Skip to content

Update algorithm names to match CycloneDX schema #362

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
n1ckl0sk0rtge wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update algorithm names to match CycloneDX schema #362

n1ckl0sk0rtge wants to merge 1 commit into from

Conversation

@n1ckl0sk0rtge
Copy link
Contributor

@n1ckl0sk0rtge n1ckl0sk0rtge commented Jan 25, 2026

Summary

  • Updates algorithm naming conventions in mapper model to align with the CycloneDX cryptography-defs.json specification
  • Adds CycloneDX schema JavaDoc references to algorithm classes
  • Updates test assertions across all language modules (Java, Python, Go)

Naming changes:

Current CycloneDX
SHA1 SHA-1
SHA256/384/512 SHA-256/384/512
SHA3-256/384/512 SHA-3-256/384/512
ChaCha20Poly1305 ChaCha20-Poly1305
RSASSA-PSS RSA-PSS
DH FFDH
KDF in Counter Mode SP800-108-CounterKDF
KDF in Feedback Mode SP800-108-FeedbackKDF
SPHINCS+ SLH-DSA

Test plan

  • All mapper tests pass (43 tests)
  • All output tests pass (20 tests)
  • All Java detection tests pass (156 tests)
  • All Python detection tests pass (45 tests)
  • All Go detection tests pass (38 tests)
  • Code formatted with mvn spotless:apply

🤖 Generated with Claude Code

@n1ckl0sk0rtge @claude
Update algorithm names to match CycloneDX schema
0924034 
Updates algorithm naming conventions in mapper model to align with the
CycloneDX cryptography-defs.json specification:

- SHA1 → SHA-1, SHA256 → SHA-256, SHA384 → SHA-384, SHA512 → SHA-512
- SHA3-* → SHA-3-* (e.g., SHA3-256 → SHA-3-256)
- ChaCha20Poly1305 → ChaCha20-Poly1305
- RSASSA-PSS → RSA-PSS
- DH → FFDH (Finite Field Diffie-Hellman)
- KDF in Counter Mode → SP800-108-CounterKDF
- KDF in Feedback Mode → SP800-108-FeedbackKDF
- SPHINCS+ → SLH-DSA

Also adds CycloneDX schema JavaDoc references to algorithm classes and
updates test assertions across all language modules (Java, Python, Go).

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@n1ckl0sk0rtge n1ckl0sk0rtge requested a review from a team as a code owner January 25, 2026 10:11
@n1ckl0sk0rtge n1ckl0sk0rtge self-assigned this Jan 25, 2026
@n1ckl0sk0rtge n1ckl0sk0rtge added the enhancement New feature or request label Jan 25, 2026
bhess
bhess reviewed Jan 26, 2026
View reviewed changes
Copy link

@bhess bhess left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Excellent!
Did you run an automatic check to verify that the patterns match?
I noticed a few that don’t, see the inline comments.

mapper/src/test/java/com/ibm/mapper/mapper/jca/JcaPasswordBasedEncryptionMapperTest.java
PasswordBasedEncryption pbe = pbeOpt.get();
assertThat(pbe.getName()).isEqualTo("PBES1");
assertThat(pbe.asString()).isEqualTo("pbeWithHmacSHA256AndAES");
assertThat(pbe.asString()).isEqualTo("pbeWithHmacSHA-256AndAES");
Copy link

@bhess bhess Jan 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See the pattern here: https://github.com/CycloneDX/specification/blob/8c16b5c89503657e14d618bd6851c416707a244b/schema/cryptography-defs.json#L1404
Should be
PBES1-AES-HMAC-SHA-256

java/src/test/files/rules/detection/bc/signer/BcRSADigestSignerTestFile.java

// Initialize RSADigestSigner
RSADigestSigner signer = new RSADigestSigner(digest, new ASN1ObjectIdentifier("1234"));
// Noncompliant@-1 {{(Signature) SHA256withRSA}}
Copy link

@bhess bhess Jan 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This maps to RSA RSA-PKCS1-1.5-SHA-256, see
https://github.com/CycloneDX/specification/blob/8c16b5c89503657e14d618bd6851c416707a244b/schema/cryptography-defs.json#L19C23-L19C56

Similarly, all other patterns in the PR using "XYZwithRSA" or "XYZwithDSA" should be adapted.

@bhess
Copy link

bhess commented Jan 26, 2026

This mapping isn't strictly true: SPHINCS+ -> SLH-DSA
SPHINCS+ is the pre-standard version, while SLH-DSA is the standard version. There aren't major changes, but the two aren't compatible.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@bhess bhess bhess left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

@n1ckl0sk0rtge n1ckl0sk0rtge

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@n1ckl0sk0rtge @bhess