RubyGems - tss - Versions diffs - 0.3.0 → 0.4.0 - Mend

tss 0.3.0 → 0.4.0

Files changed (20) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: e448b355558f4f493400bac55a51fd14a8c56bf3
-  data.tar.gz: 537024e64cf91c9394784d76d9df61347add2041
+  metadata.gz: c3e63f35e23f40623afd002c3cba4e7a3407dd19
+  data.tar.gz: 54fb3ead58b69e1118e13dcd72da08705bed4276
 SHA512:
-  metadata.gz: b69d52a5340fda8078e46e1ed95dc4c5a6e4ffbb54b5ac0295dce9fc2633decacf61a7616dff3c838772e3bb9e97be110d6a819a07fbf04d7f4ef0e8cfac9491
-  data.tar.gz: 5cc4fa4acc4e920dda21772432512da25b46bf9a16ac960496e0eb8cd0c0b2a3b5da979e4863e5571d0dcaa3962202ee9ec8bc3c98eb589b05ef8e8f5e653a0b
+  metadata.gz: 1c1e218fbc97f5caee8f2975ac340313104807bd12a1d68b6e47a00ea3befea35c2cdc62785f428dbddd71289a55f3cbad6656438613a43029c41b52cf4b7d9b
+  data.tar.gz: 1a32eaaf782d3fe963451e2e1e1caff4c2fefe2e412b93ec47b8745eff6004773785fa9b9566a424ab15288b63cbc00957a547f59d7a1fa66e1c2420a423c936

checksums.yaml.gz.sig CHANGED Viewed

Binary file

data.tar.gz.sig CHANGED Viewed

Binary file

data/.yardopts CHANGED Viewed

	@@ -1 +1 @@
1	- --no-private lib/*/.rb - README.md LICENSE.txt CODE_OF_CONDUCT.md
1	+ --plugin contracts -e lib/tss/custom_contracts.rb --no-private lib/*/.rb - README.md LICENSE.txt CODE_OF_CONDUCT.md

data/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,14 @@
 # CHANGELOG
+## v0.4.0 (9/24/2016)
+* Breaking change to force upcasing of some addition string args
+* Use yard-contracts
+* yardoc cleanups
+* Remove int_commas utility method
+* Hash w/ sha256 a,b strings in secure_compare
+* Deeper Contracts integration
 ## v0.3.0 (9/24/2016)
 * Breaking change, identifier cannot be an empty string

data/README.md CHANGED Viewed

@@ -161,7 +161,7 @@ It may work on others as well.
 Add this line to your application's `Gemfile`:
 ```ruby
-gem 'tss', '~> 0.1'
+gem 'tss', '~> 0.3'
 ```
 And then execute:
@@ -296,7 +296,7 @@ tss~v1~546604c0b5e9138b~3~NTQ2NjA0YzBiNWU5MTM4YgIDAD8FqmJGRCiXokksUc3E1-gQNuNf2l
 You can use the CLI to enter shares in order to recover a secret. Of course
 you will need at least the number of shares necessary as determined
 by the threshold when your shares were created. The `threshold` is visible
-as the third field in every `human` formatted share.
+as the third field in every `HUMAN` formatted share.
 As with splitting a secret, there are also three methods of getting the shares
 into the CLI. `STDIN`, a path to a file containing shares, or interactively.
@@ -419,12 +419,12 @@ and then combined with it prior to secret splitting. This means that the hash
 is protected the same way as the secret. The algorithm used is
 `secret || hash(secret)`. You can use one of `NONE`, `SHA1`, or `SHA256`.
-The `format` arg takes a String Enum with either `'human'` (default) or
-`'binary'` values. This instructs the output of a split to either provide an
+The `format` arg takes an uppercase String Enum with either `'HUMAN'` (default) or
+`'BINARY'` values. This instructs the output of a split to either provide an
 array of binary octet strings (a standard RTSS format for interoperability), or
 a human friendly URL Safe Base 64 encoded version of that same binary output.
-The `human` format can be easily shared in a tweet, email, or even a URL. The
-`human` format is prefixed with `tss~VERSION~IDENTIFIER~THRESHOLD~` to make it
+The `HUMAN` format can be easily shared in a tweet, email, or even a URL. The
+`HUMAN` format is prefixed with `tss~VERSION~IDENTIFIER~THRESHOLD~` to make it
 easier to visually compare shares and see if they have matching identifiers and
 if you have enough shares to reach the threshold.
@@ -475,7 +475,7 @@ threshold  = 3
 num_shares = 5
 identifier = SecureRandom.hex(8)
 hash_alg   = 'SHA256'
-format     = 'human'
+format     = 'HUMAN'
 s = TSS.split(secret: secret, threshold: threshold, num_shares: num_shares, identifier: identifier, hash_alg: 'SHA256', pad_blocksize: 16, format: format)
@@ -523,23 +523,23 @@ of those shares are selected for use in the operation.  The method
 used to select the shares can be chosen with the `select_by:` argument
 which takes the following values as options:
-`select_by: 'first'` : If X shares are required by the threshold and more than X
+`select_by: 'FIRST'` : If X shares are required by the threshold and more than X
 shares are provided, then the first X shares in the Array of shares provided
 will be used. All others will be discarded and the operation will fail if
 those selected shares cannot recreate the secret.
-`select_by: 'sample'` : If X shares are required by the threshold and more than X
+`select_by: 'SAMPLE'` : If X shares are required by the threshold and more than X
 shares are provided, then X shares will be randomly selected from the Array
 of shares provided.  All others will be discarded and the operation will
 fail if those selected shares cannot recreate the secret.
-`select_by: 'combinations'` : If X shares are required, and more than X shares are
+`select_by: 'COMBINATIONS'` : If X shares are required, and more than X shares are
 provided, then all possible combinations of the threshold number of shares
 will be tried to see if the secret can be recreated.
 **Warning**
-This `combinations` flexibility comes with a cost. All combinations of
+This `COMBINATIONS` flexibility comes with a cost. All combinations of
 `threshold` shares must be generated before processing. Due to the math
 associated with combinations it is possible that the system would try to
 generate a number of combinations that could never be generated or processed
@@ -565,9 +565,9 @@ A great short read on this is
 ### Exception Handling
-Initial validation of options is done when the `TSS.split` or `TSS.combine`
-methods are called. If the arguments passed are of the wrong Type or value
-a `TSS::ArgumentError` Exception will be raised.
+Almost all methods in the program have strict contracts associated with them
+that enforce argument presence, types, and value boundaries. This contract checking
+is provided by the excellent Ruby [Contracts](https://egonschiele.github.io/contracts.ruby/) gem. If a contract violation occurs a `ParamContractError` Exception will be raised.
 The splitting and combining operations may also raise the following
 exception types:
@@ -583,7 +583,7 @@ All Exceptions should include hints as to what went wrong in the
 ### RTSS Binary
 TSS provides shares in a binary data format with the following fields, and
-by default this binary data is wrapped in a `'human'` text format:
+by default this binary data is wrapped in a `'HUMAN'` text format:
 `Identifier`. This field contains 16 octets. It identifies the secret
 with which a share is associated.  All of the shares associated
@@ -641,7 +641,7 @@ text wrapper around the RTSS binary data format is provided.
 Shares formatted this way can easily be shared via most any communication channel.
-The `human` data format is simply the same RTSS binary data, URL Safe Base64
+The `HUMAN` data format is simply the same RTSS binary data, URL Safe Base64
 encoded, and prefixed with a String thet contains tilde `~` separated elements.
 The `~` is used as it is compatible with the URL Safe data and the allowed
 characters in the rest of the human format string.
@@ -666,12 +666,16 @@ and Combining involves at least `num_shares**secret_bytes` operations so
 larger values can quickly result in huge processing time. If you need to
 split large secrets into a large number of shares you should consider
 running those operations in a background worker process or thread for
-best performance.
+best performance. For example a 64kb file split into 255 shares,
+with a threshold of 255 (the max for all three settings), can take
+20 minutes to split and another 20 minutes to combine using a modern CPU.
 A reasonable set of values seems to be what I'll call the 'rule of 64'. If you
 keep the `secret <= 64 Bytes`, the `threshold <= 64`, and the `num_shares <= 64`
-you can do a round-trip split and combine operation in `~250ms` on a modern
-laptop. These should be very reasonable and secure max values for most use cases.
+you can do a round-trip split and combine operation in `~250ms`. These should
+be very reasonable and secure max values for most use cases, even as part of a
+web request response cycle. Remember, its recommended to split encryption keys,
+not plaintext.
 There are some simple benchmark tests to exercise things with `rake bench`.

