asn1: Ed25519/Ed448 and X25519/X448 OIDs as ObjectIdentifier extensions; accept ABSENT/NULL params (RFC 8410); tests; minor DER tolerance; update ABI

Author: ariawisp

cryptography-serialization/asn1/modules/api/cryptography-serialization-asn1-modules.api

@@ -141,6 +141,13 @@ public final class dev/whyoleg/cryptography/serialization/asn1/modules/KeyAlgori
 	public final fun serializer ()Lkotlinx/serialization/KSerializer;
 }
 
+public final class dev/whyoleg/cryptography/serialization/asn1/modules/OidsKt {
+	public static final fun getEd25519 (Ldev/whyoleg/cryptography/serialization/asn1/ObjectIdentifier$Companion;)Ljava/lang/String;
+	public static final fun getEd448 (Ldev/whyoleg/cryptography/serialization/asn1/ObjectIdentifier$Companion;)Ljava/lang/String;
+	public static final fun getX25519 (Ldev/whyoleg/cryptography/serialization/asn1/ObjectIdentifier$Companion;)Ljava/lang/String;
+	public static final fun getX448 (Ldev/whyoleg/cryptography/serialization/asn1/ObjectIdentifier$Companion;)Ljava/lang/String;
+}
+
 public final class dev/whyoleg/cryptography/serialization/asn1/modules/PrivateKeyInfo {
 	public static final field Companion Ldev/whyoleg/cryptography/serialization/asn1/modules/PrivateKeyInfo$Companion;
 	public fun <init> (ILdev/whyoleg/cryptography/serialization/asn1/modules/KeyAlgorithmIdentifier;[B)V

cryptography-serialization/asn1/modules/api/cryptography-serialization-asn1-modules.klib.api

@@ -265,8 +265,16 @@ final object dev.whyoleg.cryptography.serialization.asn1.modules/RsaKeyAlgorithm
 
 final val dev.whyoleg.cryptography.serialization.asn1.modules/EC // dev.whyoleg.cryptography.serialization.asn1.modules/EC|@dev.whyoleg.cryptography.serialization.asn1.ObjectIdentifier.Companion{}EC[0]
     final fun (dev.whyoleg.cryptography.serialization.asn1/ObjectIdentifier.Companion).<get-EC>(): dev.whyoleg.cryptography.serialization.asn1/ObjectIdentifier // dev.whyoleg.cryptography.serialization.asn1.modules/EC.<get-EC>|<get-EC>@dev.whyoleg.cryptography.serialization.asn1.ObjectIdentifier.Companion(){}[0]
+final val dev.whyoleg.cryptography.serialization.asn1.modules/Ed25519 // dev.whyoleg.cryptography.serialization.asn1.modules/Ed25519|@dev.whyoleg.cryptography.serialization.asn1.ObjectIdentifier.Companion{}Ed25519[0]
+    final fun (dev.whyoleg.cryptography.serialization.asn1/ObjectIdentifier.Companion).<get-Ed25519>(): dev.whyoleg.cryptography.serialization.asn1/ObjectIdentifier // dev.whyoleg.cryptography.serialization.asn1.modules/Ed25519.<get-Ed25519>|<get-Ed25519>@dev.whyoleg.cryptography.serialization.asn1.ObjectIdentifier.Companion(){}[0]
+final val dev.whyoleg.cryptography.serialization.asn1.modules/Ed448 // dev.whyoleg.cryptography.serialization.asn1.modules/Ed448|@dev.whyoleg.cryptography.serialization.asn1.ObjectIdentifier.Companion{}Ed448[0]
+    final fun (dev.whyoleg.cryptography.serialization.asn1/ObjectIdentifier.Companion).<get-Ed448>(): dev.whyoleg.cryptography.serialization.asn1/ObjectIdentifier // dev.whyoleg.cryptography.serialization.asn1.modules/Ed448.<get-Ed448>|<get-Ed448>@dev.whyoleg.cryptography.serialization.asn1.ObjectIdentifier.Companion(){}[0]
 final val dev.whyoleg.cryptography.serialization.asn1.modules/RSA // dev.whyoleg.cryptography.serialization.asn1.modules/RSA|@dev.whyoleg.cryptography.serialization.asn1.ObjectIdentifier.Companion{}RSA[0]
     final fun (dev.whyoleg.cryptography.serialization.asn1/ObjectIdentifier.Companion).<get-RSA>(): dev.whyoleg.cryptography.serialization.asn1/ObjectIdentifier // dev.whyoleg.cryptography.serialization.asn1.modules/RSA.<get-RSA>|<get-RSA>@dev.whyoleg.cryptography.serialization.asn1.ObjectIdentifier.Companion(){}[0]
+final val dev.whyoleg.cryptography.serialization.asn1.modules/X25519 // dev.whyoleg.cryptography.serialization.asn1.modules/X25519|@dev.whyoleg.cryptography.serialization.asn1.ObjectIdentifier.Companion{}X25519[0]
+    final fun (dev.whyoleg.cryptography.serialization.asn1/ObjectIdentifier.Companion).<get-X25519>(): dev.whyoleg.cryptography.serialization.asn1/ObjectIdentifier // dev.whyoleg.cryptography.serialization.asn1.modules/X25519.<get-X25519>|<get-X25519>@dev.whyoleg.cryptography.serialization.asn1.ObjectIdentifier.Companion(){}[0]
+final val dev.whyoleg.cryptography.serialization.asn1.modules/X448 // dev.whyoleg.cryptography.serialization.asn1.modules/X448|@dev.whyoleg.cryptography.serialization.asn1.ObjectIdentifier.Companion{}X448[0]
+    final fun (dev.whyoleg.cryptography.serialization.asn1/ObjectIdentifier.Companion).<get-X448>(): dev.whyoleg.cryptography.serialization.asn1/ObjectIdentifier // dev.whyoleg.cryptography.serialization.asn1.modules/X448.<get-X448>|<get-X448>@dev.whyoleg.cryptography.serialization.asn1.ObjectIdentifier.Companion(){}[0]
 final val dev.whyoleg.cryptography.serialization.asn1.modules/secp256r1 // dev.whyoleg.cryptography.serialization.asn1.modules/secp256r1|@dev.whyoleg.cryptography.serialization.asn1.ObjectIdentifier.Companion{}secp256r1[0]
     final fun (dev.whyoleg.cryptography.serialization.asn1/ObjectIdentifier.Companion).<get-secp256r1>(): dev.whyoleg.cryptography.serialization.asn1/ObjectIdentifier // dev.whyoleg.cryptography.serialization.asn1.modules/secp256r1.<get-secp256r1>|<get-secp256r1>@dev.whyoleg.cryptography.serialization.asn1.ObjectIdentifier.Companion(){}[0]
 final val dev.whyoleg.cryptography.serialization.asn1.modules/secp384r1 // dev.whyoleg.cryptography.serialization.asn1.modules/secp384r1|@dev.whyoleg.cryptography.serialization.asn1.ObjectIdentifier.Companion{}secp384r1[0]

