rclone/lib/random/random.go

// Package random holds a few functions for working with random numbers
package random

import (
	cryptorand "crypto/rand"
	"encoding/base64"
	"fmt"
	"io"
)

// StringFn create a random string for test purposes using the random
// number generator function passed in.
//
// Do not use these for passwords.
func StringFn(n int, randReader io.Reader) string {
	const (
		vowel     = "aeiou"
		consonant = "bcdfghjklmnpqrstvwxyz"
		digit     = "0123456789"
	)
	var (
		pattern = []string{consonant, vowel, consonant, vowel, consonant, vowel, consonant, digit}
		out     = make([]byte, n)
		p       = 0
	)
	_, err := io.ReadFull(randReader, out)
	if err != nil {
		panic(fmt.Sprintf("internal error: failed to read from random reader: %v", err))
	}
	for i := range out {
		source := pattern[p]
		p = (p + 1) % len(pattern)
		// this generation method means the distribution is slightly biased. However these
		// strings are not for passwords so this is deemed OK.
		out[i] = source[out[i]%byte(len(source))]
	}
	return string(out)
}

// String create a random string for test purposes.
//
// Do not use these for passwords.
func String(n int) string {
	return StringFn(n, cryptorand.Reader)
}

// Password creates a crypto strong password which is just about
// memorable.  The password is composed of printable ASCII characters
// from the base64 alphabet.
//
// Requires password strength in bits.
// 64 is just about memorable
// 128 is secure
func Password(bits int) (password string, err error) {
	bytes := bits / 8
	if bits%8 != 0 {
		bytes++
	}
	var pw = make([]byte, bytes)
	n, err := cryptorand.Read(pw)
	if err != nil {
		return "", fmt.Errorf("password read failed: %w", err)
	}
	if n != bytes {
		return "", fmt.Errorf("password short read: %d", n)
	}
	password = base64.RawURLEncoding.EncodeToString(pw)
	return password, nil
}
lib/random: unify random string generation into random.String This was factored from fstest as we were including the testing enviroment into the main binary because of it. This was causing opening the browser to fail because of 8243ff8bc8. 2019-08-06 13:44:08 +02:00			`// Package random holds a few functions for working with random numbers`
			`package random`

Review random string/password generation - factor password generation into lib/random.Password - call from appropriate places - choose appropriate use of random.String vs random.Password 2019-08-25 09:39:31 +02:00			`import (`
random: fix incorrect use of math/rand instead of crypto/rand CVE-2020-28924 For implications see the linked issue. Fixes #4783 2020-11-18 13:03:01 +01:00			`cryptorand "crypto/rand"`
Review random string/password generation - factor password generation into lib/random.Password - call from appropriate places - choose appropriate use of random.String vs random.Password 2019-08-25 09:39:31 +02:00			`"encoding/base64"`
Remove github.com/pkg/errors and replace with std library version This is possible now that we no longer support go1.12 and brings rclone into line with standard practices in the Go world. This also removes errors.New and errors.Errorf from lib/errors and prefers the stdlib errors package over lib/errors. 2021-11-04 11:12:57 +01:00			`"fmt"`
random: speed up String function for generating larger blocks 2023-11-23 20:58:22 +01:00			`"io"`
Review random string/password generation - factor password generation into lib/random.Password - call from appropriate places - choose appropriate use of random.String vs random.Password 2019-08-25 09:39:31 +02:00			`)`

test makefiles: add --seed flag and make data generated repeatable #5214 2021-04-10 14:42:17 +02:00			`// StringFn create a random string for test purposes using the random`
			`// number generator function passed in.`
Review random string/password generation - factor password generation into lib/random.Password - call from appropriate places - choose appropriate use of random.String vs random.Password 2019-08-25 09:39:31 +02:00			`//`
			`// Do not use these for passwords.`
random: speed up String function for generating larger blocks 2023-11-23 20:58:22 +01:00			`func StringFn(n int, randReader io.Reader) string {`
lib/random: unify random string generation into random.String This was factored from fstest as we were including the testing enviroment into the main binary because of it. This was causing opening the browser to fail because of 8243ff8bc8. 2019-08-06 13:44:08 +02:00			`const (`
			`vowel = "aeiou"`
			`consonant = "bcdfghjklmnpqrstvwxyz"`
			`digit = "0123456789"`
			`)`
random: speed up String function for generating larger blocks 2023-11-23 20:58:22 +01:00			`var (`
			`pattern = []string{consonant, vowel, consonant, vowel, consonant, vowel, consonant, digit}`
			`out = make([]byte, n)`
			`p = 0`
			`)`
			`_, err := io.ReadFull(randReader, out)`
			`if err != nil {`
			`panic(fmt.Sprintf("internal error: failed to read from random reader: %v", err))`
			`}`
lib/random: unify random string generation into random.String This was factored from fstest as we were including the testing enviroment into the main binary because of it. This was causing opening the browser to fail because of 8243ff8bc8. 2019-08-06 13:44:08 +02:00			`for i := range out {`
			`source := pattern[p]`
			`p = (p + 1) % len(pattern)`
random: speed up String function for generating larger blocks 2023-11-23 20:58:22 +01:00			`// this generation method means the distribution is slightly biased. However these`
			`// strings are not for passwords so this is deemed OK.`
			`out[i] = source[out[i]%byte(len(source))]`
lib/random: unify random string generation into random.String This was factored from fstest as we were including the testing enviroment into the main binary because of it. This was causing opening the browser to fail because of 8243ff8bc8. 2019-08-06 13:44:08 +02:00			`}`
			`return string(out)`
			`}`
Review random string/password generation - factor password generation into lib/random.Password - call from appropriate places - choose appropriate use of random.String vs random.Password 2019-08-25 09:39:31 +02:00
test makefiles: add --seed flag and make data generated repeatable #5214 2021-04-10 14:42:17 +02:00			`// String create a random string for test purposes.`
			`//`
			`// Do not use these for passwords.`
			`func String(n int) string {`
random: speed up String function for generating larger blocks 2023-11-23 20:58:22 +01:00			`return StringFn(n, cryptorand.Reader)`
test makefiles: add --seed flag and make data generated repeatable #5214 2021-04-10 14:42:17 +02:00			`}`

