diff --git a/CBOR_BENCHMARKS.md b/CBOR_BENCHMARKS.md deleted file mode 100644 index d4ea1899..00000000 --- a/CBOR_BENCHMARKS.md +++ /dev/null @@ -1,264 +0,0 @@ -# CBOR Benchmarks for fxamacker/cbor - -See [bench_test.go](bench_test.go). - -Benchmarks on Feb. 22, 2020 with cbor v2.2.0: -* [Go builtin types](#go-builtin-types) -* [Go structs](#go-structs) -* [Go structs with "keyasint" struct tag](#go-structs-with-keyasint-struct-tag) -* [Go structs with "toarray" struct tag](#go-structs-with-toarray-struct-tag) -* [COSE data](#cose-data) -* [CWT claims data](#cwt-claims-data) -* [SenML data](#SenML-data) - -## Go builtin types - -Benchmarks use data representing the following values: - -* Boolean: `true` -* Positive integer: `18446744073709551615` -* Negative integer: `-1000` -* Float: `-4.1` -* Byte string: `h'0102030405060708090a0b0c0d0e0f101112131415161718191a'` -* Text string: `"The quick brown fox jumps over the lazy dog"` -* Array: `[1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26]` -* Map: `{"a": "A", "b": "B", "c": "C", "d": "D", "e": "E", "f": "F", "g": "G", "h": "H", "i": "I", "j": "J", "l": "L", "m": "M", "n": "N"}}` - -Decoding Benchmark | Time | Memory | Allocs ---- | ---: | ---: | ---: -BenchmarkUnmarshal/CBOR_bool_to_Go_interface_{}-2 | 110 ns/op | 16 B/op | 1 allocs/op -BenchmarkUnmarshal/CBOR_bool_to_Go_bool-2 | 99.3 ns/op | 1 B/op | 1 allocs/op -BenchmarkUnmarshal/CBOR_positive_int_to_Go_interface_{}-2 | 135 ns/op | 24 B/op | 2 allocs/op -BenchmarkUnmarshal/CBOR_positive_int_to_Go_uint64-2 | 116 ns/op | 8 B/op | 1 allocs/op -BenchmarkUnmarshal/CBOR_negative_int_to_Go_interface_{}-2 | 133 ns/op | 24 B/op | 2 allocs/op -BenchmarkUnmarshal/CBOR_negative_int_to_Go_int64-2 | 113 ns/op | 8 B/op | 1 allocs/op -BenchmarkUnmarshal/CBOR_float_to_Go_interface_{}-2 | 137 ns/op | 24 B/op | 2 allocs/op -BenchmarkUnmarshal/CBOR_float_to_Go_float64-2 | 115 ns/op | 8 B/op | 1 allocs/op -BenchmarkUnmarshal/CBOR_bytes_to_Go_interface_{}-2 | 179 ns/op | 80 B/op | 3 allocs/op -BenchmarkUnmarshal/CBOR_bytes_to_Go_[]uint8-2 | 194 ns/op | 64 B/op | 2 allocs/op -BenchmarkUnmarshal/CBOR_text_to_Go_interface_{}-2 | 209 ns/op | 80 B/op | 3 allocs/op -BenchmarkUnmarshal/CBOR_text_to_Go_string-2 | 193 ns/op | 64 B/op | 2 allocs/op -BenchmarkUnmarshal/CBOR_array_to_Go_interface_{}-2 |1068 ns/op | 672 B/op | 29 allocs/op -BenchmarkUnmarshal/CBOR_array_to_Go_[]int-2 | 1073 ns/op | 272 B/op | 3 allocs/op -BenchmarkUnmarshal/CBOR_map_to_Go_interface_{}-2 | 2926 ns/op | 1420 B/op | 30 allocs/op -BenchmarkUnmarshal/CBOR_map_to_Go_map[string]interface_{}-2 | 3755 ns/op | 965 B/op | 19 allocs/op -BenchmarkUnmarshal/CBOR_map_to_Go_map[string]string-2 | 2586 ns/op | 740 B/op | 5 allocs/op - -Encoding Benchmark | Time | Memory | Allocs ---- | ---: | ---: | ---: -BenchmarkMarshal/Go_bool_to_CBOR_bool-2 | 86.1 ns/op | 1 B/op | 1 allocs/op -BenchmarkMarshal/Go_uint64_to_CBOR_positive_int-2 | 97.0 ns/op | 16 B/op | 1 allocs/op -BenchmarkMarshal/Go_int64_to_CBOR_negative_int-2 | 90.3 ns/op | 3 B/op | 1 allocs/op -BenchmarkMarshal/Go_float64_to_CBOR_float-2 | 97.9 ns/op | 16 B/op | 1 allocs/op -BenchmarkMarshal/Go_[]uint8_to_CBOR_bytes-2 | 121 ns/op | 32 B/op | 1 allocs/op -BenchmarkMarshal/Go_string_to_CBOR_text-2 | 115 ns/op | 48 B/op | 1 allocs/op -BenchmarkMarshal/Go_[]int_to_CBOR_array-2 | 529 ns/op | 32 B/op | 1 allocs/op -BenchmarkMarshal/Go_map[string]string_to_CBOR_map-2 | 2115 ns/op | 576 B/op | 28 allocs/op - -## Go structs - -Benchmarks use struct and map[string]interface{} representing the following value: - -``` -{ - "T": true, - "Ui": uint(18446744073709551615), - "I": -1000, - "F": -4.1, - "B": []byte{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26}, - "S": "The quick brown fox jumps over the lazy dog", - "Slci": []int{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26}, - "Mss": map[string]string{"a": "A", "b": "B", "c": "C", "d": "D", "e": "E", "f": "F", "g": "G", "h": "H", "i": "I", "j": "J", "l": "L", "m": "M", "n": "N"}, -} -``` - -Decoding Benchmark | Time | Memory | Allocs ---- | ---: | ---: | ---: -BenchmarkUnmarshal/CBOR_map_to_Go_map[string]interface{}-2 | 6221 ns/op | 2621 B/op | 73 allocs/op -BenchmarkUnmarshal/CBOR_map_to_Go_struct-2 | 4458 ns/op | 1172 B/op | 10 allocs/op - -Encoding Benchmark | Time | Memory | Allocs ---- | ---: | ---: | ---: -BenchmarkMarshal/Go_map[string]interface{}_to_CBOR_map-2 | 4441 ns/op | 1072 B/op | 45 allocs/op -BenchmarkMarshal/Go_struct_to_CBOR_map-2 | 2866 ns/op | 720 B/op | 28 allocs/op - -## Go structs with "keyasint" struct tag - -Benchmarks use struct (with keyasint struct tag) and map[int]interface{} representing the following value: - -``` -{ - 1: true, - 2: uint(18446744073709551615), - 3: -1000, - 4: -4.1, - 5: []byte{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26}, - 6: "The quick brown fox jumps over the lazy dog", - 7: []int{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26}, - 8: map[string]string{"a": "A", "b": "B", "c": "C", "d": "D", "e": "E", "f": "F", "g": "G", "h": "H", "i": "I", "j": "J", "l": "L", "m": "M", "n": "N"}, -} -``` - -Struct type with keyasint struct tag is used to handle CBOR map with integer keys. - -``` -type T struct { - T bool `cbor:"1,keyasint"` - Ui uint `cbor:"2,keyasint"` - I int `cbor:"3,keyasint"` - F float64 `cbor:"4,keyasint"` - B []byte `cbor:"5,keyasint"` - S string `cbor:"6,keyasint"` - Slci []int `cbor:"7,keyasint"` - Mss map[string]string `cbor:"8,keyasint"` -} -``` - -Decoding Benchmark | Time | Memory | Allocs ---- | ---: | ---: | ---: -BenchmarkUnmarshal/CBOR_map_to_Go_map[int]interface{}-2| 6030 ns/op | 2517 B/op | 70 allocs/op -BenchmarkUnmarshal/CBOR_map_to_Go_struct_keyasint-2 | 4332 ns/op | 1173 B/op | 10 allocs/op - -Encoding Benchmark | Time | Memory | Allocs ---- | ---: | ---: | ---: -BenchmarkMarshal/Go_map[int]interface{}_to_CBOR_map-2 | 4348 ns/op | 992 B/op | 45 allocs/op -BenchmarkMarshal/Go_struct_keyasint_to_CBOR_map-2 | 2847 ns/op | 704 B/op | 28 allocs/op - -## Go structs with "toarray" struct tag - -Benchmarks use struct (with toarray struct tag) and []interface{} representing the following value: - -``` -[ - true, - uint(18446744073709551615), - -1000, - -4.1, - []byte{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26}, - "The quick brown fox jumps over the lazy dog", - []int{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26}, - map[string]string{"a": "A", "b": "B", "c": "C", "d": "D", "e": "E", "f": "F", "g": "G", "h": "H", "i": "I", "j": "J", "l": "L", "m": "M", "n": "N"} -] -``` - -Struct type with toarray struct tag is used to handle CBOR array. - -``` -type T struct { - _ struct{} `cbor:",toarray"` - T bool - Ui uint - I int - F float64 - B []byte - S string - Slci []int - Mss map[string]string -} -``` - -Decoding Benchmark | Time | Memory | Allocs ---- | ---: | ---: | ---: -BenchmarkUnmarshal/CBOR_array_to_Go_[]interface{}-2 | 4863 ns/op | 2404 B/op | 67 allocs/op -BenchmarkUnmarshal/CBOR_array_to_Go_struct_toarray-2 | 4173 ns/op | 1164 B/op | 9 allocs/op - -Encoding Benchmark | Time | Memory | Allocs ---- | ---: | ---: | ---: -BenchmarkMarshal/Go_[]interface{}_to_CBOR_map-2 | 3240 ns/op | 704 B/op | 28 allocs/op -BenchmarkMarshal/Go_struct_toarray_to_CBOR_array-2 | 2823 ns/op | 704 B/op | 28 allocs/op - -## COSE data - -Benchmarks use COSE data from https://tools.ietf.org/html/rfc8392#appendix-A section A.2 - -``` -// 128-Bit Symmetric COSE_Key -{ - / k / -1: h'231f4c4d4d3051fdc2ec0a3851d5b383' - / kty / 1: 4 / Symmetric /, - / kid / 2: h'53796d6d6574726963313238' / 'Symmetric128' /, - / alg / 3: 10 / AES-CCM-16-64-128 / -} -// 256-Bit Symmetric COSE_Key -{ - / k / -1: h'403697de87af64611c1d32a05dab0fe1fcb715a86ab435f1 - ec99192d79569388' - / kty / 1: 4 / Symmetric /, - / kid / 4: h'53796d6d6574726963323536' / 'Symmetric256' /, - / alg / 3: 4 / HMAC 256/64 / -} -// ECDSA 256-Bit COSE Key -{ - / d / -4: h'6c1382765aec5358f117733d281c1c7bdc39884d04a45a1e - 6c67c858bc206c19', - / y / -3: h'60f7f1a780d8a783bfb7a2dd6b2796e8128dbbcef9d3d168 - db9529971a36e7b9', - / x / -2: h'143329cce7868e416927599cf65a34f3ce2ffda55a7eca69 - ed8919a394d42f0f', - / crv / -1: 1 / P-256 /, - / kty / 1: 2 / EC2 /, - / kid / 2: h'4173796d6d657472696345434453413 - 23536' / 'AsymmetricECDSA256' /, - / alg / 3: -7 / ECDSA 256 / -} -``` - -Decoding Benchmark | Time | Memory | Allocs ---- | ---: | ---: | ---: -BenchmarkUnmarshalCOSE/128-Bit_Symmetric_Key-2 | 562 ns/op | 240 B/op | 4 allocs/op -BenchmarkUnmarshalCOSE/256-Bit_Symmetric_Key-2 | 568 ns/op | 256 B/op | 4 allocs/op -BenchmarkUnmarshalCOSE/ECDSA_P256_256-Bit_Key-2 | 968 ns/op | 360 B/op | 7 allocs/op - -Encoding Benchmark | Time | Memory | Allocs ---- | ---: | ---: | ---: -BenchmarkMarshalCOSE/128-Bit_Symmetric_Key-2 | 523 ns/op | 224 B/op | 2 allocs/op -BenchmarkMarshalCOSE/256-Bit_Symmetric_Key-2 | 521 ns/op | 240 B/op | 2 allocs/op -BenchmarkMarshalCOSE/ECDSA_P256_256-Bit_Key-2 | 668 ns/op | 320 B/op | 2 allocs/op - -## CWT claims data - -Benchmarks use CTW claims data from https://tools.ietf.org/html/rfc8392#appendix-A section A.1 - -``` -{ - / iss / 1: "coap://as.example.com", - / sub / 2: "erikw", - / aud / 3: "coap://light.example.com", - / exp / 4: 1444064944, - / nbf / 5: 1443944944, - / iat / 6: 1443944944, - / cti / 7: h'0b71' -} -``` - -Decoding Benchmark | Time | Memory | Allocs ---- | ---: | ---: | ---: -BenchmarkUnmarshalCWTClaims-2 | 765 ns/op | 176 B/op | 6 allocs/op - -Encoding Benchmark | Time | Memory | Allocs ---- | ---: | ---: | ---: -BenchmarkMarshalCWTClaims-2 | 451 ns/op | 176 B/op | 2 allocs/op - -## SenML data - -Benchmarks use SenML data from https://tools.ietf.org/html/rfc8428#section-6 - -``` -[ - {-2: "urn:dev:ow:10e2073a0108006:", -3: 1276020076.001, -4: "A", -1: 5, 0: "voltage", 1: "V", 2: 120.1}, - {0: "current", 6: -5, 2: 1.2}, - {0: "current", 6: -4, 2: 1.3}, - {0: "current", 6: -3, 2: 1.4}, - {0: "current", 6: -2, 2: 1.5}, - {0: "current", 6: -1, 2: 1.6}, - {0: "current", 6: 0, 2: 1.7} -] -``` - -Decoding Benchmark | Time | Memory | Allocs ---- | ---: | ---: | ---: -BenchmarkUnmarshalSenML-2 | 3106 ns/op | 1544 B/op | 18 allocs/op - -Encoding Benchmark | Time | Memory | Allocs ---- | ---: | ---: | ---: -BenchmarkMarshalSenML-2 | 2976 ns/op | 272 B/op | 2 allocs/op diff --git a/CBOR_GOLANG.md b/CBOR_GOLANG.md deleted file mode 100644 index 5949d617..00000000 --- a/CBOR_GOLANG.md +++ /dev/null @@ -1,32 +0,0 @@ -👉 [Comparisons](https://github.com/fxamacker/cbor#comparisons) • [Status](https://github.com/fxamacker/cbor#current-status) • [Design Goals](https://github.com/fxamacker/cbor#design-goals) • [Features](https://github.com/fxamacker/cbor#features) • [Standards](https://github.com/fxamacker/cbor#standards) • [Fuzzing](https://github.com/fxamacker/cbor#fuzzing-and-code-coverage) • [Usage](https://github.com/fxamacker/cbor#usage) • [Security Policy](https://github.com/fxamacker/cbor#security-policy) • [License](https://github.com/fxamacker/cbor#license) - -# CBOR -[CBOR](https://en.wikipedia.org/wiki/CBOR) is a data format designed to allow small code size and small message size. CBOR is defined in [RFC 8949 Concise Binary Object Representation](https://tools.ietf.org/html/rfc8949) (previously [RFC 7049](https://tools.ietf.org/html/rfc7049)), an [IETF](http://ietf.org/) Internet Standards Document. - -CBOR is also designed to be stable for decades, be extensible without need for version negotiation, and not require a schema. - -While JSON uses text, CBOR uses binary. CDDL can be used to express CBOR (and JSON) in an easy and unambiguous way. CDDL is defined in (RFC 8610 Concise Data Definition Language). - -## CBOR in Golang (Go) -[Golang](https://golang.org/) is a nickname for the Go programming language. Go is specified in [The Go Programming Language Specification](https://golang.org/ref/spec). - -__[fxamacker/cbor](https://github.com/fxamacker/cbor)__ is a library (written in Go) that encodes and decodes CBOR. The API design of fxamacker/cbor is based on Go's [`encoding/json`](https://golang.org/pkg/encoding/json/). The design and reliability of fxamacker/cbor makes it ideal for encoding and decoding COSE. - -## COSE -COSE is a protocol using CBOR for basic security services. COSE is defined in ([RFC 8152 CBOR Object Signing and Encryption](https://tools.ietf.org/html/rfc8152)). - -COSE describes how to create and process signatures, message authentication codes, and encryption using CBOR for serialization. COSE specification also describes how to represent cryptographic keys using CBOR. COSE is used by WebAuthn. - -## CWT -CBOR Web Token (CWT) is defined in [RFC 8392](http://tools.ietf.org/html/rfc8392). CWT is based on COSE and was derived in part from JSON Web Token (JWT). CWT is a compact way to securely represent claims to be transferred between two parties. - -## WebAuthn -[WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) (Web Authentication) is a web standard for authenticating users to web-based apps and services. It's a core component of FIDO2, the successor of FIDO U2F legacy protocol. - -__[fxamacker/webauthn](https://github.com/fxamacker/webauthn)__ is a library (written in Go) that performs server-side authentication for clients using FIDO2 keys, legacy FIDO U2F keys, tpm, and etc. - -Copyright (c) Faye Amacker and contributors. - -
- -👉 [Comparisons](https://github.com/fxamacker/cbor#comparisons) • [Status](https://github.com/fxamacker/cbor#current-status) • [Design Goals](https://github.com/fxamacker/cbor#design-goals) • [Features](https://github.com/fxamacker/cbor#features) • [Standards](https://github.com/fxamacker/cbor#standards) • [Fuzzing](https://github.com/fxamacker/cbor#fuzzing-and-code-coverage) • [Usage](https://github.com/fxamacker/cbor#usage) • [Security Policy](https://github.com/fxamacker/cbor#security-policy) • [License](https://github.com/fxamacker/cbor#license) diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index bc1f077b..c794b2b0 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -1,76 +1,133 @@ + # Contributor Covenant Code of Conduct ## Our Pledge -In the interest of fostering an open and welcoming environment, we as -contributors and maintainers pledge to making participation in our project and -our community a harassment-free experience for everyone, regardless of age, body -size, disability, ethnicity, sex characteristics, gender identity and expression, -level of experience, education, socio-economic status, nationality, personal -appearance, race, religion, or sexual identity and orientation. +We as members, contributors, and leaders pledge to make participation in our +community a harassment-free experience for everyone, regardless of age, body +size, visible or invisible disability, ethnicity, sex characteristics, gender +identity and expression, level of experience, education, socio-economic status, +nationality, personal appearance, race, caste, color, religion, or sexual +identity and orientation. + +We pledge to act and interact in ways that contribute to an open, welcoming, +diverse, inclusive, and healthy community. ## Our Standards -Examples of behavior that contributes to creating a positive environment -include: +Examples of behavior that contributes to a positive environment for our +community include: -* Using welcoming and inclusive language -* Being respectful of differing viewpoints and experiences -* Gracefully accepting constructive criticism -* Focusing on what is best for the community -* Showing empathy towards other community members +* Demonstrating empathy and kindness toward other people +* Being respectful of differing opinions, viewpoints, and experiences +* Giving and gracefully accepting constructive feedback +* Accepting responsibility and apologizing to those affected by our mistakes, + and learning from the experience +* Focusing on what is best not just for us as individuals, but for the overall + community -Examples of unacceptable behavior by participants include: +Examples of unacceptable behavior include: -* The use of sexualized language or imagery and unwelcome sexual attention or - advances -* Trolling, insulting/derogatory comments, and personal or political attacks +* The use of sexualized language or imagery, and sexual attention or advances of + any kind +* Trolling, insulting or derogatory comments, and personal or political attacks * Public or private harassment -* Publishing others' private information, such as a physical or electronic - address, without explicit permission +* Publishing others' private information, such as a physical or email address, + without their explicit permission * Other conduct which could reasonably be considered inappropriate in a - professional setting + professional setting -## Our Responsibilities +## Enforcement Responsibilities -Project maintainers are responsible for clarifying the standards of acceptable -behavior and are expected to take appropriate and fair corrective action in -response to any instances of unacceptable behavior. +Community leaders are responsible for clarifying and enforcing our standards of +acceptable behavior and will take appropriate and fair corrective action in +response to any behavior that they deem inappropriate, threatening, offensive, +or harmful. -Project maintainers have the right and responsibility to remove, edit, or -reject comments, commits, code, wiki edits, issues, and other contributions -that are not aligned to this Code of Conduct, or to ban temporarily or -permanently any contributor for other behaviors that they deem inappropriate, -threatening, offensive, or harmful. +Community leaders have the right and responsibility to remove, edit, or reject +comments, commits, code, wiki edits, issues, and other contributions that are +not aligned to this Code of Conduct, and will communicate reasons for moderation +decisions when appropriate. ## Scope -This Code of Conduct applies both within project spaces and in public spaces -when an individual is representing the project or its community. Examples of -representing a project or community include using an official project e-mail -address, posting via an official social media account, or acting as an appointed -representative at an online or offline event. Representation of a project may be -further defined and clarified by project maintainers. +This Code of Conduct applies within all community spaces, and also applies when +an individual is officially representing the community in public spaces. +Examples of representing our community include using an official e-mail address, +posting via an official social media account, or acting as an appointed +representative at an online or offline event. ## Enforcement Instances of abusive, harassing, or otherwise unacceptable behavior may be -reported by contacting the project team at faye.github@gmail.com. All -complaints will be reviewed and investigated and will result in a response that -is deemed necessary and appropriate to the circumstances. The project team is -obligated to maintain confidentiality with regard to the reporter of an incident. -Further details of specific enforcement policies may be posted separately. +reported