tlslite.utils.cryptomath module
cryptomath module
This module has basic math/crypto code.
- tlslite.utils.cryptomath.HKDF_expand_label(secret, label, hashValue, length, algorithm)[source]
TLS1.3 key derivation function (HKDF-Expand-Label).
- Parameters:
secret (bytearray) – the key from which to derive the keying material
label (bytearray) – label used to differentiate the keying materials
hashValue (bytearray) – bytes used to “salt” the produced keying material
length (int) – number of bytes to produce
algorithm (str) – name of the secure hash algorithm used as the basis of the HKDF
- Return type:
- tlslite.utils.cryptomath.bytesToNumber(b, endian='big')[source]
Convert a number stored in bytearray to an integer.
By default assumes big-endian encoding of the number.
- tlslite.utils.cryptomath.bytes_to_int(bytes, byteorder='big', *, signed=False)
Return the integer represented by the given array of bytes.
- bytes
Holds the array of bytes to convert. The argument must either support the buffer protocol or be an iterable object producing bytes. Bytes and bytearray are examples of built-in objects that support the buffer protocol.
- byteorder
The byte order used to represent the integer. If byteorder is ‘big’, the most significant byte is at the beginning of the byte array. If byteorder is ‘little’, the most significant byte is at the end of the byte array. To request the native byte order of the host system, use `sys.byteorder’ as the byte order value. Default is to use ‘big’.
- signed
Indicates whether two’s complement is used to represent the integer.
- tlslite.utils.cryptomath.derive_secret(secret, label, handshake_hashes, algorithm)[source]
TLS1.3 key derivation function (Derive-Secret).
- Parameters:
secret (bytearray) – secret key used to derive the keying material
label (bytearray) – label used to differentiate they keying materials
handshake_hashes (HandshakeHashes) – hashes of the handshake messages or None if no handshake transcript is to be used for derivation of keying material
algorithm (str) – name of the secure hash algorithm used as the basis of the HKDF algorithm - governs how much keying material will be generated
- Return type:
- tlslite.utils.cryptomath.getRandomPrime(bits, display=False)[source]
Generate a random prime number of a given size.
the number will be ‘bits’ bits long (i.e. generated number will be larger than (2^(bits-1) * 3 ) / 2 but smaller than 2^bits.
- tlslite.utils.cryptomath.getRandomSafePrime(bits, display=False)[source]
Generate a random safe prime.
Will generate a prime bits bits long (see getRandomPrime) such that the (p-1)/2 will also be prime.
- tlslite.utils.cryptomath.isPrime(n, iterations=5, display=False, sieve=[2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101, 103, 107, 109, 113, 127, 131, 137, 139, 149, 151, 157, 163, 167, 173, 179, 181, 191, 193, 197, 199, 211, 223, 227, 229, 233, 239, 241, 251, 257, 263, 269, 271, 277, 281, 283, 293, 307, 311, 313, 317, 331, 337, 347, 349, 353, 359, 367, 373, 379, 383, 389, 397, 401, 409, 419, 421, 431, 433, 439, 443, 449, 457, 461, 463, 467, 479, 487, 491, 499, 503, 509, 521, 523, 541, 547, 557, 563, 569, 571, 577, 587, 593, 599, 601, 607, 613, 617, 619, 631, 641, 643, 647, 653, 659, 661, 673, 677, 683, 691, 701, 709, 719, 727, 733, 739, 743, 751, 757, 761, 769, 773, 787, 797, 809, 811, 821, 823, 827, 829, 839, 853, 857, 859, 863, 877, 881, 883, 887, 907, 911, 919, 929, 937, 941, 947, 953, 967, 971, 977, 983, 991, 997])[source]
- tlslite.utils.cryptomath.mpiToNumber(mpi)[source]
Convert a MPI (OpenSSL bignum string) to an integer.
- tlslite.utils.cryptomath.numberToByteArray(n, howManyBytes=None, endian='big')[source]
Convert an integer into a bytearray, zero-pad to howManyBytes.
The returned bytearray may be smaller than howManyBytes, but will not be larger. The returned bytearray will contain a big- or little-endian encoding of the input integer (n). Big endian encoding is used by default.