cpython/Lib/secrets.py

"""Generate cryptographically strong pseudo-random numbers suitable for
managing secrets such as account authentication, tokens, and similar.

See PEP 506 for more information.
https://www.python.org/dev/peps/pep-0506/

"""

__all__ = ['choice', 'randbelow', 'randbits', 'SystemRandom',
           'token_bytes', 'token_hex', 'token_urlsafe',
           'compare_digest',
           ]


import base64
import binascii

from hmac import compare_digest
from random import SystemRandom

_sysrand = SystemRandom()

randbits = _sysrand.getrandbits
choice = _sysrand.choice

def randbelow(exclusive_upper_bound):
    """Return a random int in the range [0, n)."""
    if exclusive_upper_bound <= 0:
        raise ValueError("Upper bound must be positive.")
    return _sysrand._randbelow(exclusive_upper_bound)

DEFAULT_ENTROPY = 32  # number of bytes to return by default

def token_bytes(nbytes=None):
    """Return a random byte string containing *nbytes* bytes.

    If *nbytes* is ``None`` or not supplied, a reasonable
    default is used.

    >>> token_bytes(16)  #doctest:+SKIP
    b'\\xebr\\x17D*t\\xae\\xd4\\xe3S\\xb6\\xe2\\xebP1\\x8b'

    """
    if nbytes is None:
        nbytes = DEFAULT_ENTROPY
    return _sysrand.randbytes(nbytes)

def token_hex(nbytes=None):
    """Return a random text string, in hexadecimal.

    The string has *nbytes* random bytes, each byte converted to two
    hex digits.  If *nbytes* is ``None`` or not supplied, a reasonable
    default is used.

    >>> token_hex(16)  #doctest:+SKIP
    'f9bf78b9a18ce6d46a0cd2b0b86df9da'

    """
    return binascii.hexlify(token_bytes(nbytes)).decode('ascii')

def token_urlsafe(nbytes=None):
    """Return a random URL-safe text string, in Base64 encoding.

    The string has *nbytes* random bytes.  If *nbytes* is ``None``
    or not supplied, a reasonable default is used.

    >>> token_urlsafe(16)  #doctest:+SKIP
    'Drmhze6EPcv0fN_81Bj-nA'

    """
    tok = token_bytes(nbytes)
    return base64.urlsafe_b64encode(tok).rstrip(b'=').decode('ascii')
Add secrets module and tests. 2016-04-15 01:51:31 +10:00			`"""Generate cryptographically strong pseudo-random numbers suitable for`
			`managing secrets such as account authentication, tokens, and similar.`

Shorten secrets module docstring, add function docstrings. 2016-04-17 13:13:36 +10:00			`See PEP 506 for more information.`
Add secrets module and tests. 2016-04-15 01:51:31 +10:00			`https://www.python.org/dev/peps/pep-0506/`

			`"""`

			`__all__ = ['choice', 'randbelow', 'randbits', 'SystemRandom',`
			`'token_bytes', 'token_hex', 'token_urlsafe',`
			`'compare_digest',`
			`]`


			`import base64`
			`import binascii`

Remove python fallback for compare_digest. See https://mail.python.org/pipermail/python-dev/2016-April/144198.html https://mail.python.org/pipermail/python-dev/2016-April/144203.html 2016-04-16 04:33:55 +10:00			`from hmac import compare_digest`
Add secrets module and tests. 2016-04-15 01:51:31 +10:00			`from random import SystemRandom`

			`_sysrand = SystemRandom()`

			`randbits = _sysrand.getrandbits`
			`choice = _sysrand.choice`

			`def randbelow(exclusive_upper_bound):`
Shorten secrets module docstring, add function docstrings. 2016-04-17 13:13:36 +10:00			`"""Return a random int in the range [0, n)."""`
Issue #29061: secrets.randbelow() would hang with a negative input 2016-12-29 22:54:25 -07:00			`if exclusive_upper_bound <= 0:`
			`raise ValueError("Upper bound must be positive.")`
Add secrets module and tests. 2016-04-15 01:51:31 +10:00			`return _sysrand._randbelow(exclusive_upper_bound)`

			`DEFAULT_ENTROPY = 32 # number of bytes to return by default`

			`def token_bytes(nbytes=None):`
Shorten secrets module docstring, add function docstrings. 2016-04-17 13:13:36 +10:00			`"""Return a random byte string containing nbytes bytes.`

			If nbytes is ``None`` or not supplied, a reasonable
			`default is used.`

			`>>> token_bytes(16) #doctest:+SKIP`
			`b'\\xebr\\x17D*t\\xae\\xd4\\xe3S\\xb6\\xe2\\xebP1\\x8b'`

			`"""`
Add secrets module and tests. 2016-04-15 01:51:31 +10:00			`if nbytes is None:`
			`nbytes = DEFAULT_ENTROPY`
bpo-40286: Add randbytes() method to random.Random (GH-19527) Add random.randbytes() function and random.Random.randbytes() method to generate random bytes. Modify secrets.token_bytes() to use SystemRandom.randbytes() rather than calling directly os.urandom(). Rename also genrand_int32() to genrand_uint32(), since it returns an unsigned 32-bit integer, not a signed integer. The _random module is now built with Py_BUILD_CORE_MODULE defined. 2020-04-17 19:05:35 +02:00			`return _sysrand.randbytes(nbytes)`
Add secrets module and tests. 2016-04-15 01:51:31 +10:00
			`def token_hex(nbytes=None):`
Shorten secrets module docstring, add function docstrings. 2016-04-17 13:13:36 +10:00			`"""Return a random text string, in hexadecimal.`

			`The string has nbytes random bytes, each byte converted to two`
			hex digits. If nbytes is ``None`` or not supplied, a reasonable
			`default is used.`

			`>>> token_hex(16) #doctest:+SKIP`
			`'f9bf78b9a18ce6d46a0cd2b0b86df9da'`

			`"""`
Add secrets module and tests. 2016-04-15 01:51:31 +10:00			`return binascii.hexlify(token_bytes(nbytes)).decode('ascii')`

			`def token_urlsafe(nbytes=None):`
Shorten secrets module docstring, add function docstrings. 2016-04-17 13:13:36 +10:00			`"""Return a random URL-safe text string, in Base64 encoding.`

			The string has nbytes random bytes. If nbytes is ``None``
			`or not supplied, a reasonable default is used.`

			`>>> token_urlsafe(16) #doctest:+SKIP`
			`'Drmhze6EPcv0fN_81Bj-nA'`

			`"""`
Add secrets module and tests. 2016-04-15 01:51:31 +10:00			`tok = token_bytes(nbytes)`
			`return base64.urlsafe_b64encode(tok).rstrip(b'=').decode('ascii')`