使用 pycryptodome 计算 ecies hkdf 对称密钥

Compute ecies hkdf symetric key with pycryptodome

上下文:我正在制作一个 python 版本的 paymentmethodtoken from the google tink 图书馆来处理 gpay 消息。为此我只使用 python 和 PyCryptodome.

话虽如此,我目前正在尝试实现 kem function:

的等价物
private byte[] kem(JsonObject json, final byte[] contextInfo) throws GeneralSecurityException {
    int demKeySize = protocolVersionConfig.aesCtrKeySize + protocolVersionConfig.hmacSha256KeySize;
    byte[] ephemeralPublicKey =
        Base64.decode(
            json.get(PaymentMethodTokenConstants.JSON_EPHEMERAL_PUBLIC_KEY).getAsString());
    byte[] sharedSecret = recipientKem.computeSharedSecret(ephemeralPublicKey);
    return Hkdf.computeEciesHkdfSymmetricKey(
        ephemeralPublicKey,
        sharedSecret,
        PaymentMethodTokenConstants.HMAC_SHA256_ALGO,
        PaymentMethodTokenConstants.HKDF_EMPTY_SALT,
        contextInfo,
        demKeySize);
  }

相当于python:

    def __kem(self, signed_message: SignedMessage, context_info: bytearray) -> bytearray:
        dem_key_size: int = 64
        ephemeral_public_key: bytes = base64.b64decode(signed_message.ephemeral_public_key)
        shared_secret: bytearray = self.__compute_shared_secret(bytearray(ephemeral_public_key))
        empty_salt: bytearray = bytearray()
        # to do
        return self.__compute_ecies_hkdf_symmetric_key(ephemeral_public_key, shared_secret, empty_salt, context_info, dem_key_size)
    def __compute_ecies_hkdf_symmetric_key(self, ephemeral_public_key: bytes, shared_secret: bytearray,
                                           salt: bytearray, context_info: bytearray, dem_key_size: int) -> bytearray:
        # TODO: add function body
        hkdf_input: bytes = ephemeral_public_key + shared_secret
        key1, key2 = HKDF(master=bytes("something goes here", "utf-8"), hashmod=SHA256, salt=salt, key_len=dem_key_size)

        pass

据我所知 google 认为 computeEciesHkdfSymmetricKey (code) don't work at all like PyCryptodome HKDF。 我的问题是,pycryptomde 或其他库中是否存在 computeEciesHkdfSymmetricKey 的等价物,如果不存在,是否可以重现相同的行为?

我做了什么:

from Crypto.Protocol.KDF import HKDF

def __compute_ecies_hkdf_symmetric_key(self, ephemeral_public_key: bytes, shared_secret: bytearray, salt: bytearray, context_info: bytearray, dem_key_size: int) -> bytearray:
    hkdf_input: bytes = ephemeral_public_key + shared_secret
    keys = HKDF(master=hkdf_input, hashmod=SHA256, salt=salt, key_len=dem_key_size, context=context_info)
    if isinstance(keys, bytes):
        return bytearray(keys)
    elif isinstance(keys, tuple(bytes)):
        return bytearray(keys[0])
    else:
        raise GooglePaymentDecryptMessageError("type of hkdf is not compatible")