From 246ccadbc1dbed3ef8653d27db7c2b8535188e5b Mon Sep 17 00:00:00 2001 From: Shashank Manjunath Date: Thu, 6 Jun 2024 23:55:47 -0700 Subject: [PATCH 1/3] OSPF authentication support --- .../models/ospf/openconfig-ospf-types.yang | 74 ++++++++++- .../openconfig-ospfv2-area-interface.yang | 115 +++++++++++++++++- release/models/ospf/openconfig-ospfv2.yang | 8 +- 3 files changed, 194 insertions(+), 3 deletions(-) diff --git a/release/models/ospf/openconfig-ospf-types.yang b/release/models/ospf/openconfig-ospf-types.yang index 4ab7256ea..a64b05b90 100644 --- a/release/models/ospf/openconfig-ospf-types.yang +++ b/release/models/ospf/openconfig-ospf-types.yang @@ -21,7 +21,13 @@ module openconfig-ospf-types { description "Type definitions for OSPF"; - oc-ext:openconfig-version "0.1.3"; + oc-ext:openconfig-version "0.2.0"; + + revision "2024-06-06" { + description + "Add OSPF authentication modes and encryption types."; + reference "0.2.0"; + } revision "2018-11-21" { description @@ -98,6 +104,72 @@ module openconfig-ospf-types { } // identities + identity MESSAGE_DIGEST_ENCRYPTION { + description + "Base identity to define Message Digest encryption type."; + } + + identity ENCRYPTION_NONE { + base MESSAGE_DIGEST_ENCRYPTION; + description + "No encrytion type."; + } + + identity ENCRYPTION_MD5 { + base MESSAGE_DIGEST_ENCRYPTION; + description + "MD5 message digest encryption type."; + } + + identity ENCRYPTION_SHA1 { + base MESSAGE_DIGEST_ENCRYPTION; + description + "SHA1 message digest encryption type."; + } + + identity ENCRYPTION_SHA256 { + base MESSAGE_DIGEST_ENCRYPTION; + description + "SHA256 message digest encryption type."; + } + + identity ENCRYPTION_SHA384 { + base MESSAGE_DIGEST_ENCRYPTION; + description + "SHA384 message digest encryption type."; + } + + identity ENCRYPTION_SHA512 { + base MESSAGE_DIGEST_ENCRYPTION; + description + "SHA512 message digest encryption type."; + } + + identity AUTH_MODE { + description + "Base identity to define OSPF authentication"; + } + + identity AUTH_NONE { + base AUTH_MODE; + description + "Authentication mode none."; + } + + identity AUTH_SIMPLE_PASSWORD { + base AUTH_MODE; + description + "Authentication mode simple password."; + reference "RFC2328"; + } + + identity AUTH_MESSAGE_DIGEST { + base AUTH_MODE; + description + "Authentication mode message digest."; + reference "RFC5709"; + } + identity OSPF_LSA_TYPE { description "Base identity for an OSPF LSA type. This identity is intended diff --git a/release/models/ospf/openconfig-ospfv2-area-interface.yang b/release/models/ospf/openconfig-ospfv2-area-interface.yang index 3045ad03c..5282e573f 100644 --- a/release/models/ospf/openconfig-ospfv2-area-interface.yang +++ b/release/models/ospf/openconfig-ospfv2-area-interface.yang @@ -25,7 +25,13 @@ submodule openconfig-ospfv2-area-interface { "This submodule provides OSPFv2 configuration and operational state parameters that are specific to the area context"; - oc-ext:openconfig-version "0.5.1"; + oc-ext:openconfig-version "0.6.0"; + + revision "2024-06-06" { + description + "Add support for ospfv2 authentication modes and encryption types"; + reference "0.6.0"; + } revision "2023-11-01" { description @@ -227,6 +233,55 @@ submodule openconfig-ospfv2-area-interface { } } + grouping ospfv2-area-interface-authentication-config { + description + "Configuration parameters relating to OSPF interface + authentication"; + + leaf auth-mode { + type identityref { + base oc-ospf-types:AUTH_MODE; + } + description + "Authentication mode to be used for OSPF interface links."; + } + + leaf simple-password { + type string; + description + "Password for simple authentication mode to be specified for OSPF."; + } + } + + grouping ospfv2-area-interface-message-digest-config { + description + "Configuration parameters relating to OSPF message-digest + authentication"; + + leaf md-key-id { + type uint8 { + range "1..255"; + } + description + "Message-digest keyid to be used for OSPF message digest auth."; + } + + leaf md-encryption { + type identityref { + base oc-ospf-types:MESSAGE_DIGEST_ENCRYPTION; + } + description + "Encryption type to be used for OSPF message digest auth."; + } + + leaf md-password { + type string; + description + "Password to be used for message digest authentication mode + for OSPF."; + } + } + grouping ospfv2-area-interface-mpls-config { description "Configuration parameters relating to