diff --git a/.github/workflows/binary-builds.yml b/.github/workflows/binary-builds.yml index 48a604d90..9e9c4597c 100644 --- a/.github/workflows/binary-builds.yml +++ b/.github/workflows/binary-builds.yml @@ -76,14 +76,14 @@ jobs: arch: arm64 runner: windows-11-arm # Set musl configurations - - image: debian:11 + - image: php:8.4-bullseye libc-suffix: '' node-download-url: https://nodejs.org/dist/ prepare: | apt update apt install -y curl - libc: musl - image: alpine:3.16 + image: php:8.4-alpine3.21 libc-suffix: -musl node-download-url: https://raw.githubusercontent.com/appthreat/nodejs-unofficial-builds/main/dists/ prepare: | @@ -95,7 +95,7 @@ jobs: pnpm install:prod --config.node-linker=hoisted # Generate sbom - node bin/cdxgen.js -t jar -t js -o sbom-postbuild.cdx.json --include-formulation + node bin/cdxgen.js -t jar -t js -t php -t ruby -o sbom-postbuild.cdx.json --include-formulation # Produce cdxgen binary pnpm --package=@appthreat/caxa dlx caxa --input . --output cdxgen -- "{{caxa}}/node_modules/.bin/node" "{{caxa}}/bin/cdxgen.js" @@ -129,7 +129,7 @@ jobs: pnpm install:prod --config.node-linker=hoisted # Generate sbom - node bin/cdxgen.js -t jar -t js -o sbom-postbuild.cdx.json --include-formulation + node bin/cdxgen.js -t jar -t js -t php -t ruby -o sbom-postbuild.cdx.json --include-formulation # Produce cdxgen binary pnpm --package=@appthreat/caxa dlx caxa --input . --output cdxgen.exe -- "{{caxa}}/node_modules/.bin/node" "{{caxa}}/bin/cdxgen.js" @@ -168,6 +168,9 @@ jobs: uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0 with: node-version: ${{ matrix.node }} + - name: Install composer + uses: shivammathur/setup-php@ec406be512d7077f68eed36e63f4d91bc006edc4 # 2.35.4 + if: ${{ matrix.os == 'darwin' }} - name: Get user info id: user_info if: ${{ matrix.os == 'linux' }} @@ -199,6 +202,9 @@ jobs: # Install pnpm npm install --global pnpm + # Install composer + curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer + # Build ${{ matrix.cmd }} diff --git a/data/bom-1.7.schema.json b/data/bom-1.7.schema.json index 8f325cb71..8158f5a5a 100644 --- a/data/bom-1.7.schema.json +++ b/data/bom-1.7.schema.json @@ -3,8 +3,11 @@ "$id": "http://cyclonedx.org/schema/bom-1.7.schema.json", "type": "object", "title": "CycloneDX Bill of Materials Standard", - "$comment": "CycloneDX JSON schema is published under the terms of the Apache License 2.0.", - "required": ["bomFormat", "specVersion"], + "$comment" : "CycloneDX JSON schema is published under the terms of the Apache License 2.0.", + "required": [ + "bomFormat", + "specVersion" + ], "additionalProperties": false, "properties": { "$schema": { @@ -14,7 +17,9 @@ "type": "string", "title": "BOM Format", "description": "Specifies the format of the BOM. This helps to identify the file as CycloneDX since BOMs do not have a filename convention, nor does JSON schema support namespaces. This value must be \"CycloneDX\".", - "enum": ["CycloneDX"] + "enum": [ + "CycloneDX" + ] }, "specVersion": { "type": "string", @@ -44,58 +49,58 @@ }, "components": { "type": "array", - "items": { "$ref": "#/definitions/component" }, + "items": {"$ref": "#/definitions/component"}, "uniqueItems": true, "title": "Components", "description": "A list of software and hardware components." }, "services": { "type": "array", - "items": { "$ref": "#/definitions/service" }, + "items": {"$ref": "#/definitions/service"}, "uniqueItems": true, "title": "Services", "description": "A list of services. This may include microservices, function-as-a-service, and other types of network or intra-process services." }, "externalReferences": { "type": "array", - "items": { "$ref": "#/definitions/externalReference" }, + "items": {"$ref": "#/definitions/externalReference"}, "title": "External References", "description": "External references provide a way to document systems, sites, and information that may be relevant but are not included with the BOM. They may also establish specific relationships within or external to the BOM." }, "dependencies": { "type": "array", - "items": { "$ref": "#/definitions/dependency" }, + "items": {"$ref": "#/definitions/dependency"}, "uniqueItems": true, "title": "Dependencies", "description": "Provides the ability to document dependency relationships including provided & implemented components." }, "compositions": { "type": "array", - "items": { "$ref": "#/definitions/compositions" }, + "items": {"$ref": "#/definitions/compositions"}, "uniqueItems": true, "title": "Compositions", "description": "Compositions describe constituent parts (including components, services, and dependency relationships) and their completeness. The completeness of vulnerabilities expressed in a BOM may also be described." }, "vulnerabilities": { "type": "array", - "items": { "$ref": "#/definitions/vulnerability" }, + "items": {"$ref": "#/definitions/vulnerability"}, "uniqueItems": true, "title": "Vulnerabilities", "description": "Vulnerabilities identified in components or services." }, "annotations": { "type": "array", - "items": { "$ref": "#/definitions/annotations" }, + "items": {"$ref": "#/definitions/annotations"}, "uniqueItems": true, "title": "Annotations", "description": "Comments made by people, organizations, or tools about any object with a bom-ref, such as components, services, vulnerabilities, or the BOM itself. Unlike inventory information, annotations may contain opinions or commentary from various stakeholders. Annotations may be inline (with inventory) or externalized via BOM-Link and may optionally be signed." }, "formulation": { "type": "array", - "items": { "$ref": "#/definitions/formula" }, + "items": {"$ref": "#/definitions/formula"}, "uniqueItems": true, "title": "Formulation", - "description": "Describes how a component or service was manufactured or deployed. This is achieved through the use of formulas, workflows, tasks, and steps, which declare the precise steps to reproduce along with the observed formulas describing the steps which transpired in the manufacturing process." + "description": "Describes the formulation of any referencable object within the BOM, including components, services, metadata, declarations, or the BOM itself. This may encompass how the object was created, assembled, deployed, tested, certified, or otherwise brought into its present form. Common examples include software build pipelines, deployment processes, AI/ML model training, cryptographic key generation or certification, and third-party audits. Processes are modeled using declared and observed formulas, composed of workflows, tasks, and individual steps." }, "declarations": { "type": "object", @@ -116,7 +121,7 @@ "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref must be unique within the BOM." + "description": "An identifier which can be used to reference the object elsewhere in the BOM. Every `bom-ref` must be unique within the BOM." }, "thirdParty": { "type": "boolean", @@ -140,7 +145,7 @@ "title": "Attestation", "additionalProperties": false, "properties": { - "summary": { + "summary": { "type": "string", "title": "Summary", "description": "The short description explaining the main points of the attestation." @@ -245,7 +250,7 @@ "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref must be unique within the BOM." + "description": "An identifier which can be used to reference the object elsewhere in the BOM. Every `bom-ref` must be unique within the BOM." }, "target": { "$ref": "#/definitions/refLinkType", @@ -282,7 +287,7 @@ }, "externalReferences": { "type": "array", - "items": { "$ref": "#/definitions/externalReference" }, + "items": {"$ref": "#/definitions/externalReference"}, "title": "External References", "description": "External references provide a way to document systems, sites, and information that may be relevant but are not included with the BOM. They may also establish specific relationships within or external to the BOM." }, @@ -306,7 +311,7 @@ "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref must be unique within the BOM." + "description": "An identifier which can be used to reference the object elsewhere in the BOM. Every `bom-ref` must be unique within the BOM." }, "propertyName": { "type": "string", @@ -340,7 +345,7 @@ "properties": { "attachment": { "title": "Data Attachment", - "description": "An optional way to include textual or encoded data.", + "description": "A way to include textual or encoded data.", "$ref": "#/definitions/attachment" }, "url": { @@ -379,7 +384,7 @@ "type": "string", "format": "date-time", "title": "Expires", - "description": "The optional date and time (timestamp) when the evidence is no longer valid." + "description": "The date and time (timestamp) when the evidence is no longer valid." }, "author": { "$ref": "#/definitions/organizationalContact", @@ -409,19 +414,19 @@ "type": "array", "title": "Organizations", "description": "The list of organizations which claims are made against.", - "items": { "$ref": "#/definitions/organizationalEntity" } + "items": {"$ref": "#/definitions/organizationalEntity"} }, "components": { "type": "array", "title": "Components", "description": "The list of components which claims are made against.", - "items": { "$ref": "#/definitions/component" } + "items": {"$ref": "#/definitions/component"} }, "services": { "type": "array", "title": "Services", "description": "The list of services which claims are made against.", - "items": { "$ref": "#/definitions/service" } + "items": {"$ref": "#/definitions/service"} } } }, @@ -435,9 +440,7 @@ "type": "string", "title": "Statement", "description": "The brief statement affirmed by an individual regarding all declarations.\n*- Notes This could be an affirmation of acceptance by a third-party auditor or receiving individual of a file.", - "examples": [ - "I certify, to the best of my knowledge, that all information is correct." - ] + "examples": [ "I certify, to the best of my knowledge, that all information is correct." ] }, "signatories": { "type": "array", @@ -524,6 +527,13 @@ } } }, + "citations": { + "type": "array", + "items": {"$ref": "#/definitions/citation"}, + "uniqueItems": true, + "title": "Citations", + "description": "A collection of attributions indicating which entity supplied information for specific fields within the BOM." + }, "properties": { "type": "array", "title": "Properties", @@ -660,14 +670,14 @@ "properties": { "components": { "type": "array", - "items": { "$ref": "#/definitions/component" }, + "items": {"$ref": "#/definitions/component"}, "uniqueItems": true, "title": "Components", "description": "A list of software and hardware components used as tools." }, "services": { "type": "array", - "items": { "$ref": "#/definitions/service" }, + "items": {"$ref": "#/definitions/service"}, "uniqueItems": true, "title": "Services", "description": "A list of services used as tools. This may include microservices, function-as-a-service, and other types of network or intra-process services." @@ -677,8 +687,8 @@ { "type": "array", "title": "Tools (legacy)", - "description": "[Deprecated] The tool(s) used in the creation, enrichment, and validation of the BOM.", - "items": { "$ref": "#/definitions/tool" } + "description": "[Deprecated]\nThe tool(s) used in the creation, enrichment, and validation of the BOM.", + "items": {"$ref": "#/definitions/tool"} } ] }, @@ -691,7 +701,7 @@ "type": "array", "title": "BOM Authors", "description": "The person(s) who created the BOM.\nAuthors are common in BOMs created through manual processes. BOMs created through automated means may have `@.manufacturer` instead.", - "items": { "$ref": "#/definitions/organizationalContact" } + "items": {"$ref": "#/definitions/organizationalContact"} }, "component": { "title": "Component", @@ -718,21 +728,34 @@ "type": "array", "title": "Properties", "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", - "items": { "$ref": "#/definitions/property" } + "items": {"$ref": "#/definitions/property"} }, - "distribution": { - "title": "Distribution", - "description": "The Traffic Light Protocol (TLP) classification that controls the sharing and distribution of the data that the BOM describes.", - "$ref": "#/definitions/tlpClassification" + "distributionConstraints": { + "title": "Distribution Constraints", + "description": "Conditions and constraints governing the sharing and distribution of the data or components described by this BOM.", + "type": "object", + "properties": { + "tlp": { + "$ref": "#/definitions/tlpClassification", + "description": "The Traffic Light Protocol (TLP) classification that controls the sharing and distribution of the data that the BOM describes." + } + }, + "additionalProperties": false } } }, "tlpClassification": { "title": "Traffic Light Protocol (TLP) Classification", "description": "Traffic Light Protocol (TLP) is a classification system for identifying the potential risk associated with artefact, including whether it is subject to certain types of legal, financial, or technical threats. Refer to [https://www.first.org/tlp/](https://www.first.org/tlp/) for further information.\nThe default classification is \"CLEAR\"", - "type": "string", + "type" : "string", "default": "CLEAR", - "enum": ["CLEAR", "GREEN", "AMBER", "AMBER_AND_STRICT", "RED"], + "enum": [ + "CLEAR", + "GREEN", + "AMBER", + "AMBER_AND_STRICT", + "RED" + ], "meta:enum": { "CLEAR": "The information is not subject to any restrictions as regards the sharing.", "GREEN": "The information is subject to limited disclosure, and recipients can share it within their community but not via publicly accessible channels.", @@ -744,7 +767,7 @@ "tool": { "type": "object", "title": "Tool", - "description": "[Deprecated] This will be removed in a future version. Use component or service instead. Information about the automated or manual tool used", + "description": "[Deprecated] This will be removed in a future version. Use component or service instead.\nInformation about the automated or manual tool used", "additionalProperties": false, "properties": { "vendor": { @@ -764,13 +787,13 @@ }, "hashes": { "type": "array", - "items": { "$ref": "#/definitions/hash" }, + "items": {"$ref": "#/definitions/hash"}, "title": "Hashes", "description": "The hashes of the tool (if applicable)." }, "externalReferences": { "type": "array", - "items": { "$ref": "#/definitions/externalReference" }, + "items": {"$ref": "#/definitions/externalReference"}, "title": "External References", "description": "External references provide a way to document systems, sites, and information that may be relevant, but are not included with the BOM. They may also establish specific relationships within or external to the BOM." } @@ -784,13 +807,15 @@ "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." + "description": "An identifier which can be used to reference the object elsewhere in the BOM. Every `bom-ref` must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." }, "name": { "type": "string", "title": "Organization Name", "description": "The name of the organization", - "examples": ["Example Inc."] + "examples": [ + "Example Inc." + ] }, "address": { "$ref": "#/definitions/postalAddress", @@ -811,7 +836,7 @@ "type": "array", "title": "Organizational Contact", "description": "A contact at the organization. Multiple contacts are allowed.", - "items": { "$ref": "#/definitions/organizationalContact" } + "items": {"$ref": "#/definitions/organizationalContact"} } } }, @@ -823,7 +848,7 @@ "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." + "description": "An identifier which can be used to reference the object elsewhere in the BOM. Every `bom-ref` must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." }, "name": { "type": "string", @@ -849,7 +874,10 @@ "component": { "type": "object", "title": "Component", - "required": ["type", "name"], + "required": [ + "type", + "name" + ], "additionalProperties": false, "properties": { "type": { @@ -874,7 +902,7 @@ "framework": "A software framework. Refer to [https://en.wikipedia.org/wiki/Software_framework](https://en.wikipedia.org/wiki/Software_framework) for information on how frameworks vary slightly from libraries.", "library": "A software library. Refer to [https://en.wikipedia.org/wiki/Library_(computing)](https://en.wikipedia.org/wiki/Library_(computing)) for information about libraries. All third-party and open source reusable components will likely be a library. If the library also has key features of a framework, then it should be classified as a framework. If not, or is unknown, then specifying library is recommended.", "container": "A packaging and/or runtime format, not specific to any particular technology, which isolates software inside the container from software outside of a container through virtualization technology. Refer to [https://en.wikipedia.org/wiki/OS-level_virtualization](https://en.wikipedia.org/wiki/OS-level_virtualization).", - "platform": "A runtime environment which interprets or executes software. This may include runtimes such as those that execute bytecode or low-code/no-code application platforms.", + "platform": "A runtime environment that interprets or executes software. This may include runtimes such as those that execute bytecode, just-in-time compilers, interpreters, or low-code/no-code application platforms.", "operating-system": "A software operating system without regard to deployment model (i.e. installed on physical hardware, virtual machine, image, etc) Refer to [https://en.wikipedia.org/wiki/Operating_system](https://en.wikipedia.org/wiki/Operating_system).", "device": "A hardware device such as a processor or chip-set. A hardware device containing firmware SHOULD include a component for the physical hardware itself and another component of type 'firmware' or 'operating-system' (whichever is relevant), describing information about the software running on the device. See also the list of [known device properties](https://github.com/CycloneDX/cyclonedx-property-taxonomy/blob/main/cdx/device.md).", "device-driver": "A special type of software that operates or controls a particular type of device. Refer to [https://en.wikipedia.org/wiki/Device_driver](https://en.wikipedia.org/wiki/Device_driver).", @@ -891,14 +919,14 @@ "mime-type": { "type": "string", "title": "Mime-Type", - "description": "The optional mime-type of the component. When used on file components, the mime-type can provide additional context about the kind of file being represented, such as an image, font, or executable. Some library or framework components may also have an associated mime-type.", + "description": "The mime-type of the component. When used on file components, the mime-type can provide additional context about the kind of file being represented, such as an image, font, or executable. Some library or framework components may also have an associated mime-type.", "examples": ["image/jpeg"], "pattern": "^[-+a-z0-9.]+/[-+a-z0-9.]+$" }, "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the component elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." + "description": "An identifier which can be used to reference the component elsewhere in the BOM. Every `bom-ref` must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." }, "supplier": { "title": "Component Supplier", @@ -910,11 +938,11 @@ "description": "The organization that created the component.\nManufacturer is common in components created through automated processes. Components created through manual means may have `@.authors` instead.", "$ref": "#/definitions/organizationalEntity" }, - "authors": { + "authors" :{ "type": "array", "title": "Component Authors", "description": "The person(s) who created the component.\nAuthors are common in components created through manual processes. Components created through automated means may have `@.manufacturer` instead.", - "items": { "$ref": "#/definitions/organizationalContact" } + "items": {"$ref": "#/definitions/organizationalContact"} }, "author": { "deprecated": true, @@ -964,7 +992,11 @@ }, "scope": { "type": "string", - "enum": ["required", "optional", "excluded"], + "enum": [ + "required", + "optional", + "excluded" + ], "meta:enum": { "required": "The component is required for runtime", "optional": "The component is optional at runtime. Optional components are components that are not capable of being called due to them not being installed or otherwise accessible by any means. Components that are installed but due to configuration or other restrictions are prohibited from being called must be scoped as 'required'.", @@ -978,7 +1010,7 @@ "type": "array", "title": "Component Hashes", "description": "The hashes of the component.", - "items": { "$ref": "#/definitions/hash" } + "items": {"$ref": "#/definitions/hash"} }, "licenses": { "$ref": "#/definitions/licenseChoice", @@ -1004,9 +1036,7 @@ "type": "string", "title": "Package URL (purl)", "description": "Asserts the identity of the component using package-url (purl). The purl, if specified, must be valid and conform to the specification defined at: [https://github.com/package-url/purl-spec](https://github.com/package-url/purl-spec). Refer to `@.evidence.identity` to optionally provide evidence that substantiates the assertion of the component's identity.", - "examples": [ - "pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar" - ] + "examples": ["pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar"] }, "omniborId": { "type": "array", @@ -1033,7 +1063,7 @@ "modified": { "type": "boolean", "title": "Component Modified From Original", - "description": "[Deprecated] This will be removed in a future version. Use the pedigree element instead to supply information on exactly how the component was modified. A boolean value indicating if the component has been modified from the original. A value of true indicates the component is a derivative of the original. A value of false indicates the component has not been modified from the original." + "description": "[Deprecated] This will be removed in a future version. Use the pedigree element instead to supply information on exactly how the component was modified.\nA boolean value indicating if the component has been modified from the original. A value of true indicates the component is a derivative of the original. A value of false indicates the component has not been modified from the original." }, "pedigree": { "type": "object", @@ -1045,31 +1075,31 @@ "type": "array", "title": "Ancestors", "description": "Describes zero or more components in which a component is derived from. This is commonly used to describe forks from existing projects where the forked version contains a ancestor node containing the original component it was forked from. For example, Component A is the original component. Component B is the component being used and documented in the BOM. However, Component B contains a pedigree node with a single ancestor documenting Component A - the original component from which Component B is derived from.", - "items": { "$ref": "#/definitions/component" } + "items": {"$ref": "#/definitions/component"} }, "descendants": { "type": "array", "title": "Descendants", "description": "Descendants are the exact opposite of ancestors. This provides a way to document all forks (and their forks) of an original or root component.", - "items": { "$ref": "#/definitions/component" } + "items": {"$ref": "#/definitions/component"} }, "variants": { "type": "array", "title": "Variants", "description": "Variants describe relations where the relationship between the components is not known. For example, if Component A contains nearly identical code to Component B. They are both related, but it is unclear if one is derived from the other, or if they share a common ancestor.", - "items": { "$ref": "#/definitions/component" } + "items": {"$ref": "#/definitions/component"} }, "commits": { "type": "array", "title": "Commits", "description": "A list of zero or more commits which provide a trail describing how the component deviates from an ancestor, descendant, or variant.", - "items": { "$ref": "#/definitions/commit" } + "items": {"$ref": "#/definitions/commit"} }, "patches": { "type": "array", "title": "Patches", "description": ">A list of zero or more patches describing how the component deviates from an ancestor, descendant, or variant. Patches may be complementary to commits or may be used in place of commits.", - "items": { "$ref": "#/definitions/patch" } + "items": {"$ref": "#/definitions/patch"} }, "notes": { "type": "string", @@ -1080,13 +1110,13 @@ }, "externalReferences": { "type": "array", - "items": { "$ref": "#/definitions/externalReference" }, + "items": {"$ref": "#/definitions/externalReference"}, "title": "External References", "description": "External references provide a way to document systems, sites, and information that may be relevant but are not included with the BOM. They may also establish specific relationships within or external to the BOM." }, "components": { "type": "array", - "items": { "$ref": "#/definitions/component" }, + "items": {"$ref": "#/definitions/component"}, "uniqueItems": true, "title": "Components", "description": "A list of software and hardware components included in the parent component. This is not a dependency tree. It provides a way to specify a hierarchical representation of component assemblies, similar to system → subsystem → parts assembly in physical supply chains." @@ -1099,7 +1129,7 @@ "releaseNotes": { "$ref": "#/definitions/releaseNotes", "title": "Release notes", - "description": "Specifies optional release notes." + "description": "Specifies release notes." }, "modelCard": { "$ref": "#/definitions/modelCard", @@ -1107,7 +1137,7 @@ }, "data": { "type": "array", - "items": { "$ref": "#/definitions/componentData" }, + "items": {"$ref": "#/definitions/componentData"}, "title": "Data", "description": "This object SHOULD be specified for any component of type `data` and must not be specified for other component types." }, @@ -1119,7 +1149,7 @@ "type": "array", "title": "Properties", "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", - "items": { "$ref": "#/definitions/property" } + "items": {"$ref": "#/definitions/property"} }, "tags": { "$ref": "#/definitions/tags", @@ -1154,7 +1184,10 @@ "type": "object", "title": "SWID Tag", "description": "Specifies metadata and content for ISO-IEC 19770-2 Software Identification (SWID) Tags.", - "required": ["tagId", "name"], + "required": [ + "tagId", + "name" + ], "additionalProperties": false, "properties": { "tagId": { @@ -1202,7 +1235,9 @@ "type": "object", "title": "Attachment", "description": "Specifies the metadata and content for an attachment.", - "required": ["content"], + "required": [ + "content" + ], "additionalProperties": false, "properties": { "contentType": { @@ -1210,13 +1245,19 @@ "title": "Content-Type", "description": "Specifies the format and nature of the data being attached, helping systems correctly interpret and process the content. Common content type examples include `application/json` for JSON data and `text/plain` for plan text documents.