uphando Iqonga le-OpenSK, elikuvumela ukuba wenze i-firmware yeethokheni ze-cryptographic ezihambelana ngokupheleleyo nemigangatho ΠΈ . Amathokheni alungiselelwe usebenzisa i-OpenSK anokusetyenziswa njengabaqinisekisi beprayimari kunye nokuqinisekiswa kwezinto ezimbini, kunye nokuqinisekisa ubukho bomzimba bomsebenzisi. Iprojekthi ibhalwe kwiRust kunye ilayisenisi phantsi kweApache 2.0.
I-OpenSK yenza kube lula ukwenza ithokheni yakho yokuqinisekiswa kwezinto ezimbini kwiisayithi, ezo, ngokungafaniyo nezisombululo ezilungiselelwe eziveliswe ngabavelisi abafana neYubico, Feitian, Thetis kunye neKensington, yakhiwe kwi-firmware evulekile ngokupheleleyo, ekhoyo yokwandiswa kunye nophicotho. I-OpenSK ibekwe njengeqonga lophando apho abavelisi beempawu kunye nabanomdla banokusebenzisa ukuphuhlisa iimpawu ezintsha kunye nokukhuthaza amathokheni kubantu abaninzi. Ikhowudi ye-OpenSK yaphuhliswa ekuqaleni njengesicelo kwaye ivavanywe kwiibhodi zeNordic nRF52840-DK kunye neNordic nRF52840-dongle.
Ukongeza kwiprojekthi yesoftware Uyilo loshicilelo kumshicileli we-3D isitshixo se-USB sefob yendlu esekwe kwitshiphu edumileyo , kuquka i-ARM Cortex-M4 microcontroller kunye ne-crypto accelerator
I-ARM TrustZone Cryptocell 310. I-Nordic nRF52840 liqonga lokuqala lereferensi ye-OpenSK. I-OpenSK inikezela ngenkxaso ye-ARM CryptoCell crypto accelerator kunye nazo zonke iintlobo zothutho ezibonelelwa yi-chip, kuquka i-USB, i-NFC kunye neBluetooth Low Energy. Ukongeza ekusebenziseni i-crypto accelerator, i-OpenSK iye yalungiselela ukuphunyezwa okwahlukileyo kwe-ECDSA, i-ECC secp256r1, i-HMAC-SHA256 kunye ne-AES256 algorithms ebhalwe kwi-Rust.
Kufuneka kuqatshelwe ukuba i-OpenSK ayisiyiyo yokuqala evulekileyo yokuphunyezwa kwe-firmware yeethokheni ngenkxaso ye-FIDO2 kunye ne-U2F; i-firmware efanayo iphuhliswa ngeeprojekthi ezivulekileyo. ΠΈ . Xa kuthelekiswa neeprojekthi ezikhankanyiweyo, i-OpenSK ayibhalwanga kwi-C, kodwa kwi-Rust, ethintela ubuthathaka obuninzi obuvela kwimemori yezinga eliphantsi lokuphatha, njengokufikelela kwimemori yasemva kwe-free, i-null pointer dereferences, kunye ne-buffer overruns.
I-firmware ecetywayo yokuhlohla isekelwe ,
inkqubo yokusebenza ye-microcontrollers esekelwe kwi-Cortex-M kunye ne-RISC-V, ukubonelela nge-sandbox yodwa ye-kernel, abaqhubi kunye nezicelo. I-OpenSK iyilwe njengeapplet yeTockOS. Ukongeza kwi-OpenSK, uGoogle ukwalungiselele iTockOS elungiselelwe iFlash drives (NVMC) kwaye usete . I-kernel kunye nabaqhubi kwi-TockOS, njenge-OpenSK, zibhalwe kwi-Rust.
umthombo: opennet.ru