domain/base/iana/secalg.rs
1//! DNSSEC Algorithm Numbers
2
3//------------ SecAlg -------------------------------------------------------
4
5int_enum! {
6 /// Security Algorithm Numbers.
7 ///
8 /// These numbers are used in various security related record types.
9 ///
10 /// For the currently registered values see the [IANA registration].
11 ///
12 /// [IANA registration]: http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml#dns-sec-alg-numbers-1].
13 =>
14 SecAlg, u8;
15
16 /// Delete DS
17 ///
18 /// This algorithm is used in RFC 8087 to signal to the parent that a
19 /// certain DS record should be deleted. It is _not_ an actual algorithm
20 /// and can neither be used in zone nor transaction signing.
21 (DeleteDs => 0, b"DELETE")
22
23 /// RSA/MD5
24 ///
25 /// This algorithm was described in RFC 2537 and since has been
26 /// deprecated due to weaknesses of the MD5 hash algorithm by RFC 3110
27 /// which suggests to use RSA/SHA1 instead.
28 ///
29 /// This algorithm may not be used for zone signing but may be used
30 /// for transaction security.
31 (RsaMd5 => 1, b"RSAMD5")
32
33 /// Diffie-Hellman
34 ///
35 /// This algorithm is described in RFC 2539 for storing Diffie-Hellman
36 /// (DH) keys in DNS resource records. It can not be used for zone
37 /// signing but only for transaction security.
38 (Dh => 2, b"DH")
39
40 /// DSA/SHA1
41 ///
42 /// This algorithm is described in RFC 2536. It may be used both for
43 /// zone signing and transaction security.
44 (Dsa => 3, b"DSA")
45
46 /// RSA/SHA-1
47 ///
48 /// This algorithm is described in RFC 3110. It may be used both for
49 /// zone signing and transaction security. It is mandatory for DNSSEC
50 /// implementations.
51 (RsaSha1 => 5, b"RSASHA1")
52
53 /// DSA-NSEC3-SHA1
54 ///
55 /// This value is an alias for `Dsa` for use within NSEC3 records.
56 (DsaNsec3Sha1 => 6, b"DSA-NSEC3-SHA1")
57
58 /// RSASHA1-NSEC3-SHA1
59 ///
60 /// This value is an alias for `RsaSha1` for use within NSEC3 records.
61 (RsaSha1Nsec3Sha1 => 7, b"RSASHA1-NSEC3-SHA1")
62
63 /// RSA/SHA-256
64 ///
65 /// This algorithm is described in RFC 5702. It may be used for zone
66 /// signing only.
67 (RsaSha256 => 8, b"RSASHA256")
68
69 /// RSA/SHA-512
70 ///
71 /// This algorithm is described in RFC 5702. It may be used for zone
72 /// signing only.
73 (RsaSha512 => 10, b"RSASHA512")
74
75 /// GOST R 34.10-2001
76 ///
77 /// This algorithm is described in RFC 5933. It may be used for zone
78 /// signing only.
79 (EccGost => 12, b"ECC-GOST")
80
81 /// ECDSA Curve P-256 with SHA-256
82 ///
83 /// This algorithm is described in RFC 6605. It may be used for zone
84 /// signing only.
85 (EcdsaP256Sha256 => 13, b"ECDSAP256SHA256")
86
87 /// ECDSA Curve P-384 with SHA-384
88 ///
89 /// This algorithm is described in RFC 6605. It may be used for zone
90 /// signing only.
91 (EcdsaP384Sha384 => 14, b"ECDSAP384SHA384")
92
93 /// ED25519
94 ///
95 /// This algorithm is described in RFC 8080.
96 (Ed25519 => 15, b"ED25519")
97
98 /// ED448
99 ///
100 /// This algorithm is described in RFC 8080.
101 (Ed448 => 16, b"ED448")
102
103 /// Reserved for Indirect Keys
104 ///
105 /// This value is reserved by RFC 4034.
106 (Indirect => 252, b"INDIRECT")
107
108 /// A private algorithm identified by a domain name.
109 ///
110 /// This value is defined in RFC 4034.
111 (PrivateDns => 253, b"PRIVATEDNS")
112
113 /// A private algorithm identified by a ISO OID.
114 ///
115 /// This value is defined in RFC 4034.
116 (PrivateOid => 254, b"PRIVATEOID")
117}
118
119int_enum_str_with_decimal!(SecAlg, u8, "unknown algorithm");