Merge pull request #329 from NETMF/fixCrypto

Add Crypto and fix OpenSSL

Author: mortezag

.gitignore

@@ -30,6 +30,8 @@
 [Oo]bj/
 ipch/
 
+!/tools/bin/
+
 #uVision
 *.uvguix*
 Listings/

Application/TinyBooter/Commands.cpp

@@ -1452,6 +1452,17 @@ bool Loader_Engine::Monitor_CheckSignature( WP_Message* msg )
     return true;
 }
 
+#ifdef DEBUG
+// dumps binary block in a form useable as C code constants for isolated testing and verification
+void DumpBlockDeclaration( char const* name, UINT8 const* pBlock, size_t len )
+{
+    debug_printf( "const char %s[] = {", name );
+    for( int i = 0; i < len; ++i )
+        debug_printf( "%c%d", i == 0 ? ' ' : ',', pBlock[ i ] );
+    debug_printf( "};\n" );
+}
+#endif
+
 bool Loader_Engine::Monitor_SignatureKeyUpdate( WP_Message* msg )
 {
     bool fSuccess = false;
@@ -1486,13 +1497,23 @@ bool Loader_Engine::Monitor_SignatureKeyUpdate( WP_Message* msg )
                         ASSERT(0);
                     fSuccess = true;
                 }
+                else
+                {
+#ifdef DEBUG
+                    debug_printf( "Failed cert check for new key:\n");
+                    DumpBlockDeclaration( "newKey", cmd->m_newKey, sizeof(RSAKey) );
+                    DumpBlockDeclaration( "newKeySig", cmd->m_newKeySignature, sizeof( cmd->m_newKeySignature ) );
+                    DumpBlockDeclaration( "currentKey", g_PrimaryConfigManager.GetDeploymentKeys( cmd->m_keyIndex ), sizeof(RSAKey) );
+#endif                    
+                    fSuccess = false;
+                }
             }
         }
     }
 
     ReplyToCommand( msg, fSuccess, false );
 
-    return true;    
+    return true;
 }
 
 bool Loader_Engine::Monitor_FlashSectorMap( WP_Message* msg )

Application/TinyBooter/ConfigurationManager.cpp

@@ -68,7 +68,9 @@ void ConfigurationSectorManager::LocateConfigurationSector( UINT32 BlockUsage )
 
 void ConfigurationSectorManager::LoadConfiguration()
 {
-    if (m_device ==NULL) return;
+    if (m_device ==NULL)
+            return;
+        
     if (m_fSupportsXIP)
     {
         // Get the real address 
@@ -91,7 +93,8 @@ void ConfigurationSectorManager::WriteConfiguration( UINT32 writeOffset, BYTE *d
     BOOL eraseWrite = FALSE;
     UINT32 writeLengthInBytes ;
 
-    if (m_device ==NULL) return ;
+    if (m_device ==NULL)
+            return ;
 
     LoadConfiguration();
 
@@ -179,9 +182,10 @@ void ConfigurationSectorManager::EraseWriteConfigBlock( BYTE * data, UINT32 size
 
 BOOL ConfigurationSectorManager::IsBootLoaderRequired( INT32 &bootModeTimeout )
 {
-    const UINT32                c_Empty      = 0xFFFFFFFF;
+    const UINT32 c_Empty = 0xFFFFFFFF;
 
-    if(m_device == NULL) return FALSE;
+    if(m_device == NULL)
+            return FALSE;
 
     volatile UINT32* data = (volatile UINT32*)&m_configurationSector->BooterFlagArray[ 0 ];
 

Application/TinyBooter/CryptoInterface.cpp

@@ -4,14 +4,9 @@
 
 #include "CryptoInterface.h"
 #include "ConfigurationManager.h"
-//--//
 
 extern UINT8* g_ConfigBuffer;
-extern int    g_ConfigBufferLength;
-
-
-//--//
-
+extern int g_ConfigBufferLength;
 
