idnits 2.17.1 draft-ietf-netconf-crypto-types-08.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 124 has weird spacing: '...gorithm ide...' == Line 132 has weird spacing: '...lic-key bin...' == Line 144 has weird spacing: '...on-date iet...' == Line 149 has weird spacing: '...on-date iet...' == Line 153 has weird spacing: '...on-date iet...' == (6 more instances...) -- The document date (June 17, 2019) is 1775 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Possible downref: Non-RFC (?) normative reference: ref. 'ITU.X690.2015' -- Obsolete informational reference (is this intentional?): RFC 6125 (Obsoleted by RFC 9525) Summary: 0 errors (**), 0 flaws (~~), 7 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 NETCONF Working Group K. Watsen 3 Internet-Draft Watsen Networks 4 Intended status: Standards Track H. Wang 5 Expires: December 19, 2019 Huawei 6 June 17, 2019 8 Common YANG Data Types for Cryptography 9 draft-ietf-netconf-crypto-types-08 11 Abstract 13 This document defines YANG identities, typedefs, the groupings useful 14 for cryptographic applications. 16 Editorial Note (To be removed by RFC Editor) 18 This draft contains many placeholder values that need to be replaced 19 with finalized values at the time of publication. This note 20 summarizes all of the substitutions that are needed. No other RFC 21 Editor instructions are specified elsewhere in this document. 23 Artwork in this document contains shorthand references to drafts in 24 progress. Please apply the following replacements: 26 o "XXXX" --> the assigned RFC value for this draft 28 Artwork in this document contains placeholder values for the date of 29 publication of this draft. Please apply the following replacement: 31 o "2019-06-17" --> the publication date of this draft 33 The following Appendix section is to be removed prior to publication: 35 o Appendix B. Change Log 37 Status of This Memo 39 This Internet-Draft is submitted in full conformance with the 40 provisions of BCP 78 and BCP 79. 42 Internet-Drafts are working documents of the Internet Engineering 43 Task Force (IETF). Note that other groups may also distribute 44 working documents as Internet-Drafts. The list of current Internet- 45 Drafts is at https://datatracker.ietf.org/drafts/current/. 47 Internet-Drafts are draft documents valid for a maximum of six months 48 and may be updated, replaced, or obsoleted by other documents at any 49 time. It is inappropriate to use Internet-Drafts as reference 50 material or to cite them other than as "work in progress." 52 This Internet-Draft will expire on December 19, 2019. 54 Copyright Notice 56 Copyright (c) 2019 IETF Trust and the persons identified as the 57 document authors. All rights reserved. 59 This document is subject to BCP 78 and the IETF Trust's Legal 60 Provisions Relating to IETF Documents 61 (https://trustee.ietf.org/license-info) in effect on the date of 62 publication of this document. Please review these documents 63 carefully, as they describe your rights and restrictions with respect 64 to this document. Code Components extracted from this document must 65 include Simplified BSD License text as described in Section 4.e of 66 the Trust Legal Provisions and are provided without warranty as 67 described in the Simplified BSD License. 69 Table of Contents 71 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 72 2. The Crypto Types Module . . . . . . . . . . . . . . . . . . . 3 73 2.1. Tree Diagram . . . . . . . . . . . . . . . . . . . . . . 3 74 2.2. YANG Module . . . . . . . . . . . . . . . . . . . . . . . 5 75 3. Security Considerations . . . . . . . . . . . . . . . . . . . 41 76 3.1. Support for Algorithms . . . . . . . . . . . . . . . . . 41 77 3.2. No Support for CRMF . . . . . . . . . . . . . . . . . . . 42 78 3.3. Access to Data Nodes . . . . . . . . . . . . . . . . . . 42 79 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 43 80 4.1. The IETF XML Registry . . . . . . . . . . . . . . . . . . 43 81 4.2. The YANG Module Names Registry . . . . . . . . . . . . . 43 82 5. References . . . . . . . . . . . . . . . . . . . . . . . . . 44 83 5.1. Normative References . . . . . . . . . . . . . . . . . . 44 84 5.2. Informative References . . . . . . . . . . . . . . . . . 46 85 Appendix A. Examples . . . . . . . . . . . . . . . . . . . . . . 49 86 A.1. The "asymmetric-key-pair-with-certs-grouping" Grouping . 49 87 A.2. The "generate-certificate-signing-request" Action . . . . 51 88 A.3. The "certificate-expiration" Notification . . . . . . . . 52 89 Appendix B. Change Log . . . . . . . . . . . . . . . . . . . . . 53 90 B.1. I-D to 00 . . . . . . . . . . . . . . . . . . . . . . . . 53 91 B.2. 00 to 01 . . . . . . . . . . . . . . . . . . . . . . . . 53 92 B.3. 01 to 02 . . . . . . . . . . . . . . . . . . . . . . . . 53 93 B.4. 02 to 03 . . . . . . . . . . . . . . . . . . . . . . . . 54 94 B.5. 03 to 04 . . . . . . . . . . . . . . . . . . . . . . . . 54 95 B.6. 04 to 05 . . . . . . . . . . . . . . . . . . . . . . . . 55 96 B.7. 05 to 06 . . . . . . . . . . . . . . . . . . . . . . . . 55 97 B.8. 06 to 07 . . . . . . . . . . . . . . . . . . . . . . . . 55 98 B.9. 07 to 08 . . . . . . . . . . . . . . . . . . . . . . . . 56 99 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 56 100 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 56 102 1. Introduction 104 This document defines a YANG 1.1 [RFC7950] module specifying 105 identities, typedefs, and groupings useful for cryptography. 107 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 108 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 109 "OPTIONAL" in this document are to be interpreted as described in BCP 110 14 [RFC2119] [RFC8174] when, and only when, they appear in all 111 capitals, as shown here. 113 2. The Crypto Types Module 115 2.1. Tree Diagram 117 This section provides a tree diagram [RFC8340] for the "ietf-crypto- 118 types" module. Only the groupings as represented, as tree diagrams 119 have no means to represent identities or typedefs. 121 module: ietf-crypto-types 123 grouping symmetric-key-grouping: 124 +---- algorithm identityref 125 +---- (key-type) 126 +--:(key) 127 | +---- key? binary 128 +--:(hidden-key) 129 +---- hidden-key? empty 130 grouping public-key-grouping: 131 +---- algorithm asymmetric-key-algorithm-ref 132 +---- public-key binary 133 grouping asymmetric-key-pair-grouping: 134 +---- algorithm asymmetric-key-algorithm-ref 135 +---- public-key binary 136 +---- (private-key-type) 137 +--:(private-key) 138 | +---- private-key? binary 139 +--:(hidden-private-key) 140 +---- hidden-private-key? empty 141 grouping trust-anchor-cert-grouping: 142 +---- cert? trust-anchor-cert-cms 143 +---n certificate-expiration 144 +--ro expiration-date ietf-yang-types:date-and-time 146 grouping trust-anchor-certs-grouping: 147 +---- cert* trust-anchor-cert-cms 148 +---n certificate-expiration 149 +--ro expiration-date ietf-yang-types:date-and-time 150 grouping end-entity-cert-grouping: 151 +---- cert? end-entity-cert-cms 152 +---n certificate-expiration 153 +--ro expiration-date ietf-yang-types:date-and-time 154 grouping end-entity-certs-grouping: 155 +---- cert* end-entity-cert-cms 156 +---n certificate-expiration 157 +--ro expiration-date ietf-yang-types:date-and-time 158 grouping asymmetric-key-pair-with-cert-grouping: 159 +---- algorithm 160 | asymmetric-key-algorithm-ref 161 +---- public-key binary 162 +---- (private-key-type) 163 | +--:(private-key) 164 | | +---- private-key? binary 165 | +--:(hidden-private-key) 166 | +---- hidden-private-key? empty 167 +---- cert? end-entity-cert-cms 168 +---n certificate-expiration 169 +--ro expiration-date ietf-yang-types:date-and-time 170 +---x generate-certificate-signing-request 171 +---- input 172 | +---w subject binary 173 | +---w attributes? binary 174 +---- output 175 +--ro certificate-signing-request binary 176 grouping asymmetric-key-pair-with-certs-grouping: 177 +---- algorithm 178 | asymmetric-key-algorithm-ref 179 +---- public-key binary 180 +---- (private-key-type) 181 | +--:(private-key) 182 | | +---- private-key? binary 183 | +--:(hidden-private-key) 184 | +---- hidden-private-key? empty 185 +---- certificates 186 | +---- certificate* [name] 187 | +---- name string 188 | +---- cert? end-entity-cert-cms 189 | +---n certificate-expiration 190 | +--ro expiration-date ietf-yang-types:date-and-time 191 +---x generate-certificate-signing-request 192 +---- input 193 | +---w subject binary 194 | +---w attributes? binary 195 +---- output 196 +--ro certificate-signing-request binary 198 2.2. YANG Module 200 This module has normative references to [RFC2404], [RFC3565], 201 [RFC3686], [RFC4106], [RFC4253], [RFC4279], [RFC4309], [RFC4494], 202 [RFC4543], [RFC4868], [RFC5280], [RFC5652], [RFC5656], [RFC6187], 203 [RFC6991], [RFC7919], [RFC8268], [RFC8332], [RFC8341], [RFC8422], 204 [RFC8446], and [ITU.X690.2015]. 206 This module has an informational reference to [RFC2986], [RFC3174], 207 [RFC4493], [RFC5915], [RFC6125], [RFC6234], [RFC6239], [RFC6507], 208 [RFC8017], [RFC8032], [RFC8439]. 210 file "ietf-crypto-types@2019-06-17.yang" 212 module ietf-crypto-types { 213 yang-version 1.1; 214 namespace "urn:ietf:params:xml:ns:yang:ietf-crypto-types"; 215 prefix ct; 217 import ietf-yang-types { 218 prefix yang; 219 reference 220 "RFC 6991: Common YANG Data Types"; 221 } 223 import ietf-netconf-acm { 224 prefix nacm; 225 reference 226 "RFC 8341: Network Configuration Access Control Model"; 227 } 229 organization 230 "IETF NETCONF (Network Configuration) Working Group"; 232 contact 233 "WG Web: 234 WG List: 235 Author: Kent Watsen 236 Author: Wang Haiguang "; 238 description 239 "This module defines common YANG types for cryptographic 240 applications. 242 Copyright (c) 2019 IETF Trust and the persons identified 243 as authors of the code. All rights reserved. 245 Redistribution and use in source and binary forms, with 246 or without modification, is permitted pursuant to, and 247 subject to the license terms contained in, the Simplified 248 BSD License set forth in Section 4.c of the IETF Trust's 249 Legal Provisions Relating to IETF Documents 250 (https://trustee.ietf.org/license-info). 