not able to execute GET_DEVICE_CERT and GET_SIGNER_CERT

Question

not able to execute GET_DEVICE_CERT and GET_SIGNER_CERT

mimmoLinino opened this issue 6 years ago · 1 comments

I'am using the crypto chip ATECC508 connected to a RPI3 compute module using I2C interface.
Running the test tool I was able to PASS all of them, but if I try to use openssl to get the certificate I have a failure.
I debugged a little bit where the error happened and I discovered that it is on:

OpenSSL> engine -t dynamic -pre SO_PATH:./ateccx08.so -pre LIST_ADD:1 -pre ID:ateccx08 -pre LOAD
(dynamic) Dynamic engine loading support
[Success]: SO_PATH:./ateccx08.so
[Success]: LIST_ADD:1
[Success]: ID:ateccx08
$$eccx08_engine.c:307:bind_helper(): Entered
$$eccx08_ecdsa_sign.c:373:eccx08_ecdsa_init(): Entered
$$eccx08_eckey_meth.c:1072:eccx08_pkey_meth_init(): Entered
$$eccx08_engine.c:410:bind_helper(): Succeeded
[Success]: LOAD
Loaded: (ateccx08) Microchip ATECCx08 Engine
$$eccx08_engine.c:248:eccx08_init(): Entered
$$eccx08_cert.c:163:eccx08_cert_init(): Entered
$$eccx08_cert.c:128:eccx08_cert_copy(): Entered
$$eccx08_cert.c:66:eccx08_cert_new(): Entered
$$eccx08_cert.c:128:eccx08_cert_copy(): Entered
$$eccx08_cert.c:66:eccx08_cert_new(): Entered
$$eccx08_cert.c:128:eccx08_cert_copy(): Entered
$$eccx08_cert.c:66:eccx08_cert_new(): Entered
[ available ]
$$eccx08_engine.c:280:eccx08_finish(): Entered
$$eccx08_cert.c:182:eccx08_cert_cleanup(): Entered
$$eccx08_cert.c:100:eccx08_cert_free(): Entered
$$eccx08_cert.c:100:eccx08_cert_free(): Entered
$$eccx08_cert.c:100:eccx08_cert_free(): Entered
$$eccx08_ecdsa_sign.c:403:eccx08_ecdsa_cleanup(): Entered
$$eccx08_eckey_meth.c:1106:eccx08_pkey_meth_cleanup(): Entered
OpenSSL> engine ateccx08 -t -post GET_SIGNER_CERT:./signer.der
(ateccx08) Microchip ATECCx08 Engine
$$eccx08_engine.c:248:eccx08_init(): Entered
$$eccx08_cert.c:163:eccx08_cert_init(): Entered
$$eccx08_cert.c:128:eccx08_cert_copy(): Entered
$$eccx08_cert.c:66:eccx08_cert_new(): Entered
$$eccx08_cert.c:128:eccx08_cert_copy(): Entered
$$eccx08_cert.c:66:eccx08_cert_new(): Entered
$$eccx08_cert.c:128:eccx08_cert_copy(): Entered
$$eccx08_cert.c:66:eccx08_cert_new(): Entered
[ available ]
$$eccx08_cmd_defns.c:372:eccx08_cmd_ctrl(): Entered
$$eccx08_cmd_defns.c:110:get_cert(): ./signer.der cert:0x1992a40 sign:0x7e9fa181
$$eccx08_engine.c:79:eccx08_global_lock(): About to lock mutex in global_lock
$$eccx08_cmd_defns.c:144:get_cert(): Load puiblic key status: 0 signer:0
$$eccx08_cmd_defns.c:144:get_cert():
Load puiblic key status: 0 signer:0
atcacert_def.c:1380 atcacert_set_comp_cert(): tid 1:1 cid 0:0 source 9:0
atcacert_def.c:425: Read certificate status: 0xb
$$eccx08_cmd_defns.c:151:get_cert(): Read certificate status: 0xb
$$eccx08_cmd_defns.c:163:get_cert(): Failure: 0xb
[Failure]: GET_SIGNER_CERT:./signer.der

I added some printf to report the specific point where the error ATCACERT_E_WRONG_CERT_DEF happen and it seems a difference on the source expected.
The test using cio runs fine without any issue.
Any help or suggestion?

Answer 1 · 2021-10-14T12:59:28.000Z

I have the same problem. Did you find the solution?