Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Add sample apps to configure MACsec key chains
Includes three custom apps to configure different ciphers, durations
and number of keys:
nc-create-xr-lib-keychain-macsec-cfg-20-ydk.py - One AES-128-GCM key
nc-create-xr-lib-keychain-macsec-cfg-22-ydk.py - One AES-256-GCM key
nc-create-xr-lib-keychain-macsec-cfg-24-ydk.py - Two rolling keys
  • Loading branch information
netwrkr95 committed Apr 12, 2017
1 parent 1ba2669 commit 25d2322
Show file tree
Hide file tree
Showing 9 changed files with 449 additions and 0 deletions.
@@ -0,0 +1,98 @@
#!/usr/bin/env python
#
# Copyright 2016 Cisco Systems, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#

"""
Create configuration for model Cisco-IOS-XR-lib-keychain-macsec-cfg.
usage: nc-create-xr-lib-keychain-macsec-cfg-20-ydk.py [-h] [-v] device
positional arguments:
device NETCONF device (ssh://user:password@host:port)
optional arguments:
-h, --help show this help message and exit
-v, --verbose print debugging messages
"""

from argparse import ArgumentParser
from urlparse import urlparse

from ydk.services import CRUDService
from ydk.providers import NetconfServiceProvider
from ydk.models.cisco_ios_xr import Cisco_IOS_XR_lib_keychain_macsec_cfg \
as xr_lib_keychain_macsec_cfg
import logging


def config_mac_sec_keychains(mac_sec_keychains):
"""Add config data to mac_sec_keychains object."""
mac_sec_keychain = mac_sec_keychains.MacSecKeychain()
mac_sec_keychain.chain_name = "CHAIN1"
key = mac_sec_keychain.keies.Key()
key.key_id = "10"
key.key_string = key.KeyString()
key.key_string.string = "101E584B5643475D5B547B79777C6663754356445055030F0F03055C504C430F0F"
key.key_string.cryptographic_algorithm = xr_lib_keychain_macsec_cfg.MacSecCryptoAlgEnum.aes_128_cmac
key.lifetime.start_hour = 0
key.lifetime.start_minutes = 0
key.lifetime.start_seconds = 0
key.lifetime.start_date = 1
key.lifetime.start_month = xr_lib_keychain_macsec_cfg.MacSecKeyChainMonthEnum.jan
key.lifetime.start_year = 2017
key.lifetime.infinite_flag = True
mac_sec_keychain.keies.key.append(key)
mac_sec_keychains.mac_sec_keychain.append(mac_sec_keychain)


if __name__ == "__main__":
"""Execute main program."""
parser = ArgumentParser()
parser.add_argument("-v", "--verbose", help="print debugging messages",
action="store_true")
parser.add_argument("device",
help="NETCONF device (ssh://user:password@host:port)")
args = parser.parse_args()
device = urlparse(args.device)

# log debug messages if verbose argument specified
if args.verbose:
logger = logging.getLogger("ydk")
logger.setLevel(logging.DEBUG)
handler = logging.StreamHandler()
formatter = logging.Formatter(("%(asctime)s - %(name)s - "
"%(levelname)s - %(message)s"))
handler.setFormatter(formatter)
logger.addHandler(handler)

# create NETCONF provider
provider = NetconfServiceProvider(address=device.hostname,
port=device.port,
username=device.username,
password=device.password,
protocol=device.scheme)
# create CRUD service
crud = CRUDService()

mac_sec_keychains = xr_lib_keychain_macsec_cfg.MacSecKeychains() # create object
config_mac_sec_keychains(mac_sec_keychains) # add object configuration

# create configuration on NETCONF device
crud.create(provider, mac_sec_keychains)

provider.close()
exit()
# End of script
@@ -0,0 +1,9 @@
!! IOS XR Configuration version = 6.2.1
key chain CHAIN1
macsec
key 10
key-string password 101E584B5643475D5B547B79777C6663754356445055030F0F03055C504C430F0F cryptographic-algorithm aes-128-cmac
lifetime 00:00:00 january 01 2017 infinite
!
!
!
@@ -0,0 +1,23 @@
<mac-sec-keychains xmlns="http://cisco.com/ns/yang/Cisco-IOS-XR-lib-keychain-macsec-cfg">
<mac-sec-keychain>
<chain-name>CHAIN1</chain-name>
<keies>
<key>
<key-id>10</key-id>
<key-string>
<string>101E584B5643475D5B547B79777C6663754356445055030F0F03055C504C430F0F</string>
<cryptographic-algorithm>aes-128-cmac</cryptographic-algorithm>
</key-string>
<lifetime>
<start-hour>0</start-hour>
<start-minutes>0</start-minutes>
<start-seconds>0</start-seconds>
<start-date>1</start-date>
<start-month>jan</start-month>
<start-year>2017</start-year>
<infinite-flag>true</infinite-flag>
</lifetime>
</key>
</keies>
</mac-sec-keychain>
</mac-sec-keychains>
@@ -0,0 +1,98 @@
#!/usr/bin/env python
#
# Copyright 2016 Cisco Systems, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#

