• Today's news
  • Simon Josefsson kindly wrote this article: https://blog.josefsson.org/2019/03/21/installing-gnuk-on-fst-01g-running-neug/

With gcc-9 in Debian experimental, everything goes well.
Yes, the use of pragma is questionable, but let's see.

Today's topic from me:

• Shall we release new Poldi version, this year? The last official release is long ago. When we will, I want to remove the feature of authentication with X509 certificate using dirmngr. It may include network access for local authentication, which is questionable (for me).

Last week:

• Most time spent for internal office work for tax (2018).
• ECC fingerprint bug for 384-bit:
  • Avoid using AES192 (even if RFC-6637 says it SHOULD)
  • Fix scdaemon side
• TTXS
  • learn (again) CCID protocol
  • selecting minimum feature set
    • TPDU only, assuming smartcard is modern enough, only +3V3, etc.
    • if more features are needed, adding later
• Asked about Poldi <-- Debian user

This week:

• Poldi thing (reply to a bug report to Debian user)
• libgcrypt X25519 API
• TTXS

• Yubikey test version arrived, but it seems they are sending another because of last-minute-bug
• Last week
  • T4377: gpg-agent does not anymore restart a killed scdaemon: Sorry for trouble
  • TTXS plan
    • I think clear cut for works under g10code and works under Purism is required
      • simpler TPDU CCID reader -> TTXS (test against Gnuk test suite and OpenPGP card V3.3)
      • TTXS port to STM32L (even if USB is not used by Purism): Possibly Partly supported by Purism
      • I can work for CCID on serial communication and its support on host by GnuPG
      • Purism should do their work for UART support for pcscd and test with their hardware (including SIM cards)
  • Testing Scute
  • some minor build patches
• This week
  • Office work for tax procedure
  • Learn about CCID implementation for TTXS
  • Watch Debian release process

That's my badness. In wait_child_thread, assuan_release may cause thread context switch to agent_reset_scd which accesses scd_local_list; This access should be serialized.
And... in start_scd, calling unlock_scd should be after unlocking start_scd_lock.

• Last week:
  • libgcrypt: T4274: Fail selftests when checksum file is missing in FIPS mode only
  • dirmngr: T4367: gnupg fails to build with gcc9
    • Removing questionable use of compound literals.
  • libksba: T4104: gpgsm/ksba removes leading zeros from signature byte array
    • BER/DER encoding INTEGER has zero prefix, but PKCS#1 is fixed length octets.
    • For ECDSA, we use INTEGER, thus we need zero prefix in libksba
    • In gpg-agent, we should use the format of libgcrypt for smartcard
  • smartcard reader project: https://www.gniibe.org/memo/development/ttxs/ttxs-hardware.html
  • Chopstx 1.2.14

We also need to fix for encryption and signature in CSR.

Fixed in master, by removing use of compound literals. Compound literals are not portable feature (even for C99 code), so, it's good to avoid when we can.
Still dns.c uses C99 features of struct initializer with name.

• Today's topic: libdns T4367: gnupg fails to build with gcc9:
  • Two things for portability
    • C99 feature of struct/union initializer specifying member
    • (non portable, even with C99) compound literals as static constant, example is: &(struct timespec){ 0, 0 }
  • In my opinion, the former would be OK to keep, but latter is better to be removed
  • If agreed, I'd like to remove this
  • a reference: https://stackoverflow.com/questions/31863490/static-struct-initialization-in-c99
• Last week:
  • Fixed
    • T2011: gnupg should notify cancellation of its operation to gpg-agent to kill pinentry
      • by spawning a thread watching socket (of gpg<->gpg-agent) when GETPIN is requested to pinentry

Thanks, applied to GnuPG 2.2, master, and libgpg-error.

Fixed in master.

Thanks for your report.
I think that your patch is too generous to run HMAC even if fips_mode is not enabled; Simply, we can stop calling integrity check when fips_mode is not active.

I use BBG-SWD (my own tool to flash MCU) for transparency of the process. It's up to you to choice a tool for initial flashing.
Just in case, here are resources to be reproducible.

Original issue (of pinentry-curses, which should be killed by CTRL-C) is related to T2011: gnupg should notify cancellation of its operation to gpg-agent to kill pinentry, I suppose. It is fixed in master and testing.
I don't know about the second one with pinentry-tty.

Fixed in master.

Gnuk implements the feature, and newer GnuPG shows a dialog to request pushing the ack button.

Your problem is apparently not an issue of upstream development of GnuPG; It is your setup script (agent.sh?) which specifies /dev/shm/SOMETHING.
Standard GnuPG never does that. We have no idea about use of /dev/shm/SOMETHING.

Last week:

• Review Damien's change, applied (not yet finished): libksba & gpg
• My notebook computer (Chromebook) is being broken (keyboard).

Some of my terminology: I call "case", "shell", and "board".

Final fix was rG380bce13d94f: agent: Use clock or clock_gettime for calibration., with clock.
Closing this patch.

The metal case, I bought from here (it's expensive CNY3.00, for individuals): https://item.taobao.com/item.htm?id=550180089286

For prototype, I used:

• ZL-272 (without slits): https://detail.1688.com/offer/566273410945.html
• ZL-271, the metal shell: https://detail.1688.com/offer/566197153418.html

• Repository for PCB design: https://git.gniibe.org/gitweb/?p=gnuk/fst-01.git;a=summary
  • tag: release/3.01 is the latest for the design itself, but last commit 8ee4e0d53a73993e42d1c2ccc12b08757338f4b1 added data sheet for connector.
    • • The particular data sheet is for a variant of connector with slits.
    • in the output directory, I put additional information as well as the gerber output: https://git.gniibe.org/gitweb/?p=gnuk/fst-01.git;a=tree;f=output;h=f7fe9d884185d6c82221d95e47bd9ec76983da39;hb=HEAD
    • In output/README.txt, there are information for procurement for the GD32F103 chip and ZL-272 connector.
    • But those are the ones I specified, and the actual vendors/distributors are different
    • For ZL-272 with slits, it seems that it's DongGuan Yuliang Electronics Co., Limited (http://www.dgyuliang.net) which provides the connector
• The test plan I specified is: https://www.gniibe.org/memo/development/fst-01/fst-01sz-testplan.html

Last week:

• GnuPG 2.2: applied patches (minimum) from master. Update ja.po
  • for 2.2.13
  • Debian freeze (soft freeze will be tomorrow!)

I tried to express no attendance of telco today, but it seems that the event itself is canceled?, sorry.
I will join Godot conference today. I don't think there is quiet space.

• Last week
  • FOSDEM
    • I will share info about the metal shell
    • I will make sure to share all other info of FST-01SZ
    • I will do CCID firmware, which should include
      • Chopstx port to Cortex-M4
      • USB driver for STM32L4xx
• This week
  • Backport some important changes to 2.2 for the release
  • Chinese New Year

Topics:

• FST-01SZ: bare version (board+metal enclosure) now available. In addition, I have samples for case.