module ietf-tcg-algs {
yang-version 1.1;
namespace "urn:ietf:params:xml:ns:yang:ietf-tcg-algs";
prefix taa;
organization
"IETF RATS (Remote ATtestation procedureS) Working Group";
contact
"WG Web:
WG List:
Author: Eric Voit ";
description
"This module defines identities for asymmetric algorithms.
The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL
NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'NOT RECOMMENDED',
'MAY', and 'OPTIONAL' in this document are to be interpreted as
described in BCP 14 (RFC 2119) (RFC 8174) when, and only when,
they appear in all capitals, as shown here.
Copyright (c) 2024 IETF Trust and the persons identified as
authors of the code. All rights reserved.
Redistribution and use in source and binary forms, with or
without modification, is permitted pursuant to, and subject to
the license terms contained in, the Revised BSD License set
forth in Section 4.c of the IETF Trust's Legal Provisions
Relating to IETF Documents
(https://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC 9684; see the
RFC itself for full legal notices.";
revision 2024-12-05 {
description
"Initial version";
reference
"RFC 9684: A YANG Data Model for Challenge-Response-Based
Remote Attestation (CHARRA) Procedures Using Trusted Platform
Modules (TPMs)";
}
/*****************/
/* Features */
/*****************/
feature tpm12 {
description
"This feature indicates algorithm support for the TPM 1.2 API
per Section 4.8 of TPM1.2-Structures.";
reference
"TPM1.2-Structures: TPM Main Part 2 TPM Structures,
https://trustedcomputinggroup.org/wp-content/uploads/
TPM-Main-Part-2-TPM-Structures_v1.2_rev116_01032011.pdf
TPM_ALGORITHM_ID values, Section 4.8";
}
feature tpm20 {
description
"This feature indicates algorithm support for the TPM 2.0 API
per Section 11.4 of Trusted Platform Module Library Part 1:
Architecture.";
reference
"TPM2.0-Arch: Trusted Platform Module Library Part 1:
Architecture, https://trustedcomputinggroup.org/wp-content/
uploads/TPM-2.0-1.83-Part-1-Architecture.pdf, Section 11.4";
}
/*****************/
/* Identities */
/*****************/
identity asymmetric {
description
"A TCG-recognized asymmetric algorithm with a public and
private key.";
reference
"TCG-Algos: TCG Algorithm Registry, Rev1.34, Table 2,
https://trustedcomputinggroup.org/resource/
tcg-algorithm-registry/TCG-_Algorithm_Registry_r1p32_pub";
}
identity symmetric {
description
"A TCG-recognized symmetric algorithm with only a private
key.";
reference
"TCG-Algos: TCG Algorithm Registry, Rev1.34, Table 2";
}
identity hash {
description
"A TCG-recognized hash algorithm that compresses input data to
a digest value or indicates a method that uses a hash.";
reference
"TCG-Algos: TCG Algorithm Registry, Rev1.34, Table 2";
}
identity signing {
description
"A TCG-recognized signing algorithm";
reference
"TCG-Algos: TCG Algorithm Registry, Rev1.34, Table 2";
}
identity anonymous_signing {
description
"A TCG-recognized anonymous signing algorithm.";
reference
"TCG-Algos: TCG Algorithm Registry, Rev1.34, Table 2";
}
identity encryption_mode {
description
"A TCG-recognized encryption mode.";
reference
"TCG-Algos: TCG Algorithm Registry, Rev1.34, Table 2";
}
identity method {
description
