sirp 2.0.0 → 2.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 5c52dff2045e6a63899115731fa0b6b47c211e83
-  data.tar.gz: b39d228ae76c0afb76e228203025ef9c3ebfd33d
+SHA256:
+  metadata.gz: 328294062ce7ee27d99e91e5449118300d85a1da742f1e3b86d5eac30c6ddee1
+  data.tar.gz: 8cb725290d951fb0cff234363d1365381466177b67c928a87491e3acd59a0fcc
 SHA512:
-  metadata.gz: e13201e91458fd8f6d69e70482038a37007bd8faff54ca83c2b4ffa87be1f4906a49480ef3256152dde8b18fd1955566dbfc4b733ad1257fe159077aa8456f06
-  data.tar.gz: 2f129346aa66933aecbdb7ed76d26e32ac67a423a03ae291e3d995c9e8c1de6a3786bfa1c7975556f3d0d648da5097a88635aa2eff8dae544df1c2c121a58fe0
+  metadata.gz: 771d1d636d5ef9d93842e9bdcee6bf66628c6143834d9e0eb46e7fdfa15ddb8c2f83b309367495652ce5b2e963ebb97814ca0baf1762346a2bcd53c2daeed041
+  data.tar.gz: 6827b625f7abc11d8d9c08a6f0ff456e6719b3b69fa74189e9ed868e0ca48cae58e30685662fdaed5bf83c7a640fb7b58e9eba302dca56325eda3c6189e327f9

data/.ruby-version

@@ -0,0 +1 @@
+2.4.0

data/.travis.yml

@@ -1,6 +1,6 @@
 language: ruby
 rvm:
-  - 2.1.0
-  - 2.2.4
-  - 2.3.1
-before_install: gem install bundler -v 1.12.1
+  - 2.3.3
+  - 2.4.0
+  - 2.6.3
+before_install: gem install bundler -v 2.0.2

data/CHANGELOG.md

@@ -1,5 +1,13 @@
 # CHANGELOG
 
+## v2.0.1 (8/14/2019)
+
+- Modernization of dependencies.
+- Fix issue with string keys for the proof. Fixes https://github.com/grempe/sirp/issues/7
+- Update supported Ruby versions in travis tests
+- Remove the unused and deprecated rbnacl-libsodium dependency
+- Removed RubyGem signing process and verification
+
 ## v2.0.0 (9/20/2016)
 
 Initial release after shake-down in a real app.

data/README.md

@@ -1,7 +1,6 @@
 # SiRP : Secure (interoperable) Remote Password Authentication
 
 [![Gem Version](https://badge.fury.io/rb/sirp.svg)](https://badge.fury.io/rb/sirp)
-[![Dependency Status](https://gemnasium.com/badges/github.com/grempe/sirp.svg)](https://gemnasium.com/github.com/grempe/sirp)
 [![Build Status](https://travis-ci.org/grempe/sirp.svg?branch=master)](https://travis-ci.org/grempe/sirp)
 [![Coverage Status](https://coveralls.io/repos/github/grempe/sirp/badge.svg?branch=master)](https://coveralls.io/github/grempe/sirp?branch=master)
 [![Code Climate](https://codeclimate.com/github/grempe/sirp/badges/gpa.svg)](https://codeclimate.com/github/grempe/sirp)
@@ -56,13 +55,9 @@ You can check my documentation quality score at
 
 ## Supported Platforms
 
-SiRP is continuously integration tested on the following Ruby VMs:
+SiRP is continuously integration tested on the versions of MRI Ruby found in the `.travis.yml` file.
 
-* MRI 2.1
-* MRI 2.2
-* MRI 2.3
-
-Ruby versions < 2.1 are not supported.
+This may work with other Ruby versions, but they are not supported.
 
 ## Installation
 
@@ -73,6 +68,7 @@ gem 'sirp', '~> 2.0'
 ```
 
 And then execute:
+
 ```sh
 $ bundle
 ```
@@ -83,55 +79,6 @@ Or install it yourself as:
 $ gem install sirp
 ```
 
