cryptoauthlib
cryptoauthlib copied to clipboard
MicrochipTech
ATECC608B read cert failed and lock slot 0 failed
Describe the bug
After writing the signer certificate and device certificate, the read failed, but the buffer prepared for reading was still filled. However, there is inconsistency between the written and read certificates. The place where the authorization key identifier should be stored is where the user key identifier is stored when reading. Besides, the other bytes are exactly the same as the bytes written.
Another issue is that when I tried to lock slot0, the error code returned was 0xF4, but before that, I had successfully locked slot12
To Reproduce run the code printf("Writing Device Certificate\r\n"); if (ATCA_SUCCESS != (status = atcacert_write_cert(&g_cert_def_2_device, provisioning_device_cert, 408))) { printf("Failed to write device certificate: %d\r\n", status); goto exit; }
uint8_t provisioning_signnnner_public_key[64]={
0x73, 0xc5, 0x71, 0xaf, 0xe9, 0xfc, 0xb4, 0x6a, 0x41, 0x3e, 0xc6, 0x31, 0x53, 0x0a, 0x00, 0xaf,
0x6a, 0x68, 0xe8, 0xb0, 0xfe, 0x39, 0x61, 0xfd, 0xa0, 0xb5, 0x98, 0xea, 0x74, 0x28, 0x54, 0xe7,
0x36, 0x1b, 0x23, 0x34, 0xc6, 0x1b, 0x8e, 0xd5, 0x26, 0x46, 0x0b, 0x62, 0x1d, 0x0d, 0x79, 0x98,
0xe7, 0x9d, 0x66, 0x7a, 0x14, 0x86, 0xc2, 0xa4, 0x6b, 0x41, 0x5f, 0x21, 0xbe, 0xa0, 0xd1, 0xf4};
/* Read back the signer certificate */
tmp_size = sizeof(provisioning_signer_cert);
printf("Reading Signer Certificate\r\n");
if(ATCA_SUCCESS ==atcab_wakeup())
{
printf("waked\n");
}
if (ATCACERT_E_SUCCESS != (status = atcacert_read_cert(&g_cert_def_1_signer, provisioning_signnnner_public_key, signer_der_qa, &tmp_size)))
{
printf("Failed to read signer certificate: %02x\r\n", status);
printf("%d\n",sizeof(signer_der_qa));
printf("%d\n",sizeof(provisioning_signer_cert));
printf("%d\n",signer_size);
//goto exit;
}
/* Compare the signer certificate */
printf("Comparing Signer Certificate\r\n");
if (memcmp(provisioning_signer_cert, signer_der_qa, 408))
{
printf("Signer certificate missmatch\r\n");
diff = false;
for (i = 0; i < signer_size; i++)
{
if (provisioning_signer_cert[i] != signer_der_qa[i])
{
diff = true;
}
if (0 == (i % 16))
{
printf("%s\r\n%04X: ", diff?"*":"", i);
diff = false;
}
printf("%02X|%02X ", provisioning_signer_cert[i], signer_der_qa[i]);
}
}
uint8_t provisioning_device_public_key[64]={
0xa1, 0x53, 0xad, 0x39, 0x8e, 0x1d, 0xd3, 0xce, 0x71, 0xd9, 0x40, 0x5b, 0x2b, 0x6d, 0x7c, 0xfb,
0x38, 0xe0, 0x53, 0xd7, 0xfa, 0x77, 0xca, 0xd3, 0x17, 0xa1, 0xc9, 0x43, 0x9f, 0xc6, 0x77, 0x37,
0x75, 0x8b, 0xf7, 0xa7, 0x46, 0xa2, 0x68, 0xc5, 0xc8, 0xac, 0x7d, 0xeb, 0x50, 0x66, 0xda, 0x40,
0x06, 0x14, 0xb9, 0x20, 0xb1, 0xf3, 0xa4, 0xf8, 0xd6, 0xf0, 0xce, 0x79, 0x87, 0xbf, 0xd7, 0xf3};
/* Read back the device certificate */
tmp_size = 408;
printf("Reading Device Certificate\r\n");
if (ATCA_SUCCESS != (status = atcacert_read_cert(&g_cert_def_2_device,
provisioning_device_public_key,
device_der_qa, &tmp_size)))
{
printf("Failed to read device certificate: %d\r\n", status);
}
/* Compare the device certificate */
printf("Comparing Device Certificate\r\n");
if (memcmp(provisioning_device_cert, device_der_qa, device_size))
{
printf("Device certificate missmatch\r\n");
diff = false;
for (i = 0; i < device_size; i++)
{
if (provisioning_device_cert[i] != device_der_qa[i])
{
diff = true;
}
if (0 == (i % 16))
{
printf("%s\r\n%04X: ", diff ? "*" : "", i);
diff = false;
}
printf("%02X|%02X ", provisioning_device_cert[i], device_der_qa[i]);
}
}
printf("\r\nDevice Provisioning Successful!\r\n");
/* End the session */
atcab_release();
Expected behavior i want to return ATCA_SUCCESS and ATCACERT_E_SUCCESS
Additional context this is my config zone 01 23 FC EA 00 00 60 03 DB EA 7C 6C EE 61 2D 00 C0 00 00 01 85 00 82 00 85 20 85 20 85 20 8F 46 8F 0F 9F 8F 0F 0F 8F 0F 0F 0F 0F 0F 0F 0F 0F 0F 0D 1F 0F 0F FF FF FF FF 00 00 00 00 FF FF FF FF 00 00 00 00 00 00 03 F7 00 69 76 00 00 00 00 00 00 00 00 00 00 00 55 00 FF EF 0E 60 00 00 00 00 53 00 53 00 73 00 73 00 73 00 38 00 7C 00 1C 00 3C 00 1A 00 3C 00 30 00 3C 00 30 00 12 00 30 00
