Google company the OpenSK platform, which allows you to create firmware for cryptographic tokens that fully comply with the standards ΠΈ . Tokens prepared using OpenSK can be used as authenticators for primary and two-factor authentication, as well as to confirm the user's physical presence. The project is written in Rust and licensed under Apache 2.0.
OpenSK allows you to create your own token for two-factor authentication on websites, which, unlike ready-made solutions produced by manufacturers such as Yubico, Feitian, Thetis and Kensington, is built on a completely open firmware that is available for expansion and auditing. OpenSK is positioned as a research platform that token producers and enthusiasts can use to develop new features and promote tokens to the masses. The OpenSK code was originally developed as an application for and tested on Nordic nRF52840-DK and Nordic nRF52840-dongle boards.
Besides software project layouts for printing on a 3D printer of a USB key fob housing based on a popular chip , including an ARM Cortex-M4 microcontroller and a crypto accelerator
ARM TrustZone Cryptocell 310. Nordic nRF52840 is the first reference platform for OpenSK. OpenSK provides support for the ARM CryptoCell crypto accelerator and all modes of transport provided by the chip, including USB, NFC and Bluetooth Low Energy. In addition to using the crypto accelerator in OpenSK, separate implementations of the ECDSA, ECC secp256r1, HMAC-SHA256 and AES256 algorithms written in Rust have also been prepared.
It should be noted that OpenSK is not the first open implementation of firmware for tokens with FIDO2 and U2F support, similar firmware is being developed by open projects ΠΈ . Compared to the mentioned projects, OpenSK is not written in C, but in Rust, which avoids many vulnerabilities that arise due to low-level memory handling, such as accessing a memory area after it has been freed, dereferencing null pointers, and buffer overruns.
The proposed firmware for installation is based on ,
operating system for microcontrollers based on Cortex-M and RISC-V, which provides sandbox isolation of the kernel, drivers and applications. OpenSK is packaged as an applet for TockOS. In addition to OpenSK, Google also prepared for TockOS optimized for Flash drives (NVMC) and set . The kernel and drivers in TockOS, like OpenSK, are written in Rust.
Source: opennet.ru