Fix the ECDSA signature serialization format #158
Conversation
|
Thanks for submitting! Hmm... so I did some surface level checking, and if what you say is true (I haven't done a deep dive yet), we may have a similar issue with the I ran the following and the signature checked out: # Load our test keys
ec_key = open('tests/keys/testkey_ec','r').read()
ec_pub = open('tests/keys/testkey_ec.pub', 'r').read()
# Import the primary algorithm and the legacy algorithm
from jwt.algorithms import ECAlgorithm
from jwt.contrib.algorithms.py_ecdsa import ECAlgorithm as LegacyAlgorithm
# Sign a message with the legacy algorithm
legacy = LegacyAlgorithm(LegacyAlgorithm.SHA256)
legacy_key = legacy.prepare_key(ec_key)
msg = b'hello world!'
sig = legacy.sign(msg, legacy_key)
# Verify it with the primary algorithm
ec = ECAlgorithm(ECAlgorithm.SHA256)
pub_key = ec.prepare_key(ec_pub)
>> ec.verify(msg, pub_key, sig)
TrueBasically, I created a digital signature with the legacy ECDSA and verified it with the cryptography-backed ECDSA, and it passed. That leads me to believe that either nothing is wrong with the current implementation or our cryptography-based implementation is also wrong. I'll have to look into this a bit more to be certain. |
|
As you said, the JWA spec says:
Upon further checking, it looks like It looks like we'll need to change our primary algorithm in Can you add that to this PR as well so we'll have both algorithms fixed? cc: @jpadilla |
|
Sure! I'll work on it tomorrow. |
|
Thanks!! 👍 |
2 similar comments
|
I don't know why the test for python 3.2 isn't passing. Maybe it's because pyjwt is using the just-released cryptography v0.9, that dropped support for python 3.2. |
|
From their changelog:
I'm fine doing exactly that as well. @mark-adams thoughts? |
|
Agreed. Added #159 to remove Python 3.2 support. |
|
Thanks @esneider for the great fix! I merged in the changes from master that remove Python 3.2 support and also added some good, known test vectors for ECDSA and it looks like your branch passed both your tests and the new test vectors so I went ahead and merged it in. Thanks so much for contributing! 👍 |
|
I'd consider we break a new release for this soon. |
|
Thanks to you guys for the awesome work you're doing with pyjwt! Btw, I too think it might be a good idea to bump the version number, since this will break any preexisting ECDSA signature serialization. |
According to the JSON Web Algorithms Draft, section 3.4 the ECDSA signature should be serialized by concatenating the R and S values.
The code was using
ecdsa.util.sigencode_der, that encodes the signature using the DER serialization format, instead of usingecdsa.util.sigencode_string, that does exactly what the draft asks.