"A TCG-recognized method such as a mask generation function.";
reference
"TCG-Algos: TCG Algorithm Registry, Rev1.34, Table 2";
}
identity object_type {
description
"A TCG-recognized object type.";
reference
"TCG-Algos: TCG Algorithm Registry, Rev1.34, Table 2";
}
identity cryptoprocessor {
description
"Base identity identifying a crytoprocessor.";
}
identity tpm12 {
if-feature "tpm12";
base cryptoprocessor;
description
"Supportable by a TPM 1.2.";
reference
"TPM1.2-Structures:
TPM Main Part 2 TPM Structures,
https://trustedcomputinggroup.org/wp-content/uploads/
TPM-Main-Part-2-TPM-Structures_v1.2_rev116_01032011.pdf
TPM_ALGORITHM_ID values, Section 4.8";
}
identity tpm20 {
if-feature "tpm20";
base cryptoprocessor;
description
"Supportable by a TPM 2.0";
reference
"TPM2.0-Structures:
Trusted Platform Module Library Part 2: Structures,
Revision 01.83, https://trustedcomputinggroup.org/
wp-content/uploads/TPM-2.0-1.83-Part-2-Structures.pdf";
}
identity TPM_ALG_RSA {
if-feature "tpm12 or tpm20";
base tpm12;
base tpm20;
base asymmetric;
base object_type;
description
"RSA algorithm.";
reference
"TCG-Algos: TCG Algorithm Registry, Rev1.34, Table 3, and
RFC 8017. ALG_ID: 0x0001";
}
identity TPM_ALG_TDES {
if-feature "tpm12";
base tpm12;
base symmetric;
description
"Block cipher with various key sizes (Triple Data Encryption
Algorithm, commonly called Triple Data Encryption Standard)
Note: Was banned in TPM 1.2, v94";
reference
"TCG-Algos: TCG Algorithm Registry, Rev1.34, Table 3, and
ISO/IEC 18033-3. ALG_ID: 0x0003";
}
identity TPM_ALG_SHA1 {
if-feature "tpm12 or tpm20";
base hash;
base tpm12;
base tpm20;
description
"SHA1 algorithm - Deprecated due to insufficient cryptographic
protection. However, it is still useful for hash algorithms
where protection is not required.";
reference
"TCG-Algos: TCG Algorithm Registry Rev1.34, Table 3, and
ISO/IEC 10118-3. ALG_ID: 0x0004";
}
identity TPM_ALG_HMAC {
if-feature "tpm12 or tpm20";
base tpm12;
base tpm20;
base hash;
base signing;
description
"Hash Message Authentication Code (HMAC) algorithm.";
reference
"TCG-Algos: TCG Algorithm Registry, Rev1.34, Table 3, and
ISO/IEC 9797-2, and
RFC 2104. ALG_ID: 0x0005";
}
identity TPM_ALG_AES {
if-feature "tpm12";
base tpm12;
base symmetric;
description
"The AES algorithm with various key sizes.";
reference
"TCG-Algos: TCG Algorithm Registry, Rev1.34, Table 3, and
ISO/IEC 18033-3. ALG_ID: 0x0006";
}
identity TPM_ALG_MGF1 {
if-feature "tpm20";
base tpm20;
base hash;
base method;
description
"Hash-based mask-generation function.";
reference
"TCG-Algos: TCG Algorithm Registry, Rev1.34, Table 3, and
IEEE Std 1363-2000, and
IEEE Std 1363a-2004.
ALG_ID: 0x0007";
}
identity TPM_ALG_KEYEDHASH {
if-feature "tpm20";
base tpm20;
base hash;
base object_type;
description
"An encryption or signing algorithm using a keyed hash. These
may use XOR for encryption or an HMAC for signing and may
also refer to a data object that is neither signing nor
encrypting.";
reference
"TCG-Algos: TCG Algorithm Registry, Rev1.34, Table 3.
ALG_ID: 0x0008";
}
identity TPM_ALG_XOR {
if-feature "tpm12 or tpm20";
base tpm12;
base tpm20;
base hash;
base symmetric;
description
"The XOR encryption algorithm.";
reference
"TCG-Algos: TCG Algorithm Registry, Rev1.34, Table 3.
