Skip to content

Commit 29116aa

Browse files
authored
Merge branch 'main' into sdjwt2
2 parents ca1618a + 06c4cda commit 29116aa

File tree

14 files changed

+92
-37
lines changed

14 files changed

+92
-37
lines changed

.github/workflows/test.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,7 @@ jobs:
2828
- "3.9"
2929
- "3.10"
3030
- "3.11"
31+
- "3.12"
3132
steps:
3233
- uses: actions/checkout@v3
3334
- name: Set up Python ${{ matrix.python-version }}

src/cryptojwt/jwe/jwe_ec.py

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -213,7 +213,6 @@ def encrypt(self, key=None, iv="", cek="", **kwargs):
213213
return jwe.pack(parts=[iv, ctxt, tag])
214214

215215
def decrypt(self, token=None, **kwargs):
216-
217216
if isinstance(token, JWEnc):
218217
jwe = token
219218
else:

src/cryptojwt/jwk/__init__.py

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,6 @@ class JWK(object):
3131
def __init__(
3232
self, kty="", alg="", use="", kid="", x5c=None, x5t="", x5u="", key_ops=None, **kwargs
3333
):
34-
3534
self.extra_args = kwargs
3635

3736
# want kty, alg, use and kid to be strings
@@ -75,6 +74,9 @@ def __init__(
7574
"PS256",
7675
"PS384",
7776
"PS512",
77+
"EdDSA",
78+
"Ed25519",
79+
"Ed448",
7880
"none",
7981
]:
8082
raise UnsupportedAlgorithm("Unknown algorithm: {}".format(alg))
@@ -93,6 +95,9 @@ def __init__(
9395
"PS256",
9496
"PS384",
9597
"PS512",
98+
"EdDSA",
99+
"Ed25519",
100+
"Ed448",
96101
"none",
97102
"RSA1_5",
98103
"RSA-OAEP",

src/cryptojwt/jwk/okp.py

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -321,7 +321,6 @@ def cmp_keys(a, b, key_type):
321321

322322

323323
def new_okp_key(crv, kid="", **kwargs):
324-
325324
_key = OKP_CRV2PRIVATE[crv].generate()
326325

327326
_rk = OKPKey(priv_key=_key, kid=kid, **kwargs)

src/cryptojwt/jws/eddsa.py

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,9 @@
1010

1111

1212
class EDDSASigner(Signer):
13+
def __init__(self, algorithm=None):
14+
self.algorithm = algorithm
15+
1316
def sign(self, msg, key):
1417
"""
1518
Create a signature over a message as defined in RFC7515 using an
@@ -20,6 +23,17 @@ def sign(self, msg, key):
2023
:return:
2124
"""
2225

26+
if self.algorithm:
27+
if self.algorithm == "Ed25519" and not isinstance(key, ed25519.Ed25519PrivateKey):
28+
raise TypeError("The private key must be an instance of Ed25519PrivateKey")
29+
if self.algorithm == "Ed448" and not isinstance(key, ed448.Ed448PrivateKey):
30+
raise TypeError("The private key must be an instance of Ed448PrivateKey")
31+
32+
if not isinstance(key, (ed25519.Ed25519PrivateKey, ed448.Ed448PrivateKey)):
33+
raise TypeError(
34+
"The private key must be an instance of Ed25519PrivateKey or Ed448PrivateKey"
35+
)
36+
2337
if not isinstance(key, (ed25519.Ed25519PrivateKey, ed448.Ed448PrivateKey)):
2438
raise TypeError(
2539
"The private key must be an instance of Ed25519PrivateKey or Ed448PrivateKey"
@@ -37,6 +51,13 @@ def verify(self, msg, sig, key):
3751
:raises: BadSignature if the signature can't be verified.
3852
:return: True
3953
"""
54+
55+
if self.algorithm:
56+
if self.algorithm == "Ed25519" and not isinstance(key, ed25519.Ed25519PublicKey):
57+
raise TypeError("The public key must be an instance of Ed25519PublicKey")
58+
if self.algorithm == "Ed448" and not isinstance(key, ed448.Ed448PublicKey):
59+
raise TypeError("The public key must be an instance of Ed448PublicKey")
60+
4061
if not isinstance(key, (ed25519.Ed25519PublicKey, ed448.Ed448PublicKey)):
4162
raise TypeError(
4263
"The public key must be an instance of Ed25519PublicKey or Ed448PublicKey"

