first cut at fixing DSASigner ASN.1 decoding

jschlyter · jschlyter · commit e2db2e1997c7 · 2018-03-07T14:57:01.000+01:00
diff --git a/src/cryptojwt/jws.py b/src/cryptojwt/jws.py
@@ -11,6 +11,8 @@
 from cryptography.hazmat.primitives.asymmetric import ec
 from cryptography.hazmat.primitives.asymmetric import padding
 from cryptography.hazmat.primitives.asymmetric import utils
+from cryptography.hazmat.primitives.asymmetric.utils import decode_dss_signature, encode_dss_signature
+from cryptography.utils import int_from_bytes, int_to_bytes
 
 try:
     from builtins import str
@@ -174,16 +176,27 @@ def __init__(self, algorithm='SHA256'):
             raise UnSupported('algorithm: {}'.format(algorithm))
 
     def sign(self, msg, key):
-        return key.sign(msg, ec.ECDSA(self.hash_algorithm()))
+        asn1sig = key.sign(msg, ec.ECDSA(self.hash_algorithm()))
+        (r,s) = decode_dss_signature(asn1sig)
+        return int_to_bytes(r) + int_to_bytes(s)
 
     def verify(self, msg, sig, key):
         try:
-            key.verify(sig, msg, ec.ECDSA(self.hash_algorithm()))
+            (r,s) = self._split_raw(sig)
+            asn1sig = encode_dss_signature(r, s)
+            key.verify(asn1sig, msg, ec.ECDSA(self.hash_algorithm()))
         except InvalidSignature as err:
             raise BadSignature(err)
         else:
             return True
 
+    @staticmethod
+    def _split_raw(sig):
+        c_length = len(sig) // 2
+        r = int_from_bytes(sig[:c_length], byteorder='big')
+        s = int_from_bytes(sig[c_length:], byteorder='big')
+        return (r,s)
+
 
 class PSSSigner(Signer):
     def __init__(self, algorithm='SHA256'):
