Drop deprecated "-diriv" option

The DirIV feature flag is already mandatory, dropping the command
line option is the final step.

8 files changed, 27 insertions, 65 deletions

diff --git a/Documentation/MANPAGE.md b/Documentation/MANPAGE.md
index 1444c2b..bfc5279 100644
--- a/Documentation/MANPAGE.md
+++ b/Documentation/MANPAGE.md
@@ -46,11 +46,6 @@ user_allow_other is set in /etc/fuse.conf. This option is equivalent to
 **-d, -debug**
 :	Enable debug output
 
-**-diriv**
-:	Use per-directory file name IV (default true)
-This flag is useful when recovering old gocryptfs filesystems using
-"-masterkey". It is ignored (stays at the default) otherwise.
-
 **-emenames**
 :	Use EME filename encryption (default true), implies diriv.
 This flag is useful when recovering old gocryptfs filesystems using
diff --git a/internal/fusefrontend/args.go b/internal/fusefrontend/args.go
index 8520592..4f77973 100644
--- a/internal/fusefrontend/args.go
+++ b/internal/fusefrontend/args.go
@@ -6,7 +6,6 @@ type Args struct {
 	Cipherdir      string
 	OpenSSL        bool
 	PlaintextNames bool
-	DirIV          bool
 	EMENames       bool
 	GCMIV128       bool
 	LongNames      bool
diff --git a/internal/fusefrontend/fs.go b/internal/fusefrontend/fs.go
index 26c9252..4342482 100644
--- a/internal/fusefrontend/fs.go
+++ b/internal/fusefrontend/fs.go
@@ -249,17 +249,10 @@ func (fs *FS) Readlink(path string, context *fuse.Context) (out string, status f
 	if status != fuse.OK {
 		return "", status
 	}
-	// Old filesystem: symlinks are encrypted like paths (CBC)
-	if !fs.args.DirIV {
-		var target string
-		target, err = fs.decryptPath(cTarget)
-		if err != nil {
-			tlog.Warn.Printf("Readlink: CBC decryption failed: %v", err)
-			return "", fuse.EIO
-		}
-		return target, fuse.OK
+	if fs.args.PlaintextNames {
+		return cTarget, fuse.OK
 	}
-	// Since gocryptfs v0.5 symlinks are encrypted like file contents (GCM)
+	// Symlinks are encrypted like file contents (GCM) and base64-encoded
 	cBinTarget, err := base64.URLEncoding.DecodeString(cTarget)
 	if err != nil {
 		tlog.Warn.Printf("Readlink: %v", err)
@@ -316,19 +309,11 @@ func (fs *FS) Symlink(target string, linkName string, context *fuse.Context) (co
 	if err != nil {
 		return fuse.ToStatus(err)
 	}
-	// Before v0.5, symlinks were encrypted like paths (CBC)
-	// TODO drop compatibility and simplify code?
-	if !fs.args.DirIV {
-		var cTarget string
-		cTarget, err = fs.encryptPath(target)
-		if err != nil {
-			tlog.Warn.Printf("Symlink: BUG: we should not get an error here: %v", err)
-			return fuse.ToStatus(err)
-		}
-		err = os.Symlink(cTarget, cPath)
+	if fs.args.PlaintextNames {
+		err = os.Symlink(target, cPath)
 		return fuse.ToStatus(err)
 	}
-
+	// Symlinks are encrypted like file contents (GCM) and base64-encoded
 	cBinTarget := fs.contentEnc.EncryptBlock([]byte(target), 0, nil)
 	cTarget := base64.URLEncoding.EncodeToString(cBinTarget)
 
diff --git a/internal/fusefrontend/fs_dir.go b/internal/fusefrontend/fs_dir.go
index f77486d..80a66ca 100644
--- a/internal/fusefrontend/fs_dir.go
+++ b/internal/fusefrontend/fs_dir.go
@@ -46,9 +46,6 @@ func (fs *FS) Mkdir(newPath string, mode uint32, context *fuse.Context) (code fu
 	if err != nil {
 		return fuse.ToStatus(err)
 	}
-	if !fs.args.DirIV {
-		return fuse.ToStatus(os.Mkdir(cPath, os.FileMode(mode)))
-	}
 	// We need write and execute permissions to create gocryptfs.diriv
 	origMode := mode
 	mode = mode | 0300
@@ -98,9 +95,6 @@ func (fs *FS) Rmdir(path string, context *fuse.Context) (code fuse.Status) {
 	if err != nil {
 		return fuse.ToStatus(err)
 	}
-	if !fs.args.DirIV {
-		return fuse.ToStatus(syscall.Rmdir(cPath))
-	}
 
