… | |
… | |
26 | substr $many_cbor_strings, 0, $length, ""; # remove decoded cbor string |
26 | substr $many_cbor_strings, 0, $length, ""; # remove decoded cbor string |
27 | } |
27 | } |
28 | |
28 | |
29 | =head1 DESCRIPTION |
29 | =head1 DESCRIPTION |
30 | |
30 | |
31 | WARNING! This module is very new, and not very well tested (that's up |
|
|
32 | to you to do). Furthermore, details of the implementation might change |
|
|
33 | freely before version 1.0. And lastly, most extensions depend on an IANA |
|
|
34 | assignment, and until that assignment is official, this implementation is |
|
|
35 | not interoperable with other implementations (even future versions of this |
|
|
36 | module) until the assignment is done. |
|
|
37 | |
|
|
38 | You are still invited to try out CBOR, and this module. |
|
|
39 | |
|
|
40 | This module converts Perl data structures to the Concise Binary Object |
31 | This module converts Perl data structures to the Concise Binary Object |
41 | Representation (CBOR) and vice versa. CBOR is a fast binary serialisation |
32 | Representation (CBOR) and vice versa. CBOR is a fast binary serialisation |
42 | format that aims to use a superset of the JSON data model, i.e. when you |
33 | format that aims to use an (almost) superset of the JSON data model, i.e. |
43 | can represent something in JSON, you should be able to represent it in |
34 | when you can represent something useful in JSON, you should be able to |
44 | CBOR. |
35 | represent it in CBOR. |
45 | |
36 | |
46 | In short, CBOR is a faster and very compact binary alternative to JSON, |
37 | In short, CBOR is a faster and quite compact binary alternative to JSON, |
47 | with the added ability of supporting serialisation of Perl objects. (JSON |
38 | with the added ability of supporting serialisation of Perl objects. (JSON |
48 | often compresses better than CBOR though, so if you plan to compress the |
39 | often compresses better than CBOR though, so if you plan to compress the |
49 | data later you might want to compare both formats first). |
40 | data later and speed is less important you might want to compare both |
|
|
41 | formats first). |
50 | |
42 | |
51 | To give you a general idea about speed, with texts in the megabyte range, |
43 | To give you a general idea about speed, with texts in the megabyte range, |
52 | C<CBOR::XS> usually encodes roughly twice as fast as L<Storable> or |
44 | C<CBOR::XS> usually encodes roughly twice as fast as L<Storable> or |
53 | L<JSON::XS> and decodes about 15%-30% faster than those. The shorter the |
45 | L<JSON::XS> and decodes about 15%-30% faster than those. The shorter the |
54 | data, the worse L<Storable> performs in comparison. |
46 | data, the worse L<Storable> performs in comparison. |
55 | |
47 | |
56 | As for compactness, C<CBOR::XS> encoded data structures are usually about |
48 | Regarding compactness, C<CBOR::XS>-encoded data structures are usually |
57 | 20% smaller than the same data encoded as (compact) JSON or L<Storable>. |
49 | about 20% smaller than the same data encoded as (compact) JSON or |
|
|
50 | L<Storable>. |
58 | |
51 | |
59 | In addition to the core CBOR data format, this module implements a number |
52 | In addition to the core CBOR data format, this module implements a |
60 | of extensions, to support cyclic and self-referencing data structures |
53 | number of extensions, to support cyclic and shared data structures |
61 | (see C<allow_sharing>), string deduplication (see C<allow_stringref>) and |
54 | (see C<allow_sharing> and C<allow_cycles>), string deduplication (see |
62 | scalar references (always enabled). |
55 | C<pack_strings>) and scalar references (always enabled). |
63 | |
56 | |
64 | The primary goal of this module is to be I<correct> and the secondary goal |
57 | The primary goal of this module is to be I<correct> and the secondary goal |
65 | is to be I<fast>. To reach the latter goal it was written in C. |
58 | is to be I<fast>. To reach the latter goal it was written in C. |
66 | |
59 | |
67 | See MAPPING, below, on how CBOR::XS maps perl values to CBOR values and |
60 | See MAPPING, below, on how CBOR::XS maps perl values to CBOR values and |
… | |
… | |
71 | |
64 | |
72 | package CBOR::XS; |
65 | package CBOR::XS; |
73 | |
66 | |
74 | use common::sense; |
67 | use common::sense; |
75 | |
68 | |
76 | our $VERSION = 0.08; |
69 | our $VERSION = 1.51; |
77 | our @ISA = qw(Exporter); |
70 | our @ISA = qw(Exporter); |
78 | |
71 | |
79 | our @EXPORT = qw(encode_cbor decode_cbor); |
72 | our @EXPORT = qw(encode_cbor decode_cbor); |
80 | |
73 | |
81 | use Exporter; |
74 | use Exporter; |
… | |
… | |
186 | as an array, is referenced multiple times), but instead will emit a |
179 | as an array, is referenced multiple times), but instead will emit a |
187 | reference to the earlier value. |
180 | reference to the earlier value. |
188 | |
181 | |
189 | This means that such values will only be encoded once, and will not result |
182 | This means that such values will only be encoded once, and will not result |
190 | in a deep cloning of the value on decode, in decoders supporting the value |
183 | in a deep cloning of the value on decode, in decoders supporting the value |
191 | sharing extension. |
184 | sharing extension. This also makes it possible to encode cyclic data |
|
|
185 | structures (which need C<allow_cycles> to be enabled to be decoded by this |
|
|
186 | module). |
192 | |
187 | |
193 | It is recommended to leave it off unless you know your |
188 | It is recommended to leave it off unless you know your |
194 | communication partner supports the value sharing extensions to CBOR |
189 | communication partner supports the value sharing extensions to CBOR |
195 | (http://cbor.schmorp.de/value-sharing). |
190 | (L<http://cbor.schmorp.de/value-sharing>), as without decoder support, the |
|
|
191 | resulting data structure might be unusable. |
196 | |
192 | |
197 | Detecting shared values incurs a runtime overhead when values are encoded |
193 | Detecting shared values incurs a runtime overhead when values are encoded |
198 | that have a reference counter large than one, and might unnecessarily |
194 | that have a reference counter large than one, and might unnecessarily |
199 | increase the encoded size, as potentially shared values are encode as |
195 | increase the encoded size, as potentially shared values are encode as |
200 | sharable whether or not they are actually shared. |
196 | shareable whether or not they are actually shared. |
201 | |
197 | |
202 | At the moment, only targets of references can be shared (e.g. scalars, |
198 | At the moment, only targets of references can be shared (e.g. scalars, |
203 | arrays or hashes pointed to by a reference). Weirder constructs, such as |
199 | arrays or hashes pointed to by a reference). Weirder constructs, such as |
204 | an array with multiple "copies" of the I<same> string, which are hard but |
200 | an array with multiple "copies" of the I<same> string, which are hard but |
205 | not impossible to create in Perl, are not supported (this is the same as |
