u2f 0.0.0 → 0.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 75a50469828893782345c5b90dfc2bf0272fa3c2
-  data.tar.gz: 466e51009f4f2c670302d67930fc66e33c80c49d
+  metadata.gz: 047cac5bb30fd3ec7ab0d032ae465e6d9e9cadc0
+  data.tar.gz: 041fe8a755ec15ddd949523f61ed0863d646aae5
 SHA512:
-  metadata.gz: a412287c1b11d1c85d966a3a7e68dfb7da43c7df73da08f67f06b1ace63dc28bfde8a83fcb6a9d6c748cecf4243552986d0abce203718f317add402c171cb3b0
-  data.tar.gz: e761c7a2a0a04de96a2008342fa6a6fc33d04fb743d327691df51a0f3dd13a12d86aa411ac1f88ae4eb99bbe3e7350099d4ff342663cce5846a520af2f0fef12
+  metadata.gz: 829483f4451930d2eb42bab1f95b68b8c96b128b9068079592074c4f4e3365bc920c9f5e0539a534091ce253a19f375ef7521de2e35ae206f57d2b0dded41fa5
+  data.tar.gz: 43719723ce28854b37528e208cf5bdfe8d2ed69479e088af45c41388b46c3ab4a2c34b17ba3b5b1c6812e77b5d355360216d3929e54320562604c59dea0fc735

data/README.md

@@ -1,3 +1,206 @@
 # Ruby U2F
 
-Work in progress.
+[![Gem Version](https://badge.fury.io/rb/u2f.png)](http://badge.fury.io/rb/u2f)
+[![Build Status](https://travis-ci.org/userbin/ruby-u2f.png)](https://travis-ci.org/userbin/ruby-u2f)
+[![Code Climate](https://codeclimate.com/github/userbin/ruby-u2f/badges/gpa.svg)](https://codeclimate.com/github/userbin/ruby-u2f)
+[![Coverage Status](https://img.shields.io/coveralls/userbin/ruby-u2f.svg)](https://coveralls.io/r/userbin/ruby-u2f)
+[![security](https://hakiri.io/github/userbin/ruby-u2f/master.svg)](https://hakiri.io/github/userbin/ruby-u2f/master)
+
+Provides functionality for working with the server side aspects of the U2F
+protocol as defined in the [FIDO specifications](http://fidoalliance.org/specifications/download). To read more about U2F and how to use a U2F library, visit [developers.yubico.com/U2F](http://developers.yubico.com/U2F).
+
+## What is U2F?
+
+U2F is an open 2-factor authentication standard that enables keychain devices, mobile phones and other devices to securely access any number of web-based services — instantly and with no drivers or client software needed. The U2F specifications were initially developed by Google, with contribution from Yubico and NXP, and are today hosted by the [FIDO Alliance](https://fidoalliance.org/).
+
+## Working example application
+
+Check out the [example](https://github.com/userbin/ruby-u2f/tree/master/example) directory for a fully working Padrino server demonstrating U2F.
+
+## Installation
+
+Add the `u2f` gem to your `Gemfile`
+
+```ruby
+gem 'u2f'
+```
+
+Currently, you need Google Chrome and the [FIDO U2F extension](https://chrome.google.com/webstore/detail/fido-u2f-universal-2nd-fa/pfboblefjcgdjicmnffhdgionmgcdmne) to enable U2F. To access the extension’s JavaScript API, add the script to the `<head>` section.
+
+```html
+<script src="chrome-extension://pfboblefjcgdjicmnffhdgionmgcdmne/u2f-api.js"></script>
+```
+
+## Usage
+
+The U2F library has two major tasks:
+
+- **Register** new devices.
+- **Authenticate** previously registered devices.
+
+Each task starts by generating a challenge on the server, which is rendered to a web view, read by the browser API:s and transmitted to the plugged in U2F devices for verification. The U2F device responds and triggers a callback in the browser, and a form is posted back to your server where you verify the challenge and store the U2F device information to your database.
+
+You'll need an instance of `U2F:U2F`, which is conveniently placed in an [instance method](https://github.com/userbin/ruby-u2f/blob/master/example/app/helpers/helpers.rb) on the controller. The initializer takes an **App ID** as argument.
+
+```ruby
+def u2f
+  @u2f ||= U2F::U2F.new(request.base_url)
+end
+```
+
+**Important:** A U2F client (e.g. Chrome) will compare the App ID with the current URI, so make sure it's the right format including schema and port, e.g. `https://demo.example.com:3000`. Check out the [App ID specification](https://developers.yubico.com/U2F/App_ID.html) for more details.
+
+### Registration
+
+Generate the requests which will be sent to the U2F device.
+
+```ruby
+# registrations_controller.rb
+def new
+  # Generate one for each version of U2F, currently only `U2F_V2`
+  @registration_requests = u2f.registration_requests
+
+  # Store challenges. We need them for the verification step
+  session[:challenges] = @registration_requests.map(&:challenge)
+
+  # Fetch existing Registrations from your db and generate SignRequests
+  key_handles = Registration.map(&:key_handle)
+  @sign_requests = u2f.authentication_requests(key_handles)
+
+  render 'registrations/new'
+end
+```
+
+Render a form that will be automatically posted when the U2F device reponds.
+
+```html
+<!-- registrations/new.html -->
+<form action="/registrations" method="post">
+  <input type="hidden" name="response">
+</form>
+```
+
+```javascript
+// render requests from server into Javascript format
+var registerRequests = <%= @registration_requests.to_json.html_safe %>;
+var signRequests = <%= @sign_requests.to_json.html_safe %>;
+
+u2f.register(registerRequests, signRequests, function(registerResponse) {
+  var form, reg;
+
+  if (registerResponse.errorCode) {
+    return alert("Registration error: " + registerResponse.errorCode);
+  }
+
+  form = document.forms[0];
+  response = document.querySelector('[name=response]');
+
+  response.value = JSON.stringify(registerResponse);
+
+  form.submit();
+});
+```
+
+Catch the response on your server, verify it, and store a reference to it in your database.
+
+```ruby
+# registrations_controller.rb
+def create
+  response = U2F::RegisterResponse.load_from_json(params[:response])
+
+  reg = begin
+    u2f.register!(session[:challenges], response)
+  rescue U2F::Error => e
+    return "Unable to register: <%= e.class.name %>"
+  ensure
+    session.delete(:challenges)
+  end
+
+  # save a reference to your database
+  Registration.create!(certificate: reg.certificate,
+                       key_handle:  reg.key_handle,
+                       public_key:  reg.public_key,
+                       counter:     reg.counter)
+
+  'Registered!'
+end
+```
+
+### Authentication
+
+Generate the requests which will be sent to the U2F device.
+
+```ruby
+# authentications_controller.rb
+def new
+  # Fetch existing Registrations from your db
+  key_handles = Registration.map(&:key_handle)
+  return 'Need to register first' if key_handles.empty?
+
+  # Generate SignRequests
+  @sign_requests = u2f.authentication_requests(key_handles)
+
+  # Store challenges. We need them for the verification step
+  session[:challenges] = @sign_requests.map(&:challenge)
+
+  render 'authentications/new'
+end
+```
+
+Render a form that will be automatically posted when the U2F device reponds.
+
+```html
+<!-- registrations/new.html -->
+<form action="/authentications" method="post">
+  <input type="hidden" name="response">
+</form>
+```
+
+```javascript
+// render requests from server into Javascript format
+var signRequests = <%= @sign_requests.to_json.html_safe %>;
+
+u2f.sign(signRequests, function(signResponse) {
+  var form, reg;
+
+  if (signResponse.errorCode) {
+    return alert("Authentication error: " + signResponse.errorCode);
+  }
+
+  form = document.forms[0];
+  response = document.querySelector('[name=response]');
+
+  response.value = JSON.stringify(signResponse);
+
+  form.submit();
+});
+```
+
+Catch the response on your server, verify it, and bump the counter in your database reference.
+
+```ruby
+# authentications_controller.rb
+def create
+  response = U2F::SignResponse.load_from_json(params[:response])
+
+  registration = Registration.first(key_handle: response.key_handle)
+  return 'Need to register first' unless registration
+
+  begin
+    u2f.authenticate!(session[:challenges], response,
+                      registration.public_key, registration.counter)
+  rescue U2F::Error => e
+    return "Unable to authenticate: <%= e.class.name %>"
+  ensure
+    session.delete(:challenges)
+  end
+
+  registration.update(counter: response.counter)
+
+  'Authenticated!'
+end
+```
+
+## License
+
+MIT License. Copyright (c) 2014 by Johan Brissmyr and Sebastian Wallin

