diff --git a/schema/bom-1.7.proto b/schema/bom-1.7.proto
index 2f1aaf0d..8d21b3dc 100644
--- a/schema/bom-1.7.proto
+++ b/schema/bom-1.7.proto
@@ -2044,6 +2044,7 @@ message CryptoProperties {
// Algorithm Propertie
message AlgorithmProperties {
+
// Primitive
enum CryptoPrimitive {
// ProtoBuff's default value -- it differs from "unknown"
@@ -2078,6 +2079,8 @@ message CryptoProperties {
CRYPTO_PRIMITIVE_AE = 14;
// A combiner aggregates many candidates for a cryptographic primitive and generates a new candidate for the same primitive.
CRYPTO_PRIMITIVE_COMBINER = 15;
+ // Key-wrap is a cryptographic technique used to securely encrypt and protect cryptographic keys using algorithms like AES.
+ CRYPTO_PRIMITIVE_KEY_WRAP = 16;
}
// Execution Environment
@@ -2187,10 +2190,19 @@ message CryptoProperties {
// Cryptographic building blocks used in higher-level cryptographic systems and protocols. Primitives represent different cryptographic routines: deterministic random bit generators (drbg, e.g. CTR_DRBG from NIST SP800-90A-r1), message authentication codes (mac, e.g. HMAC-SHA-256), blockciphers (e.g. AES), streamciphers (e.g. Salsa20), signatures (e.g. ECDSA), hash functions (e.g. SHA-256), public-key encryption schemes (pke, e.g. RSA), extended output functions (xof, e.g. SHAKE256), key derivation functions (e.g. pbkdf2), key agreement algorithms (e.g. ECDH), key encapsulation mechanisms (e.g. ML-KEM), authenticated encryption (ae, e.g. AES-GCM) and the combination of multiple algorithms (combiner, e.g. SP800-56Cr2).
optional CryptoPrimitive primitive = 1;
+ // A valid algorithm family identifier. If specified, this value must be one of the
+ // enumeration of valid algorithm Family identifiers defined in the
+ // cryptography-defs.json subschema. A corresponding schema for ProtoBuf is not available.
+ optional string algorithmFamily = 12;
// An identifier for the parameter set of the cryptographic algorithm. Examples: in AES128, '128' identifies the key length in bits, in SHA256, '256' identifies the digest length, '128' in SHAKE128 identifies its maximum security level in bits, and 'SHA2-128s' identifies a parameter set used in SLH-DSA (FIPS205).
optional string parameterSetIdentifier = 2;
+ // DEPRECATED - DO NOT USE - This will be removed in a future version - Use `.ellipticCurve` Instead.
// The specific underlying Elliptic Curve (EC) definition employed which is an indicator of the level of security strength, performance and complexity. Absent an authoritative source of curve names, CycloneDX recommends use of curve names as defined at [https://neuromancer.sk/std/](https://neuromancer.sk/std/), the source from which can be found at [https://github.com/J08nY/std-curves](https://github.com/J08nY/std-curves).
- optional string curve = 3;
+ optional string curve = 3 [deprecated = true];
+ // The specific underlying Elliptic Curve (EC) definition employed which is an indicator
+ // of the level of security strength, performance and complexity. Curves are defined in
+ // the cryptography-defs.json subschema. A corresponding schema for ProtoBuf is not available.
+ optional string ellipticCurve = 13;
// The target and execution environment in which the algorithm is implemented in.
optional CryptoExecutionEnvironment executionEnvironment = 4;
// The target platform for which the algorithm is implemented. The implementation can be 'generic', running on any platform or for a specific platform.
@@ -2209,8 +2221,44 @@ message CryptoProperties {
optional int32 nistQuantumSecurityLevel = 11;
} // end of AlgorithmProperties
+ // Certificate State
+ message CertificateState {
+
+ // Pre-defined certificate states
+ enum PredefinedState {
+ // ProtoBuff's default value
+ PREDEFINED_STATE_UNSPECIFIED = 0;
+ // The certificate has been issued by the issuing certificate authority (CA) but has not been authorized for use.
+ PREDEFINED_STATE_PRE_ACTIVATION = 1;
+ // The certificate may be used to cryptographically protect information, cryptographically process previously protected information, or both.
+ PREDEFINED_STATE_ACTIVE = 2;
+ // The use of a certificate may be suspended for several possible reasons.
+ PREDEFINED_STATE_SUSPENDED = 3;
+ // Certificates in the deactivated state shall not be used to apply cryptographic protection but, in some cases, may be used to process cryptographically protected information.
+ PREDEFINED_STATE_DEACTIVATED = 4;
+ // A revoked certificate is a digital certificate that has been invalidated by the issuing certificate authority (CA) before its scheduled expiration date.
+ PREDEFINED_STATE_REVOKED = 5;
+ // The certificate has been destroyed.
+ PREDEFINED_STATE_DESTROYED = 6;
+ }
+
+ // A reason for the certificate being in this state.
+ optional string reason = 1;
+ // The state can be either a predefined state or a custom state
+ oneof state {
+ // A pre-defined state in the certificate lifecycle.
+ PredefinedState predefined_state = 2;
+ // The name of the certificate lifecycle state for custom states.
+ string name = 3;
+ }
+ // The description of the certificate lifecycle state (only used with custom states).
+ optional string description = 4;
+ } // end of CertificateState
+
// Certificate Properties
message CertificateProperties {
+ // The serial number is a unique identifier for the certificate issued by a CA.
+ optional string serialNumber = 9;
// The subject name for the certificate
optional string subjectName = 1;
// The issuer name for the certificate
@@ -2219,16 +2267,98 @@ message CryptoProperties {
optional google.protobuf.Timestamp notValidBefore = 3;
// The date and time according to ISO-8601 standard from which the certificate is not valid anymore
optional google.protobuf.Timestamp notValidAfter = 4;
- // The bom-ref to signature algorithm used by the certificate
- optional string signatureAlgorithmRef = 5;
- // The bom-ref to the public key of the subject
- optional string subjectPublicKeyRef = 6;
+ // DEPRECATED - DO NOT USE - This will be removed in a future version - Use `.relatedCryptographicAssets` instead. The bom-ref to signature algorithm used by the certificate
+ optional string signatureAlgorithmRef = 5 [deprecated = true];
+ // DEPRECATED - DO NOT USE - This will be removed in a future version - Use `.relatedCryptographicAssets` instead. The bom-ref to the public key of the subject
+ optional string subjectPublicKeyRef = 6 [deprecated = true];
// The format of the certificate. Examples include X.509, PEM, DER, and CVC.
optional string certificateFormat = 7;
+ // DEPRECATED - DO NOT USE - This will be removed in a future version - Use `.certificateFileExtension` instead. The file extension of the certificate. Examples include crt, pem, cer, der, and p12.
+ optional string certificateExtension = 8 [deprecated = true];
// The file extension of the certificate. Examples include crt, pem, cer, der, and p12.
- optional string certificateExtension = 8;
+ optional string certificateFileExtension = 10;
+ // The fingerprint is a cryptographic hash of the certificate excluding it's signature.
+ optional Hash fingerprint = 11;
+ // The certificate lifecycle is a comprehensive process that manages digital certificates from their initial creation to eventual expiration or revocation. It typically involves several stages.
+ repeated CertificateState certificateState = 12;
+ // The date and time (timestamp) when the certificate was created or pre-activated.
+ optional google.protobuf.Timestamp creationDate = 13;
+ // The date and time (timestamp) when the certificate was activated.
+ optional google.protobuf.Timestamp activationDate = 14;
+ // The date and time (timestamp) when the related certificate was deactivated.
+ optional google.protobuf.Timestamp deactivationDate = 15;
+ // The date and time (timestamp) when the certificate was revoked.
+ optional google.protobuf.Timestamp revocationDate = 16;
+ // The date and time (timestamp) when the certificate was destroyed.
+ optional google.protobuf.Timestamp destructionDate = 17;
+ // A certificate extension is an optional field that provides additional information about the certificate or its use. Extensions are used to convey additional information beyond the standard fields.
+ optional CertificateExtensions certificateExtensions = 18;
+ // A list of cryptographic assets related to this component.
+ optional RelatedCryptographicAssets relatedCryptographicAssets = 19;
} // end of CertificateProperties
+ // Certificate Extensions
+ message CertificateExtensions {
+ // Common extension names
+ enum CommonExtensionName {
+ // ProtoBuff's default value
+ COMMON_EXTENSION_NAME_UNSPECIFIED = 0;
+ COMMON_EXTENSION_NAME_BASIC_CONSTRAINTS = 1;
+ COMMON_EXTENSION_NAME_KEY_USAGE = 2;
+ COMMON_EXTENSION_NAME_EXTENDED_KEY_USAGE = 3;
+ COMMON_EXTENSION_NAME_SUBJECT_ALTERNATIVE_NAME = 4;
+ COMMON_EXTENSION_NAME_AUTHORITY_KEY_IDENTIFIER = 5;
+ COMMON_EXTENSION_NAME_SUBJECT_KEY_IDENTIFIER = 6;
+ COMMON_EXTENSION_NAME_AUTHORITY_INFORMATION_ACCESS = 7;
+ COMMON_EXTENSION_NAME_CERTIFICATE_POLICIES = 8;
+ COMMON_EXTENSION_NAME_CRL_DISTRIBUTION_POINTS = 9;
+ COMMON_EXTENSION_NAME_SIGNED_CERTIFICATE_TIMESTAMP = 10;
+ }
+
+ // Extension represents either a common extension or a custom extension
+ message Extension {
+ oneof extension_type {
+ // Common extension with predefined name
+ CommonExtension commonExtension = 1;
+ // Custom extension with user-defined name
+ CustomExtension customExtension = 2;
+ }
+ }
+
+ // Common extension with predefined name
+ message CommonExtension {
+ // The name of the extension
+ CommonExtensionName name = 1;
+ // The value of the certificate extension
+ string value = 2;
+ }
+
+ // Custom extension with user-defined name
+ message CustomExtension {
+ // The name for the custom certificate extension
+ string name = 1;
+ // The description of the custom certificate extension
+ optional string value = 2;
+ }
+
+ // List of certificate extensions
+ repeated Extension extensions = 1;
+ }
+
+ // Related Cryptographic Assets
+ message RelatedCryptographicAssets {
+ // Related Cryptographic Asset
+ message RelatedCryptographicAsset {
+ // The type of the related cryptographic asset
+ string type = 1;
+ // The reference to the related cryptographic asset
+ string ref = 2;
+ }
+
+ // List of related cryptographic assets
+ repeated RelatedCryptographicAsset assets = 1;
+ }
+
// Related Cryptographic Material Properties
message RelatedCryptoMaterialProperties {
@@ -2285,8 +2415,8 @@ message CryptoProperties {
optional string id = 2;
// The key state as defined by NIST SP 800-57.
optional CryptoRelatedState state = 3;
- // The bom-ref to the algorithm used to generate the related cryptographic material.
- optional string algorithmRef = 4;
+ // DEPRECATED - DO NOT USE - This will be removed in a future version - Use `.relatedCryptographicAssets` instead. The bom-ref to the algorithm used to generate the related cryptographic material.
+ optional string algorithmRef = 4 [deprecated = true];
// The date and time (timestamp) when the related cryptographic material was created.
optional google.protobuf.Timestamp creationDate = 5;
// The date and time (timestamp) when the related cryptographic material was activated.
@@ -2303,6 +2433,10 @@ message CryptoProperties {
optional string format = 11;
// The mechanism by which the cryptographic asset is secured.
optional CryptoRelatedSecuredBy securedBy = 12;
+ // The fingerprint is a cryptographic hash of the asset.
+ optional Hash fingerprint = 13;
+ // A list of cryptographic assets related to this component.
+ optional RelatedCryptographicAssets relatedCryptographicAssets = 14;
} // end of RelatedCryptoMaterialProperties
// Protocol Properties
@@ -2326,6 +2460,18 @@ message CryptoProperties {
CRYPTO_PROTOCOL_TYPE_SSTP = 7;
// Wi-Fi Protected Access
CRYPTO_PROTOCOL_TYPE_WPA = 8;
+ // Datagram Transport Layer Security
+ CRYPTO_PROTOCOL_TYPE_DTLS = 9;
+ // Quick UDP Internet Connections
+ CRYPTO_PROTOCOL_TYPE_QUIC = 10;
+ // Extensible Authentication Protocol variant
+ CRYPTO_PROTOCOL_TYPE_EAP_AKA = 11;
+ // Enhanced version of EAP-AKA
+ CRYPTO_PROTOCOL_TYPE_EAP_AKA_PRIME = 12;
+ // Protection of Inter-Network Signaling
+ CRYPTO_PROTOCOL_TYPE_PRINS = 13;
+ // Authentication and Key Agreement for 5G
+ CRYPTO_PROTOCOL_TYPE_5G_AKA = 14;
}
// Object representing a cipher suite
@@ -2336,22 +2482,68 @@ message CryptoProperties {
repeated string algorithms = 2;
// A list of common identifiers for the cipher suite. For example: 0xC0 and 0x9E
repeated string identifiers = 3;
+ // A list of TLS named groups (formerly known as curves) for this cipher suite. These groups define the parameters for key exchange algorithms like ECDHE.
+ repeated string tlsGroups = 4;
+ // A list of signature schemes supported for cipher suite. These schemes specify the algorithms used for digital signatures in TLS handshakes and certificate verification.
+ repeated string tlsSignatureSchemes = 5;
+ }
+
+ // Encryption Algorithm (ENCR)
+ message IkeV2Enc {
+ // A name for the encryption method
+ optional string name = 1;
+ // The key length of the encryption algorithm
+ optional int32 keyLength = 2;
+ // The bom-ref to algorithm cryptographic asset
+ optional string algorithm = 3;
+ }
+
+ // Pseudorandom Function (PRF)
+ message IkeV2Prf {
+ // A name for the pseudorandom function
+ optional string name = 1;
+ // The bom-ref to algorithm cryptographic asset
+ optional string algorithm = 2;
+ }
+
+ // Integrity Algorithm (INTEG)
+ message IkeV2Integ {
+ // A name for the integrity algorithm
+ optional string name = 1;
+ // The bom-ref to algorithm cryptographic asset
+ optional string algorithm = 2;
+ }
+
+ // Key Exchange Method (KE)
+ message IkeV2Ke {
+ // A group identifier for the key exchange algorithm
+ optional int32 group = 1;
+ // The bom-ref to algorithm cryptographic asset
+ optional string algorithm = 2;
+ }
+
+ // IKEv2 Authentication method
+ message IkeV2Auth {
+ // A name for the authentication method
+ optional string name = 1;
+ // The bom-ref to algorithm cryptographic asset
+ optional string algorithm = 2;
}
// IKEv2 Transform Types
message Ikev2TransformTypes {
// Transform Type 1: encryption algorithms
- repeated string encr = 1;
+ repeated IkeV2Enc encr = 1;
// Transform Type 2: pseudorandom functions
- repeated string prf = 2;
+ repeated IkeV2Prf prf = 2;
// Transform Type 3: integrity algorithms
- repeated string integ = 3;
+ repeated IkeV2Integ integ = 3;
// Transform Type 4: Key Exchange Method (KE) per RFC9370, formerly called Diffie-Hellman Group (D-H)
- repeated string ke = 4;
+ repeated IkeV2Ke ke = 4;
// Specifies if an Extended Sequence Number (ESN) is used.
optional bool esn = 5;
// IKEv2 Authentication method
- repeated string auth = 6;
+ repeated IkeV2Auth auth = 6;
}
// The concrete protocol type.
@@ -2364,6 +2556,8 @@ message CryptoProperties {
optional Ikev2TransformTypes ikev2TransformTypes = 4;
// The bom-ref(s) to protocol-related cryptographic assets
repeated string cryptoRef = 5;
+ // A list of cryptographic assets related to this component.
+ optional RelatedCryptographicAssets relatedCryptographicAssets = 6;
} // end of ProtocolProperties
// Cryptographic assets occur in several forms. Algorithms and protocols are most commonly implemented in specialized cryptographic libraries. They may, however, also be 'hardcoded' in software components. Certificates and related cryptographic material like keys, tokens, secrets or passwords are other cryptographic assets to be modelled.
diff --git a/schema/bom-1.7.schema.json b/schema/bom-1.7.schema.json
index e1dd5b1d..fcb84422 100644
--- a/schema/bom-1.7.schema.json
+++ b/schema/bom-1.7.schema.json
@@ -5091,6 +5091,7 @@
"kem",
"ae",
"combiner",
+ "key-wrap",
"other",
"unknown"
],
@@ -5108,19 +5109,32 @@
"kem": "A Key Encapsulation Mechanism (KEM) algorithm is a mechanism for transporting random keying material to a recipient using the recipient's public key.",
"ae": "Authenticated Encryption (AE) is a cryptographic process that provides both confidentiality and data integrity. It ensures that the encrypted data has not been tampered with and comes from a legitimate source. AE is commonly used in secure communication protocols.",
"combiner": "A combiner aggregates many candidates for a cryptographic primitive and generates a new candidate for the same primitive.",
+ "key-wrap": "Key-wrap is a cryptographic technique used to securely encrypt and protect cryptographic keys using algorithms like AES.",
"other": "Another primitive type.",
"unknown": "The primitive is not known."
}
},
+ "algorithmFamily": {
+ "$ref": "cryptography-defs.schema.json#/definitions/algorithmFamiliesEnum",
+ "title": "Algorithm Family",
+ "description": "A valid algorithm family identifier. If specified, this value must be one of the enumeration of valid algorithm Family identifiers defined in the cryptography-defs.schema.json subschema.",
+ "examples": ["3DES", "Blowfish", "ECDH"]
+ },
"parameterSetIdentifier": {
"type": "string",
"title": "Parameter Set Identifier",
"description": "An identifier for the parameter set of the cryptographic algorithm. Examples: in AES128, '128' identifies the key length in bits, in SHA256, '256' identifies the digest length, '128' in SHAKE128 identifies its maximum security level in bits, and 'SHA2-128s' identifies a parameter set used in SLH-DSA (FIPS205)."
},
"curve": {
+ "deprecated": true,
"type": "string",
"title": "Elliptic Curve",
- "description": "The specific underlying Elliptic Curve (EC) definition employed which is an indicator of the level of security strength, performance and complexity. Absent an authoritative source of curve names, CycloneDX recommends using curve names as defined at [https://neuromancer.sk/std/](https://neuromancer.sk/std/), the source of which can be found at [https://github.com/J08nY/std-curves](https://github.com/J08nY/std-curves)."
+ "description": "[Deprecated] This will be removed in a future version. Use `@.ellipticCurve` instead.\nThe specific underlying Elliptic Curve (EC) definition employed which is an indicator of the level of security strength, performance and complexity. Absent an authoritative source of curve names, CycloneDX recommends using curve names as defined at [https://neuromancer.sk/std/](https://neuromancer.sk/std/), the source of which can be found at [https://github.com/J08nY/std-curves](https://github.com/J08nY/std-curves)."
+ },
+ "ellipticCurve": {
+ "$ref": "cryptography-defs.schema.json#/definitions/ellipticCurvesEnum",
+ "title": "Elliptic Curve",
+ "description": "The specific underlying Elliptic Curve (EC) definition employed which is an indicator of the level of security strength, performance and complexity."
},
"executionEnvironment": {
"type": "string",
@@ -5328,6 +5342,11 @@
"description": "Properties for cryptographic assets of asset type 'certificate'",
"additionalProperties": false,
"properties": {
+ "serialNumber": {
+ "type": "string",
+ "title": "Serial Number",
+ "description": "The serial number is a unique identifier for the certificate issued by a CA."
+ },
"subjectName": {
"type": "string",
"title": "Subject Name",
@@ -5351,14 +5370,16 @@
"description": "The date and time according to ISO-8601 standard from which the certificate is not valid anymore"
},
"signatureAlgorithmRef": {
+ "deprecated": true,
"$ref": "#/definitions/refType",
"title": "Algorithm Reference",
- "description": "The bom-ref to signature algorithm used by the certificate"
+ "description": "[DEPRECATED] This will be removed in a future version. Use `@.relatedCryptographicAssets` instead.\nThe bom-ref to signature algorithm used by the certificate"
},
"subjectPublicKeyRef": {
+ "deprecated": true,
"$ref": "#/definitions/refType",
"title": "Key reference",
- "description": "The bom-ref to the public key of the subject"
+ "description": "[DEPRECATED] This will be removed in a future version. Use `@.relatedCryptographicAssets` instead. The bom-ref to the public key of the subject"
},
"certificateFormat": {
"type": "string",
@@ -5372,9 +5393,22 @@
]
},
"certificateExtension": {
+ "deprecated": true,
+ "type": "string",
+ "title": "Certificate File Extension",
+ "description": "[DEPRECATED] This will be removed in a future version. Use `@.certificateFileExtension` instead.\nThe file extension of the certificate",
+ "examples": [
+ "crt",
+ "pem",
+ "cer",
+ "der",
+ "p12"
+ ]
+ },
+ "certificateFileExtension": {
"type": "string",
"title": "Certificate File Extension",
- "description": "The file extension of the certificate",
+ "description": "The file extension of the certificate.",
"examples": [
"crt",
"pem",
@@ -5382,6 +5416,194 @@
"der",
"p12"
]
+ },
+ "fingerprint": {
+ "type": "object",
+ "$ref": "#/definitions/hash",
+ "title": "Certificate Fingerprint",
+ "description": "The fingerprint is a cryptographic hash of the certificate excluding it's signature."
+ },
+ "certificateState": {
+ "type": "array",
+ "title": "Certificate Lifecycle State",
+ "description": "The certificate lifecycle is a comprehensive process that manages digital certificates from their initial creation to eventual expiration or revocation. It typically involves several stages",
+ "items": {
+ "type": "object",
+ "title": "State",
+ "description": "The state of the certificate.",
+ "oneOf": [
+ {
+ "title": "Pre-Defined State",
+ "required": [
+ "state"
+ ],
+ "additionalProperties": false,
+ "properties": {
+ "state": {
+ "type": "string",
+ "title": "State",
+ "description": "A pre-defined state in the certificate lifecycle.",
+ "enum": [
+ "pre-activation",
+ "active",
+ "suspended",
+ "deactivated",
+ "revoked",
+ "destroyed"
+ ],
+ "meta:enum": {
+ "pre-activation": "The certificate has been issued by the issuing certificate authority (CA) but has not been authorized for use.",
+ "active": "The certificate may be used to cryptographically protect information, cryptographically process previously protected information, or both.",
+ "deactivated": "Certificates in the deactivated state shall not be used to apply cryptographic protection but, in some cases, may be used to process cryptographically protected information.",
+ "suspended": "The use of a certificate may be suspended for several possible reasons.",
+ "revoked": "A revoked certificate is a digital certificate that has been invalidated by the issuing certificate authority (CA) before its scheduled expiration date.",
+ "destroyed": "The certificate has been destroyed."
+ }
+ },
+ "reason": {
+ "type": "string",
+ "title": "Reason",
+ "description": "A reason for the certificate being in this state."
+ }
+ }
+ },
+ {
+ "title": "Custom State",
+ "required": [
+ "name"
+ ],
+ "additionalProperties": false,
+ "properties": {
+ "name": {
+ "type": "string",
+ "title": "State",
+ "description": "The name of the certificate lifecycle state."
+ },
+ "description": {
+ "type": "string",
+ "title": "Description",
+ "description": "The description of the certificate lifecycle state."
+ },
+ "reason": {
+ "type": "string",
+ "title": "Reason",
+ "description": "A reason for the certificate being in this state."
+ }
+ }
+ }
+ ]
+ }
+ },
+ "creationDate": {
+ "type": "string",
+ "format": "date-time",
+ "title": "Creation Date",
+ "description": "The date and time (timestamp) when the certificate was created or pre-activated."
+ },
+ "activationDate": {
+ "type": "string",
+ "format": "date-time",
+ "title": "Activation Date",
+ "description": "The date and time (timestamp) when the certificate was activated."
+ },
+ "deactivationDate": {
+ "type": "string",
+ "format": "date-time",
+ "title": "Deactivation Date",
+ "description": "The date and time (timestamp) when the related certificate was deactivated."
+ },
+ "revocationDate": {
+ "type": "string",
+ "format": "date-time",
+ "title": "Revocation Date",
+ "description": "The date and time (timestamp) when the certificate was revoked."
+ },
+ "destructionDate": {
+ "type": "string",
+ "format": "date-time",
+ "title": "Destruction Date",
+ "description": "The date and time (timestamp) when the certificate was destroyed."
+ },
+ "certificateExtensions": {
+ "type": "array",
+ "title": "Certificate Extensions",
+ "description": "A certificate extension is an optional field that provides additional information about the certificate or its use. Extensions are used to convey additional information beyond the standard fields.",
+ "items": {
+ "type": "object",
+ "title": "Extension",
+ "description": "",
+ "oneOf": [
+ {
+ "title": "Common Extensions",
+ "required": [
+ "commonExtensionName",
+ "commonExtensionValue"
+ ],
+ "additionalProperties": false,
+ "properties": {
+ "commonExtensionName": {
+ "type": "string",
+ "title": "name",
+ "description": "The name of the extension.",
+ "enum": [
+ "basicConstraints",
+ "keyUsage",
+ "extendedKeyUsage",
+ "subjectAlternativeName",
+ "authorityKeyIdentifier",
+ "subjectKeyIdentifier",
+ "authorityInformationAccess",
+ "certificatePolicies",
+ "crlDistributionPoints",
+ "signedCertificateTimestamp"
+ ],
+ "meta:enum": {
+ "basicConstraints": "Specifies whether a certificate can be used as a CA certificate or not.",
+ "keyUsage": "Specifies the allowed uses of the public key in the certificate.",
+ "extendedKeyUsage": "Specifies additional purposes for which the public key can be used.",
+ "subjectAlternativeName": "Allows inclusion of additional names to identify the entity associated with the certificate.",
+ "authorityKeyIdentifier": "Identifies the public key of the CA that issued the certificate.",
+ "subjectKeyIdentifier": "Identifies the public key associated with the entity the certificate was issued to.",
+ "authorityInformationAccess": "Contains CA issuers and OCSP information.",
+ "certificatePolicies": "Defines the policies under which the certificate was issued and can be used.",
+ "crlDistributionPoints": "Contains one or more URLs where a Certificate Revocation List (CRL) can be obtained.",
+ "signedCertificateTimestamp": "Shows that the certificate has been publicly logged, which helps prevent the issuance of rogue certificates by a CA. Log ID, timestamp and signature as proof."
+ }
+ },
+ "commonExtensionValue": {
+ "type": "string",
+ "title": "Value",
+ "description": "The value of the certificate extension."
+ }
+ }
+ },
+ {
+ "title": "Custom Extensions",
+ "description": "Custom extensions may convey application-specific or vendor-specific data not covered by standard extensions. The structure and semantics of custom extensions are typically defined outside of public standards. CycloneDX leverages properties to support this capability.",
+ "required": [
+ "customExtensionName"
+ ],
+ "additionalProperties": false,
+ "properties": {
+ "customExtensionName": {
+ "type": "string",
+ "title": "Name",
+ "description": "The name for the custom certificate extension."
+ },
+ "customExtensionValue": {
+ "type": "string",
+ "title": "Value",
+ "description": "The description of the custom certificate extension."
+ }
+ }
+ }
+ ]
+ }
+ },
+ "relatedCryptographicAssets": {
+ "$ref": "#/definitions/relatedCryptographicAssets",
+ "title": "Related Cryptographic Assets",
+ "description": "A list of cryptographic assets related to this component."
}
}
},
@@ -5457,9 +5679,10 @@
]
},
"algorithmRef": {
+ "deprecated": true,
"$ref": "#/definitions/refType",
"title": "Algorithm Reference",
- "description": "The bom-ref to the algorithm used to generate the related cryptographic material."
+ "description": "[DEPRECATED] Use `relatedCryptographicAssets` instead.\nThe bom-ref to the algorithm used to generate the related cryptographic material."
},
"creationDate": {
"type": "string",
@@ -5504,6 +5727,17 @@
"$ref": "#/definitions/securedBy",
"title": "Secured By",
"description": "The mechanism by which the cryptographic asset is secured by."
+ },
+ "fingerprint": {
+ "type": "object",
+ "$ref": "#/definitions/hash",
+ "title": "Fingerprint",
+ "description": "The fingerprint is a cryptographic hash of the asset."
+ },
+ "relatedCryptographicAssets": {
+ "$ref": "#/definitions/relatedCryptographicAssets",
+ "title": "Related Cryptographic Assets",
+ "description": "A list of cryptographic assets related to this component."
}
}
},
@@ -5524,6 +5758,12 @@
"ike",
"sstp",
"wpa",
+ "dtls",
+ "quic",
+ "eap-aka",
+ "eap-aka-prime",
+ "prins",
+ "5g-aka",
"other",
"unknown"
],
@@ -5534,6 +5774,12 @@
"ike": "Internet Key Exchange",
"sstp": "Secure Socket Tunneling Protocol",
"wpa": "Wi-Fi Protected Access",
+ "dtls": "Datagram Transport Layer Security",
+ "quic": "Quick UDP Internet Connections",
+ "eap-aka": "Extensible Authentication Protocol variant",
+ "eap-aka-prime": "Enhanced version of EAP-AKA",
+ "prins": "Protection of Inter-Network Signaling",
+ "5g-aka": "Authentication and Key Agreement for 5G",
"other": "Another protocol type",
"unknown": "The protocol type is not known"
}
@@ -5564,41 +5810,112 @@
"additionalProperties": false,
"properties": {
"encr": {
- "$ref": "#/definitions/cryptoRefArray",
- "title": "Encryption Algorithm (ENCR)",
- "description": "Transform Type 1: encryption algorithms"
+ "title": "Encryption Algorithms (ENCR)",
+ "description": "Transform Type 1: encryption algorithms",
+ "anyOf": [
+ {
+ "type": "array",
+ "items": {
+ "$ref": "#/definitions/ikeV2Enc",
+ "title": "Encryption Algorithm (ENCR)"
+ }
+ },
+ {
+ "deprecated": true,
+ "$ref": "#/definitions/cryptoRefArray",
+ "description": "[DEPRECATED] This will be removed in a future version. Transform Type 1: encryption algorithms"
+ }
+ ]
},
"prf": {
- "$ref": "#/definitions/cryptoRefArray",
- "title": "Pseudorandom Function (PRF)",
- "description": "Transform Type 2: pseudorandom functions"
+ "title": "Pseudorandom Functions (PRF)",
+ "description": "Transform Type 2: pseudorandom functions",
+ "anyOf": [
+ {
+ "type": "array",
+ "items": {
+ "$ref": "#/definitions/ikeV2Prf",
+ "title": "Pseudorandom Function (PRF)"
+ }
+ },
+ {
+ "deprecated": true,
+ "$ref": "#/definitions/cryptoRefArray",
+ "description": "[DEPRECATED] This will be removed in a future version. Transform Type 2: pseudorandom functions"
+ }
+ ]
},
"integ": {
- "$ref": "#/definitions/cryptoRefArray",
- "title": "Integrity Algorithm (INTEG)",
- "description": "Transform Type 3: integrity algorithms"
+ "title": "Integrity Algorithms (INTEG)",
+ "description": "Transform Type 3: integrity algorithms",
+ "anyOf": [
+ {
+ "type": "array",
+ "items": {
+ "$ref": "#/definitions/ikeV2Integ",
+ "title": "Integrity Algorithm (INTEG)"
+ }
+ },
+ {
+ "deprecated": true,
+ "$ref": "#/definitions/cryptoRefArray",
+ "description": "[DEPRECATED] This will be removed in a future version. Transform Type 3: integrity algorithms"
+ }
+ ]
},
"ke": {
- "$ref": "#/definitions/cryptoRefArray",
- "title": "Key Exchange Method (KE)",
- "description": "Transform Type 4: Key Exchange Method (KE) per [RFC 9370](https://www.ietf.org/rfc/rfc9370.html), formerly called Diffie-Hellman Group (D-H)."
