Skip to content

Commit cf89817

Browse files
michalvaskomichalvasko
committed
session UPDATE use current draft YANG modules
1 parent b329fef commit cf89817

22 files changed

+569
-489
lines changed

modules/[email protected] renamed to modules/[email protected]

Lines changed: 26 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -48,7 +48,7 @@ module ietf-crypto-types {
4848
(RFC 8174) when, and only when, they appear in all
4949
capitals, as shown here.";
5050

51-
revision 2023-04-17 {
51+
revision 2023-12-28 {
5252
description
5353
"Initial version";
5454
reference
@@ -94,6 +94,7 @@ module ietf-crypto-types {
9494
"Indicates that the server supports the
9595
'cms-encrypted-data-format' identity.";
9696
}
97+
9798
feature p10-csr-format {
9899
description
99100
"Indicates that the server implements support
@@ -286,6 +287,7 @@ module ietf-crypto-types {
286287
scope of this specification. This is also true when
287288
the octet string has been encrypted.";
288289
}
290+
289291
identity one-symmetric-key-format {
290292
if-feature "one-symmetric-key-format";
291293
base symmetric-key-format;
@@ -404,6 +406,7 @@ module ietf-crypto-types {
404406
Specification Version 1.7";
405407
}
406408

409+
407410
/***************************************************/
408411
/* Typedefs for ASN.1 structures from RFC 2986 */
409412
/***************************************************/
@@ -827,6 +830,7 @@ module ietf-crypto-types {
827830
type identityref {
828831
base public-key-format;
829832
}
833+
mandatory true;
830834
description
831835
"Identifies the public key's format. Implementations SHOULD
832836
ensure that the incoming public key value is encoded in the
@@ -835,17 +839,16 @@ module ietf-crypto-types {
835839
leaf public-key {
836840
nacm:default-deny-write;
837841
type binary;
842+
mandatory true;
838843
description
839844
"The binary value of the public key. The interpretation
840845
of the value is defined by 'public-key-format' field.";
841846
}
842847
}
843848

844-
grouping asymmetric-key-pair-grouping {
849+
grouping private-key-grouping {
845850
description
846-
"A private key and its associated public key. Implementations
847-
SHOULD ensure that the two keys are a matching pair.";
848-
uses public-key-grouping;
851+
"A private key.";
849852
leaf private-key-format {
850853
nacm:default-deny-write;
851854
type identityref {
@@ -900,6 +903,22 @@ module ietf-crypto-types {
900903
}
901904
}
902905

906+
grouping asymmetric-key-pair-grouping {
907+
description
908+
"A private key and, optionally, its associated public key.
909+
Implementations SHOULD ensure that the two keys, when both
910+
are specified, are a matching pair.";
911+
uses public-key-grouping {
912+
refine public-key-format {
913+
mandatory false;
914+
}
915+
refine public-key {
916+
mandatory false;
917+
}
918+
}
919+
uses private-key-grouping;
920+
}
921+
903922
grouping certificate-expiration-grouping {
904923
description
905924
"A notification for when a certificate is about to, or
@@ -950,6 +969,8 @@ module ietf-crypto-types {
950969
uses certificate-expiration-grouping;
951970
}
952971

972+
973+
953974
grouping generate-csr-grouping {
954975
description
955976
"Defines the 'generate-csr' action.";

modules/[email protected] renamed to modules/[email protected]

Lines changed: 61 additions & 65 deletions
Original file line numberDiff line numberDiff line change
@@ -48,7 +48,7 @@ module ietf-keystore {
4848
(RFC 8174) when, and only when, they appear in all
4949
capitals, as shown here.";
5050

51-
revision 2023-04-17 {
51+
revision 2023-12-28 {
5252
description
5353
"Initial version";
5454
reference
@@ -62,8 +62,8 @@ module ietf-keystore {
6262
feature central-keystore-supported {
6363
description
6464
"The 'central-keystore-supported' feature indicates that
65-
the server supports the keystore (i.e., implements the
66-
'ietf-keystore' module).";
65+
the server supports the central keystore (i.e., fully
66+
implements the 'ietf-keystore' module).";
6767
}
6868

6969
feature inline-definitions-supported {
@@ -96,8 +96,7 @@ module ietf-keystore {
9696
}
9797
description
9898
"This typedef enables modules to easily define a reference
99-
to a symmetric key stored in the keystore, when this
100-
module is implemented.";
99+
to a symmetric key stored in the central keystore.";
101100
}
102101

