cli: drop -forcedecode flag

The rewritten openssl backend does not support this flag anymore, and it was inherently dangerour. Drop it (ignored for compatibility)
author: Jakob Unterwurzacher 2021-09-10 12:14:19 +0200
committer: Jakob Unterwurzacher 2021-09-10 12:14:19 +0200
commit: d023cd6c95fcbc6b5056ba1f425d2ac3df4abc5a (patch)
tree: 8e5df3a175b183f0db989a9d8f940a3c5c7434b0 /internal
parent: c974116322f057a36ffb0b2ec0338b7f60872773 (diff)
14 files changed, 31 insertions, 53 deletions
diff --git a/internal/configfile/config_file.go b/internal/configfile/config_file.go
index 06b665b..828f034 100644
--- a/internal/configfile/config_file.go
+++ b/internal/configfile/config_file.go
@@ -298,8 +298,8 @@ func getKeyEncrypter(scryptHash []byte, useHKDF bool) *contentenc.ContentEnc {
 	if useHKDF {
 		IVLen = contentenc.DefaultIVBits
 	}
-	cc := cryptocore.New(scryptHash, cryptocore.BackendGoGCM, IVLen, useHKDF, false)
-	ce := contentenc.New(cc, 4096, false)
+	cc := cryptocore.New(scryptHash, cryptocore.BackendGoGCM, IVLen, useHKDF)
+	ce := contentenc.New(cc, 4096)
 	return ce
 }
 
diff --git a/internal/contentenc/content.go b/internal/contentenc/content.go
index 13e0ce0..3005bf5 100644
--- a/internal/contentenc/content.go
+++ b/internal/contentenc/content.go
@@ -13,7 +13,6 @@ import (
 	"github.com/hanwen/go-fuse/v2/fuse"
 
 	"github.com/rfjakob/gocryptfs/v2/internal/cryptocore"
-	"github.com/rfjakob/gocryptfs/v2/internal/stupidgcm"
 	"github.com/rfjakob/gocryptfs/v2/internal/tlog"
 )
 
@@ -41,8 +40,6 @@ type ContentEnc struct {
 	allZeroBlock []byte
 	// All-zero block of size IVBitLen/8, for fast compares
 	allZeroNonce []byte
-	// Force decode even if integrity check fails (openSSL only)
-	forceDecode bool
 
 	// Ciphertext block "sync.Pool" pool. Always returns cipherBS-sized byte
 	// slices (usually 4128 bytes).
@@ -60,9 +57,8 @@ type ContentEnc struct {
 }
 
 // New returns an initialized ContentEnc instance.
-func New(cc *cryptocore.CryptoCore, plainBS uint64, forceDecode bool) *ContentEnc {
-	tlog.Debug.Printf("contentenc.New: plainBS=%d, forceDecode=%v",
-		plainBS, forceDecode)
+func New(cc *cryptocore.CryptoCore, plainBS uint64) *ContentEnc {
+	tlog.Debug.Printf("contentenc.New: plainBS=%d", plainBS)
 
 	if fuse.MAX_KERNEL_WRITE%plainBS != 0 {
 		log.Panicf("unaligned MAX_KERNEL_WRITE=%d", fuse.MAX_KERNEL_WRITE)
@@ -81,7 +77,6 @@ func New(cc *cryptocore.CryptoCore, plainBS uint64, forceDecode bool) *ContentEn
 		cipherBS:     cipherBS,
 		allZeroBlock: make([]byte, cipherBS),
 		allZeroNonce: make([]byte, cc.IVLen),
-		forceDecode:  forceDecode,
 		cBlockPool:   newBPool(int(cipherBS)),
 		CReqPool:     newBPool(cReqSize),
 		pBlockPool:   newBPool(int(plainBS)),
@@ -111,11 +106,7 @@ func (be *ContentEnc) DecryptBlocks(ciphertext []byte, firstBlockNo uint64, file
 		var pBlock []byte
 		pBlock, err = be.DecryptBlock(cBlock, blockNo, fileID)
 		if err != nil {
-			if be.forceDecode && err == stupidgcm.ErrAuth {
-				tlog.Warn.Printf("DecryptBlocks: authentication failure in block #%d, overridden by forcedecode", firstBlockNo)
-			} else {
-				break
-			}
+			break
 		}
 		pBuf.Write(pBlock)
 		be.pBlockPool.Put(pBlock)
@@ -183,9 +174,6 @@ func (be *ContentEnc) DecryptBlock(ciphertext []byte, blockNo uint64, fileID []b
 	if err != nil {
 		tlog.Debug.Printf("DecryptBlock: %s, len=%d", err.Error(), len(ciphertextOrig))
 		tlog.Debug.Println(hex.Dump(ciphertextOrig))
-		if be.forceDecode && err == stupidgcm.ErrAuth {
-			return plaintext, err
-		}
 		return nil, err
 	}
 
