… | |
… | |
64 | |
64 | |
65 | package CBOR::XS; |
65 | package CBOR::XS; |
66 | |
66 | |
67 | use common::sense; |
67 | use common::sense; |
68 | |
68 | |
69 | our $VERSION = 1.3; |
69 | our $VERSION = 1.51; |
70 | our @ISA = qw(Exporter); |
70 | our @ISA = qw(Exporter); |
71 | |
71 | |
72 | our @EXPORT = qw(encode_cbor decode_cbor); |
72 | our @EXPORT = qw(encode_cbor decode_cbor); |
73 | |
73 | |
74 | use Exporter; |
74 | use Exporter; |
… | |
… | |
180 | reference to the earlier value. |
180 | reference to the earlier value. |
181 | |
181 | |
182 | This means that such values will only be encoded once, and will not result |
182 | This means that such values will only be encoded once, and will not result |
183 | in a deep cloning of the value on decode, in decoders supporting the value |
183 | in a deep cloning of the value on decode, in decoders supporting the value |
184 | sharing extension. This also makes it possible to encode cyclic data |
184 | sharing extension. This also makes it possible to encode cyclic data |
185 | structures (which need C<allow_cycles> to ne enabled to be decoded by this |
185 | structures (which need C<allow_cycles> to be enabled to be decoded by this |
186 | module). |
186 | module). |
187 | |
187 | |
188 | It is recommended to leave it off unless you know your |
188 | It is recommended to leave it off unless you know your |
189 | communication partner supports the value sharing extensions to CBOR |
189 | communication partner supports the value sharing extensions to CBOR |
190 | (L<http://cbor.schmorp.de/value-sharing>), as without decoder support, the |
190 | (L<http://cbor.schmorp.de/value-sharing>), as without decoder support, the |
… | |
… | |
247 | the standard CBOR way. |
247 | the standard CBOR way. |
248 | |
248 | |
249 | This option does not affect C<decode> in any way - string references will |
249 | This option does not affect C<decode> in any way - string references will |
250 | always be decoded properly if present. |
250 | always be decoded properly if present. |
251 | |
251 | |
|
|
252 | =item $cbor = $cbor->text_keys ([$enable]) |
|
|
253 | |
|
|
254 | =item $enabled = $cbor->get_text_keys |
|
|
255 | |
|
|
256 | If C<$enabled> is true (or missing), then C<encode> will encode all |
|
|
257 | perl hash keys as CBOR text strings/UTF-8 string, upgrading them as needed. |
|
|
258 | |
|
|
259 | If C<$enable> is false (the default), then C<encode> will encode hash keys |
|
|
260 | normally - upgraded perl strings (strings internally encoded as UTF-8) as |
|
|
261 | CBOR text strings, and downgraded perl strings as CBOR byte strings. |
|
|
262 | |
|
|
263 | This option does not affect C<decode> in any way. |
|
|
264 | |
|
|
265 | This option is useful for interoperability with CBOR decoders that don't |
|
|
266 | treat byte strings as a form of text. It is especially useful as Perl |
|
|
267 | gives very little control over hash keys. |
|
|
268 | |
|
|
269 | Enabling this option can be slow, as all downgraded hash keys that are |
|
|
270 | encoded need to be scanned and converted to UTF-8. |
|
|
271 | |
|
|
272 | =item $cbor = $cbor->text_strings ([$enable]) |
|
|
273 | |
|
|
274 | =item $enabled = $cbor->get_text_strings |
|
|
275 | |
|
|
276 | This option works similar to C<text_keys>, above, but works on all strings |
|
|
277 | (including hash keys), so C<text_keys> has no further effect after |
|
|
278 | enabling C<text_strings>. |
|
|
279 | |
|
|
280 | If C<$enabled> is true (or missing), then C<encode> will encode all perl |
|
|
281 | strings as CBOR text strings/UTF-8 strings, upgrading them as needed. |
|
|
282 | |
|
|
283 | If C<$enable> is false (the default), then C<encode> will encode strings |
|
|
284 | normally (but see C<text_keys>) - upgraded perl strings (strings |
|
|
285 | internally encoded as UTF-8) as CBOR text strings, and downgraded perl |
