blob: 3a9ef554a2cc466d467864e8c8260d6d5e709cf3 [file] [log] [blame]
Sean Condonfae8e662016-12-15 10:25:13 +00001module iana-crypt-hash {
2 namespace "urn:ietf:params:xml:ns:yang:iana-crypt-hash";
3 prefix ianach;
4
5 organization "IANA";
6 contact
7 " Internet Assigned Numbers Authority
8
9 Postal: ICANN
10 12025 Waterfront Drive, Suite 300
11 Los Angeles, CA 90094-2536
12 United States
13
14 Tel: +1 310 301 5800
15 E-Mail: iana@iana.org>";
16 description
17 "This YANG module defines a type for storing passwords
18 using a hash function and features to indicate which hash
19 functions are supported by an implementation.
20
21 The latest revision of this YANG module can be obtained from
22 the IANA web site.
23
24 Requests for new values should be made to IANA via
25 email (iana@iana.org).
26
27 Copyright (c) 2014 IETF Trust and the persons identified as
28 authors of the code. All rights reserved.
29
30 Redistribution and use in source and binary forms, with or
31 without modification, is permitted pursuant to, and subject
32 to the license terms contained in, the Simplified BSD License
33 set forth in Section 4.c of the IETF Trust's Legal Provisions
34 Relating to IETF Documents
35 (http://trustee.ietf.org/license-info).
36
37 The initial version of this YANG module is part of RFC 7317;
38 see the RFC itself for full legal notices.";
39
40 revision 2014-08-06 {
41 description
42 "Initial revision.";
43 reference
44 "RFC 7317: A YANG Data Model for System Management";
45 }
46
47 typedef crypt-hash {
48 type string {
49 pattern
50 '$0$.*' //Escaped all $ as Java Pattern matcher will interpret them otherwise
51 + '|$1$[a-zA-Z0-9./]{1,8}$[a-zA-Z0-9./]{22}'
52 + '|$5$(rounds=\d+$)?[a-zA-Z0-9./]{1,16}$[a-zA-Z0-9./]{43}'
53 + '|$6$(rounds=\d+$)?[a-zA-Z0-9./]{1,16}$[a-zA-Z0-9./]{86}';
54 }
55 description
56 "The crypt-hash type is used to store passwords using
57 a hash function. The algorithms for applying the hash
58 function and encoding the result are implemented in
59 various UNIX systems as the function crypt(3).
60
61 A value of this type matches one of the forms:
62
63 $0$<clear text password>
64 $<id>$<salt>$<password hash>
65 $<id>$<parameter>$<salt>$<password hash>
66
67 The '$0$' prefix signals that the value is clear text. When
68 such a value is received by the server, a hash value is
69 calculated, and the string '$<id>$<salt>$' or
70 $<id>$<parameter>$<salt>$ is prepended to the result. This
71 value is stored in the configuration data store.
72
73 If a value starting with '$<id>$', where <id> is not '0', is
74 received, the server knows that the value already represents a
75 hashed value and stores it 'as is' in the data store.
76
77 When a server needs to verify a password given by a user, it
78 finds the stored password hash string for that user, extracts
79 the salt, and calculates the hash with the salt and given
80 password as input. If the calculated hash value is the same
81 as the stored value, the password given by the client is
82 accepted.
83
84 This type defines the following hash functions:
85
86 id | hash function | feature
87 ---+---------------+-------------------
88 1 | MD5 | crypt-hash-md5
89 5 | SHA-256 | crypt-hash-sha-256
90 6 | SHA-512 | crypt-hash-sha-512
91
92 The server indicates support for the different hash functions
93 by advertising the corresponding feature.";
94 reference
95 "IEEE Std 1003.1-2008 - crypt() function
96 RFC 1321: The MD5 Message-Digest Algorithm
97 FIPS.180-4.2012: Secure Hash Standard (SHS)";
98 }
99
100 feature crypt-hash-md5 {
101 description
102 "Indicates that the device supports the MD5
103 hash function in 'crypt-hash' values.";
104 reference "RFC 1321: The MD5 Message-Digest Algorithm";
105 }
106
107 feature crypt-hash-sha-256 {
108 description
109 "Indicates that the device supports the SHA-256
110 hash function in 'crypt-hash' values.";
111 reference "FIPS.180-4.2012: Secure Hash Standard (SHS)";
112 }
113
114 feature crypt-hash-sha-512 {
115 description
116 "Indicates that the device supports the SHA-512
117 hash function in 'crypt-hash' values.";
118 reference "FIPS.180-4.2012: Secure Hash Standard (SHS)";
119 }
120
121}