data/lib/u2f.rb

@@ -1,2 +1,17 @@
+require 'base64'
+require 'json'
+require 'openssl'
+
+require 'u2f/client_data'
+require 'u2f/collection'
+require 'u2f/errors'
+require 'u2f/request_base'
+require 'u2f/register_request'
+require 'u2f/register_response'
+require 'u2f/registration'
+require 'u2f/sign_request'
+require 'u2f/sign_response'
+require 'u2f/u2f'
+
 module U2F
 end

data/lib/u2f/client_data.rb

@@ -0,0 +1,26 @@
+module U2F
+  ##
+  # A representation of ClientData, chapter 7
+  # http://fidoalliance.org/specs/fido-u2f-raw-message-formats-v1.0-rd-20141008.pdf
+  class ClientData
+    attr_accessor :typ, :challenge, :origin
+    alias_method :type, :typ
+
+    def registration?
+      typ == 'navigator.id.finishEnrollment'
+    end
+
+    def authentication?
+      typ == 'navigator.id.getAssertion'
+    end
+
+    def self.load_from_json(json)
+      client_data = ::JSON.parse(json)
+      instance = new
+      instance.typ = client_data['typ']
+      instance.challenge = client_data['challenge']
+      instance.origin = client_data['origin']
+      instance
+    end
+  end
+end

data/lib/u2f/collection.rb

@@ -0,0 +1,11 @@
+module U2F
+  class Collection < Array
+    def initialize(array)
+      super([*array])
+    end
+
+    def to_json
+      "[#{map { |a| a.to_json }.join(',')}]"
+    end
+  end
+end

data/lib/u2f/errors.rb

@@ -0,0 +1,14 @@
+module U2F
+  class Error < StandardError;end
+  class UnmatchedChallengeError < Error; end
+  class ClientDataTypeError < Error; end
+  class PublicKeyDecodeError < Error; end
+  class AttestationDecodeError < Error; end
+  class AttestationVerificationError < Error; end
+  class AttestationSignatureError < Error; end
+  class NoMatchingRequestError < Error; end
+  class NoMatchingRegistrationError < Error; end
+  class CounterToLowError < Error; end
+  class AuthenticationFailedError < Error; end
+  class UserNotPresentError < Error;end
+end

data/lib/u2f/register_request.rb

@@ -0,0 +1,10 @@
+module U2F
+  class RegisterRequest
+    include RequestBase
+
+    def initialize(challenge, app_id)
+      @challenge = challenge
+      @app_id = app_id
+    end
+  end
+end

