def get_new_name(self):
keys = self.object_names.keys()
while True:
candidate = b2a_base64(rand_bytes(128))
if candidate in :
continue
self.object_names[name] = False
def random(length = 20, alphabet = DEFAULT_ALPHABET, veto_chars = None):
if veto_chars:
alphabet = re.sub('[%s]'%veto_chars, '', alphabet)
if len(alphabet) < 16:
raise ArgumentError('size of alphabet cannot be smaller than 16 characters')
bytes = rand_bytes(length)
password = ""
for byte in bytes:
password += alphabet[ ord(byte) % len(alphabet)]
return password
def createCookie(self):
nb_try = 0
while True:
nb_try += 1
if 1000 < nb_try:
raise SessionError(SESSION_GEN_COOKIE_ERROR,
tr("Unable to generate a session cookie!"))
cookie = rand_bytes(COOKIE_LENGTH)
if cookie not in self.sessions:
return cookie
def build_hash(self, method, plaintext):
if method in ("PLAIN", "EXTERNAL"):
return u'{%s}%s' % (method, plaintext)
salt = rand_bytes(SALT_BYTES)
hash = self.hash_password(method, plaintext, salt)
salt = base64.b64encode(salt)
if not hash:
return u'{PLAIN}%s' % plaintext
return u'{%s}$%s$%s' % (method, salt, hash)
def createEncryption(secret_key, value):
iv = rand_bytes(16)
cipher = EVP.Cipher(alg="aes_256_cbc", key=secret_key, iv=iv, op=M2Crypto.encrypt)
ciphertext = cipher.update(value)
ciphertext += cipher.final()
hmac = EVP.hmac(secret_key, iv + value, algo="sha256")
return {
"version": 0,
"algorithm": "AES_256_CBC_HMAC_SHA256",
"iv": base64.standard_b64encode(iv),
"ciphertext": base64.standard_b64encode(ciphertext),
"signature": base64.standard_b64encode(hmac)
}
def createEncryptionWithPassphrase(secret_key, passphrase):
iv_and_salt = rand_bytes(128 / 8)
password_derived_key = EVP.pbkdf2(passphrase, iv_and_salt, 1000, 256 / 8)
cipher = EVP.Cipher(alg="aes_256_cbc", key=password_derived_key, iv=iv_and_salt, op=M2Crypto.encrypt)
encrypted_key = cipher.update(secret_key)
encrypted_key += cipher.final()
hmac = EVP.hmac(password_derived_key, iv_and_salt + secret_key, algo="sha256")
return {
"version": 0,
"algorithm": "PBKDF2_SHA1_AES_256_CBC_HMAC_SHA256",
"iv": base64.standard_b64encode(iv_and_salt),
"ciphertext": base64.standard_b64encode(encrypted_key),
"signature": base64.standard_b64encode(hmac)
}
def generate_key(n):
"""Returns an OATH/HOTP key as a string of n raw bytes."""
# An OATH/HOTP key is just bunch of random (in the "unpredictable"
# sense) bits, of certain quantities (e.g. 160 bits or 20 bytes)
# that are compatible with the AES algorithms.
# From openssl's documentation:
#
# RAND_bytes() puts num cryptographically strong pseudo-random
# bytes into buf. An error occurs if the PRNG has not been
# seeded with enough randomness to ensure an unpredictable byte
# sequence.
#
# openssl's RAND_bytes(num) function is available in Python as
# M2Crypto.Rand.rand_bytes(num).
return b16encode(rand_bytes(n))
def keygen(length=40):
return binascii.b2a_base64(rand_bytes(length))
def newRandomSecretKey(): return rand_bytes(256 / 8)