tss 0.1.1 → 0.2.0

data/lib/tss/combiner.rb

@@ -1,18 +1,24 @@
 module TSS
-  class Combiner  < Dry::Types::Struct
+  # Combiner has responsibility for combining an Array of String shares back
+  # into the original secret the shares were split from. It is also responsible
+  # for doing extensive validation of user provided shares and ensuring
+  # that any recovered secret matches the hash of the original secret.
+  class Combiner
+    include Contracts::Core
     include Util
 
-    # dry-types
-    constructor_type(:schema)
+    C = Contracts
 
-    attribute :shares, Types::Strict::Array
-      .constrained(min_size: 1)
-      .constrained(max_size: 255)
-      .member(Types::Strict::String)
+    attr_reader :shares, :select_by
 
-    attribute :select_by, Types::Strict::String
-      .enum('first', 'sample', 'combinations')
-      .default('first')
+    Contract ({ :shares => C::ArrayOf[String], :select_by => C::Maybe[C::Enum['first', 'sample', 'combinations']] }) => C::Any
+    def initialize(opts = {})
+      # clone the incoming shares so the object passed to this
+      # function doesn't get modified.
+      @shares = opts.fetch(:shares).clone
+      raise TSS::ArgumentError, 'Invalid number of shares. Must be between 1 and 255' unless @shares.size.between?(1,255)
+      @select_by = opts.fetch(:select_by, 'first')
+    end
 
     # To reconstruct a secret from a set of shares, the following
     # procedure, or any equivalent method, is used:
@@ -44,8 +50,9 @@ module TSS
     #   contains the octet from the ith share.  The value of I(U, V) is
     #   computed, then appended to the output string.
     #
-    #   The output string is returned.
+    #   The output string is returned (along with some metadata).
     #
+    # rubocop:disable CyclomaticComplexity
     def combine
       # unwrap 'human' shares into binary shares
       if all_shares_appear_human?(shares)
@@ -53,7 +60,6 @@ module TSS
       end
 
       validate_all_shares(shares)
-      orig_shares_size = shares.size
       start_processing_time = Time.now
 
       h          = Util.extract_share_header(shares.sample)
@@ -61,23 +67,17 @@ module TSS
       identifier = h[:identifier]
       hash_id    = h[:hash_id]
 
-      # If there are more shares than the threshold would require
-      # then choose a subset of the shares based on preference.
-      if shares.size > threshold
-        case select_by
-        when 'first'
-          @shares = shares.shift(threshold)
-        when 'sample'
-          @shares = shares.sample(threshold)
-        when 'combinations'
-          share_combinations_mode_allowed!(hash_id)
-          share_combinations_out_of_bounds!(shares, threshold)
-        end
+      # Select a subset of the shares provided using the chosen selection
+      # method. If there are exactly the right amount of shares this is a no-op.
+      if select_by == 'first'
+        @shares = shares.shift(threshold)
+      elsif select_by == 'sample'
+        @shares = shares.sample(threshold)
       end
 
       # slice out the data after the header bytes in each share
       # and unpack the byte string into an Array of Byte Arrays
-      shares_bytes = shares.collect do |s|
+      shares_bytes = shares.map do |s|
         bytestring = s.byteslice(Splitter::SHARE_HEADER_STRUCT.size..s.bytesize)
         bytestring.unpack('C*') unless bytestring.nil?
       end.compact
@@ -85,9 +85,13 @@ module TSS
       shares_bytes_have_valid_indexes!(shares_bytes)
 
       if select_by == 'combinations'
+        share_combinations_mode_allowed!(hash_id)
+        share_combinations_out_of_bounds!(shares, threshold)
+
         # Build an Array of all possible `threshold` size combinations.
         share_combos = shares_bytes.combination(threshold).to_a
 
+        # Try each combination until one works.
         secret = nil
         while secret.nil? && share_combos.present?
           # Check a combination and shift it off the Array
@@ -99,34 +103,41 @@ module TSS
         secret = extract_secret_from_shares!(hash_id, shares_bytes)
       end
 