to the community leaders responsible for enforcement at +faye.github@gmail.com. +All complaints will be reviewed and investigated promptly and fairly. + +All community leaders are obligated to respect the privacy and security of the +reporter of any incident. + +## Enforcement Guidelines + +Community leaders will follow these Community Impact Guidelines in determining +the consequences for any action they deem in violation of this Code of Conduct: + +### 1. Correction + +**Community Impact**: Use of inappropriate language or other behavior deemed +unprofessional or unwelcome in the community. + +**Consequence**: A private, written warning from community leaders, providing +clarity around the nature of the violation and an explanation of why the +behavior was inappropriate. A public apology may be requested. + +### 2. Warning + +**Community Impact**: A violation through a single incident or series of +actions. -Project maintainers who do not follow or enforce the Code of Conduct in good -faith may face temporary or permanent repercussions as determined by other -members of the project's leadership. +**Consequence**: A warning with consequences for continued behavior. No +interaction with the people involved, including unsolicited interaction with +those enforcing the Code of Conduct, for a specified period of time. This +includes avoiding interactions in community spaces as well as external channels +like social media. Violating these terms may lead to a temporary or permanent +ban. + +### 3. Temporary Ban + +**Community Impact**: A serious violation of community standards, including +sustained inappropriate behavior. + +**Consequence**: A temporary ban from any sort of interaction or public +communication with the community for a specified period of time. No public or +private interaction with the people involved, including unsolicited interaction +with those enforcing the Code of Conduct, is allowed during this period. +Violating these terms may lead to a permanent ban. + +### 4. Permanent Ban + +**Community Impact**: Demonstrating a pattern of violation of community +standards, including sustained inappropriate behavior, harassment of an +individual, or aggression toward or disparagement of classes of individuals. + +**Consequence**: A permanent ban from any sort of public interaction within the +community. ## Attribution -This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, -available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html +This Code of Conduct is adapted from the [Contributor Covenant][homepage], +version 2.1, available at +[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1]. -[homepage]: https://www.contributor-covenant.org +Community Impact Guidelines were inspired by +[Mozilla's code of conduct enforcement ladder][Mozilla CoC]. -For answers to common questions about this code of conduct, see -https://www.contributor-covenant.org/faq +For answers to common questions about this code of conduct, see the FAQ at +[https://www.contributor-covenant.org/faq][FAQ]. Translations are available at +[https://www.contributor-covenant.org/translations][translations]. + +[homepage]: https://www.contributor-covenant.org +[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html +[Mozilla CoC]: https://github.com/mozilla/diversity +[FAQ]: https://www.contributor-covenant.org/faq +[translations]: https://www.contributor-covenant.org/translations diff --git a/README.md b/README.md index 5051faaf..5e9dd2c8 100644 --- a/README.md +++ b/README.md @@ -1,162 +1,247 @@ -[![](https://github.com/fxamacker/images/raw/master/cbor/v2.5.0/fxamacker_cbor_banner.png)](#cbor-library-in-go) +# CBOR Codec in Go -`fxamacker/cbor` is a library for encoding and decoding [CBOR](https://www.rfc-editor.org/info/std94) and [CBOR Sequences](https://www.rfc-editor.org/rfc/rfc8742.html). + -CBOR is a [trusted alternative](https://www.rfc-editor.org/rfc/rfc8949.html#name-comparison-of-other-binary-) to JSON, MessagePack, Protocol Buffers, and etc.  CBOR is an Internet Standard defined by [IETF STD 94 (RFC 8949)](https://www.rfc-editor.org/info/std94) and is designed to be relevant for decades. +[fxamacker/cbor](https://github.com/fxamacker/cbor) is a library for encoding and decoding [CBOR](https://www.rfc-editor.org/info/std94) and [CBOR Sequences](https://www.rfc-editor.org/rfc/rfc8742.html). -`fxamacker/cbor` is used in projects by Arm Ltd., Cisco, Dapper Labs, EdgeX Foundry, Fraunhofer‑AISEC, Linux Foundation, Microsoft, Mozilla, Oasis Protocol, Tailscale, [and others](https://github.com/fxamacker/cbor#who-uses-fxamackercbor). +CBOR is a [trusted alternative](https://www.rfc-editor.org/rfc/rfc8949.html#name-comparison-of-other-binary-) to JSON, MessagePack, Protocol Buffers, etc.  CBOR is an Internet Standard defined by [IETF STD 94 (RFC 8949)](https://www.rfc-editor.org/info/std94) and is designed to be relevant for decades. -Install with `go get github.com/fxamacker/cbor/v2` and `import "github.com/fxamacker/cbor/v2"`. See [Quick Start](#quick-start). +`fxamacker/cbor` is used in projects by Arm Ltd., Cisco, Dapper Labs, EdgeX Foundry, Fraunhofer‑AISEC, Linux Foundation, Microsoft, Mozilla, Oasis Protocol, Tailscale, Teleport, [and others](https://github.com/fxamacker/cbor#who-uses-fxamackercbor). -# CBOR Codec in Go +See [Quick Start](#quick-start). + +## fxamacker/cbor [![](https://github.com/fxamacker/cbor/workflows/ci/badge.svg)](https://github.com/fxamacker/cbor/actions?query=workflow%3Aci) [![](https://github.com/fxamacker/cbor/workflows/cover%20%E2%89%A596%25/badge.svg)](https://github.com/fxamacker/cbor/actions?query=workflow%3A%22cover+%E2%89%A596%25%22) -[![](https://github.com/fxamacker/cbor/workflows/linters/badge.svg)](https://github.com/fxamacker/cbor/actions?query=workflow%3Alinters) [![CodeQL](https://github.com/fxamacker/cbor/actions/workflows/codeql-analysis.yml/badge.svg)](https://github.com/fxamacker/cbor/actions/workflows/codeql-analysis.yml) -[![](https://img.shields.io/badge/fuzzing-3%2B%20billion%20execs-44c010)](#fuzzing-and-code-coverage) +[![](https://img.shields.io/badge/fuzzing-passing-44c010)](#fuzzing-and-code-coverage) [![Go Report Card](https://goreportcard.com/badge/github.com/fxamacker/cbor)](https://goreportcard.com/report/github.com/fxamacker/cbor) -[![](https://img.shields.io/badge/go-%3E%3D%201.12-blue)](#cbor-library-installation) +[![](https://img.shields.io/ossf-scorecard/github.com/fxamacker/cbor?label=openssf%20scorecard)](#) -`fxamacker/cbor` is a CBOR codec in full conformance with [IETF STD 94 (RFC 8949)](https://www.rfc-editor.org/info/std94). It also supports CBOR Sequences ([RFC 8742](https://www.rfc-editor.org/rfc/rfc8742.html)) and human-readable [Extended Diagnostic Notation](https://www.rfc-editor.org/rfc/rfc8610.html#appendix-G). +`fxamacker/cbor` is a CBOR codec in full conformance with [IETF STD 94 (RFC 8949)](https://www.rfc-editor.org/info/std94). It also supports CBOR Sequences ([RFC 8742](https://www.rfc-editor.org/rfc/rfc8742.html)) and Extended Diagnostic Notation ([Appendix G of RFC 8610](https://www.rfc-editor.org/rfc/rfc8610.html#appendix-G)). -`fxamacker/cbor` is a deterministic, efficient, extensible, and secure alternative to `encoding/json`, `encoding/gob`, and other codecs. It's fast without using Go's `unsafe` package. [Core Deterministic Encoding](https://www.rfc-editor.org/rfc/rfc8949.html#name-core-deterministic-encoding) is opt-in. Default limits allow very fast and memory efficient rejection of malformed CBOR data. +Features include full support for CBOR tags, [Core Deterministic Encoding](https://www.rfc-editor.org/rfc/rfc8949.html#name-core-deterministic-encoding), duplicate map key detection, etc. -:lock: Decoder has configurable limits that defend against malicious inputs. By contrast, `encoding/gob` is [not designed to be hardened against adversarial inputs](https://pkg.go.dev/encoding/gob#hdr-Security). -- No vulnerabilities were found in subset of `fxamacker/cbor` v2.4 listed in the [nonconfidential security assessment](https://github.com/veraison/go-cose/blob/v1.0.0-rc.1/reports/NCC_Microsoft-go-cose-Report_2022-05-26_v1.0.pdf) (prepared by NCC Group for Microsoft Corporation). +Struct tags (`toarray`, `keyasint`, `omitempty`) reduce encoded size of structs. -API is mostly same as `encoding/json` plus extensions that simplify concurrency for CBOR options and CBOR tags. Encoding and decoding modes are designed to be created at startup and reused by multiple goroutines. +![alt text](https://github.com/fxamacker/images/raw/master/cbor/v2.3.0/cbor_struct_tags_api.svg?sanitize=1 "CBOR API and Go Struct Tags") -Go struct tags (`toarray`, `keyasint`, `omitempty`) automatically make CBOR encoded data more compact. +API is mostly same as `encoding/json`, plus interfaces that simplify concurrency for CBOR options. -Features include: CBOR extension points (e.g. CBOR tags), duplicate map key detection, and lossless float64→32→16. Presets include Core Deterministic Encoding, Preferred Serialization, CTAP2, Canonical CBOR, etc. +#### CBOR Security -## Quick Start +Decoding 10 bytes of malicious data directly into `[]byte`: -🛡️ Use Go's `io.LimitReader` to limit size when decoding very large or indefinite size data. `DecOptions` can be used to modify default limits for `MaxArrayElements`, `MaxMapPairs`, and `MaxNestedLevels`. +| Codec | Speed (ns/op) | Memory | Allocs | +| :---- | ------------: | -----: | -----: | +| fxamacker/cbor 2.5.0 | 43.95n ± 5% | 32 B/op | 2 allocs/op | +| ugorji/go 1.2.11 | 5353261.00n ± 4% | 67111321 B/op | 13 allocs/op | -Install with `go get github.com/fxamacker/cbor/v2` and use `import "github.com/fxamacker/cbor/v2"`. +