 CryptoState::CryptoState( UINT32 dataAddress, UINT32 dataLength, BYTE* sig, UINT32 sigLength, UINT32 sectorType ) : 
 #if defined(ARM_V1_2)
@@ -43,14 +38,16 @@ bool CryptoState::VerifySignature( UINT32 keyIndex )
     // IF THERE IS NO CONFIG SECTOR IN THE FLASH SECTOR TABLE, THEN WE DON'T HAVE KEYS, 
     // THEREFORE WE WILL NOT PERFORM SIGNATURE CHECKING.
     // 
-    if(g_PrimaryConfigManager.m_device == NULL) return true;
+    if(g_PrimaryConfigManager.m_device == NULL)
+        return true;
 
 
     switch(m_sectorType)
     {
     case BlockRange::BLOCKTYPE_DEPLOYMENT:
         // backwards compatibility
-        if(g_PrimaryConfigManager.GetTinyBooterVersion() != ConfigurationSector::c_CurrentVersionTinyBooter) return true;
+        if(g_PrimaryConfigManager.GetTinyBooterVersion() != ConfigurationSector::c_CurrentVersionTinyBooter)
+            return true;
 
         // if there is no key then we do not need to check the signature for the deployment sectors ONLY
         if(g_PrimaryConfigManager.CheckSignatureKeyEmpty( ConfigurationSector::c_DeployKeyDeployment ))
@@ -73,10 +70,11 @@ bool CryptoState::VerifySignature( UINT32 keyIndex )
             ASSERT(g_ConfigBufferLength > 0);
             ASSERT(g_ConfigBuffer != NULL);
 
-            if(g_ConfigBuffer == NULL || g_ConfigBufferLength <= 0) return false;
+            if(g_ConfigBuffer == NULL || g_ConfigBufferLength <= 0)
+                return false;
 
             // the g_ConfigBuffer contains the new configuration data
-            const ConfigurationSector* pNewCfg    = (const ConfigurationSector*)g_ConfigBuffer;
+            const ConfigurationSector* pNewCfg = (const ConfigurationSector*)g_ConfigBuffer;
 
             bool fCanWrite = false;
             bool fRet      = false;
@@ -125,7 +123,8 @@ bool CryptoState::VerifySignature( UINT32 keyIndex )
         // backwards compatibility
 
 
-        if(g_PrimaryConfigManager.GetTinyBooterVersion() != ConfigurationSector::c_CurrentVersionTinyBooter) return true;
+        if(g_PrimaryConfigManager.GetTinyBooterVersion() != ConfigurationSector::c_CurrentVersionTinyBooter)
+            return true;
 
         // if there is no key then we do not need to check the signature for the deployment sectors ONLY
         if (g_PrimaryConfigManager.CheckSignatureKeyEmpty( keyIndex ))
@@ -136,7 +135,6 @@ bool CryptoState::VerifySignature( UINT32 keyIndex )
         key = (RSAKey*)g_PrimaryConfigManager.GetDeploymentKeys( keyIndex );
 
         break;
-            
     };
 
     if(key == NULL)
@@ -151,7 +149,7 @@ bool CryptoState::VerifySignature( UINT32 keyIndex )
     {
         m_res = ::Crypto_StepRSAOperation( &m_handle );
     }
-    
+
     return m_res == CRYPTO_SUCCESS;
 }
 

CLR/Core/Execution.cpp

@@ -840,7 +840,7 @@ bool CLR_RT_ExecutionEngine::SpawnStaticConstructorHelper( CLR_RT_AppDomain* app
     CLR_RT_MethodDef_Index idxNext;
 
     _ASSERTE(m_cctorThread != NULL);
-    _ASSERTE(m_cctorThread->CanThreadBeReused());  
+    //_ASSERTE(m_cctorThread->CanThreadBeReused());  
 
     idxNext.m_data = idx.m_data;
 

DeviceCode/pal/OpenSSL/OpenSSL_1_0_0/tinyclr/ssl_types.h

@@ -109,10 +109,6 @@ typedef int  ssize_t;
 #define EWOULDBLOCK                 EAGAIN
 #endif
 
-#ifndef WSAEWOULDBLOCK
-#define WSAEWOULDBLOCK              EWOULDBLOCK
-#endif
-
 #define SIGINT                      4 // attention request from user from signal.h 
 
 #ifdef BUFSIZ