\n [RFC 2045 section 5.1](https://www.ietf.org/rfc/rfc2045.html#section-5.1) outlines the structure and use of content types. For a comprehensive list of registered content types, refer to the [IANA media types registry](https://www.iana.org/assignments/media-types/media-types.xhtml).", "default": "text/plain", - "examples": ["text/plain", "application/json", "image/png"] + "examples": [ + "text/plain", + "application/json", + "image/png" + ] }, "encoding": { "type": "string", "title": "Encoding", - "description": "Specifies the optional encoding the text is represented in.", - "enum": ["base64"], + "description": "Specifies the encoding the text is represented in.", + "enum": [ + "base64" + ], "meta:enum": { "base64": "Base64 is a binary-to-text encoding scheme that represents binary data in an ASCII string." } @@ -1231,7 +1272,10 @@ "hash": { "type": "object", "title": "Hash", - "required": ["alg", "content"], + "required": [ + "alg", + "content" + ], "additionalProperties": false, "properties": { "alg": { @@ -1301,7 +1345,7 @@ "$ref": "#/definitions/organizationalContact" } }, - "oneOf": [ + "oneOf":[ { "required": ["organization"] }, @@ -1327,7 +1371,7 @@ "$ref": "#/definitions/organizationalContact" } }, - "oneOf": [ + "oneOf":[ { "required": ["organization"] }, @@ -1353,7 +1397,7 @@ "$ref": "#/definitions/organizationalContact" } }, - "oneOf": [ + "oneOf":[ { "required": ["organization"] }, @@ -1442,7 +1486,7 @@ "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the license elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." + "description": "An identifier which can be used to reference the license elsewhere in the BOM. Every `bom-ref` must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." }, "id": { "$ref": "spdx.schema.json", @@ -1461,7 +1505,7 @@ }, "text": { "title": "License text", - "description": "An optional way to include the textual content of a license.", + "description": "A way to include the textual content of a license.", "$ref": "#/definitions/attachment" }, "url": { @@ -1471,12 +1515,12 @@ "examples": ["https://www.apache.org/licenses/LICENSE-2.0.txt"], "format": "iri-reference" }, - "licensing": { "$ref": "#/definitions/licensing" }, + "licensing": {"$ref": "#/definitions/licensing"}, "properties": { "type": "array", "title": "Properties", "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", - "items": { "$ref": "#/definitions/property" } + "items": {"$ref": "#/definitions/property"} } } }, @@ -1484,7 +1528,10 @@ "title": "License Acknowledgement", "description": "Declared licenses and concluded licenses represent two different stages in the licensing process within software development. Declared licenses refer to the initial intention of the software authors regarding the licensing terms under which their code is released. On the other hand, concluded licenses are the result of a comprehensive analysis of the project's codebase to identify and confirm the actual licenses of the components used, which may differ from the initially declared licenses. While declared licenses provide an upfront indication of the licensing intentions, concluded licenses offer a more thorough understanding of the actual licensing within a project, facilitating proper compliance and risk management. Observed licenses are defined in `@.evidence.licenses`. Observed licenses form the evidence necessary to substantiate a concluded license.", "type": "string", - "enum": ["declared", "concluded"], + "enum": [ + "declared", + "concluded" + ], "meta:enum": { "declared": "Declared licenses represent the initial intentions of authors regarding the licensing terms of their code.", "concluded": "Concluded licenses are verified and confirmed." @@ -1492,109 +1539,108 @@ }, "licenseChoice": { "title": "License Choice", - "description": "EITHER (list of SPDX licenses and/or named licenses) OR (tuple of one SPDX License Expression)", + "description": "A list of SPDX licenses and/or named licenses and/or SPDX License Expression.", "type": "array", - "oneOf": [ - { - "title": "Multiple licenses", - "description": "A list of SPDX licenses and/or named licenses.", - "type": "array", - "items": { + "items": { + "oneOf": [ + { "type": "object", "title": "License", - "required": ["license"], + "required": [ + "license" + ], "additionalProperties": false, "properties": { - "license": { "$ref": "#/definitions/license" } + "license": { + "$ref": "#/definitions/license" + } } - } - }, - { - "title": "SPDX License Expression", - "description": "A tuple of exactly one SPDX License Expression.", - "type": "array", - "additionalItems": false, - "minItems": 1, - "maxItems": 1, - "items": [ - { - "title": "License Expression", - "description": "Specifies the details and attributes related to a software license.\nIt must be a valid SPDX license expression, along with additional properties such as license acknowledgment.", - "type": "object", - "additionalProperties": false, - "required": ["expression"], - "properties": { - "expression": { - "type": "string", - "title": "SPDX License Expression", - "description": "A valid SPDX license expression.\nRefer to https://spdx.org/specifications for syntax requirements.", - "examples": [ - "Apache-2.0 AND (MIT OR GPL-2.0-only)", - "GPL-3.0-only WITH Classpath-exception-2.0" - ] - }, - "expressionDetails": { - "title": "Expression Details", - "description": "Details for parts of the `expression`.", - "type": "array", - "items": { - "type": "object", - "description": "This document specifies the details and attributes related to a software license identifier. An SPDX expression may be a compound of license identifiers.\nThe `license_identifier` property serves as the key that identifies each record. Note that this key is not required to be unique, as the same license identifier could apply to multiple, different but similar license details, texts, etc.", - "required": ["licenseIdentifier"], - "properties": { - "licenseIdentifier": { - "title": "License Identifier", - "description": "The valid SPDX license identifier. Refer to https://spdx.org/specifications for syntax requirements.\nThis property serves as the primary key, which uniquely identifies each record.", - "type": "string", - "examples": [ - "Apache-2.0", - "GPL-3.0-only WITH Classpath-exception-2.0", - "LicenseRef-my-custom-license" - ] - }, - "bom-ref": { - "$ref": "#/definitions/refType", - "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the license elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." - }, - "text": { - "title": "License texts", - "description": "An optional way to include the textual content of the license.", - "$ref": "#/definitions/attachment" - }, - "url": { - "type": "string", - "title": "License URL", - "description": "The URL to the license file. If specified, a 'license' externalReference should also be specified for completeness", - "examples": [ - "https://www.apache.org/licenses/LICENSE-2.0.txt" - ], - "format": "iri-reference" - } + }, + { + "title": "License Expression", + "description": "Specifies the details and attributes related to a software license.\nIt must be a valid SPDX license expression, along with additional properties such as license acknowledgment.", + "type": "object", + "additionalProperties": false, + "required": [ + "expression" + ], + "properties": { + "expression": { + "type": "string", + "title": "SPDX License Expression", + "description": "A valid SPDX license expression.\nRefer to https://spdx.org/specifications for syntax requirements.", + "examples": [ + "Apache-2.0 AND (MIT OR GPL-2.0-only)", + "GPL-3.0-only WITH Classpath-exception-2.0" + ] + }, + "expressionDetails": { + "title": "Expression Details", + "description": "Details for parts of the `expression`.", + "type": "array", + "items": { + "type": "object", + "description": "This document specifies the details and attributes related to a software license identifier. An SPDX expression may be a compound of license identifiers.\nThe `license_identifier` property serves as the key that identifies each record. Note that this key is not required to be unique, as the same license identifier could apply to multiple, different but similar license details, texts, etc.", + "required": [ + "licenseIdentifier" + ], + "properties": { + "licenseIdentifier": { + "title": "License Identifier", + "description": "The valid SPDX license identifier. Refer to https://spdx.org/specifications for syntax requirements.\nThis property serves as the primary key, which uniquely identifies each record.", + "type": "string", + "examples": [ + "Apache-2.0", + "GPL-3.0-only WITH Classpath-exception-2.0", + "LicenseRef-my-custom-license" + ] }, - "additionalProperties": false - } - }, - "acknowledgement": { - "$ref": "#/definitions/licenseAcknowledgementEnumeration" - }, - "bom-ref": { - "$ref": "#/definitions/refType", - "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the license elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." - }, - "licensing": { "$ref": "#/definitions/licensing" }, - "properties": { - "type": "array", - "title": "Properties", - "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", - "items": { "$ref": "#/definitions/property" } + "bom-ref": { + "$ref": "#/definitions/refType", + "title": "BOM Reference", + "description": "An identifier which can be used to reference the license elsewhere in the BOM. Every `bom-ref` must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." + }, + "text": { + "title": "License texts", + "description": "A way to include the textual content of the license.", + "$ref": "#/definitions/attachment" + }, + "url": { + "type": "string", + "title": "License URL", + "description": "The URL to the license file. If specified, a 'license' externalReference should also be specified for completeness", + "examples": [ + "https://www.apache.org/licenses/LICENSE-2.0.txt" + ], + "format": "iri-reference" + } + }, + "additionalProperties": false + } + }, + "acknowledgement": { + "$ref": "#/definitions/licenseAcknowledgementEnumeration" + }, + "bom-ref": { + "$ref": "#/definitions/refType", + "title": "BOM Reference", + "description": "An identifier which can be used to reference the license elsewhere in the BOM. Every `bom-ref` must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." + }, + "licensing": { + "$ref": "#/definitions/licensing" + }, + "properties": { + "type": "array", + "title": "Properties", + "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", + "items": { + "$ref": "#/definitions/property" } } } - ] - } - ] + } + ] + } }, "commit": { "type": "object", @@ -1634,12 +1680,19 @@ "type": "object", "title": "Patch", "description": "Specifies an individual patch", - "required": ["type"], + "required": [ + "type" + ], "additionalProperties": false, "properties": { "type": { "type": "string", - "enum": ["unofficial", "monkey", "backport", "cherry-pick"], + "enum": [ + "unofficial", + "monkey", + "backport", + "cherry-pick" + ], "meta:enum": { "unofficial": "A patch which is not developed by the creators or maintainers of the software being patched. Refer to [https://en.wikipedia.org/wiki/Unofficial_patch](https://en.wikipedia.org/wiki/Unofficial_patch).", "monkey": "A patch which dynamically modifies runtime behavior. Refer to [https://en.wikipedia.org/wiki/Monkey_patch](https://en.wikipedia.org/wiki/Monkey_patch).", @@ -1656,7 +1709,7 @@ }, "resolves": { "type": "array", - "items": { "$ref": "#/definitions/issue" }, + "items": {"$ref": "#/definitions/issue"}, "title": "Resolves", "description": "A collection of issues the patch resolves" } @@ -1670,7 +1723,7 @@ "properties": { "text": { "title": "Diff text", - "description": "Specifies the optional text of the diff", + "description": "Specifies the text of the diff", "$ref": "#/definitions/attachment" }, "url": { @@ -1685,12 +1738,18 @@ "type": "object", "title": "Issue", "description": "An individual issue that has been resolved.", - "required": ["type"], + "required": [ + "type" + ], "additionalProperties": false, "properties": { "type": { "type": "string", - "enum": ["defect", "enhancement", "security"], + "enum": [ + "defect", + "enhancement", + "security" + ], "meta:enum": { "defect": "A fault, flaw, or bug in software.", "enhancement": "A new feature or behavior in software.", @@ -1724,7 +1783,11 @@ "type": "string", "title": "Name", "description": "The name of the source.", - "examples": ["National Vulnerability Database", "NVD", "Apache"] + "examples": [ + "National Vulnerability Database", + "NVD", + "Apache" + ] }, "url": { "type": "string", @@ -1775,7 +1838,10 @@ "type": "object", "title": "External Reference", "description": "External references provide a way to document systems, sites, and information that may be relevant but are not included with the BOM. They may also establish specific relationships within or external to the BOM.", - "required": ["url", "type"], + "required": [ + "url", + "type" + ], "additionalProperties": false, "properties": { "url": { @@ -1796,7 +1862,7 @@ "comment": { "type": "string", "title": "Comment", - "description": "An optional comment describing the external reference" + "description": "A comment describing the external reference" }, "type": { "type": "string", @@ -1848,6 +1914,7 @@ "patent", "patent-family", "patent-assertion", + "citation", "other" ], "meta:enum": { @@ -1873,7 +1940,7 @@ "log": "A record of events that occurred in a computer system or application, such as problems, errors, or information on current operations.", "configuration": "Parameters or settings that may be used by other components or services.", "evidence": "Information used to substantiate a claim.", - "formulation": "Describes how a component or service was manufactured or deployed.", + "formulation": "Describes the formulation of any referencable object within the BOM, including components, services, metadata, declarations, or the BOM itself.", "attestation": "Human or machine-readable statements containing facts, evidence, or testimony.", "threat-model": "An enumeration of identified weaknesses, threats, and countermeasures, dataflow diagram (DFD), attack tree, and other supporting documentation in human-readable or machine-readable format.", "adversary-model": "The defined assumptions, goals, and capabilities of an adversary.", @@ -1895,13 +1962,14 @@ "rfc-9116": "Document that complies with [RFC 9116](https://www.ietf.org/rfc/rfc9116.html) (A File Format to Aid in Security Vulnerability Disclosure)", "patent": "References information about patents which may be defined in human-readable documents or in machine-readable formats such as CycloneDX or ST.96. For detailed patent information or to reference the information provided directly by patent offices, it is recommended to leverage standards from the World Intellectual Property Organization (WIPO) such as [ST.96](https://www.wipo.int/standards/en/st96).", "patent-family": "References information about a patent family which may be defined in human-readable documents or in machine-readable formats such as CycloneDX or ST.96. A patent family is a group of related patent applications or granted patents that cover the same or similar invention. For detailed patent family information or to reference the information provided directly by patent offices, it is recommended to leverage standards from the World Intellectual Property Organization (WIPO) such as [ST.96](https://www.wipo.int/standards/en/st96).", - "patent-assertion": "References assertions made regarding patents associated with a component or service. Assertions distinguish between ownership, licensing, and other relevant interactions with patents.", + "patent-assertion" : "References assertions made regarding patents associated with a component or service. Assertions distinguish between ownership, licensing, and other relevant interactions with patents.", + "citation": "A reference to external citations applicable to the object identified by this BOM entry or the BOM itself. When used with a BOM-Link, this allows offloading citations into a separate CycloneDX BOM.", "other": "Use this if no other types accurately describe the purpose of the external reference." } }, "hashes": { "type": "array", - "items": { "$ref": "#/definitions/hash" }, + "items": {"$ref": "#/definitions/hash"}, "title": "Hashes", "description": "The hashes of the external reference (if applicable)." }, @@ -1909,7 +1977,7 @@ "type": "array", "title": "Properties", "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", - "items": { "$ref": "#/definitions/property" } + "items": {"$ref": "#/definitions/property"} } } }, @@ -1917,7 +1985,9 @@ "type": "object", "title": "Dependency", "description": "Defines the direct dependencies of a component, service, or the components provided/implemented by a given component. Components or services that do not have their own dependencies must be declared as empty elements within the graph. Components or services that are not represented in the dependency graph may have unknown dependencies. It is recommended that implementations assume this to be opaque and not an indicator of an object being dependency-free. It is recommended to leverage compositions to indicate unknown dependency graphs.", - "required": ["ref"], + "required": [ + "ref" + ], "additionalProperties": false, "properties": { "ref": { @@ -1948,13 +2018,15 @@ "service": { "type": "object", "title": "Service", - "required": ["name"], + "required": [ + "name" + ], "additionalProperties": false, "properties": { "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the service elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." + "description": "An identifier which can be used to reference the service elsewhere in the BOM. Every `bom-ref` must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." }, "provider": { "title": "Provider", @@ -2010,7 +2082,7 @@ }, "data": { "type": "array", - "items": { "$ref": "#/definitions/serviceData" }, + "items": {"$ref": "#/definitions/serviceData"}, "title": "Data", "description": "Specifies information about the data including the directional flow of data and the data classification." }, @@ -2024,13 +2096,13 @@ }, "externalReferences": { "type": "array", - "items": { "$ref": "#/definitions/externalReference" }, + "items": {"$ref": "#/definitions/externalReference"}, "title": "External References", "description": "External references provide a way to document systems, sites, and information that may be relevant but are not included with the BOM. They may also establish specific relationships within or external to the BOM." }, "services": { "type": "array", - "items": { "$ref": "#/definitions/service" }, + "items": {"$ref": "#/definitions/service"}, "uniqueItems": true, "title": "Services", "description": "A list of services included or deployed behind the parent service. This is not a dependency tree. It provides a way to specify a hierarchical representation of service assemblies." @@ -2038,13 +2110,13 @@ "releaseNotes": { "$ref": "#/definitions/releaseNotes", "title": "Release notes", - "description": "Specifies optional release notes." + "description": "Specifies release notes." }, "properties": { "type": "array", "title": "Properties", "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", - "items": { "$ref": "#/definitions/property" } + "items": {"$ref": "#/definitions/property"} }, "tags": { "$ref": "#/definitions/tags", @@ -2060,7 +2132,10 @@ "serviceData": { "type": "object", "title": "Hash Objects", - "required": ["flow", "classification"], + "required": [ + "flow", + "classification" + ], "additionalProperties": false, "properties": { "flow": { @@ -2075,7 +2150,9 @@ "type": "string", "title": "Name", "description": "Name for the defined data", - "examples": ["Credit card reporting"] + "examples": [ + "Credit card reporting" + ] }, "description": { "type": "string", @@ -2129,7 +2206,12 @@ }, "dataFlowDirection": { "type": "string", - "enum": ["inbound", "outbound", "bi-directional", "unknown"], + "enum": [ + "inbound", + "outbound", + "bi-directional", + "unknown" + ], "meta:enum": { "inbound": "Data that enters a service.", "outbound": "Data that exits a service.", @@ -2143,7 +2225,9 @@ "type": "object", "title": "Copyright", "description": "A copyright notice informing users of the underlying claims to copyright ownership in a published work.", - "required": ["text"], + "required": [ + "text" + ], "additionalProperties": false, "properties": { "text": { @@ -2162,7 +2246,7 @@ "identity": { "title": "Identity Evidence", "description": "Evidence that substantiates the identity of a component. The identity may be an object or an array of identity objects. Support for specifying identity as a single object was introduced in CycloneDX v1.5. Arrays were introduced in v1.6. It is recommended that all implementations use arrays, even if only one identity object is specified.", - "oneOf": [ + "oneOf" : [ { "type": "array", "title": "Array of Identity Objects", @@ -2182,13 +2266,13 @@ "description": "Evidence of individual instances of a component spread across multiple locations.", "items": { "type": "object", - "required": ["location"], + "required": [ "location" ], "additionalProperties": false, "properties": { "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the occurrence elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." + "description": "An identifier which can be used to reference the occurrence elsewhere in the BOM. Every `bom-ref` must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." }, "location": { "type": "string", @@ -2232,7 +2316,9 @@ "description": "Within a call stack, a frame is a discrete unit that encapsulates an execution context, including local variables, parameters, and the return address. As function calls are made, frames are pushed onto the stack, forming an array-like structure that orchestrates the flow of program execution and manages the sequence of function invocations.", "items": { "type": "object", - "required": ["module"], + "required": [ + "module" + ], "additionalProperties": false, "properties": { "package": { @@ -2252,7 +2338,7 @@ }, "parameters": { "title": "Parameters", - "description": "Optional arguments that are passed to the module or function.", + "description": "Arguments that are passed to the module or function.", "type": "array", "items": { "type": "string" @@ -2284,7 +2370,7 @@ }, "copyright": { "type": "array", - "items": { "$ref": "#/definitions/copyright" }, + "items": {"$ref": "#/definitions/copyright"}, "title": "Copyright Evidence", "description": "Copyright evidence captures intellectual property assertions, providing evidence of possible ownership and legal protection." } @@ -2293,13 +2379,15 @@ "compositions": { "type": "object", "title": "Compositions", - "required": ["aggregate"], + "required": [ + "aggregate" + ], "additionalProperties": false, "properties": { "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the composition elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." + "description": "An identifier which can be used to reference the composition elsewhere in the BOM. Every `bom-ref` must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." }, "aggregate": { "$ref": "#/definitions/aggregateType", @@ -2381,7 +2469,9 @@ "type": "object", "title": "Lightweight name-value pair", "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", - "required": ["name"], + "required": [ + "name" + ], "properties": { "name": { "type": "string", @@ -2404,14 +2494,22 @@ }, "releaseType": { "type": "string", - "examples": ["major", "minor", "patch", "pre-release", "internal"], + "examples": [ + "major", + "minor", + "patch", + "pre-release", + "internal" + ], "description": "The software versioning type. It is recommended that the release type use one of 'major', 'minor', 'patch', 'pre-release', or 'internal'. Representing all possible software release types is not practical, so standardizing on the recommended values, whenever possible, is strongly encouraged.