Skip to content

CBOM 1.7: Update test cases & a few schema fixes/extensions #661

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
stevespringett merged 6 commits into from
Jul 24, 2025
Merged

CBOM 1.7: Update test cases & a few schema fixes/extensions #661

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
5ed95f6
- Schema fix: Avoid name collision in 'oneOf' of certificateExtensions
bhess Jul 17, 2025
22f8d2d
Add certificate cases
bhess Jul 17, 2025
6e24424
fix custom state schema
bhess Jul 17, 2025
94141ea
Schema Fixes
bhess Jul 17, 2025
4aa6f1a
Adding 3GPP algorithms and protocols, thanks to Ian Deakin
bhess Jul 18, 2025
e4de276
Add eap-aka-prime
bhess Jul 24, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
92 changes: 73 additions & 19 deletions schema/bom-1.7.schema.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5474,7 +5474,7 @@
],
"additionalProperties": false,
"properties": {
"state": {
"name": {
"type": "string",
"title": "State",
"description": "The name of the certificate lifecycle state."
Expand Down Expand Up @@ -5536,12 +5536,12 @@
{
"title": "Common Extensions",
"required": [
"name",
"value"
"commonExtensionName",
"commonExtensionValue"
],
"additionalProperties": false,
"properties": {
"name": {
"commonExtensionName": {
"type": "string",
"title": "name",
"description": "The name of the extension.",
Expand Down Expand Up @@ -5570,7 +5570,7 @@
"signedCertificateTimestamp": "Shows that the certificate has been publicly logged, which helps prevent the issuance of rogue certificates by a CA. Log ID, timestamp and signature as proof."
}
},
"value": {
"commonExtensionValue": {
"type": "string",
"title": "Value",
"description": "The value of the certificate extension."
Expand All @@ -5581,16 +5581,16 @@
"title": "Custom Extensions",
"description": "Custom extensions may convey application-specific or vendor-specific data not covered by standard extensions. The structure and semantics of custom extensions are typically defined outside of public standards. CycloneDX leverages properties to support this capability.",
"required": [
"name"
"customExtensionName"
],
"additionalProperties": false,
"properties": {
"name": {
"customExtensionName": {
"type": "string",
"title": "Name",
"description": "The name for the custom certificate extension."
},
"value": {
"customExtensionValue": {
"type": "string",
"title": "Value",
"description": "The description of the custom certificate extension."
Expand Down Expand Up @@ -5760,6 +5760,11 @@
"wpa",
"dtls",
"quic",
"eap-aka",
"eap-aka-prime",
"prins",
"5g-aka",
"jose",
"other",
"unknown"
],
Expand All @@ -5772,6 +5777,11 @@
"wpa": "Wi-Fi Protected Access",
"dtls": "Datagram Transport Layer Security",
"quic": "Quick UDP Internet Connections",
"eap-aka": "Extensible Authentication Protocol variant",
"eap-aka-prime": "Enhanced version of EAP-AKA",
"prins": "Protection of Inter-Network Signaling",
"5g-aka": "Authentication and Key Agreement for 5G",
"jose": "JSON Object Signing and Encryption",
"other": "Another protocol type",
"unknown": "The protocol type is not known"
}
Expand Down Expand Up @@ -5803,27 +5813,39 @@
"properties": {
"encr": {
"type": "array",
"$ref": "#/definitions/ikeV2Enc",
"title": "Encryption Algorithms (ENCR)",
"description": "Transform Type 1: encryption algorithms"
},
"description": "Transform Type 1: encryption algorithms",
"items": {
"$ref": "#/definitions/ikeV2Enc",
"title": "Encryption Algorithm (ENCR)"
}
},
"prf": {
"type": "array",
"$ref": "#/definitions/ikeV2Prf",
"title": "Pseudorandom Functions (PRF)",
"description": "Transform Type 2: pseudorandom functions"
"description": "Transform Type 2: pseudorandom functions",
"items": {
"$ref": "#/definitions/ikeV2Prf",
"title": "Pseudorandom Function (PRF)"
}
},
"integ": {
"type": "array",
"$ref": "#/definitions/ikeV2Integ",
"title": "Integrity Algorithms (INTEG)",
