kmwebnet/OpenSK
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,206 Commits 4 Branches 2 Tags
078e565ac1e417c4469b838ca9c677034e610e41
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
hcyang 078e565ac1 Add basic setup for multi-PIN (#530) 
* Add basic setup for multi-PIN

- Reserve the storage keys for maximum of 8 user slots.
- Modify the storage functions to take a slot_id parameter.
- Add the slot_count() customization.
- Assume slot_id as a parameter when needed except these places:
  - Entrance functions of command processing that directly takes the
    command parameter structure. slot_id is set as 0, and will be
    parsed from the parameters when we enable the feature.
  - MakeCredential/GetAssertion/AuthenticatorConfig will take the
    slot_id from active token state when we enable the feature,
    resulting in an `Option<usize>`. Below code will act on the option
    value correctly. When the feature isn't enabled, we're always
    referring to the only PIN slot so set slot_id as Some(0).
  - GetInfo returns verdict of whether PIN is supported and enabled, and
    whether PIN needs to be forced changed. There will be new fields to
    represent those values when the feature is enabled, and the old
    fields will not be populated. So when the feature isn't enabled, we
    can treat slot_id as 0.

Not covered in this commit:
- Unittests for other slots. The existing tests all pass and I plan to
  add unittests for multi-slot case after the codebase allows enabling
  the feature.
- Persisting and checking the slot_id in credentials. This is planned to
  come in the next commit.

* Fix storage and some other style

* Add support for concatenated values

* Switch some storage entries back to multi-entry

* Set bumpalo version for fuzzing (#532)

* maximum working bumpalo version

* explicit comment to explain version locking

* removes incorrect comment

* moves serde version lock to dev dependencies

* removes serde dependencies

* reverts serde removal in crypto library

* Make PIN_PROPERTIES use concatenated storage entry

* Fix bumpalo issue

* Use concatenated storage entry for force_pin_change too

* Fix cargofmt

Co-authored-by: Julien Cretin <cretin@google.com>
Co-authored-by: kaczmarczyck <43844792+kaczmarczyck@users.noreply.github.com>
2022-08-23 23:01:13 +08:00
.github
uses latest in workflows (#528)
2022-08-15 10:44:05 +02:00
boards/nordic
Create a 2nd USB interface for the Vendor HID (#472)
2022-05-03 10:35:35 +02:00
bootloader
enforces Module imports granularity (#445)
2022-03-14 20:44:48 +01:00
docs
Vendor HID for upgrades (#529)
2022-08-17 10:29:26 +02:00
examples
Allow read_slice to return a Vec
2022-06-03 11:16:43 +02:00
fuzz
Add basic setup for multi-PIN (#530)
2022-08-23 23:01:13 +08:00
libraries
Add basic setup for multi-PIN (#530)
2022-08-23 23:01:13 +08:00
maintainers
Also restore index for check
2022-06-22 11:26:02 +02:00
metadata
Fix indentation
2020-11-23 20:33:01 +01:00
patches
Interleave sending and receiving of packets to reduce rx latency (#515)
2022-08-04 14:54:22 +02:00
reproducible
Changed reproducible
2020-10-09 15:15:22 +00:00
rules.d
Initial commit
2020-01-30 11:47:29 +01:00
src
Add basic setup for multi-PIN (#530)
2022-08-23 23:01:13 +08:00
third_party
Connect Vendor HID interface between USB driver and CTAP app (#490)
2022-06-20 07:31:31 +02:00
tools
Vendor HID for upgrades (#529)
2022-08-17 10:29:26 +02:00
.gitignore
Add some fuzz subdirs to gitignore
2022-03-22 18:20:42 +08:00
.gitmodules
Ignore dirty submodules
2020-11-30 08:46:02 -08:00
.markdownlint.json
Initial commit
2020-01-30 11:47:29 +01:00
.pylintrc
Fix pylint configuration, script and matcher (#491)
2022-06-07 20:39:22 +02:00
build.rs
enforces Module imports granularity (#445)
2022-03-14 20:44:48 +01:00
Cargo.toml
Add basic setup for multi-PIN (#530)
2022-08-23 23:01:13 +08:00
deploy.py
Add configure-only mode to deploy.py script (#471)
2022-08-09 08:12:37 +02:00
fuzzing_setup.sh
roll back fuzzing install script, documentation instead (#439)
2022-03-08 03:09:48 +01:00
layout.ld
Bump Tock kernel version (#374)
2021-09-10 08:32:34 +02:00
LICENSE
Initial commit
2020-01-30 11:47:29 +01:00
nrf52840_layout_a.ld
New boards with layouts for dual partition setups (#387)
2021-10-06 18:33:40 +02:00
nrf52840_layout_b.ld
New boards with layouts for dual partition setups (#387)
2021-10-06 18:33:40 +02:00
nrf52840_layout.ld
Merge branch 'master' into no_wfr
2020-04-30 16:18:41 +02:00
OpenSK.code-workspace
Use a vscode workspace instead of local settings.
2020-12-10 10:02:48 +01:00
README.md
fix broken link (#412)
2021-11-19 13:10:16 +01:00
reset.sh
Install elf2tab in its own directory.
2020-09-29 12:56:21 +02:00
run_desktop_tests.sh
Fix ctap1 clippy warning (#517)
2022-07-22 13:23:29 +08:00
rust-toolchain
Update rust-toolchain to be a symlink to third_party/libtock-rs/rust-toolchain.
2020-08-07 15:09:07 +02:00
rustfmt.toml
enforces Module imports granularity (#445)
2022-03-14 20:44:48 +01:00
SECURITY.md
adds and links new security policy
2021-07-09 11:52:16 +02:00
setup-submodules.sh
Do not set the stack size outside prod (#415)
2021-11-30 18:11:42 +01:00
setup.sh
Fix libfido in configure (#499)
2022-06-13 13:46:15 +02:00

