CycloneDX · stevespringett · Mar 22, 2025 · Apr 10, 2025 · Apr 14, 2025 · Apr 14, 2025
@@ -0,0 +1,39 @@
+import json
+from datetime import datetime
+from pathlib import Path
+from typing import Dict, List, Any
+
+# Step 1: Load JSON data safely using context managers
+SCHEMA_DIR = Path(__file__).parent.parent / "../../../schema"
+DEFS_FILE = SCHEMA_DIR / "cryptography-defs.json"
+SCHEMA_FILE = SCHEMA_DIR / "cryptography-defs.schema.json"
+
+with DEFS_FILE.open("r", encoding="utf-8") as defs_file:
+    defs_data: Dict[str, List[Dict[str, Any]]] = json.load(defs_file)
+
+with SCHEMA_FILE.open("r", encoding="utf-8") as schema_file:
+    schema_data: Dict[str, Any] = json.load(schema_file)
+
+# Step 2: Extract unique algorithm families and sort them
+families: List[str] = sorted({algo['family'] for algo in defs_data.get('algorithms', [])})
+
+# Step 3: Update the schema with the extracted families
+try:
+    schema_properties = schema_data['properties']
+except KeyError as e:
+    raise KeyError(f"Required schema property 'properties' missing: {e}")
+
+schema_data['$comment'] = datetime.now().isoformat()
+
+schema_data['definitions']['algorithmFamiliesEnum'] = {
+    "type": "string",
+    "title": "Algorithm Families",
+    "description": "An enum for the algorithm families.",
+    "enum": families,
+}
+
+# Step 4: Write the updated schema back to the file
+with SCHEMA_FILE.open("w", encoding="utf-8") as update_file:
+    json.dump(schema_data, update_file, indent=2, ensure_ascii=False)
+
+print("Schema updated successfully.")
@@ -47,6 +47,7 @@ class JsonSchemaVerificationTest extends BaseSchemaVerificationTest {
 
     private static final String JSF_NAMESPACE = "http://cyclonedx.org/schema/jsf-0.82.schema.json";
     private static final String SPDX_NAMESPACE = "http://cyclonedx.org/schema/spdx.schema.json";
+    private static final String CRYPTO_DEF_NAMESPACE = "http://cyclonedx.org/schema/cryptography-defs.schema.json";
 
     private static final JsonSchema VERSION_12;
     private static final JsonSchema VERSION_13;
@@ -69,8 +70,9 @@ public JsonMetaSchema getMetaSchema(
                 .metaSchemaFactory(metaSchemaFactory)
                 .schemaLoaders(b -> b.add(new ClasspathSchemaLoader()).add(DisallowSchemaLoader.getInstance()))
                 .schemaMappers(b -> b.mapPrefix(SPDX_NAMESPACE, "classpath:spdx.schema.json")
-                        .mapPrefix(JSF_NAMESPACE, "classpath:jsf-0.82.schema.json"))
-                .build();
+                        .mapPrefix(JSF_NAMESPACE, "classpath:jsf-0.82.schema.json")
+                        .mapPrefix(CRYPTO_DEF_NAMESPACE, "classpath:cryptography-defs.schema.json")
+                ).build();
         VERSION_12 = factory.getSchema(SchemaLocation.of("classpath:bom-1.2-strict.schema.json"));
         VERSION_13 = factory.getSchema(SchemaLocation.of("classpath:bom-1.3-strict.schema.json"));
         VERSION_14 = factory.getSchema(SchemaLocation.of("classpath:bom-1.4.schema.json"));

@@ -44,9 +44,10 @@ console.debug('DEBUG | testdataDir = ', testdataDir);
 
 // region validator
 
-const [spdxSchema, jsfSchema, bomSchema] = await Promise.all([
+const [spdxSchema, jsfSchema, cryptoDefsSchema, bomSchema] = await Promise.all([
     readFile(join(schemaDir, 'spdx.schema.json'), 'utf-8').then(JSON.parse),
     readFile(join(schemaDir, 'jsf-0.82.schema.json'), 'utf-8').then(JSON.parse),
+    readFile(join(schemaDir, 'cryptography-defs.schema.json'), 'utf-8').then(JSON.parse),
     readFile(schemaFile, 'utf-8').then(JSON.parse)
 ])
 