data/lib/tss/cli_combine.rb CHANGED Viewed

@@ -1,7 +1,5 @@
 require 'thor'
-# Command Line Interface (CLI)
-# See also, `bin/tss` executable.
 module TSS
   class CLI < Thor
     include Thor::Actions

data/lib/tss/cli_common.rb CHANGED Viewed

@@ -1,7 +1,5 @@
 require 'thor'
-# Command Line Interface (CLI)
-# See also, `bin/tss` executable.
 module TSS
   class CLI < Thor

data/lib/tss/cli_split.rb CHANGED Viewed

@@ -1,7 +1,5 @@
 require 'thor'
-# Command Line Interface (CLI)
-# See also, `bin/tss` executable.
 module TSS
   class CLI < Thor
     include Thor::Actions
@@ -10,7 +8,7 @@ module TSS
     method_option :num_shares, :aliases => '-n', :banner => 'num_shares', :type => :numeric, :desc => '# of shares total that will be generated'
     method_option :identifier, :aliases => '-i', :banner => 'identifier', :type => :string, :desc => 'A unique identifier string, 0-16 Bytes, [a-zA-Z0-9.-_]'
     method_option :hash_alg, :aliases => '-h', :banner => 'hash_alg', :type => :string, :desc => 'A hash type for verification, NONE, SHA1, SHA256'
-    method_option :format, :aliases => '-f', :banner => 'format', :type => :string, :default => 'human', :desc => 'Share output format, binary or human'
+    method_option :format, :aliases => '-f', :banner => 'format', :type => :string, :default => 'HUMAN', :desc => 'Share output format, BINARY or HUMAN'
     method_option :pad_blocksize, :aliases => '-p', :banner => 'pad_blocksize', :type => :numeric, :desc => 'Block size # secrets will be left-padded to, 0-255'
     method_option :input_file, :aliases => '-I', :banner => 'input_file', :type => :string, :desc => 'A filename to read the secret from'
     method_option :output_file, :aliases => '-O', :banner => 'output_file', :type => :string, :desc => 'A filename to write the shares to'
@@ -57,7 +55,7 @@ module TSS
       Example w/ options:
-      $ tss split -t 3 -n 6 -i abc123 -h SHA256 -p 8 -f human
+      $ tss split -t 3 -n 6 -i abc123 -h SHA256 -p 8 -f HUMAN
       Enter your secret:

data/lib/tss/cli_version.rb CHANGED Viewed

@@ -1,7 +1,5 @@
 require 'thor'
-# Command Line Interface (CLI)
-# See also, `bin/tss` executable.
 module TSS
   class CLI < Thor
     desc 'version', 'tss version'

