Trait domain::validate::RrsigExt [−][src]
Extensions for DNSKEY record type.
Required methods
fn signed_data<N: ToDname, D: RecordData, B: OctetsBuilder>(
&self,
buf: &mut B,
records: &mut [Record<N, D>]
) -> Result<(), ShortBuf> where
D: CanonicalOrd + Compose + Sized,
[src]
&self,
buf: &mut B,
records: &mut [Record<N, D>]
) -> Result<(), ShortBuf> where
D: CanonicalOrd + Compose + Sized,
Compose the signed data according to RC4035, Section 5.3.2.
Once the RRSIG RR has met the validity requirements described in
Section 5.3.1, the validator has to reconstruct the original signed
data. The original signed data includes RRSIG RDATA (excluding the
Signature field) and the canonical form of the RRset. Aside from
being ordered, the canonical form of the RRset might also differ from
the received RRset due to DNS name compression, decremented TTLs, or
wildcard expansion.
fn verify_signed_data(
&self,
dnskey: &Dnskey<impl AsRef<[u8]>>,
signed_data: &impl AsRef<[u8]>
) -> Result<(), AlgorithmError>
[src]
&self,
dnskey: &Dnskey<impl AsRef<[u8]>>,
signed_data: &impl AsRef<[u8]>
) -> Result<(), AlgorithmError>
Attempt to use the cryptographic signature to authenticate the signed data, and thus authenticate the RRSET. The signed data is expected to be calculated as per RFC4035, Section 5.3.2.
5.3.3. Checking the Signature
Once the resolver has validated the RRSIG RR as described in Section
5.3.1 and reconstructed the original signed data as described in
Section 5.3.2, the validator can attempt to use the cryptographic
signature to authenticate the signed data, and thus (finally!)
authenticate the RRset.
The Algorithm field in the RRSIG RR identifies the cryptographic
algorithm used to generate the signature. The signature itself is
contained in the Signature field of the RRSIG RDATA, and the public
key used to verify the signature is contained in the Public Key field
of the matching DNSKEY RR(s) (found in Section 5.3.1). [RFC4034]
provides a list of algorithm types and provides pointers to the
documents that define each algorithm's use.
Implementors
impl<Octets: AsRef<[u8]>, Name: Compose> RrsigExt for Rrsig<Octets, Name>
[src]
fn signed_data<N: ToDname, D: RecordData, B: OctetsBuilder>(
&self,
buf: &mut B,
records: &mut [Record<N, D>]
) -> Result<(), ShortBuf> where
D: CanonicalOrd + Compose + Sized,
[src]
&self,
buf: &mut B,
records: &mut [Record<N, D>]
) -> Result<(), ShortBuf> where
D: CanonicalOrd + Compose + Sized,
fn verify_signed_data(
&self,
dnskey: &Dnskey<impl AsRef<[u8]>>,
signed_data: &impl AsRef<[u8]>
) -> Result<(), AlgorithmError>
[src]
&self,
dnskey: &Dnskey<impl AsRef<[u8]>>,
signed_data: &impl AsRef<[u8]>
) -> Result<(), AlgorithmError>