mbedtls_ssl_handshake returned -0x7780

[copercini]

I'm trying to setup a new CA chain on AWS IoT, everything seems good, signer-CA and device certificate are already registered on AWS.

TLS handshake starts well: it loads signer and device certificates from ATCA starts the connection send client hello get server hello set ciphersuite as TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 get AWS CA, compare it, do some calculations with ECDH curve secp256r1 using ATCA calc verify sha256 using ATCA

but near the end it just returns a fatal error message 0x7780

ssl_tls.c:2803: <= flush output
ssl_tls.c:3470: <= write record
ssl_tls.c:3314: <= write handshake message
ssl_cli.c:3278: <= write certificate verify
ssl_cli.c:3405: client state: 10
ssl_tls.c:2751: => flush output
ssl_tls.c:2763: <= flush output
ssl_tls.c:5826: => write change cipher spec
ssl_tls.c:3180: => write handshake message
ssl_tls.c:3337: => write record
ssl_tls.c:3417: output record: msgtype = 20, version = [3:3], msglen = 1
ssl_tls.c:3420: dumping 'output record sent to network' (6 bytes)
ssl_tls.c:3420: 0000:  14 03 03 00 01 01                                ......
ssl_tls.c:2751: => flush output
ssl_tls.c:2770: message length: 6, out_left: 6
ssl_tls.c:2775: ssl->f_send() returned 6 (-0xfffffffa)
ssl_tls.c:2803: <= flush output
ssl_tls.c:3470: <= write record
ssl_tls.c:3314: <= write handshake message
ssl_tls.c:5840: <= write change cipher spec
ssl_cli.c:3405: client state: 11
ssl_tls.c:2751: => flush output
ssl_tls.c:2763: <= flush output
ssl_tls.c:6345: => write finished
ssl_tls.c:6170: => calc  finished tls sha256
ssl_tls.c:6182: dumping 'finished sha2 state' (32 bytes)
ssl_tls.c:6182: 0000:  60 14 4b 47 6f e4 fd 4c 6a 8a 2a b3 8c 34 a6 5b  `.KGo..Lj.*..4.[
ssl_tls.c:6182: 0010:  80 8a f9 2a 54 f3 de 00 f3 0a 4a 6b e9 f0 8d 9b  ...*T.....Jk....
ssl_tls.c:6194: dumping 'calc finished result' (12 bytes)
ssl_tls.c:6194: 0000:  0b 66 44 1b bc 38 0b 3d 0c e3 f3 bf              .fD..8.=....
ssl_tls.c:6200: <= calc  finished
ssl_tls.c:6390: switching to new transform spec for outbound data
ssl_tls.c:3180: => write handshake message
ssl_tls.c:3337: => write record
ssl_tls.c:1441: => encrypt buf
ssl_tls.c:1452: dumping 'before encrypt: output payload' (16 bytes)
ssl_tls.c:1452: 0000:  14 00 00 0c 0b 66 44 1b bc 38 0b 3d 0c e3 f3 bf  .....fD..8.=....
ssl_tls.c:1570: dumping 'additional data for AEAD' (13 bytes)
ssl_tls.c:1570: 0000:  00 00 00 00 00 00 00 00 16 03 03 00 10           .............