data/lib/tss/combiner.rb CHANGED Viewed

@@ -1,5 +1,8 @@
 module TSS
-  # Combiner has responsibility for combining an Array of String shares back
+  # Warning, you probably don't want to use this directly. Instead
+  # see the TSS module.
+  #
+  # TSS::Combiner has responsibility for combining an Array of String shares back
   # into the original secret the shares were split from. It is also responsible
   # for doing extensive validation of user provided shares and ensuring
   # that any recovered secret matches the hash of the original secret.
@@ -11,15 +14,17 @@ module TSS
     attr_reader :shares, :select_by
-    Contract ({ :shares => C::ArrayOf[String], :select_by => C::Maybe[C::Enum['first', 'sample', 'combinations']] }) => C::Any
+    Contract ({ :shares => C::ArrayOfShares, :select_by => C::Maybe[C::SelectByArg] }) => C::Any
     def initialize(opts = {})
       # clone the incoming shares so the object passed to this
       # function doesn't get modified.
       @shares = opts.fetch(:shares).clone
-      raise TSS::ArgumentError, 'Invalid number of shares. Must be between 1 and 255' unless @shares.size.between?(1,255)
-      @select_by = opts.fetch(:select_by, 'first')
+      @select_by = opts.fetch(:select_by, 'FIRST')
     end
+    # Warning, you probably don't want to use this directly. Instead
+    # see the TSS module.
+    #
     # To reconstruct a secret from a set of shares, the following
     # procedure, or any equivalent method, is used:
     #
@@ -52,8 +57,11 @@ module TSS
     #
     #   The output string is returned (along with some metadata).
     #
+    #
+    # @return an Hash of combined secret attributes
+    # @raise [ParamContractError, TSS::ArgumentError] if the options Types or Values are invalid
     # rubocop:disable CyclomaticComplexity
-    Contract C::None => ({ :hash => C::Maybe[String], :hash_alg => C::Maybe[C::Enum['NONE', 'SHA1', 'SHA256']], :identifier => TSS::IdentifierArg, :process_time => C::Num, :secret => TSS::SecretArg, :threshold => TSS::ThresholdArg})
+    Contract C::None => ({ :hash => C::Maybe[String], :hash_alg => C::HashAlgArg, :identifier => C::IdentifierArg, :process_time => C::Num, :secret => C::SecretArg, :threshold => C::ThresholdArg})
     def combine
       # unwrap 'human' shares into binary shares
       if all_shares_appear_human?(shares)
@@ -70,9 +78,9 @@ module TSS
       # Select a subset of the shares provided using the chosen selection
       # method. If there are exactly the right amount of shares this is a no-op.
-      if select_by == 'first'
+      if select_by == 'FIRST'
         @shares = shares.shift(threshold)
-      elsif select_by == 'sample'
+      elsif select_by == 'SAMPLE'
         @shares = shares.sample(threshold)
       end
@@ -85,7 +93,7 @@ module TSS
       shares_bytes_have_valid_indexes!(shares_bytes)
-      if select_by == 'combinations'
+      if select_by == 'COMBINATIONS'
         share_combinations_mode_allowed!(hash_id)
         share_combinations_out_of_bounds!(shares, threshold)
@@ -107,7 +115,7 @@ module TSS
       # Return a Hash with the secret and metadata
       {
         hash: secret[:hash],
-        hash_alg: secret[:hash_alg].to_s,
+        hash_alg: secret[:hash_alg],
         identifier: identifier,
         process_time: ((Time.now - start_processing_time)*1000).round(2),
         secret: Util.bytes_to_utf8(secret[:secret]),
@@ -122,12 +130,12 @@ module TSS
     # and validate it against any one-way hash that was embedded in the shares
     # along with the secret.
     #
-    # @param hash_id [Integer] the ID of the one-way hash function to test with
-    # @param shares_bytes [Array<Array>] the shares as Byte Arrays to be evaluated
-    # @return [Array<Integer>] returns the secret as an Array of Bytes if it was recovered from the shares and validated
+    # @param hash_id the ID of the one-way hash function to test with
+    # @param shares_bytes the shares as Byte Arrays to be evaluated
+    # @return returns the secret as an Array of Bytes if it was recovered from the shares and validated
     # @raise [TSS::NoSecretError] if the secret was not able to be recovered (with no hash)
     # @raise [TSS::InvalidSecretHashError] if the secret was able to be recovered but the hash test failed
-    Contract C::Int, C::ArrayOf[C::ArrayOf[C::Num]] => ({ :secret => C::ArrayOf[C::Num], :hash => C::Maybe[String], :hash_alg => C::Enum[:NONE, :SHA1, :SHA256] })
+    Contract C::Int, C::ArrayOf[C::ArrayOf[C::Num]] => ({ :secret => C::ArrayOf[C::Num], :hash => C::Maybe[String], :hash_alg => C::HashAlgArg })
     def extract_secret_from_shares!(hash_id, shares_bytes)
       secret = []
@@ -172,8 +180,9 @@ module TSS
     # Strip off leading padding chars ("\u001F", decimal 31)
     #
-    # @param secret [Array<Integer>] the secret to be stripped
-    # @return [Array<Integer>,nil] returns the secret, stripped of the leading padding char
+    # @param secret the secret to be stripped
+    # @return returns the secret, stripped of the leading padding char
+    # @raise [ParamContractError] if secret appears invalid
     Contract C::ArrayOf[C::Num] => C::Maybe[Array]
     def strip_left_pad(secret)
       secret.shift while secret.first == 31
@@ -181,8 +190,9 @@ module TSS
     # Do all of the shares match the pattern expected of human style shares?
     #
-    # @param shares [Array<String>] the shares to be evaluated
-    # @return [true,false] returns true if all shares match the patterns, false if not
+    # @param shares the shares to be evaluated
+    # @return returns true if all shares match the patterns, false if not
+    # @raise [ParamContractError] if shares appear invalid
     Contract C::ArrayOf[String] => C::Bool
     def all_shares_appear_human?(shares)
       shares.all? do |s|
@@ -194,9 +204,9 @@ module TSS
     # Convert an Array of human style shares to binary style
     #
-    # @param shares [Array<String>] the shares to be converted
-    # @return [Array<String>] returns an Array of String shares in binary octet String format
-    # @raise [TSS::ArgumentError] if shares appear invalid
+    # @param shares the shares to be converted
+    # @return returns an Array of String shares in binary octet String format
+    # @raise [ParamContractError, TSS::ArgumentError] if shares appear invalid
     Contract C::ArrayOf[String] => C::ArrayOf[String]
     def convert_shares_human_to_binary(shares)
       shares.map do |s|
@@ -216,9 +226,9 @@ module TSS
     # Do all shares have a common Byte size? They are invalid if not.
     #
-    # @param shares [Array<String>] the shares to be evaluated
-    # @return [true] returns true if all shares have the same Byte size
-    # @raise [TSS::ArgumentError] if shares appear invalid
+    # @param shares the shares to be evaluated
+    # @return returns true if all shares have the same Byte size
+    # @raise [ParamContractError, TSS::ArgumentError] if shares appear invalid
     Contract C::ArrayOf[String] => C::Bool
     def shares_have_same_bytesize!(shares)
       shares.each do |s|
@@ -231,9 +241,9 @@ module TSS
     # Do all shares have a valid header and match each other? They are invalid if not.
     #
-    # @param shares [Array<String>] the shares to be evaluated
-    # @return [true] returns true if all shares have the same header
-    # @raise [TSS::ArgumentError] if shares appear invalid
+    # @param shares the shares to be evaluated
+    # @return returns true if all shares have the same header
+    # @raise [ParamContractError, TSS::ArgumentError] if shares appear invalid
     Contract C::ArrayOf[String] => C::Bool
     def shares_have_valid_headers!(shares)
       fh = Util.extract_share_header(shares.first)
@@ -253,9 +263,9 @@ module TSS
     # Do all shares have a the expected length? They are invalid if not.
     #
-    # @param shares [Array<String>] the shares to be evaluated
-    # @return [true] returns true if all shares have the same header
-    # @raise [TSS::ArgumentError] if shares appear invalid
+    # @param shares the shares to be evaluated
+    # @return returns true if all shares have the same header
+    # @raise [ParamContractError, TSS::ArgumentError] if shares appear invalid
     Contract C::ArrayOf[String] => C::Bool
     def shares_have_expected_length!(shares)
       shares.each do |s|
@@ -268,9 +278,9 @@ module TSS
     # Were enough shares provided to meet the threshold? They are invalid if not.
     #
-    # @param shares [Array<String>] the shares to be evaluated
-    # @return [true] returns true if there are enough shares
-    # @raise [TSS::ArgumentError] if shares appear invalid
+    # @param shares the shares to be evaluated
+    # @return returns true if there are enough shares
+    # @raise [ParamContractError, TSS::ArgumentError] if shares appear invalid
     Contract C::ArrayOf[String] => C::Bool
     def shares_meet_threshold_min!(shares)
       fh = Util.extract_share_header(shares.first)
@@ -283,8 +293,9 @@ module TSS
     # Were enough shares provided to meet the threshold? They are invalid if not.
     #
-    # @param shares [Array<String>] the shares to be evaluated
-    # @return [true] returns true if all tests pass
+    # @param shares the shares to be evaluated
+    # @return returns true if all tests pass
+    # @raise [ParamContractError] if shares appear invalid
     Contract C::ArrayOf[String] => C::Bool
     def validate_all_shares(shares)
       if shares_have_valid_headers!(shares) &&
@@ -299,9 +310,9 @@ module TSS
     # Do all the shares have a valid first-byte index? They are invalid if not.
     #
-    # @param shares_bytes [Array<Array>] the shares as Byte Arrays to be evaluated
-    # @return [true] returns true if there are enough shares
-    # @raise [TSS::ArgumentError] if shares appear invalid
+    # @param shares_bytes the shares as Byte Arrays to be evaluated
+    # @return returns true if there are enough shares
+    # @raise [ParamContractError, TSS::ArgumentError] if shares bytes appear invalid
     Contract C::ArrayOf[C::ArrayOf[C::Num]] => C::Bool
     def shares_bytes_have_valid_indexes!(shares_bytes)
       u = shares_bytes.map do |s|
@@ -320,9 +331,9 @@ module TSS
     # Is it valid to use combinations mode? Only when there is an embedded non-zero
     # hash_id Integer to test the results against. Invalid if not.
     #
-    # @param hash_id [Integer] the shares as Byte Arrays to be evaluated
-    # @return [true] returns true if OK to use combinations mode
-    # @raise [TSS::ArgumentError] if hash_id represents a non hashing type
+    # @param hash_id the shares as Byte Arrays to be evaluated
+    # @return returns true if OK to use combinations mode
+    # @raise [ParamContractError, TSS::ArgumentError] if hash_id represents a non hashing type
     Contract C::Int => C::Bool
     def share_combinations_mode_allowed!(hash_id)
       unless Hasher.codes_without_none.include?(hash_id)
@@ -340,16 +351,16 @@ module TSS
     # e.g. 255 total shares, with threshold of 128, results in # combinations of:
     # 2884329411724603169044874178931143443870105850987581016304218283632259375395
     #
-    # @param shares [Array<String>] the shares to be evaluated
-    # @param threshold [Integer] the threshold value set in the shares
-    # @param max_combinations [Integer] the max (1_000_000) number of combinations allowed
-    # @return [true] returns true if a reasonable number of combinations
-    # @raise [TSS::ArgumentError] if the number of possible combinations is unreasonably high
+    # @param shares the shares to be evaluated
+    # @param threshold the threshold value set in the shares
+    # @param max_combinations the max (1_000_000) number of combinations allowed
+    # @return returns true if a reasonable number of combinations
+    # @raise [ParamContractError, TSS::ArgumentError] if args are invalid or the number of possible combinations is unreasonably high
     Contract C::ArrayOf[String], C::Int, C::Int => C::Bool
     def share_combinations_out_of_bounds!(shares, threshold, max_combinations = 1_000_000)
       combinations = Util.calc_combinations(shares.size, threshold)
       if combinations > max_combinations
-        raise TSS::ArgumentError, "invalid options, too many combinations (#{Util.int_commas(combinations)})"
+        raise TSS::ArgumentError, "invalid options, too many combinations (#{combinations})"
       else
         return true
       end

