search

robrichards / xmlseclibs

A PHP library for XML Security
BSD 3-Clause "New" or "Revised" License
387 stars 181 forks source link

initial attempt at supporting AES-GCM on PHP >= 7.1 #192

Closed ghost closed 4 years ago

ghost commented 5 years ago

Working on AES-GCM support for #134.

Tests are still missing. Requesting early feedback.

vanderlee commented 4 years ago

I'd like to have AES-GCM support included. Is there any way we can help or otherwise (financially) support the developers to include tested AES-GCM support?

robrichards commented 4 years ago

@vanderlee Are you able to generate any test documents that we can use to develop more tests from? I haven't had a chance to do this from other libraries yet so this would definitely help speed up adding support

ghost commented 4 years ago

I have a Shibboleth encrypted aes256-gcm assertion aes256.zip that I use in my SAML SP test suite.

vanderlee commented 4 years ago

I'm trying to piece together a phpt testcase based on @fkooman's zip file but can't get it working. Is there any (online) tooling which should be used?

robrichards commented 4 years ago

@vanderlee Thanks for those test files. Am able to properly decrypt them now. Still need to test encryption and write some tests. Trying to find some time so might be another week or so.

vanderlee commented 4 years ago

@robrichards Tried to get it working with the changes you mentioned but not really getting anywhere with it. Please let me know if I can support this work in any way.

robrichards commented 4 years ago

@vanderlee Do you mind if I add your test file and key to the test suite? I did make independent encrypt/decrypt tests but having one created outside of the library would be very useful? I do have it fully working just looking at any other changes queued up for a release. Will be another day or 2.

vanderlee commented 4 years ago

@robrichards The testfiles aren't mine, but from @fkooman. @fkooman submitted this PR initially. All contents from the zipfile come straight from his own repo: https://github.com/fkooman/php-saml-sp/tree/master/tests/data, which has an MIT license so should be fine to use, though it's probably nice to have explicit permission from @fkooman.

robrichards commented 4 years ago

@fkooman Sorry about that. Forgot who had sent those :D. Anyways do you mind if I add that SAML file and the encryption key into this repo for a test case?

ghost commented 4 years ago

As far as I'm concerned it is fine to add that assertion and (private) key, they are all test servers anyway!

robrichards commented 4 years ago

@fkooman I needed to fix a few things so used a diff from your branch and worked off of that. This has been released in 3.1.0