Rust ECDH 不会产生与 NodeJSJavascript 和 C 实现相同的共享密钥

我让ECDH共享密钥(下面的sec1和sec2)在NodeJS/Java脚本中工作:

let sk1 = crypto.createECDH('secp256k1')
sk1.setPrivateKey(Buffer.from("71179b991d7693de813aeaa5bfa241a2ac9e0535867ebf8f6b1b0884472ef4a7", "hex"));
let pk1 = crypto.createECDH('secp256k1')
pk1.setPublicKey(Buffer.from("02de4cba976ab77795c46c1c3b95afc077b17afe1bca02d28963a3bcdd9c082168", "hex"));
let sk2 = crypto.createECDH('secp256k1')
sk2.setPrivateKey(Buffer.from("1e114f237e3c59ba2b92aedf213f1127c9169c039752495c1ffb649cb9b90598", "hex"));
let pk2 = crypto.createECDH('secp256k1')
pk2.setPublicKey(Buffer.from("033415a4e45739e8f003450392793a15d3ad6cb49ff5b1943695f2cea92703aa64", "hex"));

console.log('sk1', sk1.getPrivateKey());
console.log('pk1', pk1.getPublicKey('hex', 'compressed'));
console.log('sk2', sk2.getPrivateKey());
console.log('pk2', pk2.getPublicKey('hex', 'compressed'));

let sec1 = sk2.computeSecret(pk1.getPublicKey());
let sec2 = sk1.computeSecret(pk2.getPublicKey());

console.log('sec1', sec1);
console.log('sec2', sec2);

assert.equal(sec1, sec2);

这将产生:

sk1 <Buffer 71 17 9b 99 1d 76 93 de 81 3a ea a5 bf a2 41 a2 ac 9e 05 35 86 7e bf 8f 6b 1b 08 84 47 2e f4 a7>
pk1 02de4cba976ab77795c46c1c3b95afc077b17afe1bca02d28963a3bcdd9c082168
sk2 <Buffer 1e 11 4f 23 7e 3c 59 ba 2b 92 ae df 21 3f 11 27 c9 16 9c 03 97 52 49 5c 1f fb 64 9c b9 b9 05 98>
pk2 033415a4e45739e8f003450392793a15d3ad6cb49ff5b1943695f2cea92703aa64
sec1 <Buffer 23 55 7d 44 6a 48 23 d6 a3 2f b0 87 58 82 26 d1 e8 ef 4f 6b 7b 6d 26 09 13 13 84 0a 74 ed 0b 4d>
sec2 <Buffer 23 55 7d 44 6a 48 23 d6 a3 2f b0 87 58 82 26 d1 e8 ef 4f 6b 7b 6d 26 09 13 13 84 0a 74 ed 0b 4d>

我正试着在《铁 rust 》中做同样的事情.Rust代码的共享秘密彼此匹配，但与我从NodeJS/Java脚本(和C)获得的共享秘密不匹配.

从《铁 rust 》中，我得到了:

running 1 test
sk1: [71, 17, 9b, 99, 1d, 76, 93, de, 81, 3a, ea, a5, bf, a2, 41, a2, ac, 9e, 5, 35, 86, 7e, bf, 8f, 6b, 1b, 8, 84, 47, 2e, f4, a7]
pk1: [2, de, 4c, ba, 97, 6a, b7, 77, 95, c4, 6c, 1c, 3b, 95, af, c0, 77, b1, 7a, fe, 1b, ca, 2, d2, 89, 63, a3, bc, dd, 9c, 8, 21, 68]
sk2: [1e, 11, 4f, 23, 7e, 3c, 59, ba, 2b, 92, ae, df, 21, 3f, 11, 27, c9, 16, 9c, 3, 97, 52, 49, 5c, 1f, fb, 64, 9c, b9, b9, 5, 98]
pk2: [3, 34, 15, a4, e4, 57, 39, e8, f0, 3, 45, 3, 92, 79, 3a, 15, d3, ad, 6c, b4, 9f, f5, b1, 94, 36, 95, f2, ce, a9, 27, 3, aa, 64]
sec1: [45, b7, 3c, 8a, ac, 8b, cf, 65, 1d, ad, 11, f7, f0, 4f, 63, b9, f0, 34, 86, d0, 28, ab, 4d, 5c, 52, bd, d5, d6, 92, d7, c2, aa]
sec2: [45, b7, 3c, 8a, ac, 8b, cf, 65, 1d, ad, 11, f7, f0, 4f, 63, b9, f0, 34, 86, d0, 28, ab, 4d, 5c, 52, bd, d5, d6, 92, d7, c2, aa]
test ecies::tests::test_shared_secret ... ok

使用代码:

