JAHTKELD commented 4 years ago

Hello I don´t know way sometimes it not works

Sometimes Failed to write device certificate: 4 and other Failed to write signer certificate: 4

Today, I have clone again the proyect and start for the begining, but a I have tried 20 times and all give faild, I have tried with 4 diferent board with diferent ECC608A chip

I have

**C:\Jose\Mass\scripts>deviceprovision.py Connected COM ports: ['COM6'] Enter the number of the port to use :1 Use COM port: COM6 Recv: Send: b'r' Recv: Ready.

communication ready. Send: b's' Recv: 0123c4b09bb2b877ee got serial number. Send: b'k' Recv: -----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEMm7lNlDcuV08AxGDb+aYnF90f5Ai kfFoY20ZJcAfBoWGolnC0IIjAODxfpiWTULpz/zAsxzBiwOMWFPaavBXQA== -----END PUBLIC KEY-----

got device public key.

Load Device Public Key Loading from 0123c4b09bb2b877ee-device-pubkey.pem

Load Signer Loading key from signer-ca.key Loading certificate from signer-ca.crt

Create Device Certificate C:\Jose\Mass\scripts\create_device_be.py:114: CryptographyDeprecationWarning: Extension objects are deprecated as arguments to from_issuer_subject_key_identifier and support will be removed soon. Please migrate to passing a SubjectKeyIdentifier directly. x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier(issuer_ski), Save Device Certificate to 0123c4b09bb2b877ee-device.crt Save Root Public Key to root-pub.pem Send: b'c' Recv: Send: b'-----BEGIN CERTIFICATE-----\n' Recv: Send: b'MIIByDCCAW6gAwIBAgIQYVnwLZ8thRHrzZk8WT67qTAKBggqhkjOPQQDAjAxMRYw\n' Recv: Send: b'FAYDVQQKDA1ET01VU0FfVEVLTklLMRcwFQYDVQQDDA5pQ29ubmVjdFJvb3RDQTAg\n' Recv: Send: b'Fw0yMDA2MjQxOTUyMjNaGA8yMDcwMDYyNDE5NTIyM1owMTEWMBQGA1UECgwNRE9N\n' Recv: Send: b'VVNBX1RFS05JSzEXMBUGA1UEAwwOaUNvbm5lY3RTaWduZXIwWTATBgcqhkjOPQIB\n' Recv: Send: b'BggqhkjOPQMBBwNCAARv3MxLTuYClipL6kMRJ1Toxc4NRsiQhxcD0LMAIW0OxKtP\n' Recv: Send: b'c78lgyM8D5YeRjd+2gDqn/W7aWQGoCrAobfTS0mMo2YwZDASBgNVHRMBAf8ECDAG\n' Recv: Send: b'AQH/AgEAMA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUfIuBmG2iV6hhPalX9b6V\n' Recv: Send: b'SAGazrYwHwYDVR0jBBgwFoAUhuqKF1pWSjc5VOigRn48i50YeTIwCgYIKoZIzj0E\n' Recv: Send: b'AwIDSAAwRQIhALv75Hqfkw6MQv2L1RsfV6jWi1W8A1JQc5JTDWETz+4lAiAdozKp\n' Recv: Send: b'Dl1LCotv21RgLZeJxuLr7N0M6RB7Meh0aLvc5g==\n' Recv: Send: b'-----END CERTIFICATE-----\n' Recv: Send: b'\n' Recv: Send: b'v' Recv: Send: b'-----BEGIN CERTIFICATE-----\n' Recv: Send: b'MIIBojCCAUmgAwIBAgIQUacEwd3AhSadrwwU4q83czAKBggqhkjOPQQDAjAxMRYw\n' Recv: Send: b'FAYDVQQKDA1ET01VU0FfVEVLTklLMRcwFQYDVQQDDA5pQ29ubmVjdFNpZ25lcjAg\n' Recv: Send: b'Fw0yMDA3MDkxMjAwMDBaGA8zMDAwMTIzMTIzNTk1OVowMDERMA8GA1UECgwIdGVz\n' Recv: Send: b'dGNvcnAxGzAZBgNVBAMMEjAxMjNjNGIwOWJiMmI4NzdlZTBZMBMGByqGSM49AgEG\n' Recv: Send: b'CCqGSM49AwEHA0IABDJu5TZQ3LldPAMRg2/mmJxfdH+QIpHxaGNtGSXAHwaFhqJZ\n' Recv: Send: b'wtCCIwDg8X6Ylk1C6c/8wLMcwYsDjFhT2mrwV0CjQjBAMB0GA1UdDgQWBBTu1/bo\n' Recv: Send: b'Uax5W3AWbClPUKU0NJqUczAfBgNVHSMEGDAWgBR8i4GYbaJXqGE9qVf1vpVIAZrO\n' Recv: Send: b'tjAKBggqhkjOPQQDAgNHADBEAiBMblTgK1xFCa/aUlnsCglRM3fbVsAnUq2LsSxT\n' Recv: Send: b'ct2fmAIgQLgucOp3BKZJXtQwbtQNfbnwWibCzlv2+i1UL1Z/ifE=\n' Recv: Send: b'-----END CERTIFICATE-----\n' Recv: Send: b'\n' Recv: Send: b'b' Recv: Send: b'-----BEGIN PUBLIC KEY-----\n' Recv: Send: b'MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEkyfT6hkA9PlDW1wX4C2gMHrNYdYN\n' Recv: Send: b'4zglU65NpUV8+DQJyjxw9Ao74Ob0Kto3rcqoDzQX4LdHC1zgttFWxx7yeA==\n' Recv: Send: b'-----END PUBLIC KEY-----\n' Recv: Send: b'\n' Recv: Send: b'q' Recv: provisioning start Writing Root Public Key device sn provisioning complete.

Recv: Writing Signer Certificate Writing Device Certificate Failed to write device certificate: 4**

JAHTKELD commented 4 years ago

Sorry, I had a problem with the previus maked certificate files and the new clone proyect. I haven't right copy all necesary fies to scripts folders. The device,crt certificate had a Organization name and the file out.txt has other, for that I had a ATCACERT_E_DECODING_ERROR , because the Organization name has diferent size.

Sorry.

JAHTKELD commented 4 years ago

Hello: Sorry, but i have found that (with the same firmware uploading) the scripts doesn´t works fine. And also I have detect that with certificate uploading sucessfull it is not right and Azure reject the conecction.

And way sometimes at the end the scripts show the hexdecimal certificate or not?

Here are three attempts, two wrong and the last sucessfull, without change the board firmware, only restart it

C:\Jose\ECC608A_4\ECC608-MassProvisioning\scripts>deviceprovision.py Connected COM ports: ['COM6'] Enter the number of the port to use :1 Use COM port: COM6 Recv: Send: b'r' Recv: Ready.

communication ready. Send: b's' Recv: 012351a8813e7de5ee got serial number. Send: b'k' Recv: Send: b'k' Recv: -----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEDRH5npgEb+Jr2EskPY26u8UHqN/B qt8f9u0BoFv9QCdzqwXSxaZ2chM6iPKYgpKg3kOizmhPVC/FEUaATs1VfA== -----END PUBLIC KEY----- -----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEBdg+3n5EHqCZQZtDC8dcjtrp4nAN lbHGst8/R5xiKWnBkvlZTGP0Q52oi6bWNlHfUPmKur8CwyT+x+yCmUcXig== -----END PUBLIC KEY-----

got device public key.

Load Device Public Key Loading from 012351a8813e7de5ee-device-pubkey.pem

Load Signer Loading key from signer-ca.key Loading certificate from signer-ca.crt

Create Device Certificate C:\Jose\ECC608A_4\ECC608-MassProvisioning\scripts\create_device_be.py:114: CryptographyDeprecationWarning: Extension objects are deprecated as arguments to from_issuer_subject_key_identifier and support will be removed soon. Please migrate to passing a SubjectKeyIdentifier directly. x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier(issuer_ski), Save Device Certificate to 012351a8813e7de5ee-device.crt Save Root Public Key to root-pub.pem Send: b'c' Recv: Send: b'-----BEGIN CERTIFICATE-----\n' Recv: Send: b'MIIByDCCAW6gAwIBAgIQYVnwLZ8thRHrzZk8WT67qTAKBggqhkjOPQQDAjAxMRYw\n' Recv: Send: b'FAYDVQQKDA1ET01VU0FfVEVLTklLMRcwFQYDVQQDDA5pQ29ubmVjdFJvb3RDQTAg\n' Recv: Send: b'Fw0yMDA2MjQxOTUyMjNaGA8yMDcwMDYyNDE5NTIyM1owMTEWMBQGA1UECgwNRE9N\n' Recv: Send: b'VVNBX1RFS05JSzEXMBUGA1UEAwwOaUNvbm5lY3RTaWduZXIwWTATBgcqhkjOPQIB\n' Recv: Send: b'BggqhkjOPQMBBwNCAARv3MxLTuYClipL6kMRJ1Toxc4NRsiQhxcD0LMAIW0OxKtP\n' Recv: Send: b'c78lgyM8D5YeRjd+2gDqn/W7aWQGoCrAobfTS0mMo2YwZDASBgNVHRMBAf8ECDAG\n' Recv: Send: b'AQH/AgEAMA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUfIuBmG2iV6hhPalX9b6V\n' Recv: Send: b'SAGazrYwHwYDVR0jBBgwFoAUhuqKF1pWSjc5VOigRn48i50YeTIwCgYIKoZIzj0E\n' Recv: Send: b'AwIDSAAwRQIhALv75Hqfkw6MQv2L1RsfV6jWi1W8A1JQc5JTDWETz+4lAiAdozKp\n' Recv: Send: b'Dl1LCotv21RgLZeJxuLr7N0M6RB7Meh0aLvc5g==\n' Recv: Send: b'-----END CERTIFICATE-----\n' Recv: Send: b'\n' Recv: Send: b'v' Recv: Send: b'-----BEGIN CERTIFICATE-----\n' Recv: Send: b'MIIBqDCCAU6gAwIBAgIQcgIt2f8ffn1kM3Qffo/wHTAKBggqhkjOPQQDAjAxMRYw\n' Recv: Send: b'FAYDVQQKDA1ET01VU0FfVEVLTklLMRcwFQYDVQQDDA5pQ29ubmVjdFNpZ25lcjAg\n' Recv: Send: b'Fw0yMDA3MTAwODAwMDBaGA8zMDAwMTIzMTIzNTk1OVowNTEWMBQGA1UECgwNRE9N\n' Recv: Send: b'VVNBX1RFS05JSzEbMBkGA1UEAwwSMDEyMzUxYTg4MTNlN2RlNWVlMFkwEwYHKoZI\n' Recv: Send: b'zj0CAQYIKoZIzj0DAQcDQgAEDRH5npgEb+Jr2EskPY26u8UHqN/Bqt8f9u0BoFv9\n' Recv: Send: b'QCdzqwXSxaZ2chM6iPKYgpKg3kOizmhPVC/FEUaATs1VfKNCMEAwHQYDVR0OBBYE\n' Recv: Send: b'FNzbNvEXdGCRBC5eGLgUe+KTuZQrMB8GA1UdIwQYMBaAFHyLgZhtoleoYT2pV/W+\n' Recv: Send: b'lUgBms62MAoGCCqGSM49BAMCA0gAMEUCIHzOxjhnoHSHoTGJ2mtKgX6L36Oe2ibB\n' Recv: Send: b'JB7T08C9Kr5IAiEA6oQTXPdOlKPj7JqLwPzmm55Rojx5muv4n+rg9+7jyKU=\n' Recv: Send: b'-----END CERTIFICATE-----\n' Recv: Send: b'\n' Recv: Send: b'b' Recv: Send: b'-----BEGIN PUBLIC KEY-----\n' Recv: Send: b'MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEkyfT6hkA9PlDW1wX4C2gMHrNYdYN\n' Recv: Send: b'4zglU65NpUV8+DQJyjxw9Ao74Ob0Kto3rcqoDzQX4LdHC1zgttFWxx7yeA==\n' Recv: Send: b'-----END PUBLIC KEY-----\n' Recv: Send: b'\n' Recv: Send: b'q' Recv: provisioning start Writing Root Public Key

Recv: device sn provisioning complete. Writing Signer Certificate Writing Device Certificate Failed to write device certificate: 4

Recv: Traceback (most recent call last): File "C:\Jose\ECC608A_4\ECC608-MassProvisioning\scripts\deviceprovision.py", line 190, in time.sleep(5) KeyboardInterrupt ^C C:\Jose\ECC608A_4\ECC608-MassProvisioning\scripts>deviceprovision.py Connected COM ports: ['COM6'] Enter the number of the port to use :1 Use COM port: COM6 Recv: Send: b'r' Recv: Ready.

communication ready. Send: b's' Recv: 012351a8813e7de5ee got serial number.