data/lib/tss/custom_contracts.rb CHANGED Viewed

@@ -1,10 +1,23 @@
-module TSS
+module Contracts
   # Custom Contracts
   # See : https://egonschiele.github.io/contracts.ruby/
+  class ArrayOfShares
+    def self.valid? val
+      val.is_a?(Array) &&
+      val.length.between?(1,255) &&
+      Contracts::ArrayOf[String].valid?(val)
+    end
+    def self.to_s
+      'An Array of split secret shares'
+    end
+  end
   class SecretArg
     def self.valid? val
-      val.present? && val.is_a?(String) &&
+      val.is_a?(String) &&
       val.length.between?(1,65502) &&
       ['UTF-8', 'US-ASCII'].include?(val.encoding.name) &&
       val.slice(0) != "\u001F"
@@ -17,7 +30,6 @@ module TSS
   class ThresholdArg
     def self.valid? val
-      val.present? &&
       val.is_a?(Integer) &&
       val.between?(1,255)
     end
@@ -29,7 +41,6 @@ module TSS
   class NumSharesArg
     def self.valid? val
-      val.present? &&
       val.is_a?(Integer) &&
       val.between?(1,255)
     end
@@ -41,7 +52,6 @@ module TSS
   class IdentifierArg
     def self.valid? val
-      val.present? &&
       val.is_a?(String) &&
       val.length.between?(1,16) &&
       val =~ /^[a-zA-Z0-9\-\_\.]*$/i
@@ -52,9 +62,38 @@ module TSS
     end
   end
+  class HashAlgArg
+    def self.valid? val
+      Contracts::Enum['NONE', 'SHA1', 'SHA256'].valid?(val)
+    end
+    def self.to_s
+      'must be a uppercase String specifying the hash algorithm to use [NONE, SHA1, SHA256].'
+    end
+  end
+  class FormatArg
+    def self.valid? val
+      Contracts::Enum['BINARY', 'HUMAN'].valid?(val)
+    end
+    def self.to_s
+      'must be a uppercase String specifying the desired String share format [BINARY, HUMAN].'
+    end
+  end
+  class SelectByArg
+    def self.valid? val
+      Contracts::Enum['FIRST', 'SAMPLE', 'COMBINATIONS'].valid?(val)
+    end
+    def self.to_s
+      'must be a uppercase String specifying the desired way to sample shares provided [FIRST, SAMPLE, COMBINATIONS].'
+    end
+  end
   class PadBlocksizeArg
     def self.valid? val
-      val.present? &&
       val.is_a?(Integer) &&
       val.between?(0,255)
     end

