From 5108c270db5cf85088f7edf0768645ff4ede4dcc Mon Sep 17 00:00:00 2001
From: Joseph Werle <joseph.werle@gmail.com>
Date: Fri, 2 Apr 2021 12:27:32 -0400
Subject: [PATCH 1/2] refactor({box,unbox}.js): ensure nonce and key are
 truncated to correct size

---
 box.js   |  5 +++++
 unbox.js | 10 ++++++----
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/box.js b/box.js
index c096a71..172a5ff 100644
--- a/box.js
+++ b/box.js
@@ -5,6 +5,7 @@ const split = require('split-buffer')
 
 /* eslint-disable camelcase */
 const {
+  crypto_secretbox_NONCEBYTES,
   crypto_secretbox_KEYBYTES,
   crypto_secretbox_MACBYTES,
 
@@ -55,6 +56,10 @@ function box(buffer, opts) {
     throw new TypeError('crypto.box: Expecting secret key.')
   }
 
+  // truncate key and nonce
+  nonce = nonce.slice(0, crypto_secretbox_NONCEBYTES)
+  key = key.slice(0, crypto_secretbox_KEYBYTES)
+
   // ephemeral nonces used for header and body buffer boxing
   const nonces = [ copy(nonce), increment(copy(nonce)) ]
 
diff --git a/unbox.js b/unbox.js
index b691ab0..11f0c44 100644
--- a/unbox.js
+++ b/unbox.js
@@ -4,9 +4,9 @@ const through = require('through2')
 
 /* eslint-disable camelcase */
 const {
+  crypto_secretbox_NONCEBYTES,
   crypto_secretbox_KEYBYTES,
   crypto_secretbox_MACBYTES,
-  crypto_secretbox_NONCEBYTES,
 
   crypto_secretbox_open_easy,
 } = require('./sodium')
@@ -47,15 +47,17 @@ function unbox(buffer, opts) {
   if (false === isBuffer(key)) {
     throw new TypeError('crypto.unbox: Expecting secret key.')
   }
-  
+
+  nonce = nonce.slice(0, crypto_secretbox_NONCEBYTES)
   key = key.slice(0, crypto_secretbox_KEYBYTES)
+
   const nonces = [ copy(nonce), increment(copy(nonce)) ]
   const header = Buffer.allocUnsafe(2 + crypto_secretbox_MACBYTES)
 
   crypto_secretbox_open_easy(
     header,
     buffer.slice(0, 2 + (2 * crypto_secretbox_MACBYTES)),
-    nonces[0].slice(0, crypto_secretbox_NONCEBYTES),
+    nonces[0],
     key
   )
 
@@ -77,7 +79,7 @@ function unbox(buffer, opts) {
   crypto_secretbox_open_easy(
     unboxed,
     combined,
-    nonces[1].slice(0, crypto_secretbox_NONCEBYTES),
+    nonces[1],
     key
   )
 

From 3b393523c682c8859c43057a6745202f61509201 Mon Sep 17 00:00:00 2001
From: Joseph Werle <joseph.werle@gmail.com>
Date: Fri, 2 Apr 2021 12:27:44 -0400
Subject: [PATCH 2/2] chore(release): 0.9.3 :tada:

---
 CHANGELOG.md | 4 ++++
 package.json | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1257e4d..71211a4 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,7 @@
+## [0.9.3](https://github.com/AraBlocks/ara-crypto/compare/0.9.2...0.9.3) (2021-04-02)
+
+
+
 ## [0.9.2](https://github.com/AraBlocks/ara-crypto/compare/0.9.1...0.9.2) (2021-04-02)
 
 
diff --git a/package.json b/package.json
index 8e7a036..edf0de4 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "ara-crypto",
-  "version": "0.9.2",
+  "version": "0.9.3",
   "description": "Cryptographic functions used in Ara modules",
   "main": "index.js",
   "scripts": {