@@ -57,7 +58,8 @@ const ajv = new Ajv({
     addUsedSchema: false,
     schemas: {
         'http://cyclonedx.org/schema/spdx.schema.json': spdxSchema,
-        'http://cyclonedx.org/schema/jsf-0.82.schema.json': jsfSchema
+        'http://cyclonedx.org/schema/jsf-0.82.schema.json': jsfSchema,
+        'http://cyclonedx.org/schema/cryptography-defs.schema.json': cryptoDefsSchema,
     }
 });
 addFormats(ajv)
@@ -113,4 +115,4 @@ for (const file of globSync(join(testdataDir, 'invalid-*.json'))) {
 
 // Exit statuses should be in the range 0 to 254.
 // The status 0 is used to terminate the program successfully.
-process.exitCode = Math.min(errCnt, 254)
+process.exitCode = Math.min(errCnt, 254)
@@ -17,9 +17,10 @@ const schemaDir = join(dirname(fileURLToPath(import.meta.url)), '..', '..', '..'
 
 // endregion config
 
-const [spdxSchema, jsfSchema, bomSchemas] = await Promise.all([
+const [spdxSchema, jsfSchema, cryptoDefsSchema, bomSchemas] = await Promise.all([
     readFile(join(schemaDir, 'spdx.schema.json'), 'utf-8').then(JSON.parse),
     readFile(join(schemaDir, 'jsf-0.82.schema.json'), 'utf-8').then(JSON.parse),
+    readFile(join(schemaDir, 'cryptography-defs.schema.json'), 'utf-8').then(JSON.parse),
     glob(join(schemaDir, bomSchemasGlob)).then(l => l.sort())
 ])
 assert.notStrictEqual(bomSchemas.length, 0)
@@ -53,7 +54,8 @@ function getAjv(strict) {
         keywords: ["meta:enum"],
         schemas: {
             'http://cyclonedx.org/schema/spdx.schema.json': spdxSchema,
-            'http://cyclonedx.org/schema/jsf-0.82.schema.json': jsfSchema
+            'http://cyclonedx.org/schema/jsf-0.82.schema.json': jsfSchema,
+            'http://cyclonedx.org/schema/cryptography-defs.schema.json': cryptoDefsSchema,
         }
     });
     addFormats(ajv)
@@ -112,4 +114,4 @@ for (const bomSchemaFile of bomSchemas) {
 
 // Exit statuses should be in the range 0 to 254.
 // The status 0 is used to terminate the program successfully.
-process.exitCode = Math.min(errCnt, 254)
+process.exitCode = Math.min(errCnt, 254)
@@ -65,7 +65,16 @@
                 "0xC0"
               ]
             }
-          ]
+          ],
+          "ikev2TransformTypes": {
+            "encr": ["bom-ref-to-encr"],
+            "prf": ["bom-ref-to-prf"],
+            "integ": ["bom-ref-to-integ"],
+            "ke": ["bom-ref-to-ke"],
+            "esn": true,
+            "auth": ["bom-ref-to-auth"]
+          },
+          "cryptoRefArray": ["asset-4"]
         },
         "oid": "oid:1.2.3.4.5.6.7.8.9"
       }