data/lib/u2f/register_response.rb

@@ -0,0 +1,134 @@
+module U2F
+  ##
+  # Representation of a U2F registration response.
+  # See chapter 4.3:
+  # http://fidoalliance.org/specs/fido-u2f-raw-message-formats-v1.0-rd-20141008.pdf
+  class RegisterResponse
+    attr_accessor :client_data, :client_data_json, :registration_data_raw
+
+    PUBLIC_KEY_OFFSET = 1
+    PUBLIC_KEY_LENGTH = 65
+    KEY_HANDLE_LENGTH_LENGTH = 1
+    KEY_HANDLE_LENGTH_OFFSET = PUBLIC_KEY_OFFSET + PUBLIC_KEY_LENGTH
+    KEY_HANDLE_OFFSET = KEY_HANDLE_LENGTH_OFFSET + KEY_HANDLE_LENGTH_LENGTH
+
+    def self.load_from_json(json)
+      # TODO: validate
+      data = JSON.parse(json)
+      instance = new
+      instance.client_data_json =
+        Base64.urlsafe_decode64(data['clientData'])
+      instance.client_data =
+        ClientData.load_from_json(instance.client_data_json)
+      instance.registration_data_raw =
+        Base64.urlsafe_decode64(data['registrationData'])
+      instance
+    end
+
+    ##
+    # The attestation certificate in Base64 encoded X.509 DER format
+    def certificate
+      Base64.strict_encode64(certificate_raw)
+    end
+
+    ##
+    # Length of the attestation certificate
+    def certificate_length
+      # http://en.wikipedia.org/wiki/Abstract_Syntax_Notation_One#Example_encoded_in_DER
+      #
+      # Do some quick parsing of the certificate DER format.
+      # First bytes (TLV) could be ex:
+      # T 0x30: SEQUENCE Tag
+      # L 0x82: Length (2 length bytes)
+      #   0x02 0xe2: Two bytes indicated by the L byte.
+      #              Makes up the data length 738 (which makes 742 in total)
+
+      t_byte = certificate_bytes(0)
+
+      fail AttestationDecodeError unless t_byte == "\x30"
+
+      l_byte = certificate_bytes(1).unpack('c').first # 8-bit signed integer
+      # If the L-byte has MSB set to 1 (ie. < 0) the value will tell how many
+      # following bytes is used to describe the total length. Otherwise it will
+      # describe the data length
+      # http://msdn.microsoft.com/en-us/library/windows/desktop/bb648641(v=vs.85).aspx
+
+      nbr_length_bytes = 0
+      cert_length = if l_byte < 0
+        nbr_length_bytes = l_byte + 0x80 # last 7-bits is the number of bytes
+        length_bytes = certificate_bytes(2, nbr_length_bytes).unpack('C*')
+        length_bytes.reverse.each_with_index.inject(0) do |sum, (val, idx)|
+          sum + (val << (8*idx))
+        end
+      else
+        l_byte
+      end
+
+      cert_length + nbr_length_bytes + 2 # Make up for the T and L bytes them selves
+    end
+
+    ##
+    # The attestation certificate in X.509 DER format
+    def certificate_raw
+      certificate_bytes(0, certificate_length)
+    end
+
+    ##
+    # Returns the key handle from registration data, URL safe base64 encoded
+    def key_handle
+      Base64.urlsafe_encode64(key_handle_raw)
+    end
+
+    def key_handle_raw
+      registration_data_raw.byteslice(KEY_HANDLE_OFFSET, key_handle_length)
+    end
+
+    ##
+    # Returns the length of the key handle, extracted from the registration data
+    def key_handle_length
+      registration_data_raw.byteslice(KEY_HANDLE_LENGTH_OFFSET).unpack('C').first
+    end
+
+    ##
+    # Returns the public key, extracted from the registration data
+    def public_key
+      # Base64 encode without linefeeds
+      Base64.strict_encode64(public_key_raw)
+    end
+
+    def public_key_raw
+      registration_data_raw.byteslice(PUBLIC_KEY_OFFSET, PUBLIC_KEY_LENGTH)
+    end
+
+    ##
+    # Returns the signature, extracted from the registration data
+    def signature
+      registration_data_raw.byteslice(
+        (KEY_HANDLE_OFFSET + key_handle_length + certificate_length)..-1)
+    end
+
+    ##
+    # Verifies the registration data agains the app id
+    def verify(app_id)
+      # Chapter 4.3 in
+      # http://fidoalliance.org/specs/fido-u2f-raw-message-formats-v1.0-rd-20141008.pdf
+      data = [
+        "\x00",
+        Digest::SHA256.digest(app_id),
+        Digest::SHA256.digest(client_data_json),
+        key_handle_raw,
+        public_key_raw
+      ].join
+
+      cert = OpenSSL::X509::Certificate.new(certificate_raw)
+      cert.public_key.verify(OpenSSL::Digest::SHA256.new, signature, data)
+    end
+
+    private
+
+    def certificate_bytes(offset, length = 1)
+      base_offset = KEY_HANDLE_OFFSET + key_handle_length
+      registration_data_raw.byteslice(base_offset + offset, length)
+    end
+  end
+end

data/lib/u2f/registration.rb

@@ -0,0 +1,16 @@
+module U2F
+  ##
+  # A representation of a registered U2F device
+  class Registration
+    attr_accessor :key_handle, :public_key, :certificate, :counter
+    def initialize(key_handle, public_key, certificate)
+      @key_handle = key_handle
+      @public_key = public_key
+      @certificate = certificate
+    end
+
+    def counter
+      @counter.nil? ? 0 : @counter
+    end
+  end
+end

data/lib/u2f/request_base.rb

@@ -0,0 +1,21 @@
+module U2F
+  module RequestBase
+    attr_accessor :version, :challenge, :app_id
+
+    def as_json
+      {
+        version: version,
+        challenge: challenge,
+        appId: app_id
+      }
+    end
+
+    def to_json
+      ::JSON.dump(as_json)
+    end
+
+    def version
+      'U2F_V2'
+    end
+  end
+end

data/lib/u2f/sign_request.rb

@@ -0,0 +1,16 @@
+module U2F
+  class SignRequest
+    include RequestBase
+    attr_accessor :key_handle
+
+    def initialize(key_handle, challenge, app_id)
+      @key_handle = key_handle
+      @challenge = challenge
+      @app_id = app_id
+    end
+
+    def as_json
+      super.merge(keyHandle: key_handle)
+    end
+  end
+end

