vault: Allow AES key to be up to 256 bits. Fixes #7

2015-04-15 13:33:28 -07:00 · 2015-04-15 13:33:28 -07:00 · 3ee434a783
parent 1943ca2536
commit 3ee434a783
1 changed files with 4 additions and 3 deletions
--- a/vault/barrier_aes_gcm.go
+++ b/vault/barrier_aes_gcm.go
@ -68,8 +68,9 @@ func (b *AESGCMBarrier) Initialized() (bool, error) {
 // and makes use of the given master key.
 func (b *AESGCMBarrier) Initialize(key []byte) error {
 	// Verify the key size
-	if len(key) != aes.BlockSize {
-		return fmt.Errorf("Key size must be %d", aes.BlockSize)
+	min, max := b.KeyLength()
+	if len(key) < min || len(key) > max {
+		return fmt.Errorf("Key size must be between [%d, %d]", min, max)
 	}

 	// Check if already initialized
@ -126,7 +127,7 @@ func (b *AESGCMBarrier) GenerateKey() ([]byte, error) {

 // KeyLength is used to sanity check a key
 func (b *AESGCMBarrier) KeyLength() (int, int) {
-	return aes.BlockSize, aes.BlockSize
+	return aes.BlockSize, 2 * aes.BlockSize
 }

 // Sealed checks if the barrier has been unlocked yet. The Barrier