diff options
author | Ajitomi, Daisuke <dajiaji@gmail.com> | 2021-03-19 07:08:00 +0900 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-03-18 18:08:00 -0400 |
commit | fa8e8fa9c7f5d31610c21560247296e96a5a1f8e (patch) | |
tree | 81d34f8ff747edc0f11fa2806c44179e2ed2a2c8 | |
parent | a87a7a1b6c6cfb0f831e96272e91378f7247d71c (diff) | |
download | pyjwt-fa8e8fa9c7f5d31610c21560247296e96a5a1f8e.tar.gz |
Support ES256K. (#629)
* Support ES256K.
* Add tests for ES256K.
* Add api_jws tests.
* Update CHANGELOG.
-rw-r--r-- | CHANGELOG.rst | 1 | ||||
-rw-r--r-- | jwt/algorithms.py | 9 | ||||
-rw-r--r-- | tests/keys/jwk_ec_key_secp256k1.json | 8 | ||||
-rw-r--r-- | tests/keys/jwk_ec_pub_secp256k1.json | 7 | ||||
-rw-r--r-- | tests/test_algorithms.py | 7 | ||||
-rw-r--r-- | tests/test_api_jws.py | 3 |
6 files changed, 34 insertions, 1 deletions
diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 8d4e32c..bd0ac56 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -21,6 +21,7 @@ Added ~~~~~ - Add caching by default to PyJWKClient `#611 <https://github.com/jpadilla/pyjwt/pull/611>`__ +- Add support for ES256K algorithm `#629 <https://github.com/jpadilla/pyjwt/pull/629>`__ `v2.0.1 <https://github.com/jpadilla/pyjwt/compare/2.0.0...2.0.1>`__ -------------------------------------------------------------------- diff --git a/jwt/algorithms.py b/jwt/algorithms.py index 0d54382..7784a94 100644 --- a/jwt/algorithms.py +++ b/jwt/algorithms.py @@ -51,6 +51,7 @@ requires_cryptography = { "RS384", "RS512", "ES256", + "ES256K", "ES384", "ES521", "ES512", @@ -79,6 +80,7 @@ def get_default_algorithms(): "RS384": RSAAlgorithm(RSAAlgorithm.SHA384), "RS512": RSAAlgorithm(RSAAlgorithm.SHA512), "ES256": ECAlgorithm(ECAlgorithm.SHA256), + "ES256K": ECAlgorithm(ECAlgorithm.SHA256), "ES384": ECAlgorithm(ECAlgorithm.SHA384), "ES521": ECAlgorithm(ECAlgorithm.SHA512), "ES512": ECAlgorithm( @@ -467,6 +469,13 @@ if has_crypto: curve_obj = ec.SECP521R1() else: raise InvalidKeyError("Coords should be 66 bytes for curve P-521") + elif curve == "secp256k1": + if len(x) == len(y) == 32: + curve_obj = ec.SECP256K1() + else: + raise InvalidKeyError( + "Coords should be 32 bytes for curve secp256k1" + ) else: raise InvalidKeyError(f"Invalid curve: {curve}") diff --git a/tests/keys/jwk_ec_key_secp256k1.json b/tests/keys/jwk_ec_key_secp256k1.json new file mode 100644 index 0000000..1d35ece --- /dev/null +++ b/tests/keys/jwk_ec_key_secp256k1.json @@ -0,0 +1,8 @@ +{ + "kty": "EC", + "kid": "bilbo.baggins.256k@hobbiton.example", + "crv": "secp256k1", + "x": "MLnVyPDPQpNm0KaaO4iEh0i8JItHXJE0NcIe8GK1SYs", + "y": "7r8d-xF7QAgT5kSRdly6M8xeg4Jz83Gs_CQPQRH65QI", + "d": "XV7LOlEOANIaSxyil8yE8NPDT5jmVw_HQeCwNDzochQ" +} diff --git a/tests/keys/jwk_ec_pub_secp256k1.json b/tests/keys/jwk_ec_pub_secp256k1.json new file mode 100644 index 0000000..61439d0 --- /dev/null +++ b/tests/keys/jwk_ec_pub_secp256k1.json @@ -0,0 +1,7 @@ +{ + "kty": "EC", + "kid": "bilbo.baggins.256k@hobbiton.example", + "crv": "secp256k1", + "x": "MLnVyPDPQpNm0KaaO4iEh0i8JItHXJE0NcIe8GK1SYs", + "y": "7r8d-xF7QAgT5kSRdly6M8xeg4Jz83Gs_CQPQRH65QI" +} diff --git a/tests/test_algorithms.py b/tests/test_algorithms.py index 0072e4a..2341c1c 100644 --- a/tests/test_algorithms.py +++ b/tests/test_algorithms.py @@ -166,6 +166,7 @@ class TestAlgorithms: "P-256": ECAlgorithm.SHA256, "P-384": ECAlgorithm.SHA384, "P-521": ECAlgorithm.SHA512, + "secp256k1": ECAlgorithm.SHA256, } for (curve, hash) in tests.items(): algo = ECAlgorithm(hash) @@ -196,6 +197,10 @@ class TestAlgorithms: "x": "AHKZLLOsCOzz5cY97ewNUajB957y-C-U88c3v13nmGZx6sYl_oJXu9A5RkTKqjqvjyekWF-7ytDyRXYgCF5cj0Kt", "y": "AdymlHvOiLxXkEhayXQnNCvDX4h9htZaCJN34kfmC6pV5OhQHiraVySsUdaQkAgDPrwQrJmbnX9cwlGfP-HqHZR1", }, + "secp256k1": { + "x": "MLnVyPDPQpNm0KaaO4iEh0i8JItHXJE0NcIe8GK1SYs", + "y": "7r8d-xF7QAgT5kSRdly6M8xeg4Jz83Gs_CQPQRH65QI", + }, } # Invalid JSON @@ -223,7 +228,7 @@ class TestAlgorithms: algo.from_jwk('{"kty": "EC", "x": "dGVzdHRlc3Q=", "y": "dGVzdA=="}') # EC coordinates length invalid - for curve in ("P-256", "P-384", "P-521"): + for curve in ("P-256", "P-384", "P-521", "secp256k1"): with pytest.raises(InvalidKeyError): algo.from_jwk( '{{"kty": "EC", "crv": "{}", "x": "dGVzdA==", ' diff --git a/tests/test_api_jws.py b/tests/test_api_jws.py index b928d18..cbebb1f 100644 --- a/tests/test_api_jws.py +++ b/tests/test_api_jws.py @@ -527,6 +527,7 @@ class TestJWS: "algo", [ "ES256", + "ES256K", "ES384", "ES512", ], @@ -557,10 +558,12 @@ class TestJWS: if has_crypto: assert "ES256" in jws_algorithms + assert "ES256K" in jws_algorithms assert "ES384" in jws_algorithms assert "ES512" in jws_algorithms else: assert "ES256" not in jws_algorithms + assert "ES256K" not in jws_algorithms assert "ES384" not in jws_algorithms assert "ES512" not in jws_algorithms |