data/lib/u2f/sign_response.rb

@@ -0,0 +1,52 @@
+module U2F
+  class SignResponse
+    attr_accessor :client_data, :client_data_json, :key_handle, :signature_data
+
+    def self.load_from_json(json)
+      data = ::JSON.parse(json)
+      instance = new
+      instance.client_data_json =
+        Base64.urlsafe_decode64(data['clientData'])
+      instance.client_data =
+        ClientData.load_from_json(instance.client_data_json)
+      instance.key_handle = data['keyHandle']
+      instance.signature_data =
+        Base64.urlsafe_decode64(data['signatureData'])
+      instance
+    end
+
+    ##
+    # Counter value that the U2F token increments every time it performs an
+    # authentication operation
+    def counter
+      signature_data[1..4].unpack('N').first
+    end
+
+    ##
+    # signature is to be verified using the public key obtained during
+    # registration.
+    def signature
+      signature_data.byteslice(5..-1)
+    end
+
+    ##
+    # If user presence was verified
+    def user_present?
+      signature_data[0].unpack('C').first == 1
+    end
+
+    ##
+    # Verifies the response against an app id and the public key of the
+    # registered device
+    def verify(app_id, public_key_pem)
+      data = [
+        Digest::SHA256.digest(app_id),
+        signature_data.byteslice(0, 5),
+        Digest::SHA256.digest(client_data_json)
+      ].join
+
+      public_key = OpenSSL::PKey.read(public_key_pem)
+      public_key.verify(OpenSSL::Digest::SHA256.new, signature, data)
+    end
+  end
+end

data/lib/u2f/u2f.rb

@@ -0,0 +1,113 @@
+module U2F
+  class U2F
+    attr_accessor :app_id
+    def initialize(app_id)
+      @app_id = app_id
+    end
+
+    ##
+    # Generate data to be sent to the U2F device before authenticating
+    def authentication_requests(key_handles)
+      key_handles = [key_handles] unless key_handles.is_a? Array
+      sign_requests = key_handles.map do |key_handle|
+        SignRequest.new(key_handle, challenge, app_id)
+      end
+      Collection.new(sign_requests)
+    end
+
+    ##
+    # Authenticate a response from the U2F device
+    def authenticate!(challenges, response, registration_public_key,
+                      registration_counter)
+      # Handle both single and Array input
+      challenges = [challenges] unless challenges.is_a? Array
+
+      # TODO: check that it's the correct key_handle as well
+      unless challenges.include?(response.client_data.challenge)
+        fail NoMatchingRequestError
+      end
+
+      fail ClientDataTypeError unless response.client_data.authentication?
+
+      pem = U2F.public_key_pem(registration_public_key)
+
+      fail AuthenticationFailedError unless response.verify(app_id, pem)
+
+      fail UserNotPresentError unless response.user_present?
+
+      unless response.counter > registration_counter
+        fail CounterToLowError
+      end
+    end
+
+    ##
+    # Generates a 32 byte long random U2F challenge
+    def challenge
+      Base64.urlsafe_encode64(SecureRandom.random_bytes(32))
+    end
+
+    ##
+    # Generate data to be used when registering a U2F device
+    def registration_requests
+      # TODO: generate a request for each supported version
+      Collection.new(RegisterRequest.new(challenge, @app_id))
+    end
+
+    ##
+    # Authenticate the response from the U2F device when registering
+    # Returns a registration object
+    def register!(challenges, response)
+      challenges = [challenges] unless challenges.is_a? Array
+      challenge = challenges.detect do |chg|
+        chg == response.client_data.challenge
+      end
+
+      fail UnmatchedChallengeError unless challenge
+
+      fail ClientDataTypeError unless response.client_data.registration?
+
+      # Validate public key
+      U2F.public_key_pem(response.public_key_raw)
+
+      unless U2F.validate_certificate(response.certificate_raw)
+        fail AttestationVerificationError
+      end
+
+      fail AttestationSignatureError unless response.verify(app_id)
+
+      registration = Registration.new(
+        response.key_handle,
+        response.public_key,
+        response.certificate
+      )
+      registration
+    end
+
+    ##
+    # Convert a binary public key to PEM format
+    def self.public_key_pem(key)
+      fail PublicKeyDecodeError unless key.length == 65 || key[0] == "\x04"
+      # http://tools.ietf.org/html/rfc5480
+      der = OpenSSL::ASN1::Sequence([
+        OpenSSL::ASN1::Sequence([
+          OpenSSL::ASN1::ObjectId('1.2.840.10045.2.1'),  # id-ecPublicKey
+          OpenSSL::ASN1::ObjectId('1.2.840.10045.3.1.7') # secp256r1
+        ]),
+        OpenSSL::ASN1::BitString(key)
+      ]).to_der
+
+      pem = "-----BEGIN PUBLIC KEY-----\r\n" +
+            Base64.strict_encode64(der).scan(/.{1,64}/).join("\r\n") +
+            "\r\n-----END PUBLIC KEY-----"
+      pem
+    end
+
+    def self.validate_certificate(certificate_raw)
+      # TODO
+      return true
+      # cacert = OpenSSL::X509::Certificate.new()
+      # cert = OpenSSL::X509::Certificate.new(certificate_raw)
+      # cert.verify(cacert.public_key)
+    end
+  end
+end

data/lib/version.rb

@@ -1,3 +1,3 @@
 module U2F
-  VERSION = "0.0.0"
+  VERSION = "0.0.1"
 end

data/spec/lib/client_data_spec.rb

@@ -0,0 +1,39 @@
+require 'spec_helper.rb'
+
+describe U2F::ClientData do
+  let(:type) { '' }
+  let(:registration_type) { 'navigator.id.finishEnrollment' }
+  let(:authentication_type) { 'navigator.id.getAssertion' }
+
+  let(:client_data) do
+    cd = U2F::ClientData.new
+    cd.typ = type
+    cd
+  end
+
+  describe '#registration?' do
+    subject { client_data.registration? }
+    context 'for correct type' do
+      let(:type) { registration_type }
+      it { is_expected.to be_truthy }
+    end
+
+    context 'for incorrect type' do
+      let(:type) { authentication_type }
+      it { is_expected.to be_falsey }
+    end
+  end
+
+  describe '#authentication?' do
+    subject { client_data.authentication? }
+    context 'for correct type' do
+      let(:type) { authentication_type }
+      it { is_expected.to be_truthy }
+    end
+
+    context 'for incorrect type' do
+      let(:type) { registration_type }
+      it { is_expected.to be_falsey }
+    end
+  end
+end

data/spec/lib/collection_spec.rb

@@ -0,0 +1,20 @@
+require 'spec_helper'
+
+describe U2F::Collection do
+  let(:collection) { U2F::Collection.new(input) }
+  describe '#to_json' do
+    subject { collection.to_json }
+    context 'with single object' do
+      let(:input) { 'one' }
+      it do
+        is_expected.to match_json_expression(['one'])
+      end
+    end
+    context 'with single object' do
+      let(:input) { ['one', 'two'] }
+      it do
+        is_expected.to match_json_expression(['one', 'two'])
+      end
+    end
+  end
+end

