… | |
… | |
64 | |
64 | |
65 | package CBOR::XS; |
65 | package CBOR::XS; |
66 | |
66 | |
67 | use common::sense; |
67 | use common::sense; |
68 | |
68 | |
69 | our $VERSION = 1.41; |
69 | our $VERSION = 1.5; |
70 | our @ISA = qw(Exporter); |
70 | our @ISA = qw(Exporter); |
71 | |
71 | |
72 | our @EXPORT = qw(encode_cbor decode_cbor); |
72 | our @EXPORT = qw(encode_cbor decode_cbor); |
73 | |
73 | |
74 | use Exporter; |
74 | use Exporter; |
… | |
… | |
588 | my $x = 3.1; # some variable containing a number |
588 | my $x = 3.1; # some variable containing a number |
589 | "$x"; # stringified |
589 | "$x"; # stringified |
590 | $x .= ""; # another, more awkward way to stringify |
590 | $x .= ""; # another, more awkward way to stringify |
591 | print $x; # perl does it for you, too, quite often |
591 | print $x; # perl does it for you, too, quite often |
592 | |
592 | |
593 | You can force whether a string ie encoded as byte or text string by using |
593 | You can force whether a string is encoded as byte or text string by using |
594 | C<utf8::upgrade> and C<utf8::downgrade>): |
594 | C<utf8::upgrade> and C<utf8::downgrade> (if C<text_strings> is disabled): |
595 | |
595 | |
596 | utf8::upgrade $x; # encode $x as text string |
596 | utf8::upgrade $x; # encode $x as text string |
597 | utf8::downgrade $x; # encode $x as byte string |
597 | utf8::downgrade $x; # encode $x as byte string |
598 | |
598 | |
599 | Perl doesn't define what operations up- and downgrade strings, so if the |
599 | Perl doesn't define what operations up- and downgrade strings, so if the |
600 | difference between byte and text is important, you should up- or downgrade |
600 | difference between byte and text is important, you should up- or downgrade |
601 | your string as late as possible before encoding. |
601 | your string as late as possible before encoding. You can also force the |
|
|
602 | use of CBOR text strings by using C<text_keys> or C<text_strings>. |
602 | |
603 | |
603 | You can force the type to be a CBOR number by numifying it: |
604 | You can force the type to be a CBOR number by numifying it: |
604 | |
605 | |
605 | my $x = "3"; # some variable containing a string |
606 | my $x = "3"; # some variable containing a string |
606 | $x += 0; # numify it, ensuring it will be dumped as a number |
607 | $x += 0; # numify it, ensuring it will be dumped as a number |
… | |
… | |
926 | |
927 | |
927 | These tags are decoded into L<Math::BigInt> objects. The corresponding |
928 | These tags are decoded into L<Math::BigInt> objects. The corresponding |
928 | C<Math::BigInt::TO_CBOR> method encodes "small" bigints into normal CBOR |
929 | C<Math::BigInt::TO_CBOR> method encodes "small" bigints into normal CBOR |
929 | integers, and others into positive/negative CBOR bignums. |
930 | integers, and others into positive/negative CBOR bignums. |
930 | |
931 | |
931 | =item 4, 5 (decimal fraction/bigfloat) |
932 | =item 4, 5, 264, 265 (decimal fraction/bigfloat) |
932 | |
933 | |
933 | Both decimal fractions and bigfloats are decoded into L<Math::BigFloat> |
934 | Both decimal fractions and bigfloats are decoded into L<Math::BigFloat> |
934 | objects. The corresponding C<Math::BigFloat::TO_CBOR> method I<always> |
935 | objects. The corresponding C<Math::BigFloat::TO_CBOR> method I<always> |
