PHP hash_hmac not matching AWS Signature 4 example

Question

I'm having an issue with hash_hmac and AWS signature version 4. I'm using the example they laid out here: http://docs.aws.amazon.com/general/latest/gr/sigv4-calculate-signature.html

The output is from the AWS website. I want to match it, I can't seem to see what I'm doing wrong. They wanted binary output and that's what I provide in each step.

Here is my test file:

<?php

// wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY
// HMAC(HMAC(HMAC(HMAC("AWS4" + kSecret,"20110909"),"us-east-1"),"iam"),"aws4_request")

$sign = hash_hmac('sha256', 'AWS4wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY', '20110909', true );
$sign = hash_hmac('sha256', $sign, 'us-east-1', true );
$sign = hash_hmac('sha256', $sign, 'iam', true );
$sign = hash_hmac('sha256', $sign, 'aws4_request', true );
$sign = str_split( $sign );

echo "152 241 216 137 254 196 244 66 26 220 82 43 171 12 225 248 46 105 41 194 98 237 21 229 169 76 144 239 209 227 176 231\n";

foreach( $sign as $t )
    echo ord($t) . ' ';

Answer 1

The correct format is reverse:

<?php

// wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY
// HMAC(HMAC(HMAC(HMAC("AWS4" + kSecret,"20110909"),"us-east-1"),"iam"),"aws4_request")

$sign = hash_hmac('sha256', '20110909', 'AWS4wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY', true );
$sign = hash_hmac('sha256', 'us-east-1', $sign, true );
$sign = hash_hmac('sha256', 'iam', $sign, true );
$sign = hash_hmac('sha256', 'aws4_request', $sign, true );
$sign = str_split( $sign );

echo "152 241 216 137 254 196 244 66 26 220 82 43 171 12 225 248 46 105 41 194 98 237 21 229 169 76 144 239 209 227 176 231\n";

foreach( $sign as $t )
    echo ord($t) . ' ';

This matches the given string beautifully. Hope this helps someone!