I am trying out a ATECC508A crpyptographic coprocessor with an ESP32. I have downloaded the Sparkfun library and have tried several features, like generating random numbers and I have also created two EC (Elliptic curve) keypairs.
I followed the instructions from that library and locked the configuration and the data slots for the chip.
Everything I tried so far is fine except for the verification of signatures.
I am able to generate the private key and display it in the serial monitor. I can also use the private key to sign a message and get a signature. However I cannot verify the signature with the ATECC508A, I keep getting an error saying the signature is wrong.
So I have debugged the library and found that when verifying a signature in the method verifySignaure() there are some checks involved (size of the answer and a CRC checksum). The check for the size fails, I get the following log message:
countGlobal: 0x0
count heard from IC (inpuBuffer[0]): 0xFF
Message Count Error
So to sum up:
I have generated a key pair and locked the device
I have used the private key to sign a message
the signature is correct, I have verified this with a self written java program, so the chip seems to work correctly (at least in general)
however the verification of the signature within the ATECC508A fails due to the message count error mentioned above.
Physical setup:
I have mounted the chip on a breadboard with an ESP32
the ESP32 is powered with a USB cable
I connected the ATECC508A to the ESP32 with 4 wires (3V3, GND, SDL, SCA).
SDL and SCA both have a 4,7 kOhm pullup resistor each (also tried 10 k and 2,2 k with no result)
the I2C bus is running with 250 kHertz (I also tried 100 kHertz)
the ATECC508A is the only device connected to the I2C
Since I began experimenting with the setup due to the problem every second time when I reboot the ESP32 the ATECC508A can’t be found. However when it is found everything works except the signature verification.
I’d be glad if somebody has an idea what could be wrong.
thanks for the suggestion. I had found a similar problem for the ATECC50A and have already tried this, however to no avail…
I also downloaded the latest version of the library but to my dismay there have been significant changes to the library, e. g. the method for calculating the sha255 has been removed.
So I reintegrated the necessary stuff and investigated the matter further and have some interesting findings. But before I present my findings I’d like to point out how the method verifySignature works internally ( I only discuss the important parts)
First the command for verification is sent to the ATECC508A
Next there is a delay of 58 ms
Now we try to read a response from the chip - internally there is a loop which tries 20 times to read the response from the chip via i2c. Tthe response should be 4 bytes long (length byte, status and 2 bytes for the CRC).
Next there is a check for correct length (inidcated by the variable countGlobal) and CRC
Now my findings:
First I did not receive any answer from the chip (countGlobal was 0, so no response at all). I discovered that the delay time of 58 ms and and the loop of 20 times was not enough.
When I changed the delay time to approx. 1000 ms seconds and increased the loop counter to 50 I had a response after approx. 29 repetitions in the loop
I then got an answer of 4 bytes (length = 0x4, status = 0x11, two bytes for the CRC). The length and the CRC was correct, however the status is wrong. It should read 0x00.
According to the data sheet 0x11 means that the ATECC508A has received a Wake token.
That’s the current status, I do not know how to continue, the situation is not very satisfying.
I’d be glad if I had a correct status of 0x00 (meaning the verification has completed successfully), however 1000 ms is also way to long for a signature verification. Even in software it would not take as long as that.
What does it mean when I get a status saying the the chip has received a wake token?
Has someone who has used the chip for signature verification and how long this lasts?
Thanks a lot for your patience to read up to this point,
I have tried the same with a different model (ATECC608A), but still have the same problems.
When I try to verify the signature, I still get a 0x11 status code.
Any ideas what this status code means in this context? The documentation says: “Indication that ATECC608A has received a proper Wake token”. However I do not understand what this means.
How could I resolve this problem? Any suggestions how to debug this problem?