u2f 0.2.0 → 0.2.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/LICENSE +21 -0
- data/README.md +2 -6
- data/lib/u2f/register_response.rb +5 -1
- data/lib/u2f/sign_response.rb +8 -3
- data/lib/u2f/u2f.rb +4 -2
- data/lib/version.rb +1 -1
- data/spec/lib/register_response_spec.rb +13 -0
- data/spec/lib/sign_response_spec.rb +19 -0
- metadata +4 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e589a4313b54ef4f09bd93ee9d3ae3dc796a55d8
|
4
|
+
data.tar.gz: 6af61bb8549b978fc2e0de34eb1096aa7391df97
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 2b719b5857602edb742ce3d4e9ef90ae448a286e23abdd58696e52bf5f7d92a9afb88c8666a571f8af62ca6981db3313f7c0d7fb0fab016e2b71adfed68274f1
|
7
|
+
data.tar.gz: c9efc1c6157f3c6e846b237e545fdda917d9871098f0686ceb1ec21f7ddb73a75bdd6571bca92083f9ce35ecaeec519c4a6ff33f0b6c26a96cb415c2840a34eb
|
data/LICENSE
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
The MIT License
|
2
|
+
|
3
|
+
Copyright (c) 2014 by Johan Brissmyr and Sebastian Wallin
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
7
|
+
in the Software without restriction, including without limitation the rights
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
10
|
+
furnished to do so, subject to the following conditions:
|
11
|
+
|
12
|
+
The above copyright notice and this permission notice shall be included in
|
13
|
+
all copies or substantial portions of the Software.
|
14
|
+
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
21
|
+
THE SOFTWARE.
|
data/README.md
CHANGED
@@ -21,6 +21,8 @@ Check out the [example](https://github.com/castle/ruby-u2f/tree/master/example)
|
|
21
21
|
|
22
22
|
There is another demo application available using the [Cuba](https://github.com/soveran/cuba) framework: [cuba-u2f-demo](https://github.com/badboy/cuba-u2f-demo) and a [blog post explaining the protocol and the implementation](http://fnordig.de/2015/03/06/u2f-demo-application/).
|
23
23
|
|
24
|
+
You'll need Google Chrome 41 or later to use U2F.
|
25
|
+
|
24
26
|
## Installation
|
25
27
|
|
26
28
|
Add the `u2f` gem to your `Gemfile`
|
@@ -29,12 +31,6 @@ Add the `u2f` gem to your `Gemfile`
|
|
29
31
|
gem 'u2f'
|
30
32
|
```
|
31
33
|
|
32
|
-
Currently, you need Google Chrome and the [FIDO U2F extension](https://chrome.google.com/webstore/detail/fido-u2f-universal-2nd-fa/pfboblefjcgdjicmnffhdgionmgcdmne) to enable U2F. To access the extension’s JavaScript API, add the script to the `<head>` section.
|
33
|
-
|
34
|
-
```html
|
35
|
-
<script src="chrome-extension://pfboblefjcgdjicmnffhdgionmgcdmne/u2f-api.js"></script>
|
36
|
-
```
|
37
|
-
|
38
34
|
## Usage
|
39
35
|
|
40
36
|
The U2F library has two major tasks:
|
@@ -95,7 +95,11 @@ module U2F
|
|
95
95
|
public_key_raw
|
96
96
|
].join
|
97
97
|
|
98
|
-
|
98
|
+
begin
|
99
|
+
parsed_certificate.public_key.verify(::U2F::DIGEST.new, signature, data)
|
100
|
+
rescue OpenSSL::PKey::PKeyError
|
101
|
+
false
|
102
|
+
end
|
99
103
|
end
|
100
104
|
|
101
105
|
private
|
data/lib/u2f/sign_response.rb
CHANGED
@@ -19,7 +19,7 @@ module U2F
|
|
19
19
|
# Counter value that the U2F token increments every time it performs an
|
20
20
|
# authentication operation
|
21
21
|
def counter
|
22
|
-
signature_data
|
22
|
+
signature_data.byteslice(1, 4).unpack('N').first
|
23
23
|
end
|
24
24
|
|
25
25
|
##
|
@@ -32,7 +32,7 @@ module U2F
|
|
32
32
|
##
|
33
33
|
# If user presence was verified
|
34
34
|
def user_present?
|
35
|
-
signature_data
|
35
|
+
signature_data.byteslice(0).unpack('C').first == 1
|
36
36
|
end
|
37
37
|
|
38
38
|
##
|
@@ -46,7 +46,12 @@ module U2F
|
|
46
46
|
].join
|
47
47
|
|
48
48
|
public_key = OpenSSL::PKey.read(public_key_pem)
|
49
|
-
|
49
|
+
|
50
|
+
begin
|
51
|
+
public_key.verify(::U2F::DIGEST.new, signature, data)
|
52
|
+
rescue OpenSSL::PKey::PKeyError
|
53
|
+
false
|
54
|
+
end
|
50
55
|
end
|
51
56
|
end
|
52
57
|
end
|
data/lib/u2f/u2f.rb
CHANGED
@@ -60,7 +60,9 @@ module U2F
|
|
60
60
|
fail UserNotPresentError unless response.user_present?
