---

#####
# Common Criteria certificate IDs, grouped by scheme (Alpha-2 ISO country code).
#####
cc_cert_id:
  DE:
    - "BSI[-_]DSZ[-_]CC[-_](?:(?P<s>S)[-_])?(?P<counter>[0-9]{3,5})[-_]?(?:(?P<version>[vV][0-9])[-_])?(?P<year>[0-9]{4})?(?:[-_](?P<doc>(?:RA|MA)(?:[-_][0-9]+)?))?"
    # Examples:
    # BSI-DSZ-CC-1004
    # BSI-DSZ-CC-0973-2016
    # BSI-DSZ-CC-0831-V4-2021
    # BSI-DSZ-CC-0837-V2-2014-MA-01
    # BSI-DSZ-CC-S-0192-2021
  FR:
    - "DCSS[Ii]-(?P<year>[0-9]{2,4})/(?P<counter>[0-9]+)([vV](?P<version>[0-9]))?"
    - "Rapport de certification (?P<year>[0-9]{2,4})/(?P<counter>[0-9]+)([vV](?P<version>[0-9]))?"
    - "Certification Report (?P<year>[0-9]{2,4})/(?P<counter>[0-9]+)([vV](?P<version>[0-9]))?"
    - "ANSS[Ii](?:-CC)?(?:-(?P<type>PP|SITE))?[ -](?P<year>[0-9]{2,4})[/_-](?P<counter>[0-9]+)(?:-(?P<doc>(?:[MSR][0-9]+)))?([vV](?P<version>[0-9]))?"
    - "EUCC-ANSSI-(?P<year>[0-9]{4})-(?P<month>[0-9]{2})-(?P<day>[0-9]{2})"
    - "EUCC-3090-(?P<year>[0-9]{4})-(?P<month>[0-9]{2})-(?P<counter>[0-9]{4})"
    # Examples:
    # DCSSI-2009/07
    # ANSSI-CC 2001/02-R01
    # Rapport de certification 2001/02v2
    # Certification Report 2003/20
    # EUCC-ANSSI-2025-03-02
    # EUCC-3090-2025-10-0004
  NL:
    - "(?:NSCIB-|CC-|NSCIB-CC-)(?P<core>((?P<year>[0-9]{2})-)?(?:-?[0-9]+)+)(?:-?(?P<doc>(?:CR|MA|MR)(?P<version>[0-9]*)))?"
    - "EUCC-3110-(?P<year>[0-9]{4})-(?P<month>[0-9]{2})-(?P<counter>[0-9]+)-(?P<counter2>[0-9]+)"
    # Examples:
    # NSCIB-CC-22-0428888-CR2  (with year=22 and CR2)
    # NSCIB-CC-228723-CR  (no year)
    # CC-16-31801-CR4  (no NSCIB)
    # NSCIB-CC-98209   (no year, no CR)
    # EUCC-3110-2025-09-2500093-01
  "NO":
    - "SERTIT-(?P<counter>[0-9]+)"
    # Examples:
    # SERTIT-101
  US:
    - "CCEVS-VR-(?:(?P<cc>CC)-)?(?:(?P<VID>VID)-?)?(?P<year>[0-9]{2})-(?P<counter>[0-9]+)"
    - "CCEVS-VR-(?:(?P<cc>CC)-)?(?:(?P<VID>VID)-?)?(?P<counter>[0-9]{4,5})(?:-(?P<year>[0-9]{4}))?"
    # Examples:
    # CCEVS-VR-VID10015-2008
    # CCEVS-VR-10880-2018
    # CCEVS-VR-04-0082
    # CCEVS-VR-VID10318
  CA:
    - "(?P<number1>383)[ -](?P<digit>[0-9])[ -](?P<number2>[0-9]+)(?:-CR|P)?"
    - "(?P<number>[0-9]+)[ -](?P<lab>EWA|LSS|CCS)(?:[ -](?P<year>[0-9]+))?"
    # Examples:
    # 383-4-123-CR
    # 383-4-123P
    # 522 EWA 2020
    # Filename rule:
    #- "[0-9][0-9][0-9](?:%20|-)(?:EWA|LSS|CCS)(?:%20|-)(?:20[0-9][0-9]%20|)CR%20v[0-9]\\.[0-9]" # Canada filename with space (518-LSS%20CR%20v1.0)
  UK:
    - "CRP(?P<counter>[0-9]+[A-Z]?)"
    - "CERTIFICATION REPORT No. P(?P<counter>[0-9]+[A-Z]?)"
    # Examples:
    # CRP208
    # CERTIFICATION REPORT No. P123A
  ES:
    - "(?P<year>[0-9]{4})[-‐](?P<project>[0-9]+)[-‐]INF[-‐](?P<counter>[0-9]+)(?:[ -‐]{1,2}[vV](?P<version>[0-9]))?"
    - "EUCC-3095-(?P<year>[0-9]{4})-(?P<month>[0-9]{2})-(?P<day>[0-9]{2})"
    # Examples:
    # 2006-4-INF-98 v2
    # 2020-34-INF-3784- v1
    # 2019-20-INF-3379-v1
    # 2011-14-INF-1095   (also without the version)
    # EUCC-3095-2025-07-01
  KR:
    - "KECS[-‐](?P<word>ISIS|NISS|CISS)[-‐](?P<counter>[0-9]{2,4})[-‐](?P<year>[0-9]{4})"
    # XXX: Do not use KECS-CR as those refer to the certificate report and do not represent the certificate id.
    # Examples:
    # KECS-ISIS-0579-2015
    # KECS-NISS-0792-2017
    # KECS-CISS-1210-2023
  JP:
    - "(?:CRP|ACR)-C(?P<counter>[0-9]+)-(?P<digit>[0-9]+)"
    - "JISEC-CC-CRP-C(?P<counter>[0-9]+)(?:-(?P<digit>[0-9]{2}))?(?:-(?P<year>[0-9]{4}))?"
    - "Certification No. [cC](?P<counter>[0-9]+)"
    # Examples:
    # CRP-C0595-01
    # JISEC-CC-CRP-C0689-01-2020
    # Certification No. C0090
  MY:
    - "ISCB-(?P<digit>[0-9])-RPT-C(?P<counter>[0-9]{3})-CR(?:-[0-9])?-(?P<version>[vV][0-9][a-z]?)"
    # Examples:
    # ISCB-3-RPT-C068-CR-1-v1
    # ISCB-5-RPT-C075-CR-v2
    # ISCB-5-RPT-C046-CR-V1a
  IT:
    - "OCSI/CERT/(?:(?P<lab>[A-Z]{3})/)?(?P<counter>[0-9]{2,3})/(?P<year>[0-9]{4})/RC"
    # Examples:
    # OCSI/CERT/SYS/04/2018/RC
    # OCSI/CERT/CCL/10/2022/RC
    # OCSI/CERT/TEC/09/2017/RC
    # OCSI/CERT/ATS/06/2020/RC
  TR:
    - "(?P<prefix>[0-9\\.]+)/TSE-CCCS-(?P<number>[0-9]+)"
    # XXX: The report numbers are like "21.0.01/13-028"
    # Examples:
    # 21.0.03.0.00.00/TSE-CCCS-85
    # 21.0.03/TSE-CCCS-33
  SE:
    - "CSEC ?(?P<year>[0-9]{4})(?P<counter>[0-9]{2,3})"
    # Examples:
    # CSEC2019015
    # CSEC 2019012
  IN:
    - "IC3S/(?P<lab>[A-Z]+[0-9]+)/(?P<vendor>[a-zA-Z_]+)/(?P<level>[a-zA-Z0-9]+)/(?P<number1>[0-9]+)/(?P<number2>[0-9]+) ?(?:/CR)?"
    # XXX: The cert IDs are often present only in the certificate and not in the report.
    #      The report often only has the report id, of the format "STQC/CC/1617/18/CR"
    # Examples:
    # IC3S/BG01/HALTDOS/EAL2/0317/0008/CR
    # IC3S/KOL01/ADVA/EAL2/0520/0021/CR
    # IC3S/MUM01/Symantec/NDcPP/0722/0032/CR
  SG:
    - "CSA_CC_(?P<year>[0-9]{2})(?P<counter>[0-9]{3})"
    # Examples:
    # CSA_CC_19001
  AU:
    - "(?:Certificate Number:|Certification Report) (?P<year>[0-9]{2,4})/(?P<counter>[0-9]+)"
    # XXX: Do not use Australian ETR numbers, they are not certificate id.
    # Examples:
    # Certification Report 2007/06
    # Certificate Number: 2010/67
    # Certificate Number: 37/2006    !mistake
    # Certification Report 97/76     !short year
  QA:
    - "QCCS-CERT-C(?P<counter>[0-9]{3})-(?P<number>[0-9]+)-(?P<year>[0-9]{4})"
    # Examples:
    # QCCS-CERT-C003-001-2024
  PL:
    - "(?P<number>[0-9]+)/PC1/(?:(?P<ac>AC223)/)?(?P<year>[0-9]{4})"
    # Examples:
    # 1/PC1/2021
    # 1/PC1/AC223/2022
    # 1/PC1/AC223/2023
    # 2/PC1/AC223/2023
    # 1/PC1/AC223/2024
    # 2/PC1/AC223/2024

#####
# Common Criteria certificate IDs as they appear in report filenames, grouped by scheme (Alpha-2 ISO country code).
#####
cc_filename_cert_id:
  DE:
    #- "(?P<counter>[0-9]{3,5})(?:(?P<version>[vV][0-9]))?a?(?:_pdf)?"
    - "(?P<year>[0-9]{4})(?P<month>[0-9]{2})(?P<day>[0-9]{2})_(?P<counter>[0-9]{3,5})(?:(?P<version>[vV][0-9]))?a?(?:_pdf)?"
  FR:
    - "(?P<year>[0-9]{4})[_-](?P<counter>[0-9]{2})([vV](?P<version>[0-9]))?"
    #- "(?P<year>[0-9]{2})(?P<counter>[0-9]{2})([vV](?P<version>[0-9]))?"
  NL:
    - "(?:NSCIB-|CC-|NSCIB-CC-)(?P<core>((?P<year>[0-9]{2})-)?(?:-?[0-9]+)+)(?:-?(?P<doc>(?:CR|MA|MR)[0-9]*))?"
  "NO":
    - "SERTIT-(?P<counter>[0-9]+)"
  US:
  CA:
    - "(?P<number1>[0-9]+)[ -](?P<digit>[0-9])[ -](?P<number2>[0-9]+)(?:-CR|P)?"
    - "(?P<number>[0-9]+)[ -](?P<lab>EWA|LSS|CCS)(?:[ -](?P<year>[0-9]+))?"
  UK:
    - "CRP(?P<counter>[0-9]+[A-Z]?)"
  ES:
    - "(?P<year>[0-9]{4})[-‐](?P<project>[0-9]+)[-‐]INF[-‐](?P<counter>[0-9]+)[ -‐_]{1,2}[vV](?P<version>[0-9])"
  KR:
    - "(?P<word>ISIS|NISS|CISS)[-‐](?P<counter>[0-9]{2,4})[-‐](?P<year>[0-9]{4})"
  JP:
    - "[cC](?P<counter>[0-9]+)"
  MY:
    - "ISCB-(?P<digit>[0-9])-RPT-C(?P<counter>[0-9]{3})-CR(?:-[0-9])?-(?P<version>[vV][0-9][a-z]?)"
  IT:
  TR:
  SE:
    - "CR(?P<year>[0-9]{4})(?P<counter>[0-9]{2,3})"
  IN:
  SG:
  AU:
    - "(?P<year>[0-9]{2,4})_(?P<counter>[0-9]+)"
  QA:
  PL:

#####
# Common Criteria protection profile IDs, grouped by certification body (e.g. BSI)
#####
cc_protection_profile_id:
  BSI:
    - "BSI-(?:CC[-_]|)PP[-_]*.+?"
    - "BSI-CCPP-.+?"
  ANSSI:
    - "ANSSI-CC-PP.+?"
  KECS:
    - "KECS-PP-[0-9]+-[0-9]+"
  other:
    - "PP-SSCD.+?"
    - "PP_DBMS_.+?"
    - "WBIS_V[0-9]\\.[0-9]"
    - "EHCT_V.+?"

#####
# Common Criteria security level (EAL or ITSEC).
#####
cc_security_level:
  EAL:
    - "EAL[ ]*[0-9+]+?"
    - "EAL[ ]*[0-9] augmented"
  ITSEC:
    - "ITSEC[ ]*E[1-9]*.+?"

