|
2208 | 2208 | "type": "string", |
2209 | 2209 | "title": "Additional Context", |
2210 | 2210 | "description": "Any additional context of the detected component (e.g. a code snippet)." |
| 2211 | + }, |
| 2212 | + "accountInfo": { |
| 2213 | + "type": "string", |
| 2214 | + "title": "Account Information", |
| 2215 | + "description": "The account or user information associated with the occurrence." |
| 2216 | + }, |
| 2217 | + "systemOwner": { |
| 2218 | + "type": "string", |
| 2219 | + "title": "System Owner", |
| 2220 | + "description": "The owner of the system where the component was found." |
| 2221 | + }, |
| 2222 | + "startTime": { |
| 2223 | + "type": "string", |
| 2224 | + "format": "date-time", |
| 2225 | + "title": "Start Time", |
| 2226 | + "description": "The date and time when the process detecting the occurrence started." |
| 2227 | + }, |
| 2228 | + "endTime": { |
| 2229 | + "type": "string", |
| 2230 | + "format": "date-time", |
| 2231 | + "title": "End Time", |
| 2232 | + "description": "The date and time when the process detecting the occurrence ended." |
| 2233 | + }, |
| 2234 | + "usageCount": { |
| 2235 | + "type": "integer", |
| 2236 | + "minimum": 0, |
| 2237 | + "title": "Usage Count", |
| 2238 | + "description": "The number of times the component occurred in the detecting process." |
2211 | 2239 | } |
2212 | 2240 | } |
2213 | 2241 | } |
|
2695 | 2723 | } |
2696 | 2724 | }, |
2697 | 2725 | "implementationPlatform": { |
2698 | | - "type": "string", |
2699 | | - "title": "Implementation platform", |
2700 | | - "description": "The target platform for which the algorithm is implemented. The implementation can be 'generic', running on any platform or for a specific platform.", |
2701 | | - "enum": [ |
2702 | | - "generic", |
2703 | | - "x86_32", |
2704 | | - "x86_64", |
2705 | | - "armv7-a", |
2706 | | - "armv7-m", |
2707 | | - "armv8-a", |
2708 | | - "armv8-m", |
2709 | | - "armv9-a", |
2710 | | - "armv9-m", |
2711 | | - "s390x", |
2712 | | - "ppc64", |
2713 | | - "ppc64le", |
2714 | | - "other", |
2715 | | - "unknown" |
2716 | | - ] |
| 2726 | + "type": "array", |
| 2727 | + "title": "Implementation platforms", |
| 2728 | + "description": "The target platforms for which the algorithm is implemented. The implementation can be 'generic', running on any platform or for a specific platform.", |
| 2729 | + "items": { |
| 2730 | + "type": "string", |
| 2731 | + "title": "Platform", |
| 2732 | + "description": "The target platform for the implementation.", |
| 2733 | + "enum": [ |
| 2734 | + "generic", |
| 2735 | + "x86_32", |
| 2736 | + "x86_64", |
| 2737 | + "armv7-a", |
| 2738 | + "armv7-m", |
| 2739 | + "armv8-a", |
| 2740 | + "armv8-m", |
| 2741 | + "armv9-a", |
| 2742 | + "armv9-m", |
| 2743 | + "s390x", |
| 2744 | + "ppc64", |
| 2745 | + "ppc64le", |
| 2746 | + "riscv32", |
| 2747 | + "riscv64", |
| 2748 | + "other", |
| 2749 | + "unknown" |
| 2750 | + ], |
| 2751 | + "meta:enum": { |
| 2752 | + "generic": "Platform-independent implementation.", |