Load Device Public Key Loading from 012351a8813e7de5ee-device-pubkey.pem

Load Signer Loading key from signer-ca.key Loading certificate from signer-ca.crt

Create Device Certificate C:\Jose\ECC608A_4\ECC608-MassProvisioning\scripts\create_device_be.py:114: CryptographyDeprecationWarning: Extension objects are deprecated as arguments to from_issuer_subject_key_identifier and support will be removed soon. Please migrate to passing a SubjectKeyIdentifier directly. x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier(issuer_ski), Save Device Certificate to 012351a8813e7de5ee-device.crt Save Root Public Key to root-pub.pem Send: b'c' Recv: Send: b'-----BEGIN CERTIFICATE-----\n' Recv: Send: b'MIIByDCCAW6gAwIBAgIQYVnwLZ8thRHrzZk8WT67qTAKBggqhkjOPQQDAjAxMRYw\n' Recv: Send: b'FAYDVQQKDA1ET01VU0FfVEVLTklLMRcwFQYDVQQDDA5pQ29ubmVjdFJvb3RDQTAg\n' Recv: Send: b'Fw0yMDA2MjQxOTUyMjNaGA8yMDcwMDYyNDE5NTIyM1owMTEWMBQGA1UECgwNRE9N\n' Recv: Send: b'VVNBX1RFS05JSzEXMBUGA1UEAwwOaUNvbm5lY3RTaWduZXIwWTATBgcqhkjOPQIB\n' Recv: Send: b'BggqhkjOPQMBBwNCAARv3MxLTuYClipL6kMRJ1Toxc4NRsiQhxcD0LMAIW0OxKtP\n' Recv: Send: b'c78lgyM8D5YeRjd+2gDqn/W7aWQGoCrAobfTS0mMo2YwZDASBgNVHRMBAf8ECDAG\n' Recv: Send: b'AQH/AgEAMA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUfIuBmG2iV6hhPalX9b6V\n' Recv: Send: b'SAGazrYwHwYDVR0jBBgwFoAUhuqKF1pWSjc5VOigRn48i50YeTIwCgYIKoZIzj0E\n' Recv: Send: b'AwIDSAAwRQIhALv75Hqfkw6MQv2L1RsfV6jWi1W8A1JQc5JTDWETz+4lAiAdozKp\n' Recv: Send: b'Dl1LCotv21RgLZeJxuLr7N0M6RB7Meh0aLvc5g==\n' Recv: Send: b'-----END CERTIFICATE-----\n' Recv: Send: b'\n' Recv: Send: b'v' Recv: Send: b'-----BEGIN CERTIFICATE-----\n' Recv: Send: b'MIIBqDCCAU6gAwIBAgIQcgIt2f8ffn1kM3Qffo/wHTAKBggqhkjOPQQDAjAxMRYw\n' Recv: Send: b'FAYDVQQKDA1ET01VU0FfVEVLTklLMRcwFQYDVQQDDA5pQ29ubmVjdFNpZ25lcjAg\n' Recv: Send: b'Fw0yMDA3MTAwODAwMDBaGA8zMDAwMTIzMTIzNTk1OVowNTEWMBQGA1UECgwNRE9N\n' Recv: Send: b'VVNBX1RFS05JSzEbMBkGA1UEAwwSMDEyMzUxYTg4MTNlN2RlNWVlMFkwEwYHKoZI\n' Recv: Send: b'zj0CAQYIKoZIzj0DAQcDQgAEDRH5npgEb+Jr2EskPY26u8UHqN/Bqt8f9u0BoFv9\n' Recv: Send: b'QCdzqwXSxaZ2chM6iPKYgpKg3kOizmhPVC/FEUaATs1VfKNCMEAwHQYDVR0OBBYE\n' Recv: Send: b'FNzbNvEXdGCRBC5eGLgUe+KTuZQrMB8GA1UdIwQYMBaAFHyLgZhtoleoYT2pV/W+\n' Recv: Send: b'lUgBms62MAoGCCqGSM49BAMCA0gAMEUCIQDRNDwt3olTzwobVWLn+5RXKryjHGrC\n' Recv: Send: b'vNOSW7fZ73S/fQIgEU+QwF6XGxuvNgM9EKM1u3Ji6WGAQr9IHa/rCcidaSE=\n' Recv: Send: b'-----END CERTIFICATE-----\n' Recv: Send: b'\n' Recv: Send: b'b' Recv: Send: b'-----BEGIN PUBLIC KEY-----\n' Recv: Send: b'MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEkyfT6hkA9PlDW1wX4C2gMHrNYdYN\n' Recv: Send: b'4zglU65NpUV8+DQJyjxw9Ao74Ob0Kto3rcqoDzQX4LdHC1zgttFWxx7yeA==\n' Recv: Send: b'-----END PUBLIC KEY-----\n' Recv: Send: b'\n' Recv: Send: b'q' Recv: provisioning start Writing Root Public Key device sn provisioning complete. Writing Signer Certificate

Recv: Writing Device Certificate Failed to write device certificate: 4

Traceback (most recent call last): File "C:\Jose\ECC608A_4\ECC608-MassProvisioning\scripts\deviceprovision.py", line 184, in time.sleep(5) KeyboardInterrupt ^C C:\Jose\ECC608A_4\ECC608-MassProvisioning\scripts>deviceprovision.py Connected COM ports: ['COM6'] Enter the number of the port to use :1 Use COM port: COM6 Recv: Send: b'r' Recv: Ready.

communication ready. Send: b's' Recv: 012351a8813e7de5ee got serial number.

Load Device Public Key Loading from 012351a8813e7de5ee-device-pubkey.pem

Load Signer Loading key from signer-ca.key Loading certificate from signer-ca.crt

Create Device Certificate C:\Jose\ECC608A_4\ECC608-MassProvisioning\scripts\create_device_be.py:114: CryptographyDeprecationWarning: Extension objects are deprecated as arguments to from_issuer_subject_key_identifier and support will be removed soon. Please migrate to passing a SubjectKeyIdentifier directly. x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier(issuer_ski), Save Device Certificate to 012351a8813e7de5ee-device.crt Save Root Public Key to root-pub.pem Send: b'c' Recv: Send: b'-----BEGIN CERTIFICATE-----\n' Recv: Send: b'MIIByDCCAW6gAwIBAgIQYVnwLZ8thRHrzZk8WT67qTAKBggqhkjOPQQDAjAxMRYw\n' Recv: Send: b'FAYDVQQKDA1ET01VU0FfVEVLTklLMRcwFQYDVQQDDA5pQ29ubmVjdFJvb3RDQTAg\n' Recv: Send: b'Fw0yMDA2MjQxOTUyMjNaGA8yMDcwMDYyNDE5NTIyM1owMTEWMBQGA1UECgwNRE9N\n' Recv: Send: b'VVNBX1RFS05JSzEXMBUGA1UEAwwOaUNvbm5lY3RTaWduZXIwWTATBgcqhkjOPQIB\n' Recv: Send: b'BggqhkjOPQMBBwNCAARv3MxLTuYClipL6kMRJ1Toxc4NRsiQhxcD0LMAIW0OxKtP\n' Recv: Send: b'c78lgyM8D5YeRjd+2gDqn/W7aWQGoCrAobfTS0mMo2YwZDASBgNVHRMBAf8ECDAG\n' Recv: Send: b'AQH/AgEAMA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUfIuBmG2iV6hhPalX9b6V\n' Recv: Send: b'SAGazrYwHwYDVR0jBBgwFoAUhuqKF1pWSjc5VOigRn48i50YeTIwCgYIKoZIzj0E\n' Recv: Send: b'AwIDSAAwRQIhALv75Hqfkw6MQv2L1RsfV6jWi1W8A1JQc5JTDWETz+4lAiAdozKp\n' Recv: Send: b'Dl1LCotv21RgLZeJxuLr7N0M6RB7Meh0aLvc5g==\n' Recv: Send: b'-----END CERTIFICATE-----\n' Recv: Send: b'\n' Recv: Send: b'v' Recv: Send: b'-----BEGIN CERTIFICATE-----\n' Recv: Send: b'MIIBpzCCAU6gAwIBAgIQcgIt2f8ffn1kM3Qffo/wHTAKBggqhkjOPQQDAjAxMRYw\n' Recv: Send: b'FAYDVQQKDA1ET01VU0FfVEVLTklLMRcwFQYDVQQDDA5pQ29ubmVjdFNpZ25lcjAg\n' Recv: Send: b'Fw0yMDA3MTAwODAwMDBaGA8zMDAwMTIzMTIzNTk1OVowNTEWMBQGA1UECgwNRE9N\n' Recv: Send: b'VVNBX1RFS05JSzEbMBkGA1UEAwwSMDEyMzUxYTg4MTNlN2RlNWVlMFkwEwYHKoZI\n' Recv: Send: b'zj0CAQYIKoZIzj0DAQcDQgAEDRH5npgEb+Jr2EskPY26u8UHqN/Bqt8f9u0BoFv9\n' Recv: Send: b'QCdzqwXSxaZ2chM6iPKYgpKg3kOizmhPVC/FEUaATs1VfKNCMEAwHQYDVR0OBBYE\n' Recv: Send: b'FNzbNvEXdGCRBC5eGLgUe+KTuZQrMB8GA1UdIwQYMBaAFHyLgZhtoleoYT2pV/W+\n' Recv: Send: b'lUgBms62MAoGCCqGSM49BAMCA0cAMEQCIEyFY4vo9tdRGspeLSYiOzkikhsAAmxu\n' Recv: Send: b'u+RIjjHmneTzAiAsHb00y3cOLFE43vtD8AecOtckcATvB80xKev8dqTWSg==\n' Recv: Send: b'-----END CERTIFICATE-----\n' Recv: Send: b'\n' Recv: Send: b'b' Recv: Send: b'-----BEGIN PUBLIC KEY-----\n' Recv: Send: b'MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEkyfT6hkA9PlDW1wX4C2gMHrNYdYN\n' Recv: Send: b'4zglU65NpUV8+DQJyjxw9Ao74Ob0Kto3rcqoDzQX4LdHC1zgttFWxx7yeA==\n' Recv: Send: b'-----END PUBLIC KEY-----\n' Recv: Send: b'\n' Recv: Send: b'q' Recv: provisioning start Writing Root Public Key device sn provisioning complete.

Recv: Writing Signer Certificate Writing Device Certificate Reading Signer Certificate Comparing Signer Certificate Reading Device Certificate Comparing Device Certificate Device certificate missmatch

