Arm Mbed and Pelion Device Management support forum

Getting error code while seeding drbg

I am using mbedtls_ctr_drbg_sees function.
But it is giving error “! mbedtls_ctr_drbg_seed returned -52”

mbedtls_entropy_init( &entropy );
mbedtls_ctr_drbg_init( &ctr_drbg );
char *pers = “string”;
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,(const unsigned char *) pers,strlen( pers ) ) ) != 0 )
{
printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
//goto exit;
}

Thankyou so much in advance.

HI @sebin
The error -53 is MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED and it is returned when your entropy collection function (mbedtls_entropy_func()) fails.
Please provide more informaiton on what entropy configuration you have set, and what is your platform \ OS. What entropy sources are used in your platform.
Regards,
Mbed TLS Support
Ron

Hi @roneld01
Thank you very much for your reply. I was able to fix the issue.
I looked into it, I haven’t configured any entropy source. because of that i got that error.
Now it is working fine.

I have one more question.
my platform is ARM Cortex M3 processor. (https://www.microchip.com/developmenttools/ProductDetails/at88ckecc-aws-xstk-b)
in this i don’t have a file system or any entropy source.

now what I have did is, I made a character buffer and i am using that as a entropy source.

Code:

char *temp = “somerandom stringi havegivenasthesource”;
int mbedtls_platform_std_nv_seed_read( unsigned char *buf, size_t buf_len )
{

memcpy(buf,temp, buf_len);
return( buf_len );
}

int mbedtls_platform_std_nv_seed_write( unsigned char *buf, size_t buf_len )
{
memcpy(temp,buf, buf_len);
return( buf_len );
}

Is this approach is fine, or is there any better way to do this.

HI @sebin
Although this approach will functionally work, it is entirely not secure!
Since you are using a hardcoded constant string, you will not get a random vector when calling the DRBG get_random functions.
Even if the “somerandom stringi havegivenasthesource” will not be exposed to the public, every boot the initial seed for the DRBG will be same, and thus the output of your DRBG random functions will be predictable.

However, according to the link you referenced, it mentions:

  • Complete development and prototyping platform on AWS IoT service Includes three CryptoAuthed Xplained Pro Rev B (ATCRYPTOAUTH-XPRO-B) add-on boards, each containing a generic ATECC508A and ATECC608A.

Looking at the data sheet of ATEC508A, it includes:

Internal High-Quality FIPS Random Number Generator (RNG)

So you could use this as an entropy source (or if it’s a DRBG rng, you could use it as an alternative).
Regards

Hi @roneld01
Thank you very much for your quick reply and a very good answer.

I will try to do the way you have suggested.