\n\n* __major__ = A major release may contain significant changes or may introduce breaking changes.\n* __minor__ = A minor release, also known as an update, may contain a smaller number of changes than major releases.\n* __patch__ = Patch releases are typically unplanned and may resolve defects or important security issues.\n* __pre-release__ = A pre-release may include alpha, beta, or release candidates and typically have limited support. They provide the ability to preview a release prior to its general availability.\n* __internal__ = Internal releases are not for public consumption and are intended to be used exclusively by the project or manufacturer that produced it." }, "note": { "type": "object", "title": "Note", "description": "A note containing the locale and content.", - "required": ["text"], + "required": [ + "text" + ], "additionalProperties": false, "properties": { "locale": { @@ -2429,7 +2527,9 @@ "releaseNotes": { "type": "object", "title": "Release notes", - "required": ["type"], + "required": [ + "type" + ], "additionalProperties": false, "properties": { "type": { @@ -2479,13 +2579,13 @@ }, "resolves": { "type": "array", - "items": { "$ref": "#/definitions/issue" }, + "items": {"$ref": "#/definitions/issue"}, "title": "Resolves", "description": "A collection of issues that have been resolved." }, "notes": { "type": "array", - "items": { "$ref": "#/definitions/note" }, + "items": {"$ref": "#/definitions/note"}, "title": "Notes", "description": "Zero or more release notes containing the locale and content. Multiple note objects may be specified to support release notes in a wide variety of languages." }, @@ -2493,7 +2593,7 @@ "type": "array", "title": "Properties", "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", - "items": { "$ref": "#/definitions/property" } + "items": {"$ref": "#/definitions/property"} } } }, @@ -2507,7 +2607,7 @@ "title": { "type": "string", "title": "Title", - "description": "An optional name of the advisory." + "description": "A name of the advisory." }, "url": { "type": "string", @@ -2527,7 +2627,15 @@ "type": "string", "title": "Severity", "description": "Textual representation of the severity of the vulnerability adopted by the analysis method. If the analysis method uses values other than what is provided, the user is expected to translate appropriately.", - "enum": ["critical", "high", "medium", "low", "info", "none", "unknown"], + "enum": [ + "critical", + "high", + "medium", + "low", + "info", + "none", + "unknown" + ], "meta:enum": { "critical": "Critical severity", "high": "High severity", @@ -2639,7 +2747,7 @@ "justification": { "type": "string", "title": "Justification", - "description": "An optional reason for rating the vulnerability as it was" + "description": "A reason for rating the vulnerability as it was" } } }, @@ -2653,7 +2761,9 @@ "type": "string", "title": "URL", "description": "The url of the vulnerability documentation as provided by the source.", - "examples": ["https://nvd.nist.gov/vuln/detail/CVE-2021-39182"] + "examples": [ + "https://nvd.nist.gov/vuln/detail/CVE-2021-39182" + ] }, "name": { "type": "string", @@ -2678,7 +2788,7 @@ "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the vulnerability elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." + "description": "An identifier which can be used to reference the vulnerability elsewhere in the BOM. Every `bom-ref` must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." }, "id": { "type": "string", @@ -2700,7 +2810,10 @@ "description": "Zero or more pointers to vulnerabilities that are the equivalent of the vulnerability specified. Often times, the same vulnerability may exist in multiple sources of vulnerability intelligence, but have different identifiers. References provide a way to correlate vulnerabilities across multiple sources of vulnerability intelligence.", "items": { "type": "object", - "required": ["id", "source"], + "required": [ + "id", + "source" + ], "additionalProperties": false, "properties": { "id": { @@ -2848,14 +2961,14 @@ "properties": { "components": { "type": "array", - "items": { "$ref": "#/definitions/component" }, + "items": {"$ref": "#/definitions/component"}, "uniqueItems": true, "title": "Components", "description": "A list of software and hardware components used as tools." }, "services": { "type": "array", - "items": { "$ref": "#/definitions/service" }, + "items": {"$ref": "#/definitions/service"}, "uniqueItems": true, "title": "Services", "description": "A list of services used as tools. This may include microservices, function-as-a-service, and other types of network or intra-process services." @@ -2865,8 +2978,8 @@ { "type": "array", "title": "Tools (legacy)", - "description": "[Deprecated] The tool(s) used to identify, confirm, or score the vulnerability.", - "items": { "$ref": "#/definitions/tool" } + "description": "[Deprecated]\nThe tool(s) used to identify, confirm, or score the vulnerability.", + "items": {"$ref": "#/definitions/tool"} } ] }, @@ -2928,7 +3041,9 @@ "uniqueItems": true, "items": { "type": "object", - "required": ["ref"], + "required": [ + "ref" + ], "additionalProperties": false, "properties": { "ref": { @@ -2998,7 +3113,11 @@ "affectedStatus": { "description": "The vulnerability status of a given version or range of versions of a product. The statuses 'affected' and 'unaffected' indicate that the version is affected or unaffected by the vulnerability. The status 'unknown' indicates that it is unknown or unspecified whether the given version is affected. There can be many reasons for an 'unknown' status, including that an investigation has not been undertaken or that a vendor has not disclosed the status.", "type": "string", - "enum": ["affected", "unaffected", "unknown"], + "enum": [ + "affected", + "unaffected", + "unknown" + ], "meta:enum": { "affected": "The version is affected by the vulnerability.", "unaffected": "The version is not affected by the vulnerability.", @@ -3040,13 +3159,18 @@ "type": "object", "title": "Annotations", "description": "A comment, note, explanation, or similar textual content which provides additional context to the object(s) being annotated.", - "required": ["subjects", "annotator", "timestamp", "text"], + "required": [ + "subjects", + "annotator", + "timestamp", + "text" + ], "additionalProperties": false, "properties": { "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the annotation elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." + "description": "An identifier which can be used to reference the annotation elsewhere in the BOM. Every `bom-ref` must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." }, "subjects": { "type": "array", @@ -3072,16 +3196,24 @@ "description": "The organization, person, component, or service which created the textual content of the annotation.", "oneOf": [ { - "required": ["organization"] + "required": [ + "organization" + ] }, { - "required": ["individual"] + "required": [ + "individual" + ] }, { - "required": ["component"] + "required": [ + "component" + ] }, { - "required": ["service"] + "required": [ + "service" + ] } ], "additionalProperties": false, @@ -3132,7 +3264,7 @@ "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the model card elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." + "description": "An identifier which can be used to reference the model card elsewhere in the BOM. Every `bom-ref` must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." }, "modelParameters": { "type": "object", @@ -3186,8 +3318,8 @@ "type": "array", "title": "Datasets", "description": "The datasets used to train and evaluate the model.", - "items": { - "oneOf": [ + "items" : { + "oneOf" : [ { "title": "Inline Data Information", "$ref": "#/definitions/componentData" @@ -3290,7 +3422,7 @@ "description": "What are the ethical risks involved in the application of this model?", "items": { "$ref": "#/definitions/risk" } }, - "environmentalConsiderations": { + "environmentalConsiderations":{ "$ref": "#/definitions/environmentalConsiderations", "title": "Environmental Considerations", "description": "What are the various environmental impacts the corresponding machine learning model has exhibited across its lifecycle?" @@ -3309,7 +3441,7 @@ "type": "array", "title": "Properties", "description": "Provides the ability to document properties in a name-value store. This provides flexibility to include data not officially supported in the standard without having to use additional namespaces or create extensions. Unlike key-value stores, properties support duplicate names, each potentially having different values. Property names of interest to the general public are encouraged to be registered in the [CycloneDX Property Taxonomy](https://github.com/CycloneDX/cyclonedx-property-taxonomy). Formal registration is optional.", - "items": { "$ref": "#/definitions/property" } + "items": {"$ref": "#/definitions/property"} } } }, @@ -3322,19 +3454,21 @@ "title": "Input/Output Format", "description": "The data format for input/output to the model.", "type": "string", - "examples": ["string", "image", "time-series"] + "examples": [ "string", "image", "time-series"] } } }, "componentData": { "type": "object", "additionalProperties": false, - "required": ["type"], + "required": [ + "type" + ], "properties": { "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the dataset elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." + "description": "An identifier which can be used to reference the dataset elsewhere in the BOM. Every `bom-ref` must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links." }, "type": { "type": "string", @@ -3368,7 +3502,7 @@ "properties": { "attachment": { "title": "Data Attachment", - "description": "An optional way to include textual or encoded data.", + "description": "A way to include textual or encoded data.", "$ref": "#/definitions/attachment" }, "url": { @@ -3451,7 +3585,7 @@ "$ref": "#/definitions/organizationalContact" } }, - "oneOf": [ + "oneOf":[ { "required": ["organization"] }, @@ -3614,7 +3748,11 @@ "title": "Energy consumption", "description": "Describes energy consumption information incurred for the specified lifecycle activity.", "type": "object", - "required": ["activity", "energyProviders", "activityEnergyCost"], + "required": [ + "activity", + "energyProviders", + "activityEnergyCost" + ], "additionalProperties": false, "properties": { "activity": { @@ -3679,7 +3817,10 @@ "type": "object", "title": "Energy Measure", "description": "A measure of energy.", - "required": ["value", "unit"], + "required": [ + "value", + "unit" + ], "additionalProperties": false, "properties": { "value": { @@ -3689,7 +3830,7 @@ }, "unit": { "type": "string", - "enum": ["kWh"], + "enum": [ "kWh" ], "title": "Unit", "description": "Unit of energy.", "meta:enum": { @@ -3702,7 +3843,10 @@ "type": "object", "title": "CO2 Measure", "description": "A measure of carbon dioxide (CO2).", - "required": ["value", "unit"], + "required": [ + "value", + "unit" + ], "additionalProperties": false, "properties": { "value": { @@ -3712,7 +3856,7 @@ }, "unit": { "type": "string", - "enum": ["tCO2eq"], + "enum": [ "tCO2eq" ], "title": "Unit", "description": "Unit of carbon dioxide (CO2).", "meta:enum": { @@ -3725,12 +3869,16 @@ "type": "object", "title": "Energy Provider", "description": "Describes the physical provider of energy used for model development or operations.", - "required": ["organization", "energySource", "energyProvided"], + "required": [ + "organization", + "energySource", + "energyProvided" + ], "additionalProperties": false, "properties": { "bom-ref": { "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the energy provider elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", + "description": "An identifier which can be used to reference the energy provider elsewhere in the BOM. Every `bom-ref` must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", "$ref": "#/definitions/refType" }, "description": { @@ -3782,7 +3930,7 @@ }, "externalReferences": { "type": "array", - "items": { "$ref": "#/definitions/externalReference" }, + "items": {"$ref": "#/definitions/externalReference"}, "title": "External References", "description": "External references provide a way to document systems, sites, and information that may be relevant but are not included with the BOM. They may also establish specific relationships within or external to the BOM." } @@ -3796,7 +3944,7 @@ "properties": { "bom-ref": { "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the address elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", + "description": "An identifier which can be used to reference the address elsewhere in the BOM. Every `bom-ref` must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", "$ref": "#/definitions/refType" }, "country": { @@ -3808,31 +3956,31 @@ "type": "string", "title": "Region", "description": "The region or state in the country.", - "examples": ["Texas"] + "examples": [ "Texas" ] }, "locality": { "type": "string", "title": "Locality", "description": "The locality or city within the country.", - "examples": ["Austin"] + "examples": [ "Austin" ] }, "postOfficeBoxNumber": { "type": "string", "title": "Post Office Box Number", "description": "The post office box number.", - "examples": ["901"] + "examples": [ "901" ] }, "postalCode": { "type": "string", "title": "Postal Code", "description": "The postal code.", - "examples": ["78758"] + "examples": [ "78758" ] }, "streetAddress": { "type": "string", "title": "Street Address", "description": "The street address.", - "examples": ["100 Main Street"] + "examples": [ "100 Main Street" ] } } }, @@ -3844,7 +3992,7 @@ "properties": { "bom-ref": { "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the formula elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", + "description": "An identifier which can be used to reference the formula elsewhere in the BOM. Every `bom-ref` must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", "$ref": "#/definitions/refType" }, "components": { @@ -3890,12 +4038,16 @@ "description": "A specialized orchestration task.", "$comment": "Workflow are as task themselves and can trigger other workflow tasks. These relationships can be modeled in the taskDependencies graph.", "type": "object", - "required": ["bom-ref", "uid", "taskTypes"], + "required": [ + "bom-ref", + "uid", + "taskTypes" + ], "additionalProperties": false, "properties": { "bom-ref": { "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the workflow elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", + "description": "An identifier which can be used to reference the workflow elsewhere in the BOM. Every `bom-ref` must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", "$ref": "#/definitions/refType" }, "uid": { @@ -3967,9 +4119,7 @@ "inputs": { "title": "Inputs", "description": "Represents resources and data brought into a task at runtime by executor or task commands", - "examples": [ - "a `configuration` file which was declared as a local `component` or `externalReference`" - ], + "examples": ["a `configuration` file which was declared as a local `component` or `externalReference`"], "type": "array", "items": { "$ref": "#/definitions/inputType" @@ -4032,12 +4182,16 @@ "description": "Describes the inputs, sequence of steps and resources used to accomplish a task and its output.", "$comment": "Tasks are building blocks for constructing assemble CI/CD workflows or pipelines.", "type": "object", - "required": ["bom-ref", "uid", "taskTypes"], + "required": [ + "bom-ref", + "uid", + "taskTypes" + ], "additionalProperties": false, "properties": { "bom-ref": { "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the task elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", + "description": "An identifier which can be used to reference the task elsewhere in the BOM. Every `bom-ref` must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", "$ref": "#/definitions/refType" }, "uid": { @@ -4090,9 +4244,7 @@ "inputs": { "title": "Inputs", "description": "Represents resources and data brought into a task at runtime by executor or task commands", - "examples": [ - "a `configuration` file which was declared as a local `component` or `externalReference`" - ], + "examples": ["a `configuration` file which was declared as a local `component` or `externalReference`"], "type": "array", "items": { "$ref": "#/definitions/inputType" @@ -4206,12 +4358,15 @@ "title": "Workspace", "description": "A named filesystem or data resource shareable by workflow tasks.", "type": "object", - "required": ["bom-ref", "uid"], + "required": [ + "bom-ref", + "uid" + ], "additionalProperties": false, "properties": { "bom-ref": { "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the workspace elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", + "description": "An identifier which can be used to reference the workspace elsewhere in the BOM. Every `bom-ref` must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", "$ref": "#/definitions/refType" }, "uid": { @@ -4228,7 +4383,7 @@ "title": "Aliases", "description": "The names for the workspace as referenced by other workflow tasks. Effectively, a name mapping so other tasks can use their own local name in their steps.", "type": "array", - "items": { "type": "string" } + "items": {"type": "string"} }, "description": { "title": "Description", @@ -4265,7 +4420,7 @@ "title": "Managed data type", "description": "The name of a domain-specific data type the workspace represents.", "$comment": "This property is for CI/CD frameworks that are able to provide access to structured, managed data at a more granular level than a filesystem.", - "examples": ["ConfigMap", "Secret"], + "examples": ["ConfigMap","Secret"], "type": "string" }, "volumeRequest": { @@ -4278,9 +4433,7 @@ "title": "Volume", "description": "Information about the actual volume instance allocated to the workspace.", "$comment": "The actual volume allocated may be different than the request.", - "examples": [ - "see https://kubernetes.io/docs/concepts/storage/persistent-volumes/" - ], + "examples": ["see https://kubernetes.io/docs/concepts/storage/persistent-volumes/"], "$ref": "#/definitions/volume" }, "properties": { @@ -4313,7 +4466,9 @@ "title": "Mode", "description": "The mode for the volume instance.", "type": "string", - "enum": ["filesystem", "block"], + "enum": [ + "filesystem", "block" + ], "default": "filesystem" }, "path": { @@ -4352,11 +4507,15 @@ "description": "Represents a resource that can conditionally activate (or fire) tasks based upon associated events and their data.", "type": "object", "additionalProperties": false, - "required": ["type", "bom-ref", "uid"], + "required": [ + "type", + "bom-ref", + "uid" + ], "properties": { "bom-ref": { "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the trigger elsewhere in the BOM. Every bom-ref must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", + "description": "An identifier which can be used to reference the trigger elsewhere in the BOM. Every `bom-ref` must be unique within the BOM.\nValue SHOULD not start with the BOM-Link intro 'urn:cdx:' to avoid conflicts with BOM-Links.", "$ref": "#/definitions/refType" }, "uid": { @@ -4387,7 +4546,12 @@ "title": "Type", "description": "The source type of event which caused the trigger to fire.", "type": "string", - "enum": ["manual", "api", "webhook", "scheduled"] + "enum": [ + "manual", + "api", + "webhook", + "scheduled" + ] }, "event": { "title": "Event", @@ -4412,9 +4576,7 @@ "inputs": { "title": "Inputs", "description": "Represents resources and data brought into a task at runtime by executor or task commands", - "examples": [ - "a `configuration` file which was declared as a local `component` or `externalReference`" - ], + "examples": ["a `configuration` file which was declared as a local `component` or `externalReference`"], "type": "array", "items": { "$ref": "#/definitions/inputType" @@ -4494,16 +4656,24 @@ "type": "object", "oneOf": [ { - "required": ["resource"] + "required": [ + "resource" + ] }, { - "required": ["parameters"] + "required": [ + "parameters" + ] }, { - "required": ["environmentVars"] + "required": [ + "environmentVars" + ] }, { - "required": ["data"] + "required": [ + "data" + ] } ], "additionalProperties": false, @@ -4511,13 +4681,19 @@ "source": { "title": "Source", "description": "A reference to the component or service that provided the input to the task (e.g., reference to a service with data flow value of `inbound`)", - "examples": ["source code repository", "database"], + "examples": [ + "source code repository", + "database" + ], "$ref": "#/definitions/resourceReferenceChoice" }, "target": { "title": "Target", "description": "A reference to the component or service that received or stored the input if not the task itself (e.g., a local, named storage workspace)", - "examples": ["workspace", "directory"], + "examples": [ + "workspace", + "directory" + ], "$ref": "#/definitions/resourceReferenceChoice" }, "resource": { @@ -4573,13 +4749,19 @@ "type": "object", "oneOf": [ { - "required": ["resource"] + "required": [ + "resource" + ] }, { - "required": ["environmentVars"] + "required": [ + "environmentVars" + ] }, { - "required": ["data"] + "required": [ + "data" + ] } ], "additionalProperties": false, @@ -4605,15 +4787,17 @@ "target": { "title": "Target", "description": "Component or service that received the output from the task (e.g., reference to an artifactory service with data flow value of `outbound`)", - "examples": [ - "a log file described as an `externalReference` within its target domain." - ], + "examples": ["a log file described as an `externalReference` within its target domain."], "$ref": "#/definitions/resourceReferenceChoice" }, "resource": { "title": "Resource", "description": "A reference to an independent resource generated as output by the task.", - "examples": ["configuration file", "source code", "scanning service"], + "examples": [ + "configuration file", + "source code", + "scanning service" + ], "$ref": "#/definitions/resourceReferenceChoice" }, "data": { @@ -4676,10 +4860,14 @@ }, "oneOf": [ { - "required": ["ref"] + "required": [ + "ref" + ] }, { - "required": ["externalReference"] + "required": [ + "externalReference" + ] } ] }, @@ -4767,21 +4955,13 @@ "type": "object", "title": "Identity Evidence", "description": "Evidence that substantiates the identity of a component.", - "required": ["field"], + "required": [ "field" ], "additionalProperties": false, "properties": { "field": { "type": "string", "enum": [ - "group", - "name", - "version", - "purl", - "cpe", - "omniborId", - "swhid", - "swid", - "hash" + "group", "name", "version", "purl", "cpe", "omniborId", "swhid", "swid", "hash" ], "title": "Field", "description": "The identity field of the component which the evidence describes." @@ -4804,7 +4984,10 @@ "description": "The methods used to extract and/or analyze the evidence.", "items": { "type": "object", - "required": ["technique", "confidence"], + "required": [ + "technique" , + "confidence" + ], "additionalProperties": false, "properties": { "technique": { @@ -4868,7 +5051,7 @@ "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref must be unique within the BOM." + "description": "An identifier which can be used to reference the object elsewhere in the BOM. Every `bom-ref` must be unique within the BOM." }, "name": { "type": "string", @@ -4902,7 +5085,7 @@ "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref must be unique within the BOM." + "description": "An identifier which can be used to reference the object elsewhere in the BOM. Every `bom-ref` must be unique within the BOM." }, "identifier": { "type": "string", @@ -4923,22 +5106,22 @@ "type": "array", "title": "Descriptions", "description": "The supplemental text that provides additional guidance or context to the requirement, but is not directly part of the requirement.", - "items": { "type": "string" } + "items": { "type": "string" } }, "openCre": { "type": "array", "title": "OWASP OpenCRE Identifier(s)", "description": "The Common Requirements Enumeration (CRE) identifier(s). CRE is a structured and standardized framework for uniting security standards and guidelines. CRE links each section of a resource to a shared topic identifier (a Common Requirement). Through