$ docker run --rm --name validator-libsodium-usage-php83-r14-kdf-derive-distinct-subkeys-2732 -t --mount type=bind,src=/tmp/validator-status-libsodium-usage-php83-r14-kdf-derive-distinct-subkeys,dst=/validator/status validator-libsodium-shared bash -lc 'set -euo pipefail
/validator/tests/_shared/install_override_debs.sh
exec /validator/tests/_shared/run_library_tests.sh "$@"' validator-testcase libsodium usage-php83-r14-kdf-derive-distinct-subkeys -- bash -c 'PS4=$1; shift; set -x; source "$@"' validator-xtrace '__VALIDATOR_XTRACE__ ' /validator/tests/libsodium/tests/cases/usage/usage-php83-r14-kdf-derive-distinct-subkeys.sh
no override packages found; continuing with apt originals
$master = sodium_crypto_kdf_keygen();
if (strlen($master) !== SODIUM_CRYPTO_KDF_KEYBYTES) {
    fwrite(STDERR, "master key length mismatch\n"); exit(1);
}

$ctx = "r14ctx00";  // exactly SODIUM_CRYPTO_KDF_CONTEXTBYTES (8)
if (strlen($ctx) !== SODIUM_CRYPTO_KDF_CONTEXTBYTES) {
    fwrite(STDERR, "context length mismatch\n"); exit(1);
}

$len = 32;
$sub1 = sodium_crypto_kdf_derive_from_key($len, 1, $ctx, $master);
$sub2 = sodium_crypto_kdf_derive_from_key($len, 2, $ctx, $master);

if (strlen($sub1) !== $len || strlen($sub2) !== $len) {
    fwrite(STDERR, "subkey length mismatch\n"); exit(1);
}
if ($sub1 === $sub2) {
    fwrite(STDERR, "distinct subkey ids produced identical bytes\n"); exit(1);
}

$sub1_again = sodium_crypto_kdf_derive_from_key($len, 1, $ctx, $master);
if ($sub1_again !== $sub1) {
    fwrite(STDERR, "kdf not deterministic for fixed inputs\n"); exit(1);
}
echo "ok\n";
'
ok