@@ -17,7 +17,7 @@ components: [
         curve: "brainpoolP160r1"
         executionEnvironment: CRYPTO_EXECUTION_ENVIRONMENT_SOFTWARE_PLAIN_RAM
         implementationPlatform: CRYPTO_IMPLEMENTATION_PLATFORM_X86_64
-        certificationLevel: [ "fips140-1-l4" ]
+        certificationLevel: ["fips140-1-l4"]
         mode: CRYPTO_ALGORITHM_MODE_GCM
         padding: CRYPTO_ALGORITHM_PADDING_PKCS5
         cryptoFunctions: [
@@ -54,7 +54,7 @@ components: [
         certificateFormat: "X.509"
         certificateExtension: "crt"
       }
-    oid: "oid:1.2.3.4.5.6.7.8.9"
+      oid: "oid:1.2.3.4.5.6.7.8.9"
     }
   },
   {
@@ -77,6 +77,15 @@ components: [
             ]
           }
         ]
+        ikev2TransformTypes: {
+          encr: "bom-ref-to-encr"
+          prf: "bom-ref-to-prf"
+          integ: "bom-ref-to-integ"
+          ke: "bom-ref-to-ke"
+          esn: true
+          auth: "bom-ref-to-auth"
+        }
+        cryptoRef: "asset-4"
       }
       oid: "oid:1.2.3.4.5.6.7.8.9"
     }

@@ -40,6 +40,30 @@
                     <certificateFormat>X.509</certificateFormat>
                     <certificateExtension>crt</certificateExtension>
                 </certificateProperties>
+                <protocolProperties>
+                    <type>tls</type>
+                    <version>1.3</version>
+                    <cipherSuites>
+                        <cipherSuite>
+                            <name>TLS_DHE_RSA_WITH_AES_128_CCM</name>
+                            <algorithms>
+                                <algorithm>bom-ref-to-algorithm</algorithm>
+                            </algorithms>
+                            <identifiers>
+                                <identifier>0xC0</identifier>
+                            </identifiers>
+                        </cipherSuite>
+                    </cipherSuites>
+                    <ikev2TransformTypes>
+                        <encr>bom-ref-to-encr</encr>
+                        <prf>bom-ref-to-prf</prf>
+                        <integ>bom-ref-to-integ</integ>
+                        <ke>bom-ref-to-ke</ke>
+                        <esn>true</esn>
+                        <auth>bom-ref-to-auth</auth>
+                    </ikev2TransformTypes>
+                    <cryptoRef>asset-4</cryptoRef>
+                </protocolProperties>
                 <oid>oid:1.2.3.4.5.6.7.8.9</oid>
             </cryptoProperties>
         </component>