+      # Return a Hash with the secret and metadata
       {
-        hash_alg: Hasher.key_from_code(hash_id).to_s,
+        hash: secret[:hash],
+        hash_alg: secret[:hash_alg].to_s,
         identifier: identifier,
-        num_shares_provided: orig_shares_size,
-        num_shares_used: share_combos.present? ? share_combos.first.size : shares.size,
-        processing_started_at: start_processing_time.utc.iso8601,
-        processing_finished_at: Time.now.utc.iso8601,
-        processing_time_ms: ((Time.now - start_processing_time)*1000).round(2),
-        secret: Util.bytes_to_utf8(secret),
-        shares_select_by: select_by,
-        combinations: share_combos.present? ? share_combos.size : nil,
+        process_time: ((Time.now - start_processing_time)*1000).round(2),
+        secret: Util.bytes_to_utf8(secret[:secret]),
         threshold: threshold
       }
     end
+    # rubocop:enable CyclomaticComplexity
 
     private
 
+    # Given a hash ID and an Array of Arrays of Share Bytes, extract a secret
+    # and validate it against any one-way hash that was embedded in the shares
+    # along with the secret.
+    #
+    # @param hash_id [Integer] the ID of the one-way hash function to test with
+    # @param shares_bytes [Array<Array>] the shares as Byte Arrays to be evaluated
+    # @return [Array<Integer>] returns the secret as an Array of Bytes if it was recovered from the shares and validated
+    # @raise [TSS::NoSecretError] if the secret was not able to be recovered (with no hash)
+    # @raise [TSS::InvalidSecretHashError] if the secret was able to be recovered but the hash test failed
+    Contract C::Int, C::ArrayOf[C::ArrayOf[C::Num]] => ({ :secret => C::ArrayOf[C::Num], :hash => C::Maybe[String], :hash_alg => C::Enum[:NONE, :SHA1, :SHA256] })
     def extract_secret_from_shares!(hash_id, shares_bytes)
       secret = []
 
       # build up an Array of index values from each share
       # u[i] equal to the first octet of the ith share
-      u = shares_bytes.collect { |s| s[0] }
+      u = shares_bytes.map { |s| s[0] }
 
       # loop through each byte in all the shares
       # start at Array index 1 in each share's Byte Array to skip the index
       (1..(shares_bytes.first.length - 1)).each do |i|
-        v = shares_bytes.collect { |share| share[i] }
+        v = shares_bytes.map { |share| share[i] }
         secret << Util.lagrange_interpolation(u, v)
       end
 
@@ -139,30 +150,39 @@ module TSS
         # RTSS : pop off the hash digest bytes from the tail of the secret. This
         # leaves `secret` with only the secret bytes remaining.
         orig_hash_bytes = secret.pop(Hasher.bytesize(hash_alg))
+        orig_hash_hex = Util.bytes_to_hex(orig_hash_bytes)
 
         # RTSS : verify that the recombined secret computes the same hash
         # digest now as when it was originally created.
         new_hash_bytes = Hasher.byte_array(hash_alg, Util.bytes_to_utf8(secret))
+        new_hash_hex = Util.bytes_to_hex(new_hash_bytes)
 
-        if Util.secure_compare(Util.bytes_to_hex(orig_hash_bytes), Util.bytes_to_hex(new_hash_bytes))
-          return secret
-        else
+        unless Util.secure_compare(orig_hash_hex, new_hash_hex)
           raise TSS::InvalidSecretHashError, 'invalid shares, hash of secret does not equal embedded hash'
         end
+      end
+
+      if secret.present?
+        return { secret: secret, hash: orig_hash_hex, hash_alg: hash_alg }
       else
-        if secret.present?
-          return secret
-        else
-          raise TSS::NoSecretError, 'invalid shares, unable to recombine into a verifiable secret'
-        end
+        raise TSS::NoSecretError, 'invalid shares, unable to recombine into a verifiable secret'
       end
     end
 
-    # strip off leading padding chars ("\u001F", decimal 31)
+    # Strip off leading padding chars ("\u001F", decimal 31)
+    #
+    # @param secret [Array<Integer>] the secret to be stripped
+    # @return [Array<Integer>,nil] returns the secret, stripped of the leading padding char
+    Contract C::ArrayOf[C::Num] => C::Maybe[Array]
     def strip_left_pad(secret)
       secret.shift while secret.first == 31
     end
 