0000: 30|30 82|82 01|01 A7|A7 30|30 82|82 01|01 4E|4E A0|A0 03|03 02|02 01|01 02|02 02|02 10|10 72|55 0010: 02|E7 2D|F9 D9|D4 FF|15 1F|15 7E|CD 7D|61 64|D4 33|75 74|9A 1F|E6 7E|CB 8F|8F F0|AE 1D|80 30|30 0020: 0A|0A 06|06 08|08 2A|2A 86|86 48|48 CE|CE 3D|3D 04|04 03|03 02|02 30|30 31|31 31|31 16|16 30|30 0030: 14|14 06|06 03|03 55|55 04|04 0A|0A 0C|0C 0D|0D 44|44 4F|4F 4D|4D 55|55 53|53 41|41 5F|5F 54|54 0040: 45|45 4B|4B 4E|4E 49|49 4B|4B 31|31 17|17 30|30 15|15 06|06 03|03 55|55 04|04 03|03 0C|0C 0E|0E 0050: 69|69 43|43 6F|6F 6E|6E 6E|6E 65|65 63|63 74|74 53|53 69|69 67|67 6E|6E 65|65 72|72 30|30 20|20 0060: 17|17 0D|0D 32|32 30|30 30|30 37|37 31|31 30|30 30|30 38|38 30|30 30|30 30|30 30|30 5A|5A 18|18 0070: 0F|0F 33|33 30|30 30|30 30|30 31|31 32|32 33|33 31|31 32|32 33|33 35|35 39|39 35|35 39|39 5A|5A 0080: 30|30 35|35 31|31 16|16 30|30 14|14 06|06 03|03 55|55 04|04 0A|0A 0C|0C 0D|0D 44|44 4F|4F 4D|4D 0090: 55|55 53|53 41|41 5F|5F 54|54 45|45 4B|4B 4E|4E 49|49 4B|4B 31|31 1B|1B 30|30 19|19 06|06 03|03 00A0: 55|55 04|04 03|03 0C|0C 12|12 30|30 31|31 32|32 33|33 35|35 31|31 61|61 38|38 38|38 31|31 33|33 00B0: 65|65 37|37 64|64 65|65 35|35 65|65 65|65 30|30 59|59 30|30 13|13 06|06 07|07 2A|2A 86|86 48|48 00C0: CE|CE 3D|3D 02|02 01|01 06|06 08|08 2A|2A 86|86 48|48 CE|CE 3D|3D 03|03 01|01 07|07 03|03 42|42 00D0: 00|00 04|04 0D|05 11|D8 F9|3E 9E|DE 98|7E 04|44 6F|1E E2|A0 6B|99 D8|41 4B|9B 24|43 3D|0B 8D|C7 00E0: BA|5C BB|8E C5|DA 07|E9 A8|E2 DF|70 C1|0D AA|95 DF|B1 1F|C6 F6|B2 ED|DF 01|3F A0|47 5B|9C FD|62 00F0: 40|29 27|69 73|C1 AB|92 05|F9 D2|59 C5|4C A6|63 76|F4 72|43 13|9D 3A|A8 88|8B F2|A6 98|D6 82|36 0100: 92|51 A0|DF DE|50 43|F9 A2|8A CE|BA 68|BF 4F|02 54|C3 2F|24 C5|FE 11|C7 46|EC 80|82 4E|99 CD|47 0110: 55|17 7C|8A A3|A3 42|42 30|30 40|40 30|30 1D|1D 06|06 03|03 55|55 1D|1D 0E|0E 04|04 16|16 04|04 0120: 14|14 DC|A0 DB|69 36|9B F1|9E 17|72 74|BF 60|A0 91|61 04|EE 2E|D1 5E|0F 18|CF B8|25 14|83 7B|73 0130: E2|C8 93|DF B9|1E 94|55 2B|A7 30|30 1F|1F 06|06 03|03 55|55 1D|1D 23|23 04|04 18|18 30|30 16|16 * 0140: 80|80 14|14 7C|7C 8B|8B 81|81 98|98 6D|6D A2|A2 57|57 A8|A8 61|61 3D|3D A9|A9 57|57 F5|F5 BE|BE 0150: 95|95 48|48 01|01 9A|9A CE|CE B6|B6 30|30 0A|0A 06|06 08|08 2A|2A 86|86 48|48 CE|CE 3D|3D 04|04 0160: 03|03 02|02 03|03 47|47 00|00 30|30 44|44 02|02 20|20 4C|4C 85|85 63|63 8B|8B E8|E8 F6|F6 D7|D7 0170: 51|51 1A|1A CA|CA 5E|5E 2D|2D 26|26 22|22 3B|3B 39|39 22|22 92|92 1B|1B 00|00 02|02 6C|6C 6E|6E 0180: BB|BB E4|E4 48|48 8E|8E 31|31 E6|E6 9D|9D E4|E4 F3|F3 02|02 20|20 2C|2C 1D|1D BD|BD 34|34 CB|CB 0190: 77|77 0E|0E 2C|2C 51|51 38|38 DE|DE FB|FB 43|43 F0|F0 07|07 9C|9C 3A|3A D7|D7 24|24 70|70 04|04 01A0: EF|EF 07|07 CD|CD 31|31 29|29 EB|EB FC|FC 76|76 A4|A4 D6|D6 4A|4A Device Provisioning Successful!

Best Regards

JAHTKELD commented 4 years ago

But with the last try, it say Device Provisioning Successful! but doen´t work with Azure. I have make another 3 attempts and the last works with Azure.

C:\Jose\ECC608A_4\ECC608-MassProvisioning\scripts>deviceprovision.py Connected COM ports: ['COM6'] Enter the number of the port to use :1 Use COM port: COM6 Recv: Send: b'r' Recv: Ready.

communication ready. Send: b's' Recv: 012351a8813e7de5ee got serial number.

Load Device Public Key Loading from 012351a8813e7de5ee-device-pubkey.pem

Load Signer Loading key from signer-ca.key Loading certificate from signer-ca.crt

Create Device Certificate C:\Jose\ECC608A_4\ECC608-MassProvisioning\scripts\create_device_be.py:114: CryptographyDeprecationWarning: Extension objects are deprecated as arguments to from_issuer_subject_key_identifier and support will be removed soon. Please migrate to passing a SubjectKeyIdentifier directly. x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier(issuer_ski), Save Device Certificate to 012351a8813e7de5ee-device.crt Save Root Public Key to root-pub.pem Send: b'c' Recv: Send: b'-----BEGIN CERTIFICATE-----\n' Recv: Send: b'MIIByDCCAW6gAwIBAgIQYVnwLZ8thRHrzZk8WT67qTAKBggqhkjOPQQDAjAxMRYw\n' Recv: Send: b'FAYDVQQKDA1ET01VU0FfVEVLTklLMRcwFQYDVQQDDA5pQ29ubmVjdFJvb3RDQTAg\n' Recv: Send: b'Fw0yMDA2MjQxOTUyMjNaGA8yMDcwMDYyNDE5NTIyM1owMTEWMBQGA1UECgwNRE9N\n' Recv: Send: b'VVNBX1RFS05JSzEXMBUGA1UEAwwOaUNvbm5lY3RTaWduZXIwWTATBgcqhkjOPQIB\n' Recv: Send: b'BggqhkjOPQMBBwNCAARv3MxLTuYClipL6kMRJ1Toxc4NRsiQhxcD0LMAIW0OxKtP\n' Recv: Send: b'c78lgyM8D5YeRjd+2gDqn/W7aWQGoCrAobfTS0mMo2YwZDASBgNVHRMBAf8ECDAG\n' Recv: Send: b'AQH/AgEAMA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUfIuBmG2iV6hhPalX9b6V\n' Recv: Send: b'SAGazrYwHwYDVR0jBBgwFoAUhuqKF1pWSjc5VOigRn48i50YeTIwCgYIKoZIzj0E\n' Recv: Send: b'AwIDSAAwRQIhALv75Hqfkw6MQv2L1RsfV6jWi1W8A1JQc5JTDWETz+4lAiAdozKp\n' Recv: Send: b'Dl1LCotv21RgLZeJxuLr7N0M6RB7Meh0aLvc5g==\n' Recv: Send: b'-----END CERTIFICATE-----\n' Recv: Send: b'\n' Recv: Send: b'v' Recv: Send: b'-----BEGIN CERTIFICATE-----\n' Recv: Send: b'MIIBpzCCAU6gAwIBAgIQbAgGZAPs/6JWPpQ+RhRX3jAKBggqhkjOPQQDAjAxMRYw\n' Recv: Send: b'FAYDVQQKDA1ET01VU0FfVEVLTklLMRcwFQYDVQQDDA5pQ29ubmVjdFNpZ25lcjAg\n' Recv: Send: b'Fw0yMDA3MTAwOTAwMDBaGA8zMDAwMTIzMTIzNTk1OVowNTEWMBQGA1UECgwNRE9N\n' Recv: Send: b'VVNBX1RFS05JSzEbMBkGA1UEAwwSMDEyMzUxYTg4MTNlN2RlNWVlMFkwEwYHKoZI\n' Recv: Send: b'zj0CAQYIKoZIzj0DAQcDQgAEd20iOKoxUMRybAnU9Vh65ErHT1uhWgDmMQbZ9eCr\n' Recv: Send: b'9CtVlY65vGwkiAWzw3aCi0tkrlgBklYYjdjyoMajrJWXxaNCMEAwHQYDVR0OBBYE\n' Recv: Send: b'FKvLOwoS8VfazLZK4gyXxJBmyiTsMB8GA1UdIwQYMBaAFHyLgZhtoleoYT2pV/W+\n' Recv: Send: b'lUgBms62MAoGCCqGSM49BAMCA0cAMEQCIFkUEahljyTlRyx0PTeSS+FY2LhK5BWx\n' Recv: Send: b'h91K5ZALZOYeAiAX/FRbpi1EAQb1ALTsX5X4tQKW0JzbEZRdXB63AjQJHQ==\n' Recv: Send: b'-----END CERTIFICATE-----\n' Recv: Send: b'\n' Recv: Send: b'b' Recv: Send: b'-----BEGIN PUBLIC KEY-----\n' Recv: Send: b'MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEkyfT6hkA9PlDW1wX4C2gMHrNYdYN\n' Recv: Send: b'4zglU65NpUV8+DQJyjxw9Ao74Ob0Kto3rcqoDzQX4LdHC1zgttFWxx7yeA==\n' Recv: Send: b'-----END PUBLIC KEY-----\n' Recv: Send: b'\n' Recv: Send: b'q' Recv: provisioning start Writing Root Public Key

Recv: device sn provisioning complete. Writing Signer Certificate Writing Device Certificate Reading Signer Certificate Comparing Signer Certificate Reading Device Certificate Comparing Device Certificate

Device Provisioning Successful!

This is the last right devicde certificate

JAHTKELD commented 4 years ago

I have found that the difference is in the Key that is different in each attempt

communication ready. Send: b's' Recv: 012322255acdb721ee got serial number. Send: b'k' Recv: Send: b'k' Recv: -----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEaZ2j4CS2tB3LgemrDBHVVAwp5xLI aeJOw65d32zS0TlO+QMmoNgYU7BHDacl++OuOdqfvzfrj9qGJqIU1YNTJA== -----END PUBLIC KEY----- -----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAET9/3Fl8WFmJh1rGUFwWyUOS+pHVr x5dJJCmEchsgXY7UMVv/O2NtcYyGx3h+sk80FiZdg6mfY2lyrc+YvWzazA== -----END PUBLIC KEY-----

got device public key.

Load Device Public Key Loading from 012322255acdb721ee-device-pubkey.pem

communication ready. Send: b's' Recv: 012322255acdb721ee got serial number.

Load Device Public Key Loading from 012322255acdb721ee-device-pubkey.pem

communication ready. Send: b's' Recv: 012322255acdb721ee got serial number. Send: b'k' Recv: -----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEP+ZosVYnkXOVaXHD/yef59fESP3G u2CqNDypdx0CiBzrV/QgJTnIv/SuRIAnyfmCmiTiLtD8c4VI4NrKXAGwaw== -----END PUBLIC KEY----- got device public key. Load Device Public Key Loading from 012322255acdb721ee-device-pubkey.pem

communication ready. Send: b's' Recv: 012322255acdb721ee got serial number. Send: b'k' Recv: -----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEXYkJEGZnoXNSCLi+OMFYMmht9nqO l/Qdfd9UBOhuaEW+DwU/KrN+NcbW8Uyjl91+kAJ6nNqNYHQlqmwfpF8j4w== -----END PUBLIC KEY----- got device public key. Load Device Public Key Loading from 012322255acdb721ee-device-pubkey.pem

Firts attempts, with Failed to write device certificate: 4

serial 012322255acdb721ee root pub.pem -----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEkyfT6hkA9PlDW1wX4C2gMHrNYdYN 4zglU65NpUV8+DQJyjxw9Ao74Ob0Kto3rcqoDzQX4LdHC1zgttFWxx7yeA== -----END PUBLIC KEY----- device-pubkey.pem -----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEaZ2j4CS2tB3LgemrDBHVVAwp5xLI aeJOw65d32zS0TlO+QMmoNgYU7BHDacl++OuOdqfvzfrj9qGJqIU1YNTJA== -----END PUBLIC KEY----- -----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAET9/3Fl8WFmJh1rGUFwWyUOS+pHVr x5dJJCmEchsgXY7UMVv/O2NtcYyGx3h+sk80FiZdg6mfY2lyrc+YvWzazA== -----END PUBLIC KEY-----

Device certificate -----BEGIN CERTIFICATE----- MIIBqDCCAU6gAwIBAgIQXwksFU3egHZd4ZFz3m2+bTAKBggqhkjOPQQDAjAxMRYw FAYDVQQKDA1ET01VU0FfVEVLTklLMRcwFQYDVQQDDA5pQ29ubmVjdFNpZ25lcjAg Fw0yMDA3MTAwOTAwMDBaGA8zMDAwMTIzMTIzNTk1OVowNTEWMBQGA1UECgwNRE9N VVNBX1RFS05JSzEbMBkGA1UEAwwSMDEyMzIyMjU1YWNkYjcyMWVlMFkwEwYHKoZI zj0CAQYIKoZIzj0DAQcDQgAEaZ2j4CS2tB3LgemrDBHVVAwp5xLIaeJOw65d32zS 0TlO+QMmoNgYU7BHDacl++OuOdqfvzfrj9qGJqIU1YNTJKNCMEAwHQYDVR0OBBYE FPZYU+Utz7PPlcpeTv9wa43VO+DAMB8GA1UdIwQYMBaAFHyLgZhtoleoYT2pV/W+ lUgBms62MAoGCCqGSM49BAMCA0gAMEUCIFUuZ3IuYB8edbOf+jEIqZAsAAWdAfI+ 1Qj/cVDPziYwAiEApIohMLo4lTnh+wI0CCCn8H/nz2VQ7ohg+J1uBE07CKM= -----END CERTIFICATE-----

third attempts, with Failed to write device certificate: 4

serial 012322255acdb721ee

root pub.pem -----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEkyfT6hkA9PlDW1wX4C2gMHrNYdYN 4zglU65NpUV8+DQJyjxw9Ao74Ob0Kto3rcqoDzQX4LdHC1zgttFWxx7yeA== -----END PUBLIC KEY-----

device-pubkey.pem ---------BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEP+ZosVYnkXOVaXHD/yef59fESP3G u2CqNDypdx0CiBzrV/QgJTnIv/SuRIAnyfmCmiTiLtD8c4VI4NrKXAGwaw== -----END PUBLIC KEY-----

