fscrypt.git/crypto/rand.go, branch v0.2.3 Go tool for managing Linux filesystem encryption Change error handling to new package 2017-06-28T21:06:52+00:00 Joe Richey joerichey@google.com joerichey@google.com 2017-06-21T16:52:40+00:00 77b226a90ef70b77ca556830528c013a23b01e57 This commit changes the error handing for the crypto, filesystem, metadata, pam, and util packages to use the error handling library github.com/pkg/errors. This means elimination of the FSError type, an increased use of wrapping errors (as opposed to logging), switching on the Cause() of an error (as opposed to its value), and improving our integration tests involving TEST_FILESYSTEM_ROOT. This commit also fixes a few bugs with the keyring code to ensure that our {Find|Remove|Insert}PolicyKey functions are always operating on the same keyring. The check for filesystem support has been moved from the filesystem package to the metadata package. Finally, the API for the filesystem package has been slightly modified: * filesystem.AllFilesystems() now returns all the filesystems in sorted order * certain path methods are now public O_SYNC is also removed for writing the metadata. We don't get that much from syncing the metadata, as the actual file data could also be corrupted by and IO error. The sync operation is also occasionally very slow (~3 seconds) and can be unfriendly to battery life. Change-Id: I392c2655141714b16dfdbc84ac09780072be2cf0 
This commit changes the error handing for the crypto, filesystem,
metadata, pam, and util packages to use the error handling library
github.com/pkg/errors. This means elimination of the FSError type, an
increased use of wrapping errors (as opposed to logging), switching
on the Cause() of an error (as opposed to its value), and improving our
integration tests involving TEST_FILESYSTEM_ROOT.

This commit also fixes a few bugs with the keyring code to ensure that
our {Find|Remove|Insert}PolicyKey functions are always operating on the
same keyring. The check for filesystem support has been moved from the
filesystem package to the metadata package. Finally, the API for the
filesystem package has been slightly modified:
	* filesystem.AllFilesystems() now returns all the filesystems in
	  sorted order
	* certain path methods are now public

O_SYNC is also removed for writing the metadata. We don't get that much
from syncing the metadata, as the actual file data could also be
corrupted by and IO error. The sync operation is also occasionally very
slow (~3 seconds) and can be unfriendly to battery life.

Change-Id: I392c2655141714b16dfdbc84ac09780072be2cf0
crypto: tests, errors, and descriptor computation 2017-05-31T19:37:35+00:00 Joe Richey joerichey@google.com joerichey@google.com 2017-05-24T01:41:36+00:00 bc66b8a56ee7ae4f703cf30502aff8b7d68953d0 This changes the crypto package so it now builds in light of the changes to the util and metadata package. This commit also improves the error handling, adds tests, and makes it so recovery keys now correspond to Policy keys (as they are used to recover a directory in the absence of any metadata). The only feature addition here is the ability to compute descriptors. For backwards compatibility, we keep the same descriptor algorithm used before (double SHA512). Change-Id: Ia2b53c6e85ce65c57595e6823d3c4c92219bc8dc 
This changes the crypto package so it now builds in light of the changes
to the util and metadata package. This commit also improves the error
handling, adds tests, and makes it so recovery keys now correspond to
Policy keys (as they are used to recover a directory in the absence of
any metadata).

The only feature addition here is the ability to compute descriptors.
For backwards compatibility, we keep the same descriptor algorithm used
before (double SHA512).

Change-Id: Ia2b53c6e85ce65c57595e6823d3c4c92219bc8dc
crypto: add secure random reader using getrandom 2017-05-02T20:39:18+00:00 Joe Richey joerichey@google.com 2017-03-02T19:58:07+00:00 49b3026574ab692cfabcabe90751b163a76df31b This commit adds in RandReader, a cryptographically secure io.Reader that will fail when the os has insufficient randomness. This is done using the getrandom() syscall in non-blocking mode. see: http://man7.org/linux/man-pages/man2/getrandom.2.html Any kernel new enough to have filesystem encryption will also have this syscall. This RandReader is preferable to the one provided by the standard library in crypto/rand. See the bugs: https://github.com/golang/go/issues/11833 https://github.com/golang/go/issues/19274 This will be removed when go updates the crypto/rand implementation. Change-Id: Icccaf07bc6011b95cd31a5c268e7486807dcffe2 
This commit adds in RandReader, a cryptographically secure io.Reader
that will fail when the os has insufficient randomness. This is done
using the getrandom() syscall in non-blocking mode.
  see: http://man7.org/linux/man-pages/man2/getrandom.2.html
Any kernel new enough to have filesystem encryption will also have this
syscall.

This RandReader is preferable to the one provided by the standard
library in crypto/rand. See the bugs:
	https://github.com/golang/go/issues/11833
	https://github.com/golang/go/issues/19274
This will be removed when go updates the crypto/rand implementation.

Change-Id: Icccaf07bc6011b95cd31a5c268e7486807dcffe2