diff options
| author | Jakob Unterwurzacher | 2021-09-10 12:14:19 +0200 |
|---|---|---|
| committer | Jakob Unterwurzacher | 2021-09-10 12:14:19 +0200 |
| commit | d023cd6c95fcbc6b5056ba1f425d2ac3df4abc5a (patch) | |
| tree | 8e5df3a175b183f0db989a9d8f940a3c5c7434b0 /internal/cryptocore | |
| parent | c974116322f057a36ffb0b2ec0338b7f60872773 (diff) | |
cli: drop -forcedecode flag
The rewritten openssl backend does not support this flag anymore,
and it was inherently dangerour. Drop it (ignored for compatibility)
Diffstat (limited to 'internal/cryptocore')
| -rw-r--r-- | internal/cryptocore/cryptocore.go | 8 | ||||
| -rw-r--r-- | internal/cryptocore/cryptocore_test.go | 8 |
2 files changed, 8 insertions, 8 deletions
diff --git a/internal/cryptocore/cryptocore.go b/internal/cryptocore/cryptocore.go index dd7c98b..48386f8 100644 --- a/internal/cryptocore/cryptocore.go +++ b/internal/cryptocore/cryptocore.go @@ -73,9 +73,9 @@ type CryptoCore struct { // // Note: "key" is either the scrypt hash of the password (when decrypting // a config file) or the masterkey (when finally mounting the filesystem). -func New(key []byte, aeadType AEADTypeEnum, IVBitLen int, useHKDF bool, forceDecode bool) *CryptoCore { - tlog.Debug.Printf("cryptocore.New: key=%d bytes, aeadType=%v, IVBitLen=%d, useHKDF=%v, forceDecode=%v", - len(key), aeadType, IVBitLen, useHKDF, forceDecode) +func New(key []byte, aeadType AEADTypeEnum, IVBitLen int, useHKDF bool) *CryptoCore { + tlog.Debug.Printf("cryptocore.New: key=%d bytes, aeadType=%v, IVBitLen=%d, useHKDF=%v", + len(key), aeadType, IVBitLen, useHKDF) if len(key) != KeyLen { log.Panicf("Unsupported key length of %d bytes", len(key)) @@ -120,7 +120,7 @@ func New(key []byte, aeadType AEADTypeEnum, IVBitLen int, useHKDF bool, forceDec if IVBitLen != 128 { log.Panicf("stupidgcm only supports 128-bit IVs, you wanted %d", IVBitLen) } - aeadCipher = stupidgcm.NewAES256GCM(gcmKey, forceDecode) + aeadCipher = stupidgcm.NewAES256GCM(gcmKey) case BackendGoGCM: goGcmBlockCipher, err := aes.NewCipher(gcmKey) if err != nil { diff --git a/internal/cryptocore/cryptocore_test.go b/internal/cryptocore/cryptocore_test.go index 319a900..d37e941 100644 --- a/internal/cryptocore/cryptocore_test.go +++ b/internal/cryptocore/cryptocore_test.go @@ -10,18 +10,18 @@ import ( func TestCryptoCoreNew(t *testing.T) { key := make([]byte, 32) for _, useHKDF := range []bool{true, false} { - c := New(key, BackendGoGCM, 96, useHKDF, false) + c := New(key, BackendGoGCM, 96, useHKDF) if c.IVLen != 12 { t.Fail() } - c = New(key, BackendGoGCM, 128, useHKDF, false) + c = New(key, BackendGoGCM, 128, useHKDF) if c.IVLen != 16 { t.Fail() } if stupidgcm.BuiltWithoutOpenssl { continue } - c = New(key, BackendOpenSSL, 128, useHKDF, false) + c = New(key, BackendOpenSSL, 128, useHKDF) if c.IVLen != 16 { t.Fail() } @@ -37,5 +37,5 @@ func TestNewPanic(t *testing.T) { }() key := make([]byte, 16) - New(key, BackendOpenSSL, 128, true, false) + New(key, BackendOpenSSL, 128, true) } |