tlslite.utils.cryptomath module

cryptomath module

This module has basic math/crypto code.

tlslite.utils.cryptomath.HKDF_expand(PRK, info, L, algorithm)
tlslite.utils.cryptomath.HKDF_expand_label(secret, label, hashValue, length, algorithm)

TLS1.3 key derivation function (HKDF-Expand-Label).

Parameters:
  • secret (bytearray) – the key from which to derive the keying material
  • label (bytearray) – label used to differentiate the keying materials
  • hashValue (bytearray) – bytes used to “salt” the produced keying material
  • length (int) – number of bytes to produce
  • algorithm (str) – name of the secure hash algorithm used as the basis of the HKDF
Return type:

bytearray

tlslite.utils.cryptomath.HMAC_MD5(k, b)
tlslite.utils.cryptomath.HMAC_SHA1(k, b)
tlslite.utils.cryptomath.HMAC_SHA256(k, b)
tlslite.utils.cryptomath.HMAC_SHA384(k, b)
tlslite.utils.cryptomath.MD5(b)

Return a MD5 digest of data

tlslite.utils.cryptomath.SHA1(b)

Return a SHA1 digest of data

tlslite.utils.cryptomath.bytesToNumber(b, endian='big')

Convert a number stored in bytearray to an integer.

By default assumes big-endian encoding of the number.

tlslite.utils.cryptomath.derive_secret(secret, label, handshake_hashes, algorithm)

TLS1.3 key derivation function (Derive-Secret).

Parameters:
  • secret (bytearray) – secret key used to derive the keying material
  • label (bytearray) – label used to differentiate they keying materials
  • handshake_hashes (HandshakeHashes) – hashes of the handshake messages or None if no handshake transcript is to be used for derivation of keying material
  • algorithm (str) – name of the secure hash algorithm used as the basis of the HKDF algorithm - governs how much keying material will be generated
Return type:

bytearray

tlslite.utils.cryptomath.divceil(divident, divisor)

Integer division with rounding up

tlslite.utils.cryptomath.gcd(a, b)
tlslite.utils.cryptomath.getRandomBytes(howMany)
tlslite.utils.cryptomath.getRandomNumber(low, high)
tlslite.utils.cryptomath.getRandomPrime(bits, display=False)

Generate a random prime number of a given size.

the number will be ‘bits’ bits long (i.e. generated number will be larger than (2^(bits-1) * 3 ) / 2 but smaller than 2^bits.

tlslite.utils.cryptomath.getRandomSafePrime(bits, display=False)

Generate a random safe prime.

Will generate a prime bits bits long (see getRandomPrime) such that the (p-1)/2 will also be prime.

tlslite.utils.cryptomath.invMod(a, b)
tlslite.utils.cryptomath.isPrime(n, iterations=5, display=False, sieve=[2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101, 103, 107, 109, 113, 127, 131, 137, 139, 149, 151, 157, 163, 167, 173, 179, 181, 191, 193, 197, 199, 211, 223, 227, 229, 233, 239, 241, 251, 257, 263, 269, 271, 277, 281, 283, 293, 307, 311, 313, 317, 331, 337, 347, 349, 353, 359, 367, 373, 379, 383, 389, 397, 401, 409, 419, 421, 431, 433, 439, 443, 449, 457, 461, 463, 467, 479, 487, 491, 499, 503, 509, 521, 523, 541, 547, 557, 563, 569, 571, 577, 587, 593, 599, 601, 607, 613, 617, 619, 631, 641, 643, 647, 653, 659, 661, 673, 677, 683, 691, 701, 709, 719, 727, 733, 739, 743, 751, 757, 761, 769, 773, 787, 797, 809, 811, 821, 823, 827, 829, 839, 853, 857, 859, 863, 877, 881, 883, 887, 907, 911, 919, 929, 937, 941, 947, 953, 967, 971, 977, 983, 991, 997])
tlslite.utils.cryptomath.lcm(a, b)
tlslite.utils.cryptomath.makeSieve(n)
tlslite.utils.cryptomath.mpiToNumber(mpi)

Convert a MPI (OpenSSL bignum string) to an integer.

tlslite.utils.cryptomath.numBits(n)

Return number of bits necessary to represent the integer in binary

tlslite.utils.cryptomath.numBytes(n)

Return number of bytes necessary to represent the integer in bytes

tlslite.utils.cryptomath.numberToByteArray(n, howManyBytes=None, endian='big')

Convert an integer into a bytearray, zero-pad to howManyBytes.

The returned bytearray may be smaller than howManyBytes, but will not be larger. The returned bytearray will contain a big- or little-endian encoding of the input integer (n). Big endian encoding is used by default.

tlslite.utils.cryptomath.numberToMPI(n)
tlslite.utils.cryptomath.secureHMAC(k, b, algorithm)

Return a HMAC using b and k using algorithm

tlslite.utils.cryptomath.secureHash(data, algorithm)

Return a digest of data using algorithm