201 | not impossible to create in Perl, are not supported (this is the same as |
206 | for L<Storable>). |
202 | with L<Storable>). |
207 | |
203 | |
208 | If C<$enable> is false (the default), then C<encode> will encode |
204 | If C<$enable> is false (the default), then C<encode> will encode shared |
209 | exception when it encounters anything it cannot encode as CBOR. |
205 | data structures repeatedly, unsharing them in the process. Cyclic data |
|
|
206 | structures cannot be encoded in this mode. |
210 | |
207 | |
211 | This option does not affect C<decode> in any way - shared values and |
208 | This option does not affect C<decode> in any way - shared values and |
212 | references will always be decoded properly if present. |
209 | references will always be decoded properly if present. |
213 | |
210 | |
|
|
211 | =item $cbor = $cbor->allow_cycles ([$enable]) |
|
|
212 | |
|
|
213 | =item $enabled = $cbor->get_allow_cycles |
|
|
214 | |
|
|
215 | If C<$enable> is true (or missing), then C<decode> will happily decode |
|
|
216 | self-referential (cyclic) data structures. By default these will not be |
|
|
217 | decoded, as they need manual cleanup to avoid memory leaks, so code that |
|
|
218 | isn't prepared for this will not leak memory. |
|
|
219 | |
|
|
220 | If C<$enable> is false (the default), then C<decode> will throw an error |
|
|
221 | when it encounters a self-referential/cyclic data structure. |
|
|
222 | |
|
|
223 | FUTURE DIRECTION: the motivation behind this option is to avoid I<real> |
|
|
224 | cycles - future versions of this module might chose to decode cyclic data |
|
|
225 | structures using weak references when this option is off, instead of |
|
|
226 | throwing an error. |
|
|
227 | |
|
|
228 | This option does not affect C<encode> in any way - shared values and |
|
|
229 | references will always be encoded properly if present. |
|
|
230 | |
214 | =item $cbor = $cbor->allow_stringref ([$enable]) |
231 | =item $cbor = $cbor->pack_strings ([$enable]) |
215 | |
232 | |
216 | =item $enabled = $cbor->get_allow_stringref |
233 | =item $enabled = $cbor->get_pack_strings |
217 | |
234 | |
218 | If C<$enable> is true (or missing), then C<encode> will try not to encode |
235 | If C<$enable> is true (or missing), then C<encode> will try not to encode |
219 | the same string twice, but will instead encode a reference to the string |
236 | the same string twice, but will instead encode a reference to the string |
220 | instead. Depending on your data format. this can save a lot of space, but |
237 | instead. Depending on your data format, this can save a lot of space, but |
221 | also results in a very large runtime overhead (expect encoding times to be |
238 | also results in a very large runtime overhead (expect encoding times to be |
222 | 2-4 times as high as without). |
239 | 2-4 times as high as without). |
223 | |
240 | |
224 | It is recommended to leave it off unless you know your |
241 | It is recommended to leave it off unless you know your |
225 | communications partner supports the stringref extension to CBOR |
242 | communications partner supports the stringref extension to CBOR |
226 | (http://cbor.schmorp.de/stringref). |
243 | (L<http://cbor.schmorp.de/stringref>), as without decoder support, the |
|
|
244 | resulting data structure might not be usable. |
227 | |
245 | |
228 | If C<$enable> is false (the default), then C<encode> will encode |
246 | If C<$enable> is false (the default), then C<encode> will encode strings |
229 | exception when it encounters anything it cannot encode as CBOR. |
247 | the standard CBOR way. |
230 | |
248 | |
231 | This option does not affect C<decode> in any way - string references will |
249 | This option does not affect C<decode> in any way - string references will |
232 | always be decoded properly if present. |
250 | always be decoded properly if present. |
233 | |
251 | |
|
|
252 | =item $cbor = $cbor->text_keys ([$enable]) |
|
|
253 | |
|
|
254 | =item $enabled = $cbor->get_text_keys |
|
|
255 | |
|
|
256 | If C<$enabled> is true (or missing), then C<encode> will encode all |
|
|
257 | perl hash keys as CBOR text strings/UTF-8 string, upgrading them as needed. |
|
|
258 | |
|
|
259 | If C<$enable> is false (the default), then C<encode> will encode hash keys |
|
|
260 | normally - upgraded perl strings (strings internally encoded as UTF-8) as |
|
|
261 | CBOR text strings, and downgraded perl strings as CBOR byte strings. |
|
|
262 | |
|
|
263 | This option does not affect C<decode> in any way. |
|
|
264 | |
|
|
265 | This option is useful for interoperability with CBOR decoders that don't |
|
|
266 | treat byte strings as a form of text. It is especially useful as Perl |
|
|
267 | gives very little control over hash keys. |
|
|
268 | |
|
|
269 | Enabling this option can be slow, as all downgraded hash keys that are |
|
|
270 | encoded need to be scanned and converted to UTF-8. |
|
|
271 | |
|
|
272 | =item $cbor = $cbor->text_strings ([$enable]) |
|
|
273 | |
|
|
274 | =item $enabled = $cbor->get_text_strings |
|
|
275 | |
|
|
276 | This option works similar to C<text_keys>, above, but works on all strings |
|
|
277 | (including hash keys), so C<text_keys> has no further effect after |
|
|
278 | enabling C<text_strings>. |
|
|
279 | |
|
|
280 | If C<$enabled> is true (or missing), then C<encode> will encode all perl |
|
|
281 | strings as CBOR text strings/UTF-8 strings, upgrading them as needed. |
|
|
282 | |
|
|
283 | If C<$enable> is false (the default), then C<encode> will encode strings |
|
|
284 | normally (but see C<text_keys>) - upgraded perl strings (strings |
|
|
285 | internally encoded as UTF-8) as CBOR text strings, and downgraded perl |
|
|
286 | strings as CBOR byte strings. |
|
|
287 | |
|
|
288 | This option does not affect C<decode> in any way. |
|
|
289 | |
|
|
290 | This option has similar advantages and disadvantages as C<text_keys>. In |
|
|
291 | addition, this option effectively removes the ability to encode byte |
|
|
292 | strings, which might break some C<FREEZE> and C<TO_CBOR> methods that rely |
|
|
293 | on this, such as bignum encoding, so this option is mainly useful for very |
|
|
294 | simple data. |
|
|
295 | |
|
|
296 | =item $cbor = $cbor->validate_utf8 ([$enable]) |
|
|
297 | |
|
|
298 | =item $enabled = $cbor->get_validate_utf8 |
|
|
299 | |
|
|
300 | If C<$enable> is true (or missing), then C<decode> will validate that |
|
|
301 | elements (text strings) containing UTF-8 data in fact contain valid UTF-8 |
|
|
302 | data (instead of blindly accepting it). This validation obviously takes |
|
|
303 | extra time during decoding. |
|
|
304 | |
|
|
305 | The concept of "valid UTF-8" used is perl's concept, which is a superset |
|
|
306 | of the official UTF-8. |
|
|
307 | |
|
|
308 | If C<$enable> is false (the default), then C<decode> will blindly accept |
|
|
309 | UTF-8 data, marking them as valid UTF-8 in the resulting data structure |
|
|
310 | regardless of whether that's true or not. |
|
|
311 | |
|
|
312 | Perl isn't too happy about corrupted UTF-8 in strings, but should |
|
|
313 | generally not crash or do similarly evil things. Extensions might be not |
