Fast serialization library for Clojure

clojure compression edn encryption epl serialization taoensso

Find a file

Peter Taoussanis 23276ac910 [#101 ] NB Change default encryption from AES-CBC to AES-GCM Why? - AES-GCM is faster and can be more secure, Ref. https://goo.gl/Dsc9mL, etc. - AES-GCM is an authenticated[1] encryption mechanism, providing automatic integrity checks. This is relevant to [#101]. What's the issue with #101? - We compress then encrypt on freeze ; Reverse would make compression useless - So we decrypt then decompress on thaw Attempting CBC decryption with the wrong password will often but not always throw. Meaning it's possible for decompression could be attempted with a junk ba. And this can cause some decompressors to fail in a destructive way, including large allocations (DDoS) or even taking down the JVM in extreme cases. Possible solutions? - We could add our own HMAC, etc. - And/or we could use something like AES-GCM which offers built-in integrity and will throw an AEADBadTagException on failure. There may indeed be reasons [2,3,4] to consider adding a custom HMAC - and that's still on the cards for later. But in the meantime, the overall balance of pros/cons seems to lean in the direction of choosing AES-GCM as a reasonable default. Note that the change in this commit is done in a backward-compatible way using Nippy's versioned header: new payloads will be written using AES-GCM by default. But old payloads already written using AES-CBC will continue to be read using that scheme. References [1] https://en.wikipedia.org/wiki/Authenticated_encryption [2] https://www.daemonology.net/blog/2009-06-24-encrypt-then-mac.html [3] https://blog.cryptographyengineering.com/2011/12/04/matt-green-smackdown-watch-are-aead/ [4] HMAC vs AEAD integrity, https://crypto.stackexchange.com/q/24379 [5] AES-GCM vs HMAC-SHA256 integrity, https://crypto.stackexchange.com/q/30627		2019-01-06 14:13:34 +01:00
src/taoensso	[#101 ] NB Change default encryption from AES-CBC to AES-GCM	2019-01-06 14:13:34 +01:00
test/taoensso/nippy/tests	[#101 ] NB Change default encryption from AES-CBC to AES-GCM	2019-01-06 14:13:34 +01:00
.gitignore	Update project template	2016-07-17 15:04:54 +07:00
benchmarks.png	v2.12.0-SNAPSHOT	2016-05-09 14:05:02 +07:00
CHANGELOG.md	v2.15.0-alpha1	2018-09-08 19:38:41 +02:00
LICENSE	Update project template	2016-07-17 15:04:54 +07:00
project.clj	Bump deps	2019-01-06 12:24:29 +01:00
README.md	v2.15.0-alpha3	2018-09-23 19:39:59 +02:00

README.md

CHANGELOG | API | current Break Version:

[com.taoensso/nippy "2.14.0"]        ; Stable
[com.taoensso/nippy "2.15.0-alpha3"] ; Dev, see CHANGELOG for details

Please consider helping to support my continued open-source Clojure/Script work?

Even small contributions can add up + make a big difference to help sustain my time writing, maintaining, and supporting Nippy and other Clojure/Script libraries. Thank you!

- Peter Taoussanis

Nippy

The fastest serialization library for Clojure

Clojure's rich data types are awesome. And its reader allows you to take your data just about anywhere. But the reader can be painfully slow when you've got a lot of data to crunch (like when you're serializing to a database).

Nippy is an attempt to provide a reliable, high-performance drop-in alternative to the reader. Used by the Carmine Redis client, the Faraday DynamoDB client, PigPen, Onyx and others.

Features

Small, uncomplicated all-Clojure library
Terrific performance (the fastest for Clojure that I'm aware of)
Comprehesive support for all standard data types
Easily extendable to custom data types (v2.1+)
Java's Serializable fallback when available (v2.5+)
Reader-fallback for all other types (including Clojure 1.4+ tagged literals)
Full test coverage for every supported type
Fully pluggable compression, including built-in high-performance LZ4 compressor
Fully pluggable encryption, including built-in high-strength AES128 enabled with a single :password [:salted "my-password"] option (v2+)
Utils for easy integration into 3rd-party tools/libraries (v2+)

Getting started

Add the necessary dependency to your project:

[com.taoensso/nippy "2.14.0"]

And setup your namespace imports:

(ns my-ns (:require [taoensso.nippy :as nippy]))

De/serializing

As an example of what it can do, let's take a look at Nippy's own reference stress data:

nippy/stress-data
=>
{:bytes     (byte-array [(byte 1) (byte 2) (byte 3)])
 :nil       nil
 :true      true
 :false     false
 :char      \ಬ
 :str-short "ಬಾ ಇಲ್ಲಿ ಸಂಭವಿಸ"
 :str-long  (apply str (range 1000))
 :kw        :keyword
 :kw-ns     ::keyword
 :sym       'foo
 :sym-ns    'foo/bar
 :regex     #"^(https?:)?//(www\?|\?)?"

