[xmlsec] php_xmlsec Some problems in AES encryption

Alexandre Kalendarev akalend at mail.ru
Wed May 3 00:17:03 PDT 2006 

Hi Aleksey,

I develop the php simplified envelope for xmlsec library. 
The encrypt of TripleDES is OK, but if I use AES algorithm, I have errors:

Warning: xmlsec_doc_encrypt(): func=xmlSecEncCtxEncDataNodeRead:file=xmlenc.c:line=885:obj=unknown:subj=unknown:error=45:key is not found: 
 in /usr/local/src/php-4.4.0/ext/xmlsec/xmlsec.php on line 79

Warning: xmlsec_doc_encrypt(): func=xmlSecEncCtxXmlEncrypt:file=xmlenc.c:line=375:obj=unknown:subj=xmlSecEncCtxEncDataNodeRead:error=1:xmlsec library function failed: 
 in /usr/local/src/php-4.4.0/ext/xmlsec/xmlsec.php on line 79

Fatal error: Error: encryption failed
 in /usr/local/src/php-4.4.0/ext/xmlsec/xmlsec.php on line 79



The part of php code:

$key=  xmlsec_key_ini( XMLSEC_AES );
 xmlsec_key_load($key,  '012345670123456701234567' );

 $tpl = xmlsec_template_ini(  $xmlStr  ); // $xmlStr
  xmlsec_key_set_name($key,  'Alexandre' );
  xmlsec_template_set_key($tpl, $key);
  xmlsec_template_enc_create(  $tpl, XMLSEC_AES_192 );
  $doc = xmlsec_doc_ini (   $xmlStr  );
  xmlsec_doc_set_template (  $doc ,  $tpl );
  print  xmlsec_doc_encrypt (  $doc );

I change the XMLSEC_AES and XMLSEC_AES_192 constant to XMLSEC_DES and XMLSEC_3DES ( this constant define in the php_xmlsec.h). If I use XMLSEC_DES and XMLSEC_3DES constant - all the best.
So, I change key if I use XMLSEC_AES_128 or XMLSEC_AES_256, for example:
 xmlsec_key_load($key,  '0123456701234567' ); 
 

The part of C++ code (using ZEND API for PHP):

/* register xmlsec_key resource and save key type */
PHP_FUNCTION( xmlsec_key_ini )
{
	int *arg = NULL;
	int len, k, keyType;
	int rsc_id;
	char string[256];
	php_xmlsec_key *key_rsc, *key_rsc2;
	zval **result ,  *key_result;
	
	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "l", &arg ) == FAILURE) {
		return;
	}
	keyType = ( int)arg;

	if ( !( arg == XMLSEC_DES  ||  arg == XMLSEC_AES ))
			php_error(E_ERROR, "The key type is wrong ( type_id is %x) \nYou must to use XMLSEC key constant " , arg);
		
	key_rsc = (php_xmlsec_key* )  emalloc(sizeof( php_xmlsec_key) );

	key_rsc->type = (int) arg;
	 ZEND_REGISTER_RESOURCE(return_value , key_rsc ,  le_xmlseckey );
	
}
/* load key from string parameters (using key type ) and save in xmlsec_key resource */
PHP_FUNCTION( xmlsec_key_load )
{
	char *arg = NULL;
	zval **result ;
	int arg_len, len;
	char string[256];
	php_xmlsec_key  key_rsc;
	typedef  php_xmlsec_key* php_xmlsec_key_ptr;
	php_xmlsec_key_ptr  p_key,  pkey_rsc; 
	zval *res ;
	xmlSecKeyPtr pKey; 
	xmlSecSize keySize;
	
	if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "rs", &result  , &arg, &arg_len) == FAILURE) {
		php_error(E_ERROR, "The arguments is wrong \n" );
		return;
	}
	
   zend_get_parameters_ex(1, &result );
	   
	 ZEND_FETCH_RESOURCE( res , php_xmlsec_key*, result , -1, "xmlsec results", le_xmlseckey );

	 p_key = (php_xmlsec_key_ptr  ) res;
	 bzero( p_key->key ,2048 );
	 strncpy( p_key->key ,arg, arg_len );
	 
	int keyType =  (int) p_key->type;
	
	keySize =  strlen( arg ) ;
		
	switch( keyType ){
		case XMLSEC_DES:  
			pKey = xmlSecKeyReadMemory (xmlSecKeyDataAesId  , (xmlSecByte* ) arg   ,  keySize );
			break;	
		case XMLSEC_AES: 
			pKey = xmlSecKeyReadMemory (xmlSecKeyDataDesId  , (xmlSecByte* ) arg   ,  keySize );
		break;
		default: 
			php_error(E_ERROR, "The key type is wrong.");
	}

	if (pKey == NULL  )
		php_error(E_WARNING, "the xmlSecKeyReadMemory  aborted\n" );
	else
	   	p_key->p_key = pKey;