-### Installation Security : Signed Ruby Gem
-
-The SiRP gem is cryptographically signed. To be sure the gem you install hasn’t
-been tampered with you can install it using the following method:
-
-Add my public key (if you haven’t already) as a trusted certificate
-
-```
-# Caveat: Gem certificates are trusted globally, such that adding a
-# cert.pem for one gem automatically trusts all gems signed by that cert.
-gem cert --add <(curl -Ls https://raw.github.com/grempe/sirp/master/certs/gem-public_cert_grempe.pem)
-```
-
-To install, it is possible to specify either `HighSecurity` or `MediumSecurity`
-mode. Since the `sirp` gem depends on one or more gems that are not cryptographically
-signed you will likely need to use `MediumSecurity`. You should receive a warning
-if any signed gem does not match its signature.
-
-```
-# All dependent gems must be signed and verified.
-gem install sirp -P HighSecurity
-```
-
-```
-# All signed dependent gems must be verified.
-gem install sirp -P MediumSecurity
-```
-
-```
-# Same as above, except Bundler only recognizes
-# the long --trust-policy flag, not the short -P
-bundle --trust-policy MediumSecurity
-```
-
-You can [learn more about security and signed Ruby Gems](http://guides.rubygems.org/security/).
-
-### Installation Security : Signed Git Commits
-
-Most, if not all, of the commits and tags to the repository for this code are
-signed with my PGP/GPG code signing key. I have uploaded my code signing public
-keys to GitHub and you can now verify those signatures with the GitHub UI.
-See [this list of commits](https://github.com/grempe/sirp/commits/master)
-and look for the `Verified` tag next to each commit. You can click on that tag
-for additional information.
-
-You can also clone the repository and verify the signatures locally using your
-own GnuPG installation. You can find my certificates and read about how to conduct
-this verification at [https://www.rempe.us/keys/](https://www.rempe.us/keys/).
-
 ## Compatibility
 
 This implementation has been tested for compatibility with the following SRP-6a
@@ -217,7 +164,7 @@ API and is not intended to be a 'copy & paste' code sample since the
 client and server interaction is something left up to the implementer and likely
 different in every case.
 
-``` ruby
+```ruby
 require 'sirp'
 
 username     = 'user'

data/RELEASE.md

@@ -27,34 +27,9 @@ $ vi CHANGELOG.md
 $ git add CHANGELOG.md
 ```
 
-## Local Build and Install w/ Signed Gem
-
-The `build` step should ask for PEM passphrase to sign gem. If it does
-not ask it means that the signing cert is not present.
-
-Build:
-
-```sh
-$ rake build
-Enter PEM pass phrase:
-sirp x.x.x built to pkg/sirp-x.x.x.gem
-```
-
-Install locally w/ Cert:
-
-```sh
-$ gem uninstall sirp
-$ rbenv rehash
-$ gem install pkg/tss-x.x.x.gem -P MediumSecurity
-Successfully installed sirp-x.x.x
-1 gem installed
-```
-
 ## Git Commit Version and CHANGELOG Changes, Tag and push to Github
 
