From gniibe at fsij.org Mon Apr 15 07:31:35 2019 From: gniibe at fsij.org (NIIBE Yutaka) Date: Mon, 15 Apr 2019 14:31:35 +0900 Subject: TTXS and Chopstx for STM32L432 Message-ID: <871s2396mg.fsf@iwagami.gniibe.org> Hello, I do some work to port Chopstx to STM32L432. No FPU support, no drivers other than USART, currently. My intention of this port is not for Gnuk, but for new project named TTXS. It is free firmware for CCID reader. Tian Tian Xiang Shang - free firmware for CCID reader: https://www.gniibe.org/memo/development/ttxs/ttxs-hardware.html It is not mature, but somehow works with OpenPGP card now, with STM32F103. I test it with OpenPGP card against Gnuk's test suite. My motivation is simple: While supporting OpenPGP card for GnuPG, it's good to have less unknown factors. Currently, my intention is to figure out minimum feature set of CCID reader. It is TPDU T=1 only card reader. Perhaps T=0 support would make sense (for other cards). Some smartcards run in "inverse convention". In this communication, the polarity and the order are opposite (1 is lower voltage and MSB first). STM32L432 can support this feature, with no external hardware. I'm going to port USART driver (and possibly USB driver) to STM32L432 and port TTXS to STM32L432. Unfortunately for Gnuk, STM32L432 comes with many features. The core is Cortex-M4 with FPU. And it comes with many peripherals with many features. In my opinion, I don't need those features for Gnuk. After all, if we need more features, it's better to use PC for having our private keys. Perhaps, in future (after the first release of current TTXS), it would be better for me to develop TTXS with FPGA. I think that it is feasible by something like TinyFPGA BX. -- From gniibe at fsij.org Wed Apr 17 04:05:59 2019 From: gniibe at fsij.org (NIIBE Yutaka) Date: Wed, 17 Apr 2019 11:05:59 +0900 Subject: Alternative Gnuk token board design In-Reply-To: References: Message-ID: <87h8ax9yig.fsf@iwagami.gniibe.org> Hello, "Rigas, Evangelos" wrote: > You can find the design files here: https://git.rnd2.org/erigas/gnukey > (pcb) and https://git.rnd2.org/erigas/gnukey-ds (case). Thank you for sharing your project. It looks great. I'm sorry I didn't have time to reply soonish. Case design looks good. In my FST-01SZ, I put RESET pin to SWD. This is because a programmer should wake up the MCU (by RESET signal) when it's in sleep mode. > You can find the changes to chopstx here: > https://git.rnd2.org/erigas/chopstx/src/branch/gnukey > in case you want to include it to the project. > In that case I will try to get a PID from pid.codes as mentioned in a > previous thread (Binary distribution). I'll include your change. For Gnuk, I can put your PID to gnuk/GNUK_USB_DEVICE_ID. (Scripts under gnuk/tool depends on this file.) Well, writing about VID:PID... While it is common to use VID:PID to identify the device, I made a merge request to Debian GnuPG (with my less skill of using Gitlab): https://salsa.debian.org/debian/gnupg2/merge_requests/5 This change makes it possible to identify Gnuk Token by the USB string of "Gnuk Token". -- From surettcharles at gmail.com Wed Apr 17 22:20:42 2019 From: surettcharles at gmail.com (Charles Surett) Date: Wed, 17 Apr 2019 16:20:42 -0400 Subject: Recommended Development Hardware Message-ID: Hello, What is the currently recommended development hardware? I want to be able to make a Gnuk device and be able to debug it without the need to solder. I also was wondering if it is possible to port Gnuk to a device like a Teensy. From gniibe at fsij.org Fri Apr 19 02:26:06 2019 From: gniibe at fsij.org (NIIBE Yutaka) Date: Fri, 19 Apr 2019 09:26:06 +0900 Subject: Recommended Development Hardware In-Reply-To: References: Message-ID: <8736mehmch.fsf@iwagami.gniibe.org> Charles Surett wrote: > What is the currently recommended development hardware? I want to be > able to make a Gnuk device and be able to debug it without the need to > solder. When I started the development, it was Olimex STM32-H103 + ARM-USB-TINY. I still use it occasionally. Good point is the availability over ten years. Now, if you have easy access to