javascript NodeJS中的HKDFExpand

uqcuzwp8  于 2023-05-27  发布在  Java
关注(0)|答案(1)|浏览(107)

我尝试使用crypto库在NodeJS中实现HKDFExpand
目标是在NodeJS中解密加密的bitwarden(密码管理器)密码保护导出。我尝试在NodeJS中模仿相同的行为,但扩展的键与我使用的python版本不同。
JavaScript:

import crypto from 'crypto'

const salt = 'salt'
const iterations = 100000
const password = '123'

const masterKey = crypto.pbkdf2Sync(password, salt, iterations, 32,'sha256');
const streched = crypto.createHmac('sha256', 'enc').update(masterKey).digest();

console.log(masterKey.toString('hex')) // 5bb4...5990 <- Same
console.log(streched.toString('hex')) // 82be...6890 <- Different

Python:

from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import kdf, hashes
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
from cryptography.hazmat.primitives.kdf.hkdf import HKDFExpand

salt = 'salt'
iterations = 100000
password = b'123'

kdf = PBKDF2HMAC(algorithm=hashes.SHA256(), length=32, salt=bytes(salt, "utf-8"), iterations=iterations,backend=default_backend())
master_key = kdf.derive(password)

hkdf = HKDFExpand(algorithm=hashes.SHA256(), length=32, info=b"enc", backend=default_backend())
streched = hkdf.derive(master_key)

print(master_key.hex()) # 5bb4...5990 <- Same
print(streched.hex()) # 5bf9...473b <- Different
2w2cym1i

2w2cym1i1#

我在bitwarden源代码中发现了这个函数,它可以工作

function hkdfExpand(
    prk: Buffer,
    info: string,
    outputByteSize: number
) {
    const algorithm = "sha256"
    const hashLen = 32;
    const prkArr = new Uint8Array(prk);
    if (prkArr.length < hashLen) {
        throw new Error("prk is too small.");
    }
    const infoBuf = Buffer.from(info);
    const infoArr = new Uint8Array(infoBuf);
    let runningOkmLength = 0;
    let previousT = new Uint8Array(0);
    const n = Math.ceil(outputByteSize / hashLen);
    const okm = new Uint8Array(n * hashLen);
    for (let i = 0; i < n; i++) {
        const t = new Uint8Array(previousT.length + infoArr.length + 1);
        t.set(previousT);
        t.set(infoArr, previousT.length);
        t.set([i + 1], t.length - 1);
        previousT = new Uint8Array(hmac(t, prk, algorithm));
        okm.set(previousT, runningOkmLength);
        runningOkmLength += previousT.length;
        if (runningOkmLength >= outputByteSize) {
            break;
        }
    }
    return Buffer.from(okm.slice(0, outputByteSize).buffer);
}

相关问题