From 5159d68fa9fd19af274acc6696a8974242024a8f Mon Sep 17 00:00:00 2001
From: Jim Pick <jim@backblend.com>
Date: Fri, 2 Mar 2018 21:03:48 -0800
Subject: [PATCH] In kdf, truncate key before passing to blake to match
 sodium-native behaviour

Currently, sodium-native and sodium-javascript are returning different
hashes. The code in hyperdrive passes a 64 byte secret key to the kdf,
but only 32 bytes are used by the native version, but all 64 bytes are
used in the javascript version. As a result, hyperdrive secret keys
can't be imported/exported across the two sodium implementations.

https://gist.github.com/jimpick/3e869522eddaad77ac1bc9e64f36e1a7
---
 crypto_kdf.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto_kdf.js b/crypto_kdf.js
index 2704e36..a9dd697 100644
--- a/crypto_kdf.js
+++ b/crypto_kdf.js
@@ -29,7 +29,7 @@ module.exports.crypto_kdf_derive_from_key = function crypto_kdf_derive_from_key
   STORE64_LE(salt, subkey_id)
 
   var outlen = Math.min(subkey.length, module.exports.crypto_kdf_BYTES_MAX)
-  blake2b(outlen, key, salt, ctx_padded, true)
+  blake2b(outlen, key.slice(0, blake2b.KEYBYTES), salt, ctx_padded, true)
     .final(subkey)
 }