whyoleg
diff --git a/‎cryptography-providers-tests-api/src/commonMain/kotlin/support.kt
Lines changed: 0 additions & 1 deletion b/‎cryptography-providers-tests-api/src/commonMain/kotlin/support.kt
Lines changed: 0 additions & 1 deletion
diff --git a/‎cryptography-providers/apple/src/commonMain/kotlin/algorithms/SecEcdsa.kt
Lines changed: 2 additions & 1 deletion b/‎cryptography-providers/apple/src/commonMain/kotlin/algorithms/SecEcdsa.kt
Lines changed: 2 additions & 1 deletion
diff --git a/‎cryptography-providers/apple/src/commonMain/kotlin/algorithms/SecRsa.kt
Lines changed: 10 additions & 9 deletions b/‎cryptography-providers/apple/src/commonMain/kotlin/algorithms/SecRsa.kt
Lines changed: 10 additions & 9 deletions
diff --git a/‎cryptography-providers/apple/src/commonMain/kotlin/internal/keys.kt
Lines changed: 0 additions & 28 deletions b/‎cryptography-providers/apple/src/commonMain/kotlin/internal/keys.kt
Lines changed: 0 additions & 28 deletions
diff --git a/‎cryptography-providers/base/api/cryptography-provider-base.api
Lines changed: 14 additions & 0 deletions b/‎cryptography-providers/base/api/cryptography-provider-base.api
Lines changed: 14 additions & 0 deletions
diff --git a/‎cryptography-providers/base/api/cryptography-provider-base.klib.api
Lines changed: 8 additions & 0 deletions b/‎cryptography-providers/base/api/cryptography-provider-base.klib.api
Lines changed: 8 additions & 0 deletions
diff --git a/‎cryptography-providers/base/src/commonMain/kotlin/algorithms/Ec.kt
Lines changed: 45 additions & 0 deletions b/‎cryptography-providers/base/src/commonMain/kotlin/algorithms/Ec.kt
Lines changed: 45 additions & 0 deletions
diff --git a/‎cryptography-providers/base/src/commonMain/kotlin/materials/keys.kt
Lines changed: 50 additions & 0 deletions b/‎cryptography-providers/base/src/commonMain/kotlin/materials/keys.kt
Lines changed: 50 additions & 0 deletions
@@ -38,7 +38,6 @@ fun AlgorithmTestScope<*>.supportsDigest(digest: CryptographyAlgorithmId<Digest>
 
 fun AlgorithmTestScope<*>.supportsKeyFormat(format: KeyFormat): Boolean = supports {
     when {
-        provider.isCryptoKit && (format == EC.PrivateKey.Format.DER.SEC1 || format == EC.PrivateKey.Format.PEM.SEC1) -> "TODO"
         // only WebCrypto supports JWK for now
         format.name == "JWK" &&
                 !provider.isWebCrypto -> "JWK key format"
 
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2024 Oleg Yukhnevich. Use of this source code is governed by the Apache 2.0 license.
+ * Copyright (c) 2024-2025 Oleg Yukhnevich. Use of this source code is governed by the Apache 2.0 license.
  */
 
 package dev.whyoleg.cryptography.providers.apple.algorithms
@@ -11,6 +11,7 @@ import dev.whyoleg.cryptography.materials.key.*
 import dev.whyoleg.cryptography.operations.*
 import dev.whyoleg.cryptography.providers.apple.internal.*
 import dev.whyoleg.cryptography.providers.base.*
+import dev.whyoleg.cryptography.providers.base.materials.*
 import dev.whyoleg.cryptography.serialization.asn1.*
 import dev.whyoleg.cryptography.serialization.asn1.modules.*
 import dev.whyoleg.cryptography.serialization.pem.*
 
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2024 Oleg Yukhnevich. Use of this source code is governed by the Apache 2.0 license.
+ * Copyright (c) 2024-2025 Oleg Yukhnevich. Use of this source code is governed by the Apache 2.0 license.
  */
 
 package dev.whyoleg.cryptography.providers.apple.algorithms
@@ -9,6 +9,7 @@ import dev.whyoleg.cryptography.algorithms.*
 import dev.whyoleg.cryptography.bigint.*
 import dev.whyoleg.cryptography.materials.key.*
 import dev.whyoleg.cryptography.providers.apple.internal.*
+import dev.whyoleg.cryptography.providers.base.materials.*
 import dev.whyoleg.cryptography.serialization.asn1.*
 import dev.whyoleg.cryptography.serialization.asn1.modules.*
 import dev.whyoleg.cryptography.serialization.pem.*
@@ -36,8 +37,8 @@ internal abstract class SecRsa<PublicK : RSA.PublicKey, PrivateK : RSA.PrivateKe
                 RSA.PublicKey.Format.JWK -> error("$format is not supported")
                 RSA.PublicKey.Format.DER.PKCS1 -> bytes
                 RSA.PublicKey.Format.PEM.PKCS1 -> unwrapPem(PemLabel.RsaPublicKey, bytes)
-                RSA.PublicKey.Format.DER       -> unwrapPublicKey(ObjectIdentifier.RSA, bytes)
-                RSA.PublicKey.Format.PEM       -> unwrapPublicKey(ObjectIdentifier.RSA, unwrapPem(PemLabel.PublicKey, bytes))
+                RSA.PublicKey.Format.DER -> unwrapSubjectPublicKeyInfo(ObjectIdentifier.RSA, bytes)
+                RSA.PublicKey.Format.PEM -> unwrapSubjectPublicKeyInfo(ObjectIdentifier.RSA, unwrapPem(PemLabel.PublicKey, bytes))
             }
 
             val secKey = CFMutableDictionary(2) {
@@ -61,8 +62,8 @@ internal abstract class SecRsa<PublicK : RSA.PublicKey, PrivateK : RSA.PrivateKe
                 RSA.PrivateKey.Format.JWK -> error("$format is not supported")
                 RSA.PrivateKey.Format.DER.PKCS1 -> bytes
                 RSA.PrivateKey.Format.PEM.PKCS1 -> unwrapPem(PemLabel.RsaPrivateKey, bytes)
-                RSA.PrivateKey.Format.DER       -> unwrapPrivateKey(ObjectIdentifier.RSA, bytes)
-                RSA.PrivateKey.Format.PEM       -> unwrapPrivateKey(ObjectIdentifier.RSA, unwrapPem(PemLabel.PrivateKey, bytes))
+                RSA.PrivateKey.Format.DER -> unwrapPrivateKeyInfo(ObjectIdentifier.RSA, bytes)
+                RSA.PrivateKey.Format.PEM -> unwrapPrivateKeyInfo(ObjectIdentifier.RSA, unwrapPem(PemLabel.PrivateKey, bytes))
             }
 
             val secKey = CFMutableDictionary(2) {
@@ -117,8 +118,8 @@ internal abstract class SecRsa<PublicK : RSA.PublicKey, PrivateK : RSA.PrivateKe
                 RSA.PublicKey.Format.JWK -> error("$format is not supported")
                 RSA.PublicKey.Format.DER.PKCS1 -> pkcs1Key
                 RSA.PublicKey.Format.PEM.PKCS1 -> wrapPem(PemLabel.RsaPublicKey, pkcs1Key)
-                RSA.PublicKey.Format.DER       -> wrapPublicKey(RsaKeyAlgorithmIdentifier, pkcs1Key)
-                RSA.PublicKey.Format.PEM       -> wrapPem(PemLabel.PublicKey, wrapPublicKey(RsaKeyAlgorithmIdentifier, pkcs1Key))
+                RSA.PublicKey.Format.DER -> wrapSubjectPublicKeyInfo(RsaKeyAlgorithmIdentifier, pkcs1Key)
+                RSA.PublicKey.Format.PEM -> wrapPem(PemLabel.PublicKey, wrapSubjectPublicKeyInfo(RsaKeyAlgorithmIdentifier, pkcs1Key))
             }
         }
     }
@@ -136,8 +137,8 @@ internal abstract class SecRsa<PublicK : RSA.PublicKey, PrivateK : RSA.PrivateKe
                 RSA.PrivateKey.Format.JWK -> error("$format is not supported")
                 RSA.PrivateKey.Format.DER.PKCS1 -> pkcs1Key
                 RSA.PrivateKey.Format.PEM.PKCS1 -> wrapPem(PemLabel.RsaPrivateKey, pkcs1Key)
-                RSA.PrivateKey.Format.DER       -> wrapPrivateKey(0, RsaKeyAlgorithmIdentifier, pkcs1Key)
-                RSA.PrivateKey.Format.PEM       -> wrapPem(PemLabel.PrivateKey, wrapPrivateKey(0, RsaKeyAlgorithmIdentifier, pkcs1Key))
+                RSA.PrivateKey.Format.DER -> wrapPrivateKeyInfo(0, RsaKeyAlgorithmIdentifier, pkcs1Key)
+                RSA.PrivateKey.Format.PEM -> wrapPem(PemLabel.PrivateKey, wrapPrivateKeyInfo(0, RsaKeyAlgorithmIdentifier, pkcs1Key))
             }
         }
     }
 
