Support ES256K. (#629)

* Support ES256K. * Add tests for ES256K. * Add api_jws tests. * Update CHANGELOG.
jpadilla · Mar 18, 2021 · fa8e8fa · fa8e8fa
1 parent a87a7a1
commit fa8e8fa
Show file tree

Hide file tree

Showing 6 changed files with 34 additions and 1 deletion.
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -21,6 +21,7 @@ Added
 ~~~~~
 
 - Add caching by default to PyJWKClient `#611 <https://github.com/jpadilla/pyjwt/pull/611>`__
+- Add support for ES256K algorithm `#629 <https://github.com/jpadilla/pyjwt/pull/629>`__
 
 `v2.0.1 <https://github.com/jpadilla/pyjwt/compare/2.0.0...2.0.1>`__
 --------------------------------------------------------------------

diff --git a/jwt/algorithms.py b/jwt/algorithms.py
@@ -51,6 +51,7 @@
     "RS384",
     "RS512",
     "ES256",
+    "ES256K",
     "ES384",
     "ES521",
     "ES512",
@@ -79,6 +80,7 @@ def get_default_algorithms():
                 "RS384": RSAAlgorithm(RSAAlgorithm.SHA384),
                 "RS512": RSAAlgorithm(RSAAlgorithm.SHA512),
                 "ES256": ECAlgorithm(ECAlgorithm.SHA256),
+                "ES256K": ECAlgorithm(ECAlgorithm.SHA256),
                 "ES384": ECAlgorithm(ECAlgorithm.SHA384),
                 "ES521": ECAlgorithm(ECAlgorithm.SHA512),
                 "ES512": ECAlgorithm(
@@ -467,6 +469,13 @@ def from_jwk(jwk):
                     curve_obj = ec.SECP521R1()
                 else:
                     raise InvalidKeyError("Coords should be 66 bytes for curve P-521")
+            elif curve == "secp256k1":
+                if len(x) == len(y) == 32:
+                    curve_obj = ec.SECP256K1()
+                else:
+                    raise InvalidKeyError(
+                        "Coords should be 32 bytes for curve secp256k1"
+                    )
             else:
                 raise InvalidKeyError(f"Invalid curve: {curve}")
 

diff --git a/tests/keys/jwk_ec_key_secp256k1.json b/tests/keys/jwk_ec_key_secp256k1.json
@@ -0,0 +1,8 @@
+{
+  "kty": "EC",
+  "kid": "bilbo.baggins.256k@hobbiton.example",
+  "crv": "secp256k1",
+  "x": "MLnVyPDPQpNm0KaaO4iEh0i8JItHXJE0NcIe8GK1SYs",
+  "y": "7r8d-xF7QAgT5kSRdly6M8xeg4Jz83Gs_CQPQRH65QI",
+  "d": "XV7LOlEOANIaSxyil8yE8NPDT5jmVw_HQeCwNDzochQ"
+}
diff --git a/tests/keys/jwk_ec_pub_secp256k1.json b/tests/keys/jwk_ec_pub_secp256k1.json
@@ -0,0 +1,7 @@
+{
+  "kty": "EC",
+  "kid": "bilbo.baggins.256k@hobbiton.example",
+  "crv": "secp256k1",
+  "x": "MLnVyPDPQpNm0KaaO4iEh0i8JItHXJE0NcIe8GK1SYs",
+  "y": "7r8d-xF7QAgT5kSRdly6M8xeg4Jz83Gs_CQPQRH65QI"
+}
diff --git a/tests/test_algorithms.py b/tests/test_algorithms.py
@@ -166,6 +166,7 @@ def test_ec_jwk_public_and_private_keys_should_parse_and_verify(self):
             "P-256": ECAlgorithm.SHA256,
             "P-384": ECAlgorithm.SHA384,
             "P-521": ECAlgorithm.SHA512,
+            "secp256k1": ECAlgorithm.SHA256,
         }
         for (curve, hash) in tests.items():
             algo = ECAlgorithm(hash)
@@ -196,6 +197,10 @@ def test_ec_jwk_fails_on_invalid_json(self):
                 "x": "AHKZLLOsCOzz5cY97ewNUajB957y-C-U88c3v13nmGZx6sYl_oJXu9A5RkTKqjqvjyekWF-7ytDyRXYgCF5cj0Kt",
                 "y": "AdymlHvOiLxXkEhayXQnNCvDX4h9htZaCJN34kfmC6pV5OhQHiraVySsUdaQkAgDPrwQrJmbnX9cwlGfP-HqHZR1",
             },
+            "secp256k1": {
+                "x": "MLnVyPDPQpNm0KaaO4iEh0i8JItHXJE0NcIe8GK1SYs",
+                "y": "7r8d-xF7QAgT5kSRdly6M8xeg4Jz83Gs_CQPQRH65QI",
+            },
         }
 
         # Invalid JSON
@@ -223,7 +228,7 @@ def test_ec_jwk_fails_on_invalid_json(self):
             algo.from_jwk('{"kty": "EC", "x": "dGVzdHRlc3Q=", "y": "dGVzdA=="}')
 
         # EC coordinates length invalid
-        for curve in ("P-256", "P-384", "P-521"):
+        for curve in ("P-256", "P-384", "P-521", "secp256k1"):
             with pytest.raises(InvalidKeyError):
                 algo.from_jwk(
                     '{{"kty": "EC", "crv": "{}", "x": "dGVzdA==", '

diff --git a/tests/test_api_jws.py b/tests/test_api_jws.py
@@ -527,6 +527,7 @@ def test_rsa_related_algorithms(self, jws):
         "algo",
         [
             "ES256",
+            "ES256K",
             "ES384",
             "ES512",
         ],
@@ -557,10 +558,12 @@ def test_ecdsa_related_algorithms(self, jws):
 
         if has_crypto:
             assert "ES256" in jws_algorithms
+            assert "ES256K" in jws_algorithms
             assert "ES384" in jws_algorithms
             assert "ES512" in jws_algorithms
         else:
             assert "ES256" not in jws_algorithms
+            assert "ES256K" not in jws_algorithms
             assert "ES384" not in jws_algorithms
             assert "ES512" not in jws_algorithms