2 files changed, 6 insertions, 70 deletions
diff --git a/crypto/crypto.go b/crypto/crypto.go
index a85d345..dbd13ff 100644
--- a/crypto/crypto.go
+++ b/crypto/crypto.go
@@ -42,6 +42,7 @@ import (
 	"crypto/aes"
 	"crypto/cipher"
 	"crypto/hmac"
+	"crypto/rand"
 	"crypto/sha256"
 	"crypto/sha512"
 	"encoding/hex"
@@ -135,11 +136,13 @@ func Wrap(wrappingKey, secretKey *Key) (*metadata.WrappedKeyData, error) {
 		return nil, err
 	}
 
-	data := &metadata.WrappedKeyData{EncryptedKey: make([]byte, secretKey.Len())}
+	data := &metadata.WrappedKeyData{
+		EncryptedKey: make([]byte, secretKey.Len()),
+		IV:           make([]byte, metadata.IVLen),
+	}
 
 	// Get random IV
-	var err error
-	if data.IV, err = NewRandomBuffer(metadata.IVLen); err != nil {
+	if _, err := rand.Read(data.IV); err != nil {
 		return nil, err
 	}
 
diff --git a/crypto/rand.go b/crypto/rand.go
deleted file mode 100644
index 0778ebd..0000000
--- a/crypto/rand.go
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
- * rand.go - Reader used to generate secure random data for fscrypt.
- *
- * Copyright 2017 Google Inc.
- * Author: Joe Richey (joerichey@google.com)
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may not
- * use this file except in compliance with the License. You may obtain a copy of
- * the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
- * License for the specific language governing permissions and limitations under
- * the License.
- */
-
-package crypto
-
-import (
-	"io"
-
-	"github.com/pkg/errors"
-	"golang.org/x/sys/unix"
-)
-
-// NewRandomBuffer uses the Linux Getrandom() syscall to create random bytes. If
-// the operating system has insufficient randomness, the buffer creation will
-// fail. This is an improvement over Go's built-in crypto/rand which will still
-// return bytes if the system has insufficiency entropy.
-// 	See: https://github.com/golang/go/issues/19274
-//
-// While this syscall was only introduced in Kernel v3.17, it predates the
-// introduction of filesystem encryption, so it introduces no additional
-// compatibility issues.
-func NewRandomBuffer(length int) ([]byte, error) {
-	buffer := make([]byte, length)
-	if _, err := io.ReadFull(randReader{}, buffer); err != nil {
-		return nil, err
-	}
-	return buffer, nil
-}
-
-// NewRandomKey creates a random key of the specified length. This function uses
-// the same random number generation process a NewRandomBuffer.
-func NewRandomKey(length int) (*Key, error) {
-	return NewFixedLengthKeyFromReader(randReader{}, length)
-}
-
-// randReader just calls into Getrandom, so no internal data is needed.
-type randReader struct{}
-
-func (r randReader) Read(buffer []byte) (int, error) {
-	n, err := unix.Getrandom(buffer, unix.GRND_NONBLOCK)
-	switch err {
-	case nil:
-		return n, nil
-	case unix.EAGAIN:
-		return 0, errors.Wrap(ErrGetrandomFail, "insufficient entropy in pool")
-	case unix.ENOSYS:
-		return 0, errors.Wrap(ErrGetrandomFail, "kernel must be v3.17 or later")
-	default:
-		return 0, errors.Wrap(ErrGetrandomFail, err.Error())
-	}
-}