netconfcentral logo

ietf-key-table@2015-08-28



  module ietf-key-table {

    yang-version 1;

    namespace
      "http://www.example.com/ietf-key-table";

    prefix keytable;

    import ietf-yang-types {
      prefix yang;
    }
    import ietf-routing {
      prefix rt;
    }
    import ietf-interfaces {
      prefix if;
    }

    organization "Ericsson";

    contact
      "I. Chen - ing-wher.chen@ericsson.com";

    description
      "A key table YANG data model based on RFC 7210";

    revision "2015-08-28" {
      description
        "Revision 3.  "
          + "Making RFC 7210 a global generic table.";
      reference
        "RFC 7210";

    }

    revision "2015-06-29" {
      description "Revision 2.";
      reference
        "RFC 7210";

    }


    identity key-derivation-function {
      base 
      description
        "Base identity from which key derivation function "
          + "identities are derived";
    }

    identity kdf-none {
      base key-derivation-function;
      description
        "This identity represents a cryptographic key that is"
          + "used directly, without a key derivation function.";
    }

    identity kdf-aes-128-cmac {
      base key-derivation-function;
      description
        "This identity represents the key derivation function that "
          + "uses AES-CMAC using 128-bit keys (RFC 4493).";
    }

    identity kdf-hmac-sha-1 {
      base key-derivation-function;
      description
        "This identity represents the key derivation function that "
          + "uses HMAC using the SHA-1 hash (RFC 2104).";
    }

    identity cryptographic-algorithm {
      base 
      description
        "Base identity from which cryptographic algorithms "
          + "are derived";
    }

    identity algid-aes-128-cmac {
      base cryptographic-algorithm;
      description
        "This identity represents the cryptographic algorithm "
          + "AES-CMAC using 128-bit keys (RFC 4493).";
    }

    identity algid-aes-128-cmac-92 {
      base cryptographic-algorithm;
      description
        "This identity represents the cryptographic algorithm "
          + "AES-128-CMAC truncated to 96 bits (RFC 5926).";
    }

    identity algid-hmac-sha-1-96 {
      base cryptographic-algorithm;
      description
        "This identity represents the cryptographic algorithm "
          + "HMAC SHA-1 truncated to 96 bits (RFC 2104).";
    }

    identity all-routing-protocols {
      base rt:routing-protocol;
      description "All routing protocols";
    }

    typedef routing-protocol-type {
      type identityref {
        base rt:routing-protocol;
      }
      description
        "This type identifies the routing protocol";
    }

    typedef key-derivation-function-type {
      type identityref {
        base key-derivation-function;
      }
      description
        "This type identifies the key derivation function";
    }

    typedef cryptographic-algorithm-type {
      type identityref {
        base cryptographic-algorithm;
      }
      description
        "This type identifies the cryptographic algorithm";
    }

    typedef lifetime-type {
      type string {
        pattern '{4}{2}{2}{2}{2}Z';
      }
      description
        "This type identifies a time in the format YYYYMMDDHHSSZ, "
          + "where the first four digits specify the year, "
          + "the next two digits specify the month, "
          + "the next two digits specify the day, "
          + "the next two digits specify the hour, "
          + "the next two digits specify the second, "
          + "ending with the letter 'Z' as a clear indication "
          + "that the time is in Coordinated Universal Time (UTC).";
    }

    grouping key-properties-grp {
      description
        "A grouping that to specify the properties of a key.  "
          + "This is defined as a grouping so that different "
          + "routing protocols can further refine the values of "
          + "each individual key properties.";
      leaf kdf {
        type key-derivation-function-type;
        description
          "Specify the key derivation function to be used "
            + "with this key.";
      }

      leaf alg-id {
        type cryptographic-algorithm-type;
        description
          "Specify the cryptographic algorithm to be used"
            + "with this key.";
      }

      leaf direction {
        type enumeration {
          enum "in" {
            value 0;
            description
              "The key is used for inbound traffic.";
          }
          enum "out" {
            value 1;
            description
              "The key is used for outbound traffic.";
          }
          enum "both" {
            value 2;
            description
              "The key is used for both inbound and outbound "
                + "traffic.";
          }
          enum "disabled" {
            value 3;
            description
              "The key is disabled and cannot be used for "
                + "either inbound or outbound traffic.";
          }
        }
        description
          "The value of the direction must be one of 'in', 'out', "
            + "'both', and 'disabled'.  The actual allowed value "
            + "is left for routing protocols to define.";
      }
    }  // grouping key-properties-grp

    container key-table {
      description
        "The key table of all managed cryptographic keys "
          + "of a device.";
      list security-association-entry {
        key "admin-key-name";
        description
          "A key table entry that specifies a key "
            + "and its attributes.";
        leaf admin-key-name {
          type string;
          description
            "A human-readable string that identifies the key.";
        }

        container peers {
          description
            "Specify the peer systems that also have this key "
              + "in their database.  The format of this field is "
              + "left to protocols to define.";
        }  // container peers

        container interfaces {
          description
            "Specify the interfaces to which they key may be applied.";
          choice interface-options {
            mandatory true;
            description
              "The option to apply this key to all interfaces or "
                + "to a pre-defined list of interfaces.";
            leaf all {
              type empty;
              description
                "This key applies to all interfaces.";
            }
            leaf-list interface {
              type if:interface-ref;
              description
                "This key applies to the identified interfaces.";
            }
          }  // choice interface-options
        }  // container interfaces

        leaf protocol {
          type identityref {
            base rt:routing-protocol;
          }
          mandatory true;
          description
            "Specify a single routing protocol where this key "
              + "may be used to provide cryptographic protection.";
        }

        container protocol-specific-info {
          description
            "This field contains protocol-specified information "
              + "that maybe useful for a protocol to apply the key "
              + "correctly.  This field is left for each protocol "
              + "to define.";
        }  // container protocol-specific-info

        leaf key {
          type yang:hex-string;
          mandatory true;
          description "The key";
        }

        leaf send-lifetime-start {
          type lifetime-type;
          mandatory true;
          description
            "Specify the earliest date and time at which this key "
              + "should be considered for use when sending traffic.";
        }

        leaf send-lifetime-end {
          type lifetime-type;
          mandatory true;
          description
            "Specify the latest date and time at which this key "
              + "should be considered for use when sending traffic.";
        }

        leaf accept-lifetime-start {
          type lifetime-type;
          mandatory true;
          description
            "Specify the earliest date and time at which this key "
              + "should be considered for processing received traffic.";
        }

        leaf accept-lifetime-end {
          type lifetime-type;
          mandatory true;
          description
            "Specify the latest date and time at which this key "
              + "should be considered for processing received traffic.";
        }
      }  // list security-association-entry
    }  // container key-table
  }  // module ietf-key-table