+ "title": "Key Exchange Methods (KE)",
+ "description": "Transform Type 4: Key Exchange Method (KE) per [RFC 9370](https://www.ietf.org/rfc/rfc9370.html), formerly called Diffie-Hellman Group (D-H).",
+ "anyOf": [
+ {
+ "type": "array",
+ "items": {
+ "$ref": "#/definitions/ikeV2Ke",
+ "title": "Key Exchange Method (KE)"
+ }
+ },
+ {
+ "deprecated": true,
+ "$ref": "#/definitions/cryptoRefArray",
+ "description": "[DEPRECATED] This will be removed in a future version. Transform Type 4: Key Exchange Method (KE) per [RFC 9370](https://www.ietf.org/rfc/rfc9370.html), formerly called Diffie-Hellman Group (D-H)."
+ }
+ ]
},
"esn": {
"type": "boolean",
- "title": "Extended Sequence Numbers (ESN)",
+ "title": "Extended Sequence Number (ESN)",
"description": "Specifies if an Extended Sequence Number (ESN) is used."
},
"auth": {
- "$ref": "#/definitions/cryptoRefArray",
- "title": "IKEv2 Authentication method",
- "description": "IKEv2 Authentication method"
+ "title": "IKEv2 Authentication methods",
+ "description": "IKEv2 Authentication method per [RFC9593](https://www.ietf.org/rfc/rfc9593.html).",
+ "anyOf": [
+ {
+ "type": "array",
+ "items": {
+ "$ref": "#/definitions/ikeV2Auth",
+ "title": "IKEv2 Authentication Method"
+ }
+ },
+ {
+ "deprecated": true,
+ "$ref": "#/definitions/cryptoRefArray",
+ "description": "[DEPRECATED] This will be removed in a future version. IKEv2 Authentication method"
+ }
+ ]
}
}
},
"cryptoRefArray": {
+ "deprecated": true,
"$ref": "#/definitions/cryptoRefArray",
"title": "Cryptographic References",
- "description": "A list of protocol-related cryptographic assets"
+ "description": "[DEPRECATED] Use `relatedCryptographicAssets` instead. A list of protocol-related cryptographic assets"
+ },
+ "relatedCryptographicAssets": {
+ "$ref": "#/definitions/relatedCryptographicAssets",
+ "title": "Related Cryptographic Assets",
+ "description": "A list of cryptographic assets related to this component."
}
}
},
@@ -5646,15 +5963,181 @@
"0x9E"
]
}
+ },
+ "tlsGroups": {
+ "type": "array",
+ "title": "TLS Groups",
+ "description": "A list of TLS named groups (formerly known as curves) for this cipher suite. These groups define the parameters for key exchange algorithms like ECDHE.",
+ "items": {
+ "type": "string",
+ "title": "Group Name",
+ "description": "The name of the TLS group",
+ "examples": [
+ "x25519",
+ "ffdhe2048"
+ ]
+ }
+ },
+ "tlsSignatureSchemes": {
+ "type": "array",
+ "title": "TLS Signature Schemes",
+ "description": "A list of signature schemes supported for cipher suite. These schemes specify the algorithms used for digital signatures in TLS handshakes and certificate verification.",
+ "items": {
+ "type": "string",
+ "title": "Signature Scheme",
+ "description": "The name of the TLS signature scheme",
+ "examples": [
+ "ecdsa_secp256r1_sha256",
+ "rsa_pss_rsae_sha256",
+ "ed25519"
+ ]
+ }
+ }
+ }
+ },
+ "ikeV2Enc": {
+ "type": "object",
+ "title": "Encryption Algorithm (ENCR)",
+ "description": "Object representing an encryption algorithm (ENCR)",
+ "additionalProperties": false,
+ "properties": {
+ "name": {
+ "type": "string",
+ "title": "Name",
+ "description": "A name for the encryption method.",
+ "examples": [
+ "ENCR_AES_GCM_16"
+ ]
+ },
+ "keyLength": {
+ "type": "integer",
+ "title": "Encryption algorithm key length",
+ "description": "The key length of the encryption algorithm."
+ },
+ "algorithm": {
+ "$ref": "#/definitions/refType",
+ "title": "Algorithm reference",
+ "description": "The bom-ref to algorithm cryptographic asset."
+ }
+ }
+ },
+ "ikeV2Prf": {
+ "type": "object",
+ "title": "Pseudorandom Function (PRF)",
+ "description": "Object representing a pseudorandom function (PRF)",
+ "additionalProperties": false,
+ "properties": {
+ "name": {
+ "type": "string",
+ "title": "Name",
+ "description": "A name for the pseudorandom function.",
+ "examples": [
+ "PRF_HMAC_SHA2_256"
+ ]
+ },
+ "algorithm": {
+ "$ref": "#/definitions/refType",
+ "title": "Algorithm reference",
+ "description": "The bom-ref to algorithm cryptographic asset."
+ }
+ }
+ },
+ "ikeV2Integ": {
+ "type": "object",
+ "title": "Integrity Algorithm (INTEG)",
+ "description": "Object representing an integrity algorithm (INTEG)",
+ "additionalProperties": false,
+ "properties": {
+ "name": {
+ "type": "string",
+ "title": "Name",
+ "description": "A name for the integrity algorithm.",
+ "examples": [
+ "AUTH_HMAC_SHA2_256_128"
+ ]
+ },
+ "algorithm": {
+ "$ref": "#/definitions/refType",
+ "title": "Algorithm reference",
+ "description": "The bom-ref to algorithm cryptographic asset."
+ }
+ }
+ },
+ "ikeV2Ke": {
+ "type": "object",
+ "title": "Key Exchange Method (KE)",
+ "description": "Object representing a key exchange method (KE)",
+ "additionalProperties": false,
+ "properties": {
+ "group": {
+ "type": "integer",
+ "title": "Group Identifier",
+ "description": "A group identifier for the key exchange algorithm."
+ },
+ "algorithm": {
+ "$ref": "#/definitions/refType",
+ "title": "Algorithm reference",
+ "description": "The bom-ref to algorithm cryptographic asset."
+ }
+ }
+ },
+ "ikeV2Auth": {
+ "type": "object",
+ "title": "IKEv2 Authentication method",
+ "description": "Object representing a IKEv2 Authentication method",
+ "additionalProperties": false,
+ "properties": {
+ "name": {
+ "type": "string",
+ "title": "Name",
+ "description": "A name for the authentication method."
+ },
+ "algorithm": {
+ "$ref": "#/definitions/refType",
+ "title": "Algorithm reference",
+ "description": "The bom-ref to algorithm cryptographic asset."
}
}
},
"cryptoRefArray" : {
+ "deprecated": true,
"type": "array",
"items": {
"$ref": "#/definitions/refType"
}
},
+ "relatedCryptographicAssets": {
+ "type": "array",
+ "title": "Related Cryptographic Assets",
+ "description": "A list of cryptographic assets related to this component.",
+ "items": {
+ "$ref": "#/definitions/relatedCryptographicAsset",
+ "title": "Related Cryptographic Asset"
+ }
+ },
+ "relatedCryptographicAsset": {
+ "type": "object",
+ "title": "Related Cryptographic Asset",
+ "description": "A cryptographic assets related to this component.",
+ "additionalProperties": false,
+ "properties": {
+ "type": {
+ "type": "string",
+ "title": "Type",
+ "description": "Specifies the mechanism by which the cryptographic asset is secured by.",
+ "examples": [
+ "publicKey",
+ "privateKey",
+ "algorithm"
+ ]
+ },
+ "ref": {
+ "$ref": "#/definitions/refType",
+ "title": "Reference to cryptographic asset",
+ "description": "The bom-ref to cryptographic asset."
+ }
+ }
+ },
"securedBy": {
"type": "object",
"title": "Secured By",
diff --git a/schema/bom-1.7.xsd b/schema/bom-1.7.xsd
index 594d2bfb..68ba9b22 100644
--- a/schema/bom-1.7.xsd
+++ b/schema/bom-1.7.xsd
@@ -6499,6 +6499,14 @@ limitations under the License.
+
+
+
+ Key-wrap is a cryptographic technique used to securely encrypt and
+ protect cryptographic keys using algorithms like AES.
+
+
+
@@ -6516,6 +6524,15 @@ limitations under the License.
+
+
+
+ A valid algorithm family identifier. If specified, this value must be one of the
+ enumeration of valid algorithm Family identifiers defined in the
+ cryptography-defs.json subschema. A corresponding schema for XML is not available.
+
+
+
@@ -6529,6 +6546,7 @@ limitations under the License.
+ DEPRECATED - DO NOT USE. This will be removed in a future version. Use `./ellipticCurve` instead.
The specific underlying Elliptic Curve (EC) definition employed which is an indicator
of the level of security strength, performance and complexity. Absent an
authoritative source of curve names, CycloneDX recommends use of curve names as
@@ -6537,6 +6555,15 @@ limitations under the License.
+
+
+
+ The specific underlying Elliptic Curve (EC) definition employed which is an indicator
+ of the level of security strength, performance and complexity. Curves are defined in
+ the cryptography-defs.json subschema. A corresponding schema for XML is not available.
+
+
+
@@ -7030,6 +7057,13 @@ limitations under the License.
+
+
+
+ The serial number is a unique identifier for the certificate issued by a CA.
+
+
+
@@ -7061,6 +7095,7 @@ limitations under the License.
+ DEPRECATED - DO NOT USE. This will be removed in a future version. Use `./relatedCryptographicAssets` instead.
The bom-ref to signature algorithm used by the certificate
@@ -7068,6 +7103,7 @@ limitations under the License.
+ DEPRECATED - DO NOT USE. This will be removed in a future version. Use `./relatedCryptographicAssets` instead.
The bom-ref to the public key of the subject
@@ -7082,10 +7118,339 @@ limitations under the License.
+ DEPRECATED - DO NOT USE. This will be removed in a future version. Use `./certificateFileExtension` instead.
The file extension of the certificate. Examples include crt, pem, cer, der, and p12.
+
+
+
+ The file extension of the certificate. Examples include crt, pem, cer, der, and p12.
+
+
+
+
+
+
+ The fingerprint is a cryptographic hash of the certificate excluding it's signature.
+
+
+
+
+
+
+ The certificate lifecycle is a comprehensive process that manages digital
+ certificates from their initial creation to eventual expiration or revocation.
+ It typically involves several stages.
+
+
+
+
+
+
+
+
+
+ A pre-defined state in the certificate lifecycle.
+
+
+
+
+
+
+
+ The certificate has been issued by the issuing
+ certificate authority (CA) but has not been authorized
+ for use.
+
+
+
+
+
+
+ The certificate may be used to cryptographically protect
+ information, cryptographically process previously protected
+ information, or both.
+
+
+
+
+
+
+ Certificates in the deactivated state shall not be used
+ to apply cryptographic protection but, in some cases,
+ may be used to process cryptographically protected
+ information.
+
+
+
+
+
+
+ The use of a certificate may be suspended for several
+ possible reasons.
+
+
+
+
+
+
+ A revoked certificate is a digital certificate that has
+ been invalidated by the issuing certificate authority (CA)
+ before its scheduled expiration date.
+
+
+
+
+
+
+ The certificate has been destroyed.
+
+
+
+
+
+
+
+
+
+ A reason for the certificate being in this state.
+
+
+
+
+
+
+
+
+
+ The name of the certificate lifecycle state.
+
+
+
+
+
+
+ The description of the certificate lifecycle state.
+
+
+
+
+
+
+ A reason for the certificate being in this state.
+
+
+
+
+
+
+
+
+
+
+ The date and time (timestamp) when the certificate was created or pre-activated.
+
+
+
+
+
+
+ The date and time (timestamp) when the certificate was activated.
+
+
+
+
+
+
+ The date and time (timestamp) when the related certificate was deactivated.
+
+
+
+
+
+
+ The date and time (timestamp) when the certificate was revoked.
+
+
+
+
+
+
+ The date and time (timestamp) when the certificate was destroyed.
+
+
+
+
+
+
+ A certificate extension is an optional field that provides additional information about the certificate or its use. Extensions are used to convey additional information beyond the standard fields.
+
+
+
+
+
+
+
+ Extension: This can be either a common extension
+ (with a well-known name and value) or a custom extension
+ (for application or vendor-specific data).
+
+
+
+
+
+
+
+
+
+ The name of the extension.
+
+
+
+
+
+
+
+ Specifies whether a certificate can be used as a CA certificate or not.
+
+
+
+
+
+
+ Specifies the allowed uses of the public key in the certificate.
+
+
+
+
+
+
+ Specifies additional purposes for which the public key can be used.
+
+
+
+
+
+
+ Allows inclusion of additional names to identify the entity associated with the certificate.
+
+
+
+
+
+
+ Identifies the public key of the CA that issued the certificate.
+
+
+
+
+
+
+ Identifies the public key associated with the entity the certificate was issued to.
+
+
+
+
+
+
+ Contains CA issuers and OCSP information.
+
+
+
+
+
+
+ Defines the policies under which the certificate was issued and can be used.
+
+
+
+
+
+
+ Contains one or more URLs where a Certificate Revocation List (CRL) can be obtained.
+
+
+
+
+
+
+ Shows that the certificate has been publicly logged, which helps prevent the issuance of rogue certificates by a CA. Log ID, timestamp and signature as proof.
+
+
+
+
+
+
+
+
+
+ The value of the certificate extension.
+
+
+
+
+
+
+
+
+
+ The name for the custom certificate extension.
+
+
+
+
+
+
+ The description of the custom certificate extension.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ A list of cryptographic assets related to this component.
+
+
+
+
+
+
+
+ A cryptographic asset related to this component.
+
+
+
+
+
+
+
+ Specifies the mechanism by which the cryptographic asset is secured by.
+ Examples: "publicKey", "privateKey", "algorithm"
+
+
+
+
+
+
+ The bom-ref to cryptographic asset.
+
+
+
+
+
+
+
+
+
@@ -7233,6 +7598,50 @@ limitations under the License.
+
+
+
+ The fingerprint is a cryptographic hash of the related cryptographic material, excluding it's signature.
+
+
+
+
+
+
+ A list of cryptographic assets related to this component.
+
+
+
+
+
+
+
+ A cryptographic asset related to this component.
+
+
+
+
+
+
+
+ Specifies the mechanism by which the cryptographic asset is secured by.
+ Examples: "publicKey", "privateKey", "algorithm"
+
+
+
+
+
+
+ The bom-ref to cryptographic asset.
+
+
+
+
+
+
+
+
+
@@ -7294,6 +7703,48 @@ limitations under the License.
+
+
+
+ Datagram Transport Layer Security
+
+
+
+
+
+
+ Quick UDP Internet Connections
+
+
+
+
+
+
+ Extensible Authentication Protocol variant
+
+
+
+
+
+
+ Enhanced version of EAP-AKA
+
+
+
+
+
+
+ Protection of Inter-Network Signaling
+
+
+
+
+
+
+ Authentication and Key Agreement for 5G
+
+
+
@@ -7372,6 +7823,48 @@ limitations under the License.
+
+
+
+ A list of TLS named groups (formerly known as curves) for
+ this cipher suite. These groups define the parameters for
+ key exchange algorithms like ECDHE.
+
+
+
+
+
+
+
+ The name of the TLS group.
+ Example values: x25519, ffdhe2048
+
+
+
+
+
+
+
+
+
+ A list of signature schemes supported for cipher suite.
+ These schemes specify the algorithms used for digital
+ signatures in TLS handshakes and certificate verification.
+
+
+
+
+
+
+
+ The name of the TLS signature scheme.
+ Example values: ecdsa_secp256r1_sha256, rsa_pss_rsae_sha256, ed25519
+
+
+
+
+
+
@@ -7387,33 +7880,127 @@ limitations under the License.
-
+
Transform Type 1: encryption algorithms
+
+ EITHER a detailed description (PREFERRED)
+ OR a single string representing a "bom:refType" (DEPRECATED This will be removed in a future version.)
+
+
+
+
+
+ A name for the encryption method.
+ Example: ENCR_AES_GCM_16
+
+
+
+
+
+
+ The key length of the encryption algorithm.
+
+
+
+
+
+
+ The bom-ref to algorithm cryptographic asset.
+
+
+
+
+
-
+
Transform Type 2: pseudorandom functions
+
+ EITHER a detailed description (PREFERRED)
+ OR a single string representing a "bom:refType" (DEPRECATED This will be removed in a future version.)
+
+
+
+
+
+ A name for the pseudorandom function.
+ Example: PRF_HMAC_SHA2_256
+
+
+
+
+
+
+ The bom-ref to algorithm cryptographic asset.
+
+
+
+
+
-
+
Transform Type 3: integrity algorithms
+
+ EITHER a detailed description (PREFERRED)
+ OR a single string representing a "bom:refType" (DEPRECATED This will be removed in a future version.)
+
+
+
+
+
+ A name for the integrity algorithm.
+ Example: AUTH_HMAC_SHA2_256_128
+
+
+
+
+
+
+ The bom-ref to algorithm cryptographic asset.
+
+
+
+
+
-
+
Transform Type 4: Key Exchange Method (KE) per RFC9370, formerly called Diffie-Hellman Group (D-H)
+
+ EITHER a detailed description (PREFERRED)
+ OR a single string representing a "bom:refType" (DEPRECATED This will be removed in a future version.)
+
+
+
+
+
+ A group identifier for the key exchange algorithm.
+
+
+
+
+
+
+ The bom-ref to algorithm cryptographic asset.
+
+
+
+
+
@@ -7422,12 +8009,33 @@ limitations under the License.
-
+
IKEv2 Authentication method
+
+ EITHER a detailed description (PREFERRED)
+ OR a single string representing a "bom:refType" (DEPRECATED This will be removed in a future version.)
+
+
+
+
+
+ A name for the authentication method.
+
+
+
+
+
+
+ The bom-ref to algorithm cryptographic asset.
+
+
+
+
+
diff --git a/schema/cryptography-defs.json b/schema/cryptography-defs.json
new file mode 100644
index 00000000..ca74598c
--- /dev/null
+++ b/schema/cryptography-defs.json
@@ -0,0 +1,3313 @@
+{
+ "$schema": "http://cyclonedx.org/schema/cryptography-defs.schema.json",
+ "lastUpdated": "2025-03-22T00:00:00Z",
+ "algorithms": [
+ {
+ "family": "RSASSA-PKCS1",
+ "standard": [
+ {"name": "RFC8017", "url": "https://doi.org/10.17487/RFC8017"},
+ {"name": "IEEE1363", "url": "https://doi.org/10.1109/IEEESTD.2000.92290"}
+ ],
+ "variant": [
+ {
+ "pattern": "RSA-PKCS1-1.5[-{digestAlgorithm}][-{keyLength}]",
+ "primitive": "signature"
+ }
+ ]
+ },
+ {
+ "family": "RSASSA-PSS",
+ "standard": [
+ {"name": "RFC8017", "url": "https://doi.org/10.17487/RFC8017"},
+ {"name": "IEEE1363A", "url": "https://doi.org/10.1109/IEEESTD.2004.94612"}
+ ],
+ "variant": [
+ {
+ "pattern": "RSA-PSS[-{digestAlgorithm}][-{saltLength}][-{keyLength}]",
+ "primitive": "signature"
+ }
+ ]
+ },
+ {
+ "family": "RSAES-PKCS1",
+ "standard": [
+ {"name": "RFC8017", "url": "https://doi.org/10.17487/RFC8017"}
+ ],
+ "variant": [
+ {
+ "pattern": "RSA-PKCS1-1.5[-{keyLength}]",
+ "primitive": "pke"
+ }
+ ]
+ },
+ {
+ "family": "RSAES-OAEP",
+ "standard": [
+ {"name": "RFC8017", "url": "https://doi.org/10.17487/RFC8017"}
+ ],
+ "variant": [
+ {
+ "pattern": "RSA-OAEP[-{hashAlgorithm}][-{maskGenAlgorithm}][-{keyLength}]",
+ "primitive": "pke"
+ }
+ ]
+ },
+ {
+ "family": "EdDSA",
+ "standard": [
+ {"name": "RFC8032", "url": "https://doi.org/10.17487/RFC8032"}
+ ],
+ "variant": [
+ {
+ "pattern": "Ed(25519|448)[-(ph|ctx)]",
+ "primitive": "signature"
+ }
+ ]
+ },
+ {
+ "family": "ECDSA",
+ "standard": [
+ {"name": "FIPS186-4", "url": "https://doi.org/10.6028/NIST.FIPS.186-4"},
+ {"name": "X9.62", "url": "https://standards.globalspec.com/std/1955141/ansi-x9-62"}
+ ],
+ "variant": [
+ {
+ "pattern": "ECDSA[-{ellipticCurve}][-{hash}]",
+ "primitive": "signature"
+ }
+ ]
+ },
+ {
+ "family": "DSA",
+ "standard": [
+ {"name": "FIPS186-4", "url": "https://doi.org/10.6028/NIST.FIPS.186-4"}
+ ],
+ "variant": [
+ {
+ "pattern": "DSA[-{length}][-{hash}]",
+ "primitive": "signature"
+ }
+ ]
+ },
+ {
+ "family": "ECDH",
+ "standard": [
+ {"name": "SP800-56A", "url": "https://doi.org/10.6028/NIST.SP.800-56Ar3"},
+ {"name": "IEEE1363", "url": "https://doi.org/10.1109/IEEESTD.2000.92290"},
+ {"name": "X9.63", "url": "https://webstore.ansi.org/standards/ASCX9/ansix9632011r2017"}
+ ],
+ "variant": [
+ {
+ "pattern": "ECDH[E][-{ellipticCurve}]",
+ "primitive": "key-agree"
+ },
+ {
+ "pattern": "x25519|x448",
+ "primitive": "key-agree"
+ }
+ ]
+ },
+ {
+ "family": "FFDH",
+ "standard": [
+ {"name": "RFC7919", "url": "https://doi.org/10.17487/RFC7919"},
+ {"name": "SP800-56A", "url": "https://doi.org/10.6028/NIST.SP.800-56Ar3"}
+ ],
+ "variant": [
+ {
+ "pattern": "FFDH(E)[-{namedGroup}]",
+ "primitive": "key-agree"
+ }
+ ]
+ },
+ {
+ "family": "SHA-1",
+ "standard": [
+ {"name": "FIPS180-4", "url": "https://doi.org/10.6028/NIST.FIPS.180-4"}
+ ],
+ "variant": [
+ {
+ "pattern": "SHA-1",
+ "primitive": "hash"
+ }
+ ]
+ },
+ {
+ "family": "SHA-2",
+ "standard": [
+ {"name": "FIPS180-4", "url": "https://doi.org/10.6028/NIST.FIPS.180-4"}
+ ],
+ "variant": [
+ {
+ "pattern": "SHA-(224|256|384|512|512/224|512/256)",
+ "primitive": "hash"
+ }
+ ]
+ },
+ {
+ "family": "SHA-3",
+ "standard": [
+ {"name": "FIPS202", "url": "https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf"},
+ {"name": "SP800-185", "url": "https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf"}
+ ],
+ "variant": [
+ {
+ "pattern": "SHA-3-(224|256|384|512)",
+ "primitive": "hash"
+ },
+ {
+ "pattern": "SHAKE(128|256)",
+ "primitive": "xof"
+ },
+ {
+ "pattern": "cSHAKE(128|256)",
+ "primitive": "xof"
+ },
+ {
+ "pattern": "KMAC(128|256)",
+ "primitive": "mac"
+ },
+ {
+ "pattern": "HMACXOF(128|256)",
+ "primitive": "mac"
+ },
+ {
+ "pattern": "TupleHash(128|256)",
+ "primitive": "hash"
+ },
+ {
+ "pattern": "TupleHashXOF(128|256)",
+ "primitive": "xof"
+ },
+ {
+ "pattern": "ParallelHash(128|256)",
+ "primitive": "hash"
+ },
+ {
+ "pattern": "ParallelHashXOF(128|256)",
+ "primitive": "xof"
+ }
+ ]
+ },
+ {
+ "family": "AES",
+ "standard": [
+ {"name": "FIPS197", "url": "https://doi.org/10.6028/NIST.FIPS.197-upd1"},
+ {"name": "SP800-38{A-G}", "url": "https://doi.org/10.6028/NIST.SP.800-38A"},
+ {"name": "RFC 5116", "url": "https://doi.org/10.17487/RFC5116"}
+ ],
+ "variant": [
+ {
+ "pattern": "AES[-(128|192|256)][-(ECB|CBC|CFB(1|8|64|128)|OFB|CTR|XTS|CTS)][-{padding}][-{ivlen}]",
+ "primitive": "block-cipher"
+ },
+ {
+ "standard": [
+ {"name": "SP800-38D", "url": "https://doi.org/10.6028/NIST.SP.800-38D"},
+ {"name": "RFC 3610", "url": "https://doi.org/10.17487/RFC5116"}
+ ],
+ "pattern": "AES[-(128|192|256)][-(GCM|CCM)][-{tagLength}][-{ivLength}]",
+ "primitive": "ae"
+ },
+ {
+ "standard": [
+ {"name": "RFC5649", "url": "https://doi.org/10.17487/RFC5649"}
+ ],
+ "pattern": "AES[-(128|192|256)]-Wrap[-(PAD|KWP|PKCS7)]",
+ "primitive": "key-wrap"
+ },
+ {
+ "pattern": "AES[-(128|192|256)][-(GMAC|CMAC)]",
+ "primitive": "mac"
+ },
+ {
+ "pattern": "AES[-(128|192|256)][-(XCBC_MAC[_96])]",
+ "primitive": "mac"
+ }
+ ]
+ },
+ {
+ "family": "HKDF",
+ "standard": [
+ {"name": "RFC5869", "url": "https://doi.org/10.17487/RFC5869"}
+ ],
+ "variant": [
+ {
+ "pattern": "HKDF[-{hashFunction}]",
+ "primitive": "kdf"
+ }
+ ]
+ },
+ {
+ "family": "HMAC",
+ "standard": [
+ {"name": "SP800-224", "url": "https://doi.org/10.6028/NIST.SP.800-224.ipd"},
+ {"name": "RFC2104", "url": "https://doi.org/10.17487/RFC2104"}
+ ],
+ "variant": [
+ {
+ "pattern": "HMAC[-{hashFunction}][-{tagLength}]",
+ "primitive": "mac"
+ }
+ ]
+ },
+ {
+ "family": "CMAC",
+ "standard": [
+ {"name": "SP800-38B", "url": "https://doi.org/10.6028/NIST.SP.800-38B"}
+ ],
+ "variant": [
+ {
+ "pattern": "CMAC[-{cipherAlgorithm}][-{length}]",
+ "primitive": "mac"
+ }
+ ]
+ },
+ {
+ "family": "KMAC",
+ "standard": [
+ {"name": "SP800-108r1", "url": "https://doi.org/10.6028/NIST.SP.800-108r1-upd1"}
+ ],
+ "variant": [
+ {
+ "pattern": "KMAC[-(128|256)]",
+ "primitive": "mac"
+ }
+ ]
+ },
+ {
+ "family": "ChaCha",
+ "standard": [
+ {"name": "RFC8439", "url": "https://doi.org/10.17487/RFC8439"}
+ ],
+ "variant": [
+ {
+ "pattern": "ChaCha20[-(AES|{otherBlockCipher})]",
+ "primitive": "stream-cipher"
+ }
+ ]
+ },
+ {
+ "family": "Poly1305",
+ "standard": [
+ {"name": "RFC8439", "url": "https://doi.org/10.17487/RFC8439"}
+ ],
+ "variant": [
+ {
+ "pattern": "Poly1305",
+ "primitive": "mac"
+ }
+ ]
+ },
+ {
+ "family": "ChaCha20",
+ "standard": [
+ {"name": "RFC8439", "url": "https://doi.org/10.17487/RFC8439"}
+ ],
+ "variant": [
+ {
+ "pattern": "ChaCha20",
+ "primitive": "stream-cipher"
+ },
+ {
+ "pattern": "ChaCha20-Poly1305",
+ "primitive": "ae"
+ }
+ ]
+ },
+ {
+ "family": "Salsa20",
+ "standard": [
+ {"name": "The Salsa20 Family of Stream Ciphers", "url": "https://doi.org/10.1007/978-3-540-68351-3_8"}
+ ],
+ "variant": [
+ {
+ "pattern": "Salsa20",
+ "primitive": "stream-cipher"
+ },
+ {
+ "pattern": "Salsa20-Poly1305",
+ "primitive": "ae"
+ }
+ ]
+ },
+ {
+ "family": "MD5",
+ "standard": [
+ {"name": "RFC1321", "url": "https://doi.org/10.17487/RFC1321"}
+ ],
+ "variant": [
+ {
+ "pattern": "MD5",
+ "primitive": "hash"
+ }
+ ]
+ },
+ {
+ "family": "MD4",
+ "standard": [
+ {"name": "RFC1320", "url": "https://doi.org/10.17487/RFC1320"}
+ ],
+ "variant": [
+ {
+ "pattern": "MD4",
+ "primitive": "hash"
+ }
+ ]
+ },
+ {
+ "family": "RC4",
+ "standard": [
+ {"name": "Applied Cryptography: Protocols, Algorithms, and Source Code in C", "url": "https://dl.acm.org/doi/book/10.5555/572932"}
+ ],
+ "variant": [
+ {
+ "pattern": "RC4[-{keyLength}]",
+ "primitive": "stream-cipher"
+ }
+ ]
+ },
+ {
+ "family": "3DES",
+ "standard": [
+ {"name": "RFC1851", "url": "https://doi.org/10.17487/RFC1851"},
+ {"name": "FIPS PUB 46-3", "url": "https://csrc.nist.gov/pubs/fips/46-3/final"}
+ ],
+ "variant": [
+ {
+ "pattern": "3DES[-{keyLength}][-{mode}]",
+ "primitive": "block-cipher"
+ }
+ ]
+ },
+ {
+ "family": "DES",
+ "standard": [
+ {"name": "FIPS PUB 46-3", "url": "https://csrc.nist.gov/pubs/fips/46-3/final"},
+ {"name": "ANSI INCITS 92-1981", "url": "https://csrc.nist.gov/pubs/fips/46-3/final"}
+ ],
+ "variant": [
+ {
+ "pattern": "DES[-{keyLength}][-{mode}]",
+ "primitive": "block-cipher"
+ }
+ ]
+ },
+ {
+ "family": "IDEA",
+ "standard": [
+ {"name": "A Proposal for a New Block Encryption Standard", "url": "https://doi.org/10.1007%2F3-540-46877-3_35"}
+ ],
+ "variant": [
+ {
+ "pattern": "IDEA[-{mode}]",
+ "primitive": "block-cipher"
+ }
+ ]
+ },
+ {
+ "family": "RC2",
+ "standard": [
+ {"name": "RFC2268", "url": "https://doi.org/10.17487/RFC2268"}
+ ],
+ "variant": [
+ {
+ "pattern": "RC2[-{keyLength}][-{mode}]",
+ "primitive": "block-cipher"
+ }
+ ]
+ },
+ {
+ "family": "ML-DSA",
+ "standard": [
+ {"name": "FIPS 204", "url": "https://doi.org/10.6028/NIST.FIPS.204"}
+ ],
+ "variant": [
+ {
+ "pattern": "ML-DSA-(44|65|87)",
+ "primitive": "signature"
+ },
+ {
+ "pattern": "HashML-DSA-(44|65|87)[-{hashFunction}]",
+ "primitive": "signature"
+ }
+ ]
+ },
+ {
+ "family": "SLH-DSA",
+ "standard": [
+ {"name": "FIPS 205", "url": "https://doi.org/10.6028/NIST.FIPS.205"}
+ ],
+ "variant": [
+ {
+ "pattern": "SLH-DSA-(SHA2|SHAKE)-(128s|128f|192s|192f|256s|256f)",
+ "primitive": "signature"
+ },
+ {
+ "pattern": "HashSLH-DSA-(SHA2|SHAKE)-(128s|128f|192s|192f|256s|256f)[-{hashFunction}]",
+ "primitive": "signature"
+ }
+ ]
+ },
+ {
+ "family": "XMSS",
+ "standard": [
+ {"name": "SP800-208", "url": "https://doi.org/10.6028/NIST.SP.800-208"},
+ {"name": "RFC8391", "url": "https://doi.org/10.17487/RFC8391"}
+ ],
+ "variant": [
+ {
+ "pattern": "XMSS-(SHA2|SHAKE)[_{h}][_{nbits}]",
+ "primitive": "signature"
+ },
+ {
+ "pattern": "XMSSMT-(SHA2|SHAKE)[_{h}/{d}][_{nbits}]",
+ "primitive": "signature"
+ },
+ {
+ "pattern": "WOTSP-(SHA2|SHAKE)[_{nbits}]",
+ "primitive": "signature"
+ }
+ ]
+ },
+ {
+ "family": "LMS",
+ "standard": [
+ {"name": "SP800-208", "url": "https://doi.org/10.6028/NIST.SP.800-208"},
+ {"name": "RFC8554", "url": "https://doi.org/10.17487/RFC8554"}
+ ],
+ "variant": [
+ {
+ "pattern": "LMS[_{hashFunction}][_M{bytesPerNode}][_H{treeHeight}]",
+ "primitive": "signature"
+ },
+ {
+ "pattern": "LMOTS[_{hashfun}][_N{bytespernode}][_H{treeheight}]",
+ "primitive": "signature"
+ }
+ ]
+ },
+ {
+ "family": "ML-KEM",
+ "standard": [
+ {"name": "FIPS 203", "url": "https://doi.org/10.6028/NIST.FIPS.203"}
+ ],
+ "variant": [
+ {
+ "pattern": "ML-KEM-(512|768|1024)",
+ "primitive": "kem"
+ }
+ ]
+ },
+ {
+ "family": "IKE-PRF",
+ "standard": [
+ {"name": "RFC2409", "url": "https://doi.org/10.17487/RFC2409"},
+ {"name": "RFC5996", "url": "https://doi.org/10.17487/RFC5996"}
+ ],
+ "variant": [
+ {
