Common security data types used in the SR OS management system. Copyright 2016 Nokia. All rights reserved. Reproduction of this...
Version: 2023-08-15
module nokia-types-security { yang-version 1.1; namespace "urn:nokia.com:sros:ns:yang:sr:types-security"; prefix types-security; import nokia-sros-yang-extensions { prefix sros-ext; } import nokia-types-sros { prefix types-sros; } organization "Nokia"; contact "Nokia SR OS Support Web: <http://www.nokia.com>"; description "Common security data types used in the SR OS management system. Copyright 2016 Nokia. All rights reserved. Reproduction of this document is authorized on the condition that the foregoing copyright notice is included. This nokia-types-security YANG module embodies Nokia's proprietary intellectual property. Nokia retains all title and ownership in the specification, including any revisions. Nokia grants all interested parties a non-exclusive license to use and distribute an unmodified copy of this specification in connection with management of Nokia products, and without fee, provided this copyright notice and license appear on all copies. This specification is supplied `as is', and Nokia makes no warranty, either express or implied, as to the use, operation, condition, or performance of the specification."; revision "2023-08-15"; sros-ext:sros-major-release "rel23"; typedef cpm-packet-rate-limit { type union { type int32 { range "1..65535"; } type enumeration { enum "max" { value -1; } } } description "A packet rate limit expressed in packets per second. It can be applied to packet streams towards the CPM CPU."; } typedef cpm-policy-packet-rate-limit { type union { type int32 { range "1..65534"; } type enumeration { enum "max" { value -1; } } } description "A packet rate limit expressed in packets per second. It can be applied to packet streams towards the CPM CPU."; } typedef key-fingerprint { type union { type enumeration { enum "disabled" { value -1; } } type string { length "47"; } } default "disabled"; } typedef burst-size { type int32 { range "0..131072"; } } typedef pki-file-name { type types-sros:display-string { length "1..95"; pattern ".*\\S.*" { error-message "File name must not be all spaces"; } pattern "[^\\\\:/]*" { error-message "File name must not contain a path"; } } description "Name of file in the system-pki directory."; } typedef password-authentication-order { type enumeration { enum "local" { value 1; } enum "radius" { value 2; } enum "tacplus" { value 3; } enum "ldap" { value 4; } } description "password-authentication-order is an integer value that specifies the user authentication method."; } typedef keychain-algo { type enumeration { enum "aes-128-cmac-96" { value 1; } enum "hmac-sha-1-96" { value 2; } enum "password" { value 3; } enum "message-digest" { value 4; } enum "hmac-md5" { value 5; } enum "hmac-sha-1" { value 6; } enum "hmac-sha-256" { value 7; } enum "aes-128-gcm-16" { value 8; } enum "aes-128-cmac-128" { value 9; } } description "The encryption algorithm used by a keychain key."; } typedef crl-update-status { type enumeration { enum "not-updating" { value 0; } enum "auto-scheduled" { value 1; } enum "auto-downloading" { value 2; } enum "manual-downloading" { value 3; } enum "stopped" { value 4; } enum "auto-verifying" { value 5; } enum "manual-verifying" { value 6; } } description "Indicates the CRL update status. Values: notUpdating (0) The system is not updating the CRL file. This happens when the following conditions are met: 1) The system is not manually updating a CRL file, and 2) tmnxPkiCAProfAtCrlUpdAdminState is 'outOfService (3)'. autoScheduled (1) The system is waiting for the next scheduled CRL update time (tmnxPkiCAProfAtCrlUpdNxCrlUpdTm) in an automated CRL update operation. This happens when the following conditions are met: 1) tmnxPkiCAProfAtCrlUpdAdminState is 'inService (2)', and 2) The next scheduled CRL update time is not reached. autoDownloading (2) The system is downloading the CRL file in an automated CRL update operation. This happens when the following conditions are met: 1) tmnxPkiCAProfAtCrlUpdAdminState is 'inService (2)', and 2) The current CRL is invalid, or next scheduled CRL update time is reached. manualDownloading (3) The system is downloading the CRL file in a manual CRL update operation (tmnxPkiCAProfManCrlUpdTable). stopped (4) The system stopped updating the CRL. This happens when one of the following conditions are met: 1) In the automated CRL update case, the system did not find a CRL that qualifies from any of the configured URLs. Meanwhile, tmnxPkiCAProfAtCrlUpdScheduleT is 'nextUpdateBased (1)' and the value of tmnxPkiCAProfAtCrlUpdRetryIntv is zero; or 2) In the automated CRL update case, the system finds a CRL that qualifies from one of the configured URLs, but the 'nextUpdate' field is missing. Meanwhile, tmnxPkiCAProfAtCrlUpdScheduleT is 'nextUpdateBased (1)'; or 3) In the manual CRL update case, the system did not find a CRL that qualifies from any of the configured URLs. 4) The manual CRL update was aborted by configuring tmnxPkiCAProfManCrlUpdAbort to 'doAction (1)'. tmnxPkiCAProfCrlCurUpdStatus will never be 'stopped (4)' when tmnxPkiCAProfAtCrlUpdScheduleT is 