Closed copercini closed 4 years ago
Likely the device certificate has not been recreated properly. You should be able to take the certificate chain provided to the mbedtls_ssl_conf_own_cert call and use the mbedtls functions to print it out as PEM and then use something like openssl to verify the certificate chain.
If you are using certificate definition files you've used in another project you likely need to make a modification to the device certificate definition to chain it to the signer definition:
This is due to the way atca_mbedtls_cert_add
checks the next certificate in the chain to obtain the authority key id.
Weird, device cert and signerCA loaded by mbedtls seems exactly the same of provision.h, except for 00 01 cb
between both when transmitting
transmitted by mbedtls:
ssl_cli.c:3405: client state: 7
ssl_tls.c:2751: => flush output
ssl_tls.c:2763: <= flush output
ssl_tls.c:5323: => write certificate
ssl_tls.c:5375: own certificate #1:
ssl_tls.c:5375: cert. version : 3
ssl_tls.c:5375: serial number : 63:0E:50:A4:EB:20:F5:0D:52:0C:CD:A2:68:F5:D8:07
ssl_tls.c:5375: issuer name : O=Example Inc, CN=Example Signer FFFF
ssl_tls.c:5375: subject name : O=Example Inc, CN=Example Device
ssl_tls.c:5375: issued on : 2019-02-18 12:00:00
ssl_tls.c:5375: expires on : 3000-12-31 23:59:59
ssl_tls.c:5375: signed using : ECDSA with SHA256
ssl_tls.c:5375: EC key size : 256 bits
ssl_tls.c:5375: value of 'crt->eckey.Q(X)' (256 bits) is:
ssl_tls.c:5375: 90 c4 a6 8f 6a 66 2c 6f 10 b3 c7 1c 0f 40 af d0
ssl_tls.c:5375: 31 84 ca da 3f 87 d3 0e 54 ab 75 8c 84 83 34 eb
ssl_tls.c:5375: value of 'crt->eckey.Q(Y)' (255 bits) is:
ssl_tls.c:5375: 78 be 59 7c 9e c4 e2 e2 36 95 64 00 ae a7 76 a6
ssl_tls.c:5375: 89 43 05 ef 55 dc 0a 60 89 f7 f6 4e b8 d4 9a 6b
ssl_tls.c:5375: own certificate #2:
ssl_tls.c:5375: cert. version : 3
ssl_tls.c:5375: serial number : 5C:01:55:DC:5F:B5:F7:C0:D7:66:F9:42:15:81:A0:D0
ssl_tls.c:5375: issuer name : O=Example Inc, CN=Example Root CA
ssl_tls.c:5375: subject name : O=Example Inc, CN=Example Signer FFFF
ssl_tls.c:5375: issued on : 2019-02-18 12:42:09
ssl_tls.c:5375: expires on : 2029-02-18 12:42:09
ssl_tls.c:5375: signed using : ECDSA with SHA256
ssl_tls.c:5375: EC key size : 256 bits
ssl_tls.c:5375: basic constraints : CA=true, max_pathlen=0
ssl_tls.c:5375: key usage : Digital Signature, Key Cert Sign, CRL Sign
ssl_tls.c:5375: value of 'crt->eckey.Q(X)' (256 bits) is:
ssl_tls.c:5375: b0 6c 95 70 24 6f 08 6a b3 b7 7c b0 68 54 28 e1
ssl_tls.c:5375: e3 a5 ab d1 5f 8a 37 0e 5b c9 f8 47 b3 70 ce b3
ssl_tls.c:5375: value of 'crt->eckey.Q(Y)' (256 bits) is:
ssl_tls.c:5375: 92 63 e0 bd da 7b 07 0c 54 1e 5b 15 1a 2b 47 9c
ssl_tls.c:5375: 00 a8 6f f6 ce 1a 27 dd 55 b5 68 dc 87 c6 84 86
ssl_tls.c:3180: => write handshake message
ssl_tls.c:3337: => write record
ssl_tls.c:3417: output record: msgtype = 22, version = [3:3], msglen = 897
ssl_tls.c:3420: dumping 'output record sent to network' (902 bytes)
ssl_tls.c:3420: 0000: 16 03 03 03 81 0b 00 03 7d 00 03 7a 00 01 a9 30 ........}..z...0
ssl_tls.c:3420: 0010: 82 01 a5 30 82 01 4b a0 03 02 01 02 02 10 63 0e ...0..K.......c.