Device certificate -----BEGIN CERTIFICATE----- MIIBqTCCAU6gAwIBAgIQX7seD2ehQJ0wzU8HzVr4NjAKBggqhkjOPQQDAjAxMRYw FAYDVQQKDA1ET01VU0FfVEVLTklLMRcwFQYDVQQDDA5pQ29ubmVjdFNpZ25lcjAg Fw0yMDA3MTAwOTAwMDBaGA8zMDAwMTIzMTIzNTk1OVowNTEWMBQGA1UECgwNRE9N VVNBX1RFS05JSzEbMBkGA1UEAwwSMDEyMzIyMjU1YWNkYjcyMWVlMFkwEwYHKoZI zj0CAQYIKoZIzj0DAQcDQgAEP+ZosVYnkXOVaXHD/yef59fESP3Gu2CqNDypdx0C iBzrV/QgJTnIv/SuRIAnyfmCmiTiLtD8c4VI4NrKXAGwa6NCMEAwHQYDVR0OBBYE FEAtxIyZlCPVI8bu+GkmZ4LMNwJBMB8GA1UdIwQYMBaAFHyLgZhtoleoYT2pV/W+ lUgBms62MAoGCCqGSM49BAMCA0kAMEYCIQC4IbiQyXX0sLogROENZihLIMo6qzES 8RHWVY2OgtymqQIhAMUoBoFWL5Z+jLr/w3KefUcbJzPgrVtL+5PGRE0YM1j5 -----END CERTIFICATE-----

last try, sucessfull

serial 012322255acdb721ee

root pub.pem -----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEkyfT6hkA9PlDW1wX4C2gMHrNYdYN 4zglU65NpUV8+DQJyjxw9Ao74Ob0Kto3rcqoDzQX4LdHC1zgttFWxx7yeA== -----END PUBLIC KEY-----

device-pubkey.pem -----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEXYkJEGZnoXNSCLi+OMFYMmht9nqO l/Qdfd9UBOhuaEW+DwU/KrN+NcbW8Uyjl91+kAJ6nNqNYHQlqmwfpF8j4w== -----END PUBLIC KEY-----

Device certificate -----BEGIN CERTIFICATE----- MIIBpzCCAU6gAwIBAgIQQib3oZECe85GvuZH6wOzXzAKBggqhkjOPQQDAjAxMRYw FAYDVQQKDA1ET01VU0FfVEVLTklLMRcwFQYDVQQDDA5pQ29ubmVjdFNpZ25lcjAg Fw0yMDA3MTAwOTAwMDBaGA8zMDAwMTIzMTIzNTk1OVowNTEWMBQGA1UECgwNRE9N VVNBX1RFS05JSzEbMBkGA1UEAwwSMDEyMzIyMjU1YWNkYjcyMWVlMFkwEwYHKoZI zj0CAQYIKoZIzj0DAQcDQgAEXYkJEGZnoXNSCLi+OMFYMmht9nqOl/Qdfd9UBOhu aEW+DwU/KrN+NcbW8Uyjl91+kAJ6nNqNYHQlqmwfpF8j46NCMEAwHQYDVR0OBBYE FOU4HlVgAX1ceIfiHsmtwm0Gr77NMB8GA1UdIwQYMBaAFHyLgZhtoleoYT2pV/W+ lUgBms62MAoGCCqGSM49BAMCA0cAMEQCICttFBY66AS8uuAuQDJi8gN400SCGcSw PROqbCsjpdyDAiBG7OcVz+iLIfYX/0C27+JK95KrDmd7NprrebKnUs7Uhw== -----END CERTIFICATE-----

JAHTKELD commented 4 years ago

Hello, this are my requirements result

C:\Jose\Mass\scripts>pip install -r requirements.txt Requirement already satisfied: cryptography>=2.5 in c:\users\jose\appdata\local\programs\python\python38\lib\site-packages (from -r requirements.txt (line 1)) (2.8) Requirement already satisfied: pyasn1_modules==0.1.5 in c:\users\jose\appdata\local\programs\python\python38\lib\site-packages (from -r requirements.txt (line 2)) (0.1.5) Requirement already satisfied: pytz==2018.9 in c:\users\jose\appdata\local\programs\python\python38\lib\site-packages (from -r requirements.txt (line 3)) (2018.9) Requirement already satisfied: cffi!=1.11.3,>=1.8 in c:\users\jose\appdata\local\programs\python\python38\lib\site-packages (from cryptography>=2.5->-r requirements.txt (line 1)) (1.14.0) Requirement already satisfied: six>=1.4.1 in c:\users\jose\appdata\local\programs\python\python38\lib\site-packages (from cryptography>=2.5->-r requirements.txt (line 1)) (1.14.0) Requirement already satisfied: pyasn1<0.4.0,>=0.3.4 in c:\users\jose\appdata\local\programs\python\python38\lib\site-packages (from pyasn1_modules==0.1.5->-r requirements.txt (line 2)) (0.3.7) Requirement already satisfied: pycparser in c:\users\jose\appdata\local\programs\python\python38\lib\site-packages (from cffi!=1.11.3,>=1.8->cryptography>=2.5->-r requirements.txt (line 1)) (2.19)

JAHTKELD commented 4 years ago

Hello Can be a issue with the scripts at Windows 10? I'm goint to try to install a linux in my windows but never I do it.

Thanks for your help

kmwebnet commented 4 years ago

The following is a command to get the public key number 0, but it has been executed twice. The private key has been updated by executing it twice.

Send: b'k' Recv: Send: b'k' Recv: -----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEaZ2j4CS2tB3LgemrDBHVVAwp5xLI aeJOw65d32zS0TlO+QMmoNgYU7BHDacl++OuOdqfvzfrj9qGJqIU1YNTJA== -----END PUBLIC KEY----- -----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAET9/3Fl8WFmJh1rGUFwWyUOS+pHVr x5dJJCmEchsgXY7UMVv/O2NtcYyGx3h+sk80FiZdg6mfY2lyrc+YvWzazA== -----END PUBLIC KEY-----

And the python script that received it seems to create a certificate with the'older' public key.

This is due to the difference in key response time between the unconfigured ATECC608A and the configured one. It takes time to pull out the 0th key from the unconfigured state, and it can't wait for the second'k' command. Issuing.

There are two approaches,

Increase the following waiting time of python code.

get device public key if it isnt exist

if not os.path.exists('{}'.format(filename)):
    for i in range (5):
        time.sleep(1)
        w_data = b'k'
        r_data = uart_write_read(w_data, r_size)
        time.sleep(5)

        if len(r_data)> 0:
            with open('{}'.format(filename),'w', encoding="utf-8" ,newline="\n") as f:
                f.write(r_data.replace('\r', ``))
            print('got device public key.')
            break

2, The private key number 0 is generated only once when the ATECC608A is configured, Make sure that the public key responds to the same number of times you call it.

Since this method is used only at the time of provisioning, it does not seem to affect security implementation, key rotation, update, etc. during production.

This time, configure.c was updated by the method of 2. I tried it with unconfigured ATECCC608A and it was ok.

I hope you can try it.

JAHTKELD commented 4 years ago

Hello:

I have tried the new configure.c, and I ahve 2 sucessfulll and 5 Failed.

Are a new board (never configurate) and the others were tested before

There are the first 4, 2 sucessfull and2 failed

C:\Users\JOSE>cd C:\Jose\ECC608A_4\ECC608-MassProvisioning\scripts

C:\Jose\ECC608A_4\ECC608-MassProvisioning\scripts>deviceprovision.py Connected COM ports: ['COM6'] Enter the number of the port to use :1 Use COM port: COM6 Recv: Send: b'r' Recv: Ready.

communication ready. Send: b's' Recv: 0123639e35b6aa7cee got serial number. Send: b'k' Recv: Send: b'k' Recv: -----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEwCu1b65icE+XxIQEtkp124lFsaMm jNSo/rWu1hJ+O7kTA+skTDNE2jesKw0gyBqxjzRRj9R5Nkl/0wrucMWOKw== -----END PUBLIC KEY----- -----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEwCu1b65icE+XxIQEtkp124lFsaMm jNSo/rWu1hJ+O7kTA+skTDNE2jesKw0gyBqxjzRRj9R5Nkl/0wrucMWOKw== -----END PUBLIC KEY-----

got device public key.

Load Device Public Key Loading from 0123639e35b6aa7cee-device-pubkey.pem

Load Signer Loading key from signer-ca.key Loading certificate from signer-ca.crt

Create Device Certificate C:\Jose\ECC608A_4\ECC608-MassProvisioning\scripts\create_device_be.py:114: CryptographyDeprecationWarning: Extension objects are deprecated as arguments to from_issuer_subject_key_identifier and support will be removed soon. Please migrate to passing a SubjectKeyIdentifier directly. x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier(issuer_ski), Save Device Certificate to 0123639e35b6aa7cee-device.crt Save Root Public Key to root-pub.pem Send: b'c' Recv: Send: b'-----BEGIN CERTIFICATE-----\n' Recv: Send: b'MIIByDCCAW6gAwIBAgIQYVnwLZ8thRHrzZk8WT67qTAKBggqhkjOPQQDAjAxMRYw\n' Recv: Send: b'FAYDVQQKDA1ET01VU0FfVEVLTklLMRcwFQYDVQQDDA5pQ29ubmVjdFJvb3RDQTAg\n' Recv: Send: b'Fw0yMDA2MjQxOTUyMjNaGA8yMDcwMDYyNDE5NTIyM1owMTEWMBQGA1UECgwNRE9N\n' Recv: Send: b'VVNBX1RFS05JSzEXMBUGA1UEAwwOaUNvbm5lY3RTaWduZXIwWTATBgcqhkjOPQIB\n' Recv: Send: b'BggqhkjOPQMBBwNCAARv3MxLTuYClipL6kMRJ1Toxc4NRsiQhxcD0LMAIW0OxKtP\n' Recv: Send: b'c78lgyM8D5YeRjd+2gDqn/W7aWQGoCrAobfTS0mMo2YwZDASBgNVHRMBAf8ECDAG\n' Recv: Send: b'AQH/AgEAMA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUfIuBmG2iV6hhPalX9b6V\n' Recv: Send: b'SAGazrYwHwYDVR0jBBgwFoAUhuqKF1pWSjc5VOigRn48i50YeTIwCgYIKoZIzj0E\n' Recv: Send: b'AwIDSAAwRQIhALv75Hqfkw6MQv2L1RsfV6jWi1W8A1JQc5JTDWETz+4lAiAdozKp\n' Recv: Send: b'Dl1LCotv21RgLZeJxuLr7N0M6RB7Meh0aLvc5g==\n' Recv: Send: b'-----END CERTIFICATE-----\n' Recv: Send: b'\n' Recv: Send: b'v' Recv: Send: b'-----BEGIN CERTIFICATE-----\n' Recv: Send: b'MIIBpzCCAU6gAwIBAgIQYhRFyqDq3QZTPswafro8UTAKBggqhkjOPQQDAjAxMRYw\n' Recv: Send: b'FAYDVQQKDA1ET01VU0FfVEVLTklLMRcwFQYDVQQDDA5pQ29ubmVjdFNpZ25lcjAg\n' Recv: Send: b'Fw0yMDA3MTEwNjAwMDBaGA8zMDAwMTIzMTIzNTk1OVowNTEWMBQGA1UECgwNRE9N\n' Recv: Send: b'VVNBX1RFS05JSzEbMBkGA1UEAwwSMDEyMzYzOWUzNWI2YWE3Y2VlMFkwEwYHKoZI\n' Recv: Send: b'zj0CAQYIKoZIzj0DAQcDQgAEwCu1b65icE+XxIQEtkp124lFsaMmjNSo/rWu1hJ+\n' Recv: Send: b'O7kTA+skTDNE2jesKw0gyBqxjzRRj9R5Nkl/0wrucMWOK6NCMEAwHQYDVR0OBBYE\n' Recv: Send: b'FFtavT3BL1QAzCx2WrmorfdrUqQ2MB8GA1UdIwQYMBaAFHyLgZhtoleoYT2pV/W+\n' Recv: Send: b'lUgBms62MAoGCCqGSM49BAMCA0cAMEQCICb3xEAV4vHktdc06mUhYpiYyciZ/D1y\n' Recv: Send: b'8cabk6HOc4wlAiBSolpf3p34FnnNdShI97Agc8PZlThSQdeJll9PcnyNaA==\n' Recv: Send: b'-----END CERTIFICATE-----\n' Recv: Send: b'\n' Recv: Send: b'b' Recv: Send: b'-----BEGIN PUBLIC KEY-----\n' Recv: Send: b'MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEkyfT6hkA9PlDW1wX4C2gMHrNYdYN\n' Recv: Send: b'4zglU65NpUV8+DQJyjxw9Ao74Ob0Kto3rcqoDzQX4LdHC1zgttFWxx7yeA==\n' Recv: Send: b'-----END PUBLIC KEY-----\n' Recv: Send: b'\n' Recv: Send: b'q' Recv: provisioning start Writing Root Public Key device sn provisioning complete.