|
|
286 | strings as CBOR byte strings. |
|
|
287 | |
|
|
288 | This option does not affect C<decode> in any way. |
|
|
289 | |
|
|
290 | This option has similar advantages and disadvantages as C<text_keys>. In |
|
|
291 | addition, this option effectively removes the ability to encode byte |
|
|
292 | strings, which might break some C<FREEZE> and C<TO_CBOR> methods that rely |
|
|
293 | on this, such as bignum encoding, so this option is mainly useful for very |
|
|
294 | simple data. |
|
|
295 | |
252 | =item $cbor = $cbor->validate_utf8 ([$enable]) |
296 | =item $cbor = $cbor->validate_utf8 ([$enable]) |
253 | |
297 | |
254 | =item $enabled = $cbor->get_validate_utf8 |
298 | =item $enabled = $cbor->get_validate_utf8 |
255 | |
299 | |
256 | If C<$enable> is true (or missing), then C<decode> will validate that |
300 | If C<$enable> is true (or missing), then C<decode> will validate that |
… | |
… | |
261 | The concept of "valid UTF-8" used is perl's concept, which is a superset |
305 | The concept of "valid UTF-8" used is perl's concept, which is a superset |
262 | of the official UTF-8. |
306 | of the official UTF-8. |
263 | |
307 | |
264 | If C<$enable> is false (the default), then C<decode> will blindly accept |
308 | If C<$enable> is false (the default), then C<decode> will blindly accept |
265 | UTF-8 data, marking them as valid UTF-8 in the resulting data structure |
309 | UTF-8 data, marking them as valid UTF-8 in the resulting data structure |
266 | regardless of whether thats true or not. |
310 | regardless of whether that's true or not. |
267 | |
311 | |
268 | Perl isn't too happy about corrupted UTF-8 in strings, but should |
312 | Perl isn't too happy about corrupted UTF-8 in strings, but should |
269 | generally not crash or do similarly evil things. Extensions might be not |
313 | generally not crash or do similarly evil things. Extensions might be not |
270 | so forgiving, so it's recommended to turn on this setting if you receive |
314 | so forgiving, so it's recommended to turn on this setting if you receive |
271 | untrusted CBOR. |
315 | untrusted CBOR. |
… | |
… | |
396 | |
440 | |
397 | Resets the incremental decoder. This throws away any saved state, so that |
441 | Resets the incremental decoder. This throws away any saved state, so that |
398 | subsequent calls to C<incr_parse> or C<incr_parse_multiple> start to parse |
442 | subsequent calls to C<incr_parse> or C<incr_parse_multiple> start to parse |
399 | a new CBOR value from the beginning of the C<$buffer> again. |
443 | a new CBOR value from the beginning of the C<$buffer> again. |
400 | |
444 | |
401 | This method can be caled at any time, but it I<must> be called if you want |
445 | This method can be called at any time, but it I<must> be called if you want |
402 | to change your C<$buffer> or there was a decoding error and you want to |
446 | to change your C<$buffer> or there was a decoding error and you want to |
403 | reuse the C<$cbor> object for future incremental parsings. |
447 | reuse the C<$cbor> object for future incremental parsings. |
404 | |
448 | |
405 | =back |
449 | =back |
406 | |
450 | |
… | |
… | |
481 | |
525 | |
482 | =item hash references |
526 | =item hash references |
483 | |
527 | |
484 | Perl hash references become CBOR maps. As there is no inherent ordering in |
528 | Perl hash references become CBOR maps. As there is no inherent ordering in |
485 | hash keys (or CBOR maps), they will usually be encoded in a pseudo-random |
529 | hash keys (or CBOR maps), they will usually be encoded in a pseudo-random |
486 | order. This order can be different each time a hahs is encoded. |
530 | order. This order can be different each time a hash is encoded. |
487 | |
531 | |
488 | Currently, tied hashes will use the indefinite-length format, while normal |