src/cryptojwt/jws/jws.py

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -48,6 +48,8 @@
4848
"PS384": PSSSigner("SHA384"),
4949
"PS512": PSSSigner("SHA512"),
5050
"EdDSA": EDDSASigner(),
51+
"Ed25519": EDDSASigner("Ed25519"),
52+
"Ed448": EDDSASigner("Ed448"),
5153
"none": None,
5254
}
5355

src/cryptojwt/jws/utils.py

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -47,6 +47,10 @@ def alg2keytype(alg):
4747
return "RSA"
4848
elif alg.startswith("HS") or alg.startswith("A"):
4949
return "oct"
50+
elif alg == "Ed25519":
51+
return "OKP"
52+
elif alg == "Ed448":
53+
return "OKP"
5054
elif alg.startswith("ES") or alg.startswith("ECDH-ES"):
5155
return "EC"
5256
elif alg == "EdDSA":

src/cryptojwt/jwt.py

Lines changed: 10 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -91,14 +91,14 @@ def __init__(
9191
enc_enc: str = "A128GCM",
9292
enc_alg: str = "RSA-OAEP-256",
9393
msg_cls: Optional[MutableMapping] = None,
94-
iss2msg_cls: Dict[str, str] = None,
95-
skew: int = 15,
96-
allowed_sign_algs: List[str] = None,
97-
allowed_enc_algs: List[str] = None,
98-
allowed_enc_encs: List[str] = None,
99-
allowed_max_lifetime: int = None,
100-
zip: str = "",
101-
typ2msg_cls: Dict = None,
94+
iss2msg_cls: Optional[Dict[str, str]] = None,
95+
skew: Optional[int] = 15,
96+
allowed_sign_algs: Optional[List[str]] = None,
97+
allowed_enc_algs: Optional[List[str]] = None,
98+
allowed_enc_encs: Optional[List[str]] = None,
99+
allowed_max_lifetime: Optional[int] = None,
100+
zip: Optional[str] = "",
101+
typ2msg_cls: Optional[Dict] = None,
102102
):
103103
self.key_jar = key_jar # KeyJar instance
104104
self.iss = iss # My identifier
@@ -223,7 +223,7 @@ def pack(
223223
recv: Optional[str] = "",
224224
aud: Optional[str] = None,
225225
iat: Optional[int] = None,
226-
jws_headers: Dict[str, str] = None,
226+
jws_headers: Optional[Dict[str, str]] = None,
227227
**kwargs
228228
) -> str:
229229
"""
@@ -269,8 +269,7 @@ def pack(
269269
else:
270270
_key = None
271271

272-
if jws_headers is None:
273-
jws_headers = {}
272+
jws_headers = jws_headers or {}
274273

275274
_jws = JWS(self.message(signing_key=_key, **_args), alg=self.alg)
276275
_sjwt = _jws.sign_compact([_key], protected=jws_headers)

src/cryptojwt/key_bundle.py

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -566,7 +566,6 @@ def update(self):
566566
:return: True if update was ok or False if we encountered an error during update.
567567
"""
568568
if self.source:
569-
570569
try:
571570
if self.local:
572571
if self.fileformat in ["jwks", "jwk"]:

src/cryptojwt/key_jar.py

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -482,7 +482,6 @@ def _add_key(
482482
no_kid_issuer=None,
483483
allow_missing_kid=False,
484484
):
485-
486485
_issuer = self._get_issuer(issuer_id)
487486
if _issuer is None:
488487
logger.error('Issuer "{}" not in keyjar'.format(issuer_id))

