yubioath 0.1.1 → 1.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 7386901adaf1c073cfd36ba9935ed9d6f705d36d
-  data.tar.gz: 1d8cb06257cf05e553908e807973afb860540beb
+  metadata.gz: 4f3d7712ca20e86423b1dd55b26c6e8390bd9c08
+  data.tar.gz: e81afd263ba2466f972568e4fe199bd9b9237b5f
 SHA512:
-  metadata.gz: f749d02c469cf6ba53b8f75b967b9a2e54630f62bafb14ad07d9d8c623113228136f52c6b10e9d63520467e0e11a7444bf6b6bdcfcf5bfd8e7a9c520f9d85f76
-  data.tar.gz: 91c71ef4a90586d8c8291a236a55ddfc8d8c6a31065eb66efb383888350bf113b7a0f2bc341ee51d36d98ce76b551980565e9dc1bdf1b183efb1f9751b1f67b1
+  metadata.gz: 903e5115d614d3cc777f6a2ea46a66561bdb2c7be8bebccc653a695c36449b970ff00dd56eed04bbdc879d18b34fb39ab0ffe36a18ed03798c5db3b45bca37b7
+  data.tar.gz: 34215cf74eb5316b6728136df0106a0c74ec5610fc0e7c2bb5b643d7a3b1c66b45217f749c631f8303378c1ec7b3d36b85d894f94b31793381a606f10bf186ff

data/.rspec

@@ -0,0 +1,2 @@
+--color
+--require spec_helper

data/.rubocop.yml

@@ -1,3 +1,5 @@
+inherit_from: .rubocop_todo.yml
+
 AllCops:
   Exclude:
     - 'yubioath.gemspec'
@@ -8,5 +10,17 @@ Metrics/LineLength:
 Style/Documentation:
   Enabled: false
 
-Metrics/LineLength:
+Style/SpaceAroundOperators:
+  Enabled: false
+
+Style/SpaceInsideHashLiteralBraces:
+  Enabled: false
+
+Style/TrailingComma:
+  EnforcedStyleForMultiline: comma
+
+Style/BracesAroundHashParameters:
+  Enabled: false
+
+Style/IndentHash:
   Enabled: false

data/.rubocop_todo.yml

@@ -0,0 +1,16 @@
+# This configuration was generated by `rubocop --auto-gen-config`
+# on 2015-07-04 16:09:47 +1000 using RuboCop version 0.29.1.
+# The point is for the user to remove these configuration records
+# one by one as the offenses are removed from the code base.
+# Note that changes in the inspected code, or installation of new
+# versions of RuboCop, may require this file to be generated again.
+
+# Offense count: 2
+Metrics/AbcSize:
+  Max: 19
+
+# Offense count: 6
+# Cop supports --auto-correct.
+# Configuration parameters: EnforcedStyle, SupportedStyles.
+Style/SignalException:
+  Enabled: false

data/Gemfile

@@ -4,5 +4,14 @@ source 'https://rubygems.org'
 gemspec
 
 group :development do
+  gem 'bundler'
+  gem 'rake'
   gem 'rubocop'
 end
+
+group :test do
+  gem 'rspec', '~> 3.3'
+  gem 'rspec-its', '~> 1.2'
+  gem 'rspec-the', '~> 1.0'
+  gem 'smartcard', '~> 0.5.5'
+end

data/LICENSE.markdown

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2015, James Ottaway
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -1,26 +1,61 @@
 # YubiOATH
 
-Securely manage your 2FA tokens using your Yubikey NEO
+A mostly-complete Ruby implementation of the [YubiOATH applet protocol](https://developers.yubico.com/ykneo-oath/Protocol.html).
 
-## Installation
+## Usage
+
+The `YubiOATH` class accepts a `card`, which must respond to `#transmit(apdu)`.
 
-Install `yubioath` globally using RubyGems:
+You probably want to use [costan/smartcard](https://github.com/costan/smartcard).
 
+```ruby
+yubioath = YubiOATH.new(card)
 ```
-$ gem install yubioath
+
+### Calculate
+
+Do calculate for one named code.
+
+``` ruby
+yubioath.calculate(name: 'foo', timestamp: Time.now)   # => '237893'
 ```
 
-## Usage
+### Calculate All
 
-List all available tokens:
+Do calculation for all available codes.
 
