Do the AT%CMNG commands function properly for writing credentials in mfw_nrf9160_0.7.0-29.alpha

I now wonder if I haven't somehow put this modem's NVM into a bad state.  Just so I could continue doing other work, I used nrf_inbuilt_key_delete/nrf_inbuilt_key_write to remove all credentials and then reload a good set, and now every attempt to connect to an SSL socket fails with errno=-45. This is the same client/application code I have been using for months without issue.

I further tried using just "openssl s_server" as the listener and disabling peer verify on both sides, and I still get -45 from mqtt_connect.  The openssl server just spits out this every time the device hits it:

ERROR
shutting down SSL
CONNECTION CLOSED

They never even begin key exchange. 

Hi Justin,
Could you try to list the keys (AT%CMNG=1) and delete the ones that you are not using.
It may be that there is a memory issue.

The error 519 is not listed in the documentation, but it means that it already exists something at that place, so you can try to delete the old one first.

I have previously listed and deleted all keys using CMNG=1 and CMNG=3.  I just tried it again and included a CFUN=0 and reboot after deleting the keys but before trying to write new keys with CMNG=0.  It exhibited the same behavior and never completed the CMNG write command.

Regarding the XPMNG command, I tried XPMNG=2 and it does report an existing public key.  I am quite certain I have never installed one.  I happened to have a new dev kit we recently got for GPS testing, so I loaded it up with at_client and XPMNG=2 reports the exact same public key.  I assume these must be from manufacturing on Nordic's end.  There is no command I can find in the modem manual to delete the XPMNG credential, can you please tell me how to do this?

In case anyone else ever cares, this is what the preinstalled public key looked like:

AT%XPMNG=2
%XPMNG: "-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAErrM7SxsE9WStx+6C2TQSsiaCnDww
B6rYZe/xHP7sDuHP8SmB0uauqhWBXXy0e8xoxqAc2bniubZa4HI2Zfz7tQ==
-----END PUBLIC KEY-----
"
OK

Yeah, I strongly suspect my modem NVM is in bad shape.  Is there a way using nrf9160_mdm_dfu or some other tool that I can check or reset the credential storage?

It is now in a state where if I try to store credentials even using nrf_inbuilt_key_write some writes succeed and others hang.  After one pass where it had written the CA cert successfully but then hung during the private key write, I reflashed to at_client and poked around a bit:

The AT host sample started
AT
OK
AT+CFUN=4
OK
AT+CMEE=1
OK
AT%CMNG=1
%CMNG: 64738,0,"0000000000000000000000000000000000000000000000000000000000000000"
%CMNG: 64738,1,"0101010101010101010101010101010101010101010101010101010101010101"
%CMNG: 64738,2,"0202020202020202020202020202020202020202020202020202020202020202"
OK
AT%CMNG=2,64738,0
%CMNG: 64738,0,"0000000000000000000000000000000000000000000000000000000000000000","-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgIJANuSwPfghLXlMA0GCSqGSIb3DQEBCwUAMIG7MQswCQYD
VQQGEwJVUzEWMBQGA1UECAwNTWFzc2FjaHVzZXR0czEUMBIGA1UEBwwLTWFybGJv
cm91Z2gxJjAkBgNVBAoMHVNpZ25hbEZpcmUgV2lyZWxlc3MgVGVsZW1ldHJ5MRMw
EQYDVQQLDApNUVRUIENsb3VkMRwwGgYDVQQDDBNTaWduYWxGaXJlIENsb3VkIENB
MSMwIQYJKoZIhvcNAQkBFhRpbmZvQHNpZ25hbC1maXJlLmNvbTAeFw0xOTA0MDMx
NjE1MDhaFw0zOTAzMjkxNjE1MDhaMIG7MQswCQYDVQQGEwJVUzEWMBQGA1UECAwN
TWFzc2FjaHVzZXR0czEUMBIGA1UEBwwLTWFybGJvcm91Z2gxJjAkBgNVBAoMHVNp
Z25hbEZpcmUgV2lyZWxlc3MgVGVsZW1ldHJ5MRMwEQYDVQQLDApNUVRUIENsb3Vk
MRwwGgYDVQQDDBNTaWduYWxGaXJlIENsb3VkIENBMSMwIQYJKoZIhvcNAQkBFhRp
bmZvQHNpZ25hbC1maXJlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAO9Kf1ufbdkCdIB9hJ5iZ1z9OyUB8Ddaal7uGFUh1j2y/Fk+gbO69YXUAX/8
CbZKiZ4VJmCcbCS9jRU7jNbF85oeJofkoiCpWB0supKtGk+GK6dMBK84TSJL5x29
qdGqu2x/em5UD9PfqSMQtdPpcCraPTekRAWJnUd3BNeYqZ3uixOWVIpytGWDLeZP
PU3UcIJIRSCbunVSzoafTrQI/FNh7azx9RTpJexEhLYRqKB54i8oaKdUQHfve9sD
M4b



AT
OK
AT%CMNG=3,64738,0
OK
AT%CMNG=1
%CMNG: 64738,1,"0101010101010101010101010101010101010101010101010101010101010101"
%CMNG: 64738,2,"0202020202020202020202020202020202020202020202020202020202020202"
OK
AT%CMNG=3,64738,1
OK
AT%CMNG=3,64738,2
OK
AT%CMNG=1
OK
AT%CMNG=0,64738,0,"TEST"

The CMNG=1 listed that the CA, key, and cert all existed, even though it had hung during the key write and the cert write had not been written. When trying to read the CA, it didn't have the whole CA certificate.  I then deleted all three certificates and tried to write a super-short string to the CA as a test and that hung and never returned...

(EDIT: The truncated output on CMNG=2 was due to a too-small buffer in the AT driver, which can be remedied by increasing AT_HOST_SOCKET_BUF_SIZE in prj.conf)

Yeah, I was finally able to do a CMNG write command...  The basic CMNG write is working, but something is hanging in the modem firmware during most writes.

I had loaded the test string "BEEPBEEP" as a CA using nrf_inbuilt_key_write, rebooted into at_client, and was able to read "BEEPBEEP" back using CMNG=2.  I then set the CA to "HONKHONK" using CMNG=0 and read *that* back using CMNG=2.  (Yay! Proves that it's not an XPMNG issue for that credential at least)

Enthused by that success, I immediately tried to use CMNG=0 to write a real certificate into the same slot, and that command hung.  After rebooting the 9160, CMNG=2 still reads back "HONKHONK".  I was able to change it to something short again using CMNG=0 and read that back okay.  (This final test I also used a multi-line payload to prove that wasn't the issue...)

Is there a size limit on certificates/keys?  I don't think mine are excessive in any way.  A quick check at the command line puts all three credential files I'm trying to load in the area of 1600-1900 bytes.