This module contains a collection of YANG definitions for Cisco IOS-XR crypto package configuration. This YANG module augments ...
Version: 2021-04-02
module Cisco-IOS-XR-um-crypto-cfg { yang-version 1; namespace "http://cisco.com/ns/yang/Cisco-IOS-XR-um-crypto-cfg"; prefix um-crypto-cfg; import Cisco-IOS-XR-types { prefix xr; } import ietf-inet-types { prefix inet; } import Cisco-IOS-XR-um-snmp-server-cfg { prefix a1; } import cisco-semver { prefix semver; } organization "Cisco Systems, Inc."; contact "Cisco Systems, Inc. Customer Service Postal: 170 West Tasman Drive San Jose, CA 95134 Tel: +1 800 553-NETS E-mail: cs-yang@cisco.com"; description "This module contains a collection of YANG definitions for Cisco IOS-XR crypto package configuration. This YANG module augments the modules with configuration data. Copyright (c) 2021 by Cisco Systems, Inc. All rights reserved."; revision "2021-04-02" { description "Initial release"; } semver:module-version "1.0.0"; augment /a1:snmp-server/a1:traps { container pki { presence "Indicates a pki node is configured."; description "Enable SNMP traps for certificate expiry"; } // container pki } container crypto { description "Global Crypto configuration command"; container ca { description "Certification authority"; container trustpoint { description " Config a trustpoint"; container system-trustpoint { presence "Indicates a system-trustpoint node is configured."; description "Default System trustpoint"; leaf description { type string { length "1..80"; } description "Description for the trustpoint"; } container enrollment { description "Enrollment parameters"; container retry { description "Polling parameters"; leaf count { type uint32 { range "1..100"; } description "How many times to poll CA for our certificate"; } leaf period { type uint32 { range "1..60"; } description "How long to wait between requests to CA for our certificate"; } } // container retry leaf url { type string { length "1..800"; } description "CA server enrollment URL"; } container terminal { must "not(../self)"; presence "Indicates a terminal node is configured."; description "Enroll via the terminal (cut-and-paste)"; } // container terminal container self { must "not(../terminal)"; presence "Indicates a self node is configured."; description "Enroll self create self signed CA cert and the router cert signed using the same"; } // container self } // container enrollment container sftp-password { description "Secure FTP password"; leaf password { type xr:Proprietary-password; description "Enter password in encrypted form"; } } // container sftp-password leaf sftp-username { type xr:Cisco-ios-xr-string { length "1..800"; } description "Secure FTP username"; } leaf rsakeypair { type xr:Cisco-ios-xr-string { length "1..800"; } description "RSA key pair"; } container ca-keypair { description "Self enrollment, key pair ca cert"; leaf rsa { type xr:Cisco-ios-xr-string { length "1..800"; } must "not(../ecdsanistp256 or ../ecdsanistp384 or ../ecdsanistp521 or ../dsa or ../ed25519)"; description "Self enrollment, rsa key pair"; } leaf ecdsanistp256 { type xr:Cisco-ios-xr-string { length "1..800"; } must "not(../rsa or ../ecdsanistp384 or ../ecdsanistp521 or ../dsa or ../ed25519)"; description "Self enrollment, ecdsa key pair"; } leaf ecdsanistp384 { type xr:Cisco-ios-xr-string { length "1..800"; } must "not(../rsa or ../ecdsanistp256 or ../ecdsanistp521 or ../dsa or ../ed25519)"; description "Self enrollment, ecdsa key pair"; } leaf ecdsanistp521 { type xr:Cisco-ios-xr-string { length "1..800"; } must "not(../rsa or ../ecdsanistp256 or ../ecdsanistp384 or ../dsa or ../ed25519)"; description "Self enrollment, ecdsa key pair"; } leaf dsa { type xr:Cisco-ios-xr-string { length "1..800"; } must "not(../rsa or ../ecdsanistp256 or ../ecdsanistp384 or ../ecdsanistp521 or ../ed25519)"; description "Self enrollment, dsa key pair label"; } leaf ed25519 { type xr:Cisco-ios-xr-string { length "1..800"; } must "not(../rsa or ../ecdsanistp256 or ../ecdsanistp384 or ../ecdsanistp521 or ../dsa)"; description "ed25519 key pair label"; } } // container ca-keypair container keypair { description "key pair for router/leaf cert"; leaf rsa { type xr:Cisco-ios-xr-string { length "1..800"; } must "not(../ecdsanistp256 or ../ecdsanistp384 or ../ecdsanistp521 or ../dsa or ../ed25519)"; description "Rsa key pair"; } leaf ecdsanistp256 { type xr:Cisco-ios-xr-string { length "1..800"; } must "not(../rsa or ../ecdsanistp384 or ../ecdsanistp521 or ../dsa or ../ed25519)"; description "Ecdsa key