|
|
314 | so forgiving, so it's recommended to turn on this setting if you receive |
|
|
315 | untrusted CBOR. |
|
|
316 | |
|
|
317 | This option does not affect C<encode> in any way - strings that are |
|
|
318 | supposedly valid UTF-8 will simply be dumped into the resulting CBOR |
|
|
319 | string without checking whether that is, in fact, true or not. |
|
|
320 | |
234 | =item $cbor = $cbor->filter ([$cb->($tag, $value)]) |
321 | =item $cbor = $cbor->filter ([$cb->($tag, $value)]) |
235 | |
322 | |
236 | =item $cb_or_undef = $cbor->get_filter |
323 | =item $cb_or_undef = $cbor->get_filter |
237 | |
324 | |
238 | TODO |
325 | Sets or replaces the tagged value decoding filter (when C<$cb> is |
|
|
326 | specified) or clears the filter (if no argument or C<undef> is provided). |
|
|
327 | |
|
|
328 | The filter callback is called only during decoding, when a non-enforced |
|
|
329 | tagged value has been decoded (see L<TAG HANDLING AND EXTENSIONS> for a |
|
|
330 | list of enforced tags). For specific tags, it's often better to provide a |
|
|
331 | default converter using the C<%CBOR::XS::FILTER> hash (see below). |
|
|
332 | |
|
|
333 | The first argument is the numerical tag, the second is the (decoded) value |
|
|
334 | that has been tagged. |
|
|
335 | |
|
|
336 | The filter function should return either exactly one value, which will |
|
|
337 | replace the tagged value in the decoded data structure, or no values, |
|
|
338 | which will result in default handling, which currently means the decoder |
|
|
339 | creates a C<CBOR::XS::Tagged> object to hold the tag and the value. |
|
|
340 | |
|
|
341 | When the filter is cleared (the default state), the default filter |
|
|
342 | function, C<CBOR::XS::default_filter>, is used. This function simply looks |
|
|
343 | up the tag in the C<%CBOR::XS::FILTER> hash. If an entry exists it must be |
|
|
344 | a code reference that is called with tag and value, and is responsible for |
|
|
345 | decoding the value. If no entry exists, it returns no values. |
|
|
346 | |
|
|
347 | Example: decode all tags not handled internally into C<CBOR::XS::Tagged> |
|
|
348 | objects, with no other special handling (useful when working with |
|
|
349 | potentially "unsafe" CBOR data). |
|
|
350 | |
|
|
351 | CBOR::XS->new->filter (sub { })->decode ($cbor_data); |
|
|
352 | |
|
|
353 | Example: provide a global filter for tag 1347375694, converting the value |
|
|
354 | into some string form. |
|
|
355 | |
|
|
356 | $CBOR::XS::FILTER{1347375694} = sub { |
|
|
357 | my ($tag, $value); |
|
|
358 | |
|
|
359 | "tag 1347375694 value $value" |
|
|
360 | }; |
239 | |
361 | |
240 | =item $cbor_data = $cbor->encode ($perl_scalar) |
362 | =item $cbor_data = $cbor->encode ($perl_scalar) |
241 | |
363 | |
242 | Converts the given Perl data structure (a scalar value) to its CBOR |
364 | Converts the given Perl data structure (a scalar value) to its CBOR |
243 | representation. |
365 | representation. |
… | |
… | |
257 | and you need to know where the first CBOR string ends amd the next one |
379 | and you need to know where the first CBOR string ends amd the next one |
258 | starts. |
380 | starts. |
259 | |
381 | |
260 | CBOR::XS->new->decode_prefix ("......") |
382 | CBOR::XS->new->decode_prefix ("......") |
261 | => ("...", 3) |
383 | => ("...", 3) |
|
|
384 | |
|
|
385 | =back |
|
|
386 | |
|
|
387 | =head2 INCREMENTAL PARSING |
|
|
388 | |
|
|
389 | In some cases, there is the need for incremental parsing of JSON |
|
|
390 | texts. While this module always has to keep both CBOR text and resulting |
|
|
391 | Perl data structure in memory at one time, it does allow you to parse a |
|
|
392 | CBOR stream incrementally, using a similar to using "decode_prefix" to see |
|
|
393 | if a full CBOR object is available, but is much more efficient. |
|
|
394 | |
|
|
395 | It basically works by parsing as much of a CBOR string as possible - if |
|
|
396 | the CBOR data is not complete yet, the pasrer will remember where it was, |
|
|
397 | to be able to restart when more data has been accumulated. Once enough |
|
|
398 | data is available to either decode a complete CBOR value or raise an |
|
|
399 | error, a real decode will be attempted. |
|
|
400 | |
|
|
401 | A typical use case would be a network protocol that consists of sending |
|
|
402 | and receiving CBOR-encoded messages. The solution that works with CBOR and |
|
|
403 | about anything else is by prepending a length to every CBOR value, so the |
|
|
404 | receiver knows how many octets to read. More compact (and slightly slower) |
|
|
405 | would be to just send CBOR values back-to-back, as C<CBOR::XS> knows where |
|
|
406 | a CBOR value ends, and doesn't need an explicit length. |
|
|
407 | |
|
|
408 | The following methods help with this: |
|
|
409 | |
|
|
410 | =over 4 |
|
|
411 | |
|
|
412 | =item @decoded = $cbor->incr_parse ($buffer) |
|
|
413 | |
|
|
414 | This method attempts to decode exactly one CBOR value from the beginning |
|
|
415 | of the given C<$buffer>. The value is removed from the C<$buffer> on |
|
|
416 | success. When C<$buffer> doesn't contain a complete value yet, it returns |
|
|
417 | nothing. Finally, when the C<$buffer> doesn't start with something |
|
|
418 | that could ever be a valid CBOR value, it raises an exception, just as |
|
|
419 | C<decode> would. In the latter case the decoder state is undefined and |
|
|
420 | must be reset before being able to parse further. |
|
|
421 | |
|
|
422 | This method modifies the C<$buffer> in place. When no CBOR value can be |
|
|
423 | decoded, the decoder stores the current string offset. On the next call, |
|
|
424 | continues decoding at the place where it stopped before. For this to make |
|
|
425 | sense, the C<$buffer> must begin with the same octets as on previous |
|
|
426 | unsuccessful calls. |
|
|
427 | |
|
|
428 | You can call this method in scalar context, in which case it either |
|
|
429 | returns a decoded value or C<undef>. This makes it impossible to |
|
|
430 | distinguish between CBOR null values (which decode to C<undef>) and an |
|
|
431 | unsuccessful decode, which is often acceptable. |
|
|
432 | |
|
|
433 | =item @decoded = $cbor->incr_parse_multiple ($buffer) |
|
|
434 | |
|
|
435 | Same as C<incr_parse>, but attempts to decode as many CBOR values as |
|
|
436 | possible in one go, instead of at most one. Calls to C<incr_parse> and |
|
|
437 | C<incr_parse_multiple> can be interleaved. |
|
|
438 | |
|
|
439 | =item $cbor->incr_reset |
|
|
440 | |
|
|
441 | Resets the incremental decoder. This throws away any saved state, so that |
|
|
442 | subsequent calls to C<incr_parse> or C<incr_parse_multiple> start to parse |
|
|
443 | a new CBOR value from the beginning of the C<$buffer> again. |
|
|
444 | |
|
|
445 | This method can be called at any time, but it I<must> be called if you want |
|
|
446 | to change your C<$buffer> or there was a decoding error and you want to |
|
|
447 | reuse the C<$cbor> object for future incremental parsings. |
262 | |
448 | |
263 | =back |
449 | =back |
264 | |
450 | |
265 | |
451 | |
266 | =head1 MAPPING |