diff --git a/internal/contentenc/content_test.go b/internal/contentenc/content_test.go
index 9cc8753..4a4b2de 100644
--- a/internal/contentenc/content_test.go
+++ b/internal/contentenc/content_test.go
@@ -23,8 +23,8 @@ func TestSplitRange(t *testing.T) {
 		testRange{6654, 8945})
 
 	key := make([]byte, cryptocore.KeyLen)
-	cc := cryptocore.New(key, cryptocore.BackendGoGCM, DefaultIVBits, true, false)
-	f := New(cc, DefaultBS, false)
+	cc := cryptocore.New(key, cryptocore.BackendGoGCM, DefaultIVBits, true)
+	f := New(cc, DefaultBS)
 
 	for _, r := range ranges {
 		parts := f.ExplodePlainRange(r.offset, r.length)
@@ -51,8 +51,8 @@ func TestCiphertextRange(t *testing.T) {
 		testRange{6654, 8945})
 
 	key := make([]byte, cryptocore.KeyLen)
-	cc := cryptocore.New(key, cryptocore.BackendGoGCM, DefaultIVBits, true, false)
-	f := New(cc, DefaultBS, false)
+	cc := cryptocore.New(key, cryptocore.BackendGoGCM, DefaultIVBits, true)
+	f := New(cc, DefaultBS)
 
 	for _, r := range ranges {
 
@@ -74,8 +74,8 @@ func TestCiphertextRange(t *testing.T) {
 
 func TestBlockNo(t *testing.T) {
 	key := make([]byte, cryptocore.KeyLen)
-	cc := cryptocore.New(key, cryptocore.BackendGoGCM, DefaultIVBits, true, false)
-	f := New(cc, DefaultBS, false)
+	cc := cryptocore.New(key, cryptocore.BackendGoGCM, DefaultIVBits, true)
+	f := New(cc, DefaultBS)
 
 	b := f.CipherOffToBlockNo(788)
 	if b != 0 {
diff --git a/internal/contentenc/offsets_test.go b/internal/contentenc/offsets_test.go
index 768393c..b35964a 100644
--- a/internal/contentenc/offsets_test.go
+++ b/internal/contentenc/offsets_test.go
@@ -10,8 +10,8 @@ import (
 // TestSizeToSize tests CipherSizeToPlainSize and PlainSizeToCipherSize
 func TestSizeToSize(t *testing.T) {
 	key := make([]byte, cryptocore.KeyLen)
-	cc := cryptocore.New(key, cryptocore.BackendGoGCM, DefaultIVBits, true, false)
-	ce := New(cc, DefaultBS, false)
+	cc := cryptocore.New(key, cryptocore.BackendGoGCM, DefaultIVBits, true)
+	ce := New(cc, DefaultBS)
 
 	const rangeMax = 10000
 
diff --git a/internal/cryptocore/cryptocore.go b/internal/cryptocore/cryptocore.go
index dd7c98b..48386f8 100644
--- a/internal/cryptocore/cryptocore.go
+++ b/internal/cryptocore/cryptocore.go
@@ -73,9 +73,9 @@ type CryptoCore struct {
 //
 // Note: "key" is either the scrypt hash of the password (when decrypting
 // a config file) or the masterkey (when finally mounting the filesystem).
-func New(key []byte, aeadType AEADTypeEnum, IVBitLen int, useHKDF bool, forceDecode bool) *CryptoCore {
-	tlog.Debug.Printf("cryptocore.New: key=%d bytes, aeadType=%v, IVBitLen=%d, useHKDF=%v, forceDecode=%v",
-		len(key), aeadType, IVBitLen, useHKDF, forceDecode)
+func New(key []byte, aeadType AEADTypeEnum, IVBitLen int, useHKDF bool) *CryptoCore {
+	tlog.Debug.Printf("cryptocore.New: key=%d bytes, aeadType=%v, IVBitLen=%d, useHKDF=%v",
+		len(key), aeadType, IVBitLen, useHKDF)
 