pair"; } leaf ecdsanistp384 { type xr:Cisco-ios-xr-string { length "1..800"; } must "not(../rsa or ../ecdsanistp256 or ../ecdsanistp521 or ../dsa or ../ed25519)"; description "Self enrollment, ecdsa key pair"; } leaf ecdsanistp521 { type xr:Cisco-ios-xr-string { length "1..800"; } must "not(../rsa or ../ecdsanistp256 or ../ecdsanistp384 or ../dsa or ../ed25519)"; description "Self enrollment, ecdsa key pair"; } leaf dsa { type xr:Cisco-ios-xr-string { length "1..800"; } must "not(../rsa or ../ecdsanistp256 or ../ecdsanistp384 or ../ecdsanistp521 or ../ed25519)"; description "Dsa key pair label"; } leaf ed25519 { type xr:Cisco-ios-xr-string { length "1..800"; } must "not(../rsa or ../ecdsanistp256 or ../ecdsanistp384 or ../ecdsanistp521 or ../dsa)"; description "ed25519 key pair label"; } } // container keypair container crl { description "CRL options"; container optional { presence "Indicates a optional node is configured."; description "CRL verification as optional"; } // container optional } // container crl container query { description "Query parameters"; leaf url { type string { length "1..800"; } description "CA server query URL"; } } // container query container ip-address { description "include ip address"; leaf ipv4-address { type inet:ipv4-address-no-zone; must "not(../none)"; description "ip address"; } container none { must "not(../ipv4-address)"; presence "Indicates a none node is configured."; description "do not include ip address"; } // container none } // container ip-address container subject-name { description "Subject Name"; leaf ca-certificate { type string { length "1..800"; } description "Ca Certificate subject name for self enrollment"; } } // container subject-name container serial-number { description "include serial number"; container none { presence "Indicates a none node is configured."; description "do not include serial number"; } // container none } // container serial-number leaf vrf { type xr:Cisco-ios-xr-string { length "1..32"; } description "Source interface VRF "; } container lifetime { description "lifetime for certificate valid for self enrollment"; leaf ca-certificate { type uint32 { range "30..5475"; } description "lifetime for ca-certificate valid for self enrollemnt"; } leaf certificate { type uint32 { range "30..5474"; } description "lifetime for ertificate valid for self enrollemnt"; } } // container lifetime container key-usage { description "key usage field for the certificate self enrollment"; container ca-certificate { presence "Indicates a ca-certificate node is configured."; description "key usage field for the CA certificate"; leaf digitalsignature { type boolean; mandatory true; description "Key usage field as digital-signature for CA certificate"; } leaf keycertsign { type boolean; mandatory true; description "Key usage field as key-certsign for CA certificate"; } leaf crlsign { type boolean; mandatory true; description "Key usage field as crl-sign for CA certificate"; } leaf nonrepudiation { type boolean; mandatory true; description "Key usage field as non-repudiation for CA certificate"; } } // container ca-certificate container certificate { must "digitalsignature or keyagreement or nonrepudiation or dataencipherment or keyencipherment"; presence "Indicates a certificate node is configured."; description "key usage field for the leaf certificates"; container digitalsignature { presence "Indicates a digitalsignature node is configured."; description "Key usage field as digital-signature for certificate"; } // container digitalsignature container keyagreement { presence "Indicates a keyagreement node is configured."; description "Key usage field as key-agreement for certificate"; } // container keyagreement container nonrepudiation { presence "Indicates a nonrepudiation node is configured."; description "Key usage field as non-repudiation for certificate"; } // container nonrepudiation container dataencipherment { presence "Indicates a dataencipherment node is configured."; description "Key usage field as data-encipherment for certificate"; } // container dataencipherment container keyencipherment { presence "Indicates a keyencipherment node is configured."; description "Key usage field as key-encipherment for certificate"; } // container keyencipherment } // container certificate } // container key-usage leaf message-digest { type enumeration { enum "md5" { value 1; description "md5 algorithm for message digest.(1)"; } enum "sha1" { value 2; description "sha1 algorithm for message digest.