reverse: add panics against API abuse

These should help prevent later programming errors.
This commit is contained in:
Jakob Unterwurzacher 2016-10-09 17:05:12 +02:00
parent f754c8a200
commit d3b78fea95
2 changed files with 10 additions and 2 deletions

View File

@ -72,6 +72,10 @@ func New(key []byte, backend BackendTypeEnum, IVBitLen int) *CryptoCore {
case BackendGoGCM:
aeadCipher, err = goGCMWrapper(blockCipher, IVLen)
case BackendAESSIV:
if IVLen != 16 {
// SIV supports any nonce size, but we only use 16.
panic("AES-SIV must use 16-byte nonces")
}
// AES-SIV uses 1/2 of the key for authentication, 1/2 for
// encryption, so we need a 64-bytes key for AES-256. Derive it from
// the master key by hashing it with SHA-512.

View File

@ -46,10 +46,14 @@ type reverseFS struct {
var _ pathfs.FileSystem = &reverseFS{}
// NewFS returns an encrypted FUSE overlay filesystem
// NewFS returns an encrypted FUSE overlay filesystem.
// In this case (reverse mode) the backing directory is plain-text and
// reverseFS provides an encrypted view.
func NewFS(args fusefrontend.Args) pathfs.FileSystem {
if args.CryptoBackend != cryptocore.BackendAESSIV {
panic("reverse mode must use AES-SIV, everything else is insecure")
}
initLongnameCache()
cryptoCore := cryptocore.New(args.Masterkey, args.CryptoBackend, contentenc.DefaultIVBits)
contentEnc := contentenc.New(cryptoCore, contentenc.DefaultBS)
nameTransform := nametransform.New(cryptoCore, args.LongNames)