More Details and Prior Comparions

-Functions with identical signatures to encoding/json include: -`Marshal`, `Unmarshal`, `NewEncoder`, `NewDecoder`, `(*Encoder).Encode`, `(*Decoder).Decode`. +Latest comparison used: +- Input: `[]byte{0x9B, 0x00, 0x00, 0x42, 0xFA, 0x42, 0xFA, 0x42, 0xFA, 0x42}` +- go1.19.10, linux/amd64, i5-13600K (disabled all e-cores, DDR4 @2933) +- go test -bench=. -benchmem -count=20 -NOTE: `Unmarshal` will return `ExtraneousDataError` if there are remaining bytes. -Use `UnmarshalFirst` to decode the first CBOR data item and return any remaining bytes. +#### Prior comparisons -Interfaces identical or comparable to Go's `encoding`, `encoding/json`, or `encoding/gob` include: -`Marshaler`, `Unmarshaler`, `BinaryMarshaler`, and `BinaryUnmarshaler`. +| Codec | Speed (ns/op) | Memory | Allocs | +| :---- | ------------: | -----: | -----: | +| fxamacker/cbor 2.5.0-beta2 | 44.33 ± 2% | 32 B/op | 2 allocs/op | +| fxamacker/cbor 0.1.0 - 2.4.0 | ~44.68 ± 6% | 32 B/op | 2 allocs/op | +| ugorji/go 1.2.10 | 5524792.50 ± 3% | 67110491 B/op | 12 allocs/op | +| ugorji/go 1.1.0 - 1.2.6 | 💥 runtime: | out of memory: | cannot allocate | + +- Input: `[]byte{0x9B, 0x00, 0x00, 0x42, 0xFA, 0x42, 0xFA, 0x42, 0xFA, 0x42}` +- go1.19.6, linux/amd64, i5-13600K (DDR4 not overclocked) +- go test -bench=. -benchmem -count=20 + +

+ +#### Design and Feature Highlights + +Design balances tradeoffs between speed, security, memory, encoded data size, usability, etc. + +
Highlights

+ +__🚀  Speed__ + +Encoding and decoding is fast without using Go's `unsafe` package. Slower settings are opt-in. Default limits allow very fast and memory efficient rejection of malformed CBOR data. + +__🔒  Security__ + +Decoder has configurable limits that defend against malicious inputs. Duplicate map key detection is supported. By contrast, `encoding/gob` is [not designed to be hardened against adversarial inputs](https://pkg.go.dev/encoding/gob#hdr-Security). + +Codec passed multiple confidential security assessments in 2022. No vulnerabilities found in subset of codec in a [nonconfidential security assessment](https://github.com/veraison/go-cose/blob/v1.0.0-rc.1/reports/NCC_Microsoft-go-cose-Report_2022-05-26_v1.0.pdf) prepared by NCC Group for Microsoft Corporation. + +__🗜️  Data Size__ + +Struct tags (`toarray`, `keyasint`, `omitempty`) automatically reduce size of encoded structs. Encoding optionally shrinks float64→32→16 when values fit. + +__:jigsaw:  Usability__ -These functions produce human-readable [Extended Diagnostic Notation](https://www.rfc-editor.org/rfc/rfc8610.html#appendix-G): -`Diagnose`, `DiagnoseFirst`. +API is mostly same as `encoding/json` plus interfaces that simplify concurrency for CBOR options. Encoding and decoding modes can be created at startup and reused by any goroutines. -__Default Mode__ +Presets include Core Deterministic Encoding, Preferred Serialization, CTAP2 Canonical CBOR, etc. -If default options are acceptable, package level functions can be used for encoding and decoding. +__📆  Extensibility__ + +Features include CBOR [extension points](https://www.rfc-editor.org/rfc/rfc8949.html#section-7.1) (e.g. CBOR tags) and extensive settings. API has interfaces that allow users to create custom encoding and decoding without modifying this library. + +

+ +## Quick Start + +__Install__: `go get github.com/fxamacker/cbor/v2` and `import "github.com/fxamacker/cbor/v2"`. + +### Key Points + +- Encoding and decoding modes are created from options (settings). +- Modes can be created at startup and reused. +- Modes are safe for concurrent use. + +### Default Mode + +Package level functions (default mode) use default settings. ```go +// API matches encoding/json. b, err := cbor.Marshal(v) // encode v to []byte b err := cbor.Unmarshal(b, &v) // decode []byte b to v encoder := cbor.NewEncoder(w) // create encoder with io.Writer w decoder := cbor.NewDecoder(r) // create decoder with io.Reader r ``` -However, non-default CBOR options are usually specified by protocols like CWT, COSE, CTAP2, etc. +Some CBOR-based formats or protocols may require non-default settings. -To use non-default CBOR options, we can create encoding or decoding modes at startup and reuse them. +For example, WebAuthn uses "CTAP2 Canonical CBOR" settings. It is available as a preset. -## Using Struct Tags +### Presets -Struct tags work like they do with `encoding/json`, but we also have `toarray` and `keyasint` to reduce encoded size. +Presets can be used as-is or as a starting point to adjust settings. -![alt text](https://github.com/fxamacker/images/raw/master/cbor/v2.3.0/cbor_struct_tags_api.svg?sanitize=1 "CBOR API and Go Struct Tags") +```go +// EncOptions is a struct of encoder settings. +func CoreDetEncOptions() EncOptions // RFC 8949 Core Deterministic Encoding +func PreferredUnsortedEncOptions() EncOptions // RFC 8949 Preferred Serialization +func CanonicalEncOptions() EncOptions // RFC 7049 Canonical CBOR +func CTAP2EncOptions() EncOptions // FIDO2 CTAP2 Canonical CBOR +``` + +Presets are used to create custom modes. -NOTE: Struct tags and CBOR tags are unrelated topics. +### Custom Modes -## Using CBOR Options and Modes +Modes are created from settings. Once created, modes have immutable settings. -CBOR options are specified by using these Go structs: -- `DecOptions`: CBOR decoding options -- `EncOptions`: CBOR encoding options +💡 Create the mode at startup and reuse it. It is safe for concurrent use. -You can specify each setting manually or use presets returned by `cbor.CanonicalEncOptions()`, etc. +```Go +// Create encoding mode. +opts := cbor.CoreDetEncOptions() // use preset options as a starting point +opts.Time = cbor.TimeUnix // change any settings if needed +em, err := opts.EncMode() // create an immutable encoding mode -__Modes__ +// Reuse the encoding mode. It is safe for concurrent use. -"Mode" means defined way of encoding or decoding -- it links the standard API to your CBOR options and CBOR tags. This way, you don't pass around options and the API remains identical to `encoding/json`. +// API matches encoding/json. +b, err := em.Marshal(v) // encode v to []byte b +encoder := em.NewEncoder(w) // create encoder with io.Writer w +err := encoder.Encode(v) // encode v to io.Writer w +``` -For example, we can create encoding mode `foo` from desired options at startup and use `b, err := foo.Marshal(v)` from any number of goroutines. +### Struct Tags -EncMode and DecMode are interfaces created from EncOptions or DecOptions structs. -For example, `em, err := cbor.EncOptions{...}.EncMode()` or `em, err := cbor.CanonicalEncOptions().EncMode()`. +Struct tags (`toarray`, `keyasint`, `omitempty`) reduce encoded size of structs. -EncMode and DecMode use immutable options so their behavior won't accidentally change at runtime. Modes are reusable, safe for concurrent use, and allow fast parallelism. +
Example using struct tags

+ +![alt text](https://github.com/fxamacker/images/raw/master/cbor/v2.3.0/cbor_struct_tags_api.svg?sanitize=1 "CBOR API and Go Struct Tags") -__Creating and Using Encoding Modes__ +

+ +Struct tags simplify use of CBOR-based protocols that require CBOR arrays or maps with integer keys. -💡 Avoid using init(). For best performance, reuse EncMode and DecMode after creating them. +### CBOR Tags -Most apps will probably create one EncMode and DecMode before init(). There's no limit and each can use different options. +CBOR tags are specified in a `TagSet`. +Custom modes can be created with a `TagSet` to handle CBOR tags. + ```go -// Create EncOptions using either struct literal or a function with preset options. -opts := cbor.CoreDetEncOptions() +em, err := opts.EncMode() // no CBOR tags +em, err := opts.EncModeWithTags(ts) // immutable CBOR tags +em, err := opts.EncModeWithSharedTags(ts) // mutable shared CBOR tags +``` -// If needed, modify opts before using it. For example: -opts.Time = cbor.TimeUnix +`TagSet` and modes using it are safe for concurrent use. Equivalent API is available for `DecMode`. -// At startup, use EncOptions (opts) to create reusable EncMode interface (em). -// em is safe for concurrent use and will have immutable options that cannot be changed. -em, err := opts.EncMode() +
Example using TagSet and TagOptions

-// Use EncMode like encoding/json, with same function signatures. -b, err := em.Marshal(v) // encode v to []byte b +```go +// Use signedCWT struct defined in "Decoding CWT" example. -encoder := em.NewEncoder(w) // create encoder with io.Writer w -err := encoder.Encode(v) // encode v to io.Writer w -``` +// Create TagSet (safe for concurrency). +tags := cbor.NewTagSet() +// Register tag COSE_Sign1 18 with signedCWT type. +tags.Add( + cbor.TagOptions{EncTag: cbor.EncTagRequired, DecTag: cbor.DecTagRequired}, + reflect.TypeOf(signedCWT{}), + 18) -Both `em.Marshal(v)` and `encoder.Encode(v)` use encoding options specified during creation of encoding mode `em`. +// Create DecMode with immutable tags. +dm, _ := cbor.DecOptions{}.DecModeWithTags(tags) -## Using CBOR Tags +// Unmarshal to signedCWT with tag support. +var v signedCWT +if err := dm.Unmarshal(data, &v); err != nil { + return err +} -__Creating Modes With CBOR Tags__ +// Create EncMode with immutable tags. +em, _ := cbor.EncOptions{}.EncModeWithTags(tags) -A TagSet is used to specify CBOR tags. - -```go -em, err := opts.EncMode() // no tags -em, err := opts.EncModeWithTags(ts) // immutable tags -em, err := opts.EncModeWithSharedTags(ts) // mutable shared tags +// Marshal signedCWT with tag number. +if data, err := cbor.Marshal(v); err != nil { + return err +} ``` -TagSet and all modes using it are safe for concurrent use. Equivalent API is available for DecMode. +

