4 files changed, 37 insertions, 21 deletions
diff --git a/internal/configfile/config_file.go b/internal/configfile/config_file.go
index 9152523..79960e4 100644
--- a/internal/configfile/config_file.go
+++ b/internal/configfile/config_file.go
@@ -14,31 +14,35 @@ import (
 import "os"
 
 const (
+	// ConfDefaultName is the default configuration file name.
 	// The dot "." is not used in base64url (RFC4648), hence
 	// we can never clash with an encrypted file.
 	ConfDefaultName = "gocryptfs.conf"
-	// In reverse mode, the config file gets stored next to the plain-text
-	// files. Make it hidden (start with dot) to not annoy the user.
+	// ConfReverseName is the default configuration file name in reverse mode,
+	// the config file gets stored next to the plain-text files. Make it hidden
+	// (start with dot) to not annoy the user.
 	ConfReverseName = ".gocryptfs.reverse.conf"
 )
 
+// ConfFile is the content of a config file.
 type ConfFile struct {
-	// gocryptfs version string
+	// Creator is the gocryptfs version string.
 	// This only documents the config file for humans who look at it. The actual
 	// technical info is contained in FeatureFlags.
 	Creator string
-	// Encrypted AES key, unlocked using a password hashed with scrypt
+	// EncryptedKey holds an encrypted AES key, unlocked using a password
+	// hashed with scrypt
 	EncryptedKey []byte
-	// Stores parameters for scrypt hashing (key derivation)
-	ScryptObject scryptKdf
-	// The On-Disk-Format version this filesystem uses
+	// ScryptObject stores parameters for scrypt hashing (key derivation)
+	ScryptObject ScryptKDF
+	// Version is the On-Disk-Format version this filesystem uses
 	Version uint16
-	// List of feature flags this filesystem has enabled.
+	// FeatureFlags is a list of feature flags this filesystem has enabled.
 	// If gocryptfs encounters a feature flag it does not support, it will refuse
 	// mounting. This mechanism is analogous to the ext4 feature flags that are
 	// stored in the superblock.
 	FeatureFlags []string
-	// File the config is saved to. Not exported to JSON.
+	// Filename is the name of the config file. Not exported to JSON.
 	filename string
 }
 
@@ -162,7 +166,7 @@ func LoadConfFile(filename string, password string) ([]byte, *ConfFile, error) {
 // cf.ScryptObject.
 func (cf *ConfFile) EncryptKey(key []byte, password string, logN int) {
 	// Generate derived key from password
-	cf.ScryptObject = NewScryptKdf(logN)
+	cf.ScryptObject = NewScryptKDF(logN)
 	scryptHash := cf.ScryptObject.DeriveKey(password)
 
 	// Lock master key using password-based key
diff --git a/internal/configfile/feature_flags.go b/internal/configfile/feature_flags.go
index ad7bec1..d3601b1 100644
--- a/internal/configfile/feature_flags.go
+++ b/internal/configfile/feature_flags.go
@@ -3,16 +3,24 @@ package configfile
 type flagIota int
 
 const (
+	// FlagPlaintextNames indicates that filenames are unencrypted.
 	FlagPlaintextNames flagIota = iota
+	// FlagDirIV indicates that a per-directory IV file is used.
 	FlagDirIV
+	// FlagEMENames indicates EME (ECB-Mix-ECB) filename encryption.
+	// This flag is mandatory since gocryptfs v1.0.
 	FlagEMENames
+	// FlagGCMIV128 indicates 128-bit GCM IVs.
+	// This flag is mandatory since gocryptfs v1.0.
 	FlagGCMIV128
+	// FlagLongNames allows file names longer than 176 bytes.
 	FlagLongNames
+	// FlagAESSIV selects an AES-SIV based crypto backend.
 	FlagAESSIV
 )
 
 // knownFlags stores the known feature flags and their string representation
-var knownFlags map[flagIota]string = map[flagIota]string{
+var knownFlags = map[flagIota]string{
 	FlagPlaintextNames: "PlaintextNames",
 	FlagDirIV:          "DirIV",
 	FlagEMENames:       "EMENames",
@@ -22,7 +30,7 @@ var knownFlags map[flagIota]string = map[flagIota]string{
 }
 