#####
# Common Criteria security assurance requirement (SAR) code, grouped by class (e.g. ACE, ACM, ...).
#####
cc_sar:
  ACE:
    - "ACE(?:_[A-Z]{3,4}){1,2}(?:\\.[0-9]){0,2}"
  ACM:
    - "ACM(?:_[A-Z]{3,4}){1,2}(?:\\.[0-9]){0,2}"
  ACO:
    - "ACO(?:_[A-Z]{3,4}){1,2}(?:\\.[0-9]){0,2}"
  ADO:
    - "ADO(?:_[A-Z]{3,4}){1,2}(?:\\.[0-9]){0,2}"
  ADV:
    - "ADV(?:_[A-Z]{3,4}){1,2}(?:\\.[0-9]){0,2}"
  AGD:
    - "AGD(?:_[A-Z]{3,4}){1,2}(?:\\.[0-9]){0,2}"
  ALC:
    - "ALC(?:_[A-Z]{3,4}){1,2}(?:\\.[0-9]){0,2}"
  ATE:
    - "ATE(?:_[A-Z]{3,4}){1,2}(?:\\.[0-9]){0,2}"
  AVA:
    - "AVA(?:_[A-Z]{3,4}){1,2}(?:\\.[0-9]){0,2}"
  AMA:
    - "AMA(?:_[A-Z]{3,4}){1,2}(?:\\.[0-9]){0,2}"
  APE:
    - "APE(?:_[A-Z]{3,4}){1,2}(?:\\.[0-9]){0,2}"
  ASE:
    - "ASE(?:_[A-Z]{3,4}){1,2}(?:\\.[0-9]){0,2}"

#####
# Common Criteria security functional requirement (SFR) code, grouped by class (e.g. FAU, FCO, ...).
#####
cc_sfr:
  FAU:
    - "FAU(?:_[A-Z]{3,4}){1,2}(?:\\.[0-9]){0,2}"
  FCO:
    - "FCO(?:_[A-Z]{3,4}){1,2}(?:\\.[0-9]){0,2}"
  FCS:
    - "FCS(?:_[A-Z]{3,4}){1,2}(?:\\.[0-9]){0,2}"
  FDP:
    - "FDP(?:_[A-Z]{3,4}){1,2}(?:\\.[0-9]){0,2}"
  FIA:
    - "FIA(?:_[A-Z]{3,4}){1,2}(?:\\.[0-9]){0,2}"
  FMT:
    - "FMT(?:_[A-Z]{3,4}){1,2}(?:\\.[0-9]){0,2}"
  FPR:
    - "FPR(?:_[A-Z]{3,4}){1,2}(?:\\.[0-9]){0,2}"
  FPT:
    - "FPT(?:_[A-Z]{3,4}){1,2}(?:\\.[0-9]){0,2}"
  FRU:
    - "FRU(?:_[A-Z]{3,4}){1,2}(?:\\.[0-9]){0,2}"
  FTA:
    - "FTA(?:_[A-Z]{3,4}){1,2}(?:\\.[0-9]){0,2}"
  FTP:
    - "FTP(?:_[A-Z]{3,4}){1,2}(?:\\.[0-9]){0,2}"

#####
# Common Criteria claim code, grouped by class (e.g. D, T, ...).
#####
cc_claims:
  D:
    - "D\\.[\\._\\-A-Z]+?"
  O:
    - "O\\.[\\._\\-A-Z]+?"
  T:
    - "T\\.[\\._\\-A-Z]+?"
  A:
    - "A\\.[\\._\\-A-Z]+?"
  R:
    - "R\\.[\\._\\-A-Z]+?"
  OT:
    - "OT\\.[\\._\\-A-Z]+?"
  OP:
    - "OP\\.[\\._\\-A-Z]+?"
  OE:
    - "OE\\.[\\._\\-A-Z]+?"
  SA:
    - "SA\\.[\\._\\-A-Z]+?"
  OSP:
    - "OSP\\.[\\._\\-A-Z]+?"

#####
# A generic vendor of a product, mostly has smartcard/secure hardware vendors or other large vendors of certified products.
#####
vendor:
  NXP:
    - "NXP( Semiconductors)?( N\\.V\\.)?"
  Infineon:
    - "Infineon( Technologies)?( AG)?"
  Samsung:
    - "Samsung"
  STMicroelectronics:
    - "STMicroelectronics|STM|STMicro( N\\.V\\.)?"
  Feitian:
    - "Feitian( Technologies)?( Co.)?"
  Gemalto:
    - "Gemalto( N\\.V\\.)?"
  Gemplus:
    - "Gemplus( International)?( SA)?"
  Axalto:
    - "Axalto"
  Thales:
    - "Thales( Group)?( SA)?"
  Oberthur:
    - "(Oberthur|OBERTHUR)( Technologies| Card Systems)?"
  Idemia:
    - "Idemia|IDEMIA"
  Sagem:
    - "Sagem|SAGEM"
  Morpho:
    - "Morpho( Systèmes)?"
  GD:
    - "G&D|G\\+D|Giesecke\\+Devrient|Giesecke & Devrient"
  Philips:
    - "(Koninklijke )?Philips( N\\.V\\.)?"
  Qualcomm:
    - "Qualcomm"
  Broadcom:
    - "Broadcom( Inc.)?"
  Huawei:
    - "Huawei( Technologies)?( Co.)?"
  Microsoft:
    - "Microsoft( Corporation)?"
  Cisco:
    - "Cisco( Systems)?(, Inc.)?"

