nokia-types-security

Common security data types used in the SR OS management system. Copyright 2016 Nokia. All rights reserved. Reproduction of this...

  • Version: 2024-06-05

    nokia-types-security@2024-06-05


    
      module nokia-types-security {
    
        yang-version 1.1;
    
        namespace
          "urn:nokia.com:sros:ns:yang:sr:types-security";
    
        prefix types-security;
    
        import nokia-sros-yang-extensions {
          prefix sros-ext;
        }
        import nokia-types-sros {
          prefix types-sros;
        }
    
        organization "Nokia";
    
        contact
          "Nokia SR OS Support
    Web: <http://www.nokia.com>";
    
        description
          "Common security data types used in the SR OS management system.
    
    Copyright 2016 Nokia. All rights reserved. Reproduction of this document
    is authorized on the condition that the foregoing copyright notice is included.
    
    This nokia-types-security YANG module embodies Nokia's proprietary
    intellectual property. Nokia retains all title and ownership in the
    specification, including any revisions.
    
    Nokia grants all interested parties a non-exclusive license to use
    and distribute an unmodified copy of this specification in connection with
    management of Nokia products, and without fee, provided this
    copyright notice and license appear on all copies.
    
    This specification is supplied `as is', and Nokia makes no warranty,
    either express or implied, as to the use, operation, condition, or performance
    of the specification.";
    
        revision "2024-06-05";
        sros-ext:sros-major-release "rel24";
    
        typedef cpm-packet-rate-limit {
          type union {
            type int32 {
              range "1..65535";
            }
            type enumeration {
              enum "max" {
                value -1;
              }
            }
          }
          description
            "A packet rate limit expressed in packets per second.
    It can be applied to packet streams towards the CPM CPU.";
        }
    
        typedef cpm-policy-packet-rate-limit {
          type union {
            type int32 {
              range "1..65534";
            }
            type enumeration {
              enum "max" {
                value -1;
              }
            }
          }
          description
            "A packet rate limit expressed in packets per second.
    It can be applied to packet streams towards the CPM CPU.";
        }
    
        typedef key-fingerprint {
          type union {
            type enumeration {
              enum "disabled" {
                value -1;
              }
            }
            type string {
              length "47";
            }
          }
          default "disabled";
          status deprecated;
        }
    
        typedef key-fingerprint-md5 {
          type string {
            length "47";
          }
          description
            "MD5 fingerprint is stored as 128-bit MD5 hash value
    rendered as 32-digit hex string.";
        }
    
        typedef key-fingerprint-sha256 {
          type string {
            length "43";
            pattern '[a-zA-Z0-9+/]*' {
              error-message
                "Fingerprint is not in Base64 format with trimmed padding.";
            }
          }
          description
            "SHA-256 fingerprint is stored as Base64 string with
    trimmed padding.";
        }
    
        typedef burst-size {
          type int32 {
            range "0..131072";
          }
        }
    
        typedef pki-file-name {
          type types-sros:display-string {
            length "1..95";
            pattern '.*\S.*' {
              error-message
                "File name must not be all spaces";
            }
            pattern '[^\\:/]*' {
              error-message
                "File name must not contain a path";
            }
          }
          description
            "Name of file in the system-pki directory.";
        }
    
        typedef password-authentication-order {
          type enumeration {
            enum "local" {
              value 1;
            }
            enum "radius" {
              value 2;
            }
            enum "tacplus" {
              value 3;
            }
            enum "ldap" {
              value 4;
            }
          }
          description
            "password-authentication-order is an integer value that specifies the
    user authentication method.";
        }
    
        typedef keychain-algo {
          type enumeration {
            enum "aes-128-cmac-96" {
              value 1;
            }
            enum "hmac-sha-1-96" {
              value 2;
            }
            enum "password" {
              value 3;
            }
            enum "message-digest" {
              value 4;
            }
            enum "hmac-md5" {
              value 5;
            }
            enum "hmac-sha-1" {
              value 6;
            }
            enum "hmac-sha-256" {
              value 7;
            }
            enum "aes-128-gcm-16" {
              value 8;
            }
            enum "aes-128-cmac-128" {
              value 9;
            }
          }
          description
            "The encryption algorithm used by a keychain key.";
        }
    
        typedef crl-update-status {
          type enumeration {
            enum "not-updating" {
              value 0;
            }
            enum "auto-scheduled" {
              value 1;
            }
            enum "auto-downloading" {
              value 2;
            }
            enum "manual-downloading" {
              value 3;
            }
            enum "stopped" {
              value 4;
            }
            enum "auto-verifying" {
              value 5;
            }
            enum "manual-verifying" {
              value 6;
            }
          }
          description
            "Indicates the CRL update status.
    