+    # Do all of the shares match the pattern expected of human style shares?
+    #
+    # @param shares [Array<String>] the shares to be evaluated
+    # @return [true,false] returns true if all shares match the patterns, false if not
+    Contract C::ArrayOf[String] => C::Bool
     def all_shares_appear_human?(shares)
       shares.all? do |s|
         # test for starting with 'tss' since regex match against
@@ -171,8 +191,14 @@ module TSS
       end
     end
 
+    # Convert an Array of human style shares to binary style
+    #
+    # @param shares [Array<String>] the shares to be converted
+    # @return [Array<String>] returns an Array of String shares in binary octet String format
+    # @raise [TSS::ArgumentError] if shares appear invalid
+    Contract C::ArrayOf[String] => C::ArrayOf[String]
     def convert_shares_human_to_binary(shares)
-      shares.collect do |s|
+      shares.map do |s|
         s_b64 = s.match(Util::HUMAN_SHARE_RE)
         if s_b64.present? && s_b64.to_a[1].present?
           begin
@@ -187,60 +213,97 @@ module TSS
       end
     end
 
-    def valid_header?(header)
-      header.is_a?(Hash) &&
-        header.key?(:identifier) &&
-        header[:identifier].is_a?(String) &&
-        header.key?(:hash_id) &&
-        header[:hash_id].is_a?(Integer) &&
-        header.key?(:threshold) &&
-        header[:threshold].is_a?(Integer) &&
-        header.key?(:share_len) &&
-        header[:share_len].is_a?(Integer)
-    end
-
+    # Do all shares have a common Byte size? They are invalid if not.
+    #
+    # @param shares [Array<String>] the shares to be evaluated
+    # @return [true] returns true if all shares have the same Byte size
+    # @raise [TSS::ArgumentError] if shares appear invalid
+    Contract C::ArrayOf[String] => C::Bool
     def shares_have_same_bytesize!(shares)
       shares.each do |s|
         unless s.bytesize == shares.first.bytesize
           raise TSS::ArgumentError, 'invalid shares, different byte lengths'
         end
       end
+      return true
     end
 
+    # Do all shares have a valid header and match each other? They are invalid if not.
+    #
+    # @param shares [Array<String>] the shares to be evaluated
+    # @return [true] returns true if all shares have the same header
+    # @raise [TSS::ArgumentError] if shares appear invalid
+    Contract C::ArrayOf[String] => C::Bool
     def shares_have_valid_headers!(shares)
       fh = Util.extract_share_header(shares.first)
+
+      unless Contract.valid?(fh, ({ :identifier => String, :hash_id => C::Int, :threshold => C::Int, :share_len => C::Int }))
+        raise TSS::ArgumentError, 'invalid shares, headers have invalid structure'
+      end
+
       shares.each do |s|
-        h = Util.extract_share_header(s)
-        unless valid_header?(h) && h == fh
-          raise TSS::ArgumentError, 'invalid shares, bad headers'
+        unless Util.extract_share_header(s) == fh
+          raise TSS::ArgumentError, 'invalid shares, headers do not match'
         end
       end
+
+      return true
     end
 
+    # Do all shares have a the expected length? They are invalid if not.
+    #
+    # @param shares [Array<String>] the shares to be evaluated
+    # @return [true] returns true if all shares have the same header
+    # @raise [TSS::ArgumentError] if shares appear invalid
+    Contract C::ArrayOf[String] => C::Bool
     def shares_have_expected_length!(shares)
       shares.each do |s|
         unless s.bytesize > Splitter::SHARE_HEADER_STRUCT.size + 1
           raise TSS::ArgumentError, 'invalid shares, too short'
         end
       end
+      return true
     end
 
+    # Were enough shares provided to meet the threshold? They are invalid if not.
+    #
+    # @param shares [Array<String>] the shares to be evaluated
+    # @return [true] returns true if there are enough shares
+    # @raise [TSS::ArgumentError] if shares appear invalid
+    Contract C::ArrayOf[String] => C::Bool
     def shares_meet_threshold_min!(shares)
       fh = Util.extract_share_header(shares.first)
       unless shares.size >= fh[:threshold]
         raise TSS::ArgumentError, 'invalid shares, fewer than threshold'
+      else
+        return true
       end
     end
 
