From c9dd926377e308e9b481d4313cd725132f4eb431 Mon Sep 17 00:00:00 2001 From: Brian Surowiec Date: Thu, 14 Apr 2022 15:16:35 -0400 Subject: [PATCH] Switch to libsodium --- package-lock.json | 100 +++++++++++++++++++--------------------------- package.json | 3 +- src/encrypt.ts | 8 ++-- src/secrets.ts | 2 +- 4 files changed, 48 insertions(+), 65 deletions(-) diff --git a/package-lock.json b/package-lock.json index 830443ae..d261bd55 100644 --- a/package-lock.json +++ b/package-lock.json @@ -15,12 +15,13 @@ "@octokit/plugin-retry": "^3.0.9", "@octokit/plugin-throttling": "^4.1.0", "js-yaml": "^4.1.0", - "tweetsodium": "^0.0.5" + "libsodium-wrappers": "^0.7.10" }, "devDependencies": { "@types/eslint": "^8.4.6", "@types/jest": "^28.1.7", "@types/js-yaml": "^4.0.5", + "@types/libsodium-wrappers": "^0.7.9", "@types/node": "^18.7.21", "@typescript-eslint/eslint-plugin": "^5.38.0", "@typescript-eslint/parser": "^5.38.0", @@ -1518,6 +1519,12 @@ "integrity": "sha1-7ihweulOEdK4J7y+UnC86n8+ce4=", "dev": true }, + "node_modules/@types/libsodium-wrappers": { + "version": "0.7.9", + "resolved": "https://registry.npmjs.org/@types/libsodium-wrappers/-/libsodium-wrappers-0.7.9.tgz", + "integrity": "sha512-LisgKLlYQk19baQwjkBZZXdJL0KbeTpdEnrAfz5hQACbklCY0gVFnsKUyjfNWF1UQsCSjw93Sj5jSbiO8RPfdw==", + "dev": true + }, "node_modules/@types/node": { "version": "18.7.21", "resolved": "https://registry.npmjs.org/@types/node/-/node-18.7.21.tgz", @@ -2003,11 +2010,6 @@ "resolved": "https://registry.npmjs.org/before-after-hook/-/before-after-hook-2.2.2.tgz", "integrity": "sha512-3pZEU3NT5BFUo/AD5ERPWOgQOCZITni6iavr5AUw5AUwQjMlI0kzu5btnyD39AF0gUEsDPwJT+oY1ORBJijPjQ==" }, - "node_modules/blakejs": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/blakejs/-/blakejs-1.1.1.tgz", - "integrity": "sha512-bLG6PHOCZJKNshTjGRBvET0vTciwQE6zFKOKKXPDJfwFBd4Ac0yBfPZqcGvGJap50l7ktvlpFqc2jGVaUgbJgg==" - }, "node_modules/bottleneck": { "version": "2.19.5", "resolved": "https://registry.npmjs.org/bottleneck/-/bottleneck-2.19.5.tgz", @@ -3180,20 +3182,6 @@ "integrity": "sha1-FQStJSMVjKpA20onh8sBQRmU6k8=", "dev": true }, - "node_modules/fsevents": { - "version": "2.3.2", - "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz", - "integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==", - "dev": true, - "hasInstallScript": true, - "optional": true, - "os": [ - "darwin" - ], - "engines": { - "node": "^8.16.0 || ^10.6.0 || >=11.0.0" - } - }, "node_modules/function-bind": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.1.tgz", @@ -5201,6 +5189,19 @@ "node": ">= 