 	if len(key) != KeyLen {
 		log.Panicf("Unsupported key length of %d bytes", len(key))
@@ -120,7 +120,7 @@ func New(key []byte, aeadType AEADTypeEnum, IVBitLen int, useHKDF bool, forceDec
 			if IVBitLen != 128 {
 				log.Panicf("stupidgcm only supports 128-bit IVs, you wanted %d", IVBitLen)
 			}
-			aeadCipher = stupidgcm.NewAES256GCM(gcmKey, forceDecode)
+			aeadCipher = stupidgcm.NewAES256GCM(gcmKey)
 		case BackendGoGCM:
 			goGcmBlockCipher, err := aes.NewCipher(gcmKey)
 			if err != nil {
diff --git a/internal/cryptocore/cryptocore_test.go b/internal/cryptocore/cryptocore_test.go
index 319a900..d37e941 100644
--- a/internal/cryptocore/cryptocore_test.go
+++ b/internal/cryptocore/cryptocore_test.go
@@ -10,18 +10,18 @@ import (
 func TestCryptoCoreNew(t *testing.T) {
 	key := make([]byte, 32)
 	for _, useHKDF := range []bool{true, false} {
-		c := New(key, BackendGoGCM, 96, useHKDF, false)
+		c := New(key, BackendGoGCM, 96, useHKDF)
 		if c.IVLen != 12 {
 			t.Fail()
 		}
-		c = New(key, BackendGoGCM, 128, useHKDF, false)
+		c = New(key, BackendGoGCM, 128, useHKDF)
 		if c.IVLen != 16 {
 			t.Fail()
 		}
 		if stupidgcm.BuiltWithoutOpenssl {
 			continue
 		}
-		c = New(key, BackendOpenSSL, 128, useHKDF, false)
+		c = New(key, BackendOpenSSL, 128, useHKDF)
 		if c.IVLen != 16 {
 			t.Fail()
 		}
@@ -37,5 +37,5 @@ func TestNewPanic(t *testing.T) {
 	}()
 
 	key := make([]byte, 16)
-	New(key, BackendOpenSSL, 128, true, false)
+	New(key, BackendOpenSSL, 128, true)
 }
diff --git a/internal/fusefrontend/args.go b/internal/fusefrontend/args.go
index 4aedf2e..64a5923 100644
--- a/internal/fusefrontend/args.go
+++ b/internal/fusefrontend/args.go
@@ -26,8 +26,6 @@ type Args struct {
 	ConfigCustom bool
 	// NoPrealloc disables automatic preallocation before writing
 	NoPrealloc bool
-	// Force decode even if integrity check fails (openSSL only)
-	ForceDecode bool
 	// Exclude is a list of paths to make inaccessible, starting match at
 	// the filesystem root
 	Exclude []string
diff --git a/internal/fusefrontend/file.go b/internal/fusefrontend/file.go
index 661c2b8..3ce1b1e 100644
--- a/internal/fusefrontend/file.go
+++ b/internal/fusefrontend/file.go
@@ -20,7 +20,6 @@ import (
 	"github.com/rfjakob/gocryptfs/v2/internal/contentenc"
 	"github.com/rfjakob/gocryptfs/v2/internal/inomap"
 	"github.com/rfjakob/gocryptfs/v2/internal/openfiletable"
-	"github.com/rfjakob/gocryptfs/v2/internal/stupidgcm"
 	"github.com/rfjakob/gocryptfs/v2/internal/syscallcompat"
 	"github.com/rfjakob/gocryptfs/v2/internal/tlog"
 )
@@ -208,16 +207,9 @@ func (f *File) doRead(dst []byte, off uint64, length uint64) ([]byte, syscall.Er
 	plaintext, err := f.contentEnc.DecryptBlocks(ciphertext, firstBlockNo, fileID)
 	f.rootNode.contentEnc.CReqPool.Put(ciphertext)
 	if err != nil {
-		if f.rootNode.args.ForceDecode && err == stupidgcm.ErrAuth {
-			// We do not have the information which block was corrupt here anymore,
-			// but DecryptBlocks() has already logged it anyway.
-			tlog.Warn.Printf("doRead %d: off=%d len=%d: returning corrupt data due to forcedecode",
-				f.qIno.Ino, off, length)
-		} else {
-			curruptBlockNo := firstBlockNo + f.contentEnc.PlainOffToBlockNo(uint64(len(plaintext)))
-			tlog.Warn.Printf("doRead %d: corrupt block #%d: %v", f.qIno.Ino, curruptBlockNo, err)
-			return nil, syscall.EIO
-		}
+		curruptBlockNo := firstBlockNo + f.contentEnc.PlainOffToBlockNo(uint64(len(plaintext)))
+		tlog.Warn.Printf("doRead %d: corrupt block #%d: %v", f.qIno.Ino, curruptBlockNo, err)
+		return nil, syscall.EIO
 	}
 