@@ -0,0 +1,172 @@
+{
+  "$schema": "http://cyclonedx.org/schema/bom-1.7.schema.json",
+  "bomFormat": "CycloneDX",
+  "specVersion": "1.7",
+  "serialNumber": "urn:uuid:e8c355aa-2142-4084-a8c7-6d42c8610ba2",
+  "version": 1,
+  "metadata": {
+    "timestamp": "2024-01-09T12:00:00Z",
+    "component": {
+      "type": "application",
+      "name": "my application",
+      "version": "1.0"
+    }
+  },
+  "components": [
+    {
+      "name": "google.com",
+      "type": "cryptographic-asset",
+      "bom-ref": "c9c7ac91-2115-45e8-ae13-7d0e1dec74be",
+      "cryptoProperties": {
+        "assetType": "certificate",
+        "certificateProperties": {
+          "serialNumber": "1234567890ABCDEF",
+          "subjectName": "CN = www.google.com",
+          "issuerName": "C = US, O = Google Trust Services LLC, CN = GTS CA 1C3",
+          "notValidBefore": "2016-11-21T08:00:00Z",
+          "notValidAfter": "2017-11-22T07:59:59Z",
+          "certificateFormat": "X.509",
+          "certificateFileExtension": "crt",
+          "fingerprint": {
+            "alg": "SHA-256",
+            "content": "1e15e0fbd3ce95bde5945633ae96add551341b11e5bae7bba12e98ad84a5beb4"
+          },
+          "certificateState": [
+            {
+              "state": "active",
+              "reason": "Certificate is currently valid and in use"
+            }
+          ],
+          "creationDate": "2016-11-21T07:30:00Z",
+          "activationDate": "2016-11-21T08:00:00Z",
+          "relatedCryptographicAssets": [
+            {
+              "type": "algorithm",
+              "ref": "6b00f384-6c39-420f-91eb-94de0f7be569RR"
+            },
+            {
+              "type": "publicKey",
+              "ref": "ceb37320-8239-40e8-ab77-8798dbd98773"
+            }
+          ]
+        },
+        "oid": "2.5.4.3"
+      }
+    },
+    {
+      "name": "SHA512withRSA",
+      "type": "cryptographic-asset",
+      "bom-ref": "6b00f384-6c39-420f-91eb-94de0f7be569",
+      "cryptoProperties": {
+        "assetType": "algorithm",
+        "algorithmProperties": {
+          "primitive": "signature",
+          "executionEnvironment": "software-plain-ram",
+          "implementationPlatform": "x86_64",
+          "certificationLevel": [
+            "none"
+          ],
+          "padding": "pkcs1v15",
+          "cryptoFunctions": [
+            "sign",
+            "verify"
+          ]
+        },
+        "oid": "1.2.840.113549.1.1.13"
+      }
+    },
+    {
+      "name": "RSA-2048",
+      "type": "cryptographic-asset",
+      "bom-ref": "ceb37320-8239-40e8-ab77-8798dbd98773",
+      "cryptoProperties": {
+        "assetType": "related-crypto-material",
+        "relatedCryptoMaterialProperties": {
+          "type": "public-key",
+          "id": "2e9ef09e-dfac-4526-96b4-d02f31af1b22",
+          "state": "active",
+          "size": 2048,
+          "format": "PEM",
+          "value": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA...\n-----END PUBLIC KEY-----",
+          "creationDate": "2016-11-21T08:00:00Z",
+          "activationDate": "2016-11-21T08:20:00Z",
+          "updateDate": "2016-11-21T08:00:00Z",
+          "expirationDate": "2017-11-22T07:59:59Z",
+          "securedBy": {
+            "mechanism": "None"
+          },
+          "fingerprint": {
+            "alg": "SHA-256",
+            "content": "a1b2c3d4e5f6789012345678901234567890abcdef1234567890abcdef123456"
+          },
+          "relatedCryptographicAssets": [
+            {
+              "type": "algorithm",
+              "ref": "a154af0a-0dca-4ed5-b611-2405a3a6ae47"
+            }
+          ]
+        },
+        "oid": "1.2.840.113549.1.1.1"
+      }
+    },
+    {
+      "name": "RSA-2048",
+      "type": "cryptographic-asset",
+      "bom-ref": "a154af0a-0dca-4ed5-b611-2405a3a6ae47",
+      "cryptoProperties": {
+        "assetType": "algorithm",
+        "algorithmProperties": {
+          "primitive": "pke",
+          "algorithmFamily": "RSAES-OAEP",
+          "parameterSetIdentifier": "2048",
+          "executionEnvironment": "software-plain-ram",
+          "implementationPlatform": "x86_64",
+          "certificationLevel": [
+            "none"
+          ],
+          "padding": "oaep",
+          "cryptoFunctions": [
+            "encrypt",
+            "decrypt"
+          ]
+        },
+        "oid": "1.2.840.113549.1.1.1"
+      }
+    },
+    {
+      "name": "TLS 1.3 Protocol",
+      "type": "cryptographic-asset",
+      "bom-ref": "a3553dc1-f376-43d1-89dc-87bb71981c0c",
+      "cryptoProperties": {
+        "assetType": "protocol",
+        "protocolProperties": {
+          "type": "tls",
+          "version": "1.3",
+          "cipherSuites": [
+            {
+              "name": "TLS_AES_256_GCM_SHA384",
+              "algorithms": [
+                "1977d71b-8981-4292-b40d-842a019c2229",
+                "422fa336-b401-42b7-89b8-8966aa30bca0"
+              ],
+              "identifiers": [
+                "0x13,0x02"
+              ]
+            },
+            {
+              "name": "TLS_CHACHA20_POLY1305_SHA256",
+              "algorithms": [
+                "1af4fc08-5d0d-436e-8058-eeef921983d0",
+                "6af3066b-ab66-4593-975f-d9ba2c623a89"
+              ],
+              "identifiers": [
+                "0x13,0x03"
+              ]
+            }
+          ]
+        },
+        "oid": "1.3.6.1.5.5.7.3.1"
+      }
+    }
+  ]
+}