Cryptography primitives

mom.security

module:mom.security
synopsis:Cryptography primitives.
module:mom.security.hash
synopsis:Convenient hashing functions.

SHA-1 digests

mom.security.hash.sha1_base64_digest(*inputs)

Calculates Base-64-encoded SHA-1 digest of a variable number of inputs.

Parameters:inputs – A variable number of inputs for which the digest will be calculated.
Returns:Base-64-encoded SHA-1 digest.
mom.security.hash.sha1_digest(*inputs)

Calculates a SHA-1 digest of a variable number of inputs.

Parameters:inputs – A variable number of inputs for which the digest will be calculated.
Returns:A byte string containing the SHA-1 message digest.
mom.security.hash.sha1_hex_digest(*inputs)

Calculates hexadecimal representation of the SHA-1 digest of a variable number of inputs.

Parameters:inputs – A variable number of inputs for which the digest will be calculated.
Returns:Hexadecimal representation of the SHA-1 digest.

MD5 digests

mom.security.hash.md5_base64_digest(*inputs)

Calculates Base-64-encoded MD5 digest of a variable number of inputs.

Parameters:inputs – A variable number of inputs for which the digest will be calculated.
Returns:Base-64-encoded MD5 digest.
mom.security.hash.md5_digest(*inputs)

Calculates a MD5 digest of a variable number of inputs.

Parameters:inputs – A variable number of inputs for which the digest will be calculated.
Returns:A byte string containing the MD5 message digest.
mom.security.hash.md5_hex_digest(*inputs)

Calculates hexadecimal representation of the MD5 digest of a variable number of inputs.

Parameters:inputs – A variable number of inputs for which the digest will be calculated.
Returns:Hexadecimal representation of the MD5 digest.

HMAC-SHA-1 digests

mom.security.hash.hmac_sha1_base64_digest(key, data)

Calculates a base64-encoded HMAC SHA-1 signature.

Parameters:
  • key – The key for the signature.
  • data – The data to be signed.
Returns:

Base64-encoded HMAC SHA-1 signature.

mom.security.hash.hmac_sha1_digest(key, data)

Calculates a HMAC SHA-1 digest.

Parameters:
  • key – The key for the digest.
  • data – The raw bytes data for which the digest will be calculated.
Returns:

HMAC SHA-1 Digest.

module:mom.security.random
synopsis:Random number, bits, bytes, string, sequence, & password generation.

Bits and bytes

mom.security.random.generate_random_bits(n_bits, rand_func=<function generate_random_bytes>)

Generates the specified number of random bits as a byte string. For example:

f(x) -> y such that
f(16) ->           1111 1111 1111 1111; bytes_to_integer(y) => 65535L
f(17) -> 0000 0001 1111 1111 1111 1111; bytes_to_integer(y) => 131071L
Parameters:
  • n_bits

    Number of random bits.

    if n is divisible by 8, (n / 8) bytes will be returned. if n is not divisible by 8, ((n / 8) + 1) bytes will be returned and the prefixed offset-byte will have (n % 8) number of random bits, (that is, 8 - (n % 8) high bits will be cleared).

    The range of the numbers is 0 to (2**n)-1 inclusive.

  • rand_func – Random bytes generator function.
Returns:

Bytes.

mom.security.random.generate_random_bytes(count)

Generates a random byte string with count bytes.

Parameters:count – Number of bytes.
Returns:Random byte string.

Numbers

mom.security.random.generate_random_uint_atmost(n_bits, rand_func=<function generate_random_bytes>)

Generates a random unsigned integer with n_bits random bits.

Parameters:
  • n_bits – Number of random bits to be generated at most.
  • rand_func – Random bytes generator function.
Returns:

Returns an unsigned long integer with at most n_bits random bits. The generated unsigned long integer will be between 0 and (2**n_bits)-1 both inclusive.

mom.security.random.generate_random_uint_exactly(n_bits, rand_func=<function generate_random_bytes>)

Generates a random unsigned long with n_bits random bits.

Parameters:
  • n_bits – Number of random bits.
  • rand_func – Random bytes generator function.
Returns:

Returns an unsigned long integer with n_bits random bits. The generated unsigned long integer will be between 2**(n_bits-1) and (2**n_bits)-1 both inclusive.

mom.security.random.generate_random_uint_between(low, high, rand_func=<function generate_random_bytes>)

Generates a random long integer between low and high, not including high.

Parameters:
  • low – Low
  • high – High
  • rand_func – Random bytes generator function.
Returns:

Random unsigned long integer value.