MPLS extensions for OSPF"; @@ -437,6 +492,64 @@ submodule openconfig-ospfv2-area-interface { } } + container authentication { + description + "Configuration and operational state parameters for + OSPFv2 authentication on the interface."; + + container config { + description + "Configuration parameters for OSPFv2 authentication on + the interface"; + uses ospfv2-area-interface-authentication-config; + } + + container state { + config false; + description + "Operational state parameters for OSPFv2 authentication on + the interface"; + uses ospfv2-area-interface-authentication-config; + } + + container message-digests { + description + "Enclosing container for the list of message-digest keys that + can be configured on the interface"; + + list message-digest { + key "md-key-id"; + max-elements 2; + + description + "A message-digest key to be used for OSPFv2 authentication"; + + leaf md-key-id { + type leafref { + path "../config/md-key-id"; + } + description + "Message-digest authentication key identifier"; + } + + container config { + description + "Configuration parameters relating to the message-digest + authentication"; + uses ospfv2-area-interface-message-digest-config; + } + + container state { + config false; + description + "Operational state parameters relating to the message-digest + authentication"; + uses ospfv2-area-interface-message-digest-config; + } + } + } + } + container mpls { description "Configuration and operational state parameters for diff --git a/release/models/ospf/openconfig-ospfv2.yang b/release/models/ospf/openconfig-ospfv2.yang index fb5a7e031..ac802e4f1 100644 --- a/release/models/ospf/openconfig-ospfv2.yang +++ b/release/models/ospf/openconfig-ospfv2.yang @@ -34,7 +34,13 @@ module openconfig-ospfv2 { "An OpenConfig model for Open Shortest Path First (OSPF) version 2"; - oc-ext:openconfig-version "0.5.1"; + oc-ext:openconfig-version "0.6.0"; + + revision "2024-06-06" { + description + "Add support for ospfv2 authentication modes and encryption types"; + reference "0.6.0"; + } revision "2023-11-01" { description From 06e2542d9ee106b534d91b3f760686682cd0b3a0 Mon Sep 17 00:00:00 2001 From: Shashank Manjunath Date: Thu, 13 Jun 2024 02:38:33 -0700 Subject: [PATCH 2/3] Address review comments --- .../models/ospf/openconfig-ospf-types.yang | 44 +++++++++---------- .../openconfig-ospfv2-area-interface.yang | 30 +++++++------ release/models/ospf/openconfig-ospfv2.yang | 2 +- 3 files changed, 39 insertions(+), 37 deletions(-) diff --git a/release/models/ospf/openconfig-ospf-types.yang b/release/models/ospf/openconfig-ospf-types.yang index a64b05b90..a8872e28b 100644 --- a/release/models/ospf/openconfig-ospf-types.yang +++ b/release/models/ospf/openconfig-ospf-types.yang @@ -25,7 +25,7 @@ module openconfig-ospf-types { revision "2024-06-06" { description - "Add OSPF authentication modes and encryption types."; + "Add OSPF authentication modes and message digest keys."; reference "0.2.0"; } @@ -104,45 +104,45 @@ module openconfig-ospf-types { } // identities - identity MESSAGE_DIGEST_ENCRYPTION { + identity MESSAGE_DIGEST_ALGO { description - "Base identity to define Message Digest encryption type."; + "Base identity to define message digest hash algorithm type."; } - identity ENCRYPTION_NONE { - base MESSAGE_DIGEST_ENCRYPTION; + identity MESSAGE_DIGEST_NONE { + base MESSAGE_DIGEST_ALGO; description - "No encrytion type."; + "No algorithm defined."; } - identity ENCRYPTION_MD5 { - base MESSAGE_DIGEST_ENCRYPTION; + identity MESSAGE_DIGEST_MD5 { + base MESSAGE_DIGEST_ALGO; description - "MD5 message digest encryption type."; + "MD5 hash algorithm to be used to generate message digest."; } - identity ENCRYPTION_SHA1 { - base MESSAGE_DIGEST_ENCRYPTION; + identity MESSAGE_DIGEST_SHA1 { + base MESSAGE_DIGEST_ALGO; description - "SHA1 message digest encryption type."; + "SHA1 hash algorithm to be used to generate message digest."; } - identity ENCRYPTION_SHA256 { - base MESSAGE_DIGEST_ENCRYPTION; + identity MESSAGE_DIGEST_SHA256 { + base MESSAGE_DIGEST_ALGO; description - "SHA256 message digest encryption type."; + "SHA256 hash algorithm to be used to generate message digest."; } - identity ENCRYPTION_SHA384 { - base MESSAGE_DIGEST_ENCRYPTION; + identity MESSAGE_DIGEST_SHA384 { + base MESSAGE_DIGEST_ALGO; description - "SHA384 message digest encryption type."; + "SHA384 hash algorithm to be used to generate message