u2f 0.2.0 → 0.2.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 4181871c3a8f8591e810fca9f378c917d3c1817f
4
- data.tar.gz: 537078ef16ddaf5392b56e5e7c072f6d908a8e71
3
+ metadata.gz: e589a4313b54ef4f09bd93ee9d3ae3dc796a55d8
4
+ data.tar.gz: 6af61bb8549b978fc2e0de34eb1096aa7391df97
5
5
  SHA512:
6
- metadata.gz: 1f7a5df9ff90a60b12d979e3e4b23f708dc846b8962083fcc12528c362223f7d4512b972802b79b065d90f1a6b3d120ed7a2c1a7cb4878e43a75d3b6bd017b2e
7
- data.tar.gz: 9bceaa3d4c0ed8529a69d903731fbbcd0fe616d4d976af5c321c56b8b73337437e6c017bc82dfde83f2c4bcb55035ef44be42918f6028365da808b786e97843a
6
+ metadata.gz: 2b719b5857602edb742ce3d4e9ef90ae448a286e23abdd58696e52bf5f7d92a9afb88c8666a571f8af62ca6981db3313f7c0d7fb0fab016e2b71adfed68274f1
7
+ data.tar.gz: c9efc1c6157f3c6e846b237e545fdda917d9871098f0686ceb1ec21f7ddb73a75bdd6571bca92083f9ce35ecaeec519c4a6ff33f0b6c26a96cb415c2840a34eb
data/LICENSE ADDED
@@ -0,0 +1,21 @@
1
+ The MIT License
2
+
3
+ Copyright (c) 2014 by Johan Brissmyr and Sebastian Wallin
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in
13
+ all copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21
+ THE SOFTWARE.
data/README.md CHANGED
@@ -21,6 +21,8 @@ Check out the [example](https://github.com/castle/ruby-u2f/tree/master/example)
21
21
 
22
22
  There is another demo application available using the [Cuba](https://github.com/soveran/cuba) framework: [cuba-u2f-demo](https://github.com/badboy/cuba-u2f-demo) and a [blog post explaining the protocol and the implementation](http://fnordig.de/2015/03/06/u2f-demo-application/).
23
23
 
24
+ You'll need Google Chrome 41 or later to use U2F.
25
+
24
26
  ## Installation
25
27
 
26
28
  Add the `u2f` gem to your `Gemfile`
@@ -29,12 +31,6 @@ Add the `u2f` gem to your `Gemfile`
29
31
  gem 'u2f'
30
32
  ```
31
33
 
32
- Currently, you need Google Chrome and the [FIDO U2F extension](https://chrome.google.com/webstore/detail/fido-u2f-universal-2nd-fa/pfboblefjcgdjicmnffhdgionmgcdmne) to enable U2F. To access the extension’s JavaScript API, add the script to the `<head>` section.
33
-
34
- ```html
35
- <script src="chrome-extension://pfboblefjcgdjicmnffhdgionmgcdmne/u2f-api.js"></script>
36
- ```
37
-
38
34
  ## Usage
39
35
 
40
36
  The U2F library has two major tasks:
@@ -95,7 +95,11 @@ module U2F
95
95
  public_key_raw
96
96
  ].join
97
97
 
98
- parsed_certificate.public_key.verify(::U2F::DIGEST.new, signature, data)
98
+ begin
99
+ parsed_certificate.public_key.verify(::U2F::DIGEST.new, signature, data)
100
+ rescue OpenSSL::PKey::PKeyError
101
+ false
102
+ end
99
103
  end
100
104
 
101
105
  private
@@ -19,7 +19,7 @@ module U2F
19
19
  # Counter value that the U2F token increments every time it performs an
20
20
  # authentication operation
21
21
  def counter
22
- signature_data[1..4].unpack('N').first
22
+ signature_data.byteslice(1, 4).unpack('N').first
23
23
  end
24
24
 
25
25
  ##
@@ -32,7 +32,7 @@ module U2F
32
32
  ##
33
33
  # If user presence was verified
34
34
  def user_present?
35
- signature_data[0].unpack('C').first == 1
35
+ signature_data.byteslice(0).unpack('C').first == 1
36
36
  end
37
37
 
38
38
  ##
@@ -46,7 +46,12 @@ module U2F
46
46
  ].join
47
47
 
48
48
  public_key = OpenSSL::PKey.read(public_key_pem)
49
- public_key.verify(::U2F::DIGEST.new, signature, data)
49
+
50
+ begin
51
+ public_key.verify(::U2F::DIGEST.new, signature, data)
52
+ rescue OpenSSL::PKey::PKeyError
53
+ false
54
+ end
50
55
  end
51
56
  end
52
57
  end
@@ -60,7 +60,9 @@ module U2F
60
60
  fail UserNotPresentError unless response.user_present?
61
61
 
62
62
  unless response.counter > registration_counter
63
- fail CounterTooLowError
63
+ unless response.counter == 0 && registration_counter == 0
64
+ fail CounterTooLowError
65
+ end
64
66
  end
65
67
  end
66
68
 
@@ -140,7 +142,7 @@ module U2F
140
142
  # - +PublicKeyDecodeError+:: if the +key+ argument is incorrect
141
143
  #
142
144
  def self.public_key_pem(key)
143
- fail PublicKeyDecodeError unless key.length == 65 && key[0] == "\x04"
145
+ fail PublicKeyDecodeError unless key.bytesize == 65 && key.byteslice(0) == "\x04"
144
146
  # http://tools.ietf.org/html/rfc5480
145
147
  der = OpenSSL::ASN1::Sequence([
146
148
  OpenSSL::ASN1::Sequence([
@@ -1,3 +1,3 @@
1
1
  module U2F
2
- VERSION = "0.2.0"
2
+ VERSION = "0.2.1"
3
3
  end
@@ -68,4 +68,17 @@ describe U2F::RegisterResponse do
68
68
  subject { register_response.verify(app_id) }
69
69
  it { is_expected.to be_truthy }
70
70
  end
71
+
72
+ describe '#verify with wrong app_id' do
73
+ subject { register_response.verify("other app") }
74
+ it { is_expected.to be_falsey }
75
+ end
76
+
77
+ describe '#verify with corrupted signature' do
78
+ subject { register_response }
79
+ it "returns falsey" do
80
+ allow(subject).to receive(:signature).and_return("bad signature")
81
+ expect(subject.verify(app_id)).to be_falsey
82
+ end
83
+ end
71
84
  end
@@ -6,6 +6,7 @@ describe U2F::SignResponse do
6
6
  let(:device) { U2F::FakeU2F.new(app_id) }
7
7
  let(:json_response) { device.sign_response(challenge) }
8
8
  let(:sign_response) { U2F::SignResponse.load_from_json json_response }
9
+ let(:public_key_pem) { U2F::U2F.public_key_pem(device.origin_public_key_raw) }
9
10
 
10
11
  describe '#counter' do
11
12
  subject { sign_response.counter }
@@ -16,4 +17,22 @@ describe U2F::SignResponse do
16
17
  subject { sign_response.user_present? }
17
18
  it { is_expected.to be true }
18
19
  end
20
+
21
+ describe '#verify with correct app id' do
22
+ subject { sign_response.verify(app_id, public_key_pem) }
23
+ it { is_expected.to be_truthy}
24
+ end
25
+
26
+ describe '#verify with wrong app id' do
27
+ subject { sign_response.verify("other app", public_key_pem) }
28
+ it { is_expected.to be_falsey }
29
+ end
30
+
31
+ describe '#verify with corrupted signature' do
32
+ subject { sign_response }
33
+ it "returns falsey" do
34
+ allow(subject).to receive(:signature).and_return("bad signature")
35
+ expect(subject.verify(app_id, public_key_pem)).to be_falsey
36
+ end
37
+ end
19
38
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: u2f
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.2.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Johan Brissmyr
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2015-06-20 00:00:00.000000000 Z
12
+ date: 2015-10-06 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: rake
@@ -103,6 +103,7 @@ executables: []
103
103
  extensions: []
104
104
  extra_rdoc_files: []
105
105
  files:
106
+ - LICENSE
106
107
  - README.md
107
108
  - lib/u2f.rb
108
109
  - lib/u2f/client_data.rb
@@ -143,7 +144,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
143
144
  version: '0'
144
145
  requirements: []
145
146
  rubyforge_project:
146
- rubygems_version: 2.2.2
147
+ rubygems_version: 2.4.5.1
147
148
  signing_key:
148
149
  specification_version: 4
149
150
  summary: U2F library