asn1: Edwards/Montgomery OIDs; RFC 8410-tolerant AlgorithmIdentifier; minor DER decoder tolerance

Author: ariawisp

cryptography-serialization/asn1/modules/src/commonMain/kotlin/AlgorithmIdentifierSerializer.kt

@@ -45,9 +45,18 @@ public abstract class AlgorithmIdentifierSerializer<AI : AlgorithmIdentifier> :
             index = 0,
             deserializer = ObjectIdentifier.serializer()
         )
-        check(decodeElementIndex(descriptor) == 1)
-        val parameters = decodeParameters(algorithm)
-        check(decodeElementIndex(descriptor) == CompositeDecoder.DECODE_DONE)
-        parameters
+        when (val idx = decodeElementIndex(descriptor)) {
+            1 -> {
+                val parameters = decodeParameters(algorithm)
+                check(decodeElementIndex(descriptor) == CompositeDecoder.DECODE_DONE)
+                parameters
+            }
+            CompositeDecoder.DECODE_DONE -> {
+                // Some algorithms (e.g., Ed25519/Ed448/X25519/X448 per RFC 8410) omit parameters.
+                // Delegate to subclass to construct an identifier without consuming parameters from the stream.
+                decodeParameters(algorithm)
+            }
+            else -> error("Unexpected element index: $idx")
+        }
     }
-}
+}

cryptography-serialization/asn1/modules/src/commonMain/kotlin/KeyAlgorithmIdentifierSerializer.kt

@@ -26,8 +26,9 @@ internal object KeyAlgorithmIdentifierSerializer : AlgorithmIdentifierSerializer
         }
         ObjectIdentifier.EC  -> EcKeyAlgorithmIdentifier(decodeParameters(EcParameters.serializer()))
         else                 -> {
-            // TODO: somehow we should ignore parameters here
+            // For algorithms like Ed25519/Ed448/X25519/X448 (RFC 8410), parameters are absent.
+            // Do not attempt to read parameters when the element is omitted; just construct the identifier.
             UnknownKeyAlgorithmIdentifier(algorithm)
         }
     }
-}
+}

cryptography-serialization/asn1/modules/src/commonMain/kotlin/Oids.kt

@@ -0,0 +1,18 @@
+/*
+ * Copyright (c) 2025 Oleg Yukhnevich. Use of this source code is governed by the Apache 2.0 license.
+ */
+
+package dev.whyoleg.cryptography.serialization.asn1.modules
+
+import dev.whyoleg.cryptography.serialization.asn1.ObjectIdentifier
+
+public object EdwardsOids {
+    public val Ed25519: ObjectIdentifier = ObjectIdentifier("1.3.101.112")
+    public val Ed448: ObjectIdentifier = ObjectIdentifier("1.3.101.113")
+}
+
+public object MontgomeryOids {
+    public val X25519: ObjectIdentifier = ObjectIdentifier("1.3.101.110")
+    public val X448: ObjectIdentifier = ObjectIdentifier("1.3.101.111")
+}
+

cryptography-serialization/asn1/src/commonMain/kotlin/internal/DerDecoder.kt

@@ -36,6 +36,7 @@ internal class DerDecoder(
 
         while (true) {
             val index = currentIndex
+            if (index >= descriptor.elementsCount) return CompositeDecoder.DECODE_DONE
             tagOverride = descriptor.getElementContextSpecificTag(index)
 
             if (descriptor.isElementOptional(index)) {