From a2510efe12d2720399afcd8baea0c6634d4779e6 Mon Sep 17 00:00:00 2001
From: Jakob Unterwurzacher
Date: Thu, 29 Sep 2016 21:29:45 +0200
Subject: reverse: use per-purpose nonce generation

Also pull all the deterministic nonce code into fusefrontend_reverse
to greatly simplify the normal code path.
---
 internal/fusefrontend_reverse/rfs.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'internal/fusefrontend_reverse/rfs.go')

diff --git a/internal/fusefrontend_reverse/rfs.go b/internal/fusefrontend_reverse/rfs.go
index 8411461..1b5e812 100644
--- a/internal/fusefrontend_reverse/rfs.go
+++ b/internal/fusefrontend_reverse/rfs.go
@@ -254,7 +254,7 @@ func (rfs *reverseFS) OpenDir(cipherPath string, context *fuse.Context) ([]fuse.
 	nVirtual := 1
 
 	// Encrypt names
-	dirIV := derivePathIV(cipherPath)
+	dirIV := derivePathIV(cipherPath, ivPurposeDirIV)
 	for i := range entries {
 		var cName string
 		// ".gocryptfs.reverse.conf" in the root directory is mapped to "gocryptfs.conf"
@@ -296,9 +296,9 @@ func (rfs *reverseFS) Readlink(cipherPath string, context *fuse.Context) (string
 	if rfs.args.PlaintextNames {
 		return plainTarget, fuse.OK
 	}
-	nonce := derivePathIV(cipherPath)
+	nonce := derivePathIV(cipherPath, ivPurposeSymlinkIV)
 	// Symlinks are encrypted like file contents and base64-encoded
-	cBinTarget := rfs.contentEnc.EncryptBlock([]byte(plainTarget), 0, nil, contentenc.ExternalNonce, nonce)
+	cBinTarget := rfs.contentEnc.EncryptBlockNonce([]byte(plainTarget), 0, nil, nonce)
 	cTarget := base64.URLEncoding.EncodeToString(cBinTarget)
 	return cTarget, fuse.OK
 }
-- 
cgit v1.2.3