In kdf, truncate key before passing to blake to match sodium-native behaviour

Currently, sodium-native and sodium-javascript are returning different
hashes. The code in hyperdrive passes a 64 byte secret key to the kdf,
but only 32 bytes are used by the native version, but all 64 bytes are
used in the javascript version. As a result, hyperdrive secret keys
can't be imported/exported across the two sodium implementations.

https://gist.github.com/jimpick/3e869522eddaad77ac1bc9e64f36e1a7
This commit is contained in:
Jim Pick 2018-03-02 21:03:48 -08:00 committed by Emil Bay
parent 5ccdcdee17
commit 5159d68fa9

View File

@ -29,7 +29,7 @@ module.exports.crypto_kdf_derive_from_key = function crypto_kdf_derive_from_key
STORE64_LE(salt, subkey_id) STORE64_LE(salt, subkey_id)
var outlen = Math.min(subkey.length, module.exports.crypto_kdf_BYTES_MAX) var outlen = Math.min(subkey.length, module.exports.crypto_kdf_BYTES_MAX)
blake2b(outlen, key, salt, ctx_padded, true) blake2b(outlen, key.slice(0, blake2b.KEYBYTES), salt, ctx_padded, true)
.final(subkey) .final(subkey)
} }