diff options
Diffstat (limited to 'sdnr/wt/devicemanager-onap/onf14/provider/src/test/resources/currentRevision/ietf-ssh-common@2019-07-02.yang')
-rw-r--r-- | sdnr/wt/devicemanager-onap/onf14/provider/src/test/resources/currentRevision/ietf-ssh-common@2019-07-02.yang | 454 |
1 files changed, 454 insertions, 0 deletions
diff --git a/sdnr/wt/devicemanager-onap/onf14/provider/src/test/resources/currentRevision/ietf-ssh-common@2019-07-02.yang b/sdnr/wt/devicemanager-onap/onf14/provider/src/test/resources/currentRevision/ietf-ssh-common@2019-07-02.yang new file mode 100644 index 000000000..563d13aea --- /dev/null +++ b/sdnr/wt/devicemanager-onap/onf14/provider/src/test/resources/currentRevision/ietf-ssh-common@2019-07-02.yang @@ -0,0 +1,454 @@ +module ietf-ssh-common { + yang-version 1.1; + namespace "urn:ietf:params:xml:ns:yang:ietf-ssh-common"; + prefix sshcmn; + + organization + "IETF NETCONF (Network Configuration) Working Group"; + contact + "WG Web: <http://datatracker.ietf.org/wg/netconf/> + WG List: <mailto:netconf@ietf.org> + Author: Kent Watsen <mailto:kent+ietf@watsen.net> + Author: Gary Wu <mailto:garywu@cisco.com>"; + description + "This module defines a common features, identities, and + groupings for Secure Shell (SSH). + + Copyright (c) 2019 IETF Trust and the persons identified + as authors of the code. All rights reserved. + + Redistribution and use in source and binary forms, with + or without modification, is permitted pursuant to, and + subject to the license terms contained in, the Simplified + BSD License set forth in Section 4.c of the IETF Trust's + Legal Provisions Relating to IETF Documents + (https://trustee.ietf.org/license-info). + + This version of this YANG module is part of RFC XXXX + (https://www.rfc-editor.org/info/rfcXXXX); see the RFC + itself for full legal notices.; + + The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', + 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', + 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document + are to be interpreted as described in BCP 14 (RFC 2119) + (RFC 8174) when, and only when, they appear in all + capitals, as shown here."; + + revision 2019-07-02 { + description + "Initial version"; + reference + "RFC XXXX: YANG Groupings for SSH Clients and SSH Servers"; + } + + feature ssh-ecc { + description + "Elliptic Curve Cryptography is supported for SSH."; + reference + "RFC 5656: Elliptic Curve Algorithm Integration in the + Secure Shell Transport Layer"; + } + + feature ssh-x509-certs { + description + "X.509v3 certificates are supported for SSH per RFC 6187."; + reference + "RFC 6187: X.509v3 Certificates for Secure Shell + Authentication"; + } + + feature ssh-dh-group-exchange { + description + "Diffie-Hellman Group Exchange is supported for SSH."; + reference + "RFC 4419: Diffie-Hellman Group Exchange for the + Secure Shell (SSH) Transport Layer Protocol"; + } + + feature ssh-ctr { + description + "SDCTR encryption mode is supported for SSH."; + reference + "RFC 4344: The Secure Shell (SSH) Transport Layer + Encryption Modes"; + } + + feature ssh-sha2 { + description + "The SHA2 family of cryptographic hash functions is + supported for SSH."; + reference + "FIPS PUB 180-4: Secure Hash Standard (SHS)"; + } + + identity public-key-alg-base { + description + "Base identity used to identify public key algorithms."; + } + + identity ssh-dss { + base public-key-alg-base; + description + "Digital Signature Algorithm using SHA-1 as the + hashing algorithm."; + reference + "RFC 4253: + The Secure Shell (SSH) Transport Layer Protocol"; + } + + identity ssh-rsa { + base public-key-alg-base; + description + "RSASSA-PKCS1-v1_5 signature scheme using SHA-1 as the + hashing algorithm."; + reference + "RFC 4253: + The Secure Shell (SSH) Transport Layer Protocol"; + } + + identity ecdsa-sha2-nistp256 { + if-feature "ssh-ecc and ssh-sha2"; + base public-key-alg-base; + description + "Elliptic Curve Digital Signature Algorithm (ECDSA) using the + nistp256 curve and the SHA2 family of hashing algorithms."; + reference + "RFC 5656: Elliptic Curve Algorithm Integration in the + Secure Shell Transport Layer"; + } + + identity ecdsa-sha2-nistp384 { + if-feature "ssh-ecc and ssh-sha2"; + base public-key-alg-base; + description + "Elliptic Curve Digital Signature Algorithm (ECDSA) using the + nistp384 curve and the SHA2 family of hashing algorithms."; + reference + "RFC 