ssl_tls.c:3420: 0020: 50 a4 eb 20 f5 0d 52 0c cd a2 68 f5 d8 07 30 0a P.. ..R...h...0.
ssl_tls.c:3420: 0030: 06 08 2a 86 48 ce 3d 04 03 02 30 34 31 14 30 12 ..*.H.=...041.0.
ssl_tls.c:3420: 0040: 06 03 55 04 0a 0c 0b 45 78 61 6d 70 6c 65 20 49 ..U....Example I
ssl_tls.c:3420: 0050: 6e 63 31 1c 30 1a 06 03 55 04 03 0c 13 45 78 61 nc1.0...U....Exa
ssl_tls.c:3420: 0060: 6d 70 6c 65 20 53 69 67 6e 65 72 20 46 46 46 46 mple Signer FFFF
ssl_tls.c:3420: 0070: 30 20 17 0d 31 39 30 32 31 38 31 32 30 30 30 30 0 ..190218120000
ssl_tls.c:3420: 0080: 5a 18 0f 33 30 30 30 31 32 33 31 32 33 35 39 35 Z..3000123123595
ssl_tls.c:3420: 0090: 39 5a 30 2f 31 14 30 12 06 03 55 04 0a 0c 0b 45 9Z0/1.0...U....E
ssl_tls.c:3420: 00a0: 78 61 6d 70 6c 65 20 49 6e 63 31 17 30 15 06 03 xample Inc1.0...
ssl_tls.c:3420: 00b0: 55 04 03 0c 0e 45 78 61 6d 70 6c 65 20 44 65 76 U....Example Dev
ssl_tls.c:3420: 00c0: 69 63 65 30 59 30 13 06 07 2a 86 48 ce 3d 02 01 ice0Y0...*.H.=..
ssl_tls.c:3420: 00d0: 06 08 2a 86 48 ce 3d 03 01 07 03 42 00 04 90 c4 ..*.H.=....B....
ssl_tls.c:3420: 00e0: a6 8f 6a 66 2c 6f 10 b3 c7 1c 0f 40 af d0 31 84 ..jf,o.....@..1.
ssl_tls.c:3420: 00f0: ca da 3f 87 d3 0e 54 ab 75 8c 84 83 34 eb 78 be ..?...T.u...4.x.
ssl_tls.c:3420: 0100: 59 7c 9e c4 e2 e2 36 95 64 00 ae a7 76 a6 89 43 Y|....6.d...v..C
ssl_tls.c:3420: 0110: 05 ef 55 dc 0a 60 89 f7 f6 4e b8 d4 9a 6b a3 42 ..U..`...N...k.B
ssl_tls.c:3420: 0120: 30 40 30 1d 06 03 55 1d 0e 04 16 04 14 03 99 87 0@0...U.........
ssl_tls.c:3420: 0130: f7 c7 43 5b ef 68 6b c3 d4 62 f0 a1 3a 54 a5 ba ..C[.hk..b..:T..
ssl_tls.c:3420: 0140: d1 30 1f 06 03 55 1d 23 04 18 30 16 80 14 6c 25 .0...U.#..0...l%
ssl_tls.c:3420: 0150: 8f 6f 7e e8 41 1c 67 9b 10 d6 c4 35 c3 60 13 8f .o~.A.g....5.`..
ssl_tls.c:3420: 0160: eb 61 30 0a 06 08 2a 86 48 ce 3d 04 03 02 03 48 .a0...*.H.=....H
ssl_tls.c:3420: 0170: 00 30 45 02 20 5f 1e f6 e4 57 a6 01 41 35 9c 66 .0E. _...W..A5.f
ssl_tls.c:3420: 0180: 04 d3 3d 9b 4a 3b 68 3d 96 8a d5 92 ab 52 52 a9 ..=.J;h=.....RR.