    Values:
        notUpdating       (0)
    	The system is not updating the CRL file. This happens when
    	the following conditions are met:
    	    1) The system is not manually updating a CRL file, and
    	    2) tmnxPkiCAProfAtCrlUpdAdminState is 'outOfService (3)'.
    
        autoScheduled     (1)
    	The system is waiting for the next scheduled CRL update time
    	(tmnxPkiCAProfAtCrlUpdNxCrlUpdTm) in an automated
    	CRL update operation. This happens when the following
    	conditions are met:
    	    1) tmnxPkiCAProfAtCrlUpdAdminState is 'inService (2)',
    	       and
    	    2) The next scheduled CRL update time is not reached.
    
        autoDownloading   (2)
    	The system is downloading the CRL file in an automated CRL
    	update operation. This happens when the following conditions
    	are met:
    	    1) tmnxPkiCAProfAtCrlUpdAdminState is 'inService (2)',
    	       and
    	    2) The current CRL is invalid, or next scheduled CRL update
    	       time is reached.
    
        manualDownloading (3)
    	The system is downloading the CRL file in a manual CRL update
    	operation (tmnxPkiCAProfManCrlUpdTable).
    
        stopped           (4)
    	The system stopped updating the CRL. This happens when one
    	of the following conditions are met:
    	    1) In the automated CRL update case, the system did not find
    	       a CRL that qualifies from any of the configured URLs.
    	       Meanwhile, tmnxPkiCAProfAtCrlUpdScheduleT is
    	       'nextUpdateBased (1)' and the value of
    	       tmnxPkiCAProfAtCrlUpdRetryIntv is zero; or
    	    2) In the automated CRL update case, the system finds a CRL
    	       that qualifies from one of the configured URLs, but
    	       the 'nextUpdate' field is missing.
    	       Meanwhile, tmnxPkiCAProfAtCrlUpdScheduleT is
    	       'nextUpdateBased (1)'; or
    	    3) In the manual CRL update case, the system did not find
    	       a CRL that qualifies from any of the configured URLs.
    	    4) The manual CRL update was aborted by configuring
    	       tmnxPkiCAProfManCrlUpdAbort to 'doAction (1)'.
    
    	tmnxPkiCAProfCrlCurUpdStatus will never be 'stopped (4)' when
    	tmnxPkiCAProfAtCrlUpdScheduleT is 'periodic (2)'. In this
    	case, after attempting all URLs, the system will try to
    	update the CRL file again in
    	tmnxPkiCAProfAtCrlUpdPrdcUpdIntv seconds.
    
        autoVerifying     (5)
    	The system is verifying the downloaded CRL file in an
    	automated CRL update operation.
    
        manualVerifying   (6)
    	The system is verifying the downloaded CRL file in a
    	manual CRL update operation.";
        }
    
        typedef aaa-route-preference {
          type enumeration {
            enum "both" {
              value 1;
            }
            enum "inband" {
              value 2;
            }
            enum "outband" {
              value 3;
            }
          }
          description
            "The value of router-preference specifies the routing
    preference for traffic generated by AAA clients for
    authentication, authorization and accounting.
    
    A value of 'inband' specifies that the Base routing
    context will be used to send packets to remote
    destinations.
    
    A value of 'outband' specifies that the management
    routing context will be used to send packets to
    remote destinations.
    
    A value of 'both' specifies that the AAA clients will
    first attempt to use the management router context to send
    packets to remote server. If the server is not reachable
    via management router context, the Base router context
    will be attempted.";
        }
    
        typedef hash-algorithm {
          type enumeration {
            enum "md5" {
              value 1;
            }
            enum "sha1" {
              value 2;
            }
            enum "sha224" {
              value 3;
            }
            enum "sha256" {
              value 4;
            }
            enum "sha384" {
              value 5;
            }
            enum "sha512" {
              value 6;
            }
          }
          description
            "The hash algorithm used for PKI.";
        }
    
        typedef ipsec-encryption-algorithm {
          type enumeration {
            enum "null" {
              value 1;
            }
            enum "des" {
              value 2;
            }
            enum "3des" {
              value 3;
            }
            enum "aes128" {
              value 4;
            }
            enum "aes192" {
              value 5;
            }
            enum "aes256" {
              value 6;
            }
            enum "aes128gcm8" {
              value 7;
            }
            enum "aes128gcm12" {
              value 8;
            }
            enum "aes128gcm16" {
              value 9;
            }
            enum "aes192gcm8" {
              value 10;
            }
            enum "aes192gcm12" {
              value 11;
            }
            enum "aes192gcm16" {
              value 12;
            }
            enum "aes256gcm8" {
              value 13;
            }
            enum "aes256gcm12" {
              value 14;
            }
            enum "aes256gcm16" {
              value 15;
            }
            enum "aes128gmac" {
              value 16;
            }
            enum "aes192gmac" {
              value 17;
            }
            enum "aes256gmac" {
              value 18;
            }
          }
          description
            "The ipsec encryption algorithm.";
        }
    