5656: Elliptic Curve Algorithm Integration in the + Secure Shell Transport Layer"; + } + + identity ecdsa-sha2-nistp521 { + if-feature "ssh-ecc and ssh-sha2"; + base public-key-alg-base; + description + "Elliptic Curve Digital Signature Algorithm (ECDSA) using the + nistp521 curve and the SHA2 family of hashing algorithms."; + reference + "RFC 5656: Elliptic Curve Algorithm Integration in the + Secure Shell Transport Layer"; + } + + identity x509v3-ssh-rsa { + if-feature "ssh-x509-certs"; + base public-key-alg-base; + description + "RSASSA-PKCS1-v1_5 signature scheme using a public key stored + in an X.509v3 certificate and using SHA-1 as the hashing + algorithm."; + reference + "RFC 6187: X.509v3 Certificates for Secure Shell + Authentication"; + } + + identity x509v3-rsa2048-sha256 { + if-feature "ssh-x509-certs and ssh-sha2"; + base public-key-alg-base; + description + "RSASSA-PKCS1-v1_5 signature scheme using a public key stored + in an X.509v3 certificate and using SHA-256 as the hashing + algorithm. RSA keys conveyed using this format MUST have a + modulus of at least 2048 bits."; + reference + "RFC 6187: X.509v3 Certificates for Secure Shell + Authentication"; + } + + identity x509v3-ecdsa-sha2-nistp256 { + if-feature "ssh-ecc and ssh-x509-certs and ssh-sha2"; + base public-key-alg-base; + description + "Elliptic Curve Digital Signature Algorithm (ECDSA) + using the nistp256 curve with a public key stored in + an X.509v3 certificate and using the SHA2 family of + hashing algorithms."; + reference + "RFC 6187: X.509v3 Certificates for Secure Shell + Authentication"; + } + + identity x509v3-ecdsa-sha2-nistp384 { + if-feature "ssh-ecc and ssh-x509-certs and ssh-sha2"; + base public-key-alg-base; + description + "Elliptic Curve Digital Signature Algorithm (ECDSA) + using the nistp384 curve with a public key stored in + an X.509v3 certificate and using the SHA2 family of + hashing algorithms."; + reference + "RFC 6187: X.509v3 Certificates for Secure Shell + Authentication"; + } + + identity x509v3-ecdsa-sha2-nistp521 { + if-feature "ssh-ecc and ssh-x509-certs and ssh-sha2"; + base public-key-alg-base; + description + "Elliptic Curve Digital Signature Algorithm (ECDSA) + using the nistp521 curve with a public key stored in + an X.509v3 certificate and using the SHA2 family of + hashing algorithms."; + reference + "RFC 6187: X.509v3 Certificates for Secure Shell + Authentication"; + } + + identity key-exchange-alg-base { + description + "Base identity used to identify key exchange algorithms."; + } + + identity diffie-hellman-group14-sha1 { + base key-exchange-alg-base; + description + "Diffie-Hellman key exchange with SHA-1 as HASH and + Oakley Group 14 (2048-bit MODP Group)."; + reference + "RFC 4253: The Secure Shell (SSH) Transport Layer Protocol"; + } + + identity diffie-hellman-group-exchange-sha1 { + if-feature "ssh-dh-group-exchange"; + base key-exchange-alg-base; + description + "Diffie-Hellman Group and Key Exchange with SHA-1 as HASH."; + reference + "RFC 4419: Diffie-Hellman Group Exchange for the + Secure Shell (SSH) Transport Layer Protocol"; + } + + identity diffie-hellman-group-exchange-sha256 { + if-feature "ssh-dh-group-exchange and ssh-sha2"; + base key-exchange-alg-base; + description + "Diffie-Hellman Group and Key Exchange with SHA-256 as HASH."; + reference + "RFC 4419: Diffie-Hellman Group Exchange for the + Secure Shell (SSH) Transport Layer Protocol"; + } + + identity ecdh-sha2-nistp256 { + if-feature "ssh-ecc and ssh-sha2"; + base key-exchange-alg-base; + description + "Elliptic Curve Diffie-Hellman (ECDH) key exchange using the + nistp256 curve and the SHA2 family of hashing algorithms."; + reference + "RFC 5656: Elliptic Curve Algorithm Integration in the + Secure Shell Transport Layer"; + } + + identity ecdh-sha2-nistp384 { + if-feature "ssh-ecc and ssh-sha2"; + base key-exchange-alg-base; + description + "Elliptic Curve Diffie-Hellman (ECDH) key exchange using the + nistp384 curve and the SHA2 family of hashing algorithms."; + reference + "RFC 5656: Elliptic Curve Algorithm Integration in the + Secure Shell Transport Layer"; + } + + identity ecdh-sha2-nistp521 { + if-feature "ssh-ecc and ssh-sha2"; + base key-exchange-alg-base; + description + "Elliptic Curve Diffie-Hellman (ECDH) key exchange using the + nistp521 curve and the SHA2 family of hashing algorithms."; + reference + "RFC 5656: Elliptic