Replace libsodium with noble

JustinGrote · JustinGrote · commit c61f2034cbed · 2026-02-21T11:54:35.000-08:00
Libsodium has constant import errors and was always a problem
diff --git a/package.json b/package.json
@@ -44,6 +44,7 @@
   "dependencies": {
     "@actions/languageserver": "^0.3.44",
     "@actions/workflow-parser": "^0.3.17",
+    "@noble/ciphers": "^1.1.0",
     "@noble/curves": "^2.0.1",
     "@noble/hashes": "^2.0.1",
     "@octokit/core": "^7.0.6",
@@ -59,7 +60,6 @@
     "dayjs": "^1.11.13",
     "elliptic": "6.6.1",
     "fast-deep-equal": "^3.1.3",
-    "libsodium-wrappers": "^0.8.2",
     "path-browserify": "^1.0.1",
     "ssh-config": "^3.0.1",
     "stream-browserify": "^3.0.0",
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
diff --git a/src/secrets/index.test.ts b/src/secrets/index.test.ts
@@ -1,29 +1,56 @@
 import assert from "node:assert/strict"
 import { describe, it } from "node:test"
 
-import sodium_module from "libsodium-wrappers"
+import { hsalsa, xsalsa20poly1305 } from "@noble/ciphers/salsa"
+import { u32 } from "@noble/ciphers/utils"
+import { x25519 } from "@noble/curves/ed25519.js"
+import { blake2b } from "@noble/hashes/blake2.js"
 
 import { encodeSecret } from "~/secrets/index"
 
+// Salsa20 sigma constant: "expand 32-byte k"
+const SIGMA = new Uint32Array([0x61707865, 0x3320646e, 0x79622d32, 0x6b206574])
+
+function cryptoBoxBeforenm(sharedSecret: Uint8Array): Uint8Array {
+  const zeroNonce = new Uint32Array(4)
+  const key32 = u32(sharedSecret)
+  const output32 = new Uint32Array(8)
+  hsalsa(SIGMA, key32, zeroNonce, output32)
+  return new Uint8Array(output32.buffer, output32.byteOffset, 32)
+}
+
 describe("secret encryption", () => {
   it("encrypts secret correctly", async () => {
-    // Ensure libsodium is ready (initializes WASM)
-    await sodium_module.ready
-
-    const sodium = sodium_module as any
     const publicKey = "M2Kq4k1y9DiqlqLfm2YYm75x5M3SuwuNYbLyiHEMUAM="
     const privateKey = "RI2kKSjSOBmcjme5x8iv42Ozdu1rDo9QkaU2l+IFcrE="
 
     const encrypted = await encodeSecret(publicKey, "secret-value")
 
-    // Decrypt to verify
-    const encBytes = sodium.from_base64(encrypted, sodium.base64_variants.ORIGINAL)
-    const publicKeyBytes = sodium.from_base64(publicKey, sodium.base64_variants.ORIGINAL)
-    const privateKeyBytes = sodium.from_base64(privateKey, sodium.base64_variants.ORIGINAL)
+    // Decrypt to verify (using libsodium-compatible crypto_box_seal_open)
+    const sealedBox = Buffer.from(encrypted, "base64")
+    const recipientPublicKey = Buffer.from(publicKey, "base64")
+    const recipientPrivateKey = Buffer.from(privateKey, "base64")
+
+    // Extract ephemeral public key and ciphertext
+    const ephemeralPublicKey = sealedBox.subarray(0, 32)
+    const ciphertext = sealedBox.subarray(32)
+
+    // Compute X25519 shared secret
+    const x25519SharedSecret = x25519.getSharedSecret(recipientPrivateKey, ephemeralPublicKey)
+
+    // Derive encryption key using HSalsa20 (crypto_box_beforenm)
+    const encryptionKey = cryptoBoxBeforenm(x25519SharedSecret)
+
+    // Derive nonce (same as encryption)
+    const nonceInput = new Uint8Array(64)
+    nonceInput.set(ephemeralPublicKey, 0)
+    nonceInput.set(recipientPublicKey, 32)
+    const nonce = blake2b(nonceInput, { dkLen: 24 })
 
-    // Decrypt the secret using libsodium
-    const decrypted = sodium.crypto_box_seal_open(encBytes, publicKeyBytes, privateKeyBytes)
+    // Decrypt using XSalsa20-Poly1305
+    const cipher = xsalsa20poly1305(encryptionKey, nonce)
+    const decrypted = cipher.decrypt(ciphertext)
 
