Merge pull request #147 from jschlyter/p256k

rohe · web-flow · commit c03d7c87fa0c · 2023-07-20T19:24:25.000+02:00
Support for P-256K/ES256K
diff --git a/src/cryptojwt/jwk/__init__.py b/src/cryptojwt/jwk/__init__.py
@@ -69,6 +69,7 @@ def __init__(
                     "RS384",
                     "RS512",
                     "ES256",
+                    "ES256K",
                     "ES384",
                     "ES512",
                     "PS256",
@@ -86,6 +87,7 @@ def __init__(
                     "RS384",
                     "RS512",
                     "ES256",
+                    "ES256K",
                     "ES384",
                     "ES512",
                     "PS256",
diff --git a/src/cryptojwt/jwk/ec.py b/src/cryptojwt/jwk/ec.py
@@ -28,6 +28,7 @@
     "P-256": ec.SECP256R1,
     "P-224": ec.SECP224R1,
     "P-192": ec.SECP192R1,
+    "P-256K": ec.SECP256K1,
 }
 
 # Inverted NIST2SEC dictionary
diff --git a/src/cryptojwt/jws/dsa.py b/src/cryptojwt/jws/dsa.py
@@ -16,6 +16,9 @@ def __init__(self, algorithm="ES256"):
         if algorithm == "ES256":
             self.hash_algorithm = hashes.SHA256
             self.curve_name = "secp256r1"
+        elif algorithm == "ES256K":
+            self.hash_algorithm = hashes.SHA256
+            self.curve_name = "secp256k1"
         elif algorithm == "ES384":
             self.hash_algorithm = hashes.SHA384
             self.curve_name = "secp384r1"
diff --git a/src/cryptojwt/jws/jws.py b/src/cryptojwt/jws/jws.py
@@ -41,6 +41,7 @@
     "RS384": RSASigner("RS384"),
     "RS512": RSASigner("RS512"),
     "ES256": ECDSASigner("ES256"),
+    "ES256K": ECDSASigner("ES256K"),
     "ES384": ECDSASigner("ES384"),
     "ES512": ECDSASigner("ES512"),
     "PS256": PSSSigner("SHA256"),
diff --git a/src/cryptojwt/key_bundle.py b/src/cryptojwt/key_bundle.py
@@ -1364,6 +1364,8 @@ def key_by_alg(alg: str):
     elif alg.startswith("ES"):
         if alg == "ES256":
             return key_gen("EC", crv="P-256")
+        elif alg == "ES256K":
+            return key_gen("EC", crv="P-256K")
         elif alg == "ES384":
             return key_gen("EC", crv="P-384")
         elif alg == "ES512":
diff --git a/tests/test_06_jws.py b/tests/test_06_jws.py
@@ -511,7 +511,12 @@ def test_jws_mm():
 
 @pytest.mark.parametrize(
     "ec_func,alg",
-    [(ec.SECP256R1, "ES256"), (ec.SECP384R1, "ES384"), (ec.SECP521R1, "ES512")],
+    [
+        (ec.SECP256R1, "ES256"),
+        (ec.SECP384R1, "ES384"),
+        (ec.SECP521R1, "ES512"),
+        (ec.SECP256K1, "ES256K"),
+    ],
 )
 def test_signer_es(ec_func, alg):
     payload = "Please take a moment to register today"
diff --git a/tests/test_09_jwt.py b/tests/test_09_jwt.py
@@ -212,6 +212,7 @@ def test_msg_cls():
     {"type": "RSA", "use": ["sig"]},
     {"type": "RSA", "use": ["enc"]},
     {"type": "EC", "crv": "P-256", "use": ["sig"]},
+    {"type": "EC", "crv": "P-256K", "use": ["sig"]},
     {"type": "EC", "crv": "P-384", "use": ["sig"]},
 ]
 
@@ -230,6 +231,9 @@ def test_pick_key():
     _k = pick_key(keys, "sig", "ES384")
     assert len(_k) == 1
 
+    _k = pick_key(keys, "sig", "ES256K")
+    assert len(_k) == 1
+
     _k = pick_key(keys, "enc", "RSA-OAEP-256")
     assert len(_k) == 1
 

Original file line number	Diff line number	Diff line change
`@@ -28,6 +28,7 @@`
`28`	`28`	`"P-256": ec.SECP256R1,`
`29`	`29`	`"P-224": ec.SECP224R1,`
`30`	`30`	`"P-192": ec.SECP192R1,`
	`31`	`+ "P-256K": ec.SECP256K1,`
`31`	`32`	`}`
`32`	`33`
`33`	`34`	`# Inverted NIST2SEC dictionary`