Replace tweetnacl-util with StableLib (#27)

Note that all encode/decode functions had to be swapped because the encode/decode function signatures for StableLib are the opposite of those in tweetnacl-util.
opengovsg · May 29, 2020 · 2dbce2d · 2dbce2d
1 parent e1aa63a
commit 2dbce2d
Show file tree

Hide file tree

Showing 6 changed files with 28 additions and 24 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -22,8 +22,9 @@
   "author": "Open Government Products (FormSG)",
   "license": "MIT",
   "dependencies": {
-    "tweetnacl": "^1.0.3",
-    "tweetnacl-util": "^0.15.1"
+    "@stablelib/base64": "^1.0.0",
+    "@stablelib/utf8": "^1.0.0",
+    "tweetnacl": "^1.0.3"
   },
   "devDependencies": {
     "@babel/cli": "^7.8.4",

diff --git a/src/crypto.ts b/src/crypto.ts
@@ -1,11 +1,6 @@
 import nacl from 'tweetnacl'
-import {
-  encodeBase64,
-  decodeBase64,
-  encodeUTF8,
-  decodeUTF8,
-} from 'tweetnacl-util'
-
+import { encode as encodeBase64, decode as decodeBase64 } from '@stablelib/base64'
+import { encode as encodeUTF8, decode as decodeUTF8 } from '@stablelib/utf8'
 import { getPublicKey } from './util/publicKey'
 import { determineIsFormFields } from './util/validate'
 
@@ -21,7 +16,7 @@ function encrypt(
   encryptionPublicKey: string,
   signingPrivateKey?: string
 ): EncryptedContent {
-  let processedMsg = decodeUTF8(JSON.stringify(msg))
+  let processedMsg = encodeUTF8(JSON.stringify(msg))
 
   if (signingPrivateKey) {
     processedMsg = nacl.sign(processedMsg, decodeBase64(signingPrivateKey))
@@ -88,7 +83,7 @@ function _verifySignedMessage(
   const openedMessage = nacl.sign.open(msg, decodeBase64(publicKey))
   if (!openedMessage)
     throw new Error('Failed to open signed message with given public key')
-  return JSON.parse(encodeUTF8(openedMessage))
+  return JSON.parse(decodeUTF8(openedMessage))
 }
 
 /**
@@ -119,7 +114,7 @@ function decrypt(signingPublicKey: string) {
       if (!decryptedContent) {
         throw new Error('Failed to decrypt content')
       }
-      const decryptedObject: Object = JSON.parse(encodeUTF8(decryptedContent))
+      const decryptedObject: Object = JSON.parse(decodeUTF8(decryptedContent))
       if (!determineIsFormFields(decryptedObject)) {
         throw new Error('Decrypted object does not fit expected shape')
       }

diff --git a/src/util/signature.ts b/src/util/signature.ts
@@ -1,5 +1,6 @@
 import * as tweetnacl from 'tweetnacl'
-import { decodeUTF8, encodeBase64, decodeBase64 } from 'tweetnacl-util'
+import { encode as encodeUTF8 } from '@stablelib/utf8'
+import { encode as encodeBase64, decode as decodeBase64 } from '@stablelib/base64'
 
 /**
  * Returns a signature from a basestring and secret key
@@ -9,7 +10,7 @@ import { decodeUTF8, encodeBase64, decodeBase64 } from 'tweetnacl-util'
  */
 function sign(basestring: string, secretKey: string): string {
   return encodeBase64(
-    tweetnacl.sign.detached(decodeUTF8(basestring), decodeBase64(secretKey))
+    tweetnacl.sign.detached(encodeUTF8(basestring), decodeBase64(secretKey))
   )
 }
 
@@ -26,7 +27,7 @@ function verify(
   publicKey: string
 ): boolean {
   return tweetnacl.sign.detached.verify(
-    decodeUTF8(message),
+    encodeUTF8(message),
     decodeBase64(signature),
     decodeBase64(publicKey)
   )

diff --git a/src/verification/authenticate.ts b/src/verification/authenticate.ts
@@ -1,5 +1,6 @@
 import nacl from 'tweetnacl'
-import { decodeUTF8, decodeBase64 } from 'tweetnacl-util'
+import { encode as encodeUTF8 } from '@stablelib/utf8'
+import { decode as decodeBase64 } from '@stablelib/base64'
 import basestring from './basestring'
 
 export default function ( publicKey: string, transactionExpirySeconds: number ): Function {
@@ -37,7 +38,7 @@ export default function ( publicKey: string, transactionExpirySeconds: number ):
       if (isSignatureTimeValid(signatureDate, submissionCreatedAt)) {
         const data = basestring({ transactionId, formId, fieldId, answer, time: signatureDate })
         return nacl.sign.detached.verify(
-          decodeUTF8(data),
+          encodeUTF8(data),
           decodeBase64(signature),
           decodeBase64(publicKey)
         )

diff --git a/src/verification/generate-signature.ts b/src/verification/generate-signature.ts
@@ -1,5 +1,6 @@
 import nacl from 'tweetnacl'
-import { decodeUTF8, decodeBase64, encodeBase64 } from 'tweetnacl-util'
+import { encode as encodeUTF8 } from '@stablelib/utf8'
+import { encode as encodeBase64, decode as decodeBase64 } from '@stablelib/base64'
 import basestring from './basestring'
 
 export default function (privateKey: string) {
@@ -12,7 +13,7 @@ export default function (privateKey: string) {
     const time = Date.now()
     const data = basestring({ transactionId, formId, fieldId, answer, time })
     const signature = nacl.sign.detached(
-      decodeUTF8(data),
+      encodeUTF8(data),
       decodeBase64(privateKey)
     )
     return `f=${formId},v=${transactionId},t=${time},s=${encodeBase64(