-    assert.strictEqual(sodium.to_string(decrypted), "secret-value")
+    assert.strictEqual(new TextDecoder().decode(decrypted), "secret-value")
   })
 })
diff --git a/src/secrets/index.ts b/src/secrets/index.ts
@@ -1,21 +1,71 @@
-import libsodium from "libsodium-wrappers"
+import { hsalsa, xsalsa20poly1305 } from "@noble/ciphers/salsa"
+import { u32 } from "@noble/ciphers/utils"
+import { x25519 } from "@noble/curves/ed25519.js"
+import { blake2b } from "@noble/hashes/blake2.js"
+import { randomBytes } from "@noble/hashes/utils.js"
 
+// Salsa20 sigma constant: "expand 32-byte k"
+const SIGMA = new Uint32Array([0x61707865, 0x3320646e, 0x79622d32, 0x6b206574])
+
+/**
+ * Implements libsodium's crypto_box_beforenm using HSalsa20 key derivation.
+ * Derives encryption key from X25519 shared secret.
+ * @param sharedSecret - 32-byte X25519 shared secret
+ * @returns 32-byte derived encryption key
+ */
+function cryptoBoxBeforenm(sharedSecret: Uint8Array): Uint8Array {
+  const zeroNonce = new Uint32Array(4) // 16 bytes of zeros
+  const key32 = u32(sharedSecret) // Convert 32-byte key to Uint32Array
+  const output32 = new Uint32Array(8) // Output: 32 bytes
+
+  // HSalsa20(zero_nonce, shared_secret, sigma) -> derived_key
+  hsalsa(SIGMA, key32, zeroNonce, output32)
+
+  return new Uint8Array(output32.buffer, output32.byteOffset, 32)
+}
+
+/**
+ * Encrypts a secret using X25519-XSalsa20-Poly1305 sealed box construction.
+ * Compatible with libsodium's crypto_box_seal.
+ * @param key - Base64-encoded recipient public key (32 bytes)
+ * @param value - Secret value to encrypt
+ * @returns Base64-encoded sealed box (ephemeral_pk || ciphertext)
+ */
 export async function encodeSecret(key: string, value: string): Promise<string> {
-  // Ensure libsodium is ready (initializes WASM)
-  await libsodium.ready
+  // Decode the base64 recipient public key
+  const recipientPublicKey = Buffer.from(key, "base64")
+
+  if (recipientPublicKey.length !== 32) {
+    throw new Error("Invalid public key length")
+  }
+
+  // Generate ephemeral keypair
+  const ephemeralSecretKey = randomBytes(32)
+  const ephemeralPublicKey = x25519.getPublicKey(ephemeralSecretKey)
+
+  // Compute X25519 shared secret
+  const x25519SharedSecret = x25519.getSharedSecret(ephemeralSecretKey, recipientPublicKey)
 
-  // Access the crypto functions from the now-initialized libsodium module
-  const sodium = libsodium as any
+  // Derive encryption key using HSalsa20 (crypto_box_beforenm)
+  const encryptionKey = cryptoBoxBeforenm(x25519SharedSecret)
 
-  // Convert the secret and key to a Uint8Array.
-  const binkey = sodium.from_base64(key, sodium.base64_variants.ORIGINAL)
-  const binsec = sodium.from_string(value)
+  // Derive nonce from Blake2b(ephemeral_pk || recipient_pk)
+  // This matches libsodium's crypto_box_seal nonce derivation
+  const nonceInput = new Uint8Array(64)
+  nonceInput.set(ephemeralPublicKey, 0)
+  nonceInput.set(recipientPublicKey, 32)
+  const nonce = blake2b(nonceInput, { dkLen: 24 })
 
-  // Encrypt the secret using libsodium's sealed box encryption
-  const encBytes = sodium.crypto_box_seal(binsec, binkey)
+  // Encrypt the message using XSalsa20-Poly1305
+  const messageBytes = new TextEncoder().encode(value)
+  const cipher = xsalsa20poly1305(encryptionKey, nonce)
+  const ciphertext = cipher.encrypt(messageBytes)
 
-  // Convert the encrypted Uint8Array to Base64
-  const output = sodium.to_base64(encBytes, sodium.base64_variants.ORIGINAL)
+  // Sealed box format: ephemeral_pk || ciphertext
+  const sealedBox = new Uint8Array(32 + ciphertext.length)
+  sealedBox.set(ephemeralPublicKey, 0)
+  sealedBox.set(ciphertext, 32)
 
-  return output
+  // Convert to base64
+  return Buffer.from(sealedBox).toString("base64")
 }
