From d0bc7970f721cee607d993406d97d32e2c660abe Mon Sep 17 00:00:00 2001
From: Jakob Unterwurzacher
Date: Sun, 5 Mar 2017 21:59:55 +0100
Subject: full stack: implement HKDF support

...but keep it disabled by default for new filesystems.

We are still missing an example filesystem and CLI arguments
to explicitely enable and disable it.
---
 internal/fusefrontend_reverse/rfs.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'internal/fusefrontend_reverse')

diff --git a/internal/fusefrontend_reverse/rfs.go b/internal/fusefrontend_reverse/rfs.go
index 55431b6..1bcbe45 100644
--- a/internal/fusefrontend_reverse/rfs.go
+++ b/internal/fusefrontend_reverse/rfs.go
@@ -57,7 +57,7 @@ func NewFS(args fusefrontend.Args) *ReverseFS {
 		log.Panic("reverse mode must use AES-SIV, everything else is insecure")
 	}
 	initLongnameCache()
-	cryptoCore := cryptocore.New(args.Masterkey, args.CryptoBackend, contentenc.DefaultIVBits)
+	cryptoCore := cryptocore.New(args.Masterkey, args.CryptoBackend, contentenc.DefaultIVBits, args.HKDF)
 	contentEnc := contentenc.New(cryptoCore, contentenc.DefaultBS)
 	nameTransform := nametransform.New(cryptoCore.EMECipher, args.LongNames, args.Raw64)
 
-- 
cgit v1.2.3