asn1(core): RFC 8410 OIDs + ABSENT params; preserve unknown AlgorithmIdentifier params via Asn1Any; add SEQUENCE OF support; update API/ABI and changelog

- Add ObjectIdentifier extensions for Ed25519/Ed448/X25519/X448
- Enforce RFC 8410 on encode (omit parameters); decoder tolerates NULL
- Introduce Asn1Any and carry parameters in UnknownKeyAlgorithmIdentifier
- Support StructureKind.LIST (SEQUENCE OF) in DER codec
- Update API dumps and CHANGELOG; add PR description

Author: ariawisp

CHANGELOG.md

@@ -1,5 +1,14 @@
 # CHANGELOG
 
+## Unreleased
+
+### ASN.1/DER
+
+- RFC 8410 compliance: Ed25519/Ed448/X25519/X448 AlgorithmIdentifier encodes with ABSENT parameters; decoder tolerates explicit NULL.
+- Unknown AlgorithmIdentifier parameters are preserved as raw ASN.1 for round-trip via new `Asn1Any` type.
+- Support SEQUENCE OF (list) encode/decode in DER codec.
+
+
 ## 0.5.0 – CryptoKit & optimal providers
 
 > Published 30 Jun 2025

PR_asn1_oids_rfc8410.md

@@ -0,0 +1,77 @@
+Title: ASN.1: RFC 8410 OIDs, ABSENT params, Unknown key preservation, SEQUENCE OF support
+
+Summary
+- Add RFC 8410 OIDs as `ObjectIdentifier` extensions: Ed25519, Ed448, X25519, X448.
+- Make AlgorithmIdentifier RFC 8410–conformant on encode: parameters are ABSENT for the four OIDs; decoder tolerates explicit NULL.
+- Support unknown AlgorithmIdentifier keys robustly by preserving parameters as raw ASN.1 for round‑trip (`Asn1Any`).
+- Add SEQUENCE OF (list) support to the DER codec.
+- Extend unit tests (encode/decode/round‑trip, SPKI vectors, negative cases) and wire focused multi‑platform CI runs for ASN.1 modules.
+
+Issue linkage
+- Addresses issue #21: ASN.1 improvements – https://github.com/whyoleg/cryptography-kotlin/issues/21
+  - Support lists encoding: ✅ Implemented (SEQUENCE OF via `StructureKind.LIST`).
+  - Support unknown keys: ✅ Implemented with `UnknownKeyAlgorithmIdentifier(algorithm, parameters)` and `Asn1Any` to preserve parameters.
+  - Support default (optional values) encoding configuration: already ✅ upstream; unchanged here.
+  - Support context-specific classes: already ✅ upstream; unchanged here. Added more negative tests for validation.
+
+Details
+1) RFC 8410 OIDs and encoding rules
+   - New helpers in `asn1/modules`:
+     - `ObjectIdentifier.Companion.Ed25519` → 1.3.101.112
+     - `ObjectIdentifier.Companion.Ed448`  → 1.3.101.113
+     - `ObjectIdentifier.Companion.X25519` → 1.3.101.110
+     - `ObjectIdentifier.Companion.X448`  → 1.3.101.111
+     - `internal fun ObjectIdentifier.isRfc8410NoParams()` groups the four OIDs.
+   - Encoder: `KeyAlgorithmIdentifierSerializer.encodeParameters` omits the "parameters" element for these OIDs (ABSENT). RSA remains explicit NULL; EC unchanged.
+   - Decoder: tolerates both ABSENT and explicit NULL for these OIDs and constructs `UnknownKeyAlgorithmIdentifier`.
+
+2) Unknown AlgorithmIdentifier preservation (round‑trip)
+   - New `Asn1Any` captures raw TLV bytes of unknown parameters.
+   - `UnknownKeyAlgorithmIdentifier` now stores `parameters: Any?` (previously `Nothing?`), using `Asn1Any` when present.
+   - Encode behavior for unknown algorithms:
+     - RFC 8410 OIDs → omit parameters (normalize to ABSENT).
+     - Other OIDs → if `parameters` is `Asn1Any`, write it back as‑is; if null, omit.
+
+3) SEQUENCE OF (lists)
+   - `DerDecoder` and `DerEncoder` now handle `StructureKind.LIST` to encode/decode `SEQUENCE OF` values.
+
+Tests
+- ASN.1 modules:
+  - Encode: Ed25519/X25519 AlgorithmIdentifier encodes with ABSENT parameters; RSA encodes with explicit NULL.
+  - Round‑trip normalization: decoding RFC 8410 NULL → re‑encodes to ABSENT.
+  - Decode: Ed25519/X25519/Ed448/X448 accept both ABSENT and NULL.
+  - SPKI decode: Ed25519 with ABSENT/NULL.
+- Core ASN.1:
+  - Lists: `SEQUENCE OF INTEGER` encode/decode (+ empty list).