tests/test_03_key_bundle.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -225,7 +225,7 @@ def test_ignore_unknown_types():
225225
"-u6VtZ5rAdBo5fCjjy3LnkrsoK_QWrlKB08j_PcvwpAMfTEDHw5spepw",
226226
"use": "sig",
227227
"alg": "EdDSA",
228-
"kty": "OKP",
228+
"kty": "XXX",
229229
"crv": "Ed25519",
230230
"x": "FnbcUAXZ4ySvrmdXK1MrDuiqlqTXvGdAaE4RWZjmFIQ",
231231
}

tests/test_04_key_issuer.py

Lines changed: 0 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -446,24 +446,6 @@ def test_load_missing_key_parameter():
446446
"n": "68be-nJp46VLj4Ci1V36IrVGYqkuBfYNyjQTZD_7yRYcERZebowOnwr3w0DoIQpl8iL2X8OXUo7rUW_LMzLxKx2hEmdJfUn4LL2QqA3KPgjYz8hZJQPG92O14w9IZ-8bdDUgXrg9216H09yq6ZvJrn5Nwvap3MXgECEzsZ6zQLRKdb_R96KFFgCiI3bEiZKvZJRA7hM2ePyTm15D9En_Wzzfn_JLMYgE_DlVpoKR1MsTinfACOlwwdO9U5Dm-5elapovILTyVTgjN75i-wsPU2TqzdHFKA-4hJNiWGrYPiihlAFbA2eUSXuEYFkX43ahoQNpeaf0mc17Jt5kp7pM2w",
447447
"e": "AQAB",
448448
},
449-
{
450-
"kid": "q-H9y8iuh3BIKZBbK6S0mH_isBlJsk"
451-
"-u6VtZ5rAdBo5fCjjy3LnkrsoK_QWrlKB08j_PcvwpAMfTEDHw5spepw",
452-
"use": "sig",
453-
"alg": "EdDSA",
454-
"kty": "OKP",
455-
"crv": "Ed25519",
456-
"x": "FnbcUAXZ4ySvrmdXK1MrDuiqlqTXvGdAaE4RWZjmFIQ",
457-
},
458-
{
459-
"kid": "bL33HthM3fWaYkY2_pDzUd7a65FV2R2LHAKCOsye8eNmAPDgRgpHWPYpWFVmeaujUUEXRyDLHN"
460-
"-Up4QH_sFcmw",
461-
"use": "sig",
462-
"alg": "EdDSA",
463-
"kty": "OKP",
464-
"crv": "Ed25519",
465-
"x": "CS01DGXDBPV9cFmd8tgFu3E7eHn1UcP7N1UCgd_JgZo",
466-
},
467449
]
468450
}
469451