532 | Currently, tied hashes will use the indefinite-length format, while normal |
489 | hashes will use the fixed-length format. |
533 | hashes will use the fixed-length format. |
490 | |
534 | |
491 | =item array references |
535 | =item array references |
… | |
… | |
544 | my $x = 3.1; # some variable containing a number |
588 | my $x = 3.1; # some variable containing a number |
545 | "$x"; # stringified |
589 | "$x"; # stringified |
546 | $x .= ""; # another, more awkward way to stringify |
590 | $x .= ""; # another, more awkward way to stringify |
547 | print $x; # perl does it for you, too, quite often |
591 | print $x; # perl does it for you, too, quite often |
548 | |
592 | |
549 | You can force whether a string ie encoded as byte or text string by using |
593 | You can force whether a string is encoded as byte or text string by using |
550 | C<utf8::upgrade> and C<utf8::downgrade>): |
594 | C<utf8::upgrade> and C<utf8::downgrade> (if C<text_strings> is disabled): |
551 | |
595 | |
552 | utf8::upgrade $x; # encode $x as text string |
596 | utf8::upgrade $x; # encode $x as text string |
553 | utf8::downgrade $x; # encode $x as byte string |
597 | utf8::downgrade $x; # encode $x as byte string |
554 | |
598 | |
555 | Perl doesn't define what operations up- and downgrade strings, so if the |
599 | Perl doesn't define what operations up- and downgrade strings, so if the |
556 | difference between byte and text is important, you should up- or downgrade |
600 | difference between byte and text is important, you should up- or downgrade |
557 | your string as late as possible before encoding. |
601 | your string as late as possible before encoding. You can also force the |
|
|
602 | use of CBOR text strings by using C<text_keys> or C<text_strings>. |
558 | |
603 | |
559 | You can force the type to be a CBOR number by numifying it: |
604 | You can force the type to be a CBOR number by numifying it: |
560 | |
605 | |
561 | my $x = "3"; # some variable containing a string |
606 | my $x = "3"; # some variable containing a string |
562 | $x += 0; # numify it, ensuring it will be dumped as a number |
607 | $x += 0; # numify it, ensuring it will be dumped as a number |
… | |
… | |
663 | "$self" # encode url string |
708 | "$self" # encode url string |
664 | } |
709 | } |
665 | |
710 | |
666 | sub URI::THAW { |
711 | sub URI::THAW { |
667 | my ($class, $serialiser, $uri) = @_; |
712 | my ($class, $serialiser, $uri) = @_; |
668 | |
|
|
669 | $class->new ($uri) |
713 | $class->new ($uri) |
670 | } |
714 | } |
671 | |
715 | |
672 | Unlike C<TO_CBOR>, multiple values can be returned by C<FREEZE>. For |
716 | Unlike C<TO_CBOR>, multiple values can be returned by C<FREEZE>. For |
673 | example, a C<FREEZE> method that returns "type", "id" and "variant" values |
717 | example, a C<FREEZE> method that returns "type", "id" and "variant" values |
… | |
… | |
804 | additional tags (such as base64url). |
848 | additional tags (such as base64url). |
805 | |
849 | |
806 | =head2 ENFORCED TAGS |
850 | =head2 ENFORCED TAGS |
807 | |
851 | |
808 | These tags are always handled when decoding, and their handling cannot be |
852 | These tags are always handled when decoding, and their handling cannot be |
809 | overriden by the user. |
853 | overridden by the user. |
810 | |
854 | |
811 | =over 4 |
855 | =over 4 |
812 | |
856 | |
813 | =item 26 (perl-object, L<http://cbor.schmorp.de/perl-object>) |
857 | =item 26 (perl-object, L<http://cbor.schmorp.de/perl-object>) |
814 | |
858 | |
815 | These tags are automatically created (and decoded) for serialisable |
859 | These tags are automatically created (and decoded) for serialisable |
816 | objects using the C<FREEZE/THAW> methods (the L<Types::Serialier> object |
860 | objects using the C<FREEZE/THAW> methods (the L<Types::Serialier> object |
817 | serialisation protocol). See L<OBJECT SERIALISATION> for details. |