ALG_ID: 0x000A";
}
identity TPM_ALG_SHA256 {
if-feature "tpm20";
base tpm20;
base hash;
description
"The SHA-256 algorithm.";
reference
"TCG-Algos: TCG Algorithm Registry, Rev1.34, Table 3, and
ISO/IEC 10118-3. ALG_ID: 0x000B";
}
identity TPM_ALG_SHA384 {
if-feature "tpm20";
base tpm20;
base hash;
description
"The SHA-384 algorithm.";
reference
"TCG-Algos: TCG Algorithm Registry, Rev1.34, Table 3, and
ISO/IEC 10118-3. ALG_ID: 0x000C";
}
identity TPM_ALG_SHA512 {
if-feature "tpm20";
base tpm20;
base hash;
description
"The SHA-512 algorithm.";
reference
"TCG-Algos: TCG Algorithm Registry, Rev1.34, Table 3, and
ISO/IEC 10118-3. ALG_ID: 0x000D";
}
identity TPM_ALG_NULL {
if-feature "tpm20";
base tpm20;
description
"Null algorithm.";
reference
"TCG-Algos: TCG Algorithm Registry, Rev1.34, Table 3.
ALG_ID: 0x0010";
}
identity TPM_ALG_SM3_256 {
if-feature "tpm20";
base tpm20;
base hash;
description
"The ShangMi 3 (SM3) hash algorithm.";
reference
"TCG-Algos: TCG Algorithm Registry, Rev1.34, Table 3, and
ISO/IEC 10118-3:2018. ALG_ID: 0x0012";
}
identity TPM_ALG_SM4 {
if-feature "tpm20";
base tpm20;
base symmetric;
description
"ShangMi 4 (SM4) symmetric block cipher.";
reference
"TCG-Algos: TCG Algorithm Registry, Rev1.34, Table 3.
ALG_ID: 0x0013";
}
identity TPM_ALG_RSASSA {
if-feature "tpm20";
base tpm20;
base asymmetric;
base signing;
description
"Signature algorithm defined in Section 8.2
(RSASSA-PKCS1-v1_5) of RFC 8017.";
reference
"TCG-Algos: TCG Algorithm Registry, Rev1.34, Table 3, and
RFC 8017. ALG_ID: 0x0014";
}
identity TPM_ALG_RSAES {
if-feature "tpm20";
base tpm20;
base asymmetric;
base encryption_mode;
description
"Signature algorithm defined in Section 7.2
(RSAES-PKCS1-v1_5) of RFC 8017.";
reference
"TCG-Algos: TCG Algorithm Registry, Rev1.34, Table 3, and
RFC 8017. ALG_ID: 0x0015";
}
identity TPM_ALG_RSAPSS {
if-feature "tpm20";
base tpm20;
base asymmetric;
base signing;
description
"Padding algorithm defined in Section 8.1 (RSASSA-PSS)
of RFC 8017.";
reference
"TCG-Algos: TCG Algorithm Registry, Rev1.34, Table 3, and
RFC 8017. ALG_ID: 0x0016";
}
identity TPM_ALG_OAEP {
if-feature "tpm20";
base tpm20;
base asymmetric;
base encryption_mode;
description
"Padding algorithm defined in Section 7.1 (RSAES-OAEP)
of RFC 8017.";
reference
"TCG-Algos: TCG Algorithm Registry, Rev1.34, Table 3, and
RFC 8017. ALG_ID: 0x0017";
}
identity TPM_ALG_ECDSA {
if-feature "tpm20";
base tpm20;
base asymmetric;
base signing;
description
"Signature algorithm using elliptic curve cryptography (ECC).";
reference
"TCG-Algos: TCG Algorithm Registry, Rev1.34, Table 3, and
ISO/IEC 14888-3. ALG_ID: 0x0018";
}
identity TPM_ALG_ECDH {
if-feature "tpm20";
base tpm20;
base asymmetric;
base method;
description
"Secret sharing using ECC.";
reference
"TCG-Algos: TCG Algorithm Registry, Rev1.34, Table 3, and
NIST SP800-56A. ALG_ID: 0x0019";
}
identity TPM_ALG_ECDAA {
if-feature "tpm20";
base tpm20;
base asymmetric;
base signing;
base anonymous_signing;
description
"Elliptic-curve-based, anonymous signing scheme.";
reference
"TCG-Algos: TCG Algorithm Registry, Rev1.34, Table 3, and
TCG TPM 2.0 Library. ALG_ID: 0x001A";
}
identity TPM_ALG_SM2 {
if-feature "tpm20";
base tpm20;
base asymmetric;
base signing;
base encryption_mode;
base method;
description
"SM2 - depending on context, either an elliptic-curve based,
signature algorithm, an encryption scheme, or a key exchange
protocol.";
reference
"TCG-Algos: TCG Algorithm Registry, Rev1.34, Table 3.
