Drop deprecated "-gcmiv128" option

The GCMIV128 feature flag is already mandatory, dropping the command
line option is the final step.

Completes https://github.com/rfjakob/gocryptfs/issues/29 .

5 files changed, 10 insertions, 50 deletions

diff --git a/Documentation/MANPAGE.md b/Documentation/MANPAGE.md
index fa62062..11d903d 100644
--- a/Documentation/MANPAGE.md
+++ b/Documentation/MANPAGE.md
@@ -58,13 +58,6 @@ to mount the gocryptfs filesytem without user interaction.
 **-fusedebug**
 :	Enable fuse library debug output
 
-**-gcmiv128**
-:	Use an 128-bit IV for GCM encryption instead of Go's default of
-96 bits (default true). This pushes back the birthday bound for IV
-collisions far enough to make it irrelevant.
-This flag is useful when recovering old gocryptfs filesystems using
-"-masterkey". It is ignored (stays at the default) otherwise.
-
 **-init**
 :	Initialize encrypted directory
 
diff --git a/internal/fusefrontend/args.go b/internal/fusefrontend/args.go
index 32a335d..b3fa665 100644
--- a/internal/fusefrontend/args.go
+++ b/internal/fusefrontend/args.go
@@ -6,6 +6,5 @@ type Args struct {
 	Cipherdir      string
 	OpenSSL        bool
 	PlaintextNames bool
-	GCMIV128       bool
 	LongNames      bool
 }
diff --git a/internal/fusefrontend/fs.go b/internal/fusefrontend/fs.go
index 1cf6d7c..20079b2 100644
--- a/internal/fusefrontend/fs.go
+++ b/internal/fusefrontend/fs.go
@@ -35,8 +35,7 @@ type FS struct {
 
 // Encrypted FUSE overlay filesystem
 func NewFS(args Args) *FS {
-
-	cryptoCore := cryptocore.New(args.Masterkey, args.OpenSSL, args.GCMIV128)
+	cryptoCore := cryptocore.New(args.Masterkey, args.OpenSSL, true)
 	contentEnc := contentenc.New(cryptoCore, contentenc.DefaultBS)
 	nameTransform := nametransform.New(cryptoCore, args.LongNames)
 
diff --git a/main.go b/main.go
index 70e9e99..b7ff97d 100644
--- a/main.go
+++ b/main.go
@@ -42,7 +42,7 @@ const (
 
 type argContainer struct {
 	debug, init, zerokey, fusedebug, openssl, passwd, foreground, version,
-	plaintextnames, quiet, gcmiv128, nosyslog, wpanic,
+	plaintextnames, quiet, nosyslog, wpanic,
 	longnames, allow_other, ro bool
 	masterkey, mountpoint, cipherdir, cpuprofile, config, extpass,
 	memprofile string
@@ -174,7 +174,6 @@ func main() {
 	flagSet.BoolVar(&args.plaintextnames, "plaintextnames", false, "Do not encrypt file names")
 	flagSet.BoolVar(&args.quiet, "q", false, "")
 	flagSet.BoolVar(&args.quiet, "quiet", false, "Quiet - silence informational messages")
-	flagSet.BoolVar(&args.gcmiv128, "gcmiv128", true, "Use an 128-bit IV for GCM encryption instead of Go's default of 96 bits")
 	flagSet.BoolVar(&args.nosyslog, "nosyslog", false, "Do not redirect output to syslog when running in the background")
 	flagSet.BoolVar(&args.wpanic, "wpanic", false, "When encountering a warning, panic and exit immediately")
 	flagSet.BoolVar(&args.longnames, "longnames", true, "Store names longer than 176 bytes in extra files")
@@ -368,14 +367,12 @@ func initFuseFrontend(key []byte, args argContainer, confFile *configfile.ConfFi
 		Masterkey:      key,
 		OpenSSL:        args.openssl,
 		PlaintextNames: args.plaintextnames,
-		GCMIV128:       args.gcmiv128,
 		LongNames:      args.longnames,
 	}
 	// confFile is nil when "-zerokey" or "-masterkey" was used
 	if confFile != nil {
 		// Settings from the config file override command line args
 		frontendArgs.PlaintextNames = confFile.IsFeatureFlagSet(configfile.FlagPlaintextNames)
-		frontendArgs.GCMIV128 = confFile.IsFeatureFlagSet(configfile.FlagGCMIV128)
 	}
 	jsonBytes, _ := json.MarshalIndent(frontendArgs, "", "\t")
 	tlog.Debug.Printf("frontendArgs: %s", string(jsonBytes))
diff --git a/tests/example_filesystems/example_filesystems_test.go b/tests/example_filesystems/example_filesystems_test.go
index d2b247a..93140c2 100644
--- a/tests/example_filesystems/example_filesystems_test.go
+++ b/tests/example_filesystems/example_filesystems_test.go
@@ -36,51 +36,23 @@ func TestExampleFSv05(t *testing.T) {
 	}
 }
 
-// Test example_filesystems/v0.6
-// with password mount and -masterkey mount
+// This filesystem is not supported anymore.
 func TestExampleFSv06(t *testing.T) {
-	pDir := test_helpers.TmpDir + "TestExampleFsV06/"
 	cDir := "v0.6"
-	err := os.Mkdir(pDir, 0777)
-	if err != nil {
-		t.Fatal(err)
-	}
-	err = test_helpers.Mount(cDir, pDir, false, "-extpass", "echo test")
+	pDir := test_helpers.TmpDir + cDir
+	err := test_helpers.Mount(cDir, pDir, false, "-extpass", "echo test")
 	if err == nil {
-		t.Errorf("Mounting deprecated FS should fail")
-	}
-	test_helpers.MountOrFatal(t, cDir, pDir, "-masterkey", "7bc8deb0-5fc894ef-a093da43-61561a81-"+
-		"0e8dee83-fdc056a4-937c37dd-9df5c520", "-gcmiv128=false")
-	checkExampleFS(t, pDir, true)
-	test_helpers.Unmount(pDir)
-	err = os.Remove(pDir)
-	if err != nil {
-		t.Error(err)
+		t.Errorf("Mounting too old FS should fail")
 	}
 }
 
-// Test example_filesystems/v0.6-plaintextnames
-// with password mount and -masterkey mount
-// v0.6 changed the file name handling a lot, hence the explicit test case for
-// plaintextnames.
+// This filesystem is not supported anymore.
 func TestExampleFSv06PlaintextNames(t *testing.T) {
-	pDir := test_helpers.TmpDir + "TestExampleFsV06PlaintextNames/"
 	cDir := "v0.6-plaintextnames"
-	err := os.Mkdir(pDir, 0777)
-	if err != nil {
-		t.Fatal(err)
-	}
-	err = test_helpers.Mount(cDir, pDir, false, "-extpass", "echo test")
+	pDir := test_helpers.TmpDir + cDir
+	err := test_helpers.Mount(cDir, pDir, false, "-extpass", "echo test")
 	if err == nil {
-		t.Errorf("Mounting deprecated FS should fail")
-	}
-	test_helpers.MountOrFatal(t, cDir, pDir, "-masterkey", "f4690202-595e4593-64c4f7e0-4dddd7d1-"+
-		"303147f9-0ca8aea2-966341a7-52ea8ae9", "-plaintextnames", "-gcmiv128=false")
-	checkExampleFS(t, pDir, true)
-	test_helpers.Unmount(pDir)
-	err = os.Remove(pDir)
-	if err != nil {
-		t.Error(err)
+		t.Errorf("Mounting too old FS should fail")
 	}
 }