2 files changed, 29 insertions, 15 deletions

diff --git a/internal/fusefrontend_reverse/rfile.go b/internal/fusefrontend_reverse/rfile.go
index b19ad5e..530547a 100644
--- a/internal/fusefrontend_reverse/rfile.go
+++ b/internal/fusefrontend_reverse/rfile.go
@@ -33,11 +33,6 @@ type reverseFile struct {
 
 var inodeTable syncmap.Map
 
-type derivedIVContainer struct {
-	id       []byte
-	block0IV []byte
-}
-
 func (rfs *ReverseFS) newFile(relPath string, flags uint32) (nodefs.File, fuse.Status) {
 	absPath, err := rfs.abs(rfs.decryptPath(relPath))
 	if err != nil {
@@ -55,14 +50,13 @@ func (rfs *ReverseFS) newFile(relPath string, flags uint32) (nodefs.File, fuse.S
 	}
 	// See if we have that inode number already in the table
 	// (even if Nlink has dropped to 1)
-	var derivedIVs derivedIVContainer
+	var derivedIVs pathiv.FileIVs
 	v, found := inodeTable.Load(st.Ino)
 	if found {
 		tlog.Debug.Printf("ino%d: newFile: found in the inode table", st.Ino)
-		derivedIVs = v.(derivedIVContainer)
+		derivedIVs = v.(pathiv.FileIVs)
 	} else {
-		derivedIVs.id = pathiv.Derive(relPath, pathiv.PurposeFileID)
-		derivedIVs.block0IV = pathiv.Derive(relPath, pathiv.PurposeBlock0IV)
+		derivedIVs = pathiv.DeriveFile(relPath)
 		// Nlink > 1 means there is more than one path to this file.
 		// Store the derived values so we always return the same data,
 		// regardless of the path that is used to access the file.
@@ -71,7 +65,7 @@ func (rfs *ReverseFS) newFile(relPath string, flags uint32) (nodefs.File, fuse.S
 			v, found = inodeTable.LoadOrStore(st.Ino, derivedIVs)
 			if found {
 				// Another thread has stored a different value before we could.
-				derivedIVs = v.(derivedIVContainer)
+				derivedIVs = v.(pathiv.FileIVs)
 			} else {
 				tlog.Debug.Printf("ino%d: newFile: Nlink=%d, stored in the inode table", st.Ino, st.Nlink)
 			}
@@ -79,13 +73,13 @@ func (rfs *ReverseFS) newFile(relPath string, flags uint32) (nodefs.File, fuse.S
 	}
 	header := contentenc.FileHeader{
 		Version: contentenc.CurrentVersion,
-		ID:      derivedIVs.id,
+		ID:      derivedIVs.ID,
 	}
 	return &reverseFile{
 		File:       nodefs.NewDefaultFile(),
 		fd:         fd,
 		header:     header,
-		block0IV:   derivedIVs.block0IV,
+		block0IV:   derivedIVs.Block0IV,
 		contentEnc: rfs.contentEnc,
 	}, fuse.OK
 }
diff --git a/internal/pathiv/pathiv.go b/internal/pathiv/pathiv.go
index d2d90a2..aa11b75 100644
--- a/internal/pathiv/pathiv.go
+++ b/internal/pathiv/pathiv.go
@@ -6,13 +6,19 @@ import (
 	"github.com/rfjakob/gocryptfs/internal/nametransform"
 )
 
+// Purpose identifies for which purpose the IV will be used. This is mixed into the
+// derivation.
 type Purpose string
 
 const (
-	PurposeDirIV     Purpose = "DIRIV"
-	PurposeFileID    Purpose = "FILEID"
+	// PurposeDirIV means the value will be used as a directory IV
+	PurposeDirIV Purpose = "DIRIV"
+	// PurposeFileID means the value will be used as the file ID in the file header
+	PurposeFileID Purpose = "FILEID"
+	// PurposeSymlinkIV means the value will be used as the IV for symlink encryption
 	PurposeSymlinkIV Purpose = "SYMLINKIV"
-	PurposeBlock0IV  Purpose = "BLOCK0IV"
+	// PurposeBlock0IV means the value will be used as the IV of ciphertext block #0.
+	PurposeBlock0IV Purpose = "BLOCK0IV"
 )
 
 // Derive derives an IV from an encrypted path by hashing it with sha256
@@ -22,3 +28,17 @@ func Derive(path string, purpose Purpose) []byte {
 	hash := sha256.Sum256(extended)
 	return hash[:nametransform.DirIVLen]
 }
+
+// FileIVs contains both IVs that are needed to create a file.
+type FileIVs struct {
+	ID       []byte
+	Block0IV []byte
+}
+
+// DeriveFile derives both IVs that are needed to create a file and returns them
+// in a container struct.
+func DeriveFile(path string) (fileIVs FileIVs) {
+	fileIVs.ID = Derive(path, PurposeFileID)
+	fileIVs.Block0IV = Derive(path, PurposeBlock0IV)
+	return fileIVs
+}