'periodic (2)'. In this case, after attempting all URLs, the system will try to update the CRL file again in tmnxPkiCAProfAtCrlUpdPrdcUpdIntv seconds. autoVerifying (5) The system is verifying the downloaded CRL file in an automated CRL update operation. manualVerifying (6) The system is verifying the downloaded CRL file in a manual CRL update operation."; } typedef aaa-route-preference { type enumeration { enum "both" { value 1; } enum "inband" { value 2; } enum "outband" { value 3; } } description "The value of router-preference specifies the routing preference for traffic generated by AAA clients for authentication, authorization and accounting. A value of 'inband' specifies that the Base routing context will be used to send packets to remote destinations. A value of 'outband' specifies that the management routing context will be used to send packets to remote destinations. A value of 'both' specifies that the AAA clients will first attempt to use the management router context to send packets to remote server. If the server is not reachable via management router context, the Base router context will be attempted."; } typedef hash-algorithm { type enumeration { enum "md5" { value 1; } enum "sha1" { value 2; } enum "sha224" { value 3; } enum "sha256" { value 4; } enum "sha384" { value 5; } enum "sha512" { value 6; } } description "The hash algorithm used for PKI."; } typedef ipsec-encryption-algorithm { type enumeration { enum "null" { value 1; } enum "des" { value 2; } enum "3des" { value 3; } enum "aes128" { value 4; } enum "aes192" { value 5; } enum "aes256" { value 6; } enum "aes128gcm8" { value 7; } enum "aes128gcm12" { value 8; } enum "aes128gcm16" { value 9; } enum "aes192gcm8" { value 10; } enum "aes192gcm12" { value 11; } enum "aes192gcm16" { value 12; } enum "aes256gcm8" { value 13; } enum "aes256gcm12" { value 14; } enum "aes256gcm16" { value 15; } enum "aes128gmac" { value 16; } enum "aes192gmac" { value 17; } enum "aes256gmac" { value 18; } } description "The ipsec encryption algorithm."; } typedef ipsec-authentication-algorithm { type enumeration { enum "null" { value 1; } enum "md5" { value 2; } enum "sha1" { value 3; } enum "sha256" { value 4; } enum "sha384" { value 5; } enum "sha512" { value 6; } enum "aes-xcbc" { value 7; } enum "auth-encr" { value 8; } } description "The ipsec authentication algorithm."; } typedef ipsec-display-key-type { type enumeration { enum "ike" { value 0; } enum "child" { value 1; } } description "The ipsec key type to show"; } typedef ecdsa-curve { type enumeration { enum "secp256r1" { value 1; } enum "secp384r1" { value 2; } enum "secp521r1" { value 3; } } description "The elliptic curve used for key generation."; } typedef cak-name { type string { length "1..64"; pattern "(([0-9a-fA-F])([0-9a-fA-F])){1,32}" { error-message "cak-name must be an even length hex string up to 64 characters."; } } description "Connectivity Association Key (CAK) name for MACsec Pre-Shared Keys (PSK)"; } typedef cert-file-convert-format { type enumeration { enum "secure" { value 0; } enum "legacy" { value 1; } } description "The format to convert certificate/key files"; } typedef cert-file-type { type enumeration { enum "certificate" { value 0; } enum "key" { value 1; } enum "crl" { value 2; } enum "csr" { value 3; } } description "The certificate related file types"; } typedef cert-file-format { type enumeration { enum "pkcs10" { value 0; } enum "pkcs12" { value 1; } enum "pkcs7-der" { value 2; } enum "pkcs7-pem" { value 3; } enum "pem" { value 4; } enum "der" { value 5; } } description "The certificate file format"; } typedef cert-export-file-type { type enumeration { enum "certificate" { value 0; } enum "key" { value 1; } enum "crl" { value 2; } } description "The certificate related export file types"; } typedef cert-export-file-format { type enumeration { enum "pkcs12" { value 1; } enum "pkcs7-der" { value 2; } enum "pkcs7-pem" { value 3; } enum "pem" { value 4; } enum "der" { value 5; } } description "The certificate file export format"; } typedef cmpv2-request-type { type enumeration { enum "unknown" { value 0; } enum "initial-registration" { value 1; } enum "certificate-request" { value 2; } enum "key-update" { value 3; } } description "CMPv2 request type"; } typedef cmpv2-transaction-status { type enumeration { enum "processed" { value 0; } enum "in-progress" { value 1; } enum "failed" { value 2; } } description "CMPv2 transaction status"; } typedef cmpv2-transaction-status-code { type enumeration { enum "none" { value 0; } enum "accepted" { value 1; } enum "granted-with-mods" { value 2; } enum "rejection" { value 3; } enum "waiting" { value 4; } enum "revocation-warning" { value 5; } enum "revocation-notification" { value 6; } enum "key-update-warning" { value 7; } } description "CMPv2 transaction status code"; } typedef anysec-protocol { type enumeration { enum "sr-ospf" { value 0; } enum "sr-ospf3" { value 1; } enum "sr-isis" { value 2; } } default "sr-isis"; description "ANYsec protocols"; } typedef anysec-igp-instance-id { type uint32 { range "0..31|64..95"; } description "ANYsec IGP instance ID range"; } } // module nokia-types-security
© 2023 YumaWorks, Inc. All rights reserved.