Winc1500 writting certificate issue without tool.

Go To Last Post
5 posts / 0 new
Author
Message
#1
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Hi everybody,

 

I am having a problem with writing certificate. When I downloaded by tool, everything work fine.

 

But when I tried by example "CERT_DOWNLOADER_OTA_HTTPS_DOWNLOAD_EXAMPLE" with same certificate file, it doesn't work, error -12 is thrown.

 

I tried to read data from serial flash where they saved root certificates to 4KB buffer and compare:

 

- First 20 bytes header are same (0-19)

- From byte 56th -> 4095 are same.

- The different happened from byte 20th to byte 55.

 

These data are converted (both cases) and different with original certificate data so we don't know what they stand for.

 

I enable ENABLE_VERIFICATION and all data is written correctly by this flag, and I also got a success message.

 

How does the tool convert original certificate file to save to flash? what is this structure, any open source for the tool "root_certificate_downloader.exe" please?

 

Thanks!

 

 

Attachment(s): 

Last Edited: Mon. Jan 28, 2019 - 07:10 PM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Not sure what you compare, but root certificates stored in WINC1500's internal Flash are neither PEM nor DER files. They are "parsed" by the download tool to become C style structures

 


typedef struct{
    uint8                   au8SHA1NameHash[CRYPTO_SHA1_DIGEST_SIZE];
    tstrSystemTime          strStartDate;
    tstrSystemTime          strExpDate;
    tstrRootCertPubKeyInfo  strPubKey;
}tstrRootCertEntryHeader;

 

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

The compare I made is, downloaded certificate by tool, read back from serial flash save to file1. Then I downloaded certificate by the  example "CERT_DOWNLOADER_OTA_HTTPS_DOWNLOAD_EXAMPLE1", read back from serial and save to file2.

 

And compare file1 and file2 show me the different. Meaning "Parse" by the tool is different with the example "CERT_DOWNLOADER_OTA_HTTPS_DOWNLOAD_EXAMPLE1".

 

Yes, they are parsed to C style structures, and the different is also related to au8SHA1NameHash, strStartDate, strExpDate…..

 

The thing here is, we want to use api provided from example "CERT_DOWNLOADER_OTA_HTTPS_DOWNLOAD_EXAMPLE1", not the tool.

 

The certificate I used is GS Root R2 downloaded from https://pki.goog/  (google)

 

I set ROOT_CERT for this certificate when run the example.

 

 

Last Edited: Tue. Jan 29, 2019 - 03:43 PM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Likely the different relates to hash table but not sure what they used in the tool.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Anyone know how to calculate this field?

 uint8 au8SHA1NameHash [20];

 

We got different because this field but we don't know the rules to calculate this field in the tool.