domain/base/iana/
secalg.rs

1//! DNSSEC Algorithm Numbers
2
3//------------ SecurityAlgorithm ---------------------------------------------
4
5int_enum! {
6    /// Security Algorithm Numbers.
7    ///
8    /// These numbers are used in various security related record types.
9    ///
10    /// For the currently registered values see the [IANA registration].
11    ///
12    /// [IANA registration]: http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml#dns-sec-alg-numbers-1].
13    =>
14    SecurityAlgorithm, u8;
15
16    /// Delete DS
17    ///
18    /// This algorithm is used in RFC 8087 to signal to the parent that a
19    /// certain DS record should be deleted. It is _not_ an actual algorithm
20    /// and can neither be used in zone nor transaction signing.
21    (DELETE => 0, "DELETE")
22
23    /// RSA/MD5
24    ///
25    /// This algorithm was described in RFC 2537 and since has been
26    /// deprecated due to weaknesses of the MD5 hash algorithm by RFC 3110
27    /// which suggests to use RSA/SHA1 instead.
28    ///
29    /// This algorithm may not be used for zone signing but may be used
30    /// for transaction security.
31    (RSAMD5 => 1, "RSAMD5")
32
33    /// Diffie-Hellman
34    ///
35    /// This algorithm is described in RFC 2539 for storing Diffie-Hellman
36    /// (DH) keys in DNS resource records. It can not be used for zone
37    /// signing but only for transaction security.
38    (DH => 2, "DH")
39
40    /// DSA/SHA1
41    ///
42    /// This algorithm is described in RFC 2536. It may be used both for
43    /// zone signing and transaction security.
44    (DSA => 3, "DSA")
45
46    /// RSA/SHA-1
47    ///
48    /// This algorithm is described in RFC 3110. It may be used both for
49    /// zone signing and transaction security. It is mandatory for DNSSEC
50    /// implementations.
51    (RSASHA1 => 5, "RSASHA1")
52
53    /// DSA-NSEC3-SHA1
54    ///
55    /// This value is an alias for `Dsa` for use within NSEC3 records.
56    (DSA_NSEC3_SHA1 => 6, "DSA-NSEC3-SHA1")
57
58    /// RSASHA1-NSEC3-SHA1
59    ///
60    /// This value is an alias for `RsaSha1` for use within NSEC3 records.
61    (RSASHA1_NSEC3_SHA1 => 7, "RSASHA1-NSEC3-SHA1")
62
63    /// RSA/SHA-256
64    ///
65    /// This algorithm is described in RFC 5702. It may be used for zone
66    /// signing only.
67    (RSASHA256 => 8, "RSASHA256")
68
69    /// RSA/SHA-512
70    ///
71    /// This algorithm is described in RFC 5702. It may be used for zone
72    /// signing only.
73    (RSASHA512 => 10, "RSASHA512")
74
75    /// GOST R 34.10-2001
76    ///
77    /// This algorithm is described in RFC 5933. It may be used for zone
78    /// signing only.
79    (ECC_GOST => 12, "ECC-GOST")
80
81    /// ECDSA Curve P-256 with SHA-256
82    ///
83    /// This algorithm is described in RFC 6605. It may be used for zone
84    /// signing only.
85    (ECDSAP256SHA256 => 13, "ECDSAP256SHA256")
86
87    /// ECDSA Curve P-384 with SHA-384
88    ///
89    /// This algorithm is described in RFC 6605. It may be used for zone
90    /// signing only.
91    (ECDSAP384SHA384 => 14, "ECDSAP384SHA384")
92
93    /// ED25519
94    ///
95    /// This algorithm is described in RFC 8080.
96    (ED25519 => 15, "ED25519")
97
98    /// ED448
99    ///
100    /// This algorithm is described in RFC 8080.
101    (ED448 => 16, "ED448")
102
103    /// Reserved for Indirect Keys
104    ///
105    /// This value is reserved by RFC 4034.
106    (INDIRECT => 252, "INDIRECT")
107
108    /// A private algorithm identified by a domain name.
109    ///
110    /// This value is defined in RFC 4034.
111    (PRIVATEDNS => 253, "PRIVATEDNS")
112
113    /// A private algorithm identified by a ISO OID.
114    ///
115    /// This value is defined in RFC 4034.
116    (PRIVATEOID => 254, "PRIVATEOID")
117}
118
119int_enum_str_decimal!(SecurityAlgorithm, u8);
120int_enum_zonefile_fmt_decimal!(SecurityAlgorithm, "algorithm");