ssl_tls.c:1601: dumping 'IV used (internal)' (12 bytes)
ssl_tls.c:1601: 0000:  9b 9f 8d 3d 00 00 00 00 00 00 00 00              ...=........
ssl_tls.c:1603: dumping 'IV used (transmitted)' (8 bytes)
ssl_tls.c:1603: 0000:  00 00 00 00 00 00 00 00                          ........
ssl_tls.c:1614: before encrypt: msglen = 24, including 0 bytes of padding
ssl_tls.c:1639: dumping 'after encrypt: tag' (16 bytes)
ssl_tls.c:1639: 0000:  bf 8d 48 c8 cf 18 6b 70 af 0a 4d b0 27 20 8a 62  ..H...kp..M.' .b
ssl_tls.c:1777: <= encrypt buf
ssl_tls.c:3417: output record: msgtype = 22, version = [3:3], msglen = 40
ssl_tls.c:3420: dumping 'output record sent to network' (45 bytes)
ssl_tls.c:3420: 0000:  16 03 03 00 28 00 00 00 00 00 00 00 00 32 75 b5  ....(........2u.
ssl_tls.c:3420: 0010:  8e 13 f8 8e 07 ef 61 5a 32 79 06 ef 91 bf 8d 48  ......aZ2y.....H
ssl_tls.c:3420: 0020:  c8 cf 18 6b 70 af 0a 4d b0 27 20 8a 62           ...kp..M.' .b
ssl_tls.c:2751: => flush output
ssl_tls.c:2770: message length: 45, out_left: 45
ssl_tls.c:2775: ssl->f_send() returned 45 (-0xffffffd3)
ssl_tls.c:2803: <= flush output
ssl_tls.c:3470: <= write record
ssl_tls.c:3314: <= write handshake message
ssl_tls.c:6454: <= write finished
ssl_cli.c:3405: client state: 12
ssl_tls.c:2751: => flush output
ssl_tls.c:2763: <= flush output
ssl_tls.c:5849: => parse change cipher spec
ssl_tls.c:4305: => read record
ssl_tls.c:2532: => fetch input
ssl_tls.c:2693: in_left: 0, nb_want: 5
ssl_tls.c:2717: in_left: 0, nb_want: 5
ssl_tls.c:2718: ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
ssl_tls.c:2738: <= fetch input
ssl_tls.c:4041: dumping 'input record header' (5 bytes)
ssl_tls.c:4041: 0000:  15 03 03 00 02                                   .....
ssl_tls.c:4050: input record: msgtype = 21, version = [3:3], msglen = 2
ssl_tls.c:2532: => fetch input
ssl_tls.c:2693: in_left: 5, nb_want: 7
ssl_tls.c:2717: in_left: 5, nb_want: 7
ssl_tls.c:2718: ssl->f_recv(_timeout)() returned 2 (-0xfffffffe)
ssl_tls.c:2738: <= fetch input
ssl_tls.c:4227: dumping 'input record from network' (7 bytes)
ssl_tls.c:4227: 0000:  15 03 03 00 02 02 50                             ......P
ssl_tls.c:5164: got an alert message, type: [2:80]
ssl_tls.c:5172: is a fatal alert message (msg 80)
ssl_tls.c:4363: mbedtls_ssl_handle_message_type() returned -30592 (-0x7780)
ssl_tls.c:5853: mbedtls_ssl_read_record() returned -30592 (-0x7780)
ssl_tls.c:8031: <= handshake
 failed
  ! mbedtls_ssl_handshake returned -0x7780

