Remove SCELL_COMPAT define and ignore NO_SCELL_COMPAT variable

It does not really make much sense for the users to not enable the compatibility code path that allows to decrypt historical data. In fact, not a single build that we distribute disables this code path. Remove all SCELL_COMPAT ifdefs and ignore NO_SCELL_COMPAT setting, making the compatibility always enabled. This has a side effect of slightly slowing down decryption of really corrupted messages since we will be always trying the fallback path. However, this is not that significant loss as originally envisioned, and normal usage of Themis should not be affected.
ilammy · Mar 26, 2020 · 8a1781f · 8a1781f
1 parent b31cf33
commit 8a1781f
Show file tree

Hide file tree

Showing 3 changed files with 0 additions and 22 deletions.
diff --git a/Makefile b/Makefile
@@ -389,12 +389,6 @@ endif
 CFLAGS  += $(SANITIZERS)
 LDFLAGS += $(SANITIZERS)
 
-# Binary format compatibility with Themis 0.9.6 on x86_64 architecture.
-# https://github.com/cossacklabs/themis/pull/279
-ifeq ($(NO_SCELL_COMPAT),)
-	CFLAGS += -DSCELL_COMPAT
-endif
-
 ########################################################################
 
 include src/soter/soter.mk

diff --git a/src/themis/sym_enc_message.c b/src/themis/sym_enc_message.c
@@ -198,7 +198,6 @@ static themis_status_t themis_auth_sym_kdf_context(uint32_t message_length,
     return THEMIS_SUCCESS;
 }
 
-#ifdef SCELL_COMPAT
 /*
  * Themis 0.9.6 incorrectly used 64-bit message length for this field.
  */
@@ -214,7 +213,6 @@ static themis_status_t themis_auth_sym_kdf_context_compat(uint32_t message_lengt
     *kdf_context_length = sizeof(uint64_t);
     return THEMIS_SUCCESS;
 }
-#endif
 
 static themis_status_t themis_auth_sym_derive_encryption_key(const struct themis_scell_auth_token_key* hdr,
                                                              const uint8_t* key,
@@ -458,7 +456,6 @@ themis_status_t themis_auth_sym_decrypt_message_(const uint8_t* key,
      * Themis 0.9.6 used slightly different KDF. If decryption fails,
      * maybe it was encrypted with that incorrect key. Try it out.
      */
-#ifdef SCELL_COMPAT
     if (res != THEMIS_SUCCESS && res != THEMIS_BUFFER_TOO_SMALL && sizeof(size_t) == sizeof(uint64_t)) {
         kdf_context_length = sizeof(kdf_context);
         res = themis_auth_sym_kdf_context_compat(hdr.message_length, kdf_context, &kdf_context_length);
@@ -491,7 +488,6 @@ themis_status_t themis_auth_sym_decrypt_message_(const uint8_t* key,
                                             hdr.auth_tag,
                                             hdr.auth_tag_length);
     }
-#endif
 
     /* Sanity check of resulting message length */
     if (*message_length != encrypted_message_length) {
@@ -575,7 +571,6 @@ static themis_status_t themis_sym_derive_encryption_key(const uint8_t* key,
                           derived_key_length);
 }
 
-#ifdef SCELL_COMPAT
 /*
  * Themis 0.9.6 used 64-bit message length in computations, so here we go.
  */
@@ -597,7 +592,6 @@ static themis_status_t themis_sym_derive_encryption_key_compat(const uint8_t* ke
                           derived_key,
                           derived_key_length);
 }
-#endif
 
 static themis_status_t themis_sym_derive_encryption_iv(const uint8_t* key,
                                                        size_t key_length,
@@ -756,7 +750,6 @@ themis_status_t themis_sym_decrypt_message_u(const uint8_t* key,
      * Themis 0.9.6 used slightly different KDF. If decryption fails,
      * maybe it was encrypted with that incorrect key. Try it out.
      */
-#ifdef SCELL_COMPAT
     if (sizeof(size_t) == sizeof(uint64_t)) {
         if (res != THEMIS_SUCCESS && res != THEMIS_BUFFER_TOO_SMALL) {
             res = themis_sym_derive_encryption_key_compat(key,
@@ -777,7 +770,6 @@ themis_status_t themis_sym_decrypt_message_u(const uint8_t* key,
                                                 message_length);
         }
     }
-#endif
 
 error:
     soter_wipe(derived_key, sizeof(derived_key));

diff --git a/tests/themis/themis_secure_cell.c b/tests/themis/themis_secure_cell.c
@@ -2043,12 +2043,8 @@ static void secure_cell_0_9_6_compatibility(void)
                                           output,
                                           &output_length);
 
-#if SCELL_COMPAT
     testsuite_fail_if(res != THEMIS_SUCCESS, "Seal: decrypted message ok");
     testsuite_fail_if(memcmp(output, message, output_length) != 0, "Seal: message content same");
-#else
-    testsuite_fail_if(res != THEMIS_FAIL, "Seal: decryption failure");
-#endif
 
     res = themis_secure_cell_decrypt_token_protect(master_key,
                                                    sizeof(master_key),
@@ -2075,12 +2071,8 @@ static void secure_cell_0_9_6_compatibility(void)
                                                    output,
                                                    &output_length);
 
-#if SCELL_COMPAT
     testsuite_fail_if(res != THEMIS_SUCCESS, "Token: decrypted message ok");
     testsuite_fail_if(memcmp(output, message, output_length) != 0, "Token: message content same");
-#else
-    testsuite_fail_if(res != THEMIS_FAIL, "Token: decryption failure");
-#endif
 
     res = themis_secure_cell_decrypt_context_imprint(master_key,
                                                      sizeof(master_key),