-__Predefined Encoding Options__ +### Functions and Interfaces -```go -func CoreDetEncOptions() EncOptions {} // RFC 8949 Core Deterministic Encoding -func PreferredUnsortedEncOptions() EncOptions {} // RFC 8949 Preferred Serialization -func CanonicalEncOptions() EncOptions {} // RFC 7049 Canonical CBOR -func CTAP2EncOptions() EncOptions {} // FIDO2 CTAP2 Canonical CBOR -``` +
Functions and interfaces at a glance

-The empty curly braces prevent a syntax highlighting bug on GitHub, please ignore them. +Common functions with same API as `encoding/json`: +- `Marshal`, `Unmarshal` +- `NewEncoder`, `(*Encoder).Encode` +- `NewDecoder`, `(*Decoder).Decode` -__Struct Tags (keyasint, toarray, omitempty)__ +NOTE: `Unmarshal` will return `ExtraneousDataError` if there are remaining bytes +because RFC 8949 treats CBOR data item with remaining bytes as malformed. +- 💡 Use `UnmarshalFirst` to decode first CBOR data item and return any remaining bytes. -The `keyasint`, `toarray`, and `omitempty` struct tags make it easy to use compact CBOR message formats. Internet standards often use CBOR arrays and CBOR maps with int keys to save space. +Other useful functions: +- `Diagnose`, `DiagnoseFirst` produce human-readable [Extended Diagnostic Notation](https://www.rfc-editor.org/rfc/rfc8610.html#appendix-G) from CBOR data. +- `UnmarshalFirst` decodes first CBOR data item and return any remaining bytes. -The following sections provide more info: +Interfaces identical or comparable to Go `encoding` packages include: +`Marshaler`, `Unmarshaler`, `BinaryMarshaler`, and `BinaryUnmarshaler`. -* [Struct Tags](#struct-tags-1) -* [Decoding Options](#decoding-options) -* [Encoding Options](#encoding-options) -* [API](#api) -* [Usage](#usage) +The `RawMessage` type can be used to delay CBOR decoding or precompute CBOR encoding. -

+
+ +### Security Tips + +🔒 Use Go's `io.LimitReader` to limit size when decoding very large or indefinite size data. + +Default limits may need to be increased for systems handling very large data (e.g. blockchains). -⚓ [Quick Start](#quick-start) • [Features](#features) • [Standards](#standards) • [API](#api) • [Options](#options) • [Usage](#usage) • [Fuzzing](#fuzzing-and-code-coverage) • [License](#license) +`DecOptions` can be used to modify default limits for `MaxArrayElements`, `MaxMapPairs`, and `MaxNestedLevels`. ## Status @@ -245,197 +330,6 @@ Github reports [2000+ repositories](https://github.com/fxamacker/cbor/network/de `fxamacker/cbor` passed multiple confidential security assessments. A [nonconfidential security assessment](https://github.com/veraison/go-cose/blob/v1.0.0-rc.1/reports/NCC_Microsoft-go-cose-Report_2022-05-26_v1.0.pdf) (prepared by NCC Group for Microsoft Corporation) includes a subset of fxamacker/cbor v2.4.0 in its scope. -## Why fxamacker/cbor - -fxamacker/cbor balances competing factors such as speed, size, safety, usability, maintainability, and etc. - -- Productivity features include Go struct tags like `toarray`, `keyasint`, etc. They reduce encoded data size, improve speed, and reduce programming effort. For example, `toarray` automatically translates a Go struct to/from a CBOR array. - -- Modern CBOR features include Core Deterministic Encoding and Preferred Serialization. Other features include CBOR tags, big.Int, float64→32→16, an API like `encoding/json`, and more. - -- Security features include the option to detect duplicate map keys and options to set various max limits. And it's designed to make concurrent use of CBOR options easy and free from side-effects. - -- To prevent crashes, it has been fuzz-tested since before release 1.0 and code coverage is kept above 96%. - -- For portability and safety, it avoids using `unsafe`, which makes it portable and protected by Go1's compatibility guidelines. - -- For performance, it uses safe optimizations. When used properly, fxamacker/cbor can be faster than CBOR codecs that rely on `unsafe`. However, speed is only one factor and should be considered together with other competing factors. - -## CBOR Security - -__fxamacker/cbor__ is secure. It rejects malformed CBOR data and has an option to detect duplicate map keys. It doesn't crash when decoding bad CBOR data. It has extensive tests, coverage-guided fuzzing, data validation, and avoids Go's `unsafe` package. - -Decoding 10 bytes of malicious data into `[]byte` shouldn't exhaust memory. E.g. -`[]byte{0x9B, 0x00, 0x00, 0x42, 0xFA, 0x42, 0xFA, 0x42, 0xFA, 0x42}`. - -| Codec | Speed (ns/op) | Memory | Allocs | -| :---- | ------------: | -----: | -----: | -| fxamacker/cbor 2.5.0-beta2 | 44.33 ± 2% | 32 B/op | 2 allocs/op | -| fxamacker/cbor 0.1.0 - 2.4.0 | ~44.68 ± 6% | 32 B/op | 2 allocs/op | -| ugorji/go 1.2.10 | 5524792.50 ± 3% | 67110491 B/op | 12 allocs/op | -| ugorji/go 1.1.0 - 1.2.6 | 💥 runtime: | out of memory: | cannot allocate | - -``` -go1.19.6, linux/amd64, i5-13600K (DDR4) -go test -bench=. -benchmem -count=20 -``` - -fxamacker/cbor CBOR safety settings include: MaxNestedLevels, MaxArrayElements, MaxMapPairs, and IndefLength. - -For more info, see: - - [RFC 8949 Section 10 (Security Considerations)](https://tools.ietf.org/html/rfc8949#section-10) or [RFC 7049 Section 8](https://tools.ietf.org/html/rfc7049#section-8). - - [Go warning](https://golang.org/pkg/unsafe/), "Packages that import unsafe may be non-portable and are not protected by the Go 1 compatibility guidelines." - -## CBOR API - -__fxamacker/cbor__ is easy to use. It provides standard API and interfaces. - -__Standard API__. Function signatures identical to [`encoding/json`](https://golang.org/pkg/encoding/json/) include: -`Marshal`, `Unmarshal`, `NewEncoder`, `NewDecoder`, `(*Encoder).Encode`, and `(*Decoder).Decode`. - -__Standard Interfaces__. Custom encoding and decoding is handled by implementing: -`BinaryMarshaler`, `BinaryUnmarshaler`, `Marshaler`, and `Unmarshaler`. - -__Other__. `UnmarshalFirst` decodes first CBOR data item and returns any remaining bytes. - -__Diagnostic API__. These functions produce human-readable [Extended Diagnostic Notation](https://www.rfc-editor.org/rfc/rfc8610.html#appendix-G): -`Diagnose`, `DiagnoseFirst`. - -__Predefined Encoding Options__. Encoding options are easy to use and are customizable. - -```go -func CoreDetEncOptions() EncOptions {} // RFC 8949 Core Deterministic Encoding -func PreferredUnsortedEncOptions() EncOptions {} // RFC 8949 Preferred Serialization -func CanonicalEncOptions() EncOptions {} // RFC 7049 Canonical CBOR -func CTAP2EncOptions() EncOptions {} // FIDO2 CTAP2 Canonical CBOR -``` - -fxamacker/cbor designed to simplify concurrency. CBOR options can be used without creating unintended runtime side-effects. - -## Go Struct Tags - -__fxamacker/cbor__ provides Go struct tags like __`toarray`__ and __`keyasint`__ to save time and reduce encoded size of data. - -
- -![alt text](https://github.com/fxamacker/images/raw/master/cbor/v2.3.0/cbor_struct_tags_api.svg?sanitize=1 "CBOR API and Go Struct Tags") - -## CBOR Features - -__fxamacker/cbor__ is a full-featured CBOR encoder and decoder. - -| CBOR Feature | Description | -| :--- | :--- | -| CBOR tags | API supports built-in and user-defined tags. | -| Preferred serialization | Integers encode to fewest bytes. Optional float64 → float32 → float16. | -| Map key sorting | Unsorted, length-first (Canonical CBOR), and bytewise-lexicographic (CTAP2). | -| Duplicate map keys | Always forbid for encoding and option to allow/forbid for decoding. | -| Indefinite length data | Option to allow/forbid for encoding and decoding. | -| Well-formedness | Always checked and enforced. | -| Basic validity checks | Options to check UTF-8 validity and check duplicate map keys. | -| Security considerations | Prevent integer overflow and resource exhaustion (RFC 8949 Section 10). | - -## CBOR Library Features - -### Standard API - -Many function signatures are identical to encoding/json, including: -`Marshal`, `Unmarshal`, `NewEncoder`, `NewDecoder`, `(*Encoder).Encode`, `(*Decoder).Decode`. - -`RawMessage` can be used to delay CBOR decoding or precompute CBOR encoding, like `encoding/json`. - -Standard interfaces allow user-defined types to have custom CBOR encoding and decoding. They include: -`BinaryMarshaler`, `BinaryUnmarshaler`, `Marshaler`, and `Unmarshaler`. - -`Marshaler` and `Unmarshaler` interfaces are satisfied by `MarshalCBOR` and `UnmarshalCBOR` functions using same params and return types as Go's MarshalJSON and UnmarshalJSON. - -### Struct Tags - -Support "cbor" and "json" keys in Go's struct tags. If both are specified for the same field, then "cbor" is used. - -* a different field name can be specified, like encoding/json. -* `omitempty` omits (ignores) field if value is empty, like encoding/json. -* `-` always omits (ignores) field, like encoding/json. -* `keyasint` treats fields as elements of CBOR maps with specified int key. -* `toarray` treats fields as elements of CBOR arrays. - -See [Struct Tags](#struct-tags-1) for more info. - -### CBOR Tags (New in v2.1) - -There are three categories of CBOR tags: - -* __Default built-in CBOR tags__ currently include tag numbers 0 (Standard Date/Time), 1 (Epoch Date/Time), 2 (Unsigned Bignum), 3 (Negative Bignum), 55799 (Self-Described CBOR). - -* __Optional built-in CBOR tags__ may be provided in the future via build flags or optional package(s) to help reduce bloat. - -* __User-defined CBOR tags__ are easy by using TagSet to associate tag numbers to user-defined Go types. - -### Preferred Serialization - -Preferred serialization encodes integers and floating-point values using the fewest bytes possible. - -* Integers are always encoded using the fewest bytes possible. -* Floating-point values can optionally encode from float64->float32->float16 when values fit. - -### Compact Data Size - -The combination of preferred serialization and struct tags (toarray, keyasint, omitempty) allows very compact data size. - -### Predefined Encoding Options - -Easy-to-use functions (no params) return preset EncOptions struct: -`CanonicalEncOptions`, `CTAP2EncOptions`, `CoreDetEncOptions`, `PreferredUnsortedEncOptions` - -### Encoding Options - -Integers always encode to the shortest form that preserves value. By default, time values are encoded without tags. - -Encoding of other data types and map key sort order are determined by encoder options. - -| EncOptions | Available Settings (defaults listed first) -| :--- | :--- | -| Sort | **SortNone**, SortLengthFirst, SortBytewiseLexical
