Hello,
A lot of thanks for your work.
See my observations /infra/. I hope it can help you.
Best regards
Le 13/03/2025 à 19:52, Alexandre Esse a écrit :
Hello Frédéric,
Great, I didn't see you already did some integration developments on
this board, I just joined the mailing list and didn't look extensively
into the history. For now I only pushed the chopstx part but indeed,
gnuk itself should also be updated.
I also have the STM32F103CBT6 version of the board. (marked as v1.1 on
the PCB: not sure what it means: I opened an Issue on github and send
an email to WeAct support to get some info:
https://github.com/WeActStudio/BluePill-Plus/issues/19)
You can find the difference between V1.0 et V1.1 here :
https://github.com/WeActStudio/WeActStudio.BluePill-Plus-CH32/tree/master/HDK
It's for CH32 processor but the design of the boards are all the same.
I have been testing both on the 1.2.20 branch and 2.2. But I guess I
will stay on v2.2 for the rest of my tests.
Here are the remaining tweaks I did on v2.2
(de9652726b1ce52b21e939c6989dda0268b5c640)of gnuk to make it work:
diff --git a/src/configure b/src/configure
index 1188a72..4ff7d1a 100755
--- a/src/configure
+++ b/src/configure
@@ -130,6 +130,7 @@ Configuration:
ST_NUCLEO_F103
NITROKEY_START
BLUE_PILL
+ BLUE_PILL_PLUS
STM8S_DISCOVERY
CQ_STARM
STM32_PRIMER2
@@ -164,7 +165,7 @@ MEMORY_SIZE=20
# Settings for TARGET
case $target in
-BLUE_PILL|STM8S_DISCOVERY)
+BLUE_PILL|BLUE_PILL_PLUS|STM8S_DISCOVERY)
# It's 64KB version of STM32F103, but actually has 128KB
flash_override="-DSTM32F103_OVERRIDE_FLASH_SIZE_KB=128"
;;
There is STM32F103C6T6 (64K) and CBT6 (128K), so i think your add
relative to : # setting to target, is not necessary for CBT6 processor
which have 128K memory. That's why i suggested to have multiple
definition board to take care of different processor (arm and riscv) and
different amount of memory
I haven't been testing "on-the-token" key generation. I only
transferred to it from a host PC. I always had KDF-DO activated.
The main issue I get is when I try to "reset" the token, it simply
doesn't work but I haven't been investigating it.
Also some PIN management's actions seem shaky (but there is a
possibility that this is due to my lack of experience on gnuk tokens too).
So for now, I tested the key with this kind of secret keys I get with
'gpg --list-secret-keys':
sec> ed25519 2025-03-13 [SC]
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Card serial no. = FFFF 00000000
uid [ultimate] Tmp Tmp <[email protected]>
ssb> cv25519 2025-03-13 [E]
ssb> ed25519 2025-03-13 [A]
I managed to sign, decrypt data and authenticate through ssh sessions
with it.
PB2 as LED is working and PA0 as ACK button is also working fine, I
haven't seen any issue for these use-case in a week.
About ack button, it is on PA0 and PA0 is used for it's ADC function and
entropy generation, so i think you have to modifiy
/gnuk/chopstx/contrib/adc-stm32ff103.c in order to use an other pin for
ADC than PA0
Entropy generation graph is explain on Niibe site here :
https://www.gniibe.org/memo/development/gnuk/rng/neug.html
You can see that PA0 and PA1 are used for their ADC. It's also indicate
for example in board-fst-01-00.h file
* PA0 - input with pull-up. AN0
* PA1 - input with pull-up. AN1
For Blue-Pill-Plus, button is connect to 3.3V
(https://github.com/WeActStudio/BluePill-Plus/blob/master/HDK/BluePillPlus_V10_SchDoc.pdf)
so i think you configure PA0 as input pull-down. I think all this change
can interfere with good entropy generation. I see different cases of
board in /gnuk/chopstx/contrib/adc-stm32ff103.c which seem to use
different ADC pins but i don't really understand how. It's for that, i
didn't take care of ackbutton to day.
---------------------------------------------------------------
In your board file, you indicate id board : 0x49403d56. In mine, i
indicate 0x1ba01477. I get this id with stlink program as core id. Can
your tell me how you get your board id ?
Frédéric SUEL
Regards,
Alexandre
On Fri, 7 Mar 2025 at 10:00, Frédéric SUEL <[email protected]> wrote:
Ref : Post on the gnuk list : Frédéric SUEL frederic.suel at
free.fr <http://free.fr> Mon Feb 17 11:13:25 CET 2025
Hi,
Thank you for your interest for this board.
When i asked help about this board, i proposed a file
board-blue-pill-plus-cb.h because this board exist with 4 arm
processor and two riscv processors. I indicated cd because there
is STM32F103C8T6 (64k) and CBT6 (128k). To take care of 64K
version, you have to add code in /gnuk/src/.configure. (see my post)
For my blue-pilll-board stm32F103CB, i have #define BOARD_ID
0x1ba01477 (see my post). Perhaps your board is a STM32F103C6T6
board, i don't know why IDs are different
For instance, i doesn't take care of ackbutton because there is a
supplementary problem as PA0 is used for it's ADC and for entropy
generation. I think you have to modify
/gnuk/chopstx/contrib/adc-stm32ff103.c but i doesn't know how.
----
So i just created /gnuk/board/board-blue-pill-plus-cb.h, modified
/gnuk/src/.configure to add definition of BLUE-PILL-PLLUS-CB
and/**/chopstx/mcu/sys-stm31f103.h for my first tests and doesn't
take care of ackbutton on PA0
I get :
-- works fine with curve25519 : generation on the board and import
on the board.
-- impossibility to generate secp256k1 on the board even with
KDF-DO activate as Niibe suggested (msg : used conditions not
satisfied)
-- impossibility to generate X448 on the board even with Niibe
patch (msg : board error)
-- impossibility to import X448 on the board. It seems to work but
only encrypt key is on the board and works. The other keys are
marked as # . I get with gpg --list-secret-keys
sec# ed448/0xAA988F88C70C3DEE 2025-02-23 [SC] [expire : 2075-02-11]
Empreinte de la clef = AA988 F88C7 0C3DE E74BE DFF48 D127D 4BA4E
CAEB3 685B3 575E7
uid [ ultime ] tmp
ssb> cv448/0x406CC6562774BC84 2025-02-23 [E] [expire : 2075-02-11]
ssb# ed448/0x02BB1F8E7A2B268A 2025-02-23 [A] [expire : 2075-02-11]
----
Can you precise what's work with your board ?
Best regards
Le 06/03/2025 à 23:47, Alexandre Esse a écrit :
Hello,
Here is a short message to notify the mailing list that I
proposed a merge request on chopstx:
https://salsa.debian.org/gnuk-team/chopstx/chopstx/-/merge_requests/1
This is the first step to add gnuk support for Blue Pill Plus
boards <https://github.com/WeActStudio/BluePill-Plus/>.
Not sure if this is the way to contribute: looking forward to
your feedback.
Regards,
Alexandre
_______________________________________________
Gnuk-users mailing list
[email protected]
https://lists.gnupg.org/mailman/listinfo/gnuk-users
_______________________________________________
Gnuk-users mailing list
[email protected]
https://lists.gnupg.org/mailman/listinfo/gnuk-users