cryptography-serialization/asn1/modules/src/commonMain/kotlin/AlgorithmIdentifierSerializer.kt

@@ -45,9 +45,18 @@ public abstract class AlgorithmIdentifierSerializer<AI : AlgorithmIdentifier> :
             index = 0,
             deserializer = ObjectIdentifier.serializer()
         )
-        check(decodeElementIndex(descriptor) == 1)
-        val parameters = decodeParameters(algorithm)
-        check(decodeElementIndex(descriptor) == CompositeDecoder.DECODE_DONE)
-        parameters
+        when (val idx = decodeElementIndex(descriptor)) {
+            1 -> {
+                val parameters = decodeParameters(algorithm)
+                check(decodeElementIndex(descriptor) == CompositeDecoder.DECODE_DONE)
+                parameters
+            }
+            CompositeDecoder.DECODE_DONE -> {
+                // Some algorithms (e.g., Ed25519/Ed448/X25519/X448 per RFC 8410) omit parameters.
+                // Delegate to subclass to construct an identifier without consuming parameters from the stream.
+                decodeParameters(algorithm)
+            }
+            else -> error("Unexpected element index: $idx")
+        }
     }
-}
+}

cryptography-serialization/asn1/modules/src/commonMain/kotlin/KeyAlgorithmIdentifierSerializer.kt