ssl_tls.c:8866: => free
ssl_tls.c:8931: <= free

Any clue about it? I can share the entire logs, but this includes some sensitive data (endpoint, certificates, etc)

[bryan-hunt]

Likely the device certificate has not been recreated properly. You should be able to take the certificate chain provided to the mbedtls_ssl_conf_own_cert call and use the mbedtls functions to print it out as PEM and then use something like openssl to verify the certificate chain.

If you are using certificate definition files you've used in another project you likely need to make a modification to the device certificate definition to chain it to the signer definition:

https://github.com/MicrochipTech/mbedtls-examples/blob/91a1af2a52fa9f89a0748fc8f204c0f396ff2357/source/cert_chain.c#L257

This is due to the way atca_mbedtls_cert_add checks the next certificate in the chain to obtain the authority key id.

[copercini]

Weird, device cert and signerCA loaded by mbedtls seems exactly the same of provision.h, except for 00 01 cb between both when transmitting

transmitted by mbedtls:

ssl_cli.c:3405: client state: 7
ssl_tls.c:2751: => flush output
ssl_tls.c:2763: <= flush output
ssl_tls.c:5323: => write certificate
ssl_tls.c:5375: own certificate #1:
ssl_tls.c:5375: cert. version     : 3
ssl_tls.c:5375: serial number     : 63:0E:50:A4:EB:20:F5:0D:52:0C:CD:A2:68:F5:D8:07
ssl_tls.c:5375: issuer name       : O=Example Inc, CN=Example Signer FFFF
ssl_tls.c:5375: subject name      : O=Example Inc, CN=Example Device
ssl_tls.c:5375: issued  on        : 2019-02-18 12:00:00
ssl_tls.c:5375: expires on        : 3000-12-31 23:59:59
ssl_tls.c:5375: signed using      : ECDSA with SHA256
ssl_tls.c:5375: EC key size       : 256 bits
ssl_tls.c:5375: value of 'crt->eckey.Q(X)' (256 bits) is:
ssl_tls.c:5375:  90 c4 a6 8f 6a 66 2c 6f 10 b3 c7 1c 0f 40 af d0
ssl_tls.c:5375:  31 84 ca da 3f 87 d3 0e 54 ab 75 8c 84 83 34 eb
ssl_tls.c:5375: value of 'crt->eckey.Q(Y)' (255 bits) is:
ssl_tls.c:5375:  78 be 59 7c 9e c4 e2 e2 36 95 64 00 ae a7 76 a6
ssl_tls.c:5375:  89 43 05 ef 55 dc 0a 60 89 f7 f6 4e b8 d4 9a 6b
ssl_tls.c:5375: own certificate #2:
ssl_tls.c:5375: cert. version     : 3
ssl_tls.c:5375: serial number     : 5C:01:55:DC:5F:B5:F7:C0:D7:66:F9:42:15:81:A0:D0
ssl_tls.c:5375: issuer name       : O=Example Inc, CN=Example Root CA
ssl_tls.c:5375: subject name      : O=Example Inc, CN=Example Signer FFFF
ssl_tls.c:5375: issued  on        : 2019-02-18 12:42:09
ssl_tls.c:5375: expires on        : 2029-02-18 12:42:09
ssl_tls.c:5375: signed using      : ECDSA with SHA256
ssl_tls.c:5375: EC key size       : 256 bits
ssl_tls.c:5375: basic constraints : CA=true, max_pathlen=0
ssl_tls.c:5375: key usage         : Digital Signature, Key Cert Sign, CRL Sign
ssl_tls.c:5375: value of 'crt->eckey.Q(X)' (256 bits) is:
ssl_tls.c:5375:  b0 6c 95 70 24 6f 08 6a b3 b7 7c b0 68 54 28 e1