data/spec/lib/register_request_spec.rb

@@ -0,0 +1,21 @@
+require 'spec_helper'
+
+describe U2F::RegisterRequest do
+  let(:app_id) { 'http://example.com' }
+  let(:challenge) { 'fEnc9oV79EaBgK5BoNERU5gPKM2XGYWrz4fUjgc0Q7g' }
+
+  let(:sign_request) do
+    U2F::RegisterRequest.new(challenge, app_id)
+  end
+
+  describe '#to_json' do
+    subject { sign_request.to_json }
+    it do
+      is_expected.to match_json_expression(
+        version: String,
+        appId: String,
+        challenge: String
+      )
+    end
+  end
+end

data/spec/lib/register_response_spec.rb

@@ -0,0 +1,57 @@
+require 'spec_helper.rb'
+
+describe U2F::RegisterResponse do
+  let(:key_handle) do
+    'CTUayZo8hCBeC-sGQJChC0wW-bBg99bmOlGCgw8XGq4dLsxO3yWh9mRYArZxocP5hBB1pEGB3bbJYiM-5acc5w=='
+  end
+  let(:public_key) do
+    'BC0SaFZWC9uH7wamOwduP93kUH2I2hEvyY0Srfj4A258pZSlV0iPoFIH+bd4yhncaqdoPLdEDl5Y/yaFORPUe3c='
+  end
+  let(:certificate) do
+    'MIIC4jCBywIBATANBgkqhkiG9w0BAQsFADAdMRswGQYDVQQDExJZdWJpY28gVTJGIFRlc3QgQ0EwHhcNMTQwNTE1MTI1ODU0WhcNMTQwNjE0MTI1ODU0WjAdMRswGQYDVQQDExJZdWJpY28gVTJGIFRlc3QgRUUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATbCtv1IcdczmPcpuHoJQYNlOYnVBlPnSSvJhq+rZlEH5WjcZEKOiDnPpFeE+i+OAV61XqjfnaQj6/iipS2MOudMA0GCSqGSIb3DQEBCwUAA4ICAQCVQGtQYX2thKO064gP4zAPLaIKANklBO5y+mffWFEPC0cCnD5BKUqTrCmFiS2keoEyKFdxAe+oQogWljeR1d/gj8k8jbDNiXCC7HnTxnhzKTLlq2y9Vp/VRZHOwd2NZNzpnB9ePNKvUaWCGK/gN+cynnYFdwJ75iSgMVYb/RnFcdPwnsBzBU68hbhTnu/FvJxWo7rZJ2q7qXpA10eLVXJr4/4oSXEk9I/0IIHqOP98Ck/fAoI5gYI7ygndyqoPJ/Wkg1VsmjmbFToWY9xb+axbvPefvg+KojwxE6MySMpYh/h7oKEKamCWk19dJp5jHQmumkHlvQhH/uUJmyD9EuLmQH+6SmEzZg0Oc9uw1aKamhcNNDCFakJGnv80j1+HbDXnqE0168FBqorS2hmqeaJfNSyg/SXT950lGC36tLy7BzQ8jYG99Ok32znp0UVbIEEvLSci3JJ0ipLVg/0J+xOb4zl6a1z65nae4OTj7628/UJFmtSU0X6Np9gF1dNizxXPlH0fW1ggRCCQcb5m6ZqrdDJwUx1p7Ydm9AlPyiUwwmN5ADyxmzk/AOCoiO96UVvnvUlk2kF7JMNxIv3R0SCzP5fTl7KqGByeA3d7W375o6DWIIEsOI+dJd7pyPXdakecZQRaVubC6/ICl+G52OEkdp8jYjkDS8j3NAdJ1udNmg=='
+  end
+  let(:registration_data_json) do
+    '{ "registrationData": "BQQtEmhWVgvbh-8GpjsHbj_d5FB9iNoRL8mNEq34-ANufKWUpVdIj6BSB_m3eMoZ3GqnaDy3RA5eWP8mhTkT1Ht3QAk1GsmaPIQgXgvrBkCQoQtMFvmwYPfW5jpRgoMPFxquHS7MTt8lofZkWAK2caHD-YQQdaRBgd22yWIjPuWnHOcwggLiMIHLAgEBMA0GCSqGSIb3DQEBCwUAMB0xGzAZBgNVBAMTEll1YmljbyBVMkYgVGVzdCBDQTAeFw0xNDA1MTUxMjU4NTRaFw0xNDA2MTQxMjU4NTRaMB0xGzAZBgNVBAMTEll1YmljbyBVMkYgVGVzdCBFRTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABNsK2_Uhx1zOY9ym4eglBg2U5idUGU-dJK8mGr6tmUQflaNxkQo6IOc-kV4T6L44BXrVeqN-dpCPr-KKlLYw650wDQYJKoZIhvcNAQELBQADggIBAJVAa1Bhfa2Eo7TriA_jMA8togoA2SUE7nL6Z99YUQ8LRwKcPkEpSpOsKYWJLaR6gTIoV3EB76hCiBaWN5HV3-CPyTyNsM2JcILsedPGeHMpMuWrbL1Wn9VFkc7B3Y1k3OmcH1480q9RpYIYr-A35zKedgV3AnvmJKAxVhv9GcVx0_CewHMFTryFuFOe78W8nFajutknarupekDXR4tVcmvj_ihJcST0j_Qggeo4_3wKT98CgjmBgjvKCd3Kqg8n9aSDVWyaOZsVOhZj3Fv5rFu895--D4qiPDETozJIyliH-HugoQpqYJaTX10mnmMdCa6aQeW9CEf-5QmbIP0S4uZAf7pKYTNmDQ5z27DVopqaFw00MIVqQkae_zSPX4dsNeeoTTXrwUGqitLaGap5ol81LKD9JdP3nSUYLfq0vLsHNDyNgb306TfbOenRRVsgQS8tJyLcknSKktWD_Qn7E5vjOXprXPrmdp7g5OPvrbz9QkWa1JTRfo2n2AXV02LPFc-UfR9bWCBEIJBxvmbpmqt0MnBTHWnth2b0CU_KJTDCY3kAPLGbOT8A4KiI73pRW-e9SWTaQXskw3Ei_dHRILM_l9OXsqoYHJ4Dd3tbfvmjoNYggSw4j50l3unI9d1qR5xlBFpW5sLr8gKX4bnY4SR2nyNiOQNLyPc0B0nW502aMEUCIQDTGOX-i_QrffJDY8XvKbPwMuBVrOSO-ayvTnWs_WSuDQIgZ7fMAvD_Ezyy5jg6fQeuOkoJi8V2naCtzV-HTly8Nww=", "clientData": "eyAiY2hhbGxlbmdlIjogInlLQTB4MDc1dGpKLUdFN2ZLVGZuelRPU2FOVU9XUXhSZDlUV3o1YUZPZzgiLCAib3JpZ2luIjogImh0dHA6XC9cL2RlbW8uZXhhbXBsZS5jb20iLCAidHlwIjogIm5hdmlnYXRvci5pZC5maW5pc2hFbnJvbGxtZW50IiB9" }'
+  end
+
+  let(:app_id) { 'http://demo.example.com' }
+  let(:challenge) { 'yKA0x075tjJ-GE7fKTfnzTOSaNUOWQxRd9TWz5aFOg8' }
+
+  let(:registration_request) { U2F::RegisterRequest.new(challenge, app_id) }
+
+  let(:register_response) do
+    U2F::RegisterResponse.load_from_json(registration_data_json)
+  end
+
+  describe '#certificate' do
+    subject { register_response.certificate }
+    it { is_expected.to eq certificate }
+  end
+
+  describe '#client_data' do
+    context 'challenge' do
+      subject { register_response.client_data.challenge }
+      it { is_expected.to eq challenge }
+    end
+  end
+
+  describe '#key_handle' do
+    subject { register_response.key_handle }
+    it { is_expected.to eq key_handle }
+  end
+
+  describe '#key_handle_length' do
+    subject { register_response.key_handle_length }
+    it { is_expected.to eq Base64.urlsafe_decode64(key_handle).length }
+  end
+
+  describe '#public_key' do
+    subject { register_response.public_key }
+    it { is_expected.to eq public_key }
+  end
+
+  describe '#verify' do
+    subject { register_response.verify(app_id) }
+    it { is_expected.to be_truthy }
+  end
+end

