reverse: add panics against API abuse

These should help prevent later programming errors.
2016-10-09 17:05:12 +02:00 · 2016-10-09 17:05:12 +02:00 · d3b78fea95
commit d3b78fea95
parent f754c8a200
2 changed files with 10 additions and 2 deletions
--- a/internal/cryptocore/cryptocore.go
+++ b/internal/cryptocore/cryptocore.go
@ -72,6 +72,10 @@ func New(key []byte, backend BackendTypeEnum, IVBitLen int) *CryptoCore {
 	case BackendGoGCM:
 		aeadCipher, err = goGCMWrapper(blockCipher, IVLen)
 	case BackendAESSIV:
 		if IVLen != 16 {
 			// SIV supports any nonce size, but we only use 16.
 			panic("AES-SIV must use 16-byte nonces")
 		}
 		// AES-SIV uses 1/2 of the key for authentication, 1/2 for
 		// encryption, so we need a 64-bytes key for AES-256. Derive it from
 		// the master key by hashing it with SHA-512.
--- a/internal/fusefrontend_reverse/rfs.go
+++ b/internal/fusefrontend_reverse/rfs.go
@ -46,10 +46,14 @@ type reverseFS struct {
 var _ pathfs.FileSystem = &reverseFS{}
-// NewFS returns an encrypted FUSE overlay filesystem
+// NewFS returns an encrypted FUSE overlay filesystem.
 // In this case (reverse mode) the backing directory is plain-text and
 // reverseFS provides an encrypted view.
 func NewFS(args fusefrontend.Args) pathfs.FileSystem {
 	if args.CryptoBackend != cryptocore.BackendAESSIV {
 		panic("reverse mode must use AES-SIV, everything else is insecure")
 	}
 	initLongnameCache()
 	cryptoCore := cryptocore.New(args.Masterkey, args.CryptoBackend, contentenc.DefaultIVBits)
 	contentEnc := contentenc.New(cryptoCore, contentenc.DefaultBS)
 	nameTransform := nametransform.New(cryptoCore, args.LongNames)