OpenSK is an open-source implementation for security keys written in Rust that supports both FIDO U2F and FIDO2 standard.
This repository contains a Rust implementation of a FIDO2 authenticator.
We developed this as a Tock OS application and it has been successfully tested on the following boards:
FIDO2
Although we tested and implemented our firmware based on the published CTAP2.0 specifications, our implementation was not reviewed nor officially tested and doesn’t claim to be FIDO Certified.
Cryptography
We’re currently still in the process on making the ARM® CryptoCell-310 embedded in the Nordic nRF52840 chip work to get hardware-accelerated cryptography. In the meantime we implemented the required cryptography algorithms (ECDSA, ECC secp256r1, HMAC-SHA256 and AES256) in Rust as a placeholder.
Those implementations are research-quality code and haven’t been reviewed. They don’t provide constant-time guarantees and are not designed to be resistant against side-channel attacks.
Installation
For a more detailed guide, please refer to our installation guide.
./setup.sh
# Nordic nRF52840-DK board
board=nrf52840dk ./deploy.sh os app
# Nordic nRF52840-Dongle
board=nrf52840_dongle ./deploy.sh os app
./deploy.sh app
root
privileges to interact with the key. For that purpose we provide a udev rule file that can be installed with the following command: sudo cp rules.d/55-opensk.rules /etc/udev/rules.d/ &&
sudo udevadm control –reload
Customization
If you build your own security key, depending on the hardware you use, there are a few things you can personalize:
ctap/mod.rs
. It is mandatory for U2F, and you can create your own self-signed certificate. The flag is used for FIDO2 and has some privacy implications. Please check WebAuthn for more information.ctap/mod.rs
only turns them off for FIDO2. The most privacy preserving solution is individual or no signature counters. Again, please check WebAuthn for documentation.ctap/storage.rs
.3D Printed Enclosure
To protect and carry your key, we partnered with a professional designer and we are providing a custom enclosure that can be printed on both professional 3D printers and hobbyist models.
All the required files can be downloaded from Thingiverse including the STEP file, allowing you to easily make the modifications you need to further customize it.
Disclaimer
This project is proof-of-concept and a research platform. It’s still under development and as such comes with a few limitations:
shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…
Extract and execute a PE embedded within a PNG file using an LNK file. The…
Embark on the journey of becoming a certified Red Team professional with our definitive guide.…
This repository contains proof of concept exploits for CVE-2024-5836 and CVE-2024-6778, which are vulnerabilities within…
This took me like 4 days (+2 days for an update), but I got it…
MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection. Its foundation is…