 	parentDir := filepath.Dir(cPath)
 	parentDirFd, err := os.Open(parentDir)
@@ -215,10 +209,10 @@ func (fs *FS) OpenDir(dirName string, context *fuse.Context) ([]fuse.DirEntry, f
 	if cipherEntries == nil {
 		return nil, status
 	}
-	// Get DirIV (stays nil if DirIV if off)
+	// Get DirIV (stays nil if PlaintextNames is used)
 	var cachedIV []byte
 	var cDirAbsPath string
-	if fs.args.DirIV {
+	if !fs.args.PlaintextNames {
 		// Read the DirIV once and use it for all later name decryptions
 		cDirAbsPath = filepath.Join(fs.args.Cipherdir, cDirName)
 		cachedIV, err = nametransform.ReadDirIV(cDirAbsPath)
@@ -237,7 +231,7 @@ func (fs *FS) OpenDir(dirName string, context *fuse.Context) ([]fuse.DirEntry, f
 			// silently ignore "gocryptfs.conf" in the top level dir
 			continue
 		}
-		if fs.args.DirIV && cName == nametransform.DirIVFilename {
+		if !fs.args.PlaintextNames && cName == nametransform.DirIVFilename {
 			// silently ignore "gocryptfs.diriv" everywhere if dirIV is enabled
 			continue
 		}
diff --git a/internal/fusefrontend/names.go b/internal/fusefrontend/names.go
index 907b6b4..54b41ae 100644
--- a/internal/fusefrontend/names.go
+++ b/internal/fusefrontend/names.go
@@ -44,9 +44,6 @@ func (fs *FS) encryptPath(plainPath string) (string, error) {
 	if fs.args.PlaintextNames {
 		return plainPath, nil
 	}
-	if !fs.args.DirIV {
-		return fs.nameTransform.EncryptPathNoIV(plainPath), nil
-	}
 	fs.dirIVLock.RLock()
 	cPath, err := fs.nameTransform.EncryptPathDirIV(plainPath, fs.args.Cipherdir)
 	tlog.Debug.Printf("encryptPath '%s' -> '%s' (err: %v)", plainPath, cPath, err)
@@ -59,9 +56,6 @@ func (fs *FS) decryptPath(cipherPath string) (string, error) {
 	if fs.args.PlaintextNames {
 		return cipherPath, nil
 	}
-	if !fs.args.DirIV {
-		return fs.nameTransform.DecryptPathNoIV(cipherPath)
-	}
 	fs.dirIVLock.RLock()
 	defer fs.dirIVLock.RUnlock()
 	return fs.nameTransform.DecryptPathDirIV(cipherPath, fs.args.Cipherdir)
diff --git a/main.go b/main.go
index 6ed9271..20c4d8b 100644
--- a/main.go
+++ b/main.go
@@ -42,7 +42,7 @@ const (
 
 type argContainer struct {
 	debug, init, zerokey, fusedebug, openssl, passwd, foreground, version,
-	plaintextnames, quiet, diriv, emenames, gcmiv128, nosyslog, wpanic,
+	plaintextnames, quiet, emenames, gcmiv128, nosyslog, wpanic,
 	longnames, allow_other, ro bool
 	masterkey, mountpoint, cipherdir, cpuprofile, config, extpass,
 	memprofile string
@@ -77,7 +77,7 @@ func initDir(args *argContainer) {
 		os.Exit(ERREXIT_INIT)
 	}
 
