mbedtls.hash Module API

Generic message digest wrapper (hash algorithm).

mbedtls.hash.md2(buffer=None)[source]

MD2 message-digest algorithm.

mbedtls.hash.md4(buffer=None)[source]

MD4 message-digest algorithm.

mbedtls.hash.md5(buffer=None)[source]

MD5 message-digest algorithm.

mbedtls.hash.new(name, buffer=None)[source]

A generic constructor that takes the string name of the desired algorithm as its first parameter.

mbedtls.hash.ripemd160(buffer=None)[source]

RACE Integrity Primitives Evaluation Message Digest (RIPEMD) with 160 bits hash value.

mbedtls.hash.sha1(buffer=None)[source]

Secure Hash Algorithm 1 (SHA-1).

mbedtls.hash.sha224(buffer=None)[source]

Secure Hash Algorithm 2 (SHA-2) with 224 bits hash value.

mbedtls.hash.sha256(buffer=None)[source]

Secure Hash Algorithm 2 (SHA-2) with 256 bits hash value.

mbedtls.hash.sha384(buffer=None)[source]

Secure Hash Algorithm 2 (SHA-2) with 384 bits hash value.

mbedtls.hash.sha512(buffer=None)[source]

Secure Hash Algorithm 2 (SHA-2) with 512 bits hash value.

mbedtls.hmac Module API

Generic message digest wrapper (hash algorithm).

mbedtls.hmac.md2(key, buffer=None)[source]

MD2 message-digest algorithm.

mbedtls.hmac.md4(key, buffer=None)[source]

MD4 message-digest algorithm.

mbedtls.hmac.md5(key, buffer=None)[source]

MD5 message-digest algorithm.

mbedtls.hmac.new(key, buffer=None, digestmod=None)[source]

A generic constructor that takes the key algorithm as its first parameter.

mbedtls.hmac.ripemd160(key, buffer=None)[source]

RACE Integrity Primitives Evaluation Message Digest (RIPEMD) with 160 bits hash value.

mbedtls.hmac.sha1(key, buffer=None)[source]

Secure Hmac Algorithm 1 (SHA-1).

mbedtls.hmac.sha224(key, buffer=None)[source]

Secure Hmac Algorithm 2 (SHA-2) with 224 bits hash value.

mbedtls.hmac.sha256(key, buffer=None)[source]

Secure Hmac Algorithm 2 (SHA-2) with 256 bits hash value.

mbedtls.hmac.sha384(key, buffer=None)[source]

Secure Hmac Algorithm 2 (SHA-2) with 384 bits hash value.

mbedtls.hmac.sha512(key, buffer=None)[source]

Secure Hmac Algorithm 2 (SHA-2) with 512 bits hash value.

mbedtls.hkdf Module API

HMAC-based key derivation function (HKDF).

The HMAC-based extract-and-expand key derivation function specified by RFC 5869.

mbedtls.hkdf.hkdf()

HMAC-based extract-and-expand key derivation function (HKDF).

Parameters
  • key (bytes) – The input keying material.

  • length (int) – The length of the output keying material in bytes.

  • info (bytes) – Additional context and application specific information.

  • salt (bytes, optional) – A non-secret random value.

  • digestmod (hmac function, optional) – The HMAC function to use for the extraction, defaults to SHA256.

mbedtls.hkdf.extract()

Extract a fixed-length pseudorandom key.

This function extracts a fixed-length pseudorandom key from its input keying material.

This function should only be used if the security of it has been studied and established in that particular context (eg. TLS 1.3 key schedule). For standard HKDF security guarantees use hkdf instead.

Parameters
  • key (bytes) – The input keying material.

  • salt (bytes, optional) – A non-secret random value.

  • digestmod (hmac function, optional) – The HMAC function to use for the extraction, defaults to SHA256.

mbedtls.hkdf.expand()

Expand the pseudorandom key prk into additional pseudorandom keys.

This function should only be used if the security of it has been studied and established in that particular context (eg. TLS 1.3 key schedule). For standard HKDF security guarantees use hkdf instead.

Parameters
  • prk (bytes) – The pseudorandom key to expand, usually the output of extract().

  • length (int) – The length of the output keying material in bytes.

  • info (bytes) – Additional context and application specific information.

  • digestmod (hmac function, optional) – The HMAC function to use for the extraction, defaults to SHA256.