pythoncryptographygoogle-paypycryptodomehkdf

Compute ecies hkdf symetric key with pycryptodome


Context: i'm working on making a python version of paymentmethodtoken from the google tink library to work with gpay messages. For that i use only python and PyCryptodome.

With that said i'm currently trying to implement an equivalent of the kem function:

private byte[] kem(JsonObject json, final byte[] contextInfo) throws GeneralSecurityException {
    int demKeySize = protocolVersionConfig.aesCtrKeySize + protocolVersionConfig.hmacSha256KeySize;
    byte[] ephemeralPublicKey =
        Base64.decode(
            json.get(PaymentMethodTokenConstants.JSON_EPHEMERAL_PUBLIC_KEY).getAsString());
    byte[] sharedSecret = recipientKem.computeSharedSecret(ephemeralPublicKey);
    return Hkdf.computeEciesHkdfSymmetricKey(
        ephemeralPublicKey,
        sharedSecret,
        PaymentMethodTokenConstants.HMAC_SHA256_ALGO,
        PaymentMethodTokenConstants.HKDF_EMPTY_SALT,
        contextInfo,
        demKeySize);
  }

the equivalent in python:

    def __kem(self, signed_message: SignedMessage, context_info: bytearray) -> bytearray:
        dem_key_size: int = 64
        ephemeral_public_key: bytes = base64.b64decode(signed_message.ephemeral_public_key)
        shared_secret: bytearray = self.__compute_shared_secret(bytearray(ephemeral_public_key))
        empty_salt: bytearray = bytearray()
        # to do
        return self.__compute_ecies_hkdf_symmetric_key(ephemeral_public_key, shared_secret, empty_salt, context_info, dem_key_size)
    def __compute_ecies_hkdf_symmetric_key(self, ephemeral_public_key: bytes, shared_secret: bytearray,
                                           salt: bytearray, context_info: bytearray, dem_key_size: int) -> bytearray:
        # TODO: add function body
        hkdf_input: bytes = ephemeral_public_key + shared_secret
        key1, key2 = HKDF(master=bytes("something goes here", "utf-8"), hashmod=SHA256, salt=salt, key_len=dem_key_size)

        pass

From what i can see google tink computeEciesHkdfSymmetricKey (code) don't work at all like PyCryptodome HKDF. my question is, does a equivalent of computeEciesHkdfSymmetricKey exist in pycryptomde or another librarie and if not, is it possible to reproduce the same behaviour ?


Solution

  • what i did:

    from Crypto.Protocol.KDF import HKDF
    
    def __compute_ecies_hkdf_symmetric_key(self, ephemeral_public_key: bytes, shared_secret: bytearray, salt: bytearray, context_info: bytearray, dem_key_size: int) -> bytearray:
        hkdf_input: bytes = ephemeral_public_key + shared_secret
        keys = HKDF(master=hkdf_input, hashmod=SHA256, salt=salt, key_len=dem_key_size, context=context_info)
        if isinstance(keys, bytes):
            return bytearray(keys)
        elif isinstance(keys, tuple(bytes)):
            return bytearray(keys[0])
        else:
            raise GooglePaymentDecryptMessageError("type of hkdf is not compatible")