+    # Were enough shares provided to meet the threshold? They are invalid if not.
+    #
+    # @param shares [Array<String>] the shares to be evaluated
+    # @return [true] returns true if all tests pass
+    Contract C::ArrayOf[String] => C::Bool
     def validate_all_shares(shares)
-      shares_have_valid_headers!(shares)
-      shares_have_same_bytesize!(shares)
-      shares_have_expected_length!(shares)
-      shares_meet_threshold_min!(shares)
+      if shares_have_valid_headers!(shares) &&
+          shares_have_same_bytesize!(shares) &&
+          shares_have_expected_length!(shares) &&
+          shares_meet_threshold_min!(shares)
+        return true
+      else
+        return false
+      end
     end
 
+    # Do all the shares have a valid first-byte index? They are invalid if not.
+    #
+    # @param shares_bytes [Array<Array>] the shares as Byte Arrays to be evaluated
+    # @return [true] returns true if there are enough shares
+    # @raise [TSS::ArgumentError] if shares appear invalid
+    Contract C::ArrayOf[C::ArrayOf[C::Num]] => C::Bool
     def shares_bytes_have_valid_indexes!(shares_bytes)
-      u = shares_bytes.collect do |s|
+      u = shares_bytes.map do |s|
         raise TSS::ArgumentError, 'invalid shares, no index' if s[0].blank?
         raise TSS::ArgumentError, 'invalid shares, zero index' if s[0] == 0
         s[0]
@@ -248,25 +311,46 @@ module TSS
 
       unless u.uniq.size == shares_bytes.size
         raise TSS::ArgumentError, 'invalid shares, duplicate indexes'
+      else
+        return true
       end
     end
 
+    # Is it valid to use combinations mode? Only when there is an embedded non-zero
+    # hash_id Integer to test the results against. Invalid if not.
+    #
+    # @param hash_id [Integer] the shares as Byte Arrays to be evaluated
+    # @return [true] returns true if OK to use combinations mode
+    # @raise [TSS::ArgumentError] if hash_id represents a non hashing type
+    Contract C::Int => C::Bool
     def share_combinations_mode_allowed!(hash_id)
       unless Hasher.codes_without_none.include?(hash_id)
         raise TSS::ArgumentError, 'invalid options, combinations mode can only be used with hashed shares.'
+      else
+        return true
       end
     end
 
+    # Calculate the number of possible combinations when combinations mode is
+    # selected. Raise an exception if the possible combinations are too large.
+    #
+    # If this is not tested, the number of combinations can quickly grow into
+    # numbers that cannot be calculated before the end of the universe.
+    # e.g. 255 total shares, with threshold of 128, results in # combinations of:
+    # 2884329411724603169044874178931143443870105850987581016304218283632259375395
+    #
+    # @param shares [Array<String>] the shares to be evaluated
+    # @param threshold [Integer] the threshold value set in the shares
+    # @param max_combinations [Integer] the max (1_000_000) number of combinations allowed
+    # @return [true] returns true if a reasonable number of combinations
+    # @raise [TSS::ArgumentError] if the number of possible combinations is unreasonably high
+    Contract C::ArrayOf[String], C::Int, C::Int => C::Bool
     def share_combinations_out_of_bounds!(shares, threshold, max_combinations = 1_000_000)
-      # Raise if the number of combinations is too high.
-      # If this is not checked, the number of combinations can quickly grow into
-      # numbers that cannot be calculated before the end of the universe.
-      # e.g. 255 total shares, with threshold of 128, results in # combinations of:
-      # 2884329411724603169044874178931143443870105850987581016304218283632259375395
-      #
       combinations = Util.calc_combinations(shares.size, threshold)
       if combinations > max_combinations
         raise TSS::ArgumentError, "invalid options, too many combinations (#{Util.int_commas(combinations)})"
+      else
+        return true
       end
     end
   end