data/lib/tss/hasher.rb CHANGED Viewed

@@ -5,15 +5,15 @@ module TSS
     include Contracts::Core
     C = Contracts
-    HASHES = { NONE: { code: 0, bytesize: 0, hasher: nil },
-               SHA1: { code: 1, bytesize: 20, hasher: Digest::SHA1 },
-               SHA256: { code: 2, bytesize: 32, hasher: Digest::SHA256 }}.freeze
+    HASHES = { 'NONE' => { code: 0, bytesize: 0, hasher: nil },
+               'SHA1' => { code: 1, bytesize: 20, hasher: Digest::SHA1 },
+               'SHA256' => { code: 2, bytesize: 32, hasher: Digest::SHA256 }}.freeze
     # Lookup the Symbol key for a Hash with the code.
     #
-    # @param code [Integer] the hash code to convert to a Symbol key
-    # @return [Symbol,nil] the hash key Symbol or nil if not found
-    Contract C::Int => C::Maybe[Symbol]
+    # @param code the hash code to convert to a Symbol key
+    # @return the hash key String or nil if not found
+    Contract C::Int => C::Maybe[C::HashAlgArg]
     def self.key_from_code(code)
       return nil unless Hasher.codes.include?(code)
       HASHES.each do |k, v|
@@ -23,16 +23,16 @@ module TSS
     # Lookup the hash code for the hash matching hash_key.
     #
-    # @param hash_key [Symbol, String] the hash key to convert to an Integer code
-    # @return [Integer] the hash key code
-    Contract C::Maybe[C::Enum['NONE', 'SHA1', 'SHA256'], C::Enum[:NONE, :SHA1, :SHA256]] => C::Maybe[C::Int]
+    # @param hash_key the hash key to convert to an Integer code
+    # @return the hash key code
+    Contract C::HashAlgArg => C::Maybe[C::Int]
     def self.code(hash_key)
-      HASHES[hash_key.upcase.to_sym][:code]
+      HASHES[hash_key][:code]
     end
     # Lookup all valid hash codes, including NONE.
     #
-    # @return [Array<Integer>] all hash codes including NONE
+    # @return all hash codes including NONE
     Contract C::None => C::ArrayOf[C::Int]
     def self.codes
       HASHES.map do |_k, v|
@@ -42,7 +42,7 @@ module TSS
     # All valid hash codes that actually do hashing, excluding NONE.
     #
-    # @return [Array<Integer>] all hash codes excluding NONE
+    # @return all hash codes excluding NONE
     Contract C::None => C::ArrayOf[C::Int]
     def self.codes_without_none
       HASHES.map do |_k, v|
@@ -52,49 +52,46 @@ module TSS
     # Lookup the size in Bytes for a specific hash_key.
     #
-    # @param hash_key [Symbol, String] the hash key to lookup
-    # @return [Integer] the size in Bytes for a specific hash_key
-    Contract C::Or[C::Enum['NONE', 'SHA1', 'SHA256'], C::Enum[:NONE, :SHA1, :SHA256]] => C::Int
+    # @param hash_key the hash key to lookup
+    # @return the size in Bytes for a specific hash_key
+    Contract C::HashAlgArg => C::Int
     def self.bytesize(hash_key)
-      HASHES[hash_key.to_sym][:bytesize]
+      HASHES[hash_key][:bytesize]
     end
     # Return a hexdigest hash for a String using hash_key hash algorithm.
-    # Returns '' if hash_key == :NONE
+    # Returns '' if hash_key == 'NONE'
     #
-    # @param hash_key [Symbol, String] the hash key to use to hash a String
-    # @param str [String] the String to hash
-    # @return [String] the hex digest for str
-    Contract C::Or[C::Enum['NONE', 'SHA1', 'SHA256'], C::Enum[:NONE, :SHA1, :SHA256]], String => String
+    # @param hash_key the hash key to use to hash a String
+    # @param str the String to hash
+    # @return the hex digest for str
+    Contract C::HashAlgArg, String => String
     def self.hex_string(hash_key, str)
-      hash_key = hash_key.upcase.to_sym
-      return '' if hash_key == :NONE
+      return '' if hash_key == 'NONE'
       HASHES[hash_key][:hasher].send(:hexdigest, str)
     end
     # Return a Byte String hash for a String using hash_key hash algorithm.
-    # Returns '' if hash_key == :NONE
+    # Returns '' if hash_key == 'NONE'
     #
-    # @param hash_key [Symbol, String] the hash key to use to hash a String
-    # @param str [String] the String to hash
-    # @return [String] the Byte String digest for str
-    Contract C::Or[C::Enum['NONE', 'SHA1', 'SHA256'], C::Enum[:NONE, :SHA1, :SHA256]], String => String
+    # @param hash_key the hash key to use to hash a String
+    # @param str the String to hash
+    # @return the Byte String digest for str
+    Contract C::HashAlgArg, String => String
     def self.byte_string(hash_key, str)
-      hash_key = hash_key.upcase.to_sym
-      return '' if hash_key == :NONE
+      return '' if hash_key == 'NONE'
       HASHES[hash_key][:hasher].send(:digest, str)
     end
     # Return a Byte Array hash for a String using hash_key hash algorithm.
-    # Returns [] if hash_key == :NONE
+    # Returns [] if hash_key == 'NONE'
     #
-    # @param hash_key [Symbol, String] the hash key to use to hash a String
-    # @param str [String] the String to hash
-    # @return [Array<Integer>] the Byte Array digest for str
-    Contract C::Or[C::Enum['NONE', 'SHA1', 'SHA256'], C::Enum[:NONE, :SHA1, :SHA256]], String => C::ArrayOf[C::Int]
+    # @param hash_key the hash key to use to hash a String
+    # @param str the String to hash
+    # @return the Byte Array digest for str
+    Contract C::HashAlgArg, String => C::ArrayOf[C::Int]
     def self.byte_array(hash_key, str)
-      hash_key = hash_key.upcase.to_sym
-      return [] if hash_key == :NONE
+      return [] if hash_key == 'NONE'
       HASHES[hash_key][:hasher].send(:digest, str).unpack('C*')
     end
   end

