ceph-csi/vendor/github.com/google/fscrypt/actions/recovery.go

/*
 * recovery.go - support for generating recovery passphrases
 *
 * Copyright 2019 Google LLC
 *
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not
 * use this file except in compliance with the License. You may obtain a copy of
 * the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 * License for the specific language governing permissions and limitations under
 * the License.
 */

package actions

import (
	"fmt"
	"os"
	"strconv"

	"github.com/google/fscrypt/crypto"
	"github.com/google/fscrypt/metadata"
	"github.com/google/fscrypt/util"
)

// modifiedContextWithSource returns a copy of ctx with the protector source
// replaced by source.
func modifiedContextWithSource(ctx *Context, source metadata.SourceType) *Context {
	modifiedConfig := *ctx.Config
	modifiedConfig.Source = source
	modifiedCtx := *ctx
	modifiedCtx.Config = &modifiedConfig
	return &modifiedCtx
}

// AddRecoveryPassphrase randomly generates a recovery passphrase and adds it as
// a custom_passphrase protector for the given Policy.
func AddRecoveryPassphrase(policy *Policy, dirname string) (*crypto.Key, *Protector, error) {
	// 20 random characters in a-z is 94 bits of entropy, which is way more
	// than enough for a passphrase which still goes through the usual
	// passphrase hashing which makes it extremely costly to brute force.
	passphrase, err := crypto.NewRandomPassphrase(20)
	if err != nil {
		return nil, nil, err
	}
	defer func() {
		if err != nil {
			passphrase.Wipe()
		}
	}()
	getPassphraseFn := func(info ProtectorInfo, retry bool) (*crypto.Key, error) {
		// CreateProtector() wipes the passphrase, but in this case we
		// still need it for later, so make a copy.
		return passphrase.Clone()
	}
	var recoveryProtector *Protector
	customCtx := modifiedContextWithSource(policy.Context, metadata.SourceType_custom_passphrase)
	seq := 1
	for {
		// Automatically generate a name for the recovery protector.
		name := "Recovery passphrase for " + dirname
		if seq != 1 {
			name += " (" + strconv.Itoa(seq) + ")"
		}
		recoveryProtector, err = CreateProtector(customCtx, name, getPassphraseFn, policy.ownerIfCreating)
		if err == nil {
			break
		}
		if _, ok := err.(*ErrProtectorNameExists); !ok {
			return nil, nil, err
		}
		seq++
	}
	if err := policy.AddProtector(recoveryProtector); err != nil {
		recoveryProtector.Revert()
		return nil, nil, err
	}
	return passphrase, recoveryProtector, nil
}

// WriteRecoveryInstructions writes a recovery passphrase and instructions to a
// file.  This file should initially be located in the encrypted directory
// protected by the passphrase itself.  It's up to the user to store the
// passphrase in a different location if they actually need it.
func WriteRecoveryInstructions(recoveryPassphrase *crypto.Key, recoveryProtector *Protector,
	policy *Policy, path string) error {
	file, err := os.OpenFile(path, os.O_WRONLY|os.O_CREATE, 0600)
	if err != nil {
		return err
	}
	defer file.Close()
	str := fmt.Sprintf(
		`fscrypt automatically generated a recovery passphrase for this directory:

    %s

It did this because you chose to protect this directory with your login
passphrase, but this directory is not on the root filesystem.

Copy this passphrase to a safe place if you want to still be able to unlock this
directory if you re-install the operating system or connect this storage media
to a different system (which would result in your login protector being lost).

To unlock this directory using this recovery passphrase, run 'fscrypt unlock'
and select the protector named %q.

If you want to disable recovery passphrase generation (not recommended),
re-create this directory and pass the --no-recovery option to 'fscrypt encrypt'.
Alternatively, you can remove this recovery passphrase protector using:

    fscrypt metadata remove-protector-from-policy --force --protector=%s:%s --policy=%s:%s

It is safe to keep it around though, as the recovery passphrase is high-entropy.
`, recoveryPassphrase.Data(), recoveryProtector.data.Name,
		recoveryProtector.Context.Mount.Path, recoveryProtector.data.ProtectorDescriptor,
		policy.Context.Mount.Path, policy.data.KeyDescriptor)
	if _, err = file.WriteString(str); err != nil {
		return err
	}
	if recoveryProtector.ownerIfCreating != nil {
		if err = util.Chown(file, recoveryProtector.ownerIfCreating); err != nil {
			return err
		}
	}
	return file.Sync()
}
vendor: vendor fscrypt integration dependencies Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com> 2022-06-23 11:58:36 +00:00			`/*`
			`* recovery.go - support for generating recovery passphrases`
			`*`
			`* Copyright 2019 Google LLC`
			`*`
			`* Licensed under the Apache License, Version 2.0 (the "License"); you may not`
			`* use this file except in compliance with the License. You may obtain a copy of`
			`* the License at`
			`*`
			`* http://www.apache.org/licenses/LICENSE-2.0`
			`*`
			`* Unless required by applicable law or agreed to in writing, software`
			`* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT`
			`* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the`
			`* License for the specific language governing permissions and limitations under`
			`* the License.`
			`*/`