252 This version of this YANG module is part of RFC XXXX 253 (https://www.rfc-editor.org/info/rfcXXXX); see the RFC 254 itself for full legal notices.; 256 The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 257 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 258 'NOT RECOMMENDED', 'MAY', and 'OPTIONAL' in this document 259 are to be interpreted as described in BCP 14 (RFC 2119) 260 (RFC 8174) when, and only when, they appear in all 261 capitals, as shown here."; 263 revision 2019-06-17 { 264 description 265 "Initial version"; 266 reference 267 "RFC XXXX: Common YANG Data Types for Cryptography"; 268 } 270 /**************************************/ 271 /* Identities for Hash Algorithms */ 272 /**************************************/ 274 identity hash-algorithm { 275 description 276 "A base identity for hash algorithm verification."; 277 } 279 identity sha-224 { 280 base hash-algorithm; 281 description 282 "The SHA-224 algorithm."; 283 reference 284 "RFC 6234: US Secure Hash Algorithms."; 285 } 287 identity sha-256 { 288 base hash-algorithm; 289 description 290 "The SHA-256 algorithm."; 291 reference 292 "RFC 6234: US Secure Hash Algorithms."; 293 } 295 identity sha-384 { 296 base hash-algorithm; 297 description 298 "The SHA-384 algorithm."; 299 reference 300 "RFC 6234: US Secure Hash Algorithms."; 301 } 303 identity sha-512 { 304 base hash-algorithm; 305 description 306 "The SHA-512 algorithm."; 307 reference 308 "RFC 6234: US Secure Hash Algorithms."; 309 } 311 /***********************************************/ 312 /* Identities for Asymmetric Key Algorithms */ 313 /***********************************************/ 315 identity asymmetric-key-algorithm { 316 description 317 "Base identity from which all asymmetric key 318 encryption Algorithm."; 319 } 321 identity rsa1024 { 322 base asymmetric-key-algorithm; 323 description 324 "The RSA algorithm using a 1024-bit key."; 325 reference 326 "RFC 8017: 327 PKCS #1: RSA Cryptography Specifications Version 2.2."; 328 } 330 identity rsa2048 { 331 base asymmetric-key-algorithm; 332 description 333 "The RSA algorithm using a 2048-bit key."; 334 reference 335 "RFC 8017: 336 PKCS #1: RSA Cryptography Specifications Version 2.2."; 338 } 340 identity rsa3072 { 341 base asymmetric-key-algorithm; 342 description 343 "The RSA algorithm using a 3072-bit key."; 344 reference 345 "RFC 8017: 346 PKCS #1: RSA Cryptography Specifications Version 2.2."; 347 } 349 identity rsa4096 { 350 base asymmetric-key-algorithm; 351 description 352 "The RSA algorithm using a 4096-bit key."; 353 reference 354 "RFC 8017: 355 PKCS #1: RSA Cryptography Specifications Version 2.2."; 356 } 358 identity rsa7680 { 359 base asymmetric-key-algorithm; 360 description 361 "The RSA algorithm using a 7680-bit key."; 362 reference 363 "RFC 8017: 364 PKCS #1: RSA Cryptography Specifications Version 2.2."; 365 } 367 identity rsa15360 { 368 base asymmetric-key-algorithm; 369 description 370 "The RSA algorithm using a 15360-bit key."; 371 reference 372 "RFC 8017: 373 PKCS #1: RSA Cryptography Specifications Version 2.2."; 374 } 376 identity secp192r1 { 377 base asymmetric-key-algorithm; 378 description 379 "The ECDSA algorithm using a NIST P192 Curve."; 380 reference 381 "RFC 6090: 382 Fundamental Elliptic Curve Cryptography Algorithms. 383 RFC 5480: 384 Elliptic Curve Cryptography Subject Public Key Information."; 385 } 386 identity secp224r1 { 387 base asymmetric-key-algorithm; 388 description 389 "The ECDSA algorithm using a NIST P224 Curve."; 390 reference 391 "RFC 6090: 392 Fundamental Elliptic Curve Cryptography Algorithms. 393 RFC 5480: 394 Elliptic Curve Cryptography Subject Public Key Information."; 395 } 397 identity secp256r1 { 398 base asymmetric-key-algorithm; 399 description 400 "The ECDSA algorithm using a NIST P256 Curve."; 401 reference 402 "RFC 6090: 403 Fundamental Elliptic Curve Cryptography Algorithms. 404 RFC 5480: 405 Elliptic Curve Cryptography Subject Public Key Information."; 406 } 408 identity secp384r1 { 409 base asymmetric-key-algorithm; 410 description 411 "The ECDSA algorithm using a NIST P384 Curve."; 412 reference 413 "RFC 6090: 414 Fundamental Elliptic Curve Cryptography Algorithms. 415 RFC 5480: 416 Elliptic Curve Cryptography Subject Public Key Information."; 417 } 419 identity secp521r1 { 420 base asymmetric-key-algorithm; 421 description 422 "The ECDSA algorithm using a NIST P521 Curve."; 423 reference 424 "RFC 6090: 425 Fundamental Elliptic Curve Cryptography Algorithms. 426 RFC 5480: 427 Elliptic Curve Cryptography Subject Public Key Information."; 428 } 430 /*************************************/ 431 /* Identities for MAC Algorithms */ 432 /*************************************/ 433 identity mac-algorithm { 434 description 435 "A base identity for mac generation."; 436 } 438 identity hmac-sha1 { 439 base mac-algorithm; 440 description 441 "Generating MAC using SHA1 hash function"; 442 reference 443 "RFC 3174: US Secure Hash Algorithm 1 (SHA1)"; 444 } 446 identity hmac-sha1-96 { 447 base mac-algorithm; 448 description 449 "Generating MAC using SHA1 hash function"; 450 reference 451 "RFC 2404: The Use of HMAC-SHA-1-96 within ESP and AH"; 452 } 454 identity hmac-sha2-224 { 455 base mac-algorithm; 456 description 457 "Generating MAC using SHA2 hash function"; 458 reference 459 "RFC 6234: 460 US Secure Hash Algorithms (SHA and SHA-based HMAC and 461 HKDF)"; 462 } 464 identity hmac-sha2-256 { 465 base mac-algorithm; 466 description 467 "Generating MAC using SHA2 hash function"; 468 reference 469 "RFC 6234: 470 US Secure Hash Algorithms (SHA and SHA-based HMAC and 471 HKDF)"; 472 } 474 identity hmac-sha2-256-128 { 475 base mac-algorithm; 476 description 477 "Generating a 256 bits MAC using SHA2 hash function and 478 truncate it to 128 bits"; 479 reference 480 "RFC 4868: 482 Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 483 with IPsec"; 484 } 486 identity hmac-sha2-384 { 487 base mac-algorithm; 488 description 489 "Generating MAC using SHA2 hash function"; 490 reference 491 "RFC 6234: 492 US Secure Hash Algorithms (SHA and SHA-based HMAC and 493 HKDF)"; 494 } 496 identity hmac-sha2-384-192 { 497 base mac-algorithm; 498 description 499 "Generating a 384 bits MAC using SHA2 hash function and 500 truncate it to 192 bits"; 501 reference 502 "RFC 4868: 503 Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 with 504 IPsec"; 505 } 507 identity hmac-sha2-512 { 508 base mac-algorithm; 509 description 510 "Generating MAC using SHA2 hash function"; 511 reference 512 "RFC 6234: 513 US Secure Hash Algorithms (SHA and SHA-based HMAC and 514 HKDF)"; 515 } 517 identity hmac-sha2-512-256 { 518 base mac-algorithm; 519 description 520 "Generating a 512 bits MAC using SHA2 hash function and 521 truncating it to 256 bits"; 522 reference 523 "RFC 4868: 524 Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 with 525 IPsec"; 526 } 528 identity aes-128-gmac { 529 base mac-algorithm; 530 description 531 "Generating MAC using the Advanced Encryption Standard (AES) 532 Galois Message Authentication Code (GMAC) as a mechanism to 533 provide data origin authentication"; 534 reference 535 "RFC 4543: 536 The Use of Galois Message Authentication Code (GMAC) in 537 IPsec ESP and AH"; 538 } 540 identity aes-192-gmac { 541 base mac-algorithm; 542 description 543 "Generating MAC using the Advanced Encryption Standard (AES) 544 Galois Message Authentication Code (GMAC) as a mechanism to 545 provide data origin authentication"; 546 reference 547 "RFC 4543: 548 The Use of Galois Message Authentication Code (GMAC) in 549 IPsec ESP and AH"; 550 } 552 identity aes-256-gmac { 553 base mac-algorithm; 554 description 555 "Generating MAC using the Advanced Encryption Standard (AES) 556 Galois Message Authentication Code (GMAC) as a mechanism to 557 provide data origin authentication"; 558 reference 559 "RFC 4543: 560 The Use of Galois Message Authentication Code (GMAC) in 561 IPsec ESP and AH"; 562 } 564 identity aes-cmac-96 { 565 base mac-algorithm; 566 description 567 "Generating MAC using Advanced Encryption Standard (AES) 568 Cipher-based Message Authentication Code (CMAC)"; 569 reference 570 "RFC 4494: The AES-CMAC-96 Algorithm and its Use with IPsec"; 571 } 573 identity aes-cmac-128 { 574 base mac-algorithm; 575 description 576 "Generating MAC using Advanced Encryption Standard (AES) 577 Cipher-based Message Authentication Code (CMAC)"; 579 reference 580 "RFC 4493: The AES-CMAC Algorithm"; 581 } 583 /********************************************/ 584 /* Identities for Encryption Algorithms */ 585 /********************************************/ 587 identity encryption-algorithm { 588 description 589 "A base identity for encryption algorithm."; 590 } 592 identity aes-128-cbc { 593 base encryption-algorithm; 594 description 595 "Encrypt message with AES algorithm in CBC mode with a key 596 length of 128 bits"; 597 reference 598 "RFC 3565: 599 Use of the Advanced Encryption Standard (AES) Encryption 600 Algorithm in Cryptographic Message Syntax (CMS)"; 601 } 603 identity aes-192-cbc { 604 base encryption-algorithm; 605 description 606 "Encrypt message with AES algorithm in CBC mode with a key 607 length of 192 bits"; 608 reference 609 "RFC 3565: 610 Use of the Advanced Encryption Standard (AES) Encryption 611 Algorithm in Cryptographic Message Syntax (CMS)"; 612 } 614 identity aes-256-cbc { 615 base encryption-algorithm; 616 description 617 "Encrypt message with AES algorithm in CBC mode with a key 618 length of 256 bits"; 619 reference 620 "RFC 3565: 621 Use of the Advanced Encryption Standard (AES) Encryption 622 Algorithm in Cryptographic Message Syntax (CMS)"; 623 } 625 identity aes-128-ctr { 626 base encryption-algorithm; 627 description 628 "Encrypt message with AES algorithm in CTR mode with a key 629 length of 128 bits"; 630 reference 631 "RFC 3686: 632 Using Advanced Encryption Standard (AES) Counter Mode with 633 IPsec Encapsulating Security Payload (ESP)"; 634 } 636 identity aes-192-ctr { 637 base encryption-algorithm; 638 description 639 "Encrypt message with AES algorithm in CTR mode with a key 640 length of 192 bits"; 641 reference 642 "RFC 3686: 643 Using Advanced Encryption Standard (AES) Counter Mode with 644 IPsec Encapsulating Security