ssl_tls.c:5375:  e3 a5 ab d1 5f 8a 37 0e 5b c9 f8 47 b3 70 ce b3
ssl_tls.c:5375: value of 'crt->eckey.Q(Y)' (256 bits) is:
ssl_tls.c:5375:  92 63 e0 bd da 7b 07 0c 54 1e 5b 15 1a 2b 47 9c
ssl_tls.c:5375:  00 a8 6f f6 ce 1a 27 dd 55 b5 68 dc 87 c6 84 86
ssl_tls.c:3180: => write handshake message
ssl_tls.c:3337: => write record
ssl_tls.c:3417: output record: msgtype = 22, version = [3:3], msglen = 897
ssl_tls.c:3420: dumping 'output record sent to network' (902 bytes)
ssl_tls.c:3420: 0000:  16 03 03 03 81 0b 00 03 7d 00 03 7a 00 01 a9 30  ........}..z...0
ssl_tls.c:3420: 0010:  82 01 a5 30 82 01 4b a0 03 02 01 02 02 10 63 0e  ...0..K.......c.
ssl_tls.c:3420: 0020:  50 a4 eb 20 f5 0d 52 0c cd a2 68 f5 d8 07 30 0a  P.. ..R...h...0.
ssl_tls.c:3420: 0030:  06 08 2a 86 48 ce 3d 04 03 02 30 34 31 14 30 12  ..*.H.=...041.0.
ssl_tls.c:3420: 0040:  06 03 55 04 0a 0c 0b 45 78 61 6d 70 6c 65 20 49  ..U....Example I
ssl_tls.c:3420: 0050:  6e 63 31 1c 30 1a 06 03 55 04 03 0c 13 45 78 61  nc1.0...U....Exa
ssl_tls.c:3420: 0060:  6d 70 6c 65 20 53 69 67 6e 65 72 20 46 46 46 46  mple Signer FFFF
ssl_tls.c:3420: 0070:  30 20 17 0d 31 39 30 32 31 38 31 32 30 30 30 30  0 ..190218120000
ssl_tls.c:3420: 0080:  5a 18 0f 33 30 30 30 31 32 33 31 32 33 35 39 35  Z..3000123123595
ssl_tls.c:3420: 0090:  39 5a 30 2f 31 14 30 12 06 03 55 04 0a 0c 0b 45  9Z0/1.0...U....E
ssl_tls.c:3420: 00a0:  78 61 6d 70 6c 65 20 49 6e 63 31 17 30 15 06 03  xample Inc1.0...
ssl_tls.c:3420: 00b0:  55 04 03 0c 0e 45 78 61 6d 70 6c 65 20 44 65 76  U....Example Dev
ssl_tls.c:3420: 00c0:  69 63 65 30 59 30 13 06 07 2a 86 48 ce 3d 02 01  ice0Y0...*.H.=..
ssl_tls.c:3420: 00d0:  06 08 2a 86 48 ce 3d 03 01 07 03 42 00 04 90 c4  ..*.H.=....B....
ssl_tls.c:3420: 00e0:  a6 8f 6a 66 2c 6f 10 b3 c7 1c 0f 40 af d0 31 84  ..jf,o.....@..1.
ssl_tls.c:3420: 00f0:  ca da 3f 87 d3 0e 54 ab 75 8c 84 83 34 eb 78 be  ..?...T.u...4.x.
ssl_tls.c:3420: 0100:  59 7c 9e c4 e2 e2 36 95 64 00 ae a7 76 a6 89 43  Y|....6.d...v..C
ssl_tls.c:3420: 0110:  05 ef 55 dc 0a 60 89 f7 f6 4e b8 d4 9a 6b a3 42  ..U..`...N...k.B
ssl_tls.c:3420: 0120:  30 40 30 1d 06 03 55 1d 0e 04 16 04 14 03 99 87  0@0...U.........
ssl_tls.c:3420: 0130:  f7 c7 43 5b ef 68 6b c3 d4 62 f0 a1 3a 54 a5 ba  ..C[.hk..b..:T..
ssl_tls.c:3420: 0140:  d1 30 1f 06 03 55 1d 23 04 18 30 16 80 14 6c 25  .0...U.#..0...l%
ssl_tls.c:3420: 0150:  8f 6f 7e e8 41 1c 67 9b 10 d6 c4 35 c3 60 13 8f  .o~.A.g....5.`..
ssl_tls.c:3420: 0160:  eb 61 30 0a 06 08 2a 86 48 ce 3d 04 03 02 03 48  .a0...*.H.=....H
ssl_tls.c:3420: 0170:  00 30 45 02 20 5f 1e f6 e4 57 a6 01 41 35 9c 66  .0E. _...W..A5.f
ssl_tls.c:3420: 0180:  04 d3 3d 9b 4a 3b 68 3d 96 8a d5 92 ab 52 52 a9  ..=.J;h=.....RR.
ssl_tls.c:3420: 0190:  1c 3d de 71 81 02 21 00 df 98 f8 40 6d 0a d3 32  .=.q..!....@m..2
ssl_tls.c:3420: 01a0:  b8 5e 4f 6a 7b 79 63 66 e0 76 d9 b8 ad f8 e2 5b  .^Oj{ycf.v.....[
