fix: enforce lexicographic ordering when encoding CBOR

Up to this point, we only had deterministic encoding for structs. Fields
were encoded in the order they appeared.

This fix ensures that fields are encoded in lexicographic order as
required by CDE spec:

    https://www.ietf.org/archive/id/draft-ietf-cbor-cde-13.html#name-the-lexicographic-map-sorti

(Note: we typically define fields in the order of their code points, so
in practice, we have been _mostly_ compliant with CDE; but this was not
guaranteed, and deviations were possible, especially when extensions are
involved.)

Signed-off-by: Sergei Trofimov <[email protected]>

Author: setrofim

encoding/cbor.go

@@ -9,6 +9,7 @@ import (
 	"fmt"
 	"math"
 	"reflect"
+	"sort"
 	"strconv"
 	"strings"
 
@@ -285,6 +286,7 @@ func (o *structFieldsCBOR) ToCBOR(em cbor.EncMode) ([]byte, error) {
 		return nil, errors.New("mapLen cannot exceed math.MaxUint32")
 	}
 
+	lexSort(em, o.Keys)
 	for _, key := range o.Keys {
 		marshalledKey, err := em.Marshal(key)
 		if err != nil {
@@ -500,3 +502,29 @@ func updateFieldCacheCBOR(dm cbor.DecMode, cacheField reflect.Value, rawMap *str
 
 	return nil
 }
+
+// Lexicographic sorting of CBOR integer keys. See:
+// https://www.ietf.org/archive/id/draft-ietf-cbor-cde-13.html#name-the-lexicographic-map-sorti
+func lexSort(em cbor.EncMode, v []int) {
+	sort.Slice(v, func(i, j int) bool {
+		a, err := em.Marshal(v[i])
+		if err != nil {
+			panic(err) // integer encoding cannot fail
+		}
+
+		b, err := em.Marshal(v[j])
+		if err != nil {
+			panic(err) // integer encoding cannot fail
+		}
+
+		for k, v := range a {
+			if v < b[k] {
+				return true
+			} else if v > b[k] {
+				return false
+			}
+		}
+
+		return false
+	})
+}

encoding/cbor_test.go

@@ -1,4 +1,4 @@
-// Copyright 2021-2024 Contributors to the Veraison project.
+// Copyright 2021-2025 Contributors to the Veraison project.
 // SPDX-License-Identifier: Apache-2.0
 package encoding
 
@@ -107,6 +107,41 @@ func Test_PopulateStructFromCBOR_simple(t *testing.T) {
 
 }
 
+func Test_SerializeStructToCBOR_cde_ordering(t *testing.T) {
+	val := struct {
+		Field8  int `cbor:"8,keyasint"`
+		FieldN3 int `cbor:"-3,keyasint"`
+		Field0  int `cbor:"0,keyasint"`
+		FieldN1 int `cbor:"-1,keyasint"`
+	}{
+		Field8:  1,
+		FieldN3: 3,
+		Field0:  0,
+		FieldN1: 2,
+	}
+
+	expected := []byte{
+		0xa4, // map(4)
+
+		0x00, // key: 0
+		0x00, // value: 0
+
+		0x08, // key: 8
+		0x01, // value: 1
+
+		0x20, // key: -1
+		0x02, // value: 2
+
+		0x22, // key: -3
+		0x03, // value: 3
+	}
+
+	em := mustInitEncMode()
+	data, err := SerializeStructToCBOR(em, val)
+	assert.NoError(t, err)
+	assert.Equal(t, expected, data)
+}
+
 func Test_structFieldsCBOR_CRUD(t *testing.T) {
 	sf := newStructFieldsCBOR()
 
@@ -278,3 +313,45 @@ func Test_processAdditionalInfo(t *testing.T) {
 	_, _, err = processAdditionalInfo(addInfo, []byte{})
 	assert.EqualError(t, err, "unexpected EOF")
 }
+
+func Test_lexSort(t *testing.T) {
+	test_cases := []struct {
+		title    string
+		input    []int
+		expected []int
+	}{
+		{
+			title:    "non-negative",
+			input:    []int{1, 4, 0, 2, 3},
+			expected: []int{0, 1, 2, 3, 4},
+		},
+		{
+			title:    "negative",
+			input:    []int{-1, -4, -2, -3},
+			expected: []int{-1, -2, -3, -4},
+		},
+		{
+			title:    "mixed",
+			input:    []int{-1, 0, 3, 1, -2},
+			expected: []int{0, 1, 3, -1, -2},
+		},
+		{
+			title:    "already sorted",
+			input:    []int{0, 1, 3, -1, -2},
+			expected: []int{0, 1, 3, -1, -2},
+		},
+		{
+			title:    "different length encoding",
+			input:    []int{65535, 256},
+			expected: []int{256, 65535},
+		},
+	}
+
+	for _, tc := range test_cases {
+		em := mustInitEncMode()
+		t.Run(tc.title, func(t *testing.T) {
+			lexSort(em, tc.input)
+			assert.Equal(t, tc.expected, tc.input)
+		})
+	}
+}