Recv: Writing Signer Certificate Writing Device Certificate Reading Signer Certificate Comparing Signer Certificate Reading Device Certificate Comparing Device Certificate

Device Provisioning Successful!

Recv: Recv: Brownout detector \xfc?l Recv: Send: b' ' Recv: Recv: Recv:

C:\Jose\ECC608A_4\ECC608-MassProvisioning\scripts>deviceprovision.py Connected COM ports: ['COM6'] Enter the number of the port to use :1 Use COM port: COM6 Recv: Send: b'r' Recv: Ready.

communication ready. Send: b's' Recv: 0123b001d20e7dc9ee got serial number. Send: b'k' Recv: -----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZQZk/hrbpBh4d55LGEBkPqaIJ9Uu Aa4kHo+ZTIKZi73nJb8wLemlpYURGAYIfpYy7JgNBa15y7SSTfg28DnhJA== -----END PUBLIC KEY-----

got device public key.

Load Device Public Key Loading from 0123b001d20e7dc9ee-device-pubkey.pem

Load Signer Loading key from signer-ca.key Loading certificate from signer-ca.crt

Create Device Certificate C:\Jose\ECC608A_4\ECC608-MassProvisioning\scripts\create_device_be.py:114: CryptographyDeprecationWarning: Extension objects are deprecated as arguments to from_issuer_subject_key_identifier and support will be removed soon. Please migrate to passing a SubjectKeyIdentifier directly. x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier(issuer_ski), Save Device Certificate to 0123b001d20e7dc9ee-device.crt Save Root Public Key to root-pub.pem Send: b'c' Recv: Send: b'-----BEGIN CERTIFICATE-----\n' Recv: Send: b'MIIByDCCAW6gAwIBAgIQYVnwLZ8thRHrzZk8WT67qTAKBggqhkjOPQQDAjAxMRYw\n' Recv: Send: b'FAYDVQQKDA1ET01VU0FfVEVLTklLMRcwFQYDVQQDDA5pQ29ubmVjdFJvb3RDQTAg\n' Recv: Send: b'Fw0yMDA2MjQxOTUyMjNaGA8yMDcwMDYyNDE5NTIyM1owMTEWMBQGA1UECgwNRE9N\n' Recv: Send: b'VVNBX1RFS05JSzEXMBUGA1UEAwwOaUNvbm5lY3RTaWduZXIwWTATBgcqhkjOPQIB\n' Recv: Send: b'BggqhkjOPQMBBwNCAARv3MxLTuYClipL6kMRJ1Toxc4NRsiQhxcD0LMAIW0OxKtP\n' Recv: Send: b'c78lgyM8D5YeRjd+2gDqn/W7aWQGoCrAobfTS0mMo2YwZDASBgNVHRMBAf8ECDAG\n' Recv: Send: b'AQH/AgEAMA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUfIuBmG2iV6hhPalX9b6V\n' Recv: Send: b'SAGazrYwHwYDVR0jBBgwFoAUhuqKF1pWSjc5VOigRn48i50YeTIwCgYIKoZIzj0E\n' Recv: Send: b'AwIDSAAwRQIhALv75Hqfkw6MQv2L1RsfV6jWi1W8A1JQc5JTDWETz+4lAiAdozKp\n' Recv: Send: b'Dl1LCotv21RgLZeJxuLr7N0M6RB7Meh0aLvc5g==\n' Recv: Send: b'-----END CERTIFICATE-----\n' Recv: Send: b'\n' Recv: Send: b'v' Recv: Send: b'-----BEGIN CERTIFICATE-----\n' Recv: Send: b'MIIBqDCCAU6gAwIBAgIQeROMXgQmt5r6fxZubnwHOzAKBggqhkjOPQQDAjAxMRYw\n' Recv: Send: b'FAYDVQQKDA1ET01VU0FfVEVLTklLMRcwFQYDVQQDDA5pQ29ubmVjdFNpZ25lcjAg\n' Recv: Send: b'Fw0yMDA3MTEwNjAwMDBaGA8zMDAwMTIzMTIzNTk1OVowNTEWMBQGA1UECgwNRE9N\n' Recv: Send: b'VVNBX1RFS05JSzEbMBkGA1UEAwwSMDEyM2IwMDFkMjBlN2RjOWVlMFkwEwYHKoZI\n' Recv: Send: b'zj0CAQYIKoZIzj0DAQcDQgAEZQZk/hrbpBh4d55LGEBkPqaIJ9UuAa4kHo+ZTIKZ\n' Recv: Send: b'i73nJb8wLemlpYURGAYIfpYy7JgNBa15y7SSTfg28DnhJKNCMEAwHQYDVR0OBBYE\n' Recv: Send: b'FFrQdMYODpTv3/vYDw5Rr4QkJTrOMB8GA1UdIwQYMBaAFHyLgZhtoleoYT2pV/W+\n' Recv: Send: b'lUgBms62MAoGCCqGSM49BAMCA0gAMEUCIQCPE749R1mb8mY2utMd+sZh5kN3L9yz\n' Recv: Send: b'c1Zhn+M31smphwIgfmueXfQrzK5XRvuSzbXfUIS3M6sPSL+7f6fXll1cNHA=\n' Recv: Send: b'-----END CERTIFICATE-----\n' Recv: Send: b'\n' Recv: Send: b'b' Recv: Send: b'-----BEGIN PUBLIC KEY-----\n' Recv: Send: b'MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEkyfT6hkA9PlDW1wX4C2gMHrNYdYN\n' Recv: Send: b'4zglU65NpUV8+DQJyjxw9Ao74Ob0Kto3rcqoDzQX4LdHC1zgttFWxx7yeA==\n' Recv: Send: b'-----END PUBLIC KEY-----\n' Recv: Send: b'\n' Recv: Send: b'q' Recv: provisioning start Writing Root Public Key

Recv: device sn provisioning complete. Writing Signer Certificate Writing Device Certificate Failed to write device certificate: 4

Recv: Recv: Recv: \xecl\xde Traceback (most recent call last): File "C:\Jose\ECC608A_4\ECC608-MassProvisioning\scripts\deviceprovision.py", line 200, in time.sleep(5) KeyboardInterrupt ^C C:\Jose\ECC608A_4\ECC608-MassProvisioning\scripts>deviceprovision.py Connected COM ports: ['COM6'] Enter the number of the port to use :1 Use COM port: COM6 Recv: Send: b'r' Recv: Ready.

communication ready. Send: b's' Recv: 0123b2ec068f442bee got serial number. Send: b'k' Recv: -----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZBTe+q19RqjYPAeIQaZR2yEirJlt 6z/kiq8wByvIParB+PDgvcOM7cohlIqw7tRlH/YXqz2KHEoRwOtwPQk1ew== -----END PUBLIC KEY-----

got device public key.

Load Device Public Key Loading from 0123b2ec068f442bee-device-pubkey.pem

Load Signer Loading key from signer-ca.key Loading certificate from signer-ca.crt

Create Device Certificate C:\Jose\ECC608A_4\ECC608-MassProvisioning\scripts\create_device_be.py:114: CryptographyDeprecationWarning: Extension objects are deprecated as arguments to from_issuer_subject_key_identifier and support will be removed soon. Please migrate to passing a SubjectKeyIdentifier directly. x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier(issuer_ski), Save Device Certificate to 0123b2ec068f442bee-device.crt Save Root Public Key to root-pub.pem Send: b'c' Recv: Send: b'-----BEGIN CERTIFICATE-----\n' Recv: Send: b'MIIByDCCAW6gAwIBAgIQYVnwLZ8thRHrzZk8WT67qTAKBggqhkjOPQQDAjAxMRYw\n' Recv: Send: b'FAYDVQQKDA1ET01VU0FfVEVLTklLMRcwFQYDVQQDDA5pQ29ubmVjdFJvb3RDQTAg\n' Recv: Send: b'Fw0yMDA2MjQxOTUyMjNaGA8yMDcwMDYyNDE5NTIyM1owMTEWMBQGA1UECgwNRE9N\n' Recv: Send: b'VVNBX1RFS05JSzEXMBUGA1UEAwwOaUNvbm5lY3RTaWduZXIwWTATBgcqhkjOPQIB\n' Recv: Send: b'BggqhkjOPQMBBwNCAARv3MxLTuYClipL6kMRJ1Toxc4NRsiQhxcD0LMAIW0OxKtP\n' Recv: Send: b'c78lgyM8D5YeRjd+2gDqn/W7aWQGoCrAobfTS0mMo2YwZDASBgNVHRMBAf8ECDAG\n' Recv: Send: b'AQH/AgEAMA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUfIuBmG2iV6hhPalX9b6V\n' Recv: Send: b'SAGazrYwHwYDVR0jBBgwFoAUhuqKF1pWSjc5VOigRn48i50YeTIwCgYIKoZIzj0E\n' Recv: Send: b'AwIDSAAwRQIhALv75Hqfkw6MQv2L1RsfV6jWi1W8A1JQc5JTDWETz+4lAiAdozKp\n' Recv: Send: b'Dl1LCotv21RgLZeJxuLr7N0M6RB7Meh0aLvc5g==\n' Recv: Send: b'-----END CERTIFICATE-----\n' Recv: Send: b'\n' Recv: Send: b'v' Recv: Send: b'-----BEGIN CERTIFICATE-----\n' Recv: Send: b'MIIBpzCCAU6gAwIBAgIQUBu5Ml+v7wJStPa6L9jiKDAKBggqhkjOPQQDAjAxMRYw\n' Recv: Send: b'FAYDVQQKDA1ET01VU0FfVEVLTklLMRcwFQYDVQQDDA5pQ29ubmVjdFNpZ25lcjAg\n' Recv: Send: b'Fw0yMDA3MTEwNjAwMDBaGA8zMDAwMTIzMTIzNTk1OVowNTEWMBQGA1UECgwNRE9N\n' Recv: Send: b'VVNBX1RFS05JSzEbMBkGA1UEAwwSMDEyM2IyZWMwNjhmNDQyYmVlMFkwEwYHKoZI\n' Recv: Send: b'zj0CAQYIKoZIzj0DAQcDQgAEZBTe+q19RqjYPAeIQaZR2yEirJlt6z/kiq8wByvI\n' Recv: Send: b'ParB+PDgvcOM7cohlIqw7tRlH/YXqz2KHEoRwOtwPQk1e6NCMEAwHQYDVR0OBBYE\n' Recv: Send: b'FAiS1gh3+F3fS0Go+SO7rH2SGQrcMB8GA1UdIwQYMBaAFHyLgZhtoleoYT2pV/W+\n' Recv: Send: b'lUgBms62MAoGCCqGSM49BAMCA0cAMEQCIDbHc1BZ094FnJ9FKsm+yH9qDt3YtoOd\n' Recv: Send: b'9j9lFSXRXsU/AiAq8MFYfdTK9hfAY7hJnq7Kq8uwbjnGjAM85B9HxFj2wQ==\n' Recv: Send: b'-----END CERTIFICATE-----\n' Recv: Send: b'\n' Recv: Send: b'b' Recv: Send: b'-----BEGIN PUBLIC KEY-----\n' Recv: Send: b'MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEkyfT6hkA9PlDW1wX4C2gMHrNYdYN\n' Recv: Send: b'4zglU65NpUV8+DQJyjxw9Ao74Ob0Kto3rcqoDzQX4LdHC1zgttFWxx7yeA==\n' Recv: Send: b'-----END PUBLIC KEY-----\n' Recv: Send: b'\n' Recv: Send: b'q' Recv: provisioning start Writing Root Public Key

Recv: device sn provisioning complete. Writing Signer Certificate Writing Device Certificate Reading Signer Certificate Comparing Signer Certificate Reading Device Certificate Comparing Device Certificate

Device Provisioning Successful!

