domain_core/iana/secalg.rs
1//! DNSSEC Algorithm Numbers
2
3use std::str;
4
5
6//------------ SecAlg -------------------------------------------------------
7
8int_enum!{
9 /// Security Algorithm Numbers.
10 ///
11 /// These numbers are used in various security related record types.
12 ///
13 /// For the currently registered values see the [IANA registration].
14 ///
15 /// [IANA registration]: http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml#dns-sec-alg-numbers-1].
16 =>
17 SecAlg, u8;
18
19 /// Delete DS
20 ///
21 /// This algorithm is used in RFC 8087 to signal to the parent that a
22 /// certain DS record should be deleted. It is _not_ an actual algorithm
23 /// and can neither be used in zone nor transaction signing.
24 (DeleteDs => 0, b"DELETE")
25
26 /// RSA/MD5
27 ///
28 /// This algorithm was described in RFC 2537 and since has been
29 /// deprecated due to weaknesses of the MD5 hash algorithm by RFC 3110
30 /// which suggests to use RSA/SHA1 instead.
31 ///
32 /// This algorithm may not be used for zone signing but may be used
33 /// for transaction security.
34 (RsaMd5 => 1, b"RSAMD5")
35
36 /// Diffie-Hellman
37 ///
38 /// This algorithm is described in RFC 2539 for storing Diffie-Hellman
39 /// (DH) keys in DNS resource records. It can not be used for zone
40 /// signing but only for transaction security.
41 (Dh => 2, b"DH")
42
43 /// DSA/SHA1
44 ///
45 /// This algorithm is described in RFC 2536. It may be used both for
46 /// zone signing and transaction security.
47 (Dsa => 3, b"DSA")
48
49 /// RSA/SHA-1
50 ///
51 /// This algorithm is described in RFC 3110. It may be used both for
52 /// zone signing and transaction security. It is mandatory for DNSSEC
53 /// implementations.
54 (RsaSha1 => 5, b"RSASHA1")
55
56 /// DSA-NSEC3-SHA1
57 ///
58 /// This value is an alias for `Dsa` for use within NSEC3 records.
59 (DsaNsec3Sha1 => 6, b"DSA-NSEC3-SHA1")
60
61 /// RSASHA1-NSEC3-SHA1
62 ///
63 /// This value is an alias for `RsaSha1` for use within NSEC3 records.
64 (RsaSha1Nsec3Sha1 => 7, b"RSASHA1-NSEC3-SHA1")
65
66 /// RSA/SHA-256
67 ///
68 /// This algorithm is described in RFC 5702. It may be used for zone
69 /// signing only.
70 (RsaSha256 => 8, b"RSASHA256")
71
72 /// RSA/SHA-512
73 ///
74 /// This algorithm is described in RFC 5702. It may be used for zone
75 /// signing only.
76 (RsaSha512 => 10, b"RSASHA512")
77
78 /// GOST R 34.10-2001
79 ///
80 /// This algorithm is described in RFC 5933. It may be used for zone
81 /// signing only.
82 (EccGost => 12, b"ECC-GOST")
83
84 /// ECDSA Curve P-256 with SHA-256
85 ///
86 /// This algorithm is described in RFC 6605. It may be used for zone
87 /// signing only.
88 (EcdsaP256Sha256 => 13, b"ECDSAP256SHA256")
89
90 /// ECDSA Curve P-384 with SHA-384
91 ///
92 /// This algorithm is described in RFC 6605. It may be used for zone
93 /// signing only.
94 (EcdsaP384Sha384 => 14, b"ECDSAP384SHA384")
95
96 /// ED25519
97 ///
98 /// This algorithm is described in RFC 8080.
99 (Ed25519 => 15, b"ED25519")
100
101 /// ED448
102 ///
103 /// This algorithm is described in RFC 8080.
104 (Ed448 => 16, b"ED448")
105
106 /// Reserved for Indirect Keys
107 ///
108 /// This value is reserved by RFC 4034.
109 (Indirect => 252, b"INDIRECT")
110
111 /// A private algorithm identified by a domain name.
112 ///
113 /// This value is defined in RFC 4034.
114 (PrivateDns => 253, b"PRIVATEDNS")
115
116 /// A private algorithm identified by a ISO OID.
117 ///
118 /// This value is defined in RFC 4034.
119 (PrivateOid => 254, b"PRIVATEOID")
120}
121
122int_enum_str_with_decimal!(SecAlg, u8, "unknown algorithm");
123