data/lib/tss/splitter.rb CHANGED Viewed

@@ -1,5 +1,8 @@
 module TSS
-  # Splitter has responsibility for splitting a secret into an Array of String shares.
+  # Warning, you probably don't want to use this directly. Instead
+  # see the TSS module.
+  #
+  # TSS::Splitter has responsibility for splitting a secret into an Array of String shares.
   class Splitter
     include Contracts::Core
     include Util
@@ -8,14 +11,14 @@ module TSS
     attr_reader :secret, :threshold, :num_shares, :identifier, :hash_alg, :format, :pad_blocksize
-    Contract ({ :secret => TSS::SecretArg, :threshold => C::Maybe[TSS::ThresholdArg], :num_shares => C::Maybe[TSS::NumSharesArg], :identifier => C::Maybe[TSS::IdentifierArg], :hash_alg => C::Maybe[C::Enum['NONE', 'SHA1', 'SHA256']], :format => C::Maybe[C::Enum['binary', 'human']], :pad_blocksize => C::Maybe[TSS::PadBlocksizeArg] }) => C::Any
+    Contract ({ :secret => C::SecretArg, :threshold => C::Maybe[C::ThresholdArg], :num_shares => C::Maybe[C::NumSharesArg], :identifier => C::Maybe[C::IdentifierArg], :hash_alg => C::Maybe[C::HashAlgArg], :format => C::Maybe[C::FormatArg], :pad_blocksize => C::Maybe[C::PadBlocksizeArg] }) => C::Any
     def initialize(opts = {})
       @secret = opts.fetch(:secret)
       @threshold = opts.fetch(:threshold, 3)
       @num_shares = opts.fetch(:num_shares, 5)
       @identifier = opts.fetch(:identifier, SecureRandom.hex(8))
       @hash_alg = opts.fetch(:hash_alg, 'SHA256')
-      @format = opts.fetch(:format, 'human')
+      @format = opts.fetch(:format, 'HUMAN')
       @pad_blocksize = opts.fetch(:pad_blocksize, 0)
     end
@@ -26,6 +29,9 @@ module TSS
                      'n', :share_len
                     ])
+    # Warning, you probably don't want to use this directly. Instead
+    # see the TSS module.
+    #
     # To split a secret into a set of shares, the following
     # procedure, or any equivalent method, is used:
     #
@@ -49,7 +55,9 @@ module TSS
     #   If the operation can not be completed successfully, then an error
     #   code should be returned.
     #
-    Contract C::None => C::ArrayOf[String]
+    # @return an Array of formatted String shares
+    # @raise [ParamContractError, TSS::ArgumentError] if the options Types or Values are invalid
+    Contract C::None => C::ArrayOfShares
     def split
       num_shares_not_less_than_threshold!(threshold, num_shares)
@@ -115,7 +123,7 @@ module TSS
         binary = (header + s.pack('C*')).force_encoding('ASCII-8BIT')
         # join with URL safe '~'
         human = ['tss', 'v1', identifier, threshold, Base64.urlsafe_encode64(binary)].join('~')
-        format == 'binary' ? binary : human
+        format == 'BINARY' ? binary : human
       end
       return shares
@@ -125,11 +133,11 @@ module TSS
     # The num_shares must be greater than or equal to the threshold or it is invalid.
     #
-    # @param threshold [Integer] the threshold value
-    # @param num_shares [Integer] the num_shares value
-    # @return [true] returns true if num_shares is >= threshold
-    # @raise [TSS::ArgumentError] if invalid
-    Contract TSS::ThresholdArg, TSS::NumSharesArg => C::Bool
+    # @param threshold the threshold value
+    # @param num_shares the num_shares value
+    # @return returns true if num_shares is >= threshold
+    # @raise [ParamContractError, TSS::ArgumentError] if invalid
+    Contract C::ThresholdArg, C::NumSharesArg => C::Bool
     def num_shares_not_less_than_threshold!(threshold, num_shares)
       if num_shares < threshold
         raise TSS::ArgumentError, "invalid num_shares, must be >= threshold (#{threshold})"
@@ -141,9 +149,9 @@ module TSS
     # The total Byte size of the secret, including padding and hash, must be
     # less than the max allowed Byte size or it is invalid.
     #
-    # @param secret_bytes [Array<Integer>] the Byte Array containing the secret
-    # @return [true] returns true if num_shares is >= threshold
-    # @raise [TSS::ArgumentError] if invalid
+    # @param secret_bytes the Byte Array containing the secret
+    # @return returns true if num_shares is >= threshold
+    # @raise [ParamContractError, TSS::ArgumentError] if invalid
     Contract C::ArrayOf[C::Int] => C::Bool
     def secret_bytes_is_smaller_than_max_size!(secret_bytes)
       if secret_bytes.size >= 65_535
@@ -155,12 +163,13 @@ module TSS
     # Construct a binary share header from its constituent parts.
     #
-    # @param identifier [String] the unique identifier String
-    # @param hash_alg [String] the hash algorithm String
-    # @param threshold [Integer] the threshold value
-    # @param share_len [Integer] the length of the share in Bytes
-    # @return [String] returns an octet String of Bytes containing the binary header
-    Contract TSS::IdentifierArg, C::Maybe[C::Enum['NONE', 'SHA1', 'SHA256']], TSS::ThresholdArg, C::Int => String
+    # @param identifier the unique identifier String
+    # @param hash_alg the hash algorithm String
+    # @param threshold the threshold value
+    # @param share_len the length of the share in Bytes
+    # @return returns an octet String of Bytes containing the binary header
+    # @raise [ParamContractError] if invalid
+    Contract C::IdentifierArg, C::HashAlgArg, C::ThresholdArg, C::Int => String
     def share_header(identifier, hash_alg, threshold, share_len)
       SHARE_HEADER_STRUCT.encode(identifier: identifier,
                                  hash_id: Hasher.code(hash_alg),