#[test]
fn test_shared_secret() {
    let sk1 = secp256k1::SecretKey::from_slice(&hex!("71179b991d7693de813aeaa5bfa241a2ac9e0535867ebf8f6b1b0884472ef4a7")).expect("bad key");
    let pk1 = secp256k1::PublicKey::from_slice(&hex!("02de4cba976ab77795c46c1c3b95afc077b17afe1bca02d28963a3bcdd9c082168")).expect("bad key");
    let sk2 = secp256k1::SecretKey::from_slice(&hex!("1e114f237e3c59ba2b92aedf213f1127c9169c039752495c1ffb649cb9b90598")).expect("bad key");
    let pk2 = secp256k1::PublicKey::from_slice(&hex!("033415a4e45739e8f003450392793a15d3ad6cb49ff5b1943695f2cea92703aa64")).expect("bad key");

    println!("sk1: {:x?}", sk1.secret_bytes());
    println!("pk1: {:x?}", pk1.serialize());
    println!("sk2: {:x?}", sk2.secret_bytes());
    println!("pk2: {:x?}", pk2.serialize());

    let sec1 = secp256k1::ecdh::SharedSecret::new(&pk2, &sk1);
    let sec2 = secp256k1::ecdh::SharedSecret::new(&pk1, &sk2);

    println!("sec1: {:x?}", sec1.secret_bytes());
    println!("sec2: {:x?}", sec2.secret_bytes());
    assert_eq!(sec1, sec2);
}

如何使在Rust中计算的ECDH共享密钥与我在NodeJS/Javascript(和C)中已有的密钥相匹配？

在阅读@Topaco的答案后，请更新.

我将铁 rust 代码更改为:

    let sec1 = secp256k1::ecdh::shared_secret_point(&pk2, &sk1);
    let sec2 = secp256k1::ecdh::shared_secret_point(&pk1, &sk2);

    println!("sec1: {:x?}", sec1);
    println!("sec2: {:x?}", sec2);

它现在产生了:

sk1: [71, 17, 9b, 99, 1d, 76, 93, de, 81, 3a, ea, a5, bf, a2, 41, a2, ac, 9e, 5, 35, 86, 7e, bf, 8f, 6b, 1b, 8, 84, 47, 2e, f4, a7]
pk1: [2, de, 4c, ba, 97, 6a, b7, 77, 95, c4, 6c, 1c, 3b, 95, af, c0, 77, b1, 7a, fe, 1b, ca, 2, d2, 89, 63, a3, bc, dd, 9c, 8, 21, 68]
sk2: [1e, 11, 4f, 23, 7e, 3c, 59, ba, 2b, 92, ae, df, 21, 3f, 11, 27, c9, 16, 9c, 3, 97, 52, 49, 5c, 1f, fb, 64, 9c, b9, b9, 5, 98]
pk2: [3, 34, 15, a4, e4, 57, 39, e8, f0, 3, 45, 3, 92, 79, 3a, 15, d3, ad, 6c, b4, 9f, f5, b1, 94, 36, 95, f2, ce, a9, 27, 3, aa, 64]
sec1: [23, 55, 7d, 44, 6a, 48, 23, d6, a3, 2f, b0, 87, 58, 82, 26, d1, e8, ef, 4f, 6b, 7b, 6d, 26, 9, 13, 13, 84, a, 74, ed, b, 4d, a4, 8e, f4, 7b, 67, 68, 61, 2c, 33, d1, 1e, e7, 8e, 80, 4a, 71, ef, 79, dd, 3c, b0, 18, 15, f5, b3, 80, 3f, 93, e1, 9e, 64, 4e]
sec2: [23, 55, 7d, 44, 6a, 48, 23, d6, a3, 2f, b0, 87, 58, 82, 26, d1, e8, ef, 4f, 6b, 7b, 6d, 26, 9, 13, 13, 84, a, 74, ed, b, 4d, a4, 8e, f4, 7b, 67, 68, 61, 2c, 33, d1, 1e, e7, 8e, 80, 4a, 71, ef, 79, dd, 3c, b0, 18, 15, f5, b3, 80, 3f, 93, e1, 9e, 64, 4e]

NodeJS的:

sec1 <Buffer 23 55 7d 44 6a 48 23 d6 a3 2f b0 87 58 82 26 d1 e8 ef 4f 6b 7b 6d 26 09 13 13 84 0a 74 ed 0b 4d>
sec2 <Buffer 23 55 7d 44 6a 48 23 d6 a3 2f b0 87 58 82 26 d1 e8 ef 4f 6b 7b 6d 26 09 13 13 84 0a 74 ed 0b 4d>

Rust共享密钥的长度为64个字节，但NodeJS共享密钥只是其中的前32个字节.因为它们共享前32个字节(可能是X坐标)，这就是我所需要的，它对我来说是有效的.