ssl_tls.c:3420: 0190: 1c 3d de 71 81 02 21 00 df 98 f8 40 6d 0a d3 32 .=.q..!....@m..2
ssl_tls.c:3420: 01a0: b8 5e 4f 6a 7b 79 63 66 e0 76 d9 b8 ad f8 e2 5b .^Oj{ycf.v.....[
ssl_tls.c:3420: 01b0: 6b ab be b9 e8 ec 58 cf 00 01 cb 30 82 01 c7 30 k.....X....0...0
ssl_tls.c:3420: 01c0: 82 01 6e a0 03 02 01 02 02 10 5c 01 55 dc 5f b5 ..n.......\.U._.
ssl_tls.c:3420: 01d0: f7 c0 d7 66 f9 42 15 81 a0 d0 30 0a 06 08 2a 86 ...f.B....0...*.
ssl_tls.c:3420: 01e0: 48 ce 3d 04 03 02 30 30 31 14 30 12 06 03 55 04 H.=...001.0...U.
ssl_tls.c:3420: 01f0: 0a 0c 0b 45 78 61 6d 70 6c 65 20 49 6e 63 31 18 ...Example Inc1.
ssl_tls.c:3420: 0200: 30 16 06 03 55 04 03 0c 0f 45 78 61 6d 70 6c 65 0...U....Example
ssl_tls.c:3420: 0210: 20 52 6f 6f 74 20 43 41 30 1e 17 0d 31 39 30 32 Root CA0...1902
ssl_tls.c:3420: 0220: 31 38 31 32 34 32 30 39 5a 17 0d 32 39 30 32 31 18124209Z..29021
ssl_tls.c:3420: 0230: 38 31 32 34 32 30 39 5a 30 34 31 14 30 12 06 03 8124209Z041.0...
ssl_tls.c:3420: 0240: 55 04 0a 0c 0b 45 78 61 6d 70 6c 65 20 49 6e 63 U....Example Inc
ssl_tls.c:3420: 0250: 31 1c 30 1a 06 03 55 04 03 0c 13 45 78 61 6d 70 1.0...U....Examp
ssl_tls.c:3420: 0260: 6c 65 20 53 69 67 6e 65 72 20 46 46 46 46 30 59 le Signer FFFF0Y
ssl_tls.c:3420: 0270: 30 13 06 07 2a 86 48 ce 3d 02 01 06 08 2a 86 48 0...*.H.=....*.H
ssl_tls.c:3420: 0280: ce 3d 03 01 07 03 42 00 04 b0 6c 95 70 24 6f 08 .=....B...l.p$o.
ssl_tls.c:3420: 0290: 6a b3 b7 7c b0 68 54 28 e1 e3 a5 ab d1 5f 8a 37 j..|.hT(....._.7
ssl_tls.c:3420: 02a0: 0e 5b c9 f8 47 b3 70 ce b3 92 63 e0 bd da 7b 07 .[..G.p...c...{.
ssl_tls.c:3420: 02b0: 0c 54 1e 5b 15 1a 2b 47 9c 00 a8 6f f6 ce 1a 27 .T.[..+G...o...'
ssl_tls.c:3420: 02c0: dd 55 b5 68 dc 87 c6 84 86 a3 66 30 64 30 12 06 .U.h......f0d0..
ssl_tls.c:3420: 02d0: 03 55 1d 13 01 01 ff 04 08 30 06 01 01 ff 02 01 .U.......0......
ssl_tls.c:3420: 02e0: 00 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 01 .0...U..........
ssl_tls.c:3420: 02f0: 86 30 1d 06 03 55 1d 0e 04 16 04 14 6c 25 8f 6f .0...U......l%.o
ssl_tls.c:3420: 0300: 7e e8 41 1c 67 9b 10 d6 c4 35 c3 60 13 8f eb 61 ~.A.g....5.`...a
ssl_tls.c:3420: 0310: 30 1f 06 03 55 1d 23 04 18 30 16 80 14 1c 82 1c 0...U.#..0......