 :queue        (-> (PersistentQueue/EMPTY) (conj :a :b :c :d :e :f :g))
 :queue-empty  (PersistentQueue/EMPTY)
 :queue-empty  (enc/queue)
 :sorted-set   (sorted-set 1 2 3 4 5)
 :sorted-map   (sorted-map :b 2 :a 1 :d 4 :c 3)

 :list         (list 1 2 3 4 5 (list 6 7 8 (list 9 10)))
 :list-quoted  '(1 2 3 4 5 (6 7 8 (9 10)))
 :list-empty   (list)
 :vector       [1 2 3 4 5 [6 7 8 [9 10]]]
 :vector-empty []
 :map          {:a 1 :b 2 :c 3 :d {:e 4 :f {:g 5 :h 6 :i 7}}}
 :map-empty    {}
 :set          #{1 2 3 4 5 #{6 7 8 #{9 10}}}
 :set-empty    #{}
 :meta         (with-meta {:a :A} {:metakey :metaval})
 :nested       [#{{1 [:a :b] 2 [:c :d] 3 [:e :f]} [] #{:a :b}}
                #{{1 [:a :b] 2 [:c :d] 3 [:e :f]} [] #{:a :b}}
                [1 [1 2 [1 2 3 [1 2 3 4 [1 2 3 4 5]]]]]]

 :lazy-seq       (repeatedly 1000 rand)
 :lazy-seq-empty (map identity '())

 :byte         (byte 16)
 :short        (short 42)
 :integer      (int 3)
 :long         (long 3)
 :bigint       (bigint 31415926535897932384626433832795)

 :float        (float 3.14)
 :double       (double 3.14)
 :bigdec       (bigdec 3.1415926535897932384626433832795)

 :ratio        22/7
 :uuid         (java.util.UUID/randomUUID)
 :date         (java.util.Date.)

 :stress-record (StressRecord. "data")

 ;; Serializable
 :throwable    (Throwable. "Yolo")
 :exception    (try (/ 1 0) (catch Exception e e))
 :ex-info      (ex-info "ExInfo" {:data "data"})}

Serialize it:

(def frozen-stress-data (nippy/freeze nippy/stress-data))
=> #<byte[] [B@3253bcf3>

Deserialize it:

(nippy/thaw frozen-stress-data)
=> {:bytes        (byte-array [(byte 1) (byte 2) (byte 3)])
    :nil          nil
    :boolean      true
    <...> }

Couldn't be simpler!

See also the lower-level freeze-to-out! and thaw-from-in! fns for operating on DataOutput and DataInput types directly.

Encryption (v2+)

Nippy also gives you dead simple data encryption. Add a single option to your usual freeze/thaw calls like so:

(nippy/freeze nippy/stress-data {:password [:salted "my-password"]}) ; Encrypt
(nippy/thaw   <encrypted-data>  {:password [:salted "my-password"]}) ; Decrypt

There's two default forms of encryption on offer: :salted and :cached. Each of these makes carefully-chosen trade-offs and is suited to one of two common use cases. See the aes128-encryptor API docs for a detailed explanation of why/when you'd want one or the other.

Custom types (v2.1+)

(defrecord MyType [data])

(nippy/extend-freeze MyType :my-type/foo ; A unique (namespaced) type identifier
  [x data-output]
  (.writeUTF data-output (:data x)))

(nippy/extend-thaw :my-type/foo ; Same type id
  [data-input]
  (MyType. (.readUTF data-input)))

(nippy/thaw (nippy/freeze (MyType. "Joe"))) => #taoensso.nippy.MyType{:data "Joe"}

Performance

Nippy is currently the fastest serialization library for Clojure that I'm aware of, and offers roundtrip times between ~10x and ~15x faster than Clojure's tools.reader.edn, with a ~40% smaller output size.

Detailed benchmark info is available on Google Docs.

Contacting me / contributions

Please use the project's GitHub issues page for all questions, ideas, etc. Pull requests welcome. See the project's GitHub contributors page for a list of contributors.

Otherwise, you can reach me at Taoensso.com. Happy hacking!

- Peter Taoussanis