From fb86f9dffb371ee2adbc573edc35ded129ea3b36 Mon Sep 17 00:00:00 2001 From: "Ajitomi, Daisuke" Date: Sat, 17 Apr 2021 02:00:06 +0900 Subject: [PATCH] Allow to verify with private key on ECAlgorithm, as well as on Ed25519Algorithm. (#645) * Add private key support for ECAlgorithm verify. * Update CHANGELOG. --- CHANGELOG.rst | 1 + jwt/algorithms.py | 2 ++ tests/test_algorithms.py | 7 +++++++ 3 files changed, 10 insertions(+) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index e67381fb..9fb832fb 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -18,6 +18,7 @@ Fixed - Remove padding from JWK test data. `#628 `__ - Make `kty` mandatory in JWK to be compliant with RFC7517. `#624 `__ - Allow JWK without `alg` to be compliant with RFC7517. `#624 `__ +- Allow to verify with private key on ECAlgorithm, as well as on Ed25519Algorithm. `#645 `__ Added ~~~~~ diff --git a/jwt/algorithms.py b/jwt/algorithms.py index 50719bea..bed40332 100644 --- a/jwt/algorithms.py +++ b/jwt/algorithms.py @@ -427,6 +427,8 @@ def verify(self, msg, key, sig): return False try: + if isinstance(key, EllipticCurvePrivateKey): + key = key.public_key() key.verify(der_sig, msg, ec.ECDSA(self.hash_alg())) return True except InvalidSignature: diff --git a/tests/test_algorithms.py b/tests/test_algorithms.py index 2144d484..982a145a 100644 --- a/tests/test_algorithms.py +++ b/tests/test_algorithms.py @@ -658,6 +658,13 @@ def test_ec_verify_should_return_true_for_test_vector(self): result = algo.verify(signing_input, key, signature) assert result + # private key can also be used. + with open(key_path("jwk_ec_key_P-521.json")) as keyfile: + private_key = algo.from_jwk(keyfile.read()) + + result = algo.verify(signing_input, private_key, signature) + assert result + @crypto_required class TestEd25519Algorithms: