Mbed TLS is now part of TrustedFirmware.org.

The random generator failed to generate non-zeros error with AWS


Jul 25, 2017 17:31
Murat Cakmak

Hello,

I am trying to port AWS SDK which uses mbedtls on Ameba Board. I have a function for AWS : iot_tls_connect to initialize mbedtls.

MCU has a TRNG but in the first phase it is not important to use HW TRNG. A software RNG and Entropy can be fine. I tried lots of different combination and mbedtls config but I am getting following error

iot_tls_connect: mbedtls_ssl_handshake(): RSA - The random generator failed to generate non-zeros aws_iot_mqtt_connect failed SSL handshake error

My last code

mbedtls_net_init(&server_fd);
mbedtls_ssl_init(&ssl);
mbedtls_ssl_config_init(&conf);
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_x509_crt_init(&cacert);
mbedtls_x509_crt_init(&clicert);
mbedtls_pk_init(&pkey);
/*  my_random returns random values from HW TRNG */
mbedtls_ssl_conf_rng(&ssl, my_random, NULL);

IOT_DEBUG("Seeding the random number generator...");
mbedtls_entropy_init(&entropy);

/* Added to test */
ret = mbedtls_entropy_add_source(&entropy, entropy_dummy_source, NULL, 16, 1);

if((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, pers, strlen(pers))) != 0) { ... }

/* Added for test as suggested in tutorials */
mbedtls_ctr_drbg_set_prediction_resistance(&ctr_drbg, MBEDTLS_CTR_DRBG_PR_ON );

It can be about my config file. Tutorials did not help. It blocks me. Any idea.

Thank you.

 
Jul 26, 2017 06:53
Ron Eldor

Hi Murat,
mbedtls_entropy_add_source , as its name, adds another entropy source, the the entropy context.
mbedtls_ctr_drbg_seed is basically seeding the drbg context (ctr_drbg in your example) with the entropy context, using the entropy sources tied to it.
Since you are using your rng function my_random, it means that the entropy seeding done for ctr_drbg is not used, so I would investigate your my_random function, to see what it outputs.
In addition, I think you might be abusing the HW TRNG, which should usually be done for seeding the DRBG, not for commonly generating a random vector, which is usually done in DRBG\PRNG, unless you can verify that it can generate large size of true random value.
I suggest you use the mbedtls_ctr_drbg_random as your random function, as shown in ssl_client2:

mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );

And use your HW_TRNG as your entropy source for the entropy.
I hope this helps you
Regards,
mbed TLS Team member
Ron

 
Jul 26, 2017 11:11
Murat Cakmak

Thank you Ron,

myrandom functions just calls a ROM placed function which I cannot see the source so in the first phase I dont want to use HW TRNG. A SW rng and entropy are enough for the first phase.

I applied your suggestion for mbedtls_ssl_conf_rng function but still getting same error. I removed also mbedtls_entropy_add_source function call.

mbedtls_net_init(&server_fd);
mbedtls_ssl_init(&ssl));
mbedtls_ssl_config_init(&conf);
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_x509_crt_init(&cacert);
mbedtls_x509_crt_init(&clicert);
mbedtls_pk_init(&pkey);
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );

mbedtls_entropy_init(&(tlsDataParams->entropy));

if((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *) pers, strlen(pers))) != 0) { ... }

I also tried to MBEDTLS_TEST_NULL_ENTROPY but still same. Do you want me any additional info.

 
Jul 27, 2017 08:16
Ron Eldor

Hi Murat,
Please try adding the entropy_dummy_source as another source to your entropy collector, assuming this dummy source does something..
I suggest you first try testing only random, with the random sample programs, before you test this feature as part of the handshake.
Regards,
mbed TLS TEam member
Ron