+``` ruby
+yubioath.calculate_all(timestamp: Time.now)   # => { 'foo' => '576238', 'bar' => '123895' }
 ```
-$ yubioath list
-
-YubiOATH Tokens Available:
------
-1. GitHub - james+github@example.com: 123456
-2. Google - james+google@example.com: 234567
-3. Amazon - james+amazon@example.com: 345678
-4. Heroku - james+heroku@example.com: 456789
+
+### Delete
+
+Deletes an existing code.
+
+``` ruby
+yubioath.delete(name: 'foo')   # => true
+```
+
+### List
+
+List configured codes.
+
+``` ruby
+yubioath.list   # => { 'foo' => { type: :totp, algorithm: :sha256 } }
+```
+
+### Put
+
+Adds a new (or overwrites) OATH code.
+
+``` ruby
+yubioath.put(name: 'foo', secret: 'bar', …)   # => true
+```
+
+### Reset
+
+Reset the applet to just-installed state.
+
+``` ruby
+yubioath.reset   # => true
 ```

data/lib/yubioath.rb

@@ -4,6 +4,10 @@ require 'yubioath/response'
 
 class YubiOATH
   AID = [0xA0, 0x00, 0x00, 0x05, 0x27, 0x21, 0x01, 0x01]
+  ALGORITHMS = { sha1: 0x1, sha256: 0x2 }
+  TYPES = { hotp: 0x1, totp: 0x2 }
+
+  RequestFailed = Class.new(StandardError)
 
   def initialize(card)
     @card = card
@@ -14,16 +18,18 @@ class YubiOATH
     data = Calculate::Request::Data.new(name: name, timestamp: timestamp.to_i / 30)
     request = Calculate::Request.new(data: data.to_binary_s)
     response = Response.read(@card.transmit(request.to_binary_s))
-    throw unless response.success?
-    Calculate::Response.read(response.data)
+    raise RequestFailed, response unless response.success?
+    Calculate::Response.read(response.data).code.to_s
   end
 
   def calculate_all(timestamp:)
     data = CalculateAll::Request::Data.new(timestamp: timestamp.to_i / 30)
     request = CalculateAll::Request.new(data: data.to_binary_s)
     response = Response.read(@card.transmit(request.to_binary_s))
-    throw unless response.success?
-    CalculateAll::Response.read(response.data)
+    raise RequestFailed, response unless response.success?
+    CalculateAll::Response.read(response.data)[:codes].map do |code|
+      [code.name, code.code.to_s]
+    end.to_h
   end
 
   def delete(name:)
@@ -35,14 +41,20 @@ class YubiOATH
   def list
     request = List::Request.new.to_binary_s
     response = Response.read(@card.transmit(request))
-    throw unless response.success?
-    List::Response.read(response.data)
+    raise RequestFailed, response unless response.success?
+    List::Response.read(response.data)[:codes].map do |code|
+      [code.name, {
+        type: TYPES.key(code.type),
+        algorithm: ALGORITHMS.key(code.algorithm),
+      }]
+    end.to_h
   end
 
   def put(name:, secret:, algorithm:, type:, digits:)
     data = Put::Request::Data.new(
       name: name,
-      key_algorithm: (Put::ALGORITHMS[algorithm] | Put::TYPES[type]),
+      type: TYPES.fetch(type),
+      algorithm: ALGORITHMS.fetch(algorithm),
       digits: digits,
       secret: secret,
     )
@@ -59,7 +71,7 @@ class YubiOATH
   def select(aid)
     request = Select::Request.new(aid: aid).to_binary_s
     response = Response.read(@card.transmit(request))
-    throw unless response.success?
+    raise RequestFailed, response unless response.success?
     Select::Response.read(response.data)
   end
 end

data/lib/yubioath/list.rb

@@ -13,7 +13,9 @@ class YubiOATH
       array :codes, read_until: :eof do
         uint8 :name_tag
         uint8 :name_length
-        string :name, read_length: :name_length
+        bit4 :type
+        bit4 :algorithm
+        string :name, read_length: -> { name_length - 1 }
       end
     end
   end

data/lib/yubioath/put.rb

@@ -2,9 +2,6 @@ require 'bindata'
 
 class YubiOATH
   class Put
-    ALGORITHMS = {'SHA1' => 0x01, 'SHA256' => 0x02}
-    TYPES = {'hotp' => 0x10, 'totp' => 0x20}
-
     class Request < BinData::Record
       uint8 :cla, value: 0x00
       uint8 :ins, value: 0x01
@@ -20,8 +17,8 @@ class YubiOATH
 
         uint8 :key_tag, value: 0x73
         uint8 :key_length, value: -> { secret.length + 2 }
-        uint8 :key_algorithm
-
+        bit4 :type
+        bit4 :algorithm
         uint8 :digits
         string :secret
       end

data/lib/yubioath/response.rb

@@ -4,10 +4,10 @@ class YubiOATH
   class Response < BinData::Record
     count_bytes_remaining :data_length
     string :data, read_length: -> { data_length - 2 }
-    array :success, type: :uint8, initial_length: 2
+    array :status, type: :uint8, initial_length: 2
 
     def success?
-      success == [0x90, 0x00]
+      status == [0x90, 0x00]
     end
   end
 end

data/yubioath.gemspec

@@ -4,23 +4,16 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 
 Gem::Specification.new do |spec|
   spec.name          = 'yubioath'
-  spec.version       = '0.1.1'
+  spec.version       = '1.0.0'
   spec.authors       = ['James Ottaway']
   spec.email         = ['yubioath@james.ottaway.io']
   spec.summary       = 'Securely manage your 2FA tokens using your Yubikey NEO'
   spec.homepage      = 'https://github.com/jamesottaway/yubioath'
   spec.license       = 'MIT'
 
