refactor({box,unbox}.js): ensure nonce and key are truncated to corre…

…ct size
AraBlocks · Apr 2, 2021 · 5108c27 · 5108c27
1 parent 5892d44
commit 5108c27
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 4 deletions.
diff --git a/box.js b/box.js
@@ -5,6 +5,7 @@ const split = require('split-buffer')
 
 /* eslint-disable camelcase */
 const {
+ crypto_secretbox_NONCEBYTES,
  crypto_secretbox_KEYBYTES,
  crypto_secretbox_MACBYTES,
 
@@ -55,6 +56,10 @@ function box(buffer, opts) {
  throw new TypeError('crypto.box: Expecting secret key.')
  }
 
+ // truncate key and nonce
+ nonce = nonce.slice(0, crypto_secretbox_NONCEBYTES)
+ key = key.slice(0, crypto_secretbox_KEYBYTES)
+
  // ephemeral nonces used for header and body buffer boxing
  const nonces = [ copy(nonce), increment(copy(nonce)) ]
 

diff --git a/unbox.js b/unbox.js
@@ -4,9 +4,9 @@ const through = require('through2')
 
 /* eslint-disable camelcase */
 const {
+ crypto_secretbox_NONCEBYTES,
  crypto_secretbox_KEYBYTES,
  crypto_secretbox_MACBYTES,
- crypto_secretbox_NONCEBYTES,
 
  crypto_secretbox_open_easy,
 } = require('./sodium')
@@ -47,15 +47,17 @@ function unbox(buffer, opts) {
  if (false === isBuffer(key)) {
  throw new TypeError('crypto.unbox: Expecting secret key.')
  }
-
+
+ nonce = nonce.slice(0, crypto_secretbox_NONCEBYTES)
  key = key.slice(0, crypto_secretbox_KEYBYTES)
+
  const nonces = [ copy(nonce), increment(copy(nonce)) ]
  const header = Buffer.allocUnsafe(2 + crypto_secretbox_MACBYTES)
 
  crypto_secretbox_open_easy(
  header,
  buffer.slice(0, 2 + (2 * crypto_secretbox_MACBYTES)),
- nonces[0].slice(0, crypto_secretbox_NONCEBYTES),
+ nonces[0],
  key
  )
 
@@ -77,7 +79,7 @@ function unbox(buffer, opts) {
  crypto_secretbox_open_easy(
  unboxed,
  combined,
- nonces[1].slice(0, crypto_secretbox_NONCEBYTES),
+ nonces[1],
  key
  )