Sequences and choices

mom.security.random.random_choice(sequence, rand_func=<function generate_random_bytes>)

Randomly chooses an element from the given non-empty sequence.

Parameters:sequence – Non-empty sequence to randomly choose an element from.
Returns:Randomly chosen element.
mom.security.random.random_shuffle(sequence, rand_func=<function generate_random_bytes>)

Randomly shuffles the sequence in-place.

Parameters:sequence – Sequence to shuffle in-place.
Returns:The shuffled sequence itself (for convenience).
mom.security.random.generate_random_sequence(length, pool, rand_func=<function generate_random_bytes>)

Generates a random sequence of given length using the sequence pool specified.

Parameters:
  • length – The length of the random sequence.
  • pool – A sequence of elements to be used as the pool from which random elements will be chosen.
Returns:

A list of elements randomly chosen from the pool.

mom.security.random.generate_random_sequence_strong(entropy, pool, rand_func=<function generate_random_bytes>)

Generates a random sequence based on entropy.

If you’re using this to generate passwords based on entropy: http://en.wikipedia.org/wiki/Password_strength

Parameters:
  • entropy – Desired entropy in bits.
  • pool – The pool of unique elements from which to randomly choose.
Returns:

Randomly generated sequence with specified entropy.

Strings

mom.security.random.generate_random_string(length, pool='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789', rand_func=<function generate_random_bytes>)

Generates a random string of given length using the sequence pool specified.

Don’t use this to generate passwords. Use generate_random_password instead.

Entropy:

H = log2(N**L)

where:

  • H is the entropy in bits.
  • N is the possible symbol count
  • L is length of string of symbols

Entropy chart:

-----------------------------------------------------------------
Symbol set              Symbol Count (N)  Entropy per symbol (H)
-----------------------------------------------------------------
HEXADECIMAL_DIGITS      16                4.0000 bits
DIGITS                  10                3.3219 bits
LOWERCASE_ALPHA         26                4.7004 bits
UPPERCASE_ALPHA         26                4.7004 bits
PUNCTUATION             32                5.0000 bits
LOWERCASE_ALPHANUMERIC  36                5.1699 bits
UPPERCASE_ALPHANUMERIC  36                5.1699 bits
ALPHA                   52                5.7004 bits
ALPHANUMERIC            62                5.9542 bits
ASCII_PRINTABLE         94                6.5546 bits
ALL_PRINTABLE           100               6.6438 bits
Parameters:
  • length – The length of the random sequence.
  • pool – A sequence of characters to be used as the pool from which random characters will be chosen. Default case-sensitive alpha-numeric characters.
Returns:

A string of elements randomly chosen from the pool.

mom.security.random.generate_random_password(entropy, pool='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!"#$%&\'()*+, -./:;<=>?@[\\]^_`{|}~', rand_func=<function generate_random_bytes>)

Generates a password based on entropy.

If you’re using this to generate passwords based on entropy: http://en.wikipedia.org/wiki/Password_strength

Parameters:
  • entropy – Desired entropy in bits. Choose at least 64 to have a decent password.
  • pool – The pool of unique characters from which to randomly choose.
Returns:

Randomly generated password with specified entropy.

mom.security.random.generate_random_hex_string(length=8, rand_func=<function generate_random_bytes>)

Generates a random ASCII-encoded hexadecimal string of an even length.

Parameters:
  • length – Length of the string to be returned. Default 32. The length MUST be a positive even number.
  • rand_func – Random bytes generator function.
Returns:

A string representation of a randomly-generated hexadecimal string.

Utility

mom.security.random.calculate_entropy(length, pool='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789')

Determines the entropy of the given sequence length and the pool.

Parameters:
  • length – The length of the generated random sequence.
  • pool – The pool of unique elements used to generate the sequence.
Returns:

The entropy (in bits) of the random sequence.

module:mom.security.codec
synopsis:Codecs to encode and decode keys and certificates in various formats.

PEM key decoders

mom.security.codec.public_key_pem_decode(pem_key)

Decodes a PEM-encoded public key/X.509 certificate string into internal representation.

Parameters:pem_key – The PEM-encoded key. Must be one of: 1. RSA public key. 2. X.509 certificate.
Returns:A dictionary of key information.
mom.security.codec.private_key_pem_decode(pem_key)

Decodes a PEM-encoded private key string into internal representation.

Parameters:pem_key – The PEM-encoded RSA private key.
Returns:A dictionary of key information.