861 | serialisation protocol). See L<OBJECT SERIALISATION> for details. |
818 | |
862 | |
819 | =item 28, 29 (shareable, sharedref, L <http://cbor.schmorp.de/value-sharing>) |
863 | =item 28, 29 (shareable, sharedref, L<http://cbor.schmorp.de/value-sharing>) |
820 | |
864 | |
821 | These tags are automatically decoded when encountered (and they do not |
865 | These tags are automatically decoded when encountered (and they do not |
822 | result in a cyclic data structure, see C<allow_cycles>), resulting in |
866 | result in a cyclic data structure, see C<allow_cycles>), resulting in |
823 | shared values in the decoded object. They are only encoded, however, when |
867 | shared values in the decoded object. They are only encoded, however, when |
824 | C<allow_sharing> is enabled. |
868 | C<allow_sharing> is enabled. |
… | |
… | |
834 | will be shared, others will not. While non-reference shared values can be |
878 | will be shared, others will not. While non-reference shared values can be |
835 | generated in Perl with some effort, they were considered too unimportant |
879 | generated in Perl with some effort, they were considered too unimportant |
836 | to be supported in the encoder. The decoder, however, will decode these |
880 | to be supported in the encoder. The decoder, however, will decode these |
837 | values as shared values. |
881 | values as shared values. |
838 | |
882 | |
839 | =item 256, 25 (stringref-namespace, stringref, L <http://cbor.schmorp.de/stringref>) |
883 | =item 256, 25 (stringref-namespace, stringref, L<http://cbor.schmorp.de/stringref>) |
840 | |
884 | |
841 | These tags are automatically decoded when encountered. They are only |
885 | These tags are automatically decoded when encountered. They are only |
842 | encoded, however, when C<pack_strings> is enabled. |
886 | encoded, however, when C<pack_strings> is enabled. |
843 | |
887 | |
844 | =item 22098 (indirection, L<http://cbor.schmorp.de/indirection>) |
888 | =item 22098 (indirection, L<http://cbor.schmorp.de/indirection>) |
845 | |
889 | |
846 | This tag is automatically generated when a reference are encountered (with |
890 | This tag is automatically generated when a reference are encountered (with |
847 | the exception of hash and array refernces). It is converted to a reference |
891 | the exception of hash and array references). It is converted to a reference |
848 | when decoding. |
892 | when decoding. |
849 | |
893 | |
850 | =item 55799 (self-describe CBOR, RFC 7049) |
894 | =item 55799 (self-describe CBOR, RFC 7049) |
851 | |
895 | |
852 | This value is not generated on encoding (unless explicitly requested by |
896 | This value is not generated on encoding (unless explicitly requested by |
… | |
… | |
855 | =back |
899 | =back |
856 | |
900 | |
857 | =head2 NON-ENFORCED TAGS |
901 | =head2 NON-ENFORCED TAGS |
858 | |
902 | |
859 | These tags have default filters provided when decoding. Their handling can |
903 | These tags have default filters provided when decoding. Their handling can |
860 | be overriden by changing the C<%CBOR::XS::FILTER> entry for the tag, or by |
904 | be overridden by changing the C<%CBOR::XS::FILTER> entry for the tag, or by |
861 | providing a custom C<filter> callback when decoding. |
905 | providing a custom C<filter> callback when decoding. |
862 | |
906 | |
863 | When they result in decoding into a specific Perl class, the module |
907 | When they result in decoding into a specific Perl class, the module |
864 | usually provides a corresponding C<TO_CBOR> method as well. |
908 | usually provides a corresponding C<TO_CBOR> method as well. |
865 | |
909 | |
… | |
… | |
883 | |
927 | |
884 | These tags are decoded into L<Math::BigInt> objects. The corresponding |
928 | These tags are decoded into L<Math::BigInt> objects. The corresponding |
