/*
 * rand.go - Reader used to generate secure random data for fscrypt.
 *
 * Copyright 2017 Google Inc.
 * Author: Joe Richey (joerichey@google.com)
 *
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not
 * use this file except in compliance with the License. You may obtain a copy of
 * the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 * License for the specific language governing permissions and limitations under
 * the License.
 */

package crypto

import (
	"io"

	"github.com/pkg/errors"
	"golang.org/x/sys/unix"
)

// NewRandomBuffer uses the Linux Getrandom() syscall to create random bytes. If
// the operating system has insufficient randomness, the buffer creation will
// fail. This is an improvement over Go's built-in crypto/rand which will still
// return bytes if the system has insufficiency entropy.
//
//	See: https://github.com/golang/go/issues/19274
//
// While this syscall was only introduced in Kernel v3.17, it predates the
// introduction of filesystem encryption, so it introduces no additional
// compatibility issues.
func NewRandomBuffer(length int) ([]byte, error) {
	buffer := make([]byte, length)
	if _, err := io.ReadFull(randReader{}, buffer); err != nil {
		return nil, err
	}
	return buffer, nil
}

// NewRandomKey creates a random key of the specified length. This function uses
// the same random number generation process as NewRandomBuffer.
func NewRandomKey(length int) (*Key, error) {
	return NewFixedLengthKeyFromReader(randReader{}, length)
}

// NewRandomPassphrase creates a random passphrase of the specified length
// containing random alphabetic characters.
func NewRandomPassphrase(length int) (*Key, error) {
	chars := []byte("abcdefghijklmnopqrstuvwxyz")
	passphrase, err := NewBlankKey(length)
	if err != nil {
		return nil, err
	}
	for i := 0; i < length; {
		// Get some random bytes.
		raw, err := NewRandomKey((length - i) * 2)
		if err != nil {
			return nil, err
		}
		// Translate the random bytes into random characters.
		for _, b := range raw.data {
			if int(b) >= 256-(256%len(chars)) {
				// Avoid bias towards the first characters in the list.
				continue
			}
			c := chars[int(b)%len(chars)]
			passphrase.data[i] = c
			i++
			if i == length {
				break
			}
		}
		raw.Wipe()
	}
	return passphrase, nil
}

// randReader just calls into Getrandom, so no internal data is needed.
type randReader struct{}

func (r randReader) Read(buffer []byte) (int, error) {
	n, err := unix.Getrandom(buffer, unix.GRND_NONBLOCK)
	switch err {
	case nil:
		return n, nil
	case unix.EAGAIN:
		err = errors.New("insufficient entropy in pool")
	case unix.ENOSYS:
		err = errors.New("kernel must be v3.17 or later")
	}
	return 0, errors.Wrap(err, "getrandom() failed")
}