This module contains a collection of YANG definitions for Cisco IOS-XR crypto-cepki package configuration. This module contains...
Version: 2021-03-24
module Cisco-IOS-XR-crypto-cepki-cfg { yang-version 1; namespace "http://cisco.com/ns/yang/Cisco-IOS-XR-crypto-cepki-cfg"; prefix crypto-cepki-cfg; import ietf-inet-types { prefix inet; } import Cisco-IOS-XR-types { prefix xr; } import cisco-semver { prefix semver; } organization "Cisco Systems, Inc."; contact "Cisco Systems, Inc. Customer Service Postal: 170 West Tasman Drive San Jose, CA 95134 Tel: +1 800 553-NETS E-mail: cs-yang@cisco.com"; description "This module contains a collection of YANG definitions for Cisco IOS-XR crypto-cepki package configuration. This module contains definitions for the following management objects: crypto-ca: Crypto CertificateAuthority Copyright (c) 2013-2021 by Cisco Systems, Inc. All rights reserved."; revision "2021-03-24" { description "Allowed configuration of crypto keys enhancement in IOS XR 2020-12-10 Fips mode enabled for aarch64 platform 2020-11-24 Correct the range for ca lifetime for system-trustpoint. 2020-09-02 Yang support ed25519 key added"; } revision "2020-07-12" { description "Associated task-name added 2020-05-25 Yang support missing for message digest 2020-05-10 Yang support for all cepki features 2020-02-05 Yang support to fetch CRL via Source Interface."; } revision "2019-04-05" { description "Establish semantic version baseline."; } revision "2015-11-09" { description "IOS XR 6.0 revision."; } semver:module-version "1.2.0"; semver:module-version "1.1.0"; semver:module-version "1.0.0"; typedef Type-key { type enumeration { enum "rsa" { value 1; description "Rsa key"; } enum "ecdsanistp256" { value 2; description "ecdsa-nistp256 key"; } enum "ecdsanistp384" { value 4; description "ecdsa-nistp384 key"; } enum "ecdsanistp521" { value 8; description "ecdsa-nistp521 key"; } enum "dsa" { value 16; description "Dsa key"; } enum "ed25519" { value 32; description "Ed25519 key"; } } description "Type key"; } typedef Addr { type enumeration { enum "ipv4" { value 1; description "IPv4 address family"; } enum "ipv6" { value 20; description "IPv6 address family"; } } description "Addr"; } typedef Digest { type enumeration { enum "md5" { value 1; description "md5 algorithm"; } enum "sha1" { value 2; description "sha1 algorithm"; } enum "sha256" { value 3; description "sha256 algorithm"; } enum "sha384" { value 4; description "sha384 algorithm"; } enum "sha512" { value 5; description "sha512 algorithm"; } } description "Digest"; } grouping SFTP { description "Common node of trustpoint, system-trustpoint"; container sftp { description "Secure FTP"; leaf username { type string; description "Secure FTP username"; } leaf password { type xr:Proprietary-password; description "SFTP password in cleartext or encrypted form"; } } // container sftp } // grouping SFTP grouping VRF-TABLE { description "Common node of trustpoint, system-trustpoint, trustpool"; container vrf-table { description "vrf table"; leaf vrf { type xr:Cisco-ios-xr-string { length "1..32"; } description "VRF name (max:32 chars)"; } } // container vrf-table } // grouping VRF-TABLE grouping CRL { description "Common node of trustpoint, system-trustpoint, trustpool"; container crl { description "CRL Parameters"; leaf optional { type empty; description "Set 'true' if CRL check is optional"; } } // container crl } // grouping CRL grouping QUERY { description "Common node of trustpoint, system-trustpoint"; container query { description "Query Parameters"; leaf url { type string; description "CertificateAuthority Server Query URL"; } } // container query } // grouping QUERY grouping ATTRIBUTE { description "Common node of trustpoint, system-trustpoint"; container attribute { description "Trustpoint Attributes"; container ip-address { description "Include IP-Address in certificate"; leaf address { type inet:ipv4-address-no-zone; must "not(../no-address)"; description "IP address"; } leaf no-address { type empty; must "not(../address)"; description "Do not include IP address"; } } // container ip-address leaf serial-number { type boolean; description "Include serial number in certificate"; } leaf subject-name { type string; description "Include subject name in certificate"; } } // container attribute } // grouping ATTRIBUTE grouping RSA-KEY-PAIR { description "Common node of trustpoint, system-trustpoint"; leaf rsa-key-pair { type string; description "RSA key Pair to use for enrolling this Trustpoint"; } } // grouping RSA-KEY-PAIR grouping DESCRIPTION { description "Common node of trustpoint, system-trustpoint, trustpool"; leaf description { type string { length "1..80"; } description "Description for this trustpoint"; } } // grouping DESCRIPTION grouping ENROLLMENT { description "Common node of