Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Explicit check the key for ECAlgorithm #713

Merged
merged 2 commits into from
Dec 12, 2021
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions jwt/algorithms.py
Original file line number Diff line number Diff line change
Expand Up @@ -417,6 +417,12 @@ def prepare_key(self, key):
except ValueError:
key = load_pem_private_key(key, password=None)

# Explicit check the key to prevent confusing errors from cryptography
if not isinstance(key, (EllipticCurvePrivateKey, EllipticCurvePublicKey)):
raise InvalidKeyError(
"Expecting a EllipticCurvePrivateKey/EllipticCurvePublicKey. Wrong key provided for ECDSA algorithms"
)

return key

def sign(self, msg, key):
Expand Down
12 changes: 12 additions & 0 deletions tests/test_algorithms.py
Original file line number Diff line number Diff line change
Expand Up @@ -494,6 +494,18 @@ def test_ec_verify_should_return_false_if_signature_wrong_length(self):
result = algo.verify(message, pub_key, sig)
assert not result

@crypto_required
def test_ec_should_throw_exception_on_wrong_key(self):
algo = ECAlgorithm(ECAlgorithm.SHA256)

with pytest.raises(InvalidKeyError):
with open(key_path("testkey_rsa.priv")) as keyfile:
algo.prepare_key(keyfile.read())

with pytest.raises(InvalidKeyError):
with open(key_path("testkey2_rsa.pub.pem")) as pem_key:
algo.prepare_key(pem_key.read())

@crypto_required
def test_rsa_pss_sign_then_verify_should_return_true(self):
algo = RSAPSSAlgorithm(RSAPSSAlgorithm.SHA256)
Expand Down