ssl_tls.c:3420: 01b0:  6b ab be b9 e8 ec 58 cf 00 01 cb 30 82 01 c7 30  k.....X....0...0
ssl_tls.c:3420: 01c0:  82 01 6e a0 03 02 01 02 02 10 5c 01 55 dc 5f b5  ..n.......\.U._.
ssl_tls.c:3420: 01d0:  f7 c0 d7 66 f9 42 15 81 a0 d0 30 0a 06 08 2a 86  ...f.B....0...*.
ssl_tls.c:3420: 01e0:  48 ce 3d 04 03 02 30 30 31 14 30 12 06 03 55 04  H.=...001.0...U.
ssl_tls.c:3420: 01f0:  0a 0c 0b 45 78 61 6d 70 6c 65 20 49 6e 63 31 18  ...Example Inc1.
ssl_tls.c:3420: 0200:  30 16 06 03 55 04 03 0c 0f 45 78 61 6d 70 6c 65  0...U....Example
ssl_tls.c:3420: 0210:  20 52 6f 6f 74 20 43 41 30 1e 17 0d 31 39 30 32   Root CA0...1902
ssl_tls.c:3420: 0220:  31 38 31 32 34 32 30 39 5a 17 0d 32 39 30 32 31  18124209Z..29021
ssl_tls.c:3420: 0230:  38 31 32 34 32 30 39 5a 30 34 31 14 30 12 06 03  8124209Z041.0...
ssl_tls.c:3420: 0240:  55 04 0a 0c 0b 45 78 61 6d 70 6c 65 20 49 6e 63  U....Example Inc
ssl_tls.c:3420: 0250:  31 1c 30 1a 06 03 55 04 03 0c 13 45 78 61 6d 70  1.0...U....Examp
ssl_tls.c:3420: 0260:  6c 65 20 53 69 67 6e 65 72 20 46 46 46 46 30 59  le Signer FFFF0Y
ssl_tls.c:3420: 0270:  30 13 06 07 2a 86 48 ce 3d 02 01 06 08 2a 86 48  0...*.H.=....*.H
ssl_tls.c:3420: 0280:  ce 3d 03 01 07 03 42 00 04 b0 6c 95 70 24 6f 08  .=....B...l.p$o.
ssl_tls.c:3420: 0290:  6a b3 b7 7c b0 68 54 28 e1 e3 a5 ab d1 5f 8a 37  j..|.hT(....._.7
ssl_tls.c:3420: 02a0:  0e 5b c9 f8 47 b3 70 ce b3 92 63 e0 bd da 7b 07  .[..G.p...c...{.
ssl_tls.c:3420: 02b0:  0c 54 1e 5b 15 1a 2b 47 9c 00 a8 6f f6 ce 1a 27  .T.[..+G...o...'
ssl_tls.c:3420: 02c0:  dd 55 b5 68 dc 87 c6 84 86 a3 66 30 64 30 12 06  .U.h......f0d0..
ssl_tls.c:3420: 02d0:  03 55 1d 13 01 01 ff 04 08 30 06 01 01 ff 02 01  .U.......0......
ssl_tls.c:3420: 02e0:  00 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 01  .0...U..........
ssl_tls.c:3420: 02f0:  86 30 1d 06 03 55 1d 0e 04 16 04 14 6c 25 8f 6f  .0...U......l%.o
ssl_tls.c:3420: 0300:  7e e8 41 1c 67 9b 10 d6 c4 35 c3 60 13 8f eb 61  ~.A.g....5.`...a
ssl_tls.c:3420: 0310:  30 1f 06 03 55 1d 23 04 18 30 16 80 14 1c 82 1c  0...U.#..0......
ssl_tls.c:3420: 0320:  77 50 a5 0b 90 5f 5c 00 47 47 11 15 d8 83 f4 80  wP..._\.GG......
ssl_tls.c:3420: 0330:  ce 30 0a 06 08 2a 86 48 ce 3d 04 03 02 03 47 00  .0...*.H.=....G.
ssl_tls.c:3420: 0340:  30 44 02 20 0a bd f6 b9 74 b7 fd 7d 94 af 81 86  0D. ....t..}....
ssl_tls.c:3420: 0350:  49 fe 94 e4 96 4c 66 2e b5 e8 e0 21 49 94 9f 3c  I....Lf....!I..<
ssl_tls.c:3420: 0360:  3f 91 06 9f 02 20 70 54 62 e5 61 1b 74 78 c5 56  ?.... pTb.a.tx.V
ssl_tls.c:3420: 0370:  6f 00 1a 18 ea 58 62 ad 87 5a 9c 3f 71 12 0e 0b  o....Xb..Z.?q...
ssl_tls.c:3420: 0380:  0a 4e 8c c6 cc af                                .N....
ssl_tls.c:2751: => flush output
ssl_tls.c:2770: message length: 902, out_left: 902
ssl_tls.c:2775: ssl->f_send() returned 902 (-0xfffffc7a)

