NED Crypto RPC YANG module for IOS Copyright (c) 2016-2020 by Cisco Systems, Inc. All rights reserved.
Version: 2020-03-01
submodule Cisco-IOS-XE-crypto-rpc { yang-version 1; belongs-to Cisco-IOS-XE-rpc { prefix ios-xe-rpc; } import cisco-semver { prefix cisco-semver; } import Cisco-IOS-XE-types { prefix ios-types; } organization "Cisco Systems"; contact "<mailto:cs-yang@cisco.com>"; description "NED Crypto RPC YANG module for IOS Copyright (c) 2016-2020 by Cisco Systems, Inc. All rights reserved."; revision "2020-03-01" { description "- Added crypto key commands without a NO prefix"; } revision "2019-11-01" { description "Added new key RPC"; } revision "2019-07-01" { description "Establish semantic version baseline"; } cisco-semver:module-version "1.2.0"; cisco-semver:module-version "1.1.0"; cisco-semver:module-version "1.0.0"; grouping debug-level-grouping { container level { choice level-choice { leaf error { type empty; description "Enable error debug"; } leaf info { type empty; description "Enable info debug"; } leaf verbose { type empty; description "Enable verbose debug"; } leaf warning { type empty; description "Enable warning debug"; } } // choice level-choice } // container level } // grouping debug-level-grouping grouping crypto-input-grouping { grouping crypto-key-export-pem-grouping { container pem { description "File type to export"; choice terminal-url { container terminal { description "Export via the terminal (cut-and-paste)"; choice des-3des { leaf pk-3des { type string; description "Encrypt the private key with 3DES"; } leaf des { type string; description "Encrypt the private key with DES"; } } // choice des-3des } // container terminal container url { description "Export via the file systems"; uses crypto-key-url-file-ex-grouping; choice des-3des { leaf url-3des { type string; description "Encrypt the private key with 3DES"; } leaf des { type string; description "Encrypt the private key with DES"; } } // choice des-3des } // container url } // choice terminal-url } // container pem } // grouping crypto-key-export-pem-grouping grouping crypto-key-url-file-ex-grouping { leaf file { type string { pattern '(((bootflash:)|(crashinfo:)|(flash:)|(ftp:)|(http:)|(https:)|(null:)|(nvram:)|(pram:)|(rcp:)|(scp:)|(system:)|(tar:)|(tftp:)|(tmpfs:)|(webui:)).*)'; } } } // grouping crypto-key-url-file-ex-grouping grouping crypto-key-url-file-im-grouping { leaf file { type string { pattern '(((bootflash:)|(cns:)|(crashinfo:)|(flash:)|(ftp:)|(http:)|(https:)|(null:)|(nvram:)|(pram:)|(rcp:)|(scp:)|(system:)|(tar:)|(tftp:)|(tmpfs:)|(webui:)).*)'; } } } // grouping crypto-key-url-file-im-grouping container pki { description "Public key components"; choice subcommand { container benchmark { description "Benchmark commands"; leaf start { type uint16 { range "0..9990"; } description "Collection limit"; } leaf wrap { when '../start'; type empty; description "Wrap data to the start of buffer"; } leaf stop { type empty; description "stop collecting benchmark data"; } } // container benchmark container crl { description "CRL command"; leaf refresh-cache { type empty; description "Refresh the CRL in cache"; } leaf request { type string; description "Requests a current CRL"; } } // container crl container authenticate { description "Authenticate trustpoint"; leaf name-drop-node-name { type string; description "trustpoint name"; } } // container authenticate container enroll { description "enroll trustpoint"; leaf name-drop-node-name { type string; description "trustpoint name"; } } // container enroll container export { description "export certificate"; leaf name-drop-node-name { type string; description "trustpoint name"; } leaf pkcs12 { type string; description "PKCS12 bundle url"; } leaf password { type string; description "PKCS12 bundle password"; } } // container export container import { description "import certificate"; leaf name-drop-node-name { type string; description "trustpoint name"; } leaf certificate { type empty; description "import id certificate"; } leaf pkcs12 { type string; description "PKCS12 bundle url"; } leaf password { type string; description "PKCS12 bundle password"; } } // container import container certificate { description "validate certificate"; leaf validate { type string; description "trustpoint name"; } } // container certificate container server { description "Server command"; leaf name-drop-node-name { type string; description "server name"; } container grant { description "Grant enrollment requests"; leaf id-drop-node-name { type uint16 { range "1..999"; } description "Enrollment