summaryrefslogtreecommitdiff
path: root/internal/fusefrontend_reverse/rfs.go
diff options
context:
space:
mode:
authorJakob Unterwurzacher2016-10-09 17:05:12 +0200
committerJakob Unterwurzacher2016-10-09 17:05:12 +0200
commitd3b78fea959dfb0e1c1f5079ae516303bdb9a0f8 (patch)
tree53f88365d48a881cfd3ebb36a5dd35e4e5788e52 /internal/fusefrontend_reverse/rfs.go
parentf754c8a2007c7a8d3e1358257035dd0fad5633ba (diff)
reverse: add panics against API abuse
These should help prevent later programming errors.
Diffstat (limited to 'internal/fusefrontend_reverse/rfs.go')
-rw-r--r--internal/fusefrontend_reverse/rfs.go8
1 files changed, 6 insertions, 2 deletions
diff --git a/internal/fusefrontend_reverse/rfs.go b/internal/fusefrontend_reverse/rfs.go
index bc8a535..35e9e50 100644
--- a/internal/fusefrontend_reverse/rfs.go
+++ b/internal/fusefrontend_reverse/rfs.go
@@ -46,10 +46,14 @@ type reverseFS struct {
var _ pathfs.FileSystem = &reverseFS{}
-// NewFS returns an encrypted FUSE overlay filesystem
+// NewFS returns an encrypted FUSE overlay filesystem.
+// In this case (reverse mode) the backing directory is plain-text and
+// reverseFS provides an encrypted view.
func NewFS(args fusefrontend.Args) pathfs.FileSystem {
+ if args.CryptoBackend != cryptocore.BackendAESSIV {
+ panic("reverse mode must use AES-SIV, everything else is insecure")
+ }
initLongnameCache()
-
cryptoCore := cryptocore.New(args.Masterkey, args.CryptoBackend, contentenc.DefaultIVBits)
contentEnc := contentenc.New(cryptoCore, contentenc.DefaultBS)
nameTransform := nametransform.New(cryptoCore, args.LongNames)