my provision.h:

static const uint8_t provisioning_device_cert[] = {
    0x30, 0x82, 0x01, 0xA5, 0x30, 0x82, 0x01, 0x4B, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0x63, 
    0x0E, 0x50, 0xA4, 0xEB, 0x20, 0xF5, 0x0D, 0x52, 0x0C, 0xCD, 0xA2, 0x68, 0xF5, 0xD8, 0x07, 0x30, 
    0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x34, 0x31, 0x14, 0x30, 
    0x12, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0B, 0x45, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x20, 
    0x49, 0x6E, 0x63, 0x31, 0x1C, 0x30, 0x1A, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x13, 0x45, 0x78, 
    0x61, 0x6D, 0x70, 0x6C, 0x65, 0x20, 0x53, 0x69, 0x67, 0x6E, 0x65, 0x72, 0x20, 0x46, 0x46, 0x46, 
    0x46, 0x30, 0x20, 0x17, 0x0D, 0x31, 0x39, 0x30, 0x32, 0x31, 0x38, 0x31, 0x32, 0x30, 0x30, 0x30, 
    0x30, 0x5A, 0x18, 0x0F, 0x33, 0x30, 0x30, 0x30, 0x31, 0x32, 0x33, 0x31, 0x32, 0x33, 0x35, 0x39, 
    0x35, 0x39, 0x5A, 0x30, 0x2F, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0B, 
    0x45, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x20, 0x49, 0x6E, 0x63, 0x31, 0x17, 0x30, 0x15, 0x06, 
    0x03, 0x55, 0x04, 0x03, 0x0C, 0x0E, 0x45, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x20, 0x44, 0x65, 
    0x76, 0x69, 0x63, 0x65, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 
    0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x90, 
    0xC4, 0xA6, 0x8F, 0x6A, 0x66, 0x2C, 0x6F, 0x10, 0xB3, 0xC7, 0x1C, 0x0F, 0x40, 0xAF, 0xD0, 0x31, 
    0x84, 0xCA, 0xDA, 0x3F, 0x87, 0xD3, 0x0E, 0x54, 0xAB, 0x75, 0x8C, 0x84, 0x83, 0x34, 0xEB, 0x78, 
    0xBE, 0x59, 0x7C, 0x9E, 0xC4, 0xE2, 0xE2, 0x36, 0x95, 0x64, 0x00, 0xAE, 0xA7, 0x76, 0xA6, 0x89, 
    0x43, 0x05, 0xEF, 0x55, 0xDC, 0x0A, 0x60, 0x89, 0xF7, 0xF6, 0x4E, 0xB8, 0xD4, 0x9A, 0x6B, 0xA3, 
    0x42, 0x30, 0x40, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x03, 0x99, 
    0x87, 0xF7, 0xC7, 0x43, 0x5B, 0xEF, 0x68, 0x6B, 0xC3, 0xD4, 0x62, 0xF0, 0xA1, 0x3A, 0x54, 0xA5, 
    0xBA, 0xD1, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x6C, 
    0x25, 0x8F, 0x6F, 0x7E, 0xE8, 0x41, 0x1C, 0x67, 0x9B, 0x10, 0xD6, 0xC4, 0x35, 0xC3, 0x60, 0x13, 
    0x8F, 0xEB, 0x61, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x03, 
    0x48, 0x00, 0x30, 0x45, 0x02, 0x20, 0x5F, 0x1E, 0xF6, 0xE4, 0x57, 0xA6, 0x01, 0x41, 0x35, 0x9C, 
    0x66, 0x04, 0xD3, 0x3D, 0x9B, 0x4A, 0x3B, 0x68, 0x3D, 0x96, 0x8A, 0xD5, 0x92, 0xAB, 0x52, 0x52, 
    0xA9, 0x1C, 0x3D, 0xDE, 0x71, 0x81, 0x02, 0x21, 0x00, 0xDF, 0x98, 0xF8, 0x40, 0x6D, 0x0A, 0xD3, 
    0x32, 0xB8, 0x5E, 0x4F, 0x6A, 0x7B, 0x79, 0x63, 0x66, 0xE0, 0x76, 0xD9, 0xB8, 0xAD, 0xF8, 0xE2, 
    0x5B, 0x6B, 0xAB, 0xBE, 0xB9, 0xE8, 0xEC, 0x58, 0xCF, 
};