ALG_ID: 0x001B";
}
identity TPM_ALG_ECSCHNORR {
if-feature "tpm20";
base tpm20;
base asymmetric;
base signing;
description
"Elliptic-curve-based Schnorr signature.";
reference
"TCG-Algos: TCG Algorithm Registry, Rev1.34, Table 3.
ALG_ID: 0x001C";
}
identity TPM_ALG_ECMQV {
if-feature "tpm20";
base tpm20;
base asymmetric;
base method;
description
"Two-phase elliptic-curve key.";
reference
"TCG-Algos: TCG Algorithm Registry, Rev1.34, Table 3, and
NIST SP800-56A. ALG_ID: 0x001D";
}
identity TPM_ALG_KDF1_SP800_56A {
if-feature "tpm20";
base tpm20;
base hash;
base method;
description
"Concatenation key derivation function.";
reference
"TCG-Algos: TCG Algorithm Registry, Rev1.34, Table 3, and
NIST SP800-56A (approved alternative1) Section 5.8.1.
ALG_ID: 0x0020";
}
identity TPM_ALG_KDF2 {
if-feature "tpm20";
base tpm20;
base hash;
base method;
description
"Key derivation function.";
reference
"TCG-Algos: TCG Algorithm Registry, Rev1.34, Table 3, and
IEEE 1363a-2004, KDF2, Section 13.2. ALG_ID: 0x0021";
}
identity TPM_ALG_KDF1_SP800_108 {
base TPM_ALG_KDF2;
description
"A key derivation method.";
reference
"TCG-Algos: TCG Algorithm Registry, Rev1.34, Table 3 and
NIST SP800-108, Section 4.1, KDF. ALG_ID: 0x0022";
}
identity TPM_ALG_ECC {
if-feature "tpm20";
base tpm20;
base asymmetric;
base object_type;
description
"Prime field ECC.";
reference
"TCG-Algos: TCG Algorithm Registry, Rev1.34, Table 3, and
ISO/IEC 15946-1. ALG_ID: 0x0023";
}
identity TPM_ALG_SYMCIPHER {
if-feature "tpm20";
base tpm20;
base symmetric;
base object_type;
description
"Object type for a symmetric block cipher.";
reference
"TCG-Algos: TCG Algorithm Registry, Rev1.34, Table 3, and
TCG TPM 2.0 Library. ALG_ID: 0x0025";
}
identity TPM_ALG_CAMELLIA {
if-feature "tpm20";
base tpm20;
base symmetric;
description
"The Camellia algorithm.";
reference
"TCG-Algos: TCG Algorithm Registry, Rev1.34, Table 3, and
ISO/IEC 18033-3. ALG_ID: 0x0026";
}
identity TPM_ALG_SHA3_256 {
if-feature "tpm20";
base tpm20;
base hash;
description
"ISO/IEC 10118-3 - the SHA-256 algorithm.";
reference
"TCG-Algos: TCG Algorithm Registry, Rev1.34, Table 3, and
NIST FIPS 202. ALG_ID: 0x0027";
}
identity TPM_ALG_SHA3_384 {
if-feature "tpm20";
base tpm20;
base hash;
description
"The SHA-384 algorithm.";
reference
"TCG-Algos: TCG Algorithm Registry, Rev1.34, Table 3, and
NIST FIPS 202. ALG_ID: 0x0028";
}
identity TPM_ALG_SHA3_512 {
if-feature "tpm20";
base tpm20;
base hash;
description
"The SHA-512 algorithm.";
reference
"TCG-Algos: TCG Algorithm Registry, Rev1.34, Table 3, and
NIST FIPS 202. ALG_ID: 0x0029";
}
identity TPM_ALG_CMAC {
if-feature "tpm20";
base tpm20;
base symmetric;
base signing;
description
"Block Cipher-based Message Authentication Code (CMAC).";
reference
"TCG-Algos: TCG Algorithm Registry, Rev1.34, Table 3, and
