Hi,

 

Thanks for the reply. In my code, found that

 

mbedtls_ctr_drbg_seed(), returned 0x0034 the return was not properly handled. After having printfs I could able to see where the progeam terminates even before calling function to generate random  bytes.

 

Any Idea, I guess, NV_SEED write function alone is the reason, while commenting the content of function FN_NV_SEED_WR, only with return 0, the error was not generated.

 

Whle debugging inside the library, I could not see the mbedtls_entropy_update_nv_seed() not getting called.

 

 

Thanks,

Gopi Krishnan

 

From: Janos Follath <Janos.Follath@arm.com>
Sent: Friday, June 4, 2021 1:48 PM
To: Subramanian Gopi Krishnan <gopikrishnan.subramanian@kone.com>
Cc: T V LIJIN (EXT) <lijin.tv@kone.com>; mbed-tls@lists.trustedfirmware.org
Subject: Re: NV_SEED read working and write not working

 

This message is from an external sender. Be cautious, especially with links and attachments.

Hi Gopi,

 

FN_NV_SEED_WR  supposed to be called the first time the entropy context is used to retrieve some entropy. This is tracked by the `initial_entropy_run` member in the `mbedtls_entropy_context` structure (on the initial run it is zero, non-zero otherwise).

 

FN_NV_SEED_WR  not being called might mean that your “Entropy” variable hasn’t been properly initialised or that it has been used before the callbacks are set.

 

Please note that Mbed TLS 2.16.2 has known bugs and vulnerabilities. You should upgrade to the latest bug-fixing version of the 2.16 branch, 2.16.10.

 

Best regards,

Janos

(Mbed TLS developer)

 

From: mbed-tls <mbed-tls-bounces@lists.trustedfirmware.org> on behalf of Subramanian Gopi Krishnan via mbed-tls <mbed-tls@lists.trustedfirmware.org>
Date: Friday, 4 June 2021 at 05:50
To: mbed-tls@lists.trustedfirmware.org <mbed-tls@lists.trustedfirmware.org>
Cc: T V LIJIN (EXT) <lijin.tv@kone.com>
Subject: Re: [mbed-tls] NV_SEED read working and write not working

Hi,

 

              I am working on a embedded platform, that does not has any entropy source except system ticks. To improve the randomness, I am trying to utilize NV_SEED operations. The version of mbedtls version 2.16.2 is being used.

 

Configuration file I have enabled:

#define MBEDTLS_ENTROPY_NV_SEED

#define MBEDTLS_PLATFORM_NV_SEED_ALT

 

 

After initializing and before seeding random number generator, I assign functions of nv seed read and write to platform seeding function as below.

   if( r = mbedtls_platform_set_nv_seed(FN_NV_SEED_RD, FN_NV_SEED_WR) )

   {

      return( r );

   }

   if( r = mbedtls_ctr_drbg_seed( &CtrDrbg, mbedtls_entropy_func, &Entropy,

                                  (const unsigned char *) u8SeedingString, (size_t)Length ) )

   {

      return ( r );

   }

 

Later functions to generate random and free context.

 

While running, I could see only the FN_NV_SEED_RD  function is getting called. And, FN_NV_SEED_WR  function is not getting called. I tried to add some print statements in mbedtls library function, mbedtls_entropy_update_nv_seed().

 

But it looks like, this function was never called by the library.

  1. Anything else to be done?
  2. someone could help me ensure NV_SEED is properly incorporated
  3. How to trace the issue.

 

 

Thanks,

Gopi Krishnan