src/sonic-yang-models/yang-models/sonic-macsec.yang

module sonic-macsec {

    yang-version 1.1;

    namespace "http://github.com/sonic-net/sonic-macsec";

    prefix macsec;

    import sonic-types {
        prefix stypes;
    }

    description "MACsec yang Module for SONiC OS";

    revision 2022-04-12 {
        description "First Revision";
    }

    container sonic-macsec {

        container MACSEC_PROFILE {

            description "MACsec profile of config_db.json";

            list MACSEC_PROFILE_LIST {

                key "name";

                leaf name {
                    type string {
                        length 1..128;
                    }
                }

                leaf priority {
                    type uint8;
                    default 255;
                }

                leaf cipher_suite {
                    type string {
                        pattern "GCM-AES-128|GCM-AES-256|GCM-AES-XPN-128|GCM-AES-XPN-256";
                    }
                    default "GCM-AES-128";
                }

                leaf primary_cak {
                    type string {
                        pattern "[0-9a-fA-F]{66}|[0-9a-fA-F]{130}";
                    }
                    mandatory true;
                }

                leaf primary_ckn {
                    type string {
                        pattern "[0-9a-fA-F]{32}|[0-9a-fA-F]{64}";
                    }
                    mandatory true;
                }

                leaf fallback_cak {
                    type string {
                        pattern "[0-9a-fA-F]{66}|[0-9a-fA-F]{130}";
                    }
                }

                leaf fallback_ckn {
                    type string {
                        pattern "[0-9a-fA-F]{32}|[0-9a-fA-F]{64}";
                    }
                }

                must "string-length(fallback_cak) = 0 or string-length(fallback_cak) = string-length(primary_cak)";

                must "string-length(fallback_ckn) = 0 or primary_ckn != fallback_ckn";

                leaf policy {
                    type string {
                        pattern "integrity_only|security";
                    }
                    default "security";
                }

                leaf enable_replay_protect {
                    type stypes:boolean_type;
                    default "false";
                }

                leaf replay_window {
                    when "current()/../enable_replay_protect = 'true'";
                    type uint32;
                }

                leaf send_sci {
                    type stypes:boolean_type;
                    default "true";
                }

                leaf rekey_period {
                    description "The period of proactively refresh (Unit second).
                                 If the value is 0, which means never proactive refresh SAK.";
                    type uint32;
                    default 0;
                }

            } /* end of list  MACSEC_PROFILE_LIST */

        } /* end of container MACSEC_PROFILE */

    } /* end of container sonic-macsec */

} /* end of module sonic-macsec */