From gniibe at fsij.org  Thu Aug  8 03:23:47 2024
From: gniibe at fsij.org (NIIBE Yutaka)
Date: Thu, 08 Aug 2024 10:23:47 +0900
Subject: Gnuk Mirae and Reproducible Procurement
Message-ID: <87r0azkdss.fsf@akagi.fsij.org>

Hello,

I had a talk at Debconf24 in Busan, and I did valuable conversations
with our token users (not only Gnuk, but also other ones, including
proprietary Yubikey).  From ShenZhen friend, I got one token
implementation, named CanoKeys.  The website seems:
https://www.canokeys.org/

Debconf24's main venue was "Mirae" building.  Mirae means future.  So, I
named the next version of Gnuk as "Mirae".

After some discussions in Busan, my major idea for Gnuk Mirae is:

- minimize the implementation, to be bare crypto operations 
- moving code from the implementation on device side to host side

			*	*	*

I started Gnuk Mirae development with CH32V203 MCU.

Major social/technical difficulty for this stage would be "reproducible"
procurement for development environment.  If you have a good Chinese
contact, no problem.  However, using AliExpress/Taobao/etc. is a bit
difficult for foreign person.  At least for me, buying some parts/boards
is not always reproducible.

Thus, today, I'd like to share information for procurement.  I'm not
sure if it's effective for you, but it can give you some hints.


(1) The development board

aliexpress.com:
    CH32V203G8R6-EVT-R0

    WCH Official Store
	2Pcs/Lot CH32V203 Evaluation Board low-power consumption
	small-medium capacity

This is a board with CH32V203G8R6 MCU.

CH32V203C8T6-EVT-R0 is also good.  I selected CH32V203G8R6 for now,
considering the possible my own handsoldering of the chip (It's easier
when it has less pins.  TSOP is a bit easier than QFP).


(2) The debugger

aliexpress.com:
    WCH LinkE

    CNEWTEC Electronics Store
	WCH LinkE Online Download Debugger Support WCH RISC-V
        Architecture MCU/SWD Interface ARM Chip 1 Serial Port to USB Channel

This is a clone of WCH LinkE.  WCH LinkE mini (another clone) would also
work well (I don't use that yet).  I selected the clone, because
official ones are tend to change (to be newer versions of firmware).
YMMV.


(3) Jumper wires

mouser.com:
    SchmartBoard
	Jumper Wires
        920-0112-50

This is reproducible.  I use these juper wires to connect the board
to the debugger.  I also use them to connect LEDs on the board to
GPIO pins.
-- 


From simon at josefsson.org  Thu Aug  8 06:23:12 2024
From: simon at josefsson.org (Simon Josefsson)
Date: Thu, 8 Aug 2024 07:23:12 +0300
Subject: Gnuk Mirae and Reproducible Procurement
In-Reply-To: <87r0azkdss.fsf@akagi.fsij.org>
References: <87r0azkdss.fsf@akagi.fsij.org>
Message-ID: <9E4183E8-A3C0-4232-80D6-2760914AFF9F@josefsson.org>

Hi

Thanks for your presentations!  I like the minimal approach - did you look at the Tillitis key?

https://tillitis.se/

They take an even more minimal approach and doesn?t even have on board storage.

A minimal approach (no CCID, less PGP) seems like a good idea. The tillitis key only has a ed25519 signer, nothing more. I think that is a good interface but I think storage is important - so you can store PGP-related stuff, for some glue code on the host. I also dislike how it is impossible to use your own private key with tillitis, this is an important use-case for trust reasons. Ed25519 is easily compromisable (nonce gen) for hardware-bound private keys.  A pure ed25519 interface also make supporting non-PGP simple, assuming it supports ed25519.

However, I have a question: would you consider including some relative performant target board as well?  Something that could do Classic McEliece or SPHINCS+ without significant effort?  Just add some of the reference code and it would fit without storage issues. Could even be a raspberry pi zero or similar.

