The function modem_key_mgmt_cmp() fails to identify valid certificate

RE: The function modem_key_mgmt_cmp() fails to identify valid certificate

Tiago Costa — Wed, 26 Aug 2020 17:34:42 GMT

Hi emdi! Thanks for taking the time to fix this!

RE: The function modem_key_mgmt_cmp() fails to identify valid certificate

emdi — Tue, 21 Jul 2020 08:24:32 GMT

Hi Tiago, thank you for digging into this. I have opened a PR to sdk-nrf to fix this issue, you can find it here: https://github.com/nrfconnect/sdk-nrf/pull/2613. Feel free to check it out and leave a comment :)

RE: The function modem_key_mgmt_cmp() fails to identify valid certificate

Tiago Costa — Fri, 22 May 2020 18:48:41 GMT

Hi,

I think I've managed to identify the problem, although I don't have a solution for it yet.

After further looking into the Modem Key Management library, I've noticed that the following function call under lib/at_cmd/at_cmd.c is returning a wrong payload length (of 626, significantly less than the certificate's size), which in turn causes the certificates' size comparison to fail:

payload_len = get_return_code(item->data, &ret);

The function seems to return when it finds the string "OK" in the certificate's content being read from the modem. At a first glance, it seems this function might not be escaping AT command return codes correctly in the certificate's payload string, and gets tricked into returning a wrong length because of that.

I believe a modem firmware fix might be necessary before this can be handled, either to do byte stuffing when reading certificates' strings from the modem, or simply by providing the certificate's length in advance and having the function parse a known length.

RE: The function modem_key_mgmt_cmp() fails to identify valid certificate

Tiago Costa — Fri, 22 May 2020 16:32:32 GMT

Hi emdi, thanks for the suggestion! I have increased the heap up to 16384 bytes but it made no difference however (I have set CONFIG_HEAP_MEM_POOL_SIZE=16384 in prj.conf).

RE: The function modem_key_mgmt_cmp() fails to identify valid certificate

emdi — Fri, 22 May 2020 08:47:57 GMT

Hi Tiago, AT commands are put on the heap when parsed, and if no memory is available the `at_cmd_parser` won't report and error :/

Try to increase the heap and see if the problem is solved.

RE: The function modem_key_mgmt_cmp() fails to identify valid certificate

Tiago Costa — Thu, 14 May 2020 14:05:15 GMT

Hi Heidi, thanks for the feedback!

RE: The function modem_key_mgmt_cmp() fails to identify valid certificate

Heidi — Thu, 14 May 2020 12:07:54 GMT

Hi, thank you.

It looks like this might be a bug at the AT Command parser level: either it's filling the incorrect size, or it's not able to parse the response from the modem. The developers will have a look either tomorrow or the beginning of next week, and I'll let you know as soon as we find the root cause of this.

Best regards,

Heidi

RE: The function modem_key_mgmt_cmp() fails to identify valid certificate

Tiago Costa — Wed, 13 May 2020 09:21:20 GMT

Hi Heidi, thanks for getting back to me. I've added AT CMD Level debug to my http_application_update example and got the following output:

*** Booting Zephyr OS build v2.1.99-ncs1-1145-g13dc96f83bab  ***
HTTPS application update sample started v1
Initializing bsdlib
Initialized bsdlib
D: Setting notification handler to 0x0003952d
D: Common AT socket created
D: Common AT socket processing thread created
D: Sending command AT+CMEE?
DD: Awaiting response for AT+CMEE?
: AT socket thread started
D: Allocating memory slab for AT socket
D: Allocation done
D: at_cmd_rx 15 bytes, +CMEE: 0
OK

D: Bytes sent: 8
D: Sending command AT+CMEE=1
D: Allocating memory slab for AT socket
D: Allocation done
D: Awaiting response for AT+CMEE=1
D: at_cmd_rx 5 bytes, OK

D: Bytes sent: 9
D: Sending command AT%CMNG=1,24514698,0
D: Allocating memory slab for AT socket
D: Allocation done
D: Awaiting response for AT%CMNG=1,24514698,0
D: at_cmd_rx 91 bytes, %CMNG: 24514698,0,"0000000000000000000000000000000000000000000000000000000000000000"
OK

D: Bytes sent: 20
D: Sending command AT+CMEE=0
D: Allocating memory slab for AT socket
D: Allocation done
D: Awaiting response for AT+CMEE=0
D: at_cmd_rx 5 bytes, OK

D: Bytes sent: 9
D: Sending: AT%CMNG=2,24514698,0
D: Sending command AT+CMEE?
D: Allocating memory slab for AT socket
D: Allocation done
D: Awaiting response for AT+CMEE?
D: at_cmd_rx 15 bytes, +CMEE: 0
OK

D: Bytes sent: 8
D: Sending command AT+CMEE=1
D: Allocating memory slab for AT socket
D: Allocation done
D: Awaiting response for AT+CMEE=1
D: at_cmd_rx 5 bytes, OK