this shared topic link, all resources map to each other. Use of CRE promotes clear and unambiguous communication among stakeholders.", "items": { - "type": "string", + "type": "string", "pattern": "^CRE:[0-9]+-[0-9]+$", - "examples": ["CRE:764-507"] + "examples": [ "CRE:764-507" ] } }, "parent": { "$ref": "#/definitions/refLinkType", "title": "Parent BOM Reference", - "description": "The optional `bom-ref` to a parent requirement. This establishes a hierarchy of requirements. Top-level requirements must not define a parent. Only child requirements should define parents." + "description": "The `bom-ref` to a parent requirement. This establishes a hierarchy of requirements. Top-level requirements must not define a parent. Only child requirements should define parents." }, "properties": { "type": "array", @@ -4950,7 +5133,7 @@ }, "externalReferences": { "type": "array", - "items": { "$ref": "#/definitions/externalReference" }, + "items": {"$ref": "#/definitions/externalReference"}, "title": "External References", "description": "External references provide a way to document systems, sites, and information that may be relevant, but are not included with the BOM. They may also establish specific relationships within or external to the BOM." } @@ -4969,7 +5152,7 @@ "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref must be unique within the BOM." + "description": "An identifier which can be used to reference the object elsewhere in the BOM. Every `bom-ref` must be unique within the BOM." }, "identifier": { "type": "string", @@ -4997,7 +5180,7 @@ }, "externalReferences": { "type": "array", - "items": { "$ref": "#/definitions/externalReference" }, + "items": {"$ref": "#/definitions/externalReference"}, "title": "External References", "description": "External references provide a way to document systems, sites, and information that may be relevant but are not included with the BOM. They may also establish specific relationships within or external to the BOM." }, @@ -5018,7 +5201,9 @@ "title": "Cryptographic Properties", "description": "Cryptographic assets have properties that uniquely define them and that make them actionable for further reasoning. As an example, it makes a difference if one knows the algorithm family (e.g. AES) or the specific variant or instantiation (e.g. AES-128-GCM). This is because the security level and the algorithm primitive (authenticated encryption) are only defined by the definition of the algorithm variant. The presence of a weak cryptographic algorithm like SHA1 vs. HMAC-SHA1 also makes a difference.", "additionalProperties": false, - "required": ["assetType"], + "required": [ + "assetType" + ], "properties": { "assetType": { "type": "string", @@ -5061,6 +5246,7 @@ "kem", "ae", "combiner", + "key-wrap", "other", "unknown" ], @@ -5078,19 +5264,32 @@ "kem": "A Key Encapsulation Mechanism (KEM) algorithm is a mechanism for transporting random keying material to a recipient using the recipient's public key.", "ae": "Authenticated Encryption (AE) is a cryptographic process that provides both confidentiality and data integrity. It ensures that the encrypted data has not been tampered with and comes from a legitimate source. AE is commonly used in secure communication protocols.", "combiner": "A combiner aggregates many candidates for a cryptographic primitive and generates a new candidate for the same primitive.", + "key-wrap": "Key-wrap is a cryptographic technique used to securely encrypt and protect cryptographic keys using algorithms like AES.", "other": "Another primitive type.", "unknown": "The primitive is not known." } }, + "algorithmFamily": { + "$ref": "cryptography-defs.schema.json#/definitions/algorithmFamiliesEnum", + "title": "Algorithm Family", + "description": "A valid algorithm family identifier. If specified, this value must be one of the enumeration of valid algorithm Family identifiers defined in the `cryptography-defs.schema.json` subschema.", + "examples": ["3DES", "Blowfish", "ECDH"] + }, "parameterSetIdentifier": { "type": "string", "title": "Parameter Set Identifier", "description": "An identifier for the parameter set of the cryptographic algorithm. Examples: in AES128, '128' identifies the key length in bits, in SHA256, '256' identifies the digest length, '128' in SHAKE128 identifies its maximum security level in bits, and 'SHA2-128s' identifies a parameter set used in SLH-DSA (FIPS205)." }, "curve": { + "deprecated": true, "type": "string", "title": "Elliptic Curve", - "description": "The specific underlying Elliptic Curve (EC) definition employed which is an indicator of the level of security strength, performance and complexity. Absent an authoritative source of curve names, CycloneDX recommends using curve names as defined at [https://neuromancer.sk/std/](https://neuromancer.sk/std/), the source of which can be found at [https://github.com/J08nY/std-curves](https://github.com/J08nY/std-curves)." + "description": "[Deprecated] This will be removed in a future version. Use `@.ellipticCurve` instead.\nThe specific underlying Elliptic Curve (EC) definition employed which is an indicator of the level of security strength, performance and complexity. Absent an authoritative source of curve names, CycloneDX recommends using curve names as defined at [https://neuromancer.sk/std/](https://neuromancer.sk/std/), the source of which can be found at [https://github.com/J08nY/std-curves](https://github.com/J08nY/std-curves)." + }, + "ellipticCurve": { + "$ref": "cryptography-defs.schema.json#/definitions/ellipticCurvesEnum", + "title": "Elliptic Curve", + "description": "The specific underlying Elliptic Curve (EC) definition employed which is an indicator of the level of security strength, performance and complexity. If specified, this value must be one of the enumeration of valid elliptic curves identifiers defined in the `cryptography-defs.schema.json` subschema." }, "executionEnvironment": { "type": "string", @@ -5298,6 +5497,11 @@ "description": "Properties for cryptographic assets of asset type 'certificate'", "additionalProperties": false, "properties": { + "serialNumber": { + "type": "string", + "title": "Serial Number", + "description": "The serial number is a unique identifier for the certificate issued by a CA." + }, "subjectName": { "type": "string", "title": "Subject Name", @@ -5321,26 +5525,240 @@ "description": "The date and time according to ISO-8601 standard from which the certificate is not valid anymore" }, "signatureAlgorithmRef": { + "deprecated": true, "$ref": "#/definitions/refType", "title": "Algorithm Reference", - "description": "The bom-ref to signature algorithm used by the certificate" + "description": "[DEPRECATED] This will be removed in a future version. Use `@.relatedCryptographicAssets` instead.\nThe bom-ref to signature algorithm used by the certificate" }, "subjectPublicKeyRef": { + "deprecated": true, "$ref": "#/definitions/refType", "title": "Key reference", - "description": "The bom-ref to the public key of the subject" + "description": "[DEPRECATED] This will be removed in a future version. Use `@.relatedCryptographicAssets` instead.\nThe bom-ref to the public key of the subject" }, "certificateFormat": { "type": "string", "title": "Certificate Format", "description": "The format of the certificate", - "examples": ["X.509", "PEM", "DER", "CVC"] + "examples": [ + "X.509", + "PEM", + "DER", + "CVC" + ] }, "certificateExtension": { + "deprecated": true, + "type": "string", + "title": "Certificate File Extension", + "description": "[DEPRECATED] This will be removed in a future version. Use `@.certificateFileExtension` instead.\nThe file extension of the certificate", + "examples": [ + "crt", + "pem", + "cer", + "der", + "p12" + ] + }, + "certificateFileExtension": { "type": "string", "title": "Certificate File Extension", - "description": "The file extension of the certificate", - "examples": ["crt", "pem", "cer", "der", "p12"] + "description": "The file extension of the certificate.", + "examples": [ + "crt", + "pem", + "cer", + "der", + "p12" + ] + }, + "fingerprint": { + "type": "object", + "$ref": "#/definitions/hash", + "title": "Certificate Fingerprint", + "description": "The fingerprint is a cryptographic hash of the certificate excluding it's signature." + }, + "certificateState": { + "type": "array", + "title": "Certificate Lifecycle State", + "description": "The certificate lifecycle is a comprehensive process that manages digital certificates from their initial creation to eventual expiration or revocation. It typically involves several stages", + "items": { + "type": "object", + "title": "State", + "description": "The state of the certificate.", + "oneOf": [ + { + "title": "Pre-Defined State", + "required": [ + "state" + ], + "additionalProperties": false, + "properties": { + "state": { + "type": "string", + "title": "State", + "description": "A pre-defined state in the certificate lifecycle.", + "enum": [ + "pre-activation", + "active", + "suspended", + "deactivated", + "revoked", + "destroyed" + ], + "meta:enum": { + "pre-activation": "The certificate has been issued by the issuing certificate authority (CA) but has not been authorized for use.", + "active": "The certificate may be used to cryptographically protect information, cryptographically process previously protected information, or both.", + "deactivated": "Certificates in the deactivated state shall not be used to apply cryptographic protection but, in some cases, may be used to process cryptographically protected information.", + "suspended": "The use of a certificate may be suspended for several possible reasons.", + "revoked": "A revoked certificate is a digital certificate that has been invalidated by the issuing certificate authority (CA) before its scheduled expiration date.", + "destroyed": "The certificate has been destroyed." + } + }, + "reason": { + "type": "string", + "title": "Reason", + "description": "A reason for the certificate being in this state." + } + } + }, + { + "title": "Custom State", + "required": [ + "name" + ], + "additionalProperties": false, + "properties": { + "name": { + "type": "string", + "title": "State", + "description": "The name of the certificate lifecycle state." + }, + "description": { + "type": "string", + "title": "Description", + "description": "The description of the certificate lifecycle state." + }, + "reason": { + "type": "string", + "title": "Reason", + "description": "A reason for the certificate being in this state." + } + } + } + ] + } + }, + "creationDate": { + "type": "string", + "format": "date-time", + "title": "Creation Date", + "description": "The date and time (timestamp) when the certificate was created or pre-activated." + }, + "activationDate": { + "type": "string", + "format": "date-time", + "title": "Activation Date", + "description": "The date and time (timestamp) when the certificate was activated." + }, + "deactivationDate": { + "type": "string", + "format": "date-time", + "title": "Deactivation Date", + "description": "The date and time (timestamp) when the related certificate was deactivated." + }, + "revocationDate": { + "type": "string", + "format": "date-time", + "title": "Revocation Date", + "description": "The date and time (timestamp) when the certificate was revoked." + }, + "destructionDate": { + "type": "string", + "format": "date-time", + "title": "Destruction Date", + "description": "The date and time (timestamp) when the certificate was destroyed." + }, + "certificateExtensions": { + "type": "array", + "title": "Certificate Extensions", + "description": "A certificate extension is a field that provides additional information about the certificate or its use. Extensions are used to convey additional information beyond the standard fields.", + "items": { + "type": "object", + "title": "Extension", + "description": "", + "oneOf": [ + { + "title": "Common Extensions", + "required": [ + "commonExtensionName", + "commonExtensionValue" + ], + "additionalProperties": false, + "properties": { + "commonExtensionName": { + "type": "string", + "title": "name", + "description": "The name of the extension.", + "enum": [ + "basicConstraints", + "keyUsage", + "extendedKeyUsage", + "subjectAlternativeName", + "authorityKeyIdentifier", + "subjectKeyIdentifier", + "authorityInformationAccess", + "certificatePolicies", + "crlDistributionPoints", + "signedCertificateTimestamp" + ], + "meta:enum": { + "basicConstraints": "Specifies whether a certificate can be used as a CA certificate or not.", + "keyUsage": "Specifies the allowed uses of the public key in the certificate.", + "extendedKeyUsage": "Specifies additional purposes for which the public key can be used.", + "subjectAlternativeName": "Allows inclusion of additional names to identify the entity associated with the certificate.", + "authorityKeyIdentifier": "Identifies the public key of the CA that issued the certificate.", + "subjectKeyIdentifier": "Identifies the public key associated with the entity the certificate was issued to.", + "authorityInformationAccess": "Contains CA issuers and OCSP information.", + "certificatePolicies": "Defines the policies under which the certificate was issued and can be used.", + "crlDistributionPoints": "Contains one or more URLs where a Certificate Revocation List (CRL) can be obtained.", + "signedCertificateTimestamp": "Shows that the certificate has been publicly logged, which helps prevent the issuance of rogue certificates by a CA. Log ID, timestamp and signature as proof." + } + }, + "commonExtensionValue": { + "type": "string", + "title": "Value", + "description": "The value of the certificate extension." + } + } + }, + { + "title": "Custom Extensions", + "description": "Custom extensions may convey application-specific or vendor-specific data not covered by standard extensions. The structure and semantics of custom extensions are typically defined outside of public standards. CycloneDX leverages properties to support this capability.", + "required": [ + "customExtensionName" + ], + "additionalProperties": false, + "properties": { + "customExtensionName": { + "type": "string", + "title": "Name", + "description": "The name for the custom certificate extension." + }, + "customExtensionValue": { + "type": "string", + "title": "Value", + "description": "The description of the custom certificate extension." + } + } + } + ] + } + }, + "relatedCryptographicAssets": { + "$ref": "#/definitions/relatedCryptographicAssets", + "title": "Related Cryptographic Assets", + "description": "A list of cryptographic assets related to this component." } } }, @@ -5400,7 +5818,7 @@ "id": { "type": "string", "title": "ID", - "description": "The optional unique identifier for the related cryptographic material." + "description": "The unique identifier for the related cryptographic material." }, "state": { "type": "string", @@ -5416,9 +5834,10 @@ ] }, "algorithmRef": { + "deprecated": true, "$ref": "#/definitions/refType", "title": "Algorithm Reference", - "description": "The bom-ref to the algorithm used to generate the related cryptographic material." + "description": "[DEPRECATED] Use `@.relatedCryptographicAssets` instead.\nThe bom-ref to the algorithm used to generate the related cryptographic material." }, "creationDate": { "type": "string", @@ -5463,6 +5882,17 @@ "$ref": "#/definitions/securedBy", "title": "Secured By", "description": "The mechanism by which the cryptographic asset is secured by." + }, + "fingerprint": { + "type": "object", + "$ref": "#/definitions/hash", + "title": "Fingerprint", + "description": "The fingerprint is a cryptographic hash of the asset." + }, + "relatedCryptographicAssets": { + "$ref": "#/definitions/relatedCryptographicAssets", + "title": "Related Cryptographic Assets", + "description": "A list of cryptographic assets related to this component." } } }, @@ -5483,6 +5913,12 @@ "ike", "sstp", "wpa", + "dtls", + "quic", + "eap-aka", + "eap-aka-prime", + "prins", + "5g-aka", "other", "unknown" ], @@ -5493,6 +5929,12 @@ "ike": "Internet Key Exchange", "sstp": "Secure Socket Tunneling Protocol", "wpa": "Wi-Fi Protected Access", + "dtls": "Datagram Transport Layer Security", + "quic": "Quick UDP Internet Connections", + "eap-aka": "Extensible Authentication Protocol variant", + "eap-aka-prime": "Enhanced version of EAP-AKA", + "prins": "Protection of Inter-Network Signaling", + "5g-aka": "Authentication and Key Agreement for 5G", "other": "Another protocol type", "unknown": "The protocol type is not known" } @@ -5501,7 +5943,11 @@ "type": "string", "title": "Protocol Version", "description": "The version of the protocol.", - "examples": ["1.0", "1.2", "1.99"] + "examples": [ + "1.0", + "1.2", + "1.99" + ] }, "cipherSuites": { "type": "array", @@ -5519,41 +5965,112 @@ "additionalProperties": false, "properties": { "encr": { - "$ref": "#/definitions/cryptoRefArray", - "title": "Encryption Algorithm (ENCR)", - "description": "Transform Type 1: encryption algorithms" + "title": "Encryption Algorithms (ENCR)", + "description": "Transform Type 1: encryption algorithms", + "anyOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/ikeV2Enc", + "title": "Encryption Algorithm (ENCR)" + } + }, + { + "deprecated": true, + "$ref": "#/definitions/cryptoRefArray", + "description": "[DEPRECATED] This will be removed in a future version.\nTransform Type 1: encryption algorithms" + } + ] }, "prf": { - "$ref": "#/definitions/cryptoRefArray", - "title": "Pseudorandom Function (PRF)", - "description": "Transform Type 2: pseudorandom functions" + "title": "Pseudorandom Functions (PRF)", + "description": "Transform Type 2: pseudorandom functions", + "anyOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/ikeV2Prf", + "title": "Pseudorandom Function (PRF)" + } + }, + { + "deprecated": true, + "$ref": "#/definitions/cryptoRefArray", + "description": "[DEPRECATED] This will be removed in a future version.\nTransform Type 2: pseudorandom functions" + } + ] }, "integ": { - "$ref": "#/definitions/cryptoRefArray", - "title": "Integrity Algorithm (INTEG)", - "description": "Transform Type 3: integrity algorithms" + "title": "Integrity Algorithms (INTEG)", + "description": "Transform Type 3: integrity algorithms", + "anyOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/ikeV2Integ", + "title": "Integrity Algorithm (INTEG)" + } + }, + { + "deprecated": true, + "$ref": "#/definitions/cryptoRefArray", + "description": "[DEPRECATED] This will be removed in a future version.\nTransform Type 3: integrity algorithms" + } + ] }, "ke": { - "$ref": "#/definitions/cryptoRefArray", - "title": "Key Exchange Method (KE)", - "description": "Transform Type 4: Key Exchange Method (KE) per [RFC 9370](https://www.ietf.org/rfc/rfc9370.html), formerly called Diffie-Hellman Group (D-H)." + "title": "Key Exchange Methods (KE)", + "description": "Transform Type 4: Key Exchange Method (KE) per [RFC 9370](https://www.ietf.org/rfc/rfc9370.html), formerly called Diffie-Hellman Group (D-H).", + "anyOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/ikeV2Ke", + "title": "Key Exchange Method (KE)" + } + }, + { + "deprecated": true, + "$ref": "#/definitions/cryptoRefArray", + "description": "[DEPRECATED] This will be removed in a future version.\nTransform Type 4: Key Exchange Method (KE) per [RFC 9370](https://www.ietf.org/rfc/rfc9370.html), formerly called Diffie-Hellman Group (D-H)." + } + ] }, "esn": { "type": "boolean", - "title": "Extended Sequence Numbers (ESN)", + "title": "Extended Sequence Number (ESN)", "description": "Specifies if an Extended Sequence Number (ESN) is used." }, "auth": { - "$ref": "#/definitions/cryptoRefArray", - "title": "IKEv2 Authentication method", - "description": "IKEv2 Authentication method" + "title": "IKEv2 Authentication methods", + "description": "IKEv2 Authentication method per [RFC9593](https://www.ietf.org/rfc/rfc9593.html).", + "anyOf": [ + { + "type": "array", + "items": { + "$ref": "#/definitions/ikeV2Auth", + "title": "IKEv2 Authentication Method" + } + }, + { + "deprecated": true, + "$ref": "#/definitions/cryptoRefArray", + "description": "[DEPRECATED] This will be removed in a future version.\nIKEv2 Authentication method" + } + ] } } }, "cryptoRefArray": { + "deprecated": true, "$ref": "#/definitions/cryptoRefArray", "title": "Cryptographic References", - "description": "A list of protocol-related cryptographic assets" + "description": "[DEPRECATED] Use `@.relatedCryptographicAssets` instead.\nA list of protocol-related cryptographic assets" + }, + "relatedCryptographicAssets": { + "$ref": "#/definitions/relatedCryptographicAssets", + "title": "Related Cryptographic Assets", + "description": "A list of cryptographic assets related to this component." } } }, @@ -5574,7 +6091,9 @@ "type": "string", "title": "Common Name", "description": "A common name for the cipher suite.", - "examples": ["TLS_DHE_RSA_WITH_AES_128_CCM"] + "examples": [ + "TLS_DHE_RSA_WITH_AES_128_CCM" + ] }, "algorithms": { "type": "array", @@ -5594,17 +6113,187 @@ "type": "string", "title": "identifier", "description": "Cipher suite identifier", - "examples": ["0xC0", "0x9E"] + "examples": [ + "0xC0", + "0x9E" + ] + } + }, + "tlsGroups": { + "type": "array", + "title": "TLS Groups", + "description": "A list of TLS named groups (formerly known as curves) for this cipher suite. These groups define the parameters for key exchange algorithms like ECDHE.", + "items": { + "type": "string", + "title": "Group Name", + "description": "The name of the TLS group", + "examples": [ + "x25519", + "ffdhe2048" + ] + } + }, + "tlsSignatureSchemes": { + "type": "array", + "title": "TLS Signature Schemes", + "description": "A list of signature schemes supported for cipher suite. These schemes specify the algorithms used for digital signatures in TLS handshakes and certificate verification.", + "items": { + "type": "string", + "title": "Signature Scheme", + "description": "The name of the TLS signature scheme", + "examples": [ + "ecdsa_secp256r1_sha256", + "rsa_pss_rsae_sha256", + "ed25519" + ] } } } }, - "cryptoRefArray": { + "ikeV2Enc": { + "type": "object", + "title": "Encryption Algorithm (ENCR)", + "description": "Object representing an encryption algorithm (ENCR)", + "additionalProperties": false, + "properties": { + "name": { + "type": "string", + "title": "Name", + "description": "A name for the encryption method.", + "examples": [ + "ENCR_AES_GCM_16" + ] + }, + "keyLength": { + "type": "integer", + "title": "Encryption algorithm key length", + "description": "The key length of the encryption algorithm." + }, + "algorithm": { + "$ref": "#/definitions/refType", + "title": "Algorithm reference", + "description": "The bom-ref to algorithm cryptographic asset." + } + } + }, + "ikeV2Prf": { + "type": "object", + "title": "Pseudorandom Function (PRF)", + "description": "Object representing a pseudorandom function (PRF)", + "additionalProperties": false, + "properties": { + "name": { + "type": "string", + "title": "Name", + "description": "A name for the pseudorandom function.", + "examples": [ + "PRF_HMAC_SHA2_256" + ] + }, + "algorithm": { + "$ref": "#/definitions/refType", + "title": "Algorithm reference", + "description": "The bom-ref to algorithm cryptographic asset." + } + } + }, + "ikeV2Integ": { + "type": "object", + "title": "Integrity Algorithm (INTEG)", + "description": "Object representing an integrity algorithm (INTEG)", + "additionalProperties": false, + "properties": { + "name": { + "type": "string", + "title": "Name", + "description": "A name for the integrity algorithm.", + "examples": [ + "AUTH_HMAC_SHA2_256_128" + ] + }, + "algorithm": { + "$ref": "#/definitions/refType", + "title": "Algorithm reference", + "description": "The bom-ref to algorithm cryptographic asset." + } + } + }, + "ikeV2Ke": { + "type": "object", + "title": "Key Exchange Method (KE)", + "description": "Object representing a key exchange method (KE)", + "additionalProperties": false, + "properties": { + "group": { + "type": "integer", + "title": "Group Identifier", + "description": "A group identifier for the key exchange algorithm." + }, + "algorithm": { + "$ref": "#/definitions/refType", + "title": "Algorithm reference", + "description": "The bom-ref to algorithm cryptographic asset." + } + } + }, + "ikeV2Auth": { + "type": "object", + "title": "IKEv2 Authentication method", + "description": "Object representing a IKEv2 Authentication method", + "additionalProperties": false, + "properties": { + "name": { + "type": "string", + "title": "Name", + "description": "A name for the authentication method." + }, + "algorithm": { + "$ref": "#/definitions/refType", + "title": "Algorithm reference", + "description": "The bom-ref to algorithm cryptographic asset." + } + } + }, + "cryptoRefArray" : { + "deprecated": true, + "description": "Deprecated definition.", "type": "array", "items": { "$ref": "#/definitions/refType" } }, + "relatedCryptographicAssets": { + "type": "array", + "title": "Related Cryptographic Assets", + "description": "A list of cryptographic assets related to this component.", + "items": { + "$ref": "#/definitions/relatedCryptographicAsset", + "title": "Related Cryptographic Asset" + } + }, + "relatedCryptographicAsset": { + "type": "object", + "title": "Related Cryptographic Asset", + "description": "A cryptographic assets related to this component.", + "additionalProperties": false, + "properties": { + "type": { + "type": "string", + "title": "Type", + "description": "Specifies the mechanism by which the cryptographic asset is secured by.", + "examples": [ + "publicKey", + "privateKey", + "algorithm" + ] + }, + "ref": { + "$ref": "#/definitions/refType", + "title": "Reference to cryptographic asset", + "description": "The bom-ref to cryptographic asset." + } + } + }, "securedBy": { "type": "object", "title": "Secured By", @@ -5615,7 +6304,13 @@ "type": "string", "title": "Mechanism", "description": "Specifies the mechanism by which the cryptographic asset is secured by.", - "examples": ["HSM", "TPM", "SGX", "Software", "None"] + "examples": [ + "HSM", + "TPM", + "SGX", + "Software", + "None" + ] }, "algorithmRef": { "$ref": "#/definitions/refType", @@ -5649,7 +6344,7 @@ "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref MUST be unique within the BOM. \n\nFor a patent, it might be a good idea to use a patent number as the BOM reference ID." + "description": "An identifier which can be used to reference the object elsewhere in the BOM. Every `bom-ref` must be unique within the BOM. \n\nFor a patent, it might be a good idea to use a patent number as the BOM reference ID." }, "familyId": { "type": "string", @@ -5689,7 +6384,7 @@ "bom-ref": { "$ref": "#/definitions/refType", "title": "BOM Reference", - "description": "An optional identifier which can be used to reference the object elsewhere in the BOM. Every bom-ref must be unique within the BOM." + "description": "An identifier which can be used to reference the object elsewhere in the BOM. Every `bom-ref` must be unique within the BOM." }, "patentNumber": { "type": "string", @@ -5910,6 +6605,75 @@ "$ref": "#/definitions/patentFilingDate" } } + }, + "citation": { + "type": "object", + "title": "Citation", + "description": "Details a specific attribution of data within the BOM to a contributing entity or process.", + "additionalProperties": false, + "properties": { + "bom-ref": { + "$ref": "#/definitions/refType", + "title": "BOM Reference" + }, + "pointers": { + "type": "array", + "items": { + "type": "string", + "title": "Field Reference", + "description": "A [JSON Pointer](https://datatracker.ietf.org/doc/html/rfc6901) identifying the BOM field to which the attribution applies.