#####
# Common Criteria evaluation facility, mostly from https://www.commoncriteriaportal.org/labs/, grouped roughly by facility.
#####
eval_facility:
  Serma:
    - "Serma Technologies|SERMA|Serma Safety & Security"
  Thales:
    - "THALES - CEACI|THALES/CNES"
  Riscure:
    - "Riscure"
  SGS:
    - "SGS"
    - "SGS Bright[sS]ight" # SGS acquired BrightSight
  BrightSight:
    - "Bright[sS]ight"
  Applus:
    - "Applus Laboratories"
  TUV:
    - "(tuvit|TÜViT|TUViT|TÜV Informationstechnik|TUV Informationstechnik)"
  CESTI:
    - "CESTI"
  DXC:
    - "DXC Technology"
  Teron:
    - "Teron Labs"
  EWA:
    - "(EWA|EWA-Canada)"
  Lightship:
    - "Lightship Security"
  AMOSSYS:
    - "AMOSSYS"
  CEA-LETI:
    - "(CEA - LETI|CEA/LETI|CEA-LETI)"
  OPPIDA:
    - "OPPIDA"
  TrustedLabs:
    - "Trusted Labs"
  atsec:
    - "atsec"
  DeutscheTelekom:
    - "Deutsche Telekom Security"
  DFKI:
    - "(Deutsches Forschungszentrum für künstliche Intelligenz|dfki|DFKI)"
  MTG:
    - "MTG AG"
  secuvera:
    - "secuvera"
  SRC:
    - "SRC Security Research & Consulting"
  Acucert:
    - "Acucert Labs"
  ERTL:
    - "Common Criteria Test Laboratory,? ERTL"
  ETDC:
    - "Common Criteria Test Laboratory,? ETDC"
  CCLab:
    - "CCLab Software Laboratory"
  Deeplab:
    - "Deeplab"
  IMQLPS:
    - "IMQ/LPS"
  LVSLeonardo:
    - "LVS Leonardo"
  LVSTechnisBlu:
    - "LVS Technis Blu"
  ECSEC:
    - "ECSEC Laboratory"
  ITSC:
    - "Information Technology Security Center"
  Acumen:
    - "Acumen Security"
  BoozAllenHamilton:
    - "Booz Allen Hamilton"
  Gossamer:
    - "Gossamer Security"
  Leidos:
    - "Leidos"
  UL:
    - "UL Verification Services"
  BEAM:
    - "BEAM Teknoloji"
  Certby:
    - "Certby Lab"
  DEKRA:
    - "DEKRA Testing and Certification"
  STMITSEF:
    - "STM ITSEF"
  TUBITAK-BILGEM:
    - "TÜBİTAK BİLGEM"
  Combitech:
    - "Combitech AB"
  Intertek:
    - "Intertek"
  Clover:
    - "Clover Technologies"
  LAYAKK:
    - "LAYAKK SEGURIDAD INFORMATICA"
  An:
    - "An Security"
  TSystems:
    - "T-Systems International"
  KISA:
    - "KISA"
  KOIST:
    - "KOIST"
  KSEL:
    - "KSEL"
  KOSYAS:
    - "KOSYAS"
  KTR:
    - "KTR"
  KTC:
    - "KTC"
  TTA:
    - "TTA"
  ADS:
    - "Advanced Data Security"
  Nemko:
    - "Nemko System Sikkerhet"
  Norconsult:
    - "Norconsult( AS)?"
  Secura:
    - "Secura"
  BAE:
    - "BAE Applied Intelligence"

#####
# Symmetric crypto primitive (e.g. a block or stream cipher), grouped by competition/standardization effort.
#####
symmetric_crypto:
  AES_competition:
    AES:
      - "AES-?(?P<bitsize>128|192|256)?"
    Rijndael:
      - "Rijndael"
    Twofish:
      - "Twofish"
    Serpent:
      - "Serpent"
    MARS:
      - "MARS"
    HPC:
      - "HPC"
    FROG:
      - "FROG"
    CAST:
      - "CAST-?(?P<bitsize>128|160|192|224|256|5)?"
    RC:
      - "RC(?P<version>[2456])"
    CRYPTON:
      - "CRYPTON"
    DEAL:
      - "DEAL"
    E2:
      - "E2"
    LOKI97:
      - "LOKI97"
    MAGENTA:
      - "MAGENTA"
    SAFER:
      - "SAFER\\+"
  DES:
    DES:
      - "DE[SA]"
    3DES:
      - "([3T]|Triple)-?DE[SA]"
    Lucifer:
      - "Lucifer"
  djb:
    ChaCha:
      - "[XH]?ChaCha(?P<rounds>20|8)?"
    Salsa:
      - "[XH]?Salsa(?P<rounds>20(/8|/12)?)?"
    Poly:
      - "Poly1305"
  LWC_competition:
    ASCON:
      - "(ASCON|Ascon)"
    Elephant:
      - "Elephant"
    GIFT:
      - "GIFT(-COFB)?"
    Grain:
      - "Grain128(-AEAD)?"
    ISAP:
      - "ISAP"
    PhotonBeetle:
      - "Photon-?Beetle"
    Romulus:
      - "Romulus"
    Sparkle:
      - "Sparkle"
    TinyJambu:
      - "TinyJambu"
    Xoodyak:
      - "Xoodyak"
    Gimli:
      - "Gimli"
  eSTREAM:
    HC:
      - "HC-[0-9]{3}"
    Rabbit:
      - "Rabbit"
    SOSEMANUK:
      - "SOSEMANUK"
    MICKEY:
      - "MICKEY(-128)?"
    Trivium:
      - "Trivium"
  CAESAR:
    ACORN:
      - "ACORN"
    AEGIS:
      - "AEGIS(-128)?"
    Deoxys:
      - "Deoxys(-2)?"
    COLM:
      - "COLM"
  miscellaneous:
    IDEA:
      - "IDEA"
    Blowfish:
      - "Blowfish"
    Camellia:
      - "Camellia"
    ARIA:
      - "ARIA"
    SM4:
      - "SM4"
    GOST:
      - "GOST 28147-89"
      - "Magma"
      - "Kuznyechik"
    SEED:
      - "SEED"
    Skipjack:
      - "Skipjack"
    Skinny:
      - "Skinny|SKINNY"
  constructions:
    MAC:
      - "HMAC"
      - "HMAC-[A-Z]+?-(?:160|224|256|384|512)"
      - "KMAC"
      - "CMAC|CBC-MAC"

#####
# Asymmetric crypto primitive, grouped by type (RSA, ECC, FF).
#####
asymmetric_crypto:
  RSA:
    - "RSA[- ]?(?P<bitsize>512|768|1024|1280|1536|2048|3072|4096|8192)"
    - "RSASSAPKCS1-[Vv]1_5"
    - "RSA-?(OAEP|PSS|CRT)"
  ECC:
    ECDH:
      - "ECDHE?"
    ECDSA:
      - "ECDSA"
    EdDSA:
      - "EdDSA"
    ECIES:
      - "ECIES"
    ECC:
      - "ECC"
  FF:
    DH:
      - "Diffie-Hellman|DHE?"
    DSA:
      - "DSA"

#####
# Post-quantum crypto primitive, grouped by primitive, from NIST-PQC.
#####
pq_crypto:
  FIPS:
    - "ML-KEM|ML-DSA|SLH-DSA"
  ClassicMcEliece:
    - "Classic[ -]McEliece"
  CRYSTALS:
    - "CRYSTALS"
  Kyber:
    - "(CRYSTALS-)?(Kyber|KYBER)"
  NTRU:
    - "NTRU"
  NTRUPrime:
    - "NTRU[ -]?Prime"
  NewHope:
    - "NewHope"
  Saber:
    - "Saber|SABER"
  Dilithium:
    - "(CRYSTALS-)?(Dilithium|DILITHIUM)"
  Falcon:
    - "Falcon|FALCON"
  Rainbow:
    - "Rainbow"
  UOV:
    - "UOV"
  BIKE:
    - "BIKE"
  Frodo:
    - "Frodo(KEM)?"
  HQC:
    - "HQC"
  SIKE:
    - "SIKE"
  SIDH:
    - "SIDH"
  GeMSS:
    - "GeMSS"
  Picnic:
    - "Picnic"
  SPHINCS:
    - "SPHINCS\\+"
  SABER:
    - "SABER"
  XMSS:
    - "XMSS(MT)?"
  LMS:
    - "LMS"
  PQC:
    - "(PQC|Post-Quantum Cryptography)"
#####
# Hash-function, grouped by hash-function class (SHA, MD) or competition (PHC).
#####
hash_function:
  SHA:
    SHA1:
      - "SHA-?1"
    SHA2:
      - "SHA-?(?P<bitsize>160|224|256|384|512)"
      - "SHA-?2"
    SHA3:
      - "SHA-?3(-[0-9]{3})?"
  Keccak:
    - "Keccak"
  SHAKE:
    - "SHAKE[0-9]{3}"
  Groestl:
    - "(Groestl|Grøstl)"
  BLAKE:
    - "(Blake|BLAKE)[23][sbX]?"
  JH:
    - "JH"
  Skein:
    - "Skein"
  MD:
    MD4:
      - "MD4"
    MD5:
      - "MD5"
    MD6:
      - "MD6"
  RIPEMD:
    - "RIPEMD(-?[0-9]{3})?"
  Streebog:
    - "Streebog"
  Whirpool:
    - "Whirpool"
  PHC_competition:
    Argon:
      - "Argon2?[id]?"
    battcrypt:
      - "battcrypt"
    Catena:
      - "Catena"
    Lyra2:
      - "Lyra2"
    Makwa:
      - "Makwa"
    POMELO:
      - "POMELO"
    Pufferfish:
      - "Pufferfish"
    yescrypt:
      - "yescrypt"
  bcrypt:
    - "bcrypt"
  scrypt:
    - "scrypt"
  PBKDF:
    - "PBKDF[12]?"

#####
# General cryptographic scheme.
#####
crypto_scheme:
  MAC:
    - "MAC"
  KEM:
    - "KEM"
  PKE:
    - "PKE"
  KEX:
    - "KEX|Key [eE]xchange"
  KA:
    - "KA|Key [aA]greement"
  PAKE:
    - "PAKE"
  AEAD:
    - "AEAD"

#####
# General cryptographic protocol.
#####
crypto_protocol:
  SSH:
    - "SSH(v[0-9])?"
  TLS:
    SSL:
      - "SSL( ?v?[123]\\.0)?"
    TLS:
      - "TLS( ?v?1\\.[0123])?"
    DTLS:
      - "DTLS( ?v?1\\.[0123])?"
  PACE:
    - "PACE"
  IKE:
    - "IKE(v[12])?"
  IPsec:
    - "IPsec"
  VPN:
    - "VPN"
  PGP:
    - "PGP"

#####
# Random number generator.
#####
randomness:
  DUAL_EC:
    - "DUAL[ _]EC[ _]DRBG"
  TRNG:
    - "D?TRNG"
  PRNG:
    - "PRNG"
    - "DRBG"
  RNG:
    - "RN[GD]"
    - "RBG"

#####
# Block cipher mode.
#####
cipher_mode:
  ECB:
    - "ECB"
  CBC:
    - "CBC"
  CTR:
    - "CTR"
  CFB:
    - "CFB"
  OFB:
    - "OFB"
  GCM:
    - "GCM"
  SIV:
    - "SIV"
  XTR:
    - "XTR"
  CCM:
    - "CCM"
  LRW:
    - "LRW"
  XEX:
    - "XEX"
  XTS:
    - "XTS"

#####
# An elliptic curve, grouped by standardization body (e.g. NIST, Brainpool).
# Note that multiple curve names may correspond to the same curve.
#####
ecc_curve:
  NIST:
    - "(?:Curve |curve |)P-(192|224|256|384|521)"
    - "(?:ansit|ansip|ANSIP|ANSIT)[0-9]+?[rk][12]"
    - "(NIST)? ?[PBK]-[0-9]{3}"
    - "(?:secp|sect|SECP|SECT)[0-9]+?[rk][12]"
    - "prime[0-9]{3}v[123]"
    - "c2[pto]nb[0-9]{3}[vw][123]"
  Brainpool:
    - "(?:brainpool|BRAINPOOL)P[0-9]{3}[rkt][12]"
  ANSSI:
    - "(?:anssi|ANSSI)?[ ]*FRP[0-9]+?v1"
  NUMS:
    - "numsp[0-9]{3}[td]1"
  Curve:
    - "Curve(25519|1174|4417|22103|67254|383187|41417)"
  Edwards:
    - "Ed(25519|448)"
  ssc:
    - "ssc-(160|192|224|256|288|320|384|512)"
  Tweedle:
    - "Tweedle(dee|dum)"
  Pasta:
    - "(Pallas|Vesta)"
  JubJub:
    - "JubJub"
  BLS:
    - "BLS(12|24)-[0-9]{3}"
  BN:
    - "bn[0-9]{3}"