digest."; } - identity ENCRYPTION_SHA512 { - base MESSAGE_DIGEST_ENCRYPTION; + identity MESSAGE_DIGEST_SHA512 { + base MESSAGE_DIGEST_ALGO; description - "SHA512 message digest encryption type."; + "SHA512 hash algorithm to be used to generate message digest."; } identity AUTH_MODE { @@ -167,7 +167,7 @@ module openconfig-ospf-types { base AUTH_MODE; description "Authentication mode message digest."; - reference "RFC5709"; + reference "RFC2328,RFC5709"; } identity OSPF_LSA_TYPE { diff --git a/release/models/ospf/openconfig-ospfv2-area-interface.yang b/release/models/ospf/openconfig-ospfv2-area-interface.yang index 5282e573f..3dc8a1db0 100644 --- a/release/models/ospf/openconfig-ospfv2-area-interface.yang +++ b/release/models/ospf/openconfig-ospfv2-area-interface.yang @@ -29,7 +29,7 @@ submodule openconfig-ospfv2-area-interface { revision "2024-06-06" { description - "Add support for ospfv2 authentication modes and encryption types"; + "Add support for ospfv2 authentication modes and message digest keys"; reference "0.6.0"; } @@ -249,7 +249,8 @@ submodule openconfig-ospfv2-area-interface { leaf simple-password { type string; description - "Password for simple authentication mode to be specified for OSPF."; + "Password for simple authentication mode to be specified for OSPF + authentication."; } } @@ -258,27 +259,29 @@ submodule openconfig-ospfv2-area-interface { "Configuration parameters relating to OSPF message-digest authentication"; - leaf md-key-id { + leaf key-id { type uint8 { range "1..255"; } description - "Message-digest keyid to be used for OSPF message digest auth."; + "Message-digest keyid to identify auth key and auth algo for + OSPF authentication."; } - leaf md-encryption { + leaf auth-algo { type identityref { - base oc-ospf-types:MESSAGE_DIGEST_ENCRYPTION; + base oc-ospf-types:MESSAGE_DIGEST_ALGO; } description - "Encryption type to be used for OSPF message digest auth."; + "Hash algorithm to be used generate/verify message digest + for OSPF authentication."; } - leaf md-password { + leaf auth-key { type string; description - "Password to be used for message digest authentication mode - for OSPF."; + "Password to be used to generate/verify message digest + for OSPF authentication."; } } @@ -518,15 +521,14 @@ submodule openconfig-ospfv2-area-interface { can be configured on the interface"; list message-digest { - key "md-key-id"; - max-elements 2; + key "key-id"; description "A message-digest key to be used for OSPFv2 authentication"; - leaf md-key-id { + leaf key-id { type leafref { - path "../config/md-key-id"; + path "../config/key-id"; } description "Message-digest authentication key identifier"; diff --git a/release/models/ospf/openconfig-ospfv2.yang b/release/models/ospf/openconfig-ospfv2.yang index ac802e4f1..61e1f9e95 100644 --- a/release/models/ospf/openconfig-ospfv2.yang +++ b/release/models/ospf/openconfig-ospfv2.yang @@ -38,7 +38,7 @@ module openconfig-ospfv2 { revision "2024-06-06" { description - "Add support for ospfv2 authentication modes and encryption types"; + "Add support for ospfv2 authentication modes and message digest keys."; reference "0.6.0"; } From 589800b87b9c5b3ac5de139c27720db47b8c9c45 Mon Sep 17 00:00:00 2001 From: Shashank Manjunath Date: Thu, 13 Jun 2024 23:59:09 -0700 Subject: [PATCH 3/3] Address review comments. --- release/models/ospf/openconfig-ospfv2-area-interface.yang | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/release/models/ospf/openconfig-ospfv2-area-interface.yang b/release/models/ospf/openconfig-ospfv2-area-interface.yang index 3dc8a1db0..8018e0c5e 100644 --- a/release/models/ospf/openconfig-ospfv2-area-interface.yang +++ b/release/models/ospf/openconfig-ospfv2-area-interface.yang @@ -247,7 +247,7 @@ submodule openconfig-ospfv2-area-interface { } leaf simple-password { - type string; + type oc-types:routing-password; description "Password for simple authentication mode to be specified for OSPF authentication."; @@ -260,9 +260,7 @@ submodule openconfig-ospfv2-area-interface { authentication"; leaf key-id { - type uint8 { - range "1..255"; - } + type uint8; description "Message-digest keyid to identify auth key and auth algo for OSPF authentication."; @@ -278,7 +276,7 @@ submodule openconfig-ospfv2-area-interface { } leaf auth-key { - type string; + type oc-types:routing-password; description "Password to be used to generate/verify message digest for OSPF authentication.";