Aliases: SortCanonical, SortCTAP2, SortCoreDeterministic | -| Time | **TimeUnix**, TimeUnixMicro, TimeUnixDynamic, TimeRFC3339, TimeRFC3339Nano | -| TimeTag | **EncTagNone**, EncTagRequired | -| ShortestFloat | **ShortestFloatNone**, ShortestFloat16 | -| BigIntConvert | **BigIntConvertShortest**, BigIntConvertNone | -| InfConvert | **InfConvertFloat16**, InfConvertNone | -| NaNConvert | **NaNConvert7e00**, NaNConvertNone, NaNConvertQuiet, NaNConvertPreserveSignal | -| IndefLength | **IndefLengthAllowed**, IndefLengthForbidden | -| TagsMd | **TagsAllowed**, TagsForbidden | - -See [Options](#options) section for details about each setting. - -### Decoding Options - -| DecOptions | Available Settings (defaults listed first) | -| :--- | :--- | -| TimeTag | **DecTagIgnored**, DecTagOptional, DecTagRequired | -| DupMapKey | **DupMapKeyQuiet**, DupMapKeyEnforcedAPF | -| IntDec | **IntDecConvertNone**, IntDecConvertSigned | -| IndefLength | **IndefLengthAllowed**, IndefLengthForbidden | -| TagsMd | **TagsAllowed**, TagsForbidden | -| ExtraReturnErrors | **ExtraDecErrorNone**, ExtraDecErrorUnknownField | -| MaxNestedLevels | **32**, can be set to [4, 65535] | -| MaxArrayElements | **131072**, can be set to [16, 2147483647] | -| MaxMapPairs | **131072**, can be set to [16, 2147483647] | - -See [Options](#options) section for details about each setting. - -### Additional Features - -* Decoder always checks for invalid UTF-8 string errors. -* Decoder always decodes in-place to slices, maps, and structs. -* Decoder tries case-sensitive first and falls back to case-insensitive field name match when decoding to structs. -* Decoder supports decoding registered CBOR tag data to interface types. -* Both encoder and decoder support indefinite length CBOR data (["streaming"](https://tools.ietf.org/html/rfc7049#section-2.2)). -* Both encoder and decoder correctly handles nil slice, map, pointer, and interface values. - -
- -⚓ [Quick Start](#quick-start) • [Features](#features) • [Standards](#standards) • [API](#api) • [Options](#options) • [Usage](#usage) • [Fuzzing](#fuzzing-and-code-coverage) • [License](#license) - ## Standards This library is a full-featured generic CBOR [(RFC 8949)](https://tools.ietf.org/html/rfc8949) encoder and decoder. Notable CBOR features include: @@ -450,8 +344,6 @@ This library is a full-featured generic CBOR [(RFC 8949)](https://tools.ietf.org | Basic validity checks | Check UTF-8 validity and optionally check duplicate map keys. | | Security considerations | Prevent integer overflow and resource exhaustion (RFC 8949 Section 10). | -See the Features section for list of [Encoding Options](#encoding-options) and [Decoding Options](#decoding-options). - Known limitations are noted in the [Limitations section](#limitations). Go nil values for slices, maps, pointers, etc. are encoded as CBOR null. Empty slices, maps, etc. are encoded as empty CBOR arrays and maps. @@ -467,8 +359,6 @@ When decoding well-formed CBOR arrays and maps, decoder saves the first error it By default, decoder treats time values of floating-point NaN and Infinity as if they are CBOR Null or CBOR Undefined. -See [Options](#options) section for detailed settings or [Features](#features) section for a summary of options. - __Click to expand topic:__
@@ -513,578 +403,6 @@ If any of these limitations prevent you from using this library, please open an * When using io.Reader interface to read very large or indefinite length CBOR data, Go's `io.LimitReader` should be used to limit size. * When decoding registered CBOR tag data to interface type, decoder creates a pointer to registered Go type matching CBOR tag number. Requiring a pointer for this is a Go limitation. -
- -⚓ [Quick Start](#quick-start) • [Features](#features) • [Standards](#standards) • [API](#api) • [Options](#options) • [Usage](#usage) • [Fuzzing](#fuzzing-and-code-coverage) • [License](#license) - -## API -Many function signatures are identical to Go's encoding/json, such as: -`Marshal`, `Unmarshal`, `NewEncoder`, `NewDecoder`, `(*Encoder).Encode`, and `(*Decoder).Decode`. - -Interfaces identical or comparable to Go's encoding, encoding/json, or encoding/gob include: -`Marshaler`, `Unmarshaler`, `BinaryMarshaler`, and `BinaryUnmarshaler`. - -Like `encoding/json`, `RawMessage` can be used to delay CBOR decoding or precompute CBOR encoding. - -"Mode" in this API means defined way of encoding or decoding -- it links the standard API to CBOR options and CBOR tags. - -EncMode and DecMode are interfaces created from EncOptions or DecOptions structs. -For example, `em, err := cbor.EncOptions{...}.EncMode()` or `em, err := cbor.CanonicalEncOptions().EncMode()`. - -EncMode and DecMode use immutable options so their behavior won't accidentally change at runtime. Modes are intended to be reused and are safe for concurrent use. - -__API for Default Mode__ - -If default options are acceptable, then you don't need to create EncMode or DecMode. - -```go -Marshal(v interface{}) ([]byte, error) -NewEncoder(w io.Writer) *Encoder - -Unmarshal(data []byte, v interface{}) error -NewDecoder(r io.Reader) *Decoder -``` - -__API for Creating & Using Encoding Modes__ - -```go -// EncMode interface uses immutable options and is safe for concurrent use. -type EncMode interface { - Marshal(v interface{}) ([]byte, error) - NewEncoder(w io.Writer) *Encoder - EncOptions() EncOptions // returns copy of options -} - -// EncOptions specifies encoding options. -type EncOptions struct { -... -} - -// EncMode returns an EncMode interface created from EncOptions. -func (opts EncOptions) EncMode() (EncMode, error) {} - -// EncModeWithTags returns EncMode with options and tags that are both immutable. -func (opts EncOptions) EncModeWithTags(tags TagSet) (EncMode, error) {} - -// EncModeWithSharedTags returns EncMode with immutable options and mutable shared tags. -func (opts EncOptions) EncModeWithSharedTags(tags TagSet) (EncMode, error) {} -``` - -The empty curly braces prevent a syntax highlighting bug, please ignore them. - -__API for Predefined Encoding Options__ - -```go -func CoreDetEncOptions() EncOptions {} // RFC 8949 Core Deterministic Encoding -func PreferredUnsortedEncOptions() EncOptions {} // RFC 8949 Preferred Serialization -func CanonicalEncOptions() EncOptions {} // RFC 7049 Canonical CBOR -func CTAP2EncOptions() EncOptions {} // FIDO2 CTAP2 Canonical CBOR -``` - -__API for Creating & Using Decoding Modes__ - -```go -// DecMode interface uses immutable options and is safe for concurrent use. -type DecMode interface { - Unmarshal(data []byte, v interface{}) error - NewDecoder(r io.Reader) *Decoder - DecOptions() DecOptions // returns copy of options -} - -// DecOptions specifies decoding options. -type DecOptions struct { -... -} - -// DecMode returns a DecMode interface created from DecOptions. -func (opts DecOptions) DecMode() (DecMode, error) {} - -// DecModeWithTags returns DecMode with options and tags that are both immutable. -func (opts DecOptions) DecModeWithTags(tags TagSet) (DecMode, error) {} - -// DecModeWithSharedTags returns DecMode with immutable options and mutable shared tags. -func (opts DecOptions) DecModeWithSharedTags(tags TagSet) (DecMode, error) {} -``` - -The empty curly braces prevent a syntax highlighting bug, please ignore them. - -__API for Using CBOR Tags__ - -`TagSet` can be used to associate user-defined Go type(s) to tag number(s). It's also used to create EncMode or DecMode. For example, `em := EncOptions{...}.EncModeWithTags(ts)` or `em := EncOptions{...}.EncModeWithSharedTags(ts)`. This allows every standard API exported by em (like `Marshal` and `NewEncoder`) to use the specified tags automatically. - -`Tag` and `RawTag` can be used to encode/decode a tag number with a Go value, but `TagSet` is generally recommended. - -```go -type TagSet interface { - // Add adds given tag number(s), content type, and tag options to TagSet. - Add(opts TagOptions, contentType reflect.Type, num uint64, nestedNum ...uint64) error - - // Remove removes given tag content type from TagSet. - Remove(contentType reflect.Type) -} -``` - -`Tag` and `RawTag` types can also be used to encode/decode tag number with Go value. - -```go -type Tag struct { - Number uint64 - Content interface{} -} - -type RawTag struct { - Number uint64 - Content RawMessage -} -``` - -See [API docs (godoc.org)](https://godoc.org/github.com/fxamacker/cbor/v2) for more details and more functions. See [Usage section](#usage) for usage and code examples. - -
