4a2217f025
* Interleave sending and receiving of packets to reduce latency in receiving of packets * Add patch to CtapUsbSyscallDriver * Minor tweaks from review * Log when overwritting an existing reply * Only log when 'debug_ctap' is enabled * Make ctap mod public, as per review * Rename send_or_recv to send_and_maybe_recv * fix typo * Don't process packets on other transport while doing keepalive * Don't process packets on other transport while doing keepalive * More accurately determine if reply has finished * Move comment closer to appropriate location * Add tests for canceling keepalive packets * Added a TODO for kaczmarczyck re ctap module being public * remove the unnecessary sleep()s * undo messed up commit * address pylint warnings * Fix merge mess up, and patch fido2 Usage Page * Fix up completely borked merge * Remove patch to FIDO usage, after #523. * remove obsolete aspects to diff Co-authored-by: kaczmarczyck <43844792+kaczmarczyck@users.noreply.github.com>
OpenSK
This repository contains a Rust implementation of a FIDO2 authenticator. We developed OpenSK as a Tock OS application.
We intend to bring a full open source experience to security keys, from application to operating system. You can even 3D print your own open source enclosure! You can see OpenSK in action in this video on YouTube!
You are viewing the branch for developers. New features are developed here before they are stabilized. If you instead want to use the FIDO certified firmware, please go back to the stable branch.
FIDO2
The develop branch implements the CTAP2.1 specification. This branch is not FIDO certified. The implementation is backwards compatible to CTAP2.0. Additionally, OpenSK supports U2F, and non-discoverable credentials created with either protocol are compatible with the other.
⚠️ Disclaimer
This project is proof-of-concept and a research platform. It is NOT meant for a daily usage. It comes with a few limitations:
- This branch is under development, and therefore less rigorously tested than the stable branch.
- The cryptography implementations are not resistent against side-channel attacks.
We're still in the process of integrating the ARM® CryptoCell-310 embedded in the Nordic nRF52840 chip to enable hardware-accelerated cryptography. Our placeholder implementations of required cryptography algorithms (ECDSA, ECC secp256r1, HMAC-SHA256 and AES256) in Rust are research-quality code. They haven't been reviewed and don't provide constant-time guarantees.
Hardware
You will need one the following supported boards:
- Nordic nRF52840-DK development kit. This board is more convenient for development and debug scenarios as the JTAG probe is already on the board.
- Nordic nRF52840 Dongle to have a more practical form factor.
- Makerdiary nRF52840-MDK USB dongle.
- Feitian OpenSK dongle.
Installation
To install OpenSK,
- follow the general setup steps,
- then continue with the instructions for your specific hardware:
To test whether the installation was successful, visit a demo website and try to register and login. Please check our Troubleshooting and Debugging section if you have problems with the installation process or during development. To find out what else you can do with your OpenSK, see Customization.
Contributing
See Contributing.md.
Reporting a Vulnerability
See SECURITY.md.