data/spec/lib/sign_request_spec.rb

@@ -0,0 +1,24 @@
+require 'spec_helper'
+
+describe U2F::SignRequest do
+  let(:app_id) { 'http://example.com' }
+  let(:challenge) { 'fEnc9oV79EaBgK5BoNERU5gPKM2XGYWrz4fUjgc0Q7g' }
+  let(:key_handle) do
+    'CTUayZo8hCBeC-sGQJChC0wW-bBg99bmOlGCgw8XGq4dLsxO3yWh9mRYArZxocP5hBB1pEGB3bbJYiM-5acc5w=='
+  end
+  let(:sign_request) do
+    U2F::SignRequest.new(key_handle, challenge, app_id)
+  end
+
+  describe '#to_json' do
+    subject { sign_request.to_json }
+    it do
+      is_expected.to match_json_expression(
+        version: String,
+        appId: String,
+        challenge: String,
+        keyHandle: String
+      )
+    end
+  end
+end

data/spec/lib/sign_response_spec.rb

@@ -0,0 +1,20 @@
+require 'spec_helper.rb'
+
+describe U2F::SignResponse do
+  let(:json_response) do
+    '{ "signatureData": "AQAAAAQwRQIhAI6FSrMD3KUUtkpiP0jpIEakql-HNhwWFngyw553pS1CAiAKLjACPOhxzZXuZsVO8im-HStEcYGC50PKhsGp_SUAng==", "clientData": "eyAiY2hhbGxlbmdlIjogImZFbmM5b1Y3OUVhQmdLNUJvTkVSVTVnUEtNMlhHWVdyejRmVWpnYzBRN2ciLCAib3JpZ2luIjogImh0dHA6XC9cL2RlbW8uZXhhbXBsZS5jb20iLCAidHlwIjogIm5hdmlnYXRvci5pZC5nZXRBc3NlcnRpb24iIH0=", "keyHandle": "CTUayZo8hCBeC-sGQJChC0wW-bBg99bmOlGCgw8XGq4dLsxO3yWh9mRYArZxocP5hBB1pEGB3bbJYiM-5acc5w==" }'
+  end
+  let(:sign_response) do
+    U2F::SignResponse.load_from_json json_response
+  end
+
+  describe '#counter' do
+    subject { sign_response.counter }
+    it { is_expected.to be 4 }
+  end
+
+  describe '#user_present?' do
+    subject { sign_response.user_present? }
+    it { is_expected.to be true }
+  end
+end