885 | C<Math::BigInt::TO_CBOR> method encodes "small" bigints into normal CBOR |
929 | C<Math::BigInt::TO_CBOR> method encodes "small" bigints into normal CBOR |
886 | integers, and others into positive/negative CBOR bignums. |
930 | integers, and others into positive/negative CBOR bignums. |
887 | |
931 | |
888 | =item 4, 5 (decimal fraction/bigfloat) |
932 | =item 4, 5, 264, 265 (decimal fraction/bigfloat) |
889 | |
933 | |
890 | Both decimal fractions and bigfloats are decoded into L<Math::BigFloat> |
934 | Both decimal fractions and bigfloats are decoded into L<Math::BigFloat> |
891 | objects. The corresponding C<Math::BigFloat::TO_CBOR> method I<always> |
935 | objects. The corresponding C<Math::BigFloat::TO_CBOR> method I<always> |
892 | encodes into a decimal fraction. |
936 | encodes into a decimal fraction (either tag 4 or 264). |
893 | |
937 | |
894 | CBOR cannot represent bigfloats with I<very> large exponents - conversion |
938 | NaN and infinities are not encoded properly, as they cannot be represented |
895 | of such big float objects is undefined. |
939 | in CBOR. |
896 | |
940 | |
897 | Also, NaN and infinities are not encoded properly. |
941 | See L<BIGNUM SECURITY CONSIDERATIONS> for more info. |
|
|
942 | |
|
|
943 | =item 30 (rational numbers) |
|
|
944 | |
|
|
945 | These tags are decoded into L<Math::BigRat> objects. The corresponding |
|
|
946 | C<Math::BigRat::TO_CBOR> method encodes rational numbers with denominator |
|
|
947 | C<1> via their numerator only, i.e., they become normal integers or |
|
|
948 | C<bignums>. |
|
|
949 | |
|
|
950 | See L<BIGNUM SECURITY CONSIDERATIONS> for more info. |
898 | |
951 | |
899 | =item 21, 22, 23 (expected later JSON conversion) |
952 | =item 21, 22, 23 (expected later JSON conversion) |
900 | |
953 | |
901 | CBOR::XS is not a CBOR-to-JSON converter, and will simply ignore these |
954 | CBOR::XS is not a CBOR-to-JSON converter, and will simply ignore these |
902 | tags. |
955 | tags. |
… | |
… | |
907 | C<URI::TO_CBOR> method again results in a CBOR URI value. |
960 | C<URI::TO_CBOR> method again results in a CBOR URI value. |
908 | |
961 | |
909 | =back |
962 | =back |
910 | |
963 | |
911 | =cut |
964 | =cut |
912 | |
|
|
913 | our %FILTER = ( |
|
|
914 | # 0 # rfc4287 datetime, utf-8 |
|
|
915 | # 1 # unix timestamp, any |
|
|
916 | |
|
|
917 | 2 => sub { # pos bigint |
|
|
918 | require Math::BigInt; |
|
|
919 | Math::BigInt->new ("0x" . unpack "H*", pop) |
|
|
920 | }, |
|
|
921 | |
|
|
922 | 3 => sub { # neg bigint |
|
|
923 | require Math::BigInt; |
|
|
924 | -Math::BigInt->new ("0x" . unpack "H*", pop) |
|
|
925 | }, |
|
|
926 | |
|
|
927 | 4 => sub { # decimal fraction, array |
|
|
928 | require Math::BigFloat; |
|
|
929 | Math::BigFloat->new ($_[1][1] . "E" . $_[1][0]) |
|
|
930 | }, |
|
|
931 | |
|
|
932 | 5 => sub { # bigfloat, array |
|
|
933 | require Math::BigFloat; |
|
|
934 | scalar Math::BigFloat->new ($_[1][1])->blsft ($_[1][0], 2) |
|
|
935 | }, |
|
|
936 | |
|
|
937 | 21 => sub { pop }, # expected conversion to base64url encoding |
|
|
938 | 22 => sub { pop }, # expected conversion to base64 encoding |
|
|
939 | 23 => sub { pop }, # expected conversion to base16 encoding |
|
|
940 | |
|
|
941 | # 24 # embedded cbor, byte string |
|
|
942 | |
|
|
943 | 32 => sub { |
|
|
944 | require URI; |
|
|
945 | URI->new (pop) |
|
|
946 | }, |
|
|
947 | |
|
|
948 | # 33 # base64url rfc4648, utf-8 |
|
|
949 | # 34 # base64 rfc46484, utf-8 |
|
|
950 | # 35 # regex pcre/ecma262, utf-8 |
|
|
951 | # 36 # mime message rfc2045, utf-8 |
|
|
952 | ); |
|
|
953 | |
|
|
954 | |
965 | |
955 | =head1 CBOR and JSON |
966 | =head1 CBOR and JSON |
956 | |
967 | |
957 | CBOR is supposed to implement a superset of the JSON data model, and is, |
968 | CBOR is supposed to implement a superset of the JSON data model, and is, |
