/**
* @param string $cypher_text
* @param string $key
* @param string $iv
* @param string $aad
* @return string
*/
protected function calculateAuthenticationTag($cypher_text, $key, $iv, $aad)
{
// first octets of key
$t_len = $mac_key_len = strlen($key) / 2;
// MAC_KEY = initial MAC_KEY_LEN octets of K
$mac_key = substr($key, 0, $mac_key_len);
/**
* The octet string AL is equal to the number of bits in the
* Additional Authenticated Data ($aad) expressed as a 64-bit unsigned
* big-endian integer
*/
$al = ByteUtil::convert2UnsignedLongBE(strlen($aad) * 8);
// M = MAC(MAC_KEY, A || IV || E || AL)
$secured_input = implode('', array($aad, $iv, $cypher_text, $al));
$m = hash_hmac($this->getHashingAlgorithm(), $secured_input, $mac_key, true);
// T = initial T_LEN octets of M.
return substr($m, 0, $t_len);
}
