u2f 0.2.1 → 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +3 -3
- data/lib/u2f/register_request.rb +10 -3
- data/lib/u2f/request_base.rb +1 -9
- data/lib/u2f/sign_request.rb +5 -4
- data/lib/u2f/sign_response.rb +6 -1
- data/lib/u2f/u2f.rb +4 -6
- data/lib/version.rb +1 -1
- data/spec/lib/register_request_spec.rb +2 -4
- data/spec/lib/register_response_spec.rb +1 -1
- data/spec/lib/sign_request_spec.rb +2 -6
- data/spec/lib/u2f_spec.rb +1 -1
- metadata +12 -12
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 6e0ab3b3eb230926d60ba6c8d81cae756f87c600
|
4
|
+
data.tar.gz: 45249dfefef68ba3b21eb10701fdcbfdb50ed48b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ecca8a5e02031e7d14698436aacecf61d6b615051128685f64c16546ad86e63cd9e52536cee122af66721696c28bbb9d028582078c92f42045479277ca70d0e3
|
7
|
+
data.tar.gz: 6062a5d9a6de64b7e9ff2c602ff46f51329a9950eb408702117f8de45dc135476ed37f609829b2288566ba5a254f9cb31efaff9eb4c02a3b06bdf791eb583595
|
data/README.md
CHANGED
@@ -38,9 +38,9 @@ The U2F library has two major tasks:
|
|
38
38
|
- **Register** new devices.
|
39
39
|
- **Authenticate** previously registered devices.
|
40
40
|
|
41
|
-
Each task starts by generating a challenge on the server, which is rendered to a web view, read by the browser
|
41
|
+
Each task starts by generating a challenge on the server, which is rendered to a web view, read by the browser APIs and transmitted to the plugged in U2F devices for verification. The U2F device responds and triggers a callback in the browser, and a form is posted back to your server where you verify the challenge and store the U2F device information to your database.
|
42
42
|
|
43
|
-
You'll need an instance of `U2F
|
43
|
+
You'll need an instance of `U2F::U2F`, which is conveniently placed in an [instance method](https://github.com/castle/ruby-u2f/blob/master/example/app/helpers/helpers.rb) on the controller. The initializer takes an **App ID** as argument.
|
44
44
|
|
45
45
|
```ruby
|
46
46
|
def u2f
|
@@ -188,7 +188,7 @@ def create
|
|
188
188
|
|
189
189
|
begin
|
190
190
|
u2f.authenticate!(session[:challenges], response,
|
191
|
-
Base64.decode64(registration.public_key),
|
191
|
+
Base64.decode64(registration.public_key),
|
192
192
|
registration.counter)
|
193
193
|
rescue U2F::Error => e
|
194
194
|
return "Unable to authenticate: <%= e.class.name %>"
|
data/lib/u2f/register_request.rb
CHANGED
@@ -1,10 +1,17 @@
|
|
1
1
|
module U2F
|
2
2
|
class RegisterRequest
|
3
3
|
include RequestBase
|
4
|
+
attr_accessor :challenge
|
4
5
|
|
5
|
-
def initialize(challenge
|
6
|
+
def initialize(challenge)
|
6
7
|
@challenge = challenge
|
7
|
-
|
8
|
+
end
|
9
|
+
|
10
|
+
def as_json(options = {})
|
11
|
+
{
|
12
|
+
version: version,
|
13
|
+
challenge: challenge
|
14
|
+
}
|
8
15
|
end
|
9
16
|
end
|
10
|
-
end
|
17
|
+
end
|
data/lib/u2f/request_base.rb
CHANGED
@@ -1,14 +1,6 @@
|
|
1
1
|
module U2F
|
2
2
|
module RequestBase
|
3
|
-
attr_accessor :version
|
4
|
-
|
5
|
-
def as_json(options = {})
|
6
|
-
{
|
7
|
-
version: version,
|
8
|
-
challenge: challenge,
|
9
|
-
appId: app_id
|
10
|
-
}
|
11
|
-
end
|
3
|
+
attr_accessor :version
|
12
4
|
|
13
5
|
def to_json(options = {})
|
14
6
|
::JSON.pretty_generate(as_json, options)
|
data/lib/u2f/sign_request.rb
CHANGED
@@ -3,14 +3,15 @@ module U2F
|
|
3
3
|
include RequestBase
|
4
4
|
attr_accessor :key_handle
|
5
5
|
|
6
|
-
def initialize(key_handle
|
6
|
+
def initialize(key_handle)
|
7
7
|
@key_handle = key_handle
|
8
|
-
@challenge = challenge
|
9
|
-
@app_id = app_id
|
10
8
|
end
|
11
9
|
|
12
10
|
def as_json(options = {})
|
13
|
-
|
11
|
+
{
|
12
|
+
version: version,
|
13
|
+
keyHandle: key_handle
|
14
|
+
}
|
14
15
|
end
|
15
16
|
end
|
16
17
|
end
|
data/lib/u2f/sign_response.rb
CHANGED
@@ -29,10 +29,15 @@ module U2F
|
|
29
29
|
signature_data.byteslice(5..-1)