data/lib/tss/hasher.rb

@@ -1,4 +1,6 @@
 module TSS
+  # Hasher is responsible for managing access to the various one-way hash
+  # functions that can be used to validate a secret.
   class Hasher
     HASHES = { NONE: { code: 0, bytesize: 0, hasher: nil },
                SHA1: { code: 1, bytesize: 20, hasher: Digest::SHA1 },
@@ -28,7 +30,7 @@ module TSS
     #
     # @return [Array<Integer>] all hash codes including NONE
     def self.codes
-      HASHES.collect do |_k, v|
+      HASHES.map do |_k, v|
         v[:code]
       end
     end
@@ -37,7 +39,7 @@ module TSS
     #
     # @return [Array<Integer>] all hash codes excluding NONE
     def self.codes_without_none
-      HASHES.collect do |_k, v|
+      HASHES.map do |_k, v|
         v[:code] if v[:code] > 0
       end.compact
     end

data/lib/tss/splitter.rb

@@ -1,46 +1,41 @@
 module TSS
-  class Splitter < Dry::Types::Struct
+  # Splitter has responsibility for splitting a secret into an Array of String shares.
+  class Splitter
+    include Contracts::Core
     include Util
 
-    SHARE_HEADER_STRUCT = BinaryStruct.new([
-                     'a16', :identifier,  # String, 16 Bytes, arbitrary binary string (null padded, count is width)
-                     'C', :hash_id,
-                     'C', :threshold,
-                     'n', :share_len
-                    ])
+    C = Contracts
 
-    # dry-types
-    constructor_type(:schema)
+    attr_reader :secret, :threshold, :num_shares, :identifier, :hash_alg, :format, :pad_blocksize
 
-    attribute :secret, Types::Strict::String
-      .constrained(min_size: 1)
+    Contract ({ :secret => String, :threshold => C::Maybe[C::Int], :num_shares => C::Maybe[C::Int], :identifier => C::Maybe[String], :hash_alg => C::Maybe[C::Enum['NONE', 'SHA1', 'SHA256']], :format => C::Maybe[C::Enum['binary', 'human']], :pad_blocksize => C::Maybe[C::Int] }) => C::Any
+    def initialize(opts = {})
+      @secret = opts.fetch(:secret)
+      raise TSS::ArgumentError, 'Invalid secret length. Must be between 1 and 65502' unless @secret.size.between?(1,65502)
 
-    attribute :threshold, Types::Coercible::Int
-      .constrained(gteq: 1)
-      .constrained(lteq: 255)
-      .default(3)
+      @threshold = opts.fetch(:threshold, 3)
+      raise TSS::ArgumentError, 'Invalid threshold size. Must be between 1 and 255' unless @threshold.between?(1,255)
 
-    attribute :num_shares, Types::Coercible::Int
-      .constrained(gteq: 1)
-      .constrained(lteq: 255)
-      .default(5)
+      @num_shares = opts.fetch(:num_shares, 5)
+      raise TSS::ArgumentError, 'Invalid num_shares size. Must be between 1 and 255' unless @num_shares.between?(1,255)
 
-    attribute :identifier, Types::Strict::String
-      .constrained(min_size: 0)
-      .constrained(max_size: 16)
-      .default { SecureRandom.hex(8) }
-      .constrained(format: /^[a-zA-Z0-9\-\_\.]*$/i) # 0 or more of these chars
+      @identifier = opts.fetch(:identifier, SecureRandom.hex(8))
+      raise TSS::ArgumentError, 'Invalid identifier characters' unless @identifier =~ /^[a-zA-Z0-9\-\_\.]*$/i
+      raise TSS::ArgumentError, 'Invalid identifier size. Must be between 0 and 16' unless @identifier.size.between?(0,16)
 
-    attribute :hash_alg, Types::Strict::String.enum('NONE', 'SHA1', 'SHA256')
-      .default('SHA256')
+      @hash_alg = opts.fetch(:hash_alg, 'SHA256')
+      @format = opts.fetch(:format, 'human')
 