data/lib/tss/tss.rb CHANGED Viewed

@@ -60,7 +60,7 @@ module TSS
   #   to `SHA256`. The use of `NONE` is discouraged as it does not allow those
   #   who are recombining the shares to verify if they have in fact recovered
   #   the correct secret.
-  # @option opts [String] :format ('binary') the format of the String share output, 'binary' or 'human'
+  # @option opts [String] :format ('BINARY') the format of the String share output, 'BINARY' or 'HUMAN'
   # @option opts [Integer] :pad_blocksize (0) An integer representing the nearest multiple of Bytes
   #   to left pad the secret to. Defaults to not adding any padding (0). Padding
   #   is done with the "\u001F" character (decimal 31 in a Byte Array).
@@ -75,9 +75,9 @@ module TSS
   #   place. You would also need to manually remove the padding you added after
   #   the share is recombined, or instruct recipients to ignore it.
   #
-  # @return [Array<String>] an Array of String shares
+  # @return an Array of formatted String shares
   # @raise [ParamContractError, TSS::ArgumentError] if the options Types or Values are invalid
-  Contract ({ :secret => TSS::SecretArg, :threshold => C::Maybe[TSS::ThresholdArg], :num_shares => C::Maybe[TSS::NumSharesArg], :identifier => C::Maybe[TSS::IdentifierArg], :hash_alg => C::Maybe[C::Enum['NONE', 'SHA1', 'SHA256']], :format => C::Maybe[C::Enum['binary', 'human']], :pad_blocksize => C::Maybe[TSS::PadBlocksizeArg] }) => C::ArrayOf[String]
+  Contract ({ :secret => C::SecretArg, :threshold => C::Maybe[C::ThresholdArg], :num_shares => C::Maybe[C::NumSharesArg], :identifier => C::Maybe[C::IdentifierArg], :hash_alg => C::Maybe[C::HashAlgArg], :format => C::Maybe[C::FormatArg], :pad_blocksize => C::Maybe[C::PadBlocksizeArg] }) => C::ArrayOfShares
   def self.split(opts)
     TSS::Splitter.new(opts).split
   end
@@ -88,26 +88,26 @@ module TSS
   #
   # @param [Hash] opts the options to create a message with.
   # @option opts [Array<String>] :shares an Array of String shares to try to recombine into a secret
-  # @option opts [String] :select_by ('first') the method to use for selecting
+  # @option opts [String] :select_by ('FIRST') the method to use for selecting
   #   shares from the Array if more then threshold shares are provided. Can be
-  #   'first', 'sample', or 'combinations'.
+  #   upper case 'FIRST', 'SAMPLE', or 'COMBINATIONS'.
   #
   #   If the number of shares provided as input to the secret
   #   reconstruction operation is greater than the threshold M, then M
   #   of those shares are selected for use in the operation.  The method
   #   used to select the shares can be chosen using the following values:
   #
-  #   `first` : If X shares are required by the threshold and more than X
+  #   `FIRST` : If X shares are required by the threshold and more than X
   #   shares are provided, then the first X shares in the Array of shares provided
   #   will be used. All others will be discarded and the operation will fail if
   #   those selected shares cannot recreate the secret.
   #
-  #   `sample` : If X shares are required by the threshold and more than X
+  #   `SAMPLE` : If X shares are required by the threshold and more than X
   #   shares are provided, then X shares will be randomly selected from the Array
   #   of shares provided.  All others will be discarded and the operation will
   #   fail if those selected shares cannot recreate the secret.
   #
-  #   `combinations` : If X shares are required, and more than X shares are
+  #   `COMBINATIONS` : If X shares are required, and more than X shares are
   #   provided, then all possible combinations of the threshold number of shares
   #   will be tried to see if the secret can be recreated.
   #   This flexibility comes with a cost. All combinations of `threshold` shares
@@ -120,11 +120,11 @@ module TSS
   #   of combinations will be too large then the an Exception will be raised before
   #   processing has started.
   #
-  # @return [Hash] a Hash containing the ':secret' and other metadata
+  # @return a Hash containing the now combined secret and other metadata
   # @raise [TSS::NoSecretError] if the secret cannot be re-created from the shares provided
   # @raise [TSS::InvalidSecretHashError] if the embedded hash of the secret does not match the hash of the recreated secret
   # @raise [ParamContractError, TSS::ArgumentError] if the options Types or Values are invalid
-  Contract ({ :shares => C::ArrayOf[String], :select_by => C::Maybe[C::Enum['first', 'sample', 'combinations']] }) => ({ :hash => C::Maybe[String], :hash_alg => C::Enum['NONE', 'SHA1', 'SHA256'], :identifier => TSS::IdentifierArg, :process_time => C::Num, :secret => TSS::SecretArg, :threshold => TSS::ThresholdArg})
+  Contract ({ :shares => C::ArrayOfShares, :select_by => C::Maybe[C::SelectByArg] }) => ({ :hash => C::Maybe[String], :hash_alg => C::HashAlgArg, :identifier => C::IdentifierArg, :process_time => C::Num, :secret => C::SecretArg, :threshold => C::ThresholdArg})
   def self.combine(opts)
     TSS::Combiner.new(opts).combine
   end

