nokia-types-security

Common security data types used in the SR OS management system. Copyright 2016 Nokia. All rights reserved. Reproduction of this...

  • Version: 2023-05-24

    nokia-types-security@2023-05-24


    
      module nokia-types-security {
    
        yang-version 1.1;
    
        namespace
          "urn:nokia.com:sros:ns:yang:sr:types-security";
    
        prefix types-security;
    
        import nokia-sros-yang-extensions {
          prefix sros-ext;
        }
        import nokia-types-sros {
          prefix types-sros;
        }
    
        organization "Nokia";
    
        contact
          "Nokia SR OS Support
             Web: <http://www.nokia.com>";
    
        description
          "Common security data types used in the SR OS management system.
    
             Copyright 2016 Nokia. All rights reserved. Reproduction of this document
             is authorized on the condition that the foregoing copyright notice is included.
    
             This nokia-types-security YANG module embodies Nokia's proprietary
             intellectual property. Nokia retains all title and ownership in the
             specification, including any revisions.
    
             Nokia grants all interested parties a non-exclusive license to use
             and distribute an unmodified copy of this specification in connection with
             management of Nokia products, and without fee, provided this
             copyright notice and license appear on all copies.
    
             This specification is supplied `as is', and Nokia makes no warranty,
             either express or implied, as to the use, operation, condition, or performance
             of the specification.";
    
        revision "2023-05-24";
        sros-ext:sros-major-release "rel23";
    
        typedef cpm-packet-rate-limit {
          type union {
            type int32 {
              range "1..65535";
            }
            type enumeration {
              enum "max" {
                value -1;
              }
            }
          }
          description
            "A packet rate limit expressed in packets per second.
                 It can be applied to packet streams towards the CPM CPU.";
        }
    
        typedef cpm-policy-packet-rate-limit {
          type union {
            type int32 {
              range "1..65534";
            }
            type enumeration {
              enum "max" {
                value -1;
              }
            }
          }
          description
            "A packet rate limit expressed in packets per second.
                 It can be applied to packet streams towards the CPM CPU.";
        }
    
        typedef key-fingerprint {
          type union {
            type enumeration {
              enum "disabled" {
                value -1;
              }
            }
            type string {
              length "47";
            }
          }
          default "disabled";
        }
    
        typedef burst-size {
          type int32 {
            range "0..131072";
          }
        }
    
        typedef pki-file-name {
          type types-sros:display-string {
            length "1..95";
            pattern ".*\\S.*" {
              error-message
                "File name must not be all spaces";
            }
            pattern "[^\\\\:/]*" {
              error-message
                "File name must not contain a path";
            }
          }
          description
            "Name of file in the system-pki directory.";
        }
    
        typedef password-authentication-order {
          type enumeration {
            enum "local" {
              value 1;
            }
            enum "radius" {
              value 2;
            }
            enum "tacplus" {
              value 3;
            }
            enum "ldap" {
              value 4;
            }
          }
          description
            "password-authentication-order is an integer value that specifies the
                 user authentication method.";
        }
    
        typedef keychain-algo {
          type enumeration {
            enum "aes-128-cmac-96" {
              value 1;
            }
            enum "hmac-sha-1-96" {
              value 2;
            }
            enum "password" {
              value 3;
            }
            enum "message-digest" {
              value 4;
            }
            enum "hmac-md5" {
              value 5;
            }
            enum "hmac-sha-1" {
              value 6;
            }
            enum "hmac-sha-256" {
              value 7;
            }
            enum "aes-128-gcm-16" {
              value 8;
            }
          }
          description
            "The encryption algorithm used by a keychain key.";
        }
    
        typedef crl-update-status {
          type enumeration {
            enum "not-updating" {
              value 0;
            }
            enum "auto-scheduled" {
              value 1;
            }
            enum "auto-downloading" {
              value 2;
            }
            enum "manual-downloading" {
              value 3;
            }
            enum "stopped" {
              value 4;
            }
            enum "auto-verifying" {
              value 5;
            }
            enum "manual-verifying" {
              value 6;
            }
          }
          description
            "Indicates the CRL update status.
    