D: Bytes sent: 9
D: Sending command AT%CMNG=2,24514698,0
D: Allocating memory slab for AT socket
D: Allocation done
D: Awaiting response for AT%CMNG=2,24514698,0
D: at_cmd_rx 2265 bytes, %CMNG: 24514698,0,"0000000000000000000000000000000000000000000000000000000000000000","-----BEGIN CERTIFICATE-----
MIIGFzCCA/+gAwIBAgIUN6ec2FP/QL5ASPNvIjpjSvsNZv4wDQYJKoZIhvcNAQEL
BQAwgZoxCzAJBgNVBAYTAlBUMQ4wDAYDVQQIDAVQb3J0bzEaMBgGA1UEBwwRVmls
YSBOb3ZhIGRlIEdhaWExFjAUBgNVBAoMDVVyYmFuIENvbnRyb2wxGTAXBgNVBAMM
EHVyYmFuLWNvbnRyb2wucHQxLDAqBgkqhkiG9w0BCQEWHXRpYWdvLmNvc3RhQHVy
YmFuLWNvbnRyb2wuY29tMB4XDTIwMDUwODA4MzE1OFoXDTQ4MDUyMTA4MzE1OFow
gZoxCzAJBgNVBAYTAlBUMQ4wDAYDVQQIDAVQb3J0bzEaMBgGA1UEBwwRVmlsYSBO
b3ZhIGRlIEdhaWExFjAUBgNVBAoMDVVyYmFuIENvbnRyb2wxGTAXBgNVBAMMEHVy
YmFuLWNvbnRyb2wucHQxLDAqBgkqhkiG9w0BCQEWHXRpYWdvLmNvc3RhQHVyYmFu
LWNvbnRyb2wuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzmAR
0MNN2Ik+uMVYXOKgHqqcI3nChl9VE0k+9TJFTxfSiL1Cl16mi7hSWx3YjjGvRLA0
FRsm1MHpDie9GF0yUdl2rmmLlx+msNu0i07qZpgWVd5L5O/OaEDMUtCe2RQ9BeHU
5oueW2oYuwocDtoDg+2J0CUiB2MiudH9IRIcotFzLcxnLa4yIfEKQtbbQofC0c3U
X33HiQDZkMlhanIo6dn4ITsrxbHG0hj2xQJ6KWlYlzI8QTGxxipzf4dYSC0JeYFO
uwZrubNiHZ+FB7XCCSU2+vCIcRQ/XPgFm7/YnQuXXQv1Tk67pwnC5imh5XhscpKe
UkFuejyWNGsTVptRUxkd0jx0NJcmSoGQrsiTOGHkteNomvJF6SbQd4JgxWB/pMsH
tYi1XmYJfIo00dbzUftGDhjbcVKHxMg1p18OzbiDzsJsO+Qq2c5BgzrDjf0EIwHb
MIBkrO78SjWxfdPWFq7a72LPCxaQ4/Q+yFDddnOEBfWy7nxRqlGhEfwNaF0ORB3m
ULG0WDpXuySyqsCEj1VUH5v/qTxuVYeVf389g3VT3FjHCAMEUR92rmk+MX6G6xFE
IBg5CTazbFjpzpIJevRFITTnipyeES6kLC0aBcKFNgc2cDbuSKAfkC/JxSopwJRq
ZzTnp8NC5Wp5BHUnWtvlwLx+rf5zEF9DNl+tHykCAwEAAaNTMFEwHQYDVR0OBBYE
FEu1g2lXCONMLcDGZwcjNf64QtGqMB8GA1UdIwQYMBaAFEu1g2lXCONMLcDGZwcj
Nf64QtGqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAG0xHXli
l4d9lud8Ub0BbHy26o02Ye7Q8RNG1g8USwynHKbaw+Y4ceG/KRpQQJLBaNSTQyuD
8/9hTulJt7iS1aBdckiJWZzkhTu0H13QmDIwmphTkhZLaf2ffQvHp0M1kLiiTvxk
s7WDOEgw2bPhzUeul2Opvy8I2gGVBL5h5qp2Gm4WRDDMUK6YnJ0yINRmO307GdK9
688svP2WZG9S7OLX+40BJmi4FLdXI4mUyDzLJIx2yFTHLBxdc+rldUeK1WFB+g17
g4t3MvbBM1Nfa/CONRtJlxVommn0t+KDbXmGnBOWgL5kmjSjkOyyDfLS191wRagv
5T8LFZFYSKCnZWg/ZTaIlja70vtYLW0vzDKs2COeqnrrc9eAQhFmD3Idw0FrM9zR
Vsz6bKdcG3oMTs6goFEmPJVLgXsNHLtCKMfpgYL8TcoK/sOclQEIIzn0iMbhTSE6
fyPtr56BiYrFSHP3ONTf6G3lauWAUg/+6QZOinUK0dFgumEfUJoriwKZoeD37M25
ZdgpnMvsPOlmJfSpBEKsVw8vkdbj7jpAvM1VCS2XPzctU+tuz49yh9ldXHwJiWCo
AA9uRd6aAbzFmH/JIHYBaFgSyV1ft8tEFPthX7mS+nltNdthVb7lXVySzcULXR4J
XDMjezxXeiOjLp2lVe8yUTMEVxX0OmmYAKVJ
-----END CERTIFICATE-----
"
OK

D: Bytes sent: 20
D: Sending command AT+CMEE=0
D: Allocating memory slab for AT socket
D: Allocation done
D: Awaiting response for AT+CMEE=0
D: at_cmd_rx 5 bytes, OK

D: Bytes sent: 9
D: Credential length 0 bytes (expected 2171)
Certificate/key mismatch. Deleting existing certificate/key..., err 1

(...)

Please let me know if you also want me to send the command manually to the modem.

Thanks,

RE: The function modem_key_mgmt_cmp() fails to identify valid certificate

Heidi — Wed, 13 May 2020 07:26:11 GMT

Hi!

Sorry for the delayed reply, I've been taking a look at this with a developer. I am unfortunately not able to reproduce your error, so I'll need some debug information from you.

If you add CONFIG_AT_CMD_LOG_LEVEL__DBG=y to your project, you should get you a message like "Sending AT%CMNG=<>". I need you to flash an NCS sample that allows you to send AT commands directly to the modem and then and send that specific AT command and see what the output is.

Best regards,

Heidi