diff options
-rw-r--r-- | internal/cryptocore/cryptocore.go | 4 | ||||
-rw-r--r-- | internal/fusefrontend_reverse/rfs.go | 8 |
2 files changed, 10 insertions, 2 deletions
diff --git a/internal/cryptocore/cryptocore.go b/internal/cryptocore/cryptocore.go index 7cb5c95..db82f56 100644 --- a/internal/cryptocore/cryptocore.go +++ b/internal/cryptocore/cryptocore.go @@ -72,6 +72,10 @@ func New(key []byte, backend BackendTypeEnum, IVBitLen int) *CryptoCore { case BackendGoGCM: aeadCipher, err = goGCMWrapper(blockCipher, IVLen) case BackendAESSIV: + if IVLen != 16 { + // SIV supports any nonce size, but we only use 16. + panic("AES-SIV must use 16-byte nonces") + } // AES-SIV uses 1/2 of the key for authentication, 1/2 for // encryption, so we need a 64-bytes key for AES-256. Derive it from // the master key by hashing it with SHA-512. diff --git a/internal/fusefrontend_reverse/rfs.go b/internal/fusefrontend_reverse/rfs.go index bc8a535..35e9e50 100644 --- a/internal/fusefrontend_reverse/rfs.go +++ b/internal/fusefrontend_reverse/rfs.go @@ -46,10 +46,14 @@ type reverseFS struct { var _ pathfs.FileSystem = &reverseFS{} -// NewFS returns an encrypted FUSE overlay filesystem +// NewFS returns an encrypted FUSE overlay filesystem. +// In this case (reverse mode) the backing directory is plain-text and +// reverseFS provides an encrypted view. func NewFS(args fusefrontend.Args) pathfs.FileSystem { + if args.CryptoBackend != cryptocore.BackendAESSIV { + panic("reverse mode must use AES-SIV, everything else is insecure") + } initLongnameCache() - cryptoCore := cryptocore.New(args.Masterkey, args.CryptoBackend, contentenc.DefaultIVBits) contentEnc := contentenc.New(cryptoCore, contentenc.DefaultBS) nameTransform := nametransform.New(cryptoCore, args.LongNames) |