| 2753 | + "x86_32": "Intel/AMD 32-bit x86 architecture.", |
| 2754 | + "x86_64": "Intel/AMD 64-bit x86-64 architecture.", |
| 2755 | + "armv7-a": "ARM 32-bit application profile (Cortex-A).", |
| 2756 | + "armv7-m": "ARM 32-bit microcontroller profile (Cortex-M).", |
| 2757 | + "armv8-a": "ARM 64-bit application profile (AArch64).", |
| 2758 | + "armv8-m": "ARM 32-bit microcontroller with TrustZone.", |
| 2759 | + "armv9-a": "ARM 64-bit with enhanced security features.", |
| 2760 | + "armv9-m": "ARM microcontroller with advanced security.", |
| 2761 | + "s390x": "IBM Z series mainframe 64-bit.", |
| 2762 | + "ppc64": "IBM PowerPC 64-bit big-endian.", |
| 2763 | + "ppc64le": "IBM PowerPC 64-bit little-endian.", |
| 2764 | + "riscv32": "RISC-V 32-bit open standard architecture.", |
| 2765 | + "riscv64": "RISC-V 64-bit open standard architecture.", |
| 2766 | + "other": "Another platform.", |
| 2767 | + "unknown": "The platform is not known." |
| 2768 | + } |
| 2769 | + } |
2717 | 2770 | }, |
2718 | 2771 | "certificationLevel": { |
2719 | 2772 | "type": "array", |
|
2797 | 2850 | "cfb", |
2798 | 2851 | "ofb", |
2799 | 2852 | "ctr", |
| 2853 | + "siv", |
| 2854 | + "gcm-siv", |
| 2855 | + "ocb", |
| 2856 | + "eax", |
| 2857 | + "kw", |
| 2858 | + "kwp", |
| 2859 | + "cts", |
| 2860 | + "xts", |
2800 | 2861 | "other", |
2801 | 2862 | "unknown" |
2802 | 2863 | ], |
2803 | 2864 | "meta:enum": { |
2804 | | - "cbc": "Cipher block chaining", |
2805 | | - "ecb": "Electronic codebook", |
2806 | | - "ccm": "Counter with cipher block chaining message authentication code", |
2807 | | - "gcm": "Galois/counter", |
2808 | | - "cfb": "Cipher feedback", |
2809 | | - "ofb": "Output feedback", |
2810 | | - "ctr": "Counter", |
2811 | | - "other": "Another mode of operation", |
2812 | | - "unknown": "The mode of operation is not known" |
| 2865 | + "cbc": "Cipher Block Chaining mode.", |
| 2866 | + "ecb": "Electronic Codebook mode.", |
| 2867 | + "ccm": "Counter with CBC-MAC (AEAD).", |
| 2868 | + "gcm": "Galois/Counter Mode (AEAD).", |
| 2869 | + "cfb": "Cipher Feedback mode.", |
| 2870 | + "ofb": "Output Feedback mode.", |
| 2871 | + "ctr": "Counter mode.", |
| 2872 | + "siv": "Synthetic Initialization Vector mode.", |
| 2873 | + "gcm-siv": "GCM with Synthetic IV (nonce-misuse resistant).", |
| 2874 | + "ocb": "Offset Codebook Mode (AEAD).", |
| 2875 | + "eax": "Encrypt-then-Authenticate-then-Translate mode.", |
| 2876 | + "kw": "AES Key Wrap (RFC 3394).", |
| 2877 | + "kwp": "AES Key Wrap with Padding (RFC 5649).", |
| 2878 | + "cts": "Ciphertext Stealing mode.", |
| 2879 | + "xts": "XEX Tweaked-codebook with Stealing (disk encryption).", |
| 2880 | + "other": "Another mode of operation.", |
| 2881 | + "unknown": "The mode is not known." |
2813 | 2882 | } |
2814 | 2883 | }, |
2815 | 2884 | "padding": { |
|
2822 | 2891 | "pkcs1v15", |
2823 | 2892 | "oaep", |
2824 | 2893 | "raw", |
| 2894 | + "pss", |
2825 | 2895 | "other", |
2826 | 2896 | "unknown" |
2827 | 2897 | ], |
2828 | 2898 | "meta:enum": { |