Recv: Traceback (most recent call last): File "C:\Jose\ECC608A_4\ECC608-MassProvisioning\scripts\deviceprovision.py", line 190, in time.sleep(5) KeyboardInterrupt ^C C:\Jose\ECC608A_4\ECC608-MassProvisioning\scripts>deviceprovision.py Connected COM ports: ['COM6'] Enter the number of the port to use :1 Use COM port: COM6 Recv: Send: b'r' Recv: Ready.

communication ready. Send: b's' Recv: 0123f2a1b12715f2ee got serial number. Send: b'k' Recv: Send: b'k' Recv: -----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEVPPCj+s5E6tTG+oHqi0VqOHtwZds Z42Bfguqa/BvQkF54wWUJnYlJ+dT142aD+utuZxrMPRGQdY0JPRDR/FLbA== -----END PUBLIC KEY----- -----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEVPPCj+s5E6tTG+oHqi0VqOHtwZds Z42Bfguqa/BvQkF54wWUJnYlJ+dT142aD+utuZxrMPRGQdY0JPRDR/FLbA== -----END PUBLIC KEY-----

got device public key.

Load Device Public Key Loading from 0123f2a1b12715f2ee-device-pubkey.pem

Load Signer Loading key from signer-ca.key Loading certificate from signer-ca.crt

Create Device Certificate C:\Jose\ECC608A_4\ECC608-MassProvisioning\scripts\create_device_be.py:114: CryptographyDeprecationWarning: Extension objects are deprecated as arguments to from_issuer_subject_key_identifier and support will be removed soon. Please migrate to passing a SubjectKeyIdentifier directly. x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier(issuer_ski), Save Device Certificate to 0123f2a1b12715f2ee-device.crt Save Root Public Key to root-pub.pem Send: b'c' Recv: Send: b'-----BEGIN CERTIFICATE-----\n' Recv: Send: b'MIIByDCCAW6gAwIBAgIQYVnwLZ8thRHrzZk8WT67qTAKBggqhkjOPQQDAjAxMRYw\n' Recv: Send: b'FAYDVQQKDA1ET01VU0FfVEVLTklLMRcwFQYDVQQDDA5pQ29ubmVjdFJvb3RDQTAg\n' Recv: Send: b'Fw0yMDA2MjQxOTUyMjNaGA8yMDcwMDYyNDE5NTIyM1owMTEWMBQGA1UECgwNRE9N\n' Recv: Send: b'VVNBX1RFS05JSzEXMBUGA1UEAwwOaUNvbm5lY3RTaWduZXIwWTATBgcqhkjOPQIB\n' Recv: Send: b'BggqhkjOPQMBBwNCAARv3MxLTuYClipL6kMRJ1Toxc4NRsiQhxcD0LMAIW0OxKtP\n' Recv: Send: b'c78lgyM8D5YeRjd+2gDqn/W7aWQGoCrAobfTS0mMo2YwZDASBgNVHRMBAf8ECDAG\n' Recv: Send: b'AQH/AgEAMA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUfIuBmG2iV6hhPalX9b6V\n' Recv: Send: b'SAGazrYwHwYDVR0jBBgwFoAUhuqKF1pWSjc5VOigRn48i50YeTIwCgYIKoZIzj0E\n' Recv: Send: b'AwIDSAAwRQIhALv75Hqfkw6MQv2L1RsfV6jWi1W8A1JQc5JTDWETz+4lAiAdozKp\n' Recv: Send: b'Dl1LCotv21RgLZeJxuLr7N0M6RB7Meh0aLvc5g==\n' Recv: Send: b'-----END CERTIFICATE-----\n' Recv: Send: b'\n' Recv: Send: b'v' Recv: Send: b'-----BEGIN CERTIFICATE-----\n' Recv: Send: b'MIIBqDCCAU6gAwIBAgIQT9hYKy3a9JCDKj8Qj4oVIzAKBggqhkjOPQQDAjAxMRYw\n' Recv: Send: b'FAYDVQQKDA1ET01VU0FfVEVLTklLMRcwFQYDVQQDDA5pQ29ubmVjdFNpZ25lcjAg\n' Recv: Send: b'Fw0yMDA3MTEwNjAwMDBaGA8zMDAwMTIzMTIzNTk1OVowNTEWMBQGA1UECgwNRE9N\n' Recv: Send: b'VVNBX1RFS05JSzEbMBkGA1UEAwwSMDEyM2YyYTFiMTI3MTVmMmVlMFkwEwYHKoZI\n' Recv: Send: b'zj0CAQYIKoZIzj0DAQcDQgAEVPPCj+s5E6tTG+oHqi0VqOHtwZdsZ42Bfguqa/Bv\n' Recv: Send: b'QkF54wWUJnYlJ+dT142aD+utuZxrMPRGQdY0JPRDR/FLbKNCMEAwHQYDVR0OBBYE\n' Recv: Send: b'FJyshyIwwqmafuxIcdXa12ecxkaFMB8GA1UdIwQYMBaAFHyLgZhtoleoYT2pV/W+\n' Recv: Send: b'lUgBms62MAoGCCqGSM49BAMCA0gAMEUCIQC3ew6tFjemxV3OZoTssqq+TpKD3Wkm\n' Recv: Send: b'6zg3jUr59sBsywIgY5tBK3kdCltDD1BTurPv1br3Rask3Ci4u//QD/0t7GI=\n' Recv: Send: b'-----END CERTIFICATE-----\n' Recv: Send: b'\n' Recv: Send: b'b' Recv: Send: b'-----BEGIN PUBLIC KEY-----\n' Recv: Send: b'MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEkyfT6hkA9PlDW1wX4C2gMHrNYdYN\n' Recv: Send: b'4zglU65NpUV8+DQJyjxw9Ao74Ob0Kto3rcqoDzQX4LdHC1zgttFWxx7yeA==\n' Recv: Send: b'-----END PUBLIC KEY-----\n' Recv: Send: b'\n' Recv: Send: b'q' Recv: provisioning start Writing Root Public Key

Recv: device sn provisioning complete. Writing Signer Certificate Writing Device Certificate Failed to write device certificate: 4

Recv: Recv: \xecl\xde Recv:

JAHTKELD commented 4 years ago

I modified the python scripts time, but nothing fix.

I have tried with a board already tested. At the first time it give another time de key, and fail, but tried another time, the key is already in the folder, dont ask for the key and it was sucessfull

Connected COM ports: ['COM6'] Enter the number of the port to use :1 Use COM port: COM6 Recv: Send: b'r' Recv: Ready.

communication ready. Send: b's' Recv: 01235cfa256b27b6ee got serial number. Send: b'k' Recv: -----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEzfiKuR5iLyAb0gjlH7KUXfzTljyg H/ZOskvgjI41wnhzSQEpHIvk+cD6a+enuVDrYlHBrhxxirnhHNZ8Txca/w== -----END PUBLIC KEY-----

got device public key.

Load Device Public Key Loading from 01235cfa256b27b6ee-device-pubkey.pem

Load Signer Loading key from signer-ca.key Loading certificate from signer-ca.crt

Create Device Certificate C:\Jose\ECC608A_4\ECC608-MassProvisioning\scripts\create_device_be.py:114: CryptographyDeprecationWarning: Extension objects are deprecated as arguments to from_issuer_subject_key_identifier and support will be removed soon. Please migrate to passing a SubjectKeyIdentifier directly. x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier(issuer_ski), Save Device Certificate to 01235cfa256b27b6ee-device.crt Save Root Public Key to root-pub.pem Send: b'c' Recv: Send: b'-----BEGIN CERTIFICATE-----\n' Recv: Send: b'MIIByDCCAW6gAwIBAgIQYVnwLZ8thRHrzZk8WT67qTAKBggqhkjOPQQDAjAxMRYw\n' Recv: Send: b'FAYDVQQKDA1ET01VU0FfVEVLTklLMRcwFQYDVQQDDA5pQ29ubmVjdFJvb3RDQTAg\n' Recv: Send: b'Fw0yMDA2MjQxOTUyMjNaGA8yMDcwMDYyNDE5NTIyM1owMTEWMBQGA1UECgwNRE9N\n' Recv: Send: b'VVNBX1RFS05JSzEXMBUGA1UEAwwOaUNvbm5lY3RTaWduZXIwWTATBgcqhkjOPQIB\n' Recv: Send: b'BggqhkjOPQMBBwNCAARv3MxLTuYClipL6kMRJ1Toxc4NRsiQhxcD0LMAIW0OxKtP\n' Recv: Send: b'c78lgyM8D5YeRjd+2gDqn/W7aWQGoCrAobfTS0mMo2YwZDASBgNVHRMBAf8ECDAG\n' Recv: Send: b'AQH/AgEAMA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUfIuBmG2iV6hhPalX9b6V\n' Recv: Send: b'SAGazrYwHwYDVR0jBBgwFoAUhuqKF1pWSjc5VOigRn48i50YeTIwCgYIKoZIzj0E\n' Recv: Send: b'AwIDSAAwRQIhALv75Hqfkw6MQv2L1RsfV6jWi1W8A1JQc5JTDWETz+4lAiAdozKp\n' Recv: Send: b'Dl1LCotv21RgLZeJxuLr7N0M6RB7Meh0aLvc5g==\n' Recv: Send: b'-----END CERTIFICATE-----\n' Recv: Send: b'\n' Recv: Send: b'v' Recv: Send: b'-----BEGIN CERTIFICATE-----\n' Recv: Send: b'MIIBqTCCAU6gAwIBAgIQZNormmZ+cpJBMYOm25zXczAKBggqhkjOPQQDAjAxMRYw\n' Recv: Send: b'FAYDVQQKDA1ET01VU0FfVEVLTklLMRcwFQYDVQQDDA5pQ29ubmVjdFNpZ25lcjAg\n' Recv: Send: b'Fw0yMDA3MTEwNzAwMDBaGA8zMDAwMTIzMTIzNTk1OVowNTEWMBQGA1UECgwNRE9N\n' Recv: Send: b'VVNBX1RFS05JSzEbMBkGA1UEAwwSMDEyMzVjZmEyNTZiMjdiNmVlMFkwEwYHKoZI\n' Recv: Send: b'zj0CAQYIKoZIzj0DAQcDQgAEzfiKuR5iLyAb0gjlH7KUXfzTljygH/ZOskvgjI41\n' Recv: Send: b'wnhzSQEpHIvk+cD6a+enuVDrYlHBrhxxirnhHNZ8Txca/6NCMEAwHQYDVR0OBBYE\n' Recv: Send: b'FFn/OHtvpd8/HLO5vmn5SuQmYoVhMB8GA1UdIwQYMBaAFHyLgZhtoleoYT2pV/W+\n' Recv: Send: b'lUgBms62MAoGCCqGSM49BAMCA0kAMEYCIQCq9805JtHXYVqGCU+zH0prMOw8Vwes\n' Recv: Send: b'TTJw+N5JbTR0YAIhAJiYFsPbIhnjixaGJJhe70ADhSVpzPXS6/47dE1xTDwt\n' Recv: Send: b'-----END CERTIFICATE-----\n' Recv: Send: b'\n' Recv: Send: b'b' Recv: Send: b'-----BEGIN PUBLIC KEY-----\n' Recv: Send: b'MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEkyfT6hkA9PlDW1wX4C2gMHrNYdYN\n' Recv: Send: b'4zglU65NpUV8+DQJyjxw9Ao74Ob0Kto3rcqoDzQX4LdHC1zgttFWxx7yeA==\n' Recv: Send: b'-----END PUBLIC KEY-----\n' Recv: Send: b'\n' Recv: Send: b'q' Recv: provisioning start Writing Root Public Key

Recv: device sn provisioning complete. Writing Signer Certificate Writing Device Certificate Failed to write device certificate: 4

Recv: Recv: Recv: Send: b' ' Recv: Recv: Recv:

C:\Jose\ECC608A_4\ECC608-MassProvisioning\scripts>deviceprovision.py Connected COM ports: ['COM6'] Enter the number of the port to use :1 Use COM port: COM6 Recv: Send: b'r' Recv: Ready.

communication ready. Send: b's' Recv: 01235cfa256b27b6ee got serial number.