103102
typedef asymmetric-key-ref {
@@ -107,22 +106,21 @@ module ietf-keystore {
107106
}
108107
description
109108
"This typedef enables modules to easily define a reference
110-
to an asymmetric key stored in the keystore, when this
111-
module is implemented.";
109+
to an asymmetric key stored in the central keystore.";
112110
}
113111

114112
/*****************/
115113
/* Groupings */
116114
/*****************/
117115

118-
grouping encrypted-by-choice-grouping {
116+
grouping encrypted-by-grouping {
119117
description
120118
"A grouping that defines a 'choice' statement that can be
121119
augmented into the 'encrypted-by' node, present in the
122120
'symmetric-key-grouping' and 'asymmetric-key-pair-grouping'
123121
groupings defined in RFC AAAA, enabling references to keys
124-
in the keystore, when this module is implemented.";
125-
choice encrypted-by-choice {
122+
in the central keystore.";
123+
choice encrypted-by {
126124
nacm:default-deny-write;
127125
mandatory true;
128126
description
@@ -150,11 +148,12 @@ module ietf-keystore {
150148
}
151149
}
152150

151+
// *-ref groupings
152+
153153
grouping asymmetric-key-certificate-ref-grouping {
154154
description
155-
"This grouping defines a reference to a specific certificate
156-
associated with an asymmetric key stored in the keystore,
157-
when this module is implemented.";
155+
"Grouping for the reference to a certificate associated
156+
with an asymmetric key stored in the central keystore.";
158157
leaf asymmetric-key {
159158
nacm:default-deny-write;
160159
if-feature "central-keystore-supported";
@@ -182,14 +181,13 @@ module ietf-keystore {
182181

183182
grouping inline-or-keystore-symmetric-key-grouping {
184183
description
185-
"A grouping that expands to allow the symmetric key to be
186-
either stored locally, i.e., within the using data model,
187-
or a reference to a symmetric key stored in the keystore.
188-
189-
Servers that do not 'implement' this module, and hence
190-
'central-keystore-supported' is not defined, SHOULD
191-
augment in custom 'case' statements enabling references
192-
to the alternate keystore locations.";
184+
"A grouping for the configuration of a symmetric key. The
185+
symmetric key may be defined inline or as a reference to
186+
a symmetric key stored in the central keystore.
187+
188+
Servers that do not define the 'central-keystore-supported'
189+
feature SHOULD augment in custom 'case' statements enabling
190+
references to alternate keystore locations.";
193191
choice inline-or-keystore {
194192
nacm:default-deny-write;
195193
mandatory true;
@@ -204,29 +202,28 @@ module ietf-keystore {
204202
uses ct:symmetric-key-grouping;
205203
}
206204
}
207-
case keystore {
205+
case central-keystore {
208206
if-feature "central-keystore-supported";
209207
if-feature "symmetric-keys";
210-
leaf keystore-reference {
208+
leaf central-keystore-reference {
211209
type ks:symmetric-key-ref;
212210
description
213211
"A reference to an symmetric key that exists in
214-
the keystore, when this module is implemented.";
212+
the central keystore.";
215213
}
216214
}
217215
}
218216
}
219217

220218
grouping inline-or-keystore-asymmetric-key-grouping {
221219
description
222-
"A grouping that expands to allow the asymmetric key to be
223-
either stored locally, i.e., within the using data model,
224-
or a reference to an asymmetric key stored in the keystore.
225-
226-
Servers that do not 'implement' this module, and hence
227-
'central-keystore-supported' is not defined, SHOULD
228-
augment in custom 'case' statements enabling references
229-
to the alternate keystore locations.";
220+
"A grouping for the configuration of an asymmetric key. The
221+
asymmetric key may be defined inline or as a reference to
222+
an asymmetric key stored in the central keystore.
223+
224+
Servers that do not define the 'central-keystore-supported'
225+
feature SHOULD augment in custom 'case' statements enabling
226+
references to alternate keystore locations.";
230227
choice inline-or-keystore {
231228
nacm:default-deny-write;
232229
mandatory true;
@@ -241,34 +238,32 @@ module ietf-keystore {
241238
uses ct:asymmetric-key-pair-grouping;
242239
}
243240
}
244-
case keystore {
241+
case central-keystore {
245242
if-feature "central-keystore-supported";
246243
if-feature "asymmetric-keys";
247-
leaf keystore-reference {
244+
leaf central-keystore-reference {
248245
type ks:asymmetric-key-ref;
249246
description
250247
"A reference to an asymmetric key that exists in
251-
the keystore, when this module is implemented. The
252-
intent is to reference just the asymmetric key
253-
without any regard for any certificates that may
254-
be associated with it.";
248+
the central keystore. The intent is to reference
249+
just the asymmetric key without any regard for
250+
any certificates that may be associated with it.";
255251
}
256252
}
257253
}
258254
}
259255

260256
grouping inline-or-keystore-asymmetric-key-with-certs-grouping {
261257
description
262-
"A grouping that expands to allow an asymmetric key and
263-
its associated certificates to be either stored locally,
264-
i.e., within the using data model, or a reference to an
265-
asymmetric key (and its associated certificates) stored
266-
in the keystore.
267-
268-
Servers that do not 'implement' this module, and hence
269-
'central-keystore-supported' is not defined, SHOULD
270-
augment in custom 'case' statements enabling references
271-
to the alternate keystore locations.";
258+
"A grouping for the configuration of an asymmetric key and
259+
its associated certificates. The asymmetric key and its
260+
associated certificates may be defined inline or as a
261+
reference to an asymmetric key (and its associated
262+
certificates) in the central keystore.
263+
264+
Servers that do not define the 'central-keystore-supported'
265+
feature SHOULD augment in custom 'case' statements enabling
266+
references to alternate keystore locations.";
272267
choice inline-or-keystore {
273268
nacm:default-deny-write;
274269
mandatory true;
@@ -283,10 +278,10 @@ module ietf-keystore {
283278
uses ct:asymmetric-key-pair-with-certs-grouping;
284279
}
285280
}
286-
case keystore {
281+
case central-keystore {
287282
if-feature "central-keystore-supported";
288283
if-feature "asymmetric-keys";
289-
leaf keystore-reference {
284+
leaf central-keystore-reference {
290285
type ks:asymmetric-key-ref;
291286
description
292287
"A reference to an asymmetric-key (and all of its
@@ -299,15 +294,15 @@ module ietf-keystore {
299294

300295
grouping inline-or-keystore-end-entity-cert-with-key-grouping {
301296
description
302-
"A grouping that expands to allow an end-entity certificate
303-
(and its associated asymmetric key pair) to be either stored
304-
locally, i.e., within the using data model, or a reference
305-
to a specific certificate in the keystore.
306-
307-
Servers that do not 'implement' this module, and hence
308-
'central-keystore-supported' is not defined, SHOULD
309-
augment in custom 'case' statements enabling references
310-
to the alternate keystore locations.";
297+
"A grouping for the configuration of an asymmetric key and
298+
its associated end-entity certificate. The asymmetric key
299+
and its associated end-entity certificate may be defined
300+
inline or as a reference to an asymmetric key (and its
301+
associated end-entity certificate) in the central keystore.
302+
303+
Servers that do not define the 'central-keystore-supported'
304+
feature SHOULD augment in custom 'case' statements enabling
305+
references to alternate keystore locations.";
311306
choice inline-or-keystore {
312307
nacm:default-deny-write;
313308
mandatory true;
@@ -322,20 +317,21 @@ module ietf-keystore {
322317
uses ct:asymmetric-key-pair-with-cert-grouping;
323318
}
324319
}
325-
case keystore {
320+
case central-keystore {
326321
if-feature "central-keystore-supported";
327322
if-feature "asymmetric-keys";
328-
container keystore-reference {
323+
container central-keystore-reference {
329324
uses asymmetric-key-certificate-ref-grouping;
330325
description
331326
"A reference to a specific certificate associated with
332-
an asymmetric key stored in the keystore, when this
333-
module is implemented.";
327+
an asymmetric key stored in the central keystore.";
334328
}
335329
}
336330
}
337331
}
338332

333+
// the keystore grouping
334+
339335
grouping keystore-grouping {
340336
description
341337
"Grouping definition enables use in other contexts. If ever
@@ -395,7 +391,7 @@ module ietf-keystore {
395391
"Augments in a choice statement enabling the encrypting
396392
key to be any other symmetric or asymmetric key in the
397393
central keystore.";
398-
uses encrypted-by-choice-grouping;
394+
uses encrypted-by-grouping;
399395
}
400396
augment "asymmetric-keys/asymmetric-key/private-key-type/"
401397
+ "encrypted-private-key/encrypted-private-key/"
@@ -404,7 +400,7 @@ module ietf-keystore {
404400
"Augments in a choice statement enabling the encrypting
405401
key to be any other symmetric or asymmetric key in the
406402
central keystore.";
407-
uses encrypted-by-choice-grouping;
403+
uses encrypted-by-grouping;
408404
}
409405
}
410406
}

0 commit comments

Comments
 (0)