iana-crypt-hash

This YANG module defines a typedef for storing passwords using a hash function, and features to indicate which hash functions ar...

  • Version: 2014-04-04

    iana-crypt-hash@2014-04-04


    
      module iana-crypt-hash {
    
        yang-version 1;
    
        namespace
          "urn:ietf:params:xml:ns:yang:iana-crypt-hash";
    
        prefix ianach;
    
        organization "IANA";
    
        contact
          "        Internet Assigned Numbers Authority
    
         Postal: ICANN
                 4676 Admiralty Way, Suite 330
                 Marina del Rey, CA 90292
    
         Tel:    +1 310 823 9358
         E-Mail: iana&iana.org";
    
        description
          "This YANG module defines a typedef for storing passwords
         using a hash function, and features to indicate which hash
         functions are supported by an implementation.
    
         The latest revision of this YANG module can be obtained from
         the IANA web site.
    
         Requests for new values should be made to IANA via
         email (iana&iana.org).
    
         Copyright (c) 2014 IETF Trust and the persons identified as
         authors of the code.  All rights reserved.
    
         Redistribution and use in source and binary forms, with or
         without modification, is permitted pursuant to, and subject
         to the license terms contained in, the Simplified BSD License
         set forth in Section 4.c of the IETF Trust's Legal Provisions
         Relating to IETF Documents
         (http://trustee.ietf.org/license-info).
    
         The initial version of this YANG module is part of RFC XXXX;
         see the RFC itself for full legal notices.";
    
        revision "2014-04-04" {
          description "Initial revision.";
          reference
            "RFC XXXX: A YANG Data Model for System Management";
    
        }
    
    
        typedef crypt-hash {
          type string {
            pattern
              '$0$.*'
                + '|$1$[a-zA-Z0-9./]{1,8}$[a-zA-Z0-9./]{22}'
                + '|$5$(rounds=\d+$)?[a-zA-Z0-9./]{1,16}$[a-zA-Z0-9./]{43}'
                + '|$6$(rounds=\d+$)?[a-zA-Z0-9./]{1,16}$[a-zA-Z0-9./]{86}';
          }
          description
            "The crypt-hash type is used to store passwords using
           a hash function.  The algorithms for applying the hash
           function and encoding the result are implemented in
           various UNIX systems as the function crypt(3).
    
           A value of this type matches one of the forms:
    
             $0$<clear text password>
             $<id>$<salt>$<password hash>
             $<id>$<parameter>$<salt>$<password hash>
    
           The '$0$' prefix signals that the value is clear text.  When
           such a value is received by the server, a hash value is
           calculated, and the string '$<id>$<salt>$' or
           $<id>$<parameter>$<salt>$ is prepended to the result.  This
           value is stored in the configuration data store.
    
           If a value starting with '$<id>$', where <id> is not '0', is
           received, the server knows that the value already represents a
           hashed value, and stores it as is in the data store.
    
           When a server needs to verify a password given by a user, it
           finds the stored password hash string for that user, extracts
           the salt, and calculates the hash with the salt and given
           password as input.  If the calculated hash value is the same
           as the stored value, the password given by the client is
           accepted.
    
           This type defines the following hash functions:
    
             id | hash function | feature
             ---+---------------+-------------------
              1 | MD5           | crypt-hash-md5
              5 | SHA-256       | crypt-hash-sha-256
              6 | SHA-512       | crypt-hash-sha-512
    
           The server indicates support for the different hash functions
           by advertising the corresponding feature.";
          reference
            "IEEE Std 1003.1-2008 - crypt() function
             RFC 1321: The MD5 Message-Digest Algorithm
            FIPS.180-3.2008: Secure Hash Standard";
    
        }
    
        feature crypt-hash-md5 {
          description
            "Indicates that the device supports the MD5
           hash function in 'crypt-hash' values";
          reference
            "RFC 1321: The MD5 Message-Digest Algorithm";
    
        }
    
        feature crypt-hash-sha-256 {
          description
            "Indicates that the device supports the SHA-256
           hash function in 'crypt-hash' values";
          reference
            "FIPS.180-3.2008: Secure Hash Standard";
    
        }
    
        feature crypt-hash-sha-512 {
          description
            "Indicates that the device supports the SHA-512
           hash function in 'crypt-hash' values";
          reference
            "FIPS.180-3.2008: Secure Hash Standard";
    
        }
      }  // module iana-crypt-hash
    

© 2023 YumaWorks, Inc. All rights reserved.