        typedef ipsec-authentication-algorithm {
          type enumeration {
            enum "null" {
              value 1;
            }
            enum "md5" {
              value 2;
            }
            enum "sha1" {
              value 3;
            }
            enum "sha256" {
              value 4;
            }
            enum "sha384" {
              value 5;
            }
            enum "sha512" {
              value 6;
            }
            enum "aes-xcbc" {
              value 7;
            }
            enum "auth-encr" {
              value 8;
            }
          }
          description
            "The ipsec authentication algorithm.";
        }
    
        typedef ipsec-display-key-type {
          type enumeration {
            enum "ike" {
              value 0;
            }
            enum "child" {
              value 1;
            }
          }
          description
            "The ipsec key type to show";
        }
    
        typedef ecdsa-curve {
          type enumeration {
            enum "secp256r1" {
              value 1;
            }
            enum "secp384r1" {
              value 2;
            }
            enum "secp521r1" {
              value 3;
            }
          }
          description
            "The elliptic curve used for key generation.";
        }
    
        typedef cak-name {
          type string {
            length "1..64";
            pattern
              '(([0-9a-fA-F])([0-9a-fA-F])){1,32}' {
              error-message
                "cak-name must be an even length hex string up to 64 characters.";
            }
          }
          description
            "Connectivity Association Key (CAK) name for MACsec Pre-Shared Keys (PSK)";
        }
    
        typedef cert-file-convert-format {
          type enumeration {
            enum "secure" {
              value 0;
            }
            enum "legacy" {
              value 1;
            }
          }
          description
            "The format to convert certificate/key files";
        }
    
        typedef cert-file-type {
          type enumeration {
            enum "certificate" {
              value 0;
            }
            enum "key" {
              value 1;
            }
            enum "crl" {
              value 2;
            }
            enum "csr" {
              value 3;
            }
          }
          description
            "The certificate related file types";
        }
    
        typedef cert-file-format {
          type enumeration {
            enum "pkcs10" {
              value 0;
            }
            enum "pkcs12" {
              value 1;
            }
            enum "pkcs7-der" {
              value 2;
            }
            enum "pkcs7-pem" {
              value 3;
            }
            enum "pem" {
              value 4;
            }
            enum "der" {
              value 5;
            }
          }
          description
            "The certificate file format";
        }
    
        typedef cert-export-file-type {
          type enumeration {
            enum "certificate" {
              value 0;
            }
            enum "key" {
              value 1;
            }
            enum "crl" {
              value 2;
            }
          }
          description
            "The certificate related export file types";
        }
    
        typedef cert-export-file-format {
          type enumeration {
            enum "pkcs12" {
              value 1;
            }
            enum "pkcs7-der" {
              value 2;
            }
            enum "pkcs7-pem" {
              value 3;
            }
            enum "pem" {
              value 4;
            }
            enum "der" {
              value 5;
            }
          }
          description
            "The certificate file export format";
        }
    
        typedef cmpv2-request-type {
          type enumeration {
            enum "unknown" {
              value 0;
            }
            enum "initial-registration" {
              value 1;
            }
            enum "certificate-request" {
              value 2;
            }
            enum "key-update" {
              value 3;
            }
          }
          description "CMPv2 request type";
        }
    
        typedef cmpv2-transaction-status {
          type enumeration {
            enum "processed" {
              value 0;
            }
            enum "in-progress" {
              value 1;
            }
            enum "failed" {
              value 2;
            }
          }
          description "CMPv2 transaction status";
        }
    
        typedef cmpv2-transaction-status-code {
          type enumeration {
            enum "none" {
              value 0;
            }
            enum "accepted" {
              value 1;
            }
            enum "granted-with-mods" {
              value 2;
            }
            enum "rejection" {
              value 3;
            }
            enum "waiting" {
              value 4;
            }
            enum "revocation-warning" {
              value 5;
            }
            enum "revocation-notification" {
              value 6;
            }
            enum "key-update-warning" {
              value 7;
            }
          }
          description
            "CMPv2 transaction status code";
        }
    
        typedef anysec-protocol {
          type enumeration {
            enum "sr-ospf" {
              value 0;
            }
            enum "sr-ospf3" {
              value 1;
            }
            enum "sr-isis" {
              value 2;
            }
          }
          default "sr-isis";
          description "ANYsec protocols";
        }
    
        typedef anysec-igp-instance-id {
          type uint32 {
            range "0..31|64..95";
          }
          description
            "ANYsec IGP instance ID range";
        }
      }  // module nokia-types-security
    

© 2023 YumaWorks, Inc. All rights reserved.