| Sean Condon | fae8e66 | 2016-12-15 10:25:13 +0000 | [diff] [blame^] | 1 | module iana-crypt-hash { |
| 2 | namespace "urn:ietf:params:xml:ns:yang:iana-crypt-hash"; |
| 3 | prefix ianach; |
| 4 | |
| 5 | organization "IANA"; |
| 6 | contact |
| 7 | " Internet Assigned Numbers Authority |
| 8 | |
| 9 | Postal: ICANN |
| 10 | 12025 Waterfront Drive, Suite 300 |
| 11 | Los Angeles, CA 90094-2536 |
| 12 | United States |
| 13 | |
| 14 | Tel: +1 310 301 5800 |
| 15 | E-Mail: iana@iana.org>"; |
| 16 | description |
| 17 | "This YANG module defines a type for storing passwords |
| 18 | using a hash function and features to indicate which hash |
| 19 | functions are supported by an implementation. |
| 20 | |
| 21 | The latest revision of this YANG module can be obtained from |
| 22 | the IANA web site. |
| 23 | |
| 24 | Requests for new values should be made to IANA via |
| 25 | email (iana@iana.org). |
| 26 | |
| 27 | Copyright (c) 2014 IETF Trust and the persons identified as |
| 28 | authors of the code. All rights reserved. |
| 29 | |
| 30 | Redistribution and use in source and binary forms, with or |
| 31 | without modification, is permitted pursuant to, and subject |
| 32 | to the license terms contained in, the Simplified BSD License |
| 33 | set forth in Section 4.c of the IETF Trust's Legal Provisions |
| 34 | Relating to IETF Documents |
| 35 | (http://trustee.ietf.org/license-info). |
| 36 | |
| 37 | The initial version of this YANG module is part of RFC 7317; |
| 38 | see the RFC itself for full legal notices."; |
| 39 | |
| 40 | revision 2014-08-06 { |
| 41 | description |
| 42 | "Initial revision."; |
| 43 | reference |
| 44 | "RFC 7317: A YANG Data Model for System Management"; |
| 45 | } |
| 46 | |
| 47 | typedef crypt-hash { |
| 48 | type string { |
| 49 | pattern |
| 50 | '$0$.*' //Escaped all $ as Java Pattern matcher will interpret them otherwise |
| 51 | + '|$1$[a-zA-Z0-9./]{1,8}$[a-zA-Z0-9./]{22}' |
| 52 | + '|$5$(rounds=\d+$)?[a-zA-Z0-9./]{1,16}$[a-zA-Z0-9./]{43}' |
| 53 | + '|$6$(rounds=\d+$)?[a-zA-Z0-9./]{1,16}$[a-zA-Z0-9./]{86}'; |
| 54 | } |
| 55 | description |
| 56 | "The crypt-hash type is used to store passwords using |
| 57 | a hash function. The algorithms for applying the hash |
| 58 | function and encoding the result are implemented in |
| 59 | various UNIX systems as the function crypt(3). |
| 60 | |
| 61 | A value of this type matches one of the forms: |
| 62 | |
| 63 | $0$<clear text password> |
| 64 | $<id>$<salt>$<password hash> |
| 65 | $<id>$<parameter>$<salt>$<password hash> |
| 66 | |
| 67 | The '$0$' prefix signals that the value is clear text. When |
| 68 | such a value is received by the server, a hash value is |
| 69 | calculated, and the string '$<id>$<salt>$' or |
| 70 | $<id>$<parameter>$<salt>$ is prepended to the result. This |
| 71 | value is stored in the configuration data store. |
| 72 | |
| 73 | If a value starting with '$<id>$', where <id> is not '0', is |
| 74 | received, the server knows that the value already represents a |
| 75 | hashed value and stores it 'as is' in the data store. |
| 76 | |
| 77 | When a server needs to verify a password given by a user, it |
| 78 | finds the stored password hash string for that user, extracts |
| 79 | the salt, and calculates the hash with the salt and given |
| 80 | password as input. If the calculated hash value is the same |
| 81 | as the stored value, the password given by the client is |
| 82 | accepted. |
| 83 | |
| 84 | This type defines the following hash functions: |
| 85 | |
| 86 | id | hash function | feature |
| 87 | ---+---------------+------------------- |
| 88 | 1 | MD5 | crypt-hash-md5 |
| 89 | 5 | SHA-256 | crypt-hash-sha-256 |
| 90 | 6 | SHA-512 | crypt-hash-sha-512 |
| 91 | |
| 92 | The server indicates support for the different hash functions |
| 93 | by advertising the corresponding feature."; |
| 94 | reference |
| 95 | "IEEE Std 1003.1-2008 - crypt() function |
| 96 | RFC 1321: The MD5 Message-Digest Algorithm |
| 97 | FIPS.180-4.2012: Secure Hash Standard (SHS)"; |
| 98 | } |
| 99 | |
| 100 | feature crypt-hash-md5 { |
| 101 | description |
| 102 | "Indicates that the device supports the MD5 |
| 103 | hash function in 'crypt-hash' values."; |
| 104 | reference "RFC 1321: The MD5 Message-Digest Algorithm"; |
| 105 | } |
| 106 | |
| 107 | feature crypt-hash-sha-256 { |
| 108 | description |
| 109 | "Indicates that the device supports the SHA-256 |
| 110 | hash function in 'crypt-hash' values."; |
| 111 | reference "FIPS.180-4.2012: Secure Hash Standard (SHS)"; |
| 112 | } |
| 113 | |
| 114 | feature crypt-hash-sha-512 { |
| 115 | description |
| 116 | "Indicates that the device supports the SHA-512 |
| 117 | hash function in 'crypt-hash' values."; |
| 118 | reference "FIPS.180-4.2012: Secure Hash Standard (SHS)"; |
| 119 | } |
| 120 | |
| 121 | } |