data/spec/lib/u2f_spec.rb

@@ -0,0 +1,129 @@
+require 'spec_helper'
+
+describe U2F do
+  let(:app_id) { 'http://demo.example.com' }
+  let(:u2f) { U2F::U2F.new(app_id) }
+  let(:challenge) { 'fEnc9oV79EaBgK5BoNERU5gPKM2XGYWrz4fUjgc0Q7g' }
+  let(:key_handle) do
+    'CTUayZo8hCBeC-sGQJChC0wW-bBg99bmOlGCgw8XGq4dLsxO3yWh9mRYArZxocP5hBB1pEGB3bbJYiM-5acc5w=='
+  end
+  let(:certificate) do
+    "MIIC4jCBywIBATANBgkqhkiG9w0BAQsFADAdMRswGQYDVQQDExJZdWJpY28gVTJGIFRlc3QgQ0EwHhcNMTQwNTE1MTI1ODU0WhcNMTQwNjE0MTI1ODU0WjAdMRswGQYDVQQDExJZdWJpY28gVTJGIFRlc3QgRUUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATbCtv1IcdczmPcpuHoJQYNlOYnVBlPnSSvJhq+rZlEH5WjcZEKOiDnPpFeE+i+OAV61XqjfnaQj6\/iipS2MOudMA0GCSqGSIb3DQEBCwUAA4ICAQCVQGtQYX2thKO064gP4zAPLaIKANklBO5y+mffWFEPC0cCnD5BKUqTrCmFiS2keoEyKFdxAe+oQogWljeR1d\/gj8k8jbDNiXCC7HnTxnhzKTLlq2y9Vp\/VRZHOwd2NZNzpnB9ePNKvUaWCGK\/gN+cynnYFdwJ75iSgMVYb\/RnFcdPwnsBzBU68hbhTnu\/FvJxWo7rZJ2q7qXpA10eLVXJr4\/4oSXEk9I\/0IIHqOP98Ck\/fAoI5gYI7ygndyqoPJ\/Wkg1VsmjmbFToWY9xb+axbvPefvg+KojwxE6MySMpYh\/h7oKEKamCWk19dJp5jHQmumkHlvQhH\/uUJmyD9EuLmQH+6SmEzZg0Oc9uw1aKamhcNNDCFakJGnv80j1+HbDXnqE0168FBqorS2hmqeaJfNSyg\/SXT950lGC36tLy7BzQ8jYG99Ok32znp0UVbIEEvLSci3JJ0ipLVg\/0J+xOb4zl6a1z65nae4OTj7628\/UJFmtSU0X6Np9gF1dNizxXPlH0fW1ggRCCQcb5m6ZqrdDJwUx1p7Ydm9AlPyiUwwmN5ADyxmzk\/AOCoiO96UVvnvUlk2kF7JMNxIv3R0SCzP5fTl7KqGByeA3d7W375o6DWIIEsOI+dJd7pyPXdakecZQRaVubC6\/ICl+G52OEkdp8jYjkDS8j3NAdJ1udNmg=="
+  end
+  let(:registration_data_json) do
+    '{ "registrationData": "BQQtEmhWVgvbh-8GpjsHbj_d5FB9iNoRL8mNEq34-ANufKWUpVdIj6BSB_m3eMoZ3GqnaDy3RA5eWP8mhTkT1Ht3QAk1GsmaPIQgXgvrBkCQoQtMFvmwYPfW5jpRgoMPFxquHS7MTt8lofZkWAK2caHD-YQQdaRBgd22yWIjPuWnHOcwggLiMIHLAgEBMA0GCSqGSIb3DQEBCwUAMB0xGzAZBgNVBAMTEll1YmljbyBVMkYgVGVzdCBDQTAeFw0xNDA1MTUxMjU4NTRaFw0xNDA2MTQxMjU4NTRaMB0xGzAZBgNVBAMTEll1YmljbyBVMkYgVGVzdCBFRTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABNsK2_Uhx1zOY9ym4eglBg2U5idUGU-dJK8mGr6tmUQflaNxkQo6IOc-kV4T6L44BXrVeqN-dpCPr-KKlLYw650wDQYJKoZIhvcNAQELBQADggIBAJVAa1Bhfa2Eo7TriA_jMA8togoA2SUE7nL6Z99YUQ8LRwKcPkEpSpOsKYWJLaR6gTIoV3EB76hCiBaWN5HV3-CPyTyNsM2JcILsedPGeHMpMuWrbL1Wn9VFkc7B3Y1k3OmcH1480q9RpYIYr-A35zKedgV3AnvmJKAxVhv9GcVx0_CewHMFTryFuFOe78W8nFajutknarupekDXR4tVcmvj_ihJcST0j_Qggeo4_3wKT98CgjmBgjvKCd3Kqg8n9aSDVWyaOZsVOhZj3Fv5rFu895--D4qiPDETozJIyliH-HugoQpqYJaTX10mnmMdCa6aQeW9CEf-5QmbIP0S4uZAf7pKYTNmDQ5z27DVopqaFw00MIVqQkae_zSPX4dsNeeoTTXrwUGqitLaGap5ol81LKD9JdP3nSUYLfq0vLsHNDyNgb306TfbOenRRVsgQS8tJyLcknSKktWD_Qn7E5vjOXprXPrmdp7g5OPvrbz9QkWa1JTRfo2n2AXV02LPFc-UfR9bWCBEIJBxvmbpmqt0MnBTHWnth2b0CU_KJTDCY3kAPLGbOT8A4KiI73pRW-e9SWTaQXskw3Ei_dHRILM_l9OXsqoYHJ4Dd3tbfvmjoNYggSw4j50l3unI9d1qR5xlBFpW5sLr8gKX4bnY4SR2nyNiOQNLyPc0B0nW502aMEUCIQDTGOX-i_QrffJDY8XvKbPwMuBVrOSO-ayvTnWs_WSuDQIgZ7fMAvD_Ezyy5jg6fQeuOkoJi8V2naCtzV-HTly8Nww=", "clientData": "eyAiY2hhbGxlbmdlIjogInlLQTB4MDc1dGpKLUdFN2ZLVGZuelRPU2FOVU9XUXhSZDlUV3o1YUZPZzgiLCAib3JpZ2luIjogImh0dHA6XC9cL2RlbW8uZXhhbXBsZS5jb20iLCAidHlwIjogIm5hdmlnYXRvci5pZC5maW5pc2hFbnJvbGxtZW50IiB9" }'
+  end
+  let(:public_key) do
+    Base64.urlsafe_decode64("BC0SaFZWC9uH7wamOwduP93kUH2I2hEvyY0Srfj4A258pZSlV0iPoFIH+bd4yhncaqdoPLdEDl5Y\/yaFORPUe3c=")
+  end
+  let(:json_response) do
+    '{ "signatureData": "AQAAAAQwRQIhAI6FSrMD3KUUtkpiP0jpIEakql-HNhwWFngyw553pS1CAiAKLjACPOhxzZXuZsVO8im-HStEcYGC50PKhsGp_SUAng==", "clientData": "eyAiY2hhbGxlbmdlIjogImZFbmM5b1Y3OUVhQmdLNUJvTkVSVTVnUEtNMlhHWVdyejRmVWpnYzBRN2ciLCAib3JpZ2luIjogImh0dHA6XC9cL2RlbW8uZXhhbXBsZS5jb20iLCAidHlwIjogIm5hdmlnYXRvci5pZC5nZXRBc3NlcnRpb24iIH0=", "keyHandle": "CTUayZo8hCBeC-sGQJChC0wW-bBg99bmOlGCgw8XGq4dLsxO3yWh9mRYArZxocP5hBB1pEGB3bbJYiM-5acc5w==" }'
+  end
+  let(:registration) do
+    U2F::Registration.new(key_handle, public_key, certificate)
+  end
+  let(:register_response) do
+    U2F::RegisterResponse.load_from_json(registration_data_json)
+  end
+  let(:response) do
+    U2F::SignResponse.load_from_json json_response
+  end
+  let(:sign_request) do
+    U2F::SignRequest.new(key_handle, challenge, app_id)
+  end
+
+  describe '#authentication_requests' do
+    let(:requests) { u2f.authentication_requests(key_handle) }
+    it 'returns an array of requests' do
+      expect(requests).to be_an Array
+      requests.each { |r| expect(r).to be_a U2F::SignRequest }
+    end
+  end
+
+  describe '#authenticate!' do
+    let(:counter) { registration.counter }
+    let(:reg_public_key) { registration.public_key }
+    let (:u2f_authenticate) do
+      u2f.authenticate!(challenge, response, reg_public_key, counter)
+    end
+    context 'with correct parameters' do
+      it 'does not raise an error' do
+        expect { u2f_authenticate }.to_not raise_error
+      end
+    end
+
+    context 'with incorrect challenge' do
+      let(:challenge) { 'incorrect' }
+      it 'raises NoMatchingRequestError' do
+        expect { u2f_authenticate }.to raise_error(U2F::NoMatchingRequestError)
+      end
+    end
+
+    context 'with incorrect counter' do
+      let(:counter) { 1000 }
+      it 'raises CounterToLowError' do
+        expect { u2f_authenticate }.to raise_error(U2F::CounterToLowError)
+      end
+    end
+    context 'with incorrect counter' do
+      let(:reg_public_key) { "\x00" }
+      it 'raises CounterToLowError' do
+        expect { u2f_authenticate }.to raise_error(U2F::PublicKeyDecodeError)
+      end
+    end
+  end
+
+  describe '#registration_requests' do
+    let(:requests) { u2f.registration_requests }
+    it 'returns an array of requests' do
+      expect(requests).to be_an Array
+      requests.each { |r| expect(r).to be_a U2F::RegisterRequest }
+    end
+  end
+
+  describe '#register!' do
+    let(:challenge) { 'yKA0x075tjJ-GE7fKTfnzTOSaNUOWQxRd9TWz5aFOg8' }
+    context 'with correct registration data' do
+      it 'returns a registration' do
+        reg = nil
+        expect {
+          reg = u2f.register!(challenge, register_response)
+        }.to_not raise_error
+        expect(reg.key_handle).to eq key_handle
+      end
+
+      it 'accepts an array of challenges' do
+        reg = u2f.register!(['another-challenge', challenge], register_response)
+        expect(reg).to be_a U2F::Registration
+      end
+    end
+
+    context 'with unknown challenge' do
+      let(:challenge) { 'non-matching' }
+      it 'raises an UnmatchedChallengeError' do
+        expect {
+          u2f.register!(challenge, register_response)
+        }.to raise_error(U2F::UnmatchedChallengeError)
+      end
+    end
+  end
+
+  describe '::public_key_pem' do
+    context 'with correct key' do
+      it 'wraps the result' do
+        pem = U2F::U2F.public_key_pem public_key
+        expect(pem).to start_with '-----BEGIN PUBLIC KEY-----'
+        expect(pem).to end_with '-----END PUBLIC KEY-----'
+      end
+    end
+
+    context 'with incorrect key' do
+      let(:public_key) { Base64.urlsafe_decode64('NW5jdzdnODV3dm9nNzU4d2duNTd3') }
+      it 'fails when key is to short' do
+        expect {
+          U2F::U2F.public_key_pem public_key
+        }.to raise_error(U2F::PublicKeyDecodeError)
+      end
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,5 @@
+require 'coveralls'
+Coveralls.wear!
+
+require 'json_expressions/rspec'
+require 'u2f'

