This YANG module defines the generic configuration data for key-chain. It is intended that the module will be extended by vendor...
Version: 2015-02-24
module ietf-key-chain { yang-version 1; namespace "urn:ietf:params:xml:ns:yang:ietf-key-chain"; prefix key-chain; import ietf-yang-types { prefix yang; } organization "Cisco Systems 170 West Tasman Drive San Jose, CA 95134-1706 USA"; contact "Acee Lindem - acee@cisco.com"; description "This YANG module defines the generic configuration data for key-chain. It is intended that the module will be extended by vendors to define vendor-specific key-chain configuration parameters. "; revision "2015-02-24" { description "Initial revision."; reference "RFC XXXX: A YANG Data Model for key-chain"; } typedef key-chain-ref { type leafref { path "/key-chain:key-chains/key-chain:name"; } description "This type is used by data models that need to reference configured key-chains."; } feature hex-key-string { description "Support hexadecimal key string."; } feature accept-tolerance { description "To specify the tolerance or acceptance limit."; } feature independent-send-accept-lifetime { description "Support for independent send and accept key lifetimes."; } grouping lifetime { description "Key lifetime specification."; choice lifetime { default 'always'; description "Options for specifying key accept or send lifetimes"; leaf always { type empty; description "Indicates key lifetime is always valid."; } case start-end-time { leaf start-date-time { type yang:date-and-time; description "Start time."; } choice end-time { default 'infinite'; description "End-time setting."; leaf no-end-time { type empty; description "Indicates key lifetime end-time in infinite."; } leaf duration { type uint32 { range "1..2147483646"; } units "seconds"; description "Key lifetime duration, in seconds"; } leaf end-date-time { type yang:date-and-time; description "End time."; } } // choice end-time } // case start-end-time } // choice lifetime } // grouping lifetime grouping crypto-algorithm-types { description "Cryptographic algorithm types."; choice algorithm { description "Options for crytographic algorithm specification."; leaf hmac-sha1-12 { type empty; description "The HMAC-SHA1-12 algorithm."; } leaf hmac-sha1-20 { type empty; description "The HMAC-SHA1-20 algorithm."; } leaf md5 { type empty; description "The MD5 algorithm."; } leaf sha-1 { type empty; description "The SHA-1 algorithm."; } leaf hmac-sha-1 { type empty; description "HMAC-SHA-1 authentication algorithm."; } leaf hmac-sha-256 { type empty; description "HMAC-SHA-256 authentication algorithm."; } leaf hmac-sha-384 { type empty; description "HMAC-SHA-384 authentication algorithm."; } leaf hmac-sha-512 { type empty; description "HMAC-SHA-512 authentication algorithm."; } } // choice algorithm } // grouping crypto-algorithm-types grouping key-chain { description "key-chain specification grouping."; leaf name { type string; description "Name of the key-chain."; } container accept-tolerance { if-feature accept-tolerance; description "Tolerance for key lifetime acceptance (seconds)."; leaf duration { type uint32; units "seconds"; default "0"; description "Tolerance range, in seconds."; } } // container accept-tolerance list key { key "key-id"; description "One key."; leaf key-id { type uint64; description "Key id."; } container key-string { description "The key string."; choice key-string-style { description "Key string styles"; leaf keystring { type string; description "Key string in ASCII format."; } case hexadecimal { if-feature hex-key-string; leaf hexadecimal-string { type yang:hex-string; description "Key in hexadecimal string format."; } } // case hexadecimal } // choice key-string-style } // container key-string container lifetime { description "Specify a key's lifetime."; choice lifetime { description "Options for specification of send and accept lifetimes."; case send-and-accept-lifetime { description "Send and accept key have the same lifetime."; container send-accept-lifetime { description "Single lifetime specification for both send and accept lifetimes."; uses lifetime; } // container send-accept-lifetime } // case send-and-accept-lifetime case independent-send-accept-lifetime { if-feature independent-send-accept-lifetime; description "Independent send and accept key lifetimes."; container send-lifetime { description "Separate lifetime specification for send lifetime."; uses lifetime; } // container send-lifetime container accept-lifetime { description "Separate lifetime specification for accept lifetime."; uses lifetime; } // container accept-lifetime } // case independent-send-accept-lifetime } // choice lifetime } // container lifetime container crypto-algorithm { description "Cryptographic algorithm associated with key."; uses crypto-algorithm-types; } // container crypto-algorithm } // list key } // grouping key-chain list key-chains { key "name"; description "A key-chain is a sequence of keys that are collectively managed for authentication."; uses key-chain; } // list key-chains } // module ietf-key-chain
© 2023 YumaWorks, Inc. All rights reserved.