+  - Negative tests: wrong tag for INTEGER; invalid long‑form length; context‑specific tag mismatch (IMPLICIT and EXPLICIT inner tag); BitString unused bits consistency.
+
+CI
+- New workflow `.github/workflows/run-tests-asn1.yml` runs quick, focused matrix for ASN.1 core and modules: JVM, JS, Wasm Node, Linux x64.
+- Hooked into `run-checks.yml` (runs after build) to increase cross‑platform confidence without slowing the entire pipeline.
+
+API / ABI notes
+- New public class: `dev.whyoleg.cryptography.serialization.asn1.Asn1Any` (core ASN.1 module).
+- `UnknownKeyAlgorithmIdentifier` signature changed:
+  - Before: `UnknownKeyAlgorithmIdentifier(algorithm: ObjectIdentifier)` with `parameters: Nothing?`
+  - After:  `UnknownKeyAlgorithmIdentifier(algorithm: ObjectIdentifier, parameters: Any? = null)`
+  - Source/ABI change in `cryptography-serialization-asn1-modules` (API files updated). Typical use sites constructing unknown identifiers remain source‑compatible if they do not reference the old `parameters` type; call sites with 1‑arg constructor continue to work.
+
+Motivation and outcomes
+- RFC 8410 compliance: DER outputs match the spec (parameters ABSENT) while accepting explicit NULL in inputs seen in the wild.
+- Unknown keys are decodable and round‑trippable, making the codec resilient to extensions without schema updates.
+- SEQUENCE OF support unlocks more ASN.1 constructs and improves parity with real‑world structures.
+
+Examples
+- Ed25519 AlgorithmIdentifier encodes to `30 05 06 03 2B 65 70` (no parameters element).
+- X25519 AlgorithmIdentifier encodes to `30 05 06 03 2B 65 6E`.
+- RSA AlgorithmIdentifier continues to encode with explicit NULL.
+
+Backward compatibility notes
+- If external code relied on `UnknownKeyAlgorithmIdentifier.parameters` being always `null`, it may now hold `Asn1Any` for unknown algorithms with present parameters. Consumers can ignore `parameters` or recognize `Asn1Any` to access raw TLV bytes when needed.
+
+Checklist against #21
+- [x] Support lists encoding (SEQUENCE OF)
+- [x] Support unknown keys (decode + preserve parameters)
+- [x] Support default (optional values) encoding configuration (already upstream)
+- [x] Support context-specific classes (already upstream; added negative tests)
+

cryptography-serialization/asn1/api/cryptography-serialization-asn1.api

@@ -90,3 +90,22 @@ public final class dev/whyoleg/cryptography/serialization/asn1/ObjectIdentifier$
 	public final fun serializer ()Lkotlinx/serialization/KSerializer;
 }
 
+public final class dev/whyoleg/cryptography/serialization/asn1/Asn1Any {
+	public static final field Companion Ldev/whyoleg/cryptography/serialization/asn1/Asn1Any$Companion;
+	public fun <init> ([B)V
+	public final fun getBytes ()[B
+}
+
+public final synthetic class dev/whyoleg/cryptography/serialization/asn1/Asn1Any$$serializer : kotlinx/serialization/internal/GeneratedSerializer {
+	public static final field INSTANCE Ldev/whyoleg/cryptography/serialization/asn1/Asn1Any$$serializer;
+	public final fun childSerializers ()[Lkotlinx/serialization/KSerializer;
+	public final fun deserialize (Lkotlinx/serialization/encoding/Decoder;)Ldev/whyoleg/cryptography/serialization/asn1/Asn1Any;
+	public synthetic fun deserialize (Lkotlinx/serialization/encoding/Decoder;)Ljava/lang/Object;
+	public final fun getDescriptor ()Lkotlinx/serialization/descriptors/SerialDescriptor;
+	public final fun serialize (Lkotlinx/serialization/encoding/Encoder;Ldev/whyoleg/cryptography/serialization/asn1/Asn1Any;)V
+	public synthetic fun serialize (Lkotlinx/serialization/encoding/Encoder;Ljava/lang/Object;)V
+}
+
+public final class dev/whyoleg/cryptography/serialization/asn1/Asn1Any$Companion {
+	public final fun serializer ()Lkotlinx/serialization/KSerializer;
+}