|
61
61
|
|
62
62
|
unless response.counter > registration_counter
|
63
|
-
|
63
|
+
unless response.counter == 0 && registration_counter == 0
|
64
|
+
fail CounterTooLowError
|
65
|
+
end
|
64
66
|
end
|
65
67
|
end
|
66
68
|
|
@@ -140,7 +142,7 @@ module U2F
|
|
140
142
|
# - +PublicKeyDecodeError+:: if the +key+ argument is incorrect
|
141
143
|
#
|
142
144
|
def self.public_key_pem(key)
|
143
|
-
fail PublicKeyDecodeError unless key.
|
145
|
+
fail PublicKeyDecodeError unless key.bytesize == 65 && key.byteslice(0) == "\x04"
|
144
146
|
# http://tools.ietf.org/html/rfc5480
|
145
147
|
der = OpenSSL::ASN1::Sequence([
|
146
148
|
OpenSSL::ASN1::Sequence([
|
data/lib/version.rb
CHANGED
@@ -68,4 +68,17 @@ describe U2F::RegisterResponse do
|
|
68
68
|
subject { register_response.verify(app_id) }
|
69
69
|
it { is_expected.to be_truthy }
|
70
70
|
end
|
71
|
+
|
72
|
+
describe '#verify with wrong app_id' do
|
73
|
+
subject { register_response.verify("other app") }
|
74
|
+
it { is_expected.to be_falsey }
|
75
|
+
end
|
76
|
+
|
77
|
+
describe '#verify with corrupted signature' do
|
78
|
+
subject { register_response }
|
79
|
+
it "returns falsey" do
|
80
|
+
allow(subject).to receive(:signature).and_return("bad signature")
|
81
|
+
expect(subject.verify(app_id)).to be_falsey
|
82
|
+
end
|
83
|
+
end
|
71
84
|
end
|
@@ -6,6 +6,7 @@ describe U2F::SignResponse do
|
|
6
6
|
let(:device) { U2F::FakeU2F.new(app_id) }
|
7
7
|
let(:json_response) { device.sign_response(challenge) }
|
8
8
|
let(:sign_response) { U2F::SignResponse.load_from_json json_response }
|
9
|
+
let(:public_key_pem) { U2F::U2F.public_key_pem(device.origin_public_key_raw) }
|
9
10
|
|
10
11
|
describe '#counter' do
|
11
12
|
subject { sign_response.counter }
|
@@ -16,4 +17,22 @@ describe U2F::SignResponse do
|
|
16
17
|
subject { sign_response.user_present? }
|
17
18
|
it { is_expected.to be true }
|
18
19
|
end
|
20
|
+
|
21
|
+
describe '#verify with correct app id' do
|
22
|
+
subject { sign_response.verify(app_id, public_key_pem) }
|
23
|
+
it { is_expected.to be_truthy}
|
24
|
+
end
|
25
|
+
|
26
|
+
describe '#verify with wrong app id' do
|
27
|
+
subject { sign_response.verify("other app", public_key_pem) }
|
28
|
+
it { is_expected.to be_falsey }
|
29
|
+
end
|
30
|
+
|
31
|
+
describe '#verify with corrupted signature' do
|
32
|
+
subject { sign_response }
|
33
|
+
it "returns falsey" do
|
34
|
+
allow(subject).to receive(:signature).and_return("bad signature")
|
35
|
+
expect(subject.verify(app_id, public_key_pem)).to be_falsey
|
36
|
+
end
|
37
|
+
end
|
19
38
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: u2f
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.2.
|
4
|
+
version: 0.2.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Johan Brissmyr
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2015-06
|
12
|
+
date: 2015-10-06 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: rake
|
@@ -103,6 +103,7 @@ executables: []
|
|
103
103
|
extensions: []
|
104
104
|
extra_rdoc_files: []
|
105
105
|
files:
|
106
|
+
- LICENSE
|
106
107
|
- README.md
|
107
108
|
- lib/u2f.rb
|
108
109
|
- lib/u2f/client_data.rb
|
@@ -143,7 +144,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
143
144
|
version: '0'
|
144
145
|
requirements: []
|
145
146
|
rubyforge_project:
|
146
|
-
rubygems_version: 2.
|
147
|
+
rubygems_version: 2.4.5.1
|
147
148
|
signing_key:
|
148
149
|
specification_version: 4
|
149
150
|
summary: U2F library
|