search

Yubico / php-u2flib-server

(OBSOLETE) U2F library in PHP
https://developers.yubico.com/php-u2flib-server/
BSD 2-Clause "Simplified" License
289 stars 68 forks source link

Library fails with mbstring.func_overload #52

Closed paragonie-scott closed 7 years ago

paragonie-scott commented 8 years ago

To reproduce these failures:

php -dmbstring.func_overload=7 vendor/bin/phpunit

Solution: This constant-time encoding library offers two interfaces that will be useful:

  1. Binary for the safeStrlen() and safeSubstr() methods.
  2. Base64UrlSafe which converts to/from the Base64UrlSafe alphabet as defined in RFC 4648

Errors below:

$ php -dmbstring.func_overload=7 vendor/bin/phpunit 
PHPUnit 4.8.26 by Sebastian Bergmann and contributors.
Warning:    The Xdebug extension is not loaded
        No code coverage will be generated.

.EE.F.E........EFF.......

Time: 74 ms, Memory: 4.00MB

There were 4 errors:

1) U2FTest::testDoRegister
u2flib_server\Error: Decoding of public key failed

/var/www/php-u2flib-server/src/u2flib_server/U2F.php:198
/var/www/php-u2flib-server/tests/u2flib_test.php:52

2) U2FTest::testDoRegisterNoCert
u2flib_server\Error: Decoding of public key failed

/var/www/php-u2flib-server/src/u2flib_server/U2F.php:198
/var/www/php-u2flib-server/tests/u2flib_test.php:62

3) U2FTest::testDoRegisterAttest
u2flib_server\Error: Attestation certificate can not be validated

/var/www/php-u2flib-server/src/u2flib_server/U2F.php:193
/var/www/php-u2flib-server/tests/u2flib_test.php:103

4) U2FTest::testDoAuthenticate
u2flib_server\Error: Decoding of public key failed

/var/www/php-u2flib-server/src/u2flib_server/U2F.php:300
/var/www/php-u2flib-server/tests/u2flib_test.php:192

--

There were 3 failures:

1) U2FTest::testDoRegisterFail2
Failed asserting that 9 is equal to expected exception code 5.

2) U2FTest::testDoAuthenticateCtrFail
Failed asserting that 9 is equal to expected exception code 8.

3) U2FTest::testDoAuthenticateFail
Failed asserting that 9 is equal to expected exception code 3.

FAILURES!
Tests: 25, Assertions: 48, Errors: 4, Failures: 3.
klali commented 8 years ago

it seems like some other libraries just refuse to work if the func_overload is set. To me that seems like it should be an acceptable option?

paragonie-scott commented 8 years ago

That's a lazy option. Look at this, instead.

Anyway, I've decided to write a vendor-agnostic 2FA library so it doesn't really matter to me what decision you make, as it won't end up in any of my systems. :)