 // Filesystems that do not have these feature flags set are deprecated.
-var requiredFlagsNormal []flagIota = []flagIota{
+var requiredFlagsNormal = []flagIota{
 	FlagDirIV,
 	FlagEMENames,
 	FlagGCMIV128,
@@ -30,11 +38,11 @@ var requiredFlagsNormal []flagIota = []flagIota{
 
 // Filesystems without filename encryption obviously don't have or need the
 // filename related feature flags.
-var requiredFlagsPlaintextNames []flagIota = []flagIota{
+var requiredFlagsPlaintextNames = []flagIota{
 	FlagGCMIV128,
 }
 
-// isFeatureFlagKnown verifies that we understand a feature flag
+// isFeatureFlagKnown verifies that we understand a feature flag.
 func (cf *ConfFile) isFeatureFlagKnown(flag string) bool {
 	for _, knownFlag := range knownFlags {
 		if knownFlag == flag {
@@ -44,7 +52,7 @@ func (cf *ConfFile) isFeatureFlagKnown(flag string) bool {
 	return false
 }
 
-// isFeatureFlagSet - is the feature flag "flagWant" enabled?
+// IsFeatureFlagSet returns true if the feature flag "flagWant" is enabled.
 func (cf *ConfFile) IsFeatureFlagSet(flagWant flagIota) bool {
 	flagString := knownFlags[flagWant]
 	for _, flag := range cf.FeatureFlags {
diff --git a/internal/configfile/kdf.go b/internal/configfile/kdf.go
index ca87975..31bcbe4 100644
--- a/internal/configfile/kdf.go
+++ b/internal/configfile/kdf.go
@@ -12,12 +12,14 @@ import (
 )
 
 const (
+	// ScryptDefaultLogN is the default scrypt logN configuration parameter.
 	// 1 << 16 uses 64MB of memory,
 	// takes 4 seconds on my Atom Z3735F netbook
 	ScryptDefaultLogN = 16
 )
 
-type scryptKdf struct {
+// ScryptKDF is an instance of the scrypt key deriviation function.
+type ScryptKDF struct {
 	Salt   []byte
 	N      int
 	R      int
@@ -25,8 +27,9 @@ type scryptKdf struct {
 	KeyLen int
 }
 
-func NewScryptKdf(logN int) scryptKdf {
-	var s scryptKdf
+// NewScryptKDF returns a new instance of ScryptKDF.
+func NewScryptKDF(logN int) ScryptKDF {
+	var s ScryptKDF
 	s.Salt = cryptocore.RandBytes(cryptocore.KeyLen)
 	if logN <= 0 {
 		s.N = 1 << ScryptDefaultLogN
@@ -43,7 +46,8 @@ func NewScryptKdf(logN int) scryptKdf {
 	return s
 }
 
-func (s *scryptKdf) DeriveKey(pw string) []byte {
+// DeriveKey returns a new key from a supplied password.
+func (s *ScryptKDF) DeriveKey(pw string) []byte {
 	k, err := scrypt.Key([]byte(pw), s.Salt, s.N, s.R, s.P, s.KeyLen)
 	if err != nil {
 		log.Panicf("DeriveKey failed: %v", err)
@@ -53,6 +57,6 @@ func (s *scryptKdf) DeriveKey(pw string) []byte {
 
 // LogN - N is saved as 2^LogN, but LogN is much easier to work with.
 // This function gives you LogN = Log2(N).
-func (s *scryptKdf) LogN() int {
+func (s *ScryptKDF) LogN() int {
 	return int(math.Log2(float64(s.N)) + 0.5)
 }
diff --git a/internal/configfile/kdf_test.go b/internal/configfile/kdf_test.go
index bc095ab..c1a656a 100644
--- a/internal/configfile/kdf_test.go
+++ b/internal/configfile/kdf_test.go
@@ -21,7 +21,7 @@ ok  	github.com/rfjakob/gocryptfs/cryptfs	18.772s
 */
 
 func benchmarkScryptN(n int, b *testing.B) {
-	kdf := NewScryptKdf(n)
+	kdf := NewScryptKDF(n)
 	for i := 0; i < b.N; i++ {
 		kdf.DeriveKey("test")
 	}