                 Values:
                     notUpdating       (0)
                         The system is not updating the CRL file. This happens when
                         the following conditions are met:
                             1) The system is not manually updating a CRL file, and
                             2) tmnxPkiCAProfAtCrlUpdAdminState is 'outOfService (3)'.
    
                     autoScheduled     (1)
                         The system is waiting for the next scheduled CRL update time
                         (tmnxPkiCAProfAtCrlUpdNxCrlUpdTm) in an automated
                         CRL update operation. This happens when the following
                         conditions are met:
                             1) tmnxPkiCAProfAtCrlUpdAdminState is 'inService (2)',
                                and
                             2) The next scheduled CRL update time is not reached.
    
                     autoDownloading   (2)
                         The system is downloading the CRL file in an automated CRL
                         update operation. This happens when the following conditions
                         are met:
                             1) tmnxPkiCAProfAtCrlUpdAdminState is 'inService (2)',
                                and
                             2) The current CRL is invalid, or next scheduled CRL update
                                time is reached.
    
                     manualDownloading (3)
                         The system is downloading the CRL file in a manual CRL update
                         operation (tmnxPkiCAProfManCrlUpdTable).
    
                     stopped           (4)
                         The system stopped updating the CRL. This happens when one
                         of the following conditions are met:
                             1) In the automated CRL update case, the system did not find
                                a CRL that qualifies from any of the configured URLs.
                                Meanwhile, tmnxPkiCAProfAtCrlUpdScheduleT is
                                'nextUpdateBased (1)' and the value of
                                tmnxPkiCAProfAtCrlUpdRetryIntv is zero; or
                             2) In the automated CRL update case, the system finds a CRL
                                that qualifies from one of the configured URLs, but
                                the 'nextUpdate' field is missing.
                                Meanwhile, tmnxPkiCAProfAtCrlUpdScheduleT is
                                'nextUpdateBased (1)'; or
                             3) In the manual CRL update case, the system did not find
                                a CRL that qualifies from any of the configured URLs.
                             4) The manual CRL update was aborted by configuring
                                tmnxPkiCAProfManCrlUpdAbort to 'doAction (1)'.
    
                         tmnxPkiCAProfCrlCurUpdStatus will never be 'stopped (4)' when
                         tmnxPkiCAProfAtCrlUpdScheduleT is 'periodic (2)'. In this
                         case, after attempting all URLs, the system will try to
                         update the CRL file again in
                         tmnxPkiCAProfAtCrlUpdPrdcUpdIntv seconds.
    
                     autoVerifying     (5)
                         The system is verifying the downloaded CRL file in an
                         automated CRL update operation.
    
                     manualVerifying   (6)
                         The system is verifying the downloaded CRL file in a
                         manual CRL update operation.";
        }
    
        typedef aaa-route-preference {
          type enumeration {
            enum "both" {
              value 1;
            }
            enum "inband" {
              value 2;
            }
            enum "outband" {
              value 3;
            }
          }
          description
            "The value of router-preference specifies the routing
                 preference for traffic generated by AAA clients for
                 authentication, authorization and accounting.
    
                 A value of 'inband' specifies that the Base routing
                 context will be used to send packets to remote
                 destinations.
    
                 A value of 'outband' specifies that the management
                 routing context will be used to send packets to
                 remote destinations.
    
                 A value of 'both' specifies that the AAA clients will
                 first attempt to use the management router context to send
                 packets to remote server. If the server is not reachable
                 via management router context, the Base router context
                 will be attempted.";
        }
    
        typedef hash-algorithm {
          type enumeration {
            enum "md5" {
              value 1;
            }
            enum "sha1" {
              value 2;
            }
            enum "sha224" {
              value 3;
            }
            enum "sha256" {
              value 4;
            }
            enum "sha384" {
              value 5;
            }
            enum "sha512" {
              value 6;
            }
          }
          description
            "The hash algorithm used for PKI.";
        }
    
        typedef ipsec-encryption-algorithm {
          type enumeration {
            enum "null" {
              value 1;
            }
            enum "des" {
              value 2;
            }
            enum "3des" {
              value 3;
            }
            enum "aes128" {
              value 4;
            }
            enum "aes192" {
              value 5;
            }
            enum "aes256" {
              value 6;
            }
            enum "aes128gcm8" {
              value 7;
            }
            enum "aes128gcm12" {
              value 8;
            }
            enum "aes128gcm16" {
              value 9;
            }
            enum "aes192gcm8" {
              value 10;
            }
            enum "aes192gcm12" {
              value 11;
            }
            enum "aes192gcm16" {
              value 12;
            }
            enum "aes256gcm8" {
              value 13;
            }
            enum "aes256gcm12" {
              value 14;
            }
            enum "aes256gcm16" {
              value 15;
            }
            enum "aes128gmac" {
              value 16;
            }
            enum "aes192gmac" {
              value 17;
            }
            enum "aes256gmac" {
              value 18;
            }
          }
          description
            "The ipsec encryption algorithm.";
        }
    
