- Creates "cryptographicFunction" definition, used by algorithm/cryptoFunctions and relatedCryptoMaterial/keyUsage

- Makes sure meta:enum descriptions are added for new definitions in the PR
- Adds riscv64/riscv32 to implementation platforms

Signed-off-by: Basil Hess <bhe@zurich.ibm.com>

Author: bhess

schema/2.0/model/cyclonedx-cryptography-2.0.schema.json

@@ -140,9 +140,29 @@
                   "s390x",
                   "ppc64",
                   "ppc64le",
+                  "riscv32",
+                  "riscv64",
                   "other",
                   "unknown"
-                ]
+                ],
+                "meta:enum": {
+                  "generic": "Platform-independent implementation.",
+                  "x86_32": "Intel/AMD 32-bit x86 architecture.",
+                  "x86_64": "Intel/AMD 64-bit x86-64 architecture.",
+                  "armv7-a": "ARM 32-bit application profile (Cortex-A).",
+                  "armv7-m": "ARM 32-bit microcontroller profile (Cortex-M).",
+                  "armv8-a": "ARM 64-bit application profile (AArch64).",
+                  "armv8-m": "ARM 32-bit microcontroller with TrustZone.",
+                  "armv9-a": "ARM 64-bit with enhanced security features.",
+                  "armv9-m": "ARM microcontroller with advanced security.",
+                  "s390x": "IBM Z series mainframe 64-bit.",
+                  "ppc64": "IBM PowerPC 64-bit big-endian.",
+                  "ppc64le": "IBM PowerPC 64-bit little-endian.",
+                  "riscv32": "RISC-V 32-bit open standard architecture.",
+                  "riscv64": "RISC-V 64-bit open standard architecture.",
+                  "other": "Another platform.",
+                  "unknown": "The platform is not known."
+                }
               }
             },
             "certificationLevel": {
@@ -239,15 +259,23 @@
                 "unknown"
               ],
               "meta:enum": {
-                "cbc": "Cipher block chaining",
-                "ecb": "Electronic codebook",
-                "ccm": "Counter with cipher block chaining message authentication code",
-                "gcm": "Galois/counter",
-                "cfb": "Cipher feedback",
-                "ofb": "Output feedback",
-                "ctr": "Counter",
-                "other": "Another mode of operation",
-                "unknown": "The mode of operation is not known"
+                "cbc": "Cipher Block Chaining mode.",
+                "ecb": "Electronic Codebook mode.",
+                "ccm": "Counter with CBC-MAC (AEAD).",
+                "gcm": "Galois/Counter Mode (AEAD).",
+                "cfb": "Cipher Feedback mode.",
+                "ofb": "Output Feedback mode.",
+                "ctr": "Counter mode.",
+                "siv": "Synthetic Initialization Vector mode.",
+                "gcm-siv": "GCM with Synthetic IV (nonce-misuse resistant).",
+                "ocb": "Offset Codebook Mode (AEAD).",
+                "eax": "Encrypt-then-Authenticate-then-Translate mode.",
+                "kw": "AES Key Wrap (RFC 3394).",
+                "kwp": "AES Key Wrap with Padding (RFC 5649).",
+                "cts": "Ciphertext Stealing mode.",
+                "xts": "XEX Tweaked-codebook with Stealing (disk encryption).",
+                "other": "Another mode of operation.",
+                "unknown": "The mode is not known."
               }
             },
             "padding": {
@@ -265,37 +293,22 @@
                 "unknown"
               ],
               "meta:enum": {
-                "pkcs5": "Public Key Cryptography Standard: Password-Based Cryptography",
-                "pkcs7": "Public Key Cryptography Standard: Cryptographic Message Syntax",
-                "pkcs1v15": "Public Key Cryptography Standard: RSA Cryptography v1.5",
-                "oaep": "Optimal asymmetric encryption padding",
-                "raw": "Raw",
-                "other": "Another padding scheme",
-                "unknown": "The padding scheme is not known"
+                "pkcs5": "PKCS#5 padding for password-based cryptography.",
+                "pkcs7": "PKCS#7 padding with length-indicating bytes.",
+                "pkcs1v15": "PKCS#1 v1.5 padding for RSA.",
+                "oaep": "Optimal Asymmetric Encryption Padding for RSA.",
+                "raw": "No padding applied.",
+                "pss": "Probabilistic Signature Scheme for RSA signatures.",
+                "other": "Another padding scheme.",
+                "unknown": "The padding scheme is not known."
               }
             },
             "cryptoFunctions": {
               "type": "array",
               "title": "Cryptographic functions",
               "description": "The cryptographic functions implemented by the cryptographic algorithm.",
               "items": {
-                "type": "string",
-                "enum": [
-                  "generate",
-                  "keygen",
-                  "encrypt",
-                  "decrypt",
-                  "digest",
-                  "tag",
-                  "keyderive",
-                  "sign",
-                  "verify",
-                  "encapsulate",
-                  "decapsulate",
-                  "keyagree",
-                  "other",
-                  "unknown"
-                ]
+                "$ref": "#/$defs/cryptographicFunction"
               }
             },
             "classicalSecurityLevel": {
@@ -703,22 +716,9 @@
               "title": "Key Usage",
               "description": "Defines the permitted cryptographic usage for the asset.",
               "items": {
-                "type": "string",
+                "$ref": "#/$defs/cryptographicFunction",
                 "title": "Usage",
-                "description": "A permitted cryptographic usage.",
-                "examples": [
-                  "CIPHER",
-                  "DECIPHER",
-                  "DERIVE",
-                  "GENERATE",
-                  "SIGN",
-                  "VERIFY",
-                  "WRAP",
-                  "UNWRAP",
-                  "ENCRYPT",
-                  "DECRYPT",
-                  "MAC"
-                ]
+                "description": "A permitted cryptographic usage."
               }
             }
           }
@@ -1027,6 +1027,45 @@
         }
       }
     },
+    "cryptographicFunction": {
+      "type": "string",
+      "title": "Cryptographic Function",
+      "description": "A cryptographic function or usage.",
+      "enum": [
+        "generate",
+        "keygen",
+        "encrypt",
+        "decrypt",
+        "digest",
+        "tag",
+        "keyderive",
+        "sign",
+        "verify",
+        "encapsulate",
+        "decapsulate",
+        "keyagree",
+        "wrap",
+        "other",
+        "unknown"
+      ],
+      "meta:enum": {
+        "generate": "Generates random data, IVs, or nonces.",
+        "keygen": "Generates cryptographic keys.",
+        "encrypt": "Transforms plaintext into ciphertext.",
+        "decrypt": "Transforms ciphertext into plaintext.",
+        "digest": "Computes a hash value from input data.",
+        "tag": "Generates an authentication tag for data integrity.",
+        "keyderive": "Derives keys from another key or shared secret.",
+        "sign": "Creates a digital signature using a private key.",
+        "verify": "Verifies a digital signature using a public key.",
+        "encapsulate": "Encapsulates a secret using a public key (KEM).",
+        "decapsulate": "Decapsulates a secret using a private key (KEM).",
+        "keyagree": "Derives a shared secret between parties.",
+        "wrap": "Encrypts a key for secure storage or transport.",
+        "other": "Another cryptographic function.",
+        "unknown": "The cryptographic function is not known."
+      }
+    },
     "relatedCryptographicAssets": {
       "type": "array",
       "title": "Related Cryptographic Assets",