From a5ec4915ccb2e205945c238604c13d161bcafc1a Mon Sep 17 00:00:00 2001 From: "Guy K. Kloss" Date: Tue, 27 Nov 2018 15:30:22 +1300 Subject: [PATCH 1/4] removed duplicate dependency statement ecdsa --- requirements-dev.txt | 1 - 1 file changed, 1 deletion(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index 9a7399c8..a3cfab8f 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -7,7 +7,6 @@ nose==1.3.6 py==1.4.26 pytest==2.7.0 pytest-cov==1.8.1 -ecdsa==0.13 wsgiref==0.1.2 -r requirements.txt From fb12b087c12899271012c3e54f7ce9984d163187 Mon Sep 17 00:00:00 2001 From: "Guy K. Kloss" Date: Tue, 27 Nov 2018 15:31:59 +1300 Subject: [PATCH 2/4] added ES256K algorithm for secp256k1 signatures (as used in Ethereum, Bitcoin and uPort) --- jose/backends/cryptography_backend.py | 3 ++- jose/backends/ecdsa_backend.py | 4 +++- jose/constants.py | 4 +++- jose/jwk.py | 1 + tests/test_jws.py | 4 ++++ 5 files changed, 13 insertions(+), 3 deletions(-) diff --git a/jose/backends/cryptography_backend.py b/jose/backends/cryptography_backend.py index 68047665..abcf0f54 100644 --- a/jose/backends/cryptography_backend.py +++ b/jose/backends/cryptography_backend.py @@ -27,7 +27,8 @@ def __init__(self, key, algorithm, cryptography_backend=default_backend): self.hash_alg = { ALGORITHMS.ES256: self.SHA256, ALGORITHMS.ES384: self.SHA384, - ALGORITHMS.ES512: self.SHA512 + ALGORITHMS.ES512: self.SHA512, + ALGORITHMS.ES256K: self.SHA256 }.get(algorithm) self._algorithm = algorithm diff --git a/jose/backends/ecdsa_backend.py b/jose/backends/ecdsa_backend.py index 8b8b9a23..da173d04 100644 --- a/jose/backends/ecdsa_backend.py +++ b/jose/backends/ecdsa_backend.py @@ -26,6 +26,7 @@ class ECDSAECKey(Key): SHA256: ecdsa.curves.NIST256p, SHA384: ecdsa.curves.NIST384p, SHA512: ecdsa.curves.NIST521p, + SHA256: ecdsa.curves.SECP256k1, } def __init__(self, key, algorithm): @@ -35,7 +36,8 @@ def __init__(self, key, algorithm): self.hash_alg = { ALGORITHMS.ES256: self.SHA256, ALGORITHMS.ES384: self.SHA384, - ALGORITHMS.ES512: self.SHA512 + ALGORITHMS.ES512: self.SHA512, + ALGORITHMS.ES256K: self.SHA256 }.get(algorithm) self._algorithm = algorithm diff --git a/jose/constants.py b/jose/constants.py index eb146549..24766dfa 100644 --- a/jose/constants.py +++ b/jose/constants.py @@ -12,10 +12,11 @@ class Algorithms(object): ES256 = 'ES256' ES384 = 'ES384' ES512 = 'ES512' + ES256K = 'ES256K' HMAC = {HS256, HS384, HS512} RSA = {RS256, RS384, RS512} - EC = {ES256, ES384, ES512} + EC = {ES256, ES384, ES512, ES256K} SUPPORTED = HMAC.union(RSA).union(EC) @@ -31,6 +32,7 @@ class Algorithms(object): ES256: hashlib.sha256, ES384: hashlib.sha384, ES512: hashlib.sha512, + ES256K: hashlib.sha256, } KEYS = {} diff --git a/jose/jwk.py b/jose/jwk.py index 87f30b41..2db20025 100644 --- a/jose/jwk.py +++ b/jose/jwk.py @@ -72,6 +72,7 @@ def get_algorithm_object(algorithm): ALGORITHMS.ES256: 'SHA256', ALGORITHMS.ES384: 