diff --git a/encfs/FileUtils.cpp b/encfs/FileUtils.cpp index f658bf8..3dae887 100644 --- a/encfs/FileUtils.cpp +++ b/encfs/FileUtils.cpp @@ -893,13 +893,13 @@ static void selectBlockMAC(int *macBytes, int *macRandBytes) { /** * Ask the user if per-file unique IVs should be used */ -static bool selectUniqueIV() { +static bool selectUniqueIV(bool default_answer) { // xgroup(setup) - return boolDefaultYes( + return boolDefault( _("Enable per-file initialization vectors?\n" "This adds about 8 bytes per file to the storage requirements.\n" "It should not affect performance except possibly with applications\n" - "which rely on block-aligned file io for performance.")); + "which rely on block-aligned file io for performance."), default_answer); } /** @@ -977,8 +977,8 @@ RootPtr createV6Config(EncFS_Context *ctx, const shared_ptr &opts) { Interface nameIOIface; // selectNameCoding() int blockMACBytes = 0; // selectBlockMAC() int blockMACRandBytes = 0; // selectBlockMAC() - bool uniqueIV = false; // selectUniqueIV() - bool chainedIV = false; // selectChainedIV() + bool uniqueIV = true; // selectUniqueIV() + bool chainedIV = true; // selectChainedIV() bool externalIV = false; // selectExternalChainedIV() bool allowHoles = true; // selectZeroBlockPassThrough() long desiredKDFDuration = NormalKDFDuration; @@ -986,6 +986,7 @@ RootPtr createV6Config(EncFS_Context *ctx, const shared_ptr &opts) { if (reverseEncryption) { chainedIV = false; externalIV = false; + uniqueIV = false; blockMACBytes = 0; blockMACRandBytes = 0; } @@ -1009,8 +1010,6 @@ RootPtr createV6Config(EncFS_Context *ctx, const shared_ptr &opts) { nameIOIface = BlockNameIO::CurrentInterface(); blockMACBytes = 8; blockMACRandBytes = 0; // using uniqueIV, so this isn't necessary - uniqueIV = true; - chainedIV = true; externalIV = true; desiredKDFDuration = ParanoiaKDFDuration; } else if (configMode == Config_Standard || answer[0] != 'x') { @@ -1021,16 +1020,7 @@ RootPtr createV6Config(EncFS_Context *ctx, const shared_ptr &opts) { keySize = 192; blockSize = DefaultBlockSize; alg = findCipherAlgorithm("AES", keySize); - blockMACBytes = 0; - externalIV = false; nameIOIface = BlockNameIO::CurrentInterface(); - uniqueIV = true; - - if (reverseEncryption) { - cout << _("reverse encryption - chained IV disabled") << "\n"; - } else { - chainedIV = true; - } } if (answer[0] == 'x' || alg.name.empty()) { @@ -1052,7 +1042,7 @@ RootPtr createV6Config(EncFS_Context *ctx, const shared_ptr &opts) { nameIOIface = selectNameCoding(); if (reverseEncryption) { cout << _("reverse encryption - chained IV and MAC disabled") << "\n"; - uniqueIV = selectUniqueIV(); + uniqueIV = selectUniqueIV(false); /* Reverse mounts are read-only by default (set in main.cpp). * If uniqueIV is off, writing can be allowed, because there * is no header that could be overwritten */ @@ -1060,7 +1050,7 @@ RootPtr createV6Config(EncFS_Context *ctx, const shared_ptr &opts) { opts->readOnly = false; } else { chainedIV = selectChainedIV(); - uniqueIV = selectUniqueIV(); + uniqueIV = selectUniqueIV(true); if (chainedIV && uniqueIV) externalIV = selectExternalChainedIV(); else { diff --git a/tests/reverse.t.pl b/tests/reverse.t.pl index 4f670c1..a8405a0 100755 --- a/tests/reverse.t.pl +++ b/tests/reverse.t.pl @@ -116,7 +116,7 @@ sub grow { # autoflush should make sure the write goes to the kernel # immediately. Just to be sure, check it here. sizeVerify($vfh, $i) or die("unexpected plain file size"); - sizeVerify($cfh, $i+8) or $ok = 0; + sizeVerify($cfh, $i) or $ok = 0; sizeVerify($dfh, $i) or $ok = 0; if(md5fh($vfh) ne md5fh($dfh)) @@ -137,7 +137,7 @@ sub largeRead { my $cname = encName("largeRead"); # cfh ... ciphertext file handle ok(open(my $cfh, "<", "$ciphertext/$cname"), "open ciphertext largeRead file"); - ok(sizeVerify($cfh, 1024*1024+8), "1M file size"); + ok(sizeVerify($cfh, 1024*1024), "1M file size"); } # Check that the reverse mount is read-only