#####
# A cryptographic engine.
#####
crypto_engine:
  TORNADO:
    - "TORNADO"
  SmartMX:
    - "SmartMX[0-9]?"
  NexCrypt:
    - "NexCrypt"
  NesCrypt:
    - "(NESCRYPT|Nescrypt)"
#####
# TLS cipher suite name.
#####
tls_cipher_suite:
  TLS:
    - "TLS(_[A-Z0-9]+){1,3}_WITH(_[A-Z0-9]+){2,4}"

#####
# A cryptographic library, grouped by rough library category.
#####
crypto_library:
  Neslib:
    - "(?:NesLib|NESLIB) [v]*[0-9\\.]+"
  AT1:
    - "AT1 Secure .{1,30}? Library [v]*[0-9\\.]+"
    - "AT1 Secure RSA/ECC/SHA library"
  Generic:
    - "Crypto Library [v]*[0-9\\.]+"
  AtmelToolbox:
    - "(ATMEL|Atmel) Toolbox [0-9\\.]+"
  Infineon:
    - "v1\\.02\\.013"  # Infineon's ROCA-vulnerable library
  OpenSSL:
    - "OpenSSL"
  LibreSSL:
    - "LibreSSL"
  BoringSSL:
    - "BoringSSL"
  MatrixSSL:
    - "MatrixSSL"
  Nettle:
    - "Nettle"
  GnuTLS:
    - "GnuTLS"
  libtomcrypt:
    - "libtomcrypt"
  BearSSL:
    - "BearSSL"
  Botan:
    - "Botan"
  "Crypto++":
    - "Crypto\\+\\+"
  wolfSSL:
    - "wolfSSL"
  mbedTLS:
    - "[mM]bedTLS"
  s2n:
    - "(Amazon )?s2n"
  NSS:
    - "NSS"
  libgcrypt:
    - "libgcrypt"
  BouncyCastle:
    - "BouncyCastle"
  cryptlib:
    - "cryptlib"
  NaCl:
    - "NaCl"
  libsodium:
    - "libsodium"
  libsecp256k1:
    - "libsecp256k1"

#####
# A vulnerability idenfitier or name (e.g. CVE-... but also Minerva, ROCA).
#####
vulnerability:
  CVE:
    - "CVE-[0-9]+?-[0-9]+?"
  CWE:
    - "CWE-[0-9]+?"
  ROCA:
    - "ROCA"
  Minerva:
    - "Minerva"
  TPM-Fail:
    - "TPM[\\.-]Fail"
  EUCLEAK:
    - "EUCLEAK"

#####
# A side-channel analysis related term, grouped into SCA, FI and other.
#####
side_channel_analysis:
  SCA:
    - "Leak-Inherent"
    - "[Pp]hysical [Pp]robing"
    - "[Ss]ide.channels?"
    - "SPA|DPA"
    - "[tT]iming [aA]ttacks?"
    - "[Tt]emplate [aA]ttacks?"
    - "[Pp]rofiled [aA]ttacks?"
    - "[Cc]lustering [aA]ttacks?"
    - "t-test|TVLA"
  FI:
    - "[pP]hysical [tT]ampering"
    - "[Mm]alfunction"
    - "DFA|SIFA"
    - "[Ff]+ault [iI]nduction"
    - "[Ff]+ault [iI]njection"
  other:
    - "[Dd]eep[ -][lL]earning"
    - "[Cc]old [bB]oot"
    - "[Rr]ow-?hammer"
    - "[Rr]everse [eE]ngineering"
    - "[Ll]attice [aA]ttacks?"
    - "[Oo]racle [aA]ttacks?"
    - "[Bb]leichenbacher [aA]ttacks?"
    - "[Bb]ellcore [aA]ttacks?"
    - "JIL(-(AAPS|COMP|AM|AAPHD|AMHD))?"
    - "JHAS"

#####
# A term used in the certification process.
#####
certification_process:
  OutOfScope:
    - "[oO]ut of [sS]cope"
    - "[\\.\\(].{0,100}?.[oO]ut of [sS]cope..{0,100}?[\\.\\)]"
    - ".{0,100}[oO]ut of [sS]cope.{0,100}"
  ConfidentialDocument:
    - ".{0,100}confidential document.{0,100}"
  SecurityFunction:
    - "[sS]ecurity [fF]unction SF\\.[a-zA-Z0-9_]"

#####
# A technical report id, grouped by standardization body (e.g. BSI).
#####
technical_report_id:
  BSI:
    - "BSI[ ]*TR-[0-9]+?(?:-[0-9]+?|)"
    - "BSI [0-9]+?" # German BSI document containing list of issued certificates in some period

#####
# A device model, grouped by manufacturer and subgroups into particular model families.
#####
device_model:
  G87:
    - "G87-.+?"
  ATMEL:
    - "ATMEL AT.+?"
  STM:
    STM32:
      - "STM32[FGLHW][0-7][0-9]{1,2}[FGKTSCRVZI][468BCDEFGHI][PHUTY][67]"
  Infineon:
    SLE:
      - "SLE[0-9]{2}[A-Z]{3}[0-9]{1-4}[A-Z]{1-3}"

#####
# A Trusted Execution Environment, grouped by manufacturer (e.g. Intel, ARM, ...).
#####
tee_name:
  Intel:
    - "(Intel )?SGX"
  ARM:
    - "(ARM )?TrustZone"
    - "(ARM )?(Realm Management Extension|Confidential Compute Architecture)"
  AMD:
    - "(AMD )?(PSP|Platform Security Processor)"
    - "(AMD )?(SEV|Secure Encrypted Virtualization)"
  IBM:
    - "(IBM )?(SSC|Secure Service Container)"
    - "(IBM )?(SE|Secure Execution)"
  other:
    - "Cloud Link TEE"
    - "iOS Secure Enclave"
    - "iTrustee"
    - "Trusty"
    - "OPTEE"
    - "QTEE"
    - "TEEgris"
    - "T6"
    - "Kinibi"
    - "SW TEE"
    - "WatchTrust"
    - "TEE"

#####
# An OS name, grouped by OS.
#####
os_name:
  STARCOS:
    - "STARCOS(?: [0-9\\.]+?|)"
  JCOP:
    - "JCOP[ ]*[0-9]"

#####
# CPLC data name..
#####
cplc_data:
  ICFab:
    - "IC[ \\.]*Fabricator"
  ICType:
    - "IC[ \\.]*Type"
  ICVersion:
    - "IC[ \\.]*Version"