@@ -5,39 +5,11 @@
 package dev.whyoleg.cryptography.providers.apple.internal
 
 import dev.whyoleg.cryptography.providers.base.*
-import dev.whyoleg.cryptography.serialization.asn1.*
-import dev.whyoleg.cryptography.serialization.asn1.modules.*
-import dev.whyoleg.cryptography.serialization.pem.*
 import kotlinx.cinterop.*
 import platform.CoreFoundation.*
 import platform.Foundation.*
 import platform.Security.*
 
-internal fun unwrapPem(label: PemLabel, key: ByteArray): ByteArray =
-    Pem.decode(key).ensurePemLabel(label).bytes
-
-internal fun wrapPem(label: PemLabel, key: ByteArray): ByteArray = Pem.encodeToByteArray(PemContent(label, key))
-
-internal fun unwrapPublicKey(algorithm: ObjectIdentifier, key: ByteArray): ByteArray =
-    Der.decodeFromByteArray(SubjectPublicKeyInfo.serializer(), key).also {
-        check(it.algorithm.algorithm == algorithm) { "Expected algorithm '${algorithm.value}', received: '${it.algorithm.algorithm}'" }
-    }.subjectPublicKey.byteArray
-
-internal fun wrapPublicKey(identifier: KeyAlgorithmIdentifier, key: ByteArray): ByteArray = Der.encodeToByteArray(
-    SubjectPublicKeyInfo.serializer(),
-    SubjectPublicKeyInfo(identifier, BitArray(0, key))
-)
-
-internal fun unwrapPrivateKey(algorithm: ObjectIdentifier, key: ByteArray): ByteArray =
-    Der.decodeFromByteArray(PrivateKeyInfo.serializer(), key).also {
-        check(it.privateKeyAlgorithm.algorithm == algorithm)
-    }.privateKey
-
-internal fun wrapPrivateKey(version: Int, identifier: KeyAlgorithmIdentifier, key: ByteArray): ByteArray = Der.encodeToByteArray(
-    PrivateKeyInfo.serializer(),
-    PrivateKeyInfo(version, identifier, key)
-)
-
 internal fun decodeSecKey(input: ByteArray, attributes: CFMutableDictionaryRef?): SecKeyRef = memScoped {
     val error = alloc<CFErrorRefVar>()
     input.useNSData {
 
@@ -58,6 +58,20 @@ public abstract class dev/whyoleg/cryptography/providers/base/algorithms/BaseHkd
 	public fun secretDerivation-nkIq3jI (Ldev/whyoleg/cryptography/CryptographyAlgorithmId;I[B[B)Ldev/whyoleg/cryptography/operations/SecretDerivation;
 }
 
+public final class dev/whyoleg/cryptography/providers/base/algorithms/EcKt {
+	public static final fun convertEcPrivateKeyFromPkcs8ToSec1 ([B)[B
+	public static final fun convertEcPrivateKeyFromSec1ToPkcs8 ([B)[B
+}
+
+public final class dev/whyoleg/cryptography/providers/base/materials/KeysKt {
+	public static final fun unwrapPem-unSj4pc (Ljava/lang/String;[B)[B
+	public static final fun unwrapPrivateKeyInfo-4RESAxk (Ljava/lang/String;[B)[B
+	public static final fun unwrapSubjectPublicKeyInfo-4RESAxk (Ljava/lang/String;[B)[B
+	public static final fun wrapPem-unSj4pc (Ljava/lang/String;[B)[B
+	public static final fun wrapPrivateKeyInfo (ILdev/whyoleg/cryptography/serialization/asn1/modules/KeyAlgorithmIdentifier;[B)[B
+	public static final fun wrapSubjectPublicKeyInfo (Ldev/whyoleg/cryptography/serialization/asn1/modules/KeyAlgorithmIdentifier;[B)[B
+}
+
 public final class dev/whyoleg/cryptography/providers/base/operations/AccumulatingCipherFunction : dev/whyoleg/cryptography/providers/base/operations/BaseCipherFunction {
 	public fun <init> (Lkotlin/jvm/functions/Function1;)V
 	public fun close ()V
 
