… | |
… | |
927 | |
927 | |
928 | These tags are decoded into L<Math::BigInt> objects. The corresponding |
928 | These tags are decoded into L<Math::BigInt> objects. The corresponding |
929 | C<Math::BigInt::TO_CBOR> method encodes "small" bigints into normal CBOR |
929 | C<Math::BigInt::TO_CBOR> method encodes "small" bigints into normal CBOR |
930 | integers, and others into positive/negative CBOR bignums. |
930 | integers, and others into positive/negative CBOR bignums. |
931 | |
931 | |
932 | =item 4, 5 (decimal fraction/bigfloat) |
932 | =item 4, 5, 264, 265 (decimal fraction/bigfloat) |
933 | |
933 | |
934 | Both decimal fractions and bigfloats are decoded into L<Math::BigFloat> |
934 | Both decimal fractions and bigfloats are decoded into L<Math::BigFloat> |
935 | objects. The corresponding C<Math::BigFloat::TO_CBOR> method I<always> |
935 | objects. The corresponding C<Math::BigFloat::TO_CBOR> method I<always> |
936 | encodes into a decimal fraction. |
936 | encodes into a decimal fraction (either tag 4 or 264). |
937 | |
937 | |
938 | CBOR cannot represent bigfloats with I<very> large exponents - conversion |
938 | NaN and infinities are not encoded properly, as they cannot be represented |
939 | of such big float objects is undefined. |
939 | in CBOR. |
940 | |
940 | |
941 | Also, NaN and infinities are not encoded properly. |
941 | See L<BIGNUM SECURITY CONSIDERATIONS> for more info. |
942 | |
942 | |
943 | =item 21, 22, 23 (expected later JSON conversion) |
943 | =item 21, 22, 23 (expected later JSON conversion) |
944 | |
944 | |
945 | CBOR::XS is not a CBOR-to-JSON converter, and will simply ignore these |
945 | CBOR::XS is not a CBOR-to-JSON converter, and will simply ignore these |
946 | tags. |
946 | tags. |
… | |
… | |
1001 | |
1001 | |
1002 | Also keep in mind that CBOR::XS might leak contents of your Perl data |
1002 | Also keep in mind that CBOR::XS might leak contents of your Perl data |
1003 | structures in its error messages, so when you serialise sensitive |
1003 | structures in its error messages, so when you serialise sensitive |
1004 | information you might want to make sure that exceptions thrown by CBOR::XS |
1004 | information you might want to make sure that exceptions thrown by CBOR::XS |
1005 | will not end up in front of untrusted eyes. |
1005 | will not end up in front of untrusted eyes. |
|
|
1006 | |
|
|
1007 | |
|
|
1008 | =head1 BIGNUM SECURITY CONSIDERATIONS |
|
|
1009 | |
|
|
1010 | CBOR::XS provides a C<TO_CBOR> method for both L<Math::BigInt> and |
|
|
1011 | L<Math::BigFloat> that tries to encode the number in the simplest possible |
|
|
1012 | way, that is, either a CBOR integer, a CBOR bigint/decimal fraction (tag |
|
|
1013 | 4) or an arbitrary-exponent decimal fraction (tag 264). |
|
|
1014 | |
|
|
1015 | It will also understand base-2 bigfloat or arbitrary-exponent bigfloats |
|
|
1016 | (tags 5 and 265), but it will never generate these on its own. |
|
|
1017 | |
|
|
1018 | Using the built-in L<Math::BigInt::Calc> support, encoding and decoding |
|
|
1019 | decimal fractions is generally fast. Decoding bigints can be slow for very |
|
|
1020 | big numbers, and decoding bigfloats or arbitrary-exponent bigfloats can be |
|
|
1021 | extremely slow (minutes, decades) for large exponents. |
|
|
1022 | |
|
|
