Trait hickory_proto::rr::dnssec::Verifier

source ·

pub trait Verifier {
    // Required methods
    fn algorithm(&self) -> Algorithm;
    fn key(&self) -> ProtoResult<PublicKeyEnum<'_>>;

    // Provided methods
    fn verify(&self, hash: &[u8], signature: &[u8]) -> ProtoResult<()> { ... }
    fn verify_message<M: BinEncodable>(
        &self,
        message: &M,
        signature: &[u8],
        sig0: &SIG,
    ) -> ProtoResult<()> { ... }
    fn verify_rrsig<'a>(
        &self,
        name: &Name,
        dns_class: DNSClass,
        sig: &RRSIG,
        records: impl Iterator<Item = &'a Record>,
    ) -> ProtoResult<()> { ... }
}

Available on crate feature dnssec only.

Expand description

Types which are able to verify DNS based signatures

Required Methods§

source

fn algorithm(&self) -> Algorithm

Return the algorithm which this Verifier covers

source

fn key(&self) -> ProtoResult<PublicKeyEnum<'_>>

Return the public key associated with this verifier

Provided Methods§

source

fn verify(&self, hash: &[u8], signature: &[u8]) -> ProtoResult<()>

Verifies the hash matches the signature with the current key.

§Arguments

hash - the hash to be validated, see rrset_tbs
signature - the signature to use to verify the hash, extracted from an RData::RRSIG for example.

§Return value

True if and only if the signature is valid for the hash. false if the key.

source

fn verify_message<M: BinEncodable>( &self, message: &M, signature: &[u8], sig0: &SIG, ) -> ProtoResult<()>

Verifies a message with the against the given signature, i.e. SIG0

§Arguments

message - the message to verify
signature - the signature to use for validation

§Return value

true if the message could be validated against the signature, false otherwise

source

fn verify_rrsig<'a>( &self, name: &Name, dns_class: DNSClass, sig: &RRSIG, records: impl Iterator<Item = &'a Record>, ) -> ProtoResult<()>

Verifies an RRSig with the associated key, e.g. DNSKEY

§Arguments

name - name associated with the rrsig being validated
dns_class - DNSClass of the records, generally IN
sig - signature record being validated
records - Records covered by SIG

Object Safety§

This trait is not object safe.

Implementors§

source §

impl Verifier for DNSKEY

source §

Trait hickory_proto::rr::dnssec::VerifierCopy item path

Required Methods§

fn algorithm(&self) -> Algorithm

fn key(&self) -> ProtoResult<PublicKeyEnum<'_>>

Provided Methods§

fn verify(&self, hash: &[u8], signature: &[u8]) -> ProtoResult<()>

§Arguments

§Return value

fn verify_message<M: BinEncodable>( &self, message: &M, signature: &[u8], sig0: &SIG, ) -> ProtoResult<()>

§Arguments

§Return value

fn verify_rrsig<'a>( &self, name: &Name, dns_class: DNSClass, sig: &RRSIG, records: impl Iterator<Item = &'a Record>, ) -> ProtoResult<()>

§Arguments

Object Safety§

Implementors§

impl Verifier for DNSKEY

impl Verifier for KEY

Trait hickory_proto::rr::dnssec::Verifier