\nUsers of other serialisation formats (e.g. XML) shall use the JSON Pointer format to ensure consistent field referencing across representations." + }, + "minItems": 1, + "title": "Field References", + "description": "One or more [JSON Pointers](https://datatracker.ietf.org/doc/html/rfc6901) identifying the BOM fields to which the attribution applies.\nExactly one of the \"pointers\" or \"expressions\" elements must be present." + }, + "expressions": { + "type": "array", + "items": { + "type": "string", + "title": "Path Expression", + "description": "Specifies a path expression used to locate a value within a BOM. The expression syntax shall conform to the format of the BOM's serialisation.\nUse [JSONPath](https://datatracker.ietf.org/doc/html/rfc9535) for JSON, [XPath](https://www.w3.org/TR/xpath/) for XML, and default to JSONPath for Protocol Buffers unless otherwise specified.\nImplementers shall ensure the expression is valid within the context of the applicable serialisation format." + }, + "minItems": 1, + "title": "Path Expressions", + "description": "One or more path expressions used to locate values within a BOM.\nExactly one of the \"pointers\" or \"expressions\" elements must be present." + }, + "timestamp": { + "type": "string", + "format": "date-time", + "title": "Timestamp", + "description": "The date and time when the attribution was made or the information was supplied." + }, + "attributedTo": { + "$ref": "#/definitions/refLinkType", + "title": "Attributed To", + "description": "The `bom-ref` of an object, such as a component, service, tool, organisational entity, or person that supplied the cited information.\nAt least one of the \"attributedTo\" or \"process\" elements must be present." + }, + "process": { + "$ref": "#/definitions/refLinkType", + "title": "Process Reference", + "description": "The `bom-ref` to a process (such as a formula, workflow, task, or step) defined in the `formulation` section that executed or generated the attributed data.\nAt least one of the \"attributedTo\" or \"process\" elements must be present." + }, + "note": { + "type": "string", + "title": "Note", + "description": "A description or comment about the context or quality of the data attribution." + }, + "signature": { + "$ref": "#/definitions/signature", + "title": "Signature", + "description": "A digital signature verifying the authenticity or integrity of the attribution." + } + }, + "required": ["timestamp"], + "anyOf": [ + { "required": ["attributedTo"] }, + { "required": ["process"] } + ], + "oneOf": [ + { "required": ["pointers"] }, + { "required": ["expressions"] } + ] } } } diff --git a/data/cryptography-defs.json b/data/cryptography-defs.json new file mode 100644 index 000000000..e3e1728e8 --- /dev/null +++ b/data/cryptography-defs.json @@ -0,0 +1,3793 @@ +{ + "$schema": "http://cyclonedx.org/schema/cryptography-defs.schema.json", + "lastUpdated": "2025-03-22T00:00:00Z", + "algorithms": [ + { + "family": "RSASSA-PKCS1", + "standard": [ + { + "name": "RFC8017", + "url": "https://doi.org/10.17487/RFC8017" + }, + { + "name": "IEEE1363", + "url": "https://doi.org/10.1109/IEEESTD.2000.92290" + } + ], + "variant": [ + { + "pattern": "RSA-PKCS1-1.5[-{digestAlgorithm}][-{keyLength}]", + "primitive": "signature" + } + ] + }, + { + "family": "RSASSA-PSS", + "standard": [ + { + "name": "RFC8017", + "url": "https://doi.org/10.17487/RFC8017" + }, + { + "name": "IEEE1363A", + "url": "https://doi.org/10.1109/IEEESTD.2004.94612" + } + ], + "variant": [ + { + "pattern": "RSA-PSS[-{digestAlgorithm}][-{saltLength}][-{keyLength}]", + "primitive": "signature" + } + ] + }, + { + "family": "RSAES-PKCS1", + "standard": [ + { + "name": "RFC8017", + "url": "https://doi.org/10.17487/RFC8017" + } + ], + "variant": [ + { + "pattern": "RSA-PKCS1-1.5[-{keyLength}]", + "primitive": "pke" + } + ] + }, + { + "family": "RSAES-OAEP", + "standard": [ + { + "name": "RFC8017", + "url": "https://doi.org/10.17487/RFC8017" + } + ], + "variant": [ + { + "pattern": "RSA-OAEP[-{hashAlgorithm}][-{maskGenAlgorithm}][-{keyLength}]", + "primitive": "pke" + } + ] + }, + { + "family": "EdDSA", + "standard": [ + { + "name": "RFC8032", + "url": "https://doi.org/10.17487/RFC8032" + } + ], + "variant": [ + { + "pattern": "Ed(25519|448)[-(ph|ctx)]", + "primitive": "signature" + } + ] + }, + { + "family": "ECDSA", + "standard": [ + { + "name": "FIPS186-4", + "url": "https://doi.org/10.6028/NIST.FIPS.186-4" + }, + { + "name": "X9.62", + "url": "https://standards.globalspec.com/std/1955141/ansi-x9-62" + } + ], + "variant": [ + { + "pattern": "ECDSA[-{ellipticCurve}][-{hash}]", + "primitive": "signature" + } + ] + }, + { + "family": "ECIES", + "standard": [ + { + "name": "SEC1", + "url": "https://www.secg.org/sec1-v2.pdf" + }, + { + "name": "ISO/IEC 18033-2", + "url": "https://www.iso.org/standard/37971.html" + } + ], + "variant": [ + { + "pattern": "ECIES[-{ellipticCurve}][-{kdf}][-{symmetricCipher}][-{mac}]", + "primitive": "pke" + } + ] + }, + { + "family": "MQV", + "standard": [ + { + "name": "SP800-56A", + "url": "https://doi.org/10.6028/NIST.SP.800-56Ar3" + } + ], + "variant": [ + { + "pattern": "FFMQV[-{namedGroup}]", + "primitive": "key-agree" + }, + { + "pattern": "ECMQV[-{ellipticCurve}]", + "primitive": "key-agree" + } + ] + }, + { + "family": "ElGamal", + "standard": [ + { + "name": "ISO/IEC 18033-2", + "url": "https://www.iso.org/standard/37971.html" + } + ], + "variant": [ + { + "pattern": "ElGamal[-{keyLength}]", + "primitive": "pke" + }, + { + "pattern": "EC-ElGamal[-{ellipticCurve}]", + "primitive": "pke" + } + ] + }, + { + "family": "DSA", + "standard": [ + { + "name": "FIPS186-4", + "url": "https://doi.org/10.6028/NIST.FIPS.186-4" + } + ], + "variant": [ + { + "pattern": "DSA[-{length}][-{hash}]", + "primitive": "signature" + } + ] + }, + { + "family": "ECDH", + "standard": [ + { + "name": "SP800-56A", + "url": "https://doi.org/10.6028/NIST.SP.800-56Ar3" + }, + { + "name": "IEEE1363", + "url": "https://doi.org/10.1109/IEEESTD.2000.92290" + }, + { + "name": "X9.63", + "url": "https://webstore.ansi.org/standards/ASCX9/ansix9632011r2017" + } + ], + "variant": [ + { + "pattern": "ECDH[E][-{ellipticCurve}]", + "primitive": "key-agree" + }, + { + "pattern": "x25519|x448", + "primitive": "key-agree" + } + ] + }, + { + "family": "FFDH", + "standard": [ + { + "name": "RFC7919", + "url": "https://doi.org/10.17487/RFC7919" + }, + { + "name": "SP800-56A", + "url": "https://doi.org/10.6028/NIST.SP.800-56Ar3" + } + ], + "variant": [ + { + "pattern": "FFDH(E)[-{namedGroup}]", + "primitive": "key-agree" + } + ] + }, + { + "family": "SHA-1", + "standard": [ + { + "name": "FIPS180-4", + "url": "https://doi.org/10.6028/NIST.FIPS.180-4" + } + ], + "variant": [ + { + "pattern": "SHA-1", + "primitive": "hash" + } + ] + }, + { + "family": "SHA-2", + "standard": [ + { + "name": "FIPS180-4", + "url": "https://doi.org/10.6028/NIST.FIPS.180-4" + } + ], + "variant": [ + { + "pattern": "SHA-(224|256|384|512|512/224|512/256)", + "primitive": "hash" + } + ] + }, + { + "family": "SHA-3", + "standard": [ + { + "name": "FIPS202", + "url": "https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf" + }, + { + "name": "SP800-185", + "url": "https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf" + } + ], + "variant": [ + { + "pattern": "SHA-3-(224|256|384|512)", + "primitive": "hash" + }, + { + "pattern": "SHAKE(128|256)", + "primitive": "xof" + }, + { + "pattern": "cSHAKE(128|256)", + "primitive": "xof" + }, + { + "pattern": "KMAC(128|256)", + "primitive": "mac" + }, + { + "pattern": "HMACXOF(128|256)", + "primitive": "mac" + }, + { + "pattern": "TupleHash(128|256)", + "primitive": "hash" + }, + { + "pattern": "TupleHashXOF(128|256)", + "primitive": "xof" + }, + { + "pattern": "ParallelHash(128|256)", + "primitive": "hash" + }, + { + "pattern": "ParallelHashXOF(128|256)", + "primitive": "xof" + } + ] + }, + { + "family": "AES", + "standard": [ + { + "name": "FIPS197", + "url": "https://doi.org/10.6028/NIST.FIPS.197-upd1" + }, + { + "name": "SP800-38{A-G}", + "url": "https://doi.org/10.6028/NIST.SP.800-38A" + }, + { + "name": "RFC 5116", + "url": "https://doi.org/10.17487/RFC5116" + } + ], + "variant": [ + { + "pattern": "AES[-(128|192|256)][-(ECB|CBC|CFB(1|8|64|128)|OFB|CTR|XTS|CTS)][-{padding}][-{ivlen}]", + "primitive": "block-cipher" + }, + { + "standard": [ + { + "name": "SP800-38D", + "url": "https://doi.org/10.6028/NIST.SP.800-38D" + }, + { + "name": "RFC 3610", + "url": "https://doi.org/10.17487/RFC5116" + } + ], + "pattern": "AES[-(128|192|256)][-(GCM|CCM)][-{tagLength}][-{ivLength}]", + "primitive": "ae" + }, + { + "standard": [ + { + "name": "RFC5649", + "url": "https://doi.org/10.17487/RFC5649" + } + ], + "pattern": "AES[-(128|192|256)]-Wrap[-(PAD|KWP|PKCS7)]", + "primitive": "key-wrap" + }, + { + "pattern": "AES[-(128|192|256)][-(GMAC|CMAC)]", + "primitive": "mac" + }, + { + "pattern": "AES[-(128|192|256)][-(XCBC_MAC[_96])]", + "primitive": "mac" + } + ] + }, + { + "family": "HKDF", + "standard": [ + { + "name": "RFC5869", + "url": "https://doi.org/10.17487/RFC5869" + } + ], + "variant": [ + { + "pattern": "HKDF[-{hashFunction}]", + "primitive": "kdf" + } + ] + }, + { + "family": "HMAC", + "standard": [ + { + "name": "SP800-224", + "url": "https://doi.org/10.6028/NIST.SP.800-224.ipd" + }, + { + "name": "RFC2104", + "url": "https://doi.org/10.17487/RFC2104" + } + ], + "variant": [ + { + "pattern": "HMAC[-{hashFunction}][-{tagLength}]", + "primitive": "mac" + } + ] + }, + { + "family": "CMAC", + "standard": [ + { + "name": "SP800-38B", + "url": "https://doi.org/10.6028/NIST.SP.800-38B" + } + ], + "variant": [ + { + "pattern": "CMAC[-{cipherAlgorithm}][-{length}]", + "primitive": "mac" + } + ] + }, + { + "family": "KMAC", + "standard": [ + { + "name": "SP800-108r1", + "url": "https://doi.org/10.6028/NIST.SP.800-108r1-upd1" + } + ], + "variant": [ + { + "pattern": "KMAC[-(128|256)]", + "primitive": "mac" + } + ] + }, + { + "family": "ChaCha", + "standard": [ + { + "name": "RFC8439", + "url": "https://doi.org/10.17487/RFC8439" + } + ], + "variant": [ + { + "pattern": "ChaCha20[-(AES|{otherBlockCipher})]", + "primitive": "stream-cipher" + } + ] + }, + { + "family": "Poly1305", + "standard": [ + { + "name": "RFC8439", + "url": "https://doi.org/10.17487/RFC8439" + } + ], + "variant": [ + { + "pattern": "Poly1305", + "primitive": "mac" + } + ] + }, + { + "family": "ChaCha20", + "standard": [ + { + "name": "RFC8439", + "url": "https://doi.org/10.17487/RFC8439" + } + ], + "variant": [ + { + "pattern": "ChaCha20", + "primitive": "stream-cipher" + }, + { + "pattern": "ChaCha20-Poly1305", + "primitive": "ae" + } + ] + }, + { + "family": "Salsa20", + "standard": [ + { + "name": "The Salsa20 Family of Stream Ciphers", + "url": "https://doi.org/10.1007/978-3-540-68351-3_8" + } + ], + "variant": [ + { + "pattern": "Salsa20", + "primitive": "stream-cipher" + }, + { + "pattern": "Salsa20-Poly1305", + "primitive": "ae" + } + ] + }, + { + "family": "MD5", + "standard": [ + { + "name": "RFC1321", + "url": "https://doi.org/10.17487/RFC1321" + } + ], + "variant": [ + { + "pattern": "MD5", + "primitive": "hash" + } + ] + }, + { + "family": "MD4", + "standard": [ + { + "name": "RFC1320", + "url": "https://doi.org/10.17487/RFC1320" + } + ], + "variant": [ + { + "pattern": "MD4", + "primitive": "hash" + } + ] + }, + { + "family": "RC4", + "standard": [ + { + "name": "Applied Cryptography: Protocols, Algorithms, and Source Code in C", + "url": "https://dl.acm.org/doi/book/10.5555/572932" + } + ], + "variant": [ + { + "pattern": "RC4[-{keyLength}]", + "primitive": "stream-cipher" + } + ] + }, + { + "family": "3DES", + "standard": [ + { + "name": "RFC1851", + "url": "https://doi.org/10.17487/RFC1851" + }, + { + "name": "FIPS PUB 46-3", + "url": "https://csrc.nist.gov/pubs/fips/46-3/final" + } + ], + "variant": [ + { + "pattern": "3DES[-{keyLength}][-{mode}]", + "primitive": "block-cipher" + } + ] + }, + { + "family": "DES", + "standard": [ + { + "name": "FIPS PUB 46-3", + "url": "https://csrc.nist.gov/pubs/fips/46-3/final" + }, + { + "name": "ANSI INCITS 92-1981", + "url": "https://csrc.nist.gov/pubs/fips/46-3/final" + } + ], + "variant": [ + { + "pattern": "DES[-{keyLength}][-{mode}]", + "primitive": "block-cipher" + } + ] + }, + { + "family": "IDEA", + "standard": [ + { + "name": "A Proposal for a New Block Encryption Standard", + "url": "https://doi.org/10.1007%2F3-540-46877-3_35" + } + ], + "variant": [ + { + "pattern": "IDEA[-{mode}]", + "primitive": "block-cipher" + } + ] + }, + { + "family": "RC2", + "standard": [ + { + "name": "RFC2268", + "url": "https://doi.org/10.17487/RFC2268" + } + ], + "variant": [ + { + "pattern": "RC2[-{keyLength}][-{mode}]", + "primitive": "block-cipher" + } + ] + }, + { + "family": "ML-DSA", + "standard": [ + { + "name": "FIPS 204", + "url": "https://doi.org/10.6028/NIST.FIPS.204" + } + ], + "variant": [ + { + "pattern": "ML-DSA-(44|65|87)", + "primitive": "signature" + }, + { + "pattern": "HashML-DSA-(44|65|87)[-{hashFunction}]", + "primitive": "signature" + } + ] + }, + { + "family": "SLH-DSA", + "standard": [ + { + "name": "FIPS 205", + "url": "https://doi.org/10.6028/NIST.FIPS.205" + } + ], + "variant": [ + { + "pattern": "SLH-DSA-(SHA2|SHAKE)-(128s|128f|192s|192f|256s|256f)", + "primitive": "signature" + }, + { + "pattern": "HashSLH-DSA-(SHA2|SHAKE)-(128s|128f|192s|192f|256s|256f)[-{hashFunction}]", + "primitive": "signature" + } + ] + }, + { + "family": "XMSS", + "standard": [ + { + "name": "SP800-208", + "url": "https://doi.org/10.6028/NIST.SP.800-208" + }, + { + "name": "RFC8391", + "url": "https://doi.org/10.17487/RFC8391" + } + ], + "variant": [ + { + "pattern": "XMSS-(SHA2|SHAKE)[_{h}][_{nbits}]", + "primitive": "signature" + }, + { + "pattern": "XMSSMT-(SHA2|SHAKE)[_{h}/{d}][_{nbits}]", + "primitive": "signature" + }, + { + "pattern": "WOTSP-(SHA2|SHAKE)[_{nbits}]", + "primitive": "signature" + } + ] + }, + { + "family": "LMS", + "standard": [ + { + "name": "SP800-208", + "url": "https://doi.org/10.6028/NIST.SP.800-208" + }, + { + "name": "RFC8554", + "url": "https://doi.org/10.17487/RFC8554" + } + ], + "variant": [ + { + "pattern": "LMS[_{hashFunction}][_M{bytesPerNode}][_H{treeHeight}]", + "primitive": "signature" + }, + { + "pattern": "LMOTS[_{hashfun}][_N{bytespernode}][_H{treeheight}]", + "primitive": "signature" + } + ] + }, + { + "family": "ML-KEM", + "standard": [ + { + "name": "FIPS 203", + "url": "https://doi.org/10.6028/NIST.FIPS.203" + } + ], + "variant": [ + { + "pattern": "ML-KEM-(512|768|1024)", + "primitive": "kem" + } + ] + }, + { + "family": "IKE-PRF", + "standard": [ + { + "name": "RFC2409", + "url": "https://doi.org/10.17487/RFC2409" + }, + { + "name": "RFC5996", + "url": "https://doi.org/10.17487/RFC5996" + } + ], + "variant": [ + { + "pattern": "IKE_PRF_DERIVE", + "primitive": "key-agree" + }, + { + "pattern": "IKE1_(PRF|Extended)_DERIVE", + "primitive": "key-agree" + }, + { + "pattern": "IKE2_PRF_PLUS_DERIVE", + "primitive": "key-agree" + } + ] + }, + { + "family": "GOST", + "variant": [ + { + "standard": [ + { + "name": "RFC4357", + "url": "https://doi.org/10.17487/RFC4357" + } + ], + "pattern": "GOSTR3410", + "primitive": "signature" + }, + { + "standard": [ + { + "name": "RFC4357", + "url": "https://doi.org/10.17487/RFC4357" + } + ], + "pattern": "GOSTR3411", + "primitive": "hash" + }, + { + "standard": [ + { + "name": "RFC4357", + "url": "https://doi.org/10.17487/RFC4357" + } + ], + "pattern": "GOSTR3411_HMAC", + "primitive": "mac" + }, + { + "standard": [ + { + "name": "RFC4357", + "url": "https://doi.org/10.17487/RFC4357" + } + ], + "pattern": "GOST38147[-{mode}][-{padding}]", + "primitive": "block-cipher" + }, + { + "standard": [ + { + "name": "RFC4357", + "url": "https://doi.org/10.17487/RFC4357" + } + ], + "pattern": "GOST38147_MAC", + "primitive": "mac" + } + ] + }, + { + "family": "SEED", + "standard": [ + { + "name": "RFC4269", + "url": "https://doi.org/10.17487/RFC4269" + }, + { + "name": "RFC5669", + "url": "https://doi.org/10.17487/RFC5669" + } + ], + "variant": [ + { + "pattern": "SEED-128[-{mode}][-{padding}]", + "primitive": "block-cipher" + }, + { + "pattern": "SEED-128[-{mode}][-{padding}]-HMAC[-{hashFunction}][-{tagLength}]", + "primitive": "ae" + }, + { + "pattern": "SEED-128-(CCM|GCM)", + "primitive": "ae" + } + ] + }, + { + "family": "ARIA", + "standard": [ + { + "name": "RFC5794", + "url": "https://doi.org/10.17487/RFC5794" + } + ], + "variant": [ + { + "pattern": "ARIA-(128|192|256)[-{mode}][-{padding}]", + "primitive": "block-cipher" + }, + { + "pattern": "ARIA-(128|192|256)[-{authmode}][-{padding}]", + "primitive": "ae" + } + ] + }, + { + "family": "CAMELLIA", + "standard": [ + { + "name": "RFC3713", + "url": "https://doi.org/10.17487/RFC3713" + } + ], + "variant": [ + { + "pattern": "CAMELLIA-(128|192|256)[-{mode}][-{padding}]", + "primitive": "block-cipher" + }, + { + "pattern": "CAMELLIA-(128|192|256)[-{authmode}][-{padding}]", + "primitive": "ae" + } + ] + }, + { + "family": "Twofish", + "standard": [ + { + "name": "Twofish: A 128-Bit Block Cipher", + "url": "https://www.schneier.com/academic/twofish/" + } + ], + "variant": [ + { + "pattern": "Twofish-(128|192|256)[-{mode}][-{padding}]", + "primitive": "block-cipher" + } + ] + }, + { + "family": "Blowfish", + "standard": [ + { + "name": "Description of a new variable-length key, 64-bit block cipher (Blowfish)", + "url": "https://doi.org/10.1007/3-540-58108-1_24" + } + ], + "variant": [ + { + "pattern": "Blowfish[-{keyLength}][-{mode}][-{padding}]", + "primitive": "block-cipher" + } + ] + }, + { + "family": "Skipjack", + "standard": [ + { + "name": "Escrowed Encryption Standard (EES)", + "url": "https://doi.org/10.6028/NIST.FIPS.185" + } + ], + "variant": [ + { + "pattern": "Skipjack[-{mode}][-{padding}]", + "primitive": "block-cipher" + } + ] + }, + { + "family": "SP800-108", + "standard": [ + { + "name": "SP800-108", + "url": "https://doi.org/10.6028/NIST.SP.800-108r1-upd1" + } + ], + "variant": [ + { + "pattern": "SP800_108_(CounterKDF|FeedbackKDF|DoublePipelineKDF)[-{prfFunction}][-{dkmLength}]", + "primitive": "key-derive" + } + ] + }, + { + "family": "BLAKE2", + "standard": [ + { + "name": "RFC7693", + "url": "https://doi.org/10.17487/RFC7693" + } + ], + "variant": [ + { + "pattern": "BLAKE2b-(160|256|384|512)", + "primitive": "hash" + }, + { + "pattern": "BLAKE2b-(160|256|384|512)-HMAC", + "primitive": "mac" + }, + { + "pattern": "BLAKE2s-(160|256)", + "primitive": "hash" + }, + { + "pattern": "BLAKE2b-(160|256|384|512)-HMAC", + "primitive": "mac" + } + ] + }, + { + "family": "BLAKE3", + "standard": [ + { + "name": "BLAKE3 Spec", + "url": "https://github.com/BLAKE3-team/BLAKE3-specs/blob/master/blake3.pdf" + } + ], + "variant": [ + { + "pattern": "BLAKE3[-{outputLength}]", + "primitive": "hash" + } + ] + }, + { + "family": "X3DH", + "standard": [ + { + "name": "The X3DH Key Agreement Protocol", + "url": "https://signal.org/docs/specifications/x3dh/" + } + ], + "variant": [ + { + "pattern": "X3DH[-{hashFunction}]", + "primitive": "key-agree" + } + ] + }, + { + "family": "BLS", + "standard": [ + { + "name": "Short Signatures from the Weil Pairing", + "url": "https://dx.doi.org/10.1007/3-540-45682-1_30" + } + ], + "variant": [ + { + "pattern": "BLS(13-381|13-377|BN254)", + "primitive": "signature" + }, + { + "pattern": "BLS[-{ellipticCurve}]", + "primitive": "signature" + } + ] + }, + { + "family": "MILENAGE", + "standard": [ + { + "name": "3GPP TS 35.206", + "url": "https://www.3gpp.org/ftp/Specs/archive/35_series/35.206/35206-i00.zip" + } + ], + "variant": [ + { + "pattern": "MILENAGE[-MAC]", + "primitive": "mac" + }, + { + "pattern": "MILENAGE[-KDF]", + "primitive": "kdf" + } + ] + }, + { + "family": "TUAK", + "standard": [ + { + "name": "SHA-3 based authentication algorithm (3GPP TS 35.231)", + "url": "https://www.3gpp.org/ftp/Specs/archive/35_series/35.231/35231-i00.zip" + } + ], + "variant": [ + { + "pattern": "TUAC[-MAC]", + "primitive": "mac" + }, + { + "pattern": "TUAC[-KDF]", + "primitive": "kdf" + } + ] + }, + { + "family": "ZUC", + "standard": [ + { + "name": "3GPP TS 35.221", + "url": "https://www.3gpp.org/ftp/Specs/archive/35_series/35.221/35221-i00.zip" + } + ], + "variant": [ + { + "pattern": "128-EEA3", + "primitive": "stream-cipher" + }, + { + "pattern": "128-EIA3", + "primitive": "mac" + } + ] + }, + { + "family": "SNOW3G", + "standard": [ + { + "name": "3GPP TS 35.216", + "url": "https://www.3gpp.org/ftp/Specs/archive/35_series/35.216/35216-i00.zip" + } + ], + "variant": [ + { + "pattern": "128-EEA1", + "primitive": "stream-cipher" + }, + { + "pattern": "128-EIA1", + "primitive": "mac" + } + ] + }, + { + "family": "3GPP-XOR", + "standard": [ + { + "name": "Legacy XOR-based AV generation algorithm (3GPP TS 35.201)", + "url": "https://www.3gpp.org/ftp/Specs/archive/35_series/35.201/35201-i00.zip" + } + ], + "variant": [ + { + "pattern": "3GPP-XOR[-MAC]", + "primitive": "mac" + }, + { + "pattern": "3GPP-XOR[-KDF]", + "primitive": "kdf" + } + ] + }, + { + "family": "MD2", + "standard": [ + { + "name": "RFC1319", + "url": "https://doi.org/10.17487/RFC1319" + } + ], + "variant": [ + { + "pattern": "MD2", + "primitive": "hash" + } + ] + }, + { + "family": "MD4", + "standard": [ + { + "name": "RFC1320", + "url": "https://doi.org/10.17487/RFC1320" + } + ], + "variant": [ + { + "pattern": "MD4", + "primitive": "hash" + } + ] + }, + { + "family": "MD5", + "standard": [ + { + "name": "RFC1321", + "url": "https://doi.org/10.17487/RFC1321" + } + ], + "variant": [ + { + "pattern": "MD5", + "primitive": "hash" + } + ] + }, + { + "family": "RIPEMD", + "standard": [ + { + "name": "ISO10118-3", + "url": "https://www.iso.org/standard/67116.html" + } + ], + "variant": [ + { + "pattern": "RIPEMD-(128|160|256|320)", + "primitive": "hash" + } + ] + }, + { + "family": "Whirlpool", + "standard": [ + { + "name": "ISO10118-3", + "url": "https://www.iso.org/standard/67116.html" + }, + { + "name": "NESSIE", + "url": "https://www.cosic.esat.kuleuven.be/nessie/" + } + ], + "variant": [ + { + "pattern": "Whirlpool", + "primitive": "hash" + } + ] + }, + { + "family": "Serpent", + "standard": [ + { + "name": "AES Finalist", + "url": "https://www.cl.cam.ac.uk/~rja14/serpent.html" + } + ], + "variant": [ + { + "pattern": "Serpent-(128|192|256)[-{mode}][-{padding}]", + "primitive": "block-cipher" + } + ] + }, + { + "family": "CAST5", + "standard": [ + { + "name": "RFC2144", + "url": "https://doi.org/10.17487/RFC2144" + } + ], + "variant": [ + { + "pattern": "CAST5[-{keyLength}][-{mode}]", + "primitive": "block-cipher" + } + ] + }, + { + "family": "CAST6", + "standard": [ + { + "name": "RFC2612", + "url": "https://doi.org/10.17487/RFC2612" + } + ], + "variant": [ + { + "pattern": "CAST6[-{keyLength}][-{mode}]", + "primitive": "block-cipher" + } + ] + }, + { + "family": "RC5", + "standard": [ + { + "name": "RFC2040", + "url": "https://doi.org/10.17487/RFC2040" + } + ], + "variant": [ + { + "pattern": "RC5[-{keyLength}][-{mode}]", + "primitive": "block-cipher" + } + ] + }, + { + "family": "RC6", + "standard": [ + { + "name": "The RC6 Block Cipher", + "url": "https://web.archive.org/web/20181223080309/http://people.csail.mit.edu/rivest/rc6.pdf" + } + ], + "variant": [ + { + "pattern": "RC6[-{keyLength}][-{mode}]", + "primitive": "block-cipher" + } + ] + }, + { + "family": "HC", + "standard": [ + { + "name": "eSTREAM", + "url": "https://www.ecrypt.eu.org/stream/" + } + ], + "variant": [ + { + "pattern": "HC-128", + "primitive": "stream-cipher" + }, + { + "pattern": "HC-256", + "primitive": "stream-cipher" + } + ] + }, + { + "family": "RABBIT", + "standard": [ + { + "name": "RFC4503", + "url": "https://doi.org/10.17487/RFC4503" + }, + { + "name": "eSTREAM", + "url": "https://www.ecrypt.eu.org/stream/" + } + ], + "variant": [ + { + "pattern": "RABBIT", + "primitive": "stream-cipher" + } + ] + }, + { + "family": "Ascon", + "standard": [ + { + "name": "NIST SP 800-232", + "url": "https://doi.org/10.6028/NIST.SP.800-232" + } + ], + "variant": [ + { + "pattern": "Ascon-AEAD128", + "primitive": "ae" + }, + { + "pattern": "Ascon-Hash256", + "primitive": "hash" + }, + { + "pattern": "Ascon-XOF128", + "primitive": "xof" + }, + { + "pattern": "Ascon-CXOF128", + "primitive": "xof" + } + ] + }, + { + "family": "SipHash", + "standard": [ + { + "name": "SipHash Spec", + "url": "https://131002.net/siphash/" + } + ], + "variant": [ + { + "pattern": "SipHash[-{compressionRounds}-{finalizationRounds}]", + "primitive": "hash" + } + ] + }, + { + "family": "PBKDF1", + "standard": [ + { + "name": "RFC8018", + "url": "https://doi.org/10.17487/RFC8018" + } + ], + "variant": [ + { + "pattern": "PBKDF1[-{hashFunction}][-{iterations}][-{dkLen}]", + "primitive": "kdf" + } + ] + }, + { + "family": "PBKDF2", + "standard": [ + { + "name": "RFC8018", + "url": "https://doi.org/10.17487/RFC8018" + }, + { + "name": "SP800-132", + "url": "https://doi.org/10.6028/NIST.SP.800-132" + } + ], + "variant": [ + { + "pattern": "PBKDF2[-{hashFunction}][-{iterations}][-{dkLen}]", + "primitive": "kdf" + } + ] + }, + { + "family": "PBES1", + "standard": [ + { + "name": "RFC8018", + "url": "https://doi.org/10.17487/RFC8018" + } + ], + "variant": [ + { + "pattern": "PBES1[-{encryptionAlgorithm}][-{kdf}][-{dkLen}][-{iterations}]", + "primitive": "other" + } + ] + }, + { + "family": "PBES2", + "standard": [ + { + "name": "RFC8018", + "url": "https://doi.org/10.17487/RFC8018" + } + ], + "variant": [ + { + "pattern": "PBES2[-{encryptionAlgorithm}][-{kdf}][-{dkLen}][-{iterations}]", + "primitive": "other" + } + ] + }, + { + "family": "PBMAC1", + "standard": [ + { + "name": "RFC8018", + "url": "https://doi.org/10.17487/RFC8018" + } + ], + "variant": [ + { + "pattern": "PBMAC1[-{macAlgorithm}][-{hashFunction}][-{iterations}][-{dkLen}]", + "primitive": "mac" + } + ] + }, + { + "family": "bcrypt", + "standard": [ + { + "name": "A Future-Adaptable Password Scheme", + "url": "https://www.usenix.org/legacy/events/usenix99/provos/provos.pdf" + } + ], + "variant": [ + { + "pattern": "bcrypt[-{cost)]", + "primitive": "hash" + } + ] + }, + { + "family": "A5/1", + "variant": [ + { + "pattern": "A5/1", + "primitive": "stream-cipher" + } + ] + }, + { + "family": "A5/2", + "standard": [ + { + "name": "ETSI ETR 278", + "url": "https://www.etsi.org/deliver/etsi_etr/200_299/278/01_60/etr_278e01p.pdf" + } + ], + "variant": [ + { + "pattern": "A5/2", + "primitive": "stream-cipher" + } + ] + }, + { + "family": "CMEA", + "standard": [ + { + "name": "TIA TR45.0.A", + "url": "" + } + ], + "variant": [ + { + "pattern": "CMEA", + "primitive": "block-cipher" + } + ] + }, + { + "family": "Fortuna", + "standard": [ + { + "name": "Fortuna - A secure pseudorandom number generator", + "url": "https://www.schneier.com/academic/fortuna" + } + ], + "variant": [ + { + "pattern": "Fortuna[-{blockCipher}][-{hashFunction}]", + "primitive": "drbg" + } + ] + }, + { + "family": "Yarrow", + "standard": [ + { + "name": "Yarrow - A secure pseudorandom number generator", + "url": "https://www.schneier.com/academic/yarrow" + } + ], + "variant": [ + { + "pattern": "Yarrow[-{blockCipher}][-{hashFunction}]", + "primitive": "drbg" + } + ] + } + ], + "ellipticCurves": [ + { + "name": "anssi", + "description": "Agence nationale de la s\u00e9curit\u00e9 des syst\u00e8mes d'information: Publication d'un param\u00e9trage de courbe elliptique visant des applications de passeport \u00e9lectronique et de l'administration \u00e9lectronique fran\u00e7aise. 21 November 2011", + "curves": [ + { + "name": "FRP256v1", + "description": null, + "oid": "1.2.250.1.223.101.256.1", + "form": "Weierstrass" + } + ] + }, + { + "name": "bls", + "description": "BLS curves. A family of pairing friendly curves, with embedding degree = 12 or 24.", + "curves": [ + { + "name": "BLS12-377", + "description": "Curve from Zexe paper: https://eprint.iacr.org/2018/962, params taken from: https://eips.ethereum.org/EIPS/eip-2539 where they are explicitly listed.", + "oid": null, + "form": "Weierstrass" + }, + { + "name": "BLS12-381", + "description": "Curve from https://electriccoin.co/blog/new-snark-curve/. As used in ZCash.", + "oid": null, + "form": "Weierstrass" + }, + { + "name": "BLS12-446", + "description": "Curve from https://github.com/relic-toolkit/relic.", + "oid": null, + "form": "Weierstrass" + }, + { + "name": "BLS12-455", + "description": "Curve from https://github.com/relic-toolkit/relic.", + "oid": null, + "form": "Weierstrass" + }, + { + "name": "BLS12-638", + "description": "Curve from https://github.com/relic-toolkit/relic. Also in https://eprint.iacr.org/2012/232.pdf.", + "oid": null, + "form": "Weierstrass" + }, + { + "name": "BLS24-477", + "description": "Curve from https://github.com/relic-toolkit/relic. Also in https://eprint.iacr.org/2012/232.pdf.", + "oid": null, + "form": "Weierstrass" + }, + { + "name": "Bandersnatch", + "description": "Curve from https://ethresear.ch/t/introducing-bandersnatch-a-fast-elliptic-curve-built-over-the-bls12-381-scalar-field/9957", + "oid": null, + "form": "TwistedEdwards" + } + ] + }, + { + "name": "bn", + "description": "BN (Barreto, Naehrig curves) from: A Family of Implementation-Friendly BN Elliptic Curves - .", + "curves": [ + { + "name": "bn158", + "description": null, + "oid": null, + "form": "Weierstrass" + }, + { + "name": "bn190", + "description": null, + "oid": null, + "form": "Weierstrass" + }, + { + "name": "bn222", + "description": null, + "oid": null, + "form": "Weierstrass" + }, + { + "name": "bn254", + "description": null, + "oid": null, + "form": "Weierstrass", + "aliases": [ + { + "category": "other", + "name": "Fp254BNb" + } + ] + }, + { + "name": "bn286", + "description": null, + "oid": null, + "form": "Weierstrass" + }, + { + "name": "bn318", + "description": null, + "oid": null, + "form": "Weierstrass" + }, + { + "name": "bn350", + "description": null, + "oid": null, + "form": "Weierstrass" + }, + { + "name": "bn382", + "description": null, + "oid": null, + "form": "Weierstrass" + }, + { + "name": "bn414", + "description": null, + "oid": null, + "form": "Weierstrass" + }, + { + "name": "bn446", + "description": null, + "oid": null, + "form": "Weierstrass" + }, + { + "name": "bn478", + "description": null, + "oid": null, + "form": "Weierstrass" + }, + { + "name": "bn510", + "description": null, + "oid": null, + "form": "Weierstrass" + }, + { + "name": "bn542", + "description": null, + "oid": null, + "form": "Weierstrass" + }, + { + "name": "bn574", + "description": null, + "oid": null, + "form": "Weierstrass" + }, + { + "name": "bn606", + "description": null, + "oid": null, + "form": "Weierstrass" + }, + { + "name": "bn638", + "description": null, + "oid": null, + "form": "Weierstrass" + } + ] + }, + { + "name": "brainpool", + "description": "ECC Brainpool Standard Curves and Curve Generation v. 1.0 19.10.2005", + "curves": [ + { + "name": "brainpoolP160r1", + "description": null, + "oid": "1.3.36.3.3.2.8.1.1.1", + "form": "Weierstrass" + }, + { + "name": "brainpoolP160t1", + "description": null, + "oid": "1.3.36.3.3.2.8.1.1.2", + "form": "Weierstrass" + }, + { + "name": "brainpoolP192r1", + "description": null, + "oid": "1.3.36.3.3.2.8.1.1.3", + "form": "Weierstrass" + }, + { + "name": "brainpoolP192t1", + "description": null, + "oid": "1.3.36.3.3.2.8.1.1.4", + "form": "Weierstrass" + }, + { + "name": "brainpoolP224r1", + "description": null, + "oid": "1.3.36.3.3.2.8.1.1.5", + "form": "Weierstrass" + }, + { + "name": "brainpoolP224t1", + "description": null, + "oid": "1.3.36.3.3.2.8.1.1.6", + "form": "Weierstrass" + }, + { + "name": "brainpoolP256r1", + "description": null, + "oid": "1.3.36.3.3.2.8.1.1.7", + "form": "Weierstrass" + }, + { + "name": "brainpoolP256t1", + "description": null, + "oid": "1.3.36.3.3.2.8.1.1.8", + "form": "Weierstrass" + }, + { + "name": "brainpoolP320r1", + "description": null, + "oid": "1.3.36.3.3.2.8.1.1.9", + "form": "Weierstrass" + }, + { + "name": "brainpoolP320t1", + "description": null, + "oid": "1.3.36.3.3.2.8.1.1.10", + "form": "Weierstrass" + }, + { + "name": "brainpoolP384r1", + "description": null, + "oid": "1.3.36.3.3.2.8.1.1.11", + "form": "Weierstrass" + }, + { + "name": "brainpoolP384t1", + "description": null, + "oid": "1.3.36.3.3.2.8.1.1.12", + "form": "Weierstrass" + }, + { + "name": "brainpoolP512r1", + "description": null, + "oid": "1.3.36.3.3.2.8.1.1.13", + "form": "Weierstrass" + }, + { + "name": "brainpoolP512t1", + "description": null, + "oid": "1.3.36.3.3.2.8.1.1.14", + "form": "Weierstrass" + } + ] + }, + { + "name": "gost", + "description": "GOST R 34.10-2001: RFC5832, GOST R 34.10-2012: RFC7836", + "curves": [ + { + "name": "gost256", + "description": "RFC5832", + "oid": null, + "form": "Weierstrass" + }, + { + "name": "gost512", + "description": "RFC5832", + "oid": null, + "form": "Weierstrass" + }, + { + "name": "id-GostR3410-2001-CryptoPro-A-ParamSet", + "description": "RFC4357", + "oid": null, + "form": "Weierstrass" + }, + { + "name": "id-GostR3410-2001-CryptoPro-B-ParamSet", + "description": "RFC4357", + "oid": null, + "form": "Weierstrass" + }, + { + "name": "id-GostR3410-2001-CryptoPro-C-ParamSet", + "description": "RFC4357", + "oid": null, + "form": "Weierstrass" + }, + { + "name": "id-tc26-gost-3410-12-512-paramSetA", + "description": "RFC7836", + "oid": null, + "form": "Weierstrass" + }, + { + "name": "id-tc26-gost-3410-12-512-paramSetB", + "description": "RFC7836", + "oid": null, + "form": "Weierstrass" + }, + { + "name": "id-tc26-gost-3410-2012-256-paramSetA", + "description": "RFC5832", + "oid": null, + "form": "TwistedEdwards" + }, + { + "name": "id-tc26-gost-3410-2012-512-paramSetC", + "description": "RFC5832", + "oid": null, + "form": "TwistedEdwards" + } + ] + }, + { + "name": "mnt", + "description": "MNT (Miyaji, Nakabayashi, and Takano curves) example curves from: New explicit conditions of elliptic curve traces for FR-reduction - https://dspace.jaist.ac.jp/dspace/bitstream/10119/4432/1/73-48.pdf.", + "curves": [ + { + "name": "mnt1", + "description": null, + "oid": null, + "form": "Weierstrass" + }, + { + "name": "mnt2/1", + "description": null, + "oid": null, + "form": "Weierstrass" + }, + { + "name": "mnt2/2", + "description": null, + "oid": null, + "form": "Weierstrass" + }, + { + "name": "mnt3/1", + "description": null, + "oid": null, + "form": "Weierstrass" + }, + { + "name": "mnt3/2", + "description": null, + "oid": null, + "form": "Weierstrass" + }, + { + "name": "mnt3/3", + "description": null, + "oid": null, + "form": "Weierstrass" + }, + { + "name": "mnt4", + "description": null, + "oid": null, + "form": "Weierstrass" + }, + { + "name": "mnt5/1", + "description": null, + "oid": null, + "form": "Weierstrass" + }, + { + "name": "mnt5/2", + "description": null, + "oid": null, + "form": "Weierstrass" + }, + { + "name": "mnt5/3", + "description": null, + "oid": null, + "form": "Weierstrass" + } + ] + }, + { + "name": "nist", + "description": "RECOMMENDED ELLIPTIC CURVES FOR FEDERAL GOVERNMENT USE July 1999", + "curves": [ + { + "name": "B-163", + "description": null, + "oid": "1.3.132.0.15", + "form": "Weierstrass", + "aliases": [ + { + "category": "secg", + "name": "sect163r2" + }, + { + "category": "x963", + "name": "ansit163r2" + } + ] + }, + { + "name": "B-233", + "description": null, + "oid": "1.3.132.0.27", + "form": "Weierstrass", + "aliases": [ + { + "category": "secg", + "name": "sect233r1" + }, + { + "category": "wtls", + "name": "wap-wsg-idm-ecid-wtls11" + }, + { + "category": "x963", + "name": "ansit233r1" + } + ] + }, + { + "name": "B-283", + "description": null, + "oid": "1.3.132.0.17", + "form": "Weierstrass", + "aliases": [ + { + "category": "secg", + "name": "sect283r1" + }, + { + "category": "x963", + "name": "ansit283r1" + } + ] + }, + { + "name": "B-409", + "description": null, + "oid": "1.3.132.0.37", + "form": "Weierstrass", + "aliases": [ + { + "category": "secg", + "name": "sect409r1" + }, + { + "category": "x963", + "name": "ansit409r1" + } + ] + }, + { + "name": "B-571", + "description": null, + "oid": "1.3.132.0.39", + "form": "Weierstrass", + "aliases": [ + { + "category": "secg", + "name": "sect571r1" + }, + { + "category": "x963", + "name": "ansit571r1" + } + ] + }, + { + "name": "K-163", + "description": "Koblitz curve.", + "oid": "1.3.132.0.1", + "form": "Weierstrass", + "aliases": [ + { + "category": "secg", + "name": "sect163k1" + }, + { + "category": "x963", + "name": "ansit163k1" + }, + { + "category": "wtls", + "name": "wap-wsg-idm-ecid-wtls3" + } + ] + }, + { + "name": "K-233", + "description": "Koblitz curve.", + "oid": "1.3.132.0.26", + "form": "Weierstrass", + "aliases": [ + { + "category": "secg", + "name": "sect233k1" + }, + { + "category": "wtls", + "name": "wap-wsg-idm-ecid-wtls10" + }, + { + "category": "x963", + "name": "ansit233k1" + } + ] + }, + { + "name": "K-283", + "description": "Koblitz curve.", + "oid": "1.3.132.0.16", + "form": "Weierstrass", + "aliases": [ + { + "category": "secg", + "name": "sect283k1" + }, + { + "category": "x963", + "name": "ansit283k1" + } + ] + }, + { + "name": "K-409", + "description": "Koblitz curve.", + "oid": "1.3.132.0.36", + "form": "Weierstrass", + "aliases": [ + { + "category": "secg", + "name": "sect409k1" + }, + { + "category": "x963", + "name": "ansit409k1" + } + ] + }, + { + "name": "K-571", + "description": "Koblitz curve.", + "oid": "1.3.132.0.38", + "form": "Weierstrass", + "aliases": [ + { + "category": "secg", + "name": "sect571k1" + }, + { + "category": "x963", + "name": "ansit571k1" + } + ] + }, + { + "name": "P-192", + "description": null, + "oid": "1.2.840.10045.3.1.1", + "form": "Weierstrass", + "aliases": [ + { + "category": "secg", + "name": "secp192r1" + }, + { + "category": "x962", + "name": "prime192v1" + } + ] + }, + { + "name": "P-224", + "description": null, + "oid": "1.3.132.0.33", + "form": "Weierstrass", + "aliases": [ + { + "category": "secg", + "name": "secp224r1" + }, + { + "category": "wtls", + "name": "wap-wsg-idm-ecid-wtls12" + }, + { + "category": "x963", + "name": "ansip224r1" + } + ] + }, + { + "name": "P-256", + "description": null, + "oid": "1.2.840.10045.3.1.7", + "form": "Weierstrass", + "aliases": [ + { + "category": "secg", + "name": "secp256r1" + }, + { + "category": "x962", + "name": "prime256v1" + } + ] + }, + { + "name": "P-384", + "description": null, + "oid": "1.3.132.0.34", + "form": "Weierstrass", + "aliases": [ + { + "category": "secg", + "name": "secp384r1" + }, + { + "category": "x963", + "name": "ansip384r1" + } + ] + }, + { + "name": "P-521", + "description": null, + "oid": "1.3.132.0.35", + "form": "Weierstrass", + "aliases": [ + { + "category": "secg", + "name": "secp521r1" + }, + { + "category": "x963", + "name": "ansip521r1" + } + ] + } + ] + }, + { + "name": "nums", + "description": "Microsoft Nothing Up My Sleeve (NUMS) curves from: and ", + "curves": [ + { + "name": "ed-254-mont", + "description": "Curve from https://eprint.iacr.org/2014/130.pdf. No generator present.", + "oid": null, + "form": "TwistedEdwards" + }, + { + "name": "ed-255-mers", + "description": "Curve from https://eprint.iacr.org/2014/130.pdf. No generator present.", + "oid": null, + "form": "TwistedEdwards" + }, + { + "name": "ed-256-mont", + "description": "Curve from https://eprint.iacr.org/2014/130.pdf. No generator present.", + "oid": null, + "form": "TwistedEdwards" + }, + { + "name": "ed-382-mont", + "description": "Curve from https://eprint.iacr.org/2014/130.pdf. No generator present.", + "oid": null, + "form": "TwistedEdwards" + }, + { + "name": "ed-383-mers", + "description": "Curve from https://eprint.iacr.org/2014/130.pdf. No generator present.", + "oid": null, + "form": "TwistedEdwards" + }, + { + "name": "ed-384-mont", + "description": "Curve from https://eprint.iacr.org/2014/130.pdf. No generator present.", + "oid": null, + "form": "TwistedEdwards" + }, + { + "name": "ed-510-mont", + "description": "Curve from https://eprint.iacr.org/2014/130.pdf. No generator present.", + "oid": null, + "form": "TwistedEdwards" + }, + { + "name": "ed-511-mers", + "description": "Curve from https://eprint.iacr.org/2014/130.pdf. No generator present.", + "oid": null, + "form": "TwistedEdwards" + }, + { + "name": "ed-512-mont", + "description": "Curve from https://eprint.iacr.org/2014/130.pdf. No generator present.", + "oid": null, + "form": "TwistedEdwards" + }, + { + "name": "numsp256d1", + "description": null, + "oid": null, + "form": "Weierstrass" + }, + { + "name": "numsp256t1", + "description": null, + "oid": null, + "form": "TwistedEdwards" + }, + { + "name": "numsp384d1", + "description": null, + "oid": null, + "form": "Weierstrass" + }, + { + "name": "numsp384t1", + "description": null, + "oid": null, + "form": "TwistedEdwards" + }, + { + "name": "numsp512d1", + "description": null, + "oid": null, + "form": "Weierstrass" + }, + { + "name": "numsp512t1", + "description": null, + "oid": null, + "form": "TwistedEdwards" + }, + { + "name": "w-254-mont", + "description": "Curve from https://eprint.iacr.org/2014/130.pdf. No generator present.", + "oid": null, + "form": "Weierstrass" + }, + { + "name": "w-255-mers", + "description": "Curve from https://eprint.iacr.org/2014/130.pdf. No generator present.", + "oid": null, + "form": "Weierstrass" + }, + { + "name": "w-256-mont", + "description": "Curve from https://eprint.iacr.org/2014/130.pdf. No generator present.", + "oid": null, + "form": "Weierstrass" + }, + { + "name": "w-382-mont", + "description": "Curve from https://eprint.iacr.org/2014/130.pdf. No generator present.", + "oid": null, + "form": "Weierstrass" + }, + { + "name": "w-383-mers", + "description": "Curve from https://eprint.iacr.org/2014/130.pdf. No generator present.", + "oid": null, + "form": "Weierstrass" + }, + { + "name": "w-384-mont", + "description": "Curve from https://eprint.iacr.org/2014/130.pdf. No generator present.", + "oid": null, + "form": "Weierstrass" + }, + { + "name": "w-510-mont", + "description": "Curve from https://eprint.iacr.org/2014/130.pdf. No generator present.", + "oid": null, + "form": "Weierstrass" + }, + { + "name": "w-511-mers", + "description": "Curve from https://eprint.iacr.org/2014/130.pdf. No generator present.", + "oid": null, + "form": "Weierstrass" + }, + { + "name": "w-512-mont", + "description": "Curve from https://eprint.iacr.org/2014/130.pdf. No generator present.", + "oid": null, + "form": "Weierstrass" + } + ] + }, + { + "name": "oakley", + "description": "Oakley groups from and ", + "curves": [ + { + "name": "192-bit Random ECP Group", + "description": "Defined in IETF in RFC5114", + "oid": null, + "form": "Weierstrass" + }, + { + "name": "224-bit Random ECP Group", + "description": "Defined in IETF in RFC5114", + "oid": null, + "form": "Weierstrass" + }, + { + "name": "256-bit Random ECP Group", + "description": "Defined in IETF in RFC5114", + "oid": null, + "form": "Weierstrass" + }, + { + "name": "384-bit Random ECP Group", + "description": "Defined in IETF in RFC5114", + "oid": null, + "form": "Weierstrass" + }, + { + "name": "521-bit Random ECP Group", + "description": "Defined in IETF in RFC5114", + "oid": null, + "form": "Weierstrass" + }, + { + "name": "Oakley Group 3", + "description": "Defined in IETF in RFC2409, no generator present.", + "oid": null, + "form": "Weierstrass" + }, + { + "name": "Oakley Group 4", + "description": "Defined in IETF in RFC2409, no generator present.", + "oid": null, + "form": "Weierstrass" + } + ] + }, + { + "name": "oscaa", + "description": "http://gmssl.org/english.html", + "curves": [ + { + "name": "SM2", + "description": null, + "oid": "1.2.156.10197.1.301", + "form": "Weierstrass" + } + ] + }, + { + "name": "other", + "description": "An assortment of some other curves.", + "curves": [ + { + "name": "BADA55-R-256", + "description": "BADA55 curve from the https://bada55.cr.yp.to/bada55-20150927.pdf", + "oid": null, + "form": "Weierstrass" + }, + { + "name": "BADA55-VPR-224", + "description": "BADA55 curve from the https://bada55.cr.yp.to/bada55-20150927.pdf", + "oid": null, + "form": "Weierstrass" + }, + { + "name": "BADA55-VPR2-224", + "description": "BADA55 curve from the https://bada55.cr.yp.to/bada55-20150927.pdf", + "oid": null, + "form": "Weierstrass" + }, + { + "name": "BADA55-VR-224", + "description": "BADA55 curve from the https://bada55.cr.yp.to/bada55-20150927.pdf", + "oid": null, + "form": "Weierstrass" + }, + { + "name": "BADA55-VR-256", + "description": "BADA55 curve from the https://bada55.cr.yp.to/bada55-20150927.pdf", + "oid": null, + "form": "Weierstrass" + }, + { + "name": "BADA55-VR-384", + "description": "BADA55 curve from the https://bada55.cr.yp.to/bada55-20150927.pdf", + "oid": null, + "form": "Weierstrass" + }, + { + "name": "Curve1174", + "description": "Curve from https://eprint.iacr.org/2013/325.pdf", + "oid": null, + "form": "Weierstrass" + }, + { + "name": "Curve22103", + "description": "Curve from https://github.com/relic-toolkit/relic", + "oid": null, + "form": "Weierstrass" + }, + { + "name": "Curve25519", + "description": "Curve from https://cr.yp.to/ecdh.html", + "oid": null, + "form": "Montgomery" + }, + { + "name": "Curve383187", + "description": null, + "oid": null, + "form": "Montgomery" + }, + { + "name": "Curve41417", + "description": "Curve from https://cr.yp.to/talks/2013.09.16/slides-djb-20130916-a4.pdf", + "oid": null, + "form": "TwistedEdwards" + }, + { + "name": "Curve4417", + "description": "Curve from https://github.com/relic-toolkit/relic", + "oid": null, + "form": "Weierstrass" + }, + { + "name": "Curve448", + "description": "Curve from https://datatracker.ietf.org/doc/html/rfc7748", + "oid": null, + "form": "Montgomery" + }, + { + "name": "Curve67254", + "description": "Curve from https://github.com/relic-toolkit/relic", + "oid": null, + "form": "Weierstrass" + }, + { + "name": "E-222", + "description": "Curve from https://eprint.iacr.org/2013/647.pdf", + "oid": null, + "form": "Edwards" + }, + { + "name": "E-382", + "description": "Curve from https://eprint.iacr.org/2013/647.pdf", + "oid": null, + "form": "Edwards" + }, + { + "name": "E-521", + "description": "Curve from https://eprint.iacr.org/2013/647.pdf", + "oid": null, + "form": "Edwards" + }, + { + "name": "Ed25519", + "description": "Curve from https://ed25519.cr.yp.to", + "oid": null, + "form": "TwistedEdwards" + }, + { + "name": "Ed448", + "description": "Curve from https://datatracker.ietf.org/doc/html/draft-ietf-lwig-curve-representations-23", + "oid": null, + "form": "TwistedEdwards" + }, + { + "name": "Ed448-Goldilocks", + "description": "Curve from https://eprint.iacr.org/2015/625.pdf", + "oid": null, + "form": "TwistedEdwards" + }, + { + "name": "FourQ", + "description": "Curve used in https://eprint.iacr.org/2015/565.pdf", + "oid": null, + "form": "TwistedEdwards" + }, + { + "name": "Fp224BN", + "description": "Curve described in https://www.iso.org/standard/80241.html", + "oid": null, + "form": "Weierstrass" + }, + { + "name": "Fp254BNa", + "description": "Curve used in: https://eprint.iacr.org/2010/354.pdf", + "oid": null, + "form": "Weierstrass" + }, + { + "name": "Fp254BNb", + "description": "Curve used in https://www.iacr.org/archive/eurocrypt2011/66320047/66320047.pdf", + "oid": null, + "form": "Weierstrass", + "aliases": [ + { + "category": "bn", + "name": "bn254" + } + ] + }, + { + "name": "Fp254n2BNa", + "description": "Curve used in: https://eprint.iacr.org/2010/354.pdf", + "oid": null, + "form": "Weierstrass" + }, + { + "name": "Fp256BN", + "description": "Curve described in https://www.iso.org/standard/80241.html", + "oid": null, + "form": "Weierstrass" + }, + { + "name": "Fp384BN", + "description": "Curve described in https://www.iso.org/standard/80241.html", + "oid": null, + "form": "Weierstrass" + }, + { + "name": "Fp512BN", + "description": "Curve