[FEATURE]: Add SPAKE2 (RFC 9382) and SPAKE2+ (RFC 9383) to Cryptography Registry #797
Description
Summary
SPAKE2 (RFC 9382) and SPAKE2+ (RFC 9383) are currently missing from
schema/cryptography-defs.json. This issue proposes adding both algorithms
to the Cryptography Registry.
Specifications
- RFC 9382 — SPAKE2: https://doi.org/10.17487/RFC9382
- RFC 9383 — SPAKE2+: https://doi.org/10.17487/RFC9383
Rationale
- Both SPAKE2 and SPAKE2+ are modern PAKE protocols standardized by the IETF.
- They are widely referenced in contemporary authentication designs.
- Adding them enables accurate SBOM/CBOM representation of PAKE-based systems.
Proposed registry entries
Add the following entries to algorithms[] in schema/cryptography-defs.json,
placed alphabetically near other key-agreement mechanisms:
{
"family": "SPAKE2",
"standard": [
{
"name": "RFC9382",
"url": "https://doi.org/10.17487/RFC9382"
}
],
"variant": [
{
"pattern": "SPAKE2",
"primitive": "key-agree"
},
{
"pattern": "SPAKE2[-{group}][-{hashFunction}][-{kdf}][-{mac}]",
"primitive": "key-agree"
}
]
},
{
"family": "SPAKE2PLUS",
"standard": [
{
"name": "RFC9383",
"url": "https://doi.org/10.17487/RFC9383"
}
],
"variant": [
{
"pattern": "SPAKE2+",
"primitive": "key-agree"
},
{
"pattern": "SPAKE2+[-{group}][-{hashFunction}][-{kdf}][-{mac}]",
"primitive": "key-agree"
}
]
}Notes
SPAKE2 and SPAKE2+ are defined as separate families since they are
distinct protocols (symmetric PAKE vs augmented PAKE).
The family name SPAKE2PLUS avoids special characters, while the pattern
preserves the RFC-defined algorithm name SPAKE2+.