Load Device Public Key Loading from 01235cfa256b27b6ee-device-pubkey.pem

Load Signer Loading key from signer-ca.key Loading certificate from signer-ca.crt

Create Device Certificate C:\Jose\ECC608A_4\ECC608-MassProvisioning\scripts\create_device_be.py:114: CryptographyDeprecationWarning: Extension objects are deprecated as arguments to from_issuer_subject_key_identifier and support will be removed soon. Please migrate to passing a SubjectKeyIdentifier directly. x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier(issuer_ski), Save Device Certificate to 01235cfa256b27b6ee-device.crt Save Root Public Key to root-pub.pem Send: b'c' Recv: Send: b'-----BEGIN CERTIFICATE-----\n' Recv: Send: b'MIIByDCCAW6gAwIBAgIQYVnwLZ8thRHrzZk8WT67qTAKBggqhkjOPQQDAjAxMRYw\n' Recv: Send: b'FAYDVQQKDA1ET01VU0FfVEVLTklLMRcwFQYDVQQDDA5pQ29ubmVjdFJvb3RDQTAg\n' Recv: Send: b'Fw0yMDA2MjQxOTUyMjNaGA8yMDcwMDYyNDE5NTIyM1owMTEWMBQGA1UECgwNRE9N\n' Recv: Send: b'VVNBX1RFS05JSzEXMBUGA1UEAwwOaUNvbm5lY3RTaWduZXIwWTATBgcqhkjOPQIB\n' Recv: Send: b'BggqhkjOPQMBBwNCAARv3MxLTuYClipL6kMRJ1Toxc4NRsiQhxcD0LMAIW0OxKtP\n' Recv: Send: b'c78lgyM8D5YeRjd+2gDqn/W7aWQGoCrAobfTS0mMo2YwZDASBgNVHRMBAf8ECDAG\n' Recv: Send: b'AQH/AgEAMA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUfIuBmG2iV6hhPalX9b6V\n' Recv: Send: b'SAGazrYwHwYDVR0jBBgwFoAUhuqKF1pWSjc5VOigRn48i50YeTIwCgYIKoZIzj0E\n' Recv: Send: b'AwIDSAAwRQIhALv75Hqfkw6MQv2L1RsfV6jWi1W8A1JQc5JTDWETz+4lAiAdozKp\n' Recv: Send: b'Dl1LCotv21RgLZeJxuLr7N0M6RB7Meh0aLvc5g==\n' Recv: Send: b'-----END CERTIFICATE-----\n' Recv: Send: b'\n' Recv: Send: b'v' Recv: Send: b'-----BEGIN CERTIFICATE-----\n' Recv: Send: b'MIIBpzCCAU6gAwIBAgIQZNormmZ+cpJBMYOm25zXczAKBggqhkjOPQQDAjAxMRYw\n' Recv: Send: b'FAYDVQQKDA1ET01VU0FfVEVLTklLMRcwFQYDVQQDDA5pQ29ubmVjdFNpZ25lcjAg\n' Recv: Send: b'Fw0yMDA3MTEwNzAwMDBaGA8zMDAwMTIzMTIzNTk1OVowNTEWMBQGA1UECgwNRE9N\n' Recv: Send: b'VVNBX1RFS05JSzEbMBkGA1UEAwwSMDEyMzVjZmEyNTZiMjdiNmVlMFkwEwYHKoZI\n' Recv: Send: b'zj0CAQYIKoZIzj0DAQcDQgAEzfiKuR5iLyAb0gjlH7KUXfzTljygH/ZOskvgjI41\n' Recv: Send: b'wnhzSQEpHIvk+cD6a+enuVDrYlHBrhxxirnhHNZ8Txca/6NCMEAwHQYDVR0OBBYE\n' Recv: Send: b'FFn/OHtvpd8/HLO5vmn5SuQmYoVhMB8GA1UdIwQYMBaAFHyLgZhtoleoYT2pV/W+\n' Recv: Send: b'lUgBms62MAoGCCqGSM49BAMCA0cAMEQCIE0GDry4RjgjiC6WUku24+D7onLBA/d3\n' Recv: Send: b'AL0gLczEDmoVAiBryJ296RloRKm9AjX3TgZlrcpAbmykou71OJt7Jy91pw==\n' Recv: Send: b'-----END CERTIFICATE-----\n' Recv: Send: b'\n' Recv: Send: b'b' Recv: Send: b'-----BEGIN PUBLIC KEY-----\n' Recv: Send: b'MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEkyfT6hkA9PlDW1wX4C2gMHrNYdYN\n' Recv: Send: b'4zglU65NpUV8+DQJyjxw9Ao74Ob0Kto3rcqoDzQX4LdHC1zgttFWxx7yeA==\n' Recv: Send: b'-----END PUBLIC KEY-----\n' Recv: Send: b'\n' Recv: Send: b'q' Recv: provisioning start Writing Root Public Key

Recv: device sn provisioning complete. Writing Signer Certificate Writing Device Certificate Reading Signer Certificate Comparing Signer Certificate Reading Device Certificate Comparing Device Certificate

Device Provisioning Successful!

JAHTKELD commented 4 years ago

Hello:

With a board already tested yesterday , the third time it has been provisioned successfull I have tried to provisioning again and it failed (Failed to write device certificate: 4)

I have tested if the correct certificate was still on the chip, and it was, the board was able to connect to Azure

JAHTKELD commented 4 years ago

I have done the following test: A board that was failing, I have taken from the MassProvision project its root-ca.crt root-ca.key signer-ca.crt signer-ca.key, the serial number of the chip and the public key obtained in MassProvision and I have used them with ECC608A-Provision project creating a new device certificate, cert-chain.c and provision.c, with this the project ECC608A-Provision is always successful. I have tried to connect that board to Azure and it succeeds (using the new cert-chain.c)

JAHTKELD commented 4 years ago

Hello: Sorry for this amount of evidence I'm trying to get

Apart from the topic of the key that appears twice, I think that my problem is the creation of the device certificate and that it is not done correctly.

I just made 5 tries on the board that I have tested with ECC608A-Provision, trying again with ECC60A-MassProvision.

With the same public key file I have tried 6 times and I have obtained I have obtained 6 different device certificates, only the 5th, after turning the computer off and on it has been valid, the 6th has also failed, but turning the computer off and on and this time failed, I dont know any.

kmwebnet commented 4 years ago

Could you share the cert_chain.c that you used commonly when you made both failures and successes?

JAHTKELD commented 4 years ago

Yes is this.

include "atcacert/atcacert_def.h"

include "cert_chain.h"

uint8_t g_signer_1_ca_public_key[64] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };

const atcacert_def_t g_cert_def_0_root = { .type = CERTTYPE_X509, .template_id = 0, .public_key_dev_loc = { .zone = DEVZONE_DATA, .slot = 15, .is_genkey = 0, .offset = 0, .count = 72 } };

const atcacert_cert_element_t g_cert_elements_1_signer[] = { { .id = "IssueDate", .device_loc = { .zone = DEVZONE_DATA, .slot = 14, .is_genkey = 0, .offset = 35-13, .count = 13 }, .cert_loc = { .offset = 98, .count = 13 } }, { .id = "ExpireDate", .device_loc = { .zone = DEVZONE_DATA, .slot = 14, .is_genkey = 0, .offset = 50-15, .count = 15 }, .cert_loc = { .offset = 113, .count = 15 } } }; const uint8_t g_cert_template_1_signer[] = { 0x30, 0x82, 0x01, 0xc8, 0x30, 0x82, 0x01, 0x6e, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0x61, 0x59, 0xf0, 0x2d, 0x9f, 0x2d, 0x85, 0x11, 0xeb, 0xcd, 0x99, 0x3c, 0x59, 0x3e, 0xbb, 0xa9, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x31, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0d, 0x44, 0x4f, 0x4d, 0x55, 0x53, 0x41, 0x5f, 0x54, 0x45, 0x4b, 0x4e, 0x49, 0x4b, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0e, 0x69, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x52, 0x6f, 0x6f, 0x74, 0x43, 0x41, 0x30, 0x20, 0x17, 0x0d, 0x32, 0x30, 0x30, 0x36, 0x32, 0x34, 0x31, 0x39, 0x35, 0x32, 0x32, 0x33, 0x5a, 0x18, 0x0f, 0x32, 0x30, 0x37, 0x30, 0x30, 0x36, 0x32, 0x34, 0x31, 0x39, 0x35, 0x32, 0x32, 0x33, 0x5a, 0x30, 0x31, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0d, 0x44, 0x4f, 0x4d, 0x55, 0x53, 0x41, 0x5f, 0x54, 0x45, 0x4b, 0x4e, 0x49, 0x4b, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0e, 0x69, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x53, 0x69, 0x67, 0x6e, 0x65, 0x72, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x6f, 0xdc, 0xcc, 0x4b, 0x4e, 0xe6, 0x02, 0x96, 0x2a, 0x4b, 0xea, 0x43, 0x11, 0x27, 0x54, 0xe8, 0xc5, 0xce, 0x0d, 0x46, 0xc8, 0x90, 0x87, 0x17, 0x03, 0xd0, 0xb3, 0x00, 0x21, 0x6d, 0x0e, 0xc4, 0xab, 0x4f, 0x73, 0xbf, 0x25, 0x83, 0x23, 0x3c, 0x0f, 0x96, 0x1e, 0x46, 0x37, 0x7e, 0xda, 0x00, 0xea, 0x9f, 0xf5, 0xbb, 0x69, 0x64, 0x06, 0xa0, 0x2a, 0xc0, 0xa1, 0xb7, 0xd3, 0x4b, 0x49, 0x8c, 0xa3, 0x66, 0x30, 0x64, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x00, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x7c, 0x8b, 0x81, 0x98, 0x6d, 0xa2, 0x57, 0xa8, 0x61, 0x3d, 0xa9, 0x57, 0xf5, 0xbe, 0x95, 0x48, 0x01, 0x9a, 0xce, 0xb6, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x86, 0xea, 0x8a, 0x17, 0x5a, 0x56, 0x4a, 0x37, 0x39, 0x54, 0xe8, 0xa0, 0x46, 0x7e, 0x3c, 0x8b, 0x9d, 0x18, 0x79, 0x32, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x48, 0x00, 0x30, 0x45, 0x02, 0x21, 0x00, 0xbb, 0xfb, 0xe4, 0x7a, 0x9f, 0x93, 0x0e, 0x8c, 0x42, 0xfd, 0x8b, 0xd5, 0x1b, 0x1f, 0x57, 0xa8, 0xd6, 0x8b, 0x55, 0xbc, 0x03, 0x52, 0x50, 0x73, 0x92, 0x53, 0x0d, 0x61, 0x13, 0xcf, 0xee, 0x25, 0x02, 0x20, 0x1d, 0xa3, 0x32, 0xa9, 0x0e, 0x5d, 0x4b, 0x0a, 0x8b, 0x6f, 0xdb, 0x54, 0x60, 0x2d, 0x97, 0x89, 0xc6, 0xe2, 0xeb, 0xec, 0xdd, 0x0c, 0xe9, 0x10, 0x7b, 0x31, 0xe8, 0x74, 0x68, 0xbb, 0xdc, 0xe6 }; const atcacert_def_t g_cert_def_1_signer = { .type = CERTTYPE_X509, .template_id = 1, .chain_id = 0, .private_key_slot = 0, .sn_source = SNSRC_STORED, .cert_sn_dev_loc = { .zone = DEVZONE_DATA, .slot = 14, .is_genkey = 0, .offset = 20-16, .count = 16 }, .issue_date_format = DATEFMT_RFC5280_UTC, .expire_date_format = DATEFMT_RFC5280_GEN, .tbs_cert_loc = { .offset = 4, .count = 370 }, .expire_years = 0, .public_key_dev_loc = { .zone = DEVZONE_DATA, .slot = 11, .is_genkey = 0, .offset = 0, .count = 72 }, .comp_cert_dev_loc = { .zone = DEVZONE_DATA, .slot = 12, .is_genkey = 0, .offset = 0, .count = 72 }, .std_cert_elements = { { // STDCERT_PUBLIC_KEY .offset = 206, .count = 64 }, { // STDCERT_SIGNATURE .offset = 386, .count = 74 }, { // STDCERT_ISSUE_DATE .offset = 98, .count = 13 }, { // STDCERT_EXPIRE_DATE .offset = 113, .count = 15 }, { // STDCERT_SIGNER_ID .offset = 0, .count = 0 }, { // STDCERT_CERT_SN .offset = 15, .count = 16 }, { // STDCERT_AUTH_KEY_ID .offset = 354, .count = 20 }, { // STDCERT_SUBJ_KEY_ID .offset = 321, .count = 20 } }, .cert_elements = g_cert_elements_1_signer, .cert_elements_count = sizeof(g_cert_elements_1_signer) / sizeof(g_cert_elements_1_signer[0]), .cert_template = g_cert_template_1_signer, .cert_template_size = sizeof(g_cert_template_1_signer), .ca_cert_def = &g_cert_def_0_root, };

const atcacert_cert_element_t g_cert_elements_2_device[] = { { .id = "common_name", .device_loc = { .zone = DEVZONE_DATA, .slot = 8, .is_genkey = 0, .offset = 0, .count = 18 }, .cert_loc = { .offset = 165, .count = 18 } } };

