def get_new_random_snapshot_id():
""" Return a new random id to be used as new snapshot id.
return value will be hex encoded string.
"""
# this is for debug mode only.
if sdef.NOT_SO_RAND_SNAPSHOT_ID:
log.vvvv("Random snapshot ids are seeded. This for debug only, don't use this in production.")
result = hash_util.get_digest_for_bytes(str(rand_src_debug_only.random()) )
log.fefrv("get_new_random_snapshot_id() returning. new snapid (seeded rand src) is: \n " + result)
return result
# read a lot of data from os random source in different syscalls for more randomness
read_size = 1024
rand_chunks = []
for i in range(0, 40):
rand_chunks.append(os.urandom(read_size))
result = hash_util.get_digest_for_bytes("".join(rand_chunks))
log.fefrv("get_new_random_snapshot_id() returning. new snapid (os rand src) is: \n " + result)
return result
def get_new_random_filename():
""" Return a new random filename. This from os urandom in production mode and predictable sequence otherwise.
When anonymizing filenames from the source directory to its shadow its best to use new random values,
such as ones given out by os random source, rather than use sha256 fingerprints of filenames. The goal
of the shadow folder is to reveal nothing about the source directory, if the filenames are sha256 fingerprints
an attacker maybe able to guess that file "lib.h" or "readme.md" existed in the source folder and then confirm
this guess by looking for a file named sha256("lib.h") in the shadow directory. Even though this doesn't
reveal much and certainly nothing about the file contents, its best to reveal absolutely nothing.
"""
# read a lot of data from os random source then sha256 it to get a random number. (not sha256 of some filename)
# read a lot of data from os random source in different syscalls for more randomness
read_size = 8 * 1024
rand_chunks = []
for i in range(0, 40):
rand_chunks.append(os.urandom(read_size))
hash_func = hashlib.sha512()
for rand_chunk in rand_chunks:
hash_func.update(rand_chunk)
result = hash_func.hexdigest()
log.fefrv("get_new_random_filename() returning. new file name is: \n " + result)
return result
def get_new_random_salt():
""" Return a new salt for key derivation. returns a bytes object with the underlying bytes of the salt.
not hex or base64 encoded. Take the bytes and use it as the salt.
"""
log.fefrv("get_new_random_salt() called")
size = 32
if sdef.INSECURE_RAND_SALT:
# fixed salt for testing
return '596381b4268e6811cbf9614c3fa0981515223600f49ab12fc2f783729399a31e'.decode('hex')
return os.urandom(size)
def get_dict_from_json_at_pathname(src_pathname):
""" Given a pathname to a file containing a JSON serialized object, read it, make a py dict from it
and return it. """
log.fefrv('get_dict_from_json_at_pathname() called, src pathname: ' + str(src_pathname))
assert isinstance(src_pathname, str) or isinstance(src_pathname, unicode)
fhandle = open(src_pathname, 'rb')
result_dict = json.load(fhandle)
# print type(result_dict) # returns <type dict>
log.fefrv('get_dict_from_json_at_pathname() returning with result: ' + str(result_dict))
return result_dict
def get_shadow_name(name):
""" Given a directory name or path (like './sf' compute and return the shadow version (like './sf_shadow' """
log.fefrv("get_shadow_name() called with type(arg), str(arg): " + str(type(name)) + " >>" + str(name) + "<<")
final_comp = os.path.basename(name)
dir_comp = os.path.dirname(name)
# add '.' to the start of final_comp if we wanted to make the shadow a hidden folder.
#final_comp = '.' + final_comp + '_shadow'
final_comp = final_comp + '_shadow'
result = os.path.join(dir_comp, final_comp)
log.fefrv("get_shadow_name() returning with result: " + str(result))
return result
def save_dict_as_json_to_pathname(dst_pathname, py_dict):
""" Given a pathname to a writable file, and a python dict,
Serialize the dict as json and save it to the file. """
log.fefrv('save_dict_as_json_to_pathname() called, args:')
log.fefrv('dst_pathname: ' + str(dst_pathname) + " py_dict: " + str(py_dict))
assert isinstance(dst_pathname, str) or isinstance(dst_pathname, unicode)
assert isinstance(py_dict, dict)
fhandle = open(dst_pathname, 'wb')
json.dump(py_dict, fhandle, ensure_ascii=False, indent=4, sort_keys=True)
# alternative using dumps method.
# serial_data = json.dumps(py_dict, ensure_ascii=False, indent=4, sort_keys=True)
# log.vvv('dumping serialized dict to file: ' + str(dst_pathname))
# log.vvv(serial_data)
# fhandle.write( serial_data )
fhandle.flush()
fhandle.close()
log.fefrv('save_dict_as_json_to_pathname() returning')