+ "pattern": "IKE_PRF_DERIVE",
+ "primitive": "key-agree"
+ },
+ {
+ "pattern": "IKE1_(PRF|Extended)_DERIVE",
+ "primitive": "key-agree"
+ },
+ {
+ "pattern": "IKE2_PRF_PLUS_DERIVE",
+ "primitive": "key-agree"
+ }
+ ]
+ },
+ {
+ "family": "GOST",
+ "variant": [
+ {
+ "standard": [
+ {"name": "RFC4357", "url": "https://doi.org/10.17487/RFC4357"}
+ ],
+ "pattern": "GOSTR3410",
+ "primitive": "signature"
+ },
+ {
+ "standard": [
+ {"name": "RFC4357", "url": "https://doi.org/10.17487/RFC4357"}
+ ],
+ "pattern": "GOSTR3411",
+ "primitive": "hash"
+ },
+ {
+ "standard": [
+ {"name": "RFC4357", "url": "https://doi.org/10.17487/RFC4357"}
+ ],
+ "pattern": "GOSTR3411_HMAC",
+ "primitive": "mac"
+ },
+ {
+ "standard": [
+ {"name": "RFC4357", "url": "https://doi.org/10.17487/RFC4357"}
+ ],
+ "pattern": "GOST38147[-{mode}][-{padding}]",
+ "primitive": "block-cipher"
+ },
+ {
+ "standard": [
+ {"name": "RFC4357", "url": "https://doi.org/10.17487/RFC4357"}
+ ],
+ "pattern": "GOST38147_MAC",
+ "primitive": "mac"
+ }
+ ]
+ },
+ {
+ "family": "SEED",
+ "standard": [
+ {"name": "RFC4269", "url": "https://doi.org/10.17487/RFC4269"},
+ {"name": "RFC5669", "url": "https://doi.org/10.17487/RFC5669"}
+ ],
+ "variant": [
+ {
+ "pattern": "SEED-128[-{mode}][-{padding}]",
+ "primitive": "block-cipher"
+ },
+ {
+ "pattern": "SEED-128[-{mode}][-{padding}]-HMAC[-{hashFunction}][-{tagLength}]",
+ "primitive": "ae"
+ },
+ {
+ "pattern": "SEED-128-(CCM|GCM)",
+ "primitive": "ae"
+ }
+ ]
+ },
+ {
+ "family": "ARIA",
+ "standard": [
+ {"name": "RFC5794", "url": "https://doi.org/10.17487/RFC5794"}
+ ],
+ "variant": [
+ {
+ "pattern": "ARIA-(128|192|256)[-{mode}][-{padding}]",
+ "primitive": "block-cipher"
+ },
+ {
+ "pattern": "ARIA-(128|192|256)[-{authmode}][-{padding}]",
+ "primitive": "ae"
+ }
+ ]
+ },
+ {
+ "family": "CAMELLIA",
+ "standard": [
+ {"name": "RFC3713", "url": "https://doi.org/10.17487/RFC3713"}
+ ],
+ "variant": [
+ {
+ "pattern": "CAMELLIA-(128|192|256)[-{mode}][-{padding}]",
+ "primitive": "block-cipher"
+ },
+ {
+ "pattern": "CAMELLIA-(128|192|256)[-{authmode}][-{padding}]",
+ "primitive": "ae"
+ }
+ ]
+ },
+ {
+ "family": "Twofish",
+ "standard": [
+ {"name": "Twofish: A 128-Bit Block Cipher", "url": "https://www.schneier.com/academic/twofish/"}
+ ],
+ "variant": [
+ {
+ "pattern": "Twofish-(128|192|256)[-{mode}][-{padding}]",
+ "primitive": "block-cipher"
+ }
+ ]
+ },
+ {
+ "family": "Blowfish",
+ "standard": [
+ {"name": "Description of a new variable-length key, 64-bit block cipher (Blowfish)", "url": "https://doi.org/10.1007/3-540-58108-1_24"}
+ ],
+ "variant": [
+ {
+ "pattern": "Blowfish[-{keyLength}][-{mode}][-{padding}]",
+ "primitive": "block-cipher"
+ }
+ ]
+ },
+ {
+ "family": "SP800-108",
+ "standard": [
+ {"name": "SP800-108", "url": "https://doi.org/10.6028/NIST.SP.800-108r1-upd1"}
+ ],
+ "variant": [
+ {
+ "pattern": "SP800_108_(CounterKDF|FeedbackKDF|DoublePipelineKDF)[-{prfFunction}][-{dkmLength}]",
+ "primitive": "key-derive"
+ }
+ ]
+ },
+ {
+ "family": "PKCS12-PBEA",
+ "variant": [
+ {
+ "pattern": "SHA1-PBE-(2|3)K-3DES-CBC",
+ "primitive": "block-cipher"
+ },
+ {
+ "pattern": "SHA1-PBA-SHA1-HMAC",
+ "primitive": "mac"
+ }
+ ]
+ },
+ {
+ "family": "PKCS5-PBE",
+ "variant": [
+ {
+ "pattern": "SHA1-PBE-DES(2|3)-EDE-CBC",
+ "primitive": "block-cipher"
+ },
+ {
+ "pattern": "SHA1-PBA-SHA1-HMAC",
+ "primitive": "mac"
+ },
+ {
+ "pattern": "{hashFunction}-PBE-{blockCipher}",
+ "primitive": "block-cipher"
+ },
+ {
+ "pattern": "PBKDF2",
+ "primitive": "key-derive"
+ }
+ ]
+ },
+ {
+ "family": "BLAKE2",
+ "standard": [
+ {"name": "RFC7693", "url": "https://doi.org/10.17487/RFC7693"}
+ ],
+ "variant": [
+ {
+ "pattern": "BLAKE2b-(160|256|384|512)",
+ "primitive": "hash"
+ },
+ {
+ "pattern": "BLAKE2b-(160|256|384|512)-HMAC",
+ "primitive": "mac"
+ },
+ {
+ "pattern": "BLAKE2s-(160|256)",
+ "primitive": "hash"
+ },
+ {
+ "pattern": "BLAKE2b-(160|256|384|512)-HMAC",
+ "primitive": "mac"
+ }
+ ]
+ },
+ {
+ "family": "BLAKE3",
+ "standard": [
+ {"name": "BLAKE3 Spec", "url": "https://github.com/BLAKE3-team/BLAKE3-specs/blob/master/blake3.pdf"}
+ ],
+ "variant": [
+ {
+ "pattern": "BLAKE3[-{outputLength}]",
+ "primitive": "hash"
+ }
+ ]
+ },
+ {
+ "family": "X3DH",
+ "standard": [
+ {"name": "The X3DH Key Agreement Protocol", "url": "https://signal.org/docs/specifications/x3dh/"}
+ ],
+ "variant": [
+ {
+ "pattern": "X3DH[-{hashFunction}]",
+ "primitive": "key-agree"
+ }
+ ]
+ },
+ {
+ "family": "BLS",
+ "standard": [
+ {"name": "Short Signatures from the Weil Pairing", "url": "https://dx.doi.org/10.1007/3-540-45682-1_30"}
+ ],
+ "variant": [
+ {
+ "pattern": "BLS(13-381|13-377|BN254)",
+ "primitive": "signature"
+ },
+ {
+ "pattern": "BLS[-{ellipticCurve}]",
+ "primitive": "signature"
+ }
+ ]
+ },
+ {
+ "family": "MILENAGE",
+ "standard": [
+ {"name": "3GPP TS 35.206", "url": "https://www.3gpp.org/ftp/Specs/archive/35_series/35.206/35206-i00.zip"}
+ ],
+ "variant": [
+ {
+ "pattern": "MILENAGE[-MAC]",
+ "primitive": "mac"
+ },
+ {
+ "pattern": "MILENAGE[-KDF]",
+ "primitive": "kdf"
+ }
+ ]
+ },
+ {
+ "family": "TUAK",
+ "standard": [
+ {"name": "SHA-3 based authentication algorithm (3GPP TS 35.231)", "url": "https://www.3gpp.org/ftp/Specs/archive/35_series/35.231/35231-i00.zip"}
+ ],
+ "variant": [
+ {
+ "pattern": "TUAC[-MAC]",
+ "primitive": "mac"
+ },
+ {
+ "pattern": "TUAC[-KDF]",
+ "primitive": "kdf"
+ }
+ ]
+ },
+ {
+ "family": "ZUC",
+ "standard": [
+ {"name": "3GPP TS 35.221", "url": "https://www.3gpp.org/ftp/Specs/archive/35_series/35.221/35221-i00.zip"}
+ ],
+ "variant": [
+ {
+ "pattern": "128-EEA3",
+ "primitive": "stream-cipher"
+ },
+ {
+ "pattern": "128-EIA3",
+ "primitive": "mac"
+ }
+ ]
+ },
+ {
+ "family": "SNOW3G",
+ "standard": [
+ {"name": "3GPP TS 35.216", "url": "https://www.3gpp.org/ftp/Specs/archive/35_series/35.216/35216-i00.zip"}
+ ],
+ "variant": [
+ {
+ "pattern": "128-EEA1",
+ "primitive": "stream-cipher"
+ },
+ {
+ "pattern": "128-EIA1",
+ "primitive": "mac"
+ }
+ ]
+ },
+ {
+ "family": "3GPP-XOR",
+ "standard": [
+ {"name": "Legacy XOR-based AV generation algorithm (3GPP TS 35.201)", "url": "https://www.3gpp.org/ftp/Specs/archive/35_series/35.201/35201-i00.zip"}
+ ],
+ "variant": [
+ {
+ "pattern": "3GPP-XOR[-MAC]",
+ "primitive": "mac"
+ },
+ {
+ "pattern": "3GPP-XOR[-KDF]",
+ "primitive": "kdf"
+ }
+ ]
+ },
+ {
+ "family": "MD2",
+ "standard": [
+ {"name": "RFC1319", "url": "https://doi.org/10.17487/RFC1319"}
+ ],
+ "variant": [
+ {
+ "pattern": "MD2",
+ "primitive": "hash"
+ }
+ ]
+ },
+ {
+ "family": "MD4",
+ "standard": [
+ {"name": "RFC1320", "url": "https://doi.org/10.17487/RFC1320"}
+ ],
+ "variant": [
+ {
+ "pattern": "MD4",
+ "primitive": "hash"
+ }
+ ]
+ },
+ {
+ "family": "MD5",
+ "standard": [
+ {"name": "RFC1321", "url": "https://doi.org/10.17487/RFC1321"}
+ ],
+ "variant": [
+ {
+ "pattern": "MD5",
+ "primitive": "hash"
+ }
+ ]
+ },
+ {
+ "family": "RIPEMD",
+ "standard": [
+ {"name": "ISO10118-3", "url": "https://www.iso.org/standard/67116.html"}
+ ],
+ "variant": [
+ {
+ "pattern": "RIPEMD-(128|160|256|320)",
+ "primitive": "hash"
+ }
+ ]
+ },
+ {
+ "family": "Whirlpool",
+ "standard": [
+ {"name": "ISO10118-3", "url": "https://www.iso.org/standard/67116.html"},
+ {"name": "NESSIE", "url": "https://www.cosic.esat.kuleuven.be/nessie/"}
+ ],
+ "variant": [
+ {
+ "pattern": "Whirlpool",
+ "primitive": "hash"
+ }
+ ]
+ },
+ {
+ "family": "Serpent",
+ "standard": [
+ {"name": "AES Finalist", "url": "https://www.cl.cam.ac.uk/~rja14/serpent.html"}
+ ],
+ "variant": [
+ {
+ "pattern": "Serpent-(128|192|256)[-{mode}][-{padding}]",
+ "primitive": "block-cipher"
+ }
+ ]
+ },
+ {
+ "family": "CAST5",
+ "standard": [
+ {"name": "RFC2144", "url": "https://doi.org/10.17487/RFC2144"}
+ ],
+ "variant": [
+ {
+ "pattern": "CAST5[-{keyLength}][-{mode}]",
+ "primitive": "block-cipher"
+ }
+ ]
+ },
+ {
+ "family": "CAST6",
+ "standard": [
+ {"name": "RFC2612", "url": "https://doi.org/10.17487/RFC2612"}
+ ],
+ "variant": [
+ {
+ "pattern": "CAST6[-{keyLength}][-{mode}]",
+ "primitive": "block-cipher"
+ }
+ ]
+ },
+ {
+ "family": "RC5",
+ "standard": [
+ {"name": "RFC2040", "url": "https://doi.org/10.17487/RFC2040"}
+ ],
+ "variant": [
+ {
+ "pattern": "RC5[-{keyLength}][-{mode}]",
+ "primitive": "block-cipher"
+ }
+ ]
+ },
+ {
+ "family": "HC",
+ "standard": [
+ {"name": "eSTREAM", "url": "https://www.ecrypt.eu.org/stream/"}
+ ],
+ "variant": [
+ {
+ "pattern": "HC-128",
+ "primitive": "stream-cipher"
+ },
+ {
+ "pattern": "HC-256",
+ "primitive": "stream-cipher"
+ }
+ ]
+ },
+ {
+ "family": "RABBIT",
+ "standard": [
+ {"name": "RFC4503", "url": "https://doi.org/10.17487/RFC4503"},
+ {"name": "eSTREAM", "url": "https://www.ecrypt.eu.org/stream/"}
+ ],
+ "variant": [
+ {
+ "pattern": "RABBIT",
+ "primitive": "stream-cipher"
+ }
+ ]
+ },
+ {
+ "family": "Ascon",
+ "standard": [
+ {"name": "NIST SP 800-232", "url": "https://doi.org/10.6028/NIST.SP.800-232"}
+ ],
+ "variant": [
+ {
+ "pattern": "Ascon-AEAD128",
+ "primitive": "ae"
+ },
+ {
+ "pattern": "Ascon-Hash256",
+ "primitive": "hash"
+ },
+ {
+ "pattern": "Ascon-XOF128",
+ "primitive": "xof"
+ },
+ {
+ "pattern": "Ascon-CXOF128",
+ "primitive": "xof"
+ }
+ ]
+ },
+ {
+ "family": "SipHash",
+ "standard": [
+ {"name": "SipHash Spec", "url": "https://131002.net/siphash/"}
+ ],
+ "variant": [
+ {
+ "pattern": "SipHash[-{compressionRounds}-{finalizationRounds}]",
+ "primitive": "hash"
+ }
+ ]
+ }
+ ],
+ "ellipticCurves": [
+ {
+ "name": "anssi",
+ "description": "Agence nationale de la s\u00e9curit\u00e9 des syst\u00e8mes d'information: Publication d'un param\u00e9trage de courbe elliptique visant des applications de passeport \u00e9lectronique et de l'administration \u00e9lectronique fran\u00e7aise. 21 November 2011",
+ "curves": [
+ {
+ "name": "FRP256v1",
+ "description": null,
+ "oid": "1.2.250.1.223.101.256.1",
+ "form": "Weierstrass"
+ }
+ ]
+ },
+ {
+ "name": "bls",
+ "description": "BLS curves. A family of pairing friendly curves, with embedding degree = 12 or 24.",
+ "curves": [
+ {
+ "name": "BLS12-377",
+ "description": "Curve from Zexe paper: https://eprint.iacr.org/2018/962, params taken from: https://eips.ethereum.org/EIPS/eip-2539 where they are explicitly listed.",
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "BLS12-381",
+ "description": "Curve from https://electriccoin.co/blog/new-snark-curve/. As used in ZCash.",
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "BLS12-446",
+ "description": "Curve from https://github.com/relic-toolkit/relic.",
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "BLS12-455",
+ "description": "Curve from https://github.com/relic-toolkit/relic.",
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "BLS12-638",
+ "description": "Curve from https://github.com/relic-toolkit/relic. Also in https://eprint.iacr.org/2012/232.pdf.",
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "BLS24-477",
+ "description": "Curve from https://github.com/relic-toolkit/relic. Also in https://eprint.iacr.org/2012/232.pdf.",
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "Bandersnatch",
+ "description": "Curve from https://ethresear.ch/t/introducing-bandersnatch-a-fast-elliptic-curve-built-over-the-bls12-381-scalar-field/9957",
+ "oid": null,
+ "form": "TwistedEdwards"
+ }
+ ]
+ },
+ {
+ "name": "bn",
+ "description": "BN (Barreto, Naehrig curves) from: A Family of Implementation-Friendly BN Elliptic Curves - .",
+ "curves": [
+ {
+ "name": "bn158",
+ "description": null,
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "bn190",
+ "description": null,
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "bn222",
+ "description": null,
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "bn254",
+ "description": null,
+ "oid": null,
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "other",
+ "name": "Fp254BNb"
+ }
+ ]
+ },
+ {
+ "name": "bn286",
+ "description": null,
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "bn318",
+ "description": null,
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "bn350",
+ "description": null,
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "bn382",
+ "description": null,
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "bn414",
+ "description": null,
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "bn446",
+ "description": null,
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "bn478",
+ "description": null,
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "bn510",
+ "description": null,
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "bn542",
+ "description": null,
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "bn574",
+ "description": null,
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "bn606",
+ "description": null,
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "bn638",
+ "description": null,
+ "oid": null,
+ "form": "Weierstrass"
+ }
+ ]
+ },
+ {
+ "name": "brainpool",
+ "description": "ECC Brainpool Standard Curves and Curve Generation v. 1.0 19.10.2005",
+ "curves": [
+ {
+ "name": "brainpoolP160r1",
+ "description": null,
+ "oid": "1.3.36.3.3.2.8.1.1.1",
+ "form": "Weierstrass"
+ },
+ {
+ "name": "brainpoolP160t1",
+ "description": null,
+ "oid": "1.3.36.3.3.2.8.1.1.2",
+ "form": "Weierstrass"
+ },
+ {
+ "name": "brainpoolP192r1",
+ "description": null,
+ "oid": "1.3.36.3.3.2.8.1.1.3",
+ "form": "Weierstrass"
+ },
+ {
+ "name": "brainpoolP192t1",
+ "description": null,
+ "oid": "1.3.36.3.3.2.8.1.1.4",
+ "form": "Weierstrass"
+ },
+ {
+ "name": "brainpoolP224r1",
+ "description": null,
+ "oid": "1.3.36.3.3.2.8.1.1.5",
+ "form": "Weierstrass"
+ },
+ {
+ "name": "brainpoolP224t1",
+ "description": null,
+ "oid": "1.3.36.3.3.2.8.1.1.6",
+ "form": "Weierstrass"
+ },
+ {
+ "name": "brainpoolP256r1",
+ "description": null,
+ "oid": "1.3.36.3.3.2.8.1.1.7",
+ "form": "Weierstrass"
+ },
+ {
+ "name": "brainpoolP256t1",
+ "description": null,
+ "oid": "1.3.36.3.3.2.8.1.1.8",
+ "form": "Weierstrass"
+ },
+ {
+ "name": "brainpoolP320r1",
+ "description": null,
+ "oid": "1.3.36.3.3.2.8.1.1.9",
+ "form": "Weierstrass"
+ },
+ {
+ "name": "brainpoolP320t1",
+ "description": null,
+ "oid": "1.3.36.3.3.2.8.1.1.10",
+ "form": "Weierstrass"
+ },
+ {
+ "name": "brainpoolP384r1",
+ "description": null,
+ "oid": "1.3.36.3.3.2.8.1.1.11",
+ "form": "Weierstrass"
+ },
+ {
+ "name": "brainpoolP384t1",
+ "description": null,
+ "oid": "1.3.36.3.3.2.8.1.1.12",
+ "form": "Weierstrass"
+ },
+ {
+ "name": "brainpoolP512r1",
+ "description": null,
+ "oid": "1.3.36.3.3.2.8.1.1.13",
+ "form": "Weierstrass"
+ },
+ {
+ "name": "brainpoolP512t1",
+ "description": null,
+ "oid": "1.3.36.3.3.2.8.1.1.14",
+ "form": "Weierstrass"
+ }
+ ]
+ },
+ {
+ "name": "gost",
+ "description": "GOST R 34.10-2001: RFC5832, GOST R 34.10-2012: RFC7836",
+ "curves": [
+ {
+ "name": "gost256",
+ "description": "RFC5832",
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "gost512",
+ "description": "RFC5832",
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "id-GostR3410-2001-CryptoPro-A-ParamSet",
+ "description": "RFC4357",
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "id-GostR3410-2001-CryptoPro-B-ParamSet",
+ "description": "RFC4357",
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "id-GostR3410-2001-CryptoPro-C-ParamSet",
+ "description": "RFC4357",
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "id-tc26-gost-3410-12-512-paramSetA",
+ "description": "RFC7836",
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "id-tc26-gost-3410-12-512-paramSetB",
+ "description": "RFC7836",
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "id-tc26-gost-3410-2012-256-paramSetA",
+ "description": "RFC5832",
+ "oid": null,
+ "form": "TwistedEdwards"
+ },
+ {
+ "name": "id-tc26-gost-3410-2012-512-paramSetC",
+ "description": "RFC5832",
+ "oid": null,
+ "form": "TwistedEdwards"
+ }
+ ]
+ },
+ {
+ "name": "mnt",
+ "description": "MNT (Miyaji, Nakabayashi, and Takano curves) example curves from: New explicit conditions of elliptic curve traces for FR-reduction - https://dspace.jaist.ac.jp/dspace/bitstream/10119/4432/1/73-48.pdf.",
+ "curves": [
+ {
+ "name": "mnt1",
+ "description": null,
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "mnt2/1",
+ "description": null,
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "mnt2/2",
+ "description": null,
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "mnt3/1",
+ "description": null,
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "mnt3/2",
+ "description": null,
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "mnt3/3",
+ "description": null,
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "mnt4",
+ "description": null,
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "mnt5/1",
+ "description": null,
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "mnt5/2",
+ "description": null,
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "mnt5/3",
+ "description": null,
+ "oid": null,
+ "form": "Weierstrass"
+ }
+ ]
+ },
+ {
+ "name": "nist",
+ "description": "RECOMMENDED ELLIPTIC CURVES FOR FEDERAL GOVERNMENT USE July 1999",
+ "curves": [
+ {
+ "name": "B-163",
+ "description": null,
+ "oid": "1.3.132.0.15",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "secg",
+ "name": "sect163r2"
+ },
+ {
+ "category": "x963",
+ "name": "ansit163r2"
+ }
+ ]
+ },
+ {
+ "name": "B-233",
+ "description": null,
+ "oid": "1.3.132.0.27",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "secg",
+ "name": "sect233r1"
+ },
+ {
+ "category": "wtls",
+ "name": "wap-wsg-idm-ecid-wtls11"
+ },
+ {
+ "category": "x963",
+ "name": "ansit233r1"
+ }
+ ]
+ },
+ {
+ "name": "B-283",
+ "description": null,
+ "oid": "1.3.132.0.17",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "secg",
+ "name": "sect283r1"
+ },
+ {
+ "category": "x963",
+ "name": "ansit283r1"
+ }
+ ]
+ },
+ {
+ "name": "B-409",
+ "description": null,
+ "oid": "1.3.132.0.37",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "secg",
+ "name": "sect409r1"
+ },
+ {
+ "category": "x963",
+ "name": "ansit409r1"
+ }
+ ]
+ },
+ {
+ "name": "B-571",
+ "description": null,
+ "oid": "1.3.132.0.39",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "secg",
+ "name": "sect571r1"
+ },
+ {
+ "category": "x963",
+ "name": "ansit571r1"
+ }
+ ]
+ },
+ {
+ "name": "K-163",
+ "description": "Koblitz curve.",
+ "oid": "1.3.132.0.1",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "secg",
+ "name": "sect163k1"
+ },
+ {
+ "category": "x963",
+ "name": "ansit163k1"
+ },
+ {
+ "category": "wtls",
+ "name": "wap-wsg-idm-ecid-wtls3"
+ }
+ ]
+ },
+ {
+ "name": "K-233",
+ "description": "Koblitz curve.",
+ "oid": "1.3.132.0.26",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "secg",
+ "name": "sect233k1"
+ },
+ {
+ "category": "wtls",
+ "name": "wap-wsg-idm-ecid-wtls10"
+ },
+ {
+ "category": "x963",
+ "name": "ansit233k1"
+ }
+ ]
+ },
+ {
+ "name": "K-283",
+ "description": "Koblitz curve.",
+ "oid": "1.3.132.0.16",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "secg",
+ "name": "sect283k1"
+ },
+ {
+ "category": "x963",
+ "name": "ansit283k1"
+ }
+ ]
+ },
+ {
+ "name": "K-409",
+ "description": "Koblitz curve.",
+ "oid": "1.3.132.0.36",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "secg",
+ "name": "sect409k1"
+ },
+ {
+ "category": "x963",
+ "name": "ansit409k1"
+ }
+ ]
+ },
+ {
+ "name": "K-571",
+ "description": "Koblitz curve.",
+ "oid": "1.3.132.0.38",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "secg",
+ "name": "sect571k1"
+ },
+ {
+ "category": "x963",
+ "name": "ansit571k1"
+ }
+ ]
+ },
+ {
+ "name": "P-192",
+ "description": null,
+ "oid": "1.2.840.10045.3.1.1",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "secg",
+ "name": "secp192r1"
+ },
+ {
+ "category": "x962",
+ "name": "prime192v1"
+ }
+ ]
+ },
+ {
+ "name": "P-224",
+ "description": null,
+ "oid": "1.3.132.0.33",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "secg",
+ "name": "secp224r1"
+ },
+ {
+ "category": "wtls",
+ "name": "wap-wsg-idm-ecid-wtls12"
+ },
+ {
+ "category": "x963",
+ "name": "ansip224r1"
+ }
+ ]
+ },
+ {
+ "name": "P-256",
+ "description": null,
+ "oid": "1.2.840.10045.3.1.7",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "secg",
+ "name": "secp256r1"
+ },
+ {
+ "category": "x962",
+ "name": "prime256v1"
+ }
+ ]
+ },
+ {
+ "name": "P-384",
+ "description": null,
+ "oid": "1.3.132.0.34",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "secg",
+ "name": "secp384r1"
+ },
+ {
+ "category": "x963",
+ "name": "ansip384r1"
+ }
+ ]
+ },
+ {
+ "name": "P-521",
+ "description": null,
+ "oid": "1.3.132.0.35",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "secg",
+ "name": "secp521r1"
+ },
+ {
+ "category": "x963",
+ "name": "ansip521r1"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "name": "nums",
+ "description": "Microsoft Nothing Up My Sleeve (NUMS) curves from: and ",
+ "curves": [
+ {
+ "name": "ed-254-mont",
+ "description": "Curve from https://eprint.iacr.org/2014/130.pdf. No generator present.",
+ "oid": null,
+ "form": "TwistedEdwards"
+ },
+ {
+ "name": "ed-255-mers",
+ "description": "Curve from https://eprint.iacr.org/2014/130.pdf. No generator present.",
+ "oid": null,
+ "form": "TwistedEdwards"
+ },
+ {
+ "name": "ed-256-mont",
+ "description": "Curve from https://eprint.iacr.org/2014/130.pdf. No generator present.",
+ "oid": null,
+ "form": "TwistedEdwards"
+ },
+ {
+ "name": "ed-382-mont",
+ "description": "Curve from https://eprint.iacr.org/2014/130.pdf. No generator present.",
+ "oid": null,
+ "form": "TwistedEdwards"
+ },
+ {
+ "name": "ed-383-mers",
+ "description": "Curve from https://eprint.iacr.org/2014/130.pdf. No generator present.",
+ "oid": null,
+ "form": "TwistedEdwards"
+ },
+ {
+ "name": "ed-384-mont",
+ "description": "Curve from https://eprint.iacr.org/2014/130.pdf. No generator present.",
+ "oid": null,
+ "form": "TwistedEdwards"
+ },
+ {
+ "name": "ed-510-mont",
+ "description": "Curve from https://eprint.iacr.org/2014/130.pdf. No generator present.",
+ "oid": null,
+ "form": "TwistedEdwards"
+ },
+ {
+ "name": "ed-511-mers",
+ "description": "Curve from https://eprint.iacr.org/2014/130.pdf. No generator present.",
+ "oid": null,
+ "form": "TwistedEdwards"
+ },
+ {
+ "name": "ed-512-mont",
+ "description": "Curve from https://eprint.iacr.org/2014/130.pdf. No generator present.",
+ "oid": null,
+ "form": "TwistedEdwards"
+ },
+ {
+ "name": "numsp256d1",
+ "description": null,
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "numsp256t1",
+ "description": null,
+ "oid": null,
+ "form": "TwistedEdwards"
+ },
+ {
+ "name": "numsp384d1",
+ "description": null,
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "numsp384t1",
+ "description": null,
+ "oid": null,
+ "form": "TwistedEdwards"
+ },
+ {
+ "name": "numsp512d1",
+ "description": null,
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "numsp512t1",
+ "description": null,
+ "oid": null,
+ "form": "TwistedEdwards"
+ },
+ {
+ "name": "w-254-mont",
+ "description": "Curve from https://eprint.iacr.org/2014/130.pdf. No generator present.",
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "w-255-mers",
+ "description": "Curve from https://eprint.iacr.org/2014/130.pdf. No generator present.",
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "w-256-mont",
+ "description": "Curve from https://eprint.iacr.org/2014/130.pdf. No generator present.",
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "w-382-mont",
+ "description": "Curve from https://eprint.iacr.org/2014/130.pdf. No generator present.",
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "w-383-mers",
+ "description": "Curve from https://eprint.iacr.org/2014/130.pdf. No generator present.",
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "w-384-mont",
+ "description": "Curve from https://eprint.iacr.org/2014/130.pdf. No generator present.",
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "w-510-mont",
+ "description": "Curve from https://eprint.iacr.org/2014/130.pdf. No generator present.",
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "w-511-mers",
+ "description": "Curve from https://eprint.iacr.org/2014/130.pdf. No generator present.",
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "w-512-mont",
+ "description": "Curve from https://eprint.iacr.org/2014/130.pdf. No generator present.",
+ "oid": null,
+ "form": "Weierstrass"
+ }
+ ]
+ },
+ {
+ "name": "oakley",
+ "description": "Oakley groups from and ",
+ "curves": [
+ {
+ "name": "192-bit Random ECP Group",
+ "description": "Defined in IETF in RFC5114",
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "224-bit Random ECP Group",
+ "description": "Defined in IETF in RFC5114",
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "256-bit Random ECP Group",
+ "description": "Defined in IETF in RFC5114",
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "384-bit Random ECP Group",
+ "description": "Defined in IETF in RFC5114",
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "521-bit Random ECP Group",
+ "description": "Defined in IETF in RFC5114",
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "Oakley Group 3",
+ "description": "Defined in IETF in RFC2409, no generator present.",
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "Oakley Group 4",
+ "description": "Defined in IETF in RFC2409, no generator present.",
+ "oid": null,
+ "form": "Weierstrass"
+ }
+ ]
+ },
+ {
+ "name": "oscaa",
+ "description": "http://gmssl.org/english.html",
+ "curves": [
+ {
+ "name": "SM2",
+ "description": null,
+ "oid": "1.2.156.10197.1.301",
+ "form": "Weierstrass"
+ }
+ ]
+ },
+ {
+ "name": "other",
+ "description": "An assortment of some other curves.",
+ "curves": [
+ {
+ "name": "BADA55-R-256",
+ "description": "BADA55 curve from the https://bada55.cr.yp.to/bada55-20150927.pdf",
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "BADA55-VPR-224",
+ "description": "BADA55 curve from the https://bada55.cr.yp.to/bada55-20150927.pdf",
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "BADA55-VPR2-224",
+ "description": "BADA55 curve from the https://bada55.cr.yp.to/bada55-20150927.pdf",
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "BADA55-VR-224",
+ "description": "BADA55 curve from the https://bada55.cr.yp.to/bada55-20150927.pdf",
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "BADA55-VR-256",
+ "description": "BADA55 curve from the https://bada55.cr.yp.to/bada55-20150927.pdf",
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "BADA55-VR-384",
+ "description": "BADA55 curve from the https://bada55.cr.yp.to/bada55-20150927.pdf",
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "Curve1174",
+ "description": "Curve from https://eprint.iacr.org/2013/325.pdf",
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "Curve22103",
+ "description": "Curve from https://github.com/relic-toolkit/relic",
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "Curve25519",