2829 | | - "pkcs5": "Public Key Cryptography Standard: Password-Based Cryptography", |
2830 | | - "pkcs7": "Public Key Cryptography Standard: Cryptographic Message Syntax", |
2831 | | - "pkcs1v15": "Public Key Cryptography Standard: RSA Cryptography v1.5", |
2832 | | - "oaep": "Optimal asymmetric encryption padding", |
2833 | | - "raw": "Raw", |
2834 | | - "other": "Another padding scheme", |
2835 | | - "unknown": "The padding scheme is not known" |
| 2899 | + "pkcs5": "PKCS#5 padding for password-based cryptography.", |
| 2900 | + "pkcs7": "PKCS#7 padding with length-indicating bytes.", |
| 2901 | + "pkcs1v15": "PKCS#1 v1.5 padding for RSA.", |
| 2902 | + "oaep": "Optimal Asymmetric Encryption Padding for RSA.", |
| 2903 | + "raw": "No padding applied.", |
| 2904 | + "pss": "Probabilistic Signature Scheme for RSA signatures.", |
| 2905 | + "other": "Another padding scheme.", |
| 2906 | + "unknown": "The padding scheme is not known." |
2836 | 2907 | } |
2837 | 2908 | }, |
2838 | 2909 | "cryptoFunctions": { |
2839 | 2910 | "type": "array", |
2840 | 2911 | "title": "Cryptographic functions", |
2841 | 2912 | "description": "The cryptographic functions implemented by the cryptographic algorithm.", |
2842 | 2913 | "items": { |
2843 | | - "type": "string", |
2844 | | - "enum": [ |
2845 | | - "generate", |
2846 | | - "keygen", |
2847 | | - "encrypt", |
2848 | | - "decrypt", |
2849 | | - "digest", |
2850 | | - "tag", |
2851 | | - "keyderive", |
2852 | | - "sign", |
2853 | | - "verify", |
2854 | | - "encapsulate", |
2855 | | - "decapsulate", |
2856 | | - "other", |
2857 | | - "unknown" |
2858 | | - ] |
| 2914 | + "$ref": "#/$defs/cyclonedx-cryptography-2.0/$defs/cryptographicFunction" |
2859 | 2915 | } |
2860 | 2916 | }, |
2861 | 2917 | "classicalSecurityLevel": { |
|
2870 | 2926 | "description": "The NIST security strength category as defined in https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization/evaluation-criteria/security-(evaluation-criteria). A value of 0 indicates that none of the categories are met.", |
2871 | 2927 | "minimum": 0, |
2872 | 2928 | "maximum": 6 |
| 2929 | + }, |
| 2930 | + "secProperties": { |
| 2931 | + "type": "array", |
| 2932 | + "title": "Security Properties", |
| 2933 | + "description": "Formal guarantees about an algorithm's resistance to specific adversarial capabilities under a defined threat model. Example: Key Encapsulation Mechanisms (KEMs) may target IND-CPA or IND-CCA security; choosing IND-CCA impacts safe use in settings with active/chosen-ciphertext attacks.", |
| 2934 | + "items": { |
| 2935 | + "type": "string", |
| 2936 | + "title": "Security Property", |
| 2937 | + "examples": [ |
| 2938 | + "IND-CPA", |
| 2939 | + "IND-CCA", |
| 2940 | + "IND-CCA2", |
| 2941 | + "SUF-CMA", |
| 2942 | + "EUF-CMA", |
| 2943 | + "collision-resistant", |
| 2944 | + "preimage-resistant", |
| 2945 | + "second-preimage-resistant" |
| 2946 | + ] |
| 2947 | + } |
2873 | 2948 | } |
2874 | 2949 | } |
2875 | 2950 | }, |
|
3238 | 3313 | }, |
3239 | 3314 | "relatedCryptographicAssets": { |
