This adds hash.go and creates a identityHash that is used for algorithms
that do their own hashing (ED25519) for instance.
This unifies the hash variable naming between dnssec and sig(0) signing
and removes the special casing that existed for ED25519.
This unifies the variable naming between sig(0) and dnssec signing and
verifying.
I didn't want to used crypto.RegisterHash as not to fiddle with the
global namespaces of hashes, so the value of '0' from AlgorithmsToHash
is handled specially in dnssec and sig(0) code.
Note that ED448 isn't implemented at all.
Signed-off-by: Miek Gieben <miek@miek.nl>
This reduces the time it takes to run the test. Shorter timeouts on
clients to avoid awaiting for the detault timeouts.
It's also reduces the iterations in some test functions, this doesn't
seem to impact the tests indicating those numbers where random to begin
with.
Use shorter crypto keys, as we don't need to strength in tests.
Stop using Google Public DNS and other remotes in tests as well: it's
faster, keeps things local and avoids spilling info to Google.
This brings the test duration down from ~8s to ~2s on my machine, a 4x
reduction.
~~~
PASS
ok github.com/miekg/dns 2.046s
Switched to branch 'master'
Your branch is up-to-date with 'origin/master'.
PASS
ok github.com/miekg/dns 7.915s
~~~
Signed-off-by: Miek Gieben <miek@miek.nl>
This will allow RRSIG.Sign to use generic crypto.Signer implementations.
This is a interface breaking change, even if the required changes are most
likely just type asserions from crypto.PrivateKey to the underlying type or
crypto.Signer.
Added a bunch a long running test function to the list of skipped
tests when giving -short to go test. Tests are bascially *all*
DNSSEC key generation tests and 1 serving test.
PASS
ok github.com/miekg/dns 0.782s
Compared to 13+ s, so quite a bit faster.
Tests message signing and verification against
itself, that altered messages don't pass and that
expired messages don't pass.
Static samples generated by something else would
be good to add at some point.