@@ -138,6 +138,14 @@ final val dev.whyoleg.cryptography.providers.base/EmptyByteArray // dev.whyoleg.
     final fun <get-EmptyByteArray>(): kotlin/ByteArray // dev.whyoleg.cryptography.providers.base/EmptyByteArray.<get-EmptyByteArray>|<get-EmptyByteArray>(){}[0]
 
 final fun (kotlin/ByteArray).dev.whyoleg.cryptography.providers.base/ensureSizeExactly(kotlin/Int): kotlin/ByteArray // dev.whyoleg.cryptography.providers.base/ensureSizeExactly|[email protected](kotlin.Int){}[0]
+final fun dev.whyoleg.cryptography.providers.base.algorithms/convertEcPrivateKeyFromPkcs8ToSec1(kotlin/ByteArray): kotlin/ByteArray // dev.whyoleg.cryptography.providers.base.algorithms/convertEcPrivateKeyFromPkcs8ToSec1|convertEcPrivateKeyFromPkcs8ToSec1(kotlin.ByteArray){}[0]
+final fun dev.whyoleg.cryptography.providers.base.algorithms/convertEcPrivateKeyFromSec1ToPkcs8(kotlin/ByteArray): kotlin/ByteArray // dev.whyoleg.cryptography.providers.base.algorithms/convertEcPrivateKeyFromSec1ToPkcs8|convertEcPrivateKeyFromSec1ToPkcs8(kotlin.ByteArray){}[0]
+final fun dev.whyoleg.cryptography.providers.base.materials/unwrapPem(dev.whyoleg.cryptography.serialization.pem/PemLabel, kotlin/ByteArray): kotlin/ByteArray // dev.whyoleg.cryptography.providers.base.materials/unwrapPem|unwrapPem(dev.whyoleg.cryptography.serialization.pem.PemLabel;kotlin.ByteArray){}[0]
+final fun dev.whyoleg.cryptography.providers.base.materials/unwrapPrivateKeyInfo(dev.whyoleg.cryptography.serialization.asn1/ObjectIdentifier, kotlin/ByteArray): kotlin/ByteArray // dev.whyoleg.cryptography.providers.base.materials/unwrapPrivateKeyInfo|unwrapPrivateKeyInfo(dev.whyoleg.cryptography.serialization.asn1.ObjectIdentifier;kotlin.ByteArray){}[0]
+final fun dev.whyoleg.cryptography.providers.base.materials/unwrapSubjectPublicKeyInfo(dev.whyoleg.cryptography.serialization.asn1/ObjectIdentifier, kotlin/ByteArray): kotlin/ByteArray // dev.whyoleg.cryptography.providers.base.materials/unwrapSubjectPublicKeyInfo|unwrapSubjectPublicKeyInfo(dev.whyoleg.cryptography.serialization.asn1.ObjectIdentifier;kotlin.ByteArray){}[0]
+final fun dev.whyoleg.cryptography.providers.base.materials/wrapPem(dev.whyoleg.cryptography.serialization.pem/PemLabel, kotlin/ByteArray): kotlin/ByteArray // dev.whyoleg.cryptography.providers.base.materials/wrapPem|wrapPem(dev.whyoleg.cryptography.serialization.pem.PemLabel;kotlin.ByteArray){}[0]
+final fun dev.whyoleg.cryptography.providers.base.materials/wrapPrivateKeyInfo(kotlin/Int, dev.whyoleg.cryptography.serialization.asn1.modules/KeyAlgorithmIdentifier, kotlin/ByteArray): kotlin/ByteArray // dev.whyoleg.cryptography.providers.base.materials/wrapPrivateKeyInfo|wrapPrivateKeyInfo(kotlin.Int;dev.whyoleg.cryptography.serialization.asn1.modules.KeyAlgorithmIdentifier;kotlin.ByteArray){}[0]
+final fun dev.whyoleg.cryptography.providers.base.materials/wrapSubjectPublicKeyInfo(dev.whyoleg.cryptography.serialization.asn1.modules/KeyAlgorithmIdentifier, kotlin/ByteArray): kotlin/ByteArray // dev.whyoleg.cryptography.providers.base.materials/wrapSubjectPublicKeyInfo|wrapSubjectPublicKeyInfo(dev.whyoleg.cryptography.serialization.asn1.modules.KeyAlgorithmIdentifier;kotlin.ByteArray){}[0]
 final fun dev.whyoleg.cryptography.providers.base/checkBounds(kotlin/Int, kotlin/Int, kotlin/Int) // dev.whyoleg.cryptography.providers.base/checkBounds|checkBounds(kotlin.Int;kotlin.Int;kotlin.Int){}[0]
 
 // Targets: [native]
 