452 | =head1 MAPPING |
… | |
… | |
284 | CBOR integers become (numeric) perl scalars. On perls without 64 bit |
470 | CBOR integers become (numeric) perl scalars. On perls without 64 bit |
285 | support, 64 bit integers will be truncated or otherwise corrupted. |
471 | support, 64 bit integers will be truncated or otherwise corrupted. |
286 | |
472 | |
287 | =item byte strings |
473 | =item byte strings |
288 | |
474 | |
289 | Byte strings will become octet strings in Perl (the byte values 0..255 |
475 | Byte strings will become octet strings in Perl (the Byte values 0..255 |
290 | will simply become characters of the same value in Perl). |
476 | will simply become characters of the same value in Perl). |
291 | |
477 | |
292 | =item UTF-8 strings |
478 | =item UTF-8 strings |
293 | |
479 | |
294 | UTF-8 strings in CBOR will be decoded, i.e. the UTF-8 octets will be |
480 | UTF-8 strings in CBOR will be decoded, i.e. the UTF-8 octets will be |
… | |
… | |
317 | =item tagged values |
503 | =item tagged values |
318 | |
504 | |
319 | Tagged items consists of a numeric tag and another CBOR value. |
505 | Tagged items consists of a numeric tag and another CBOR value. |
320 | |
506 | |
321 | See L<TAG HANDLING AND EXTENSIONS> and the description of C<< ->filter >> |
507 | See L<TAG HANDLING AND EXTENSIONS> and the description of C<< ->filter >> |
322 | for details. |
508 | for details on which tags are handled how. |
323 | |
509 | |
324 | =item anything else |
510 | =item anything else |
325 | |
511 | |
326 | Anything else (e.g. unsupported simple values) will raise a decoding |
512 | Anything else (e.g. unsupported simple values) will raise a decoding |
327 | error. |
513 | error. |
… | |
… | |
330 | |
516 | |
331 | |
517 | |
332 | =head2 PERL -> CBOR |
518 | =head2 PERL -> CBOR |
333 | |
519 | |
334 | The mapping from Perl to CBOR is slightly more difficult, as Perl is a |
520 | The mapping from Perl to CBOR is slightly more difficult, as Perl is a |
335 | truly typeless language, so we can only guess which CBOR type is meant by |
521 | typeless language. That means this module can only guess which CBOR type |
336 | a Perl value. |
522 | is meant by a perl value. |
337 | |
523 | |
338 | =over 4 |
524 | =over 4 |
339 | |
525 | |
340 | =item hash references |
526 | =item hash references |
341 | |
527 | |
342 | Perl hash references become CBOR maps. As there is no inherent ordering in |
528 | Perl hash references become CBOR maps. As there is no inherent ordering in |
343 | hash keys (or CBOR maps), they will usually be encoded in a pseudo-random |
529 | hash keys (or CBOR maps), they will usually be encoded in a pseudo-random |
344 | order. |
530 | order. This order can be different each time a hash is encoded. |
345 | |
531 | |
346 | Currently, tied hashes will use the indefinite-length format, while normal |
532 | Currently, tied hashes will use the indefinite-length format, while normal |
347 | hashes will use the fixed-length format. |
533 | hashes will use the fixed-length format. |
348 | |
534 | |
349 | =item array references |
535 | =item array references |
350 | |
536 | |
351 | Perl array references become fixed-length CBOR arrays. |
537 | Perl array references become fixed-length CBOR arrays. |
352 | |
538 | |
353 | =item other references |
539 | =item other references |
354 | |
540 | |
355 | Other unblessed references are generally not allowed and will cause an |
541 | Other unblessed references will be represented using |
356 | exception to be thrown, except for references to the integers C<0> and |
542 | the indirection tag extension (tag value C<22098>, |
357 | C<1>, which get turned into false and true in CBOR. |
543 | L<http://cbor.schmorp.de/indirection>). CBOR decoders are guaranteed |
|
|
544 | to be able to decode these values somehow, by either "doing the right |
|
|
545 | thing", decoding into a generic tagged object, simply ignoring the tag, or |
|
|
546 | something else. |
358 | |
547 | |
359 | =item CBOR::XS::Tagged objects |
548 | =item CBOR::XS::Tagged objects |
360 | |
549 | |
361 | Objects of this type must be arrays consisting of a single C<[tag, value]> |
550 | Objects of this type must be arrays consisting of a single C<[tag, value]> |
362 | pair. The (numerical) tag will be encoded as a CBOR tag, the value will |
551 | pair. The (numerical) tag will be encoded as a CBOR tag, the value will |
363 | be encoded as appropriate for the value. You cna use C<CBOR::XS::tag> to |
552 | be encoded as appropriate for the value. You must use C<CBOR::XS::tag> to |
364 | create such objects. |
553 | create such objects. |
365 | |
554 | |
366 | =item Types::Serialiser::true, Types::Serialiser::false, Types::Serialiser::error |
555 | =item Types::Serialiser::true, Types::Serialiser::false, Types::Serialiser::error |
367 | |
556 | |
368 | These special values become CBOR true, CBOR false and CBOR undefined |
557 | These special values become CBOR true, CBOR false and CBOR undefined |
… | |
… | |
385 | # dump as number |
574 | # dump as number |
386 | encode_cbor [2] # yields [2] |
575 | encode_cbor [2] # yields [2] |
387 | encode_cbor [-3.0e17] # yields [-3e+17] |
576 | encode_cbor [-3.0e17] # yields [-3e+17] |
388 | my $value = 5; encode_cbor [$value] # yields [5] |
577 | my $value = 5; encode_cbor [$value] # yields [5] |
389 | |
578 | |
390 | # used as string, so dump as string |
579 | # used as string, so dump as string (either byte or text) |
391 | print $value; |
580 | print $value; |
392 | encode_cbor [$value] # yields ["5"] |
581 | encode_cbor [$value] # yields ["5"] |
393 | |
582 | |
394 | # undef becomes null |
583 | # undef becomes null |
395 | encode_cbor [undef] # yields [null] |
584 | encode_cbor [undef] # yields [null] |
… | |
… | |
398 | |
587 | |
399 | my $x = 3.1; # some variable containing a number |
588 | my $x = 3.1; # some variable containing a number |
400 | "$x"; # stringified |
589 | "$x"; # stringified |
401 | $x .= ""; # another, more awkward way to stringify |
590 | $x .= ""; # another, more awkward way to stringify |
402 | print $x; # perl does it for you, too, quite often |
591 | print $x; # perl does it for you, too, quite often |
|
|
592 | |
|
|
593 | You can force whether a string is encoded as byte or text string by using |
|
|
594 | C<utf8::upgrade> and C<utf8::downgrade> (if C<text_strings> is disabled): |
|
|
595 | |
|
|
596 | utf8::upgrade $x; # encode $x as text string |
|
|
597 | utf8::downgrade $x; # encode $x as byte string |
|
|
598 | |
|
|
599 | Perl doesn't define what operations up- and downgrade strings, so if the |
|
|
600 | difference between byte and text is important, you should up- or downgrade |
|
|
601 | your string as late as possible before encoding. You can also force the |
|
|
602 | use of CBOR text strings by using C<text_keys> or C<text_strings>. |
403 | |
603 | |
404 | You can force the type to be a CBOR number by numifying it: |
604 | You can force the type to be a CBOR number by numifying it: |
405 | |
605 | |
406 | my $x = "3"; # some variable containing a string |
606 | my $x = "3"; # some variable containing a string |
407 | $x += 0; # numify it, ensuring it will be dumped as a number |
