Help with new board Blue Pill Plus with gnuk

Thu Feb 20 07:20:41 CET 2025

Hello,

Thank you for your testing.

Frédéric SUEL <frederic.suel at free.fr> wrote:
> I tried to configure the board first with secp256k1 then with Curve 448 
> and :
>
> -- i can select both algorithms, and the result with the list command is ok
>
> - but, i can't generate keys with secp256k1, i get "Échec de génération 
> de la clef : Conditions d'utilisation non satisfaites" : fail to 
> generate key : used conditions not satisfied

This error may mean, you didn't configure KDF-DO, which is required for
Gnuk 2.2.  I wonder if it's the case.

> - but, i can't generate keys with Curve 448, i get "Échec de génération 
> de la clef : Erreur de carte" : fail to generate key : board error

Ah, Curve448 is not covered by the tests/ in Gnuk.

It seems there is bugs around its private key size.  Here is a fix (of today).
Not tested yet.

diff --git a/src/openpgp-do.c b/src/openpgp-do.c
index 2ad7853..2fc5aea 100644
--- a/src/openpgp-do.c
+++ b/src/openpgp-do.c
@@ -1340,7 +1340,7 @@ gpg_do_write_prvkey (enum kind_of_key kk, const uint8_t *key_data,
   else if (attr == ALGO_X448)
     {
       pubkey_len = prvkey_len;
-      if (prvkey_len != 56)
+      if (prvkey_len != 64)
 	return -1;
     }
   else
@@ -1583,14 +1583,15 @@ proc_key_import (const uint8_t *data, int len)
     }
   else if (attr == ALGO_X448)
     {
-      uint8_t priv[56];
+      uint8_t priv[64];
 
       if (len - 12 != 56)
 	return 0;		/* Error.  */
 
       memcpy (priv, data+12, 56);
+      memset (priv+56, 0, 64-56);
       ecdh_compute_public_x448 (pubkey, priv);
-      r = gpg_do_write_prvkey (kk, priv, 56, keystring_admin, pubkey);
+      r = gpg_do_write_prvkey (kk, priv, 64, keystring_admin, pubkey);
     }
 
   if (r < 0)
@@ -2287,7 +2288,7 @@ gpg_do_keygen (uint8_t *buf)
   enum kind_of_key kk = kkb_to_kk (kk_byte);
   int attr = gpg_get_algo_attr (kk);;
   int prvkey_len = gpg_get_algo_attr_key_size (kk, GPG_KEY_PRIVATE);
-  const uint8_t *prv;
+  uint8_t *prv;
   const uint8_t *rnd;
   int r = 0;
 #define p_q (&buf[3])
@@ -2359,6 +2360,8 @@ gpg_do_keygen (uint8_t *buf)
       random_bytes_free (rnd);
       prv = d;
       ed448_compute_public (pubkey, prv);
+      memset (prv+114, 0, 128-114);
+      prvkey_len = 128;
       pubkey[57] = 0;
     }
   else if (attr == ALGO_X448)
@@ -2369,6 +2372,8 @@ gpg_do_keygen (uint8_t *buf)
       rnd = random_bytes_get ();
       memcpy (d+32, rnd, 24);
       prv = d;
+      prvkey_len = 64;
+      memset (prv+56, 0, 64-56);
       ecdh_compute_public_x448 (pubkey, prv);
     }
   else
-- 