tests/test_04_key_jar.py

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -538,6 +538,11 @@ def test_load_missing_key_parameter():
538538
"n": "68be-nJp46VLj4Ci1V36IrVGYqkuBfYNyjQTZD_7yRYcERZebowOnwr3w0DoIQpl8iL2X8OXUo7rUW_LMzLxKx2hEmdJfUn4LL2QqA3KPgjYz8hZJQPG92O14w9IZ-8bdDUgXrg9216H09yq6ZvJrn5Nwvap3MXgECEzsZ6zQLRKdb_R96KFFgCiI3bEiZKvZJRA7hM2ePyTm15D9En_Wzzfn_JLMYgE_DlVpoKR1MsTinfACOlwwdO9U5Dm-5elapovILTyVTgjN75i-wsPU2TqzdHFKA-4hJNiWGrYPiihlAFbA2eUSXuEYFkX43ahoQNpeaf0mc17Jt5kp7pM2w",
539539
"e": "AQAB",
540540
},
541+
]
542+
}
543+
544+
JWKS_EDDSA = {
545+
"keys": [
541546
{
542547
"kid": "q-H9y8iuh3BIKZBbK6S0mH_isBlJsk"
543548
"-u6VtZ5rAdBo5fCjjy3LnkrsoK_QWrlKB08j_PcvwpAMfTEDHw5spepw",
@@ -556,6 +561,22 @@ def test_load_missing_key_parameter():
556561
"crv": "Ed25519",
557562
"x": "CS01DGXDBPV9cFmd8tgFu3E7eHn1UcP7N1UCgd_JgZo",
558563
},
564+
{
565+
"kid": "OF9xVk9NWE5iQ2N6OGhILTVGcXg4RE1FRk5NWVVsaXZLcFNRNUxCYk9vQQ",
566+
"use": "sig",
567+
"alg": "Ed25519",
568+
"kty": "OKP",
569+
"crv": "Ed25519",
570+
"x": "M_D8nslNSecjPwiP6DwuNhWRdrgqp02U7f5xo4GhdlY",
571+
},
572+
{
573+
"kid": "RUpoaXktM1JwT0hON3lzNWNfN0RUbVpiWExwbnJnNDRfYWhZY3htaTZ1Zw",
574+
"use": "sig",
575+
"alg": "Ed448",
576+
"kty": "OKP",
577+
"crv": "Ed448",
578+
"x": "C3y5YN00IxyadHXm4NApPGAzv5w8s9e-fbGu2svYrrCuJDYDDZe-uEOPSobII6psCZCEvo2howmA",
579+
},
559580
]
560581
}
561582

@@ -580,6 +601,16 @@ def test_get_ec_wrong_alg():
580601
assert k == []
581602

582603

604+
def test_get_eddsa():
605+
kj = KeyJar()
606+
kj.import_jwks(JWKS_EDDSA, "")
607+
assert len(kj.get_issuer_keys("")) == 4
608+
k = kj.get("sig", "OKP", alg="Ed25519")
609+
assert k
610+
k = kj.get("sig", "OKP", alg="Ed448")
611+
assert k
612+
613+
583614
def test_keyjar_eq():
584615
kj1 = KeyJar()
585616
kj1.import_jwks(JWKS_SPO, "")

tests/test_06_jws.py

Lines changed: 16 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -609,6 +609,20 @@ def test_signer_ps512():
609609

610610

611611
def test_signer_eddsa():
612+
payload = "Please take a moment to register today"
613+
okp = ed25519.Ed25519PrivateKey.generate()
614+
_key = OKPKey().load_key(okp)
615+
keys = [_key]
616+
_jws = JWS(payload, alg="Ed25519")
617+
_jwt = _jws.sign_compact(keys)
618+
619+
_pubkey = OKPKey().load_key(okp.public_key())
620+
_rj = JWS(alg="Ed25519")
621+
info = _rj.verify_compact(_jwt, [_pubkey])
622+
assert info == payload
623+
624+
625+
def test_signer_eddsa_polymorphic():
612626
payload = "Please take a moment to register today"
613627
okp = ed25519.Ed25519PrivateKey.generate()
614628
_key = OKPKey().load_key(okp)
@@ -627,12 +641,12 @@ def test_signer_eddsa_fail():
627641
okp = ed25519.Ed25519PrivateKey.generate()
628642
_key = OKPKey().load_key(okp)
629643
keys = [_key]
630-
_jws = JWS(payload, alg="EdDSA")
644+
_jws = JWS(payload, alg="Ed25519")
631645
_jwt = _jws.sign_compact(keys)
632646

633647
okp2 = ed25519.Ed25519PrivateKey.generate()
634648
_pubkey = OKPKey().load_key(okp2.public_key())
635-
_rj = JWS(alg="EdDSA")
649+
_rj = JWS(alg="Ed25519")
636650
try:
637651
info = _rj.verify_compact(_jwt, [_pubkey])
638652
except BadSignature:

0 commit comments

Comments
 (0)