ISO/IEC 9797-1:2011, Algorithm 5. ALG_ID: 0x003F";
}
identity TPM_ALG_CTR {
if-feature "tpm20";
base tpm20;
base symmetric;
base encryption_mode;
description
"Counter mode.";
reference
"TCG-Algos: TCG Algorithm Registry, Rev1.34, Table 3, and
ISO/IEC 10116. ALG_ID: 0x0040";
}
identity TPM_ALG_OFB {
base tpm20;
base symmetric;
base encryption_mode;
description
"Output Feedback mode.";
reference
"TCG-Algos: TCG Algorithm Registry, Rev1.34, Table 3, and
ISO/IEC 10116. ALG_ID: 0x0041";
}
identity TPM_ALG_CBC {
if-feature "tpm20";
base tpm20;
base symmetric;
base encryption_mode;
description
"Cipher Block Chaining mode.";
reference
"TCG-Algos: TCG Algorithm Registry, Rev1.34, Table 3, and
ISO/IEC 10116. ALG_ID: 0x0042";
}
identity TPM_ALG_CFB {
if-feature "tpm20";
base tpm20;
base symmetric;
base encryption_mode;
description
"Cipher Feedback mode.";
reference
"TCG-Algos: TCG Algorithm Registry, Rev1.34, Table 3, and
ISO/IEC 10116. ALG_ID: 0x0043";
}
identity TPM_ALG_ECB {
if-feature "tpm20";
base tpm20;
base symmetric;
base encryption_mode;
description
"Electronic Codebook mode.";
reference
"TCG-Algos: TCG Algorithm Registry, Rev1.34, Table 3, and
ISO/IEC 10116. ALG_ID: 0x0044";
}
identity TPM_ALG_CCM {
if-feature "tpm20";
base tpm20;
base symmetric;
base signing;
base encryption_mode;
description
"Counter with Cipher Block Chaining--Message Authentication
Code (CCM).";
reference
"TCG-Algos: TCG Algorithm Registry, Rev1.34, Table 3, and
NIST SP800-38C. ALG_ID: 0x0050";
}
identity TPM_ALG_GCM {
if-feature "tpm20";
base tpm20;
base symmetric;
base signing;
base encryption_mode;
description
"Galois/Counter Mode (GCM).";
reference
"TCG-Algos: TCG Algorithm Registry, Rev1.34, Table 3, and
NIST SP800-38D. ALG_ID: 0x0051";
}
identity TPM_ALG_KW {
if-feature "tpm20";
base tpm20;
base symmetric;
base signing;
base encryption_mode;
description
"AES Key Wrap (KW).";
reference
"TCG-Algos: TCG Algorithm Registry, Rev1.34, Table 3, and
NIST SP800-38F. ALG_ID: 0x0052";
}
identity TPM_ALG_KWP {
if-feature "tpm20";
base tpm20;
base symmetric;
base signing;
base encryption_mode;
description
"AES Key Wrap with Padding (KWP).";
reference
"TCG-Algos: TCG Algorithm Registry, Rev1.34, Table 3, and
NIST SP800-38F. ALG_ID: 0x0053";
}
identity TPM_ALG_EAX {
if-feature "tpm20";
base tpm20;
base symmetric;
base signing;
base encryption_mode;
description
"Authenticated-Encryption Mode.";
reference
"TCG-Algos: TCG Algorithm Registry, Rev1.34, Table 3, and
NIST SP800-38F. ALG_ID: 0x0054";
}
identity TPM_ALG_EDDSA {
if-feature "tpm20";
base tpm20;
base asymmetric;
base signing;
description
"Edwards-curve Digital Signature Algorithm (PureEdDSA).";
reference
"TCG-Algos: TCG Algorithm Registry, Rev1.34, Table 3, and
RFC 8032. ALG_ID: 0x0060";
}
}