pub trait Verifier {
fn algorithm(&self) -> Algorithm;
fn key(&self) -> Result<PublicKeyEnum<'_>, ProtoError>;
fn verify(&self, hash: &[u8], signature: &[u8]) -> Result<(), ProtoError> { ... }
fn verify_message<M>(
&self,
message: &M,
signature: &[u8],
sig0: &SIG
) -> Result<(), ProtoError>
where
M: BinEncodable,
{ ... }
fn verify_rrsig(
&self,
name: &Name,
dns_class: DNSClass,
sig: &SIG,
records: &[Record]
) -> Result<(), ProtoError> { ... }
}
This is supported on crate feature
dnssec
only.Expand description
Types which are able to verify DNS based signatures
Required methods
fn key(&self) -> Result<PublicKeyEnum<'_>, ProtoError>
fn key(&self) -> Result<PublicKeyEnum<'_>, ProtoError>
Return the public key associated with this verifier
Provided methods
Verifies the hash matches the signature with the current key
.
Arguments
hash
- the hash to be validated, seerrset_tbs
signature
- the signature to use to verify the hash, extracted from anRData::RRSIG
for example.
Return value
True if and only if the signature is valid for the hash.
false if the key
.
fn verify_message<M>(
&self,
message: &M,
signature: &[u8],
sig0: &SIG
) -> Result<(), ProtoError> where
M: BinEncodable,
fn verify_message<M>(
&self,
message: &M,
signature: &[u8],
sig0: &SIG
) -> Result<(), ProtoError> where
M: BinEncodable,
Verifies a message with the against the given signature, i.e. SIG0
Arguments
message
- the message to verifysignature
- the signature to use for validation
Return value
true
if the message could be validated against the signature, false
otherwise
Verifies an RRSig with the associated key, e.g. DNSKEY
Arguments
name
- name associated with the rrsig being validateddns_class
- DNSClass of the records, generally INsig
- signature record being validatedrecords
- Records covered by SIG