935 | encodes into a decimal fraction. |
936 | encodes into a decimal fraction (either tag 4 or 264). |
936 | |
937 | |
937 | CBOR cannot represent bigfloats with I<very> large exponents - conversion |
938 | NaN and infinities are not encoded properly, as they cannot be represented |
938 | of such big float objects is undefined. |
939 | in CBOR. |
939 | |
940 | |
940 | Also, NaN and infinities are not encoded properly. |
941 | See L<BIGNUM SECURITY CONSIDERATIONS> for more info. |
941 | |
942 | |
942 | =item 21, 22, 23 (expected later JSON conversion) |
943 | =item 21, 22, 23 (expected later JSON conversion) |
943 | |
944 | |
944 | CBOR::XS is not a CBOR-to-JSON converter, and will simply ignore these |
945 | CBOR::XS is not a CBOR-to-JSON converter, and will simply ignore these |
945 | tags. |
946 | tags. |
… | |
… | |
1000 | |
1001 | |
1001 | Also keep in mind that CBOR::XS might leak contents of your Perl data |
1002 | Also keep in mind that CBOR::XS might leak contents of your Perl data |
1002 | structures in its error messages, so when you serialise sensitive |
1003 | structures in its error messages, so when you serialise sensitive |
1003 | information you might want to make sure that exceptions thrown by CBOR::XS |
1004 | information you might want to make sure that exceptions thrown by CBOR::XS |
1004 | will not end up in front of untrusted eyes. |
1005 | will not end up in front of untrusted eyes. |
|
|
1006 | |
|
|
1007 | |
|
|
1008 | =head1 BIGNUM SECURITY CONSIDERATIONS |
|
|
1009 | |
|
|
1010 | CBOR::XS provides a C<TO_CBOR> method for both L<Math::BigInt> and |
|
|
1011 | L<Math::BigFloat> that tries to encode the number in the simplest possible |
|
|
1012 | way, that is, either a CBOR integer, a CBOR bigint/decimal fraction (tag |
|
|
1013 | 4) or an arbitrary-exponent decimal fraction (tag 264). |
|
|
1014 | |
|
|
1015 | It will also understand base-2 bigfloat or arbitrary-exponent bigfloats |
|
|
1016 | (tags 5 and 265), but it will never generate these on its own. |
|
|
1017 | |
|
|
1018 | Using the built-in L<Math::BigInt::Calc> support, encoding and decoding |
|
|
1019 | decimal fractions is generally fast. Decoding bigints can be slow for very |
|
|
1020 | big numbers, and decoding bigfloats or arbitrary-exponent bigfloats can be |
|
|
1021 | extremely slow (minutes, decades) for large exponents. |
|
|
1022 | |
|
|
1023 | Additionally, L<Math::BigInt> can take advantage of other bignum |
|
|
1024 | libraries, such as L<Math::GMP>, which cannot handle big |
|
|
1025 | floats with large exponents, and might simply abort or crash your program, |
|
|
1026 | due to their code quality. |
|
|
1027 | |
|
|
1028 | This can be a concern if you want to parse untrusted CBOR. If it is, you |
|
|
1029 | need to disable decoding of tag 2 (bigint) and 3 (negative bigint) types, |
|
|
1030 | which will also disable bigfloat support (to be sure, you can also disable |
|
|
1031 | types 4, 5, 264 and 265). |
|
|
1032 | |
1005 | |
1033 | |
1006 | =head1 CBOR IMPLEMENTATION NOTES |
1034 | =head1 CBOR IMPLEMENTATION NOTES |
1007 | |
1035 | |
1008 | This section contains some random implementation notes. They do not |
1036 | This section contains some random implementation notes. They do not |
1009 | describe guaranteed behaviour, but merely behaviour as-is implemented |
