diff --git a/jose/backends/cryptography_backend.py b/jose/backends/cryptography_backend.py index b9bdc0dc..59940a21 100644 --- a/jose/backends/cryptography_backend.py +++ b/jose/backends/cryptography_backend.py @@ -36,7 +36,8 @@ def __init__(self, key, algorithm, cryptography_backend=default_backend): self.hash_alg = { ALGORITHMS.ES256: self.SHA256, ALGORITHMS.ES384: self.SHA384, - ALGORITHMS.ES512: self.SHA512 + ALGORITHMS.ES512: self.SHA512, + ALGORITHMS.ES256K: self.SHA256 }.get(algorithm) self._algorithm = algorithm @@ -87,6 +88,7 @@ def _process_jwk(self, jwk_dict): 'P-256': ec.SECP256R1, 'P-384': ec.SECP384R1, 'P-521': ec.SECP521R1, + 'P-256K': ec.SECP256K1, }[jwk_dict['crv']] public = ec.EllipticCurvePublicNumbers(x, y, curve()) @@ -172,6 +174,7 @@ def to_dict(self): 'secp256r1': 'P-256', 'secp384r1': 'P-384', 'secp521r1': 'P-521', + 'secp256k1': 'P-256K', }[self.prepared_key.curve.name] # Calculate the key size in bytes. Section 6.2.1.2 and 6.2.1.3 of diff --git a/jose/backends/ecdsa_backend.py b/jose/backends/ecdsa_backend.py index 8b8b9a23..0266a75b 100644 --- a/jose/backends/ecdsa_backend.py +++ b/jose/backends/ecdsa_backend.py @@ -26,6 +26,7 @@ class ECDSAECKey(Key): SHA256: ecdsa.curves.NIST256p, SHA384: ecdsa.curves.NIST384p, SHA512: ecdsa.curves.NIST521p, + SHA256: ecdsa.curves.SECP256k1, } def __init__(self, key, algorithm): @@ -35,7 +36,8 @@ def __init__(self, key, algorithm): self.hash_alg = { ALGORITHMS.ES256: self.SHA256, ALGORITHMS.ES384: self.SHA384, - ALGORITHMS.ES512: self.SHA512 + ALGORITHMS.ES512: self.SHA512, + ALGORITHMS.ES256K: self.SHA256 }.get(algorithm) self._algorithm = algorithm @@ -120,6 +122,7 @@ def to_dict(self): ecdsa.curves.NIST256p: 'P-256', ecdsa.curves.NIST384p: 'P-384', ecdsa.curves.NIST521p: 'P-521', + ecdsa.curves.SECP256k1: 'P-256K', }[self.prepared_key.curve] # Calculate the key size in bytes. Section 6.2.1.2 and 6.2.1.3 of diff --git a/jose/constants.py b/jose/constants.py index eb146549..24766dfa 100644 --- a/jose/constants.py +++ b/jose/constants.py @@ -12,10 +12,11 @@ class Algorithms(object): ES256 = 'ES256' ES384 = 'ES384' ES512 = 'ES512' + ES256K = 'ES256K' HMAC = {HS256, HS384, HS512} RSA = {RS256, RS384, RS512} - EC = {ES256, ES384, ES512} + EC = {ES256, ES384, ES512, ES256K} SUPPORTED = HMAC.union(RSA).union(EC) @@ -31,6 +32,7 @@ class Algorithms(object): ES256: hashlib.sha256, ES384: hashlib.sha384, ES512: hashlib.sha512, + ES256K: hashlib.sha256, } KEYS = {} diff --git a/jose/jwk.py b/jose/jwk.py index 87f30b41..2db20025 100644 --- a/jose/jwk.py +++ b/jose/jwk.py @@ -72,6 +72,7 @@ def get_algorithm_object(algorithm): ALGORITHMS.ES256: 'SHA256', ALGORITHMS.ES384: 'SHA384', ALGORITHMS.ES512: 'SHA512', + ALGORITHMS.ES256K: 'SHA256', } key = get_key(algorithm) attr = algorithms.get(algorithm, None) diff --git a/tests/test_jws.py b/tests/test_jws.py index f543a03a..e6aa05b3 100644 --- a/tests/test_jws.py +++ b/tests/test_jws.py @@ -322,6 +322,10 @@ def test_EC512(self, payload): token = jws.sign(payload, ec_private_key, algorithm=ALGORITHMS.ES512) assert jws.verify(token, ec_public_key, ALGORITHMS.ES512) == payload + def test_EC256K(self, payload): + token = jws.sign(payload, ec_private_key, algorithm=ALGORITHMS.ES256K) + assert jws.verify(token, ec_public_key, ALGORITHMS.ES256K) == payload + def test_wrong_alg(self, payload): token = jws.sign(payload, ec_private_key, algorithm=ALGORITHMS.ES256) with pytest.raises(JWSError):