- -⚓ [Quick Start](#quick-start) • [Features](#features) • [Standards](#standards) • [API](#api) • [Options](#options) • [Usage](#usage) • [Fuzzing](#fuzzing-and-code-coverage) • [License](#license) - -## Go Struct Tags - -This library supports both "cbor" and "json" key for some (not all) struct tags. If "cbor" and "json" keys are both present for the same field, then "cbor" key will be used. - -| Key | Format Str | Scope | Description | -| --- | ---------- | ----- | ------------| -| cbor or json | "myName" | field | Name of field to use such as "myName", etc. like encoding/json. | -| cbor or json | ",omitempty" | field | Omit (ignore) this field if value is empty, like encoding/json. | -| cbor or json | "-" | field | Omit (ignore) this field always, like encoding/json. | -| cbor | ",keyasint" | field | Treat field as an element of CBOR map with specified int as key. | -| cbor | ",toarray" | struct | Treat each field as an element of CBOR array. This automatically disables "omitempty" and "keyasint" for all fields in the struct. | - -The "keyasint" struct tag requires an integer key to be specified: - -``` -type myStruct struct { - MyField int64 `cbor:"-1,keyasint,omitempty'` - OurField string `cbor:"0,keyasint,omitempty"` - FooField Foo `cbor:"5,keyasint,omitempty"` - BarField Bar `cbor:"hello,omitempty"` - ... -} -``` - -The "toarray" struct tag requires a special field "_" (underscore) to indicate "toarray" applies to the entire struct: - -``` -type myStruct struct { - _ struct{} `cbor:",toarray"` - MyField int64 - OurField string - ... -} -``` - -__Click to expand:__ - -
- Example Using CBOR Web Tokens

- -![alt text](https://github.com/fxamacker/images/raw/master/cbor/v2.3.0/cbor_struct_tags_api.svg?sanitize=1 "CBOR API and Go Struct Tags") - -

- -## Options - -Decoding options and encoding options. - -### Decoding Options - -| DecOptions.TimeTag | Description | -| ------------------ | ----------- | -| DecTagIgnored (default) | Tag numbers are ignored (if present) for time values. | -| DecTagOptional | Tag numbers are only checked for validity if present for time values. | -| DecTagRequired | Tag numbers must be provided for time values except for CBOR Null and CBOR Undefined. | - -The following CBOR time values are decoded as Go's "zero time instant": - -* CBOR Null -* CBOR Undefined -* CBOR floating-point NaN -* CBOR floating-point Infinity - -Go's `time` package provides `IsZero` function, which reports whether t represents "zero time instant" -(January 1, year 1, 00:00:00 UTC). - -
- -| DecOptions.DupMapKey | Description | -| -------------------- | ----------- | -| DupMapKeyQuiet (default) | turns off detection of duplicate map keys. It uses a "keep fastest" method by choosing either "keep first" or "keep last" depending on the Go data type. | -| DupMapKeyEnforcedAPF | enforces detection and rejection of duplidate map keys. Decoding stops immediately and returns `DupMapKeyError` when the first duplicate key is detected. The error includes the duplicate map key and the index number. | - -`DupMapKeyEnforcedAPF` uses "Allow Partial Fill" so the destination map or struct can contain some decoded values at the time of error. Users can respond to the `DupMapKeyError` by discarding the partially filled result if that's required by their protocol. - -
- -| DecOptions.IntDec | Description | -| ------------------ | ----------- | -| IntDecConvertNone (default) | When decoding to Go interface{}, CBOR positive int (major type 0) decode to uint64 value, and CBOR negative int (major type 1) decode to int64 value. | -| IntDecConvertSigned | When decoding to Go interface{}, CBOR positive/negative int (major type 0 and 1) decode to int64 value. | - -If `IntDecConvertedSigned` is used and value overflows int64, UnmarshalTypeError is returned. - -
- -| DecOptions.IndefLength | Description | -| ---------------------- | ----------- | -|IndefLengthAllowed (default) | allow indefinite length data | -|IndefLengthForbidden | forbid indefinite length data | - -
- -| DecOptions.TagsMd | Description | -| ----------------- | ----------- | -|TagsAllowed (default) | allow CBOR tags (major type 6) | -|TagsForbidden | forbid CBOR tags (major type 6) | - -
- -| DecOptions.ExtraReturnErrors | Description | -| ----------------- | ----------- | -|ExtraDecErrorNone (default) | no extra decoding errors. E.g. ignore unknown fields if encountered. | -|ExtraDecErrorUnknownField | return error if unknown field is encountered | - -
- -| DecOptions.MaxNestedLevels | Description | -| -------------------------- | ----------- | -| 32 (default) | allowed setting is [4, 65535] | - -
- -| DecOptions.MaxArrayElements | Description | -| --------------------------- | ----------- | -| 131072 (default) | allowed setting is [16, 2147483647] | - -
- -| DecOptions.MaxMapPairs | Description | -| ---------------------- | ----------- | -| 131072 (default) | allowed setting is [16, 2147483647] | - -### Encoding Options - -__Integers always encode to the shortest form that preserves value__. Encoding of other data types and map key sort order are determined by encoding options. - -These functions are provided to create and return a modifiable EncOptions struct with predefined settings. - -| Predefined EncOptions | Description | -| --------------------- | ----------- | -| CanonicalEncOptions() |[Canonical CBOR (RFC 7049 Section 3.9)](https://tools.ietf.org/html/rfc7049#section-3.9). | -| CTAP2EncOptions() |[CTAP2 Canonical CBOR (FIDO2 CTAP2)](https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html#ctap2-canonical-cbor-encoding-form). | -| PreferredUnsortedEncOptions() |Unsorted, encode float64->float32->float16 when values fit, NaN values encoded as float16 0x7e00. | -| CoreDetEncOptions() |PreferredUnsortedEncOptions() + map keys are sorted bytewise lexicographic. | - -
- -| EncOptions.Sort | Description | -| --------------- | ----------- | -| SortNone (default) |No sorting for map keys. | -| SortLengthFirst |Length-first map key ordering. | -| SortBytewiseLexical |Bytewise lexicographic map key ordering [(RFC 8949 Section 4.2.1)](https://datatracker.ietf.org/doc/html/rfc8949#section-4.2.1).| -| SortCanonical |(alias) Same as SortLengthFirst [(RFC 7049 Section 3.9)](https://tools.ietf.org/html/rfc7049#section-3.9) | -| SortCTAP2 |(alias) Same as SortBytewiseLexical [(CTAP2 Canonical CBOR)](https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html#ctap2-canonical-cbor-encoding-form). | -| SortCoreDeterministic |(alias) Same as SortBytewiseLexical [(RFC 8949 Section 4.2.1)](https://datatracker.ietf.org/doc/html/rfc8949#section-4.2.1). | - -
- -| EncOptions.Time | Description | -| --------------- | ----------- | -| TimeUnix (default) | (seconds) Encode as integer. | -| TimeUnixMicro | (microseconds) Encode as floating-point. ShortestFloat option determines size. | -| TimeUnixDynamic | (seconds or microseconds) Encode as integer if time doesn't have fractional seconds, otherwise encode as floating-point rounded to microseconds. | -| TimeRFC3339 | (seconds) Encode as RFC 3339 formatted string. | -| TimeRFC3339Nano | (nanoseconds) Encode as RFC3339 formatted string. | - -
- -| EncOptions.TimeTag | Description | -| ------------------ | ----------- | -| EncTagNone (default) | Tag number will not be encoded for time values. | -| EncTagRequired | Tag number (0 or 1) will be encoded unless time value is undefined/zero-instant. | - -By default, undefined (zero instant) time values will encode as CBOR Null without tag number for both EncTagNone and EncTagRequired. Although CBOR Undefined might be technically more correct for EncTagRequired, CBOR Undefined might not be supported by other generic decoders and it isn't supported by JSON. - -Go's `time` package provides `IsZero` function, which reports whether t represents the zero time instant, January 1, year 1, 00:00:00 UTC. - -
- -| EncOptions.BigIntConvert | Description | -| ------------------------ | ----------- | -| BigIntConvertShortest (default) | Encode big.Int as CBOR integer if value fits. | -| BigIntConvertNone | Encode big.Int as CBOR bignum (tag 2 or 3). | - -
- -__Floating-Point Options__ - -Encoder has 3 types of options for floating-point data: ShortestFloatMode, InfConvertMode, and NaNConvertMode. - -| EncOptions.ShortestFloat | Description | -| ------------------------ | ----------- | -| ShortestFloatNone (default) | No size conversion. Encode float32 and float64 to CBOR floating-point of same bit-size. | -| ShortestFloat16 | Encode float64 -> float32 -> float16 ([IEEE 754 binary16](https://en.wikipedia.org/wiki/Half-precision_floating-point_format)) when values fit. | - -Conversions for infinity and NaN use InfConvert and NaNConvert settings. - -| EncOptions.InfConvert | Description | -| --------------------- | ----------- | -| InfConvertFloat16 (default) | Convert +- infinity to float16 since they always preserve value (recommended) | -| InfConvertNone |Don't convert +- infinity to other representations -- used by CTAP2 Canonical CBOR | - -
- -| EncOptions.NaNConvert | Description | -| --------------------- | ----------- | -| NaNConvert7e00 (default) | Encode to 0xf97e00 (CBOR float16 = 0x7e00) -- used by RFC 8949 Preferred Encoding, etc. | -| NaNConvertNone | Don't convert NaN to other representations -- used by CTAP2 Canonical CBOR. | -| NaNConvertQuiet | Force quiet bit = 1 and use shortest form that preserves NaN payload. | -| NaNConvertPreserveSignal | Convert to smallest form that preserves value (quit bit unmodified and NaN payload preserved). | - -
