diff options
| -rw-r--r-- | Documentation/MANPAGE.md | 7 | ||||
| -rw-r--r-- | internal/fusefrontend/args.go | 1 | ||||
| -rw-r--r-- | internal/fusefrontend/fs.go | 3 | ||||
| -rw-r--r-- | main.go | 5 | ||||
| -rw-r--r-- | tests/example_filesystems/example_filesystems_test.go | 44 |
5 files changed, 10 insertions, 50 deletions
diff --git a/Documentation/MANPAGE.md b/Documentation/MANPAGE.md index fa62062..11d903d 100644 --- a/Documentation/MANPAGE.md +++ b/Documentation/MANPAGE.md @@ -58,13 +58,6 @@ to mount the gocryptfs filesytem without user interaction. **-fusedebug** : Enable fuse library debug output -**-gcmiv128** -: Use an 128-bit IV for GCM encryption instead of Go's default of -96 bits (default true). This pushes back the birthday bound for IV -collisions far enough to make it irrelevant. -This flag is useful when recovering old gocryptfs filesystems using -"-masterkey". It is ignored (stays at the default) otherwise. - **-init** : Initialize encrypted directory diff --git a/internal/fusefrontend/args.go b/internal/fusefrontend/args.go index 32a335d..b3fa665 100644 --- a/internal/fusefrontend/args.go +++ b/internal/fusefrontend/args.go @@ -6,6 +6,5 @@ type Args struct { Cipherdir string OpenSSL bool PlaintextNames bool - GCMIV128 bool LongNames bool } diff --git a/internal/fusefrontend/fs.go b/internal/fusefrontend/fs.go index 1cf6d7c..20079b2 100644 --- a/internal/fusefrontend/fs.go +++ b/internal/fusefrontend/fs.go @@ -35,8 +35,7 @@ type FS struct { // Encrypted FUSE overlay filesystem func NewFS(args Args) *FS { - - cryptoCore := cryptocore.New(args.Masterkey, args.OpenSSL, args.GCMIV128) + cryptoCore := cryptocore.New(args.Masterkey, args.OpenSSL, true) contentEnc := contentenc.New(cryptoCore, contentenc.DefaultBS) nameTransform := nametransform.New(cryptoCore, args.LongNames) @@ -42,7 +42,7 @@ const ( type argContainer struct { debug, init, zerokey, fusedebug, openssl, passwd, foreground, version, - plaintextnames, quiet, gcmiv128, nosyslog, wpanic, + plaintextnames, quiet, nosyslog, wpanic, longnames, allow_other, ro bool masterkey, mountpoint, cipherdir, cpuprofile, config, extpass, memprofile string @@ -174,7 +174,6 @@ func main() { flagSet.BoolVar(&args.plaintextnames, "plaintextnames", false, "Do not encrypt file names") flagSet.BoolVar(&args.quiet, "q", false, "") flagSet.BoolVar(&args.quiet, "quiet", false, "Quiet - silence informational messages") - flagSet.BoolVar(&args.gcmiv128, "gcmiv128", true, "Use an 128-bit IV for GCM encryption instead of Go's default of 96 bits") flagSet.BoolVar(&args.nosyslog, "nosyslog", false, "Do not redirect output to syslog when running in the background") flagSet.BoolVar(&args.wpanic, "wpanic", false, "When encountering a warning, panic and exit immediately") flagSet.BoolVar(&args.longnames, "longnames", true, "Store names longer than 176 bytes in extra files") @@ -368,14 +367,12 @@ func initFuseFrontend(key []byte, args argContainer, confFile *configfile.ConfFi Masterkey: key, OpenSSL: args.openssl, PlaintextNames: args.plaintextnames, - GCMIV128: args.gcmiv128, LongNames: args.longnames, } // confFile is nil when "-zerokey" or "-masterkey" was used if confFile != nil { // Settings from the config file override command line args frontendArgs.PlaintextNames = confFile.IsFeatureFlagSet(configfile.FlagPlaintextNames) - frontendArgs.GCMIV128 = confFile.IsFeatureFlagSet(configfile.FlagGCMIV128) } jsonBytes, _ := json.MarshalIndent(frontendArgs, "", "\t") tlog.Debug.Printf("frontendArgs: %s", string(jsonBytes)) diff --git a/tests/example_filesystems/example_filesystems_test.go b/tests/example_filesystems/example_filesystems_test.go index d2b247a..93140c2 100644 --- a/tests/example_filesystems/example_filesystems_test.go +++ b/tests/example_filesystems/example_filesystems_test.go @@ -36,51 +36,23 @@ func TestExampleFSv05(t *testing.T) { } } -// Test example_filesystems/v0.6 -// with password mount and -masterkey mount +// This filesystem is not supported anymore. func TestExampleFSv06(t *testing.T) { - pDir := test_helpers.TmpDir + "TestExampleFsV06/" cDir := "v0.6" - err := os.Mkdir(pDir, 0777) - if err != nil { - t.Fatal(err) - } - err = test_helpers.Mount(cDir, pDir, false, "-extpass", "echo test") + pDir := test_helpers.TmpDir + cDir + err := test_helpers.Mount(cDir, pDir, false, "-extpass", "echo test") if err == nil { - t.Errorf("Mounting deprecated FS should fail") - } - test_helpers.MountOrFatal(t, cDir, pDir, "-masterkey", "7bc8deb0-5fc894ef-a093da43-61561a81-"+ - "0e8dee83-fdc056a4-937c37dd-9df5c520", "-gcmiv128=false") - checkExampleFS(t, pDir, true) - test_helpers.Unmount(pDir) - err = os.Remove(pDir) - if err != nil { - t.Error(err) + t.Errorf("Mounting too old FS should fail") } } -// Test example_filesystems/v0.6-plaintextnames -// with password mount and -masterkey mount -// v0.6 changed the file name handling a lot, hence the explicit test case for -// plaintextnames. +// This filesystem is not supported anymore. func TestExampleFSv06PlaintextNames(t *testing.T) { - pDir := test_helpers.TmpDir + "TestExampleFsV06PlaintextNames/" cDir := "v0.6-plaintextnames" - err := os.Mkdir(pDir, 0777) - if err != nil { - t.Fatal(err) - } - err = test_helpers.Mount(cDir, pDir, false, "-extpass", "echo test") + pDir := test_helpers.TmpDir + cDir + err := test_helpers.Mount(cDir, pDir, false, "-extpass", "echo test") if err == nil { - t.Errorf("Mounting deprecated FS should fail") - } - test_helpers.MountOrFatal(t, cDir, pDir, "-masterkey", "f4690202-595e4593-64c4f7e0-4dddd7d1-"+ - "303147f9-0ca8aea2-966341a7-52ea8ae9", "-plaintextnames", "-gcmiv128=false") - checkExampleFS(t, pDir, true) - test_helpers.Unmount(pDir) - err = os.Remove(pDir) - if err != nil { - t.Error(err) + t.Errorf("Mounting too old FS should fail") } } |