diff options
author | Jakob Unterwurzacher | 2015-10-06 20:51:35 +0200 |
---|---|---|
committer | Jakob Unterwurzacher | 2015-10-06 20:51:35 +0200 |
commit | 5c6df490678e7dc1aa7a09425d2fdf14fb13f7be (patch) | |
tree | da8605df2afc139fbdf4d82a9ebbfd61593af01d /cryptfs | |
parent | 39ea272e233504a710ce6885434984b2f45fb398 (diff) |
Switch to AES-256
AES-256 seems to be becoming the industry standard. While AES-128 is
good enough for tens of years to come, let's follow suit and be extra
safe.
Diffstat (limited to 'cryptfs')
-rw-r--r-- | cryptfs/cryptfs.go | 6 | ||||
-rw-r--r-- | cryptfs/openssl_aead.go | 6 |
2 files changed, 5 insertions, 7 deletions
diff --git a/cryptfs/cryptfs.go b/cryptfs/cryptfs.go index 214ea10..d7d1516 100644 --- a/cryptfs/cryptfs.go +++ b/cryptfs/cryptfs.go @@ -10,7 +10,7 @@ import ( const ( DEFAULT_PLAINBS = 4096 - KEY_LEN = 16 + KEY_LEN = 32 // AES-256 NONCE_LEN = 12 AUTH_TAG_LEN = 16 FILEID_LEN = 16 @@ -38,9 +38,7 @@ func NewCryptFS(key []byte, useOpenssl bool) *CryptFS { var gcm cipher.AEAD if useOpenssl { - var k16 [16]byte - copy(k16[:], key) - gcm = opensslGCM{k16} + gcm = opensslGCM{key} } else { gcm, err = cipher.NewGCM(b) if err != nil { diff --git a/cryptfs/openssl_aead.go b/cryptfs/openssl_aead.go index f73924d..9baa6d5 100644 --- a/cryptfs/openssl_aead.go +++ b/cryptfs/openssl_aead.go @@ -8,7 +8,7 @@ import ( ) type opensslGCM struct { - key [16]byte + key []byte } func (be opensslGCM) Overhead() int { @@ -27,7 +27,7 @@ func (be opensslGCM) Seal(dst, nonce, plaintext, data []byte) []byte { cipherBuf := bytes.NewBuffer(dst) - ectx, err := openssl.NewGCMEncryptionCipherCtx(128, nil, be.key[:], nonce[:]) + ectx, err := openssl.NewGCMEncryptionCipherCtx(KEY_LEN*8, nil, be.key, nonce) if err != nil { panic(err) } @@ -72,7 +72,7 @@ func (be opensslGCM) Open(dst, nonce, ciphertext, data []byte) ([]byte, error) { ciphertext = ciphertext[0 : l-AUTH_TAG_LEN] plainBuf := bytes.NewBuffer(dst) - dctx, err := openssl.NewGCMDecryptionCipherCtx(128, nil, be.key[:], nonce[:]) + dctx, err := openssl.NewGCMDecryptionCipherCtx(KEY_LEN*8, nil, be.key, nonce) if err != nil { return nil, err } |