From 5b8fff68db87d35c03bdaf7a092ddf58003fa5bc Mon Sep 17 00:00:00 2001 From: Basil Hess Date: Thu, 10 Apr 2025 15:50:58 +0200 Subject: [PATCH 1/2] Update cryptography-defs.json - Adds a few more algorithm - Converts urls to standards to doi links, where available. - Checks if urls work Signed-off-by: Basil Hess --- schema/cryptography-defs.json | 87 +++++++++++++++++++++++++++-------- 1 file changed, 69 insertions(+), 18 deletions(-) diff --git a/schema/cryptography-defs.json b/schema/cryptography-defs.json index b466767f..2b17d88b 100644 --- a/schema/cryptography-defs.json +++ b/schema/cryptography-defs.json @@ -5,8 +5,8 @@ { "family": "RSASSA-PKCS1", "standard": [ - {"name": "RFC8017", "url": "https://datatracker.ietf.org/doc/html/rfc8017"}, - {"name": "IEEE1363", "url": "https://standards.ieee.org/ieee/1363/"} + {"name": "RFC8017", "url": "https://doi.org/10.17487/RFC8017"}, + {"name": "IEEE1363", "url": "https://doi.org/10.1109/IEEESTD.2000.92290"} ], "variant": "RSA-PKCS1-1.5-{digestAlgorithm}-{keyLength}", "primitive": "signature" @@ -14,8 +14,8 @@ { "family": "RSASSA-PSS", "standard": [ - {"name": "RFC8017", "url": "https://datatracker.ietf.org/doc/html/rfc8017"}, - {"name": "IEEE1363A", "url": "https://standards.ieee.org/ieee/1363a/"} + {"name": "RFC8017", "url": "https://doi.org/10.17487/RFC8017"}, + {"name": "IEEE1363A", "url": "https://doi.org/10.1109/IEEESTD.2004.94612"} ], "variant": "RSA-PSS-{digestAlgorithm}-{saltLength}-{keyLength}", "primitive": "signature" @@ -23,7 +23,7 @@ { "family": "RSAES-PKCS1", "standard": [ - {"name": "RFC8017", "url": "https://datatracker.ietf.org/doc/html/rfc8017"} + {"name": "RFC8017", "url": "https://doi.org/10.17487/RFC8017"} ], "variant": "RSA-PKCS1-1.5-{keyLength}", "primitive": "pke" @@ -31,7 +31,7 @@ { "family": "RSAES-OAEP", "standard": [ - {"name": "RFC8017", "url": "https://datatracker.ietf.org/doc/html/rfc8017"} + {"name": "RFC8017", "url": "https://doi.org/10.17487/RFC8017"} ], "variant": "RSA-OAEP-{hashAlgorithm}-{maskGenAlgorithm}-{keyLength}", "primitive": "pke" @@ -39,7 +39,7 @@ { "family": "EdDSA", "standard": [ - {"name": "RFC8032", "url": "https://datatracker.ietf.org/doc/html/rfc8032"} + {"name": "RFC8032", "url": "https://doi.org/10.17487/RFC8032"} ], "variant": "Ed{25519|448}{|ph|ctx}", "primitive": "signature" @@ -47,8 +47,8 @@ { "family": "ECDSA", "standard": [ - {"name": "FIPS186-4", "url": "https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf"}, - {"name": "X9.62", "url": "https://x9.org/standards/x9-62/"} + {"name": "FIPS186-4", "url": "https://doi.org/10.6028/NIST.FIPS.186-4"}, + {"name": "X9.62", "url": "https://standards.globalspec.com/std/1955141/ansi-x9-62"} ], "variant": "ECDSA-{curve}-{hash}", "primitive": "signature" @@ -56,9 +56,9 @@ { "family": "ECDH", "standard": [ - {"name": "SP800-56A", "url": "https://csrc.nist.gov/publications/detail/sp/800-56a/rev-3/final"}, - {"name": "IEEE1363", "url": "https://standards.ieee.org/ieee/1363/"}, - {"name": "X9.63", "url": "https://x9.org/standards/x9-63/"} + {"name": "SP800-56A", "url": "https://doi.org/10.6028/NIST.SP.800-56Ar3"}, + {"name": "IEEE1363", "url": "https://doi.org/10.1109/IEEESTD.2000.92290"}, + {"name": "X9.63", "url": "https://webstore.ansi.org/standards/ASCX9/ansix9632011r2017"} ], "variant": "ECDH-{curve}", "primitive": "key-agree" @@ -66,8 +66,8 @@ { "family": "FFDH", "standard": [ - {"name": "RFC7919", "url": "https://datatracker.ietf.org/doc/html/rfc7919"}, - {"name": "SP800-56A", "url": "https://csrc.nist.gov/publications/detail/sp/800-56a/rev-3/final"} + {"name": "RFC7919", "url": "https://doi.org/10.17487/RFC7919"}, + {"name": "SP800-56A", "url": "https://doi.org/10.6028/NIST.SP.800-56Ar3"} ], "variant": "FFDH-{named_group}", "primitive": "key-agree" @@ -75,7 +75,7 @@ { "family": "SHA-1", "standard": [ - {"name": "FIPS180-4", "url": "https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf"} + {"name": "FIPS180-4", "url": "https://doi.org/10.6028/NIST.FIPS.180-4"} ], "variant": "SHA-1", "primitive": "hash" @@ -83,10 +83,61 @@ { "family": "SHA-2", "standard": [ - {"name": "FIPS180-4", "url": "https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf"} + {"name": "FIPS180-4", "url": "https://doi.org/10.6028/NIST.FIPS.180-4"} ], "variant": "SHA-{224|256|384|512|512/224|512/256}", "primitive": "hash" - } + }, + { + "family": "AES", + "standard": [ + {"name": "FIPS197", "url": "https://doi.org/10.6028/NIST.FIPS.197-upd1"}, + {"name": "SP800-38{A-G}", "url": "https://doi.org/10.6028/NIST.SP.800-38A"}, + {"name": "RFC 5116", "url": "https://doi.org/10.17487/RFC5116"} + ], + "variant": "AES-{128|192|256}-(ECB|CBC|CFB(1|8|128)|OFB|CTR|)", + "primitive": "block-cipher" + }, + { + "family": "HKDF", + "standard": [ + {"name": "RFC5869", "url": "https://doi.org/10.17487/RFC5869"} + ], + "variant": "HKDF-{hash}", + "primitive": "kdf" + }, + { + "family": "HMAC", + "standard": [ + {"name": "SP800-224", "url": "https://doi.org/10.6028/NIST.SP.800-224.ipd"}, + {"name": "RFC2104", "url": "https://doi.org/10.17487/RFC2104"} + ], + "variant": "HMAC-{hash}-{length}", + "primitive": "mac" + }, + { + "family": "ChaCha", + "standard": [ + {"name": "RFC8439", "url": "https://doi.org/10.17487/RFC8439"} + ], + "variant": "ChaCha20-{AES|other}", + "primitive": "stream-cipher" + }, + { + "family": "Poly1305", + "standard": [ + {"name": "RFC8439", "url": "https://doi.org/10.17487/RFC8439"} + ], + "variant": "Poly1305", + "primitive": "mac" + }, + { + "family": "ChaCha20-Poly1305", + "standard": [ + {"name": "RFC8439", "url": "https://doi.org/10.17487/RFC8439"} + ], + "variant": "ChaCha20-Poly1305", + "primitive": "ae" + } ] -} \ No newline at end of file +} From 643fca9c392581be87e62d1dbe252e263584fd6a Mon Sep 17 00:00:00 2001 From: Basil Hess Date: Thu, 17 Apr 2025 14:52:11 +0200 Subject: [PATCH 2/2] Add more algorithms, used by SSLv3, TLS1.0-1.3 Signed-off-by: Basil Hess --- schema/cryptography-defs.json | 64 +++++++++++++++++++++++++++++++++-- 1 file changed, 61 insertions(+), 3 deletions(-) diff --git a/schema/cryptography-defs.json b/schema/cryptography-defs.json index 2b17d88b..7d0640f8 100644 --- a/schema/cryptography-defs.json +++ b/schema/cryptography-defs.json @@ -60,7 +60,7 @@ {"name": "IEEE1363", "url": "https://doi.org/10.1109/IEEESTD.2000.92290"}, {"name": "X9.63", "url": "https://webstore.ansi.org/standards/ASCX9/ansix9632011r2017"} ], - "variant": "ECDH-{curve}", + "variant": "ECDH{E}-{curve}", "primitive": "key-agree" }, { @@ -69,7 +69,7 @@ {"name": "RFC7919", "url": "https://doi.org/10.17487/RFC7919"}, {"name": "SP800-56A", "url": "https://doi.org/10.6028/NIST.SP.800-56Ar3"} ], - "variant": "FFDH-{named_group}", + "variant": "FFDH{E}-{named_group}", "primitive": "key-agree" }, { @@ -138,6 +138,64 @@ ], "variant": "ChaCha20-Poly1305", "primitive": "ae" - } + }, + { + "family": "MD5", + "standard": [ + {"name": "RFC1321", "url": "https://doi.org/10.17487/RFC1321"} + ], + "variant": "MD5", + "primitive": "hash" + }, + { + "family": "MD4", + "standard": [ + {"name": "RFC1320", "url": "https://doi.org/10.17487/RFC1320"} + ], + "variant": "MD4", + "primitive": "hash" + }, + { + "family": "RC4", + "standard": [ + {"name": "Applied Cryptography: Protocols, Algorithms, and Source Code in C", "url": "https://dl.acm.org/doi/book/10.5555/572932"} + ], + "variant": "RC4-{length}", + "primitive": "stream-cipher" + }, + { + "family": "3DES", + "standard": [ + {"name": "RFC1851", "url": "https://doi.org/10.17487/RFC1851"}, + {"name": "FIPS PUB 46-3", "url": "https://csrc.nist.gov/pubs/fips/46-3/final"} + ], + "variant": "3DES-{length}-{mode}", + "primitive": "block-cipher" + }, + { + "family": "DES", + "standard": [ + {"name": "FIPS PUB 46-3", "url": "https://csrc.nist.gov/pubs/fips/46-3/final"}, + {"name": "ANSI INCITS 92-1981", "url": "https://csrc.nist.gov/pubs/fips/46-3/final"} + ], + "variant": "DES-{length}-{mode}", + "primitive": "block-cipher" + }, + { + "family": "IDEA", + "standard": [ + {"name": "A Proposal for a New Block Encryption Standard", "url": "https://doi.org/10.1007%2F3-540-46877-3_35"} + ], + "variant": "IDEA-{mode}", + "primitive": "block-cipher" + }, + { + "family": "RC2", + "standard": [ + {"name": "RFC2268", "url": "https://doi.org/10.17487/RFC2268"} + ], + "variant": "RC2-{length}-{mode}", + "primitive": "block-cipher" + } ] }