Device certificate missmatch

copercini commented 5 years ago

Hi @bryan-hunt

I've created a key pair using configure.c on an ATECC608a and then new chain using create_all.py and the device public key, but a weird problem appeared when I tried provision.c, the uploaded device certificate doesn't match with the extracted using atcacert_read_cert

everything using only the examples

Comparing Device Certificate
Device certificate missmatch

0000: 30|30 82|82 01|01 A6|A6 30|30 82|82 01|01 4B|4B A0|A0 03|03 02|02 01|01 02|02 02|02 10|10 6D|51 *
0010: 61|74 29|AE 82|E2 10|6F 4D|97 4D|CA D1|CB 89|82 9D|10 2F|5F 43|B6 42|12 80|71 70|53 52|9D 30|30 *
0020: 0A|0A 06|06 08|08 2A|2A 86|86 48|48 CE|CE 3D|3D 04|04 03|03 02|02 30|30 34|34 31|31 14|14 30|30
0030: 12|12 06|06 03|03 55|55 04|04 0A|0A 0C|0C 0B|0B 45|45 78|78 61|61 6D|6D 70|70 6C|6C 65|65 20|20
0040: 49|49 6E|6E 63|63 31|31 1C|1C 30|30 1A|1A 06|06 03|03 55|55 04|04 03|03 0C|0C 13|13 45|45 78|78
0050: 61|61 6D|6D 70|70 6C|6C 65|65 20|20 53|53 69|69 67|67 6E|6E 65|65 72|72 20|20 46|46 46|46 46|46
0060: 46|46 30|30 20|20 17|17 0D|0D 31|31 39|39 30|30 32|32 31|31 33|33 31|31 35|35 30|30 30|30 30|30
0070: 30|30 5A|5A 18|18 0F|0F 33|33 30|30 30|30 30|30 31|31 32|32 33|33 31|31 32|32 33|33 35|35 39|39
0080: 35|35 39|39 5A|5A 30|30 2F|2F 31|31 14|14 30|30 12|12 06|06 03|03 55|55 04|04 0A|0A 0C|0C 0B|0B
0090: 45|45 78|78 61|61 6D|6D 70|70 6C|6C 65|65 20|20 49|49 6E|6E 63|63 31|31 17|17 30|30 15|15 06|06
00A0: 03|03 55|55 04|04 03|03 0C|0C 0E|0E 45|45 78|78 61|61 6D|6D 70|70 6C|6C 65|65 20|20 44|44 65|65
00B0: 76|76 69|69 63|63 65|65 30|30 59|59 30|30 13|13 06|06 07|07 2A|2A 86|86 48|48 CE|CE 3D|3D 02|02
00C0: 01|01 06|06 08|08 2A|2A 86|86 48|48 CE|CE 3D|3D 03|03 01|01 07|07 03|03 42|42 00|00 04|04 01|E2 *
00D0: B2|F8 91|CD 70|88 7B|9A F0|BA 70|3A EB|AE 90|06 CF|12 2C|B7 B0|3E 93|67 E3|4D 4C|D9 2F|DC 78|CD *
00E0: 6D|2C 49|04 DB|9E 65|A3 B2|21 84|E0 20|48 A6|92 B1|DD A2|2B 85|30 74|62 75|61 60|9D CF|BB ED|AA *
00F0: 5D|C4 29|18 FB|06 F9|EE 94|0B 8D|88 48|B8 8D|09 C6|00 1F|41 34|9D C4|1E 70|64 A4|A4 C5|D0 A8|EE *
0100: 80|07 5F|41 37|FD FB|D1 AB|78 49|6F 2D|69 33|04 67|06 F2|88 32|37 31|D8 AF|AC FC|A5 E6|5E A3|A3 *
0110: 42|42 30|30 40|40 30|30 1D|1D 06|06 03|03 55|55 1D|1D 0E|0E 04|04 16|16 04|04 14|14 C0|D3 B0|7E *
0120: 07|6B 9E|95 98|7D 3C|69 1B|52 43|89 12|55 92|9F 23|9B D2|39 76|5D 30|50 60|38 32|1F 9C|01 E8|B0 *
0130: C0|54 96|96 30|30 1F|1F 06|06 03|03 55|55 1D|1D 23|23 04|04 18|18 30|30 16|16 80|80 14|14 69|69
0140: 30|30 A3|A3 00|00 AD|AD 07|07 B9|B9 30|30 78|78 11|11 24|24 C7|C7 AF|AF F1|F1 06|06 4F|4F 2C|2C
0150: 7C|7C 13|13 EE|EE 30|30 0A|0A 06|06 08|08 2A|2A 86|86 48|48 CE|CE 3D|3D 04|04 03|03 02|02 03|03
0160: 49|49 00|00 30|30 46|46 02|02 21|21 00|00 AC|AC 78|78 F7|F7 4E|4E 91|91 9F|9F DD|DD BB|BB 9A|9A
0170: CB|CB 2D|2D DE|DE E4|E4 CF|CF 79|79 F5|F5 7E|7E 22|22 8C|8C F7|F7 7E|7E 16|16 6D|6D D3|D3 67|67
0180: D7|D7 60|60 C4|C4 2B|2B 8C|8C A1|A1 0B|0B 02|02 21|21 00|00 D2|D2 F9|F9 BA|BA 35|35 65|65 DD|DD
0190: CA|CA 98|98 60|60 04|04 7A|7A 19|19 B4|B4 B4|B4 5A|5A 0D|0D 94|94 B5|B5 B3|B3 54|54 7B|7B 5C|5C
01A0: 20|20 20|20 58|58 9B|9B 96|96 C3|C3 75|75 32|32 7C|7C EF|EF

Any clues about it?

bryan-hunt commented 5 years ago

Looks like you're compiling provision with an older provision.h file from export_header.py

copercini commented 5 years ago

After recreate the certs chain from zero it magically worked, Thanks for your help =)

MicrochipTech / mbedtls-examples

Device certificate missmatch #1