diff options
author | Jakob Unterwurzacher | 2016-10-09 17:05:12 +0200 |
---|---|---|
committer | Jakob Unterwurzacher | 2016-10-09 17:05:12 +0200 |
commit | d3b78fea959dfb0e1c1f5079ae516303bdb9a0f8 (patch) | |
tree | 53f88365d48a881cfd3ebb36a5dd35e4e5788e52 /internal | |
parent | f754c8a2007c7a8d3e1358257035dd0fad5633ba (diff) |
reverse: add panics against API abuse
These should help prevent later programming errors.
Diffstat (limited to 'internal')
-rw-r--r-- | internal/cryptocore/cryptocore.go | 4 | ||||
-rw-r--r-- | internal/fusefrontend_reverse/rfs.go | 8 |
2 files changed, 10 insertions, 2 deletions
diff --git a/internal/cryptocore/cryptocore.go b/internal/cryptocore/cryptocore.go index 7cb5c95..db82f56 100644 --- a/internal/cryptocore/cryptocore.go +++ b/internal/cryptocore/cryptocore.go @@ -72,6 +72,10 @@ func New(key []byte, backend BackendTypeEnum, IVBitLen int) *CryptoCore { case BackendGoGCM: aeadCipher, err = goGCMWrapper(blockCipher, IVLen) case BackendAESSIV: + if IVLen != 16 { + // SIV supports any nonce size, but we only use 16. + panic("AES-SIV must use 16-byte nonces") + } // AES-SIV uses 1/2 of the key for authentication, 1/2 for // encryption, so we need a 64-bytes key for AES-256. Derive it from // the master key by hashing it with SHA-512. diff --git a/internal/fusefrontend_reverse/rfs.go b/internal/fusefrontend_reverse/rfs.go index bc8a535..35e9e50 100644 --- a/internal/fusefrontend_reverse/rfs.go +++ b/internal/fusefrontend_reverse/rfs.go @@ -46,10 +46,14 @@ type reverseFS struct { var _ pathfs.FileSystem = &reverseFS{} -// NewFS returns an encrypted FUSE overlay filesystem +// NewFS returns an encrypted FUSE overlay filesystem. +// In this case (reverse mode) the backing directory is plain-text and +// reverseFS provides an encrypted view. func NewFS(args fusefrontend.Args) pathfs.FileSystem { + if args.CryptoBackend != cryptocore.BackendAESSIV { + panic("reverse mode must use AES-SIV, everything else is insecure") + } initLongnameCache() - cryptoCore := cryptocore.New(args.Masterkey, args.CryptoBackend, contentenc.DefaultIVBits) contentEnc := contentenc.New(cryptoCore, contentenc.DefaultBS) nameTransform := nametransform.New(cryptoCore, args.LongNames) |