0.8.0" } }, + "node_modules/libsodium": { + "version": "0.7.10", + "resolved": "https://registry.npmjs.org/libsodium/-/libsodium-0.7.10.tgz", + "integrity": "sha512-eY+z7hDrDKxkAK+QKZVNv92A5KYkxfvIshtBJkmg5TSiCnYqZP3i9OO9whE79Pwgm4jGaoHgkM4ao/b9Cyu4zQ==" + }, + "node_modules/libsodium-wrappers": { + "version": "0.7.10", + "resolved": "https://registry.npmjs.org/libsodium-wrappers/-/libsodium-wrappers-0.7.10.tgz", + "integrity": "sha512-pO3F1Q9NPLB/MWIhehim42b/Fwb30JNScCNh8TcQ/kIc+qGLQch8ag8wb0keK3EP5kbGakk1H8Wwo7v+36rNQg==", + "dependencies": { + "libsodium": "^0.7.0" + } + }, "node_modules/lines-and-columns": { "version": "1.2.4", "resolved": "https://registry.npmjs.org/lines-and-columns/-/lines-and-columns-1.2.4.tgz", @@ -6456,20 +6457,6 @@ "node": ">=0.6.11 <=0.7.0 || >=0.7.3" } }, - "node_modules/tweetnacl": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/tweetnacl/-/tweetnacl-1.0.3.tgz", - "integrity": "sha512-6rt+RN7aOi1nGMyC4Xa5DdYiukl2UWCbcJft7YhxReBGQD7OAM8Pbxw6YMo4r2diNEA8FEmu32YOn9rhaiE5yw==" - }, - "node_modules/tweetsodium": { - "version": "0.0.5", - "resolved": "https://registry.npmjs.org/tweetsodium/-/tweetsodium-0.0.5.tgz", - "integrity": "sha512-T3aXZtx7KqQbutTtBfn+P5By3HdBuB1eCoGviIrRJV2sXeToxv2X2cv5RvYqgG26PSnN5m3fYixds22Gkfd11w==", - "dependencies": { - "blakejs": "^1.1.0", - "tweetnacl": "^1.0.1" - } - }, "node_modules/type-check": { "version": "0.4.0", "resolved": "https://registry.npmjs.org/type-check/-/type-check-0.4.0.tgz", @@ -7926,6 +7913,12 @@ "integrity": "sha1-7ihweulOEdK4J7y+UnC86n8+ce4=", "dev": true }, + "@types/libsodium-wrappers": { + "version": "0.7.9", + "resolved": "https://registry.npmjs.org/@types/libsodium-wrappers/-/libsodium-wrappers-0.7.9.tgz", + "integrity": "sha512-LisgKLlYQk19baQwjkBZZXdJL0KbeTpdEnrAfz5hQACbklCY0gVFnsKUyjfNWF1UQsCSjw93Sj5jSbiO8RPfdw==", + "dev": true + }, "@types/node": { "version": "18.7.21", "resolved": "https://registry.npmjs.org/@types/node/-/node-18.7.21.tgz", @@ -8249,11 +8242,6 @@ "resolved": "https://registry.npmjs.org/before-after-hook/-/before-after-hook-2.2.2.tgz", "integrity": "sha512-3pZEU3NT5BFUo/AD5ERPWOgQOCZITni6iavr5AUw5AUwQjMlI0kzu5btnyD39AF0gUEsDPwJT+oY1ORBJijPjQ==" }, - "blakejs": { - "version": "1.1.1", - "resolved": "https://registry.npmjs.org/blakejs/-/blakejs-1.1.1.tgz", - "integrity": "sha512-bLG6PHOCZJKNshTjGRBvET0vTciwQE6zFKOKKXPDJfwFBd4Ac0yBfPZqcGvGJap50l7ktvlpFqc2jGVaUgbJgg==" - }, "bottleneck": { "version": "2.19.5", "resolved": "https://registry.npmjs.org/bottleneck/-/bottleneck-2.19.5.tgz", @@ -9135,13 +9123,6 @@ "integrity": "sha1-FQStJSMVjKpA20onh8sBQRmU6k8=", "dev": true }, - "fsevents": { - "version": "2.3.2", - "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz", - "integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==", - "dev": true, - "optional": true - }, "function-bind": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.1.tgz", @@ -10654,6 +10635,19 @@ "type-check": "~0.4.0" } }, + "libsodium": { + "version": "0.7.10", + "resolved": "https://registry.npmjs.org/libsodium/-/libsodium-0.7.10.tgz", + "integrity": "sha512-eY+z7hDrDKxkAK+QKZVNv92A5KYkxfvIshtBJkmg5TSiCnYqZP3i9OO9whE79Pwgm4jGaoHgkM4ao/b9Cyu4zQ==" + }, + "libsodium-wrappers": { + "version": "0.7.10", + "resolved": "https://registry.npmjs.org/libsodium-wrappers/-/libsodium-wrappers-0.7.10.tgz", + "integrity": "sha512-pO3F1Q9NPLB/MWIhehim42b/Fwb30JNScCNh8TcQ/kIc+qGLQch8ag8wb0keK3EP5kbGakk1H8Wwo7v+36rNQg==", + "requires": { + "libsodium": "^0.7.0" + } + }, "lines-and-columns": { "version": "1.2.4", "resolved": "https://registry.npmjs.org/lines-and-columns/-/lines-and-columns-1.2.4.tgz", @@ -11569,20 +11563,6 @@ "resolved": "https://registry.npmjs.org/tunnel/-/tunnel-0.0.6.tgz", "integrity": "sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg==" }, - "tweetnacl": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/tweetnacl/-/tweetnacl-1.0.3.tgz", - "integrity": "sha512-6rt+RN7aOi1nGMyC4Xa5DdYiukl2UWCbcJft7YhxReBGQD7OAM8Pbxw6YMo4r2diNEA8FEmu32YOn9rhaiE5yw==" - }, - "tweetsodium": { - "version": "0.0.5", - "resolved": "https://registry.npmjs.org/tweetsodium/-/tweetsodium-0.0.5.tgz", - "integrity": "sha512-T3aXZtx7KqQbutTtBfn+P5By3HdBuB1eCoGviIrRJV2sXeToxv2X2cv5RvYqgG26PSnN5m3fYixds22Gkfd11w==", - "requires": { - "blakejs": "^1.1.0", - "tweetnacl": "^1.0.1" - } - }, "type-check": { "version": "0.4.0", "resolved": "https://registry.npmjs.org/type-check/-/type-check-0.4.0.tgz", diff --git a/package.json b/package.json index 1a826750..a291e968 100644 --- a/package.json +++ b/package.json @@ -35,12 +35,13 @@ "@octokit/plugin-retry": "^3.0.9", "@octokit/plugin-throttling": "^4.1.0", "js-yaml": "^4.1.0", - "tweetsodium": "^0.0.5" + "libsodium-wrappers": "^0.7.10" }, "devDependencies": { "@types/eslint": "^8.4.6", "@types/jest": "^28.1.7", "@types/js-yaml": "^4.0.5", + "@types/libsodium-wrappers": "^0.7.9", "@types/node": "^18.7.21", "@typescript-eslint/eslint-plugin": "^5.38.0", "@typescript-eslint/parser": "^5.38.0", diff --git a/src/encrypt.ts b/src/encrypt.ts index f872090f..5b50216b 100644 --- a/src/encrypt.ts +++ b/src/encrypt.ts @@ -1,10 +1,12 @@ -import tweetsodium from "tweetsodium"; // eslint-disable-line import/default +import libsodium from "libsodium-wrappers"; -export function encrypt(publicKey: string, message: string) { +export async function encrypt(publicKey: string, message: string): Promise { const messageBytes = Buffer.from(message); const keyBytes = Buffer.from(publicKey, "base64"); + + await libsodium.ready; - const encryptedBytes = tweetsodium.seal(messageBytes, keyBytes); + const encryptedBytes = libsodium.crypto_box_seal(messageBytes, keyBytes); const encrypted = Buffer.from(encryptedBytes).toString("base64"); diff --git a/src/secrets.ts b/src/secrets.ts index 23d5f3f3..5c540c2c 100644 --- a/src/secrets.ts +++ b/src/secrets.ts @@ -31,7 +31,7 @@ export async function setOrDeleteSecret(environment: SecretEnvironment, owner: s owner, repo, }); - const encryptedValue = encrypt(publicKey.key, value); + const encryptedValue = await encrypt(publicKey.key, value); await setSecret({ environment,