CMAC-AES hashing with PHP

Question

Our API platform using CMAC-AES hashes as the signature for a request. We have libraries available for creating this hash in Java and .NET but need to find a solution for PHP as well. Problem is I can't find anything that seems to reliably generate a hash that matches the CMAC being generated on our server or via the Java/.NET library.

The only library I found is CryptLib, an alpha library.

https://github.com/ircmaxell/PHP-CryptLib

But it's not generating the same hash and I'm not good enough with crypto to understand why (it's forcing block sizes to 16 for AES, when what I find online says AES block size is 128).

Any other avenues I can go down?

Answer 1

The PHP-CryptLib library above will, in the end, work just fine. My problem was just my own mistake related to binary vs. hex data.

Using the test data provided by the library one

require_once 'lib/CryptLib/bootstrap.php'; 

$hasher = new CryptLib\MAC\Implementation\CMAC;

$key = '2b7e151628aed2a6abf7158809cf4f3c'; // from test/Data/Vectors/cmac-aes ...
$msg = '6bc1bee22e409f96e93d7e117393172a'; // from test/Data/Vectors/cmac-aes ...

$cmac = $hasher->generate($msg,$key); 

echo $cmac; 

// $cmac should be 070a16b46b4d4144f79bdd9dd04a287c
// actually getting ¢ nd{þ¯\ ¥á¼ÙWß­

Except the CMAC hasher uses binary data not the ascii chars so one needs to pack it using pack():

$key = pack("H*", '2b7e151628aed2a6abf7158809cf4f3c');
$msg = pack("H*", '6bc1bee22e409f96e93d7e117393172a');

My specific, real-world case was trying to hash an arbitrary string, such as:

$msg = 'Client|Guid-023-23023-23|Guid-0230-2402-252|string|123456|2012-11-08T20:55:34Z';

And to do that I needed a function like this:

function pack_str($str) {        
    $out_str = ""; 
    $len = strlen($str); 
    for($i=0; $i<$len; $i++) { 
        $out_str .= pack("c", ord(substr($str, $i, 1))); 
    } 
    return $out_str; 
} 

Once the data was packed with that function and run through the hasher, I got the CMAC hash I was expecting.