607 | $x += 0; # numify it, ensuring it will be dumped as a number |
… | |
… | |
420 | |
620 | |
421 | =back |
621 | =back |
422 | |
622 | |
423 | =head2 OBJECT SERIALISATION |
623 | =head2 OBJECT SERIALISATION |
424 | |
624 | |
|
|
625 | This module implements both a CBOR-specific and the generic |
|
|
626 | L<Types::Serialier> object serialisation protocol. The following |
|
|
627 | subsections explain both methods. |
|
|
628 | |
|
|
629 | =head3 ENCODING |
|
|
630 | |
425 | This module knows two way to serialise a Perl object: The CBOR-specific |
631 | This module knows two way to serialise a Perl object: The CBOR-specific |
426 | way, and the generic way. |
632 | way, and the generic way. |
427 | |
633 | |
428 | Whenever the encoder encounters a Perl object that it cnanot serialise |
634 | Whenever the encoder encounters a Perl object that it cannot serialise |
429 | directly (most of them), it will first look up the C<TO_CBOR> method on |
635 | directly (most of them), it will first look up the C<TO_CBOR> method on |
430 | it. |
636 | it. |
431 | |
637 | |
432 | If it has a C<TO_CBOR> method, it will call it with the object as only |
638 | If it has a C<TO_CBOR> method, it will call it with the object as only |
433 | argument, and expects exactly one return value, which it will then |
639 | argument, and expects exactly one return value, which it will then |
… | |
… | |
439 | |
645 | |
440 | The C<FREEZE> method can return any number of values (i.e. zero or |
646 | The C<FREEZE> method can return any number of values (i.e. zero or |
441 | more). These will be encoded as CBOR perl object, together with the |
647 | more). These will be encoded as CBOR perl object, together with the |
442 | classname. |
648 | classname. |
443 | |
649 | |
|
|
650 | These methods I<MUST NOT> change the data structure that is being |
|
|
651 | serialised. Failure to comply to this can result in memory corruption - |
|
|
652 | and worse. |
|
|
653 | |
444 | If an object supports neither C<TO_CBOR> nor C<FREEZE>, encoding will fail |
654 | If an object supports neither C<TO_CBOR> nor C<FREEZE>, encoding will fail |
445 | with an error. |
655 | with an error. |
446 | |
656 | |
|
|
657 | =head3 DECODING |
|
|
658 | |
447 | Objects encoded via C<TO_CBOR> cannot be automatically decoded, but |
659 | Objects encoded via C<TO_CBOR> cannot (normally) be automatically decoded, |
448 | objects encoded via C<FREEZE> can be decoded using the following protocol: |
660 | but objects encoded via C<FREEZE> can be decoded using the following |
|
|
661 | protocol: |
449 | |
662 | |
450 | When an encoded CBOR perl object is encountered by the decoder, it will |
663 | When an encoded CBOR perl object is encountered by the decoder, it will |
451 | look up the C<THAW> method, by using the stored classname, and will fail |
664 | look up the C<THAW> method, by using the stored classname, and will fail |
452 | if the method cannot be found. |
665 | if the method cannot be found. |
453 | |
666 | |
454 | After the lookup it will call the C<THAW> method with the stored classname |
667 | After the lookup it will call the C<THAW> method with the stored classname |
455 | as first argument, the constant string C<CBOR> as second argument, and all |
668 | as first argument, the constant string C<CBOR> as second argument, and all |
456 | values returned by C<FREEZE> as remaining arguments. |
669 | values returned by C<FREEZE> as remaining arguments. |
457 | |
670 | |
458 | =head4 EXAMPLES |
671 | =head3 EXAMPLES |
459 | |
672 | |
460 | Here is an example C<TO_CBOR> method: |
673 | Here is an example C<TO_CBOR> method: |
461 | |
674 | |
462 | sub My::Object::TO_CBOR { |
675 | sub My::Object::TO_CBOR { |
463 | my ($obj) = @_; |
676 | my ($obj) = @_; |
… | |
… | |
474 | |
687 | |
475 | sub URI::TO_CBOR { |
688 | sub URI::TO_CBOR { |
476 | my ($self) = @_; |
689 | my ($self) = @_; |
477 | my $uri = "$self"; # stringify uri |
690 | my $uri = "$self"; # stringify uri |
478 | utf8::upgrade $uri; # make sure it will be encoded as UTF-8 string |
691 | utf8::upgrade $uri; # make sure it will be encoded as UTF-8 string |
479 | CBOR::XS::tagged 32, "$_[0]" |
692 | CBOR::XS::tag 32, "$_[0]" |
480 | } |
693 | } |
481 | |
694 | |
482 | This will encode URIs as a UTF-8 string with tag 32, which indicates an |
695 | This will encode URIs as a UTF-8 string with tag 32, which indicates an |
483 | URI. |
696 | URI. |
484 | |
697 | |
… | |
… | |
495 | "$self" # encode url string |
708 | "$self" # encode url string |
496 | } |
709 | } |
497 | |
710 | |
498 | sub URI::THAW { |
711 | sub URI::THAW { |
499 | my ($class, $serialiser, $uri) = @_; |
712 | my ($class, $serialiser, $uri) = @_; |
500 | |
|
|
501 | $class->new ($uri) |
713 | $class->new ($uri) |
502 | } |
714 | } |
503 | |
715 | |
504 | Unlike C<TO_CBOR>, multiple values can be returned by C<FREEZE>. For |
716 | Unlike C<TO_CBOR>, multiple values can be returned by C<FREEZE>. For |
505 | example, a C<FREEZE> method that returns "type", "id" and "variant" values |
717 | example, a C<FREEZE> method that returns "type", "id" and "variant" values |
… | |
… | |
636 | additional tags (such as base64url). |
848 | additional tags (such as base64url). |
637 | |
849 | |
638 | =head2 ENFORCED TAGS |
850 | =head2 ENFORCED TAGS |
639 | |
851 | |
640 | These tags are always handled when decoding, and their handling cannot be |
852 | These tags are always handled when decoding, and their handling cannot be |
641 | overriden by the user. |
853 | overridden by the user. |
642 | |
854 | |
643 | =over 4 |
855 | =over 4 |
644 | |
856 | |
645 | =item <unassigned> (perl-object, L<http://cbor.schmorp.de/perl-object>) |
857 | =item 26 (perl-object, L<http://cbor.schmorp.de/perl-object>) |
646 | |
858 | |
647 | These tags are automatically created (and decoded) for serialisable |
859 | These tags are automatically created (and decoded) for serialisable |
648 | objects using the C<FREEZE/THAW> methods (the L<Types::Serialier> object |
860 | objects using the C<FREEZE/THAW> methods (the L<Types::Serialier> object |
649 | serialisation protocol). See L<OBJECT SERIALISATION> for details. |
861 | serialisation protocol). See L<OBJECT SERIALISATION> for details. |
650 | |
862 | |
651 | =item <unassigned>, <unassigned> (sharable, sharedref, L <http://cbor.schmorp.de/value-sharing>) |
863 | =item 28, 29 (shareable, sharedref, L<http://cbor.schmorp.de/value-sharing>) |
652 | |
864 | |
653 | These tags are automatically decoded when encountered, resulting in |
865 | These tags are automatically decoded when encountered (and they do not |
|
|
866 | result in a cyclic data structure, see C<allow_cycles>), resulting in |
654 | shared values in the decoded object. They are only encoded, however, when |
867 | shared values in the decoded object. They are only encoded, however, when |
655 | C<allow_sharable> is enabled. |
868 | C<allow_sharing> is enabled. |
656 | |
869 | |
|
|
870 | Not all shared values can be successfully decoded: values that reference |
|
|
871 | themselves will I<currently> decode as C<undef> (this is not the same |
|
|