data/lib/tss/util.rb CHANGED Viewed

@@ -217,8 +217,8 @@ module TSS
     # Convert a UTF-8 String to an Array of Bytes
     #
-    # @param str [String] a UTF-8 String to convert
-    # @return [Array<Integer>] an Array of Integer Bytes
+    # @param str a UTF-8 String to convert
+    # @return an Array of Integer Bytes
     Contract String => C::ArrayOf[C::Int]
     def self.utf8_to_bytes(str)
       str.bytes.to_a
@@ -226,8 +226,8 @@ module TSS
     # Convert an Array of Bytes to a UTF-8 String
     #
-    # @param bytes [Array<Integer>] an Array of Bytes to convert
-    # @return [String] a UTF-8 String
+    # @param bytes an Array of Bytes to convert
+    # @return a UTF-8 String
     Contract C::ArrayOf[C::Int] => String
     def self.bytes_to_utf8(bytes)
       bytes.pack('C*').force_encoding('utf-8')
@@ -235,8 +235,8 @@ module TSS
     # Convert an Array of Bytes to a hex String
     #
-    # @param bytes [Array<Integer>] an Array of Bytes to convert
-    # @return [String] a hex String
+    # @param bytes an Array of Bytes to convert
+    # @return a hex String
     Contract C::ArrayOf[C::Int] => String
     def self.bytes_to_hex(bytes)
       hex = ''
@@ -246,8 +246,8 @@ module TSS
     # Convert a hex String to an Array of Bytes
     #
-    # @param str [String] a hex String to convert
-    # @return [Array<Integer>] an Array of Integer Bytes
+    # @param str a hex String to convert
+    # @return an Array of Integer Bytes
     Contract String => C::ArrayOf[C::Int]
     def self.hex_to_bytes(str)
       [str].pack('H*').unpack('C*')
@@ -255,8 +255,8 @@ module TSS
     # Convert a hex String to a UTF-8 String
     #
-    # @param hex [String] a hex String to convert
-    # @return [String] a UTF-8 String
+    # @param hex a hex String to convert
+    # @return a UTF-8 String
     Contract String => String
     def self.hex_to_utf8(hex)
       bytes_to_utf8(hex_to_bytes(hex))
@@ -264,8 +264,8 @@ module TSS
     # Convert a UTF-8 String to a hex String
     #
-    # @param str [String] a UTF-8 String to convert
-    # @return [String] a hex String
+    # @param str a UTF-8 String to convert
+    # @return a hex String
     Contract String => String
     def self.utf8_to_hex(str)
       bytes_to_hex(utf8_to_bytes(str))
@@ -273,10 +273,10 @@ module TSS
     # Left pad a String with pad_char in multiples of byte_multiple
     #
-    # @param byte_multiple [Integer] pad in blocks of this size
-    # @param input_string [String] the String to pad
-    # @param pad_char [String] the String to pad with
-    # @return [String] a padded String
+    # @param byte_multiple pad in blocks of this size
+    # @param input_string the String to pad
+    # @param pad_char the String to pad with
+    # @return a padded String
     Contract C::Int, String, String => String
     def self.left_pad(byte_multiple, input_string, pad_char = "\u001F")
       return input_string if byte_multiple == 0
@@ -290,30 +290,33 @@ module TSS
     #   https://github.com/rack/rack/blob/master/lib/rack/utils.rb
     #
     #   NOTE: the values compared should be of fixed length, such as strings
-    #   that have already been processed by HMAC. This should not be used
+    #   that have already been hashed. This should not be used
     #   on variable length plaintext strings because it could leak length info
-    #   via timing attacks. The user provided value should always be passed
-    #   in as the second parameter so as not to leak info about the secret.
+    #   via timing attacks.
     #
-    # @param a [String] the private value
-    # @param b [String] the user provided value
-    # @return [true, false] whether the strings match or not
+    #   The user provided value should always be passed in as the second
+    #   parameter so as not to leak info about the secret.
+    #
+    # @param a the private value
+    # @param b the user provided value
+    # @return whether the strings match or not
     Contract String, String => C::Bool
     def self.secure_compare(a, b)
       return false unless a.bytesize == b.bytesize
+      ah = Digest::SHA256.hexdigest(a)
+      bh = Digest::SHA256.hexdigest(b)
-      l = a.unpack('C*')
+      l = ah.unpack('C*')
       r, i = 0, -1
-      b.each_byte { |v| r |= v ^ l[i+=1] }
+      bh.each_byte { |v| r |= v ^ l[i+=1] }
       r == 0
     end
     # Extract the header data from a binary share.
     # Extra "\x00" padding in the identifier will be removed.
     #
-    # @param share [String] a binary octet share
-    # @return [Hash] header attributes
+    # @param share a binary octet share
+    # @return header attributes
     Contract String => Hash
     def self.extract_share_header(share)
       h = Splitter::SHARE_HEADER_STRUCT.decode(share)
@@ -323,8 +326,8 @@ module TSS
     # Calculate the factorial for an Integer.
     #
-    # @param n [Integer] the Integer to calculate for
-    # @return [Integer] the factorial of n
+    # @param n the Integer to calculate for
+    # @return the factorial of n
     Contract C::Int => C::Int
     def self.factorial(n)
       (1..n).reduce(:*) || 1
@@ -340,22 +343,12 @@ module TSS
     # * http://chriscontinanza.com/2010/10/29/Array.html
     # * http://stackoverflow.com/questions/2434503/ruby-factorial-function
     #
-    # @param n [Integer] the total number of shares
-    # @param r [Integer] the threshold number of shares
-    # @return [Integer] the number of possible combinations
+    # @param n the total number of shares
+    # @param r the threshold number of shares
+    # @return the number of possible combinations
     Contract C::Int, C::Int => C::Int
     def self.calc_combinations(n, r)
       factorial(n) / (factorial(r) * factorial(n - r))
     end
-    # Converts an Integer into a delimiter separated String.
-    #
-    # @param n [Integer] an Integer to convert
-    # @param delimiter [String] the String to delimit n in three Integer groups
-    # @return [String] the object converted into a comma separated String.
-    Contract C::Int, String => String
-    def self.int_commas(n, delimiter = ',')
-      n.to_s.reverse.gsub(%r{([0-9]{3}(?=([0-9])))}, "\\1#{delimiter}").reverse
-    end
   end
 end

data/lib/tss/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module TSS
-  VERSION = '0.3.0'.freeze
+  VERSION = '0.4.0'.freeze
 end

data/tss.gemspec CHANGED Viewed

@@ -60,4 +60,5 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'coveralls', '~> 0.8'
   spec.add_development_dependency 'coco', '~> 0.14'
   spec.add_development_dependency 'wwtd', '~> 1.3'
+  spec.add_development_dependency 'yard-contracts', '~> 0.1'
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: tss
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.4.0
 platform: ruby
 authors:
 - Glenn Rempe
@@ -30,7 +30,7 @@ cert_chain:
   zieXiXZSAojfFx9g91fKdIrlPbInHU/BaCxXSLBwvOM0drE+c2ue9X8gB55XAhzX
   37oBiw==
   -----END CERTIFICATE-----
-date: 2016-09-24 00:00:00.000000000 Z
+date: 2016-09-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: sysrandom
@@ -186,6 +186,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: yard-contracts
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
 description: |2
       Threshold Secret Sharing (TSS) provides a way to generate N shares
       from a value, so that any M of those shares can be used to

metadata.gz.sig CHANGED Viewed

@@ -1,2 +1,4 @@
-/<���MeK+T���'��2r�|Z���	�4��rdm��KO8�Mz��/�b,�)>u
-hW_�<����hu;��s��܂��R��r1+b�����>t���s雝X'�~�y����l�K{3�e�fs���\0q�J��I?c@�XIu��a:�뻭uR����Q��L�7m/���q���0;�'}�]Ѵ�R��ij��W/I=��u�Ch�(��H���ԇ^�X[��~��´��h�:��E_���^).,l
+H��P��
+�jT�*�O��0��k"��~�	���{�9B�O��pf_�ݤCKf���
+����f�#}�T�$߽h<����B,A�8�2H���
+V���S}ͷ[�Q4���,V������/����t�"#I���3ދ��΢�,����7��p�/Sq�UƦI0�Q�%8y&;�j�F4ؐң�y@��,;>O��Z��٨3xmO\���cԟ'�3��ӓ8�jC�X�9���.�^0�����B��3�u����