#####
# An elementary data group.
#####
ic_data_group:
  EF:
    - "EF\\.DG[1-9][0-6]?"
    - "EF\\.COM"
    - "EF\\.CardAccess"
    - "EF\\.SOD"
    - "EF\\.ChipSecurity"

#####
# Standard ID, grouped by standardization body (e.g. FIPS, NIST, ISO).
#####
standard_id:
  FIPS:
    - "FIPS ?(?:PUB )?[0-9]+(-[0-9]+)?"
  NIST:
    - "(NIST )?SP [0-9]+-[0-9]+?[a-zA-Z]?"
  PKCS:
    - "PKCS[ #]*[1-9]+"
  BSI:
    - "BSI-AIS[ ]*[0-9]+?"
    - "AIS[ ]*[0-9]+?"
  RFC:
    - "RFC[ -]?[0-9]+?"
  ISO:
    - "ISO/IEC[ ]*[0-9]+[-]*[0-9]*"
    - "ISO/IEC[ ]*[0-9]+:[ 0-9]+"
    - "ISO/IEC[ ]*[0-9]+"
  ICAO:
    - "ICAO(?:-SAC|)"
  X509:
    - "[Xx]\\.509"
  SCP:
    - "(?:SCP|scp)[ ']*[0-9][0-9]"
  CC:
    - "CC[I]*MB-20[0-9]+?-[0-9]+?-[0-9]+?"  # Common Criteria methodology
    - "CCIMB-9[0-9]-[0-9]+?"  # Common Criteria methodology old

#####
# JavaCard version identifier.
#####
javacard_version:
  JavaCard:
    - "(?:Java Card|JavaCard) [2-3]\\.[0-9](?:\\.[0-9]|)"
    - "JC[2-3]\\.[0-9](?:\\.[0-9]|)"
    - "(?:Java Card|JavaCard) \\(version [2-3]\\.[0-9](?:\\.[0-9]|)\\)"
  GlobalPlatform:
    - "(?:Global Platform|GlobalPlatform) [2-3]\\.[0-9]\\.[0-9]"
    - "(?:Global Platform|GlobalPlatform) \\(version [2-3]\\.[0-9]\\.[0-9]\\)"

#####
# JavaCard API constant, grouped into "ALG", "misc" and "curves".
#####
javacard_api_const:
  ALG:
    RNG:
      - "ALG_(?:PSEUDO_RANDOM|SECURE_RANDOM|TRNG|PRESEEDED_DRBG|FAST|KEYGENERATION)"
    DES:
      - "ALG_DES_[A-Z_0-9]+"
    RSA:
      - "ALG_RSA_[A-Z_0-9]+"
    DSA:
      - "ALG_DSA_[A-Z_0-9]+"
    ECDSA:
      - "ALG_ECDSA_[A-Z_0-9]+"
    AES:
      - "ALG_AES_[A-Z_0-9]+"
    HMAC:
      - "ALG_HMAC_[A-Z_0-9]+"
    KOREAN:
      - "ALG_KOREAN_[A-Z_0-9]+"
    EC:
      - "ALG_EC_[A-Z_0-9]+?"
    SHA:
      - "ALG_SHA_[A-Z_0-9]+"
    SHA3:
      - "ALG_SHA3_[A-Z_0-9]+"
    MD:
      - "ALG_MD[A-Z_0-9]+"
    RIPEMD:
      - "ALG_RIPEMD[A-Z_0-9]+"
    ISO3309:
      - "ALG_ISO3309_[A-Z_0-9]+"
    XDH:
      - "ALG_XDH"
    SM2:
      - "ALG_SM2"
    SM3:
      - "ALG_SM3"
    NULL:
      - "ALG_NULL"
  misc:
    - "SIG_CIPHER_[A-Z_0-9]+"
    - "CIPHER_[A-Z_0-9]+"
    - "PAD_[A-Z_0-9]+"
    - "TYPE_[A-Z_0-9]+"
    - "LENGTH_[A-Z_0-9]+"
    - "OWNER_PIN[A-Z_0-9]*"
  curves:
    - "BRAINPOOLP[A-Z_0-9]+(?:R|T)1"
    - "ED25519"
    - "ED448"
    - "FRP256V1"
    - "SECP[0-9]*R1"
    - "SM2"
    - "X25519"
    - "X448"

#####
# JavaCard common package identifiers.
#####
javacard_packages:
  java:
    - "java\\.[a-z\\.]+"
  javacard:
    - "javacard\\.[a-z\\.]+"
  javacardx:
    - "javacardx\\.[a-z\\.]+"
  org:
    - "org\\.[0-9a-z\\.]+"
  uicc:
    - "uicc\\.[a-z\\.]+"
  com:
    - "com\\.[0-9a-z\\.]+"
  de:
    - "de\\.bsi\\.[a-z\\.]+"

#####
# FIPS 140 certificate id.
#####
fips_cert_id:
  Cert:
    - "(?:#[^\\S\\r\\n]?|Cert\\.?(?!.\\s)[^\\S\\r\\n]?|Certificate[^\\S\\r\\n]?)(?P<id>\\d{1,4})(?!\\d)"