(2)"; } enum "sha256" { value 3; description "sha256 algorithm for message digest.(3)"; } enum "sha384" { value 4; description "sha384 algorithm for message digest.(4)"; } enum "sha512" { value 5; description "sha384 algorithm for message digest.(5)"; } } description "Certificate message digesti self enrollment"; } } // container system-trustpoint container trustpoints { description "Config a trustpoint"; list trustpoint { key "trustpoint-name"; description "Trustpoint"; leaf trustpoint-name { type xr:Cisco-ios-xr-string { length "1..1024"; } description "Trustpoint Name"; } leaf description { type string { length "1..80"; } description "Description for the trustpoint"; } container enrollment { description "Enrollment parameters"; container retry { description "Polling parameters"; leaf count { type uint32 { range "1..100"; } description "How many times to poll CA for our certificate"; } leaf period { type uint32 { range "1..60"; } description "How long to wait between requests to CA for our certificate"; } } // container retry leaf url { type string { length "1..800"; } description "CA server enrollment URL"; } container terminal { presence "Indicates a terminal node is configured."; description "Enroll via the terminal (cut-and-paste)"; } // container terminal } // container enrollment container sftp-password { description "Secure FTP password"; leaf password { type xr:Proprietary-password; description "Enter password in encrypted form"; } } // container sftp-password leaf sftp-username { type xr:Cisco-ios-xr-string { length "1..800"; } description "Secure FTP username"; } leaf rsakeypair { type xr:Cisco-ios-xr-string { length "1..800"; } description "RSA key pair"; } container crl { description "CRL options"; container optional { presence "Indicates a optional node is configured."; description "CRL verification as optional"; } // container optional } // container crl container query { description "Query parameters"; leaf url { type string { length "1..800"; } description "CA server query URL"; } } // container query container ip-address { description "include ip address"; leaf ipv4-address { type inet:ipv4-address-no-zone; must "not(../none)"; description "ip address"; } container none { must "not(../ipv4-address)"; presence "Indicates a none node is configured."; description "do not include ip address"; } // container none } // container ip-address container subject-name { description "Subject Name"; leaf ca-certificate { type string { length "1..800"; } description "Ca Certificate subject name for self enrollment"; } } // container subject-name container serial-number { description "include serial number"; container none { presence "Indicates a none node is configured."; description "do not include serial number"; } // container none } // container serial-number leaf vrf { type xr:Cisco-ios-xr-string { length "1..32"; } description "Source interface VRF "; } } // list trustpoint } // container trustpoints } // container trustpoint leaf http-proxy { type xr:Cisco-ios-xr-string { length "1..64"; } must "../port"; description "Specify proxy server for http request"; } leaf port { type uint32 { range "1..65535"; } must "../http-proxy"; description "proxy server port number"; } container source-interface { description "Cisco source-interface name"; leaf ipv4 { type xr:Interface-name; must "not(../ipv6)"; description "Choose Ipv4 address from interface"; } leaf ipv6 { type xr:Interface-name; must "not(../ipv4)"; description "Choose Ipv6 address from interface"; } } // container source-interface container trustpool { description " Config a trustpool"; container policy { presence "Indicates a policy node is configured."; description " Config a trustpool policy"; leaf description { type string { length "1..80"; } description "Description for the trustpoint"; } container cabundle { description "certificate bundle"; leaf url { type string { length "1..800"; } description "CA bundle download parameters"; } } // container cabundle container crl { description "CRL options"; container optional { presence "Indicates a optional node is configured."; description "CRL verification as optional"; } // container optional } // container crl leaf vrf { type string { length "1..32"; } description "Cisco vrf name"; } } // container policy } // container trustpool } // container ca container fips-mode { presence "Indicates a fips-mode node is configured."; description "Enable FIPS mode"; } // container fips-mode } // container crypto } // module Cisco-IOS-XR-um-crypto-cfg
© 2023 YumaWorks, Inc. All rights reserved.