Skip to content

Comments

Update algorithm names to match CycloneDX schema#362

Open
n1ckl0sk0rtge wants to merge 1 commit intomainfrom
feature/update-algorithm-names
Open

Update algorithm names to match CycloneDX schema#362
n1ckl0sk0rtge wants to merge 1 commit intomainfrom
feature/update-algorithm-names

Conversation

@n1ckl0sk0rtge
Copy link
Contributor

@n1ckl0sk0rtge n1ckl0sk0rtge commented Jan 25, 2026

Summary

  • Updates algorithm naming conventions in mapper model to align with the CycloneDX cryptography-defs.json specification
  • Adds CycloneDX schema JavaDoc references to algorithm classes
  • Updates test assertions across all language modules (Java, Python, Go)

Naming changes:

Current CycloneDX
SHA1 SHA-1
SHA256/384/512 SHA-256/384/512
SHA3-256/384/512 SHA-3-256/384/512
ChaCha20Poly1305 ChaCha20-Poly1305
RSASSA-PSS RSA-PSS
DH FFDH
KDF in Counter Mode SP800-108-CounterKDF
KDF in Feedback Mode SP800-108-FeedbackKDF
SPHINCS+ SLH-DSA

Test plan

  • All mapper tests pass (43 tests)
  • All output tests pass (20 tests)
  • All Java detection tests pass (156 tests)
  • All Python detection tests pass (45 tests)
  • All Go detection tests pass (38 tests)
  • Code formatted with mvn spotless:apply

🤖 Generated with Claude Code

@n1ckl0sk0rtge @claude
Update algorithm names to match CycloneDX schema
0924034 
Updates algorithm naming conventions in mapper model to align with the
CycloneDX cryptography-defs.json specification:

- SHA1 → SHA-1, SHA256 → SHA-256, SHA384 → SHA-384, SHA512 → SHA-512
- SHA3-* → SHA-3-* (e.g., SHA3-256 → SHA-3-256)
- ChaCha20Poly1305 → ChaCha20-Poly1305
- RSASSA-PSS → RSA-PSS
- DH → FFDH (Finite Field Diffie-Hellman)
- KDF in Counter Mode → SP800-108-CounterKDF
- KDF in Feedback Mode → SP800-108-FeedbackKDF
- SPHINCS+ → SLH-DSA

Also adds CycloneDX schema JavaDoc references to algorithm classes and
updates test assertions across all language modules (Java, Python, Go).

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@n1ckl0sk0rtge n1ckl0sk0rtge requested a review from a team as a code owner January 25, 2026 10:11
@n1ckl0sk0rtge n1ckl0sk0rtge self-assigned this Jan 25, 2026
@n1ckl0sk0rtge n1ckl0sk0rtge added the enhancement New feature or request label Jan 25, 2026
bhess
bhess reviewed Jan 26, 2026
View reviewed changes
Copy link

@bhess bhess left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Excellent!
Did you run an automatic check to verify that the patterns match?
I noticed a few that don’t, see the inline comments.

mapper/src/test/java/com/ibm/mapper/mapper/jca/JcaPasswordBasedEncryptionMapperTest.java
PasswordBasedEncryption pbe = pbeOpt.get();
assertThat(pbe.getName()).isEqualTo("PBES1");
assertThat(pbe.asString()).isEqualTo("pbeWithHmacSHA256AndAES");
assertThat(pbe.asString()).isEqualTo("pbeWithHmacSHA-256AndAES");
Copy link

@bhess bhess Jan 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See the pattern here: https://github.com/CycloneDX/specification/blob/8c16b5c89503657e14d618bd6851c416707a244b/schema/cryptography-defs.json#L1404
Should be
PBES1-AES-HMAC-SHA-256

java/src/test/files/rules/detection/bc/signer/BcRSADigestSignerTestFile.java

// Initialize RSADigestSigner
RSADigestSigner signer = new RSADigestSigner(digest, new ASN1ObjectIdentifier("1234"));
// Noncompliant@-1 {{(Signature) SHA256withRSA}}
Copy link

@bhess bhess Jan 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This maps to RSA RSA-PKCS1-1.5-SHA-256, see
https://github.com/CycloneDX/specification/blob/8c16b5c89503657e14d618bd6851c416707a244b/schema/cryptography-defs.json#L19C23-L19C56

Similarly, all other patterns in the PR using "XYZwithRSA" or "XYZwithDSA" should be adapted.

@bhess
Copy link

bhess commented Jan 26, 2026

This mapping isn't strictly true: SPHINCS+ -> SLH-DSA
SPHINCS+ is the pre-standard version, while SLH-DSA is the standard version. There aren't major changes, but the two aren't compatible.

@san-zrl
Copy link
Contributor

san-zrl commented Feb 18, 2026

What's the state of this? Will there be further changes?

@n1ckl0sk0rtge
Copy link
Contributor Author

n1ckl0sk0rtge commented Feb 18, 2026

@san-zrl Yeah, hope I will find some time for that. It's work in progress to align the algorithm naming in sonar with the standardized naming of the cyclonedx registry. If you have some time for this, feel free to look into it :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@bhess bhess bhess left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

@n1ckl0sk0rtge n1ckl0sk0rtge

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@n1ckl0sk0rtge @bhess @san-zrl