static const uint8_t provisioning_signer_cert[] = {
    0x30, 0x82, 0x01, 0xC7, 0x30, 0x82, 0x01, 0x6E, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0x5C, 
    0x01, 0x55, 0xDC, 0x5F, 0xB5, 0xF7, 0xC0, 0xD7, 0x66, 0xF9, 0x42, 0x15, 0x81, 0xA0, 0xD0, 0x30, 
    0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x30, 0x31, 0x14, 0x30, 
    0x12, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0B, 0x45, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x20, 
    0x49, 0x6E, 0x63, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x45, 0x78, 
    0x61, 0x6D, 0x70, 0x6C, 0x65, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1E, 0x17, 
    0x0D, 0x31, 0x39, 0x30, 0x32, 0x31, 0x38, 0x31, 0x32, 0x34, 0x32, 0x30, 0x39, 0x5A, 0x17, 0x0D, 
    0x32, 0x39, 0x30, 0x32, 0x31, 0x38, 0x31, 0x32, 0x34, 0x32, 0x30, 0x39, 0x5A, 0x30, 0x34, 0x31, 
    0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0B, 0x45, 0x78, 0x61, 0x6D, 0x70, 0x6C, 
    0x65, 0x20, 0x49, 0x6E, 0x63, 0x31, 0x1C, 0x30, 0x1A, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x13, 
    0x45, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x20, 0x53, 0x69, 0x67, 0x6E, 0x65, 0x72, 0x20, 0x46, 
    0x46, 0x46, 0x46, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 
    0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xB0, 0x6C, 
    0x95, 0x70, 0x24, 0x6F, 0x08, 0x6A, 0xB3, 0xB7, 0x7C, 0xB0, 0x68, 0x54, 0x28, 0xE1, 0xE3, 0xA5, 
    0xAB, 0xD1, 0x5F, 0x8A, 0x37, 0x0E, 0x5B, 0xC9, 0xF8, 0x47, 0xB3, 0x70, 0xCE, 0xB3, 0x92, 0x63, 
    0xE0, 0xBD, 0xDA, 0x7B, 0x07, 0x0C, 0x54, 0x1E, 0x5B, 0x15, 0x1A, 0x2B, 0x47, 0x9C, 0x00, 0xA8, 
    0x6F, 0xF6, 0xCE, 0x1A, 0x27, 0xDD, 0x55, 0xB5, 0x68, 0xDC, 0x87, 0xC6, 0x84, 0x86, 0xA3, 0x66, 
    0x30, 0x64, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x01, 0x01, 0xFF, 0x04, 0x08, 0x30, 0x06, 
    0x01, 0x01, 0xFF, 0x02, 0x01, 0x00, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01, 0xFF, 
    0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 
    0x14, 0x6C, 0x25, 0x8F, 0x6F, 0x7E, 0xE8, 0x41, 0x1C, 0x67, 0x9B, 0x10, 0xD6, 0xC4, 0x35, 0xC3, 
    0x60, 0x13, 0x8F, 0xEB, 0x61, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, 0x18, 0x30, 0x16, 
    0x80, 0x14, 0x1C, 0x82, 0x1C, 0x77, 0x50, 0xA5, 0x0B, 0x90, 0x5F, 0x5C, 0x00, 0x47, 0x47, 0x11, 
    0x15, 0xD8, 0x83, 0xF4, 0x80, 0xCE, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 
    0x03, 0x02, 0x03, 0x47, 0x00, 0x30, 0x44, 0x02, 0x20, 0x0A, 0xBD, 0xF6, 0xB9, 0x74, 0xB7, 0xFD, 
    0x7D, 0x94, 0xAF, 0x81, 0x86, 0x49, 0xFE, 0x94, 0xE4, 0x96, 0x4C, 0x66, 0x2E, 0xB5, 0xE8, 0xE0, 
    0x21, 0x49, 0x94, 0x9F, 0x3C, 0x3F, 0x91, 0x06, 0x9F, 0x02, 0x20, 0x70, 0x54, 0x62, 0xE5, 0x61, 
    0x1B, 0x74, 0x78, 0xC5, 0x56, 0x6F, 0x00, 0x1A, 0x18, 0xEA, 0x58, 0x62, 0xAD, 0x87, 0x5A, 0x9C, 
    0x3F, 0x71, 0x12, 0x0E, 0x0B, 0x0A, 0x4E, 0x8C, 0xC6, 0xCC, 0xAF, 
};

