xmlns="urn:ietf:params:xml:ns:yang:yin:1"

        xmlns:ianach="urn:ietf:params:xml:ns:yang:iana-crypt-hash">

  <namespace uri="urn:ietf:params:xml:ns:yang:iana-crypt-hash"/>

  <prefix value="ianach"/>

  <organization>

    <text>IANA</text>

  </organization>

  <contact>

    <text>        Internet Assigned Numbers Authority

Postal: ICANN

        12025 Waterfront Drive, Suite 300

        Los Angeles, CA  90094-2536

        United States

Tel:    +1 310 301 5800

E-Mail: iana@iana.org></text>

  </contact>

  <description>

    <text>This YANG module defines a type for storing passwords

using a hash function and features to indicate which hash

functions are supported by an implementation.

The latest revision of this YANG module can be obtained from

the IANA web site.

Requests for new values should be made to IANA via

email (iana@iana.org).

Copyright (c) 2014 IETF Trust and the persons identified as

authors of the code.  All rights reserved.

Redistribution and use in source and binary forms, with or

without modification, is permitted pursuant to, and subject

to the license terms contained in, the Simplified BSD License

set forth in Section 4.c of the IETF Trust's Legal Provisions

Relating to IETF Documents

(http://trustee.ietf.org/license-info).

The initial version of this YANG module is part of RFC 7317;

see the RFC itself for full legal notices.</text>

  </description>

  <revision date="2014-08-06">

    <description>

      <text>Initial revision.</text>

    </description>

    <reference>

      <text>RFC 7317: A YANG Data Model for System Management</text>

    </reference>

  </revision>

  <typedef name="crypt-hash">

    <type name="string">

      <pattern value="$0$.*|$1$[a-zA-Z0-9./]{1,8}$[a-zA-Z0-9./]{22}|$5$(rounds=\d+$)?[a-zA-Z0-9./]{1,16}$[a-zA-Z0-9./]{43}|$6$(rounds=\d+$)?[a-zA-Z0-9./]{1,16}$[a-zA-Z0-9./]{86}"/>

    </type>

    <description>

      <text>The crypt-hash type is used to store passwords using

a hash function.  The algorithms for applying the hash

function and encoding the result are implemented in

various UNIX systems as the function crypt(3).

A value of this type matches one of the forms:

  $0$<clear text password>

  $<id>$<salt>$<password hash>

  $<id>$<parameter>$<salt>$<password hash>

The '$0$' prefix signals that the value is clear text.  When

such a value is received by the server, a hash value is

calculated, and the string '$<id>$<salt>$' or

$<id>$<parameter>$<salt>$ is prepended to the result.  This

value is stored in the configuration data store.

If a value starting with '$<id>$', where <id> is not '0', is

received, the server knows that the value already represents a

hashed value and stores it 'as is' in the data store.

When a server needs to verify a password given by a user, it

finds the stored password hash string for that user, extracts

the salt, and calculates the hash with the salt and given

password as input.  If the calculated hash value is the same

as the stored value, the password given by the client is

accepted.

This type defines the following hash functions:

  id | hash function | feature

  ---+---------------+-------------------

   1 | MD5           | crypt-hash-md5

   5 | SHA-256       | crypt-hash-sha-256

   6 | SHA-512       | crypt-hash-sha-512

The server indicates support for the different hash functions

by advertising the corresponding feature.</text>

    </description>

    <reference>

      <text>IEEE Std 1003.1-2008 - crypt() function

RFC 1321: The MD5 Message-Digest Algorithm

FIPS.180-4.2012: Secure Hash Standard (SHS)</text>

    </reference>

  </typedef>

  <feature name="crypt-hash-md5">

    <description>

      <text>Indicates that the device supports the MD5

hash function in 'crypt-hash' values.</text>

    </description>

    <reference>

      <text>RFC 1321: The MD5 Message-Digest Algorithm</text>

    </reference>

  </feature>

  <feature name="crypt-hash-sha-256">

    <description>

      <text>Indicates that the device supports the SHA-256

hash function in 'crypt-hash' values.</text>

    </description>

    <reference>

      <text>FIPS.180-4.2012: Secure Hash Standard (SHS)</text>

    </reference>

  </feature>

  <feature name="crypt-hash-sha-512">

    <description>

      <text>Indicates that the device supports the SHA-512

hash function in 'crypt-hash' values.</text>

    </description>

    <reference>

      <text>FIPS.180-4.2012: Secure Hash Standard (SHS)</text>

    </reference>

  </feature>

</module>