'SHA384', ALGORITHMS.ES512: 'SHA512', + ALGORITHMS.ES256K: 'SHA256', } key = get_key(algorithm) attr = algorithms.get(algorithm, None) diff --git a/tests/test_jws.py b/tests/test_jws.py index f543a03a..e6aa05b3 100644 --- a/tests/test_jws.py +++ b/tests/test_jws.py @@ -322,6 +322,10 @@ def test_EC512(self, payload): token = jws.sign(payload, ec_private_key, algorithm=ALGORITHMS.ES512) assert jws.verify(token, ec_public_key, ALGORITHMS.ES512) == payload + def test_EC256K(self, payload): + token = jws.sign(payload, ec_private_key, algorithm=ALGORITHMS.ES256K) + assert jws.verify(token, ec_public_key, ALGORITHMS.ES256K) == payload + def test_wrong_alg(self, payload): token = jws.sign(payload, ec_private_key, algorithm=ALGORITHMS.ES256) with pytest.raises(JWSError): From 649eab5df28e622a1735c2972d0be64999e7d067 Mon Sep 17 00:00:00 2001 From: "Guy K. Kloss" Date: Tue, 27 Nov 2018 16:11:56 +1300 Subject: [PATCH 3/4] added missing ES256K constants for JWK handling --- jose/backends/cryptography_backend.py | 2 ++ jose/backends/ecdsa_backend.py | 1 + 2 files changed, 3 insertions(+) diff --git a/jose/backends/cryptography_backend.py b/jose/backends/cryptography_backend.py index abcf0f54..3a599be1 100644 --- a/jose/backends/cryptography_backend.py +++ b/jose/backends/cryptography_backend.py @@ -79,6 +79,7 @@ def _process_jwk(self, jwk_dict): 'P-256': ec.SECP256R1, 'P-384': ec.SECP384R1, 'P-521': ec.SECP521R1, + 'P-256K': ec.SECP256k1, }[jwk_dict['crv']] public = ec.EllipticCurvePublicNumbers(x, y, curve()) @@ -141,6 +142,7 @@ def to_dict(self): 'secp256r1': 'P-256', 'secp384r1': 'P-384', 'secp521r1': 'P-521', + 'secp256k1': 'P-256K', }[self.prepared_key.curve.name] # Calculate the key size in bytes. Section 6.2.1.2 and 6.2.1.3 of diff --git a/jose/backends/ecdsa_backend.py b/jose/backends/ecdsa_backend.py index da173d04..0266a75b 100644 --- a/jose/backends/ecdsa_backend.py +++ b/jose/backends/ecdsa_backend.py @@ -122,6 +122,7 @@ def to_dict(self): ecdsa.curves.NIST256p: 'P-256', ecdsa.curves.NIST384p: 'P-384', ecdsa.curves.NIST521p: 'P-521', + ecdsa.curves.SECP256k1: 'P-256K', }[self.prepared_key.curve] # Calculate the key size in bytes. Section 6.2.1.2 and 6.2.1.3 of From 28cd302ddde4268419e7cdb06fd72526ccedb911 Mon Sep 17 00:00:00 2001 From: "Guy K. Kloss" Date: Tue, 27 Nov 2018 16:20:22 +1300 Subject: [PATCH 4/4] fixed typo in constant from cryptography backend --- jose/backends/cryptography_backend.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jose/backends/cryptography_backend.py b/jose/backends/cryptography_backend.py index 3a599be1..a3facbaa 100644 --- a/jose/backends/cryptography_backend.py +++ b/jose/backends/cryptography_backend.py @@ -79,7 +79,7 @@ def _process_jwk(self, jwk_dict): 'P-256': ec.SECP256R1, 'P-384': ec.SECP384R1, 'P-521': ec.SECP521R1, - 'P-256K': ec.SECP256k1, + 'P-256K': ec.SECP256K1, }[jwk_dict['crv']] public = ec.EllipticCurvePublicNumbers(x, y, curve())