atcacert_create_csr_pem fails when used on a slot that has KEYCFG_REQRANDOM_BIT and KEYCFG_REQUIRE_AUTH_BIT set #409
Description
Describe the bug
atcacert_create_csr_pem fails with a status of -12, when used on a slot that has KEYCFG_REQRANDOM_BIT and KEYCFG_REQUIRE_AUTH_BIT set. I am using version 3.7.9 of the cryptoauthlib
To Reproduce
Steps to reproduce the behavior:
- Configure a private key slot with KEYCFG_REQRANDOM_BIT and KEYCFG_REQUIRE_AUTH_BIT bits set
- Set CSR_DEF to the following to read the public key from a slot.
def.private_key_slot = privKeySlot;
def.public_key_dev_loc.zone = DEVZONE_DATA;
def.public_key_dev_loc.slot = pubKeySlot;
def.public_key_dev_loc.offset = 0;
def.public_key_dev_loc.count = 64;
def.public_key_dev_loc.is_genkey = 0; - Call atcab_nonce_rand(numIn, nullptr)
- Call atcab_gendig(GENDIG_ZONE_KEY_CONFIG, authKeySlot, nullptr, 0)
- Call atcacert_create_csr_pem(&def, csrPem, csrPemSize)
- The atcacert_create_csr_pem call fails with the following errors
../Middlewares/CryptoAuthLib/calib/calib_sign.c:90:fffffff4:calib_sign_base - execution failed
../Middlewares/CryptoAuthLib/calib/calib_sign.c:160:fffffff4:calib_sign_base - failed
../Middlewares/CryptoAuthLib/atcacert/atcacert_client.c:679:fffffff4:Signing CSR failed
Additional context
Note that I can create a private key in the same slot after authorizing with the following flow.
- atcab_nonce_rand
- atcah_nonce
- atcah_check_mac
- atcab_genkey
Target slot configuration is.
SLOTCFG_ISSECRET_BIT
KEYCFG_PRIVATE_BIT
KEYCFG_PUBINFO_BIT
KEYCFG_REQRANDOM_BIT
KEYCFG_REQUIRE_AUTH_BIT
KEYCFG_LOCKABLE_BIT
P256_NIST_ECC_KEY
Auth key slot configuration is
SLOTCFG_ISSECRET_BIT
KEYCFG_LOCKABLE_BIT
SHA_KEY_OR_OTHER_DATA
Note the atcacert_create_csr_pem succeeds when use on a slot without KEYCFG_REQRANDOM_BIT and KEYCFG_REQUIRE_AUTH_BIT set