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: u2f
 version: !ruby/object:Gem::Version
-  version: 0.0.0
+  version: 0.0.1
 platform: ruby
 authors:
 - Johan Brissmyr
@@ -9,8 +9,22 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-10-31 00:00:00.000000000 Z
+date: 2014-11-05 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -25,6 +39,48 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: json_expressions
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: coveralls
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: U2F library
 email:
 - brissmyr@gmail.com
@@ -35,7 +91,25 @@ extra_rdoc_files: []
 files:
 - README.md
 - lib/u2f.rb
+- lib/u2f/client_data.rb
+- lib/u2f/collection.rb
+- lib/u2f/errors.rb
+- lib/u2f/register_request.rb
+- lib/u2f/register_response.rb
+- lib/u2f/registration.rb
+- lib/u2f/request_base.rb
+- lib/u2f/sign_request.rb
+- lib/u2f/sign_response.rb
+- lib/u2f/u2f.rb
 - lib/version.rb
+- spec/lib/client_data_spec.rb
+- spec/lib/collection_spec.rb
+- spec/lib/register_request_spec.rb
+- spec/lib/register_response_spec.rb
+- spec/lib/sign_request_spec.rb
+- spec/lib/sign_response_spec.rb
+- spec/lib/u2f_spec.rb
+- spec/spec_helper.rb
 homepage: https://github.com/userbin/ruby-u2f
 licenses:
 - MIT
@@ -60,4 +134,12 @@ rubygems_version: 2.2.2
 signing_key: 
 specification_version: 4
 summary: U2F library
-test_files: []
+test_files:
+- spec/lib/client_data_spec.rb
+- spec/lib/collection_spec.rb
+- spec/lib/register_request_spec.rb
+- spec/lib/register_response_spec.rb
+- spec/lib/sign_request_spec.rb
+- spec/lib/sign_response_spec.rb
+- spec/lib/u2f_spec.rb
+- spec/spec_helper.rb