| module iana-crypt-hash { |
| namespace "urn:ietf:params:xml:ns:yang:iana-crypt-hash"; |
| prefix ianach; |
| |
| organization "IANA"; |
| contact |
| " Internet Assigned Numbers Authority |
| |
| Postal: ICANN |
| 4676 Admiralty Way, Suite 330 |
| Marina del Rey, CA 90292 |
| |
| Tel: +1 310 823 9358 |
| E-Mail: iana&iana.org"; |
| description |
| "This YANG module defines a typedef for storing passwords |
| using a hash function, and features to indicate which hash |
| functions are supported by an implementation. |
| |
| The latest revision of this YANG module can be obtained from |
| the IANA web site. |
| |
| Requests for new values should be made to IANA via |
| email (iana&iana.org). |
| |
| Copyright (c) 2014 IETF Trust and the persons identified as |
| authors of the code. All rights reserved. |
| |
| Redistribution and use in source and binary forms, with or |
| without modification, is permitted pursuant to, and subject |
| to the license terms contained in, the Simplified BSD License |
| set forth in Section 4.c of the IETF Trust's Legal Provisions |
| Relating to IETF Documents |
| (http://trustee.ietf.org/license-info). |
| |
| The initial version of this YANG module is part of RFC XXXX; |
| see the RFC itself for full legal notices."; |
| // RFC Ed.: replace XXXX with actual RFC number and remove this |
| // note. |
| |
| // RFC Ed.: update the date below with the date of RFC publication |
| // and remove this note. |
| revision 2014-04-04 { |
| description |
| "Initial revision."; |
| reference |
| "RFC XXXX: A YANG Data Model for System Management"; |
| } |
| |
| typedef crypt-hash { |
| type string { |
| pattern |
| '$0$.*' |
| + '|$1$[a-zA-Z0-9./]{1,8}$[a-zA-Z0-9./]{22}' |
| + '|$5$(rounds=\d+$)?[a-zA-Z0-9./]{1,16}$[a-zA-Z0-9./]{43}' |
| + '|$6$(rounds=\d+$)?[a-zA-Z0-9./]{1,16}$[a-zA-Z0-9./]{86}'; |
| } |
| description |
| "The crypt-hash type is used to store passwords using |
| a hash function. The algorithms for applying the hash |
| function and encoding the result are implemented in |
| various UNIX systems as the function crypt(3). |
| |
| A value of this type matches one of the forms: |
| |
| $0$<clear text password> |
| $<id>$<salt>$<password hash> |
| $<id>$<parameter>$<salt>$<password hash> |
| |
| The '$0$' prefix signals that the value is clear text. When |
| such a value is received by the server, a hash value is |
| calculated, and the string '$<id>$<salt>$' or |
| $<id>$<parameter>$<salt>$ is prepended to the result. This |
| value is stored in the configuration data store. |
| |
| If a value starting with '$<id>$', where <id> is not '0', is |
| received, the server knows that the value already represents a |
| hashed value, and stores it as is in the data store. |
| |
| When a server needs to verify a password given by a user, it |
| finds the stored password hash string for that user, extracts |
| the salt, and calculates the hash with the salt and given |
| password as input. If the calculated hash value is the same |
| as the stored value, the password given by the client is |
| accepted. |
| |
| This type defines the following hash functions: |
| |
| id | hash function | feature |
| ---+---------------+------------------- |
| 1 | MD5 | crypt-hash-md5 |
| 5 | SHA-256 | crypt-hash-sha-256 |
| 6 | SHA-512 | crypt-hash-sha-512 |
| |
| The server indicates support for the different hash functions |
| by advertising the corresponding feature."; |
| reference |
| "IEEE Std 1003.1-2008 - crypt() function |
| RFC 1321: The MD5 Message-Digest Algorithm |
| FIPS.180-3.2008: Secure Hash Standard"; |
| } |
| |
| feature crypt-hash-md5 { |
| description |
| "Indicates that the device supports the MD5 |
| hash function in 'crypt-hash' values"; |
| reference "RFC 1321: The MD5 Message-Digest Algorithm"; |
| } |
| |
| feature crypt-hash-sha-256 { |
| description |
| "Indicates that the device supports the SHA-256 |
| hash function in 'crypt-hash' values"; |
| reference "FIPS.180-3.2008: Secure Hash Standard"; |
| } |
| |
| feature crypt-hash-sha-512 { |
| description |
| "Indicates that the device supports the SHA-512 |
| hash function in 'crypt-hash' values"; |
| reference "FIPS.180-3.2008: Secure Hash Standard"; |
| } |
| |
| } |