From d3b78fea959dfb0e1c1f5079ae516303bdb9a0f8 Mon Sep 17 00:00:00 2001
From: Jakob Unterwurzacher
Date: Sun, 9 Oct 2016 17:05:12 +0200
Subject: reverse: add panics against API abuse

These should help prevent later programming errors.
---
 internal/fusefrontend_reverse/rfs.go | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'internal/fusefrontend_reverse')

diff --git a/internal/fusefrontend_reverse/rfs.go b/internal/fusefrontend_reverse/rfs.go
index bc8a535..35e9e50 100644
--- a/internal/fusefrontend_reverse/rfs.go
+++ b/internal/fusefrontend_reverse/rfs.go
@@ -46,10 +46,14 @@ type reverseFS struct {
 
 var _ pathfs.FileSystem = &reverseFS{}
 
-// NewFS returns an encrypted FUSE overlay filesystem
+// NewFS returns an encrypted FUSE overlay filesystem.
+// In this case (reverse mode) the backing directory is plain-text and
+// reverseFS provides an encrypted view.
 func NewFS(args fusefrontend.Args) pathfs.FileSystem {
+	if args.CryptoBackend != cryptocore.BackendAESSIV {
+		panic("reverse mode must use AES-SIV, everything else is insecure")
+	}
 	initLongnameCache()
-
 	cryptoCore := cryptocore.New(args.Masterkey, args.CryptoBackend, contentenc.DefaultIVBits)
 	contentEnc := contentenc.New(cryptoCore, contentenc.DefaultBS)
 	nameTransform := nametransform.New(cryptoCore, args.LongNames)
-- 
cgit v1.2.3