| roman | c1d2b09 | 2023-02-02 08:58:27 +0100 | [diff] [blame] | 1 | module iana-crypt-hash { |
| 2 | namespace "urn:ietf:params:xml:ns:yang:iana-crypt-hash"; |
| 3 | prefix ianach; |
| 4 | |
| 5 | organization "IANA"; |
| 6 | contact |
| 7 | " Internet Assigned Numbers Authority |
| 8 | |
| 9 | Postal: ICANN |
| 10 | 4676 Admiralty Way, Suite 330 |
| 11 | Marina del Rey, CA 90292 |
| 12 | |
| 13 | Tel: +1 310 823 9358 |
| 14 | E-Mail: iana&iana.org"; |
| 15 | description |
| 16 | "This YANG module defines a typedef for storing passwords |
| 17 | using a hash function, and features to indicate which hash |
| 18 | functions are supported by an implementation. |
| 19 | |
| 20 | The latest revision of this YANG module can be obtained from |
| 21 | the IANA web site. |
| 22 | |
| 23 | Requests for new values should be made to IANA via |
| 24 | email (iana&iana.org). |
| 25 | |
| 26 | Copyright (c) 2014 IETF Trust and the persons identified as |
| 27 | authors of the code. All rights reserved. |
| 28 | |
| 29 | Redistribution and use in source and binary forms, with or |
| 30 | without modification, is permitted pursuant to, and subject |
| 31 | to the license terms contained in, the Simplified BSD License |
| 32 | set forth in Section 4.c of the IETF Trust's Legal Provisions |
| 33 | Relating to IETF Documents |
| 34 | (http://trustee.ietf.org/license-info). |
| 35 | |
| 36 | The initial version of this YANG module is part of RFC XXXX; |
| 37 | see the RFC itself for full legal notices."; |
| 38 | // RFC Ed.: replace XXXX with actual RFC number and remove this |
| 39 | // note. |
| 40 | |
| 41 | // RFC Ed.: update the date below with the date of RFC publication |
| 42 | // and remove this note. |
| 43 | revision 2014-04-04 { |
| 44 | description |
| 45 | "Initial revision."; |
| 46 | reference |
| 47 | "RFC XXXX: A YANG Data Model for System Management"; |
| 48 | } |
| 49 | |
| 50 | typedef crypt-hash { |
| 51 | type string { |
| 52 | pattern |
| 53 | '$0$.*' |
| 54 | + '|$1$[a-zA-Z0-9./]{1,8}$[a-zA-Z0-9./]{22}' |
| 55 | + '|$5$(rounds=\d+$)?[a-zA-Z0-9./]{1,16}$[a-zA-Z0-9./]{43}' |
| 56 | + '|$6$(rounds=\d+$)?[a-zA-Z0-9./]{1,16}$[a-zA-Z0-9./]{86}'; |
| 57 | } |
| 58 | description |
| 59 | "The crypt-hash type is used to store passwords using |
| 60 | a hash function. The algorithms for applying the hash |
| 61 | function and encoding the result are implemented in |
| 62 | various UNIX systems as the function crypt(3). |
| 63 | |
| 64 | A value of this type matches one of the forms: |
| 65 | |
| 66 | $0$<clear text password> |
| 67 | $<id>$<salt>$<password hash> |
| 68 | $<id>$<parameter>$<salt>$<password hash> |
| 69 | |
| 70 | The '$0$' prefix signals that the value is clear text. When |
| 71 | such a value is received by the server, a hash value is |
| 72 | calculated, and the string '$<id>$<salt>$' or |
| 73 | $<id>$<parameter>$<salt>$ is prepended to the result. This |
| 74 | value is stored in the configuration data store. |
| 75 | |
| 76 | If a value starting with '$<id>$', where <id> is not '0', is |
| 77 | received, the server knows that the value already represents a |
| 78 | hashed value, and stores it as is in the data store. |
| 79 | |
| 80 | When a server needs to verify a password given by a user, it |
| 81 | finds the stored password hash string for that user, extracts |
| 82 | the salt, and calculates the hash with the salt and given |
| 83 | password as input. If the calculated hash value is the same |
| 84 | as the stored value, the password given by the client is |
| 85 | accepted. |
| 86 | |
| 87 | This type defines the following hash functions: |
| 88 | |
| 89 | id | hash function | feature |
| 90 | ---+---------------+------------------- |
| 91 | 1 | MD5 | crypt-hash-md5 |
| 92 | 5 | SHA-256 | crypt-hash-sha-256 |
| 93 | 6 | SHA-512 | crypt-hash-sha-512 |
| 94 | |
| 95 | The server indicates support for the different hash functions |
| 96 | by advertising the corresponding feature."; |
| 97 | reference |
| 98 | "IEEE Std 1003.1-2008 - crypt() function |
| 99 | RFC 1321: The MD5 Message-Digest Algorithm |
| 100 | FIPS.180-3.2008: Secure Hash Standard"; |
| 101 | } |
| 102 | |
| 103 | feature crypt-hash-md5 { |
| 104 | description |
| 105 | "Indicates that the device supports the MD5 |
| 106 | hash function in 'crypt-hash' values"; |
| 107 | reference "RFC 1321: The MD5 Message-Digest Algorithm"; |
| 108 | } |
| 109 | |
| 110 | feature crypt-hash-sha-256 { |
| 111 | description |
| 112 | "Indicates that the device supports the SHA-256 |
| 113 | hash function in 'crypt-hash' values"; |
| 114 | reference "FIPS.180-3.2008: Secure Hash Standard"; |
| 115 | } |
| 116 | |
| 117 | feature crypt-hash-sha-512 { |
| 118 | description |
| 119 | "Indicates that the device supports the SHA-512 |
| 120 | hash function in 'crypt-hash' values"; |
| 121 | reference "FIPS.180-3.2008: Secure Hash Standard"; |
| 122 | } |
| 123 | |
| 124 | } |