872 | as a reference pointing to itself, which will be represented as a value |
|
|
873 | that contains an indirect reference to itself - these will be decoded |
|
|
874 | properly). |
|
|
875 | |
|
|
876 | Note that considerably more shared value data structures can be decoded |
|
|
877 | than will be encoded - currently, only values pointed to by references |
|
|
878 | will be shared, others will not. While non-reference shared values can be |
|
|
879 | generated in Perl with some effort, they were considered too unimportant |
|
|
880 | to be supported in the encoder. The decoder, however, will decode these |
|
|
881 | values as shared values. |
|
|
882 | |
657 | =item <unassigned>, <unassigned> (stringref-namespace, stringref, L <http://cbor.schmorp.de/stringref>) |
883 | =item 256, 25 (stringref-namespace, stringref, L<http://cbor.schmorp.de/stringref>) |
658 | |
884 | |
659 | These tags are automatically decoded when encountered. They are only |
885 | These tags are automatically decoded when encountered. They are only |
660 | encoded, however, when C<allow_stringref> is enabled. |
886 | encoded, however, when C<pack_strings> is enabled. |
661 | |
887 | |
662 | =item 22098 (indirection, L<http://cbor.schmorp.de/indirection>) |
888 | =item 22098 (indirection, L<http://cbor.schmorp.de/indirection>) |
663 | |
889 | |
664 | This tag is automatically generated when a reference are encountered (with |
890 | This tag is automatically generated when a reference are encountered (with |
665 | the exception of hash and array refernces). It is converted to a reference |
891 | the exception of hash and array references). It is converted to a reference |
666 | when decoding. |
892 | when decoding. |
667 | |
893 | |
668 | =item 55799 (self-describe CBOR, RFC 7049) |
894 | =item 55799 (self-describe CBOR, RFC 7049) |
669 | |
895 | |
670 | This value is not generated on encoding (unless explicitly requested by |
896 | This value is not generated on encoding (unless explicitly requested by |
671 | the user), and is simply ignored when decoding. |
897 | the user), and is simply ignored when decoding. |
672 | |
898 | |
673 | =back |
899 | =back |
674 | |
900 | |
675 | =head2 OPTIONAL TAGS |
901 | =head2 NON-ENFORCED TAGS |
676 | |
902 | |
677 | These tags have default filters provided when decoding. Their handling can |
903 | These tags have default filters provided when decoding. Their handling can |
678 | be overriden by changing the C<%CBOR::XS::FILTER> entry for the tag, or by |
904 | be overridden by changing the C<%CBOR::XS::FILTER> entry for the tag, or by |
679 | providing a custom C<filter> function when decoding. |
905 | providing a custom C<filter> callback when decoding. |
680 | |
906 | |
681 | When they result in decoding into a specific Perl class, the module |
907 | When they result in decoding into a specific Perl class, the module |
682 | usually provides a corresponding C<TO_CBOR> method as well. |
908 | usually provides a corresponding C<TO_CBOR> method as well. |
683 | |
909 | |
684 | When any of these need to load additional modules that are not part of the |
910 | When any of these need to load additional modules that are not part of the |
… | |
… | |
686 | provide these modules. The decoding usually fails with an exception if the |
912 | provide these modules. The decoding usually fails with an exception if the |
687 | required module cannot be loaded. |
913 | required module cannot be loaded. |
688 | |
914 | |
689 | =over 4 |
915 | =over 4 |
690 | |
916 | |
|
|
917 | =item 0, 1 (date/time string, seconds since the epoch) |
|
|
918 | |
|
|
919 | These tags are decoded into L<Time::Piece> objects. The corresponding |
|
|
920 | C<Time::Piece::TO_CBOR> method always encodes into tag 1 values currently. |
|
|
921 | |
|
|
922 | The L<Time::Piece> API is generally surprisingly bad, and fractional |
|
|
923 | seconds are only accidentally kept intact, so watch out. On the plus side, |
|
|
924 | the module comes with perl since 5.10, which has to count for something. |
|
|
925 | |
691 | =item 2, 3 (positive/negative bignum) |
926 | =item 2, 3 (positive/negative bignum) |
692 | |
927 | |
693 | These tags are decoded into L<Math::BigInt> objects. The corresponding |
928 | These tags are decoded into L<Math::BigInt> objects. The corresponding |
694 | C<Math::BigInt::TO_CBOR> method encodes "small" bigints into normal CBOR |
929 | C<Math::BigInt::TO_CBOR> method encodes "small" bigints into normal CBOR |
695 | integers, and others into positive/negative CBOR bignums. |
930 | integers, and others into positive/negative CBOR bignums. |
696 | |
931 | |
697 | =item 4, 5 (decimal fraction/bigfloat) |
932 | =item 4, 5, 264, 265 (decimal fraction/bigfloat) |
698 | |
933 | |
699 | Both decimal fractions and bigfloats are decoded into L<Math::BigFloat> |
934 | Both decimal fractions and bigfloats are decoded into L<Math::BigFloat> |
700 | objects. The corresponding C<Math::BigFloat::TO_CBOR> method I<always> |
935 | objects. The corresponding C<Math::BigFloat::TO_CBOR> method I<always> |
701 | encodes into a decimal fraction. |
936 | encodes into a decimal fraction (either tag 4 or 264). |
702 | |
937 | |
703 | CBOR cannot represent bigfloats with I<very> large exponents - conversion |
938 | NaN and infinities are not encoded properly, as they cannot be represented |
704 | of such big float objects is undefined. |
939 | in CBOR. |
705 | |
940 | |
706 | Also, NaN and infinities are not encoded properly. |
941 | See L<BIGNUM SECURITY CONSIDERATIONS> for more info. |
|
|
942 | |
|
|
943 | =item 30 (rational numbers) |
|
|
944 | |
|
|
945 | These tags are decoded into L<Math::BigRat> objects. The corresponding |
|
|
946 | C<Math::BigRat::TO_CBOR> method encodes rational numbers with denominator |
|
|
947 | C<1> via their numerator only, i.e., they become normal integers or |
|
|
948 | C<bignums>. |
|
|
949 | |
|
|
950 | See L<BIGNUM SECURITY CONSIDERATIONS> for more info. |
707 | |
951 | |
708 | =item 21, 22, 23 (expected later JSON conversion) |
952 | =item 21, 22, 23 (expected later JSON conversion) |
709 | |
953 | |
710 | CBOR::XS is not a CBOR-to-JSON converter, and will simply ignore these |
954 | CBOR::XS is not a CBOR-to-JSON converter, and will simply ignore these |
711 | tags. |
955 | tags. |
… | |
… | |
716 | C<URI::TO_CBOR> method again results in a CBOR URI value. |
960 | C<URI::TO_CBOR> method again results in a CBOR URI value. |
717 | |
961 | |
718 | =back |
962 | =back |
719 | |
963 | |
720 | =cut |
964 | =cut |
721 | |
|
|
722 | our %FILTER = ( |
|
|
723 | # 0 # rfc4287 datetime, utf-8 |
|
|
724 | # 1 # unix timestamp, any |
|
|
725 | |
|
|
726 | 2 => sub { # pos bigint |
|
|
727 | require Math::BigInt; |
|
|
728 | Math::BigInt->new ("0x" . unpack "H*", pop) |
|
|
729 | }, |
|
|
730 | |
|
|
731 | 3 => sub { # neg bigint |
|
|
732 | require Math::BigInt; |
|
|
733 | -Math::BigInt->new ("0x" . unpack "H*", pop) |
|
|
734 | }, |
|
|
735 | |
|
|
736 | 4 => sub { # decimal fraction, array |
|
|
737 | require Math::BigFloat; |
|
|
738 | Math::BigFloat->new ($_[1][1] . "E" . $_[1][0]) |
|
|
739 | }, |
|
|
740 | |
|
|
