This module contains general data definitions for use in keychain-based authentication.
openconfig-extensions
description:
Base identify to define the type of authentication
description:
Authentication is provided via a simple authentication key. The
key is configured at each end, and the exchange of the key may be
encrypted or not
base identity: AUTH_TYPE
description:
This identity indicates that the authentication is selected
from a keychain.
base identity: AUTH_TYPE
description:
Base identify for the cryptographic algorithm
description:
No encryption is used
base identity: CRYPTO_TYPE
description:
MD5 message-digest algorithm produces a 128-bit hash value.
base identity: CRYPTO_TYPE
description:
HMAC-MD5 keyed hash algorithm constructed from MD5 hash
function and used as a HMAC.
base identity: CRYPTO_TYPE
description:
SHA-1 cryptographic hash function that produces a 160-bit hash value.
base identity: CRYPTO_TYPE
description:
HMAC-SHA-1 keyed hash algorithm constructed from SHA-1 hash
function and used as a HMAC.
base identity: CRYPTO_TYPE
description:
HMAC-SHA-1-12 algorithm
base identity: CRYPTO_TYPE
description:
HMAC-SHA-1-20 algorithm
base identity: CRYPTO_TYPE
description:
HMAC-SHA-1-96 keyed hash algorithm constructed from SHA-1 hash
function and used as a HMAC, operating on 64-byte blocks of data.
base identity: CRYPTO_TYPE
description:
HMAC-SHA-256 keyed hash algorithm constructed from the secure
SHA-256 hash function and used as a HMAC.
base identity: CRYPTO_TYPE
description:
AES-128-CMAC-96 keyed hash function based on a AES-128 block
cipher.
base identity: CRYPTO_TYPE
description:
AES-128-CMAC keyed hash function based on a AES-128 block
cipher.
base identity: CRYPTO_TYPE
description:
AES-256-CMAC keyed hash function based on a AES-256 block
cipher.
base identity: CRYPTO_TYPE
This module describes a YANG model for keychain configuration and management. These keys can be changed frequently to increase security in long-lived connections. A keychain can be used for authenticaion in a number of scenarios, including in routing protocols (e.g. BGP, IS-IS, OSPF). A keychain provides a solution for storing a number of different keys, each key string value is associated with a specific key id, name, the lifetime that the key is valid and an encryption algorithm.
This model defines a central location for defining named keychains, which may be then referenced by other models such as routing protocol management.
openconfig-extensions
openconfig-keychain-types
openconfig-types
openconfig-yang-types
description:
A reference to a keychain defined on the system that can be used by
modules that require access to keychains.
type: leafref
description:
This container defines keychains.
nodetype: container (rw)
description:
List of defined keychains.
nodetype: list (rw)
list keys: [name]
description:
Reference to configured keychain name
nodetype: leaf (list key) (rw)
type: leafref
description:
This container defines keychain configuration.
nodetype: container (rw)
description:
Keychain name.
nodetype: leaf (rw)
type: string
description:
Tolerance (overlap time) that a receive key should be accepted. May be
expressed as range in seconds, or using the FOREVER value to indicate
that the key does not expire. The default value should be 0, i.e., no
tolerance.
nodetype: leaf (rw)
type: union
type: enumeration
type: uint32
description:
This container defines keychain state information.
nodetype: container (ro)
description:
Keychain name.
nodetype: leaf (ro)
type: string
description:
Tolerance (overlap time) that a receive key should be accepted. May be
expressed as range in seconds, or using the FOREVER value to indicate
that the key does not expire. The default value should be 0, i.e., no
tolerance.
nodetype: leaf (ro)
type: union
type: enumeration
type: uint32
description:
list of keys to be stored
nodetype: container (rw)
description:
List of configured keys for the keychain.
nodetype: list (rw)
list keys: [key-id]
description:
Reference to key id.
nodetype: leaf (list key) (rw)
type: leafref
description:
This container defines keychain key configuration.
nodetype: container (rw)
description:
Identifier for the key within the keychain. Note that the
hex-string type is deprecated and will be removed from a future
version of this model. Implementations should transition to using
the hex-string-prefixed type.
nodetype: leaf (rw)
type: union
type: oc-yang:hex-string-prefixed
type: uint64
description:
Authentication key supplied as an encrypted value. The system should store and
return the key in encrypted form.