Review random string/password generation - factor password generation into lib/random.Password - call from appropriate places - choose appropriate use of random.String vs random.Password 2019-08-25 09:39:31 +02:00			`// Password creates a crypto strong password which is just about`
			`// memorable. The password is composed of printable ASCII characters`
			`// from the base64 alphabet.`
			`//`
Spelling fixes Fix spelling of: above, already, anonymous, associated, authentication, bandwidth, because, between, blocks, calculate, candidates, cautious, changelog, cleaner, clipboard, command, completely, concurrently, considered, constructs, corrupt, current, daemon, dependencies, deprecated, directory, dispatcher, download, eligible, ellipsis, encrypter, endpoint, entrieslist, essentially, existing writers, existing, expires, filesystem, flushing, frequently, hierarchy, however, implementation, implements, inaccurate, individually, insensitive, longer, maximum, metadata, modified, multipart, namedirfirst, nextcloud, obscured, opened, optional, owncloud, pacific, passphrase, password, permanently, persimmon, positive, potato, protocol, quota, receiving, recommends, referring, requires, revisited, satisfied, satisfies, satisfy, semver, serialized, session, storage, strategies, stringlist, successful, supported, surprise, temporarily, temporary, transactions, unneeded, update, uploads, wrapped Signed-off-by: Josh Soref <jsoref@users.noreply.github.com> 2020-10-09 02:17:24 +02:00			`// Requires password strength in bits.`
Review random string/password generation - factor password generation into lib/random.Password - call from appropriate places - choose appropriate use of random.String vs random.Password 2019-08-25 09:39:31 +02:00			`// 64 is just about memorable`
			`// 128 is secure`
			`func Password(bits int) (password string, err error) {`
			`bytes := bits / 8`
			`if bits%8 != 0 {`
			`bytes++`
			`}`
			`var pw = make([]byte, bytes)`
random: fix incorrect use of math/rand instead of crypto/rand CVE-2020-28924 For implications see the linked issue. Fixes #4783 2020-11-18 13:03:01 +01:00			`n, err := cryptorand.Read(pw)`
Review random string/password generation - factor password generation into lib/random.Password - call from appropriate places - choose appropriate use of random.String vs random.Password 2019-08-25 09:39:31 +02:00			`if err != nil {`
Remove github.com/pkg/errors and replace with std library version This is possible now that we no longer support go1.12 and brings rclone into line with standard practices in the Go world. This also removes errors.New and errors.Errorf from lib/errors and prefers the stdlib errors package over lib/errors. 2021-11-04 11:12:57 +01:00			`return "", fmt.Errorf("password read failed: %w", err)`
Review random string/password generation - factor password generation into lib/random.Password - call from appropriate places - choose appropriate use of random.String vs random.Password 2019-08-25 09:39:31 +02:00			`}`
			`if n != bytes {`
Remove github.com/pkg/errors and replace with std library version This is possible now that we no longer support go1.12 and brings rclone into line with standard practices in the Go world. This also removes errors.New and errors.Errorf from lib/errors and prefers the stdlib errors package over lib/errors. 2021-11-04 11:12:57 +01:00			`return "", fmt.Errorf("password short read: %d", n)`
Review random string/password generation - factor password generation into lib/random.Password - call from appropriate places - choose appropriate use of random.String vs random.Password 2019-08-25 09:39:31 +02:00			`}`
			`password = base64.RawURLEncoding.EncodeToString(pw)`
			`return password, nil`
			`}`