static const uint8_t provisioning_root_public_key[] = {
    0xCF, 0xA4, 0xF6, 0x18, 0x50, 0xCE, 0xBE, 0xF1, 0x8F, 0x77, 0xC9, 0x1B, 0x6D, 0x9C, 0xE9, 0xFE, 
    0x6C, 0x54, 0xFF, 0x16, 0x76, 0x4D, 0xCF, 0x3E, 0xDA, 0x94, 0x6E, 0xE5, 0x81, 0x9E, 0xBD, 0xF2, 
    0x35, 0x54, 0x46, 0xD9, 0x3B, 0x24, 0xBE, 0x37, 0x20, 0x4E, 0xA9, 0xB3, 0xF6, 0xE3, 0xBA, 0xBB, 
    0x0D, 0x65, 0xCD, 0xD8, 0x16, 0xB9, 0x91, 0x5C, 0xC3, 0x81, 0x3D, 0x6C, 0x2E, 0xF5, 0xF7, 0xA6, 
};

[copercini]

just a curiosity, inverting signerCA and deviceCert loading order, it returns:

got an alert message, type: [2:42]
is a fatal alert message (msg 42)
translated to TLS1_ALERT_BAD_CERTIFICATE

as expected, but in the theoretically correct order, a generic error (80) TLS1_ALERT_INTERNAL_ERROR

[copercini]

I "solved" this disabling ECDH_COMPUTE_SHARED_ALT and ECDH_GEN_PUBLIC_ALT and just using the ATECC to sign the TLS handshake