summaryrefslogtreecommitdiff
path: root/internal/fusefrontend_reverse
diff options
context:
space:
mode:
Diffstat (limited to 'internal/fusefrontend_reverse')
-rw-r--r--internal/fusefrontend_reverse/rfs.go8
1 files changed, 6 insertions, 2 deletions
diff --git a/internal/fusefrontend_reverse/rfs.go b/internal/fusefrontend_reverse/rfs.go
index bc8a535..35e9e50 100644
--- a/internal/fusefrontend_reverse/rfs.go
+++ b/internal/fusefrontend_reverse/rfs.go
@@ -46,10 +46,14 @@ type reverseFS struct {
var _ pathfs.FileSystem = &reverseFS{}
-// NewFS returns an encrypted FUSE overlay filesystem
+// NewFS returns an encrypted FUSE overlay filesystem.
+// In this case (reverse mode) the backing directory is plain-text and
+// reverseFS provides an encrypted view.
func NewFS(args fusefrontend.Args) pathfs.FileSystem {
+ if args.CryptoBackend != cryptocore.BackendAESSIV {
+ panic("reverse mode must use AES-SIV, everything else is insecure")
+ }
initLongnameCache()
-
cryptoCore := cryptocore.New(args.Masterkey, args.CryptoBackend, contentenc.DefaultIVBits)
contentEnc := contentenc.New(cryptoCore, contentenc.DefaultBS)
nameTransform := nametransform.New(cryptoCore, args.LongNames)
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-31 12:44:43 +0000