 ```sh
-$ git add lib/tss/version.rb
-$ git add CHANGELOG.md
 $ git commit -m 'Bump version v2.0.0'
 $ git tag -s v2.0.0 -m "v2.0.0" SHA1_OF_COMMIT
 ```

data/lib/sirp.rb

@@ -1,8 +1,6 @@
 require 'openssl'
 require 'digest'
-require 'rbnacl/libsodium'
 require 'sysrandom/securerandom'
-require 'hashie'
 require 'sirp/sirp'
 require 'sirp/parameters'
 require 'sirp/client'

data/lib/sirp/verifier.rb

@@ -66,6 +66,14 @@ module SIRP
       }
     end
 
+    def symbolize_keys_deep!(h)
+      h.keys.each do |k|
+        ks = k.respond_to?(:to_sym) ? k.to_sym : k
+        h[ks] = h.delete k # Preserve order even when k == ks
+        symbolize_keys_deep! h[ks] if h[ks].kind_of? Hash
+      end
+    end
+
     #
     # Phase 2 : Step 1 : See Client#start_authentication
     #
@@ -86,8 +94,7 @@ module SIRP
     # @return [String, false] the H_AMK value in hex for the client, or false if verification failed
     def verify_session(proof, client_M)
       raise ArgumentError, 'proof must be a hash' unless proof.is_a?(Hash)
-      # gracefully handle string or symbol keys
-      Hashie.symbolize_keys!(proof)
+      symbolize_keys_deep!(proof)
       raise ArgumentError, 'proof must have required hash keys' unless proof.keys == [:A, :B, :b, :I, :s, :v]
       raise ArgumentError, 'client_M must be a string' unless client_M.is_a?(String)
       raise ArgumentError, 'client_M must be a hex string' unless client_M =~ /^[a-fA-F0-9]+$/
@@ -121,3 +128,4 @@ module SIRP
     end
   end
 end
+

data/lib/sirp/version.rb

@@ -1,3 +1,3 @@
 module SIRP
-  VERSION = '2.0.0'.freeze
+  VERSION = '2.0.1'.freeze
 end

data/sirp.gemspec

@@ -35,15 +35,13 @@ Gem::Specification.new do |spec|
   spec.require_paths = ['lib']
 
   # See : https://bugs.ruby-lang.org/issues/9569
-  spec.add_runtime_dependency 'rbnacl-libsodium', '~> 1.0'
   spec.add_runtime_dependency 'sysrandom', '~> 1.0'
-  spec.add_runtime_dependency 'hashie', '~> 3.4'
 
   spec.add_development_dependency 'bundler'
   spec.add_development_dependency 'rake'
   spec.add_development_dependency 'rspec', '~> 3.4'
-  spec.add_development_dependency 'pry', '~> 0.10'
+  spec.add_development_dependency 'pry', '~> 0.12'
   spec.add_development_dependency 'coveralls', '~> 0.8'
-  spec.add_development_dependency 'coco', '~> 0.14'
+  spec.add_development_dependency 'coco', '~> 0.15'
   spec.add_development_dependency 'wwtd', '~> 1.3'
 end

metadata

@@ -1,52 +1,16 @@
 --- !ruby/object:Gem::Specification
 name: sirp
 version: !ruby/object:Gem::Version
-  version: 2.0.0
+  version: 2.0.1
 platform: ruby
 authors:
 - Glenn Rempe
 - lamikae
 autorequire: 
 bindir: exe
-cert_chain:
-- |
-  -----BEGIN CERTIFICATE-----
-  MIIDYDCCAkigAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQ4wDAYDVQQDDAVnbGVu
-  bjEVMBMGCgmSJomT8ixkARkWBXJlbXBlMRIwEAYKCZImiZPyLGQBGRYCdXMwHhcN
-  MTYwNDExMDI0NTU0WhcNMTcwNDExMDI0NTU0WjA7MQ4wDAYDVQQDDAVnbGVubjEV
-  MBMGCgmSJomT8ixkARkWBXJlbXBlMRIwEAYKCZImiZPyLGQBGRYCdXMwggEiMA0G
-  CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZqTH5Jf+D/W2B4BIiL49CpHa86rK/
-  oT+v3xZwuEE92lJea+ygn3IAsidVTW47AKE6Lt3UqUkGQGKxsqH/Dhir08BqjLlD
-  gBUozGZpM3B6uWZnD6QXLbOmZeGVDnwB/QDfzaawN1i3smlYxYT+KNLjl80aN3we
-  /cHAWG7JG47AF/S91mYcg1WgZnDgZt9+RyVR1AsfYbM+SidOSoXEOHPCbuUxLKJb
-  gj5ieCFhm5GNWEugvgiX/ruas+VHV0fF3fzjYlU2fZPTuQyB4UD5FWX4UqdsBf3w
-  jB94TDBsJ3FVGPbggEhLGKd8pbQmBIOqXolGaqhs7dnuf5imu5mAXHC1AgMBAAGj
-  bzBtMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdDgQWBBRfxEyosUbKjfFa
-  j+gae2CcT3aFCTAZBgNVHREEEjAQgQ5nbGVubkByZW1wZS51czAZBgNVHRIEEjAQ
-  gQ5nbGVubkByZW1wZS51czANBgkqhkiG9w0BAQUFAAOCAQEAzgK20+MNOknR9Kx6
-  RisI3DsioCADjGldxY+INrwoTfPDVmNm4GdTYC+V+/BvxJw1RqHjEbuXSg0iibQC
-  4vN+th0Km7dnas/td1i+EKfGencfyQyecIaG9l3kbCkCWnldRtZ+BS5EfP2ML2u8
-  fyCtze/Piovu8IwXL1W5kGZMnvzLmWxdqI3VPUou40n8F+EiMMLgd53kpzjtNOau
-  4W+mqVGOwlEGVSgI5+0SIsD8pvc62PlPWTv0kn1bcufKKCZmoVmpfbe3j4JpBInq
-  zieXiXZSAojfFx9g91fKdIrlPbInHU/BaCxXSLBwvOM0drE+c2ue9X8gB55XAhzX
-  37oBiw==
-  -----END CERTIFICATE-----
-date: 2016-09-21 00:00:00.000000000 Z
+cert_chain: []
+date: 2019-08-14 00:00:00.000000000 Z
 dependencies:
-- !ruby/object:Gem::Dependency
-  name: rbnacl-libsodium
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.0'
 - !ruby/object:Gem::Dependency
   name: sysrandom
   requirement: !ruby/object:Gem::Requirement
@@ -61,20 +25,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.0'
-- !ruby/object:Gem::Dependency
-  name: hashie
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3.4'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3.4'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -123,14 +73,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.10'
+        version: '0.12'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.10'
+        version: '0.12'
 - !ruby/object:Gem::Dependency
   name: coveralls
   requirement: !ruby/object:Gem::Requirement
@@ -151,14 +101,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.14'
+        version: '0.15'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.14'
+        version: '0.15'
 - !ruby/object:Gem::Dependency
   name: wwtd
   requirement: !ruby/object:Gem::Requirement
@@ -186,6 +136,7 @@ files:
 - ".coco.yml"
 - ".gitignore"
 - ".rubocop.yml"
+- ".ruby-version"
 - ".travis.yml"
 - ".yardopts"
 - CHANGELOG.md
@@ -226,8 +177,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.5.1
+rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
 summary: Secure (interoperable) Remote Password Auth (SRP-6a)

metadata.gz.sig

@@ -1,3 +0,0 @@
-��	�_p���*L!'V��>?�#<��٥��5�:��w
-�ޘ�[�
-X�Z/���1��Q�8X�#x
�i+��t�-��^�|�aO�q��g�#�g\pG�C��{R\uKY��m%���:������O�~��g���Z0j��M��j׎##c