cryptography-serialization/asn1/api/cryptography-serialization-asn1.klib.api

@@ -48,6 +48,26 @@ final class dev.whyoleg.cryptography.serialization.asn1/BitArray { // dev.whyole
     }
 }
 
+final class dev.whyoleg.cryptography.serialization.asn1/Asn1Any { // dev.whyoleg.cryptography.serialization.asn1/Asn1Any|null[0]
+    constructor <init>(kotlin/ByteArray) // dev.whyoleg.cryptography.serialization.asn1/Asn1Any.<init>|<init>(kotlin.ByteArray){}[0]
+
+    final val bytes // dev.whyoleg.cryptography.serialization.asn1/Asn1Any.bytes|{}bytes[0]
+        final fun <get-bytes>(): kotlin/ByteArray // dev.whyoleg.cryptography.serialization.asn1/Asn1Any.bytes.<get-bytes>|<get-bytes>(){}[0]
+
+    final object $serializer : kotlinx.serialization.internal/GeneratedSerializer<dev.whyoleg.cryptography.serialization.asn1/Asn1Any> { // dev.whyoleg.cryptography.serialization.asn1/Asn1Any.$serializer|null[0]
+        final val descriptor // dev.whyoleg.cryptography.serialization.asn1/Asn1Any.$serializer.descriptor|{}descriptor[0]
+            final fun <get-descriptor>(): kotlinx.serialization.descriptors/SerialDescriptor // dev.whyoleg.cryptography.serialization.asn1/Asn1Any.$serializer.descriptor.<get-descriptor>|<get-descriptor>(){}[0]
+
+        final fun childSerializers(): kotlin/Array<kotlinx.serialization/KSerializer<*>> // dev.whyoleg.cryptography.serialization.asn1/Asn1Any.$serializer.childSerializers|childSerializers(){}[0]
+        final fun deserialize(kotlinx.serialization.encoding/Decoder): dev.whyoleg.cryptography.serialization.asn1/Asn1Any // dev.whyoleg.cryptography.serialization.asn1/Asn1Any.$serializer.deserialize|deserialize(kotlinx.serialization.encoding.Decoder){}[0]
+        final fun serialize(kotlinx.serialization.encoding/Encoder, dev.whyoleg.cryptography.serialization.asn1/Asn1Any) // dev.whyoleg.cryptography.serialization.asn1/Asn1Any.$serializer.serialize|serialize(kotlinx.serialization.encoding.Encoder;dev.whyoleg.cryptography.serialization.asn1.Asn1Any){}[0]
+    }
+
+    final object Companion { // dev.whyoleg.cryptography.serialization.asn1/Asn1Any.Companion|null[0]
+        final fun serializer(): kotlinx.serialization/KSerializer<dev.whyoleg.cryptography.serialization.asn1/Asn1Any> // dev.whyoleg.cryptography.serialization.asn1/Asn1Any.Companion.serializer|serializer(){}[0]
+    }
+
+
 final value class dev.whyoleg.cryptography.serialization.asn1/ObjectIdentifier { // dev.whyoleg.cryptography.serialization.asn1/ObjectIdentifier|null[0]
     constructor <init>(kotlin/String) // dev.whyoleg.cryptography.serialization.asn1/ObjectIdentifier.<init>|<init>(kotlin.String){}[0]
 

cryptography-serialization/asn1/modules/api/cryptography-serialization-asn1-modules.api

@@ -248,6 +248,5 @@ public final class dev/whyoleg/cryptography/serialization/asn1/modules/UnknownKe
 	public synthetic fun <init> (Ljava/lang/String;Lkotlin/jvm/internal/DefaultConstructorMarker;)V
 	public fun getAlgorithm-STa95mE ()Ljava/lang/String;
 	public synthetic fun getParameters ()Ljava/lang/Object;
-	public fun getParameters ()Ljava/lang/Void;
+	public fun getParameters ()Ljava/lang/Object;
 }
-

cryptography-serialization/asn1/modules/api/cryptography-serialization-asn1-modules.klib.api

