-
Notifications
You must be signed in to change notification settings - Fork 28
/
secrets.py
58 lines (37 loc) · 1.22 KB
/
secrets.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
# SPDX-License-Identifier: MIT
# Copyright (c) 2019, Mathias Laurin
"""Generate secure random numbers.
This is an implementation of the PEP 506 API based on a
CSPRNG (Cryptographically Strong Pseudo Random Number Generator).
This module is compatibale with the standard `secrets` (PEP 506) module.
"""
import base64 as _base64
import binascii as _binascii
import mbedtls._random as _rnd
__all__ = [
"randbits",
"choice",
"randbelow",
"token_bytes",
"token_hex",
"token_urlsafe",
]
DEFAULT_ENTROPY = 32
__rng = _rnd.default_rng()
randbits = __rng.getrandbits
choice = __rng.choice
randbelow = __rng.randbelow
def token_bytes(nbytes=None):
"""Return a random byte string containing `nbytes` number of bytes.
If `nbytes` is ``None`` or not supplied, a reasonable default is used.
"""
if nbytes is None:
nbytes = DEFAULT_ENTROPY
return __rng.urandom(nbytes)
def token_hex(nbytes=None):
"""Return a random text string, in hexadecimal."""
return _binascii.hexlify(token_bytes(nbytes)).decode("ascii")
def token_urlsafe(nbytes=None):
"""Return a random URL-safe string."""
tok = token_bytes(nbytes)
return _base64.urlsafe_b64encode(tok).rstrip(b"=").decode("ascii")