1 files changed, 23 insertions, 3 deletions

diff --git a/internal/pathiv/pathiv.go b/internal/pathiv/pathiv.go
index d2d90a2..aa11b75 100644
--- a/internal/pathiv/pathiv.go
+++ b/internal/pathiv/pathiv.go
@@ -6,13 +6,19 @@ import (
 	"github.com/rfjakob/gocryptfs/internal/nametransform"
 )
 
+// Purpose identifies for which purpose the IV will be used. This is mixed into the
+// derivation.
 type Purpose string
 
 const (
-	PurposeDirIV     Purpose = "DIRIV"
-	PurposeFileID    Purpose = "FILEID"
+	// PurposeDirIV means the value will be used as a directory IV
+	PurposeDirIV Purpose = "DIRIV"
+	// PurposeFileID means the value will be used as the file ID in the file header
+	PurposeFileID Purpose = "FILEID"
+	// PurposeSymlinkIV means the value will be used as the IV for symlink encryption
 	PurposeSymlinkIV Purpose = "SYMLINKIV"
-	PurposeBlock0IV  Purpose = "BLOCK0IV"
+	// PurposeBlock0IV means the value will be used as the IV of ciphertext block #0.
+	PurposeBlock0IV Purpose = "BLOCK0IV"
 )
 
 // Derive derives an IV from an encrypted path by hashing it with sha256
@@ -22,3 +28,17 @@ func Derive(path string, purpose Purpose) []byte {
 	hash := sha256.Sum256(extended)
 	return hash[:nametransform.DirIVLen]
 }
+
+// FileIVs contains both IVs that are needed to create a file.
+type FileIVs struct {
+	ID       []byte
+	Block0IV []byte
+}
+
+// DeriveFile derives both IVs that are needed to create a file and returns them
+// in a container struct.
+func DeriveFile(path string) (fileIVs FileIVs) {
+	fileIVs.ID = Derive(path, PurposeFileID)
+	fileIVs.Block0IV = Derive(path, PurposeBlock0IV)
+	return fileIVs
+}