123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128 |
- # -*- test-case-name: twisted.test.test_randbytes -*-
- # Copyright (c) Twisted Matrix Laboratories.
- # See LICENSE for details.
-
- """
- Cryptographically secure random implementation, with fallback on normal random.
- """
-
-
- import os
- import random
- import warnings
-
- getrandbits = getattr(random, "getrandbits", None)
-
- _fromhex = bytes.fromhex
-
-
- class SecureRandomNotAvailable(RuntimeError):
- """
- Exception raised when no secure random algorithm is found.
- """
-
-
- class SourceNotAvailable(RuntimeError):
- """
- Internal exception used when a specific random source is not available.
- """
-
-
- class RandomFactory:
- """
- Factory providing L{secureRandom} and L{insecureRandom} methods.
-
- You shouldn't have to instantiate this class, use the module level
- functions instead: it is an implementation detail and could be removed or
- changed arbitrarily.
- """
-
- # This variable is no longer used, and will eventually be removed.
- randomSources = ()
-
- getrandbits = getrandbits
-
- def _osUrandom(self, nbytes):
- """
- Wrapper around C{os.urandom} that cleanly manage its absence.
- """
- try:
- return os.urandom(nbytes)
- except (AttributeError, NotImplementedError) as e:
- raise SourceNotAvailable(e)
-
- def secureRandom(self, nbytes, fallback=False):
- """
- Return a number of secure random bytes.
-
- @param nbytes: number of bytes to generate.
- @type nbytes: C{int}
- @param fallback: Whether the function should fallback on non-secure
- random or not. Default to C{False}.
- @type fallback: C{bool}
-
- @return: a string of random bytes.
- @rtype: C{str}
- """
- try:
- return self._osUrandom(nbytes)
- except SourceNotAvailable:
- pass
-
- if fallback:
- warnings.warn(
- "urandom unavailable - "
- "proceeding with non-cryptographically secure random source",
- category=RuntimeWarning,
- stacklevel=2,
- )
- return self.insecureRandom(nbytes)
- else:
- raise SecureRandomNotAvailable("No secure random source available")
-
- def _randBits(self, nbytes):
- """
- Wrapper around C{os.getrandbits}.
- """
- if self.getrandbits is not None:
- n = self.getrandbits(nbytes * 8)
- hexBytes = ("%%0%dx" % (nbytes * 2)) % n
- return _fromhex(hexBytes)
- raise SourceNotAvailable("random.getrandbits is not available")
-
- _maketrans = bytes.maketrans
- _BYTES = _maketrans(b"", b"")
-
- def _randModule(self, nbytes):
- """
- Wrapper around the C{random} module.
- """
- return b"".join([bytes([random.choice(self._BYTES)]) for i in range(nbytes)])
-
- def insecureRandom(self, nbytes):
- """
- Return a number of non secure random bytes.
-
- @param nbytes: number of bytes to generate.
- @type nbytes: C{int}
-
- @return: a string of random bytes.
- @rtype: C{str}
- """
- for src in ("_randBits", "_randModule"):
- try:
- return getattr(self, src)(nbytes)
- except SourceNotAvailable:
- pass
-
-
- factory = RandomFactory()
-
- secureRandom = factory.secureRandom
-
- insecureRandom = factory.insecureRandom
-
- del factory
-
-
- __all__ = ["secureRandom", "insecureRandom", "SecureRandomNotAvailable"]
|