Trait trust_dns_client::rr::dnssec::Verifier

source · []
pub trait Verifier {
    fn algorithm(&self) -> Algorithm;

    fn key(&self) -> Result<PublicKeyEnum<'_>, ProtoError>;

    fn verify(&self, hash: &[u8], signature: &[u8]) -> Result<(), ProtoError> { ... }

    fn verify_message<M>(
        &self, 
        message: &M, 
        signature: &[u8], 
        sig0: &SIG
    ) -> Result<(), ProtoError>
    where
        M: BinEncodable,
    { ... }

    fn verify_rrsig(
        &self, 
        name: &Name, 
        dns_class: DNSClass, 
        sig: &SIG, 
        records: &[Record]
    ) -> Result<(), ProtoError> { ... }
}
This is supported on crate feature dnssec only.
Expand description

Types which are able to verify DNS based signatures

Required methods

Return the algorithm which this Verifier covers

Return the public key associated with this verifier

Provided methods

Verifies the hash matches the signature with the current key.

Arguments
  • hash - the hash to be validated, see rrset_tbs
  • signature - the signature to use to verify the hash, extracted from an RData::RRSIG for example.
Return value

True if and only if the signature is valid for the hash. false if the key.

Verifies a message with the against the given signature, i.e. SIG0

Arguments
  • message - the message to verify
  • signature - the signature to use for validation
Return value

true if the message could be validated against the signature, false otherwise

Verifies an RRSig with the associated key, e.g. DNSKEY

Arguments
  • name - name associated with the rrsig being validated
  • dns_class - DNSClass of the records, generally IN
  • sig - signature record being validated
  • records - Records covered by SIG

Implementors