Skip to content

feat(registry): add AES-CTR-HMAC-SHA1-96 suite pattern (RFC 3686) #771

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
stevespringett merged 3 commits into from
Jan 22, 2026
Merged

feat(registry): add AES-CTR-HMAC-SHA1-96 suite pattern (RFC 3686) #771

stevespringett merged 3 commits into from
Jan 22, 2026

Conversation

@Mehrn0ush
Copy link
Contributor

@Mehrn0ush Mehrn0ush commented Jan 7, 2026

As discussed in ticket #770, this PR proposes adding an AES-CTR + HMAC-SHA1-96 (IPsec ESP suite-style) pattern to the Cryptography Registry.

Fixes #770

Details

  • Adds pattern AES[-(128|192|256)]-CTR-HMAC-SHA1[-96] under the existing AES family.
  • Adds RFC 3686 as the authoritative reference.
  • Registry-only change (schema/cryptography-defs.json). No schema or specification behavior changes.

@Mehrn0ush
feat(registry): add AES-CTR-HMAC-SHA1-96 suite pattern (RFC 3686) (Cy…
c2f046d 
…cloneDX#770)

Signed-off-by: Mehrn0ush <mehrnoush.vaseghi@gmail.com>
@Mehrn0ush Mehrn0ush requested a review from a team as a code owner January 7, 2026 17:40
@stevespringett
Copy link
Member

stevespringett commented Jan 8, 2026

@bhess

@stevespringett stevespringett added cap: cryptography Capability: Cryptography (CBOM) cap: cryptography-registry Capability: Cryptography Registry labels Jan 8, 2026
bhess
bhess approved these changes Jan 15, 2026
View reviewed changes
Copy link
Contributor

@bhess bhess left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jkowalleck jkowalleck requested a review from Copilot January 15, 2026 13:00
Copilot AI reviewed Jan 15, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds support for the AES-CTR-HMAC-SHA1-96 cipher suite pattern to the CycloneDX Cryptography Registry, addressing issue #770. This is an IPsec ESP-style authenticated encryption suite combining AES Counter mode with HMAC-SHA1 authentication using 96-bit tags.

Changes:

  • Added new AES variant pattern AES[-(128|192|256)]-CTR-HMAC-SHA1[-96] with primitive type ae (authenticated encryption)
  • Added RFC 3686 as the standard reference with appropriate DOI URL

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@stevespringett stevespringett merged commit dfa5e7e into CycloneDX:master Jan 22, 2026
6 of 8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@stevespringett stevespringett stevespringett approved these changes

+1 more reviewer

@bhess bhess bhess approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

cap: cryptography Capability: Cryptography (CBOM) cap: cryptography-registry Capability: Cryptography Registry

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[FEATURE]: Add AES-CTR + HMAC-SHA1-96 (IPsec ESP suite, RFC 3686) to Cryptography Registry

3 participants

@Mehrn0ush @stevespringett @bhess