<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p><font face="Noto Serif">Hello,</font></p>
<p><font face="Noto Serif">A lot of thanks for your work.</font></p>
<p><font face="Noto Serif">See my observations <i>infra</i>. I hope
it can help you.<br>
</font></p>
<p><font face="Noto Serif">Best regards<br>
</font></p>
<div class="moz-cite-prefix">Le 13/03/2025 à 19:52, Alexandre Esse a
écrit :<br>
</div>
<blockquote type="cite"
cite="mid:CALNP3k8Z3XOuWZm4HEYP4ZJkYnLDHFUz3KQJ7YSW13jsp5h1Zg@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div>Hello Frédéric,</div>
<div><br>
</div>
<div>Great, I didn't see you already did some integration
developments on this board, I just joined the mailing list and
didn't look extensively into the history. For now I only
pushed the chopstx part but indeed, gnuk itself should also be
updated.</div>
<div><br>
</div>
<div>I also have the <font face="Noto Serif">STM32F103CBT6
version of the board. (marked as v1.1 on the PCB: not sure
what it means: I opened an Issue on github and send an email
to WeAct support to get some info: </font><a
href="https://github.com/WeActStudio/BluePill-Plus/issues/19"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">https://github.com/WeActStudio/BluePill-Plus/issues/19</a><font
face="Noto Serif">)</font></div>
</div>
</blockquote>
<font face="Noto Serif">You can find the difference between V1.0 et
V1.1 here :
<a class="moz-txt-link-freetext" href="https://github.com/WeActStudio/WeActStudio.BluePill-Plus-CH32/tree/master/HDK">https://github.com/WeActStudio/WeActStudio.BluePill-Plus-CH32/tree/master/HDK</a>
It's for CH32 processor but the design of the boards are all the
same.</font><br>
<blockquote type="cite"
cite="mid:CALNP3k8Z3XOuWZm4HEYP4ZJkYnLDHFUz3KQJ7YSW13jsp5h1Zg@mail.gmail.com">
<div dir="ltr">
<div><font face="Noto Serif"><br>
</font></div>
<div><font face="Noto Serif">I have been testing both on the
1.2.20 branch and 2.2. But I guess I will stay on v2.2 for
the rest of my tests.</font></div>
<div><font face="Noto Serif"><br>
</font></div>
<div><font face="Noto Serif">Here are the remaining tweaks I did
on v2.2 (</font>de9652726b1ce52b21e939c6989dda0268b5c640)<font
face="Noto Serif"> of gnuk to make it work:</font></div>
<div><font face="Noto Serif"><br>
</font></div>
<div>diff --git a/src/configure b/src/configure<br>
index 1188a72..4ff7d1a 100755<br>
--- a/src/configure<br>
+++ b/src/configure<br>
@@ -130,6 +130,7 @@ Configuration:<br>
ST_NUCLEO_F103<br>
NITROKEY_START<br>
BLUE_PILL<br>
+ BLUE_PILL_PLUS<br>
STM8S_DISCOVERY<br>
CQ_STARM<br>
STM32_PRIMER2<br>
@@ -164,7 +165,7 @@ MEMORY_SIZE=20<br>
<br>
# Settings for TARGET<br>
case $target in<br>
-BLUE_PILL|STM8S_DISCOVERY)<br>
+BLUE_PILL|BLUE_PILL_PLUS|STM8S_DISCOVERY)<br>
# It's 64KB version of STM32F103, but actually has 128KB<br>
flash_override="-DSTM32F103_OVERRIDE_FLASH_SIZE_KB=128"<br>
;;<br>
</div>
<div><br>
</div>
</div>
</blockquote>
There is STM32F103C6T6 (64K) and CBT6 (128K), so i think your add
relative to : # setting to target, is not necessary for CBT6
processor which have 128K memory. That's why i suggested to have
multiple definition board to take care of different processor (arm
and riscv) and different amount of memory <br>
<blockquote type="cite"
cite="mid:CALNP3k8Z3XOuWZm4HEYP4ZJkYnLDHFUz3KQJ7YSW13jsp5h1Zg@mail.gmail.com">
<div dir="ltr">
<div>I haven't been testing "on-the-token" key generation. I
only transferred to it from a host PC. I always had <span
style="white-space:pre-wrap">KDF-DO activated.</span></div>
<div><span style="white-space:pre-wrap">
</span></div>
<div><span style="white-space:pre-wrap">The main issue I get is when I try to "reset" the token, it simply doesn't work but I haven't been investigating it.</span></div>
<div><span style="white-space:pre-wrap">
</span></div>