trustpoint, system-trustpoint"; container enrollment { description "Certificate Enrollment Parameters"; container retry { description "Enrollment Retry Parameters"; leaf period { type uint32 { range "1..60"; } units "minute"; default "1"; description "How long to wait between retry requests to CertificateAuthority for Certificate"; } leaf count { type uint32 { range "1..100"; } default "10"; description "How many times the router should poll CertificateAuthority for Certificate"; } } // container retry leaf url { type string; description "CertificateAuthority Server Enrollment URL"; } } // container enrollment } // grouping ENROLLMENT container crypto-ca { description "Crypto CertificateAuthority"; container fips-mode { description "fips mode configuration"; leaf enable { type empty; description "Fips Mode Enabled"; } } // container fips-mode container certificate-authority { description "Certification Authority"; container system-trustpoint { description "Trustpoint Name"; container keypair { description "keypair label"; leaf type-key { type Type-key; description "dsa/ecdsanistp256/ecdsanistp384/ecdsanistp521/rsa/ed25519"; } leaf name { type string; description "key-pair label"; } } // container keypair container ca-keypair { description "self-enrollment ca-keypair label"; leaf type-key { type Type-key; description "dsa/ecdsanistp256/ecdsanistp384/ecdsanistp521/rsa/ed25519"; } leaf name { type string; description "key-pair label"; } } // container ca-keypair container key-usage { description "key usage field for the certificate"; leaf dataencipherment { type uint32 { range "0..1"; } description "Key usage field as data-encipherment for certificate"; } leaf digitalsignature { type uint32 { range "0..1"; } description "Key usage field as digital-signature for certificate"; } leaf keyagreement { type uint32 { range "0..1"; } description "Key usage field as key-agreement for certificate"; } leaf keyencipherment { type uint32 { range "0..1"; } description "Key usage field as key-encipherment for certificate"; } leaf nonrepudiation { type uint32 { range "0..1"; } description "Key usage field as non-repudiation for certificate"; } } // container key-usage container key-usage-ca { description "key usage field for the CA certificate"; leaf crlsign { type uint32 { range "0..1"; } description "Key usage field as crl-sign for CA certificate"; } leaf digitalsignature { type uint32 { range "0..1"; } description "Key usage field as digital-signature for CA certificate"; } leaf keycertsign { type uint32 { range "0..1"; } description "Key usage field as key-certsign for CA certificate"; } leaf nonrepudiation { type uint32 { range "0..1"; } description "Key usage field as non-repudiation for CA certificate"; } } // container key-usage-ca leaf subject-name-ca { type string; description "Ca Certificate subject name for self enrollment"; } leaf message-digest { type Digest; description "Certificate message digest self enrollment"; } leaf lifetime-ca-cert { type uint32 { range "30..5475"; } units "day"; default "365"; description "Validity of ca certficate in days"; } leaf lifetime-cert { type uint32 { range "30..5474"; } units "day"; default "200"; description "Validity of leaf certficate in days"; } uses SFTP; uses ATTRIBUTE; uses RSA-KEY-PAIR; uses CRL; uses ENROLLMENT; uses VRF-TABLE; uses QUERY; uses DESCRIPTION; } // container system-trustpoint container trustpool { description "Trustpool Related Configuration"; container cabundle { description "CA bundle download parameters"; leaf url { type string; description "CertificateAuthority bundle download parameters"; } } // container cabundle uses CRL; uses VRF-TABLE; uses DESCRIPTION; } // container trustpool container trustpoints { description "Trustpoint Related Configuration"; list trustpoint { key "name"; description "Trustpoint Name"; leaf name { type xr:Cisco-ios-xr-string; description "Trustpoint Name"; } uses SFTP; uses ATTRIBUTE; uses RSA-KEY-PAIR; uses CRL; uses ENROLLMENT; uses VRF-TABLE; uses QUERY; uses DESCRIPTION; } // list trustpoint } // container trustpoints leaf rsa1024 { type empty; description "Specify rsa key bit 1024 or lesser size allowed or not"; } } // container certificate-authority container http-proxy { description "Specify proxy server and port for http request"; leaf server { type string; description "Http proxy server"; } leaf port { type xr:Cisco-ios-xr-port-number; description "Http proxy server port"; } } // container http-proxy container source-interface { description "Specify source interface for http request"; leaf source-interface { type xr:Interface-name; description "Source interface for CRL"; } leaf addr-type { type Addr; description "IPv4 / IPv6"; } } // container source-interface } // container crypto-ca } // module Cisco-IOS-XR-crypto-cepki-cfg
© 2023 YumaWorks, Inc. All rights reserved.