使用 pycryptodome 计算 ecies hkdf 对称密钥
Compute ecies hkdf symetric key with pycryptodome
上下文:我正在制作一个 python 版本的 paymentmethodtoken from the google tink 图书馆来处理 gpay 消息。为此我只使用 python 和 PyCryptodome.
话虽如此,我目前正在尝试实现 kem function:
的等价物
private byte[] kem(JsonObject json, final byte[] contextInfo) throws GeneralSecurityException {
int demKeySize = protocolVersionConfig.aesCtrKeySize + protocolVersionConfig.hmacSha256KeySize;
byte[] ephemeralPublicKey =
Base64.decode(
json.get(PaymentMethodTokenConstants.JSON_EPHEMERAL_PUBLIC_KEY).getAsString());
byte[] sharedSecret = recipientKem.computeSharedSecret(ephemeralPublicKey);
return Hkdf.computeEciesHkdfSymmetricKey(
ephemeralPublicKey,
sharedSecret,
PaymentMethodTokenConstants.HMAC_SHA256_ALGO,
PaymentMethodTokenConstants.HKDF_EMPTY_SALT,
contextInfo,
demKeySize);
}
相当于python:
def __kem(self, signed_message: SignedMessage, context_info: bytearray) -> bytearray:
dem_key_size: int = 64
ephemeral_public_key: bytes = base64.b64decode(signed_message.ephemeral_public_key)
shared_secret: bytearray = self.__compute_shared_secret(bytearray(ephemeral_public_key))
empty_salt: bytearray = bytearray()
# to do
return self.__compute_ecies_hkdf_symmetric_key(ephemeral_public_key, shared_secret, empty_salt, context_info, dem_key_size)
def __compute_ecies_hkdf_symmetric_key(self, ephemeral_public_key: bytes, shared_secret: bytearray,
salt: bytearray, context_info: bytearray, dem_key_size: int) -> bytearray:
# TODO: add function body
hkdf_input: bytes = ephemeral_public_key + shared_secret
key1, key2 = HKDF(master=bytes("something goes here", "utf-8"), hashmod=SHA256, salt=salt, key_len=dem_key_size)
pass
据我所知 google 认为 computeEciesHkdfSymmetricKey (code) don't work at all like PyCryptodome HKDF。
我的问题是,pycryptomde 或其他库中是否存在 computeEciesHkdfSymmetricKey 的等价物,如果不存在,是否可以重现相同的行为?
我做了什么:
from Crypto.Protocol.KDF import HKDF
def __compute_ecies_hkdf_symmetric_key(self, ephemeral_public_key: bytes, shared_secret: bytearray, salt: bytearray, context_info: bytearray, dem_key_size: int) -> bytearray:
hkdf_input: bytes = ephemeral_public_key + shared_secret
keys = HKDF(master=hkdf_input, hashmod=SHA256, salt=salt, key_len=dem_key_size, context=context_info)
if isinstance(keys, bytes):
return bytearray(keys)
elif isinstance(keys, tuple(bytes)):
return bytearray(keys[0])
else:
raise GooglePaymentDecryptMessageError("type of hkdf is not compatible")
上下文:我正在制作一个 python 版本的 paymentmethodtoken from the google tink 图书馆来处理 gpay 消息。为此我只使用 python 和 PyCryptodome.
话虽如此,我目前正在尝试实现 kem function:
的等价物private byte[] kem(JsonObject json, final byte[] contextInfo) throws GeneralSecurityException {
int demKeySize = protocolVersionConfig.aesCtrKeySize + protocolVersionConfig.hmacSha256KeySize;
byte[] ephemeralPublicKey =
Base64.decode(
json.get(PaymentMethodTokenConstants.JSON_EPHEMERAL_PUBLIC_KEY).getAsString());
byte[] sharedSecret = recipientKem.computeSharedSecret(ephemeralPublicKey);
return Hkdf.computeEciesHkdfSymmetricKey(
ephemeralPublicKey,
sharedSecret,
PaymentMethodTokenConstants.HMAC_SHA256_ALGO,
PaymentMethodTokenConstants.HKDF_EMPTY_SALT,
contextInfo,
demKeySize);
}
相当于python:
def __kem(self, signed_message: SignedMessage, context_info: bytearray) -> bytearray:
dem_key_size: int = 64
ephemeral_public_key: bytes = base64.b64decode(signed_message.ephemeral_public_key)
shared_secret: bytearray = self.__compute_shared_secret(bytearray(ephemeral_public_key))
empty_salt: bytearray = bytearray()
# to do
return self.__compute_ecies_hkdf_symmetric_key(ephemeral_public_key, shared_secret, empty_salt, context_info, dem_key_size)
def __compute_ecies_hkdf_symmetric_key(self, ephemeral_public_key: bytes, shared_secret: bytearray,
salt: bytearray, context_info: bytearray, dem_key_size: int) -> bytearray:
# TODO: add function body
hkdf_input: bytes = ephemeral_public_key + shared_secret
key1, key2 = HKDF(master=bytes("something goes here", "utf-8"), hashmod=SHA256, salt=salt, key_len=dem_key_size)
pass
据我所知 google 认为 computeEciesHkdfSymmetricKey (code) don't work at all like PyCryptodome HKDF。 我的问题是,pycryptomde 或其他库中是否存在 computeEciesHkdfSymmetricKey 的等价物,如果不存在,是否可以重现相同的行为?
我做了什么:
from Crypto.Protocol.KDF import HKDF
def __compute_ecies_hkdf_symmetric_key(self, ephemeral_public_key: bytes, shared_secret: bytearray, salt: bytearray, context_info: bytearray, dem_key_size: int) -> bytearray:
hkdf_input: bytes = ephemeral_public_key + shared_secret
keys = HKDF(master=hkdf_input, hashmod=SHA256, salt=salt, key_len=dem_key_size, context=context_info)
if isinstance(keys, bytes):
return bytearray(keys)
elif isinstance(keys, tuple(bytes)):
return bytearray(keys[0])
else:
raise GooglePaymentDecryptMessageError("type of hkdf is not compatible")