module aaa-encrypt-service-config { yang-version 1; namespace "config:aaa:authn:encrypt:service:config"; prefix "aaa-encrypt-service-config"; organization "OpenDayLight"; contact "melserngawy@inocybe.ca"; revision 2024-02-02 { description "Added configuration options for authentication tag length and IV length in GCM mode."; } revision 2016-09-15 { description "Initial revision."; } grouping encrypt-service-preferences { leaf encrypt-method { description "The encryption method to use"; type string; default PBKDF2WithHmacSHA1; } leaf encrypt-type { description "The encryption type"; type string; default AES; } leaf encrypt-iteration-count { description "Number of iterations that will be used by the key"; // FIXME: uint32 type int32; default 32768; } leaf encrypt-key-length { description "Key length"; // FIXME: uint32 type int32; default 128; } leaf auth-tag-length { description "Length of the authentication tag for GCM mode in bits. Supported values are 32, 64, 96, 104, 112, 120, 128"; type int32; default 128; } leaf cipher-transforms { description "cipher transformation type ex: AES/GCM/NoPadding (128)"; type string; default "AES/GCM/NoPadding"; } } grouping encrypt-service-secrets { leaf encrypt-key { description "Encryption key"; type string; mandatory true; } leaf encrypt-salt { description "Encryption key salt"; type binary { length 1..max; } mandatory true; } } grouping encrypt-service-config { uses encrypt-service-secrets; uses encrypt-service-preferences; } grouping encrypt-service-generator-config { leaf password-length { description "Encryption key password length"; // FIXME: uint16, really, with a minimum of .. 8? type int32; default 12; } uses encrypt-service-preferences; } container aaa-encrypt-service-config { uses encrypt-service-generator-config; leaf encrypt-key { description "Encryption key"; type string; } leaf encrypt-salt { description "Encryption key salt"; type string; } } }