        typedef ipsec-authentication-algorithm {
          type enumeration {
            enum "null" {
              value 1;
            }
            enum "md5" {
              value 2;
            }
            enum "sha1" {
              value 3;
            }
            enum "sha256" {
              value 4;
            }
            enum "sha384" {
              value 5;
            }
            enum "sha512" {
              value 6;
            }
            enum "aes-xcbc" {
              value 7;
            }
            enum "auth-encr" {
              value 8;
            }
          }
          description
            "The ipsec authentication algorithm.";
        }
    
        typedef ipsec-display-key-type {
          type enumeration {
            enum "ike" {
              value 0;
            }
            enum "child" {
              value 1;
            }
          }
          description
            "The ipsec key type to show";
        }
    
        typedef ecdsa-curve {
          type enumeration {
            enum "secp256r1" {
              value 1;
            }
            enum "secp384r1" {
              value 2;
            }
            enum "secp521r1" {
              value 3;
            }
          }
          description
            "The elliptic curve used for key generation.";
        }
    
        typedef cak-name {
          type string {
            length "1..64";
            pattern
              "(([0-9a-fA-F])([0-9a-fA-F])){1,32}" {
              error-message
                "cak-name must be an even length hex string up to 64 characters.";
            }
          }
          description
            "Connectivity Association Key (CAK) name for MACsec Pre-Shared Keys (PSK)";
        }
    
        typedef cert-file-convert-format {
          type enumeration {
            enum "secure" {
              value 0;
            }
            enum "legacy" {
              value 1;
            }
          }
          description
            "The format to convert certificate/key files";
        }
    
        typedef cert-file-type {
          type enumeration {
            enum "certificate" {
              value 0;
            }
            enum "key" {
              value 1;
            }
            enum "crl" {
              value 2;
            }
            enum "csr" {
              value 3;
            }
          }
          description
            "The certificate related file types";
        }
    
        typedef cert-file-format {
          type enumeration {
            enum "pkcs10" {
              value 0;
            }
            enum "pkcs12" {
              value 1;
            }
            enum "pkcs7-der" {
              value 2;
            }
            enum "pkcs7-pem" {
              value 3;
            }
            enum "pem" {
              value 4;
            }
            enum "der" {
              value 5;
            }
          }
          description
            "The certificate file format";
        }
    
        typedef cert-export-file-type {
          type enumeration {
            enum "certificate" {
              value 0;
            }
            enum "key" {
              value 1;
            }
            enum "crl" {
              value 2;
            }
          }
          description
            "The certificate related export file types";
        }
    
        typedef cert-export-file-format {
          type enumeration {
            enum "pkcs12" {
              value 1;
            }
            enum "pkcs7-der" {
              value 2;
            }
            enum "pkcs7-pem" {
              value 3;
            }
            enum "pem" {
              value 4;
            }
            enum "der" {
              value 5;
            }
          }
          description
            "The certificate file export format";
        }
    
        typedef cmpv2-request-type {
          type enumeration {
            enum "unknown" {
              value 0;
            }
            enum "initial-registration" {
              value 1;
            }
            enum "certificate-request" {
              value 2;
            }
            enum "key-update" {
              value 3;
            }
          }
          description "CMPv2 request type";
        }
    
        typedef cmpv2-transaction-status {
          type enumeration {
            enum "processed" {
              value 0;
            }
            enum "in-progress" {
              value 1;
            }
            enum "failed" {
              value 2;
            }
          }
          description "CMPv2 transaction status";
        }
    
        typedef cmpv2-transaction-status-code {
          type enumeration {
            enum "none" {
              value 0;
            }
            enum "accepted" {
              value 1;
            }
            enum "granted-with-mods" {
              value 2;
            }
            enum "rejection" {
              value 3;
            }
            enum "waiting" {
              value 4;
            }
            enum "revocation-warning" {
              value 5;
            }
            enum "revocation-notification" {
              value 6;
            }
            enum "key-update-warning" {
              value 7;
            }
          }
          description
            "CMPv2 transaction status code";
        }
    
        typedef anysec-routing-protocol {
          type enumeration {
            enum "sr-ospf" {
              value 0;
            }
            enum "sr-ospf3" {
              value 1;
            }
            enum "sr-isis" {
              value 2;
            }
          }
          default "sr-isis";
          description "ANYsec routing protocols";
        }
    
        typedef anysec-igp-instance-id {
          type uint32 {
            range "0..31|64..95";
          }
          description
            "ANYsec IGP instance ID range";
        }
      }  // module nokia-types-security
    

© 2023 YumaWorks, Inc. All rights reserved.