id"; } leaf all { type empty; description "Grant all pending requests"; } } // container grant container password { description "One time password for SCEP enrollment"; container generate { presence "true"; description "Generate password"; leaf minutes-drop-node-name { type uint16 { range "1..1440"; } description "Validity in minutes"; } } // container generate } // container password container reject { description "Reject enrollment requests"; leaf id-drop-node-name { type uint16 { range "1..999"; } description "Enrollment id"; } leaf all { type empty; description "Reject all pending requests"; } } // container reject container remove { description "Remove enrollment requests"; leaf id-drop-node-name { type uint16 { range "1..999"; } description "Enrollment id"; } leaf all { type empty; description "Remove all pending requests"; } } // container remove container request { description "Retrieve an enrollment request"; container pkcs10 { description "PKCS10 enrollment request"; leaf location-drop-node-name { type enumeration { enum "bootflash:" { value 0; } enum "cns:" { value 1; } enum "disk0:" { value 2; } enum "disk1:" { value 3; } enum "flash:" { value 4; } enum "ftp:" { value 5; } enum "http:" { value 6; } enum "https:" { value 7; } enum "null:" { value 8; } enum "nvram:" { value 9; } enum "pram:" { value 10; } enum "rcp:" { value 11; } enum "scep" { value 12; } enum "scp:" { value 13; } enum "sftp:" { value 14; } enum "system:" { value 15; } enum "tar:" { value 16; } enum "terminal" { value 17; } enum "tftp:" { value 18; } enum "tmpsys:" { value 19; } enum "tti" { value 20; } enum "unix:" { value 21; } enum "webui:" { value 22; } } description "Retrieval location"; } choice format { leaf base64 { type empty; description "output in base64 format"; } leaf pem { type empty; description "output in pem format"; } container hex { presence "true"; description "output in hex format"; leaf tid-drop-node-name { type string; description "Transaction ID"; } leaf nonce-drop-node-name { type string; description "nonce"; } leaf rid-drop-node-name { type uint16 { range "1..999"; } description "Request ID"; } } // container hex } // choice format } // container pkcs10 } // container request leaf revoke { type string { pattern '([0-9a-fA-FxX]+)'; } description "revoke certificate"; } leaf unrevoke { type string { pattern '([0-9a-fA-FxX]+)'; } description "unrevoke certificate"; } leaf start { type empty; description "Start server"; } leaf stop { type empty; description "Stop server"; } container trim { description "Trim the CRL based on expired certificates"; leaf url { type enumeration { enum "bootflash:" { value 0; } enum "cns:" { value 1; } enum "disk0:" { value 2; } enum "disk1:" { value 3; } enum "flash:" { value 4; } enum "ftp:" { value 5; } enum "http:" { value 6; } enum "https:" { value 7; } enum "null:" { value 8; } enum "nvram:" { value 9; } enum "pram:" { value 10; } enum "rcp:" { value 11; } enum "scp:" { value 12; } enum "sftp:" { value 13; } enum "system:" { value 14; } enum "tar:" { value 15; } enum "tftp:" { value 16; } enum "tmpsys:" { value 17; } enum "unix:" { value 18; } enum "webui:" { value 19; } } description "location of expired certs file"; } leaf verbose { type empty; } } // container trim } // container server } // choice subcommand } // container pki container key { description "Key related commands."; container zeroize { description "Remove RSA/EC keys"; leaf rsa { type string; description "Remove RSA keys"; } } // container zeroize } // container key container generate { description "Generate new keys"; container ec { description "Generate EC keys for ECDSA"; leaf keysize { type enumeration { enum "256" { value 0; } enum "384" { value 1; } } description "Number of bits"; } leaf exportable { type empty; description "Allow key to be exported"; } leaf label { type string; description "Provide a label"; } } // container ec container rsa { presence "true"; description "Generate RSA keys"; leaf encryption { type empty; description "Generate a general purpose RSA key pair for signing and encryption"; } leaf exportable { type empty; description "Allow the key to be exported"; } leaf general-keys { type empty; description "Generate a general purpose RSA key pair for signing and encryption"; } leaf label { type string; description "Provide a label"; } leaf modulus { type uint16 { range "360..4096"; } description "Provide number of modulus bits on the command line"; } leaf on { type string; description "create key on specified device."; } leaf redundancy { type empty; description "Allow the key to be