+ "description": "Curve from https://cr.yp.to/ecdh.html",
+ "oid": null,
+ "form": "Montgomery"
+ },
+ {
+ "name": "Curve383187",
+ "description": null,
+ "oid": null,
+ "form": "Montgomery"
+ },
+ {
+ "name": "Curve41417",
+ "description": "Curve from https://cr.yp.to/talks/2013.09.16/slides-djb-20130916-a4.pdf",
+ "oid": null,
+ "form": "TwistedEdwards"
+ },
+ {
+ "name": "Curve4417",
+ "description": "Curve from https://github.com/relic-toolkit/relic",
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "Curve448",
+ "description": "Curve from https://datatracker.ietf.org/doc/html/rfc7748",
+ "oid": null,
+ "form": "Montgomery"
+ },
+ {
+ "name": "Curve67254",
+ "description": "Curve from https://github.com/relic-toolkit/relic",
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "E-222",
+ "description": "Curve from https://eprint.iacr.org/2013/647.pdf",
+ "oid": null,
+ "form": "Edwards"
+ },
+ {
+ "name": "E-382",
+ "description": "Curve from https://eprint.iacr.org/2013/647.pdf",
+ "oid": null,
+ "form": "Edwards"
+ },
+ {
+ "name": "E-521",
+ "description": "Curve from https://eprint.iacr.org/2013/647.pdf",
+ "oid": null,
+ "form": "Edwards"
+ },
+ {
+ "name": "Ed25519",
+ "description": "Curve from https://ed25519.cr.yp.to",
+ "oid": null,
+ "form": "TwistedEdwards"
+ },
+ {
+ "name": "Ed448",
+ "description": "Curve from https://datatracker.ietf.org/doc/html/draft-ietf-lwig-curve-representations-23",
+ "oid": null,
+ "form": "TwistedEdwards"
+ },
+ {
+ "name": "Ed448-Goldilocks",
+ "description": "Curve from https://eprint.iacr.org/2015/625.pdf",
+ "oid": null,
+ "form": "TwistedEdwards"
+ },
+ {
+ "name": "FourQ",
+ "description": "Curve used in https://eprint.iacr.org/2015/565.pdf",
+ "oid": null,
+ "form": "TwistedEdwards"
+ },
+ {
+ "name": "Fp224BN",
+ "description": "Curve described in https://www.iso.org/standard/80241.html",
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "Fp254BNa",
+ "description": "Curve used in: https://eprint.iacr.org/2010/354.pdf",
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "Fp254BNb",
+ "description": "Curve used in https://www.iacr.org/archive/eurocrypt2011/66320047/66320047.pdf",
+ "oid": null,
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "bn",
+ "name": "bn254"
+ }
+ ]
+ },
+ {
+ "name": "Fp254n2BNa",
+ "description": "Curve used in: https://eprint.iacr.org/2010/354.pdf",
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "Fp256BN",
+ "description": "Curve described in https://www.iso.org/standard/80241.html",
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "Fp384BN",
+ "description": "Curve described in https://www.iso.org/standard/80241.html",
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "Fp512BN",
+ "description": "Curve described in https://www.iso.org/standard/80241.html",
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "JubJub",
+ "description": "JubJub curve from .",
+ "oid": null,
+ "form": "TwistedEdwards"
+ },
+ {
+ "name": "M-221",
+ "description": "Curve from https://eprint.iacr.org/2013/647.pdf",
+ "oid": null,
+ "form": "Montgomery"
+ },
+ {
+ "name": "M-383",
+ "description": "Curve from https://eprint.iacr.org/2013/647.pdf",
+ "oid": null,
+ "form": "Montgomery"
+ },
+ {
+ "name": "M-511",
+ "description": "Curve from https://eprint.iacr.org/2013/647.pdf",
+ "oid": null,
+ "form": "Montgomery"
+ },
+ {
+ "name": "MDC201601",
+ "description": "The Million Dollar Curve",
+ "oid": null,
+ "form": "Edwards"
+ },
+ {
+ "name": "Pallas",
+ "description": "Pallas curve from the [Pasta curves](https://electriccoin.co/blog/the-pasta-curves-for-halo-2-and-beyond/).",
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "Tom-256",
+ "description": "Tom-256 curve from https://eprint.iacr.org/2021/1183.pdf",
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "Tom-384",
+ "description": "Tom-384 curve from https://eprint.iacr.org/2021/1183.pdf",
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "Tom-521",
+ "description": "Tom-521 curve from https://eprint.iacr.org/2021/1183.pdf",
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "Tweedledee",
+ "description": "Tweedledee pairing friendly curve from .",
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "Tweedledum",
+ "description": "Tweedledum pairing friendly curve from .",
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "Vesta",
+ "description": "Vesta curve from the [Pasta curves](https://electriccoin.co/blog/the-pasta-curves-for-halo-2-and-beyond/).",
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "ssc-160",
+ "description": "A prime order curve from MIRACL: https://github.com/miracl/MIRACL/blob/master/docs/miracl-explained/miracl-standard-curves.md. Has no generator specified.",
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "ssc-192",
+ "description": "A prime order curve from MIRACL: https://github.com/miracl/MIRACL/blob/master/docs/miracl-explained/miracl-standard-curves.md. Has no generator specified.",
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "ssc-224",
+ "description": "A prime order curve from MIRACL: https://github.com/miracl/MIRACL/blob/master/docs/miracl-explained/miracl-standard-curves.md. Has no generator specified.",
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "ssc-256",
+ "description": "A prime order curve from MIRACL: https://github.com/miracl/MIRACL/blob/master/docs/miracl-explained/miracl-standard-curves.md. Has no generator specified.",
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "ssc-288",
+ "description": "A prime order curve from MIRACL: https://github.com/miracl/MIRACL/blob/master/docs/miracl-explained/miracl-standard-curves.md. Has no generator specified.",
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "ssc-320",
+ "description": "A prime order curve from MIRACL: https://github.com/miracl/MIRACL/blob/master/docs/miracl-explained/miracl-standard-curves.md. Has no generator specified.",
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "ssc-384",
+ "description": "A prime order curve from MIRACL: https://github.com/miracl/MIRACL/blob/master/docs/miracl-explained/miracl-standard-curves.md. Has no generator specified.",
+ "oid": null,
+ "form": "Weierstrass"
+ },
+ {
+ "name": "ssc-512",
+ "description": "A prime order curve from MIRACL: https://github.com/miracl/MIRACL/blob/master/docs/miracl-explained/miracl-standard-curves.md. Has no generator specified.",
+ "oid": null,
+ "form": "Weierstrass"
+ }
+ ]
+ },
+ {
+ "name": "secg",
+ "description": "SEC 2: Recommended Elliptic Curve Domain Parameters version 2.0 January 27, 2010",
+ "curves": [
+ {
+ "name": "secp112r1",
+ "description": "A randomly generated curve. [SEC2v1](https://www.secg.org/SEC2-Ver-1.0.pdf) states 'E was chosen verifiably at random as specified in ANSI X9.62 [1] from the seed'.",
+ "oid": "1.3.132.0.6",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "wtls",
+ "name": "wap-wsg-idm-ecid-wtls6"
+ }
+ ]
+ },
+ {
+ "name": "secp112r2",
+ "description": "A randomly generated curve. [SEC2v1](https://www.secg.org/SEC2-Ver-1.0.pdf) states 'E was chosen verifiably at random as specified in ANSI X9.62 [1] from the seed'.",
+ "oid": "1.3.132.0.7",
+ "form": "Weierstrass"
+ },
+ {
+ "name": "secp128r1",
+ "description": "A randomly generated curve. [SEC2v1](https://www.secg.org/SEC2-Ver-1.0.pdf) states 'E was chosen verifiably at random as specified in ANSI X9.62 [1] from the seed'.",
+ "oid": "1.3.132.0.28",
+ "form": "Weierstrass"
+ },
+ {
+ "name": "secp128r2",
+ "description": "A randomly generated curve. [SEC2v1](https://www.secg.org/SEC2-Ver-1.0.pdf) states 'E was chosen verifiably at random as specified in ANSI X9.62 [1] from the seed'.",
+ "oid": "1.3.132.0.29",
+ "form": "Weierstrass"
+ },
+ {
+ "name": "secp160k1",
+ "description": "A Koblitz curve.",
+ "oid": "1.3.132.0.9",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "x963",
+ "name": "ansip160k1"
+ }
+ ]
+ },
+ {
+ "name": "secp160r1",
+ "description": "A randomly generated curve. [SEC2v1](https://www.secg.org/SEC2-Ver-1.0.pdf) states 'E was chosen verifiably at random as specified in ANSI X9.62 [1] from the seed'.",
+ "oid": "1.3.132.0.8",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "wtls",
+ "name": "wap-wsg-idm-ecid-wtls7"
+ },
+ {
+ "category": "x963",
+ "name": "ansip160r1"
+ }
+ ]
+ },
+ {
+ "name": "secp160r2",
+ "description": "A randomly generated curve. [SEC2v1](https://www.secg.org/SEC2-Ver-1.0.pdf) states 'E was chosen verifiably at random as specified in ANSI X9.62 [1] from the seed'.",
+ "oid": "1.3.132.0.30",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "x963",
+ "name": "ansip160r2"
+ }
+ ]
+ },
+ {
+ "name": "secp192k1",
+ "description": "A Koblitz curve.",
+ "oid": "1.3.132.0.31",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "x963",
+ "name": "ansip192k1"
+ }
+ ]
+ },
+ {
+ "name": "secp192r1",
+ "description": "A randomly generated curve. [SEC2v1](https://www.secg.org/SEC2-Ver-1.0.pdf) states 'E was chosen verifiably at random as specified in ANSI X9.62 [1] from the seed'.",
+ "oid": "1.2.840.10045.3.1.1",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "nist",
+ "name": "P-192"
+ },
+ {
+ "category": "x962",
+ "name": "prime192v1"
+ }
+ ]
+ },
+ {
+ "name": "secp224k1",
+ "description": "A Koblitz curve.",
+ "oid": "1.3.132.0.32",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "x963",
+ "name": "ansip224k1"
+ }
+ ]
+ },
+ {
+ "name": "secp224r1",
+ "description": "A randomly generated curve. [SEC2v1](https://www.secg.org/SEC2-Ver-1.0.pdf) states 'E was chosen verifiably at random as specified in ANSI X9.62 [1] from the seed'.",
+ "oid": "1.3.132.0.33",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "nist",
+ "name": "P-224"
+ },
+ {
+ "category": "wtls",
+ "name": "wap-wsg-idm-ecid-wtls12"
+ },
+ {
+ "category": "x963",
+ "name": "ansip224r1"
+ }
+ ]
+ },
+ {
+ "name": "secp256k1",
+ "description": "A Koblitz curve.",
+ "oid": "1.3.132.0.10",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "x963",
+ "name": "ansip256k1"
+ }
+ ]
+ },
+ {
+ "name": "secp256r1",
+ "description": "A randomly generated curve. [SEC2v1](https://www.secg.org/SEC2-Ver-1.0.pdf) states 'E was chosen verifiably at random as specified in ANSI X9.62 [1] from the seed'.",
+ "oid": "1.2.840.10045.3.1.7",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "nist",
+ "name": "P-256"
+ },
+ {
+ "category": "x962",
+ "name": "prime256v1"
+ }
+ ]
+ },
+ {
+ "name": "secp384r1",
+ "description": null,
+ "oid": "1.3.132.0.34",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "nist",
+ "name": "P-384"
+ },
+ {
+ "category": "x963",
+ "name": "ansip384r1"
+ }
+ ]
+ },
+ {
+ "name": "secp521r1",
+ "description": null,
+ "oid": "1.3.132.0.35",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "nist",
+ "name": "P-521"
+ },
+ {
+ "category": "x963",
+ "name": "ansip521r1"
+ }
+ ]
+ },
+ {
+ "name": "sect113r1",
+ "description": null,
+ "oid": "1.3.132.0.4",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "wtls",
+ "name": "wap-wsg-idm-ecid-wtls4"
+ }
+ ]
+ },
+ {
+ "name": "sect113r2",
+ "description": null,
+ "oid": "1.3.132.0.5",
+ "form": "Weierstrass"
+ },
+ {
+ "name": "sect131r1",
+ "description": null,
+ "oid": "1.3.132.0.22",
+ "form": "Weierstrass"
+ },
+ {
+ "name": "sect131r2",
+ "description": null,
+ "oid": "1.3.132.0.23",
+ "form": "Weierstrass"
+ },
+ {
+ "name": "sect163k1",
+ "description": null,
+ "oid": "1.3.132.0.1",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "nist",
+ "name": "K-163"
+ },
+ {
+ "category": "x963",
+ "name": "ansit163k1"
+ },
+ {
+ "category": "wtls",
+ "name": "wap-wsg-idm-ecid-wtls3"
+ }
+ ]
+ },
+ {
+ "name": "sect163r1",
+ "description": "A randomly generated curve, using the SECG/X9.62 method. 'However for historical reasons the method used to generate E from S differs slightly from the method described in ANSI X9.62 [X9.62]. Specifically the coefficient b produced from S is the reverse of the coefficient that would have been produced by the method described in ANSI X9.62.'",
+ "oid": "1.3.132.0.2",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "x963",
+ "name": "ansit163r1"
+ }
+ ]
+ },
+ {
+ "name": "sect163r2",
+ "description": "A randomly generated curve. 'E was selected from S as specified in ANSI X9.62 [X9.62] in normal basis representation and converted into polynomial basis representation.'",
+ "oid": "1.3.132.0.15",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "nist",
+ "name": "B-163"
+ },
+ {
+ "category": "x963",
+ "name": "ansit163r2"
+ }
+ ]
+ },
+ {
+ "name": "sect193r1",
+ "description": null,
+ "oid": "1.3.132.0.24",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "x963",
+ "name": "ansit193r1"
+ }
+ ]
+ },
+ {
+ "name": "sect193r2",
+ "description": null,
+ "oid": "1.3.132.0.25",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "x963",
+ "name": "ansit193r2"
+ }
+ ]
+ },
+ {
+ "name": "sect233k1",
+ "description": null,
+ "oid": "1.3.132.0.26",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "nist",
+ "name": "K-233"
+ },
+ {
+ "category": "wtls",
+ "name": "wap-wsg-idm-ecid-wtls10"
+ },
+ {
+ "category": "x963",
+ "name": "ansit233k1"
+ }
+ ]
+ },
+ {
+ "name": "sect233r1",
+ "description": null,
+ "oid": "1.3.132.0.27",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "nist",
+ "name": "B-233"
+ },
+ {
+ "category": "wtls",
+ "name": "wap-wsg-idm-ecid-wtls11"
+ },
+ {
+ "category": "x963",
+ "name": "ansit233r1"
+ }
+ ]
+ },
+ {
+ "name": "sect239k1",
+ "description": null,
+ "oid": "1.3.132.0.3",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "x963",
+ "name": "ansit239k1"
+ }
+ ]
+ },
+ {
+ "name": "sect283k1",
+ "description": null,
+ "oid": "1.3.132.0.16",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "nist",
+ "name": "K-283"
+ },
+ {
+ "category": "x963",
+ "name": "ansit283k1"
+ }
+ ]
+ },
+ {
+ "name": "sect283r1",
+ "description": null,
+ "oid": "1.3.132.0.17",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "nist",
+ "name": "B-283"
+ },
+ {
+ "category": "x963",
+ "name": "ansit283r1"
+ }
+ ]
+ },
+ {
+ "name": "sect409k1",
+ "description": null,
+ "oid": "1.3.132.0.36",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "nist",
+ "name": "K-409"
+ },
+ {
+ "category": "x963",
+ "name": "ansit409k1"
+ }
+ ]
+ },
+ {
+ "name": "sect409r1",
+ "description": null,
+ "oid": "1.3.132.0.37",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "nist",
+ "name": "B-409"
+ },
+ {
+ "category": "x963",
+ "name": "ansit409r1"
+ }
+ ]
+ },
+ {
+ "name": "sect571k1",
+ "description": null,
+ "oid": "1.3.132.0.38",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "nist",
+ "name": "K-571"
+ },
+ {
+ "category": "x963",
+ "name": "ansit571k1"
+ }
+ ]
+ },
+ {
+ "name": "sect571r1",
+ "description": null,
+ "oid": "1.3.132.0.39",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "nist",
+ "name": "B-571"
+ },
+ {
+ "category": "x963",
+ "name": "ansit571r1"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "name": "wtls",
+ "description": "Wireless Application Protocol - Wireless Transport Layer Security (WAP-WTLS) curves: ",
+ "curves": [
+ {
+ "name": "wap-wsg-idm-ecid-wtls1",
+ "description": null,
+ "oid": "2.23.43.1.4.1",
+ "form": "Weierstrass"
+ },
+ {
+ "name": "wap-wsg-idm-ecid-wtls10",
+ "description": null,
+ "oid": "2.23.43.1.4.10",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "secg",
+ "name": "sect233k1"
+ },
+ {
+ "category": "nist",
+ "name": "K-233"
+ },
+ {
+ "category": "x963",
+ "name": "ansit233k1"
+ }
+ ]
+ },
+ {
+ "name": "wap-wsg-idm-ecid-wtls11",
+ "description": null,
+ "oid": "2.23.43.1.4.11",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "secg",
+ "name": "sect233r1"
+ },
+ {
+ "category": "nist",
+ "name": "B-233"
+ },
+ {
+ "category": "x963",
+ "name": "ansit233r1"
+ }
+ ]
+ },
+ {
+ "name": "wap-wsg-idm-ecid-wtls12",
+ "description": null,
+ "oid": "2.23.43.1.4.12",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "secg",
+ "name": "secp224r1"
+ },
+ {
+ "category": "nist",
+ "name": "P-224"
+ },
+ {
+ "category": "x963",
+ "name": "ansip224r1"
+ }
+ ]
+ },
+ {
+ "name": "wap-wsg-idm-ecid-wtls3",
+ "description": null,
+ "oid": "2.23.43.1.4.3",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "nist",
+ "name": "K-163"
+ },
+ {
+ "category": "secg",
+ "name": "sect163k1"
+ },
+ {
+ "category": "x963",
+ "name": "ansit163k1"
+ }
+ ]
+ },
+ {
+ "name": "wap-wsg-idm-ecid-wtls4",
+ "description": null,
+ "oid": "2.23.43.1.4.4",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "secg",
+ "name": "sect113r1"
+ }
+ ]
+ },
+ {
+ "name": "wap-wsg-idm-ecid-wtls5",
+ "description": null,
+ "oid": "2.23.43.1.4.5",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "x962",
+ "name": "c2pnb163v1"
+ }
+ ]
+ },
+ {
+ "name": "wap-wsg-idm-ecid-wtls6",
+ "description": null,
+ "oid": "2.23.43.1.4.6",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "secg",
+ "name": "secp112r1"
+ }
+ ]
+ },
+ {
+ "name": "wap-wsg-idm-ecid-wtls7",
+ "description": null,
+ "oid": "2.23.43.1.4.7",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "secg",
+ "name": "secp160r1"
+ },
+ {
+ "category": "x963",
+ "name": "ansip160r1"
+ }
+ ]
+ },
+ {
+ "name": "wap-wsg-idm-ecid-wtls8",
+ "description": null,
+ "oid": "2.23.43.1.4.8",
+ "form": "Weierstrass"
+ },
+ {
+ "name": "wap-wsg-idm-ecid-wtls9",
+ "description": null,
+ "oid": "2.23.43.1.4.9",
+ "form": "Weierstrass"
+ }
+ ]
+ },
+ {
+ "name": "x962",
+ "description": "ANSI x9.62 example curves.",
+ "curves": [
+ {
+ "name": "c2onb191v4",
+ "description": "A binary-field curve in optimal normal basis",
+ "oid": "1.2.840.10045.3.0.8",
+ "form": "Weierstrass"
+ },
+ {
+ "name": "c2onb191v5",
+ "description": "A binary-field curve in optimal normal basis",
+ "oid": "1.2.840.10045.3.0.9",
+ "form": "Weierstrass"
+ },
+ {
+ "name": "c2onb239v4",
+ "description": "A binary-field curve in optimal normal basis",
+ "oid": "1.2.840.10045.3.0.14",
+ "form": "Weierstrass"
+ },
+ {
+ "name": "c2onb239v5",
+ "description": "A binary-field curve in optimal normal basis",
+ "oid": "1.2.840.10045.3.0.15",
+ "form": "Weierstrass"
+ },
+ {
+ "name": "c2pnb163v1",
+ "description": null,
+ "oid": "1.2.840.10045.3.0.1",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "wtls",
+ "name": "wap-wsg-idm-ecid-wtls5"
+ }
+ ]
+ },
+ {
+ "name": "c2pnb163v2",
+ "description": null,
+ "oid": "1.2.840.10045.3.0.2",
+ "form": "Weierstrass"
+ },
+ {
+ "name": "c2pnb163v3",
+ "description": null,
+ "oid": "1.2.840.10045.3.0.3",
+ "form": "Weierstrass"
+ },
+ {
+ "name": "c2pnb176w1",
+ "description": null,
+ "oid": "1.2.840.10045.3.0.4",
+ "form": "Weierstrass"
+ },
+ {
+ "name": "c2pnb208w1",
+ "description": null,
+ "oid": "1.2.840.10045.3.0.10",
+ "form": "Weierstrass"
+ },
+ {
+ "name": "c2pnb272w1",
+ "description": null,
+ "oid": "1.2.840.10045.3.0.16",
+ "form": "Weierstrass"
+ },
+ {
+ "name": "c2pnb304w1",
+ "description": null,
+ "oid": "1.2.840.10045.3.0.17",
+ "form": "Weierstrass"
+ },
+ {
+ "name": "c2pnb368w1",
+ "description": null,
+ "oid": "1.2.840.10045.3.0.19",
+ "form": "Weierstrass"
+ },
+ {
+ "name": "c2tnb191v1",
+ "description": null,
+ "oid": "1.2.840.10045.3.0.5",
+ "form": "Weierstrass"
+ },
+ {
+ "name": "c2tnb191v2",
+ "description": null,
+ "oid": "1.2.840.10045.3.0.6",
+ "form": "Weierstrass"
+ },
+ {
+ "name": "c2tnb191v3",
+ "description": null,
+ "oid": "1.2.840.10045.3.0.7",
+ "form": "Weierstrass"
+ },
+ {
+ "name": "c2tnb239v1",
+ "description": null,
+ "oid": "1.2.840.10045.3.0.11",
+ "form": "Weierstrass"
+ },
+ {
+ "name": "c2tnb239v2",
+ "description": null,
+ "oid": "1.2.840.10045.3.0.12",
+ "form": "Weierstrass"
+ },
+ {
+ "name": "c2tnb239v3",
+ "description": null,
+ "oid": "1.2.840.10045.3.0.13",
+ "form": "Weierstrass"
+ },
+ {
+ "name": "c2tnb359v1",
+ "description": null,
+ "oid": "1.2.840.10045.3.0.18",
+ "form": "Weierstrass"
+ },
+ {
+ "name": "c2tnb431r1",
+ "description": null,
+ "oid": "1.2.840.10045.3.0.20",
+ "form": "Weierstrass"
+ },
+ {
+ "name": "prime192v1",
+ "description": null,
+ "oid": "1.2.840.10045.3.1.1",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "secg",
+ "name": "secp192r1"
+ },
+ {
+ "category": "nist",
+ "name": "P-192"
+ }
+ ]
+ },
+ {
+ "name": "prime192v2",
+ "description": null,
+ "oid": "1.2.840.10045.3.1.2",
+ "form": "Weierstrass"
+ },
+ {
+ "name": "prime192v3",
+ "description": null,
+ "oid": "1.2.840.10045.3.1.3",
+ "form": "Weierstrass"
+ },
+ {
+ "name": "prime239v1",
+ "description": null,
+ "oid": "1.2.840.10045.3.1.4",
+ "form": "Weierstrass"
+ },
+ {
+ "name": "prime239v2",
+ "description": null,
+ "oid": "1.2.840.10045.3.1.5",
+ "form": "Weierstrass"
+ },
+ {
+ "name": "prime239v3",
+ "description": null,
+ "oid": "1.2.840.10045.3.1.6",
+ "form": "Weierstrass"
+ },
+ {
+ "name": "prime256v1",
+ "description": null,
+ "oid": "1.2.840.10045.3.1.7",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "secg",
+ "name": "secp256r1"
+ },
+ {
+ "category": "nist",
+ "name": "P-256"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "name": "x963",
+ "description": "ANSI x9.63 example curves.",
+ "curves": [
+ {
+ "name": "ansip160k1",
+ "description": null,
+ "oid": "1.3.132.0.9",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "secg",
+ "name": "secp160k1"
+ }
+ ]
+ },
+ {
+ "name": "ansip160r1",
+ "description": null,
+ "oid": "1.3.132.0.8",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "secg",
+ "name": "secp160r1"
+ },
+ {
+ "category": "wtls",
+ "name": "wap-wsg-idm-ecid-wtls7"
+ }
+ ]
+ },
+ {
+ "name": "ansip160r2",
+ "description": null,
+ "oid": "1.3.132.0.30",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "secg",
+ "name": "secp160r2"
+ }
+ ]
+ },
+ {
+ "name": "ansip192k1",
+ "description": null,
+ "oid": "1.3.132.0.31",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "secg",
+ "name": "secp192k1"
+ }
+ ]
+ },
+ {
+ "name": "ansip224k1",
+ "description": null,
+ "oid": "1.3.132.0.32",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "secg",
+ "name": "secp224k1"
+ }
+ ]
+ },
+ {
+ "name": "ansip224r1",
+ "description": null,
+ "oid": "1.3.132.0.33",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "wtls",
+ "name": "wap-wsg-idm-ecid-wtls12"
+ },
+ {
+ "category": "nist",
+ "name": "P-224"
+ },
+ {
+ "category": "secg",
+ "name": "secp224r1"
+ }
+ ]
+ },
+ {
+ "name": "ansip256k1",
+ "description": null,
+ "oid": "1.3.132.0.10",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "secg",
+ "name": "secp256k1"
+ }
+ ]
+ },
+ {
+ "name": "ansip384r1",
+ "description": null,
+ "oid": "1.3.132.0.34",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "secg",
+ "name": "secp384r1"
+ },
+ {
+ "category": "nist",
+ "name": "P-384"
+ }
+ ]
+ },
+ {
+ "name": "ansip521r1",
+ "description": null,
+ "oid": "1.3.132.0.35",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "secg",
+ "name": "secp521r1"
+ },
+ {
+ "category": "nist",
+ "name": "P-521"
+ }
+ ]
+ },
+ {
+ "name": "ansit163k1",
+ "description": null,
+ "oid": "1.3.132.0.1",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "secg",
+ "name": "sect163k1"
+ },
+ {
+ "category": "nist",
+ "name": "k-163"
+ },
+ {
+ "category": "wtls",
+ "name": "wap-wsg-idm-ecid-wtls3"
+ }
+ ]
+ },
+ {
+ "name": "ansit163r1",
+ "description": null,
+ "oid": "1.3.132.0.2",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "secg",
+ "name": "sect163r1"
+ }
+ ]
+ },
+ {
+ "name": "ansit163r2",
+ "description": null,
+ "oid": "1.3.132.0.15",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "secg",
+ "name": "sect163r2"
+ },
+ {
+ "category": "nist",
+ "name": "B-163"
+ }
+ ]
+ },
+ {
+ "name": "ansit193r1",
+ "description": null,
+ "oid": "1.3.132.0.24",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "secg",
+ "name": "sect193r1"
+ }
+ ]
+ },
+ {
+ "name": "ansit193r2",
+ "description": null,
+ "oid": "1.3.132.0.25",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "secg",
+ "name": "sect193r2"
+ }
+ ]
+ },
+ {
+ "name": "ansit233k1",
+ "description": null,
+ "oid": "1.3.132.0.26",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "secg",
+ "name": "sect233k1"
+ },
+ {
+ "category": "nist",
+ "name": "K-233"
+ },
+ {
+ "category": "wtls",
+ "name": "wap-wsg-idm-ecid-wtls10"
+ }
+ ]
+ },
+ {
+ "name": "ansit233r1",
+ "description": null,
+ "oid": "1.3.132.0.27",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "wtls",
+ "name": "wap-wsg-idm-ecid-wtls11"
+ },
+ {
+ "category": "nist",
+ "name": "B-233"
+ },
+ {
+ "category": "secg",
+ "name": "sect233r1"
+ }
+ ]
+ },
+ {
+ "name": "ansit239k1",
+ "description": null,
+ "oid": "1.3.132.0.3",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "secg",
+ "name": "sect239k1"
+ }
+ ]
+ },
+ {
+ "name": "ansit283k1",
+ "description": null,
+ "oid": "1.3.132.0.16",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "nist",
+ "name": "K-283"
+ },
+ {
+ "category": "secg",
+ "name": "sect283k1"
+ }
+ ]
+ },
+ {
+ "name": "ansit283r1",
+ "description": null,
+ "oid": "1.3.132.0.17",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "nist",
+ "name": "B-283"
+ },
+ {
+ "category": "secg",
+ "name": "sect283r1"
+ }
+ ]
+ },
+ {
+ "name": "ansit409k1",
+ "description": null,
+ "oid": "1.3.132.0.36",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "nist",
+ "name": "K-409"
+ },
+ {
+ "category": "secg",
+ "name": "sect409k1"
+ }
+ ]
+ },
+ {
+ "name": "ansit409r1",
+ "description": null,
+ "oid": "1.3.132.0.37",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "nist",
+ "name": "B-409"
+ },
+ {
+ "category": "secg",
+ "name": "sect409r1"
+ }
+ ]
+ },
+ {
+ "name": "ansit571k1",
+ "description": null,
+ "oid": "1.3.132.0.38",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "nist",
+ "name": "K-571"
+ },
+ {
+ "category": "secg",
+ "name": "sect571k1"
+ }
+ ]
+ },
+ {
+ "name": "ansit571r1",
+ "description": null,
+ "oid": "1.3.132.0.39",
+ "form": "Weierstrass",
+ "aliases": [
+ {
+ "category": "nist",
+ "name": "B-571"
+ },
+ {
+ "category": "secg",
+ "name": "sect571r1"
+ }
+ ]
+ }
+ ]
+ }
+ ]
+}
diff --git a/schema/cryptography-defs.schema.json b/schema/cryptography-defs.schema.json
new file mode 100644
index 00000000..58f4247f
--- /dev/null
+++ b/schema/cryptography-defs.schema.json
@@ -0,0 +1,546 @@
+{
+ "$schema": "http://json-schema.org/draft-07/schema#",
+ "$id": "http://cyclonedx.org/schema/cryptography-defs.schema.json",
+ "$comment": "2025-06-30T20:56:28.764708",
+ "title": "Cryptographic Algorithm Family Definitions",
+ "description": "Enumerates cryptographic algorithm families and their specific metadata.",
+ "type": "object",
+ "additionalProperties": false,
+ "properties": {
+ "$schema": {
+ "type": "string"
+ },
+ "lastUpdated": {
+ "type": "string",
+ "format": "date-time",
+ "title": "Last Updated",
+ "description": "The date and time (timestamp) when the data was last updated."