Payload (ESP)"; 645 } 647 identity aes-256-ctr { 648 base encryption-algorithm; 649 description 650 "Encrypt message with AES algorithm in CTR mode with a key 651 length of 256 bits"; 652 reference 653 "RFC 3686: 654 Using Advanced Encryption Standard (AES) Counter Mode with 655 IPsec Encapsulating Security Payload (ESP)"; 656 } 658 /****************************************************/ 659 /* Identities for Encryption and MAC Algorithms */ 660 /****************************************************/ 662 identity encryption-and-mac-algorithm { 663 description 664 "A base identity for encryption and MAC algorithm."; 665 } 667 identity aes-128-ccm { 668 base encryption-and-mac-algorithm; 669 description 670 "Encrypt message with AES algorithm in CCM mode with a key 671 length of 128 bits; it can also be used for generating MAC"; 672 reference 673 "RFC 4309: 674 Using Advanced Encryption Standard (AES) CCM Mode with 675 IPsec Encapsulating Security Payload (ESP)"; 676 } 678 identity aes-192-ccm { 679 base encryption-and-mac-algorithm; 680 description 681 "Encrypt message with AES algorithm in CCM mode with a key 682 length of 192 bits; it can also be used for generating MAC"; 683 reference 684 "RFC 4309: 685 Using Advanced Encryption Standard (AES) CCM Mode with 686 IPsec Encapsulating Security Payload (ESP)"; 687 } 689 identity aes-256-ccm { 690 base encryption-and-mac-algorithm; 691 description 692 "Encrypt message with AES algorithm in CCM mode with a key 693 length of 256 bits; it can also be used for generating MAC"; 694 reference 695 "RFC 4309: 696 Using Advanced Encryption Standard (AES) CCM Mode with 697 IPsec Encapsulating Security Payload (ESP)"; 698 } 700 identity aes-128-gcm { 701 base encryption-and-mac-algorithm; 702 description 703 "Encrypt message with AES algorithm in GCM mode with a key 704 length of 128 bits; it can also be used for generating MAC"; 705 reference 706 "RFC 4106: 707 The Use of Galois/Counter Mode (GCM) in IPsec Encapsulating 708 Security Payload (ESP)"; 709 } 711 identity aes-192-gcm { 712 base encryption-and-mac-algorithm; 713 description 714 "Encrypt message with AES algorithm in GCM mode with a key 715 length of 192 bits; it can also be used for generating MAC"; 716 reference 717 "RFC 4106: 718 The Use of Galois/Counter Mode (GCM) in IPsec Encapsulating 719 Security Payload (ESP)"; 720 } 722 identity mac-aes-256-gcm { 723 base encryption-and-mac-algorithm; 724 description 725 "Encrypt message with AES algorithm in GCM mode with a key 726 length of 128 bits; it can also be used for generating MAC"; 727 reference 728 "RFC 4106: 729 The Use of Galois/Counter Mode (GCM) in IPsec Encapsulating 730 Security Payload (ESP)"; 731 } 733 identity chacha20-poly1305 { 734 base encryption-and-mac-algorithm; 735 description 736 "Encrypt message with chacha20 algorithm and generate MAC with 737 POLY1305; it can also be used for generating MAC"; 738 reference 739 "RFC 8439: ChaCha20 and Poly1305 for IETF Protocols"; 740 } 742 /******************************************/ 743 /* Identities for signature algorithm */ 744 /******************************************/ 746 identity signature-algorithm { 747 description 748 "A base identity for asymmetric key encryption algorithm."; 749 } 751 identity dsa-sha1 { 752 base signature-algorithm; 753 description 754 "The signature algorithm using DSA algorithm with SHA1 hash 755 algorithm"; 756 reference 757 "RFC 4253: The Secure Shell (SSH) Transport Layer Protocol"; 758 } 760 identity rsassa-pkcs1-sha1 { 761 base signature-algorithm; 762 description 763 "The signature algorithm using RSASSA-PKCS1-v1_5 with the SHA1 764 hash algorithm."; 765 reference 766 "RFC 4253: The Secure Shell (SSH) Transport Layer Protocol"; 767 } 769 identity rsassa-pkcs1-sha256 { 770 base signature-algorithm; 771 description 772 "The signature algorithm using RSASSA-PKCS1-v1_5 with the 773 SHA256 hash algorithm."; 774 reference 775 "RFC 8332: 776 Use of RSA Keys with SHA-256 and SHA-512 in the Secure Shell 777 (SSH) Protocol 778 RFC 8446: 779 The Transport Layer Security (TLS) Protocol Version 1.3"; 780 } 782 identity rsassa-pkcs1-sha384 { 783 base signature-algorithm; 784 description 785 "The signature algorithm using RSASSA-PKCS1-v1_5 with the 786 SHA384 hash algorithm."; 787 reference 788 "RFC 8446: 789 The Transport Layer Security (TLS) Protocol Version 1.3"; 790 } 792 identity rsassa-pkcs1-sha512 { 793 base signature-algorithm; 794 description 795 "The signature algorithm using RSASSA-PKCS1-v1_5 with the 796 SHA512 hash algorithm."; 797 reference 798 "RFC 8332: 799 Use of RSA Keys with SHA-256 and SHA-512 in the Secure Shell 800 (SSH) Protocol 801 RFC 8446: 802 The Transport Layer Security (TLS) Protocol Version 1.3"; 803 } 805 identity rsassa-pss-rsae-sha256 { 806 base signature-algorithm; 807 description 808 "The signature algorithm using RSASSA-PSS with mask generation 809 function 1 and SHA256 hash algorithm. If the public key is 810 carried in an X.509 certificate, it MUST use the rsaEncryption 811 OID"; 812 reference 813 "RFC 8446: 814 The Transport Layer Security (TLS) Protocol Version 1.3"; 815 } 817 identity rsassa-pss-rsae-sha384 { 818 base signature-algorithm; 819 description 820 "The signature algorithm using RSASSA-PSS with mask generation 821 function 1 and SHA384 hash algorithm. If the public key is 822 carried in an X.509 certificate, it MUST use the rsaEncryption 823 OID"; 824 reference 825 "RFC 8446: 826 The Transport Layer Security (TLS) Protocol Version 1.3"; 827 } 829 identity rsassa-pss-rsae-sha512 { 830 base signature-algorithm; 831 description 832 "The signature algorithm using RSASSA-PSS with mask generation 833 function 1 and SHA512 hash algorithm. If the public key is 834 carried in an X.509 certificate, it MUST use the rsaEncryption 835 OID"; 836 reference 837 "RFC 8446: 838 The Transport Layer Security (TLS) Protocol Version 1.3"; 839 } 841 identity rsassa-pss-pss-sha256 { 842 base signature-algorithm; 843 description 844 "The signature algorithm using RSASSA-PSS with mask generation 845 function 1 and SHA256 hash algorithm. If the public key is 846 carried in an X.509 certificate, it MUST use the RSASSA-PSS 847 OID"; 848 reference 849 "RFC 8446: 850 The Transport Layer Security (TLS) Protocol Version 1.3"; 851 } 853 identity rsassa-pss-pss-sha384 { 854 base signature-algorithm; 855 description 856 "The signature algorithm using RSASSA-PSS with mask generation 857 function 1 and SHA256 hash algorithm. If the public key is 858 carried in an X.509 certificate, it MUST use the RSASSA-PSS 859 OID"; 860 reference 861 "RFC 8446: 862 The Transport Layer Security (TLS) Protocol Version 1.3"; 863 } 865 identity rsassa-pss-pss-sha512 { 866 base signature-algorithm; 867 description 868 "The signature algorithm using RSASSA-PSS with mask generation 869 function 1 and SHA256 hash algorithm. If the public key is 870 carried in an X.509 certificate, it MUST use the RSASSA-PSS 871 OID"; 872 reference 873 "RFC 8446: 874 The Transport Layer Security (TLS) Protocol Version 1.3"; 875 } 877 identity ecdsa-secp256r1-sha256 { 878 base signature-algorithm; 879 description 880 "The signature algorithm using ECDSA with curve name secp256r1 881 and SHA256 hash algorithm."; 882 reference 883 "RFC 5656: Elliptic Curve Algorithm Integration in the 884 Secure Shell Transport Layer 885 RFC 8446: 886 The Transport Layer Security (TLS) Protocol Version 1.3"; 887 } 889 identity ecdsa-secp384r1-sha384 { 890 base signature-algorithm; 891 description 892 "The signature algorithm using ECDSA with curve name secp384r1 893 and SHA384 hash algorithm."; 894 reference 895 "RFC 5656: Elliptic Curve Algorithm Integration in the 896 Secure Shell Transport Layer 897 RFC 8446: 898 The Transport Layer Security (TLS) Protocol Version 1.3"; 899 } 901 identity ecdsa-secp521r1-sha512 { 902 base signature-algorithm; 903 description 904 "The signature algorithm using ECDSA with curve name secp521r1 905 and SHA512 hash algorithm."; 906 reference 907 "RFC 5656: Elliptic Curve Algorithm Integration in the 908 Secure Shell Transport Layer 909 RFC 8446: 910 The Transport Layer Security (TLS) Protocol Version 1.3"; 911 } 913 identity ed25519 { 914 base signature-algorithm; 915 description 916 "The signature algorithm using EdDSA as defined in RFC 8032 or 917 its successors."; 918 reference 919 "RFC 8032: Edwards-Curve Digital Signature Algorithm (EdDSA)"; 920 } 922 identity ed448 { 923 base signature-algorithm; 924 description 925 "The signature algorithm using EdDSA as defined in RFC 8032 or 926 its successors."; 927 reference 928 "RFC 8032: Edwards-Curve Digital Signature Algorithm (EdDSA)"; 929 } 931 identity eccsi { 932 base signature-algorithm; 933 description 934 "The signature algorithm using ECCSI signature as defined in 935 RFC 6507."; 936 reference 937 "RFC 6507: 938 Elliptic Curve-Based Certificateless Signatures for 939 Identity-based Encryption (ECCSI)"; 940 } 942 /**********************************************/ 943 /* Identities for key exchange algorithms */ 944 /**********************************************/ 946 identity key-exchange-algorithm { 947 description 948 "A base identity for Diffie-Hellman based key exchange 949 algorithm."; 950 } 952 identity psk-only { 953 base key-exchange-algorithm; 954 description 955 "Using Pre-shared key for authentication and key exchange"; 956 reference 957 "RFC 4279: 958 Pre-Shared Key cipher suites for Transport Layer Security 959 (TLS)"; 960 } 962 identity dhe-ffdhe2048 { 963 base key-exchange-algorithm; 964 description 965 "Ephemeral Diffie Hellman key exchange with 2048 bit 966 finite field"; 967 reference 968 "RFC 7919: 969 Negotiated Finite Field Diffie-Hellman Ephemeral Parameters 970 for Transport Layer Security (TLS)"; 971 } 973 identity dhe-ffdhe3072 { 974 base key-exchange-algorithm; 975 description 976 "Ephemeral Diffie Hellman key exchange with 3072 bit finite 977 field"; 978 reference 979 "RFC 7919: 980 Negotiated Finite Field Diffie-Hellman Ephemeral Parameters 981 for Transport Layer Security (TLS)"; 982 } 984 identity dhe-ffdhe4096 { 985 base key-exchange-algorithm; 986 description 987 "Ephemeral Diffie Hellman key exchange with 4096 bit 988 finite field"; 989 reference 990 "RFC 7919: 991 Negotiated Finite Field Diffie-Hellman Ephemeral Parameters 992 for Transport Layer Security (TLS)"; 993 } 995 identity dhe-ffdhe6144 { 996 base key-exchange-algorithm; 997 description 998 "Ephemeral Diffie Hellman key exchange with 6144 bit 999 finite field"; 1000 reference 1001 "RFC 7919: 1002 Negotiated Finite Field Diffie-Hellman Ephemeral Parameters 1003 for Transport Layer Security (TLS)"; 1004 } 1006 identity dhe-ffdhe8192 { 1007 base key-exchange-algorithm; 1008 description 1009 "Ephemeral Diffie Hellman key exchange with 8192 bit 1010 finite field"; 1012 reference 1013 "RFC 7919: 1014 Negotiated Finite Field Diffie-Hellman Ephemeral Parameters 1015 for Transport Layer Security (TLS)"; 1016 } 1018 identity psk-dhe-ffdhe2048 { 1019 base key-exchange-algorithm; 1020 description 1021 "Key exchange using pre-shared key with Diffie-Hellman key 1022 generation mechanism, where the DH group is FFDHE2048"; 1023 reference 1024 "RFC 8446: 1025 The Transport Layer Security (TLS) Protocol Version 1.3"; 1026 } 1028 identity psk-dhe-ffdhe3072 { 1029 base key-exchange-algorithm; 1030 description 1031 "Key exchange using pre-shared key with Diffie-Hellman key 1032 generation mechanism, where the DH group is FFDHE3072"; 1033 reference 1034 "RFC 8446: 1035 The Transport Layer Security (TLS) Protocol Version 1.3"; 1036 } 1038 identity psk-dhe-ffdhe4096 { 1039 base key-exchange-algorithm; 1040 description 1041 "Key exchange using pre-shared key with Diffie-Hellman key 1042 generation mechanism, where the DH group is FFDHE4096"; 1043 reference 1044 "RFC 8446: 1045 The Transport Layer Security (TLS) Protocol Version 1.3"; 1046 } 1048 identity psk-dhe-ffdhe6144 { 1049 base key-exchange-algorithm; 1050 description 1051 "Key exchange using pre-shared key with Diffie-Hellman key 1052 generation mechanism, where the DH group is FFDHE6144"; 1053 reference 1054 "RFC 8446: 1055 The Transport Layer Security (TLS) Protocol Version 1.3"; 1056 } 1058 identity psk-dhe-ffdhe8192 { 1059 base key-exchange-algorithm; 1060 description 1061 "Key exchange using pre-shared key with Diffie-Hellman key 1062 generation mechanism, where the DH group is FFDHE8192"; 1063 reference 1064 "RFC 8446: 1065 The Transport Layer Security (TLS) Protocol Version 1.3"; 1066 } 1068 identity ecdhe-secp256r1 { 1069 base key-exchange-algorithm; 1070 description 1071 "Ephemeral Diffie Hellman key exchange with elliptic group 1072 over curve secp256r1"; 1073 reference 1074 "RFC 8422: 1075 Elliptic Curve Cryptography (ECC) Cipher Suites for 1076 Transport Layer Security (TLS) Versions 1.2 and Earlier"; 1077 } 1079 identity ecdhe-secp384r1 { 1080 base key-exchange-algorithm; 1081 description 1082 "Ephemeral Diffie Hellman key exchange with elliptic group 1083 over curve secp384r1"; 1084 reference 1085 "RFC 8422: 1086 Elliptic Curve Cryptography (ECC) Cipher Suites for 1087 Transport Layer Security (TLS) Versions 1.2 and Earlier"; 1088 } 1090 identity ecdhe-secp521r1 { 1091 base key-exchange-algorithm; 1092 description 1093 "Ephemeral Diffie Hellman key exchange with elliptic group 1094 over curve secp521r1"; 1095 reference 1096 "RFC 8422: 1097 Elliptic Curve Cryptography (ECC) Cipher Suites for 1098 Transport Layer Security (TLS) Versions 1.2 and Earlier"; 1099 } 1101 identity ecdhe-x25519 { 1102 base key-exchange-algorithm; 1103 description 1104 "Ephemeral Diffie Hellman key exchange with elliptic group 1105 over curve x25519"; 1106 reference 1107 "RFC 8422: 1109 Elliptic Curve Cryptography (ECC) Cipher Suites for 1110 Transport Layer Security (TLS) Versions 1.2 and Earlier"; 1111 } 1113 identity ecdhe-x448 { 1114 base key-exchange-algorithm; 1115 description 1116 "Ephemeral Diffie Hellman key exchange with elliptic group 1117 over curve x448"; 1118 reference 1119 "RFC 8422: 1120 Elliptic Curve Cryptography (ECC) Cipher Suites for 1121 Transport Layer Security (TLS) Versions 1.2 and Earlier"; 1122 } 1124 identity psk-ecdhe-secp256r1 { 1125 base key-exchange-algorithm; 1126 description 1127 "Key exchange using pre-shared key with elliptic group-based 1128 Ephemeral Diffie Hellman key exchange over curve secp256r1"; 1129 reference 1130 "RFC 8446: 1131 The Transport Layer Security (TLS) Protocol Version 1.3"; 1132 } 1134 identity psk-ecdhe-secp384r1 { 1135 base key-exchange-algorithm; 1136 description 1137 "Key exchange using pre-shared key with elliptic group-based 1138 Ephemeral Diffie Hellman key exchange over curve secp384r1"; 1139 reference 1140 "RFC 8446: 1141 The Transport Layer Security (TLS) Protocol Version 1.3"; 1142 } 1144 identity psk-ecdhe-secp521r1 { 1145 base key-exchange-algorithm; 1146 description 1147 "Key exchange using pre-shared key with elliptic group-based 1148 Ephemeral Diffie Hellman key exchange over curve secp521r1"; 1149 reference 1150 "RFC 8446: 1151 The Transport Layer Security (TLS) Protocol Version 1.3"; 1152 } 1154 identity psk-ecdhe-x25519 { 1155 base key-exchange-algorithm; 1156 description 1157 "Key exchange using pre-shared key with elliptic group-based 1158 Ephemeral Diffie Hellman key exchange over curve x25519"; 1159 reference 1160 "RFC 8446: 1161 The Transport Layer Security (TLS) Protocol Version 1.3"; 1162 } 1164 identity psk-ecdhe-x448 { 1165 base key-exchange-algorithm; 1166 description 1167 "Key exchange using pre-shared key with elliptic group-based 1168 Ephemeral Diffie Hellman key exchange over curve x448"; 1169 reference 1170 "RFC 8446: 1171 The Transport Layer Security (TLS) Protocol Version 1.3"; 1172 } 1174 identity diffie-hellman-group14-sha1 { 1175 base key-exchange-algorithm; 1176 description 1177 "Using DH group14 and SHA1 for key exchange"; 1178 reference 1179 "RFC 4253: The Secure Shell (SSH) Transport Layer Protocol"; 1180 } 1182 identity diffie-hellman-group14-sha256 { 1183 base key-exchange-algorithm; 1184 description 1185 "Using DH group14 and SHA256 for key exchange"; 1186 reference 1187 "RFC 8268: 1188 More Modular Exponentiation (MODP) Diffie-Hellman (DH) 1189 Key Exchange (KEX) Groups for Secure Shell (SSH)"; 1190 } 1192 identity diffie-hellman-group15-sha512 { 1193 base key-exchange-algorithm; 1194 description 1195 "Using DH group15 and SHA512 for key exchange"; 1196 reference 1197 "RFC 8268: 1198 More Modular Exponentiation (MODP) Diffie-Hellman (DH) 1199 Key Exchange (KEX) Groups for Secure Shell (SSH)"; 1200 } 1202 identity diffie-hellman-group16-sha512 { 1203 base key-exchange-algorithm; 1204 description 1205 "Using DH group16 and SHA512 for key exchange"; 1206 reference 1207 "RFC 8268: 1208 More Modular Exponentiation (MODP) Diffie-Hellman (DH) 1209 Key Exchange (KEX) Groups for Secure Shell (SSH)"; 1210 } 1212 identity diffie-hellman-group17-sha512 { 1213 base key-exchange-algorithm; 1214 description 1215 "Using DH group17 and SHA512 for key exchange"; 1216 reference 1217 "RFC 8268: 1218 More Modular Exponentiation (MODP) Diffie-Hellman (DH) 1219 Key Exchange (KEX) Groups for Secure Shell (SSH)"; 1220 } 1222 identity diffie-hellman-group18-sha512 { 1223 base key-exchange-algorithm; 1224 description 1225 "Using DH group18 and SHA512 for key exchange"; 1226 reference 1227 "RFC 8268: 1228 More Modular Exponentiation (MODP) Diffie-Hellman (DH) 1229 Key Exchange (KEX) Groups for Secure Shell (SSH)"; 1230 } 1232 identity ecdh-sha2-secp256r1 { 1233 base key-exchange-algorithm; 1234 description 1235 "Elliptic curve-based Diffie Hellman key exchange over curve 1236 secp256r1 and using SHA2 for MAC generation"; 1237 reference 1238 "RFC 6239: Suite B Cryptographic Suites for Secure Shell 1239 (SSH)"; 1240 } 1242 identity ecdh-sha2-secp384r1 { 1243 base key-exchange-algorithm; 1244 description 1245 "Elliptic curve-based Diffie Hellman key exchange over curve 1246 secp384r1 and using SHA2 for MAC generation"; 1247 reference 1248 "RFC 6239: Suite B Cryptographic Suites for Secure Shell 1249 (SSH)"; 1250 } 1252 identity rsaes-oaep { 1253 base key-exchange-algorithm; 1254 description 1255 "RSAES-OAEP combines the RSAEP and RSADP primitives with the 1256 EME-OAEP encoding method"; 1257 reference 1258 "RFC 8017: 1259 PKCS #1: RSA Cryptography Specifications Version 2.2."; 1260 } 1262 identity rsaes-pkcs1-v1_5 { 1263 base key-exchange-algorithm; 1264 description 1265 " RSAES-PKCS1-v1_5 combines the RSAEP and RSADP primitives 1266 with the EME-PKCS1-v1_5 encoding method"; 1267 reference 1268 "RFC 8017: 1269 PKCS #1: RSA Cryptography Specifications Version 2.2."; 1270 } 1272 /**********************************************************/ 1273 /* Typedefs for identityrefs to above base identities */ 1274 /**********************************************************/ 1276 typedef hash-algorithm-ref { 1277 type identityref { 1278 base hash-algorithm; 1279 } 1280 description 1281 "This typedef enables importing modules to easily define an 1282 identityref to the 'hash-algorithm' base identity."; 1283 } 1285 typedef signature-algorithm-ref { 1286 type identityref { 1287 base signature-algorithm; 1288 } 1289 description 1290 "This typedef enables importing modules to easily define an 1291 identityref to the 'signature-algorithm' base identity."; 1292 } 1294 typedef mac-algorithm-ref { 1295 type identityref { 1296 base mac-algorithm; 1297 } 1298 description 1299 "This typedef enables importing modules to easily define an 1300 identityref to the 'mac-algorithm' base identity."; 1302 } 1304 typedef encryption-algorithm-ref { 1305 type identityref { 1306 base encryption-algorithm; 1307 } 1308 description 1309 "This typedef enables importing modules to easily define an 1310 identityref to the 'encryption-algorithm' 1311 base identity."; 1312 } 1314 typedef encryption-and-mac-algorithm-ref { 1315 type identityref { 1316 base encryption-and-mac-algorithm; 1317 } 1318 description 1319 "This typedef enables importing modules to easily define an 1320 identityref to the 'encryption-and-mac-algorithm' 1321 base identity."; 1322 } 1324 typedef asymmetric-key-algorithm-ref { 1325 type identityref { 1326 base asymmetric-key-algorithm; 1327 } 1328 description 1329 "This typedef enables importing modules to easily define an 1330 identityref to the 'asymmetric-key-algorithm' 1331 base identity."; 1332 } 1334 typedef key-exchange-algorithm-ref { 1335 type identityref { 1336 base key-exchange-algorithm; 1337 } 1338 description 1339 "This typedef enables importing modules to easily define an 1340 identityref to the 'key-exchange-algorithm' base identity."; 1341 } 1343 /***************************************************/ 1344 /* Typedefs for ASN.1 structures from RFC 5280 */ 1345 /***************************************************/ 1347 typedef x509 { 1348 type binary; 1349 description 1350 "A Certificate structure, as specified in RFC 5280, 1351 encoded using ASN.1 distinguished encoding rules (DER), 1352 as specified in ITU-T X.690."; 1353 reference 1354 "RFC 5280: 1355 Internet X.509 Public Key Infrastructure Certificate 1356 and Certificate Revocation List (CRL) Profile 1357 ITU-T X.690: 1358 Information technology - ASN.1 encoding rules: 1359 Specification of Basic Encoding Rules (BER), 1360 Canonical Encoding Rules (CER) and Distinguished 1361 Encoding Rules (DER)."; 1362 } 1364 typedef crl { 1365 type binary; 1366 description 1367 "A CertificateList structure, as specified in RFC 5280, 1368 encoded using ASN.1 distinguished encoding rules (DER), 1369 as specified in ITU-T X.690."; 1370 reference 1371 "RFC 5280: 1372 Internet X.509 Public Key Infrastructure Certificate 1373 and Certificate Revocation List (CRL) Profile 1374 ITU-T X.690: 1375 Information technology - ASN.1 encoding rules: 1376 Specification of Basic Encoding Rules (BER), 1377 Canonical Encoding Rules (CER) and Distinguished 1378 Encoding Rules (DER)."; 1379 } 1381 /***********************************************/ 1382 /* Typedefs for ASN.1 structures from 5652 */ 1383 /***********************************************/ 1385 typedef cms { 1386 type binary; 1387 description 1388 "A ContentInfo structure, as specified in RFC 5652, 1389 encoded using ASN.1 distinguished encoding rules (DER), 1390 as specified in ITU-T X.690."; 1391 reference 1392 "RFC 5652: 1393 Cryptographic Message Syntax (CMS) 1394 ITU-T X.690: 1395 Information technology - ASN.1 encoding rules: 1396 Specification of Basic Encoding Rules (BER), 1397 Canonical Encoding Rules (CER) and Distinguished 1398 Encoding Rules (DER)."; 1399 } 1401 typedef data-content-cms { 1402 type cms; 1403 description 1404 "A CMS structure whose top-most content type MUST be the 1405 data content type, as described by Section 4 in RFC 5652."; 1406 reference 1407 "RFC 5652: Cryptographic Message Syntax (CMS)"; 1408 } 1410 typedef signed-data-cms { 1411 type cms; 1412 description 1413 "A CMS structure whose top-most content type MUST be the 1414 signed-data content type, as described by Section 5 in 1415 RFC 5652."; 1416 reference 1417 "RFC 5652: Cryptographic Message Syntax (CMS)"; 1418 } 1420 typedef enveloped-data-cms { 1421 type cms; 1422 description 1423 "A CMS structure whose top-most content type MUST be the 1424 enveloped-data content type, as described by Section 6 1425 in RFC 5652."; 1426 reference 1427 "RFC 5652: Cryptographic Message Syntax (CMS)"; 1428 } 1430 typedef digested-data-cms { 1431 type cms; 1432 description 1433 "A CMS structure whose top-most content type MUST be the 1434 digested-data content type, as described by Section 7 1435 in RFC 5652."; 1436 reference 1437 "RFC 5652: Cryptographic Message Syntax (CMS)"; 1438 } 1440 typedef encrypted-data-cms { 1441 type cms; 1442 description 1443 "A CMS structure whose top-most content type MUST be the 1444 encrypted-data content type, as described by Section 8 1445 in RFC 5652."; 1447 reference 1448 "RFC 5652: Cryptographic Message Syntax (CMS)"; 1449 } 1451 typedef authenticated-data-cms { 1452 type cms; 1453 description 1454 "A CMS structure whose top-most content type MUST be the 1455 authenticated-data content type, as described by Section 9 1456 in RFC 5652."; 1457 reference 1458 "RFC 5652: Cryptographic Message Syntax (CMS)"; 1459 } 1461 /***************************************************/ 1462 /* Typedefs for structures related to RFC 4253 */ 1463 /***************************************************/ 1465 typedef ssh-host-key { 1466 type binary; 1467 description 1468 "The binary public key data for this SSH key, as 1469 specified by RFC 4253, Section 6.6, i.e.: 1471 string certificate or public key format 1472 identifier 1473 byte[n] key/certificate data."; 1474 reference 1475 "RFC 4253: The Secure Shell (SSH) Transport Layer 1476 Protocol"; 1477 } 1479 /*********************************************************/ 1480 /* Typedefs for ASN.1 structures related to RFC 5280 */ 1481 /*********************************************************/ 1483 typedef trust-anchor-cert-x509 { 1484 type x509; 1485 description 1486 "A Certificate structure that MUST encode a self-signed 1487 root certificate."; 1488 } 1490 typedef end-entity-cert-x509 { 1491 type x509; 1492 description 1493 "A Certificate structure that MUST encode a certificate 1494 that is neither self-signed nor having Basic constraint 1495 CA true."; 1496 } 1498 /*********************************************************/ 1499 /* Typedefs for ASN.1 structures related to RFC 5652 */ 1500 /*********************************************************/ 1502 typedef trust-anchor-cert-cms { 1503 type signed-data-cms; 1504 description 1505 "A CMS SignedData structure that MUST contain the chain of 1506 X.509 certificates needed to authenticate the certificate 1507 presented by a client or end-entity. 1509 The CMS MUST contain only a single chain of certificates. 1510 The client or end-entity certificate MUST only authenticate 1511 to last intermediate CA certificate listed in the chain. 1513 In all cases, the chain MUST include a self-signed root 1514 certificate. In the case where the root certificate is 1515 itself the issuer of the client or end-entity certificate, 1516 only one certificate is present. 1518 This CMS structure MAY (as applicable where this type is 1519 used) also contain suitably fresh (as defined by local 1520 policy) revocation objects with which the device can 1521 verify the revocation status of the certificates. 1523 This CMS encodes the degenerate form of the SignedData 1524 structure that is commonly used to disseminate X.509 1525 certificates and revocation objects (RFC 5280)."; 1526 reference 1527 "RFC 5280: 1528 Internet X.509 Public Key Infrastructure Certificate 1529 and Certificate Revocation List (CRL) Profile."; 1530 } 1532 typedef end-entity-cert-cms { 1533 type signed-data-cms; 1534 description 1535 "A CMS SignedData structure that MUST contain the end 1536 entity certificate itself, and MAY contain any number 1537 of intermediate certificates leading up to a trust 1538 anchor certificate. The trust anchor certificate 1539 MAY be included as well. 1541 The CMS MUST contain a single end entity certificate. 1542 The CMS MUST NOT contain any spurious certificates. 1544 This CMS structure MAY (as applicable where this type is 1545 used) also contain suitably fresh (as defined by local 1546 policy) revocation objects with which the device can 1547 verify the revocation status of the certificates. 1549 This CMS encodes the degenerate form of the SignedData 1550 structure that is commonly used to disseminate X.509 1551 certificates and revocation objects (RFC 5280)."; 1552 reference 1553 "RFC 5280: 1554 Internet X.509 Public Key Infrastructure Certificate 1555 and Certificate Revocation List (CRL) Profile."; 1556 } 1558 /**********************************************/ 1559 /* Groupings for keys and/or certificates */ 1560 /**********************************************/ 1562 grouping symmetric-key-grouping { 1563 description 1564 "A symmetric key and algorithm."; 1565 leaf algorithm { 1566 type identityref { 1567 base "ct:encryption-algorithm"; 1568 } 1569 mandatory true; 1570 description 1571 "The algorithm to be used when generating the key."; 1572 reference 1573 "RFC CCCC: Common YANG Data Types for Cryptography"; 1574 } 1575 choice key-type { 1576 mandatory true; 1577 description 1578 "Choice between key types."; 1579 leaf key { 1580 nacm:default-deny-all; 1581 type binary; 1582 description 1583 "The binary value of the key. The interpretation of 1584 the value is defined by 'algorithm'. For example, 1585 FIXME."; 1586 reference 1587 "RFC XXXX: FIXME"; 1588 } 1589 leaf hidden-key { 1590 nacm:default-deny-write; 1591 type empty; 1592 description 1593 "A permanently hidden key. How such keys are created 1594 is outside the scope of this module."; 1595 } 1596 } 1597 } 1599 grouping public-key-grouping { 1600 description 1601 "A public key and its associated algorithm."; 1602 leaf algorithm { 1603 nacm:default-deny-write; 1604 type asymmetric-key-algorithm-ref; 1605 mandatory true; 1606 description 1607 "Identifies the key's algorithm."; 1608 reference 1609 "RFC CCCC: Common YANG Data Types for Cryptography"; 1610 } 1611 leaf public-key { 1612 nacm:default-deny-write; 1613 type binary; 1614 mandatory true; 1615 description 1616 "The binary value of the public key. The interpretation of 1617 the value is defined by 'algorithm'. For example, a DSA 1618 key is an integer, an RSA key is represented as RSAPublicKey 1619 per RFC 8017, and an ECC key is represented using the 1620 'publicKey' described in RFC 5915."; 1621 reference 1622 "RFC 8017: Public-Key Cryptography Standards (PKCS) #1: 1623 RSA Cryptography Specifications Version 2.2. 1624 RFC 5915: Elliptic Curve Private Key Structure."; 1625 } 1626 } 1628 grouping asymmetric-key-pair-grouping { 1629 description 1630 "A private key and its associated public key and algorithm."; 1631 uses public-key-grouping; 1632 choice private-key-type { 1633 mandatory true; 1634 description 1635 "Choice between key types."; 1636 leaf private-key { 1637 nacm:default-deny-all; 1638 type binary; 1639 description 1640 "The value of the binary key. The key's value is 1641 interpreted by the 'algorithm'. For example, a DSA key 1642 is an integer, an RSA key is represented as RSAPrivateKey 1643 as defined in RFC 8017, and an ECC key is represented as 1644 ECPrivateKey as defined in RFC 5915."; 1645 reference 1646 "RFC 8017: Public-Key Cryptography Standards (PKCS) #1: 1647 RSA Cryptography Specifications Version 2.2. 1648 RFC 5915: Elliptic Curve Private Key Structure."; 1649 } 1650 leaf hidden-private-key { 1651 nacm:default-deny-write; 1652 type empty; 1653 description 1654 "A permanently hidden key. How such keys are created 1655 is outside the scope of this module."; 1656 } 1657 } 1658 } 1660 grouping trust-anchor-cert-grouping { 1661 description 1662 "A trust anchor certificate, and a notification for when 1663 it is about to (or already has) expire."; 1664 leaf cert { 1665 nacm:default-deny-write; 1666 type trust-anchor-cert-cms; 1667 description 1668 "The binary certificate data for this certificate."; 1669 reference 1670 "RFC YYYY: Common YANG Data Types for Cryptography"; 1671 } 1672 notification certificate-expiration { 1673 description 1674 "A notification indicating that the configured certificate 1675 is either about to expire or has already expired. When to 1676 send notifications is an implementation specific decision, 1677 but it is RECOMMENDED that a notification be sent once a 1678 month for 3 months, then once a week for four weeks, and 1679 then once a day thereafter until the issue is resolved."; 1680 leaf expiration-date { 1681 type yang:date-and-time; 1682 mandatory true; 1683 description 1684 "Identifies the expiration date on the certificate."; 1685 } 1686 } 1687 } 1688 grouping trust-anchor-certs-grouping { 1689 description 1690 "A list of trust anchor certificates, and a notification 1691 for when one is about to (or already has) expire."; 1692 leaf-list cert { 1693 nacm:default-deny-write; 1694 type trust-anchor-cert-cms; 1695 description 1696 "The binary certificate data for this certificate."; 1697 reference 1698 "RFC YYYY: Common YANG Data Types for Cryptography"; 1699 } 1700 notification certificate-expiration { 1701 description 1702 "A notification indicating that the configured certificate 1703 is either about to expire or has already expired. When to 1704 send notifications is an implementation specific decision, 1705 but it is RECOMMENDED that a notification be sent once a 1706 month for 3 months, then once a week for four weeks, and 1707 then once a day thereafter until the issue is resolved."; 1708 leaf expiration-date { 1709 type yang:date-and-time; 1710 mandatory true; 1711 description 1712 "Identifies the expiration date on the certificate."; 1713 } 1714 } 1715 } 1717 grouping end-entity-cert-grouping { 1718 description 1719 "An end entity certificate, and a notification for when 1720 it is about to (or already has) expire. Implementations 1721 SHOULD assert that, where used, the end entity certificate 1722 contains the expected public key."; 1723 leaf cert { 1724 nacm:default-deny-write; 1725 type end-entity-cert-cms; 1726 description 1727 "The binary certificate data for this certificate."; 1728 reference 1729 "RFC YYYY: Common YANG Data Types for Cryptography"; 1730 } 1731 notification certificate-expiration { 1732 description 1733 "A notification indicating that the configured certificate 1734 is either about to expire or has already expired. When to 1735 send notifications is an implementation specific decision, 1736 but it is RECOMMENDED that a notification be sent once a 1737 month for 3 months, then once a week for four weeks, and 1738 then once a day thereafter until the issue is resolved."; 1739 leaf expiration-date { 1740 type yang:date-and-time; 1741 mandatory true; 1742 description 1743 "Identifies the expiration date on the certificate."; 1744 } 1745 } 1746 } 1748 grouping end-entity-certs-grouping { 1749 description 1750 "A list of end entity certificates, and a notification for 1751 when one is about to (or already has) expire."; 1752 leaf-list cert { 1753 nacm:default-deny-write; 1754 type end-entity-cert-cms; 1755 description 1756 "The binary certificate data for this certificate."; 1757 reference 1758 "RFC YYYY: Common YANG Data Types for Cryptography"; 1759 } 1760 notification certificate-expiration { 1761 description 1762 "A notification indicating that the configured certificate 1763 is either about to expire or has already expired. When to 1764 send notifications is an implementation specific decision, 1765 but it is RECOMMENDED that a notification be sent once a 1766 month for 3 months, then once a week for four weeks, and 1767 then once a day thereafter until the issue is resolved."; 1768 leaf expiration-date { 1769 type yang:date-and-time; 1770 mandatory true; 1771 description 1772 "Identifies the expiration date on the certificate."; 1773 } 1774 } 1775 } 1777 grouping asymmetric-key-pair-with-cert-grouping { 1778 description 1779 "A private/public key pair and an associated certificate. 1780 Implementations SHOULD assert that certificates contain 1781 the matching public key."; 1783 uses asymmetric-key-pair-grouping; 1784 uses end-entity-cert-grouping; 1786 action generate-certificate-signing-request { 1787 nacm:default-deny-all; 1788 description 1789 "Generates a certificate signing request structure for 1790 the associated asymmetric key using the passed subject 1791 and attribute values. The specified assertions need 1792 to be appropriate for the certificate's use. For 1793 example, an entity certificate for a TLS server 1794 SHOULD have values that enable clients to satisfy 1795 RFC 6125 processing."; 1796 input { 1797 leaf subject { 1798 type binary; 1799 mandatory true; 1800 description 1801 "The 'subject' field per the CertificationRequestInfo 1802 structure as specified by RFC 2986, Section 4.1 1803 encoded using the ASN.1 distinguished encoding 1804 rules (DER), as specified in ITU-T X.690."; 1805 reference 1806 "RFC 2986: 1807 PKCS #10: Certification Request Syntax 1808 Specification Version 1.7. 1809 ITU-T X.690: 1810 Information technology - ASN.1 encoding rules: 1811 Specification of Basic Encoding Rules (BER), 1812 Canonical Encoding Rules (CER) and Distinguished 1813 Encoding Rules (DER)."; 1814 } 1815 leaf attributes { 1816 type binary; // FIXME: does this need to be mandatory? 1817 description 1818 "The 'attributes' field from the structure 1819 CertificationRequestInfo as specified by RFC 2986, 1820 Section 4.1 encoded using the ASN.1 distinguished 1821 encoding rules (DER), as specified in ITU-T X.690."; 1822 reference 1823 "RFC 2986: 1824 PKCS #10: Certification Request Syntax 1825 Specification Version 1.7. 1826 ITU-T X.690: 1827 Information technology - ASN.1 encoding rules: 1828 Specification of Basic Encoding Rules (BER), 1829 Canonical Encoding Rules (CER) and Distinguished 1830 Encoding Rules (DER)."; 1831 } 1833 } 1834 output { 1835 leaf certificate-signing-request { 1836 type binary; 1837 mandatory true; 1838 description 1839 "A CertificationRequest structure as specified by 1840 RFC 2986, Section 4.2 encoded using the ASN.1 1841 distinguished encoding rules (DER), as specified 1842 in ITU-T X.690."; 1843 reference 1844 "RFC 2986: 1845 PKCS #10: Certification Request Syntax 1846 Specification Version 1.7. 1847 ITU-T X.690: 1848 Information technology - ASN.1 encoding rules: 1849 Specification of Basic Encoding Rules (BER), 1850 Canonical Encoding Rules (CER) and Distinguished 1851 Encoding Rules (DER)."; 1852 } 1853 } 1854 } // generate-certificate-signing-request 1855 } // asymmetric-key-pair-with-cert-grouping 1857 grouping asymmetric-key-pair-with-certs-grouping { 1858 description 1859 "A private/public key pair and associated certificates. 1860 Implementations SHOULD assert that certificates contain 1861 the matching public key."; 1862 uses asymmetric-key-pair-grouping; 1863 container certificates { 1864 nacm:default-deny-write; 1865 description 1866 "Certificates associated with this asymmetric key. 1867 More than one certificate supports, for instance, 1868 a TPM-protected asymmetric key that has both IDevID 1869 and LDevID certificates associated."; 1870 list certificate { 1871 key "name"; 1872 description 1873 "A certificate for this asymmetric key."; 1874 leaf name { 1875 type string; 1876 description 1877 "An arbitrary name for the certificate. If the name 1878 matches the name of a certificate that exists 1879 independently in (i.e., an IDevID), 1880 then the 'cert' node MUST NOT be configured."; 1881 } 1882 uses end-entity-cert-grouping; 1883 } 1884 } // certificates 1886 action generate-certificate-signing-request { 1887 nacm:default-deny-all; 1888 description 1889 "Generates a certificate signing request structure for 1890 the associated asymmetric key using the passed subject 1891 and attribute values. The specified assertions need 1892 to be appropriate for the certificate's use. For 1893 example, an entity certificate for a TLS server 1894 SHOULD have values that enable clients to satisfy 1895 RFC 6125 processing."; 1896 input { 1897 leaf subject { 1898 type binary; 1899 mandatory true; 1900 description 1901 "The 'subject' field per the CertificationRequestInfo 1902 structure as specified by RFC 2986, Section 4.1 1903 encoded using the ASN.1 distinguished encoding 1904 rules (DER), as specified in ITU-T X.690."; 1905 reference 1906 "RFC 2986: 1907 PKCS #10: Certification Request Syntax 1908 Specification Version 1.7. 1909 ITU-T X.690: 1910 Information technology - ASN.1 encoding rules: 1911 Specification of Basic Encoding Rules (BER), 1912 Canonical Encoding Rules (CER) and Distinguished 1913 Encoding Rules (DER)."; 1914 } 1915 leaf attributes { 1916 type binary; // FIXME: does this need to be mandatory? 1917 description 1918 "The 'attributes' field from the structure 1919 CertificationRequestInfo as specified by RFC 2986, 1920 Section 4.1 encoded using the ASN.1 distinguished 1921 encoding rules (DER), as specified in ITU-T X.690."; 1922 reference 1923 "RFC 2986: 1924 PKCS #10: Certification Request Syntax 1925 Specification Version 1.7. 1926 ITU-T X.690: 1927 Information technology - ASN.1 encoding rules: 1929 Specification of Basic Encoding Rules (BER), 1930 Canonical Encoding Rules (CER) and Distinguished 1931 Encoding Rules (DER)."; 1932 } 1933 } 1934 output { 1935 leaf certificate-signing-request { 1936 type binary; 1937 mandatory true; 1938 description 1939 "A CertificationRequest structure as specified by 1940 RFC 2986, Section 4.2 encoded using the ASN.1 1941 distinguished encoding rules (DER), as specified 1942 in ITU-T X.690."; 1943 reference 1944 "RFC 2986: 1945 PKCS #10: Certification Request Syntax 1946 Specification Version 1.7. 1947 ITU-T X.690: 1948 Information technology - ASN.1 encoding rules: 1949 Specification of Basic Encoding Rules (BER), 1950 Canonical Encoding Rules (CER) and Distinguished 1951 Encoding Rules (DER)."; 1952 } 1953 } 1954 } // generate-certificate-signing-request 1955 } // asymmetric-key-pair-with-certs-grouping 1956 } 1958 1960 3. Security Considerations 1962 3.1. Support for Algorithms 1964 In order to use YANG identities for algorithm identifiers, only the 1965 most commonly used RSA key lengths are supported for the RSA 1966 algorithm. Additional key lengths can be defined in another module 1967 or added into a future version of this document. 1969 This document limits the number of elliptical curves supported. This 1970 was done to match industry trends and IETF best practice (e.g., 1971 matching work being done in TLS 1.3). If additional algorithms are 1972 needed, they can be defined by another module or added into a future 1973 version of this document. 1975 3.2. No Support for CRMF 1977 This document uses PKCS #10 [RFC2986] for the "generate-certificate- 1978 signing-request" action. The use of Certificate Request Message 1979 Format (CRMF) [RFC4211] was considered, but is was unclear if there 1980 was market demand for it. If it is desired to support CRMF in the 1981 future, a backwards compatible solution can be defined at that time. 1983 3.3. Access to Data Nodes 1985 The YANG module in this document defines "grouping" statements that 1986 are designed to be accessed via YANG based management protocols, such 1987 as NETCONF [RFC6241] and RESTCONF [RFC8040]. Both of these protocols 1988 have mandatory-to-implement secure transport layers (e.g., SSH, TLS) 1989 with mutual authentication. 1991 The NETCONF access control model (NACM) [RFC8341] provides the means 1992 to restrict access for particular users to a pre-configured subset of 1993 all available protocol operations and content. 1995 Since the module in this document only define groupings, these 1996 considerations are primarily for the designers of other modules that 1997 use these groupings. 1999 There are a number of data nodes defined by the grouping statements 2000 that are writable/creatable/deletable (i.e., config true, which is 2001 the default). Some of these data nodes may be considered sensitive 2002 or vulnerable in some network environments. Write operations (e.g., 2003 edit-config) to these data nodes without proper protection can have a 2004 negative effect on network operations. These are the subtrees and 2005 data nodes and their sensitivity/vulnerability: 2007 *: All of the data nodes defined by all the groupings are 2008 considered sensitive to write operations. For instance, the 2009 modification of a public key or a certificate can dramatically 2010 alter the implemented security policy. For this reason, the 2011 NACM extension "default-deny-write" has been applied to all the 2012 data nodes defined by all the groupings. 2014 Some of the readable data nodes in the YANG module may be considered 2015 sensitive or vulnerable in some network environments. It is thus 2016 important to control read access (e.g., via get, get-config, or 2017 notification) to these data nodes. These are the subtrees and data 2018 nodes and their sensitivity/vulnerability: 2020 /private-key: The "private-key" node defined in the "asymmetric- 2021 key-pair-grouping" grouping is additionally sensitive to read 2022 operations such that, in normal use cases, it should never be 2023 returned to a client. For this reason, the NACM extension 2024 "default-deny-all" has been applied to it here. 2026 Some of the operations in this YANG module may be considered 2027 sensitive or vulnerable in some network environments. It is thus 2028 important to control access to these operations. These are the 2029 operations and their sensitivity/vulnerability: 2031 *: All of the "action" statements defined by groupings SHOULD only 2032 be executed by authorized users. For this reason, the NACM 2033 extension "default-deny-all" has been applied to all of them. 2034 Note that NACM uses "default-deny-all" to protect "RPC" and 2035 "action" statements; it does not define, e.g., an extension 2036 called "default-deny-execute". 2038 generate-certificate-signing-request: For this action, it is 2039 RECOMMENDED that implementations assert channel binding 2040 [RFC5056], so as to ensure that the application layer that sent 2041 the request is the same as the device authenticated when the 2042 secure transport layer was established. 2044 4. IANA Considerations 2046 4.1. The IETF XML Registry 2048 This document registers one URI in the "ns" subregistry of the IETF 2049 XML Registry [RFC3688]. Following the format in [RFC3688], the 2050 following registration is requested: 2052 URI: urn:ietf:params:xml:ns:yang:ietf-crypto-types 2053 Registrant Contact: The NETCONF WG of the IETF. 2054 XML: N/A, the requested URI is an XML namespace. 2056 4.2. The YANG Module Names Registry 2058 This document registers one YANG module in the YANG Module Names 2059 registry [RFC6020]. Following the format in [RFC6020], the the 2060 following registration is requested: 2062 name: ietf-crypto-types 2063 namespace: urn:ietf:params:xml:ns:yang:ietf-crypto-types 2064 prefix: ct 2065 reference: RFC XXXX 2067 5. References 2069 5.1. Normative References 2071 [ITU.X690.2015] 2072 International Telecommunication Union, "Information 2073 Technology - ASN.1 encoding rules: Specification of Basic 2074 Encoding Rules (BER), Canonical Encoding Rules (CER) and 2075 Distinguished Encoding Rules (DER)", ITU-T Recommendation 2076 X.690, ISO/IEC 8825-1, August 2015, 2077 . 2079 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 2080 Requirement Levels", BCP 14, RFC 2119, 2081 DOI 10.17487/RFC2119, March 1997, 2082 . 2084 [RFC2404] Madson, C. and R. Glenn, "The Use of HMAC-SHA-1-96 within 2085 ESP and AH", RFC 2404, DOI 10.17487/RFC2404, November 2086 1998, . 2088 [RFC3565] Schaad, J., "Use of the Advanced Encryption Standard (AES) 2089 Encryption Algorithm in Cryptographic Message Syntax 2090 (CMS)", RFC 3565, DOI 10.17487/RFC3565, July 2003, 2091 . 2093 [RFC3686] Housley, R., "Using Advanced Encryption Standard (AES) 2094 Counter Mode With IPsec Encapsulating Security Payload 2095 (ESP)", RFC 3686, DOI 10.17487/RFC3686, January 2004, 2096 . 2098 [RFC4106] Viega, J. and D. McGrew, "The Use of Galois/Counter Mode 2099 (GCM) in IPsec Encapsulating Security Payload (ESP)", 2100 RFC 4106, DOI 10.17487/RFC4106, June 2005, 2101 . 2103 [RFC4253] Ylonen, T. and C. Lonvick, Ed., "The Secure Shell (SSH) 2104 Transport Layer Protocol", RFC 4253, DOI 10.17487/RFC4253, 2105 January 2006, . 2107 [RFC4279] Eronen, P., Ed. and H. Tschofenig, Ed., "Pre-Shared Key 2108 Ciphersuites for Transport Layer Security (TLS)", 2109 RFC 4279, DOI 10.17487/RFC4279, December 2005, 2110 . 2112 [RFC4309] Housley, R., "Using Advanced Encryption Standard (AES) CCM 2113 Mode with IPsec Encapsulating Security Payload (ESP)", 2114 RFC 4309, DOI 10.17487/RFC4309, December 2005, 2115 . 2117 [RFC4494] Song, JH., Poovendran, R., and J. Lee, "The AES-CMAC-96 2118 Algorithm and Its Use with IPsec", RFC 4494, 2119 DOI 10.17487/RFC4494, June 2006, 2120 . 2122 [RFC4543] McGrew, D. and J. Viega, "The Use of Galois Message 2123 Authentication Code (GMAC) in IPsec ESP and AH", RFC 4543, 2124 DOI 10.17487/RFC4543, May 2006, 2125 . 2127 [RFC4868] Kelly, S. and S. Frankel, "Using HMAC-SHA-256, HMAC-SHA- 2128 384, and HMAC-SHA-512 with IPsec", RFC 4868, 2129 DOI 10.17487/RFC4868, May 2007, 2130 . 2132 [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., 2133 Housley, R., and W. Polk, "Internet X.509 Public Key 2134 Infrastructure Certificate and Certificate Revocation List 2135 (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, 2136 . 2138 [RFC5652] Housley, R., "Cryptographic Message Syntax (CMS)", STD 70, 2139 RFC 5652, DOI 10.17487/RFC5652, September 2009, 2140 . 2142 [RFC5656] Stebila, D. and J. Green, "Elliptic Curve Algorithm 2143 Integration in the Secure Shell Transport Layer", 2144 RFC 5656, DOI 10.17487/RFC5656, December 2009, 2145 . 2147 [RFC6187] Igoe, K. and D. Stebila, "X.509v3 Certificates for Secure 2148 Shell Authentication", RFC 6187, DOI 10.17487/RFC6187, 2149 March 2011, . 2151 [RFC6991] Schoenwaelder, J., Ed., "Common YANG Data Types", 2152 RFC 6991, DOI 10.17487/RFC6991, July 2013, 2153 . 2155 [RFC7919] Gillmor, D., "Negotiated Finite Field Diffie-Hellman 2156 Ephemeral Parameters for Transport Layer Security (TLS)", 2157 RFC 7919, DOI 10.17487/RFC7919, August 2016, 2158 . 2160 [RFC7950] Bjorklund, M., Ed., "The YANG 1.1 Data Modeling Language", 2161 RFC 7950, DOI 10.17487/RFC7950, August 2016, 2162 . 2164 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2165 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2166 May 2017, . 2168 [RFC8268] Baushke, M., "More Modular Exponentiation (MODP) Diffie- 2169 Hellman (DH) Key Exchange (KEX) Groups for Secure Shell 2170 (SSH)", RFC 8268, DOI 10.17487/RFC8268, December 2017, 2171 . 2173 [RFC8332] Bider, D., "Use of RSA Keys with SHA-256 and SHA-512 in 2174 the Secure Shell (SSH) Protocol", RFC 8332, 2175 DOI 10.17487/RFC8332, March 2018, 2176 . 2178 [RFC8341] Bierman, A. and M. Bjorklund, "Network Configuration 2179 Access Control Model", STD 91, RFC 8341, 2180 DOI 10.17487/RFC8341, March 2018, 2181 . 2183 [RFC8422] Nir, Y., Josefsson, S., and M. Pegourie-Gonnard, "Elliptic 2184 Curve Cryptography (ECC) Cipher Suites for Transport Layer 2185 Security (TLS) Versions 1.2 and Earlier", RFC 8422, 2186 DOI 10.17487/RFC8422, August 2018, 2187 . 2189 [RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol 2190 Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, 2191 . 2193 5.2. Informative References 2195 [RFC2986] Nystrom, M. and B. Kaliski, "PKCS #10: Certification 2196 Request Syntax Specification Version 1.7", RFC 2986, 2197 DOI 10.17487/RFC2986, November 2000, 2198 . 2200 [RFC3174] Eastlake 3rd, D. and P. Jones, "US Secure Hash Algorithm 1 2201 (SHA1)", RFC 3174, DOI 10.17487/RFC3174, September 2001, 2202 . 2204 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, 2205 DOI 10.17487/RFC3688, January 2004, 2206 . 2208 [RFC4211] Schaad, J., "Internet X.509 Public Key Infrastructure 2209 Certificate Request Message Format (CRMF)", RFC 4211, 2210 DOI 10.17487/RFC4211, September 2005, 2211 . 2213 [RFC4493] Song, JH., Poovendran, R., Lee, J., and T. Iwata, "The 2214 AES-CMAC Algorithm", RFC 4493, DOI 10.17487/RFC4493, June 2215 2006, . 2217 [RFC5056] Williams, N., "On the Use of Channel Bindings to Secure 2218 Channels", RFC 5056, DOI 10.17487/RFC5056, November 2007, 2219 . 2221 [RFC5915] Turner, S. and D. Brown, "Elliptic Curve Private Key 2222 Structure", RFC 5915, DOI 10.17487/RFC5915, June 2010, 2223 . 2225 [RFC6020] Bjorklund, M., Ed., "YANG - A Data Modeling Language for 2226 the Network Configuration Protocol (NETCONF)", RFC 6020, 2227 DOI 10.17487/RFC6020, October 2010, 2228 . 2230 [RFC6125] Saint-Andre, P. and J. Hodges, "Representation and 2231 Verification of Domain-Based Application Service Identity 2232 within Internet Public Key Infrastructure Using X.509 2233 (PKIX) Certificates in the Context of Transport Layer 2234 Security (TLS)", RFC 6125, DOI 10.17487/RFC6125, March 2235 2011, . 2237 [RFC6234] Eastlake 3rd, D. and T. Hansen, "US Secure Hash Algorithms 2238 (SHA and SHA-based HMAC and HKDF)", RFC 6234, 2239 DOI 10.17487/RFC6234, May 2011, 2240 . 2242 [RFC6239] Igoe, K., "Suite B Cryptographic Suites for Secure Shell 2243 (SSH)", RFC 6239, DOI 10.17487/RFC6239, May 2011, 2244 . 2246 [RFC6241] Enns, R., Ed., Bjorklund, M., Ed., Schoenwaelder, J., Ed., 2247 and A. Bierman, Ed., "Network Configuration Protocol 2248 (NETCONF)", RFC 6241, DOI 10.17487/RFC6241, June 2011, 2249 . 2251 [RFC6507] Groves, M., "Elliptic Curve-Based Certificateless 2252 Signatures for Identity-Based Encryption (ECCSI)", 2253 RFC 6507, DOI 10.17487/RFC6507, February 2012, 2254 . 2256 [RFC8017] Moriarty, K., Ed., Kaliski, B., Jonsson, J., and A. Rusch, 2257 "PKCS #1: RSA Cryptography Specifications Version 2.2", 2258 RFC 8017, DOI 10.17487/RFC8017, November 2016, 2259 . 2261 [RFC8032] Josefsson, S. and I. Liusvaara, "Edwards-Curve Digital 2262 Signature Algorithm (EdDSA)", RFC 8032, 2263 DOI 10.17487/RFC8032, January 2017, 2264 . 2266 [RFC8040] Bierman, A., Bjorklund, M., and K. Watsen, "RESTCONF 2267 Protocol", RFC 8040, DOI 10.17487/RFC8040, January 2017, 2268 . 2270 [RFC8340] Bjorklund, M. and L. Berger, Ed., "YANG Tree Diagrams", 2271 BCP 215, RFC 8340, DOI 10.17487/RFC8340, March 2018, 2272 . 2274 [RFC8439] Nir, Y. and A. Langley, "ChaCha20 and Poly1305 for IETF 2275 Protocols", RFC 8439, DOI 10.17487/RFC8439, June 2018, 2276 . 2278 Appendix A. Examples 2280 A.1. The "asymmetric-key-pair-with-certs-grouping" Grouping 2282 The following example module has been constructed to illustrate use 2283 of the "asymmetric-key-pair-with-certs-grouping" grouping defined in 2284 the "ietf-crypto-types" module. 2286 Note that the "asymmetric-key-pair-with-certs-grouping" grouping uses 2287 both the "asymmetric-key-pair-grouping" and "end-entity-cert- 2288 grouping" groupings, and that the "asymmetric-key-pair-grouping" 2289 grouping uses the "public-key-grouping" grouping. Thus, a total of 2290 four of the five groupings defined in the "ietf-crypto-types" module 2291 are illustrated through the use of this one grouping. The only 2292 grouping not represented is the "trust-anchor-cert-grouping" 2293 grouping. 2295 module ex-crypto-types-usage { 2296 yang-version 1.1; 2298 namespace "http://example.com/ns/example-crypto-types-usage"; 2299 prefix "ectu"; 2301 import ietf-crypto-types { 2302 prefix ct; 2303 reference 2304 "RFC XXXX: Common YANG Data Types for Cryptography"; 2305 } 2307 organization 2308 "Example Corporation"; 2310 contact 2311 "Author: YANG Designer "; 2313 description 2314 "This module illustrates the grouping 2315 defined in the crypto-types draft called 2316 'asymmetric-key-pair-with-certs-grouping'."; 2318 revision "1001-01-01" { 2319 description 2320 "Initial version"; 2321 reference 2322 "RFC ????: Usage Example for RFC XXXX"; 2323 } 2325 container keys { 2326 description 2327 "A container of keys."; 2328 list key { 2329 key name; 2330 leaf name { 2331 type string; 2332 description 2333 "An arbitrary name for this key."; 2334 } 2335 uses ct:asymmetric-key-pair-with-certs-grouping; 2336 description 2337 "An asymmetric key pair with associated certificates."; 2338 } 2339 } 2340 } 2341 Given the above example usage module, the following example 2342 illustrates some configured keys. 2344 2345 2346 ex-key 2347 2349 ct:rsa2048 2350 2351 base64encodedvalue== 2352 base64encodedvalue== 2353 2354 2355 ex-cert 2356 base64encodedvalue== 2357 2358 2359 2360 2361 ex-hidden-key 2362 2364 ct:rsa2048 2365 2366 base64encodedvalue== 2367 2368 2369 2370 ex-hidden-key-cert 2371 base64encodedvalue== 2372 2373 2374 2375 2377 A.2. The "generate-certificate-signing-request" Action 2379 The following example illustrates the "generate-certificate-signing- 2380 request" action in use with the NETCONF protocol. 2382 REQUEST 2384 2386 2387 2388 2389 ex-key-sect571r1 2390 2391 base64encodedvalue== 2392 base64encodedvalue== 2393 2394 2395 2396 2397 2399 RESPONSE 2401 2403 2405 base64encodedvalue== 2406 2407 2409 A.3. The "certificate-expiration" Notification 2411 The following example illustrates the "certificate-expiration" 2412 notification in use with the NETCONF protocol. 2414 2416 2018-05-25T00:01:00Z 2417 2418 2419 locally-defined key 2420 2421 2422 my-cert 2423 2424 2425 2018-08-05T14:18:53-05:00 2426 2427 2428 2429 2430 2431 2432 2434 Appendix B. Change Log 2436 B.1. I-D to 00 2438 o Removed groupings and notifications. 2440 o Added typedefs for identityrefs. 2442 o Added typedefs for other RFC 5280 structures. 2444 o Added typedefs for other RFC 5652 structures. 2446 o Added convenience typedefs for RFC 4253, RFC 5280, and RFC 5652. 2448 B.2. 00 to 01 2450 o Moved groupings from the draft-ietf-netconf-keystore here. 2452 B.3. 01 to 02 2454 o Removed unwanted "mandatory" and "must" statements. 2456 o Added many new crypto algorithms (thanks Haiguang!) 2458 o Clarified in asymmetric-key-pair-with-certs-grouping, in 2459 certificates/certificate/name/description, that if the name MUST 2460 NOT match the name of a certificate that exists independently in 2461 , enabling certs installed by the manufacturer (e.g., 2462 an IDevID). 2464 B.4. 02 to 03 2466 o renamed base identity 'asymmetric-key-encryption-algorithm' to 2467 'asymmetric-key-algorithm'. 2469 o added new 'asymmetric-key-algorithm' identities for secp192r1, 2470 secp224r1, secp256r1, secp384r1, and secp521r1. 2472 o removed 'mac-algorithm' identities for mac-aes-128-ccm, mac-aes- 2473 192-ccm, mac-aes-256-ccm, mac-aes-128-gcm, mac-aes-192-gcm, mac- 2474 aes-256-gcm, and mac-chacha20-poly1305. 2476 o for all -cbc and -ctr identities, renamed base identity 2477 'symmetric-key-encryption-algorithm' to 'encryption-algorithm'. 2479 o for all -ccm and -gcm identities, renamed base identity 2480 'symmetric-key-encryption-algorithm' to 'encryption-and-mac- 2481 algorithm' and renamed the identity to remove the "enc-" prefix. 2483 o for all the 'signature-algorithm' based identities, renamed from 2484 'rsa-*' to 'rsassa-*'. 2486 o removed all of the "x509v3-" prefixed 'signature-algorithm' based 2487 identities. 2489 o added 'key-exchange-algorithm' based identities for 'rsaes-oaep' 2490 and 'rsaes-pkcs1-v1_5'. 2492 o renamed typedef 'symmetric-key-encryption-algorithm-ref' to 2493 'symmetric-key-algorithm-ref'. 2495 o renamed typedef 'asymmetric-key-encryption-algorithm-ref' to 2496 'asymmetric-key-algorithm-ref'. 2498 o added typedef 'encryption-and-mac-algorithm-ref'. 2500 o Updated copyright date, boilerplate template, affiliation, and 2501 folding algorithm. 2503 B.5. 03 to 04 2505 o ran YANG module through formatter. 2507 B.6. 04 to 05 2509 o fixed broken symlink causing reformatted YANG module to not show. 2511 B.7. 05 to 06 2513 o Added NACM annotations. 2515 o Updated Security Considerations section. 2517 o Added 'asymmetric-key-pair-with-cert-grouping' grouping. 2519 o Removed text from 'permanently-hidden' enum regarding such keys 2520 not being backed up or restored. 2522 o Updated the boilerplate text in module-level "description" 2523 statement to match copyeditor convention. 2525 o Added an explanation to the 'public-key-grouping' and 'asymmetric- 2526 key-pair-grouping' statements as for why the nodes are not 2527 mandatory (e.g., because they may exist only in . 2529 o Added 'must' expressions to the 'public-key-grouping' and 2530 'asymmetric-key-pair-grouping' statements ensuring sibling nodes 2531 are either all exist or do not all exist. 2533 o Added an explanation to the 'permanently-hidden' that the value 2534 cannot be configured directly by clients and servers MUST fail any 2535 attempt to do so. 2537 o Added 'trust-anchor-certs-grouping' and 'end-entity-certs- 2538 grouping' (the plural form of existing groupings). 2540 o Now states that keys created in by the *-hidden-key 2541 actions are bound to the lifetime of the parent 'config true' 2542 node, and that subsequent invocations of either action results in 2543 a failure. 2545 B.8. 06 to 07 2547 o Added clarifications that implementations SHOULD assert that 2548 configured certificates contain the matching public key. 2550 o Replaced the 'generate-hidden-key' and 'install-hidden-key' 2551 actions with special 'crypt-hash' -like input/output values. 2553 B.9. 07 to 08 2555 o Removed the 'generate-key and 'hidden-key' features. 2557 o Added grouping symmetric-key-grouping 2559 o Modified 'asymmetric-key-pair-grouping' to have a 'choice' 2560 statement for the keystone module to augment into, as well as 2561 replacing the 'union' with leafs (having different NACM settings. 2563 Acknowledgements 2565 The authors would like to thank for following for lively discussions 2566 on list and in the halls (ordered by last name): Martin Bjorklund, 2567 Nick Hancock, Balazs Kovacs, Juergen Schoenwaelder, Eric Voit, and 2568 Liang Xia. 2570 Authors' Addresses 2572 Kent Watsen 2573 Watsen Networks 2575 EMail: kent+ietf@watsen.net 2577 Wang Haiguang 2578 Huawei 2580 EMail: wang.haiguang.shieldlab@huawei.com