Conanicalize state values

Author: ihordiachenko

libs/gl-client/src/persist.rs

@@ -1,3 +1,5 @@
+mod canonical;
+
 use anyhow::anyhow;
 use lightning_signer::bitcoin::secp256k1::PublicKey;
 use lightning_signer::chain::tracker::ChainTracker;
@@ -19,6 +21,8 @@ use std::str::FromStr;
 use std::sync::Arc;
 use std::sync::Mutex;
 
+use self::canonical::{canonical_json_bytes, CanonicalJsonValue};
+
 const NODE_PREFIX: &str = "nodes";
 const NODE_STATE_PREFIX: &str = "nodestates";
 const CHANNEL_PREFIX: &str = "channels";
@@ -41,6 +45,10 @@ impl StateEntry {
             signature: vec![],
         }
     }
+
+    fn canonical_value_bytes(&self) -> anyhow::Result<Vec<u8>> {
+        canonical_json_bytes(&self.value)
+    }
 }
 
 impl Serialize for StateEntry {
@@ -55,7 +63,7 @@ impl Serialize for StateEntry {
         };
 
         seq.serialize_element(&self.version)?;
-        seq.serialize_element(&self.value)?;
+        seq.serialize_element(&CanonicalJsonValue(&self.value))?;
         if !self.signature.is_empty() {
             seq.serialize_element(&self.signature)?;
         }
@@ -500,8 +508,7 @@ impl State {
             if !entry.signature.is_empty() {
                 continue;
             }
-            let value = serde_json::to_vec(&entry.value)
-                .map_err(|e| anyhow!("failed to serialize state value for key {key}: {e}"))?;
+            let value = entry.canonical_value_bytes()?;
             let signature = signer(key, entry.version, &value)?;
             entry.signature = signature;
             changed += 1;
@@ -589,7 +596,9 @@ impl Into<Vec<crate::pb::SignerStateEntry>> for State {
             .iter()
             .map(|(k, v)| crate::pb::SignerStateEntry {
                 key: k.to_owned(),
-                value: serde_json::to_vec(&v.value).unwrap(),
+                value: v
+                    .canonical_value_bytes()
+                    .expect("canonical signer state value"),
                 version: v.version,
                 signature: v.signature.clone(),
             })
@@ -1047,6 +1056,18 @@ mod tests {
         assert_eq!(tuple[2], json!([7, 8, 9]));
     }
 
+    #[test]
+    fn state_entry_canonical_value_bytes_sorts_nested_object_keys() {
+        let entry = StateEntry::new(0, json!({
+            "z": {"b": 1, "a": 2},
+            "a": [{"d": 4, "c": 3}]
+        }));
+
+        let bytes = entry.canonical_value_bytes().unwrap();
+
+        assert_eq!(bytes, br#"{"a":[{"c":3,"d":4}],"z":{"a":2,"b":1}}"#);
+    }
+
     #[test]
     fn signer_state_entry_conversions_preserve_signature() {
         let entries = vec![SignerStateEntry {
@@ -1066,6 +1087,22 @@ mod tests {
         assert_eq!(roundtrip, entries);
     }
 
+    #[test]
+    fn signer_state_entry_conversions_emit_canonical_value_bytes() {
+        let entries = vec![SignerStateEntry {
+            version: 6,
+            key: "k".to_string(),
+            value: br#"{ "b": 1, "a": 2 }"#.to_vec(),
+            signature: vec![11, 12],
+        }];
+
+        let state: State = entries.into();
+        let roundtrip: Vec<SignerStateEntry> = state.into();
+        assert_eq!(roundtrip.len(), 1);
+        assert_eq!(roundtrip[0].value, br#"{"a":2,"b":1}"#);
+        assert_eq!(roundtrip[0].signature, vec![11, 12]);
+    }
+
     #[test]
     fn merge_newer_entry_propagates_signature() {
         let mut base = mk_state(vec![("k", 1, json!({"v": 1}))]);

libs/gl-client/src/persist/canonical.rs

@@ -0,0 +1,41 @@
+use anyhow::anyhow;
+use serde::ser::{SerializeMap, SerializeSeq};
+use serde::{Serialize, Serializer};
+
+pub struct CanonicalJsonValue<'a>(pub &'a serde_json::Value);
+
+impl Serialize for CanonicalJsonValue<'_> {
+    fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
+    where
+        S: Serializer,
+    {
+        match self.0 {
+            serde_json::Value::Null => serializer.serialize_unit(),
+            serde_json::Value::Bool(v) => serializer.serialize_bool(*v),
+            serde_json::Value::Number(v) => v.serialize(serializer),
+            serde_json::Value::String(v) => serializer.serialize_str(v),
+            serde_json::Value::Array(values) => {
+                let mut seq = serializer.serialize_seq(Some(values.len()))?;
+                for value in values {
+                    seq.serialize_element(&CanonicalJsonValue(value))?;
+                }
+                seq.end()
+            }
+            serde_json::Value::Object(values) => {
+                let mut entries: Vec<_> = values.iter().collect();
+                entries.sort_unstable_by(|(left, _), (right, _)| left.cmp(right));
+
+                let mut map = serializer.serialize_map(Some(entries.len()))?;
+                for (key, value) in entries {
+                    map.serialize_entry(key, &CanonicalJsonValue(value))?;
+                }
+                map.end()
+            }
+        }
+    }
+}
+
+pub fn canonical_json_bytes(value: &serde_json::Value) -> anyhow::Result<Vec<u8>> {
+    serde_json::to_vec(&CanonicalJsonValue(value))
+        .map_err(|e| anyhow!("failed to serialize canonical signer state value: {e}"))
+}

libs/gl-client/src/signer/mod.rs

@@ -411,7 +411,7 @@ impl Signer {
         version: u64,
         value: &[u8],
     ) -> Result<Vec<u8>, anyhow::Error> {
-        let digest = Self::state_signature_digest(key, version, value);
+        let digest = Self::state_signature_digest(key, version, &value);
         let msg = SecpMessage::from_digest_slice(&digest).map_err(|e| {
             anyhow!(
                 "failed to build state signature digest for key {}: {}",