Switch to AES-256

AES-256 seems to be becoming the industry standard. While AES-128 is good enough for tens of years to come, let's follow suit and be extra safe.
author: Jakob Unterwurzacher 2015-10-06 20:51:35 +0200
committer: Jakob Unterwurzacher 2015-10-06 20:51:35 +0200
commit: 5c6df490678e7dc1aa7a09425d2fdf14fb13f7be (patch)
tree: da8605df2afc139fbdf4d82a9ebbfd61593af01d /cryptfs/openssl_aead.go
parent: 39ea272e233504a710ce6885434984b2f45fb398 (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/cryptfs/openssl_aead.go b/cryptfs/openssl_aead.go
index f73924d..9baa6d5 100644
--- a/cryptfs/openssl_aead.go
+++ b/cryptfs/openssl_aead.go
@@ -8,7 +8,7 @@ import (
 )
 
 type opensslGCM struct {
-	key [16]byte
+	key []byte
 }
 
 func (be opensslGCM) Overhead() int {
@@ -27,7 +27,7 @@ func (be opensslGCM) Seal(dst, nonce, plaintext, data []byte) []byte {
 
 	cipherBuf := bytes.NewBuffer(dst)
 
-	ectx, err := openssl.NewGCMEncryptionCipherCtx(128, nil, be.key[:], nonce[:])
+	ectx, err := openssl.NewGCMEncryptionCipherCtx(KEY_LEN*8, nil, be.key, nonce)
 	if err != nil {
 		panic(err)
 	}
@@ -72,7 +72,7 @@ func (be opensslGCM) Open(dst, nonce, ciphertext, data []byte) ([]byte, error) {
 	ciphertext = ciphertext[0 : l-AUTH_TAG_LEN]
 	plainBuf := bytes.NewBuffer(dst)
 
-	dctx, err := openssl.NewGCMDecryptionCipherCtx(128, nil, be.key[:], nonce[:])
+	dctx, err := openssl.NewGCMDecryptionCipherCtx(KEY_LEN*8, nil, be.key, nonce)
 	if err != nil {
 		return nil, err
 	}
author	Jakob Unterwurzacher	2015-10-06 20:51:35 +0200
committer	Jakob Unterwurzacher	2015-10-06 20:51:35 +0200
commit	5c6df490678e7dc1aa7a09425d2fdf14fb13f7be (patch)
tree	da8605df2afc139fbdf4d82a9ebbfd61593af01d /cryptfs/openssl_aead.go
parent	39ea272e233504a710ce6885434984b2f45fb398 (diff)