From 033d2944e50e2d9e10d6157bd851da5812c946b7 Mon Sep 17 00:00:00 2001
From: Brandon Plaster <brandon.a.plaster@gmail.com>
Date: Thu, 1 Apr 2021 15:22:46 -0600
Subject: [PATCH] fix: unbox nonce and key length

---
 unbox.js | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/unbox.js b/unbox.js
index eb3c79d..b691ab0 100644
--- a/unbox.js
+++ b/unbox.js
@@ -6,6 +6,7 @@ const through = require('through2')
 const {
   crypto_secretbox_KEYBYTES,
   crypto_secretbox_MACBYTES,
+  crypto_secretbox_NONCEBYTES,
 
   crypto_secretbox_open_easy,
 } = require('./sodium')
@@ -46,14 +47,15 @@ function unbox(buffer, opts) {
   if (false === isBuffer(key)) {
     throw new TypeError('crypto.unbox: Expecting secret key.')
   }
-
+  
+  key = key.slice(0, crypto_secretbox_KEYBYTES)
   const nonces = [ copy(nonce), increment(copy(nonce)) ]
   const header = Buffer.allocUnsafe(2 + crypto_secretbox_MACBYTES)
 
   crypto_secretbox_open_easy(
     header,
     buffer.slice(0, 2 + (2 * crypto_secretbox_MACBYTES)),
-    nonces[0],
+    nonces[0].slice(0, crypto_secretbox_NONCEBYTES),
     key
   )
 
@@ -75,7 +77,7 @@ function unbox(buffer, opts) {
   crypto_secretbox_open_easy(
     unboxed,
     combined,
-    nonces[1],
+    nonces[1].slice(0, crypto_secretbox_NONCEBYTES),
     key
   )