summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--internal/cryptocore/cryptocore.go4
-rw-r--r--internal/fusefrontend_reverse/rfs.go8
2 files changed, 10 insertions, 2 deletions
diff --git a/internal/cryptocore/cryptocore.go b/internal/cryptocore/cryptocore.go
index 7cb5c95..db82f56 100644
--- a/internal/cryptocore/cryptocore.go
+++ b/internal/cryptocore/cryptocore.go
@@ -72,6 +72,10 @@ func New(key []byte, backend BackendTypeEnum, IVBitLen int) *CryptoCore {
case BackendGoGCM:
aeadCipher, err = goGCMWrapper(blockCipher, IVLen)
case BackendAESSIV:
+ if IVLen != 16 {
+ // SIV supports any nonce size, but we only use 16.
+ panic("AES-SIV must use 16-byte nonces")
+ }
// AES-SIV uses 1/2 of the key for authentication, 1/2 for
// encryption, so we need a 64-bytes key for AES-256. Derive it from
// the master key by hashing it with SHA-512.
diff --git a/internal/fusefrontend_reverse/rfs.go b/internal/fusefrontend_reverse/rfs.go
index bc8a535..35e9e50 100644
--- a/internal/fusefrontend_reverse/rfs.go
+++ b/internal/fusefrontend_reverse/rfs.go
@@ -46,10 +46,14 @@ type reverseFS struct {
var _ pathfs.FileSystem = &reverseFS{}
-// NewFS returns an encrypted FUSE overlay filesystem
+// NewFS returns an encrypted FUSE overlay filesystem.
+// In this case (reverse mode) the backing directory is plain-text and
+// reverseFS provides an encrypted view.
func NewFS(args fusefrontend.Args) pathfs.FileSystem {
+ if args.CryptoBackend != cryptocore.BackendAESSIV {
+ panic("reverse mode must use AES-SIV, everything else is insecure")
+ }
initLongnameCache()
-
cryptoCore := cryptocore.New(args.Masterkey, args.CryptoBackend, contentenc.DefaultIVBits)
contentEnc := contentenc.New(cryptoCore, contentenc.DefaultBS)
nameTransform := nametransform.New(cryptoCore, args.LongNames)