- -| EncOptions.IndefLength | Description | -| ---------------------- | ----------- | -|IndefLengthAllowed (default) | allow indefinite length data | -|IndefLengthForbidden | forbid indefinite length data | - -
- -| EncOptions.TagsMd | Description | -| ----------------- | ----------- | -|TagsAllowed (default) | allow CBOR tags (major type 6) | -|TagsForbidden | forbid CBOR tags (major type 6) | - - -### Tag Options - -TagOptions specifies how encoder and decoder handle tag number registered with TagSet. - -| TagOptions.DecTag | Description | -| ------------------ | ----------- | -| DecTagIgnored (default) | Tag numbers are ignored (if present). | -| DecTagOptional | Tag numbers are only checked for validity if present. | -| DecTagRequired | Tag numbers must be provided except for CBOR Null and CBOR Undefined. | - -
- -| TagOptions.EncTag | Description | -| ------------------ | ----------- | -| EncTagNone (default) | Tag number will not be encoded. | -| EncTagRequired | Tag number will be encoded. | - -
- -⚓ [Quick Start](#quick-start) • [Features](#features) • [Standards](#standards) • [API](#api) • [Options](#options) • [Usage](#usage) • [Fuzzing](#fuzzing-and-code-coverage) • [License](#license) - -## Usage -🛡️ Use Go's `io.LimitReader` to limit size when decoding very large or indefinite size data. - -Functions with identical signatures to encoding/json include: -`Marshal`, `Unmarshal`, `NewEncoder`, `NewDecoder`, `(*Encoder).Encode`, `(*Decoder).Decode`. - -__Default Mode__ - -If default options are acceptable, package level functions can be used for encoding and decoding. - -```go -b, err := cbor.Marshal(v) // encode v to []byte b - -err := cbor.Unmarshal(b, &v) // decode []byte b to v - -encoder := cbor.NewEncoder(w) // create encoder with io.Writer w - -decoder := cbor.NewDecoder(r) // create decoder with io.Reader r -``` - -__Modes__ - -If you need to use options or CBOR tags, then you'll want to create a mode. - -"Mode" means defined way of encoding or decoding -- it links the standard API to your CBOR options and CBOR tags. This way, you don't pass around options and the API remains identical to `encoding/json`. - -EncMode and DecMode are interfaces created from EncOptions or DecOptions structs. -For example, `em, err := cbor.EncOptions{...}.EncMode()` or `em, err := cbor.CanonicalEncOptions().EncMode()`. - -EncMode and DecMode use immutable options so their behavior won't accidentally change at runtime. Modes are reusable, safe for concurrent use, and allow fast parallelism. - -__Creating and Using Encoding Modes__ - -EncMode is an interface ([API](#api)) created from EncOptions struct. EncMode uses immutable options after being created and is safe for concurrent use. For best performance, EncMode should be reused. - -```go -// Create EncOptions using either struct literal or a function. -opts := cbor.CanonicalEncOptions() - -// If needed, modify opts. For example: opts.Time = cbor.TimeUnix - -// Create reusable EncMode interface with immutable options, safe for concurrent use. -em, err := opts.EncMode() - -// Use EncMode like encoding/json, with same function signatures. -b, err := em.Marshal(v) // encode v to []byte b - -encoder := em.NewEncoder(w) // create encoder with io.Writer w -err := encoder.Encode(v) // encode v to io.Writer w -``` - -__Struct Tags (keyasint, toarray, omitempty)__ - -The `keyasint`, `toarray`, and `omitempty` struct tags make it easy to use compact CBOR message formats. Internet standards often use CBOR arrays and CBOR maps with int keys to save space. - -
- -![alt text](https://github.com/fxamacker/images/raw/master/cbor/v2.3.0/cbor_struct_tags_api.svg?sanitize=1 "CBOR API and Struct Tags") - -
- -__Decoding CWT (CBOR Web Token)__ using `keyasint` and `toarray` struct tags: - -```go -// Signed CWT is defined in RFC 8392 -type signedCWT struct { - _ struct{} `cbor:",toarray"` - Protected []byte - Unprotected coseHeader - Payload []byte - Signature []byte -} - -// Part of COSE header definition -type coseHeader struct { - Alg int `cbor:"1,keyasint,omitempty"` - Kid []byte `cbor:"4,keyasint,omitempty"` - IV []byte `cbor:"5,keyasint,omitempty"` -} - -// data is []byte containing signed CWT - -var v signedCWT -if err := cbor.Unmarshal(data, &v); err != nil { - return err -} -``` - -__Encoding CWT (CBOR Web Token)__ using `keyasint` and `toarray` struct tags: - -```go -// Use signedCWT struct defined in "Decoding CWT" example. - -var v signedCWT -... -if data, err := cbor.Marshal(v); err != nil { - return err -} -``` - -__Encoding and Decoding CWT (CBOR Web Token) with CBOR Tags__ - -```go -// Use signedCWT struct defined in "Decoding CWT" example. - -// Create TagSet (safe for concurrency). -tags := cbor.NewTagSet() -// Register tag COSE_Sign1 18 with signedCWT type. -tags.Add( - cbor.TagOptions{EncTag: cbor.EncTagRequired, DecTag: cbor.DecTagRequired}, - reflect.TypeOf(signedCWT{}), - 18) - -// Create DecMode with immutable tags. -dm, _ := cbor.DecOptions{}.DecModeWithTags(tags) - -// Unmarshal to signedCWT with tag support. -var v signedCWT -if err := dm.Unmarshal(data, &v); err != nil { - return err -} - -// Create EncMode with immutable tags. -em, _ := cbor.EncOptions{}.EncModeWithTags(tags) - -// Marshal signedCWT with tag number. -if data, err := cbor.Marshal(v); err != nil { - return err -} -``` - -For more examples, see [examples_test.go](example_test.go). - -
- -⚓ [Quick Start](#quick-start) • [Features](#features) • [Standards](#standards) • [API](#api) • [Options](#options) • [Usage](#usage) • [Fuzzing](#fuzzing-and-code-coverage) • [License](#license) - - - ## Fuzzing and Code Coverage __Over 375 tests__ must pass on 4 architectures before tagging a release. They include all RFC 7049 and RFC 8949 examples, bugs found by fuzzing, maliciously crafted CBOR data, and over 87 tests with malformed data. There's some overlap in the tests but it isn't a high priority to trim tests. @@ -1097,8 +415,6 @@ To prevent delays to release schedules, fuzzing is not restarted for a release i
-⚓ [Quick Start](#quick-start) • [Features](#features) • [Standards](#standards) • [API](#api) • [Options](#options) • [Usage](#usage) • [Fuzzing](#fuzzing-and-code-coverage) • [License](#license) - ## Versions and API Changes This project uses [Semantic Versioning](https://semver.org), so the API is always backwards compatible unless the major version number changes. @@ -1109,7 +425,7 @@ Newly added API documented as "subject to change" are excluded from SemVer. Newly added API in the master branch that has never been release tagged are excluded from SemVer. -Bug fixes like detecting an error that was missed in prior version are excluded from SemVer as long as function parameters, etc. are unchanged. +Bug fixes that change behavior (like returning error that was missed in prior versions) are excluded from SemVer as long as function parameters are unchanged. ## Code of Conduct This project has adopted the [Contributor Covenant Code of Conduct](CODE_OF_CONDUCT.md). Contact [faye.github@gmail.com](mailto:faye.github@gmail.com) with any questions or comments. @@ -1127,27 +443,11 @@ Phrases like "no crashes", "doesn't crash", and "is secure" mean there are no kn Please read the license for additional disclaimers and terms. -## Special Thanks +## Acknowledgements -__Making this library better__ - -* Stefan Tatschner for using this library in [sep](https://rumpelsepp.org/projects/sep), being the 1st to discover my CBOR library, requesting time.Time in issue #1, and submitting this library in a [PR to cbor.io](https://github.com/cbor/cbor.github.io/pull/56) on Aug 12, 2019. -* Yawning Angel for using this library to [oasis-core](https://github.com/oasislabs/oasis-core), and requesting BinaryMarshaler in issue #5. -* Jernej Kos for requesting RawMessage in issue #11 and offering feedback on v2.1 API for CBOR tags. -* ZenGround0 for using this library in [go-filecoin](https://github.com/filecoin-project/go-filecoin), filing "toarray" bug in issue #129, and requesting -CBOR BSTR <--> Go array in #133. -* Keith Randall for [fixing Go bugs and providing workarounds](https://github.com/golang/go/issues/36400) so we don't have to wait for new versions of Go. - -__Help clarifying CBOR RFC 7049 or 7049bis (7049bis is the draft of RFC 8949)__ - -* Carsten Bormann for RFC 7049 (CBOR), adding this library to cbor.io, his fast confirmation to my RFC 7049 errata, approving my pull request to 7049bis, and his patience when I misread a line in 7049bis. -* Laurence Lundblade for his help on the IETF mailing list for 7049bis and for pointing out on a CBORbis issue that CBOR Undefined might be problematic translating to JSON. -* Jeffrey Yasskin for his help on the IETF mailing list for 7049bis. - -__Words of encouragement and support__ - -* Jakob Borg for his words of encouragement about this library at Go Forum. This is especially appreciated in the early stages when there's a lot of rough edges. +The acknowledgements need to be rewritten. +This wasn't updated in years and newer contributors were missing. ## License Copyright © 2019-2023 [Faye Amacker](https://github.com/fxamacker). @@ -1155,5 +455,3 @@ Copyright © 2019-2023 [Faye Amacker](https://github.com/fxamacker). fxamacker/cbor is licensed under the MIT License. See [LICENSE](LICENSE) for the full license text.
- -⚓ [Quick Start](#quick-start) • [Features](#features) • [Standards](#standards) • [API](#api) • [Options](#options) • [Usage](#usage) • [Fuzzing](#fuzzing-and-code-coverage) • [License](#license)