Usage of a cryptographically suitable RNG. Proposed by Seth Arnold.

2015-02-28 07:26:23 +01:00
parent 7b025c619f
commit 6828283977
3 changed files with 21 additions and 28 deletions
--- a/setup.py
+++ b/setup.py
@@ -51,8 +51,8 @@ if sys.version_info < (2, 7):

 setup(
    name='pysaml2',
-    version='2.3.0',
-    description='Python implementation of SAML Version 2 to be used in a WSGI environment',
+    version='2.4.0beta',
+    description='Python implementation of SAML Version 2',
    # long_description = read("README"),
    author='Roland Hedberg',
    author_email='roland.hedberg@adm.umu.se',
--- a/src/saml2/s_utils.py
+++ b/src/saml2/s_utils.py
@@ -7,6 +7,7 @@ import time
 import base64
 import sys
 import hmac
+import string

 # from python 2.5
 import imp
@@ -154,31 +155,28 @@ def deflate_and_base64_encode(string_val):
    return base64.b64encode(zlib.compress(string_val)[2:-4])


-def rndstr(size=16):
+def rndstr(size=16, alphabet=""):
    """
    Returns a string of random ascii characters or digits

    :param size: The length of the string
    :return: string
    """
-    _basech = string.ascii_letters + string.digits
-    return "".join([random.choice(_basech) for _ in range(size)])
+    rng = random.SystemRandom()
+    if not alphabet:
+        alphabet = string.letters[0:52] + string.digits
+    return str().join(rng.choice(alphabet) for _ in range(size))


-def sid(seed=""):
-    """The hash of the server time + seed makes an unique SID for each session.
-    128-bits long so it fulfills the SAML2 requirements which states
+def sid():
+    """creates an unique SID for each session.
+    160-bits long so it fulfills the SAML2 requirements which states
    128-160 bits

-    :param seed: A seed string
-    :return: The hex version of the digest, prefixed by 'id-' to make it
+    :return: A random string prefix with 'id-' to make it
        compliant with the NCName specification
    """
-    ident = md5()
-    ident.update(repr(time.time()))
-    if seed:
-        ident.update(seed)
-    return "id-" + ident.hexdigest()
+    return "id-" + rndstr(17)


 def parse_attribute_map(filenames):
--- a/src/saml2/sigver.py
+++ b/src/saml2/sigver.py
@@ -33,7 +33,7 @@ from saml2 import saml
 from saml2 import ExtensionElement
 from saml2 import VERSION

-from saml2.s_utils import sid
+from saml2.s_utils import sid, rndstr
 from saml2.s_utils import Unsupported

 from saml2.time_util import instant
@@ -322,18 +322,13 @@ def signed_instance_factory(instance, seccont, elements_to_sign=None):


 # --------------------------------------------------------------------------
-
-
-def create_id():
-    """ Create a string of 40 random characters from the set [a-p],
-    can be used as a unique identifier of objects.
-
-    :return: The string of random characters
-    """
-    ret = ""
-    for _ in range(40):
-        ret += chr(random.randint(0, 15) + ord('a'))
-    return ret
+# def create_id():
+#     """ Create a string of 40 random characters from the set [a-p],
+#     can be used as a unique identifier of objects.
+#
+#     :return: The string of random characters
+#     """
+#     return rndstr(40, "abcdefghijklmonp")


 def make_temp(string, suffix="", decode=True, delete=True):