Skip to main content

Verifier

Trait Verifier 

Source
pub trait Verifier {
    // Required methods
    fn algorithm(&self) -> Algorithm;
    fn key(&self) -> Result<Arc<dyn PublicKey + '_>, ProtoError>;

    // Provided methods
    fn verify(&self, hash: &[u8], signature: &[u8]) -> Result<(), ProtoError> { ... }
    fn verify_rrsig<'a>(
        &self,
        name: &Name,
        dns_class: DNSClass,
        sig: &RRSIG,
        records: impl Iterator<Item = &'a Record>,
    ) -> Result<(), ProtoError> { ... }
}
Expand description

Types which are able to verify DNS based signatures

Required Methods§

Source

fn algorithm(&self) -> Algorithm

Return the algorithm which this Verifier covers

Source

fn key(&self) -> Result<Arc<dyn PublicKey + '_>, ProtoError>

Return the public key associated with this verifier

Provided Methods§

Source

fn verify(&self, hash: &[u8], signature: &[u8]) -> Result<(), ProtoError>

Verifies the hash matches the signature with the current key.

§Arguments
  • hash - the hash to be validated, see rrset_tbs
  • signature - the signature to use to verify the hash, extracted from an RData::RRSIG for example.
§Return value

True if and only if the signature is valid for the hash. false if the key.

Source

fn verify_rrsig<'a>( &self, name: &Name, dns_class: DNSClass, sig: &RRSIG, records: impl Iterator<Item = &'a Record>, ) -> Result<(), ProtoError>

Verifies an RRSig with the associated key, e.g. DNSKEY

§Arguments
  • name - name associated with the rrsig being validated
  • dns_class - DNSClass of the records, generally IN
  • sig - signature record being validated
  • records - Records covered by SIG

Dyn Compatibility§

This trait is not dyn compatible.

In older versions of Rust, dyn compatibility was called "object safety".

Implementors§