Skip to content

feat(registry): add AES-CTR-HMAC-SHA1-96 suite pattern (RFC 3686)#771

Merged
stevespringett merged 3 commits intoCycloneDX:masterfrom
Mehrn0ush:feat/crypto-registry-aes-ctr-hmac
Jan 22, 2026
Merged

feat(registry): add AES-CTR-HMAC-SHA1-96 suite pattern (RFC 3686)#771
stevespringett merged 3 commits intoCycloneDX:masterfrom
Mehrn0ush:feat/crypto-registry-aes-ctr-hmac

Conversation

@Mehrn0ush
Copy link
Contributor

@Mehrn0ush Mehrn0ush commented Jan 7, 2026

As discussed in ticket #770, this PR proposes adding an AES-CTR + HMAC-SHA1-96 (IPsec ESP suite-style) pattern to the Cryptography Registry.

Fixes #770

Details

  • Adds pattern AES[-(128|192|256)]-CTR-HMAC-SHA1[-96] under the existing AES family.
  • Adds RFC 3686 as the authoritative reference.
  • Registry-only change (schema/cryptography-defs.json). No schema or specification behavior changes.

@Mehrn0ush
feat(registry): add AES-CTR-HMAC-SHA1-96 suite pattern (RFC 3686) (Cy…
c2f046d 
…cloneDX#770)

Signed-off-by: Mehrn0ush <mehrnoush.vaseghi@gmail.com>
@Mehrn0ush Mehrn0ush requested a review from a team as a code owner January 7, 2026 17:40
@stevespringett
Copy link
Member

stevespringett commented Jan 8, 2026

@bhess

@stevespringett stevespringett added cap: cryptography Capability: Cryptography (CBOM) cap: cryptography-registry Capability: Cryptography Registry labels Jan 8, 2026
bhess
bhess approved these changes Jan 15, 2026
View reviewed changes
Copy link
Contributor

@bhess bhess left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jkowalleck jkowalleck requested a review from Copilot January 15, 2026 13:00
Copilot AI reviewed Jan 15, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds support for the AES-CTR-HMAC-SHA1-96 cipher suite pattern to the CycloneDX Cryptography Registry, addressing issue #770. This is an IPsec ESP-style authenticated encryption suite combining AES Counter mode with HMAC-SHA1 authentication using 96-bit tags.

Changes:

  • Added new AES variant pattern AES[-(128|192|256)]-CTR-HMAC-SHA1[-96] with primitive type ae (authenticated encryption)
  • Added RFC 3686 as the standard reference with appropriate DOI URL

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@stevespringett stevespringett merged commit dfa5e7e into CycloneDX:master Jan 22, 2026
6 of 8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@stevespringett stevespringett stevespringett approved these changes

+1 more reviewer

@bhess bhess bhess approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

cap: cryptography Capability: Cryptography (CBOM) cap: cryptography-registry Capability: Cryptography Registry

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[FEATURE]: Add AES-CTR + HMAC-SHA1-96 (IPsec ESP suite, RFC 3686) to Cryptography Registry

3 participants

@Mehrn0ush @stevespringett @bhess