feat: add canonical_cbor_into_vec

Author: zensh

Cargo.toml

@@ -3,7 +3,7 @@ members = ["rs/ic_auth_types", "rs/ic_auth_verifier"]
 resolver = "2"
 
 [workspace.package]
-version = "0.4.8"
+version = "0.5.0"
 edition = "2024"
 repository = "https://github.com/ldclabs/ic-auth"
 keywords = ["auth", "identity", "deeplink", "icp", "canister"]

rs/ic_auth_types/Cargo.toml

@@ -12,12 +12,12 @@ license.workspace = true
 [dependencies]
 base64 = { workspace = true }
 candid = { workspace = true }
+ciborium = { workspace = true }
 serde = { workspace = true }
 serde_bytes = { workspace = true }
 xid = { workspace = true, optional = true }
 
 [dev-dependencies]
-ciborium = { workspace = true }
 hex = { workspace = true }
 serde_json = { workspace = true }
 

rs/ic_auth_types/src/bytes.rs

@@ -148,7 +148,7 @@ impl Display for ByteBufB64 {
 
 impl Debug for ByteBufB64 {
     fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
-        write!(f, "ByteBufB64({})", self)
+        write!(f, "ByteBufB64({self})")
     }
 }
 
@@ -160,7 +160,7 @@ impl<const N: usize> Display for ByteArrayB64<N> {
 
 impl<const N: usize> Debug for ByteArrayB64<N> {
     fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
-        write!(f, "ByteArrayB64<{}>({})", N, self)
+        write!(f, "ByteArrayB64<{N}>({self})")
     }
 }
 
@@ -470,15 +470,15 @@ mod tests {
             b: [1, 2, 3, 4].into(),
         };
 
-        println!("{:?}", t);
+        println!("{t:?}");
         // Test { a: ByteBufB64(AQIDBA==), b: ByteArrayB64<4>(AQIDBA==) }
         assert_eq!(format!("{}", t.a), "AQIDBA==");
         assert_eq!(format!("{}", t.b), "AQIDBA==");
         assert_eq!(format!("{:?}", t.a), "ByteBufB64(AQIDBA==)");
         assert_eq!(format!("{:?}", t.b), "ByteArrayB64<4>(AQIDBA==)");
 
         let data = serde_json::to_string(&t).unwrap();
-        println!("{}", data);
+        println!("{data}");
         assert_eq!(data, r#"{"a":"AQIDBA==","b":"AQIDBA=="}"#);
         let t1: Test = serde_json::from_str(&data).unwrap();
         assert_eq!(t, t1);

rs/ic_auth_types/src/cbor.rs

@@ -0,0 +1,98 @@
+// SPDX-License-Identifier: Apache-2.0
+// https://github.com/ldclabs/ciborium/blob/main/ciborium/src/value/canonical.rs
+
+use ciborium::value::Value;
+use core::cmp::Ordering;
+use serde::ser;
+
+/// Serializes an object as CBOR into a new Vec<u8>
+pub fn cbor_into_vec<T: ?Sized + ser::Serialize>(value: &T) -> Result<Vec<u8>, String> {
+    let mut data = Vec::new();
+    ciborium::into_writer(&value, &mut data).map_err(|err| format!("{err:?}"))?;
+    Ok(data)
+}
+
+/// Serializes an object as CBOR into a new Vec<u8> using RFC 8949 Deterministic Encoding.
+pub fn canonical_cbor_into_vec<T: ?Sized + ser::Serialize>(value: &T) -> Result<Vec<u8>, String> {
+    let value = Value::serialized(value).map_err(|err| format!("{err:?}"))?;
+
+    let value = canonical_value(value);
+    let mut data = Vec::new();
+    ciborium::into_writer(&value, &mut data).map_err(|err| format!("{err:?}"))?;
+    Ok(data)
+}
+
+/// Manually serialize values to compare them.
+fn serialized_canonical_cmp(v1: &Value, v2: &Value) -> Ordering {
+    // There is an optimization to be done here, but it would take a lot more code
+    // and using mixing keys, Arrays or Maps as CanonicalValue is probably not the
+    // best use of this type as it is meant mainly to be used as keys.
+
+    let mut bytes1 = Vec::new();
+    let _ = ciborium::into_writer(v1, &mut bytes1);
+    let mut bytes2 = Vec::new();
+    let _ = ciborium::into_writer(v2, &mut bytes2);
+
+    match bytes1.len().cmp(&bytes2.len()) {
+        Ordering::Equal => bytes1.cmp(&bytes2),
+        x => x,
+    }
+}
+
+fn cmp_value(v1: &Value, v2: &Value) -> Ordering {
+    use Value::*;
+
+    match (v1, v2) {
+        (Integer(i), Integer(o)) => {
+            // Because of the first rule above, two numbers might be in a different
+            // order than regular i128 comparison. For example, 10 < -1 in
+            // canonical ordering, since 10 serializes to `0x0a` and -1 to `0x20`,
+            // and -1 < -1000 because of their lengths.
+            i.canonical_cmp(o)
+        }
+        (Text(s), Text(o)) => match s.len().cmp(&o.len()) {
+            Ordering::Equal => s.cmp(o),
+            x => x,
+        },
+        (Bool(s), Bool(o)) => s.cmp(o),
+        (Null, Null) => Ordering::Equal,
+        (Tag(t, v), Tag(ot, ov)) => match Value::from(*t).partial_cmp(&Value::from(*ot)) {
+            Some(Ordering::Equal) | None => match v.partial_cmp(ov) {
+                Some(x) => x,
+                None => serialized_canonical_cmp(v1, v2),
+            },
+            Some(x) => x,
+        },
+        (_, _) => serialized_canonical_cmp(v1, v2),
+    }
+}
+
+fn canonical_value(value: Value) -> Value {
+    match value {
+        Value::Map(entries) => {
+            let mut canonical_entries: Vec<(Value, Value)> = entries
+                .into_iter()
+                .map(|(k, v)| (canonical_value(k), canonical_value(v)))
+                .collect();
+
+            // Sort entries based on the canonical comparison of their keys.
+            // cmp_value (defined in this file) implements RFC 8949 key sorting.
+            canonical_entries.sort_by(|(k1, _), (k2, _)| cmp_value(k1, k2));
+
+            Value::Map(canonical_entries)
+        }
+        Value::Array(elements) => {
+            let canonical_elements: Vec<Value> =
+                elements.into_iter().map(canonical_value).collect();
+            Value::Array(canonical_elements)
+        }
+        Value::Tag(tag, inner_value) => {
+            // The tag itself is a u64; its representation is handled by the serializer.
+            // The inner value must be in canonical form.
+            Value::Tag(tag, Box::new(canonical_value(*inner_value)))
+        }
+        // Other Value variants (Integer, Bytes, Text, Bool, Null, Float)
+        // are considered "canonical" in their structure.
+        _ => value,
+    }
+}