#####
# FIPS 140 security level.
#####
fips_security_level:
  Level:
    - "[lL]evel (\\d)"

#####
# FIPS 140 "certlike" string, that needs to get removed from certificate id matches.
#####
fips_certlike:
  Certlike:
    # --- HMAC(-SHA)(-1) - (bits) (method) ((hardware/firmware cert) #id) ---
    # + added (and #id) everywhere
    - "HMAC(?:[- –]*SHA)?(?:[- –]*1)?[– -]*((?:;|\\/|160|224|256|384|512)?(?:;|\\/| |[Dd]ecrypt|[Ee]ncrypt|KAT)*?[, ]*?\\(?(?: |hardware|firmware)*?[\\s(\\[]*?(?:#|cert\\.?|Cert\\.?|Certificate|sample)?[\\s#]*?)?[\\s#]*?(\\d{1,4})(?:[\\s#]*and[\\s#]*\\d+)?"
    # --- same as above, without hw or fw ---
    - "HMAC(?:-SHA)?(?:-1)?[ -]*((?:;|\\/|160|224|256|384|512)?(?:;|\\/| |[Dd]ecrypt|[Ee]ncrypt|KAT)*?[, ]*?(?:#|cert\\.?|sample|Cert\\.?|Certificate)?[\\s#]*?)?[\\s#]*?(\\d{1,4})"
    # --- SHS/A - (bits) (method) ((cert #) numbers) ---
    - "SH[SA][-– 123]*(?:;|\\/|160|224|256|384|512)?(?:[\\s(\\[]*?(?:KAT|[Bb]yte [Oo]riented)*?[\\s,]*?[\\s(\\[]*?(?:#|cert\\.?|sample|Cert\\.?|Certificate)?[\\s#]*?)?[\\s#]*?(\\d{1,4})(?:\\)?\\[#?\\d+\\])?(?:[\\s#]*?and[\\s#]*?\\d+)?"
    # --- RSA (bits) (method) ((cert #)) ---
    - "RSA(?:[-– ]*(?:;|\\/|512|768|1024|1280|1536|2048|3072|4096|8192)\\s\\(\\[]*?(?:(?:;|\\/|KAT|Verify|PSS|\\s)*?)?[\\s,]*?[\\s(\\[]*?(?:#|cert\\.?|sample|Cert\\.?|Certificate)?[\\s#]*?)?[\\s#]*?(\\d{1,4})"
    # --- RSA (SSA) (PKCS) (version) (#) ---
    - "(?:RSA)?[-– ]?(?:SSA)?[- ]?PKCS\\s?#?\\d(?:-[Vv]1_5| [Vv]1[-_]5)?[\\s#]*?(\\d{1,4})?"
    # --- AES (bits) (method) ((cert #)) ---
    - "AES[-– ]*((?: |;|\\/|bit|key|128|192|256|CBC)*(?: |\\/|;|[Dd]ecrypt|[Ee]ncrypt|KAT|CMAC|CTR|GCM|IV|CBC)*?[,\\s(\\[]*?(?:#|cert\\.?|sample|Cert\\.?|Certificate)?[\\s#]*?)?[\\s#]*?(\\d{1,4})(?:\\)?[\\s#]*?\\[#?\\d+\\])?(?:[\\s#]*?and[\\s#]*?(\\d+))?"
    # --- Diffie Helman (CVL) ((cert #)) ---
    - "Diffie[-– ]*Hellman[,\\s(\\[]*?(?:CVL|\\s)*?(?:#|cert\\.?|sample|Cert\\.?|Certificate)?[\\s#]*?[\\s#]*?(\\d{1,4})"
    # --- DRBG (bits) (method) (cert #) ---
    - "DRBG[ –-]*((?:;|\\/|160|224|256|384|512)?(?:;|\\/| |[Dd]ecrypt|[Ee]ncrypt|KAT)*?[,\\s(\\[]*?(?:#|cert\\.?|sample|Cert\\.?|Certificate)?[\\s#]*?)?[\\s#]*?(\\d{1,4})"
    # --- DES (bits) (method) (cert #)
    - "DES[ –-]*((?:;|\\/|160|224|256|384|512)?(?:;|\\/| |[Dd]ecrypt|[Ee]ncrypt|KAT|CBC|(?:\\d(?: and \\d)? keying options?))*?[,\\s(\\[]*?(?:#|cert\\.?|sample|Cert\\.?|Certificate)*?[\\s#]*?)?[\\s#]*?(\\d{1,4})(?:[\\s#]*?and[\\s#]*?(\\d+))?"
    # --- DSA (bits) (method) (cert #)
    - "DSA[ –-]*((?:;|\\/|160|224|256|384|512)?(?: |[Dd]ecrypt|[Ee]ncrypt|KAT)*?[,\\s(\\[]*?(?:#|cert\\.?|sample|Cert\\.?|Certificate)?[\\s#]*?)?[\\s#]*?(\\d{1,4})"
    # --- platforms (#)+ - this is used in modification history ---
    - "[Pp]latforms? #\\d+(?:#\\d+|,| |-|and)*[^\\n]*"
    # --- CVL (#) ---
    - "CVL[\\s#]*?(\\d{1,4})"
    # --- PAA (#) ---
    - "PAA[: #]*?\\d{1,4}"
    # --- (#) Type ---
    - "(?:#|cert\\.?|sample|Cert\\.?|Certificate)[\\s#]*?(\\d+)?\\s*?(?:AES|SHS|SHA|RSA|HMAC|Diffie-Hellman|DRBG|DES|CVL)"
    # --- PKCS (#) ---
    - "PKCS[\\s]?#?\\d+"
    - "PKSC[\\s]?#?\\d+"  # typo, #625
    # --- # C and # A (just in case) ---
    - "#\\s+?[Cc]\\d+"
    - "#\\s+?[Aa]\\d+"


#####
# Common Criteria rules.
#####
cc_rules:
  - "cc_cert_id"
  - "cc_protection_profile_id"
  - "cc_security_level"
  - "cc_sar"
  - "cc_sfr"
  - "cc_claims"
  - "vendor"
  - "eval_facility"
  - "symmetric_crypto"
  - "asymmetric_crypto"
  - "pq_crypto"
  - "hash_function"
  - "crypto_scheme"
  - "crypto_protocol"
  - "randomness"
  - "cipher_mode"
  - "ecc_curve"
  - "crypto_engine"
  - "tls_cipher_suite"
  - "crypto_library"
  - "vulnerability"
  - "side_channel_analysis"
  - "technical_report_id"
  - "device_model"
  - "tee_name"
  - "os_name"
  - "cplc_data"
  - "ic_data_group"
  - "standard_id"
  - "javacard_version"
  - "javacard_api_const"
  - "javacard_packages"
  - "certification_process"


#####
# FIPS rules.
#####
fips_rules:
  - "fips_cert_id"
  - "fips_security_level"
  - "fips_certlike"
  - "vendor"
  - "eval_facility"
  - "symmetric_crypto"
  - "asymmetric_crypto"
  - "pq_crypto"
  - "hash_function"
  - "crypto_scheme"
  - "crypto_protocol"
  - "randomness"
  - "cipher_mode"
  - "ecc_curve"
  - "crypto_engine"
  - "tls_cipher_suite"
  - "crypto_library"
  - "vulnerability"
  - "side_channel_analysis"
  - "device_model"
  - "tee_name"
  - "os_name"
  - "cplc_data"
  - "ic_data_group"
  - "standard_id"
  - "javacard_version"
  - "javacard_api_const"
  - "javacard_packages"
  - "certification_process"