Skip to content

feat(registry): add AES-CTR-HMAC-SHA1-96 suite pattern (RFC 3686) #771

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Mehrn0ush wants to merge 1 commit into
base: master
Choose a base branch
from
Open

feat(registry): add AES-CTR-HMAC-SHA1-96 suite pattern (RFC 3686) #771

Mehrn0ush wants to merge 1 commit into from
+10 −0

Conversation

@Mehrn0ush
Copy link
Contributor

@Mehrn0ush Mehrn0ush commented Jan 7, 2026

As discussed in ticket #770, this PR proposes adding an AES-CTR + HMAC-SHA1-96 (IPsec ESP suite-style) pattern to the Cryptography Registry.

Fixes #770

Details

  • Adds pattern AES[-(128|192|256)]-CTR-HMAC-SHA1[-96] under the existing AES family.
  • Adds RFC 3686 as the authoritative reference.
  • Registry-only change (schema/cryptography-defs.json). No schema or specification behavior changes.

@Mehrn0ush Mehrn0ush requested a review from a team as a code owner January 7, 2026 17:40
@stevespringett
Copy link
Member

stevespringett commented Jan 8, 2026

@bhess

@stevespringett stevespringett added cap: cryptography Capability: Cryptography (CBOM) cap: cryptography-registry Capability: Cryptography Registry labels Jan 8, 2026
bhess
bhess approved these changes Jan 15, 2026
View reviewed changes
Copy link
Contributor

@bhess bhess left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jkowalleck jkowalleck requested a review from Copilot January 15, 2026 13:00
Copilot AI reviewed Jan 15, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds support for the AES-CTR-HMAC-SHA1-96 cipher suite pattern to the CycloneDX Cryptography Registry, addressing issue #770. This is an IPsec ESP-style authenticated encryption suite combining AES Counter mode with HMAC-SHA1 authentication using 96-bit tags.

Changes:

  • Added new AES variant pattern AES[-(128|192|256)]-CTR-HMAC-SHA1[-96] with primitive type ae (authenticated encryption)
  • Added RFC 3686 as the standard reference with appropriate DOI URL

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

schema/cryptography-defs.json
],
"pattern": "AES[-(128|192|256)]-CTR-HMAC-SHA1[-96]",
"primitive": "ae"
},
Copy link

Copilot AI Jan 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This line has trailing whitespace after the closing brace and comma. Trailing whitespace should be removed to maintain consistent formatting throughout the file.

Suggested change
},
},

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

+1 more reviewer

@bhess bhess bhess approved these changes

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

cap: cryptography Capability: Cryptography (CBOM) cap: cryptography-registry Capability: Cryptography Registry

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[FEATURE]: Add AES-CTR + HMAC-SHA1-96 (IPsec ESP suite, RFC 3686) to Cryptography Registry

3 participants

@Mehrn0ush @stevespringett @bhess