Copyright	(c) Viktor Dukhovni 2026
License	BSD-3-Clause
Maintainer	ietf-dane@dukhovni.org
Stability	unstable
Safe Haskell	None
Language	GHC2024

Net.DNSBase.RData.TLSA

Contents

TLSA and SMIMEA
- T_TLSA fields
- T_SMIMEA fields
SSHFP
OPENPGPKEY

Description

Four DANE-style records that publish cryptographic identifiers via DNS. T_tlsa (RFC 6698) carries TLS certificate associations; T_smimea (RFC 8162) carries the same for S/MIME — both share the wire format of the underlying X_tlsa representation. T_sshfp (RFC 4255) carries SSH host-key fingerprints. T_openpgpkey (RFC 7929) carries an OpenPGP transferable public key.

Synopsis

data X_tlsa (n :: Nat) where
- X_TLSA {
  - _tlsaUsage :: Word8
  - _tlsaSelector :: Word8
  - _tlsaMtype :: Word8
  - _tlsaAssocData :: ShortByteString
  }
- pattern T_TLSA :: Word8 -> Word8 -> Word8 -> ShortByteString -> T_tlsa
- pattern T_SMIMEA :: Word8 -> Word8 -> Word8 -> ShortByteString -> T_smimea
type family XtlsaConName (n :: Nat) :: Symbol where ...
type T_tlsa = X_tlsa N_tlsa
type T_smimea = X_tlsa N_smimea
tlsaUsage :: T_tlsa -> Word8
tlsaSelector :: T_tlsa -> Word8
tlsaMtype :: T_tlsa -> Word8
tlsaAssocData :: T_tlsa -> ShortByteString
smimeaUsage :: T_smimea -> Word8
smimeaSelector :: T_smimea -> Word8
smimeaMtype :: T_smimea -> Word8
smimeaAssocData :: T_smimea -> ShortByteString
data T_sshfp = T_SSHFP {
- sshfpKeyAlgor :: Word8
- sshfpHashType :: Word8
- sshfpKeyValue :: ShortByteString
}
data T_openpgpkey = T_OPENPGPKEY {
- openpgpKey :: ShortByteString
}

TLSA and SMIMEA

data X_tlsa (n :: Nat) Source #

Shared wire-format representation for DANE certificate-binding records: the TLSA record (RFC 6698 section 2.1, DANE for TLS) and the SMIMEA record (RFC 8162 section 2, DANE for S/MIME). The type parameter n (either N_tlsa or N_smimea) determines the RR type. Each has its own type synonym (T_tlsa, T_smimea) and matching record pattern synonym (T_TLSA, T_SMIMEA) with the corresponding field-name prefix (tlsa, smimea). The role of X_tlsa is nominal: the wire format is shared but the two RR types bind to different protocols, so T_tlsa and T_smimea are not coercible.

                     1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|  Cert. Usage  |   Selector    | Matching Type |               /
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+               /
/                                                               /
/                 Certificate Association Data                  /
/                                                               /
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

If a received message carries a payload shorter than 3 bytes the record is returned as an opaque RData of the corresponding RRTYPE with the truncated bytes as its value; DANE validators should treat such records as present but "unusable".

Derived Ord is canonical (RFC 4034 section 6.2).

See T_sshfp for the SSH host-key fingerprint record and T_openpgpkey for the OpenPGP key record — both also live in this module.

Constructors

X_TLSA
Fields _tlsaUsage :: Word8 Certificate Usage _tlsaSelector :: Word8 Selector _tlsaMtype :: Word8 Matching Type _tlsaAssocData :: ShortByteString Certificate Association Data

Bundled Patterns

pattern T_TLSA	Record pattern synonym viewing the shared `X_tlsa` record as a `TLSA` (DANE for TLS) record, RFC 6698. Fields: `tlsaUsage`, `tlsaSelector`, `tlsaMtype`, `tlsaAssocData`. Not coercible to/from `T_smimea`: the role of `X_tlsa` is nominal because TLSA and SMIMEA bind to different protocols and the shared wire format is coincidental.
Fields :: Word8 Certificate Usage -> Word8 Selector -> Word8 Matching Type -> ShortByteString Certificate Association Data -> T_tlsa
pattern T_SMIMEA	Record pattern synonym viewing the shared `X_tlsa` record as an `SMIMEA` (DANE for S/MIME) record, RFC 8162. Fields: `smimeaUsage`, `smimeaSelector`, `smimeaMtype`, `smimeaAssocData`. Not coercible to/from `T_tlsa` (see `T_TLSA` note).
Fields :: Word8 Certificate Usage -> Word8 Selector -> Word8 Matching Type -> ShortByteString Certificate Association Data -> T_smimea

Instances

Instances details

KnownSymbol (XtlsaConName n) => Presentable (X_tlsa n) Source #

Instance details

XtlsaConName N_tlsa = "T_TLSA"
XtlsaConName N_smimea = "T_SMIMEA"
XtlsaConName n = TypeError ('ShowType n ':<>: 'Text " is not a TLSA or SMIMEA RRTYPE") :: Symbol

T_SSHFP
Fields sshfpKeyAlgor :: Word8 sshfpHashType :: Word8 sshfpKeyValue :: ShortByteString

TLSA and SMIMEA

Instances

T_TLSA fields

T_SMIMEA fields

SSHFP

Instances

OPENPGPKEY

Instances

`T_TLSA` fields

`T_SMIMEA` fields