ECDSA public keys consist of a single value, called "Q" in FIPS
186-3. In DNSSEC keys, Q is a simple bit string that represents the
uncompressed form of a curve point, "x | y".
The ECDSA signature is the combination of two non-negative integers,
called "r" and "s" in FIPS 186-3. The two integers, each of which is
formatted as a simple octet string, are combined into a single longer
octet string for DNSSEC as the concatenation "r | s". (Conversion of
the integers to bit strings is described in Section C.2 of FIPS
186-3.) For P-256, each integer MUST be encoded as 32 octets; for
P-384, each integer MUST be encoded as 48 octets.
Instead of going through the fmt package, we can use append int,
which saves an allocation.
benchmark old ns/op new ns/op delta
BenchmarkUnpackDomainNameUnprintable 2147 506 -76.43%
This is based on @miekg's sig0 branch. That branch diverged from master
and I didn't want to wander off on a rebase.
As implemented there's no allowance for multi-envelope (TCP) support.
TODO:
* unpackUint32() could be moved out and used elsewhere
* tests
* multi-envelope support (if useful)
This way the Id function can be overruled by clients to have
another implementation for the Id function:
To make it static: dns.Id = func() uint16 { return 1234 }
Changes to domain name packing and unpacking:
* Escape dot, backslash, brackets, double-quote, semi-colon and space
* Tab, line feed and carriage return become \t, \n and \r
Changes to TXT string packing and unpacking:
* Escape backslash and double-quote
* Tab, line feed and carriage return become \t, \n and \r
* Other unprintables to \DDD
Stringers do the equivalent of putting domain names and TXT strings
to the wire and back.
There is some duplication of logic. I found performance suffered when
I broke the logic out into smaller functions. I think this may have
been due to functions not being inlined for various reasons.
packLen() was a featureless mirror of Len(). Remove it, and just use
Len() internally too.
Fix bug in Len() too, where the length of the additional section was
not counted.
If the TC bit is set in a message, we will probably try to parse
half a message, which will fail. To fix this just return a message
header and the question section and don't parse the rest.
Filippo Valsorda
Andrew Tunnell-Jones
Miek Gieben
Daniel Morsing
Alex Sergeyev
Marek Majkowski