/Simon

> 8 aug. 2024 kl. 04:24 skrev NIIBE Yutaka <gniibe at fsij.org>:
> 
> ?Hello,
> 
> I had a talk at Debconf24 in Busan, and I did valuable conversations
> with our token users (not only Gnuk, but also other ones, including
> proprietary Yubikey).  From ShenZhen friend, I got one token
> implementation, named CanoKeys.  The website seems:
> https://www.canokeys.org/
> 
> Debconf24's main venue was "Mirae" building.  Mirae means future.  So, I
> named the next version of Gnuk as "Mirae".
> 
> After some discussions in Busan, my major idea for Gnuk Mirae is:
> 
> - minimize the implementation, to be bare crypto operations
> - moving code from the implementation on device side to host side
> 
>            *    *    *
> 
> I started Gnuk Mirae development with CH32V203 MCU.
> 
> Major social/technical difficulty for this stage would be "reproducible"
> procurement for development environment.  If you have a good Chinese
> contact, no problem.  However, using AliExpress/Taobao/etc. is a bit
> difficult for foreign person.  At least for me, buying some parts/boards
> is not always reproducible.
> 
> Thus, today, I'd like to share information for procurement.  I'm not
> sure if it's effective for you, but it can give you some hints.
> 
> 
> (1) The development board
> 
> aliexpress.com:
>    CH32V203G8R6-EVT-R0
> 
>    WCH Official Store
>    2Pcs/Lot CH32V203 Evaluation Board low-power consumption
>    small-medium capacity
> 
> This is a board with CH32V203G8R6 MCU.
> 
> CH32V203C8T6-EVT-R0 is also good.  I selected CH32V203G8R6 for now,
> considering the possible my own handsoldering of the chip (It's easier
> when it has less pins.  TSOP is a bit easier than QFP).
> 
> 
> (2) The debugger
> 
> aliexpress.com:
>    WCH LinkE
> 
>    CNEWTEC Electronics Store
>    WCH LinkE Online Download Debugger Support WCH RISC-V
>        Architecture MCU/SWD Interface ARM Chip 1 Serial Port to USB Channel
> 
> This is a clone of WCH LinkE.  WCH LinkE mini (another clone) would also
> work well (I don't use that yet).  I selected the clone, because
> official ones are tend to change (to be newer versions of firmware).
> YMMV.
> 
> 
> (3) Jumper wires
> 
> mouser.com:
>    SchmartBoard
>    Jumper Wires
>        920-0112-50
> 
> This is reproducible.  I use these juper wires to connect the board
> to the debugger.  I also use them to connect LEDs on the board to
> GPIO pins.
> --
> 
> _______________________________________________
> Gnuk-users mailing list
> Gnuk-users at gnupg.org
> https://lists.gnupg.org/mailman/listinfo/gnuk-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnuk-users/attachments/20240808/78dfbe47/attachment.html>

From gniibe at fsij.org  Mon Aug 19 08:21:22 2024
From: gniibe at fsij.org (NIIBE Yutaka)
Date: Mon, 19 Aug 2024 15:21:22 +0900
Subject: Gnuk Mirae and Reproducible Procurement
In-Reply-To: <9E4183E8-A3C0-4232-80D6-2760914AFF9F@josefsson.org>
References: <87r0azkdss.fsf@akagi.fsij.org>
 <9E4183E8-A3C0-4232-80D6-2760914AFF9F@josefsson.org>
Message-ID: <87wmkdnicd.fsf@akagi.fsij.org>

Simon Josefsson <simon at josefsson.org> wrote:
> https://tillitis.se/

Thanks for the reference.  I like the approach of using iCE40.  The
decision of no persistent storage would be great, indeed, there are
useful use cases, but it's not for my important use case (of having my
existing private keys on a device).  I don't know if hardware-assisted
address randomization and RAM scrambling make sense.

> However, I have a question: would you consider including some relative
> performant target board as well?  Something that could do Classic
> McEliece or SPHINCS+ without significant effort?  Just add some of the
> reference code and it would fit without storage issues. Could even be
> a raspberry pi zero or similar.

For WCH chips, there are variants with 64KiB SRAM running @144MHz.
Considering other possibilities, ESP32-C3 (400KiB SRAM, @160MHz) would
be a candidate.

For me, Raspberry Pi zero is out of scope.  As a system, it is complex
enough as a desktop computer.
-- 


From gniibe at fsij.org  Mon Aug 19 08:32:40 2024
From: gniibe at fsij.org (NIIBE Yutaka)
Date: Mon, 19 Aug 2024 15:32:40 +0900
Subject: Gnuk Mirae and Reproducible Procurement
In-Reply-To: <87r0azkdss.fsf@akagi.fsij.org>
References: <87r0azkdss.fsf@akagi.fsij.org>
Message-ID: <87ttfhnhtj.fsf@akagi.fsij.org>

Hello,

NIIBE Yutaka <gniibe at fsij.org> wrote:
> I started Gnuk Mirae development with CH32V203 MCU.

With the development board, USB serial experiment works for me.
(commit 183a9e13de341249e8d5cdca6a0a6dca0f2128c0 of chopstx,
wch branch)

I learned that when its core sleeps, USB peripheral cannot access SRAM
correctly, and results data of all 00 in transactions.  This results USB
enumeration failure randomly.  In some cases, it partially works,
depending on timing of host.

I observed the all 00 data in the signal, by Saleae Logic 16 clone using
Sigrok.  Well, I had to use the analyzer because I was not able to
imagine the cause.

So, in my experiment, I let it keep running, no sleep.

diff --git a/chopstx-riscv32.c b/chopstx-riscv32.c
index 4d6b225..284e57c 100644
--- a/chopstx-riscv32.c
+++ b/chopstx-riscv32.c
@@ -672,7 +672,7 @@ chx_init_arch (struct chx_thread *tp)
 	/* NOTE: I wonder if there is a race condition here.  */             \
 	/*       Interrupted before the wfi instruction, and  */             \
 	/*       entering wfi to wait an interrupt.           */             \
-	"wfi\n\t"                                                            \
+	"nop\n\t"                                                            \
 	/* INTERRUPT RETURNS here (even interrupted _before_ wfi).  */       \
 	/* And interrupt is masked and a0 is set.     */                     \
 	"beqz	a0,0b\n\t"      /* Just in case if not, loop.  */


With this change, now, it works. 
--