From d023cd6c95fcbc6b5056ba1f425d2ac3df4abc5a Mon Sep 17 00:00:00 2001
From: Jakob Unterwurzacher
Date: Fri, 10 Sep 2021 12:14:19 +0200
Subject: cli: drop -forcedecode flag

The rewritten openssl backend does not support this flag anymore,
and it was inherently dangerour. Drop it (ignored for compatibility)
---
 internal/cryptocore/cryptocore.go      | 8 ++++----
 internal/cryptocore/cryptocore_test.go | 8 ++++----
 2 files changed, 8 insertions(+), 8 deletions(-)

(limited to 'internal/cryptocore')

diff --git a/internal/cryptocore/cryptocore.go b/internal/cryptocore/cryptocore.go
index dd7c98b..48386f8 100644
--- a/internal/cryptocore/cryptocore.go
+++ b/internal/cryptocore/cryptocore.go
@@ -73,9 +73,9 @@ type CryptoCore struct {
 //
 // Note: "key" is either the scrypt hash of the password (when decrypting
 // a config file) or the masterkey (when finally mounting the filesystem).
-func New(key []byte, aeadType AEADTypeEnum, IVBitLen int, useHKDF bool, forceDecode bool) *CryptoCore {
-	tlog.Debug.Printf("cryptocore.New: key=%d bytes, aeadType=%v, IVBitLen=%d, useHKDF=%v, forceDecode=%v",
-		len(key), aeadType, IVBitLen, useHKDF, forceDecode)
+func New(key []byte, aeadType AEADTypeEnum, IVBitLen int, useHKDF bool) *CryptoCore {
+	tlog.Debug.Printf("cryptocore.New: key=%d bytes, aeadType=%v, IVBitLen=%d, useHKDF=%v",
+		len(key), aeadType, IVBitLen, useHKDF)
 
 	if len(key) != KeyLen {
 		log.Panicf("Unsupported key length of %d bytes", len(key))
@@ -120,7 +120,7 @@ func New(key []byte, aeadType AEADTypeEnum, IVBitLen int, useHKDF bool, forceDec
 			if IVBitLen != 128 {
 				log.Panicf("stupidgcm only supports 128-bit IVs, you wanted %d", IVBitLen)
 			}
-			aeadCipher = stupidgcm.NewAES256GCM(gcmKey, forceDecode)
+			aeadCipher = stupidgcm.NewAES256GCM(gcmKey)
 		case BackendGoGCM:
 			goGcmBlockCipher, err := aes.NewCipher(gcmKey)
 			if err != nil {
diff --git a/internal/cryptocore/cryptocore_test.go b/internal/cryptocore/cryptocore_test.go
index 319a900..d37e941 100644
--- a/internal/cryptocore/cryptocore_test.go
+++ b/internal/cryptocore/cryptocore_test.go
@@ -10,18 +10,18 @@ import (
 func TestCryptoCoreNew(t *testing.T) {
 	key := make([]byte, 32)
 	for _, useHKDF := range []bool{true, false} {
-		c := New(key, BackendGoGCM, 96, useHKDF, false)
+		c := New(key, BackendGoGCM, 96, useHKDF)
 		if c.IVLen != 12 {
 			t.Fail()
 		}
-		c = New(key, BackendGoGCM, 128, useHKDF, false)
+		c = New(key, BackendGoGCM, 128, useHKDF)
 		if c.IVLen != 16 {
 			t.Fail()
 		}
 		if stupidgcm.BuiltWithoutOpenssl {
 			continue
 		}
-		c = New(key, BackendOpenSSL, 128, useHKDF, false)
+		c = New(key, BackendOpenSSL, 128, useHKDF)
 		if c.IVLen != 16 {
 			t.Fail()
 		}
@@ -37,5 +37,5 @@ func TestNewPanic(t *testing.T) {
 	}()
 
 	key := make([]byte, 16)
-	New(key, BackendOpenSSL, 128, true, false)
+	New(key, BackendOpenSSL, 128, true)
 }
-- 
cgit v1.2.3