This is a proof of concept to get RSA key generation and SSH user authentication working on the Tkey.
RSA signer is running on a baremetal RISC-V 32 bit processor.
For more information about the Tkey, see https://tillitis.se/
Install https://github.com/riscv-collab/riscv-gnu-toolchain preferable to the path /opt/riscv
First, we need to set the correct compiliation flags:
- Set CC=clang
- Set CFLAGS as following: CFLAGS=-target riscv32-unknown-none-elf -march=rv32iczmmul -mabi=ilp32 -mcmodel=medany -static -std=gnu99 -O2 -ffast-math -fno-common -fno-builtin-printf -fno-builtin-putchar -nostdlib -mno-relax -flto -g -Wall -Werror=implicit-function-declaration -I../../../tkey-libs/include -I/opt/riscv/riscv32-unknown-elf/include
In the folder mbedtls do:
- make clean && make -j$nproc
- then do cd .. to go back to RSA-signer
- Do make clean && make
- copy the singer/app.bin to the rsa-tkey-ssh-agent
- Key length is set to 2048 bits and is not configurable (for now at least)
- SHA512 is used and is not configurable
- Update the protocol to send the data sizes before sending the data
- Make hash algorithm and key sizes configurable.
This project is based on Mbed-TLS (https://github.com/Mbed-TLS/mbedtls) and https://github.com/tillitis/tkey-device-signer. This repo is licensed to "GNU General Public License v2.0 only".