nodetype: leaf (rw)
type: string
description:
Cryptographic algorithm associated with the key. Note that not all cryptographic
algorithms are available in all contexts (e.g., across different protocols).
nodetype: leaf (rw)
type: identityref
description:
This container defines keychain key state.
nodetype: container (ro)
description:
Identifier for the key within the keychain. Note that the
hex-string type is deprecated and will be removed from a future
version of this model. Implementations should transition to using
the hex-string-prefixed type.
nodetype: leaf (ro)
type: union
type: oc-yang:hex-string-prefixed
type: uint64
description:
Authentication key supplied as an encrypted value. The system should store and
return the key in encrypted form.
nodetype: leaf (ro)
type: string
description:
Cryptographic algorithm associated with the key. Note that not all cryptographic
algorithms are available in all contexts (e.g., across different protocols).
nodetype: leaf (ro)
type: identityref
description:
Specifies the lifetime of the key for sending authentication
information to the peer.
nodetype: container (rw)
description:
Configuration data for key send lifetime.
nodetype: container (rw)
description:
The time at which the key becomes valid for use.
The value is the timestamp in nanoseconds relative to
the Unix Epoch (Jan 1, 1970 00:00:00 UTC).
nodetype: leaf (rw)
type: oc-types:timeticks64
description:
The time at which the key becomes invalid for use.
The value is the timestamp in nanoseconds relative to
the Unix Epoch (Jan 1, 1970 00:00:00 UTC).
Leaving this value unset, or setting it to 0, indicates that
the key remains valid forever (no end time).
nodetype: leaf (rw)
type: oc-types:timeticks64
description:
When this is set to true (the default value), the specified
send lifetime is also used in the receive direction. When set
to false, the device should use the specified receive-lifetime
for the receive direction (asymmetric mode). If send-and-receive
is false, and the device does not support asymmetric configuration,
the config should be rejected as unsupported.
nodetype: leaf (rw)
type: boolean
default: true
description:
Operational state data for key send lifetime.
nodetype: container (ro)
description:
The time at which the key becomes valid for use.
The value is the timestamp in nanoseconds relative to
the Unix Epoch (Jan 1, 1970 00:00:00 UTC).
nodetype: leaf (ro)
type: oc-types:timeticks64
description:
The time at which the key becomes invalid for use.
The value is the timestamp in nanoseconds relative to
the Unix Epoch (Jan 1, 1970 00:00:00 UTC).
Leaving this value unset, or setting it to 0, indicates that
the key remains valid forever (no end time).
nodetype: leaf (ro)
type: oc-types:timeticks64
description:
When this is set to true (the default value), the specified
send lifetime is also used in the receive direction. When set
to false, the device should use the specified receive-lifetime
for the receive direction (asymmetric mode). If send-and-receive
is false, and the device does not support asymmetric configuration,
the config should be rejected as unsupported.
nodetype: leaf (ro)
type: boolean
default: true
description:
Specify the validity lifetime of the key in the receive direction.
Some platforms may only support symmetric send and receive lifetimes,
in which case the receive-lifetime is typically not specified.
nodetype: container (rw)
description:
Configuration data for key receive lifetime.
nodetype: container (rw)
description:
The time at which the key becomes valid for use.
The value is the timestamp in nanoseconds relative to
the Unix Epoch (Jan 1, 1970 00:00:00 UTC).
nodetype: leaf (rw)
type: oc-types:timeticks64
description:
The time at which the key becomes invalid for use.
The value is the timestamp in nanoseconds relative to
the Unix Epoch (Jan 1, 1970 00:00:00 UTC).
Leaving this value unset, or setting it to 0, indicates that
the key remains valid forever (no end time).
nodetype: leaf (rw)
type: oc-types:timeticks64
description:
Operational state data for key receive lifetime.
nodetype: container (ro)
description:
The time at which the key becomes valid for use.
The value is the timestamp in nanoseconds relative to
the Unix Epoch (Jan 1, 1970 00:00:00 UTC).
nodetype: leaf (ro)
type: oc-types:timeticks64
description:
The time at which the key becomes invalid for use.
The value is the timestamp in nanoseconds relative to
the Unix Epoch (Jan 1, 1970 00:00:00 UTC).
Leaving this value unset, or setting it to 0, indicates that
the key remains valid forever (no end time).
nodetype: leaf (ro)
type: oc-types:timeticks64