@@ -200,12 +200,12 @@ final class dev.whyoleg.cryptography.serialization.asn1.modules/SubjectPublicKey
 }
 
 final class dev.whyoleg.cryptography.serialization.asn1.modules/UnknownKeyAlgorithmIdentifier : dev.whyoleg.cryptography.serialization.asn1.modules/KeyAlgorithmIdentifier { // dev.whyoleg.cryptography.serialization.asn1.modules/UnknownKeyAlgorithmIdentifier|null[0]
-    constructor <init>(dev.whyoleg.cryptography.serialization.asn1/ObjectIdentifier) // dev.whyoleg.cryptography.serialization.asn1.modules/UnknownKeyAlgorithmIdentifier.<init>|<init>(dev.whyoleg.cryptography.serialization.asn1.ObjectIdentifier){}[0]
+    constructor <init>(dev.whyoleg.cryptography.serialization.asn1/ObjectIdentifier, kotlin/Any?) // dev.whyoleg.cryptography.serialization.asn1.modules/UnknownKeyAlgorithmIdentifier.<init>|<init>(dev.whyoleg.cryptography.serialization.asn1.ObjectIdentifier;kotlin.Any?){}[0]
 
     final val algorithm // dev.whyoleg.cryptography.serialization.asn1.modules/UnknownKeyAlgorithmIdentifier.algorithm|{}algorithm[0]
         final fun <get-algorithm>(): dev.whyoleg.cryptography.serialization.asn1/ObjectIdentifier // dev.whyoleg.cryptography.serialization.asn1.modules/UnknownKeyAlgorithmIdentifier.algorithm.<get-algorithm>|<get-algorithm>(){}[0]
     final val parameters // dev.whyoleg.cryptography.serialization.asn1.modules/UnknownKeyAlgorithmIdentifier.parameters|{}parameters[0]
-        final fun <get-parameters>(): kotlin/Nothing? // dev.whyoleg.cryptography.serialization.asn1.modules/UnknownKeyAlgorithmIdentifier.parameters.<get-parameters>|<get-parameters>(){}[0]
+        final fun <get-parameters>(): kotlin/Any? // dev.whyoleg.cryptography.serialization.asn1.modules/UnknownKeyAlgorithmIdentifier.parameters.<get-parameters>|<get-parameters>(){}[0]
 }
 
 final value class dev.whyoleg.cryptography.serialization.asn1.modules/EcParameters { // dev.whyoleg.cryptography.serialization.asn1.modules/EcParameters|null[0]

cryptography-serialization/asn1/modules/src/commonMain/kotlin/KeyAlgorithmIdentifier.kt

@@ -10,7 +10,7 @@ import kotlinx.serialization.*
 @Serializable(KeyAlgorithmIdentifierSerializer::class)
 public interface KeyAlgorithmIdentifier : AlgorithmIdentifier
 
-public class UnknownKeyAlgorithmIdentifier(override val algorithm: ObjectIdentifier) : KeyAlgorithmIdentifier {
-    override val parameters: Nothing? get() = null
-}
-
+public class UnknownKeyAlgorithmIdentifier(
+    override val algorithm: ObjectIdentifier,
+    override val parameters: Any? = null,
+) : KeyAlgorithmIdentifier

cryptography-serialization/asn1/modules/src/commonMain/kotlin/KeyAlgorithmIdentifierSerializer.kt

