Store HumanReadableNames in-object rather than on the heap

Since the full encoded domain name of an HRN cannot exceed the
maximum length of a DNS name (255 octets), there's not a lot of
reason to store the `user` and `domain` parts of an HRN on the heap
via two `String`s.

Instead, here, we store one byte array with the maximum size of
both labels as well as the length of the `user` and `domain` parts.

Because we're now avoiding heap allocations this also implies
making `HumanReadableName::new` take the `user` and `domain` parts
by reference as `&str`s, rather than by value as `String`s.

Author: TheBlueMatt

src/hrn.rs

@@ -1,24 +1,26 @@
 //! A type for storing Human Readable Names (HRNs) which can be resolved using BIP 353 and the DNS
 //! or LNURL-Pay and LN-Address.
 
-use alloc::string::{String, ToString};
+// Note that `REQUIRED_EXTRA_LEN` includes the (implicit) trailing `.`
+const REQUIRED_EXTRA_LEN: usize = ".user._bitcoin-payment.".len() + 1;
 
 /// A struct containing the two parts of a BIP 353 Human Readable Name - the user and domain parts.
 ///
-/// The `user` and `domain` parts, together, cannot exceed 232 bytes in length, and both must be
+/// The `user` and `domain` parts, together, cannot exceed 231 bytes in length, and both must be
 /// non-empty.
 ///
-/// To protect against [Homograph Attacks], both parts of a Human Readable Name must be plain
-/// ASCII.
+/// If you intend to handle non-ASCII `user` or `domain` parts, you must handle [Homograph Attacks]
+/// and do punycode en-/de-coding yourself. This struc will always handle only plain ASCII `user`
+/// and `domain` parts.
 ///
 /// This struct can also be used for LN-Address recipients.
 ///
 /// [Homograph Attacks]: https://en.wikipedia.org/wiki/IDN_homograph_attack
 #[derive(Clone, Debug, Hash, PartialEq, Eq)]
 pub struct HumanReadableName {
-	// TODO Remove the heap allocations given the whole data can't be more than 256 bytes.
-	user: String,
-	domain: String,
+	contents: [u8; 255 - REQUIRED_EXTRA_LEN],
+	user_len: u8,
+	domain_len: u8,
 }
 
 /// Check if the chars in `s` are allowed to be included in a hostname.
@@ -29,13 +31,11 @@ pub(crate) fn str_chars_allowed(s: &str) -> bool {
 impl HumanReadableName {
 	/// Constructs a new [`HumanReadableName`] from the `user` and `domain` parts. See the
 	/// struct-level documentation for more on the requirements on each.
-	pub fn new(user: String, mut domain: String) -> Result<HumanReadableName, ()> {
+	pub fn new(user: &str, mut domain: &str) -> Result<HumanReadableName, ()> {
 		// First normalize domain and remove the optional trailing `.`
-		if domain.ends_with(".") {
-			domain.pop();
+		if domain.ends_with('.') {
+			domain = &domain[..domain.len() - 1];
 		}
-		// Note that `REQUIRED_EXTRA_LEN` includes the (now implicit) trailing `.`
-		const REQUIRED_EXTRA_LEN: usize = ".user._bitcoin-payment.".len() + 1;
 		if user.len() + domain.len() + REQUIRED_EXTRA_LEN > 255 {
 			return Err(());
 		}
@@ -45,7 +45,14 @@ impl HumanReadableName {
 		if !str_chars_allowed(&user) || !str_chars_allowed(&domain) {
 			return Err(());
 		}
-		Ok(HumanReadableName { user, domain })
+		let mut contents = [0; 255 - REQUIRED_EXTRA_LEN];
+		contents[..user.len()].copy_from_slice(user.as_bytes());
+		contents[user.len()..user.len() + domain.len()].copy_from_slice(domain.as_bytes());
+		Ok(HumanReadableName {
+			contents,
+			user_len: user.len() as u8,
+			domain_len: domain.len() as u8,
+		})
 	}
 
 	/// Constructs a new [`HumanReadableName`] from the standard encoding - `user`@`domain`.
@@ -55,19 +62,22 @@ impl HumanReadableName {
 	pub fn from_encoded(encoded: &str) -> Result<HumanReadableName, ()> {
 		if let Some((user, domain)) = encoded.strip_prefix('₿').unwrap_or(encoded).split_once("@")
 		{
-			Self::new(user.to_string(), domain.to_string())
+			Self::new(user, domain)
 		} else {
 			Err(())
 		}
 	}
 
 	/// Gets the `user` part of this Human Readable Name
 	pub fn user(&self) -> &str {
-		&self.user
+		let bytes = &self.contents[..self.user_len as usize];
+		core::str::from_utf8(bytes).expect("Checked in constructor")
 	}
 
 	/// Gets the `domain` part of this Human Readable Name
 	pub fn domain(&self) -> &str {
-		&self.domain
+		let user_len = self.user_len as usize;
+		let bytes = &self.contents[user_len..user_len + self.domain_len as usize];
+		core::str::from_utf8(bytes).expect("Checked in constructor")
 	}
 }