vendor: vendor fscrypt integration dependencies

Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>

vendor/github.com/google/fscrypt/crypto/rand.go

@@ -0,0 +1,98 @@
+/*
+ * rand.go - Reader used to generate secure random data for fscrypt.
+ *
+ * Copyright 2017 Google Inc.
+ * Author: Joe Richey (joerichey@google.com)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+
+package crypto
+
+import (
+	"io"
+
+	"github.com/pkg/errors"
+	"golang.org/x/sys/unix"
+)
+
+// NewRandomBuffer uses the Linux Getrandom() syscall to create random bytes. If
+// the operating system has insufficient randomness, the buffer creation will
+// fail. This is an improvement over Go's built-in crypto/rand which will still
+// return bytes if the system has insufficiency entropy.
+// 	See: https://github.com/golang/go/issues/19274
+//
+// While this syscall was only introduced in Kernel v3.17, it predates the
+// introduction of filesystem encryption, so it introduces no additional
+// compatibility issues.
+func NewRandomBuffer(length int) ([]byte, error) {
+	buffer := make([]byte, length)
+	if _, err := io.ReadFull(randReader{}, buffer); err != nil {
+		return nil, err
+	}
+	return buffer, nil
+}
+
+// NewRandomKey creates a random key of the specified length. This function uses
+// the same random number generation process as NewRandomBuffer.
+func NewRandomKey(length int) (*Key, error) {
+	return NewFixedLengthKeyFromReader(randReader{}, length)
+}
+
+// NewRandomPassphrase creates a random passphrase of the specified length
+// containing random alphabetic characters.
+func NewRandomPassphrase(length int) (*Key, error) {
+	chars := []byte("abcdefghijklmnopqrstuvwxyz")
+	passphrase, err := NewBlankKey(length)
+	if err != nil {
+		return nil, err
+	}
+	for i := 0; i < length; {
+		// Get some random bytes.
+		raw, err := NewRandomKey((length - i) * 2)
+		if err != nil {
+			return nil, err
+		}
+		// Translate the random bytes into random characters.
+		for _, b := range raw.data {
+			if int(b) >= 256-(256%len(chars)) {
+				// Avoid bias towards the first characters in the list.
+				continue
+			}
+			c := chars[int(b)%len(chars)]
+			passphrase.data[i] = c
+			i++
+			if i == length {
+				break
+			}
+		}
+		raw.Wipe()
+	}
+	return passphrase, nil
+}
+
+// randReader just calls into Getrandom, so no internal data is needed.
+type randReader struct{}
+
+func (r randReader) Read(buffer []byte) (int, error) {
+	n, err := unix.Getrandom(buffer, unix.GRND_NONBLOCK)
+	switch err {
+	case nil:
+		return n, nil
+	case unix.EAGAIN:
+		err = errors.New("insufficient entropy in pool")
+	case unix.ENOSYS:
+		err = errors.New("kernel must be v3.17 or later")
+	}
+	return 0, errors.Wrap(err, "getrandom() failed")
+}