aboutsummaryrefslogtreecommitdiff
path: root/internal/contentenc
diff options
context:
space:
mode:
authorJakob Unterwurzacher2021-09-10 12:14:19 +0200
committerJakob Unterwurzacher2021-09-10 12:14:19 +0200
commitd023cd6c95fcbc6b5056ba1f425d2ac3df4abc5a (patch)
tree8e5df3a175b183f0db989a9d8f940a3c5c7434b0 /internal/contentenc
parentc974116322f057a36ffb0b2ec0338b7f60872773 (diff)
cli: drop -forcedecode flag
The rewritten openssl backend does not support this flag anymore, and it was inherently dangerour. Drop it (ignored for compatibility)
Diffstat (limited to 'internal/contentenc')
-rw-r--r--internal/contentenc/content.go18
-rw-r--r--internal/contentenc/content_test.go12
-rw-r--r--internal/contentenc/offsets_test.go4
3 files changed, 11 insertions, 23 deletions
diff --git a/internal/contentenc/content.go b/internal/contentenc/content.go
index 13e0ce0..3005bf5 100644
--- a/internal/contentenc/content.go
+++ b/internal/contentenc/content.go
@@ -13,7 +13,6 @@ import (
"github.com/hanwen/go-fuse/v2/fuse"
"github.com/rfjakob/gocryptfs/v2/internal/cryptocore"
- "github.com/rfjakob/gocryptfs/v2/internal/stupidgcm"
"github.com/rfjakob/gocryptfs/v2/internal/tlog"
)
@@ -41,8 +40,6 @@ type ContentEnc struct {
allZeroBlock []byte
// All-zero block of size IVBitLen/8, for fast compares
allZeroNonce []byte
- // Force decode even if integrity check fails (openSSL only)
- forceDecode bool
// Ciphertext block "sync.Pool" pool. Always returns cipherBS-sized byte
// slices (usually 4128 bytes).
@@ -60,9 +57,8 @@ type ContentEnc struct {
}
// New returns an initialized ContentEnc instance.
-func New(cc *cryptocore.CryptoCore, plainBS uint64, forceDecode bool) *ContentEnc {
- tlog.Debug.Printf("contentenc.New: plainBS=%d, forceDecode=%v",
- plainBS, forceDecode)
+func New(cc *cryptocore.CryptoCore, plainBS uint64) *ContentEnc {
+ tlog.Debug.Printf("contentenc.New: plainBS=%d", plainBS)
if fuse.MAX_KERNEL_WRITE%plainBS != 0 {
log.Panicf("unaligned MAX_KERNEL_WRITE=%d", fuse.MAX_KERNEL_WRITE)
@@ -81,7 +77,6 @@ func New(cc *cryptocore.CryptoCore, plainBS uint64, forceDecode bool) *ContentEn
cipherBS: cipherBS,
allZeroBlock: make([]byte, cipherBS),
allZeroNonce: make([]byte, cc.IVLen),
- forceDecode: forceDecode,
cBlockPool: newBPool(int(cipherBS)),
CReqPool: newBPool(cReqSize),
pBlockPool: newBPool(int(plainBS)),
@@ -111,11 +106,7 @@ func (be *ContentEnc) DecryptBlocks(ciphertext []byte, firstBlockNo uint64, file
var pBlock []byte
pBlock, err = be.DecryptBlock(cBlock, blockNo, fileID)
if err != nil {
- if be.forceDecode && err == stupidgcm.ErrAuth {
- tlog.Warn.Printf("DecryptBlocks: authentication failure in block #%d, overridden by forcedecode", firstBlockNo)
- } else {
- break
- }
+ break
}
pBuf.Write(pBlock)
be.pBlockPool.Put(pBlock)
@@ -183,9 +174,6 @@ func (be *ContentEnc) DecryptBlock(ciphertext []byte, blockNo uint64, fileID []b
if err != nil {
tlog.Debug.Printf("DecryptBlock: %s, len=%d", err.Error(), len(ciphertextOrig))
tlog.Debug.Println(hex.Dump(ciphertextOrig))
- if be.forceDecode && err == stupidgcm.ErrAuth {
- return plaintext, err
- }
return nil, err
}
diff --git a/internal/contentenc/content_test.go b/internal/contentenc/content_test.go
index 9cc8753..4a4b2de 100644
--- a/internal/contentenc/content_test.go
+++ b/internal/contentenc/content_test.go
@@ -23,8 +23,8 @@ func TestSplitRange(t *testing.T) {
testRange{6654, 8945})
key := make([]byte, cryptocore.KeyLen)
- cc := cryptocore.New(key, cryptocore.BackendGoGCM, DefaultIVBits, true, false)
- f := New(cc, DefaultBS, false)
+ cc := cryptocore.New(key, cryptocore.BackendGoGCM, DefaultIVBits, true)
+ f := New(cc, DefaultBS)
for _, r := range ranges {
parts := f.ExplodePlainRange(r.offset, r.length)
@@ -51,8 +51,8 @@ func TestCiphertextRange(t *testing.T) {
testRange{6654, 8945})
key := make([]byte, cryptocore.KeyLen)
- cc := cryptocore.New(key, cryptocore.BackendGoGCM, DefaultIVBits, true, false)
- f := New(cc, DefaultBS, false)
+ cc := cryptocore.New(key, cryptocore.BackendGoGCM, DefaultIVBits, true)
+ f := New(cc, DefaultBS)
for _, r := range ranges {
@@ -74,8 +74,8 @@ func TestCiphertextRange(t *testing.T) {
func TestBlockNo(t *testing.T) {
key := make([]byte, cryptocore.KeyLen)
- cc := cryptocore.New(key, cryptocore.BackendGoGCM, DefaultIVBits, true, false)
- f := New(cc, DefaultBS, false)
+ cc := cryptocore.New(key, cryptocore.BackendGoGCM, DefaultIVBits, true)
+ f := New(cc, DefaultBS)
b := f.CipherOffToBlockNo(788)
if b != 0 {
diff --git a/internal/contentenc/offsets_test.go b/internal/contentenc/offsets_test.go
index 768393c..b35964a 100644
--- a/internal/contentenc/offsets_test.go
+++ b/internal/contentenc/offsets_test.go
@@ -10,8 +10,8 @@ import (
// TestSizeToSize tests CipherSizeToPlainSize and PlainSizeToCipherSize
func TestSizeToSize(t *testing.T) {
key := make([]byte, cryptocore.KeyLen)
- cc := cryptocore.New(key, cryptocore.BackendGoGCM, DefaultIVBits, true, false)
- ce := New(cc, DefaultBS, false)
+ cc := cryptocore.New(key, cryptocore.BackendGoGCM, DefaultIVBits, true)
+ ce := New(cc, DefaultBS)
const rangeMax = 10000