Curve Algorithm Integration in the + Secure Shell Transport Layer"; + } + + identity encryption-alg-base { + description + "Base identity used to identify encryption algorithms."; + } + + identity triple-des-cbc { + base encryption-alg-base; + description + "Three-key 3DES in CBC mode."; + reference + "RFC 4253: The Secure Shell (SSH) Transport Layer Protocol"; + } + + identity aes128-cbc { + base encryption-alg-base; + description + "AES in CBC mode, with a 128-bit key."; + reference + "RFC 4253: The Secure Shell (SSH) Transport Layer Protocol"; + } + + identity aes192-cbc { + base encryption-alg-base; + description + "AES in CBC mode, with a 192-bit key."; + reference + "RFC 4253: The Secure Shell (SSH) Transport Layer Protocol"; + } + + identity aes256-cbc { + base encryption-alg-base; + description + "AES in CBC mode, with a 256-bit key."; + reference + "RFC 4253: The Secure Shell (SSH) Transport Layer Protocol"; + } + + identity aes128-ctr { + if-feature "ssh-ctr"; + base encryption-alg-base; + description + "AES in SDCTR mode, with 128-bit key."; + reference + "RFC 4344: The Secure Shell (SSH) Transport Layer Encryption + Modes"; + } + + identity aes192-ctr { + if-feature "ssh-ctr"; + base encryption-alg-base; + description + "AES in SDCTR mode, with 192-bit key."; + reference + "RFC 4344: The Secure Shell (SSH) Transport Layer Encryption + Modes"; + } + + identity aes256-ctr { + if-feature "ssh-ctr"; + base encryption-alg-base; + description + "AES in SDCTR mode, with 256-bit key."; + reference + "RFC 4344: The Secure Shell (SSH) Transport Layer Encryption + Modes"; + } + + identity mac-alg-base { + description + "Base identity used to identify message authentication + code (MAC) algorithms."; + } + + identity hmac-sha1 { + base mac-alg-base; + description + "HMAC-SHA1"; + reference + "RFC 4253: The Secure Shell (SSH) Transport Layer Protocol"; + } + + identity hmac-sha2-256 { + if-feature "ssh-sha2"; + base mac-alg-base; + description + "HMAC-SHA2-256"; + reference + "RFC 6668: SHA-2 Data Integrity Verification for the + Secure Shell (SSH) Transport Layer Protocol"; + } + + identity hmac-sha2-512 { + if-feature "ssh-sha2"; + base mac-alg-base; + description + "HMAC-SHA2-512"; + reference + "RFC 6668: SHA-2 Data Integrity Verification for the + Secure Shell (SSH) Transport Layer Protocol"; + } + + grouping transport-params-grouping { + description + "A reusable grouping for SSH transport parameters."; + reference + "RFC 4253: The Secure Shell (SSH) Transport Layer Protocol"; + container host-key { + description + "Parameters regarding host key."; + leaf-list host-key-alg { + type identityref { + base public-key-alg-base; + } + ordered-by user; + description + "Acceptable host key algorithms in order of descending + preference. The configured host key algorithms should + be compatible with the algorithm used by the configured + private key. Please see Section 5 of RFC XXXX for + valid combinations. + + If this leaf-list is not configured (has zero elements) + the acceptable host key algorithms are implementation- + defined."; + reference + "RFC XXXX: YANG Groupings for SSH Clients and SSH Servers"; + } + } + container key-exchange { + description + "Parameters regarding key exchange."; + leaf-list key-exchange-alg { + type identityref { + base key-exchange-alg-base; + } + ordered-by user; + description + "Acceptable key exchange algorithms in order of descending + preference. + + If this leaf-list is not configured (has zero elements) + the acceptable key exchange algorithms are implementation + defined."; + } + } + container encryption { + description + "Parameters regarding encryption."; + leaf-list encryption-alg { + type identityref { + base encryption-alg-base; + } + ordered-by user; + description + "Acceptable encryption algorithms in order of descending + preference. + + If this leaf-list is not configured (has zero elements) + the acceptable encryption algorithms are implementation + defined."; + } + } + container mac { + description + "Parameters regarding message authentication code (MAC)."; + leaf-list mac-alg { + type identityref { + base mac-alg-base; + } + ordered-by user; + description + "Acceptable MAC algorithms in order of descending + preference. + + If this leaf-list is not configured (has zero elements) + the acceptable MAC algorithms are implementation- + defined."; + } + } + } +}
\ No newline at end of file |