Replying to my own post,
I did dig in a bit more;
It appears that it gets stuck in here within: int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx, const unsigned char *additional, size_t len )
memset( seed, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT ); printf("(%d) %s: Done\r\n", __LINE__, __FUNCTION__); <---- line#412
/* * Gather entropy_len bytes of entropy to seed state */ if( 0 != ctx->f_entropy( ctx->p_entropy, seed, ctx->entropy_len ) ) <----- appears to be stuck in this callback f_entropy() { return( MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED ); }
seedlen += ctx->entropy_len; printf("(%d) %s: Done\r\n", __LINE__, __FUNCTION__); <----- line #424
Sprinkling a few prints here and there, it looks thus:
(174) tls_init: Initializing (178) tls_init: SSL initialize (181) tls_init: SSL Config initialized (184) tls_init: x509 CRT initialized (187) tls_init: DRBG initialized (190) tls_init: Entropy initialized (95) mbedtls_ctr_drbg_seed_entropy_len: AES initialized (112) mbedtls_ctr_drbg_seed_entropy_len: AES setkey enc (412) mbedtls_ctr_drbg_reseed: Done (1027) mbedtls_hardware_poll: Random Words: 128 Word: 834688558
Someone help ?
Thanks, Manu
On Mon, Aug 17, 2020 at 10:46 PM Manu Abraham via mbed-tls mbed-tls@lists.trustedfirmware.org wrote:
Greetings,
I am new to the list, please do excuse me, in case of any list specific etiquette issues.
Trying to use a 1.6.1 release with a Cortex M7 port, specifically a STM32H7.
After enabling MBEDTLS_ENTROPY_HARDWARE_ALT, did implement mbedtls_hardware_poll()
It looks thus, and it does appear to work from a hardware perspective:
/**
- mbedtls_hardware_poll()
- Read random data from the Hardware RNG for entropy applications
*/ int mbedtls_hardware_poll(void *arg, unsigned char *ent_buf, size_t count, size_t *ent_len) { register uint8_t i = 0; uint32_t rand;
if (!LL_RNG_IsEnabled(RNG)) LL_RNG_Enable(RNG); /* Enable Random Number Generator */ for (i = 0; i < count; i++) { while (!LL_RNG_IsActiveFlag_DRDY(RNG)) { } /* Wait for DRDY
flag to be raised */ if ((LL_RNG_IsActiveFlag_CECS(RNG)) || (LL_RNG_IsActiveFlag_SECS(RNG))) { /* Check error, if any */
/* Clock or Seed Error detected. Set Error */ printf(" (%d) %s: Clock/Seed Error!\r\n", __LINE__, __FUNCTION__); } rand = LL_RNG_ReadRandData32(RNG); /* Read RNG data */ memcpy(&(ent_buf[i * 4]), &rand, 4); /* *ent_len += 4 */ } LL_RNG_Disable(RNG); /* Stop random numbers generation */ *ent_len = ((i + 1) * 4); printf(" (%d) %s: Random Words: %d Word: %04d\r\n", __LINE__, __FUNCTION__, count, rand); return 0;
}
The code which causes the problem is this, in my tls_init()
int tls_init(void) { int ret;
/* inspired by https://tls.mbed.org/kb/how-to/mbedtls-tutorial */ const char *pers = "SYS-LWH7"; printf(" (%d) %s: Initializing\r\n", __LINE__, __FUNCTION__); /* initialize descriptors */ mbedtls_ssl_init(&ssl); printf(" (%d) %s: SSL initialize\r\n", __LINE__, __FUNCTION__); mbedtls_ssl_config_init(&conf); printf(" (%d) %s: SSL Config initialized\r\n", __LINE__, __FUNCTION__); mbedtls_x509_crt_init(&cacert); printf(" (%d) %s: x509 CRT initialized\r\n", __LINE__, __FUNCTION__); mbedtls_ctr_drbg_init(&ctr_drbg); printf(" (%d) %s: DRBG initialized\r\n", __LINE__, __FUNCTION__); mbedtls_entropy_init(&entropy); printf(" (%d) %s: Entropy initialized\r\n", __LINE__, __FUNCTION__); ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *) pers, strlen(pers)); if (ret) { LWIP_DEBUGF(MQTT_APP_DEBUG_TRACE, ("failed !\n mbedtls_ctr_drbg_seed returned %d\n", ret)); printf(" (%d) %s: DRBG seed failed, ret=%d\r\n", __LINE__,
__FUNCTION__, ret); return -1; } printf(" (%d) %s: DRBG seed returned:%d\r\n", __LINE__, __FUNCTION__, ret);
/** * The transport type determines if we are using * TLS (MBEDTLS_SSL_TRANSPORT_STREAM) or * DTLS (MBEDTLS_SSL_TRANSPORT_DATAGRAM). */ ret = mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT); if (ret) { LWIP_DEBUGF(MQTT_APP_DEBUG_TRACE, ("failed !\n mbedtls_ssl_config_defaults returned %d\n\n", ret)); printf("(%d) %s: SSL config defaults failed, ret=%d\r\n",
__LINE__, __FUNCTION__, ret); return -1; } printf("(%d) %s: SSL config defaults returned:%d\r\n", __LINE__, __FUNCTION__, ret);
ret = mbedtls_x509_crt_parse(&cacert, (const unsigned char *)test_ca_crt, test_ca_crt_len); if (ret) printf(" (%d) %s: failed!\n mbedtls_x509_crt_parse returned
%d\r\n", __LINE__, __FUNCTION__, ret); else printf(" (%d) %s: mbedtls_x509_crt_parse returned %d\r\n", __LINE__, __FUNCTION__, ret);
mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL); mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_REQUIRED); /** * The library needs to know which random engine * to use and which debug function to use as callback. */ mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg); mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); mbedtls_ssl_setup(&ssl, &conf);
}
The output of which looks thus, in a serial terminal:
(1217) print_dhcp_state: Try connect to Broker (174) tls_init: Initializing (178) tls_init: SSL initialize (181) tls_init: SSL Config initialized (184) tls_init: x509 CRT initialized (187) tls_init: DRBG initialized (190) tls_init: Entropy initialized (1027) mbedtls_hardware_poll: Random Words: 128 Word: -558876895
Any thoughts/ideas, what could be wrong ? Any kind soul in here ?
Thanks, Manu -- mbed-tls mailing list mbed-tls@lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls