module openconfig-keychain-types {
  yang-version 1;
  namespace "http://openconfig.net/yang/oc-keychain-types";
  prefix oc-keychain-types;

  import openconfig-extensions {
    prefix oc-ext;
  }

  organization
    "OpenConfig working group";
  contact
    "OpenConfig working group
     www.openconfig.net";
  description
    "This module contains general data definitions for use in
     keychain-based authentication.";

  revision 2022-03-01 {
    description
      "Remove NONE identity from AUTH_TYPE";
    reference
      "0.2.0";
  }
  revision 2021-10-01 {
    description
      "Initial revision of types for keychain model";
    reference
      "0.1.0";
  }

  oc-ext:openconfig-version "0.2.0";

  identity AUTH_TYPE {
    description
      "Base identify to define the type of authentication";
  }

  identity SIMPLE_KEY {
    base AUTH_TYPE;
    description
      "Authentication is provided via a simple authentication key. The
       key is configured at each end, and the exchange of the key may be
       encrypted or not";
  }

  identity KEYCHAIN {
    base AUTH_TYPE;
    description
      "This identity indicates that the authentication is selected
       from a keychain.";
  }

  identity CRYPTO_TYPE {
    description
      "Base identify for the cryptographic algorithm";
  }

  identity CRYPTO_NONE {
    base CRYPTO_TYPE;
    description
      "No encryption is used";
  }

  identity MD5 {
    base CRYPTO_TYPE;
    description
      "MD5 message-digest algorithm produces a 128-bit hash value.";
    reference
      "RFC 1321 - The MD5 Message-Digest Algorithm";
  }

  identity HMAC_MD5 {
    base CRYPTO_TYPE;
    description
      "HMAC-MD5 keyed hash algorithm constructed from MD5 hash
       function and used as a HMAC.";
    reference
      "RFC 2104 - HMAC: Keyed-Hashing for Message Authentication";
  }

  identity SHA_1 {
    base CRYPTO_TYPE;
    description
      "SHA-1 cryptographic hash function that produces a 160-bit hash value.";
    reference
      "RFC 3174 - US Secure Hash Algorithm 1 (SHA1)";
  }

  identity HMAC_SHA_1 {
    base CRYPTO_TYPE;
    description
      "HMAC-SHA-1 keyed hash algorithm constructed from SHA-1 hash
       function and used as a HMAC.";
  }

  identity HMAC_SHA_1_12 {
    base CRYPTO_TYPE;
    description
      "HMAC-SHA-1-12 algorithm";
  }

  identity HMAC_SHA_1_20 {
    base CRYPTO_TYPE;
    description
      "HMAC-SHA-1-20 algorithm";
  }

  identity HMAC_SHA_1_96 {
    base CRYPTO_TYPE;
    description
      "HMAC-SHA-1-96 keyed hash algorithm constructed from SHA-1 hash
       function and used as a HMAC, operating on 64-byte blocks of data.";
    reference
      "RFC 2404 - The Use of HMAC-SHA-1-96 within ESP and AH";
  }

  identity HMAC_SHA_256 {
    base CRYPTO_TYPE;
    description
      "HMAC-SHA-256 keyed hash algorithm constructed from the secure
       SHA-256 hash function and used as a HMAC.";
    reference
      "RFC 6234 - US Secure Hash Algorithms (SHA and SHA-based
       HMAC and HKDF)";
  }

  identity AES_28_CMAC_96 {
    base CRYPTO_TYPE;
    description
      "AES-128-CMAC-96 keyed hash function based on a AES-128 block
       cipher.";
    reference
      "RFC 4494 - The AES-CMAC-96 Algorithm and Its Use with IPsec";
  }
}