synced to high-availability peer"; } leaf signature { type empty; description "Generate a general purpose RSA key pair for signing and encryption"; } leaf storage { type string; description "Store key on specified device"; } leaf usage-keys { type empty; description "Generate separate RSA key pairs for signing and encryption"; } } // container rsa } // container generate container export { description "Export keys"; list ec { key "label"; description "Export EC keys"; leaf label { type string; } uses crypto-key-export-pem-grouping; } // list ec list rsa { key "label"; description "Export RSRA keys"; leaf label { type string; } uses crypto-key-export-pem-grouping; } // list rsa } // container export container import { description "Import keys"; list ec { key "name"; description "Import EC keys"; leaf name { type string; } leaf exportable { type empty; description "Allow key to be exported"; } choice terminal-url { leaf terminal { type string; description "Import via the terminal (cut-and-paste)"; } container url { description "Export via the file systems"; uses crypto-key-url-file-im-grouping; leaf key { type string; } } // container url } // choice terminal-url } // list ec list rsa { key "label"; description "Import RSA keys"; leaf label { type string; } leaf encryption { type empty; description "Encryption key"; } leaf exportable { type empty; description "Allow the key to be exported"; } leaf general-purpose { type empty; description "General Purpose key"; } leaf on { type string; description "Make this an on-token key"; } leaf pem { type empty; description "File type to import"; } leaf redundancy { type empty; description "Sync this key to the standby"; } leaf signature { type empty; description "Signature key"; } leaf storage { type string; description "Store key on specified device"; } leaf usage-keys { type empty; description "Usage key pairs"; } choice terminal-url { leaf terminal { type string; description "Import via the terminal (cut-and-paste)"; } container url { description "Export via the file systems"; uses crypto-key-url-file-im-grouping; leaf key { type string; } } // container url } // choice terminal-url } // list rsa } // container import } // grouping crypto-input-grouping grouping debug-input-crypto-grouping { container crypto { description "Cryptographic subsystem"; container pki { description "PKI debugging information"; leaf API { type empty; description "PKI API debugging information"; } leaf callbacks { type empty; description "PKI callbacks debugging information"; } leaf messages { type empty; description "PKI messages debugging information"; } leaf scep { type empty; description "PKI scep debugging information"; } container server { presence "true"; description "PKI server debugging information"; leaf performance { type empty; description "PKI server performance debugging information"; } } // container server container transactions { presence "true"; description "PKI transaction debugging information"; leaf performance { type empty; description "PKI transaction performance debugging information"; } } // container transactions leaf validation { type empty; description "PKI validation debugging information"; } } // container pki leaf est-client { type empty; description "EST client debugging information"; } leaf ha { type empty; description "PKI HA debugging information"; } } // container crypto } // grouping debug-input-crypto-grouping grouping debug-platform-condition-feature-ipsec-grouping { container ipsec { description "IPSEC feature"; container dataplane { description "packet/flow information"; choice dataplane-debug-choice { container submode { description "submode information"; choice submode-choice { container all { description "ipsec all submode"; uses debug-level-grouping; } // container all container cce { description "ipsec cce submode"; uses debug-level-grouping; } // container cce container pkt-dump { description "ipsec pkt-dump submode"; uses debug-level-grouping; } // container pkt-dump } // choice submode-choice } // container submode leaf droptype { type union { type uint8 { range "1..113"; } type ios-types:range-string; } description "Set debug droptype"; } leaf pktcorrupt { type uint8 { range "1..255"; } description "Set debug pkt corruption"; } } // choice dataplane-debug-choice leaf no { type empty; description "for no debug platform condition feature ipsec dataplane ..."; } } // container dataplane } // container ipsec } // grouping debug-platform-condition-feature-ipsec-grouping } // submodule Cisco-IOS-XE-crypto-rpc
© 2023 YumaWorks, Inc. All rights reserved.