}

/*  encryption, load key from xmlsec_key resource  */
PHP_FUNCTION( xmlsec_doc_encrypt )
{
	int *arg = NULL;
	int len, k;
	int *pLen;
	int rsc_id;
	char string[256];
	php_xmlsec_tpl *tpl_rsc, *p_tpl = NULL;
	php_xmlsec_key *p_key, *p_key_2;
	php_xmlsec_doc  *doc_rsc, *p_doc;
		
	zval **result ,  *doc_result , **result_2 , *tpl_result;
	xmlDoc *pDocXml , *pDocTpl ;
	char  *docStr;
	
	xmlSecEncCtxPtr encCtx;	
	xmlNodePtr encDataNode; 
	
	zend_get_parameters_ex(1, &result  );	
	
	ZEND_FETCH_RESOURCE( doc_result,  php_xmlsec_doc*, result , -1, "xmlsec doc ", le_xmlsecdoc );
	 p_doc = (php_xmlsec_doc* ) doc_result; // xml data doc for encryption
	 
	 if ( p_doc->doc == NULL ) 
	 	php_error(E_ERROR, "The incoming data xml document is null or don't valid. \n" );
	
	p_tpl = (php_xmlsec_tpl*) p_doc->p_tpl ; 

	if ( p_tpl == NULL) 
		php_error(E_ERROR, "The template is null or don't valid. \n" );	
	 
	p_key = (php_xmlsec_key*)p_doc->p_key;	
	p_key_2 = (php_xmlsec_key*)p_tpl->p_key;
	
	 xmlSecKeyPtr  p_key_in_php_key = ( xmlSecKeyPtr ) p_key_2->p_key;
	
	if ( p_key_in_php_key  == NULL)
	 		php_error(E_ERROR, "The key in the xmlsec_key is null. \n" );
	
	if (    p_key_2 == NULL)
		php_error(E_ERROR, "The xmlsec key 2 resource is null. \n" );
	
	/*  create encryption context */
	encCtx =xmlSecEncCtxCreate(NULL) ;	
	
	encCtx->encKey =  p_key_2->p_key;
	    
	    /* encrypt the data */
    	pDocTpl = (xmlDoc* ) p_tpl->doc;   // template
	
   /* find start node */
    encDataNode = xmlSecFindNode(xmlDocGetRootElement( pDocTpl ), xmlSecNodeEncryptedData, xmlSecEncNs);
    xmlNode* root = xmlDocGetRootElement(p_doc->doc);
    
    if( encDataNode  == NULL) {
	php_error(E_ERROR,  "Error: start node not found in template\n"  );		
    }

	if(xmlSecEncCtxXmlEncrypt(encCtx, encDataNode,  root ) < 0) {
        	php_error(E_ERROR,  "Error: encryption failed\n"  );				
    }
	xmlDocDumpMemory (  p_doc->doc,  &docStr, &len );

	RETURN_STRINGL(  docStr, len,  1 ) ;
	encDataNode  = NULL;

	/*  destroy encCtx  */
        if(encCtx != NULL) {
		xmlSecEncCtxDestroy(encCtx);
    	}

	

}

The xmlsec PHP extention in the attachment.

The generic templates:

<?xml version="1.0"?>
<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Element">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>Alexandre</KeyName>
</KeyInfo>
<CipherData>
<CipherValue/>
</CipherData>
</EncryptedData>

The 3*DES output data (is OK):

<?xml version="1.0"?>
<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Element">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>Alexandre</KeyName>
</KeyInfo>
<CipherData>
<CipherValue>x8O0zRtVGfmzR3f+sVgK0icjpq0cU/r2qvRyFQmHiVM=</CipherValue>
</CipherData>
</EncryptedData>



Thanks,

Alexandre Kalendarev

-------------- next part --------------
A non-text attachment was scrubbed...
Name: xmlsec.zip
Type: application/x-zip-compressed
Size: 7900 bytes
Desc: not available
Url : http://www.aleksey.com/pipermail/xmlsec/attachments/20060503/1c6e56cf/xmlsec-0002.bin

More information about the xmlsec mailing list