958 | with some coercion, able to represent all JSON texts (something that other |
969 | with some coercion, able to represent all JSON texts (something that other |
… | |
… | |
974 | |
985 | |
975 | First of all, your CBOR decoder should be secure, that is, should not have |
986 | First of all, your CBOR decoder should be secure, that is, should not have |
976 | any buffer overflows. Obviously, this module should ensure that and I am |
987 | any buffer overflows. Obviously, this module should ensure that and I am |
977 | trying hard on making that true, but you never know. |
988 | trying hard on making that true, but you never know. |
978 | |
989 | |
|
|
990 | Second, CBOR::XS supports object serialisation - decoding CBOR can cause |
|
|
991 | calls to I<any> C<THAW> method in I<any> package that exists in your |
|
|
992 | process (that is, CBOR::XS will not try to load modules, but any existing |
|
|
993 | C<THAW> method or function can be called, so they all have to be secure). |
|
|
994 | |
979 | Second, you need to avoid resource-starving attacks. That means you should |
995 | Third, you need to avoid resource-starving attacks. That means you should |
980 | limit the size of CBOR data you accept, or make sure then when your |
996 | limit the size of CBOR data you accept, or make sure then when your |
981 | resources run out, that's just fine (e.g. by using a separate process that |
997 | resources run out, that's just fine (e.g. by using a separate process that |
982 | can crash safely). The size of a CBOR string in octets is usually a good |
998 | can crash safely). The size of a CBOR string in octets is usually a good |
983 | indication of the size of the resources required to decode it into a Perl |
999 | indication of the size of the resources required to decode it into a Perl |
984 | structure. While CBOR::XS can check the size of the CBOR text, it might be |
1000 | structure. While CBOR::XS can check the size of the CBOR text, it might be |
985 | too late when you already have it in memory, so you might want to check |
1001 | too late when you already have it in memory, so you might want to check |
986 | the size before you accept the string. |
1002 | the size before you accept the string. |
987 | |
1003 | |
988 | Third, CBOR::XS recurses using the C stack when decoding objects and |
1004 | Fourth, CBOR::XS recurses using the C stack when decoding objects and |
989 | arrays. The C stack is a limited resource: for instance, on my amd64 |
1005 | arrays. The C stack is a limited resource: for instance, on my amd64 |
990 | machine with 8MB of stack size I can decode around 180k nested arrays but |
1006 | machine with 8MB of stack size I can decode around 180k nested arrays but |
991 | only 14k nested CBOR objects (due to perl itself recursing deeply on croak |
1007 | only 14k nested CBOR objects (due to perl itself recursing deeply on croak |
992 | to free the temporary). If that is exceeded, the program crashes. To be |
1008 | to free the temporary). If that is exceeded, the program crashes. To be |
993 | conservative, the default nesting limit is set to 512. If your process |
1009 | conservative, the default nesting limit is set to 512. If your process |
… | |
… | |
1000 | Also keep in mind that CBOR::XS might leak contents of your Perl data |
1016 | Also keep in mind that CBOR::XS might leak contents of your Perl data |
1001 | structures in its error messages, so when you serialise sensitive |
1017 | structures in its error messages, so when you serialise sensitive |
1002 | information you might want to make sure that exceptions thrown by CBOR::XS |
1018 | information you might want to make sure that exceptions thrown by CBOR::XS |
1003 | will not end up in front of untrusted eyes. |
1019 | will not end up in front of untrusted eyes. |
1004 | |
1020 | |
|
|
1021 | |
|
|
1022 | =head1 BIGNUM SECURITY CONSIDERATIONS |
|
|