<div><span style="white-space:pre-wrap">Also some PIN management's actions seem </span><span
class="gmail-HwtZe" lang="en"><span class="gmail-jCAhz"><span
class="gmail-ryNqvb">shaky (but there is a possibility
that this is due to my lack of experience on gnuk tokens
too).</span></span></span></div>
<div><span style="white-space:pre-wrap">
</span></div>
<div><span style="white-space:pre-wrap">So for now, I tested the key with this kind of secret keys </span>I
get with 'gpg --list-secret-keys'<span
style="white-space:pre-wrap">:</span></div>
<div><span style="white-space:pre-wrap">
</span></div>
<div>sec> ed25519 2025-03-13 [SC]</div>
<div> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX</div>
<div> Card serial no. = FFFF 00000000<br>
uid [ultimate] Tmp Tmp <a class="moz-txt-link-rfc2396E" href="mailto:tmp@tmp.tmp"><tmp@tmp.tmp></a><br>
ssb> cv25519 2025-03-13 [E]<br>
ssb> ed25519 2025-03-13 [A]</div>
<div><span style="white-space:pre-wrap">
</span></div>
<div><span style="white-space:pre-wrap">I managed to sign, decrypt data and authenticate through ssh sessions with it.</span></div>
<div><span style="white-space:pre-wrap">
</span></div>
<div>PB2 as LED is working and PA0 as ACK button is also working
fine, I haven't seen any issue for these use-case in a week.</div>
</div>
</blockquote>
<p>About ack button, it is on PA0 and PA0 is used for it's ADC
function and entropy generation, so i think you have to modifiy <font
face="Noto Serif"> /gnuk/chopstx/contrib/adc-stm32ff103.c in
order to use an other pin for ADC than PA0</font></p>
<p><font face="Noto Serif">Entropy generation graph is explain on
Niibe site here :
<a class="moz-txt-link-freetext" href="https://www.gniibe.org/memo/development/gnuk/rng/neug.html">https://www.gniibe.org/memo/development/gnuk/rng/neug.html</a></font></p>
<p><font face="Noto Serif">You can see that PA0 and PA1 are used for
their ADC. It's also indicate for example in board-fst-01-00.h
file<br>
</font></p>
<p><font face="Noto Serif"> * PA0 - input with pull-up. AN0<br>
* PA1 - input with pull-up. AN1</font></p>
<p><font face="Noto Serif">For Blue-Pill-Plus, button is connect to
3.3V
(<a class="moz-txt-link-freetext" href="https://github.com/WeActStudio/BluePill-Plus/blob/master/HDK/BluePillPlus_V10_SchDoc.pdf">https://github.com/WeActStudio/BluePill-Plus/blob/master/HDK/BluePillPlus_V10_SchDoc.pdf</a>)
so i think you configure PA0 as input pull-down. I think all
this change can interfere with good entropy generation. I see
different cases of board in </font><font face="Noto Serif">/gnuk/chopstx/contrib/adc-stm32ff103.c
which seem to use different ADC pins but i don't really
understand how. It's for that, i didn't take care of ackbutton
to day.</font></p>
<p><font face="Noto Serif">---------------------------------------------------------------</font></p>
<p><font face="Noto Serif">In your board file, you indicate id board
: 0x49403d56. In mine, i indicate 0x1ba01477. I get this id with
stlink program as core id. Can your tell me how you get your
board id ?</font></p>
<p><font face="Noto Serif">Frédéric SUEL<br>
</font></p>
<blockquote type="cite"
cite="mid:CALNP3k8Z3XOuWZm4HEYP4ZJkYnLDHFUz3KQJ7YSW13jsp5h1Zg@mail.gmail.com">
<div dir="ltr">
<div><br>
</div>
<div>Regards,</div>
<div>Alexandre</div>
<div><br>
</div>
<div><br>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Fri, 7 Mar 2025 at 10:00,
Frédéric SUEL <<a href="mailto:frederic.suel@free.fr"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">frederic.suel@free.fr</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote"
style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<p><font face="Noto Serif">Ref : Post on the gnuk list :
Frédéric SUEL frederic.suel at <a href="http://free.fr"
target="_blank" moz-do-not-send="true">free.fr</a> Mon
Feb 17 11:13:25 CET 2025<br>
</font></p>
