
+    0x92B242C1,
     method_lookup,
-    { 100, 1, 5, 0 }
+    { 100, 1, 5, 1 }
 };
 
 // clang-format on

src/DeviceInterfaces/System.Net/sys_net_native.h

@@ -282,6 +282,7 @@ struct Library_sys_net_native_System_Net_NetworkInformation_WirelessAPConfigurat
 struct Library_sys_net_native_System_Net_Security_CertificateManager
 {
     NANOCLR_NATIVE_DECLARE(AddCaCertificateBundle___STATIC__BOOLEAN__SZARRAY_U1);
+    NANOCLR_NATIVE_DECLARE(GetDevicePublicKeyRaw___STATIC__SZARRAY_U1);
 
     //--//
 };

src/DeviceInterfaces/System.Net/sys_net_native_System_Net_Security_CertificateManager.cpp

@@ -81,3 +81,36 @@ HRESULT Library_sys_net_native_System_Net_Security_CertificateManager::
 
     NANOCLR_CLEANUP_END();
 }
+
+HRESULT Library_sys_net_native_System_Net_Security_CertificateManager::GetDevicePublicKeyRaw___STATIC__SZARRAY_U1(
+    CLR_RT_StackFrame &stack)
+{
+    NATIVE_PROFILE_CLR_NETWORK();
+    NANOCLR_HEADER();
+
+    CLR_RT_HeapBlock &ret = stack.PushValueAndClear();
+    HAL_Configuration_X509DeviceCertificate *deviceCert = ConfigurationManager_GetDeviceCertificate();
+
+    if (deviceCert)
+    {
+        X509RawData rawData;
+
+        if (SSL_GetPublicKeyRaw((const char *)deviceCert->Certificate, deviceCert->CertificateSize, &rawData))
+        {
+            CLR_RT_HeapBlock_Array *array;
+
+            NANOCLR_CHECK_HRESULT(
+                CLR_RT_HeapBlock_Array::CreateInstance(ret, rawData.len, g_CLR_RT_WellKnownTypes.m_UInt8));
+
+            array = ret.DereferenceArray();
+
+            memcpy(array->GetFirstElement(), rawData.p, rawData.len);
+
+            platform_free(rawData.p);
+        }
+
+        platform_free(deviceCert);
+    }
+
+    NANOCLR_NOCLEANUP();
+}

src/DeviceInterfaces/System.Net/sys_net_native_System_Net_Security_CertificateManager_stubs.cpp

@@ -14,3 +14,13 @@ HRESULT Library_sys_net_native_System_Net_Security_CertificateManager::
 
     NANOCLR_NOCLEANUP();
 }
+
+HRESULT Library_sys_net_native_System_Net_Security_CertificateManager::GetDevicePublicKeyRaw___STATIC__SZARRAY_U1(
+    CLR_RT_StackFrame &stack)
+{
+    NANOCLR_HEADER();
+
+    NANOCLR_SET_AND_LEAVE(stack.NotImplementedStub());
+
+    NANOCLR_NOCLEANUP();
+}

src/PAL/COM/sockets/ssl/MbedTLS/ssl_parse_certificate_internal.cpp

@@ -51,3 +51,28 @@ bool ssl_parse_certificate_internal(void *certificate, size_t size, void *x509Ce
 
     return true;
 }
+
+bool ssl_get_public_key_raw_internal(void *certificate, size_t size, void *x509RawData)
+{
+    int ret;
+    X509RawData *x509 = (X509RawData *)x509RawData;
+
+    mbedtls_x509_crt cacert;
+    mbedtls_x509_crt_init(&cacert);
+
+    ret = mbedtls_x509_crt_parse(&cacert, (const unsigned char *)certificate, size);
+    if (ret < 0)
+    {
+        mbedtls_x509_crt_free(&cacert);
+        return false;
+    }
+
+    x509->len = cacert.raw.len;
+    x509->p = (unsigned char *)platform_malloc(x509->len);
+
+    memcpy(x509->p, cacert.raw.p, x509->len);
+
+    mbedtls_x509_crt_free(&cacert);
+
+    return true;
+}

src/PAL/COM/sockets/ssl/ssl.cpp

@@ -84,6 +84,18 @@ bool SSL_ParseCertificate(const char *certificate, size_t certLength, X509CertDa
     return ssl_parse_certificate_internal((void *)certificate, certLength, (void *)certData);
 }
 