ssl_tls.c:3420: 0320: 77 50 a5 0b 90 5f 5c 00 47 47 11 15 d8 83 f4 80 wP..._\.GG......
ssl_tls.c:3420: 0330: ce 30 0a 06 08 2a 86 48 ce 3d 04 03 02 03 47 00 .0...*.H.=....G.
ssl_tls.c:3420: 0340: 30 44 02 20 0a bd f6 b9 74 b7 fd 7d 94 af 81 86 0D. ....t..}....
ssl_tls.c:3420: 0350: 49 fe 94 e4 96 4c 66 2e b5 e8 e0 21 49 94 9f 3c I....Lf....!I..<
ssl_tls.c:3420: 0360: 3f 91 06 9f 02 20 70 54 62 e5 61 1b 74 78 c5 56 ?.... pTb.a.tx.V
ssl_tls.c:3420: 0370: 6f 00 1a 18 ea 58 62 ad 87 5a 9c 3f 71 12 0e 0b o....Xb..Z.?q...
ssl_tls.c:3420: 0380: 0a 4e 8c c6 cc af .N....
ssl_tls.c:2751: => flush output
ssl_tls.c:2770: message length: 902, out_left: 902
ssl_tls.c:2775: ssl->f_send() returned 902 (-0xfffffc7a)
my provision.h:
static const uint8_t provisioning_device_cert[] = {
0x30, 0x82, 0x01, 0xA5, 0x30, 0x82, 0x01, 0x4B, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0x63,
0x0E, 0x50, 0xA4, 0xEB, 0x20, 0xF5, 0x0D, 0x52, 0x0C, 0xCD, 0xA2, 0x68, 0xF5, 0xD8, 0x07, 0x30,
0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x34, 0x31, 0x14, 0x30,
0x12, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0B, 0x45, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x20,
0x49, 0x6E, 0x63, 0x31, 0x1C, 0x30, 0x1A, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x13, 0x45, 0x78,
0x61, 0x6D, 0x70, 0x6C, 0x65, 0x20, 0x53, 0x69, 0x67, 0x6E, 0x65, 0x72, 0x20, 0x46, 0x46, 0x46,
0x46, 0x30, 0x20, 0x17, 0x0D, 0x31, 0x39, 0x30, 0x32, 0x31, 0x38, 0x31, 0x32, 0x30, 0x30, 0x30,
0x30, 0x5A, 0x18, 0x0F, 0x33, 0x30, 0x30, 0x30, 0x31, 0x32, 0x33, 0x31, 0x32, 0x33, 0x35, 0x39,
0x35, 0x39, 0x5A, 0x30, 0x2F, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0B,
0x45, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x20, 0x49, 0x6E, 0x63, 0x31, 0x17, 0x30, 0x15, 0x06,
0x03, 0x55, 0x04, 0x03, 0x0C, 0x0E, 0x45, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x20, 0x44, 0x65,
0x76, 0x69, 0x63, 0x65, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02,
0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x90,
0xC4, 0xA6, 0x8F, 0x6A, 0x66, 0x2C, 0x6F, 0x10, 0xB3, 0xC7, 0x1C, 0x0F, 0x40, 0xAF, 0xD0, 0x31,
0x84, 0xCA, 0xDA, 0x3F, 0x87, 0xD3, 0x0E, 0x54, 0xAB, 0x75, 0x8C, 0x84, 0x83, 0x34, 0xEB, 0x78,
0xBE, 0x59, 0x7C, 0x9E, 0xC4, 0xE2, 0xE2, 0x36, 0x95, 0x64, 0x00, 0xAE, 0xA7, 0x76, 0xA6, 0x89,
0x43, 0x05, 0xEF, 0x55, 0xDC, 0x0A, 0x60, 0x89, 0xF7, 0xF6, 0x4E, 0xB8, 0xD4, 0x9A, 0x6B, 0xA3,
0x42, 0x30, 0x40, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x03, 0x99,
