Support ES256K. (#629)

* Support ES256K. * Add tests for ES256K. * Add api_jws tests. * Update CHANGELOG.
author: Ajitomi, Daisuke <dajiaji@gmail.com> 2021-03-19 07:08:00 +0900
committer: GitHub <noreply@github.com> 2021-03-18 18:08:00 -0400
commit: fa8e8fa9c7f5d31610c21560247296e96a5a1f8e (patch)
tree: 81d34f8ff747edc0f11fa2806c44179e2ed2a2c8
parent: a87a7a1b6c6cfb0f831e96272e91378f7247d71c (diff)
download: pyjwt-fa8e8fa9c7f5d31610c21560247296e96a5a1f8e.tar.gz
6 files changed, 34 insertions, 1 deletions
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 8d4e32c..bd0ac56 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -21,6 +21,7 @@ Added
 ~~~~~
 
 - Add caching by default to PyJWKClient `#611 <https://github.com/jpadilla/pyjwt/pull/611>`__
+- Add support for ES256K algorithm `#629 <https://github.com/jpadilla/pyjwt/pull/629>`__
 
 `v2.0.1 <https://github.com/jpadilla/pyjwt/compare/2.0.0...2.0.1>`__
 --------------------------------------------------------------------
diff --git a/jwt/algorithms.py b/jwt/algorithms.py
index 0d54382..7784a94 100644
--- a/jwt/algorithms.py
+++ b/jwt/algorithms.py
@@ -51,6 +51,7 @@ requires_cryptography = {
     "RS384",
     "RS512",
     "ES256",
+    "ES256K",
     "ES384",
     "ES521",
     "ES512",
@@ -79,6 +80,7 @@ def get_default_algorithms():
                 "RS384": RSAAlgorithm(RSAAlgorithm.SHA384),
                 "RS512": RSAAlgorithm(RSAAlgorithm.SHA512),
                 "ES256": ECAlgorithm(ECAlgorithm.SHA256),
+                "ES256K": ECAlgorithm(ECAlgorithm.SHA256),
                 "ES384": ECAlgorithm(ECAlgorithm.SHA384),
                 "ES521": ECAlgorithm(ECAlgorithm.SHA512),
                 "ES512": ECAlgorithm(
@@ -467,6 +469,13 @@ if has_crypto:
                     curve_obj = ec.SECP521R1()
                 else:
                     raise InvalidKeyError("Coords should be 66 bytes for curve P-521")
+            elif curve == "secp256k1":
+                if len(x) == len(y) == 32:
+                    curve_obj = ec.SECP256K1()
+                else:
+                    raise InvalidKeyError(
+                        "Coords should be 32 bytes for curve secp256k1"
+                    )
             else:
                 raise InvalidKeyError(f"Invalid curve: {curve}")
 
diff --git a/tests/keys/jwk_ec_key_secp256k1.json b/tests/keys/jwk_ec_key_secp256k1.json
new file mode 100644
index 0000000..1d35ece
--- /dev/null
+++ b/tests/keys/jwk_ec_key_secp256k1.json
@@ -0,0 +1,8 @@
+{
+  "kty": "EC",
+  "kid": "bilbo.baggins.256k@hobbiton.example",
+  "crv": "secp256k1",
+  "x": "MLnVyPDPQpNm0KaaO4iEh0i8JItHXJE0NcIe8GK1SYs",
+  "y": "7r8d-xF7QAgT5kSRdly6M8xeg4Jz83Gs_CQPQRH65QI",
+  "d": "XV7LOlEOANIaSxyil8yE8NPDT5jmVw_HQeCwNDzochQ"
+}
diff --git a/tests/keys/jwk_ec_pub_secp256k1.json b/tests/keys/jwk_ec_pub_secp256k1.json
new file mode 100644
index 0000000..61439d0
--- /dev/null
+++ b/tests/keys/jwk_ec_pub_secp256k1.json
@@ -0,0 +1,7 @@
+{
+  "kty": "EC",
+  "kid": "bilbo.baggins.256k@hobbiton.example",
+  "crv": "secp256k1",
+  "x": "MLnVyPDPQpNm0KaaO4iEh0i8JItHXJE0NcIe8GK1SYs",
+  "y": "7r8d-xF7QAgT5kSRdly6M8xeg4Jz83Gs_CQPQRH65QI"
+}
diff --git a/tests/test_algorithms.py b/tests/test_algorithms.py
index 0072e4a..2341c1c 100644
--- a/tests/test_algorithms.py
+++ b/tests/test_algorithms.py
@@ -166,6 +166,7 @@ class TestAlgorithms:
             "P-256": ECAlgorithm.SHA256,
             "P-384": ECAlgorithm.SHA384,
             "P-521": ECAlgorithm.SHA512,
+            "secp256k1": ECAlgorithm.SHA256,
         }
         for (curve, hash) in tests.items():
             algo = ECAlgorithm(hash)
@@ -196,6 +197,10 @@ class TestAlgorithms:
                 "x": "AHKZLLOsCOzz5cY97ewNUajB957y-C-U88c3v13nmGZx6sYl_oJXu9A5RkTKqjqvjyekWF-7ytDyRXYgCF5cj0Kt",
                 "y": "AdymlHvOiLxXkEhayXQnNCvDX4h9htZaCJN34kfmC6pV5OhQHiraVySsUdaQkAgDPrwQrJmbnX9cwlGfP-HqHZR1",
             },
+            "secp256k1": {
+                "x": "MLnVyPDPQpNm0KaaO4iEh0i8JItHXJE0NcIe8GK1SYs",
+                "y": "7r8d-xF7QAgT5kSRdly6M8xeg4Jz83Gs_CQPQRH65QI",
+            },
         }
 
         # Invalid JSON
@@ -223,7 +228,7 @@ class TestAlgorithms:
             algo.from_jwk('{"kty": "EC", "x": "dGVzdHRlc3Q=", "y": "dGVzdA=="}')
 
         # EC coordinates length invalid
-        for curve in ("P-256", "P-384", "P-521"):
+        for curve in ("P-256", "P-384", "P-521", "secp256k1"):
             with pytest.raises(InvalidKeyError):
                 algo.from_jwk(
                     '{{"kty": "EC", "crv": "{}", "x": "dGVzdA==", '
diff --git a/tests/test_api_jws.py b/tests/test_api_jws.py
index b928d18..cbebb1f 100644
--- a/tests/test_api_jws.py
+++ b/tests/test_api_jws.py
@@ -527,6 +527,7 @@ class TestJWS:
         "algo",
         [
             "ES256",
+            "ES256K",
             "ES384",
             "ES512",
         ],
@@ -557,10 +558,12 @@ class TestJWS:
 
         if has_crypto:
             assert "ES256" in jws_algorithms
+            assert "ES256K" in jws_algorithms
             assert "ES384" in jws_algorithms
             assert "ES512" in jws_algorithms
         else:
             assert "ES256" not in jws_algorithms
+            assert "ES256K" not in jws_algorithms
             assert "ES384" not in jws_algorithms
             assert "ES512" not in jws_algorithms
author	Ajitomi, Daisuke <dajiaji@gmail.com>	2021-03-19 07:08:00 +0900
committer	GitHub <noreply@github.com>	2021-03-18 18:08:00 -0400
commit	fa8e8fa9c7f5d31610c21560247296e96a5a1f8e (patch)
tree	81d34f8ff747edc0f11fa2806c44179e2ed2a2c8
parent	a87a7a1b6c6cfb0f831e96272e91378f7247d71c (diff)
download	pyjwt-fa8e8fa9c7f5d31610c21560247296e96a5a1f8e.tar.gz