-
Notifications
You must be signed in to change notification settings - Fork 0
/
ietf-6tisch-symmetric-keying.yang
148 lines (131 loc) · 4.89 KB
/
ietf-6tisch-symmetric-keying.yang
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
module ietf-6tisch-symmetric-keying {
yang-version 1.1;
namespace
"urn:ietf:params:xml:ns:yang:ietf-6tisch-symmetric-keying";
prefix "ietf6keys";
//import ietf-yang-types { prefix yang; }
//import ietf-inet-types { prefix inet; }
organization
"IETF 6tisch Working Group";
contact
"WG Web: <http://tools.ietf.org/wg/6tisch/>
WG List: <mailto:6tisch@ietf.org>
Author: Michael Richardson
<mailto:mcr+ietf@sandelman.ca>";
description
"This module defines the format for a set of network-wide 802.15.4
keys used in 6tisch networks. There are 128 sets of key pairs,
with one keypair (K1) used to authenticate (and sometimes encrypt)
multicast traffic, and another keypair (K2) used to encrypt unicast
traffic. The 128 key pairs are numbered by the (lower) odd
keyindex, which otherwise is a 0-255 value. Keyindex 0 is
not valid. This module is a partial expression of the tables in
https://mentor.ieee.org/802.15/dcn/15/15-15-0106-07-0mag-security-section-pictures.pdf.
To read and write the key pairs, a monotonically increasing counter is added. A new key pair must be added with current_counter = last_counter+1. The current specification allows overwriting of earlier key pairs. It is up to the server to remove old key pairs, such that only the last three (two) pairs are stored and visible to the client.";
revision "2017-03-01" {
description
"Initial version";
reference
"RFC XXXX: 6tisch minimal security";
}
// list of key pairs
list ietf6tischkeypairs {
key counter;
description
"a list of key pairs with unique index: counter.";
leaf counter {
type uint16{
range "0..256"; // for the moment 256 items
}
mandatory "true";
description
"unique reference to the key pair for client access.";
} // counter
// key descriptor for FIRST part of pair
container ietf6tischkey1 {
description
"A voucher that can be used to assign one or more
devices to an owner.";
// this container is pretty empty, a leaf would do the job.
container secKeyDescriptor {
// I assume this needs to be extended, why else a container?
description
"This container describes the details of a
specific cipher key";
leaf secKey {
type binary;
description "The actual encryption key.
This value is write only, and is not returned in a
read, or returns all zeroes.";
} // secKey
} // secKeyDescriptor
// leaf secKeyIdMode is always 1, not described here.
leaf secKeyIndex {
type uint8;
description
"The keyIndex for this keySet.
A number between 1 and 255.";
reference
"IEEE802.15.4";
} // secKeyIndex
} // ietf6tischkey1
// key descriptor for SECOND part of pair
container ietf6tischkey2 {
description
"A voucher that can be used to assign one or more
devices to an owner.";
container secKeyDescriptor {
// I assume this needs to be extended, why else a container?
description
"This container describes the details of a
specific cipher key";
leaf secKey {
type binary;
description "The actual encryption key.
This value is write only, and is not returned in a
read, or returns all zeroes.";
} // secKey
} // secKeyDescriptor
// leaf secKeyIdMode is always 1, not described here.
leaf secKeyIndex {
type uint8;
description
"The keyIndex for this keySet.
A number between 1 and 255.";
reference
"IEEE802.15.4";
} // secKeyIndex
} // ietf6tischkey2
} //ietf6tischkeypairs
// the usage is over all pairs
container secKeyUsage {
config false; // cannot be set by client
description
"statistics of sent and received packets.";
leaf txPacketsSent {
type uint32;
description "Number of packets sent with this key.";
} // txPacketsSent
leaf rxPacketsSuccess {
type uint32;
description "Number of packets received with this key that were
successfully decrypted and authenticated.";
}// rxPacketsSuccess
leaf rxPacketsReceived {
type uint32;
description "Number of packets received with this key, both
successfully received, and unsuccessfully.";
} // rxPacketsReceived
} // secKeyUsage
// setting new key, and validation of new key
leaf newKey{
type binary;
description
"new key value to be set by client.";
} // newKey
rpc installNextKey{
description
"Client informs server that newKey is to be
used as current key.";
} // installNextKey
} // module ietf-6tisch-symmetric-keying