ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/CBOR-XS/XS.pm
(Generate patch)

Comparing CBOR-XS/XS.pm (file contents):
Revision 1.54 by root, Mon Apr 25 18:24:44 2016 UTC vs.
Revision 1.55 by root, Mon Apr 25 21:30:23 2016 UTC

927 927
928These tags are decoded into L<Math::BigInt> objects. The corresponding 928These tags are decoded into L<Math::BigInt> objects. The corresponding
929C<Math::BigInt::TO_CBOR> method encodes "small" bigints into normal CBOR 929C<Math::BigInt::TO_CBOR> method encodes "small" bigints into normal CBOR
930integers, and others into positive/negative CBOR bignums. 930integers, and others into positive/negative CBOR bignums.
931 931
932=item 4, 5 (decimal fraction/bigfloat) 932=item 4, 5, 264, 265 (decimal fraction/bigfloat)
933 933
934Both decimal fractions and bigfloats are decoded into L<Math::BigFloat> 934Both decimal fractions and bigfloats are decoded into L<Math::BigFloat>
935objects. The corresponding C<Math::BigFloat::TO_CBOR> method I<always> 935objects. The corresponding C<Math::BigFloat::TO_CBOR> method I<always>
936encodes into a decimal fraction. 936encodes into a decimal fraction (either tag 4 or 264).
937 937
938CBOR cannot represent bigfloats with I<very> large exponents - conversion 938NaN and infinities are not encoded properly, as they cannot be represented
939of such big float objects is undefined. 939in CBOR.
940 940
941Also, NaN and infinities are not encoded properly. 941See L<BIGNUM SECURITY CONSIDERATIONS> for more info.
942 942
943=item 21, 22, 23 (expected later JSON conversion) 943=item 21, 22, 23 (expected later JSON conversion)
944 944
945CBOR::XS is not a CBOR-to-JSON converter, and will simply ignore these 945CBOR::XS is not a CBOR-to-JSON converter, and will simply ignore these
946tags. 946tags.
1001 1001
1002Also keep in mind that CBOR::XS might leak contents of your Perl data 1002Also keep in mind that CBOR::XS might leak contents of your Perl data
1003structures in its error messages, so when you serialise sensitive 1003structures in its error messages, so when you serialise sensitive
1004information you might want to make sure that exceptions thrown by CBOR::XS 1004information you might want to make sure that exceptions thrown by CBOR::XS
1005will not end up in front of untrusted eyes. 1005will not end up in front of untrusted eyes.
1006
1007
1008=head1 BIGNUM SECURITY CONSIDERATIONS
1009
1010CBOR::XS provides a C<TO_CBOR> method for both L<Math::BigInt> and
1011L<Math::BigFloat> that tries to encode the number in the simplest possible
1012way, that is, either a CBOR integer, a CBOR bigint/decimal fraction (tag
10134) or an arbitrary-exponent decimal fraction (tag 264).
1014
1015It will also understand base-2 bigfloat or arbitrary-exponent bigfloats
1016(tags 5 and 265), but it will never generate these on its own.
1017
1018Using the built-in L<Math::BigInt::Calc> support, encoding and decoding
1019decimal fractions is generally fast. Decoding bigints can be slow for very
1020big numbers, and decoding bigfloats or arbitrary-exponent bigfloats can be
1021extremely slow (minutes, decades) for large exponents.
1022
1023Additionally, L<Math::BigInt> can take advantage of other bignum
1024libraries, such as L<Math::GMP> or L<Math::Pari>, which cannot handle big
1025floats with large exponents, and might simply abort or crash your program,
1026due to their code quality.
1027
1028This can be a concern if you want to parse untrusted CBOR. If it is, you
1029need to disable decoding of tag 2 (bigint) and 3 (negative bigint) types,
1030which will also disable bigfloat support (to be sure, you can also disable
1031types 5 and 265).
1032
1006 1033
1007=head1 CBOR IMPLEMENTATION NOTES 1034=head1 CBOR IMPLEMENTATION NOTES
1008 1035
1009This section contains some random implementation notes. They do not 1036This section contains some random implementation notes. They do not
1010describe guaranteed behaviour, but merely behaviour as-is implemented 1037describe guaranteed behaviour, but merely behaviour as-is implemented
1116 1143
1117 # 33 # base64url rfc4648, utf-8 1144 # 33 # base64url rfc4648, utf-8
1118 # 34 # base64 rfc46484, utf-8 1145 # 34 # base64 rfc46484, utf-8
1119 # 35 # regex pcre/ecma262, utf-8 1146 # 35 # regex pcre/ecma262, utf-8
1120 # 36 # mime message rfc2045, utf-8 1147 # 36 # mime message rfc2045, utf-8
1148
1149 264 => sub { # decimal fraction with arbitrary exponent
1150 require Math::BigFloat;
1151 Math::BigFloat->new ($_[1][1] . "E" . $_[1][0])
1152 },
1153
1154 265 => sub { # bigfloat with arbitrary exponent
1155 require Math::BigFloat;
1156 scalar Math::BigFloat->new ($_[1][1]) * Math::BigFloat->new (2)->bpow ($_[1][0])
1157 },
1121); 1158);
1122 1159
1123sub CBOR::XS::default_filter { 1160sub CBOR::XS::default_filter {
1124 &{ $FILTER{$_[0]} or return } 1161 &{ $FILTER{$_[0]} or return }
1125} 1162}
1129 utf8::upgrade $uri; 1166 utf8::upgrade $uri;
1130 tag 32, $uri 1167 tag 32, $uri
1131} 1168}
1132 1169
1133sub Math::BigInt::TO_CBOR { 1170sub Math::BigInt::TO_CBOR {
1134 if ($_[0] >= -2147483648 && $_[0] <= 2147483647) { 1171 if (-2147483648 <= $_[0] && $_[0] <= 2147483647) {
1135 $_[0]->numify 1172 $_[0]->numify
1136 } else { 1173 } else {
1137 my $hex = substr $_[0]->as_hex, 2; 1174 my $hex = substr $_[0]->as_hex, 2;
1138 $hex = "0$hex" if 1 & length $hex; # sigh 1175 $hex = "0$hex" if 1 & length $hex; # sigh
1139 tag $_[0] >= 0 ? 2 : 3, pack "H*", $hex 1176 tag $_[0] >= 0 ? 2 : 3, pack "H*", $hex
1140 } 1177 }
1141} 1178}
1142 1179
1143sub Math::BigFloat::TO_CBOR { 1180sub Math::BigFloat::TO_CBOR {
1144 my ($m, $e) = $_[0]->parts; 1181 my ($m, $e) = $_[0]->parts;
1182
1183 -9223372036854775808 <= $e && $e <= 18446744073709551615
1145 tag 4, [$e->numify, $m] 1184 ? tag 4, [$e->numify, $m]
1185 : tag 264, [$e, $m]
1146} 1186}
1147 1187
1148sub Time::Piece::TO_CBOR { 1188sub Time::Piece::TO_CBOR {
1149 tag 1, 0 + $_[0]->epoch 1189 tag 1, 0 + $_[0]->epoch
1150} 1190}

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines