netconfcentral logo

ietf-key-table

HTML

ietf-key-table@2015-08-28



  module ietf-key-table {

    yang-version 1;

    namespace
      "http://www.example.com/ietf-key-table";

    prefix keytable;

    import ietf-yang-types {
      prefix yang;
    }
    import ietf-routing {
      prefix rt;
    }
    import ietf-interfaces {
      prefix if;
    }

    organization "Ericsson";

    contact
      "I. Chen - ing-wher.chen@ericsson.com";

    description
      "A key table YANG data model based on RFC 7210";

    revision "2015-08-28" {
      description
        "Revision 3.  "
          + "Making RFC 7210 a global generic table.";
      reference
        "RFC 7210";

    }

    revision "2015-06-29" {
      description "Revision 2.";
      reference
        "RFC 7210";

    }


    identity key-derivation-function {
      base 
      description
        "Base identity from which key derivation function "
          + "identities are derived";
    }

    identity kdf-none {
      base key-derivation-function;
      description
        "This identity represents a cryptographic key that is"
          + "used directly, without a key derivation function.";
    }

    identity kdf-aes-128-cmac {
      base key-derivation-function;
      description
        "This identity represents the key derivation function that "
          + "uses AES-CMAC using 128-bit keys (RFC 4493).";
    }

    identity kdf-hmac-sha-1 {
      base key-derivation-function;
      description
        "This identity represents the key derivation function that "
          + "uses HMAC using the SHA-1 hash (RFC 2104).";
    }

    identity cryptographic-algorithm {
      base 
      description
        "Base identity from which cryptographic algorithms "
          + "are derived";
    }

    identity algid-aes-128-cmac {
      base cryptographic-algorithm;
      description
        "This identity represents the cryptographic algorithm "
          + "AES-CMAC using 128-bit keys (RFC 4493).";
    }

    identity algid-aes-128-cmac-92 {
      base cryptographic-algorithm;
      description
        "This identity represents the cryptographic algorithm "
          + "AES-128-CMAC truncated to 96 bits (RFC 5926).";
    }

    identity algid-hmac-sha-1-96 {
      base cryptographic-algorithm;
      description
        "This identity represents the cryptographic algorithm "
          + "HMAC SHA-1 truncated to 96 bits (RFC 2104).";
    }

    identity all-routing-protocols {
      base rt:routing-protocol;
      description "All routing protocols";
    }

    typedef routing-protocol-type {
      type identityref {
        base rt:routing-protocol;
      }
      description
        "This type identifies the routing protocol";
    }

    typedef key-derivation-function-type {
      type identityref {
        base key-derivation-function;
      }
      description
        "This type identifies the key derivation function";
    }

    typedef cryptographic-algorithm-type {
      type identityref {
        base cryptographic-algorithm;
      }
      description
        "This type identifies the cryptographic algorithm";
    }

    typedef lifetime-type {
      type string {
        pattern '{4}{2}{2}{2}{2}Z';
      }
      description
        "This type identifies a time in the format YYYYMMDDHHSSZ, "
          + "where the first four digits specify the year, "
          + "the next two digits specify the month, "
          + "the next two digits specify the day, "
          + "the next two digits specify the hour, "
          + "the next two digits specify the second, "
          + "ending with the letter 'Z' as a clear indication "
          + "that the time is in Coordinated Universal Time (UTC).";
    }

    grouping key-properties-grp {
      description
        "A grouping that to specify the properties of a key.  "
          + "This is defined as a grouping so that different "
          + "routing protocols can further refine the values of "
          + "each individual key properties.";
      leaf kdf {
        type key-derivation-function-type;
        description
          "Specify the key derivation function to be used "
            + "with this key.";
      }

      leaf alg-id {
        type cryptographic-algorithm-type;
        description
          "Specify the cryptographic algorithm to be used"
            + "with this key.";
      }

      leaf direction {
        type enumeration {
          enum "in" {
            value 0;
            description
              "The key is used for inbound traffic.";
          }
          enum "out" {
            value 1;
            description
              "The key is used for outbound traffic.";
          }
          enum "both" {
            value 2;
            description
              "The key is used for both inbound and outbound "
                + "traffic.";
          }
          enum "disabled" {
            value 3;
            description
              "The key is disabled and cannot be used for "
                + "either inbound or outbound traffic.";
          }
        }
        description
          "The value of the direction must be one of 'in', 'out', "
            + "'both', and 'disabled'.  The actual allowed value "
            + "is left for routing protocols to define.";
      }
    }  // grouping key-properties-grp

    container key-table {
      description
        "The key table of all managed cryptographic keys "
          + "of a device.";
      list security-association-entry {
        key "admin-key-name";
        description
          "A key table entry that specifies a key "
            + "and its attributes.";
        leaf admin-key-name {
          type string;
          description
            "A human-readable string that identifies the key.";
        }

        container peers {
          description
            "Specify the peer systems that also have this key "
              + "in their database.  The format of this field is "
              + "left to protocols to define.";
        }  // container peers

        container interfaces {
          description
            "Specify the interfaces to which they key may be applied.";
          choice interface-options {
            mandatory true;
            description
              "The option to apply this key to all interfaces or "
                + "to a pre-defined list of interfaces.";
            leaf all {
              type empty;
              description
                "This key applies to all interfaces.";
            }
            leaf-list interface {
              type if:interface-ref;
              description
                "This key applies to the identified interfaces.";
            }
          }  // choice interface-options
        }  // container interfaces

        leaf protocol {
          type identityref {
            base rt:routing-protocol;
          }
          mandatory true;
          description
            "Specify a single routing protocol where this key "
              + "may be used to provide cryptographic protection.";
        }

        container protocol-specific-info {
          description
            "This field contains protocol-specified information "
              + "that maybe useful for a protocol to apply the key "
              + "correctly.  This field is left for each protocol "
              + "to define.";
        }  // container protocol-specific-info

        leaf key {
          type yang:hex-string;
          mandatory true;
          description "The key";
        }

        leaf send-lifetime-start {
          type lifetime-type;
          mandatory true;
          description
            "Specify the earliest date and time at which this key "
              + "should be considered for use when sending traffic.";
        }

        leaf send-lifetime-end {
          type lifetime-type;
          mandatory true;
          description
            "Specify the latest date and time at which this key "
              + "should be considered for use when sending traffic.";
        }

        leaf accept-lifetime-start {
          type lifetime-type;
          mandatory true;
          description
            "Specify the earliest date and time at which this key "
              + "should be considered for processing received traffic.";
        }

        leaf accept-lifetime-end {
          type lifetime-type;
          mandatory true;
          description
            "Specify the latest date and time at which this key "
              + "should be considered for processing received traffic.";
        }
      }  // list security-association-entry
    }  // container key-table
  }  // module ietf-key-table

Summary

  
  
Organization Ericsson
  
Module ietf-key-table
Version 2015-08-28
File ietf-key-table@2015-08-28.yang
  
Prefix keytable
Namespace http://www.example.com/ietf-key-table
  
Cooked /cookedmodules/ietf-key-table/2015-08-28
YANG /src/ietf-key-table@2015-08-28.yang
XSD /xsd/ietf-key-table@2015-08-28.xsd
  
Abstract A key table YANG data model based on RFC 7210
  
Contact
I. Chen - ing-wher.chen@ericsson.com

Description

 
A key table YANG data model based on RFC 7210

Typedefs

Typedef Base type Abstract
cryptographic-algorithm-type identityref This type identifies the cryptographic algorithm
key-derivation-function-type identityref This type identifies the key derivation function
lifetime-type string This type identifies a time in the format YYYYMMDDHHSSZ, where the first four digits specify the year, the next two digits specify the month, the next two digits specify the day, the next two digits specify the hour, the next two digits specify the second...
routing-protocol-type identityref This type identifies the routing protocol

Groupings

Grouping Objects Abstract
key-properties-grp kdf alg-id direction A grouping that to specify the properties of a key. This is defined as a grouping so that different routing protocols can further refine the values of each individual key properties.

Objects

Type Key
Mandatory config
Optional config
Not config
Object Type Abstract
key-table container The key table of all managed cryptographic keys of a device.
   security-association-entry list A key table entry that specifies a key and its attributes.
      accept-lifetime-end leaf Specify the latest date and time at which this key should be considered for processing received traffic.
      accept-lifetime-start leaf Specify the earliest date and time at which this key should be considered for processing received traffic.
      admin-key-name leaf A human-readable string that identifies the key.
      interfaces container Specify the interfaces to which they key may be applied.
         interface-options choice The option to apply this key to all interfaces or to a pre-defined list of interfaces.
            all-interfaces case all
               all leaf This key applies to all interfaces.
            interface-list case interface
               interface leaf-list This key applies to the identified interfaces.
      key leaf The key
      peers container Specify the peer systems that also have this key in their database. The format of this field is left to protocols to define.
      protocol leaf Specify a single routing protocol where this key may be used to provide cryptographic protection.
      protocol-specific-info container This field contains protocol-specified information that maybe useful for a protocol to apply the key correctly. This field is left for each protocol to define.
      send-lifetime-end leaf Specify the latest date and time at which this key should be considered for use when sending traffic.
      send-lifetime-start leaf Specify the earliest date and time at which this key should be considered for use when sending traffic.