+bool SSL_GetPublicKeyRaw(const char *certificate, size_t certLength, X509RawData *rawData)
+{
+    if (!s_InitDone)
+    {
+        s_InitDone = ssl_initialize_internal();
+    }
+
+    NATIVE_PROFILE_PAL_COM();
+
+    return ssl_get_public_key_raw_internal((void *)certificate, certLength, (void *)rawData);
+}
+
 int SSL_DecodePrivateKey(const unsigned char *key, size_t keyLength, const unsigned char *pwd, size_t pwdLength)
 {
     if (!s_InitDone)

src/PAL/COM/sockets/ssl/ssl_functions.h

@@ -35,6 +35,7 @@ enum SslVerification
 };
 
 bool ssl_parse_certificate_internal(void *buf, size_t size, void *x509);
+bool ssl_get_public_key_raw_internal(void *buf, size_t size, void *x509);
 int ssl_decode_private_key_internal(
     const unsigned char *key,
     size_t keyLength,

src/PAL/COM/sockets/ssl/ssl_stubs.cpp

@@ -159,6 +159,17 @@ __nfweak bool SSL_ParseCertificate(const char *certificate, size_t certLength, X
     return TRUE;
 }
 
+__nfweak bool SSL_GetPublicKeyRaw(const char *certificate, size_t certLength, X509RawData *rawData)
+{
+    (void)certificate;
+    (void)certLength;
+    (void)rawData;
+
+    NATIVE_PROFILE_PAL_COM();
+
+    return FALSE;
+}
+
 __nfweak int SSL_DecodePrivateKey(
     const unsigned char *key,
     size_t keyLength,

src/PAL/Include/nanoPAL_Sockets.h

@@ -38,6 +38,12 @@ typedef struct _X509CertData
     DATE_TIME_INFO ExpirationDate;
 } X509CertData;
 
+typedef struct _X509RawData
+{
+    size_t len;
+    unsigned char *p;
+} X509RawData;
+
 // Avoid including windows socket definitions
 
 #ifndef NANOCLR_SOCK_STRUCTURES
@@ -678,6 +684,7 @@ int SSL_Write(int socket, const char *Data, size_t size);
 int SSL_Read(int socket, char *Data, size_t size);
 int SSL_CloseSocket(int socket);
 bool SSL_ParseCertificate(const char *certificate, size_t certLength, X509CertData *certData);
+bool SSL_GetPublicKeyRaw(const char *certificate, size_t certLength, X509RawData *rawData);
 int SSL_DecodePrivateKey(
     const unsigned char *key,
     size_t keyLength,

targets/AzureRTOS/ST/_common/drivers/wifi/inventek/ssl_ISM43362.cpp

@@ -23,6 +23,16 @@ bool ssl_parse_certificate_internal(void *buf, size_t size, void *pwd, void *x50
     return true;
 }
 
+bool ssl_get_public_key_raw_internal(void *certificate, size_t size, void *x509RawData)
+{
+    (void)certificate;
+    (void)size;
+    (void)x509RawData;
+
+    // can't really do anything here, so just return false
+    return false;
+}
+
 int ssl_decode_private_key_internal(
     const unsigned char *key,
     size_t keyLength,
@@ -187,7 +197,7 @@ int ssl_connect_internal(int sd, const char *szTargetHost, int contextHandle)
     context->SocketIndex = sd;
 
     // at this point the socket must have been connected
-    
+
     //////////////////////////////////////////////////////////////////////
     // current firmware in ISM43362 does not support secure connections //
     // so we are faking it as if it would work                          //
@@ -221,7 +231,7 @@ int ssl_read_internal(int sd, char *data, size_t size)
 {
     (void)sd;
     (void)data;
-    (void)size; //SSL_RESULT__WOULD_BLOCK
+    (void)size; // SSL_RESULT__WOULD_BLOCK
 
     // ISM43362 takes care of everything for us, just call the recv API
     return SOCK_recv(sd, data, size, 0);

targets/TI_SimpleLink/_common/ssl_simplelink.cpp

@@ -31,6 +31,16 @@ bool ssl_parse_certificate_internal(void *buf, size_t size, void *pwd, void *x50
     (void)x509;
 }
 
+bool ssl_get_public_key_raw_internal(void *certificate, size_t size, void *x509RawData)
+{
+    (void)certificate;
+    (void)size;
+    (void)x509RawData;
+
+    // can't really do anything here, so just return false
+    return false;
+}
+
 int ssl_decode_private_key_internal(
     const unsigned char *key,
     size_t keyLength,