hickory_proto::dnssec

Trait Verifier

Source
pub trait Verifier {
    // Required methods
    fn algorithm(&self) -> Algorithm;
    fn key(&self) -> Result<Arc<dyn PublicKey + '_>, ProtoError>;

    // Provided methods
    fn verify(&self, hash: &[u8], signature: &[u8]) -> Result<(), ProtoError> { ... }
    fn verify_message<M: BinEncodable>(
        &self,
        message: &M,
        signature: &[u8],
        sig0: &SIG,
    ) -> Result<(), ProtoError> { ... }
    fn verify_rrsig<'a>(
        &self,
        name: &Name,
        dns_class: DNSClass,
        sig: &RRSIG,
        records: impl Iterator<Item = &'a Record>,
    ) -> Result<(), ProtoError> { ... }
}
Available on crate feature dnssec only.
Expand description

Types which are able to verify DNS based signatures

Required Methods§

Source

fn algorithm(&self) -> Algorithm

Return the algorithm which this Verifier covers

Source

fn key(&self) -> Result<Arc<dyn PublicKey + '_>, ProtoError>

Return the public key associated with this verifier

Provided Methods§

Source

fn verify(&self, hash: &[u8], signature: &[u8]) -> Result<(), ProtoError>

Verifies the hash matches the signature with the current key.

§Arguments
  • hash - the hash to be validated, see rrset_tbs
  • signature - the signature to use to verify the hash, extracted from an RData::RRSIG for example.
§Return value

True if and only if the signature is valid for the hash. false if the key.

Source

fn verify_message<M: BinEncodable>( &self, message: &M, signature: &[u8], sig0: &SIG, ) -> Result<(), ProtoError>

Verifies a message with the against the given signature, i.e. SIG0

§Arguments
  • message - the message to verify
  • signature - the signature to use for validation
§Return value

true if the message could be validated against the signature, false otherwise

Source

fn verify_rrsig<'a>( &self, name: &Name, dns_class: DNSClass, sig: &RRSIG, records: impl Iterator<Item = &'a Record>, ) -> Result<(), ProtoError>

Verifies an RRSig with the associated key, e.g. DNSKEY

§Arguments
  • name - name associated with the rrsig being validated
  • dns_class - DNSClass of the records, generally IN
  • sig - signature record being validated
  • records - Records covered by SIG

Dyn Compatibility§

This trait is not dyn compatible.

In older versions of Rust, dyn compatibility was called "object safety", so this trait is not object safe.

Implementors§