-	if args.diriv && !args.plaintextnames {
+	if !args.plaintextnames {
 		// Create gocryptfs.diriv in the root dir
 		err = nametransform.WriteDirIV(args.cipherdir)
 		if err != nil {
@@ -174,7 +174,6 @@ func main() {
 	flagSet.BoolVar(&args.plaintextnames, "plaintextnames", false, "Do not encrypt file names")
 	flagSet.BoolVar(&args.quiet, "q", false, "")
 	flagSet.BoolVar(&args.quiet, "quiet", false, "Quiet - silence informational messages")
-	flagSet.BoolVar(&args.diriv, "diriv", true, "Use per-directory file name IV")
 	flagSet.BoolVar(&args.emenames, "emenames", true, "Use EME filename encryption. This option implies diriv.")
 	flagSet.BoolVar(&args.gcmiv128, "gcmiv128", true, "Use an 128-bit IV for GCM encryption instead of Go's default of 96 bits")
 	flagSet.BoolVar(&args.nosyslog, "nosyslog", false, "Do not redirect output to syslog when running in the background")
@@ -370,7 +369,6 @@ func initFuseFrontend(key []byte, args argContainer, confFile *configfile.ConfFi
 		Masterkey:      key,
 		OpenSSL:        args.openssl,
 		PlaintextNames: args.plaintextnames,
-		DirIV:          args.diriv,
 		EMENames:       args.emenames,
 		GCMIV128:       args.gcmiv128,
 		LongNames:      args.longnames,
@@ -379,17 +377,11 @@ func initFuseFrontend(key []byte, args argContainer, confFile *configfile.ConfFi
 	if confFile != nil {
 		// Settings from the config file override command line args
 		frontendArgs.PlaintextNames = confFile.IsFeatureFlagSet(configfile.FlagPlaintextNames)
-		frontendArgs.DirIV = confFile.IsFeatureFlagSet(configfile.FlagDirIV)
 		frontendArgs.EMENames = confFile.IsFeatureFlagSet(configfile.FlagEMENames)
 		frontendArgs.GCMIV128 = confFile.IsFeatureFlagSet(configfile.FlagGCMIV128)
 	}
-	// EMENames implies DirIV, both on the command line and in the config file.
-	if frontendArgs.EMENames {
-		frontendArgs.DirIV = true
-	}
-	// PlainTexnames disables both EMENames and DirIV
+	// PlainTexnames disables EMENames
 	if frontendArgs.PlaintextNames {
-		frontendArgs.DirIV = false
 		frontendArgs.EMENames = false
 	}
 	jsonBytes, _ := json.MarshalIndent(frontendArgs, "", "\t")
diff --git a/tests/example_filesystems/example_filesystems_test.go b/tests/example_filesystems/example_filesystems_test.go
index c4a0cad..d91a040 100644
--- a/tests/example_filesystems/example_filesystems_test.go
+++ b/tests/example_filesystems/example_filesystems_test.go
@@ -86,14 +86,15 @@ func TestExampleFSv04(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	err = test_helpers.Mount(cDir, pDir, "-extpass", "echo test")
+	err = test_helpers.Mount(cDir, pDir, false, "-extpass", "echo test")
 	if err == nil {
 		t.Errorf("Mounting deprecated FS should fail")
 	}
-	test_helpers.MountOrFatal(t, cDir, pDir, "-masterkey", "74676e34-0b47c145-00dac61a-17a92316-"+
+	err = test_helpers.Mount(cDir, pDir, false, "-masterkey", "74676e34-0b47c145-00dac61a-17a92316-"+
 		"bb57044c-e205b71f-65f4fdca-7cabd4b3", "-diriv=false", "-emenames=false", "-gcmiv128=false")
-	checkExampleFS(t, pDir, true)
-	test_helpers.Unmount(pDir)
+	if err == nil {
+		t.Errorf("Mounting deprecated FS should fail")
+	}
 	err = os.Remove(pDir)
 	if err != nil {
 		t.Error(err)
@@ -109,7 +110,7 @@ func TestExampleFSv05(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	err = test_helpers.Mount(cDir, pDir, "-extpass", "echo test")
+	err = test_helpers.Mount(cDir, pDir, false, "-extpass", "echo test")
 	if err == nil {
 		t.Errorf("Mounting deprecated FS should fail")
 	}
@@ -132,7 +133,7 @@ func TestExampleFSv06(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	err = test_helpers.Mount(cDir, pDir, "-extpass", "echo test")
+	err = test_helpers.Mount(cDir, pDir, false, "-extpass", "echo test")
 	if err == nil {
 		t.Errorf("Mounting deprecated FS should fail")
 	}
@@ -157,7 +158,7 @@ func TestExampleFSv06PlaintextNames(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	err = test_helpers.Mount(cDir, pDir, "-extpass", "echo test")
+	err = test_helpers.Mount(cDir, pDir, false, "-extpass", "echo test")
 	if err == nil {
 		t.Errorf("Mounting deprecated FS should fail")
 	}
diff --git a/tests/test_helpers/helpers.go b/tests/test_helpers/helpers.go
index a3258fb..655df05 100644
--- a/tests/test_helpers/helpers.go
+++ b/tests/test_helpers/helpers.go
@@ -91,7 +91,7 @@ func InitFS(t *testing.T, extraArgs ...string) string {
 
 // Mount CIPHERDIR "c" on PLAINDIR "p"
 // Creates "p" if it does not exist.
-func Mount(c string, p string, extraArgs ...string) error {
+func Mount(c string, p string, showOutput bool, extraArgs ...string) error {
 	var args []string
 	args = append(args, extraArgs...)
 	args = append(args, "-nosyslog", "-q", "-wpanic")
@@ -108,15 +108,17 @@ func Mount(c string, p string, extraArgs ...string) error {
 	}
 
 	cmd := exec.Command(GocryptfsBinary, args...)
-	cmd.Stderr = os.Stderr
-	cmd.Stdout = os.Stdout
+	if showOutput {
+		cmd.Stderr = os.Stderr
+		cmd.Stdout = os.Stdout
+	}
 
 	return cmd.Run()
 }
 
 // MountOrExit calls mount() and exits on failure.
 func MountOrExit(c string, p string, extraArgs ...string) {
-	err := Mount(c, p, extraArgs...)
+	err := Mount(c, p, true, extraArgs...)
 	if err != nil {
 		fmt.Printf("mount failed: %v", err)
 		os.Exit(1)
@@ -125,7 +127,7 @@ func MountOrExit(c string, p string, extraArgs ...string) {
 
 // MountOrFatal calls mount() and calls t.Fatal() on failure.
 func MountOrFatal(t *testing.T, c string, p string, extraArgs ...string) {
-	err := Mount(c, p, extraArgs...)
+	err := Mount(c, p, true, extraArgs...)
 	if err != nil {
 		t.Fatal(fmt.Errorf("mount failed: %v", err))
 	}