0x87, 0xF7, 0xC7, 0x43, 0x5B, 0xEF, 0x68, 0x6B, 0xC3, 0xD4, 0x62, 0xF0, 0xA1, 0x3A, 0x54, 0xA5,
0xBA, 0xD1, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x6C,
0x25, 0x8F, 0x6F, 0x7E, 0xE8, 0x41, 0x1C, 0x67, 0x9B, 0x10, 0xD6, 0xC4, 0x35, 0xC3, 0x60, 0x13,
0x8F, 0xEB, 0x61, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x03,
0x48, 0x00, 0x30, 0x45, 0x02, 0x20, 0x5F, 0x1E, 0xF6, 0xE4, 0x57, 0xA6, 0x01, 0x41, 0x35, 0x9C,
0x66, 0x04, 0xD3, 0x3D, 0x9B, 0x4A, 0x3B, 0x68, 0x3D, 0x96, 0x8A, 0xD5, 0x92, 0xAB, 0x52, 0x52,
0xA9, 0x1C, 0x3D, 0xDE, 0x71, 0x81, 0x02, 0x21, 0x00, 0xDF, 0x98, 0xF8, 0x40, 0x6D, 0x0A, 0xD3,
0x32, 0xB8, 0x5E, 0x4F, 0x6A, 0x7B, 0x79, 0x63, 0x66, 0xE0, 0x76, 0xD9, 0xB8, 0xAD, 0xF8, 0xE2,
0x5B, 0x6B, 0xAB, 0xBE, 0xB9, 0xE8, 0xEC, 0x58, 0xCF,
};
static const uint8_t provisioning_signer_cert[] = {
0x30, 0x82, 0x01, 0xC7, 0x30, 0x82, 0x01, 0x6E, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0x5C,
0x01, 0x55, 0xDC, 0x5F, 0xB5, 0xF7, 0xC0, 0xD7, 0x66, 0xF9, 0x42, 0x15, 0x81, 0xA0, 0xD0, 0x30,
0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x30, 0x31, 0x14, 0x30,
0x12, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0B, 0x45, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x20,
0x49, 0x6E, 0x63, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x45, 0x78,
0x61, 0x6D, 0x70, 0x6C, 0x65, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1E, 0x17,
0x0D, 0x31, 0x39, 0x30, 0x32, 0x31, 0x38, 0x31, 0x32, 0x34, 0x32, 0x30, 0x39, 0x5A, 0x17, 0x0D,
0x32, 0x39, 0x30, 0x32, 0x31, 0x38, 0x31, 0x32, 0x34, 0x32, 0x30, 0x39, 0x5A, 0x30, 0x34, 0x31,
0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0B, 0x45, 0x78, 0x61, 0x6D, 0x70, 0x6C,
0x65, 0x20, 0x49, 0x6E, 0x63, 0x31, 0x1C, 0x30, 0x1A, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x13,
0x45, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x20, 0x53, 0x69, 0x67, 0x6E, 0x65, 0x72, 0x20, 0x46,
0x46, 0x46, 0x46, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01,
0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xB0, 0x6C,
0x95, 0x70, 0x24, 0x6F, 0x08, 0x6A, 0xB3, 0xB7, 0x7C, 0xB0, 0x68, 0x54, 0x28, 0xE1, 0xE3, 0xA5,
0xAB, 0xD1, 0x5F, 0x8A, 0x37, 0x0E, 0x5B, 0xC9, 0xF8, 0x47, 0xB3, 0x70, 0xCE, 0xB3, 0x92, 0x63,
0xE0, 0xBD, 0xDA, 0x7B, 0x07, 0x0C, 0x54, 0x1E, 0x5B, 0x15, 0x1A, 0x2B, 0x47, 0x9C, 0x00, 0xA8,
0x6F, 0xF6, 0xCE, 0x1A, 0x27, 0xDD, 0x55, 0xB5, 0x68, 0xDC, 0x87, 0xC6, 0x84, 0x86, 0xA3, 0x66,
0x30, 0x64, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x01, 0x01, 0xFF, 0x04, 0x08, 0x30, 0x06,