"description": "Transform Type 3: integrity algorithms"
"description": "Transform Type 3: integrity algorithms",
"items": {
"$ref": "#/definitions/ikeV2Integ",
"title": "Integrity Algorithm (INTEG)"
}
},
"ke": {
"type": "array",
"$ref": "#/definitions/ikeV2Ke",
"title": "Key Exchange Methods (KE)",
"description": "Transform Type 4: Key Exchange Method (KE) per [RFC 9370](https://www.ietf.org/rfc/rfc9370.html), formerly called Diffie-Hellman Group (D-H)."
"description": "Transform Type 4: Key Exchange Method (KE) per [RFC 9370](https://www.ietf.org/rfc/rfc9370.html), formerly called Diffie-Hellman Group (D-H).",
"items": {
"$ref": "#/definitions/ikeV2Ke",
"title": "Key Exchange Method (KE)"
}
},
"esn": {
"type": "boolean",
Expand All @@ -5832,9 +5854,12 @@
},
"auth": {
"type": "array",
"$ref": "#/definitions/ikeV2Auth",
"title": "IKEv2 Authentication methods",
"description": "IKEv2 Authentication method per [RFC9593](https://www.ietf.org/rfc/rfc9593.html)."
"description": "IKEv2 Authentication method per [RFC9593](https://www.ietf.org/rfc/rfc9593.html).",
"items": {
"$ref": "#/definitions/ikeV2Auth",
"title": "IKEv2 Authentication Method"
}
}
}
},
Expand Down Expand Up @@ -5895,6 +5920,35 @@
"0x9E"
]
}
},
"tlsGroups": {
"type": "array",
"title": "TLS Groups",
"description": "A list of TLS named groups (formerly known as curves) for this cipher suite. These groups define the parameters for key exchange algorithms like ECDHE.",
"items": {
"type": "string",
"title": "Group Name",
"description": "The name of the TLS group",
"examples": [
"x25519",
"ffdhe2048"
]
}
},
"tlsSignatureSchemes": {
"type": "array",
"title": "TLS Signature Schemes",
"description": "A list of signature schemes supported for cipher suite. These schemes specify the algorithms used for digital signatures in TLS handshakes and certificate verification.",
"items": {
"type": "string",
"title": "Signature Scheme",
"description": "The name of the TLS signature scheme",
"examples": [
"ecdsa_secp256r1_sha256",
"rsa_pss_rsae_sha256",
"ed25519"
]
}
}
}
},
Expand Down
84 changes: 84 additions & 0 deletions schema/cryptography-defs.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -100,6 +100,10 @@
{
"pattern": "ECDH[E][-{ellipticCurve}]",
"primitive": "key-agree"
},
{
"pattern": "x25519|x448",
"primitive": "key-agree"
}
]
},
Expand Down Expand Up @@ -726,6 +730,86 @@
"primitive": "signature"
}
]
},
{
"family": "MILENAGE",
"standard": [
{"name": "3GPP TS 35.206", "url": "https://www.3gpp.org/ftp/Specs/archive/35_series/35.206/35206-i00.zip"}
],
"variant": [
{
"pattern": "MILENAGE[-MAC]",
"primitive": "mac"
},
{
"pattern": "MILENAGE[-KDF]",
"primitive": "kdf"
}
]
},
{
"family": "TUAK",
"standard": [
{"name": "SHA-3 based authentication algorithm (3GPP TS 35.231)", "url": "https://www.3gpp.org/ftp/Specs/archive/35_series/35.231/35231-i00.zip"}
],
"variant": [
{
"pattern": "TUAC[-MAC]",
"primitive": "mac"
},
{
"pattern": "TUAC[-KDF]",
"primitive": "kdf"
}
]
},
{
"family": "ZUC",
"standard": [
{"name": "3GPP TS 35.221", "url": "https://www.3gpp.org/ftp/Specs/archive/35_series/35.221/35221-i00.zip"}
],
"variant": [
{
"pattern": "128-EEA3",
"primitive": "stream-cipher"
},
{
"pattern": "128-EIA3",
"primitive": "mac"
}
]
},
{
"family": "SNOW3G",
"standard": [
{"name": "3GPP TS 35.216", "url": "https://www.3gpp.org/ftp/Specs/archive/35_series/35.216/35216-i00.zip"}
],
"variant": [
{
"pattern": "128-EEA1",
"primitive": "stream-cipher"
},
{
"pattern": "128-EIA1",
"primitive": "mac"
}
]
},
{
"family": "3GPP-XOR",
"standard": [
{"name": "Legacy XOR-based AV generation algorithm (3GPP TS 35.201)", "url": "https://www.3gpp.org/ftp/Specs/archive/35_series/35.201/35201-i00.zip"}
],
"variant": [
{
"pattern": "3GPP-XOR[-MAC]",
"primitive": "mac"
},
{
"pattern": "3GPP-XOR[-KDF]",
"primitive": "kdf"
}
]
}
],
"ellipticCurves": [
Expand Down
Loading
Loading