+ },
+ "algorithms": {
+ "type": "array",
+ "title": "Algorithm Families",
+ "description": "An array of cryptographic algorithm family definitions.",
+ "items": {
+ "type": "object",
+ "title": "Algorithm Family",
+ "description": "Defines a cryptographic algorithm family and its metadata.",
+ "additionalProperties": false,
+ "properties": {
+ "family": {
+ "type": "string",
+ "title": "Algorithm Family",
+ "description": "The name of the cryptographic algorithm family."
+ },
+ "standard": {
+ "type": "array",
+ "title": "Standards",
+ "description": "List of standards defining or relating to the algorithm family.",
+ "items": {
+ "type": "object",
+ "title": "Standard Reference",
+ "description": "Reference to a standard, including its name and URL.",
+ "additionalProperties": false,
+ "properties": {
+ "name": {
+ "type": "string",
+ "title": "Standard Name",
+ "description": "The name or identifier of the standard."
+ },
+ "url": {
+ "type": "string",
+ "format": "iri-reference",
+ "title": "Standard URL",
+ "description": "A URL pointing to the standard's official documentation."
+ }
+ },
+ "required": [
+ "name",
+ "url"
+ ]
+ }
+ },
+ "variant": {
+ "type": "array",
+ "title": "Variants",
+ "description": "Defines algorithm variants by a naming pattern and the corresponding cryptographic primitive.",
+ "items": {
+ "type": "object",
+ "title": "Standard Reference",
+ "description": "Reference to a standard, including its name and URL.",
+ "additionalProperties": false,
+ "properties": {
+ "pattern": {
+ "type": "string",
+ "title": "Standard Name",
+ "description": "Defines the pattern used to construct the complete algorithm name. Placeholders are defined by {} for algorithm-specific properties."
+ },
+ "primitive": {
+ "type": "string",
+ "title": "Primitive",
+ "description": "Type of cryptographic primitive (e.g., signature, encryption, hash)."
+ },
+ "standard": {
+ "type": "array",
+ "title": "Standards",
+ "description": "List of standards defining or relating to the algorithm variant.",
+ "items": {
+ "type": "object",
+ "title": "Standard Reference",
+ "description": "Reference to a standard, including its name and URL.",
+ "additionalProperties": false,
+ "properties": {
+ "name": {
+ "type": "string",
+ "title": "Standard Name",
+ "description": "The name or identifier of the standard."
+ },
+ "url": {
+ "type": "string",
+ "format": "iri-reference",
+ "title": "Standard URL",
+ "description": "A URL pointing to the standard's official documentation."
+ }
+ },
+ "required": [
+ "name",
+ "url"
+ ]
+ }
+ }
+ },
+ "required": [
+ "pattern",
+ "primitive"
+ ]
+ }
+ }
+ },
+ "required": [
+ "family",
+ "variant"
+ ]
+ }
+ },
+ "ellipticCurves": {
+ "type": "array",
+ "title": "Elliptic Curves",
+ "description": "An array of elliptic curve family definitions.",
+ "items": {
+ "type": "object",
+ "title": "Elliptic Curve Family",
+ "description": "Defines an elliptic curve family and its metadata.",
+ "additionalProperties": false,
+ "properties": {
+ "name": {
+ "type": "string",
+ "title": "Curve Family Name",
+ "description": "The name of the elliptic curve family."
+ },
+ "description": {
+ "type": [
+ "string",
+ "null"
+ ],
+ "title": "Description",
+ "description": "A description of the elliptic curve family."
+ },
+ "curves": {
+ "type": "array",
+ "title": "Curves",
+ "description": "List of curves in this family.",
+ "items": {
+ "type": "object",
+ "title": "Curve",
+ "description": "Defines a specific elliptic curve and its metadata.",
+ "additionalProperties": false,
+ "properties": {
+ "name": {
+ "type": "string",
+ "title": "Curve Name",
+ "description": "The name of the elliptic curve."
+ },
+ "description": {
+ "type": [
+ "string",
+ "null"
+ ],
+ "title": "Description",
+ "description": "A description of the elliptic curve."
+ },
+ "oid": {
+ "type": [
+ "string",
+ "null"
+ ],
+ "title": "OID",
+ "description": "The Object Identifier (OID) of the elliptic curve."
+ },
+ "form": {
+ "type": "string",
+ "title": "Form",
+ "description": "The form of the elliptic curve.",
+ "enum": [
+ "Weierstrass",
+ "Edwards",
+ "TwistedEdwards",
+ "Montgomery"
+ ]
+ },
+ "aliases": {
+ "type": "array",
+ "title": "Aliases",
+ "description": "List of aliases for this curve.",
+ "items": {
+ "type": "object",
+ "title": "Alias",
+ "description": "An alias for the curve.",
+ "additionalProperties": false,
+ "properties": {
+ "category": {
+ "type": "string",
+ "title": "Category",
+ "description": "The category of the alias."
+ },
+ "name": {
+ "type": "string",
+ "title": "Name",
+ "description": "The name of the alias."
+ }
+ },
+ "required": [
+ "category",
+ "name"
+ ]
+ }
+ }
+ },
+ "required": [
+ "name",
+ "description",
+ "oid",
+ "form"
+ ]
+ }
+ }
+ },
+ "required": [
+ "name",
+ "description",
+ "curves"
+ ]
+ }
+ }
+ },
+ "required": [
+ "lastUpdated",
+ "algorithms",
+ "ellipticCurves"
+ ],
+ "definitions": {
+ "algorithmFamiliesEnum": {
+ "type": "string",
+ "title": "Algorithm Families",
+ "description": "An enum for the algorithm families.",
+ "enum": [
+ "3DES",
+ "AES",
+ "ARIA",
+ "BLAKE2b",
+ "BLS",
+ "Blowfish",
+ "CAMELLIA",
+ "CMAC",
+ "ChaCha",
+ "ChaCha20",
+ "DES",
+ "DSA",
+ "ECDH",
+ "ECDSA",
+ "EdDSA",
+ "FFDH",
+ "GOST",
+ "HKDF",
+ "HMAC",
+ "HashML-DSA",
+ "HashSLH-DSA",
+ "IDEA",
+ "IKE-PRF",
+ "KMAC",
+ "LMS",
+ "MD4",
+ "MD5",
+ "ML-DSA",
+ "ML-KEM",
+ "PKCS12-PBEA",
+ "PKCS5-PBE",
+ "Poly1305",
+ "RC2",
+ "RC4",
+ "RSAES-OAEP",
+ "RSAES-PKCS1",
+ "RSASSA-PKCS1",
+ "RSASSA-PSS",
+ "SEED",
+ "SHA-1",
+ "SHA-2",
+ "SHA-3",
+ "SP800-108",
+ "Salsa20",
+ "Twofish",
+ "X3DH",
+ "XMSS"
+ ]
+ },
+ "ellipticCurvesEnum": {
+ "type": "string",
+ "enum": [
+ "anssi/FRP256v1",
+ "bls/BLS12-377",
+ "bls/BLS12-381",
+ "bls/BLS12-446",
+ "bls/BLS12-455",
+ "bls/BLS12-638",
+ "bls/BLS24-477",
+ "bls/Bandersnatch",
+ "bn/bn158",
+ "bn/bn190",
+ "bn/bn222",
+ "bn/bn254",
+ "bn/bn286",
+ "bn/bn318",
+ "bn/bn350",
+ "bn/bn382",
+ "bn/bn414",
+ "bn/bn446",
+ "bn/bn478",
+ "bn/bn510",
+ "bn/bn542",
+ "bn/bn574",
+ "bn/bn606",
+ "bn/bn638",
+ "brainpool/brainpoolP160r1",
+ "brainpool/brainpoolP160t1",
+ "brainpool/brainpoolP192r1",
+ "brainpool/brainpoolP192t1",
+ "brainpool/brainpoolP224r1",
+ "brainpool/brainpoolP224t1",
+ "brainpool/brainpoolP256r1",
+ "brainpool/brainpoolP256t1",
+ "brainpool/brainpoolP320r1",
+ "brainpool/brainpoolP320t1",
+ "brainpool/brainpoolP384r1",
+ "brainpool/brainpoolP384t1",
+ "brainpool/brainpoolP512r1",
+ "brainpool/brainpoolP512t1",
+ "gost/gost256",
+ "gost/gost512",
+ "gost/id-GostR3410-2001-CryptoPro-A-ParamSet",
+ "gost/id-GostR3410-2001-CryptoPro-B-ParamSet",
+ "gost/id-GostR3410-2001-CryptoPro-C-ParamSet",
+ "gost/id-tc26-gost-3410-12-512-paramSetA",
+ "gost/id-tc26-gost-3410-12-512-paramSetB",
+ "gost/id-tc26-gost-3410-2012-256-paramSetA",
+ "gost/id-tc26-gost-3410-2012-512-paramSetC",
+ "mnt/mnt1",
+ "mnt/mnt2/1",
+ "mnt/mnt2/2",
+ "mnt/mnt3/1",
+ "mnt/mnt3/2",
+ "mnt/mnt3/3",
+ "mnt/mnt4",
+ "mnt/mnt5/1",
+ "mnt/mnt5/2",
+ "mnt/mnt5/3",
+ "nist/B-163",
+ "nist/B-233",
+ "nist/B-283",
+ "nist/B-409",
+ "nist/B-571",
+ "nist/K-163",
+ "nist/K-233",
+ "nist/K-283",
+ "nist/K-409",
+ "nist/K-571",
+ "nist/P-192",
+ "nist/P-224",
+ "nist/P-256",
+ "nist/P-384",
+ "nist/P-521",
+ "nums/ed-254-mont",
+ "nums/ed-255-mers",
+ "nums/ed-256-mont",
+ "nums/ed-382-mont",
+ "nums/ed-383-mers",
+ "nums/ed-384-mont",
+ "nums/ed-510-mont",
+ "nums/ed-511-mers",
+ "nums/ed-512-mont",
+ "nums/numsp256d1",
+ "nums/numsp256t1",
+ "nums/numsp384d1",
+ "nums/numsp384t1",
+ "nums/numsp512d1",
+ "nums/numsp512t1",
+ "nums/w-254-mont",
+ "nums/w-255-mers",
+ "nums/w-256-mont",
+ "nums/w-382-mont",
+ "nums/w-383-mers",
+ "nums/w-384-mont",
+ "nums/w-510-mont",
+ "nums/w-511-mers",
+ "nums/w-512-mont",
+ "oakley/192-bit Random ECP Group",
+ "oakley/224-bit Random ECP Group",
+ "oakley/256-bit Random ECP Group",
+ "oakley/384-bit Random ECP Group",
+ "oakley/521-bit Random ECP Group",
+ "oakley/Oakley Group 3",
+ "oakley/Oakley Group 4",
+ "oscaa/SM2",
+ "other/BADA55-R-256",
+ "other/BADA55-VPR-224",
+ "other/BADA55-VPR2-224",
+ "other/BADA55-VR-224",
+ "other/BADA55-VR-256",
+ "other/BADA55-VR-384",
+ "other/Curve1174",
+ "other/Curve22103",
+ "other/Curve25519",
+ "other/Curve383187",
+ "other/Curve41417",
+ "other/Curve4417",
+ "other/Curve448",
+ "other/Curve67254",
+ "other/E-222",
+ "other/E-382",
+ "other/E-521",
+ "other/Ed25519",
+ "other/Ed448",
+ "other/Ed448-Goldilocks",
+ "other/FourQ",
+ "other/Fp224BN",
+ "other/Fp254BNa",
+ "other/Fp254BNb",
+ "other/Fp254n2BNa",
+ "other/Fp256BN",
+ "other/Fp384BN",
+ "other/Fp512BN",
+ "other/JubJub",
+ "other/M-221",
+ "other/M-383",
+ "other/M-511",
+ "other/MDC201601",
+ "other/Pallas",
+ "other/Tom-256",
+ "other/Tom-384",
+ "other/Tom-521",
+ "other/Tweedledee",
+ "other/Tweedledum",
+ "other/Vesta",
+ "other/ssc-160",
+ "other/ssc-192",
+ "other/ssc-224",
+ "other/ssc-256",
+ "other/ssc-288",
+ "other/ssc-320",
+ "other/ssc-384",
+ "other/ssc-512",
+ "secg/secp112r1",
+ "secg/secp112r2",
+ "secg/secp128r1",
+ "secg/secp128r2",
+ "secg/secp160k1",
+ "secg/secp160r1",
+ "secg/secp160r2",
+ "secg/secp192k1",
+ "secg/secp192r1",
+ "secg/secp224k1",
+ "secg/secp224r1",
+ "secg/secp256k1",
+ "secg/secp256r1",
+ "secg/secp384r1",
+ "secg/secp521r1",
+ "secg/sect113r1",
+ "secg/sect113r2",
+ "secg/sect131r1",
+ "secg/sect131r2",
+ "secg/sect163k1",
+ "secg/sect163r1",
+ "secg/sect163r2",
+ "secg/sect193r1",
+ "secg/sect193r2",
+ "secg/sect233k1",
+ "secg/sect233r1",
+ "secg/sect239k1",
+ "secg/sect283k1",
+ "secg/sect283r1",
+ "secg/sect409k1",
+ "secg/sect409r1",
+ "secg/sect571k1",
+ "secg/sect571r1",
+ "wtls/wap-wsg-idm-ecid-wtls1",
+ "wtls/wap-wsg-idm-ecid-wtls10",
+ "wtls/wap-wsg-idm-ecid-wtls11",
+ "wtls/wap-wsg-idm-ecid-wtls12",
+ "wtls/wap-wsg-idm-ecid-wtls3",
+ "wtls/wap-wsg-idm-ecid-wtls4",
+ "wtls/wap-wsg-idm-ecid-wtls5",
+ "wtls/wap-wsg-idm-ecid-wtls6",
+ "wtls/wap-wsg-idm-ecid-wtls7",
+ "wtls/wap-wsg-idm-ecid-wtls8",
+ "wtls/wap-wsg-idm-ecid-wtls9",
+ "x962/c2onb191v4",
+ "x962/c2onb191v5",
+ "x962/c2onb239v4",
+ "x962/c2onb239v5",
+ "x962/c2pnb163v1",
+ "x962/c2pnb163v2",
+ "x962/c2pnb163v3",
+ "x962/c2pnb176w1",
+ "x962/c2pnb208w1",
+ "x962/c2pnb272w1",
+ "x962/c2pnb304w1",
+ "x962/c2pnb368w1",
+ "x962/c2tnb191v1",
+ "x962/c2tnb191v2",
+ "x962/c2tnb191v3",
+ "x962/c2tnb239v1",
+ "x962/c2tnb239v2",
+ "x962/c2tnb239v3",
+ "x962/c2tnb359v1",
+ "x962/c2tnb431r1",
+ "x962/prime192v1",
+ "x962/prime192v2",
+ "x962/prime192v3",
+ "x962/prime239v1",
+ "x962/prime239v2",
+ "x962/prime239v3",
+ "x962/prime256v1",
+ "x963/ansip160k1",
+ "x963/ansip160r1",
+ "x963/ansip160r2",
+ "x963/ansip192k1",
+ "x963/ansip224k1",
+ "x963/ansip224r1",
+ "x963/ansip256k1",
+ "x963/ansip384r1",
+ "x963/ansip521r1",
+ "x963/ansit163k1",
+ "x963/ansit163r1",
+ "x963/ansit163r2",
+ "x963/ansit193r1",
+ "x963/ansit193r2",
+ "x963/ansit233k1",
+ "x963/ansit233r1",
+ "x963/ansit239k1",
+ "x963/ansit283k1",
+ "x963/ansit283r1",
+ "x963/ansit409k1",
+ "x963/ansit409r1",
+ "x963/ansit571k1",
+ "x963/ansit571r1"
+ ]
+ }
+ }
+}
\ No newline at end of file
diff --git a/tools/src/main/python/algorithmFamilyGeneration.py b/tools/src/main/python/algorithmFamilyGeneration.py
new file mode 100644
index 00000000..3d1f314b
--- /dev/null
+++ b/tools/src/main/python/algorithmFamilyGeneration.py
@@ -0,0 +1,39 @@
+import json
+from datetime import datetime
+from pathlib import Path
+from typing import Dict, List, Any
+
+# Step 1: Load JSON data safely using context managers
+SCHEMA_DIR = Path(__file__).parent.parent / "../../../schema"
+DEFS_FILE = SCHEMA_DIR / "cryptography-defs.json"
+SCHEMA_FILE = SCHEMA_DIR / "cryptography-defs.schema.json"
+
+with DEFS_FILE.open("r", encoding="utf-8") as defs_file:
+ defs_data: Dict[str, List[Dict[str, Any]]] = json.load(defs_file)
+
+with SCHEMA_FILE.open("r", encoding="utf-8") as schema_file:
+ schema_data: Dict[str, Any] = json.load(schema_file)
+
+# Step 2: Extract unique algorithm families and sort them
+families: List[str] = sorted({algo['family'] for algo in defs_data.get('algorithms', [])})
+
+# Step 3: Update the schema with the extracted families
+try:
+ schema_properties = schema_data['properties']
+except KeyError as e:
+ raise KeyError(f"Required schema property 'properties' missing: {e}")
+
+schema_data['$comment'] = datetime.now().isoformat()
+
+schema_data['definitions']['algorithmFamiliesEnum'] = {
+ "type": "string",
+ "title": "Algorithm Families",
+ "description": "An enum for the algorithm families.",
+ "enum": families,
+}
+
+# Step 4: Write the updated schema back to the file
+with SCHEMA_FILE.open("w", encoding="utf-8") as update_file:
+ json.dump(schema_data, update_file, indent=2, ensure_ascii=False)
+
+print("Schema updated successfully.")
diff --git a/tools/src/test/java/org/cyclonedx/schema/JsonSchemaVerificationTest.java b/tools/src/test/java/org/cyclonedx/schema/JsonSchemaVerificationTest.java
index adfd59ee..39a4a4ed 100644
--- a/tools/src/test/java/org/cyclonedx/schema/JsonSchemaVerificationTest.java
+++ b/tools/src/test/java/org/cyclonedx/schema/JsonSchemaVerificationTest.java
@@ -47,6 +47,7 @@ class JsonSchemaVerificationTest extends BaseSchemaVerificationTest {
private static final String JSF_NAMESPACE = "http://cyclonedx.org/schema/jsf-0.82.schema.json";
private static final String SPDX_NAMESPACE = "http://cyclonedx.org/schema/spdx.schema.json";
+ private static final String CRYPTO_DEF_NAMESPACE = "http://cyclonedx.org/schema/cryptography-defs.schema.json";
private static final JsonSchema VERSION_12;
private static final JsonSchema VERSION_13;
@@ -69,8 +70,9 @@ public JsonMetaSchema getMetaSchema(
.metaSchemaFactory(metaSchemaFactory)
.schemaLoaders(b -> b.add(new ClasspathSchemaLoader()).add(DisallowSchemaLoader.getInstance()))
.schemaMappers(b -> b.mapPrefix(SPDX_NAMESPACE, "classpath:spdx.schema.json")
- .mapPrefix(JSF_NAMESPACE, "classpath:jsf-0.82.schema.json"))
- .build();
+ .mapPrefix(JSF_NAMESPACE, "classpath:jsf-0.82.schema.json")
+ .mapPrefix(CRYPTO_DEF_NAMESPACE, "classpath:cryptography-defs.schema.json")
+ ).build();
VERSION_12 = factory.getSchema(SchemaLocation.of("classpath:bom-1.2-strict.schema.json"));
VERSION_13 = factory.getSchema(SchemaLocation.of("classpath:bom-1.3-strict.schema.json"));
VERSION_14 = factory.getSchema(SchemaLocation.of("classpath:bom-1.4.schema.json"));
diff --git a/tools/src/test/js/json-schema-functional-tests.js b/tools/src/test/js/json-schema-functional-tests.js
index b165e65e..9dc1625c 100644
--- a/tools/src/test/js/json-schema-functional-tests.js
+++ b/tools/src/test/js/json-schema-functional-tests.js
@@ -44,9 +44,10 @@ console.debug('DEBUG | testdataDir = ', testdataDir);
// region validator
-const [spdxSchema, jsfSchema, bomSchema] = await Promise.all([
+const [spdxSchema, jsfSchema, cryptoDefsSchema, bomSchema] = await Promise.all([
readFile(join(schemaDir, 'spdx.schema.json'), 'utf-8').then(JSON.parse),
readFile(join(schemaDir, 'jsf-0.82.schema.json'), 'utf-8').then(JSON.parse),
+ readFile(join(schemaDir, 'cryptography-defs.schema.json'), 'utf-8').then(JSON.parse),
readFile(schemaFile, 'utf-8').then(JSON.parse)
])
@@ -57,7 +58,8 @@ const ajv = new Ajv({
addUsedSchema: false,
schemas: {
'http://cyclonedx.org/schema/spdx.schema.json': spdxSchema,
- 'http://cyclonedx.org/schema/jsf-0.82.schema.json': jsfSchema
+ 'http://cyclonedx.org/schema/jsf-0.82.schema.json': jsfSchema,
+ 'http://cyclonedx.org/schema/cryptography-defs.schema.json': cryptoDefsSchema,
}
});
addFormats(ajv)
@@ -113,4 +115,4 @@ for (const file of globSync(join(testdataDir, 'invalid-*.json'))) {
// Exit statuses should be in the range 0 to 254.
// The status 0 is used to terminate the program successfully.
-process.exitCode = Math.min(errCnt, 254)
\ No newline at end of file
+process.exitCode = Math.min(errCnt, 254)
diff --git a/tools/src/test/js/json-schema-lint-tests.js b/tools/src/test/js/json-schema-lint-tests.js
index 5033ac6b..b8411fcd 100644
--- a/tools/src/test/js/json-schema-lint-tests.js
+++ b/tools/src/test/js/json-schema-lint-tests.js
@@ -17,9 +17,10 @@ const schemaDir = join(dirname(fileURLToPath(import.meta.url)), '..', '..', '..'
// endregion config
-const [spdxSchema, jsfSchema, bomSchemas] = await Promise.all([
+const [spdxSchema, jsfSchema, cryptoDefsSchema, bomSchemas] = await Promise.all([
readFile(join(schemaDir, 'spdx.schema.json'), 'utf-8').then(JSON.parse),
readFile(join(schemaDir, 'jsf-0.82.schema.json'), 'utf-8').then(JSON.parse),
+ readFile(join(schemaDir, 'cryptography-defs.schema.json'), 'utf-8').then(JSON.parse),
glob(join(schemaDir, bomSchemasGlob)).then(l => l.sort())
])
assert.notStrictEqual(bomSchemas.length, 0)
@@ -53,7 +54,8 @@ function getAjv(strict) {
keywords: ["meta:enum"],
schemas: {
'http://cyclonedx.org/schema/spdx.schema.json': spdxSchema,
- 'http://cyclonedx.org/schema/jsf-0.82.schema.json': jsfSchema
+ 'http://cyclonedx.org/schema/jsf-0.82.schema.json': jsfSchema,
+ 'http://cyclonedx.org/schema/cryptography-defs.schema.json': cryptoDefsSchema,
}
});
addFormats(ajv)
@@ -112,4 +114,4 @@ for (const bomSchemaFile of bomSchemas) {
// Exit statuses should be in the range 0 to 254.
// The status 0 is used to terminate the program successfully.
