CycloneDX · jkowalleck · Nov 30, 2023 · Nov 29, 2023
diff --git a/schema/bom-1.6.schema.json b/schema/bom-1.6.schema.json
@@ -3880,7 +3880,7 @@
             "primitive": {
               "type": "string",
               "title": "primitive",
-              "description": "Low-level cryptographic building block used in higher-level cryptographic functions. Primitives can be used to construct algorithms used for encryption (e.g. AES), digital signatures (e.g. ECDSA), and pseudorandom number generators (e.g. PRNG).\n\n TODO Basil",
+              "description": "Cryptographic building blocks used in higher-level cryptographic systems and protocols. Primitives represent different cryptographic routines: deterministic random bit generators (drbg, e.g. CTR_DRBG from NIST SP800-90A-r1), message authentication codes (mac, e.g. HMAC-SHA-256), blockciphers (e.g. AES), streamciphers (e.g. Salsa20), signatures (e.g. ECDSA), hash functions (e.g. SHA-256), public-key encryption schemes (pke, e.g. RSA), extended output functions (xof, e.g. SHAKE256), key derivation functions (e.g. pbkdf2), key agreement algoorithms (e.g. ECDH), key encapsulation mechanisms (e.g. ML-KEM) and authenticated encryption (ae, e.g. AES-GCM).",
               "enum": [
                 "drbg",
                 "mac",
@@ -4067,7 +4067,7 @@
             "executionEnvironment": {
               "type": "string",
               "title": "Execution Environment",
-              "description": "The target and execution environment in which the algorithm is implemented in.\n\n* TODO Basil",
+              "description": "The target and execution environment in which the algorithm is implemented in. The execution environment can be a software implementation running in plain unencrypted RAM ('softwarePlainRAM'), a software implementation running in encrypted RAM ('softwareEncryptedRAM'), a software implementation runing in a trusted execution environment ('softwareTEE'), or an implementation in 'hardware'.",
               "enum": [
                 "softwarePlainRAM",
                 "softwareEncryptedRAM",
@@ -4080,7 +4080,7 @@
             "implementationPlatform": {
               "type": "string",
               "title": "implementation platform",
-              "description": "The implementation platform for the crypto algorithm",
+              "description": "The target platform for which the algorithm is implemented. The implementation can be 'generic', running on any platform or for a specific platform such as 'x86_32', 'x86_64, 'armv7-a', 'armv7-m', 'armv8-a', 'armv8-m', 's390x', 'ppc64' or 'ppc64le'.",
               "enum": [
                 "generic",
                 "x86_32",
@@ -4099,7 +4099,7 @@
             "certificationLevel": {
               "type": "string",
               "title": "certification level",
-              "description": "The certification level for the crypto algorithm",
+              "description": "The certification that the implementation of the cryptographic algorithm has received, if any. Certifications include revisions and levels of FIPS 140 or Common Criteria of different Extended Assurance Levels (CC-EAL).",
               "enum": [
                 "none",
                 "fips140-1-l1",
@@ -4135,7 +4135,7 @@
             "mode": {
               "type": "string",
               "title": "mode",
-              "description": "The cipher mode of operation for the crypto algorithm",
+              "description": "The mode of operation in which the cryptographic algorithm (block cipher) is used.",
               "enum": [
                 "cbc",
                 "ecb",
@@ -4151,7 +4151,7 @@
             "padding": {
               "type": "string",
               "title": "padding",
-              "description": "The padding for the crypto algorithm ",
+              "description": "The padding scheme that is used for the cryptographic algorithm.",
               "enum": [
                 "pkcs5",
                 "pkcs7",
@@ -4165,7 +4165,7 @@
             "cryptoFunctions": {
               "type": "array",
               "title": "crypto function",
-              "description": "The crypto functions implemented by the crypto algorithm",
+              "description": "The cryptographic functions implemented by the cryptographic algorithm",
               "items": {
                 "type": "string",
                 "enum": [
@@ -4188,13 +4188,13 @@
             "classicalSecurityLevel": {
               "type": "integer",
               "title": "classical security level",
-              "description": "classical security level",
+              "description": "The classical security level that a cryptographic algorithm provides (in bits).",
               "minimum": 0
             },
             "nistQuantumSecurityLevel": {
               "type": "integer",
               "title": "NIST security strength category",
-              "description": "NIST security strength category as defined in https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization/evaluation-criteria/security-(evaluation-criteria), or 0 if none of the categories are met",
+              "description": "The NIST security strength category as defined in https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization/evaluation-criteria/security-(evaluation-criteria). A value of 0 indicates that none of the categories are met.",
               "minimum": 0,
               "maximum": 6
             }