Calling RNGCrypto From COM's DOTNET Class From PHP

Question

I'm attempting to call RNGCryptoServiceProvider->GetBytes() from PHP via the COM layer. I can get it to connect to the class, but every time I call the method, I get one of two errors (relating to the parameter). I think it has something to due with the fact that GetBytes takes a fixed size byte array by reference. Since PHP doesn't support fixed sized strings, that's where it gets interesting:

Error 1:

$util    = new \DOTNET(
    'mscorlib',
    'System.Security.Cryptography.RNGCryptoServiceProvider'
);
$data = new \Variant(str_repeat(chr(46), $size), VT_UI1 | VT_ARRAY);
$util->GetBytes($data);

Error [0x80070057] The parameter is incorrect

Which is thrown by the ->GetBytes() line.

If I don't use a variant, but just use a plain string, I still get the same error.

However, if I pass in an array like so:

$data = array('');
$util->GetBytes($data);

Parameter 0: Type mismatch.

So I think the variant/string approach is the correct one (as it passes the parameter type check). But I just can't figure out how to get it working.

The C# interface to the method is:

public override void GetBytes(
    byte[] data
)

Thanks

Answer 1

It has been years since I touched PHP, let alone tried to interop with .net, but what if you create a string padded to your desired length and unpack() it?

$byte_array = unpack('C*', '12345678');
$util->GetBytes($byte_array);

---

Whelp, wasted an hour or two playing with it to no result. I'd take a look at this:

http://www.sitepoint.com/forums/showthread.php?766246-PHP-and-NET-Secure-RndNum-Generation-using-DOTNET-class

Two reasonable options there - build a simple wrapper of some kind so you can just call a parameterless method, or use something built in and cross-platform.