-process.exitCode = Math.min(errCnt, 254)
\ No newline at end of file
+process.exitCode = Math.min(errCnt, 254)
diff --git a/tools/src/test/resources/1.6/valid-cryptography-full-1.6.json b/tools/src/test/resources/1.6/valid-cryptography-full-1.6.json
index ac134465..40e97a20 100644
--- a/tools/src/test/resources/1.6/valid-cryptography-full-1.6.json
+++ b/tools/src/test/resources/1.6/valid-cryptography-full-1.6.json
@@ -65,7 +65,16 @@
"0xC0"
]
}
- ]
+ ],
+ "ikev2TransformTypes": {
+ "encr": ["bom-ref-to-encr"],
+ "prf": ["bom-ref-to-prf"],
+ "integ": ["bom-ref-to-integ"],
+ "ke": ["bom-ref-to-ke"],
+ "esn": true,
+ "auth": ["bom-ref-to-auth"]
+ },
+ "cryptoRefArray": ["asset-4"]
},
"oid": "oid:1.2.3.4.5.6.7.8.9"
}
diff --git a/tools/src/test/resources/1.6/valid-cryptography-full-1.6.textproto b/tools/src/test/resources/1.6/valid-cryptography-full-1.6.textproto
index 9af87b05..c2f31f8b 100644
--- a/tools/src/test/resources/1.6/valid-cryptography-full-1.6.textproto
+++ b/tools/src/test/resources/1.6/valid-cryptography-full-1.6.textproto
@@ -17,7 +17,7 @@ components: [
curve: "brainpoolP160r1"
executionEnvironment: CRYPTO_EXECUTION_ENVIRONMENT_SOFTWARE_PLAIN_RAM
implementationPlatform: CRYPTO_IMPLEMENTATION_PLATFORM_X86_64
- certificationLevel: [ "fips140-1-l4" ]
+ certificationLevel: ["fips140-1-l4"]
mode: CRYPTO_ALGORITHM_MODE_GCM
padding: CRYPTO_ALGORITHM_PADDING_PKCS5
cryptoFunctions: [
@@ -54,7 +54,7 @@ components: [
certificateFormat: "X.509"
certificateExtension: "crt"
}
- oid: "oid:1.2.3.4.5.6.7.8.9"
+ oid: "oid:1.2.3.4.5.6.7.8.9"
}
},
{
@@ -77,6 +77,15 @@ components: [
]
}
]
+ ikev2TransformTypes: {
+ encr: "bom-ref-to-encr"
+ prf: "bom-ref-to-prf"
+ integ: "bom-ref-to-integ"
+ ke: "bom-ref-to-ke"
+ esn: true
+ auth: "bom-ref-to-auth"
+ }
+ cryptoRef: "asset-4"
}
oid: "oid:1.2.3.4.5.6.7.8.9"
}
diff --git a/tools/src/test/resources/1.6/valid-cryptography-full-1.6.xml b/tools/src/test/resources/1.6/valid-cryptography-full-1.6.xml
index 0e151a34..624e228e 100644
--- a/tools/src/test/resources/1.6/valid-cryptography-full-1.6.xml
+++ b/tools/src/test/resources/1.6/valid-cryptography-full-1.6.xml
@@ -40,6 +40,30 @@
X.509
crt
+
+ tls
+ 1.3
+
+
+ TLS_DHE_RSA_WITH_AES_128_CCM
+
+ bom-ref-to-algorithm
+
+
+ 0xC0
+
+
+
+
+ bom-ref-to-encr
+ bom-ref-to-prf
+ bom-ref-to-integ
+ bom-ref-to-ke
+ true
+ bom-ref-to-auth
+
+ asset-4
+
oid:1.2.3.4.5.6.7.8.9
diff --git a/tools/src/test/resources/1.7/valid-cryptography-certificate-1.7.json b/tools/src/test/resources/1.7/valid-cryptography-certificate-1.7.json
new file mode 100644
index 00000000..a2d79c92
--- /dev/null
+++ b/tools/src/test/resources/1.7/valid-cryptography-certificate-1.7.json
@@ -0,0 +1,172 @@
+{
+ "$schema": "http://cyclonedx.org/schema/bom-1.7.schema.json",
+ "bomFormat": "CycloneDX",
+ "specVersion": "1.7",
+ "serialNumber": "urn:uuid:e8c355aa-2142-4084-a8c7-6d42c8610ba2",
+ "version": 1,
+ "metadata": {
+ "timestamp": "2024-01-09T12:00:00Z",
+ "component": {
+ "type": "application",
+ "name": "my application",
+ "version": "1.0"
+ }
+ },
+ "components": [
+ {
+ "name": "google.com",
+ "type": "cryptographic-asset",
+ "bom-ref": "c9c7ac91-2115-45e8-ae13-7d0e1dec74be",
+ "cryptoProperties": {
+ "assetType": "certificate",
+ "certificateProperties": {
+ "serialNumber": "1234567890ABCDEF",
+ "subjectName": "CN = www.google.com",
+ "issuerName": "C = US, O = Google Trust Services LLC, CN = GTS CA 1C3",
+ "notValidBefore": "2016-11-21T08:00:00Z",
+ "notValidAfter": "2017-11-22T07:59:59Z",
+ "certificateFormat": "X.509",
+ "certificateFileExtension": "crt",
+ "fingerprint": {
+ "alg": "SHA-256",
+ "content": "1e15e0fbd3ce95bde5945633ae96add551341b11e5bae7bba12e98ad84a5beb4"
+ },
+ "certificateState": [
+ {
+ "state": "active",
+ "reason": "Certificate is currently valid and in use"
+ }
+ ],
+ "creationDate": "2016-11-21T07:30:00Z",
+ "activationDate": "2016-11-21T08:00:00Z",
+ "relatedCryptographicAssets": [
+ {
+ "type": "algorithm",
+ "ref": "6b00f384-6c39-420f-91eb-94de0f7be569RR"
+ },
+ {
+ "type": "publicKey",
+ "ref": "ceb37320-8239-40e8-ab77-8798dbd98773"
+ }
+ ]
+ },
+ "oid": "2.5.4.3"
+ }
+ },
+ {
+ "name": "SHA512withRSA",
+ "type": "cryptographic-asset",
+ "bom-ref": "6b00f384-6c39-420f-91eb-94de0f7be569",
+ "cryptoProperties": {
+ "assetType": "algorithm",
+ "algorithmProperties": {
+ "primitive": "signature",
+ "executionEnvironment": "software-plain-ram",
+ "implementationPlatform": "x86_64",
+ "certificationLevel": [
+ "none"
+ ],
+ "padding": "pkcs1v15",
+ "cryptoFunctions": [
+ "sign",
+ "verify"
+ ]
+ },
+ "oid": "1.2.840.113549.1.1.13"
+ }
+ },
+ {
+ "name": "RSA-2048",
+ "type": "cryptographic-asset",
+ "bom-ref": "ceb37320-8239-40e8-ab77-8798dbd98773",
+ "cryptoProperties": {
+ "assetType": "related-crypto-material",
+ "relatedCryptoMaterialProperties": {
+ "type": "public-key",
+ "id": "2e9ef09e-dfac-4526-96b4-d02f31af1b22",
+ "state": "active",
+ "size": 2048,
+ "format": "PEM",
+ "value": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA...\n-----END PUBLIC KEY-----",
+ "creationDate": "2016-11-21T08:00:00Z",
+ "activationDate": "2016-11-21T08:20:00Z",
+ "updateDate": "2016-11-21T08:00:00Z",
+ "expirationDate": "2017-11-22T07:59:59Z",
+ "securedBy": {
+ "mechanism": "None"
+ },
+ "fingerprint": {
+ "alg": "SHA-256",
+ "content": "a1b2c3d4e5f6789012345678901234567890abcdef1234567890abcdef123456"
+ },
+ "relatedCryptographicAssets": [
+ {
+ "type": "algorithm",
+ "ref": "a154af0a-0dca-4ed5-b611-2405a3a6ae47"
+ }
+ ]
+ },
+ "oid": "1.2.840.113549.1.1.1"
+ }
+ },
+ {
+ "name": "RSA-2048",
+ "type": "cryptographic-asset",
+ "bom-ref": "a154af0a-0dca-4ed5-b611-2405a3a6ae47",
+ "cryptoProperties": {
+ "assetType": "algorithm",
+ "algorithmProperties": {
+ "primitive": "pke",
+ "algorithmFamily": "RSAES-OAEP",
+ "parameterSetIdentifier": "2048",
+ "executionEnvironment": "software-plain-ram",
+ "implementationPlatform": "x86_64",
+ "certificationLevel": [
+ "none"
+ ],
+ "padding": "oaep",
+ "cryptoFunctions": [
+ "encrypt",
+ "decrypt"
+ ]
+ },
+ "oid": "1.2.840.113549.1.1.1"
+ }
+ },
+ {
+ "name": "TLS 1.3 Protocol",
+ "type": "cryptographic-asset",
+ "bom-ref": "a3553dc1-f376-43d1-89dc-87bb71981c0c",
+ "cryptoProperties": {
+ "assetType": "protocol",
+ "protocolProperties": {
+ "type": "tls",
+ "version": "1.3",
+ "cipherSuites": [
+ {
+ "name": "TLS_AES_256_GCM_SHA384",
+ "algorithms": [
+ "1977d71b-8981-4292-b40d-842a019c2229",
+ "422fa336-b401-42b7-89b8-8966aa30bca0"
+ ],
+ "identifiers": [
+ "0x13,0x02"
+ ]
+ },
+ {
+ "name": "TLS_CHACHA20_POLY1305_SHA256",
+ "algorithms": [
+ "1af4fc08-5d0d-436e-8058-eeef921983d0",
+ "6af3066b-ab66-4593-975f-d9ba2c623a89"
+ ],
+ "identifiers": [
+ "0x13,0x03"
+ ]
+ }
+ ]
+ },
+ "oid": "1.3.6.1.5.5.7.3.1"
+ }
+ }
+ ]
+}
diff --git a/tools/src/test/resources/1.7/valid-cryptography-certificate-1.7.textproto b/tools/src/test/resources/1.7/valid-cryptography-certificate-1.7.textproto
new file mode 100644
index 00000000..fd173daa
--- /dev/null
+++ b/tools/src/test/resources/1.7/valid-cryptography-certificate-1.7.textproto
@@ -0,0 +1,155 @@
+# proto-file: schema/bom-1.7.proto
+# proto-message: Bom
+
+spec_version: "1.7"
+version: 1
+serial_number: "urn:uuid:e8c355aa-2142-4084-a8c7-6d42c8610ba2"
+
+metadata {
+ timestamp { seconds: 1704801600 }
+ component {
+ type: CLASSIFICATION_APPLICATION
+ name: "my application"
+ version: "1.0"
+ }
+}
+
+components {
+ name: "google.com"
+ type: CLASSIFICATION_CRYPTOGRAPHIC_ASSET
+ bom_ref: "c9c7ac91-2115-45e8-ae13-7d0e1dec74be"
+ cryptoProperties {
+ assetType: CRYPTO_ASSET_TYPE_CERTIFICATE
+ certificateProperties {
+ serialNumber: "1234567890ABCDEF"
+ subjectName: "CN = www.google.com"
+ issuerName: "C = US O = Google Trust Services LLC CN = GTS CA 1C3"
+ notValidBefore { seconds: 1479715200 }
+ notValidAfter { seconds: 1511337599 }
+ certificateFormat: "X.509"
+ certificateFileExtension: "crt"
+ fingerprint {
+ alg: HASH_ALG_SHA_256
+ value: "1e15e0fbd3ce95bde5945633ae96add551341b11e5bae7bba12e98ad84a5beb4"
+ }
+ certificateState {
+ predefined_state: PREDEFINED_STATE_ACTIVE
+ reason: "Certificate is currently valid and in use"
+ }
+ creationDate { seconds: 1479713400 }
+ activationDate { seconds: 1479715200 }
+ relatedCryptographicAssets {
+ assets {
+ type: "algorithm"
+ ref: "6b00f384-6c39-420f-91eb-94de0f7be569RR"
+ }
+ assets {
+ type: "publicKey"
+ ref: "ceb37320-8239-40e8-ab77-8798dbd98773"
+ }
+ }
+ }
+ oid: "2.5.4.3"
+ }
+}
+
+components {
+ name: "SHA512withRSA"
+ type: CLASSIFICATION_CRYPTOGRAPHIC_ASSET
+ bom_ref: "6b00f384-6c39-420f-91eb-94de0f7be569"
+ cryptoProperties {
+ assetType: CRYPTO_ASSET_TYPE_ALGORITHM
+ algorithmProperties {
+ primitive: CRYPTO_PRIMITIVE_SIGNATURE
+ executionEnvironment: CRYPTO_EXECUTION_ENVIRONMENT_SOFTWARE_PLAIN_RAM
+ implementationPlatform: CRYPTO_IMPLEMENTATION_PLATFORM_X86_64
+ certificationLevel: "none"
+ padding: CRYPTO_ALGORITHM_PADDING_PKCS1V15
+ cryptoFunctions: CRYPTO_ALGORITHM_FUNCTION_SIGN
+ cryptoFunctions: CRYPTO_ALGORITHM_FUNCTION_VERIFY
+ }
+ oid: "1.2.840.113549.1.1.13"
+ }
+}
+
+components {
+ name: "RSA-2048"
+ type: CLASSIFICATION_CRYPTOGRAPHIC_ASSET
+ bom_ref: "ceb37320-8239-40e8-ab77-8798dbd98773"
+ cryptoProperties {
+ assetType: CRYPTO_ASSET_TYPE_RELATED_CRYPTO_MATERIAL
+ relatedCryptoMaterialProperties {
+ type: CRYPTO_RELATED_TYPE_PUBLIC_KEY
+ id: "2e9ef09e-dfac-4526-96b4-d02f31af1b22"
+ state: CRYPTO_RELATED_STATE_ACTIVE
+ size: 2048
+ format: "PEM"
+ value: "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA...\n-----END PUBLIC KEY-----"
+ creationDate { seconds: 1479715200 }
+ activationDate { seconds: 1479716400 }
+ updateDate { seconds: 1479715200 }
+ expirationDate { seconds: 1511337599 }
+ securedBy {
+ mechanism: "None"
+ }
+ fingerprint {
+ alg: HASH_ALG_SHA_256
+ value: "a1b2c3d4e5f6789012345678901234567890abcdef1234567890abcdef123456"
+ }
+ relatedCryptographicAssets {
+ assets {
+ type: "algorithm"
+ ref: "a154af0a-0dca-4ed5-b611-2405a3a6ae47"
+ }
+ }
+ }
+ oid: "1.2.840.113549.1.1.1"
+ }
+}
+
+components {
+ name: "RSA-2048"
+ type: CLASSIFICATION_CRYPTOGRAPHIC_ASSET
+ bom_ref: "a154af0a-0dca-4ed5-b611-2405a3a6ae47"
+ cryptoProperties {
+ assetType: CRYPTO_ASSET_TYPE_ALGORITHM
+ algorithmProperties {
+ primitive: CRYPTO_PRIMITIVE_PKE
+ algorithmFamily: "RSAES-OAEP"
+ parameterSetIdentifier: "2048"
+ executionEnvironment: CRYPTO_EXECUTION_ENVIRONMENT_SOFTWARE_PLAIN_RAM
+ implementationPlatform: CRYPTO_IMPLEMENTATION_PLATFORM_X86_64
+ certificationLevel: "none"
+ padding: CRYPTO_ALGORITHM_PADDING_OAEP
+ cryptoFunctions: CRYPTO_ALGORITHM_FUNCTION_ENCRYPT
+ cryptoFunctions: CRYPTO_ALGORITHM_FUNCTION_DECRYPT
+ }
+ oid: "1.2.840.113549.1.1.1"
+ }
+}
+
+components {
+ name: "TLS 1.3 Protocol"
+ type: CLASSIFICATION_CRYPTOGRAPHIC_ASSET
+ bom_ref: "a3553dc1-f376-43d1-89dc-87bb71981c0c"
+ cryptoProperties {
+ assetType: CRYPTO_ASSET_TYPE_PROTOCOL
+ protocolProperties {
+ type: CRYPTO_PROTOCOL_TYPE_TLS
+ version: "1.3"
+ cipherSuites {
+ name: "TLS_AES_256_GCM_SHA384"
+ algorithms: "1977d71b-8981-4292-b40d-842a019c2229"
+ algorithms: "422fa336-b401-42b7-89b8-8966aa30bca0"
+ identifiers: "0x130x02"
+ }
+ cipherSuites {
+ name: "TLS_CHACHA20_POLY1305_SHA256"
+ algorithms: "1af4fc08-5d0d-436e-8058-eeef921983d0"
+ algorithms: "6af3066b-ab66-4593-975f-d9ba2c623a89"
+ identifiers: "0x130x03"
+ }
+ }
+ oid: "1.3.6.1.5.5.7.3.1"
+ }
+}
diff --git a/tools/src/test/resources/1.7/valid-cryptography-certificate-1.7.xml b/tools/src/test/resources/1.7/valid-cryptography-certificate-1.7.xml
new file mode 100644
index 00000000..1706d827
--- /dev/null
+++ b/tools/src/test/resources/1.7/valid-cryptography-certificate-1.7.xml
@@ -0,0 +1,170 @@
+
+
+
+ 2024-01-09T12:00:00Z
+
+ my application
+ 1.0
+
+
+
+
+ google.com
+
+ certificate
+
+ 1234567890ABCDEF
+ CN = www.google.com
+ C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
+ 2016-11-21T08:00:00Z
+ 2017-11-22T07:59:59Z
+ X.509
+ crt
+
+ 1e15e0fbd3ce95bde5945633ae96add551341b11e5bae7bba12e98ad84a5beb4
+
+
+ active
+ Certificate is currently valid and in use
+
+ 2016-11-21T07:30:00Z
+ 2016-11-21T08:00:00Z
+
+
+ algorithm
+ [6b00f384-6c39-420f-91eb-94de0f7be569RR]
+
+
+ publicKey
+ [ceb37320-8239-40e8-ab77-8798dbd98773]
+
+
+
+ 2.5.4.3
+
+
+
+
+ SHA512withRSA
+
+ algorithm
+
+ signature
+ software-plain-ram
+ x86_64
+ none
+ pkcs1v15
+
+ sign
+ verify
+
+
+ 1.2.840.113549.1.1.13
+
+
+
+
+ RSA-2048
+
+ related-crypto-material
+
+ public-key
+ 2e9ef09e-dfac-4526-96b4-d02f31af1b22
+ active
+ 2016-11-21T08:00:00Z
+ 2016-11-21T08:20:00Z
+ 2016-11-21T08:00:00Z
+ 2017-11-22T07:59:59Z
+
+
+ 2048
+ PEM
+
+ None
+
+
+ a1b2c3d4e5f6789012345678901234567890abcdef1234567890abcdef123456
+
+
+
+ algorithm
+ [a154af0a-0dca-4ed5-b611-2405a3a6ae47]
+
+
+
+ 1.2.840.113549.1.1.1
+
+
+
+
+ RSA-2048
+
+ algorithm
+
+ pke
+ RSAES-OAEP
+ 2048
+ software-plain-ram
+ x86_64
+ none
+ oaep
+
+ encrypt
+ decrypt
+
+
+ 1.2.840.113549.1.1.1
+
+
+
+
+ TLS 1.3 Protocol
+
+ protocol
+
+ tls
+ 1.3
+
+
+ TLS_AES_256_GCM_SHA384
+
+ 1977d71b-8981-4292-b40d-842a019c2229
+ 422fa336-b401-42b7-89b8-8966aa30bca0
+
+
+ 0x13,0x02
+
+
+
+ TLS_CHACHA20_POLY1305_SHA256
+
+ 1af4fc08-5d0d-436e-8058-eeef921983d0
+ 6af3066b-ab66-4593-975f-d9ba2c623a89
+
+
+ 0x13,0x03
+
+
+
+
+ 1.3.6.1.5.5.7.3.1
+
+
+
+
diff --git a/tools/src/test/resources/1.7/valid-cryptography-certificate-advanced-1.7.json b/tools/src/test/resources/1.7/valid-cryptography-certificate-advanced-1.7.json
new file mode 100644
index 00000000..2fe0f660
--- /dev/null
+++ b/tools/src/test/resources/1.7/valid-cryptography-certificate-advanced-1.7.json
@@ -0,0 +1,279 @@
+{
+ "bomFormat": "CycloneDX",
+ "specVersion": "1.7",
+ "serialNumber": "urn:uuid:f47ac10b-58cc-4372-a567-0e02b2c3d479",
+ "version": 1,
+ "metadata": {
+ "timestamp": "2024-01-15T14:30:00Z",
+ "component": {
+ "type": "application",
+ "name": "enterprise-security-app",
+ "version": "2.1.0"
+ }
+ },
+ "components": [
+ {
+ "name": "revoked-internal-ca.example.com",
+ "type": "cryptographic-asset",
+ "bom-ref": "840ADC47-55CD-44C6-A306-B37A9149B066",
+ "cryptoProperties": {
+ "assetType": "certificate",
+ "certificateProperties": {
+ "serialNumber": "ABCDEF1234567890FEDCBA",
+ "subjectName": "CN = internal-ca.example.com, OU = IT Security, O = Example Corp, C = US",
+ "issuerName": "CN = Example Root CA, O = Example Corp, C = US",
+ "notValidBefore": "2023-01-01T00:00:00Z",
+ "notValidAfter": "2025-12-31T23:59:59Z",
+ "certificateFormat": "X.509",
+ "certificateFileExtension": "pem",
+ "fingerprint": {
+ "alg": "SHA-256",
+ "content": "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08"
+ },
+ "certificateState": [
+ {
+ "state": "revoked",
+ "reason": "Certificate was compromised due to private key exposure in security incident #2024-001"
+ }
+ ],
+ "creationDate": "2022-12-15T10:00:00Z",
+ "activationDate": "2023-01-01T00:00:00Z",
+ "revocationDate": "2024-01-10T15:45:30Z",
+ "certificateExtensions": [
+ {
+ "commonExtensionName": "basicConstraints",
+ "commonExtensionValue": "CA:TRUE, pathlen:2"
+ },
+ {
+ "commonExtensionName": "keyUsage",
+ "commonExtensionValue": "Certificate Sign, CRL Sign, Digital Signature"
+ },
+ {
+ "commonExtensionName": "extendedKeyUsage",
+ "commonExtensionValue": "TLS Web Server Authentication, TLS Web Client Authentication"
+ },
+ {
+ "commonExtensionName": "subjectAlternativeName",
+ "commonExtensionValue": "DNS:internal-ca.example.com, DNS:ca.internal.example.com, IP:192.168.1.100"
+ },
+ {
+ "commonExtensionName": "authorityKeyIdentifier",
+ "commonExtensionValue": "keyid:01:02:03:04:05:06:07:08:09:0A:0B:0C:0D:0E:0F:10:11:12:13:14"
+ },
+ {
+ "commonExtensionName": "subjectKeyIdentifier",
+ "commonExtensionValue": "A1:B2:C3:D4:E5:F6:07:08:09:0A:0B:0C:0D:0E:0F:10:11:12:13:14"
+ },
+ {
+ "commonExtensionName": "crlDistributionPoints",
+ "commonExtensionValue": "URI:http://crl.example.com/root-ca.crl"
+ },
+ {
+ "commonExtensionName": "authorityInformationAccess",
+ "commonExtensionValue": "OCSP - URI:http://ocsp.example.com, CA Issuers - URI:http://certs.example.com/root-ca.crt"
+ },
+ {
+ "commonExtensionName": "certificatePolicies",
+ "commonExtensionValue": "Policy: 1.2.3.4.5.6.7.8.1, CPS: http://www.example.com/cps"
+ },
+ {
+ "customExtensionName": "organizationalSecurityLevel",
+ "customExtensionValue": "HIGH"
+ },
+ {
+ "customExtensionName": "incidentTrackingId",
+ "customExtensionValue": "SEC-2024-001"
+ },
+ {
+ "customExtensionName": "complianceFramework",
+ "customExtensionValue": "SOX, PCI-DSS Level 1, ISO 27001"
+ }
+ ],
+ "relatedCryptographicAssets": [
+ {
+ "type": "algorithm",
+ "ref": "2A0DA4D2-BBCA-4515-9BCD-C870A3EA4CE8"
+ },
+ {
+ "type": "publicKey",
+ "ref": "ACCAF8BC-5F73-4869-A3FE-1C64E8D96408"
+ }
+ ]
+ },
+ "oid": "2.5.4.3"
+ }
+ },
+ {
+ "name": "active-server.example.com",
+ "type": "cryptographic-asset",
+ "bom-ref": "4497B977-4D07-4245-9457-C2CF37FF399A",
+ "cryptoProperties": {
+ "assetType": "certificate",
+ "certificateProperties": {
+ "serialNumber": "1122334455667788AABBCCDD",
+ "subjectName": "CN = server.example.com, OU = Web Services, O = Example Corp, C = US",
+ "issuerName": "CN = Example Intermediate CA, O = Example Corp, C = US",
+ "notValidBefore": "2024-01-01T00:00:00Z",
+ "notValidAfter": "2025-01-01T23:59:59Z",
+ "certificateFormat": "X.509",
+ "certificateFileExtension": "crt",
+ "fingerprint": {
+ "alg": "SHA-256",
+ "content": "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08"
+ },
+ "certificateState": [
+ {
+ "name": "monitored",
+ "description": "Certificate is under enhanced monitoring due to recent security incidents",
+ "reason": "Proactive monitoring following organizational security policy updates"
+ }
+ ],
+ "creationDate": "2023-12-20T09:00:00Z",
+ "activationDate": "2024-01-01T00:00:00Z",
+ "certificateExtensions": [
+ {
+ "commonExtensionName": "keyUsage",
+ "commonExtensionValue": "Digital Signature, Key Encipherment"
+ },
+ {
+ "commonExtensionName": "extendedKeyUsage",
+ "commonExtensionValue": "TLS Web Server Authentication"
+ },
+ {
+ "commonExtensionName": "subjectAlternativeName",
+ "commonExtensionValue": "DNS:server.example.com, DNS:www.server.example.com, DNS:api.server.example.com"
+ },
+ {
+ "commonExtensionName": "signedCertificateTimestamp",
+ "commonExtensionValue": "Log ID: ABCD1234..., Timestamp: 2024-01-01T00:00:00Z, Signature: 3045022100..."
+ },
+ {
+ "customExtensionName": "deploymentEnvironment",
+ "customExtensionValue": "PRODUCTION"
+ },
+ {
+ "customExtensionName": "businessCriticality",
+ "customExtensionValue": "CRITICAL"
+ },
+ {
+ "customExtensionName": "autoRenewalEnabled",
+ "customExtensionValue": "true"
+ }
+ ],
+ "relatedCryptographicAssets": [
+ {
+ "type": "algorithm",
+ "ref": "14478B86-9306-45B5-BA2A-1660B723244C"
+ },
+ {
+ "type": "publicKey",
+ "ref": "F1F3D902-0A1B-4C0C-9F6A-F36E041B0B7D"
+ }
+ ]
+ },
+ "oid": "2.5.4.3"
+ }
+ },
+ {
+ "name": "RSA-SHA256",
+ "type": "cryptographic-asset",
+ "bom-ref": "2A0DA4D2-BBCA-4515-9BCD-C870A3EA4CE8",
+ "cryptoProperties": {
+ "assetType": "algorithm",
+ "algorithmProperties": {
+ "primitive": "signature",
+ "executionEnvironment": "software-plain-ram",
+ "implementationPlatform": "x86_64",
+ "padding": "pkcs1v15",
+ "cryptoFunctions": ["sign", "verify"]
+ },
+ "oid": "1.2.840.113549.1.1.11"
+ }
+ },
+ {
+ "name": "ECDSA-P256",
+ "type": "cryptographic-asset",
+ "bom-ref": "14478B86-9306-45B5-BA2A-1660B723244C",
+ "cryptoProperties": {
+ "assetType": "algorithm",
+ "algorithmProperties": {
+ "primitive": "signature",
+ "curve": "secp256r1",
+ "executionEnvironment": "software-plain-ram",
+ "implementationPlatform": "x86_64",
+ "certificationLevel": ["fips140-3-l1"],
+ "cryptoFunctions": ["sign", "verify"]
+ },
+ "oid": "1.2.840.10045.4.3.2"
+ }
+ },
+ {
+ "name": "RSA-4096-Revoked-CA-Key",
+ "type": "cryptographic-asset",
+ "bom-ref": "ACCAF8BC-5F73-4869-A3FE-1C64E8D96408",
+ "cryptoProperties": {
+ "assetType": "related-crypto-material",
+ "relatedCryptoMaterialProperties": {
+ "type": "public-key",
+ "id": "revoked-ca-key-2024",
+ "state": "compromised",
+ "size": 4096,
+ "format": "PEM",
+ "value": "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA...\n-----END PUBLIC KEY-----",
+ "creationDate": "2022-12-15T10:00:00Z",
+ "activationDate": "2023-01-01T00:00:00Z",
+ "updateDate": "2024-01-10T15:45:30Z",
+ "securedBy": {
+ "mechanism": "HSM",
+ "algorithmRef": "aes-256-gcm-ref"
+ },
+ "fingerprint": {
+ "alg": "SHA-256",
+ "content": "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08"
+ },
+ "relatedCryptographicAssets": [
+ {
+ "type": "algorithm",
+ "ref": "2A0DA4D2-BBCA-4515-9BCD-C870A3EA4CE8"
+ }
+ ]
+ },
+ "oid": "1.2.840.113549.1.1.1"
+ }
+ },
+ {
+ "name": "ECDSA-P256-Server-Key",
+ "type": "cryptographic-asset",
+ "bom-ref": "F1F3D902-0A1B-4C0C-9F6A-F36E041B0B7D",
+ "cryptoProperties": {
+ "assetType": "related-crypto-material",
+ "relatedCryptoMaterialProperties": {
+ "type": "public-key",
+ "id": "server-key-2024",
+ "state": "active",
+ "size": 256,
+ "format": "PEM",
+ "value": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE...\n-----END PUBLIC KEY-----",
+ "creationDate": "2023-12-20T09:00:00Z",
+ "activationDate": "2024-01-01T00:00:00Z",
+ "expirationDate": "2025-01-01T23:59:59Z",
+ "securedBy": {
+ "mechanism": "HSM",
+ "algorithmRef": "aes-256-gcm-ref"
+ },
+ "fingerprint": {
+ "alg": "SHA-256",
+ "content": "d4e5f67890123456789abcdef0123456789abcdef0123456789abcdef0123456"
+ },
+ "relatedCryptographicAssets": [
+ {
+ "type": "algorithm",
+ "ref": "14478B86-9306-45B5-BA2A-1660B723244C"
+ }
+ ]
+ },
+ "oid": "1.2.840.10045.2.1"
+ }
+ }
+ ]
+}
diff --git a/tools/src/test/resources/1.7/valid-cryptography-certificate-advanced-1.7.textproto b/tools/src/test/resources/1.7/valid-cryptography-certificate-advanced-1.7.textproto
new file mode 100644
index 00000000..f339386d
--- /dev/null
+++ b/tools/src/test/resources/1.7/valid-cryptography-certificate-advanced-1.7.textproto
@@ -0,0 +1,315 @@
+# proto-file: schema/bom-1.7.proto
+# proto-message: Bom
+
+spec_version: "1.7"
+version: 1
+serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79"
+
+metadata {
+ timestamp { seconds: 1705329000 }
+ component {
+ type: CLASSIFICATION_APPLICATION
+ name: "enterprise-security-app"
+ version: "2.1.0"
+ }
+}
+
+components {
+ name: "revoked-internal-ca.example.com"
+ type: CLASSIFICATION_CRYPTOGRAPHIC_ASSET
+ bom_ref: "840ADC47-55CD-44C6-A306-B37A9149B066"
+ cryptoProperties {
+ assetType: CRYPTO_ASSET_TYPE_CERTIFICATE
+ certificateProperties {
+ serialNumber: "ABCDEF1234567890FEDCBA"
+ subjectName: "CN = internal-ca.example.com, OU = IT Security, O = Example Corp, C = US"
+ issuerName: "CN = Example Root CA, O = Example Corp, C = US"
+ notValidBefore { seconds: 1672531200 }
+ notValidAfter { seconds: 1767225599 }
+ certificateFormat: "X.509"
+ certificateFileExtension: "pem"
+ fingerprint {
+ alg: HASH_ALG_SHA_256
+ value: "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08"
+ }
+ certificateState {
+ predefined_state: PREDEFINED_STATE_REVOKED
+ reason: "Certificate was compromised due to private key exposure in security incident #2024-001"
+ }
+ creationDate { seconds: 1671098400 }
+ activationDate { seconds: 1672531200 }
+ revocationDate { seconds: 1704901530 }
+ certificateExtensions {
+ extensions {
+ commonExtension {
+ name: COMMON_EXTENSION_NAME_BASIC_CONSTRAINTS
+ value: "CA:TRUE, pathlen:2"
+ }
+ }
+ extensions {
+ commonExtension {
+ name: COMMON_EXTENSION_NAME_EXTENDED_KEY_USAGE
+ value: "Certificate Sign, CRL Sign, Digital Signature"
+ }
+ }
+ extensions {
+ commonExtension {
+ name: COMMON_EXTENSION_NAME_EXTENDED_KEY_USAGE
+ value: "TLS Web Server Authentication, TLS Web Client Authentication"
+ }
+ }
+ extensions {
+ commonExtension {
+ name: COMMON_EXTENSION_NAME_SUBJECT_ALTERNATIVE_NAME
+ value: "DNS:internal-ca.example.com, DNS:ca.internal.example.com, IP:192.168.1.100"
+ }
+ }
+ extensions {
+ commonExtension {
+ name: COMMON_EXTENSION_NAME_AUTHORITY_KEY_IDENTIFIER
+ value: "keyid:01:02:03:04:05:06:07:08:09:0A:0B:0C:0D:0E:0F:10:11:12:13:14"
+ }
+ }
+ extensions {
+ commonExtension {
+ name: COMMON_EXTENSION_NAME_SUBJECT_KEY_IDENTIFIER
+ value: "A1:B2:C3:D4:E5:F6:07:08:09:0A:0B:0C:0D:0E:0F:10:11:12:13:14"
+ }
+ }
+ extensions {
+ commonExtension {
+ name: COMMON_EXTENSION_NAME_CRL_DISTRIBUTION_POINTS
+ value: "URI:http://crl.example.com/root-ca.crl"
+ }
+ }
+ extensions {
+ commonExtension {
+ name: COMMON_EXTENSION_NAME_AUTHORITY_INFORMATION_ACCESS
+ value: "OCSP - URI:http://ocsp.example.com, CA Issuers - URI:http://certs.example.com/root-ca.crt"
+ }
+ }
+ extensions {
+ commonExtension {
+ name: COMMON_EXTENSION_NAME_CERTIFICATE_POLICIES
+ value: "Policy: 1.2.3.4.5.6.7.8.1, CPS: http://www.example.com/cps"
+ }
+ }
+ extensions {
+ customExtension {
+ name: "organizationalSecurityLevel"
+ value: "HIGH"
+ }
+ }
+ extensions {
+ customExtension {
+ name: "incidentTrackingId"
+ value: "SEC-2024-001"
+ }
+ }
+ extensions {
+ customExtension {
+ name: "complianceFramework"
+ value: "SOX, PCI-DSS Level 1, ISO 27001"
+ }
+ }
+ }
+ relatedCryptographicAssets {
+ assets {
+ ref: "2A0DA4D2-BBCA-4515-9BCD-C870A3EA4CE8"
+ type: "algorithm"
+ }
+ assets {
+ ref: "ACCAF8BC-5F73-4869-A3FE-1C64E8D96408"
+ type: "publicKey"
+ }
+ }
+ }
+ oid: "2.5.4.3"
+ }
+}
+components {
+ name: "active-server.example.com"
+ type: CLASSIFICATION_CRYPTOGRAPHIC_ASSET
+ bom_ref: "4497B977-4D07-4245-9457-C2CF37FF399A"
+ cryptoProperties {
+ assetType: CRYPTO_ASSET_TYPE_CERTIFICATE
+ certificateProperties {
+ serialNumber: "1122334455667788AABBCCDD"
+ subjectName: "CN = server.example.com, OU = Web Services, O = Example Corp, C = US"
+ issuerName: "CN = Example Intermediate CA, O = Example Corp, C = US"
+ notValidBefore { seconds: 1704067200 }
+ notValidAfter { seconds: 1735775999 }
+ certificateFormat: "X.509"
+ certificateFileExtension: "crt"
+ fingerprint {
+ alg: HASH_ALG_SHA_256
+ value: "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08"
+ }
+ certificateState {
+ name: "monitored"
+ description: "Certificate is under enhanced monitoring due to recent security incidents"
+ reason: "Proactive monitoring following organizational security policy updates"
+ }
+ creationDate { seconds: 1703062800 }
+ activationDate { seconds: 1704067200 }
+ certificateExtensions {
+ extensions {
+ commonExtension {
+ name: COMMON_EXTENSION_NAME_KEY_USAGE
+ value: "Digital Signature, Key Encipherment"
+ }
+ }
+ extensions {
+ commonExtension {
+ name: COMMON_EXTENSION_NAME_EXTENDED_KEY_USAGE
+ value: "TLS Web Server Authentication"
+ }
+ }
+ extensions {
+ commonExtension {
+ name: COMMON_EXTENSION_NAME_SUBJECT_ALTERNATIVE_NAME
+ value: "DNS:server.example.com, DNS:www.server.example.com, DNS:api.server.example.com"
+ }
+ }
+ extensions {
+ commonExtension {
+ name: COMMON_EXTENSION_NAME_SIGNED_CERTIFICATE_TIMESTAMP
+ value: "Log ID: ABCD1234..., Timestamp: 2024-01-01T00:00:00Z, Signature: 3045022100..."