described in https://www.iso.org/standard/80241.html", + "oid": null, + "form": "Weierstrass" + }, + { + "name": "JubJub", + "description": "JubJub curve from .", + "oid": null, + "form": "TwistedEdwards" + }, + { + "name": "M-221", + "description": "Curve from https://eprint.iacr.org/2013/647.pdf", + "oid": null, + "form": "Montgomery" + }, + { + "name": "M-383", + "description": "Curve from https://eprint.iacr.org/2013/647.pdf", + "oid": null, + "form": "Montgomery" + }, + { + "name": "M-511", + "description": "Curve from https://eprint.iacr.org/2013/647.pdf", + "oid": null, + "form": "Montgomery" + }, + { + "name": "MDC201601", + "description": "The Million Dollar Curve", + "oid": null, + "form": "Edwards" + }, + { + "name": "Pallas", + "description": "Pallas curve from the [Pasta curves](https://electriccoin.co/blog/the-pasta-curves-for-halo-2-and-beyond/).", + "oid": null, + "form": "Weierstrass" + }, + { + "name": "Tom-256", + "description": "Tom-256 curve from https://eprint.iacr.org/2021/1183.pdf", + "oid": null, + "form": "Weierstrass" + }, + { + "name": "Tom-384", + "description": "Tom-384 curve from https://eprint.iacr.org/2021/1183.pdf", + "oid": null, + "form": "Weierstrass" + }, + { + "name": "Tom-521", + "description": "Tom-521 curve from https://eprint.iacr.org/2021/1183.pdf", + "oid": null, + "form": "Weierstrass" + }, + { + "name": "Tweedledee", + "description": "Tweedledee pairing friendly curve from .", + "oid": null, + "form": "Weierstrass" + }, + { + "name": "Tweedledum", + "description": "Tweedledum pairing friendly curve from .", + "oid": null, + "form": "Weierstrass" + }, + { + "name": "Vesta", + "description": "Vesta curve from the [Pasta curves](https://electriccoin.co/blog/the-pasta-curves-for-halo-2-and-beyond/).", + "oid": null, + "form": "Weierstrass" + }, + { + "name": "ssc-160", + "description": "A prime order curve from MIRACL: https://github.com/miracl/MIRACL/blob/master/docs/miracl-explained/miracl-standard-curves.md. Has no generator specified.", + "oid": null, + "form": "Weierstrass" + }, + { + "name": "ssc-192", + "description": "A prime order curve from MIRACL: https://github.com/miracl/MIRACL/blob/master/docs/miracl-explained/miracl-standard-curves.md. Has no generator specified.", + "oid": null, + "form": "Weierstrass" + }, + { + "name": "ssc-224", + "description": "A prime order curve from MIRACL: https://github.com/miracl/MIRACL/blob/master/docs/miracl-explained/miracl-standard-curves.md. Has no generator specified.", + "oid": null, + "form": "Weierstrass" + }, + { + "name": "ssc-256", + "description": "A prime order curve from MIRACL: https://github.com/miracl/MIRACL/blob/master/docs/miracl-explained/miracl-standard-curves.md. Has no generator specified.", + "oid": null, + "form": "Weierstrass" + }, + { + "name": "ssc-288", + "description": "A prime order curve from MIRACL: https://github.com/miracl/MIRACL/blob/master/docs/miracl-explained/miracl-standard-curves.md. Has no generator specified.", + "oid": null, + "form": "Weierstrass" + }, + { + "name": "ssc-320", + "description": "A prime order curve from MIRACL: https://github.com/miracl/MIRACL/blob/master/docs/miracl-explained/miracl-standard-curves.md. Has no generator specified.", + "oid": null, + "form": "Weierstrass" + }, + { + "name": "ssc-384", + "description": "A prime order curve from MIRACL: https://github.com/miracl/MIRACL/blob/master/docs/miracl-explained/miracl-standard-curves.md. Has no generator specified.", + "oid": null, + "form": "Weierstrass" + }, + { + "name": "ssc-512", + "description": "A prime order curve from MIRACL: https://github.com/miracl/MIRACL/blob/master/docs/miracl-explained/miracl-standard-curves.md. Has no generator specified.", + "oid": null, + "form": "Weierstrass" + } + ] + }, + { + "name": "secg", + "description": "SEC 2: Recommended Elliptic Curve Domain Parameters version 2.0 January 27, 2010", + "curves": [ + { + "name": "secp112r1", + "description": "A randomly generated curve. [SEC2v1](https://www.secg.org/SEC2-Ver-1.0.pdf) states 'E was chosen verifiably at random as specified in ANSI X9.62 [1] from the seed'.", + "oid": "1.3.132.0.6", + "form": "Weierstrass", + "aliases": [ + { + "category": "wtls", + "name": "wap-wsg-idm-ecid-wtls6" + } + ] + }, + { + "name": "secp112r2", + "description": "A randomly generated curve. [SEC2v1](https://www.secg.org/SEC2-Ver-1.0.pdf) states 'E was chosen verifiably at random as specified in ANSI X9.62 [1] from the seed'.", + "oid": "1.3.132.0.7", + "form": "Weierstrass" + }, + { + "name": "secp128r1", + "description": "A randomly generated curve. [SEC2v1](https://www.secg.org/SEC2-Ver-1.0.pdf) states 'E was chosen verifiably at random as specified in ANSI X9.62 [1] from the seed'.", + "oid": "1.3.132.0.28", + "form": "Weierstrass" + }, + { + "name": "secp128r2", + "description": "A randomly generated curve. [SEC2v1](https://www.secg.org/SEC2-Ver-1.0.pdf) states 'E was chosen verifiably at random as specified in ANSI X9.62 [1] from the seed'.", + "oid": "1.3.132.0.29", + "form": "Weierstrass" + }, + { + "name": "secp160k1", + "description": "A Koblitz curve.", + "oid": "1.3.132.0.9", + "form": "Weierstrass", + "aliases": [ + { + "category": "x963", + "name": "ansip160k1" + } + ] + }, + { + "name": "secp160r1", + "description": "A randomly generated curve. [SEC2v1](https://www.secg.org/SEC2-Ver-1.0.pdf) states 'E was chosen verifiably at random as specified in ANSI X9.62 [1] from the seed'.", + "oid": "1.3.132.0.8", + "form": "Weierstrass", + "aliases": [ + { + "category": "wtls", + "name": "wap-wsg-idm-ecid-wtls7" + }, + { + "category": "x963", + "name": "ansip160r1" + } + ] + }, + { + "name": "secp160r2", + "description": "A randomly generated curve. [SEC2v1](https://www.secg.org/SEC2-Ver-1.0.pdf) states 'E was chosen verifiably at random as specified in ANSI X9.62 [1] from the seed'.", + "oid": "1.3.132.0.30", + "form": "Weierstrass", + "aliases": [ + { + "category": "x963", + "name": "ansip160r2" + } + ] + }, + { + "name": "secp192k1", + "description": "A Koblitz curve.", + "oid": "1.3.132.0.31", + "form": "Weierstrass", + "aliases": [ + { + "category": "x963", + "name": "ansip192k1" + } + ] + }, + { + "name": "secp192r1", + "description": "A randomly generated curve. [SEC2v1](https://www.secg.org/SEC2-Ver-1.0.pdf) states 'E was chosen verifiably at random as specified in ANSI X9.62 [1] from the seed'.", + "oid": "1.2.840.10045.3.1.1", + "form": "Weierstrass", + "aliases": [ + { + "category": "nist", + "name": "P-192" + }, + { + "category": "x962", + "name": "prime192v1" + } + ] + }, + { + "name": "secp224k1", + "description": "A Koblitz curve.", + "oid": "1.3.132.0.32", + "form": "Weierstrass", + "aliases": [ + { + "category": "x963", + "name": "ansip224k1" + } + ] + }, + { + "name": "secp224r1", + "description": "A randomly generated curve. [SEC2v1](https://www.secg.org/SEC2-Ver-1.0.pdf) states 'E was chosen verifiably at random as specified in ANSI X9.62 [1] from the seed'.", + "oid": "1.3.132.0.33", + "form": "Weierstrass", + "aliases": [ + { + "category": "nist", + "name": "P-224" + }, + { + "category": "wtls", + "name": "wap-wsg-idm-ecid-wtls12" + }, + { + "category": "x963", + "name": "ansip224r1" + } + ] + }, + { + "name": "secp256k1", + "description": "A Koblitz curve.", + "oid": "1.3.132.0.10", + "form": "Weierstrass", + "aliases": [ + { + "category": "x963", + "name": "ansip256k1" + } + ] + }, + { + "name": "secp256r1", + "description": "A randomly generated curve. [SEC2v1](https://www.secg.org/SEC2-Ver-1.0.pdf) states 'E was chosen verifiably at random as specified in ANSI X9.62 [1] from the seed'.", + "oid": "1.2.840.10045.3.1.7", + "form": "Weierstrass", + "aliases": [ + { + "category": "nist", + "name": "P-256" + }, + { + "category": "x962", + "name": "prime256v1" + } + ] + }, + { + "name": "secp384r1", + "description": null, + "oid": "1.3.132.0.34", + "form": "Weierstrass", + "aliases": [ + { + "category": "nist", + "name": "P-384" + }, + { + "category": "x963", + "name": "ansip384r1" + } + ] + }, + { + "name": "secp521r1", + "description": null, + "oid": "1.3.132.0.35", + "form": "Weierstrass", + "aliases": [ + { + "category": "nist", + "name": "P-521" + }, + { + "category": "x963", + "name": "ansip521r1" + } + ] + }, + { + "name": "sect113r1", + "description": null, + "oid": "1.3.132.0.4", + "form": "Weierstrass", + "aliases": [ + { + "category": "wtls", + "name": "wap-wsg-idm-ecid-wtls4" + } + ] + }, + { + "name": "sect113r2", + "description": null, + "oid": "1.3.132.0.5", + "form": "Weierstrass" + }, + { + "name": "sect131r1", + "description": null, + "oid": "1.3.132.0.22", + "form": "Weierstrass" + }, + { + "name": "sect131r2", + "description": null, + "oid": "1.3.132.0.23", + "form": "Weierstrass" + }, + { + "name": "sect163k1", + "description": null, + "oid": "1.3.132.0.1", + "form": "Weierstrass", + "aliases": [ + { + "category": "nist", + "name": "K-163" + }, + { + "category": "x963", + "name": "ansit163k1" + }, + { + "category": "wtls", + "name": "wap-wsg-idm-ecid-wtls3" + } + ] + }, + { + "name": "sect163r1", + "description": "A randomly generated curve, using the SECG/X9.62 method. 'However for historical reasons the method used to generate E from S differs slightly from the method described in ANSI X9.62 [X9.62]. Specifically the coefficient b produced from S is the reverse of the coefficient that would have been produced by the method described in ANSI X9.62.'", + "oid": "1.3.132.0.2", + "form": "Weierstrass", + "aliases": [ + { + "category": "x963", + "name": "ansit163r1" + } + ] + }, + { + "name": "sect163r2", + "description": "A randomly generated curve. 'E was selected from S as specified in ANSI X9.62 [X9.62] in normal basis representation and converted into polynomial basis representation.'", + "oid": "1.3.132.0.15", + "form": "Weierstrass", + "aliases": [ + { + "category": "nist", + "name": "B-163" + }, + { + "category": "x963", + "name": "ansit163r2" + } + ] + }, + { + "name": "sect193r1", + "description": null, + "oid": "1.3.132.0.24", + "form": "Weierstrass", + "aliases": [ + { + "category": "x963", + "name": "ansit193r1" + } + ] + }, + { + "name": "sect193r2", + "description": null, + "oid": "1.3.132.0.25", + "form": "Weierstrass", + "aliases": [ + { + "category": "x963", + "name": "ansit193r2" + } + ] + }, + { + "name": "sect233k1", + "description": null, + "oid": "1.3.132.0.26", + "form": "Weierstrass", + "aliases": [ + { + "category": "nist", + "name": "K-233" + }, + { + "category": "wtls", + "name": "wap-wsg-idm-ecid-wtls10" + }, + { + "category": "x963", + "name": "ansit233k1" + } + ] + }, + { + "name": "sect233r1", + "description": null, + "oid": "1.3.132.0.27", + "form": "Weierstrass", + "aliases": [ + { + "category": "nist", + "name": "B-233" + }, + { + "category": "wtls", + "name": "wap-wsg-idm-ecid-wtls11" + }, + { + "category": "x963", + "name": "ansit233r1" + } + ] + }, + { + "name": "sect239k1", + "description": null, + "oid": "1.3.132.0.3", + "form": "Weierstrass", + "aliases": [ + { + "category": "x963", + "name": "ansit239k1" + } + ] + }, + { + "name": "sect283k1", + "description": null, + "oid": "1.3.132.0.16", + "form": "Weierstrass", + "aliases": [ + { + "category": "nist", + "name": "K-283" + }, + { + "category": "x963", + "name": "ansit283k1" + } + ] + }, + { + "name": "sect283r1", + "description": null, + "oid": "1.3.132.0.17", + "form": "Weierstrass", + "aliases": [ + { + "category": "nist", + "name": "B-283" + }, + { + "category": "x963", + "name": "ansit283r1" + } + ] + }, + { + "name": "sect409k1", + "description": null, + "oid": "1.3.132.0.36", + "form": "Weierstrass", + "aliases": [ + { + "category": "nist", + "name": "K-409" + }, + { + "category": "x963", + "name": "ansit409k1" + } + ] + }, + { + "name": "sect409r1", + "description": null, + "oid": "1.3.132.0.37", + "form": "Weierstrass", + "aliases": [ + { + "category": "nist", + "name": "B-409" + }, + { + "category": "x963", + "name": "ansit409r1" + } + ] + }, + { + "name": "sect571k1", + "description": null, + "oid": "1.3.132.0.38", + "form": "Weierstrass", + "aliases": [ + { + "category": "nist", + "name": "K-571" + }, + { + "category": "x963", + "name": "ansit571k1" + } + ] + }, + { + "name": "sect571r1", + "description": null, + "oid": "1.3.132.0.39", + "form": "Weierstrass", + "aliases": [ + { + "category": "nist", + "name": "B-571" + }, + { + "category": "x963", + "name": "ansit571r1" + } + ] + } + ] + }, + { + "name": "wtls", + "description": "Wireless Application Protocol - Wireless Transport Layer Security (WAP-WTLS) curves: ", + "curves": [ + { + "name": "wap-wsg-idm-ecid-wtls1", + "description": null, + "oid": "2.23.43.1.4.1", + "form": "Weierstrass" + }, + { + "name": "wap-wsg-idm-ecid-wtls10", + "description": null, + "oid": "2.23.43.1.4.10", + "form": "Weierstrass", + "aliases": [ + { + "category": "secg", + "name": "sect233k1" + }, + { + "category": "nist", + "name": "K-233" + }, + { + "category": "x963", + "name": "ansit233k1" + } + ] + }, + { + "name": "wap-wsg-idm-ecid-wtls11", + "description": null, + "oid": "2.23.43.1.4.11", + "form": "Weierstrass", + "aliases": [ + { + "category": "secg", + "name": "sect233r1" + }, + { + "category": "nist", + "name": "B-233" + }, + { + "category": "x963", + "name": "ansit233r1" + } + ] + }, + { + "name": "wap-wsg-idm-ecid-wtls12", + "description": null, + "oid": "2.23.43.1.4.12", + "form": "Weierstrass", + "aliases": [ + { + "category": "secg", + "name": "secp224r1" + }, + { + "category": "nist", + "name": "P-224" + }, + { + "category": "x963", + "name": "ansip224r1" + } + ] + }, + { + "name": "wap-wsg-idm-ecid-wtls3", + "description": null, + "oid": "2.23.43.1.4.3", + "form": "Weierstrass", + "aliases": [ + { + "category": "nist", + "name": "K-163" + }, + { + "category": "secg", + "name": "sect163k1" + }, + { + "category": "x963", + "name": "ansit163k1" + } + ] + }, + { + "name": "wap-wsg-idm-ecid-wtls4", + "description": null, + "oid": "2.23.43.1.4.4", + "form": "Weierstrass", + "aliases": [ + { + "category": "secg", + "name": "sect113r1" + } + ] + }, + { + "name": "wap-wsg-idm-ecid-wtls5", + "description": null, + "oid": "2.23.43.1.4.5", + "form": "Weierstrass", + "aliases": [ + { + "category": "x962", + "name": "c2pnb163v1" + } + ] + }, + { + "name": "wap-wsg-idm-ecid-wtls6", + "description": null, + "oid": "2.23.43.1.4.6", + "form": "Weierstrass", + "aliases": [ + { + "category": "secg", + "name": "secp112r1" + } + ] + }, + { + "name": "wap-wsg-idm-ecid-wtls7", + "description": null, + "oid": "2.23.43.1.4.7", + "form": "Weierstrass", + "aliases": [ + { + "category": "secg", + "name": "secp160r1" + }, + { + "category": "x963", + "name": "ansip160r1" + } + ] + }, + { + "name": "wap-wsg-idm-ecid-wtls8", + "description": null, + "oid": "2.23.43.1.4.8", + "form": "Weierstrass" + }, + { + "name": "wap-wsg-idm-ecid-wtls9", + "description": null, + "oid": "2.23.43.1.4.9", + "form": "Weierstrass" + } + ] + }, + { + "name": "x962", + "description": "ANSI x9.62 example curves.", + "curves": [ + { + "name": "c2onb191v4", + "description": "A binary-field curve in optimal normal basis", + "oid": "1.2.840.10045.3.0.8", + "form": "Weierstrass" + }, + { + "name": "c2onb191v5", + "description": "A binary-field curve in optimal normal basis", + "oid": "1.2.840.10045.3.0.9", + "form": "Weierstrass" + }, + { + "name": "c2onb239v4", + "description": "A binary-field curve in optimal normal basis", + "oid": "1.2.840.10045.3.0.14", + "form": "Weierstrass" + }, + { + "name": "c2onb239v5", + "description": "A binary-field curve in optimal normal basis", + "oid": "1.2.840.10045.3.0.15", + "form": "Weierstrass" + }, + { + "name": "c2pnb163v1", + "description": null, + "oid": "1.2.840.10045.3.0.1", + "form": "Weierstrass", + "aliases": [ + { + "category": "wtls", + "name": "wap-wsg-idm-ecid-wtls5" + } + ] + }, + { + "name": "c2pnb163v2", + "description": null, + "oid": "1.2.840.10045.3.0.2", + "form": "Weierstrass" + }, + { + "name": "c2pnb163v3", + "description": null, + "oid": "1.2.840.10045.3.0.3", + "form": "Weierstrass" + }, + { + "name": "c2pnb176w1", + "description": null, + "oid": "1.2.840.10045.3.0.4", + "form": "Weierstrass" + }, + { + "name": "c2pnb208w1", + "description": null, + "oid": "1.2.840.10045.3.0.10", + "form": "Weierstrass" + }, + { + "name": "c2pnb272w1", + "description": null, + "oid": "1.2.840.10045.3.0.16", + "form": "Weierstrass" + }, + { + "name": "c2pnb304w1", + "description": null, + "oid": "1.2.840.10045.3.0.17", + "form": "Weierstrass" + }, + { + "name": "c2pnb368w1", + "description": null, + "oid": "1.2.840.10045.3.0.19", + "form": "Weierstrass" + }, + { + "name": "c2tnb191v1", + "description": null, + "oid": "1.2.840.10045.3.0.5", + "form": "Weierstrass" + }, + { + "name": "c2tnb191v2", + "description": null, + "oid": "1.2.840.10045.3.0.6", + "form": "Weierstrass" + }, + { + "name": "c2tnb191v3", + "description": null, + "oid": "1.2.840.10045.3.0.7", + "form": "Weierstrass" + }, + { + "name": "c2tnb239v1", + "description": null, + "oid": "1.2.840.10045.3.0.11", + "form": "Weierstrass" + }, + { + "name": "c2tnb239v2", + "description": null, + "oid": "1.2.840.10045.3.0.12", + "form": "Weierstrass" + }, + { + "name": "c2tnb239v3", + "description": null, + "oid": "1.2.840.10045.3.0.13", + "form": "Weierstrass" + }, + { + "name": "c2tnb359v1", + "description": null, + "oid": "1.2.840.10045.3.0.18", + "form": "Weierstrass" + }, + { + "name": "c2tnb431r1", + "description": null, + "oid": "1.2.840.10045.3.0.20", + "form": "Weierstrass" + }, + { + "name": "prime192v1", + "description": null, + "oid": "1.2.840.10045.3.1.1", + "form": "Weierstrass", + "aliases": [ + { + "category": "secg", + "name": "secp192r1" + }, + { + "category": "nist", + "name": "P-192" + } + ] + }, + { + "name": "prime192v2", + "description": null, + "oid": "1.2.840.10045.3.1.2", + "form": "Weierstrass" + }, + { + "name": "prime192v3", + "description": null, + "oid": "1.2.840.10045.3.1.3", + "form": "Weierstrass" + }, + { + "name": "prime239v1", + "description": null, + "oid": "1.2.840.10045.3.1.4", + "form": "Weierstrass" + }, + { + "name": "prime239v2", + "description": null, + "oid": "1.2.840.10045.3.1.5", + "form": "Weierstrass" + }, + { + "name": "prime239v3", + "description": null, + "oid": "1.2.840.10045.3.1.6", + "form": "Weierstrass" + }, + { + "name": "prime256v1", + "description": null, + "oid": "1.2.840.10045.3.1.7", + "form": "Weierstrass", + "aliases": [ + { + "category": "secg", + "name": "secp256r1" + }, + { + "category": "nist", + "name": "P-256" + } + ] + } + ] + }, + { + "name": "x963", + "description": "ANSI x9.63 example curves.", + "curves": [ + { + "name": "ansip160k1", + "description": null, + "oid": "1.3.132.0.9", + "form": "Weierstrass", + "aliases": [ + { + "category": "secg", + "name": "secp160k1" + } + ] + }, + { + "name": "ansip160r1", + "description": null, + "oid": "1.3.132.0.8", + "form": "Weierstrass", + "aliases": [ + { + "category": "secg", + "name": "secp160r1" + }, + { + "category": "wtls", + "name": "wap-wsg-idm-ecid-wtls7" + } + ] + }, + { + "name": "ansip160r2", + "description": null, + "oid": "1.3.132.0.30", + "form": "Weierstrass", + "aliases": [ + { + "category": "secg", + "name": "secp160r2" + } + ] + }, + { + "name": "ansip192k1", + "description": null, + "oid": "1.3.132.0.31", + "form": "Weierstrass", + "aliases": [ + { + "category": "secg", + "name": "secp192k1" + } + ] + }, + { + "name": "ansip224k1", + "description": null, + "oid": "1.3.132.0.32", + "form": "Weierstrass", + "aliases": [ + { + "category": "secg", + "name": "secp224k1" + } + ] + }, + { + "name": "ansip224r1", + "description": null, + "oid": "1.3.132.0.33", + "form": "Weierstrass", + "aliases": [ + { + "category": "wtls", + "name": "wap-wsg-idm-ecid-wtls12" + }, + { + "category": "nist", + "name": "P-224" + }, + { + "category": "secg", + "name": "secp224r1" + } + ] + }, + { + "name": "ansip256k1", + "description": null, + "oid": "1.3.132.0.10", + "form": "Weierstrass", + "aliases": [ + { + "category": "secg", + "name": "secp256k1" + } + ] + }, + { + "name": "ansip384r1", + "description": null, + "oid": "1.3.132.0.34", + "form": "Weierstrass", + "aliases": [ + { + "category": "secg", + "name": "secp384r1" + }, + { + "category": "nist", + "name": "P-384" + } + ] + }, + { + "name": "ansip521r1", + "description": null, + "oid": "1.3.132.0.35", + "form": "Weierstrass", + "aliases": [ + { + "category": "secg", + "name": "secp521r1" + }, + { + "category": "nist", + "name": "P-521" + } + ] + }, + { + "name": "ansit163k1", + "description": null, + "oid": "1.3.132.0.1", + "form": "Weierstrass", + "aliases": [ + { + "category": "secg", + "name": "sect163k1" + }, + { + "category": "nist", + "name": "k-163" + }, + { + "category": "wtls", + "name": "wap-wsg-idm-ecid-wtls3" + } + ] + }, + { + "name": "ansit163r1", + "description": null, + "oid": "1.3.132.0.2", + "form": "Weierstrass", + "aliases": [ + { + "category": "secg", + "name": "sect163r1" + } + ] + }, + { + "name": "ansit163r2", + "description": null, + "oid": "1.3.132.0.15", + "form": "Weierstrass", + "aliases": [ + { + "category": "secg", + "name": "sect163r2" + }, + { + "category": "nist", + "name": "B-163" + } + ] + }, + { + "name": "ansit193r1", + "description": null, + "oid": "1.3.132.0.24", + "form": "Weierstrass", + "aliases": [ + { + "category": "secg", + "name": "sect193r1" + } + ] + }, + { + "name": "ansit193r2", + "description": null, + "oid": "1.3.132.0.25", + "form": "Weierstrass", + "aliases": [ + { + "category": "secg", + "name": "sect193r2" + } + ] + }, + { + "name": "ansit233k1", + "description": null, + "oid": "1.3.132.0.26", + "form": "Weierstrass", + "aliases": [ + { + "category": "secg", + "name": "sect233k1" + }, + { + "category": "nist", + "name": "K-233" + }, + { + "category": "wtls", + "name": "wap-wsg-idm-ecid-wtls10" + } + ] + }, + { + "name": "ansit233r1", + "description": null, + "oid": "1.3.132.0.27", + "form": "Weierstrass", + "aliases": [ + { + "category": "wtls", + "name": "wap-wsg-idm-ecid-wtls11" + }, + { + "category": "nist", + "name": "B-233" + }, + { + "category": "secg", + "name": "sect233r1" + } + ] + }, + { + "name": "ansit239k1", + "description": null, + "oid": "1.3.132.0.3", + "form": "Weierstrass", + "aliases": [ + { + "category": "secg", + "name": "sect239k1" + } + ] + }, + { + "name": "ansit283k1", + "description": null, + "oid": "1.3.132.0.16", + "form": "Weierstrass", + "aliases": [ + { + "category": "nist", + "name": "K-283" + }, + { + "category": "secg", + "name": "sect283k1" + } + ] + }, + { + "name": "ansit283r1", + "description": null, + "oid": "1.3.132.0.17", + "form": "Weierstrass", + "aliases": [ + { + "category": "nist", + "name": "B-283" + }, + { + "category": "secg", + "name": "sect283r1" + } + ] + }, + { + "name": "ansit409k1", + "description": null, + "oid": "1.3.132.0.36", + "form": "Weierstrass", + "aliases": [ + { + "category": "nist", + "name": "K-409" + }, + { + "category": "secg", + "name": "sect409k1" + } + ] + }, + { + "name": "ansit409r1", + "description": null, + "oid": "1.3.132.0.37", + "form": "Weierstrass", + "aliases": [ + { + "category": "nist", + "name": "B-409" + }, + { + "category": "secg", + "name": "sect409r1" + } + ] + }, + { + "name": "ansit571k1", + "description": null, + "oid": "1.3.132.0.38", + "form": "Weierstrass", + "aliases": [ + { + "category": "nist", + "name": "K-571" + }, + { + "category": "secg", + "name": "sect571k1" + } + ] + }, + { + "name": "ansit571r1", + "description": null, + "oid": "1.3.132.0.39", + "form": "Weierstrass", + "aliases": [ + { + "category": "nist", + "name": "B-571" + }, + { + "category": "secg", + "name": "sect571r1" + } + ] + } + ] + } + ] +} diff --git a/data/cryptography-defs.schema.json b/data/cryptography-defs.schema.json new file mode 100644 index 000000000..1f06fdff5 --- /dev/null +++ b/data/cryptography-defs.schema.json @@ -0,0 +1,576 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "$id": "http://cyclonedx.org/schema/cryptography-defs.schema.json", + "$comment": "2025-09-07T11:12:52Z", + "title": "Cryptographic Algorithm Family Definitions", + "description": "Enumerates cryptographic algorithm families and their specific metadata.", + "type": "object", + "additionalProperties": false, + "properties": { + "$schema": { + "type": "string" + }, + "lastUpdated": { + "type": "string", + "format": "date-time", + "title": "Last Updated", + "description": "The date and time (timestamp) when the data was last updated." + }, + "algorithms": { + "type": "array", + "title": "Algorithm Families", + "description": "An array of cryptographic algorithm family definitions.", + "items": { + "type": "object", + "title": "Algorithm Family", + "description": "Defines a cryptographic algorithm family and its metadata.", + "additionalProperties": false, + "properties": { + "family": { + "type": "string", + "title": "Algorithm Family", + "description": "The name of the cryptographic algorithm family." + }, + "standard": { + "type": "array", + "title": "Standards", + "description": "List of standards defining or relating to the algorithm family.", + "items": { + "type": "object", + "title": "Standard