const uint8_t g_cert_template_2_device[] = { 0x30, 0x82, 0x01, 0xa7, 0x30, 0x82, 0x01, 0x4e, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0x49, 0x85, 0x89, 0xef, 0xdd, 0xb8, 0xde, 0x57, 0x4d, 0xd3, 0x4e, 0xfe, 0xa8, 0xb9, 0x0e, 0xc2, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x31, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0d, 0x44, 0x4f, 0x4d, 0x55, 0x53, 0x41, 0x5f, 0x54, 0x45, 0x4b, 0x4e, 0x49, 0x4b, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0e, 0x69, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x53, 0x69, 0x67, 0x6e, 0x65, 0x72, 0x30, 0x20, 0x17, 0x0d, 0x32, 0x30, 0x30, 0x36, 0x32, 0x37, 0x30, 0x39, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x33, 0x30, 0x30, 0x30, 0x31, 0x32, 0x33, 0x31, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x35, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0d, 0x44, 0x4f, 0x4d, 0x55, 0x53, 0x41, 0x5f, 0x54, 0x45, 0x4b, 0x4e, 0x49, 0x4b, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x12, 0x30, 0x31, 0x32, 0x33, 0x78, 0x78, 0x78, 0x78, 0x78, 0x78, 0x78, 0x78, 0x78, 0x78, 0x78, 0x78, 0x65, 0x65, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x2e, 0x09, 0x3d, 0x3d, 0xc2, 0x2e, 0xcd, 0xa1, 0x14, 0x08, 0xa7, 0x8e, 0x71, 0xea, 0x50, 0x7e, 0xd8, 0x17, 0xc7, 0xf9, 0xe6, 0x04, 0xf1, 0x31, 0x73, 0x74, 0xd4, 0x94, 0xf3, 0x29, 0x5d, 0xb4, 0x73, 0x58, 0x1d, 0x89, 0x36, 0xb0, 0x77, 0xfb, 0x29, 0x90, 0xb1, 0xb8, 0x53, 0x96, 0x19, 0xc0, 0x36, 0x71, 0xd6, 0xe4, 0x34, 0x6d, 0xd1, 0xfe, 0x0d, 0x99, 0x78, 0x37, 0xa9, 0x3b, 0x3f, 0x56, 0xa3, 0x42, 0x30, 0x40, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xcd, 0x8d, 0xe6, 0xf4, 0xbb, 0x2f, 0x33, 0xfb, 0xe1, 0x8a, 0x04, 0xef, 0xa6, 0xae, 0x46, 0x00, 0x97, 0x39, 0xba, 0x64, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x7c, 0x8b, 0x81, 0x98, 0x6d, 0xa2, 0x57, 0xa8, 0x61, 0x3d, 0xa9, 0x57, 0xf5, 0xbe, 0x95, 0x48, 0x01, 0x9a, 0xce, 0xb6, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x47, 0x00, 0x30, 0x44, 0x02, 0x20, 0x6b, 0xc1, 0x93, 0x3e, 0x3e, 0x2a, 0x05, 0x86, 0x5b, 0xce, 0xbf, 0x9a, 0x24, 0x56, 0x31, 0x1e, 0x55, 0x03, 0x51, 0xb6, 0x15, 0xed, 0xd3, 0x56, 0x7b, 0x31, 0x89, 0x89, 0x3a, 0x55, 0x16, 0xc0, 0x02, 0x20, 0x34, 0x8f, 0xb2, 0xc7, 0x74, 0xae, 0x93, 0x27, 0x06, 0x08, 0x81, 0x04, 0xe1, 0x1f, 0x83, 0xd9, 0xdc, 0xd7, 0x93, 0x5b, 0xaa, 0x5a, 0x8f, 0xe2, 0xf4, 0x38, 0x4d, 0x79, 0xda, 0x1a, 0x16, 0x43 }; const atcacert_def_t g_cert_def_2_device = { .type = CERTTYPE_X509, .template_id = 2, .chain_id = 0, .private_key_slot = 0, .sn_source = SNSRC_PUB_KEY_HASH, .cert_sn_dev_loc = { .zone = DEVZONE_NONE, .slot = 0, .is_genkey = 0, .offset = 0, .count = 0 }, .issue_date_format = DATEFMT_RFC5280_UTC, .expire_date_format = DATEFMT_RFC5280_GEN, .tbs_cert_loc = { .offset = 4, .count = 338 }, .expire_years = 0, .public_key_dev_loc = { .zone = DEVZONE_DATA, .slot = 0, .is_genkey = 1, .offset = 0, .count = 64 }, .comp_cert_dev_loc = { .zone = DEVZONE_DATA, .slot = 10, .is_genkey = 0, .offset = 0, .count = 72 }, .std_cert_elements = { { // STDCERT_PUBLIC_KEY .offset = 210, .count = 64 }, { // STDCERT_SIGNATURE .offset = 354, .count = 73 }, { // STDCERT_ISSUE_DATE .offset = 98, .count = 13 }, { // STDCERT_EXPIRE_DATE .offset = 0, .count = 0 }, { // STDCERT_SIGNER_ID .offset = 0, .count = 0 }, { // STDCERT_CERT_SN .offset = 15, .count = 16 }, { // STDCERT_AUTH_KEY_ID .offset = 322, .count = 20 }, { // STDCERT_SUBJ_KEY_ID .offset = 289, .count = 20 } }, .cert_elements = g_cert_elements_2_device, .cert_elements_count = sizeof(g_cert_elements_2_device) / sizeof(g_cert_elements_2_device[0]), .cert_template = g_cert_template_2_device, .cert_template_size = sizeof(g_cert_template_2_device), .ca_cert_def = &g_cert_def_1_signer, };

JAHTKELD commented 4 years ago

This is the device certificate that failed for the before cert-chain.c

0123e7666ca7ae13ee-device.crt

and the public key -----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5Oakouc37/RkBILy2E2yqiDjYskD bB5y/4gqr80fMS274tqOb3M87WYu0A+NdDQNJKqaaJUFGxeoVT9UAGipRg== -----END PUBLIC KEY-----

and the out,text DOMUSA_TEKNIK

and device.crt -----BEGIN CERTIFICATE----- MIIBpzCCAU6gAwIBAgIQSYWJ79243ldN007+qLkOwjAKBggqhkjOPQQDAjAxMRYw FAYDVQQKDA1ET01VU0FfVEVLTklLMRcwFQYDVQQDDA5pQ29ubmVjdFNpZ25lcjAg Fw0yMDA2MjcwOTAwMDBaGA8zMDAwMTIzMTIzNTk1OVowNTEWMBQGA1UECgwNRE9N VVNBX1RFS05JSzEbMBkGA1UEAwwSMDEyM3h4eHh4eHh4eHh4eGVlMFkwEwYHKoZI zj0CAQYIKoZIzj0DAQcDQgAELgk9PcIuzaEUCKeOcepQftgXx/nmBPExc3TUlPMp XbRzWB2JNrB3+ymQsbhTlhnANnHW5DRt0f4NmXg3qTs/VqNCMEAwHQYDVR0OBBYE FM2N5vS7LzP74YoE76auRgCXObpkMB8GA1UdIwQYMBaAFHyLgZhtoleoYT2pV/W+ lUgBms62MAoGCCqGSM49BAMCA0cAMEQCIGvBkz4+KgWGW86/miRWMR5VA1G2Fe3T VnsxiYk6VRbAAiA0j7LHdK6TJwYIgQThH4PZ3NeTW6paj+L0OE152hoWQw== -----END CERTIFICATE-----

JAHTKELD commented 4 years ago

And in this moment I have tried 2 times ,and the second was sucessfull, without change any. This is the succesfull 0123e7666ca7ae13ee-device.crt

JAHTKELD commented 4 years ago

I Have tried to decrease the uart speed to 9600 baud, but the result is the same

I think I'll have to pay you to a box of beer or spanish wine

kmwebnet commented 4 years ago

There may be an error if the signature length of the actually generated certificate is longer than the signature length of the device certificate template in cert_chain.c.

The expected error location is atcacert_der.c

curr_idx += dec_size;
if (curr_idx + seq_length >*der_sig_size)
{
    return ATCACERT_E_DECODING_ERROR; // Not enough data in buffer to decode the rest

}

In other words, it is considered to be NG if the length of the signature actually generated> the signature length of the device certificate template in cert_chain.c.

The length of the signature has three patterns depending on the lengths of the R and S components, and is randomly generated for each signature. 33+33 33+32 or 32+33 32+32

You can check with this tool. https://www.pkisolutions.com/tools/asn1editor/

There is no problem if the device certificate template in cert_chain.c is 33+33. If the device certificate template in cert_chain.c is 32+32, there is the highest possibility that an error will occur.

Failed pattern

Successful pattern

Check the device certificate template in cert_chain.c used above. When the signature is decrypted in the ASN.1 format, "0x03", sequence length (0x47), "0x00", "0x30", sequence length (0x44), and then R component “0x02”, sequence length (0x20), data, and S component "0x02", sequence length (0x20), and data.

const uint8_t g_cert_template_2_device[] = { 0x30, 0x82, 0x01, 0xa7, 0x30, 0x82, 0x01, 0x4e, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0x49, 0x85, 0x89, 0xef, 0xdd, 0xb8, 0xde, 0x57, 0x4d, 0xd3, 0x4e, 0xfe, 0xa8, 0xb9, 0x0e, 0xc2, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x31, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0d, 0x44, 0x4f, 0x4d, 0x55, 0x53, 0x41, 0x5f, 0x54, 0x45, 0x4b, 0x4e, 0x49, 0x4b, 0x31, 0x17, 0x30, 0x15, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0e, 0x69, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x53, 0x69, 0x67, 0x6e, 0x65, 0x72, 0x30, 0x20, 0x17, 0x0d, 0x32, 0x30, 0x30, 0x36, 0x32, 0x37, 0x30, 0x39, 0x30, 0x30, 0x30, 0x30, 0x5a, 0x18, 0x0f, 0x33, 0x30, 0x30, 0x30, 0x31, 0x32, 0x33, 0x31, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5a, 0x30, 0x35, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0d, 0x44, 0x4f, 0x4d, 0x55, 0x53, 0x41, 0x5f, 0x54, 0x45, 0x4b, 0x4e, 0x49, 0x4b, 0x31, 0x1b, 0x30, 0x19, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x12, 0x30, 0x31, 0x32, 0x33, 0x78, 0x78, 0x78, 0x78, 0x78, 0x78, 0x78, 0x78, 0x78, 0x78, 0x78, 0x78, 0x65, 0x65, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x2e, 0x09, 0x3d, 0x3d, 0xc2, 0x2e, 0xcd, 0xa1, 0x14, 0x08, 0xa7, 0x8e, 0x71, 0xea, 0x50, 0x7e, 0xd8, 0x17, 0xc7, 0xf9, 0xe6, 0x04, 0xf1, 0x31, 0x73, 0x74, 0xd4, 0x94, 0xf3, 0x29, 0x5d, 0xb4, 0x73, 0x58, 0x1d, 0x89, 0x36, 0xb0, 0x77, 0xfb, 0x29, 0x90, 0xb1, 0xb8, 0x53, 0x96, 0x19, 0xc0, 0x36, 0x71, 0xd6, 0xe4, 0x34, 0x6d, 0xd1, 0xfe, 0x0d, 0x99, 0x78, 0x37, 0xa9, 0x3b, 0x3f, 0x56, 0xa3, 0x42, 0x30, 0x40, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xcd, 0x8d, 0xe6, 0xf4, 0xbb, 0x2f, 0x33, 0xfb, 0xe1, 0x8a, 0x04, 0xef, 0xa6, 0xae, 0x46, 0x00, 0x97, 0x39, 0xba, 0x64, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x7c, 0x8b, 0x81, 0x98, 0x6d, 0xa2, 0x57, 0xa8, 0x61, 0x3d, 0xa9, 0x57, 0xf5, 0xbe, 0x95, 0x48, 0x01, 0x9a, 0xce, 0xb6, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x47, 0x00, 0x30, 0x44, 0x02, 0x20, 0x6b, 0xc1, 0x93, 0x3e, 0x3e, 0x2a, 0x05, 0x86, 0x5b, 0xce, 0xbf, 0x9a, 0x24, 0x56, 0x31, 0x1e, 0x55, 0x03, 0x51, 0xb6, 0x15, 0xed, 0xd3, 0x56, 0x7b, 0x31, 0x89, 0x89, 0x3a, 0x55, 0x16, 0xc0, 0x02, 0x20, 0x34, 0x8f, 0xb2, 0xc7, 0x74, 0xae, 0x93, 0x27, 0x06, 0x08, 0x81, 0x04, 0xe1, 0x1f, 0x83, 0xd9, 0xdc, 0xd7, 0x93, 0x5b, 0xaa, 0x5a, 0x8f, 0xe2, 0xf4, 0x38, 0x4d, 0x79, 0xda, 0x1a, 0x16, 0x43 };

As a countermeasure, generate device.crt to be passed to cert2certdef for the first time several times and use 33+33 as a template.

I hope this is a solution.

JAHTKELD commented 4 years ago

Hello:

Yes, it works, I got at firts time a cert_chain.c with 33+33.

I have tested several times with the same board, and with diferent board, and it works all time.

Thanks very much

kmwebnet / ECC608-MassProvisioning

sometimes It works, sometimes it doesn´t works #2

get device public key if it isnt exist

include "atcacert/atcacert_def.h"

include "cert_chain.h"