China, I'd recommend a board with GD32F103, like: https://item.taobao.com/item.htm?spm=a230r.1.14.47.6968699cocpOsR&id=545797823754 Well, I don't have experience with this board. I think it's good to have a solid connector to a programmer (just like Olimex STM32-H103). It's good for development. I think that the good reference for STM32F103 boards is: http://wiki.stm32duino.com/index.php?title=STM32F103_boards Among those, Maple Mini and Blue Pill are supported by Gnuk. Adding support for other boards is easy. Please note that you need a programmer to flash/debug a board. ST-Link/V2 (and its clone) is popular, but the firmware is proprietary. While I don't have experience with it, IBDAP-CMSIS-DAP JTAG/SWD debug adapter is good one which comes with all information (including its schematics, firmware, etc.): https://www.adafruit.com/product/2764 > I also was wondering if it is possible to port Gnuk to a device like a > Teensy. Technically speaking, it's possible. However, I won't call it "Gnuk", when it runs on something like Cortex-M4F. It has so many features which might kill the purpose of Gnuk to be smaller and less complexity. Here is some techinical discussion. For Cortex-M0+, I once tried (for FS-BB48), but I gave up, because it doesn't have a good multiplier. If you can wait longer (say, up to 1.2 second for EdDSA signing), it may be useful. For Cortex-M4F, I am porting Chopstx (the thread library) to STM32L432. I learned that its USB module is mostly same, and it works now. I have a USB driver for Freescale (now NXP) for MKL27Z. Thus, I think that porting Chopstx to MK* chip with Cortex-M4F is feasible (I guess, not that hard). Then, when you will support random number generation and flash ROM routines, Gnuk can run on that chip. -- From ml at mareichelt.com Tue Apr 30 17:45:20 2019 From: ml at mareichelt.com (Markus Reichelt) Date: Tue, 30 Apr 2019 17:45:20 +0200 Subject: Gnuk Extractor Message-ID: <20190430154520.GC2295@pc21.mareichelt.com> Hi, today I found out about Gnuk Extractor: https://github.com/rot42/gnuk-extractor Quoting the site: "This tool can extract the PGP secret keys from the dumped firmware of a Gnuk token. It was tested on a Nitrokey Start and on a Gnuk Token made from a $2 ST-LINK/V2 clone." Sadly, I keep getting sidetracked and have to postpone my plans to play a bit with my collection of st-link/v2 devices ... hm, maybe in June (this year? busy times...) -- left blank, right bald From gary at mups.co.uk Tue Apr 30 20:45:53 2019 From: gary at mups.co.uk (Gary) Date: Tue, 30 Apr 2019 19:45:53 +0100 Subject: Gnuk Extractor In-Reply-To: <20190430154520.GC2295@pc21.mareichelt.com> References: <20190430154520.GC2295@pc21.mareichelt.com> Message-ID: On 30/04/2019 16:45, Markus Reichelt wrote: > Hi, > > today I found out about Gnuk Extractor: > > https://github.com/rot42/gnuk-extractor > > Quoting the site: "This tool can extract the PGP secret keys from the > dumped firmware of a Gnuk token. It was tested on a Nitrokey Start > and on a Gnuk Token made from a $2 ST-LINK/V2 clone." > This relies on your flash not being locked after uploading firmware/keys. If you lock the device using "stm32flx lock 0" via an openocd telnet session, this should no longer be possible. Alternatively see the "Lock flash ROM" section of https://www.gniibe.org/memo/development/gnuk/gnuk-installation-to-stm32-part-of-stm8s-discovery-kit.html Regards, Gary From ml at mareichelt.com Tue Apr 30 23:22:58 2019 From: ml at mareichelt.com (Markus Reichelt) Date: Tue, 30 Apr 2019 23:22:58 +0200 Subject: Gnuk Extractor In-Reply-To: References: <20190430154520.GC2295@pc21.mareichelt.com> Message-ID: <20190430212258.GD2295@pc21.mareichelt.com> * Gary wrote: > This relies on your flash not being locked after uploading > firmware/keys. Yeah... I know, thank you. That's been both mentioned in the linked text and in here/on Gnuk's website already, as you neatly shared also. It was just some FYI mail on my part; You know, I again fell prey to some kinky pic of neatly soldered ... wires. Yes, I like wires [.] It all just flashed backwards from that point on. -- left blank, right bald