Update KeyChain model to accept hex string for key-id

Question

Update KeyChain model to accept hex string for key-id

Closed this issue 9 months ago · 3 comments

As part of #606, Macsec model was updated to use global key chain model. However, this will not work because key-id type in key chain model is U64 :

leaf key-id {
      type uint64;
      description
        "Identifier for the key within the keychain.";
    }

whereas prior to the above change, key id in Macsec was hex string as per below :

grouping macsec-mka-key-config {
    description
      "MKA Key config grouping";

    leaf id {
      type oc-yang:hex-string {
        length "1..64";
      }
      description
        "Key identifier is used as the
         Connectivity Association Key name (CKN)";
    }

So, currently this is broken and proposal is to make the key-id in keychain to be a union of hex string and U64.

Answer 1 · 2022-11-03T16:31:25.000Z

Thanks @m26singhvi , can you raise a pull request to add this? Please also reference at least two implementations and/or specifications that show the need for a hex-string as macsec key id.

Answer 2 · 2022-11-08T17:50:08.000Z

Thanks for taking a look at this @dplore. I have raised a pull request here - #737

As I captured in the issue itself, before #606 was fixed, Macsec was using hex string only as key identifier. 801.X-2020 has details about how a typical CKN ( CAK Name ) looks like.

Answer 3 · 2023-11-22T00:26:33.000Z

Implemented in #737 which was merged.