-    attribute :format, Types::Strict::String.enum('binary', 'human')
-      .default('binary')
+      @pad_blocksize = opts.fetch(:pad_blocksize, 0)
+      raise TSS::ArgumentError, 'Invalid pad_blocksize size. Must be between 0 and 255' unless @pad_blocksize.between?(0,255)
+    end
 
-    attribute :pad_blocksize, Types::Coercible::Int
-      .constrained(gteq: 0)
-      .constrained(lteq: 255)
-      .default(0)
+    SHARE_HEADER_STRUCT = BinaryStruct.new([
+                     'a16', :identifier,  # String, 16 Bytes, arbitrary binary string (null padded, count is width)
+                     'C', :hash_id,
+                     'C', :threshold,
+                     'n', :share_len
+                    ])
 
     # To split a secret into a set of shares, the following
     # procedure, or any equivalent method, is used:
@@ -112,7 +107,13 @@ module TSS
       #
       secret_bytes.each do |byte|
         # Unpack random Byte String into Byte Array of 8 bit unsigned Integers
-        r = SecureRandom.random_bytes(threshold - 1).unpack('C*')
+        # Using a conditional test for now due to bug in sysrandom
+        # https://github.com/cryptosphere/sysrandom/issues/13
+        r = if threshold == 1
+          []
+        else
+          SecureRandom.random_bytes(threshold - 1).unpack('C*')
+        end
 
         # Build each share one byte at a time for each byte of the secret.
         shares.map! { |s| s << Util.f(s[0], [byte] + r) }
@@ -132,30 +133,67 @@ module TSS
 
     private
 
+    # The secret must be encoded with UTF-8 of US-ASCII or it is invalid.
+    #
+    # @param secret [String] a secret String
+    # @return [true] returns true if acceptable encoding
+    # @raise [TSS::ArgumentError] if invalid
     def secret_has_acceptable_encoding!(secret)
       unless secret.encoding.name == 'UTF-8' || secret.encoding.name == 'US-ASCII'
         raise TSS::ArgumentError, "invalid secret, must be a UTF-8 or US-ASCII encoded String not '#{secret.encoding.name}'"
+      else
+        return true
       end
     end
 
+    # The secret must not being with the padding character or it is invalid.
+    #
+    # @param secret [String] a secret String
+    # @return [true] returns true if String does not begin with padding character
+    # @raise [TSS::ArgumentError] if invalid
     def secret_does_not_begin_with_padding_char!(secret)
       if secret.slice(0) == "\u001F"
         raise TSS::ArgumentError, 'invalid secret, first byte of secret is the reserved left-pad character (\u001F)'
+      else
+        return true
       end
     end
 
+    # The num_shares must be greater than or equal to the threshold or it is invalid.
+    #
+    # @param threshold [Integer] the threshold value
+    # @param num_shares [Integer] the num_shares value
+    # @return [true] returns true if num_shares is >= threshold
+    # @raise [TSS::ArgumentError] if invalid
     def num_shares_not_less_than_threshold!(threshold, num_shares)
       if num_shares < threshold
         raise TSS::ArgumentError, "invalid num_shares, must be >= threshold (#{threshold})"
+      else
+        return true
       end
     end
 
+    # The total Byte size of the secret, including padding and hash, must be
+    # less than the max allowed Byte size or it is invalid.
+    #
+    # @param secret_bytes [Array<Integer>] the Byte Array containing the secret
+    # @return [true] returns true if num_shares is >= threshold
+    # @raise [TSS::ArgumentError] if invalid
     def secret_bytes_is_smaller_than_max_size!(secret_bytes)
       if secret_bytes.size >= 65_535
         raise TSS::ArgumentError, 'invalid secret, combined padded secret and hash are too large'
+      else
+        return true
       end
     end
 