+ }
+ }
+ extensions {
+ customExtension {
+ name: "deploymentEnvironment"
+ value: "PRODUCTION"
+ }
+ }
+ extensions {
+ customExtension {
+ name: "businessCriticality"
+ value: "CRITICAL"
+ }
+ }
+ extensions {
+ customExtension {
+ name: "autoRenewalEnabled"
+ value: "true"
+ }
+ }
+ }
+ relatedCryptographicAssets {
+ assets {
+ type: "algorithm"
+ ref: "14478B86-9306-45B5-BA2A-1660B723244C"
+ }
+ assets {
+ type: "publicKey"
+ ref: "F1F3D902-0A1B-4C0C-9F6A-F36E041B0B7D"
+ }
+ }
+ }
+ oid: "2.5.4.3"
+ }
+}
+components {
+ name: "RSA-SHA256"
+ type: CLASSIFICATION_CRYPTOGRAPHIC_ASSET
+ bom_ref: "2A0DA4D2-BBCA-4515-9BCD-C870A3EA4CE8"
+ cryptoProperties {
+ assetType: CRYPTO_ASSET_TYPE_ALGORITHM
+ algorithmProperties {
+ primitive: CRYPTO_PRIMITIVE_SIGNATURE
+ executionEnvironment: CRYPTO_EXECUTION_ENVIRONMENT_SOFTWARE_PLAIN_RAM
+ implementationPlatform: CRYPTO_IMPLEMENTATION_PLATFORM_X86_64
+ padding: CRYPTO_ALGORITHM_PADDING_PKCS1V15
+ cryptoFunctions: CRYPTO_ALGORITHM_FUNCTION_SIGN
+ cryptoFunctions: CRYPTO_ALGORITHM_FUNCTION_VERIFY
+ }
+ oid: "1.2.840.113549.1.1.11"
+ }
+}
+components {
+ name: "ECDSA-P256"
+ type: CLASSIFICATION_CRYPTOGRAPHIC_ASSET
+ bom_ref: "14478B86-9306-45B5-BA2A-1660B723244C"
+ cryptoProperties {
+ assetType: CRYPTO_ASSET_TYPE_ALGORITHM
+ algorithmProperties {
+ primitive: CRYPTO_PRIMITIVE_SIGNATURE
+ curve: "secp256r1"
+ executionEnvironment: CRYPTO_EXECUTION_ENVIRONMENT_SOFTWARE_PLAIN_RAM
+ implementationPlatform: CRYPTO_IMPLEMENTATION_PLATFORM_X86_64
+ certificationLevel: "fips140-3-l1"
+ cryptoFunctions: CRYPTO_ALGORITHM_FUNCTION_SIGN
+ cryptoFunctions: CRYPTO_ALGORITHM_FUNCTION_VERIFY
+ }
+ oid: "1.2.840.10045.4.3.2"
+ }
+}
+components {
+ name: "RSA-4096-Revoked-CA-Key"
+ type: CLASSIFICATION_CRYPTOGRAPHIC_ASSET
+ bom_ref: "ACCAF8BC-5F73-4869-A3FE-1C64E8D96408"
+ cryptoProperties {
+ assetType: CRYPTO_ASSET_TYPE_RELATED_CRYPTO_MATERIAL
+ relatedCryptoMaterialProperties {
+ type: CRYPTO_RELATED_TYPE_PUBLIC_KEY
+ id: "revoked-ca-key-2024"
+ state: CRYPTO_RELATED_STATE_COMPROMISED
+ size: 4096
+ format: "PEM"
+ value: "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA...\n-----END PUBLIC KEY-----"
+ creationDate { seconds: 1671098400 }
+ activationDate { seconds: 1672531200 }
+ updateDate { seconds: 1704901530 }
+ securedBy {
+ mechanism: "HSM"
+ algorithmRef: "aes-256-gcm-ref"
+ }
+ fingerprint {
+ alg: HASH_ALG_SHA_256
+ value: "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08"
+ }
+ relatedCryptographicAssets{
+ assets {
+ type: "algorithm"
+ ref: "2A0DA4D2-BBCA-4515-9BCD-C870A3EA4CE8"
+ }
+ }
+ }
+ oid: "1.2.840.113549.1.1.1"
+ }
+}
+components {
+ name: "ECDSA-P256-Server-Key"
+ type: CLASSIFICATION_CRYPTOGRAPHIC_ASSET
+ bom_ref: "F1F3D902-0A1B-4C0C-9F6A-F36E041B0B7D"
+ cryptoProperties {
+ assetType: CRYPTO_ASSET_TYPE_RELATED_CRYPTO_MATERIAL
+ relatedCryptoMaterialProperties {
+ type: CRYPTO_RELATED_TYPE_PUBLIC_KEY
+ id: "server-key-2024"
+ state: CRYPTO_RELATED_STATE_ACTIVE
+ size: 256
+ format: "PEM"
+ value: "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE...\n-----END PUBLIC KEY-----"
+ creationDate { seconds: 1703062800 }
+ activationDate { seconds: 1704067200 }
+ expirationDate { seconds: 1735775999 }
+ securedBy {
+ mechanism: "HSM"
+ algorithmRef: "aes-256-gcm-ref"
+ }
+ fingerprint {
+ alg: HASH_ALG_SHA_256
+ value: "d4e5f67890123456789abcdef0123456789abcdef0123456789abcdef0123456"
+ }
+ relatedCryptographicAssets {
+ assets {
+ type: "algorithm"
+ ref: "14478B86-9306-45B5-BA2A-1660B723244C"
+ }
+ }
+ }
+ oid: "1.2.840.10045.2.1"
+ }
+}
diff --git a/tools/src/test/resources/1.7/valid-cryptography-certificate-advanced-1.7.xml b/tools/src/test/resources/1.7/valid-cryptography-certificate-advanced-1.7.xml
new file mode 100644
index 00000000..3da26a41
--- /dev/null
+++ b/tools/src/test/resources/1.7/valid-cryptography-certificate-advanced-1.7.xml
@@ -0,0 +1,259 @@
+
+
+
+ 2024-01-15T14:30:00Z
+
+ enterprise-security-app
+ 2.1.0
+
+
+
+
+ revoked-internal-ca.example.com
+
+ certificate
+
+ ABCDEF1234567890FEDCBA
+ CN = internal-ca.example.com, OU = IT Security, O = Example Corp, C = US
+ CN = Example Root CA, O = Example Corp, C = US
+ 2023-01-01T00:00:00Z
+ 2025-12-31T23:59:59Z
+ X.509
+ pem
+ 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
+
+ revoked
+ Certificate was compromised due to private key exposure in security incident #2024-001
+
+ 2022-12-15T10:00:00Z
+ 2023-01-01T00:00:00Z
+ 2024-01-10T15:45:30Z
+
+
+ basicConstraints
+ CA:TRUE, pathlen:2
+
+
+ keyUsage
+ Certificate Sign, CRL Sign, Digital Signature
+
+
+ extendedKeyUsage
+ TLS Web Server Authentication, TLS Web Client Authentication
+
+
+ subjectAlternativeName
+ DNS:internal-ca.example.com, DNS:ca.internal.example.com, IP:192.168.1.100
+
+
+ authorityKeyIdentifier
+ keyid:01:02:03:04:05:06:07:08:09:0A:0B:0C:0D:0E:0F:10:11:12:13:14
+
+
+ subjectKeyIdentifier
+ A1:B2:C3:D4:E5:F6:07:08:09:0A:0B:0C:0D:0E:0F:10:11:12:13:14
+
+
+ crlDistributionPoints
+ URI:http://crl.example.com/root-ca.crl
+
+
+ authorityInformationAccess
+ OCSP - URI:http://ocsp.example.com, CA Issuers - URI:http://certs.example.com/root-ca.crt
+
+
+ certificatePolicies
+ Policy: 1.2.3.4.5.6.7.8.1, CPS: http://www.example.com/cps
+
+
+ organizationalSecurityLevel
+ HIGH
+
+
+ incidentTrackingId
+ SEC-2024-001
+
+
+ complianceFramework
+ SOX, PCI-DSS Level 1, ISO 27001
+
+
+
+
+ algorithm
+ [2A0DA4D2-BBCA-4515-9BCD-C870A3EA4CE8]
+
+
+ publicKey
+ [ACCAF8BC-5F73-4869-A3FE-1C64E8D96408]
+
+
+
+ 2.5.4.3
+
+
+
+ active-server.example.com
+
+ certificate
+
+ 1122334455667788AABBCCDD
+ CN = server.example.com, OU = Web Services, O = Example Corp, C = US
+ CN = Example Intermediate CA, O = Example Corp, C = US
+ 2024-01-01T00:00:00Z
+ 2025-01-01T23:59:59Z
+ X.509
+ crt
+ 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
+
+ monitored
+ Certificate is under enhanced monitoring due to recent security incidents
+ Proactive monitoring following organizational security policy updates
+
+ 2023-12-20T09:00:00Z
+ 2024-01-01T00:00:00Z
+
+
+ keyUsage
+ Digital Signature, Key Encipherment
+
+
+ extendedKeyUsage
+ TLS Web Server Authentication
+
+
+ subjectAlternativeName
+ DNS:server.example.com, DNS:www.server.example.com, DNS:api.server.example.com
+
+
+ signedCertificateTimestamp
+ Log ID: ABCD1234..., Timestamp: 2024-01-01T00:00:00Z, Signature: 3045022100...
+
+
+ deploymentEnvironment
+ PRODUCTION
+
+
+ businessCriticality
+ CRITICAL
+
+
+ autoRenewalEnabled
+ true
+
+
+
+
+ algorithm
+ [14478B86-9306-45B5-BA2A-1660B723244C]
+
+
+ publicKey
+ [F1F3D902-0A1B-4C0C-9F6A-F36E041B0B7D]
+
+
+
+ 2.5.4.3
+
+
+
+ RSA-SHA256
+
+ algorithm
+
+ signature
+ software-plain-ram
+ x86_64
+ pkcs1v15
+
+ sign
+ verify
+
+
+ 1.2.840.113549.1.1.11
+
+
+
+ ECDSA-P256
+
+ algorithm
+
+ signature
+ secp256r1
+ software-plain-ram
+ x86_64
+ fips140-3-l1
+
+ sign
+ verify
+
+
+ 1.2.840.10045.4.3.2
+
+
+
+ RSA-4096-Revoked-CA-Key
+
+ related-crypto-material
+
+ public-key
+ revoked-ca-key-2024
+ compromised
+ 2022-12-15T10:00:00Z
+ 2023-01-01T00:00:00Z
+ 2024-01-10T15:45:30Z
+
+ 4096
+ PEM
+
+ HSM
+ aes-256-gcm-ref
+
+ 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
+
+
+ algorithm
+ [2A0DA4D2-BBCA-4515-9BCD-C870A3EA4CE8]
+
+
+
+ 1.2.840.113549.1.1.1
+
+
+
+ ECDSA-P256-Server-Key
+
+ related-crypto-material
+
+ public-key
+ server-key-2024
+ active
+ 2023-12-20T09:00:00Z
+ 2024-01-01T00:00:00Z
+ 2025-01-01T23:59:59Z
+
+ 256
+ PEM
+
+ HSM
+ aes-256-gcm-ref
+
+ d4e5f67890123456789abcdef0123456789abcdef0123456789abcdef0123456
+
+
+ algorithm
+ [14478B86-9306-45B5-BA2A-1660B723244C]
+
+
+
+ 1.2.840.10045.2.1
+
+
+
+
diff --git a/tools/src/test/resources/1.7/valid-cryptography-full-1.7.json b/tools/src/test/resources/1.7/valid-cryptography-full-1.7.json
index adf03047..51997cc9 100644
--- a/tools/src/test/resources/1.7/valid-cryptography-full-1.7.json
+++ b/tools/src/test/resources/1.7/valid-cryptography-full-1.7.json
@@ -12,17 +12,18 @@
"cryptoProperties": {
"assetType": "algorithm",
"algorithmProperties": {
- "primitive": "ae",
+ "primitive": "key-agree",
+ "algorithmFamily": "ECDH",
"parameterSetIdentifier": "128",
- "curve": "brainpoolP160r1",
+ "ellipticCurve": "brainpool/brainpoolP160r1",
"executionEnvironment": "software-plain-ram",
"implementationPlatform": "x86_64",
- "certificationLevel": [ "fips140-1-l4" ],
+ "certificationLevel": [ "fips140-3-l4" ],
"mode": "gcm",
"padding": "pkcs5",
- "cryptoFunctions": ["keygen", "encrypt", "decrypt", "tag"],
- "classicalSecurityLevel": 128,
- "nistQuantumSecurityLevel": 1
+ "cryptoFunctions": ["keygen", "keyderive"],
+ "classicalSecurityLevel": 96,
+ "nistQuantumSecurityLevel": 0
},
"oid": "oid:1.2.3.4.5.6.7.8.9"
}
@@ -30,26 +31,124 @@
{
"type": "cryptographic-asset",
"bom-ref": "asset-2",
- "name": "Name here",
+ "name": "Example Certificate with All Properties",
"cryptoProperties": {
"assetType": "certificate",
"certificateProperties": {
- "subjectName": "Subject name here",
- "issuerName": "Issuer name here",
+ "serialNumber": "0B:35:82:6D:F5:7A:02:0A:0A:21:8F:BD:F3:91:43:C3",
+ "subjectName": "CN=example.com, O=Example Corp, C=US",
+ "issuerName": "CN=Example CA, O=Example Trust Services, C=US",
"notValidBefore": "2022-01-01T00:00:00.000Z",
"notValidAfter": "2024-01-01T00:00:00.000Z",
"signatureAlgorithmRef": "bom-ref-to-algorithm",
"subjectPublicKeyRef": "bom-ref-to-public-key",
"certificateFormat": "X.509",
- "certificateExtension": "crt"
+ "certificateExtension": "crt",
+ "certificateFileExtension": "crt",
+ "fingerprint": {
+ "alg": "SHA-256",
+ "content": "3942447fac867ae5cdb3229b658f4d48"
+ },
+ "certificateState": [
+ {
+ "state": "pre-activation",
+ "reason": "Certificate created but not yet active"
+ },
+ {
+ "state": "active",
+ "reason": "Certificate in active use for TLS connections"
+ },
+ {
+ "state": "suspended",
+ "reason": "Temporary suspension due to security audit"
+ },
+ {
+ "state": "deactivated",
+ "reason": "Replaced by new certificate"
+ },
+ {
+ "state": "revoked",
+ "reason": "Private key compromise suspected"
+ },
+ {
+ "state": "destroyed",
+ "reason": "Certificate and associated keys securely destroyed"
+ }
+ ],
+ "creationDate": "2022-01-01T00:00:00.000Z",
+ "activationDate": "2022-01-02T00:00:00.000Z",
+ "deactivationDate": "2023-12-31T23:59:59.000Z",
+ "revocationDate": "2024-01-01T00:00:00.000Z",
+ "destructionDate": "2024-01-02T00:00:00.000Z",
+ "certificateExtensions": [
+ {
+ "commonExtensionName": "basicConstraints",
+ "commonExtensionValue": "CA:FALSE, pathlen:0"
+ },
+ {
+ "commonExtensionName": "keyUsage",
+ "commonExtensionValue": "digitalSignature, keyEncipherment"
+ },
+ {
+ "commonExtensionName": "extendedKeyUsage",
+ "commonExtensionValue": "serverAuth, clientAuth"
+ },
+ {
+ "commonExtensionName": "subjectAlternativeName",
+ "commonExtensionValue": "DNS:example.com, DNS:www.example.com"
+ },
+ {
+ "commonExtensionName": "authorityKeyIdentifier",
+ "commonExtensionValue": "keyid:12:34:56:78:90:AB:CD:EF"
+ },
+ {
+ "commonExtensionName": "subjectKeyIdentifier",
+ "commonExtensionValue": "AA:BB:CC:DD:EE:FF:00:11"
+ },
+ {
+ "commonExtensionName": "authorityInformationAccess",
+ "commonExtensionValue": "OCSP - URI:http://ocsp.example.com"
+ },
+ {
+ "commonExtensionName": "certificatePolicies",
+ "commonExtensionValue": "Policy: 2.23.140.1.2.1"
+ },
+ {
+ "commonExtensionName": "crlDistributionPoints",
+ "commonExtensionValue": "URI:http://crl.example.com/root.crl"
+ },
+ {
+ "commonExtensionName": "signedCertificateTimestamp",
+ "commonExtensionValue": "Signed by Example CT log at 2022-01-01T00:00:00Z"
+ },
+ {
+ "customExtensionName": "someCustomExtension",
+ "customExtensionValue": "Custom value for this extension"
+ }
+
+ ],
+ "relatedCryptographicAssets": [
+ {
+ "type": "publicKey",
+ "ref": "public-key-ref"
+ },
+ {
+ "type": "privateKey",
+ "ref": "private-key-ref"
+ },
+ {
+ "type": "algorithm",
+ "ref": "signing-algorithm-ref"
+ }
+ ]
},
- "oid": "oid:1.2.3.4.5.6.7.8.9"
+ "oid": "oid:2.5.4.3"
}
},
{
"type": "cryptographic-asset",
"bom-ref": "asset-3",
- "name": "Name here",
+ "name": "Example Protocol with All Properties",
"cryptoProperties": {
"assetType": "protocol",
"protocolProperties": {
@@ -57,43 +156,134 @@
"version": "1.3",
"cipherSuites": [
{
- "name": "TLS_DHE_RSA_WITH_AES_128_CCM",
+ "name": "TLS_AES_128_GCM_SHA256",
"algorithms": [
- "bom-ref-to-algorithm"
+ "aes-128-gcm-ref",
+ "sha256-ref"
],
"identifiers": [
- "0xC0"
+ "0x1301"
+ ],
+ "tlsGroups": [
+ "x25519",
+ "secp256r1",
+ "secp384r1",
+ "secp521r1",
+ "ffdhe2048",
+ "ffdhe3072"
+ ],
+ "tlsSignatureSchemes": [
+ "ecdsa_secp256r1_sha256",
+ "ecdsa_secp384r1_sha384",
+ "ecdsa_secp521r1_sha512",
+ "rsa_pss_rsae_sha256",
+ "rsa_pss_rsae_sha384",
+ "rsa_pss_rsae_sha512",
+ "ed25519",
+ "ed448"
+ ]
+ },
+ {
+ "name": "TLS_AES_256_GCM_SHA384",
+ "algorithms": [
+ "aes-256-gcm-ref",
+ "sha384-ref"
+ ],
+ "identifiers": [
+ "0x1302"
+ ]
+ },
+ {
+ "name": "TLS_CHACHA20_POLY1305_SHA256",
+ "algorithms": [
+ "chacha20-poly1305-ref",
+ "sha256-ref"
+ ],
+ "identifiers": [
+ "0x1303"
]
}
- ]
+ ],
+ "ikev2TransformTypes": {
+ "encr": [
+ {
+ "name": "AES-128-GCM",
+ "keyLength": 128,
+ "algorithm": "aes-128-gcm-ref"
+ }
+ ],
+ "prf": [
+ {
+ "name": "SHA-256",
+ "algorithm": "sha256-ref"
+ }
+ ],
+ "integ": [
+ {
+ "name": "SHA-256",
+ "algorithm": "sha256-ref"
+ }
+ ],
+ "ke": [
+ {
+ "group": 14,
+ "algorithm": "diffie-hellman-group14-sha256-ref"
+ }
+ ],
+ "esn": true,
+ "auth": [
+ {
+ "name": "ECDSA",
+ "algorithm": "ecdsa_secp256r1_sha256"
+ }
+ ]
+ }
},
- "oid": "oid:1.2.3.4.5.6.7.8.9"
+ "oid": "oid:1.3.6.1.5.5.7.3.1"
}
},
{
"type": "cryptographic-asset",
"bom-ref": "asset-4",
- "name": "Name here",
+ "name": "Example Related Crypto Material with All Properties",
"cryptoProperties": {
"assetType": "related-crypto-material",
"relatedCryptoMaterialProperties": {
- "type": "private-key",
- "id": "12345",
+ "type": "public-key",
+ "id": "key-12345-67890",
"state": "active",
- "algorithmRef": "bom-ref-to-algorithm",
+ "algorithmRef": "rsa-4096-ref",
"creationDate": "2024-01-01T00:00:00.000Z",
"activationDate": "2024-01-02T00:00:00.000Z",
"updateDate": "2024-01-03T00:00:00.000Z",
- "expirationDate": "2024-01-04T00:00:00.000Z",
- "value": "Value here",
- "size": 1024,
- "format": "PEM",
+ "expirationDate": "2026-01-01T00:00:00.000Z",
+ "value": "-----BEGIN PUBLIC KEY-----",
+ "size": 4096,
+ "format": "PKCS#8",
"securedBy": {
"mechanism": "HSM",
- "algorithmRef": "bom-ref-to-algorithm"
- }
+ "algorithmRef": "aes-256-gcm-ref"
+ },
+ "fingerprint": {
+ "alg": "SHA-256",
+ "content": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
+ },
+ "relatedCryptographicAssets": [
+ {
+ "type": "publicKey",
+ "ref": "corresponding-public-key-ref"
+ },
+ {
+ "type": "certificate",
+ "ref": "certificate-using-this-key-ref"
+ },
+ {
+ "type": "algorithm",
+ "ref": "rsa-4096-ref"
+ }
+ ]
},
- "oid": "oid:1.2.3.4.5.6.7.8.9"
+ "oid": "oid:1.2.840.113549.1.1.1"
}
}
]
diff --git a/tools/src/test/resources/1.7/valid-cryptography-full-1.7.textproto b/tools/src/test/resources/1.7/valid-cryptography-full-1.7.textproto
index d2065ff9..9620c974 100644
--- a/tools/src/test/resources/1.7/valid-cryptography-full-1.7.textproto
+++ b/tools/src/test/resources/1.7/valid-cryptography-full-1.7.textproto
@@ -4,119 +4,278 @@
spec_version: "1.7"
version: 1
serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79"
-components: [
- {
- type: CLASSIFICATION_CRYPTOGRAPHIC_ASSET
- bom_ref: "asset-1"
- name: "Name here"
- cryptoProperties: {
- assetType: CRYPTO_ASSET_TYPE_ALGORITHM
- algorithmProperties: {
- primitive: CRYPTO_PRIMITIVE_AE
- parameterSetIdentifier: "128"
- curve: "brainpoolP160r1"
- executionEnvironment: CRYPTO_EXECUTION_ENVIRONMENT_SOFTWARE_PLAIN_RAM
- implementationPlatform: CRYPTO_IMPLEMENTATION_PLATFORM_X86_64
- certificationLevel: [ "fips140-1-l4" ]
- mode: CRYPTO_ALGORITHM_MODE_GCM
- padding: CRYPTO_ALGORITHM_PADDING_PKCS5
- cryptoFunctions: [
- CRYPTO_ALGORITHM_FUNCTION_KEYGEN,
- CRYPTO_ALGORITHM_FUNCTION_ENCRYPT,
- CRYPTO_ALGORITHM_FUNCTION_DECRYPT,
- CRYPTO_ALGORITHM_FUNCTION_TAG
- ]
- classicalSecurityLevel: 128
- nistQuantumSecurityLevel: 1
- },
- oid: "oid:1.2.3.4.5.6.7.8.9"
+
+components {
+ type: CLASSIFICATION_CRYPTOGRAPHIC_ASSET
+ bom_ref: "asset-1"
+ name: "Name here"
+ cryptoProperties {
+ assetType: CRYPTO_ASSET_TYPE_ALGORITHM
+ algorithmProperties {
+ primitive: CRYPTO_PRIMITIVE_KEY_AGREE
+ algorithmFamily: "ECDH"
+ parameterSetIdentifier: "128"
+ curve: "brainpool/brainpoolP160r1"
+ ellipticCurve: "brainpool/brainpoolP160r1"
+ executionEnvironment: CRYPTO_EXECUTION_ENVIRONMENT_SOFTWARE_PLAIN_RAM
+ implementationPlatform: CRYPTO_IMPLEMENTATION_PLATFORM_X86_64
+ certificationLevel: "fips140-3-l4"
+ mode: CRYPTO_ALGORITHM_MODE_GCM
+ padding: CRYPTO_ALGORITHM_PADDING_PKCS5
+ cryptoFunctions: CRYPTO_ALGORITHM_FUNCTION_KEYGEN
+ cryptoFunctions: CRYPTO_ALGORITHM_FUNCTION_KEYDERIVE
+ classicalSecurityLevel: 96
+ nistQuantumSecurityLevel: 0
}
- },
- {
- type: CLASSIFICATION_CRYPTOGRAPHIC_ASSET
- bom_ref: "asset-2"
- name: "Name here"
- cryptoProperties: {
- assetType: CRYPTO_ASSET_TYPE_CERTIFICATE
- certificateProperties: {
- subjectName: "Subject name here"
- issuerName: "Issuer name here"
- notValidBefore {
- seconds: 1640995200
- nanos: 0
- }
- notValidAfter {
- seconds: 1704067200
- nanos: 0
- }
- signatureAlgorithmRef: "bom-ref-to-algorithm"
- subjectPublicKeyRef: "bom-ref-to-public-key"
- certificateFormat: "X.509"
- certificateExtension: "crt"
- }
oid: "oid:1.2.3.4.5.6.7.8.9"
- }
- },
- {
- type: CLASSIFICATION_CRYPTOGRAPHIC_ASSET
- bom_ref: "asset-3"
- name: "Name here"
- cryptoProperties: {
- assetType: CRYPTO_ASSET_TYPE_PROTOCOL
- protocolProperties: {
- type: CRYPTO_PROTOCOL_TYPE_TLS
- version: "1.3"
- cipherSuites: [
- {
- name: "TLS_DHE_RSA_WITH_AES_128_CCM"
- algorithms: [
- "bom-ref-to-algorithm"
- ]
- identifiers: [
- "0xC0"
- ]
+ }
+}
+components {
+ type: CLASSIFICATION_CRYPTOGRAPHIC_ASSET
+ bom_ref: "asset-2"
+ name: "Example Certificate with All Properties"
+ cryptoProperties {
+ assetType: CRYPTO_ASSET_TYPE_CERTIFICATE
+ certificateProperties {
+ serialNumber: "0B:35:82:6D:F5:7A:02:0A:0A:21:8F:BD:F3:91:43:C3"
+ subjectName: "CN=example.com, O=Example Corp, C=US"
+ issuerName: "CN=Example CA, O=Example Trust Services, C=US"
+ notValidBefore { seconds: 1640995200 }
+ notValidAfter { seconds: 1704067200 }
+ signatureAlgorithmRef: "bom_ref-to-algorithm"
+ subjectPublicKeyRef: "bom_ref-to-public-key"
+ certificateFormat: "X.509"
+ certificateExtension: "crt"
+ certificateFileExtension: "crt"
+ fingerprint {
+ alg: HASH_ALG_SHA_256
+ value: "3942447fac867ae5cdb3229b658f4d48"
+ }
+ certificateState {
+ predefined_state: PREDEFINED_STATE_PRE_ACTIVATION
+ reason: "Certificate created but not yet active"
+ }
+ certificateState {
+ predefined_state: PREDEFINED_STATE_ACTIVE
+ reason: "Certificate in active use for TLS connections"
+ }
+ certificateState {
+ predefined_state: PREDEFINED_STATE_SUSPENDED
+ reason: "Temporary suspension due to security audit"
+ }
+ certificateState {
+ predefined_state: PREDEFINED_STATE_DEACTIVATED
+ reason: "Replaced by new certificate"
+ }
+ certificateState {
+ predefined_state: PREDEFINED_STATE_REVOKED
+ reason: "Private key compromise suspected"
+ }
+ certificateState {
+ predefined_state: PREDEFINED_STATE_DESTROYED
+ reason: "Certificate and associated keys securely destroyed"
+ }
+ creationDate { seconds: 1640995200 }
+ activationDate { seconds: 1641081600 }
+ deactivationDate { seconds: 1704067199 }
+ revocationDate { seconds: 1704067200 }
+ destructionDate { seconds: 1704153600 }
+ certificateExtensions {
+ extensions {
+ commonExtension {
+ name: COMMON_EXTENSION_NAME_BASIC_CONSTRAINTS
+ value: "CA:FALSE, pathlen:0"
+ }
+ }
+ extensions {
+ commonExtension {
+ name: COMMON_EXTENSION_NAME_KEY_USAGE
+ value: "digitalSignature, keyEncipherment"
+ }
+ }
+ extensions {
+ commonExtension {
+ name: COMMON_EXTENSION_NAME_EXTENDED_KEY_USAGE
+ value: "serverAuth, clientAuth"
+ }
+ }
+ extensions {
+ commonExtension {
+ name: COMMON_EXTENSION_NAME_SUBJECT_ALTERNATIVE_NAME
+ value: "DNS:example.com, DNS:www.example.com"
+ }
+ }
+ extensions {
+ commonExtension {
+ name: COMMON_EXTENSION_NAME_AUTHORITY_KEY_IDENTIFIER
+ value: "keyid:12:34:56:78:90:AB:CD:EF"
+ }
+ }
+ extensions {
+ commonExtension {
+ name: COMMON_EXTENSION_NAME_SUBJECT_KEY_IDENTIFIER
+ value: "AA:BB:CC:DD:EE:FF:00:11"
+ }
+ }
+ extensions {
+ commonExtension {
+ name: COMMON_EXTENSION_NAME_AUTHORITY_INFORMATION_ACCESS
+ value: "OCSP - URI:http://ocsp.example.com"
+ }
+ }
+ extensions {
+ commonExtension {
+ name: COMMON_EXTENSION_NAME_CERTIFICATE_POLICIES
+ value: "Policy: 2.23.140.1.2.1"
+ }
+ }
+ extensions {
+ commonExtension {
+ name: COMMON_EXTENSION_NAME_CRL_DISTRIBUTION_POINTS
+ value: "URI:http://crl.example.com/root.crl"
}
- ]
+ }
+ extensions {
+ commonExtension {
+ name: COMMON_EXTENSION_NAME_SIGNED_CERTIFICATE_TIMESTAMP
+ value: "Signed by Example CT log at 2022-01-01T00:00:00Z"
+ }
+ }
+ extensions {
+ customExtension {
+ name: "someCustomExtension"
+ value: "Custom value for this extension"
+ }
+ }
+ }
+ relatedCryptographicAssets {
+ assets {
+ type: "publicKey"
+ ref: "public-key-ref"
+ }
+ assets {
+ type: "privateKey"
+ ref: "private-key-ref"
+ }
+ assets {
+ type: "algorithm"
+ ref: "signing-algorithm-ref"
+ }
}
- oid: "oid:1.2.3.4.5.6.7.8.9"
}
- },
- {
- type: CLASSIFICATION_CRYPTOGRAPHIC_ASSET
- bom_ref: "asset-4"
- name: "Name here"
- cryptoProperties: {
- assetType: CRYPTO_ASSET_TYPE_RELATED_CRYPTO_MATERIAL
- relatedCryptoMaterialProperties: {
- type: CRYPTO_RELATED_TYPE_PRIVATE_KEY
- id: "12345"
- state: CRYPTO_RELATED_STATE_ACTIVE
- algorithmRef: "bom-ref-to-algorithm"
- creationDate {
- seconds: 1704067200
- nanos: 0
- }
- activationDate {
- seconds: 1704153600
- nanos: 0
- }
- updateDate {
- seconds: 1704240000
- nanos: 0
- }
- expirationDate {
- seconds: 1704326400
- nanos: 0
- }
- value: "Value here"
- size: 1024
- format: "PEM"
- securedBy: {
- mechanism: "HSM"
- algorithmRef: "bom-ref-to-algorithm"
- }
- }
- oid: "oid:1.2.3.4.5.6.7.8.9"
+ oid: "oid:2.5.4.3"
+ }
+}
+components {
+ type: CLASSIFICATION_CRYPTOGRAPHIC_ASSET
+ bom_ref: "asset-3"
+ name: "Example Protocol with All Properties"
+ cryptoProperties {
+ assetType: CRYPTO_ASSET_TYPE_PROTOCOL
+ protocolProperties {
+ type: CRYPTO_PROTOCOL_TYPE_TLS
+ version: "1.3"
+ cipherSuites {
+ name: "TLS_AES_128_GCM_SHA256"
+ algorithms: "aes-128-gcm-ref"
+ algorithms: "sha256-ref"
+ identifiers: "0x1301"
+ tlsGroups: "x25519"
+ tlsGroups: "secp256r1"
+ tlsGroups: "secp384r1"
+ tlsGroups: "secp521r1"
+ tlsGroups: "ffdhe2048"
+ tlsGroups: "ffdhe3072"
+ tlsSignatureSchemes: "ecdsa_secp256r1_sha256"
+ tlsSignatureSchemes: "ecdsa_secp384r1_sha384"
+ tlsSignatureSchemes: "ecdsa_secp521r1_sha512"
+ tlsSignatureSchemes: "rsa_pss_rsae_sha256"
+ tlsSignatureSchemes: "rsa_pss_rsae_sha384"
+ tlsSignatureSchemes: "rsa_pss_rsae_sha512"
+ tlsSignatureSchemes: "ed25519"
+ tlsSignatureSchemes: "ed448"
+ }
+ cipherSuites {
+ name: "TLS_AES_256_GCM_SHA384"
+ algorithms: "aes-256-gcm-ref"
+ algorithms: "sha384-ref"