1023 | Additionally, L<Math::BigInt> can take advantage of other bignum |
|
|
1024 | libraries, such as L<Math::GMP> or L<Math::Pari>, which cannot handle big |
|
|
1025 | floats with large exponents, and might simply abort or crash your program, |
|
|
1026 | due to their code quality. |
|
|
1027 | |
|
|
1028 | This can be a concern if you want to parse untrusted CBOR. If it is, you |
|
|
1029 | need to disable decoding of tag 2 (bigint) and 3 (negative bigint) types, |
|
|
1030 | which will also disable bigfloat support (to be sure, you can also disable |
|
|
1031 | types 5 and 265). |
|
|
1032 | |
1006 | |
1033 | |
1007 | =head1 CBOR IMPLEMENTATION NOTES |
1034 | =head1 CBOR IMPLEMENTATION NOTES |
1008 | |
1035 | |
1009 | This section contains some random implementation notes. They do not |
1036 | This section contains some random implementation notes. They do not |
1010 | describe guaranteed behaviour, but merely behaviour as-is implemented |
1037 | describe guaranteed behaviour, but merely behaviour as-is implemented |
… | |
… | |
1116 | |
1143 | |
1117 | # 33 # base64url rfc4648, utf-8 |
1144 | # 33 # base64url rfc4648, utf-8 |
1118 | # 34 # base64 rfc46484, utf-8 |
1145 | # 34 # base64 rfc46484, utf-8 |
1119 | # 35 # regex pcre/ecma262, utf-8 |
1146 | # 35 # regex pcre/ecma262, utf-8 |
1120 | # 36 # mime message rfc2045, utf-8 |
1147 | # 36 # mime message rfc2045, utf-8 |
|
|
1148 | |
|
|
1149 | 264 => sub { # decimal fraction with arbitrary exponent |
|
|
1150 | require Math::BigFloat; |
|
|
1151 | Math::BigFloat->new ($_[1][1] . "E" . $_[1][0]) |
|
|
1152 | }, |
|
|
1153 | |
|
|
1154 | 265 => sub { # bigfloat with arbitrary exponent |
|
|
1155 | require Math::BigFloat; |
|
|
1156 | scalar Math::BigFloat->new ($_[1][1]) * Math::BigFloat->new (2)->bpow ($_[1][0]) |
|
|
1157 | }, |
1121 | ); |
1158 | ); |
1122 | |
1159 | |
1123 | sub CBOR::XS::default_filter { |
1160 | sub CBOR::XS::default_filter { |
1124 | &{ $FILTER{$_[0]} or return } |
1161 | &{ $FILTER{$_[0]} or return } |
1125 | } |
1162 | } |
… | |
… | |
1129 | utf8::upgrade $uri; |
1166 | utf8::upgrade $uri; |
1130 | tag 32, $uri |
1167 | tag 32, $uri |
1131 | } |
1168 | } |
1132 | |
1169 | |
1133 | sub Math::BigInt::TO_CBOR { |
1170 | sub Math::BigInt::TO_CBOR { |
1134 | if ($_[0] >= -2147483648 && $_[0] <= 2147483647) { |
1171 | if (-2147483648 <= $_[0] && $_[0] <= 2147483647) { |
1135 | $_[0]->numify |
1172 | $_[0]->numify |
1136 | } else { |
1173 | } else { |
1137 | my $hex = substr $_[0]->as_hex, 2; |
1174 | my $hex = substr $_[0]->as_hex, 2; |
1138 | $hex = "0$hex" if 1 & length $hex; # sigh |
1175 | $hex = "0$hex" if 1 & length $hex; # sigh |
1139 | tag $_[0] >= 0 ? 2 : 3, pack "H*", $hex |
1176 | tag $_[0] >= 0 ? 2 : 3, pack "H*", $hex |
1140 | } |
1177 | } |
1141 | } |
1178 | } |
1142 | |
1179 | |
1143 | sub Math::BigFloat::TO_CBOR { |
1180 | sub Math::BigFloat::TO_CBOR { |
1144 | my ($m, $e) = $_[0]->parts; |
1181 | my ($m, $e) = $_[0]->parts; |
|
|
1182 | |
|
|
1183 | -9223372036854775808 <= $e && $e <= 18446744073709551615 |
1145 | tag 4, [$e->numify, $m] |
1184 | ? tag 4, [$e->numify, $m] |
|
|
1185 | : tag 264, [$e, $m] |
1146 | } |
1186 | } |
1147 | |
1187 | |
1148 | sub Time::Piece::TO_CBOR { |
1188 | sub Time::Piece::TO_CBOR { |
1149 | tag 1, 0 + $_[0]->epoch |
1189 | tag 1, 0 + $_[0]->epoch |
1150 | } |
1190 | } |