			`package actions`

			`import (`
			`"fmt"`
			`"os"`
			`"strconv"`

			`"github.com/google/fscrypt/crypto"`
			`"github.com/google/fscrypt/metadata"`
			`"github.com/google/fscrypt/util"`
			`)`

			`// modifiedContextWithSource returns a copy of ctx with the protector source`
			`// replaced by source.`
			`func modifiedContextWithSource(ctx Context, source metadata.SourceType) Context {`
			`modifiedConfig := *ctx.Config`
			`modifiedConfig.Source = source`
			`modifiedCtx := *ctx`
			`modifiedCtx.Config = &modifiedConfig`
			`return &modifiedCtx`
			`}`

			`// AddRecoveryPassphrase randomly generates a recovery passphrase and adds it as`
			`// a custom_passphrase protector for the given Policy.`
			`func AddRecoveryPassphrase(policy Policy, dirname string) (crypto.Key, *Protector, error) {`
			`// 20 random characters in a-z is 94 bits of entropy, which is way more`
			`// than enough for a passphrase which still goes through the usual`
			`// passphrase hashing which makes it extremely costly to brute force.`
			`passphrase, err := crypto.NewRandomPassphrase(20)`
			`if err != nil {`
			`return nil, nil, err`
			`}`
			`defer func() {`
			`if err != nil {`
			`passphrase.Wipe()`
			`}`
			`}()`
			`getPassphraseFn := func(info ProtectorInfo, retry bool) (*crypto.Key, error) {`
			`// CreateProtector() wipes the passphrase, but in this case we`
			`// still need it for later, so make a copy.`
			`return passphrase.Clone()`
			`}`
			`var recoveryProtector *Protector`
			`customCtx := modifiedContextWithSource(policy.Context, metadata.SourceType_custom_passphrase)`
			`seq := 1`
			`for {`
			`// Automatically generate a name for the recovery protector.`
			`name := "Recovery passphrase for " + dirname`
			`if seq != 1 {`
			`name += " (" + strconv.Itoa(seq) + ")"`
			`}`
			`recoveryProtector, err = CreateProtector(customCtx, name, getPassphraseFn, policy.ownerIfCreating)`
			`if err == nil {`
			`break`
			`}`
			`if _, ok := err.(*ErrProtectorNameExists); !ok {`
			`return nil, nil, err`
			`}`
			`seq++`
			`}`
			`if err := policy.AddProtector(recoveryProtector); err != nil {`
			`recoveryProtector.Revert()`
			`return nil, nil, err`
			`}`
			`return passphrase, recoveryProtector, nil`
			`}`

			`// WriteRecoveryInstructions writes a recovery passphrase and instructions to a`
			`// file. This file should initially be located in the encrypted directory`
			`// protected by the passphrase itself. It's up to the user to store the`
			`// passphrase in a different location if they actually need it.`
			`func WriteRecoveryInstructions(recoveryPassphrase crypto.Key, recoveryProtector Protector,`
			`policy *Policy, path string) error {`
			`file, err := os.OpenFile(path, os.O_WRONLY\|os.O_CREATE, 0600)`
			`if err != nil {`
			`return err`
			`}`
			`defer file.Close()`
			`str := fmt.Sprintf(`
			`fscrypt automatically generated a recovery passphrase for this directory:

			`%s`

			`It did this because you chose to protect this directory with your login`
			`passphrase, but this directory is not on the root filesystem.`

			`Copy this passphrase to a safe place if you want to still be able to unlock this`
			`directory if you re-install the operating system or connect this storage media`
			`to a different system (which would result in your login protector being lost).`

			`To unlock this directory using this recovery passphrase, run 'fscrypt unlock'`
			`and select the protector named %q.`

			`If you want to disable recovery passphrase generation (not recommended),`
			`re-create this directory and pass the --no-recovery option to 'fscrypt encrypt'.`
			`Alternatively, you can remove this recovery passphrase protector using:`

			`fscrypt metadata remove-protector-from-policy --force --protector=%s:%s --policy=%s:%s`

			`It is safe to keep it around though, as the recovery passphrase is high-entropy.`
			`, recoveryPassphrase.Data(), recoveryProtector.data.Name,
			`recoveryProtector.Context.Mount.Path, recoveryProtector.data.ProtectorDescriptor,`
			`policy.Context.Mount.Path, policy.data.KeyDescriptor)`
			`if _, err = file.WriteString(str); err != nil {`
			`return err`
			`}`
			`if recoveryProtector.ownerIfCreating != nil {`
			`if err = util.Chown(file, recoveryProtector.ownerIfCreating); err != nil {`
			`return err`
			`}`
			`}`
			`return file.Sync()`
			`}`