"""
Create configuration for model Cisco-IOS-XR-lib-keychain-macsec-cfg.
usage: nc-create-xr-lib-keychain-macsec-cfg-22-ydk.py [-h] [-v] device
positional arguments:
device NETCONF device (ssh://user:password@host:port)
optional arguments:
-h, --help show this help message and exit
-v, --verbose print debugging messages
"""

from argparse import ArgumentParser
from urlparse import urlparse

from ydk.services import CRUDService
from ydk.providers import NetconfServiceProvider
from ydk.models.cisco_ios_xr import Cisco_IOS_XR_lib_keychain_macsec_cfg \
as xr_lib_keychain_macsec_cfg
import logging


def config_mac_sec_keychains(mac_sec_keychains):
"""Add config data to mac_sec_keychains object."""
mac_sec_keychain = mac_sec_keychains.MacSecKeychain()
mac_sec_keychain.chain_name = "CHAIN2"
key = mac_sec_keychain.keies.Key()
key.key_id = "20"
key.key_string = key.KeyString()
key.key_string.string = "0256550958525A771B1E584B5643475D5B547B79777C6663754356445055030F0F03055C504C430F0F07020006005E0D51570905574753520C5B575D72181B5F4E"
key.key_string.cryptographic_algorithm = xr_lib_keychain_macsec_cfg.MacSecCryptoAlgEnum.aes_256_cmac
key.lifetime.start_hour = 0
key.lifetime.start_minutes = 0
key.lifetime.start_seconds = 0
key.lifetime.start_date = 1
key.lifetime.start_month = xr_lib_keychain_macsec_cfg.MacSecKeyChainMonthEnum.jan
key.lifetime.start_year = 2017
key.lifetime.infinite_flag = True
mac_sec_keychain.keies.key.append(key)
mac_sec_keychains.mac_sec_keychain.append(mac_sec_keychain)


if __name__ == "__main__":
"""Execute main program."""
parser = ArgumentParser()
parser.add_argument("-v", "--verbose", help="print debugging messages",
action="store_true")
parser.add_argument("device",
help="NETCONF device (ssh://user:password@host:port)")
args = parser.parse_args()
device = urlparse(args.device)

# log debug messages if verbose argument specified
if args.verbose:
logger = logging.getLogger("ydk")
logger.setLevel(logging.DEBUG)
handler = logging.StreamHandler()
formatter = logging.Formatter(("%(asctime)s - %(name)s - "
"%(levelname)s - %(message)s"))
handler.setFormatter(formatter)
logger.addHandler(handler)

# create NETCONF provider
provider = NetconfServiceProvider(address=device.hostname,
port=device.port,
username=device.username,
password=device.password,
protocol=device.scheme)
# create CRUD service
crud = CRUDService()

mac_sec_keychains = xr_lib_keychain_macsec_cfg.MacSecKeychains() # create object
config_mac_sec_keychains(mac_sec_keychains) # add object configuration

# create configuration on NETCONF device
crud.create(provider, mac_sec_keychains)

provider.close()
exit()
# End of script
@@ -0,0 +1,9 @@
!! IOS XR Configuration version = 6.2.1
key chain CHAIN2
macsec
key 20
key-string password 0256550958525A771B1E584B5643475D5B547B79777C6663754356445055030F0F03055C504C430F0F07020006005E0D51570905574753520C5B575D72181B5F4E cryptographic-algorithm aes-256-cmac
lifetime 00:00:00 january 01 2017 infinite
!
!
!
@@ -0,0 +1,23 @@
<mac-sec-keychains xmlns="http://cisco.com/ns/yang/Cisco-IOS-XR-lib-keychain-macsec-cfg">
<mac-sec-keychain>
<chain-name>CHAIN2</chain-name>
<keies>
<key>
<key-id>20</key-id>
<key-string>
<string>0256550958525A771B1E584B5643475D5B547B79777C6663754356445055030F0F03055C504C430F0F07020006005E0D51570905574753520C5B575D72181B5F4E</string>
<cryptographic-algorithm>aes-256-cmac</cryptographic-algorithm>
</key-string>
<lifetime>
<start-hour>0</start-hour>
<start-minutes>0</start-minutes>
<start-seconds>0</start-seconds>
<start-date>1</start-date>
<start-month>jan</start-month>
<start-year>2017</start-year>
<infinite-flag>true</infinite-flag>
</lifetime>
</key>
</keies>
</mac-sec-keychain>
</mac-sec-keychains>
@@ -0,0 +1,125 @@
#!/usr/bin/env python
#
# Copyright 2016 Cisco Systems, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#