741 | 5 => sub { # bigfloat, array |
|
|
742 | require Math::BigFloat; |
|
|
743 | scalar Math::BigFloat->new ($_[1][1])->blsft ($_[1][0], 2) |
|
|
744 | }, |
|
|
745 | |
|
|
746 | 21 => sub { pop }, # expected conversion to base64url encoding |
|
|
747 | 22 => sub { pop }, # expected conversion to base64 encoding |
|
|
748 | 23 => sub { pop }, # expected conversion to base16 encoding |
|
|
749 | |
|
|
750 | # 24 # embedded cbor, byte string |
|
|
751 | |
|
|
752 | 32 => sub { |
|
|
753 | require URI; |
|
|
754 | URI->new (pop) |
|
|
755 | }, |
|
|
756 | |
|
|
757 | # 33 # base64url rfc4648, utf-8 |
|
|
758 | # 34 # base64 rfc46484, utf-8 |
|
|
759 | # 35 # regex pcre/ecma262, utf-8 |
|
|
760 | # 36 # mime message rfc2045, utf-8 |
|
|
761 | ); |
|
|
762 | |
|
|
763 | |
965 | |
764 | =head1 CBOR and JSON |
966 | =head1 CBOR and JSON |
765 | |
967 | |
766 | CBOR is supposed to implement a superset of the JSON data model, and is, |
968 | CBOR is supposed to implement a superset of the JSON data model, and is, |
767 | with some coercion, able to represent all JSON texts (something that other |
969 | with some coercion, able to represent all JSON texts (something that other |
… | |
… | |
783 | |
985 | |
784 | First of all, your CBOR decoder should be secure, that is, should not have |
986 | First of all, your CBOR decoder should be secure, that is, should not have |
785 | any buffer overflows. Obviously, this module should ensure that and I am |
987 | any buffer overflows. Obviously, this module should ensure that and I am |
786 | trying hard on making that true, but you never know. |
988 | trying hard on making that true, but you never know. |
787 | |
989 | |
|
|
990 | Second, CBOR::XS supports object serialisation - decoding CBOR can cause |
|
|
991 | calls to I<any> C<THAW> method in I<any> package that exists in your |
|
|
992 | process (that is, CBOR::XS will not try to load modules, but any existing |
|
|
993 | C<THAW> method or function can be called, so they all have to be secure). |
|
|
994 | |
788 | Second, you need to avoid resource-starving attacks. That means you should |
995 | Third, you need to avoid resource-starving attacks. That means you should |
789 | limit the size of CBOR data you accept, or make sure then when your |
996 | limit the size of CBOR data you accept, or make sure then when your |
790 | resources run out, that's just fine (e.g. by using a separate process that |
997 | resources run out, that's just fine (e.g. by using a separate process that |
791 | can crash safely). The size of a CBOR string in octets is usually a good |
998 | can crash safely). The size of a CBOR string in octets is usually a good |
792 | indication of the size of the resources required to decode it into a Perl |
999 | indication of the size of the resources required to decode it into a Perl |
793 | structure. While CBOR::XS can check the size of the CBOR text, it might be |
1000 | structure. While CBOR::XS can check the size of the CBOR text, it might be |
794 | too late when you already have it in memory, so you might want to check |
1001 | too late when you already have it in memory, so you might want to check |
795 | the size before you accept the string. |
1002 | the size before you accept the string. |
796 | |
1003 | |
797 | Third, CBOR::XS recurses using the C stack when decoding objects and |
1004 | Fourth, CBOR::XS recurses using the C stack when decoding objects and |
798 | arrays. The C stack is a limited resource: for instance, on my amd64 |
1005 | arrays. The C stack is a limited resource: for instance, on my amd64 |
799 | machine with 8MB of stack size I can decode around 180k nested arrays but |
1006 | machine with 8MB of stack size I can decode around 180k nested arrays but |
800 | only 14k nested CBOR objects (due to perl itself recursing deeply on croak |
1007 | only 14k nested CBOR objects (due to perl itself recursing deeply on croak |
801 | to free the temporary). If that is exceeded, the program crashes. To be |
1008 | to free the temporary). If that is exceeded, the program crashes. To be |
802 | conservative, the default nesting limit is set to 512. If your process |
1009 | conservative, the default nesting limit is set to 512. If your process |
… | |
… | |
809 | Also keep in mind that CBOR::XS might leak contents of your Perl data |
1016 | Also keep in mind that CBOR::XS might leak contents of your Perl data |
810 | structures in its error messages, so when you serialise sensitive |
1017 | structures in its error messages, so when you serialise sensitive |
811 | information you might want to make sure that exceptions thrown by CBOR::XS |
1018 | information you might want to make sure that exceptions thrown by CBOR::XS |
812 | will not end up in front of untrusted eyes. |
1019 | will not end up in front of untrusted eyes. |
813 | |
1020 | |
|
|
1021 | |
|
|
1022 | =head1 BIGNUM SECURITY CONSIDERATIONS |
|
|
1023 | |
|
|
1024 | CBOR::XS provides a C<TO_CBOR> method for both L<Math::BigInt> and |
|
|
1025 | L<Math::BigFloat> that tries to encode the number in the simplest possible |
|
|
1026 | way, that is, either a CBOR integer, a CBOR bigint/decimal fraction (tag |
|
|
1027 | 4) or an arbitrary-exponent decimal fraction (tag 264). Rational numbers |
|
|
1028 | (L<Math::BigRat>, tag 30) can also contain bignums as members. |
|
|
1029 | |
|
|
1030 | CBOR::XS will also understand base-2 bigfloat or arbitrary-exponent |
|
|
1031 | bigfloats (tags 5 and 265), but it will never generate these on its own. |
|
|
1032 | |
|
|
1033 | Using the built-in L<Math::BigInt::Calc> support, encoding and decoding |
|
|
1034 | decimal fractions is generally fast. Decoding bigints can be slow for very |
|
|
1035 | big numbers (tens of thousands of digits, something that could potentially |
|
|
1036 | be caught by limiting the size of CBOR texts), and decoding bigfloats or |
|
|
1037 | arbitrary-exponent bigfloats can be I<extremely> slow (minutes, decades) |
|
|
1038 | for large exponents (roughly 40 bit and longer). |
|
|
1039 | |
|
|
1040 | Additionally, L<Math::BigInt> can take advantage of other bignum |
|
|
1041 | libraries, such as L<Math::GMP>, which cannot handle big floats with large |
|
|
1042 | exponents, and might simply abort or crash your program, due to their code |
|
|
1043 | quality. |
|
|
1044 | |
|
|
1045 | This can be a concern if you want to parse untrusted CBOR. If it is, you |
|
|
1046 | might want to disable decoding of tag 2 (bigint) and 3 (negative bigint) |
|
|
1047 | types. You should also disable types 5 and 265, as these can be slow even |
|
|
1048 | without bigints. |
|
|
1049 | |
|
|
1050 | Disabling bigints will also partially or fully disable types that rely on |
|
|
1051 | them, e.g. rational numbers that use bignums. |
|
|
1052 | |
|
|
1053 | |
814 | =head1 CBOR IMPLEMENTATION NOTES |
1054 | =head1 CBOR IMPLEMENTATION NOTES |
815 | |
1055 | |
816 | This section contains some random implementation notes. They do not |
1056 | This section contains some random implementation notes. They do not |
817 | describe guaranteed behaviour, but merely behaviour as-is implemented |
