Home Verkennen Help
Inloggen
gr412_veini
/
django_exam
1
0
Vork 0
Bestanden Issues 0 Pull-aanvragen 0 Wiki
Boom: 84409aea7b
Aftakkingen Labels
django_exam
/
venv
/
Lib
/
site-packages
/
django
/
utils
/
crypto.py

crypto.py 2.6 KB
Geschiedenis Ruwe

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576 
  1. """
    2. 

  2. Django's standard crypto functions and utilities.
    3. 

  3. """
    4. 

  4. import hashlib
    5. 

  5. import hmac
    6. 

  6. import secrets
    7. 

  7. 

  8. from django.conf import settings
    9. 

  9. from django.utils.encoding import force_bytes
    10. 

  10. 

  11. 

  12. class InvalidAlgorithm(ValueError):
    13. 

  13.     """Algorithm is not supported by hashlib."""
    14. 

  14. 

  15.     pass
    16. 

  16. 

  17. 

  18. def salted_hmac(key_salt, value, secret=None, *, algorithm="sha1"):
    19. 

  19.     """
    20. 

  20.     Return the HMAC of 'value', using a key generated from key_salt and a
    21. 

  21.     secret (which defaults to settings.SECRET_KEY). Default algorithm is SHA1,
    22. 

  22.     but any algorithm name supported by hashlib can be passed.
    23. 

  23. 

  24.     A different key_salt should be passed in for every application of HMAC.
    25. 

  25.     """
    26. 

  26.     if secret is None:
    27. 

  27.         secret = settings.SECRET_KEY
    28. 

  28. 

  29.     key_salt = force_bytes(key_salt)
    30. 

  30.     secret = force_bytes(secret)
    31. 

  31.     try:
    32. 

  32.         hasher = getattr(hashlib, algorithm)
    33. 

  33.     except AttributeError as e:
    34. 

  34.         raise InvalidAlgorithm(
    35. 

  35.             "%r is not an algorithm accepted by the hashlib module." % algorithm
    36. 

  36.         ) from e
    37. 

  37.     # We need to generate a derived key from our base key.  We can do this by
    38. 

  38.     # passing the key_salt and our base key through a pseudo-random function.
    39. 

  39.     key = hasher(key_salt + secret).digest()
    40. 

  40.     # If len(key_salt + secret) > block size of the hash algorithm, the above
    41. 

  41.     # line is redundant and could be replaced by key = key_salt + secret, since
    42. 

  42.     # the hmac module does the same thing for keys longer than the block size.
    43. 

  43.     # However, we need to ensure that we *always* do this.
    44. 

  44.     return hmac.new(key, msg=force_bytes(value), digestmod=hasher)
    45. 

  45. 

  46. 

  47. RANDOM_STRING_CHARS = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
    48. 

  48. 

  49. 

  50. def get_random_string(length, allowed_chars=RANDOM_STRING_CHARS):
    51. 

  51.     """
    52. 

  52.     Return a securely generated random string.
    53. 

  53. 

  54.     The bit length of the returned value can be calculated with the formula:
    55. 

  55.         log_2(len(allowed_chars)^length)
    56. 

  56. 

  57.     For example, with default `allowed_chars` (26+26+10), this gives:
    58. 

  58.       * length: 12, bit length =~ 71 bits
    59. 

  59.       * length: 22, bit length =~ 131 bits
    60. 

  60.     """
    61. 

  61.     return "".join(secrets.choice(allowed_chars) for i in range(length))
    62. 

  62. 

  63. 

  64. def constant_time_compare(val1, val2):
    65. 

  65.     """Return True if the two strings are equal, False otherwise."""
    66. 

  66.     return secrets.compare_digest(force_bytes(val1), force_bytes(val2))
    67. 

  67. 

  68. 

  69. def pbkdf2(password, salt, iterations, dklen=0, digest=None):
    70. 

  70.     """Return the hash of password using pbkdf2."""
    71. 

  71.     if digest is None:
    72. 

  72.         digest = hashlib.sha256
    73. 

  73.     dklen = dklen or None
    74. 

  74.     password = force_bytes(password)
    75. 

  75.     salt = force_bytes(salt)
    76. 

  76.     return hashlib.pbkdf2_hmac(digest().name, password, salt, iterations, dklen)
    77.