rs/ic_auth_types/src/lib.rs

@@ -2,11 +2,12 @@ use candid::{CandidType, Principal};
 use serde::{Deserialize, Serialize};
 
 mod bytes;
+mod cbor;
 mod xid;
 
 pub use bytes::*;
+pub use cbor::*;
 pub use xid::*;
-
 /// A delegation from one key to another.
 ///
 /// If key A signs a delegation containing key B, then key B may be used to
@@ -121,7 +122,7 @@ mod tests {
         };
 
         let data = serde_json::to_string(&d).unwrap();
-        println!("{}", data);
+        println!("{data}");
         assert_eq!(
             data,
             r#"{"pubkey":"AQIDBA==","expiration":99,"targets":["aaaaa-aa"]}"#

rs/ic_auth_types/src/xid.rs

@@ -68,7 +68,7 @@ impl FromStr for Xid {
         }
 
         if let Some(c) = s.chars().find(|&c| !matches!(c, '0'..='9' | 'a'..='v')) {
-            return Err(format!("Invalid character: {}", c));
+            return Err(format!("Invalid character: {c}"));
         }
 
         let bs = s.as_bytes();
@@ -187,7 +187,7 @@ impl Display for Xid {
 
 impl Debug for Xid {
     fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
-        write!(f, "Xid({})", self)
+        write!(f, "Xid({self})")
     }
 }
 
@@ -362,7 +362,7 @@ mod tests {
         ]);
         assert_eq!(xid.to_string(), "9m4e2mr0ui3e8a215n4g");
 
-        assert_eq!(format!("{:?}", xid), "Xid(9m4e2mr0ui3e8a215n4g)");
+        assert_eq!(format!("{xid:?}"), "Xid(9m4e2mr0ui3e8a215n4g)");
     }
 
     #[test]
@@ -372,7 +372,7 @@ mod tests {
             principal: Principal::anonymous(),
         };
         let data = serde_json::to_string(&t).unwrap();
-        println!("{}", data);
+        println!("{data}");
         assert_eq!(
             data,
             r#"{"thread":"00000000000000000000","principal":"2vxsx-fae"}"#

rs/ic_auth_verifier/Cargo.toml

@@ -10,7 +10,7 @@ categories.workspace = true
 license.workspace = true
 
 [dependencies]
-ic_auth_types = { path = "../ic_auth_types", version = "0.4" }
+ic_auth_types = { path = "../ic_auth_types", version = "0.5" }
 candid = { workspace = true }
 ciborium = { workspace = true }
 serde = { workspace = true }

rs/ic_auth_verifier/src/asn1.rs

@@ -147,7 +147,7 @@ fn public_key_bytes(key_part: ASN1Block) -> Result<Vec<u8>, String> {
         }
         Ok(key_bytes)
     } else {
-        Err(format!("Expected BitString, got {:?}", key_part))
+        Err(format!("Expected BitString, got {key_part:?}"))
     }
 }
 