-  spec.files         = `git ls-files -z`.split("\x0")
-  spec.bindir        = "exe"
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
-  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ['lib']
 
-  spec.add_dependency 'thor', '~> 0.19.1'
   spec.add_dependency 'bindata', '~> 2.1'
-  spec.add_dependency 'smartcard', '~> 0.5.5'
-
-  spec.add_development_dependency 'bundler', '~> 1.7'
-  spec.add_development_dependency 'rake', '~> 10.0'
 end

metadata

@@ -1,29 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: yubioath
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 1.0.0
 platform: ruby
 authors:
 - James Ottaway
 autorequire: 
-bindir: exe
+bindir: bin
 cert_chain: []
-date: 2015-06-29 00:00:00.000000000 Z
+date: 2015-07-07 00:00:00.000000000 Z
 dependencies:
-- !ruby/object:Gem::Dependency
-  name: thor
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 0.19.1
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 0.19.1
 - !ruby/object:Gem::Dependency
   name: bindata
   requirement: !ruby/object:Gem::Requirement
@@ -38,66 +24,23 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.1'
-- !ruby/object:Gem::Dependency
-  name: smartcard
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 0.5.5
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 0.5.5
-- !ruby/object:Gem::Dependency
-  name: bundler
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.7'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.7'
-- !ruby/object:Gem::Dependency
-  name: rake
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '10.0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '10.0'
 description: 
 email:
 - yubioath@james.ottaway.io
-executables:
-- yubioath
+executables: []
 extensions: []
 extra_rdoc_files: []
 files:
 - ".gitignore"
+- ".rspec"
 - ".rubocop.yml"
+- ".rubocop_todo.yml"
 - ".ruby-version"
 - Gemfile
+- LICENSE.markdown
 - LICENSE.txt
 - README.md
 - Rakefile
-- exe/yubioath
-- lib/card.rb
-- lib/cli.rb
 - lib/yubioath.rb
 - lib/yubioath/calculate.rb
 - lib/yubioath/calculate_all.rb

data/exe/yubioath

@@ -1,4 +0,0 @@
-#!/usr/bin/env ruby
-$LOAD_PATH.unshift File.expand_path(File.join(__dir__, '..', 'lib'))
-require 'cli'
-CLI.start

data/lib/card.rb

@@ -1,36 +0,0 @@
-require 'smartcard'
-require 'yubioath'
-
-class Card
-  def initialize(name:)
-    @name = name
-  end
-
-  def yubioath
-    tap do |card|
-      yield YubiOATH.new(card)
-    end
-  end
-
-  private
-
-  def tap(&block)
-    Context.tap do |context|
-      begin
-        card = context.card(@name)
-        block.call(card)
-      ensure
-        card.disconnect unless card.nil?
-      end
-    end
-  end
-
-  class Context
-    def self.tap(&block)
-      context = Smartcard::PCSC::Context.new
-      block.call(context)
-    ensure
-      context.release
-    end
-  end
-end

data/lib/cli.rb

@@ -1,51 +0,0 @@
-require 'thor'
-require 'card'
-
-class CLI < Thor
-  package_name 'yubioath'
-
-  desc 'list', 'list current OTP tokens'
-  def list
-    card.yubioath do |yubioath|
-      all = yubioath.calculate_all(timestamp: Time.now)
-
-      STDOUT.puts
-      STDOUT.puts 'YubiOATH Tokens:'
-      STDOUT.puts '----------------'
-
-      all[:codes].each_with_index do |token, index|
-        STDOUT.puts "#{index+1}. #{token.name}: #{token.code}"
-      end
-    end
-  end
-
-  desc 'token NAME', 'get the current OTP value for NAME'
-  def token(name)
-    card.yubioath do |yubioath|
-      token = yubioath.calculate(name: name, timestamp: Time.now)
-      STDOUT.print token.code
-    end
-  end
-
-  desc 'add NAME SECRET', 'add a new OTP secret'
-  def add(name, secret)
-    card.yubioath do |yubioath|
-      response = yubioath.put(name: name, secret: secret, algorithm: 'SHA256', type: 'totp', digits: 6)
-      throw unless response.success?
-    end
-  end
-
-  desc 'delete NAME', 'remove the OTP token called NAME'
-  def delete(name)
-    card.yubioath do |yubioath|
-      response = yubioath.delete(name: name)
-      throw unless response.success?
-    end
-  end
-
-  private
-
-  def card
-    @card ||= Card.new(name: 'Yubico Yubikey NEO OTP+CCID')
-  end
-end