1023 | |
|
|
1024 | CBOR::XS provides a C<TO_CBOR> method for both L<Math::BigInt> and |
|
|
1025 | L<Math::BigFloat> that tries to encode the number in the simplest possible |
|
|
1026 | way, that is, either a CBOR integer, a CBOR bigint/decimal fraction (tag |
|
|
1027 | 4) or an arbitrary-exponent decimal fraction (tag 264). Rational numbers |
|
|
1028 | (L<Math::BigRat>, tag 30) can also contain bignums as members. |
|
|
1029 | |
|
|
1030 | CBOR::XS will also understand base-2 bigfloat or arbitrary-exponent |
|
|
1031 | bigfloats (tags 5 and 265), but it will never generate these on its own. |
|
|
1032 | |
|
|
1033 | Using the built-in L<Math::BigInt::Calc> support, encoding and decoding |
|
|
1034 | decimal fractions is generally fast. Decoding bigints can be slow for very |
|
|
1035 | big numbers (tens of thousands of digits, something that could potentially |
|
|
1036 | be caught by limiting the size of CBOR texts), and decoding bigfloats or |
|
|
1037 | arbitrary-exponent bigfloats can be I<extremely> slow (minutes, decades) |
|
|
1038 | for large exponents (roughly 40 bit and longer). |
|
|
1039 | |
|
|
1040 | Additionally, L<Math::BigInt> can take advantage of other bignum |
|
|
1041 | libraries, such as L<Math::GMP>, which cannot handle big floats with large |
|
|
1042 | exponents, and might simply abort or crash your program, due to their code |
|
|
1043 | quality. |
|
|
1044 | |
|
|
1045 | This can be a concern if you want to parse untrusted CBOR. If it is, you |
|
|
1046 | might want to disable decoding of tag 2 (bigint) and 3 (negative bigint) |
|
|
1047 | types. You should also disable types 5 and 265, as these can be slow even |
|
|
1048 | without bigints. |
|
|
1049 | |
|
|
1050 | Disabling bigints will also partially or fully disable types that rely on |
|
|
1051 | them, e.g. rational numbers that use bignums. |
|
|
1052 | |
|
|
1053 | |
1005 | =head1 CBOR IMPLEMENTATION NOTES |
1054 | =head1 CBOR IMPLEMENTATION NOTES |
1006 | |
1055 | |
1007 | This section contains some random implementation notes. They do not |
1056 | This section contains some random implementation notes. They do not |
1008 | describe guaranteed behaviour, but merely behaviour as-is implemented |
1057 | describe guaranteed behaviour, but merely behaviour as-is implemented |
1009 | right now. |
1058 | right now. |
… | |
… | |
1049 | |
1098 | |
1050 | Please refrain from using rt.cpan.org or any other bug reporting |
1099 | Please refrain from using rt.cpan.org or any other bug reporting |
1051 | service. I put the contact address into my modules for a reason. |
1100 | service. I put the contact address into my modules for a reason. |
1052 | |
1101 | |
1053 | =cut |
1102 | =cut |
|
|
1103 | |
|
|
1104 | # clumsy hv_store-in-perl |
|
|
1105 | sub _hv_store { |
|
|
1106 | $_[0]{$_[1]} = $_[2]; |
|
|
1107 | } |
1054 | |
1108 | |
1055 | our %FILTER = ( |
1109 | our %FILTER = ( |
1056 | 0 => sub { # rfc4287 datetime, utf-8 |
1110 | 0 => sub { # rfc4287 datetime, utf-8 |
1057 | require Time::Piece; |
1111 | require Time::Piece; |
1058 | # Time::Piece::Strptime uses the "incredibly flexible date parsing routine" |
1112 | # Time::Piece::Strptime uses the "incredibly flexible date parsing routine" |
1059 | # from FreeBSD, which can't parse ISO 8601, RFC3339, RFC4287 or much of anything |
1113 | # from FreeBSD, which can't parse ISO 8601, RFC3339, RFC4287 or much of anything |
1060 | # else either. Whats incredibe over standard strptime totally escapes me. |
1114 | # else either. Whats incredibe over standard strptime totally escapes me. |
1061 | # doesn't do fractional times, either. sigh. |
1115 | # doesn't do fractional times, either. sigh. |
1062 | # In fact, it's all a lie, it uses whatever strptime it wants, and of course, |
1116 | # In fact, it's all a lie, it uses whatever strptime it wants, and of course, |
