ssi icon indicating copy to clipboard operation
ssi copied to clipboard

Published 20 hours ago verified publisher icon spruceid

Fix JCS encoding

Open clehner opened this issue 3 years ago • 0 comments

There is a bug in the serde_jcs crate in the encoding of property names for sorting: https://github.com/l1h3r/serde_jcs/issues/1

ssi uses serde_jcs:

  1. in src/ldp.rs: JcsTezosSignature2021 (#237), for encoding linked data documents for signing.
  2. in src/eip712.rs: in a test function, used to generate a test vector for Ethereum EIP712 Signature 2021
  3. in src/jsonld.rs: for serializing strings and numbers
  • 2 I do not think is affected by the bug, because the document uses only ASCII property names, which sort the same in UTF-8 as in UTF-16 (RFC 8785 (JCS) uses UTF-16 and notes this at the end of Section 3.2.3).
  • 1 will be affected by this bug if documents use non-ASCII property names.
  • 3 is not affected by the bug, since it is used for serializing only strings and numbers, not objects or arrays, so does not involve string comparisons that affect the output.

clehner avatar Sep 07 '21 17:09 clehner