Hi Gopi,
FN_NV_SEED_WR supposed to be called the first time the entropy context is used to retrieve some entropy. This is tracked by the `initial_entropy_run` member in the `mbedtls_entropy_context` structure (on the initial run it is zero, non-zero otherwise).
FN_NV_SEED_WR not being called might mean that your “Entropy” variable hasn’t been properly initialised or that it has been used before the callbacks are set.
Please note that Mbed TLS 2.16.2 has known bugs and vulnerabilities. You should upgrade to the latest bug-fixing version of the 2.16 branch, 2.16.10.
Best regards, Janos (Mbed TLS developer)
From: mbed-tls mbed-tls-bounces@lists.trustedfirmware.org on behalf of Subramanian Gopi Krishnan via mbed-tls mbed-tls@lists.trustedfirmware.org Date: Friday, 4 June 2021 at 05:50 To: mbed-tls@lists.trustedfirmware.org mbed-tls@lists.trustedfirmware.org Cc: T V LIJIN (EXT) lijin.tv@kone.com Subject: Re: [mbed-tls] NV_SEED read working and write not working Hi,
I am working on a embedded platform, that does not has any entropy source except system ticks. To improve the randomness, I am trying to utilize NV_SEED operations. The version of mbedtls version 2.16.2 is being used.
Configuration file I have enabled: #define MBEDTLS_ENTROPY_NV_SEED #define MBEDTLS_PLATFORM_NV_SEED_ALT
After initializing and before seeding random number generator, I assign functions of nv seed read and write to platform seeding function as below. if( r = mbedtls_platform_set_nv_seed(FN_NV_SEED_RD, FN_NV_SEED_WR) ) { return( r ); } if( r = mbedtls_ctr_drbg_seed( &CtrDrbg, mbedtls_entropy_func, &Entropy, (const unsigned char *) u8SeedingString, (size_t)Length ) ) { return ( r ); }
Later functions to generate random and free context.
While running, I could see only the FN_NV_SEED_RD function is getting called. And, FN_NV_SEED_WR function is not getting called. I tried to add some print statements in mbedtls library function, mbedtls_entropy_update_nv_seed().
But it looks like, this function was never called by the library.
1. Anything else to be done? 2. someone could help me ensure NV_SEED is properly incorporated 3. How to trace the issue.
Thanks, Gopi Krishnan
Hi,
Thanks for the reply. In my code, found that
mbedtls_ctr_drbg_seed(), returned 0x0034 the return was not properly handled. After having printfs I could able to see where the progeam terminates even before calling function to generate random bytes.
Any Idea, I guess, NV_SEED write function alone is the reason, while commenting the content of function FN_NV_SEED_WR, only with return 0, the error was not generated.
Whle debugging inside the library, I could not see the mbedtls_entropy_update_nv_seed() not getting called.
Thanks, Gopi Krishnan
From: Janos Follath Janos.Follath@arm.com Sent: Friday, June 4, 2021 1:48 PM To: Subramanian Gopi Krishnan gopikrishnan.subramanian@kone.com Cc: T V LIJIN (EXT) lijin.tv@kone.com; mbed-tls@lists.trustedfirmware.org Subject: Re: NV_SEED read working and write not working
This message is from an external sender. Be cautious, especially with links and attachments. Hi Gopi,
FN_NV_SEED_WR supposed to be called the first time the entropy context is used to retrieve some entropy. This is tracked by the `initial_entropy_run` member in the `mbedtls_entropy_context` structure (on the initial run it is zero, non-zero otherwise).
FN_NV_SEED_WR not being called might mean that your "Entropy" variable hasn't been properly initialised or that it has been used before the callbacks are set.
Please note that Mbed TLS 2.16.2 has known bugs and vulnerabilities. You should upgrade to the latest bug-fixing version of the 2.16 branch, 2.16.10.
Best regards, Janos (Mbed TLS developer)
From: mbed-tls <mbed-tls-bounces@lists.trustedfirmware.orgmailto:mbed-tls-bounces@lists.trustedfirmware.org> on behalf of Subramanian Gopi Krishnan via mbed-tls <mbed-tls@lists.trustedfirmware.orgmailto:mbed-tls@lists.trustedfirmware.org> Date: Friday, 4 June 2021 at 05:50 To: mbed-tls@lists.trustedfirmware.orgmailto:mbed-tls@lists.trustedfirmware.org <mbed-tls@lists.trustedfirmware.orgmailto:mbed-tls@lists.trustedfirmware.org> Cc: T V LIJIN (EXT) <lijin.tv@kone.commailto:lijin.tv@kone.com> Subject: Re: [mbed-tls] NV_SEED read working and write not working Hi,
I am working on a embedded platform, that does not has any entropy source except system ticks. To improve the randomness, I am trying to utilize NV_SEED operations. The version of mbedtls version 2.16.2 is being used.
Configuration file I have enabled: #define MBEDTLS_ENTROPY_NV_SEED #define MBEDTLS_PLATFORM_NV_SEED_ALT
After initializing and before seeding random number generator, I assign functions of nv seed read and write to platform seeding function as below. if( r = mbedtls_platform_set_nv_seed(FN_NV_SEED_RD, FN_NV_SEED_WR) ) { return( r ); } if( r = mbedtls_ctr_drbg_seed( &CtrDrbg, mbedtls_entropy_func, &Entropy, (const unsigned char *) u8SeedingString, (size_t)Length ) ) { return ( r ); }
Later functions to generate random and free context.
While running, I could see only the FN_NV_SEED_RD function is getting called. And, FN_NV_SEED_WR function is not getting called. I tried to add some print statements in mbedtls library function, mbedtls_entropy_update_nv_seed().
But it looks like, this function was never called by the library.
1. Anything else to be done? 2. someone could help me ensure NV_SEED is properly incorporated 3. How to trace the issue.
Thanks, Gopi Krishnan
mbed-tls@lists.trustedfirmware.org
-
Janos Follath -
Subramanian Gopi Krishnan