+ identifiers: "0x1302"
+ }
+ cipherSuites {
+ name: "TLS_CHACHA20_POLY1305_SHA256"
+ algorithms: "chacha20-poly1305-ref"
+ algorithms: "sha256-ref"
+ identifiers: "0x1303"
+ }
+ ikev2TransformTypes {
+ encr {
+ name: "AES-128-GCM"
+ keyLength: 128
+ algorithm: "aes-128-gcm-ref"
+ }
+ prf {
+ name: "SHA-256"
+ algorithm: "sha256-ref"
+ }
+ integ {
+ name: "SHA-256"
+ algorithm: "sha256-ref"
+ }
+ ke {
+ group: 14
+ algorithm: "diffie-hellman-group14-sha256-ref"
+ }
+ esn: true
+ auth {
+ name: "ECDSA"
+ algorithm: "ecdsa_secp256r1_sha256"
+ }
+ }
+ }
+ oid: "oid:1.3.6.1.5.5.7.3.1"
+ }
+}
+components {
+ type: CLASSIFICATION_CRYPTOGRAPHIC_ASSET
+ bom_ref: "asset-4"
+ name: "Example Related Crypto Material with All Properties"
+ cryptoProperties {
+ assetType: CRYPTO_ASSET_TYPE_RELATED_CRYPTO_MATERIAL
+ relatedCryptoMaterialProperties {
+ type: CRYPTO_RELATED_TYPE_PUBLIC_KEY
+ id: "key-12345-67890"
+ state: CRYPTO_RELATED_STATE_ACTIVE
+ algorithmRef: "rsa-4096-ref"
+ creationDate { seconds: 1704067200 }
+ activationDate { seconds: 1704153600 }
+ updateDate { seconds: 1704240000 }
+ expirationDate { seconds: 1767225600 }
+ value: "-----BEGIN PUBLIC KEY-----"
+ size: 4096
+ format: "PKCS#8"
+ securedBy {
+ mechanism: "HSM"
+ algorithmRef: "aes-256-gcm-ref"
+ }
+ fingerprint {
+ alg: HASH_ALG_SHA_256
+ value: "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
+ }
+ relatedCryptographicAssets {
+ assets {
+ type: "publicKey"
+ ref: "corresponding-public-key-ref"
+ }
+ assets {
+ type: "certificate"
+ ref: "certificate-using-this-key-ref"
+ }
+ assets {
+ type: "algorithm"
+ ref: "rsa-4096-ref"
+ }
+ }
}
+ oid: "oid:1.2.840.113549.1.1.1"
}
-]
+}
diff --git a/tools/src/test/resources/1.7/valid-cryptography-full-1.7.xml b/tools/src/test/resources/1.7/valid-cryptography-full-1.7.xml
index ef2c46df..ea6a721c 100644
--- a/tools/src/test/resources/1.7/valid-cryptography-full-1.7.xml
+++ b/tools/src/test/resources/1.7/valid-cryptography-full-1.7.xml
@@ -1,50 +1,144 @@
-
+
Name here
algorithm
- ae
+ key-agree
+ ECDH
128
- brainpoolP160r1
+ brainpool/brainpoolP160r1
+ brainpool/brainpoolP160r1
software-plain-ram
x86_64
- fips140-1-l4
+ fips140-3-l4
gcm
pkcs5
keygen
- encrypt
- decrypt
- tag
+ keyderive
- 128
- 1
+ 96
+ 0
oid:1.2.3.4.5.6.7.8.9
- Name here
+ Example Certificate with All Properties
certificate
- Subject name here
- Issuer name here
+ 0B:35:82:6D:F5:7A:02:0A:0A:21:8F:BD:F3:91:43:C3
+ CN=example.com, O=Example Corp, C=US
+ CN=Example CA, O=Example Trust Services, C=US
2022-01-01T00:00:00.000Z
2024-01-01T00:00:00.000Z
bom-ref-to-algorithm
bom-ref-to-public-key
X.509
crt
+ crt
+ 3942447fac867ae5cdb3229b658f4d48
+
+ pre-activation
+ Certificate created but not yet active
+
+
+ active
+ Certificate in active use for TLS connections
+
+
+ suspended
+ Temporary suspension due to security audit
+
+
+ deactivated
+ Replaced by new certificate
+
+
+ revoked
+ Private key compromise suspected
+
+
+ destroyed
+ Certificate and associated keys securely destroyed
+
+ 2022-01-01T00:00:00.000Z
+ 2022-01-02T00:00:00.000Z
+ 2023-12-31T23:59:59.000Z
+ 2024-01-01T00:00:00.000Z
+ 2024-01-02T00:00:00.000Z
+
+
+ basicConstraints
+ CA:FALSE, pathlen:0
+
+
+ keyUsage
+ digitalSignature, keyEncipherment
+
+
+ extendedKeyUsage
+ serverAuth, clientAuth
+
+
+ subjectAlternativeName
+ DNS:example.com, DNS:www.example.com
+
+
+ authorityKeyIdentifier
+ keyid:12:34:56:78:90:AB:CD:EF
+
+
+ subjectKeyIdentifier
+ AA:BB:CC:DD:EE:FF:00:11
+
+
+ authorityInformationAccess
+ OCSP - URI:http://ocsp.example.com
+
+
+ certificatePolicies
+ Policy: 2.23.140.1.2.1
+
+
+ crlDistributionPoints
+ URI:http://crl.example.com/root.crl
+
+
+ signedCertificateTimestamp
+ Signed by Example CT log at 2022-01-01T00:00:00Z
+
+
+
+ someCustomExtension
+ Custom value for this extension
+
+
+
+
+ publicKey
+ [public-key-ref]
+
+
+ privateKey
+ [private-key-ref]
+
+
+ algorithm
+ [signing-algorithm-ref]
+
+
- oid:1.2.3.4.5.6.7.8.9
+ oid:2.5.4.3
- Name here
+ Example Protocol with All Properties
protocol
@@ -52,41 +146,120 @@
1.3
- TLS_DHE_RSA_WITH_AES_128_CCM
+ TLS_AES_128_GCM_SHA256
+
+ aes-128-gcm-ref
+ sha256-ref
+
+
+ 0x1301
+
+
+ x25519
+ secp256r1
+ secp384r1
+ secp521r1
+ ffdhe2048
+ ffdhe3072
+
+
+ ecdsa_secp256r1_sha256
+ ecdsa_secp384r1_sha384
+ ecdsa_secp521r1_sha512
+ rsa_pss_rsae_sha256
+ rsa_pss_rsae_sha384
+ rsa_pss_rsae_sha512
+ ed25519
+ ed448
+
+
+
+ TLS_AES_256_GCM_SHA384
- bom-ref-to-algorithm
+ aes-256-gcm-ref
+ sha384-ref
- 0xC0
+ 0x1302
+
+
+
+ TLS_CHACHA20_POLY1305_SHA256
+
+ chacha20-poly1305-ref
+ sha256-ref
+
+
+ 0x1303
+
+
+ AES-128-GCM
+ 128
+ aes-128-gcm-ref
+
+
+ SHA-256
+ sha256-ref
+
+
+ SHA-256
+ sha256-ref
+
+
+ 14
+ diffie-hellman-group14-sha256-ref
+
+ true
+
+ ECDSA
+ ecdsa_secp256r1_sha256
+
+
- oid:1.2.3.4.5.6.7.8.9
+ oid:1.3.6.1.5.5.7.3.1
- Name here
+ Example Related Crypto Material with All Properties
related-crypto-material
- private-key
- 12345
+ public-key
+ key-12345-67890
active
- bom-ref-to-algorithm
+ rsa-4096-ref
2024-01-01T00:00:00.000Z
2024-01-02T00:00:00.000Z
2024-01-03T00:00:00.000Z
- 2024-01-04T00:00:00.000Z
- Value here
- 1024
- PEM
+ 2026-01-01T00:00:00.000Z
+ -----BEGIN PUBLIC KEY-----
+ 4096
+ PKCS#8
HSM
- bom-ref-to-algorithm
+ aes-256-gcm-ref
+ e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
+
+
+
+ publicKey
+ [corresponding-public-key-ref]
+
+
+ certificate
+ [certificate-using-this-key-ref]
+
+
+ algorithm
+ [rsa-4096-ref]
+
+
- oid:1.2.3.4.5.6.7.8.9
+ oid:1.2.840.113549.1.1.1
diff --git a/tools/src/test/resources/1.7/valid-cryptography-full-deprecated-1.7.json b/tools/src/test/resources/1.7/valid-cryptography-full-deprecated-1.7.json
new file mode 100644
index 00000000..847ca57d
--- /dev/null
+++ b/tools/src/test/resources/1.7/valid-cryptography-full-deprecated-1.7.json
@@ -0,0 +1,109 @@
+{
+ "$schema": "http://cyclonedx.org/schema/bom-1.7.schema.json",
+ "bomFormat": "CycloneDX",
+ "specVersion": "1.7",
+ "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
+ "version": 1,
+ "components": [
+ {
+ "type": "cryptographic-asset",
+ "bom-ref": "asset-1",
+ "name": "Name here",
+ "cryptoProperties": {
+ "assetType": "algorithm",
+ "algorithmProperties": {
+ "primitive": "ae",
+ "parameterSetIdentifier": "128",
+ "curve": "brainpoolP160r1",
+ "executionEnvironment": "software-plain-ram",
+ "implementationPlatform": "x86_64",
+ "certificationLevel": [ "fips140-1-l4" ],
+ "mode": "gcm",
+ "padding": "pkcs5",
+ "cryptoFunctions": ["keygen", "encrypt", "decrypt", "tag"],
+ "classicalSecurityLevel": 128,
+ "nistQuantumSecurityLevel": 1
+ },
+ "oid": "oid:1.2.3.4.5.6.7.8.9"
+ }
+ },
+ {
+ "type": "cryptographic-asset",
+ "bom-ref": "asset-2",
+ "name": "Name here",
+ "cryptoProperties": {
+ "assetType": "certificate",
+ "certificateProperties": {
+ "subjectName": "Subject name here",
+ "issuerName": "Issuer name here",
+ "notValidBefore": "2022-01-01T00:00:00.000Z",
+ "notValidAfter": "2024-01-01T00:00:00.000Z",
+ "signatureAlgorithmRef": "bom-ref-to-algorithm",
+ "subjectPublicKeyRef": "bom-ref-to-public-key",
+ "certificateFormat": "X.509",
+ "certificateExtension": "crt"
+ },
+ "oid": "oid:1.2.3.4.5.6.7.8.9"
+ }
+ },
+ {
+ "type": "cryptographic-asset",
+ "bom-ref": "asset-3",
+ "name": "Name here",
+ "cryptoProperties": {
+ "assetType": "protocol",
+ "protocolProperties": {
+ "type": "tls",
+ "version": "1.3",
+ "cipherSuites": [
+ {
+ "name": "TLS_DHE_RSA_WITH_AES_128_CCM",
+ "algorithms": [
+ "bom-ref-to-algorithm"
+ ],
+ "identifiers": [
+ "0xC0"
+ ]
+ }
+ ],
+ "ikev2TransformTypes": {
+ "encr": ["bom-ref-to-encr"],
+ "prf": ["bom-ref-to-prf"],
+ "integ": ["bom-ref-to-integ"],
+ "ke": ["bom-ref-to-ke"],
+ "esn": true,
+ "auth": ["bom-ref-to-auth"]
+ },
+ "cryptoRefArray": ["asset-4"]
+ },
+ "oid": "oid:1.2.3.4.5.6.7.8.9"
+ }
+ },
+ {
+ "type": "cryptographic-asset",
+ "bom-ref": "asset-4",
+ "name": "Name here",
+ "cryptoProperties": {
+ "assetType": "related-crypto-material",
+ "relatedCryptoMaterialProperties": {
+ "type": "private-key",
+ "id": "12345",
+ "state": "active",
+ "algorithmRef": "bom-ref-to-algorithm",
+ "creationDate": "2024-01-01T00:00:00.000Z",
+ "activationDate": "2024-01-02T00:00:00.000Z",
+ "updateDate": "2024-01-03T00:00:00.000Z",
+ "expirationDate": "2024-01-04T00:00:00.000Z",
+ "value": "Value here",
+ "size": 1024,
+ "format": "PEM",
+ "securedBy": {
+ "mechanism": "HSM",
+ "algorithmRef": "bom-ref-to-algorithm"
+ }
+ },
+ "oid": "oid:1.2.3.4.5.6.7.8.9"
+ }
+ }
+ ]
+}
diff --git a/tools/src/test/resources/1.7/valid-cryptography-full-deprecated-1.7.textproto b/tools/src/test/resources/1.7/valid-cryptography-full-deprecated-1.7.textproto
new file mode 100644
index 00000000..365b0cf7
--- /dev/null
+++ b/tools/src/test/resources/1.7/valid-cryptography-full-deprecated-1.7.textproto
@@ -0,0 +1,131 @@
+# proto-file: schema/bom-1.7.proto
+# proto-message: Bom
+
+spec_version: "1.6"
+version: 1
+serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79"
+components: [
+ {
+ type: CLASSIFICATION_CRYPTOGRAPHIC_ASSET
+ bom_ref: "asset-1"
+ name: "Name here"
+ cryptoProperties: {
+ assetType: CRYPTO_ASSET_TYPE_ALGORITHM
+ algorithmProperties: {
+ primitive: CRYPTO_PRIMITIVE_AE
+ parameterSetIdentifier: "128"
+ curve: "brainpoolP160r1"
+ executionEnvironment: CRYPTO_EXECUTION_ENVIRONMENT_SOFTWARE_PLAIN_RAM
+ implementationPlatform: CRYPTO_IMPLEMENTATION_PLATFORM_X86_64
+ certificationLevel: ["fips140-1-l4"]
+ mode: CRYPTO_ALGORITHM_MODE_GCM
+ padding: CRYPTO_ALGORITHM_PADDING_PKCS5
+ cryptoFunctions: [
+ CRYPTO_ALGORITHM_FUNCTION_KEYGEN,
+ CRYPTO_ALGORITHM_FUNCTION_ENCRYPT,
+ CRYPTO_ALGORITHM_FUNCTION_DECRYPT,
+ CRYPTO_ALGORITHM_FUNCTION_TAG
+ ]
+ classicalSecurityLevel: 128
+ nistQuantumSecurityLevel: 1
+ },
+ oid: "oid:1.2.3.4.5.6.7.8.9"
+ }
+ },
+ {
+ type: CLASSIFICATION_CRYPTOGRAPHIC_ASSET
+ bom_ref: "asset-2"
+ name: "Name here"
+ cryptoProperties: {
+ assetType: CRYPTO_ASSET_TYPE_CERTIFICATE
+ certificateProperties: {
+ subjectName: "Subject name here"
+ issuerName: "Issuer name here"
+ notValidBefore {
+ seconds: 1640995200
+ nanos: 0
+ }
+ notValidAfter {
+ seconds: 1704067200
+ nanos: 0
+ }
+ signatureAlgorithmRef: "bom-ref-to-algorithm"
+ subjectPublicKeyRef: "bom-ref-to-public-key"
+ certificateFormat: "X.509"
+ certificateExtension: "crt"
+ }
+ oid: "oid:1.2.3.4.5.6.7.8.9"
+ }
+ },
+ {
+ type: CLASSIFICATION_CRYPTOGRAPHIC_ASSET
+ bom_ref: "asset-3"
+ name: "Name here"
+ cryptoProperties: {
+ assetType: CRYPTO_ASSET_TYPE_PROTOCOL
+ protocolProperties: {
+ type: CRYPTO_PROTOCOL_TYPE_TLS
+ version: "1.3"
+ cipherSuites: [
+ {
+ name: "TLS_DHE_RSA_WITH_AES_128_CCM"
+ algorithms: [
+ "bom-ref-to-algorithm"
+ ]
+ identifiers: [
+ "0xC0"
+ ]
+ }
+ ]
+ ikev2TransformTypes: {
+ encr: "bom-ref-to-encr"
+ prf: "bom-ref-to-prf"
+ integ: "bom-ref-to-integ"
+ ke: "bom-ref-to-ke"
+ esn: true
+ auth: "bom-ref-to-auth"
+ }
+ cryptoRef: "asset-4"
+ }
+ oid: "oid:1.2.3.4.5.6.7.8.9"
+ }
+ },
+ {
+ type: CLASSIFICATION_CRYPTOGRAPHIC_ASSET
+ bom_ref: "asset-4"
+ name: "Name here"
+ cryptoProperties: {
+ assetType: CRYPTO_ASSET_TYPE_RELATED_CRYPTO_MATERIAL
+ relatedCryptoMaterialProperties: {
+ type: CRYPTO_RELATED_TYPE_PRIVATE_KEY
+ id: "12345"
+ state: CRYPTO_RELATED_STATE_ACTIVE
+ algorithmRef: "bom-ref-to-algorithm"
+ creationDate {
+ seconds: 1704067200
+ nanos: 0
+ }
+ activationDate {
+ seconds: 1704153600
+ nanos: 0
+ }
+ updateDate {
+ seconds: 1704240000
+ nanos: 0
+ }
+ expirationDate {
+ seconds: 1704326400
+ nanos: 0
+ }
+ value: "Value here"
+ size: 1024
+ format: "PEM"
+ securedBy: {
+ mechanism: "HSM"
+ algorithmRef: "bom-ref-to-algorithm"
+ }
+ }
+ oid: "oid:1.2.3.4.5.6.7.8.9"
+ }
+ }
+]
diff --git a/tools/src/test/resources/1.7/valid-cryptography-full-deprecated-1.7.xml b/tools/src/test/resources/1.7/valid-cryptography-full-deprecated-1.7.xml
new file mode 100644
index 00000000..25060347
--- /dev/null
+++ b/tools/src/test/resources/1.7/valid-cryptography-full-deprecated-1.7.xml
@@ -0,0 +1,119 @@
+
+
+
+
+ Name here
+
+ algorithm
+
+ ae
+ 128
+ brainpoolP160r1
+ software-plain-ram
+ x86_64
+ fips140-1-l4
+ gcm
+ pkcs5
+
+ keygen
+ encrypt
+ decrypt
+ tag
+
+ 128
+ 1
+
+ oid:1.2.3.4.5.6.7.8.9
+
+
+
+ Name here
+
+ certificate
+
+ Subject name here
+ Issuer name here
+ 2022-01-01T00:00:00.000Z
+ 2024-01-01T00:00:00.000Z
+ bom-ref-to-algorithm
+ bom-ref-to-public-key
+ X.509
+ crt
+
+
+ tls
+ 1.3
+
+
+ TLS_DHE_RSA_WITH_AES_128_CCM
+
+ bom-ref-to-algorithm
+
+
+ 0xC0
+
+
+
+
+ bom-ref-to-encr
+ bom-ref-to-prf
+ bom-ref-to-integ
+ bom-ref-to-ke
+ true
+ bom-ref-to-auth
+
+ asset-4
+
+ oid:1.2.3.4.5.6.7.8.9
+
+
+
+ Name here
+
+ protocol
+
+ tls
+ 1.3
+
+
+ TLS_DHE_RSA_WITH_AES_128_CCM
+
+ bom-ref-to-algorithm
+
+
+ 0xC0
+
+
+
+
+ oid:1.2.3.4.5.6.7.8.9
+
+
+
+ Name here
+
+ related-crypto-material
+
+ private-key
+ 12345
+ active
+ bom-ref-to-algorithm
+ 2024-01-01T00:00:00.000Z
+ 2024-01-02T00:00:00.000Z
+ 2024-01-03T00:00:00.000Z
+ 2024-01-04T00:00:00.000Z
+ Value here
+ 1024
+ PEM
+
+ HSM
+ bom-ref-to-algorithm
+
+
+ oid:1.2.3.4.5.6.7.8.9
+
+
+
+
diff --git a/tools/src/test/resources/1.7/valid-cryptography-implementation-1.7.json b/tools/src/test/resources/1.7/valid-cryptography-implementation-1.7.json
index d2499425..6ba2aec0 100644
--- a/tools/src/test/resources/1.7/valid-cryptography-implementation-1.7.json
+++ b/tools/src/test/resources/1.7/valid-cryptography-implementation-1.7.json
@@ -2,59 +2,114 @@
"$schema": "http://cyclonedx.org/schema/bom-1.7.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.7",
- "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
+ "serialNumber": "urn:uuid:e8c355aa-2142-4084-a8c7-6d42c8610ba2",
"version": 1,
"metadata": {
+ "timestamp": "2025-07-09T12:00:00Z",
"component": {
"type": "application",
- "bom-ref": "acme-application",
- "name": "Acme Application",
+ "name": "my application",
"version": "1.0"
}
},
"components": [
{
"type": "cryptographic-asset",
- "bom-ref": "aes128gcm",
- "name": "AES",
+ "name": "AES-128-GCM-128-12",
"cryptoProperties": {
"assetType": "algorithm",
"algorithmProperties": {
+ "algorithmFamily": "AES",
"primitive": "ae",
"parameterSetIdentifier": "128",
+ "mode": "gcm",
"executionEnvironment": "software-plain-ram",
"implementationPlatform": "x86_64",
"certificationLevel": [ "none" ],
- "mode": "gcm",
- "cryptoFunctions": ["keygen", "encrypt", "decrypt", "tag"],
+ "cryptoFunctions": [ "keygen", "encrypt", "decrypt", "tag" ],
"classicalSecurityLevel": 128,
"nistQuantumSecurityLevel": 1
},
- "oid": "oid:2.16.840.1.101.3.4.1.7"
+ "oid": "2.16.840.1.101.3.4.1.6"
+ }
+ },
+ {
+ "name": "RSA-PKCS1-1.5-SHA512-2048",
+ "type": "cryptographic-asset",
+ "cryptoProperties": {
+ "assetType": "algorithm",
+ "algorithmProperties": {
+ "algorithmFamily": "RSASSA-PKCS1",
+ "primitive": "signature",
+ "parameterSetIdentifier": "512",
+ "executionEnvironment": "software-plain-ram",
+ "implementationPlatform": "x86_64",
+ "certificationLevel": [ "none" ],
+ "cryptoFunctions": [ "sign", "verify" ],
+ "nistQuantumSecurityLevel": 0
+ },
+ "oid": "1.2.840.113549.1.1.13"
}
},
{
- "type": "library",
- "bom-ref": "crypto-library",
- "name": "Crypto library",
- "version": "1.0.0"
+ "name": "ECDH-secp521r1",
+ "bom-ref": "ecdhsecp521r1",
+ "type": "cryptographic-asset",
+ "cryptoProperties": {
+ "assetType": "algorithm",
+ "algorithmProperties": {
+ "algorithmFamily": "ECDH",
+ "ellipticCurve": "secg/secp521r1",
+ "primitive": "key-agree",
+ "executionEnvironment": "software-plain-ram",
+ "implementationPlatform": "x86_64",
+ "certificationLevel": [ "none" ],
+ "cryptoFunctions": [ "keygen", "keyderive" ],
+ "nistQuantumSecurityLevel": 0
+ },
+ "oid": "1.3.132.0.35"
+ }
},
{
- "type": "library",
- "bom-ref": "some-library",
- "name": "Some library",
- "version": "1.0.0"
+ "name": "ML-KEM-1024",
+ "bom-ref": "mlkem1024",
+ "type": "cryptographic-asset",
+ "cryptoProperties": {
+ "assetType": "algorithm",
+ "algorithmProperties": {
+ "algorithmFamily": "ML-KEM",
+ "primitive": "kem",
+ "executionEnvironment": "software-plain-ram",
+ "implementationPlatform": "x86_64",
+ "certificationLevel": [ "none" ],
+ "cryptoFunctions": [ "keygen", "keyderive" ],
+ "nistQuantumSecurityLevel": 5
+ },
+ "oid": "2.16.840.1.101.3.4.1.48"
+ }
+ },
+ {
+ "name": "draft-ietf-tls-hybrid-design-13",
+ "bom-ref": "draftietftlshybriddesign13",
+ "type": "cryptographic-asset",
+ "cryptoProperties": {
+ "assetType": "algorithm",
+ "algorithmProperties": {
+ "primitive": "combiner",
+ "executionEnvironment": "software-plain-ram",
+ "implementationPlatform": "x86_64",
+ "certificationLevel": [ "none" ],
+ "cryptoFunctions": [ "keygen", "keyderive" ],
+ "nistQuantumSecurityLevel": 0
+ },
+ "oid": "1.3.101.110"
+ }
}
],
"dependencies": [
{
- "ref": "acme-application",
- "dependsOn": ["crypto-library"]
- },
- {
- "ref": "crypto-library",
- "provides": ["aes128gcm"],
- "dependsOn": ["some-library"]
+ "ref": "draftietftlshybriddesign13",
+ "dependsOn": ["mlkem1024", "ecdhsecp521r1"]
}
]
}
diff --git a/tools/src/test/resources/1.7/valid-cryptography-implementation-1.7.textproto b/tools/src/test/resources/1.7/valid-cryptography-implementation-1.7.textproto
index 8e7f928e..adfd793d 100644
--- a/tools/src/test/resources/1.7/valid-cryptography-implementation-1.7.textproto
+++ b/tools/src/test/resources/1.7/valid-cryptography-implementation-1.7.textproto
@@ -1,71 +1,121 @@
# proto-file: schema/bom-1.7.proto
# proto-message: Bom
-# proto-file: schema/bom-1.7.proto
-# proto-message:
-
spec_version: "1.7"
version: 1
serial_number: "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79"
-metadata: {
- component: {
+
+metadata {
+ component{
type: CLASSIFICATION_APPLICATION
bom_ref: "acme-application"
name: "Acme Application"
version: "1.0"
}
}
-components: [
- {
- type: CLASSIFICATION_CRYPTOGRAPHIC_ASSET
- bom_ref: "aes128gcm"
- name: "AES"
- cryptoProperties: {
- assetType: CRYPTO_ASSET_TYPE_ALGORITHM
- algorithmProperties: {
- primitive: CRYPTO_PRIMITIVE_AE
- parameterSetIdentifier: "128"
- executionEnvironment: CRYPTO_EXECUTION_ENVIRONMENT_SOFTWARE_PLAIN_RAM
- implementationPlatform: CRYPTO_IMPLEMENTATION_PLATFORM_X86_64
- certificationLevel: [ "none" ],
- mode: CRYPTO_ALGORITHM_MODE_GCM
- cryptoFunctions: [
- CRYPTO_ALGORITHM_FUNCTION_KEYGEN,
- CRYPTO_ALGORITHM_FUNCTION_ENCRYPT,
- CRYPTO_ALGORITHM_FUNCTION_DECRYPT,
- CRYPTO_ALGORITHM_FUNCTION_TAG
- ]
- classicalSecurityLevel: 128
- nistQuantumSecurityLevel: 1
- },
- oid: "oid:2.16.840.1.101.3.4.1.7"
+
+components {
+ type: CLASSIFICATION_CRYPTOGRAPHIC_ASSET
+ name: "AES-128-GCM-128-12"
+ cryptoProperties{
+ assetType: CRYPTO_ASSET_TYPE_ALGORITHM
+ algorithmProperties{
+ algorithmFamily: "AES"
+ primitive: CRYPTO_PRIMITIVE_AE
+ parameterSetIdentifier: "128"
+ mode: CRYPTO_ALGORITHM_MODE_GCM
+ executionEnvironment: CRYPTO_EXECUTION_ENVIRONMENT_SOFTWARE_PLAIN_RAM
+ implementationPlatform: CRYPTO_IMPLEMENTATION_PLATFORM_X86_64
+ certificationLevel: "none"
+ cryptoFunctions: CRYPTO_ALGORITHM_FUNCTION_KEYGEN
+ cryptoFunctions: CRYPTO_ALGORITHM_FUNCTION_ENCRYPT
+ cryptoFunctions: CRYPTO_ALGORITHM_FUNCTION_DECRYPT
+ cryptoFunctions: CRYPTO_ALGORITHM_FUNCTION_TAG
+ classicalSecurityLevel: 128
+ nistQuantumSecurityLevel: 1
+ }
+ oid: "2.16.840.1.101.3.4.1.6"
+ }
+}
+components {
+ name: "RSA-PKCS1-1.5-SHA512-2048"
+ type: CLASSIFICATION_CRYPTOGRAPHIC_ASSET
+ cryptoProperties{
+ assetType: CRYPTO_ASSET_TYPE_ALGORITHM
+ algorithmProperties{
+ algorithmFamily: "RSASSA-PKCS1"
+ primitive: CRYPTO_PRIMITIVE_SIGNATURE
+ parameterSetIdentifier: "512"
+ executionEnvironment: CRYPTO_EXECUTION_ENVIRONMENT_SOFTWARE_PLAIN_RAM
+ implementationPlatform: CRYPTO_IMPLEMENTATION_PLATFORM_X86_64
+ certificationLevel: "none"
+ cryptoFunctions: CRYPTO_ALGORITHM_FUNCTION_SIGN
+ cryptoFunctions: CRYPTO_ALGORITHM_FUNCTION_VERIFY
+ nistQuantumSecurityLevel: 0
+ }
+ oid: "1.2.840.113549.1.1.13"
+ }
+}
+components {
+ name: "ECDH-secp521r1"
+ bom_ref: "ecdhsecp521r1"
+ type: CLASSIFICATION_CRYPTOGRAPHIC_ASSET
+ cryptoProperties{
+ assetType: CRYPTO_ASSET_TYPE_ALGORITHM
+ algorithmProperties{
+ algorithmFamily: "ECDH"
+ ellipticCurve: "secg/secp521r1"
+ primitive: CRYPTO_PRIMITIVE_KEY_AGREE
+ executionEnvironment: CRYPTO_EXECUTION_ENVIRONMENT_SOFTWARE_PLAIN_RAM
+ implementationPlatform: CRYPTO_IMPLEMENTATION_PLATFORM_X86_64
+ certificationLevel: "none"
+ cryptoFunctions: CRYPTO_ALGORITHM_FUNCTION_KEYGEN
+ cryptoFunctions: CRYPTO_ALGORITHM_FUNCTION_KEYDERIVE
+ nistQuantumSecurityLevel: 0
}
- },
- {
- type: CLASSIFICATION_LIBRARY
- bom_ref: "crypto-library"
- name: "Crypto library"
- version: "1.0.0"
- },
- {
- type: CLASSIFICATION_LIBRARY
- bom_ref: "some-library"
- name: "Some library"
- version: "1.0.0"
+ oid: "1.3.132.0.35"
}
-],
-dependencies: [
- {
- ref: "acme-application"
- dependencies {
- ref: "crypto-library"
+}
+components {
+ name: "ML-KEM-1024"
+ bom_ref: "mlkem1024"
+ type: CLASSIFICATION_CRYPTOGRAPHIC_ASSET
+ cryptoProperties{
+ assetType: CRYPTO_ASSET_TYPE_ALGORITHM
+ algorithmProperties{
+ algorithmFamily: "ML-KEM"
+ primitive: CRYPTO_PRIMITIVE_KEM
+ executionEnvironment: CRYPTO_EXECUTION_ENVIRONMENT_SOFTWARE_PLAIN_RAM
+ implementationPlatform: CRYPTO_IMPLEMENTATION_PLATFORM_X86_64
+ certificationLevel: "none"
+ cryptoFunctions: CRYPTO_ALGORITHM_FUNCTION_KEYGEN
+ cryptoFunctions: CRYPTO_ALGORITHM_FUNCTION_KEYDERIVE
+ nistQuantumSecurityLevel: 5
}
- },
- {
- ref: "crypto-library"
- provides: [ "aes128gcm" ]
- dependencies {
- ref: "some-library"
+ oid: "2.16.840.1.101.3.4.1.48"
+ }
+}
+components {
+ name: "draft-ietf-tls-hybrid-design-13"
+ bom_ref: "draftietftlshybriddesign13"
+ type: CLASSIFICATION_CRYPTOGRAPHIC_ASSET
+ cryptoProperties{
+ assetType: CRYPTO_ASSET_TYPE_ALGORITHM
+ algorithmProperties{
+ primitive: CRYPTO_PRIMITIVE_COMBINER
+ executionEnvironment: CRYPTO_EXECUTION_ENVIRONMENT_SOFTWARE_PLAIN_RAM
+ implementationPlatform: CRYPTO_IMPLEMENTATION_PLATFORM_X86_64
+ certificationLevel: "none"
+ cryptoFunctions: CRYPTO_ALGORITHM_FUNCTION_KEYGEN
+ cryptoFunctions: CRYPTO_ALGORITHM_FUNCTION_KEYDERIVE
+ nistQuantumSecurityLevel: 0
}
+ oid: "1.3.101.110"
}
-]
+}
+
+dependencies {
+ ref: "draftietftlshybriddesign13"
+ dependencies { ref: "mlkem1024" }
+ dependencies { ref: "ecdhsecp521r1" }
+}
diff --git a/tools/src/test/resources/1.7/valid-cryptography-implementation-1.7.xml b/tools/src/test/resources/1.7/valid-cryptography-implementation-1.7.xml
index 47ce09cc..924d53c3 100644
--- a/tools/src/test/resources/1.7/valid-cryptography-implementation-1.7.xml
+++ b/tools/src/test/resources/1.7/valid-cryptography-implementation-1.7.xml
@@ -1,5 +1,7 @@
-
+
Acme Application
@@ -27,7 +29,64 @@
128
1
- oid:2.16.840.1.101.3.4.1.7
+ 2.16.840.1.101.3.4.1.6
+
+
+
+ ECDH-secp521r1
+
+ algorithm
+
+ key-agree
+ ECDH
+ secg/secp521r1
+ software-plain-ram
+ x86_64
+ none
+
+ keygen
+ keyderive
+
+ 0
+
+ 1.3.132.0.35
+
+
+
+ ML-KEM-1024
+
+ algorithm
+
+ kem
+ ML-KEM
+ software-plain-ram
+ x86_64
+ none
+
+ keygen
+ keyderive
+
+ 5
+
+ 2.16.840.1.101.3.4.1.48
+
+
+
+ draft-ietf-tls-hybrid-design-13
+
+ algorithm
+
+ combiner
+ software-plain-ram
+ x86_64
+ none
+
+ keygen
+ keyderive
+
+ 0
+
+ 1.3.101.110
@@ -47,5 +106,9 @@
+
+
+
+