 	// Crop down to the relevant part
diff --git a/internal/fusefrontend/xattr_unit_test.go b/internal/fusefrontend/xattr_unit_test.go
index 7449d24..5bffd5e 100644
--- a/internal/fusefrontend/xattr_unit_test.go
+++ b/internal/fusefrontend/xattr_unit_test.go
@@ -17,8 +17,8 @@ import (
 func newTestFS(args Args) *RootNode {
 	// Init crypto backend
 	key := make([]byte, cryptocore.KeyLen)
-	cCore := cryptocore.New(key, cryptocore.BackendGoGCM, contentenc.DefaultIVBits, true, false)
-	cEnc := contentenc.New(cCore, contentenc.DefaultBS, false)
+	cCore := cryptocore.New(key, cryptocore.BackendGoGCM, contentenc.DefaultIVBits, true)
+	cEnc := contentenc.New(cCore, contentenc.DefaultBS)
 	n := nametransform.New(cCore.EMECipher, true, true, nil, false)
 	rn := NewRootNode(args, cEnc, n)
 	oneSec := time.Second
diff --git a/internal/speed/speed.go b/internal/speed/speed.go
index f7cb5d3..9958697 100644
--- a/internal/speed/speed.go
+++ b/internal/speed/speed.go
@@ -114,7 +114,7 @@ func bStupidGCM(b *testing.B) {
 	if stupidgcm.BuiltWithoutOpenssl {
 		b.Skip("openssl has been disabled at compile-time")
 	}
-	bEncrypt(b, stupidgcm.NewAES256GCM(randBytes(32), false))
+	bEncrypt(b, stupidgcm.NewAES256GCM(randBytes(32)))
 }
 
 // bGoGCM benchmarks Go stdlib GCM
diff --git a/internal/speed/speed_test.go b/internal/speed/speed_test.go
index 11c68d0..5f3001b 100644
--- a/internal/speed/speed_test.go
+++ b/internal/speed/speed_test.go
@@ -31,7 +31,7 @@ func BenchmarkStupidGCMDecrypt(b *testing.B) {
 	if stupidgcm.BuiltWithoutOpenssl {
 		b.Skip("openssl has been disabled at compile-time")
 	}
-	bDecrypt(b, stupidgcm.NewAES256GCM(randBytes(32), false))
+	bDecrypt(b, stupidgcm.NewAES256GCM(randBytes(32)))
 }
 
 func BenchmarkGoGCM(b *testing.B) {
diff --git a/internal/stupidgcm/gcm.go b/internal/stupidgcm/gcm.go
index c38dd5f..00819dd 100644
--- a/internal/stupidgcm/gcm.go
+++ b/internal/stupidgcm/gcm.go
@@ -26,7 +26,7 @@ type stupidGCM struct {
 // NewAES256GCM returns a new AES-256-GCM cipher that satisfies the cipher.AEAD interface.
 //
 // Only 32-bytes keys and 16-byte IVs are supported.
-func NewAES256GCM(keyIn []byte, forceDecode bool) cipher.AEAD {
+func NewAES256GCM(keyIn []byte) cipher.AEAD {
 	if len(keyIn) != keyLen {
 		log.Panicf("Only %d-byte keys are supported", keyLen)
 	}
diff --git a/internal/stupidgcm/gcm_test.go b/internal/stupidgcm/gcm_test.go
index b587e58..73668fa 100644
--- a/internal/stupidgcm/gcm_test.go
+++ b/internal/stupidgcm/gcm_test.go
@@ -13,7 +13,7 @@ import (
 
 func TestStupidGCM(t *testing.T) {
 	key := randBytes(32)
-	sGCM := NewAES256GCM(key, false)
+	sGCM := NewAES256GCM(key)
 
 	gAES, err := aes.NewCipher(key)
 	if err != nil {
diff --git a/internal/stupidgcm/without_openssl.go b/internal/stupidgcm/without_openssl.go
index 93efcb4..42604de 100644
--- a/internal/stupidgcm/without_openssl.go
+++ b/internal/stupidgcm/without_openssl.go
@@ -21,7 +21,7 @@ func errExit() {
 	os.Exit(exitcodes.OpenSSL)
 }
 
-func NewAES256GCM(_ []byte, _ bool) cipher.AEAD {
+func NewAES256GCM(_ []byte) cipher.AEAD {
 	errExit()
 	return nil
 }
author	Jakob Unterwurzacher	2021-09-10 12:14:19 +0200
committer	Jakob Unterwurzacher	2021-09-10 12:14:19 +0200
commit	d023cd6c95fcbc6b5056ba1f425d2ac3df4abc5a (patch)
tree	8e5df3a175b183f0db989a9d8f940a3c5c7434b0 /internal
parent	c974116322f057a36ffb0b2ec0338b7f60872773 (diff)