1057 | describe guaranteed behaviour, but merely behaviour as-is implemented |
818 | right now. |
1058 | right now. |
… | |
… | |
826 | Only the double data type is supported for NV data types - when Perl uses |
1066 | Only the double data type is supported for NV data types - when Perl uses |
827 | long double to represent floating point values, they might not be encoded |
1067 | long double to represent floating point values, they might not be encoded |
828 | properly. Half precision types are accepted, but not encoded. |
1068 | properly. Half precision types are accepted, but not encoded. |
829 | |
1069 | |
830 | Strict mode and canonical mode are not implemented. |
1070 | Strict mode and canonical mode are not implemented. |
|
|
1071 | |
|
|
1072 | |
|
|
1073 | =head1 LIMITATIONS ON PERLS WITHOUT 64-BIT INTEGER SUPPORT |
|
|
1074 | |
|
|
1075 | On perls that were built without 64 bit integer support (these are rare |
|
|
1076 | nowadays, even on 32 bit architectures, as all major Perl distributions |
|
|
1077 | are built with 64 bit integer support), support for any kind of 64 bit |
|
|
1078 | integer in CBOR is very limited - most likely, these 64 bit values will |
|
|
1079 | be truncated, corrupted, or otherwise not decoded correctly. This also |
|
|
1080 | includes string, array and map sizes that are stored as 64 bit integers. |
831 | |
1081 | |
832 | |
1082 | |
833 | =head1 THREADS |
1083 | =head1 THREADS |
834 | |
1084 | |
835 | This module is I<not> guaranteed to be thread safe and there are no |
1085 | This module is I<not> guaranteed to be thread safe and there are no |
… | |
… | |
850 | service. I put the contact address into my modules for a reason. |
1100 | service. I put the contact address into my modules for a reason. |
851 | |
1101 | |
852 | =cut |
1102 | =cut |
853 | |
1103 | |
854 | our %FILTER = ( |
1104 | our %FILTER = ( |
855 | # 0 # rfc4287 datetime, utf-8 |
1105 | 0 => sub { # rfc4287 datetime, utf-8 |
856 | # 1 # unix timestamp, any |
1106 | require Time::Piece; |
|
|
1107 | # Time::Piece::Strptime uses the "incredibly flexible date parsing routine" |
|
|
1108 | # from FreeBSD, which can't parse ISO 8601, RFC3339, RFC4287 or much of anything |
|
|
1109 | # else either. Whats incredibe over standard strptime totally escapes me. |
|
|
1110 | # doesn't do fractional times, either. sigh. |
|
|
1111 | # In fact, it's all a lie, it uses whatever strptime it wants, and of course, |
|
|
1112 | # they are all incompatible. The openbsd one simply ignores %z (but according to the |
|
|
1113 | # docs, it would be much more incredibly flexible indeed. If it worked, that is.). |
|
|
1114 | scalar eval { |
|
|
1115 | my $s = $_[1]; |
|
|
1116 | |
|
|
1117 | $s =~ s/Z$/+00:00/; |
|
|
1118 | $s =~ s/(\.[0-9]+)?([+-][0-9][0-9]):([0-9][0-9])$// |
|
|
1119 | or die; |
|
|
1120 | |
|
|
1121 | my $b = $1 - ($2 * 60 + $3) * 60; # fractional part + offset. hopefully |
|
|
1122 | my $d = Time::Piece->strptime ($s, "%Y-%m-%dT%H:%M:%S"); |
|
|
1123 | |
|
|
1124 | Time::Piece::gmtime ($d->epoch + $b) |
|
|
1125 | } || die "corrupted CBOR date/time string ($_[0])"; |
|
|
1126 | }, |
|
|
1127 | |
|
|
1128 | 1 => sub { # seconds since the epoch, possibly fractional |
|
|
1129 | require Time::Piece; |
|
|
1130 | scalar Time::Piece::gmtime (pop) |
|
|
1131 | }, |
857 | |
1132 | |
858 | 2 => sub { # pos bigint |
1133 | 2 => sub { # pos bigint |
859 | require Math::BigInt; |
1134 | require Math::BigInt; |
860 | Math::BigInt->new ("0x" . unpack "H*", pop) |
1135 | Math::BigInt->new ("0x" . unpack "H*", pop) |
861 | }, |
1136 | }, |
… | |
… | |
868 | 4 => sub { # decimal fraction, array |
1143 | 4 => sub { # decimal fraction, array |
869 | require Math::BigFloat; |
1144 | require Math::BigFloat; |
870 | Math::BigFloat->new ($_[1][1] . "E" . $_[1][0]) |
1145 | Math::BigFloat->new ($_[1][1] . "E" . $_[1][0]) |
871 | }, |
1146 | }, |
872 | |
1147 | |
|
|
1148 | 264 => sub { # decimal fraction with arbitrary exponent |
|
|
1149 | require Math::BigFloat; |
|
|
1150 | Math::BigFloat->new ($_[1][1] . "E" . $_[1][0]) |
|
|
1151 | }, |
|
|
1152 | |
873 | 5 => sub { # bigfloat, array |
1153 | 5 => sub { # bigfloat, array |
874 | require Math::BigFloat; |
1154 | require Math::BigFloat; |
875 | scalar Math::BigFloat->new ($_[1][1])->blsft ($_[1][0], 2) |
1155 | scalar Math::BigFloat->new ($_[1][1]) * Math::BigFloat->new (2)->bpow ($_[1][0]) |
|
|
1156 | }, |
|
|
1157 | |
|
|
1158 | 265 => sub { # bigfloat with arbitrary exponent |
|
|
1159 | require Math::BigFloat; |
|
|
1160 | scalar Math::BigFloat->new ($_[1][1]) * Math::BigFloat->new (2)->bpow ($_[1][0]) |
|
|
1161 | }, |
|
|
1162 | |
|
|
1163 | 30 => sub { # rational number |
|
|
1164 | require Math::BigRat; |
|
|
1165 | Math::BigRat->new ("$_[1][0]/$_[1][1]") # separate parameters only work in recent versons |
876 | }, |
1166 | }, |
877 | |
1167 | |
878 | 21 => sub { pop }, # expected conversion to base64url encoding |
1168 | 21 => sub { pop }, # expected conversion to base64url encoding |
879 | 22 => sub { pop }, # expected conversion to base64 encoding |
1169 | 22 => sub { pop }, # expected conversion to base64 encoding |
880 | 23 => sub { pop }, # expected conversion to base16 encoding |
1170 | 23 => sub { pop }, # expected conversion to base16 encoding |
… | |
… | |
897 | } |
1187 | } |
898 | |
1188 | |
899 | sub URI::TO_CBOR { |
1189 | sub URI::TO_CBOR { |
900 | my $uri = $_[0]->as_string; |
1190 | my $uri = $_[0]->as_string; |
901 | utf8::upgrade $uri; |
1191 | utf8::upgrade $uri; |
902 | CBOR::XS::tag 32, $uri |
1192 | tag 32, $uri |
903 | } |
1193 | } |
904 | |
1194 | |
905 | sub Math::BigInt::TO_CBOR { |
1195 | sub Math::BigInt::TO_CBOR { |
906 | if ($_[0] >= -2147483648 && $_[0] <= 2147483647) { |
1196 | if (-2147483648 <= $_[0] && $_[0] <= 2147483647) { |
907 | $_[0]->numify |
1197 | $_[0]->numify |
908 | } else { |
1198 | } else { |
909 | my $hex = substr $_[0]->as_hex, 2; |
1199 | my $hex = substr $_[0]->as_hex, 2; |
910 | $hex = "0$hex" if 1 & length $hex; # sigh |
1200 | $hex = "0$hex" if 1 & length $hex; # sigh |
911 | CBOR::XS::tag $_[0] >= 0 ? 2 : 3, pack "H*", $hex |
1201 | tag $_[0] >= 0 ? 2 : 3, pack "H*", $hex |
912 | } |
1202 | } |
913 | } |
1203 | } |
914 | |
1204 | |
915 | sub Math::BigFloat::TO_CBOR { |
1205 | sub Math::BigFloat::TO_CBOR { |
916 | my ($m, $e) = $_[0]->parts; |
1206 | my ($m, $e) = $_[0]->parts; |
|
|
1207 | |
|
|
1208 | -9223372036854775808 <= $e && $e <= 18446744073709551615 |
917 | CBOR::XS::tag 4, [$e->numify, $m] |
1209 | ? tag 4, [$e->numify, $m] |
|
|
1210 | : tag 264, [$e, $m] |
|
|
1211 | } |
|
|
1212 | |
|
|
1213 | sub Math::BigRat::TO_CBOR { |
|
|
1214 | my ($n, $d) = $_[0]->parts; |
|
|
1215 | |
|
|
1216 | # older versions of BigRat need *1, as they not always return numbers |
|
|
1217 | |
|
|
1218 | $d*1 == 1 |
|
|
1219 | ? $n*1 |
|
|
1220 | : tag 30, [$n*1, $d*1] |
|
|
1221 | } |
|
|
1222 | |
|
|
1223 | sub Time::Piece::TO_CBOR { |
|
|
1224 | tag 1, 0 + $_[0]->epoch |
918 | } |
1225 | } |
919 | |
1226 | |
920 | XSLoader::load "CBOR::XS", $VERSION; |
1227 | XSLoader::load "CBOR::XS", $VERSION; |
921 | |
1228 | |
922 | =head1 SEE ALSO |
1229 | =head1 SEE ALSO |