+    # Construct a binary share header from its constituent parts.
+    #
+    # @param identifier [String] the unique identifier String
+    # @param hash_alg [String] the hash algorithm String
+    # @param threshold [Integer] the threshold value
+    # @param share_len [Integer] the length of the share in Bytes
+    # @return [String] returns an octet String of Bytes containing the binary header
     def share_header(identifier, hash_alg, threshold, share_len)
       SHARE_HEADER_STRUCT.encode(identifier: identifier,
                                  hash_id: Hasher.code(hash_alg),

data/lib/tss/tss.rb

@@ -1,11 +1,10 @@
 require 'digest'
 require 'base64'
-require 'securerandom'
+require 'sysrandom/securerandom'
 require 'binary_struct'
-require 'dry-types'
+require 'contracts'
 require 'tss/blank'
 require 'tss/version'
-require 'tss/types'
 require 'tss/util'
 require 'tss/hasher'
 require 'tss/splitter'
@@ -81,7 +80,7 @@ module TSS
 
     begin
       TSS::Splitter.new(opts).split
-    rescue Dry::Types::ConstraintError => e
+    rescue ParamContractError => e
       raise TSS::ArgumentError, e.message
     end
   end
@@ -135,7 +134,7 @@ module TSS
 
     begin
       TSS::Combiner.new(opts).combine
-    rescue Dry::Types::ConstraintError => e
+    rescue ParamContractError => e
       raise TSS::ArgumentError, e.message
     end
   end

data/lib/tss/util.rb

@@ -234,24 +234,16 @@ module TSS
     # @return [String] a hex String
     def self.bytes_to_hex(bytes)
       hex = ''
-      bytes.each { |b| hex += sprintf('%02x', b).upcase }
-      hex
+      bytes.each { |b| hex += sprintf('%02x', b) }
+      hex.downcase
     end
 
     # Convert a hex String to an Array of Bytes
     #
     # @param str [String] a hex String to convert
     # @return [Array<Integer>] an Array of Integer Bytes
-    # @raise [TSS::Error] if the hex value is not an even length
     def self.hex_to_bytes(str)
-      # clone so we don't destroy the original string passed in by slicing it.
-      strc = str.clone
-      bytes = []
-      len = strc.length
-      raise TSS::Error, 'invalid hex value, cannot be an odd length' if len.odd?
-      # slice off two hex chars at a time and convert them to an Integer Byte.
-      (len / 2).times { bytes << strc.slice!(0, 2).hex }
-      bytes
+      [str].pack('H*').unpack('C*')
     end
 
     # Convert a hex String to a UTF-8 String
@@ -299,7 +291,7 @@ module TSS
     def self.secure_compare(a, b)
       return false unless a.bytesize == b.bytesize
 
-      l = a.unpack("C*")
+      l = a.unpack('C*')
 
       r, i = 0, -1
       b.each_byte { |v| r |= v ^ l[i+=1] }

data/lib/tss/version.rb

@@ -1,3 +1,3 @@
 module TSS
-  VERSION = '0.1.1'.freeze
+  VERSION = '0.2.0'.freeze
 end

data/tss.gemspec

@@ -12,7 +12,7 @@ Gem::Specification.new do |spec|
   spec.required_ruby_version = '>= 2.1.0'
 
   cert = File.expand_path('~/.gem-certs/gem-private_key_grempe.pem')
-  if File.exist?(cert)
+  if cert && File.exist?(cert)
     spec.signing_key = cert
     spec.cert_chain = ['certs/gem-public_cert_grempe.pem']
   end
@@ -48,13 +48,16 @@ Gem::Specification.new do |spec|
   spec.executables   << 'tss'
   spec.require_paths = ['lib']
 
-  spec.add_dependency 'dry-types', '~> 0.7'
+  spec.add_dependency 'sysrandom', '~> 1.0'
+  spec.add_dependency 'contracts', '~> 0.14'
   spec.add_dependency 'binary_struct', '~> 2.1'
   spec.add_dependency 'thor', '~> 0.19'
 
-  spec.add_development_dependency 'bundler', '~> 1.11'
+  spec.add_development_dependency 'bundler', '~> 1.12'
   spec.add_development_dependency 'rake', '~> 11.1'
   spec.add_development_dependency 'minitest', '~> 5.0'
   spec.add_development_dependency 'pry', '~> 0.10'
-  spec.add_development_dependency 'coveralls'
+  spec.add_development_dependency 'coveralls', '~> 0.8'
+  spec.add_development_dependency 'coco', '~> 0.14'
+  spec.add_development_dependency 'wwtd', '~> 1.3'
 end