"""
Create configuration for model Cisco-IOS-XR-lib-keychain-macsec-cfg.
usage: nc-create-xr-lib-keychain-macsec-cfg-24-ydk.py [-h] [-v] device
positional arguments:
device NETCONF device (ssh://user:password@host:port)
optional arguments:
-h, --help show this help message and exit
-v, --verbose print debugging messages
"""

from argparse import ArgumentParser
from urlparse import urlparse

from ydk.services import CRUDService
from ydk.providers import NetconfServiceProvider
from ydk.models.cisco_ios_xr import Cisco_IOS_XR_lib_keychain_macsec_cfg \
as xr_lib_keychain_macsec_cfg
import logging


def config_mac_sec_keychains(mac_sec_keychains):
"""Add config data to mac_sec_keychains object."""
mac_sec_keychain = mac_sec_keychains.MacSecKeychain()
mac_sec_keychain.chain_name = "CHAIN3"
key = mac_sec_keychain.keies.Key()
key.key_id = "10"
key.key_string = key.KeyString()
key.key_string.string = "01435756085F5359761C1F5B4A5142445C5C557878707D6562724255455754000E0802065D574D400E0806010101015D0C56560A04504650530B5A545C7519185E"
key.key_string.cryptographic_algorithm = xr_lib_keychain_macsec_cfg.MacSecCryptoAlgEnum.aes_256_cmac
key.lifetime.start_hour = 0
key.lifetime.start_minutes = 0
key.lifetime.start_seconds = 0
key.lifetime.start_date = 1
key.lifetime.start_month = xr_lib_keychain_macsec_cfg.MacSecKeyChainMonthEnum.jan
key.lifetime.start_year = 2017
key.lifetime.end_hour = 23
key.lifetime.end_minutes = 59
key.lifetime.end_seconds = 59
key.lifetime.end_date = 7
key.lifetime.end_month = xr_lib_keychain_macsec_cfg.MacSecKeyChainMonthEnum.jan
key.lifetime.end_year = 2017
key.lifetime.infinite_flag = False
mac_sec_keychain.keies.key.append(key)

# Second key
key = mac_sec_keychain.keies.Key()
key.key_id = "20"
key.key_string = key.KeyString()
key.key_string.string = "04035C505A751F1C58415241475F5F567B73737E66617141564E5457030D0B010556544E430D0B05020A02025E0F5555090F5345535008595757761A1B5D4A5746"
key.key_string.cryptographic_algorithm = xr_lib_keychain_macsec_cfg.MacSecCryptoAlgEnum.aes_256_cmac
key.lifetime.start_hour = 23
key.lifetime.start_minutes = 0
key.lifetime.start_seconds = 0
key.lifetime.start_date = 7
key.lifetime.start_month = xr_lib_keychain_macsec_cfg.MacSecKeyChainMonthEnum.jan
key.lifetime.start_year = 2017
key.lifetime.end_hour = 23
key.lifetime.end_minutes = 59
key.lifetime.end_seconds = 59
key.lifetime.end_date = 13
key.lifetime.end_month = xr_lib_keychain_macsec_cfg.MacSecKeyChainMonthEnum.jan
key.lifetime.end_year = 2017
key.lifetime.infinite_flag = False
mac_sec_keychain.keies.key.append(key)
mac_sec_keychains.mac_sec_keychain.append(mac_sec_keychain)


if __name__ == "__main__":
"""Execute main program."""
parser = ArgumentParser()
parser.add_argument("-v", "--verbose", help="print debugging messages",
action="store_true")
parser.add_argument("device",
help="NETCONF device (ssh://user:password@host:port)")
args = parser.parse_args()
device = urlparse(args.device)

# log debug messages if verbose argument specified
if args.verbose:
logger = logging.getLogger("ydk")
logger.setLevel(logging.DEBUG)
handler = logging.StreamHandler()
formatter = logging.Formatter(("%(asctime)s - %(name)s - "
"%(levelname)s - %(message)s"))
handler.setFormatter(formatter)
logger.addHandler(handler)

# create NETCONF provider
provider = NetconfServiceProvider(address=device.hostname,
port=device.port,
username=device.username,
password=device.password,
protocol=device.scheme)
# create CRUD service
crud = CRUDService()

mac_sec_keychains = xr_lib_keychain_macsec_cfg.MacSecKeychains() # create object
config_mac_sec_keychains(mac_sec_keychains) # add object configuration

# create configuration on NETCONF device
crud.create(provider, mac_sec_keychains)

provider.close()
exit()
# End of script

0 comments on commit 25d2322

Please sign in to comment.