1063 | # they are all incomptible. The openbsd one simply ignores %z (but according to the |
1117 | # they are all incompatible. The openbsd one simply ignores %z (but according to the |
1064 | # docs, it would be much more incredibly flexible indeed. If it worked, that is.). |
1118 | # docs, it would be much more incredibly flexible indeed. If it worked, that is.). |
1065 | scalar eval { |
1119 | scalar eval { |
1066 | my $s = $_[1]; |
1120 | my $s = $_[1]; |
1067 | |
1121 | |
1068 | $s =~ s/Z$/+00:00/; |
1122 | $s =~ s/Z$/+00:00/; |
… | |
… | |
1094 | 4 => sub { # decimal fraction, array |
1148 | 4 => sub { # decimal fraction, array |
1095 | require Math::BigFloat; |
1149 | require Math::BigFloat; |
1096 | Math::BigFloat->new ($_[1][1] . "E" . $_[1][0]) |
1150 | Math::BigFloat->new ($_[1][1] . "E" . $_[1][0]) |
1097 | }, |
1151 | }, |
1098 | |
1152 | |
|
|
1153 | 264 => sub { # decimal fraction with arbitrary exponent |
|
|
1154 | require Math::BigFloat; |
|
|
1155 | Math::BigFloat->new ($_[1][1] . "E" . $_[1][0]) |
|
|
1156 | }, |
|
|
1157 | |
1099 | 5 => sub { # bigfloat, array |
1158 | 5 => sub { # bigfloat, array |
1100 | require Math::BigFloat; |
1159 | require Math::BigFloat; |
1101 | scalar Math::BigFloat->new ($_[1][1])->blsft ($_[1][0], 2) |
1160 | scalar Math::BigFloat->new ($_[1][1]) * Math::BigFloat->new (2)->bpow ($_[1][0]) |
|
|
1161 | }, |
|
|
1162 | |
|
|
1163 | 265 => sub { # bigfloat with arbitrary exponent |
|
|
1164 | require Math::BigFloat; |
|
|
1165 | scalar Math::BigFloat->new ($_[1][1]) * Math::BigFloat->new (2)->bpow ($_[1][0]) |
|
|
1166 | }, |
|
|
1167 | |
|
|
1168 | 30 => sub { # rational number |
|
|
1169 | require Math::BigRat; |
|
|
1170 | Math::BigRat->new ("$_[1][0]/$_[1][1]") # separate parameters only work in recent versons |
1102 | }, |
1171 | }, |
1103 | |
1172 | |
1104 | 21 => sub { pop }, # expected conversion to base64url encoding |
1173 | 21 => sub { pop }, # expected conversion to base64url encoding |
1105 | 22 => sub { pop }, # expected conversion to base64 encoding |
1174 | 22 => sub { pop }, # expected conversion to base64 encoding |
1106 | 23 => sub { pop }, # expected conversion to base16 encoding |
1175 | 23 => sub { pop }, # expected conversion to base16 encoding |
… | |
… | |
1127 | utf8::upgrade $uri; |
1196 | utf8::upgrade $uri; |
1128 | tag 32, $uri |
1197 | tag 32, $uri |
1129 | } |
1198 | } |
1130 | |
1199 | |
1131 | sub Math::BigInt::TO_CBOR { |
1200 | sub Math::BigInt::TO_CBOR { |
1132 | if ($_[0] >= -2147483648 && $_[0] <= 2147483647) { |
1201 | if (-2147483648 <= $_[0] && $_[0] <= 2147483647) { |
1133 | $_[0]->numify |
1202 | $_[0]->numify |
1134 | } else { |
1203 | } else { |
1135 | my $hex = substr $_[0]->as_hex, 2; |
1204 | my $hex = substr $_[0]->as_hex, 2; |
1136 | $hex = "0$hex" if 1 & length $hex; # sigh |
1205 | $hex = "0$hex" if 1 & length $hex; # sigh |
1137 | tag $_[0] >= 0 ? 2 : 3, pack "H*", $hex |
1206 | tag $_[0] >= 0 ? 2 : 3, pack "H*", $hex |
1138 | } |
1207 | } |
1139 | } |
1208 | } |
1140 | |
1209 | |
1141 | sub Math::BigFloat::TO_CBOR { |
1210 | sub Math::BigFloat::TO_CBOR { |
1142 | my ($m, $e) = $_[0]->parts; |
1211 | my ($m, $e) = $_[0]->parts; |
|
|
1212 | |
|
|
1213 | -9223372036854775808 <= $e && $e <= 18446744073709551615 |
1143 | tag 4, [$e->numify, $m] |
1214 | ? tag 4, [$e->numify, $m] |
|
|
1215 | : tag 264, [$e, $m] |
|
|
1216 | } |
|
|
1217 | |
|
|
1218 | sub Math::BigRat::TO_CBOR { |
|
|
1219 | my ($n, $d) = $_[0]->parts; |
|
|
1220 | |
|
|
1221 | # older versions of BigRat need *1, as they not always return numbers |
|
|
1222 | |
|
|
1223 | $d*1 == 1 |
|
|
1224 | ? $n*1 |
|
|
1225 | : tag 30, [$n*1, $d*1] |
1144 | } |
1226 | } |
1145 | |
1227 | |
1146 | sub Time::Piece::TO_CBOR { |
1228 | sub Time::Piece::TO_CBOR { |
1147 | tag 1, 0 + $_[0]->epoch |
1229 | tag 1, 0 + $_[0]->epoch |
1148 | } |
1230 | } |