MbedTLS handshake failure during write client key exchange (client state 8)

christophe_heyert · January 20, 2022, 5:29am

Hello…

After successfully integrating and securely connecting to a server using MbedTLS on an STM32L496 (the example design with the true RNG on the STML496), we needed to port/use/try this on an STM32F103

The STM32F103 does not have a hardware RNG as entropy source, but browsing a little online, it seems there should be a few options at least.

is to create a different type of HW entropy source (using ADC noise).
Using the NV seed option.

I think I successfully added the ADC entropy source by creating my own version of
mbedtls_hardware_poll and then adding that as a source
if( (ret = mbedtls_entropy_add_source(&tlsData->entropy, mbedtls_hardware_poll, NULL, 1, MBEDTLS_ENTROPY_SOURCE_STRONG)) != 0 )
etc…
That all seems fine until the handshake hits Client State 8 (write client key exchange) when it then returns

if( (ret = mbedtls_entropy_add_source(&tlsData->entropy, mbedtls_hardware_poll, NULL, 1, MBEDTLS_ENTROPY_SOURCE_STRONG)) != 0 )

I have noticed it takes a bit of time to try to do execute the write record, so I am unsure if this is now that the server has effectively closed the connection, or if there is still a problem with the entropy perhaps, or a memory issue of some sort…
I am not sure how to assess this even at this point.

When trying with the NV seed option, the handshake also reaches this stage (client state 8 write client key exchange), but then it hardfaults.

I am sure that the private key is correct, as I have copied the code from the working platform on how it is fetched and passed on, parsing the key is fine as mbedtls_pk_parse_key executes fine.

This is the failure with the ADC entropy source

/Core/Src/MbedTLS/ssl_tls.c:2496: ssl->f_send() returned -30848 (-0x7880)

…/Core/Src/MbedTLS/ssl_tls.c:2918: mbedtls_ssl_flush_output() returned -30848 (-0x7880)

…/Core/Src/MbedTLS/ssl_cli.c:3068: mbedtls_ssl_write_record() returned -30848 (-0x7880)

…/Core/Src/MbedTLS/ssl_tls.c:6764: <= handshake

ERROR: net_sock_open_mbedtls L#359 failed
! mbedtls_ssl_handshake returned -0x7880
…/Core/Src/MbedTLS/ssl_tls.c:7542: => free

Any help would be appreciated.

Topic		Replies	Views
MbedTLS Porting into new environment - Help with networking and entropy Mbed TLS mbed_client , mbed_tls , mbed_os	9	3152	May 7, 2019
MbedTLS handshake is not functioning properly when attempting client authentication Platform specific questions mbed_client , mbed_tls , stmicroelectronics	2	5106	January 1, 2024
Mbedtls handshake write certificate verify problem Mbed TLS	0	15	November 20, 2024
Mbed tls handshake returns --x7200 Mbed TLS mbed_tls	1	736	April 16, 2022
mbedTLS RSA encryption without entropy Mbed TLS mbed_tls	1	1049	December 10, 2019

MbedTLS handshake failure during write client key exchange (client state 8)

Related topics