README.md

OpenSK logo

markdownlint pylint Cargo check Cargo format Coverage Status

OpenSK

This repository contains a Rust implementation of a FIDO2 authenticator. We developed OpenSK as a Tock OS application.

We intend to bring a full open source experience to security keys, from application to operating system. You can even 3D print your own open source enclosure! You can see OpenSK in action in this video on YouTube!

You are viewing the branch for developers. New features are developed here before they are stabilized. If you instead want to use the FIDO certified firmware, please go back to the stable branch.

FIDO2

The develop branch implements the CTAP2.1 specification. This branch is not FIDO certified. The implementation is backwards compatible to CTAP2.0. Additionally, OpenSK supports U2F, and non-discoverable credentials created with either protocol are compatible with the other.

⚠️ Disclaimer

This project is proof-of-concept and a research platform. It is NOT meant for a daily usage. It comes with a few limitations:

  • This branch is under development, and therefore less rigorously tested than the stable branch.
  • The cryptography implementations are not resistent against side-channel attacks.

We're still in the process of integrating the ARM® CryptoCell-310 embedded in the Nordic nRF52840 chip to enable hardware-accelerated cryptography. Our placeholder implementations of required cryptography algorithms (ECDSA, ECC secp256r1, HMAC-SHA256 and AES256) in Rust are research-quality code. They haven't been reviewed and don't provide constant-time guarantees.

Hardware

You will need one the following supported boards:

Installation

To install OpenSK,

  1. follow the general setup steps,
  2. then continue with the instructions for your specific hardware:

To test whether the installation was successful, visit a demo website and try to register and login. Please check our Troubleshooting and Debugging section if you have problems with the installation process or during development. To find out what else you can do with your OpenSK, see Customization.

Contributing

See Contributing.md.

Reporting a Vulnerability

See SECURITY.md.

Reference in New Issue View Git Blame Copy Permalink
Description
OpenSK is an open-source implementation for security keys written in Rust that supports both FIDO U2F and FIDO2 standards.
ctap2embeddedfido2firmwarehardwareopenskrustsecuritysecurity-keytocktock-osu2fwebauthn
Readme 8.8 MiB
Languages
Rust 93.1%
Python 5%
Shell 1.5%
Makefile 0.4%