Reference", + "description": "Reference to a standard, including its name and URL.", + "additionalProperties": false, + "properties": { + "name": { + "type": "string", + "title": "Standard Name", + "description": "The name or identifier of the standard." + }, + "url": { + "type": "string", + "format": "iri-reference", + "title": "Standard URL", + "description": "A URL pointing to the standard's official documentation." + } + }, + "required": [ + "name", + "url" + ] + } + }, + "variant": { + "type": "array", + "title": "Variants", + "description": "Defines algorithm variants by a naming pattern and the corresponding cryptographic primitive.", + "items": { + "type": "object", + "title": "Standard Reference", + "description": "Reference to a standard, including its name and URL.", + "additionalProperties": false, + "properties": { + "pattern": { + "type": "string", + "title": "Standard Name", + "description": "Defines the pattern used to construct the complete algorithm name. Placeholders are defined by {} for algorithm-specific properties." + }, + "primitive": { + "type": "string", + "title": "Primitive", + "description": "Type of cryptographic primitive (e.g., signature, encryption, hash)." + }, + "standard": { + "type": "array", + "title": "Standards", + "description": "List of standards defining or relating to the algorithm variant.", + "items": { + "type": "object", + "title": "Standard Reference", + "description": "Reference to a standard, including its name and URL.", + "additionalProperties": false, + "properties": { + "name": { + "type": "string", + "title": "Standard Name", + "description": "The name or identifier of the standard." + }, + "url": { + "type": "string", + "format": "iri-reference", + "title": "Standard URL", + "description": "A URL pointing to the standard's official documentation." + } + }, + "required": [ + "name", + "url" + ] + } + } + }, + "required": [ + "pattern", + "primitive" + ] + } + } + }, + "required": [ + "family", + "variant" + ] + } + }, + "ellipticCurves": { + "type": "array", + "title": "Elliptic Curves", + "description": "An array of elliptic curve family definitions.", + "items": { + "type": "object", + "title": "Elliptic Curve Family", + "description": "Defines an elliptic curve family and its metadata.", + "additionalProperties": false, + "properties": { + "name": { + "type": "string", + "title": "Curve Family Name", + "description": "The name of the elliptic curve family." + }, + "description": { + "type": [ + "string", + "null" + ], + "title": "Description", + "description": "A description of the elliptic curve family." + }, + "curves": { + "type": "array", + "title": "Curves", + "description": "List of curves in this family.", + "items": { + "type": "object", + "title": "Curve", + "description": "Defines a specific elliptic curve and its metadata.", + "additionalProperties": false, + "properties": { + "name": { + "type": "string", + "title": "Curve Name", + "description": "The name of the elliptic curve." + }, + "description": { + "type": [ + "string", + "null" + ], + "title": "Description", + "description": "A description of the elliptic curve." + }, + "oid": { + "type": [ + "string", + "null" + ], + "title": "OID", + "description": "The Object Identifier (OID) of the elliptic curve." + }, + "form": { + "type": "string", + "title": "Form", + "description": "The form of the elliptic curve.", + "enum": [ + "Weierstrass", + "Edwards", + "TwistedEdwards", + "Montgomery" + ] + }, + "aliases": { + "type": "array", + "title": "Aliases", + "description": "List of aliases for this curve.", + "items": { + "type": "object", + "title": "Alias", + "description": "An alias for the curve.", + "additionalProperties": false, + "properties": { + "category": { + "type": "string", + "title": "Category", + "description": "The category of the alias." + }, + "name": { + "type": "string", + "title": "Name", + "description": "The name of the alias." + } + }, + "required": [ + "category", + "name" + ] + } + } + }, + "required": [ + "name", + "description", + "oid", + "form" + ] + } + } + }, + "required": [ + "name", + "description", + "curves" + ] + } + } + }, + "required": [ + "lastUpdated", + "algorithms", + "ellipticCurves" + ], + "definitions": { + "algorithmFamiliesEnum": { + "type": "string", + "title": "Algorithm Families", + "description": "An enum for the algorithm families.", + "enum": [ + "3DES", + "3GPP-XOR", + "A5/1", + "A5/2", + "AES", + "ARIA", + "Ascon", + "BLAKE2", + "BLAKE3", + "BLS", + "Blowfish", + "CAMELLIA", + "CAST5", + "CAST6", + "CMAC", + "CMEA", + "ChaCha", + "ChaCha20", + "DES", + "DSA", + "ECDH", + "ECDSA", + "ECIES", + "EdDSA", + "ElGamal", + "FFDH", + "Fortuna", + "GOST", + "HC", + "HKDF", + "HMAC", + "IDEA", + "IKE-PRF", + "KMAC", + "LMS", + "MD2", + "MD4", + "MD5", + "MILENAGE", + "ML-DSA", + "ML-KEM", + "MQV", + "PBES1", + "PBES2", + "PBKDF1", + "PBKDF2", + "PBMAC1", + "Poly1305", + "RABBIT", + "RC2", + "RC4", + "RC5", + "RC6", + "RIPEMD", + "RSAES-OAEP", + "RSAES-PKCS1", + "RSASSA-PKCS1", + "RSASSA-PSS", + "SEED", + "SHA-1", + "SHA-2", + "SHA-3", + "SLH-DSA", + "SNOW3G", + "SP800-108", + "Salsa20", + "Serpent", + "SipHash", + "Skipjack", + "TUAK", + "Twofish", + "Whirlpool", + "X3DH", + "XMSS", + "Yarrow", + "ZUC", + "bcrypt" + ] + }, + "ellipticCurvesEnum": { + "type": "string", + "enum": [ + "anssi/FRP256v1", + "bls/BLS12-377", + "bls/BLS12-381", + "bls/BLS12-446", + "bls/BLS12-455", + "bls/BLS12-638", + "bls/BLS24-477", + "bls/Bandersnatch", + "bn/bn158", + "bn/bn190", + "bn/bn222", + "bn/bn254", + "bn/bn286", + "bn/bn318", + "bn/bn350", + "bn/bn382", + "bn/bn414", + "bn/bn446", + "bn/bn478", + "bn/bn510", + "bn/bn542", + "bn/bn574", + "bn/bn606", + "bn/bn638", + "brainpool/brainpoolP160r1", + "brainpool/brainpoolP160t1", + "brainpool/brainpoolP192r1", + "brainpool/brainpoolP192t1", + "brainpool/brainpoolP224r1", + "brainpool/brainpoolP224t1", + "brainpool/brainpoolP256r1", + "brainpool/brainpoolP256t1", + "brainpool/brainpoolP320r1", + "brainpool/brainpoolP320t1", + "brainpool/brainpoolP384r1", + "brainpool/brainpoolP384t1", + "brainpool/brainpoolP512r1", + "brainpool/brainpoolP512t1", + "gost/gost256", + "gost/gost512", + "gost/id-GostR3410-2001-CryptoPro-A-ParamSet", + "gost/id-GostR3410-2001-CryptoPro-B-ParamSet", + "gost/id-GostR3410-2001-CryptoPro-C-ParamSet", + "gost/id-tc26-gost-3410-12-512-paramSetA", + "gost/id-tc26-gost-3410-12-512-paramSetB", + "gost/id-tc26-gost-3410-2012-256-paramSetA", + "gost/id-tc26-gost-3410-2012-512-paramSetC", + "mnt/mnt1", + "mnt/mnt2/1", + "mnt/mnt2/2", + "mnt/mnt3/1", + "mnt/mnt3/2", + "mnt/mnt3/3", + "mnt/mnt4", + "mnt/mnt5/1", + "mnt/mnt5/2", + "mnt/mnt5/3", + "nist/B-163", + "nist/B-233", + "nist/B-283", + "nist/B-409", + "nist/B-571", + "nist/K-163", + "nist/K-233", + "nist/K-283", + "nist/K-409", + "nist/K-571", + "nist/P-192", + "nist/P-224", + "nist/P-256", + "nist/P-384", + "nist/P-521", + "nums/ed-254-mont", + "nums/ed-255-mers", + "nums/ed-256-mont", + "nums/ed-382-mont", + "nums/ed-383-mers", + "nums/ed-384-mont", + "nums/ed-510-mont", + "nums/ed-511-mers", + "nums/ed-512-mont", + "nums/numsp256d1", + "nums/numsp256t1", + "nums/numsp384d1", + "nums/numsp384t1", + "nums/numsp512d1", + "nums/numsp512t1", + "nums/w-254-mont", + "nums/w-255-mers", + "nums/w-256-mont", + "nums/w-382-mont", + "nums/w-383-mers", + "nums/w-384-mont", + "nums/w-510-mont", + "nums/w-511-mers", + "nums/w-512-mont", + "oakley/192-bit Random ECP Group", + "oakley/224-bit Random ECP Group", + "oakley/256-bit Random ECP Group", + "oakley/384-bit Random ECP Group", + "oakley/521-bit Random ECP Group", + "oakley/Oakley Group 3", + "oakley/Oakley Group 4", + "oscaa/SM2", + "other/BADA55-R-256", + "other/BADA55-VPR-224", + "other/BADA55-VPR2-224", + "other/BADA55-VR-224", + "other/BADA55-VR-256", + "other/BADA55-VR-384", + "other/Curve1174", + "other/Curve22103", + "other/Curve25519", + "other/Curve383187", + "other/Curve41417", + "other/Curve4417", + "other/Curve448", + "other/Curve67254", + "other/E-222", + "other/E-382", + "other/E-521", + "other/Ed25519", + "other/Ed448", + "other/Ed448-Goldilocks", + "other/FourQ", + "other/Fp224BN", + "other/Fp254BNa", + "other/Fp254BNb", + "other/Fp254n2BNa", + "other/Fp256BN", + "other/Fp384BN", + "other/Fp512BN", + "other/JubJub", + "other/M-221", + "other/M-383", + "other/M-511", + "other/MDC201601", + "other/Pallas", + "other/Tom-256", + "other/Tom-384", + "other/Tom-521", + "other/Tweedledee", + "other/Tweedledum", + "other/Vesta", + "other/ssc-160", + "other/ssc-192", + "other/ssc-224", + "other/ssc-256", + "other/ssc-288", + "other/ssc-320", + "other/ssc-384", + "other/ssc-512", + "secg/secp112r1", + "secg/secp112r2", + "secg/secp128r1", + "secg/secp128r2", + "secg/secp160k1", + "secg/secp160r1", + "secg/secp160r2", + "secg/secp192k1", + "secg/secp192r1", + "secg/secp224k1", + "secg/secp224r1", + "secg/secp256k1", + "secg/secp256r1", + "secg/secp384r1", + "secg/secp521r1", + "secg/sect113r1", + "secg/sect113r2", + "secg/sect131r1", + "secg/sect131r2", + "secg/sect163k1", + "secg/sect163r1", + "secg/sect163r2", + "secg/sect193r1", + "secg/sect193r2", + "secg/sect233k1", + "secg/sect233r1", + "secg/sect239k1", + "secg/sect283k1", + "secg/sect283r1", + "secg/sect409k1", + "secg/sect409r1", + "secg/sect571k1", + "secg/sect571r1", + "wtls/wap-wsg-idm-ecid-wtls1", + "wtls/wap-wsg-idm-ecid-wtls10", + "wtls/wap-wsg-idm-ecid-wtls11", + "wtls/wap-wsg-idm-ecid-wtls12", + "wtls/wap-wsg-idm-ecid-wtls3", + "wtls/wap-wsg-idm-ecid-wtls4", + "wtls/wap-wsg-idm-ecid-wtls5", + "wtls/wap-wsg-idm-ecid-wtls6", + "wtls/wap-wsg-idm-ecid-wtls7", + "wtls/wap-wsg-idm-ecid-wtls8", + "wtls/wap-wsg-idm-ecid-wtls9", + "x962/c2onb191v4", + "x962/c2onb191v5", + "x962/c2onb239v4", + "x962/c2onb239v5", + "x962/c2pnb163v1", + "x962/c2pnb163v2", + "x962/c2pnb163v3", + "x962/c2pnb176w1", + "x962/c2pnb208w1", + "x962/c2pnb272w1", + "x962/c2pnb304w1", + "x962/c2pnb368w1", + "x962/c2tnb191v1", + "x962/c2tnb191v2", + "x962/c2tnb191v3", + "x962/c2tnb239v1", + "x962/c2tnb239v2", + "x962/c2tnb239v3", + "x962/c2tnb359v1", + "x962/c2tnb431r1", + "x962/prime192v1", + "x962/prime192v2", + "x962/prime192v3", + "x962/prime239v1", + "x962/prime239v2", + "x962/prime239v3", + "x962/prime256v1", + "x963/ansip160k1", + "x963/ansip160r1", + "x963/ansip160r2", + "x963/ansip192k1", + "x963/ansip224k1", + "x963/ansip224r1", + "x963/ansip256k1", + "x963/ansip384r1", + "x963/ansip521r1", + "x963/ansit163k1", + "x963/ansit163r1", + "x963/ansit163r2", + "x963/ansit193r1", + "x963/ansit193r2", + "x963/ansit233k1", + "x963/ansit233r1", + "x963/ansit239k1", + "x963/ansit283k1", + "x963/ansit283r1", + "x963/ansit409k1", + "x963/ansit409r1", + "x963/ansit571k1", + "x963/ansit571r1" + ] + } + } +} \ No newline at end of file diff --git a/lib/cli/index.js b/lib/cli/index.js index d0bd11923..018bf2794 100644 --- a/lib/cli/index.js +++ b/lib/cli/index.js @@ -607,7 +607,7 @@ function addMetadata(parentComponent = {}, options = {}, context = {}) { } // TLP classification if (options.specVersion >= 1.7 && options?.tlpClassification) { - metadata.distribution = options.tlpClassification; + metadata.distributionConstraints = { tlp: options.tlpClassification }; } if (parentComponent && Object.keys(parentComponent).length) { if (parentComponent) { @@ -6081,7 +6081,9 @@ export function createPHPBom(path, options) { if (DEBUG_MODE) { console.log("About to invoke composer --version"); } - const versionResult = safeSpawnSync("composer", ["--version"]); + const versionResult = safeSpawnSync("composer", ["--version"], { + shell: isWin, + }); if (versionResult.status !== 0 || versionResult.error) { console.error( "No composer version found. Check if composer is installed and available in PATH.", diff --git a/lib/helpers/validator.js b/lib/helpers/validator.js index 37c7a6912..635080ea3 100644 --- a/lib/helpers/validator.js +++ b/lib/helpers/validator.js @@ -21,9 +21,10 @@ export const validateBom = (bomJson) => { if (!bomJson) { return true; } + const specVersion = bomJson.specVersion; const schema = JSON.parse( readFileSync( - join(dirName, "data", `bom-${bomJson.specVersion}.schema.json`), + join(dirName, "data", `bom-${specVersion}.schema.json`), "utf-8", ), ); @@ -33,8 +34,18 @@ export const validateBom = (bomJson) => { const spdxSchema = JSON.parse( readFileSync(join(dirName, "data", "spdx.schema.json"), "utf-8"), ); + const cryptoDefSchema = JSON.parse( + readFileSync( + join(dirName, "data", "cryptography-defs.schema.json"), + "utf-8", + ), + ); + const schemas = [schema, defsSchema, spdxSchema]; + if (specVersion >= 1.7) { + schemas.push(cryptoDefSchema); + } const ajv = new Ajv({ - schemas: [schema, defsSchema, spdxSchema], + schemas, strict: false, logger: false, verbose: true, @@ -46,7 +57,7 @@ export const validateBom = (bomJson) => { }); addFormats(ajv); const validate = ajv.getSchema( - `http://cyclonedx.org/schema/bom-${bomJson.specVersion}.schema.json`, + `http://cyclonedx.org/schema/bom-${specVersion}.schema.json`, ); const isValid = validate(bomJson); if (!isValid) { diff --git a/package.json b/package.json index 1143b9aff..21e9f0a94 100644 --- a/package.json +++ b/package.json @@ -2,9 +2,6 @@ "name": "@cyclonedx/cdxgen", "version": "11.8.0", "description": "Creates CycloneDX Software Bill of Materials (SBOM) from source or container image", - "homepage": "http://github.com/cyclonedx/cdxgen", - "author": "Prabhu Subramanian ", - "license": "Apache-2.0", "keywords": [ "sbom", "bom", @@ -18,6 +15,16 @@ "appsec", "scrm" ], + "homepage": "http://github.com/cyclonedx/cdxgen", + "bugs": { + "url": "https://github.com/cyclonedx/cdxgen/issues" + }, + "repository": { + "type": "git", + "url": "git+https://github.com/CycloneDX/cdxgen.git" + }, + "license": "Apache-2.0", + "author": "Prabhu Subramanian ", "contributors": [ { "name": "Erlend Oftedal" @@ -74,67 +81,82 @@ }, "types": "./types/lib/cli/index.d.ts", "bin": { + "cbom": "bin/cdxgen.js", + "cdx-verify": "bin/verify.js", "cdxgen": "bin/cdxgen.js", "cdxgen-secure": "bin/cdxgen.js", - "obom": "bin/cdxgen.js", - "cbom": "bin/cdxgen.js", - "saasbom": "bin/cdxgen.js", "cdxi": "bin/repl.js", "evinse": "bin/evinse.js", - "cdx-verify": "bin/verify.js" + "obom": "bin/cdxgen.js", + "saasbom": "bin/cdxgen.js" }, + "files": [ + "*.js", + "lib/**", + "bin/", + "data/", + "types/", + "index.cjs" + ], "scripts": { - "test": "poku", - "watch": "poku --watch", - "lint:check": "biome check", - "lint": "biome check --fix", - "lint:errors": "biome check --diagnostic-level=error", "gen-types": "npx -p typescript tsc", "install:frozen": "pnpm install --config.strict-dep-builds=true --frozen-lockfile --package-import-method copy", - "install:prod": "pnpm install --config.strict-dep-builds=true --frozen-lockfile --package-import-method copy --prod" - }, - "engines": { - "node": ">=20", - "pnpm": "10.15.1" - }, - "repository": { - "type": "git", - "url": "git+https://github.com/CycloneDX/cdxgen.git" - }, - "bugs": { - "url": "https://github.com/cyclonedx/cdxgen/issues" + "install:prod": "pnpm install --config.strict-dep-builds=true --frozen-lockfile --package-import-method copy --prod", + "lint": "biome check --fix", + "lint:check": "biome check", + "lint:errors": "biome check --diagnostic-level=error", + "test": "poku", + "watch": "poku --watch" }, - "packageManager": "pnpm@10.15.1", "lint-staged": { "*": "biome check --fix --no-errors-on-unmatched" }, - "dependencies": { - "@babel/parser": "7.28.4", - "@babel/traverse": "7.28.4", - "@iarna/toml": "2.2.5", - "ajv": "8.17.1", - "ajv-formats": "3.0.1", - "cheerio": "1.1.2", - "edn-data": "1.1.2", - "encoding": "0.1.13", + "overrides": { + "@npmcli/agent": "3.0.0", + "@npmcli/fs": "4.0.0", + "abbrev": "3.0.1", + "cacache": "20.0.0", + "chownr": "3.0.0", + "debug": "4.4.1", + "escape-string-regexp": "4.0.0", "glob": "11.0.3", - "global-agent": "3.0.0", - "got": "14.4.8", "iconv-lite": "0.7.0", - "jws": "4.0.0", - "node-stream-zip": "1.15.0", - "packageurl-js": "1.0.2", - "prettify-xml": "1.2.0", - "properties-reader": "2.3.0", + "ini": "5.0.0", + "is-stream": "4.0.1", + "isexe": "3.1.1", + "json-parse-even-better-errors": "4.0.0", + "jwa": "2.0.1", + "lru-cache": "11.2.1", + "make-fetch-happen": "15.0.1", + "minimatch": "10.0.3", + "minizlib": "3.0.2", + "mkdirp": "3.0.1", + "ms": "2.1.3", + "negotiator": "0.6.4", + "node-gyp": "11.4.2", + "nopt": "8.1.0", + "on-finished": "2.4.1", + "proc-log": "5.0.0", "semver": "7.7.2", + "signal-exit": "4.1.0", + "sprintf-js": "1.1.3", "ssri": "12.0.0", - "table": "6.9.0", + "statuses": "2.0.2", + "strip-json-comments": "3.1.1", "tar": "7.4.3", + "type-fest": "4.41.0", + "unique-filename": "4.0.0", + "unique-slug": "5.0.0", "uuid": "11.1.0", - "xml-js": "1.6.11", - "yaml": "2.8.1", - "yargs": "17.7.2", - "yoctocolors": "2.1.2", + "which": "5.0.0", + "write-file-atomic": "6.0.0", + "yallist": "5.0.0", + "yargs": "17.7.2" + }, + "dependencies": { + "@babel/parser": "7.28.4", + "@babel/traverse": "7.28.4", + "@iarna/toml": "2.2.5", "@isaacs/string-locale-compare": "1.1.0", "@npmcli/fs": "4.0.0", "@npmcli/installed-package-contents": "3.0.0", @@ -143,22 +165,50 @@ "@npmcli/package-json": "7.0.0", "@npmcli/query": "4.0.1", "@npmcli/redact": "3.2.2", + "ajv": "8.17.1", + "ajv-formats": "3.0.1", "bin-links": "5.0.0", + "cheerio": "1.1.2", "common-ancestor-path": "1.0.1", + "edn-data": "1.1.2", + "encoding": "0.1.13", + "glob": "11.0.3", + "global-agent": "3.0.0", + "got": "14.4.8", "hosted-git-info": "9.0.0", + "iconv-lite": "0.7.0", "json-stringify-nice": "1.1.4", + "jws": "4.0.0", "minimatch": "10.0.3", + "node-stream-zip": "1.15.0", "npm-install-checks": "7.1.2", "npm-package-arg": "13.0.0", "npm-pick-manifest": "10.0.0", + "packageurl-js": "1.0.2", "parse-conflict-json": "4.0.0", + "prettify-xml": "1.2.0", "proc-log": "5.0.0", "proggy": "3.0.0", "promise-all-reject-late": "1.0.1", "promise-call-limit": "3.0.2", + "properties-reader": "2.3.0", "read-package-json-fast": "4.0.0", + "semver": "7.7.2", + "ssri": "12.0.0", + "table": "6.9.0", + "tar": "7.4.3", "treeverse": "3.0.0", - "walk-up-path": "4.0.0" + "uuid": "11.1.0", + "walk-up-path": "4.0.0", + "xml-js": "1.6.11", + "yaml": "2.8.1", + "yargs": "17.7.2", + "yoctocolors": "2.1.2" + }, + "devDependencies": { + "@biomejs/biome": "2.2.3", + "poku": "3.0.2", + "typescript": "5.9.2" }, "optionalDependencies": { "@appthreat/atom": "2.3.0", @@ -182,18 +232,10 @@ "sequelize": "6.37.7", "sqlite3": "npm:@appthreat/sqlite3@6.0.9" }, - "files": [ - "*.js", - "lib/**", - "bin/", - "data/", - "types/", - "index.cjs" - ], - "devDependencies": { - "@biomejs/biome": "2.2.3", - "poku": "3.0.2", - "typescript": "5.9.2" + "packageManager": "pnpm@10.15.1", + "engines": { + "node": ">=20", + "pnpm": "10.15.1" }, "pnpm": { "onlyBuiltDependencies": [ @@ -201,10 +243,6 @@ "@biomejs/biome" ], "overrides": { - "jwa": "2.0.1", - "glob": "11.0.3", - "node-gyp": "11.4.2", - "negotiator": "0.6.4", "@npmcli/agent": "3.0.0", "@npmcli/fs": "4.0.0", "abbrev": "3.0.1", @@ -212,17 +250,21 @@ "chownr": "3.0.0", "debug": "4.4.1", "escape-string-regexp": "4.0.0", + "glob": "11.0.3", + "iconv-lite": "0.7.0", "ini": "5.0.0", "is-stream": "4.0.1", "isexe": "3.1.1", "json-parse-even-better-errors": "4.0.0", - "iconv-lite": "0.7.0", - "lru-cache": "11.1.0", + "jwa": "2.0.1", + "lru-cache": "11.2.1", + "make-fetch-happen": "15.0.1", "minimatch": "10.0.3", "minizlib": "3.0.2", - "make-fetch-happen": "15.0.1", "mkdirp": "3.0.1", "ms": "2.1.3", + "negotiator": "0.6.4", + "node-gyp": "11.4.2", "nopt": "8.1.0", "on-finished": "2.4.1", "proc-log": "5.0.0", @@ -233,7 +275,7 @@ "statuses": "2.0.2", "strip-json-comments": "3.1.1", "tar": "7.4.3", - "tar-fs": "3.0.9", + "tar-fs": "3.1.0", "type-fest": "4.41.0", "unique-filename": "4.0.0", "unique-slug": "5.0.0", @@ -247,48 +289,6 @@ "unrs-resolver" ] }, - "overrides": { - "jwa": "2.0.1", - "glob": "11.0.3", - "node-gyp": "11.4.2", - "negotiator": "0.6.4", - "@npmcli/agent": "3.0.0", - "@npmcli/fs": "4.0.0", - "abbrev": "3.0.1", - "cacache": "20.0.0", - "chownr": "3.0.0", - "debug": "4.4.1", - "escape-string-regexp": "4.0.0", - "iconv-lite": "0.7.0", - "ini": "5.0.0", - "is-stream": "4.0.1", - "isexe": "3.1.1", - "json-parse-even-better-errors": "4.0.0", - "lru-cache": "11.1.0", - "minimatch": "10.0.3", - "minizlib": "3.0.2", - "make-fetch-happen": "15.0.1", - "mkdirp": "3.0.1", - "ms": "2.1.3", - "nopt": "8.1.0", - "on-finished": "2.4.1", - "proc-log": "5.0.0", - "semver": "7.7.2", - "signal-exit": "4.1.0", - "sprintf-js": "1.1.3", - "ssri": "12.0.0", - "statuses": "2.0.2", - "strip-json-comments": "3.1.1", - "tar": "7.4.3", - "type-fest": "4.41.0", - "unique-filename": "4.0.0", - "unique-slug": "5.0.0", - "uuid": "11.1.0", - "which": "5.0.0", - "write-file-atomic": "6.0.0", - "yallist": "5.0.0", - "yargs": "17.7.2" - }, "devEngines": { "runtime": [ { diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index ee6ee7311..32082015d 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -5,10 +5,6 @@ settings: excludeLinksFromLockfile: false overrides: - jwa: 2.0.1 - glob: 11.0.3 - node-gyp: 11.4.2 - negotiator: 0.6.4 '@npmcli/agent': 3.0.0 '@npmcli/fs': 4.0.0 abbrev: 3.0.1 @@ -16,17 +12,21 @@ overrides: chownr: 3.0.0 debug: 4.4.1 escape-string-regexp: 4.0.0 + glob: 11.0.3 + iconv-lite: 0.7.0 ini: 5.0.0 is-stream: 4.0.1 isexe: 3.1.1 json-parse-even-better-errors: 4.0.0 - iconv-lite: 0.7.0 - lru-cache: 11.1.0 + jwa: 2.0.1 + lru-cache: 11.2.1 + make-fetch-happen: 15.0.1 minimatch: 10.0.3 minizlib: 3.0.2 - make-fetch-happen: 15.0.1 mkdirp: 3.0.1 ms: 2.1.3 + negotiator: 0.6.4 + node-gyp: 11.4.2 nopt: 8.1.0 on-finished: 2.4.1 proc-log: 5.0.0 @@ -37,7 +37,7 @@ overrides: statuses: 2.0.2 strip-json-comments: 3.1.1 tar: 7.4.3 - tar-fs: 3.0.9 + tar-fs: 3.1.0 type-fest: 4.41.0 unique-filename: 4.0.0 unique-slug: 5.0.0 @@ -1083,8 +1083,8 @@ packages: resolution: {integrity: sha512-ozCC6gdQ+glXOQsveKD0YsDy8DSQFjDTz4zyzEHNV5+JP5D62LmfDZ6o1cycFx9ouG940M5dE8C8CTewdj2YWQ==} engines: {node: ^12.20.0 || ^14.13.1 || >=16.0.0} - lru-cache@11.1.0: - resolution: {integrity: sha512-QIXZUBJUx+2zHUdQujWejBkcD9+cs94tLn0+YL8UrCh+D5sCXZ4c7LaEH48pNwRY3MLDgqUFyhlCyjJPf1WP0A==} + lru-cache@11.2.1: + resolution: {integrity: sha512-r8LA6i4LP4EeWOhqBaZZjDWwehd1xUJPCJd9Sv300H0ZmcUER4+JPh7bqqZeqs1o5pgtgvXm+d9UGrB5zZGDiQ==} engines: {node: 20 || >=22} make-fetch-happen@15.0.1: @@ -1556,8 +1556,8 @@ packages: resolution: {integrity: sha512-9kY+CygyYM6j02t5YFHbNz2FN5QmYGv9zAjVp4lCDjlCw7amdckXlEt/bjMhUIfj4ThGRE4gCUH5+yGnNuPo5A==} engines: {node: '>=10.0.0'} - tar-fs@3.0.9: - resolution: {integrity: sha512-XF4w9Xp+ZQgifKakjZYmFdkLoSWd34VGKcsTCwlNWM7QG3ZbaxnTsaBwnjFZqHRf/rROxaR8rXnbtwdvaDI+lA==} + tar-fs@3.1.0: + resolution: {integrity: sha512-5Mty5y/sOF1YWj1J6GiBodjlDc05CUR8PKXrsnFAiSG0xA+GHeWLovaZPYUDXkH/1iKRf2+M5+OrRgzC7O9b7w==} tar-stream@3.1.7: resolution: {integrity: sha512-qJj60CXt7IU1Ffyc3NJMjh6EkuCFej46zUqJ4J7pqYlThyd9bO0XBTmcOIhSzZJVWfsLks0+nle/j538YAW9RQ==} @@ -1901,7 +1901,7 @@ snapshots: agent-base: 7.1.4 http-proxy-agent: 7.0.2 https-proxy-agent: 7.0.6 - lru-cache: 11.1.0 + lru-cache: 11.2.1 socks-proxy-agent: 8.0.5 transitivePeerDependencies: - supports-color @@ -1915,7 +1915,7 @@ snapshots: dependencies: '@npmcli/promise-spawn': 8.0.3 ini: 5.0.0 - lru-cache: 11.1.0 + lru-cache: 11.2.1 npm-pick-manifest: 10.0.0 proc-log: 5.0.0 promise-retry: 2.0.1 @@ -2077,7 +2077,7 @@ snapshots: '@npmcli/fs': 4.0.0 fs-minipass: 3.0.3 glob: 11.0.3 - lru-cache: 11.1.0 + lru-cache: 11.2.1 minipass: 7.1.2 minipass-collect: 2.0.1 minipass-flush: 1.0.5 @@ -2450,11 +2450,11 @@ snapshots: hosted-git-info@8.1.0: dependencies: - lru-cache: 11.1.0 + lru-cache: 11.2.1 hosted-git-info@9.0.0: dependencies: - lru-cache: 11.1.0 + lru-cache: 11.2.1 htmlparser2@10.0.0: dependencies: @@ -2565,7 +2565,7 @@ snapshots: lowercase-keys@3.0.0: {} - lru-cache@11.1.0: {} + lru-cache@11.2.1: {} make-fetch-happen@15.0.1: dependencies: @@ -2795,7 +2795,7 @@ snapshots: path-scurry@2.0.0: dependencies: - lru-cache: 11.1.0 + lru-cache: 11.2.1 minipass: 7.1.2 pg-connection-string@2.9.1: @@ -2825,7 +2825,7 @@ snapshots: pump: 3.0.3 rc: 1.2.8 simple-get: 4.0.1 - tar-fs: 3.0.9 + tar-fs: 3.1.0 tunnel-agent: 0.6.0 transitivePeerDependencies: - bare-buffer @@ -3091,7 +3091,7 @@ snapshots: string-width: 4.2.3 strip-ansi: 6.0.1 - tar-fs@3.0.9: + tar-fs@3.1.0: dependencies: pump: 3.0.3 tar-stream: 3.1.7 diff --git a/types/helpers/validator.d.ts.map b/types/helpers/validator.d.ts.map index 6e696bb95..6dc9ed3bd 100644 --- a/types/helpers/validator.d.ts.map +++ b/types/helpers/validator.d.ts.map @@ -1 +1 @@ -{"version":3,"file":"validator.d.ts","sourceRoot":"","sources":["../../lib/helpers/validator.js"],"names":[],"mappings":"AAiVA;;;;GAIG;AACH,uCAFW,MAAM,WA0FhB;AA3ZM,qCAJI,MAAM,WAkDhB;AAOM,0CAFI,MAAM,WA2DhB;AAOM,uCAFI,MAAM,WAsFhB;AA6BM,sCAFI,MAAM,WAwFhB"} \ No newline at end of file +{"version":3,"file":"validator.d.ts","sourceRoot":"","sources":["../../lib/helpers/validator.js"],"names":[],"mappings":"AA4VA;;;;GAIG;AACH,uCAFW,MAAM,WA0FhB;AAtaM,qCAJI,MAAM,WA6DhB;AAOM,0CAFI,MAAM,WA2DhB;AAOM,uCAFI,MAAM,WAsFhB;AA6BM,sCAFI,MAAM,WAwFhB"} \ No newline at end of file