The PHP-CryptLib library above will, in the end, work just fine. My problem was just my own mistake related to binary vs. hex data.
Using the test data provided by the library one
require_once 'lib/CryptLib/bootstrap.php';
$hasher = new CryptLib\MAC\Implementation\CMAC;
$key = '2b7e151628aed2a6abf7158809cf4f3c'; // from test/Data/Vectors/cmac-aes ...
$msg = '6bc1bee22e409f96e93d7e117393172a'; // from test/Data/Vectors/cmac-aes ...
$cmac = $hasher->generate($msg,$key);
echo $cmac;
// $cmac should be 070a16b46b4d4144f79bdd9dd04a287c
// actually getting ¢ nd{þ¯\ ¥á¼ÙWß
Except the CMAC hasher uses binary data not the ascii chars so one needs to pack it using pack():
$key = pack("H*", '2b7e151628aed2a6abf7158809cf4f3c');
$msg = pack("H*", '6bc1bee22e409f96e93d7e117393172a');
My specific, real-world case was trying to hash an arbitrary string, such as:
$msg = 'Client|Guid-023-23023-23|Guid-0230-2402-252|string|123456|2012-11-08T20:55:34Z';
And to do that I needed a function like this:
function pack_str($str) {
$out_str = "";
$len = strlen($str);
for($i=0; $i<$len; $i++) {
$out_str .= pack("c", ord(substr($str, $i, 1)));
}
return $out_str;
}
Once the data was packed with that function and run through the hasher, I got the CMAC hash I was expecting.