1037 | describe guaranteed behaviour, but merely behaviour as-is implemented |
… | |
… | |
1082 | scalar Time::Piece::gmtime (pop) |
1110 | scalar Time::Piece::gmtime (pop) |
1083 | }, |
1111 | }, |
1084 | |
1112 | |
1085 | 2 => sub { # pos bigint |
1113 | 2 => sub { # pos bigint |
1086 | require Math::BigInt; |
1114 | require Math::BigInt; |
1087 | Math::BigInt->new ("0x" . unpack "H*", pop) |
1115 | Math::BigInt->from_hex ("0x" . unpack "H*", pop) |
1088 | }, |
1116 | }, |
1089 | |
1117 | |
1090 | 3 => sub { # neg bigint |
1118 | 3 => sub { # neg bigint |
1091 | require Math::BigInt; |
1119 | require Math::BigInt; |
1092 | -Math::BigInt->new ("0x" . unpack "H*", pop) |
1120 | -Math::BigInt->from_hex ("0x" . unpack "H*", pop) |
1093 | }, |
1121 | }, |
1094 | |
1122 | |
1095 | 4 => sub { # decimal fraction, array |
1123 | 4 => sub { # decimal fraction, array |
1096 | require Math::BigFloat; |
1124 | require Math::BigFloat; |
1097 | Math::BigFloat->new ($_[1][1] . "E" . $_[1][0]) |
1125 | Math::BigFloat->new ($_[1][1] . "E" . $_[1][0]) |
… | |
… | |
1115 | |
1143 | |
1116 | # 33 # base64url rfc4648, utf-8 |
1144 | # 33 # base64url rfc4648, utf-8 |
1117 | # 34 # base64 rfc46484, utf-8 |
1145 | # 34 # base64 rfc46484, utf-8 |
1118 | # 35 # regex pcre/ecma262, utf-8 |
1146 | # 35 # regex pcre/ecma262, utf-8 |
1119 | # 36 # mime message rfc2045, utf-8 |
1147 | # 36 # mime message rfc2045, utf-8 |
|
|
1148 | |
|
|
1149 | 264 => sub { # decimal fraction with arbitrary exponent |
|
|
1150 | require Math::BigFloat; |
|
|
1151 | Math::BigFloat->new ($_[1][1] . "E" . $_[1][0]) |
|
|
1152 | }, |
|
|
1153 | |
|
|
1154 | 265 => sub { # bigfloat with arbitrary exponent |
|
|
1155 | require Math::BigFloat; |
|
|
1156 | scalar Math::BigFloat->new ($_[1][1]) * Math::BigFloat->new (2)->bpow ($_[1][0]) |
|
|
1157 | }, |
1120 | ); |
1158 | ); |
1121 | |
1159 | |
1122 | sub CBOR::XS::default_filter { |
1160 | sub CBOR::XS::default_filter { |
1123 | &{ $FILTER{$_[0]} or return } |
1161 | &{ $FILTER{$_[0]} or return } |
1124 | } |
1162 | } |
… | |
… | |
1128 | utf8::upgrade $uri; |
1166 | utf8::upgrade $uri; |
1129 | tag 32, $uri |
1167 | tag 32, $uri |
1130 | } |
1168 | } |
1131 | |
1169 | |
1132 | sub Math::BigInt::TO_CBOR { |
1170 | sub Math::BigInt::TO_CBOR { |
1133 | if ($_[0] >= -2147483648 && $_[0] <= 2147483647) { |
1171 | if (-2147483648 <= $_[0] && $_[0] <= 2147483647) { |
1134 | $_[0]->numify |
1172 | $_[0]->numify |
1135 | } else { |
1173 | } else { |
1136 | my $hex = substr $_[0]->as_hex, 2; |
1174 | my $hex = substr $_[0]->as_hex, 2; |
1137 | $hex = "0$hex" if 1 & length $hex; # sigh |
1175 | $hex = "0$hex" if 1 & length $hex; # sigh |
1138 | tag $_[0] >= 0 ? 2 : 3, pack "H*", $hex |
1176 | tag $_[0] >= 0 ? 2 : 3, pack "H*", $hex |
1139 | } |
1177 | } |
1140 | } |
1178 | } |
1141 | |
1179 | |
1142 | sub Math::BigFloat::TO_CBOR { |
1180 | sub Math::BigFloat::TO_CBOR { |
1143 | my ($m, $e) = $_[0]->parts; |
1181 | my ($m, $e) = $_[0]->parts; |
|
|
1182 | |
|
|
1183 | -9223372036854775808 <= $e && $e <= 18446744073709551615 |
1144 | tag 4, [$e->numify, $m] |
1184 | ? tag 4, [$e->numify, $m] |
|
|
1185 | : tag 264, [$e, $m] |
1145 | } |
1186 | } |
1146 | |
1187 | |
1147 | sub Time::Piece::TO_CBOR { |
1188 | sub Time::Piece::TO_CBOR { |
1148 | tag 1, 0 + $_[0]->epoch |
1189 | tag 1, 0 + $_[0]->epoch |
1149 | } |
1190 | } |