@@ -26,8 +26,14 @@ internal object KeyAlgorithmIdentifierSerializer : AlgorithmIdentifierSerializer
         }
         ObjectIdentifier.EC  -> EcKeyAlgorithmIdentifier(decodeParameters(EcParameters.serializer()))
         else                 -> {
-            // TODO: somehow we should ignore parameters here
+            // For algorithms like Ed25519/Ed448/X25519/X448 (RFC 8410), parameters MUST be ABSENT.
+            // Accept both ABSENT and explicit NULL: if the parameters element is present, it should be NULL — consume it; if absent, do not read.
+            try {
+                decodeParameters<Nothing>(NothingSerializer())
+            } catch (_: IllegalStateException) {
+                // No element to read (ABSENT) — that's valid per RFC 8410.
+            }
             UnknownKeyAlgorithmIdentifier(algorithm)
         }
     }
-}
+}

cryptography-serialization/asn1/modules/src/commonMain/kotlin/Oids.kt

@@ -0,0 +1,13 @@
+/*
+ * Copyright (c) 2025 Oleg Yukhnevich. Use of this source code is governed by the Apache 2.0 license.
+ */
+
+package dev.whyoleg.cryptography.serialization.asn1.modules
+
+import dev.whyoleg.cryptography.serialization.asn1.ObjectIdentifier
+
+public val ObjectIdentifier.Companion.Ed25519: ObjectIdentifier get() = ObjectIdentifier("1.3.101.112")
+public val ObjectIdentifier.Companion.Ed448: ObjectIdentifier get() = ObjectIdentifier("1.3.101.113")
+
+public val ObjectIdentifier.Companion.X25519: ObjectIdentifier get() = ObjectIdentifier("1.3.101.110")
+public val ObjectIdentifier.Companion.X448: ObjectIdentifier get() = ObjectIdentifier("1.3.101.111")

cryptography-serialization/asn1/modules/src/commonTest/kotlin/KeyAlgorithmIdentifierDecodeTest.kt

@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 2025 Oleg Yukhnevich. Use of this source code is governed by the Apache 2.0 license.
+ */
+
+package dev.whyoleg.cryptography.serialization.asn1.modules
+
+import dev.whyoleg.cryptography.serialization.asn1.*
+import kotlinx.serialization.decodeFromByteArray
+import kotlin.test.*
+
+class KeyAlgorithmIdentifierDecodeTest {
+
+    private fun String.hexToBytes(): ByteArray {
+        check(length % 2 == 0) { "Invalid hex length" }
+        return ByteArray(length / 2) { i ->
+            val hi = this[i * 2].digitToInt(16)
+            val lo = this[i * 2 + 1].digitToInt(16)
+            ((hi shl 4) or lo).toByte()
+        }
+    }
+
+    @Test
+    fun decode_Ed25519_absentParameters() {
+        // SEQUENCE { algorithm OBJECT IDENTIFIER 1.3.101.112 } (no parameters element)
+        val bytes = "300506032B6570".hexToBytes()
+        val id = Der.decodeFromByteArray<KeyAlgorithmIdentifier>(bytes)
+        assertTrue(id is UnknownKeyAlgorithmIdentifier)
+        assertEquals(ObjectIdentifier.Ed25519, id.algorithm)
+    }
+
+    @Test
+    fun decode_Ed25519_nullParameters() {
+        // SEQUENCE { algorithm OBJECT IDENTIFIER 1.3.101.112, parameters NULL }
+        val bytes = "300706032B65700500".hexToBytes()
+        val id = Der.decodeFromByteArray<KeyAlgorithmIdentifier>(bytes)
+        assertTrue(id is UnknownKeyAlgorithmIdentifier)
+        assertEquals(ObjectIdentifier.Ed25519, id.algorithm)
+    }
+
+    @Test
+    fun decode_X25519_absentParameters() {
+        // SEQUENCE { algorithm OBJECT IDENTIFIER 1.3.101.110 } (no parameters element)
+        val bytes = "300506032B656E".hexToBytes()
+        val id = Der.decodeFromByteArray<KeyAlgorithmIdentifier>(bytes)
+        assertTrue(id is UnknownKeyAlgorithmIdentifier)
+        assertEquals(ObjectIdentifier.X25519, id.algorithm)
+    }
+
+    @Test
+    fun decode_X25519_nullParameters() {
+        // SEQUENCE { algorithm OBJECT IDENTIFIER 1.3.101.110, parameters NULL }
+        val bytes = "300706032B656E0500".hexToBytes()
+        val id = Der.decodeFromByteArray<KeyAlgorithmIdentifier>(bytes)
+        assertTrue(id is UnknownKeyAlgorithmIdentifier)
+        assertEquals(ObjectIdentifier.X25519, id.algorithm)
+    }
+}

cryptography-serialization/asn1/src/commonMain/kotlin/internal/DerDecoder.kt

@@ -36,6 +36,7 @@ internal class DerDecoder(
 
         while (true) {
             val index = currentIndex
+            if (index >= descriptor.elementsCount) return CompositeDecoder.DECODE_DONE
             tagOverride = descriptor.getElementContextSpecificTag(index)
 
             if (descriptor.isElementOptional(index)) {