Greetings,
I am new to the list, please do excuse me, in case of any list specific etiquette issues.
Trying to use a 1.6.1 release with a Cortex M7 port, specifically a STM32H7.
After enabling MBEDTLS_ENTROPY_HARDWARE_ALT, did implement mbedtls_hardware_poll()
It looks thus, and it does appear to work from a hardware perspective:
/** * mbedtls_hardware_poll() * Read random data from the Hardware RNG for entropy applications */ int mbedtls_hardware_poll(void *arg, unsigned char *ent_buf, size_t count, size_t *ent_len) { register uint8_t i = 0; uint32_t rand;
if (!LL_RNG_IsEnabled(RNG)) LL_RNG_Enable(RNG); /* Enable Random Number Generator */
for (i = 0; i < count; i++) { while (!LL_RNG_IsActiveFlag_DRDY(RNG)) { } /* Wait for DRDY flag to be raised */ if ((LL_RNG_IsActiveFlag_CECS(RNG)) || (LL_RNG_IsActiveFlag_SECS(RNG))) { /* Check error, if any */
/* Clock or Seed Error detected. Set Error */ printf(" (%d) %s: Clock/Seed Error!\r\n", __LINE__, __FUNCTION__); } rand = LL_RNG_ReadRandData32(RNG); /* Read RNG data */ memcpy(&(ent_buf[i * 4]), &rand, 4); /* *ent_len += 4 */ } LL_RNG_Disable(RNG); /* Stop random numbers generation */ *ent_len = ((i + 1) * 4); printf(" (%d) %s: Random Words: %d Word: %04d\r\n", __LINE__, __FUNCTION__, count, rand);
return 0; }
The code which causes the problem is this, in my tls_init()
int tls_init(void) { int ret;
/* inspired by https://tls.mbed.org/kb/how-to/mbedtls-tutorial */ const char *pers = "SYS-LWH7";
printf(" (%d) %s: Initializing\r\n", __LINE__, __FUNCTION__); /* initialize descriptors */
mbedtls_ssl_init(&ssl); printf(" (%d) %s: SSL initialize\r\n", __LINE__, __FUNCTION__);
mbedtls_ssl_config_init(&conf); printf(" (%d) %s: SSL Config initialized\r\n", __LINE__, __FUNCTION__);
mbedtls_x509_crt_init(&cacert); printf(" (%d) %s: x509 CRT initialized\r\n", __LINE__, __FUNCTION__);
mbedtls_ctr_drbg_init(&ctr_drbg); printf(" (%d) %s: DRBG initialized\r\n", __LINE__, __FUNCTION__);
mbedtls_entropy_init(&entropy); printf(" (%d) %s: Entropy initialized\r\n", __LINE__, __FUNCTION__);
ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *) pers, strlen(pers)); if (ret) {
LWIP_DEBUGF(MQTT_APP_DEBUG_TRACE, ("failed !\n mbedtls_ctr_drbg_seed returned %d\n", ret));
printf(" (%d) %s: DRBG seed failed, ret=%d\r\n", __LINE__, __FUNCTION__, ret); return -1; } printf(" (%d) %s: DRBG seed returned:%d\r\n", __LINE__, __FUNCTION__, ret);
/** * The transport type determines if we are using * TLS (MBEDTLS_SSL_TRANSPORT_STREAM) or * DTLS (MBEDTLS_SSL_TRANSPORT_DATAGRAM). */ ret = mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT); if (ret) { LWIP_DEBUGF(MQTT_APP_DEBUG_TRACE, ("failed !\n mbedtls_ssl_config_defaults returned %d\n\n", ret));
printf("(%d) %s: SSL config defaults failed, ret=%d\r\n", __LINE__, __FUNCTION__, ret); return -1; } printf("(%d) %s: SSL config defaults returned:%d\r\n", __LINE__, __FUNCTION__, ret);
ret = mbedtls_x509_crt_parse(&cacert, (const unsigned char *)test_ca_crt, test_ca_crt_len); if (ret) printf(" (%d) %s: failed!\n mbedtls_x509_crt_parse returned %d\r\n", __LINE__, __FUNCTION__, ret); else printf(" (%d) %s: mbedtls_x509_crt_parse returned %d\r\n", __LINE__, __FUNCTION__, ret);
mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL); mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_REQUIRED);
/** * The library needs to know which random engine * to use and which debug function to use as callback. */ mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg); mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); mbedtls_ssl_setup(&ssl, &conf); }
The output of which looks thus, in a serial terminal:
(1217) print_dhcp_state: Try connect to Broker (174) tls_init: Initializing (178) tls_init: SSL initialize (181) tls_init: SSL Config initialized (184) tls_init: x509 CRT initialized (187) tls_init: DRBG initialized (190) tls_init: Entropy initialized (1027) mbedtls_hardware_poll: Random Words: 128 Word: -558876895
Any thoughts/ideas, what could be wrong ? Any kind soul in here ?
Thanks, Manu
mbed-tls@lists.trustedfirmware.org
-
Manu Abraham