|
30
30
|
end
|
31
31
|
|
32
|
+
# Bit 0 being set to 1 indicates that the user is present. A different value
|
33
|
+
# of Bit 0, as well as Bits 1 through 7, are reserved for future use.
|
34
|
+
USER_PRESENCE_MASK = 0b00000001
|
35
|
+
|
32
36
|
##
|
33
37
|
# If user presence was verified
|
34
38
|
def user_present?
|
35
|
-
signature_data.byteslice(0).unpack('C').first
|
39
|
+
byte = signature_data.byteslice(0).unpack('C').first
|
40
|
+
byte & USER_PRESENCE_MASK == 1
|
36
41
|
end
|
37
42
|
|
38
43
|
##
|
data/lib/u2f/u2f.rb
CHANGED
@@ -21,7 +21,7 @@ module U2F
|
|
21
21
|
def authentication_requests(key_handles)
|
22
22
|
key_handles = [key_handles] unless key_handles.is_a? Array
|
23
23
|
key_handles.map do |key_handle|
|
24
|
-
SignRequest.new(key_handle
|
24
|
+
SignRequest.new(key_handle)
|
25
25
|
end
|
26
26
|
end
|
27
27
|
|
@@ -41,13 +41,11 @@ module U2F
|
|
41
41
|
# - +UserNotPresentError+:: if the user wasn't present during the authentication
|
42
42
|
# - +CounterTooLowError+:: if there is a counter mismatch between the registered one and the one in the response.
|
43
43
|
#
|
44
|
-
def authenticate!(
|
44
|
+
def authenticate!(challenge, response, registration_public_key,
|
45
45
|
registration_counter)
|
46
|
-
# Handle both single and Array input
|
47
|
-
challenges = [challenges] unless challenges.is_a? Array
|
48
46
|
|
49
47
|
# TODO: check that it's the correct key_handle as well
|
50
|
-
unless
|
48
|
+
unless challenge == response.client_data.challenge
|
51
49
|
fail NoMatchingRequestError
|
52
50
|
end
|
53
51
|
|
@@ -84,7 +82,7 @@ module U2F
|
|
84
82
|
#
|
85
83
|
def registration_requests
|
86
84
|
# TODO: generate a request for each supported version
|
87
|
-
[RegisterRequest.new(challenge
|
85
|
+
[RegisterRequest.new(challenge)]
|
88
86
|
end
|
89
87
|
|
90
88
|
##
|
data/lib/version.rb
CHANGED
@@ -1,11 +1,10 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
3
|
describe U2F::RegisterRequest do
|
4
|
-
let(:app_id) { 'http://example.com' }
|
5
4
|
let(:challenge) { 'fEnc9oV79EaBgK5BoNERU5gPKM2XGYWrz4fUjgc0Q7g' }
|
6
5
|
|
7
6
|
let(:sign_request) do
|
8
|
-
U2F::RegisterRequest.new(challenge
|
7
|
+
U2F::RegisterRequest.new(challenge)
|
9
8
|
end
|
10
9
|
|
11
10
|
describe '#to_json' do
|
@@ -13,9 +12,8 @@ describe U2F::RegisterRequest do
|
|
13
12
|
it do
|
14
13
|
is_expected.to match_json_expression(
|
15
14
|
version: String,
|
16
|
-
appId: String,
|
17
15
|
challenge: String
|
18
16
|
)
|
19
17
|
end
|
20
18
|
end
|
21
|
-
end
|
19
|
+
end
|
@@ -12,7 +12,7 @@ describe U2F::RegisterResponse do
|
|
12
12
|
device.register_response(challenge).gsub(" ", "")
|
13
13
|
end
|
14
14
|
let(:error_response) { device.register_response(challenge, error = true) }
|
15
|
-
let(:registration_request) { U2F::RegisterRequest.new(challenge
|
15
|
+
let(:registration_request) { U2F::RegisterRequest.new(challenge) }
|
16
16
|
let(:register_response) do
|
17
17
|
U2F::RegisterResponse.load_from_json(registration_data_json)
|
18
18
|
end
|
@@ -1,13 +1,11 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
3
|
describe U2F::SignRequest do
|
4
|
-
let(:app_id) { 'http://example.com' }
|
5
|
-
let(:challenge) { 'fEnc9oV79EaBgK5BoNERU5gPKM2XGYWrz4fUjgc0Q7g' }
|
6
4
|
let(:key_handle) do
|
7
5
|
'CTUayZo8hCBeC-sGQJChC0wW-bBg99bmOlGCgw8XGq4dLsxO3yWh9mRYArZxocP5hBB1pEGB3bbJYiM-5acc5w=='
|
8
6
|
end
|
9
7
|
let(:sign_request) do
|
10
|
-
U2F::SignRequest.new(key_handle