0x01, 0x01, 0xFF, 0x02, 0x01, 0x00, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01, 0xFF,
0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04,
0x14, 0x6C, 0x25, 0x8F, 0x6F, 0x7E, 0xE8, 0x41, 0x1C, 0x67, 0x9B, 0x10, 0xD6, 0xC4, 0x35, 0xC3,
0x60, 0x13, 0x8F, 0xEB, 0x61, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, 0x18, 0x30, 0x16,
0x80, 0x14, 0x1C, 0x82, 0x1C, 0x77, 0x50, 0xA5, 0x0B, 0x90, 0x5F, 0x5C, 0x00, 0x47, 0x47, 0x11,
0x15, 0xD8, 0x83, 0xF4, 0x80, 0xCE, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04,
0x03, 0x02, 0x03, 0x47, 0x00, 0x30, 0x44, 0x02, 0x20, 0x0A, 0xBD, 0xF6, 0xB9, 0x74, 0xB7, 0xFD,
0x7D, 0x94, 0xAF, 0x81, 0x86, 0x49, 0xFE, 0x94, 0xE4, 0x96, 0x4C, 0x66, 0x2E, 0xB5, 0xE8, 0xE0,
0x21, 0x49, 0x94, 0x9F, 0x3C, 0x3F, 0x91, 0x06, 0x9F, 0x02, 0x20, 0x70, 0x54, 0x62, 0xE5, 0x61,
0x1B, 0x74, 0x78, 0xC5, 0x56, 0x6F, 0x00, 0x1A, 0x18, 0xEA, 0x58, 0x62, 0xAD, 0x87, 0x5A, 0x9C,
0x3F, 0x71, 0x12, 0x0E, 0x0B, 0x0A, 0x4E, 0x8C, 0xC6, 0xCC, 0xAF,
};
static const uint8_t provisioning_root_public_key[] = {
0xCF, 0xA4, 0xF6, 0x18, 0x50, 0xCE, 0xBE, 0xF1, 0x8F, 0x77, 0xC9, 0x1B, 0x6D, 0x9C, 0xE9, 0xFE,
0x6C, 0x54, 0xFF, 0x16, 0x76, 0x4D, 0xCF, 0x3E, 0xDA, 0x94, 0x6E, 0xE5, 0x81, 0x9E, 0xBD, 0xF2,
0x35, 0x54, 0x46, 0xD9, 0x3B, 0x24, 0xBE, 0x37, 0x20, 0x4E, 0xA9, 0xB3, 0xF6, 0xE3, 0xBA, 0xBB,
0x0D, 0x65, 0xCD, 0xD8, 0x16, 0xB9, 0x91, 0x5C, 0xC3, 0x81, 0x3D, 0x6C, 0x2E, 0xF5, 0xF7, 0xA6,
};
just a curiosity, inverting signerCA and deviceCert loading order, it returns:
got an alert message, type: [2:42]
is a fatal alert message (msg 42)
translated to TLS1_ALERT_BAD_CERTIFICATE
as expected, but in the theoretically correct order, a generic error (80) TLS1_ALERT_INTERNAL_ERROR
I "solved" this disabling ECDH_COMPUTE_SHARED_ALT
and ECDH_GEN_PUBLIC_ALT
and just using the ATECC to sign the TLS handshake
I'm trying to setup a new CA chain on AWS IoT, everything seems good, signer-CA and device certificate are already registered on AWS.
TLS handshake starts well: it loads signer and device certificates from ATCA starts the connection send client hello get server hello set ciphersuite as TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 get AWS CA, compare it, do some calculations with ECDH curve secp256r1 using ATCA calc verify sha256 using ATCA
but near the end it just returns a fatal error message 0x7780
Any clue about it? I can share the entire logs, but this includes some sensitive data (endpoint, certificates, etc)