3240 | 3315 | "$ref": "#/$defs/cyclonedx-cryptography-2.0/$defs/relatedCryptographicAssets" |
| 3316 | + }, |
| 3317 | + "keyUsage": { |
| 3318 | + "type": "array", |
| 3319 | + "title": "Key Usage", |
| 3320 | + "description": "Defines the permitted cryptographic usage for the asset.", |
| 3321 | + "items": { |
| 3322 | + "$ref": "#/$defs/cyclonedx-cryptography-2.0/$defs/cryptographicFunction", |
| 3323 | + "title": "Usage", |
| 3324 | + "description": "A permitted cryptographic usage." |
| 3325 | + } |
3241 | 3326 | } |
3242 | 3327 | } |
3243 | 3328 | }, |
|
3545 | 3630 | } |
3546 | 3631 | } |
3547 | 3632 | }, |
| 3633 | + "cryptographicFunction": { |
| 3634 | + "type": "string", |
| 3635 | + "title": "Cryptographic Function", |
| 3636 | + "description": "A cryptographic function or usage.", |
| 3637 | + "enum": [ |
| 3638 | + "generate", |
| 3639 | + "keygen", |
| 3640 | + "encrypt", |
| 3641 | + "decrypt", |
| 3642 | + "digest", |
| 3643 | + "tag", |
| 3644 | + "keyderive", |
| 3645 | + "sign", |
| 3646 | + "verify", |
| 3647 | + "encapsulate", |
| 3648 | + "decapsulate", |
| 3649 | + "keyagree", |
| 3650 | + "wrap", |
| 3651 | + "other", |
| 3652 | + "unknown" |
| 3653 | + ], |
| 3654 | + "meta:enum": { |
| 3655 | + "generate": "Generates random data, IVs, or nonces.", |
| 3656 | + "keygen": "Generates cryptographic keys.", |
| 3657 | + "encrypt": "Transforms plaintext into ciphertext.", |
| 3658 | + "decrypt": "Transforms ciphertext into plaintext.", |
| 3659 | + "digest": "Computes a hash value from input data.", |
| 3660 | + "tag": "Generates an authentication tag for data integrity.", |
| 3661 | + "keyderive": "Derives keys from another key or shared secret.", |
| 3662 | + "sign": "Creates a digital signature using a private key.", |
| 3663 | + "verify": "Verifies a digital signature using a public key.", |
| 3664 | + "encapsulate": "Encapsulates a secret using a public key (KEM).", |
| 3665 | + "decapsulate": "Decapsulates a secret using a private key (KEM).", |
| 3666 | + "keyagree": "Derives a shared secret between parties.", |
| 3667 | + "wrap": "Encrypts a key for secure storage or transport.", |
| 3668 | + "other": "Another cryptographic function.", |
| 3669 | + "unknown": "The cryptographic function is not known." |
| 3670 | + } |
| 3671 | + }, |
3548 | 3672 | "relatedCryptographicAssets": { |
3549 | 3673 | "type": "array", |
3550 | 3674 | "title": "Related Cryptographic Assets", |
|
3595 | 3719 | ] |
3596 | 3720 | }, |
3597 | 3721 | "algorithmRef": { |
3598 | | - "$ref": "#/$defs/cyclonedx-common-2.0/$defs/refType", |
3599 | | - "title": "Algorithm Reference", |
3600 | | - "description": "The bom-ref to the algorithm." |
| 3722 | + "type": "array", |
| 3723 | + "title": "References", |
| 3724 | + "description": "The bom-refs to the assets securing this asset (e.g., algorithms, hardware, keys).", |
| 3725 | + "items": { |
| 3726 | + "$ref": "#/$defs/cyclonedx-common-2.0/$defs/refType" |
| 3727 | + } |
3601 | 3728 | } |
3602 | 3729 | } |
3603 | 3730 | } |
|
0 commit comments