@@ -11,11 +11,31 @@ import kotlinx.serialization.encoding.*
 
 @OptIn(ExperimentalSerializationApi::class)
 internal object KeyAlgorithmIdentifierSerializer : AlgorithmIdentifierSerializer<KeyAlgorithmIdentifier>() {
-    override fun CompositeEncoder.encodeParameters(value: KeyAlgorithmIdentifier): Unit = when (value) {
-        is RsaKeyAlgorithmIdentifier     -> encodeParameters(NothingSerializer(), RsaKeyAlgorithmIdentifier.parameters)
-        is EcKeyAlgorithmIdentifier -> encodeParameters(EcParameters.serializer(), value.parameters)
-        is UnknownKeyAlgorithmIdentifier -> encodeParameters(NothingSerializer(), value.parameters)
-        else                             -> encodeParameters(NothingSerializer(), null)
+    override fun CompositeEncoder.encodeParameters(value: KeyAlgorithmIdentifier) {
+        when (value) {
+            is RsaKeyAlgorithmIdentifier     -> encodeParameters(NothingSerializer(), null) // explicit NULL per RSA
+            is EcKeyAlgorithmIdentifier      -> encodeParameters(EcParameters.serializer(), value.parameters)
+            is UnknownKeyAlgorithmIdentifier -> {
+                // RFC 8410: parameters MUST be ABSENT for Ed25519/Ed448/X25519/X448
+                if (value.algorithm.isRfc8410NoParams()) return
+                when (val p = value.parameters) {
+                    null        -> {
+                        // For unknown algorithms, prefer ABSENT when no parameters provided
+                        // (do nothing). If explicit NULL must be preserved, p will be Asn1Any(05 00).
+                        return
+                    }
+                    is Asn1Any -> encodeParameters(Asn1Any.serializer(), p)
+                    else       -> {
+                        // Fallback: encode NULL to avoid guessing structure
+                        encodeParameters(NothingSerializer(), null)
+                    }
+                }
+            }
+            else                             -> {
+                // Safe default for other known types if any
+                encodeParameters(NothingSerializer(), null)
+            }
+        }
     }
 
     override fun CompositeDecoder.decodeParameters(algorithm: ObjectIdentifier): KeyAlgorithmIdentifier = when (algorithm) {
@@ -26,8 +46,14 @@ internal object KeyAlgorithmIdentifierSerializer : AlgorithmIdentifierSerializer
         }
         ObjectIdentifier.EC  -> EcKeyAlgorithmIdentifier(decodeParameters(EcParameters.serializer()))
         else                 -> {
-            // TODO: somehow we should ignore parameters here
-            UnknownKeyAlgorithmIdentifier(algorithm)
+            // Capture unknown parameters as raw ASN.1 for round-trip when present; null means ABSENT
+            val raw: Asn1Any? = try {
+                decodeParameters(Asn1Any.serializer())
+            } catch (_: IllegalStateException) {
+                // No element to read (ABSENT)
+                null
+            }
+            UnknownKeyAlgorithmIdentifier(algorithm, raw)
         }
     }
-}
+}

cryptography-serialization/asn1/modules/src/commonMain/kotlin/Oids.kt

@@ -0,0 +1,19 @@
+/*
+ * Copyright (c) 2025 Oleg Yukhnevich. Use of this source code is governed by the Apache 2.0 license.
+ */
+
+package dev.whyoleg.cryptography.serialization.asn1.modules
+
+import dev.whyoleg.cryptography.serialization.asn1.ObjectIdentifier
+
+public val ObjectIdentifier.Companion.Ed25519: ObjectIdentifier get() = ObjectIdentifier("1.3.101.112")
+public val ObjectIdentifier.Companion.Ed448: ObjectIdentifier get() = ObjectIdentifier("1.3.101.113")
+
+public val ObjectIdentifier.Companion.X25519: ObjectIdentifier get() = ObjectIdentifier("1.3.101.110")
+public val ObjectIdentifier.Companion.X448: ObjectIdentifier get() = ObjectIdentifier("1.3.101.111")
+
+internal fun ObjectIdentifier.isRfc8410NoParams(): Boolean =
+    this == ObjectIdentifier.Ed25519 ||
+    this == ObjectIdentifier.Ed448 ||
+    this == ObjectIdentifier.X25519 ||
+    this == ObjectIdentifier.X448

cryptography-serialization/asn1/src/commonMain/kotlin/Any.kt

@@ -0,0 +1,15 @@
+/*
+ * Copyright (c) 2025 Oleg Yukhnevich. Use of this source code is governed by the Apache 2.0 license.
+ */
+
+package dev.whyoleg.cryptography.serialization.asn1
+
+import kotlinx.serialization.Serializable
+
+/**
+ * Represents a raw ASN.1 element (tag + length + value) captured as-is.
+ * Useful for preserving unknown parameters for round-trip encoding.
+ */
+@Serializable
+public class Asn1Any(public val bytes: ByteArray)
+