@@ -159,13 +159,13 @@ mod tests {
     fn test_user_public_key_from_der() {
         let data = hex::decode("303C300C060A2B0601040183B8430102032C000A0000000000000007010116FB513D360579FA1102D36E3BC8D53FB966F3AC9F717842B2B54C227582D786").unwrap();
         let (algo, pk) = user_public_key_from_der(&data).unwrap();
-        println!("Algorithm: {:?}", algo);
+        println!("Algorithm: {algo:?}");
         assert_eq!(algo, Algorithm::IcCanisterSignature);
         assert_eq!(pk.len(), 43);
 
         let data = hex::decode("302A300506032B65700321004258A79844B5BC3089D6467A2CA67DA33EAB4A96ADCD93E72349B75C0A4C5219").unwrap();
         let (algo, pk) = user_public_key_from_der(&data).unwrap();
-        println!("Algorithm: {:?}", algo);
+        println!("Algorithm: {algo:?}");
         assert_eq!(algo, Algorithm::Ed25519);
         assert_eq!(pk.len(), 32);
     }

rs/ic_auth_verifier/src/deeplink.rs

@@ -1,5 +1,5 @@
-use ciborium::{from_reader, into_writer};
-use ic_auth_types::{ByteBufB64, SignedDelegationCompact};
+use ciborium::from_reader;
+use ic_auth_types::{ByteBufB64, SignedDelegationCompact, canonical_cbor_into_vec};
 use serde::{Deserialize, Serialize, de::DeserializeOwned};
 use std::str::FromStr;
 
@@ -73,9 +73,9 @@ where
         }
 
         if let Some(payload) = &self.payload {
-            let mut data = ByteBufB64(Vec::new());
-            into_writer(payload, &mut data.0).expect("Failed to serialize payload to CBOR");
-            url.set_fragment(Some(data.to_string().as_str()));
+            let data =
+                canonical_cbor_into_vec(payload).expect("Failed to serialize payload to CBOR");
+            url.set_fragment(Some(ByteBufB64(data).to_string().as_str()));
         }
 
         url

rs/ic_auth_verifier/src/envelope.rs

@@ -3,9 +3,12 @@ use base64::{
     engine::general_purpose::{URL_SAFE, URL_SAFE_NO_PAD},
 };
 use candid::{CandidType, Principal};
-use ciborium::{from_reader, into_writer};
+use ciborium::from_reader;
 use http::header::{AUTHORIZATION, HeaderMap, HeaderName};
-use ic_auth_types::{ByteBufB64, DelegationCompact, SignedDelegation, SignedDelegationCompact};
+use ic_auth_types::{
+    ByteBufB64, DelegationCompact, SignedDelegation, SignedDelegationCompact,
+    canonical_cbor_into_vec,
+};
 use ic_canister_sig_creation::delegation_signature_msg;
 use serde::{Deserialize, Serialize};
 
@@ -160,9 +163,7 @@ impl SignedEnvelope {
     /// # Returns
     /// * `Vec<u8>` - The CBOR-encoded binary representation of the envelope
     pub fn to_bytes(&self) -> Vec<u8> {
-        let mut buf = vec![];
-        into_writer(self, &mut buf).expect("failed to encode SignedEnvelope");
-        buf
+        canonical_cbor_into_vec(&self).expect("failed to encode SignedEnvelope")
     }
 
     /// Decodes a SignedEnvelope from its binary representation.
@@ -459,7 +460,7 @@ impl SignedEnvelope {
             headers.insert(
                 &HEADER_IC_AUTH_DELEGATION,
                 URL_SAFE_NO_PAD
-                    .encode(to_cbor_bytes(&delegations))
+                    .encode(canonical_cbor_into_vec(&delegations)?)
                     .parse()
                     .map_err(|err| {
                         format!("insert {HEADER_IC_AUTH_DELEGATION} header failed: {err}")
@@ -587,22 +588,6 @@ pub fn extract_user(headers: &HeaderMap) -> Principal {
     }
 }
 
-/// Encodes an object into CBOR binary format.
-///
-/// # Arguments
-/// * `obj` - The object to encode, which must implement the Serialize trait
-///
-/// # Returns
-/// * `Vec<u8>` - The CBOR-encoded binary representation of the object
-///
-/// # Panics
-/// * If encoding fails
-pub fn to_cbor_bytes(obj: &impl Serialize) -> Vec<u8> {
-    let mut buf: Vec<u8> = Vec::new();
-    into_writer(obj, &mut buf).expect("failed to encode in CBOR format");
-    buf
-}
-
 /// Decodes base64url-encoded data.
 ///
 /// This function handles both padded and unpadded base64url data.