@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 2025 Oleg Yukhnevich. Use of this source code is governed by the Apache 2.0 license.
+ */
+
+package dev.whyoleg.cryptography.providers.base.algorithms
+
+import dev.whyoleg.cryptography.*
+import dev.whyoleg.cryptography.serialization.asn1.*
+import dev.whyoleg.cryptography.serialization.asn1.modules.*
+
+@CryptographyProviderApi
+public fun convertEcPrivateKeyFromPkcs8ToSec1(input: ByteArray): ByteArray {
+    val privateKeyInfo = Der.decodeFromByteArray(PrivateKeyInfo.serializer(), input)
+
+    val privateKeyAlgorithm = privateKeyInfo.privateKeyAlgorithm
+    check(privateKeyAlgorithm is EcKeyAlgorithmIdentifier) {
+        "Expected algorithm '${ObjectIdentifier.EC}', received: '${privateKeyAlgorithm.algorithm}'"
+    }
+    // the produced key could not contain parameters in underlying EcPrivateKey,
+    // but they are available in `privateKeyAlgorithm`
+    val ecPrivateKey = Der.decodeFromByteArray(EcPrivateKey.serializer(), privateKeyInfo.privateKey)
+    if (ecPrivateKey.parameters != null) return privateKeyInfo.privateKey
+
+    val enhancedEcPrivateKey = EcPrivateKey(
+        version = ecPrivateKey.version,
+        privateKey = ecPrivateKey.privateKey,
+        parameters = privateKeyAlgorithm.parameters,
+        publicKey = ecPrivateKey.publicKey
+    )
+    return Der.encodeToByteArray(EcPrivateKey.serializer(), enhancedEcPrivateKey)
+}
+
+@CryptographyProviderApi
+public fun convertEcPrivateKeyFromSec1ToPkcs8(input: ByteArray): ByteArray {
+    val ecPrivateKey = Der.decodeFromByteArray(EcPrivateKey.serializer(), input)
+
+    checkNotNull(ecPrivateKey.parameters) { "EC Parameters are not present in the key" }
+
+    val privateKeyInfo = PrivateKeyInfo(
+        version = 0,
+        privateKeyAlgorithm = EcKeyAlgorithmIdentifier(ecPrivateKey.parameters),
+        privateKey = input
+    )
+    return Der.encodeToByteArray(PrivateKeyInfo.serializer(), privateKeyInfo)
+}
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 2025 Oleg Yukhnevich. Use of this source code is governed by the Apache 2.0 license.
+ */
+
+package dev.whyoleg.cryptography.providers.base.materials
+
+import dev.whyoleg.cryptography.*
+import dev.whyoleg.cryptography.serialization.asn1.*
+import dev.whyoleg.cryptography.serialization.asn1.modules.*
+import dev.whyoleg.cryptography.serialization.pem.*
+
+@CryptographyProviderApi
+public fun unwrapPem(label: PemLabel, key: ByteArray): ByteArray {
+    return Pem.decode(key).ensurePemLabel(label).bytes
+}
+
+@CryptographyProviderApi
+public fun wrapPem(label: PemLabel, key: ByteArray): ByteArray {
+    return Pem.encodeToByteArray(PemContent(label, key))
+}
+
+@CryptographyProviderApi
+public fun unwrapSubjectPublicKeyInfo(algorithm: ObjectIdentifier, key: ByteArray): ByteArray {
+    return Der.decodeFromByteArray(SubjectPublicKeyInfo.serializer(), key).also {
+        check(it.algorithm.algorithm == algorithm) { "Expected algorithm '${algorithm.value}', received: '${it.algorithm.algorithm}'" }
+    }.subjectPublicKey.byteArray
+}
+
+@CryptographyProviderApi
+public fun wrapSubjectPublicKeyInfo(identifier: KeyAlgorithmIdentifier, key: ByteArray): ByteArray {
+    return Der.encodeToByteArray(
+        SubjectPublicKeyInfo.serializer(),
+        SubjectPublicKeyInfo(identifier, BitArray(0, key))
+    )
+}
+
+@CryptographyProviderApi
+public fun unwrapPrivateKeyInfo(algorithm: ObjectIdentifier, key: ByteArray): ByteArray {
+    return Der.decodeFromByteArray(PrivateKeyInfo.serializer(), key).also {
+        check(it.privateKeyAlgorithm.algorithm == algorithm) { "Expected algorithm '${algorithm.value}', received: '${it.privateKeyAlgorithm.algorithm}'" }
+    }.privateKey
+}
+
+@CryptographyProviderApi
+public fun wrapPrivateKeyInfo(version: Int, identifier: KeyAlgorithmIdentifier, key: ByteArray): ByteArray {
+    return Der.encodeToByteArray(
+        PrivateKeyInfo.serializer(),
+        PrivateKeyInfo(version, identifier, key)
+    )
+}