<p><font face="Noto Serif">Hi,</font></p>
<p><font face="Noto Serif">Thank you for your interest for
this board.</font></p>
<p><font face="Noto Serif">When i asked help about this
board, i proposed a file board-blue-pill-plus-cb.h
because this board exist with 4 arm processor and two
riscv processors. I indicated cd because there is
STM32F103C8T6 (64k) and CBT6 (128k). To take care of
64K version, you have to add code in
/gnuk/src/.configure. (see my post)<br>
</font></p>
<p><font face="Noto Serif">For my blue-pilll-board
stm32F103CB, i have #define BOARD_ID 0x1ba01477 </font><font
face="Noto Serif">(see my post). Perhaps your board is a
STM32F103C6T6 board, i don't know why IDs are different<br>
</font></p>
<p><font face="Noto Serif">For instance, i doesn't take care
of ackbutton because there is a supplementary problem as
PA0 is used for it's ADC and for entropy generation. I
think you have to modify
/gnuk/chopstx/contrib/adc-stm32ff103.c but i doesn't
know how.</font></p>
<p><font face="Noto Serif">----<br>
</font></p>
<p><font face="Noto Serif">So i just created
/gnuk/board/board-blue-pill-plus-cb.h, modified
/gnuk/src/.configure to add definition of
BLUE-PILL-PLLUS-CB and</font><i><b> </b></i>chopstx/mcu/sys-stm31f103.h
for my first tests and doesn't take care of ackbutton on
PA0<br>
</p>
<p>I get : <br>
</p>
<p>-- works fine with curve25519 : generation on the board
and import on the board.</p>
<p>-- impossibility to generate <span
style="white-space:pre-wrap">secp256k1 on the board even with KDF-DO activate as Niibe suggested </span>(msg
: used conditions not satisfied)</p>
<p>-- impossibility to generate X448 on the board even with
Niibe patch (msg : board error)</p>
<p>-- impossibility to import X448 on the board. It seems to
work but only encrypt key is on the board and works. The
other keys are marked as # . I get with gpg
--list-secret-keys</p>
<p>sec# ed448/0xAA988F88C70C3DEE 2025-02-23 [SC] [expire :
2075-02-11]</p>
<p>Empreinte de la clef = AA988 F88C7 0C3DE E74BE DFF48
D127D 4BA4E CAEB3 685B3 575E7</p>
<p>uid [ ultime ] tmp</p>
<p>ssb> cv448/0x406CC6562774BC84 2025-02-23 [E]
[expire : 2075-02-11]</p>
<p>ssb# ed448/0x02BB1F8E7A2B268A 2025-02-23 [A] [expire :
2075-02-11]</p>
<p>----</p>
<p>Can you precise what's work with your board ?<br>
</p>
<p><span style="white-space:pre-wrap">Best regards
</span></p>
<p> </p>
<p><font face="Noto Serif"><br>
</font></p>
<p><font face="Noto Serif"><br>
</font></p>
<div>Le 06/03/2025 à 23:47, Alexandre Esse a écrit :<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>Hello,</div>
<div><br>
</div>
<div>Here is a short message to notify the mailing list
that I proposed a merge request on chopstx: <a
href="https://salsa.debian.org/gnuk-team/chopstx/chopstx/-/merge_requests/1"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">https://salsa.debian.org/gnuk-team/chopstx/chopstx/-/merge_requests/1</a></div>
<div><br>
</div>
<div>This is the first step to add gnuk support for <a
href="https://github.com/WeActStudio/BluePill-Plus/"
target="_blank" moz-do-not-send="true">Blue Pill
Plus boards</a>.</div>
<div><br>
</div>
<div>Not sure if this is the way to contribute: looking
forward to your feedback.</div>
<div><br>
</div>
<div>Regards,</div>
<div>Alexandre</div>
</div>
<br>
<fieldset></fieldset>
<pre>_______________________________________________
Gnuk-users mailing list
<a href="mailto:Gnuk-users@gnupg.org" target="_blank"
moz-do-not-send="true" class="moz-txt-link-freetext">Gnuk-users@gnupg.org</a>
<a href="https://lists.gnupg.org/mailman/listinfo/gnuk-users"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">https://lists.gnupg.org/mailman/listinfo/gnuk-users</a>
</pre>
</blockquote>
</div>
</blockquote>
</div>
</blockquote>
<div id="grammalecte_menu_main_button_shadow_host"
style="width: 0px; height: 0px;"></div>
</body>
</html>