Google OpenSK nsanja, yomwe imakulolani kuti mupange firmware ya zizindikiro za cryptographic zomwe zimagwirizana kwathunthu ndi miyezo ΠΈ . Zizindikiro zokonzedwa pogwiritsa ntchito OpenSK zitha kugwiritsidwa ntchito ngati zotsimikizira zoyambira ndi ziwiri, komanso kutsimikizira kupezeka kwa wogwiritsa ntchito. Ntchitoyi inalembedwa mu Rust ndi zololedwa pansi pa Apache 2.0.
OpenSK imapangitsa kuti mupange chizindikiro chanu chotsimikizika chazinthu ziwiri pamasamba, omwe, mosiyana ndi mayankho okonzeka opangidwa ndi opanga monga Yubico, Feitian, Thetis ndi Kensington, amamangidwa pa firmware yotseguka kwathunthu, yomwe ikupezeka kuti ionjezere ndikuwunika. OpenSK ili ngati nsanja yofufuzira yomwe opanga ma tokeni ndi okonda angagwiritse ntchito kupanga zatsopano ndikulimbikitsa ma tokeni kwa anthu ambiri. Khodi ya OpenSK idapangidwa koyambirira ngati ntchito ya ndikuyesedwa pama board a Nordic nRF52840-DK ndi Nordic nRF52840-dongle.
Kuwonjezera pa ntchito ya mapulogalamu masanjidwe osindikizira pa chosindikizira cha 3D makina a USB key fob potengera chip chodziwika , kuphatikizapo ARM Cortex-M4 microcontroller ndi crypto accelerator
ARM TrustZone Cryptocell 310. Nordic nRF52840 ndiye nsanja yoyamba yofotokozera za OpenSK. OpenSK imapereka chithandizo cha ARM CryptoCell crypto accelerator ndi mitundu yonse yamayendedwe yoperekedwa ndi chip, kuphatikiza USB, NFC ndi Bluetooth Low Energy. Kuphatikiza pa kugwiritsa ntchito crypto accelerator, OpenSK yakonzekeranso kukhazikitsa kosiyana kwa ECDSA, ECC secp256r1, HMAC-SHA256 ndi ma algorithms a AES256 olembedwa ku Rust.
Zindikirani kuti OpenSK siwoyamba kukhazikitsa firmware kwa zizindikiro zothandizidwa ndi FIDO2 ndi U2F; firmware yofananira ikupangidwa ndi ntchito zotseguka. ΠΈ . Poyerekeza ndi mapulojekiti omwe atchulidwa, OpenSK sinalembedwe mu C, koma ku Rust, yomwe imapewa zovuta zambiri zomwe zimachokera ku kukumbukira kukumbukira kwapansi, monga kupeza kukumbukira kwaulere, kuchotsedwa kwa null pointer, ndi buffer overruns.
Firmware yomwe ikufuna kukhazikitsa idakhazikitsidwa ,
makina ogwiritsira ntchito ma microcontrollers otengera Cortex-M ndi RISC-V, opereka sandbox kudzipatula kwa kernel, madalaivala ndi mapulogalamu. OpenSK idapangidwa ngati pulogalamu ya TockOS. Kuphatikiza pa OpenSK, Google yakonzekeranso TockOS yokongoletsedwa ndi Flash drives (NVMC) ndi set . Ma kernel ndi oyendetsa mu TockOS, monga OpenSK, amalembedwa ku Rust.
Source: opennet.ru