|
8
|
+
U2F::SignRequest.new(key_handle)
|
11
9
|
end
|
12
10
|
|
13
11
|
describe '#to_json' do
|
@@ -15,10 +13,8 @@ describe U2F::SignRequest do
|
|
15
13
|
it do
|
16
14
|
is_expected.to match_json_expression(
|
17
15
|
version: String,
|
18
|
-
appId: String,
|
19
|
-
challenge: String,
|
20
16
|
keyHandle: String
|
21
17
|
)
|
22
18
|
end
|
23
19
|
end
|
24
|
-
end
|
20
|
+
end
|
data/spec/lib/u2f_spec.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: u2f
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 1.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Johan Brissmyr
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date:
|
12
|
+
date: 2017-03-05 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: rake
|
@@ -17,28 +17,28 @@ dependencies:
|
|
17
17
|
requirements:
|
18
18
|
- - "~>"
|
19
19
|
- !ruby/object:Gem::Version
|
20
|
-
version: 10.3
|
20
|
+
version: '10.3'
|
21
21
|
type: :development
|
22
22
|
prerelease: false
|
23
23
|
version_requirements: !ruby/object:Gem::Requirement
|
24
24
|
requirements:
|
25
25
|
- - "~>"
|
26
26
|
- !ruby/object:Gem::Version
|
27
|
-
version: 10.3
|
27
|
+
version: '10.3'
|
28
28
|
- !ruby/object:Gem::Dependency
|
29
29
|
name: rspec
|
30
30
|
requirement: !ruby/object:Gem::Requirement
|
31
31
|
requirements:
|
32
32
|
- - "~>"
|
33
33
|
- !ruby/object:Gem::Version
|
34
|
-
version: 3.1
|
34
|
+
version: '3.1'
|
35
35
|
type: :development
|
36
36
|
prerelease: false
|
37
37
|
version_requirements: !ruby/object:Gem::Requirement
|
38
38
|
requirements:
|
39
39
|
- - "~>"
|
40
40
|
- !ruby/object:Gem::Version
|
41
|
-
version: 3.1
|
41
|
+
version: '3.1'
|
42
42
|
- !ruby/object:Gem::Dependency
|
43
43
|
name: json_expressions
|
44
44
|
requirement: !ruby/object:Gem::Requirement
|
@@ -73,28 +73,28 @@ dependencies:
|
|
73
73
|
requirements:
|
74
74
|
- - "~>"
|
75
75
|
- !ruby/object:Gem::Version
|
76
|
-
version: 0.
|
76
|
+
version: 0.8.10
|
77
77
|
type: :development
|
78
78
|
prerelease: false
|
79
79
|
version_requirements: !ruby/object:Gem::Requirement
|
80
80
|
requirements:
|
81
81
|
- - "~>"
|
82
82
|
- !ruby/object:Gem::Version
|
83
|
-
version: 0.
|
83
|
+
version: 0.8.10
|
84
84
|
- !ruby/object:Gem::Dependency
|
85
85
|
name: simplecov
|
86
86
|
requirement: !ruby/object:Gem::Requirement
|
87
87
|
requirements:
|
88
88
|
- - "~>"
|
89
89
|
- !ruby/object:Gem::Version
|
90
|
-
version: 0.
|
90
|
+
version: 0.11.1
|
91
91
|
type: :development
|
92
92
|
prerelease: false
|
93
93
|
version_requirements: !ruby/object:Gem::Requirement
|
94
94
|
requirements:
|
95
95
|
- - "~>"
|
96
96
|
- !ruby/object:Gem::Version
|
97
|
-
version: 0.
|
97
|
+
version: 0.11.1
|
98
98
|
description: Library for handling registration and authentication of U2F devices
|
99
99
|
email:
|
100
100
|
- brissmyr@gmail.com
|
@@ -136,7 +136,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
136
136
|
requirements:
|
137
137
|
- - ">="
|
138
138
|
- !ruby/object:Gem::Version
|
139
|
-
version:
|
139
|
+
version: 2.0.0
|
140
140
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
141
141
|
requirements:
|
142
142
|
- - ">="
|
@@ -144,7 +144,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
144
144
|
version: '0'
|
145
145
|
requirements: []
|
146
146
|
rubyforge_project:
|
147
|
-
rubygems_version: 2.
|
147
|
+
rubygems_version: 2.6.10
|
148
148
|
signing_key:
|
149
149
|
specification_version: 4
|
150
150
|
summary: U2F library
|