Fix cryptography EC backend to take curve from the key itself instead of deducing it from desired algorithm. This matches behavior of ecdsa backend, which allows signing different digests with same key (provided they are shorter than the key).

Author: Gasper Zejn

jose/backends/__init__.py

@@ -5,6 +5,6 @@
     from jose.backends.cryptography_backend import CryptographyRSAKey as RSAKey
 
 try:
-    from jose.backends.ecdsa_backend import ECKey
-except ImportError:
     from jose.backends.cryptography_backend import CryptographyECKey as ECKey
+except ImportError:
+    from jose.backends.ecdsa_backend import ECDSAECKey as ECKey

jose/backends/cryptography_backend.py

@@ -19,12 +19,6 @@ class CryptographyECKey(Key):
     SHA384 = hashes.SHA384
     SHA512 = hashes.SHA512
 
-    CURVE_MAP = {
-        SHA256: ec.SECP256R1,
-        SHA384: ec.SECP384R1,
-        SHA512: ec.SECP521R1,
-    }
-
     def __init__(self, key, algorithm, cryptography_backend=default_backend):
         if algorithm not in ALGORITHMS.EC:
             raise JWKError('hash_alg: %s is not a valid hash algorithm' % algorithm)
@@ -36,7 +30,6 @@ def __init__(self, key, algorithm, cryptography_backend=default_backend):
         }.get(algorithm)
         self._algorithm = algorithm
 
-        self.curve = self.CURVE_MAP.get(self.hash_alg)
         self.cryptography_backend = cryptography_backend
 
         if hasattr(key, 'public_bytes') or hasattr(key, 'private_bytes'):
@@ -78,18 +71,28 @@ def _process_jwk(self, jwk_dict):
         x = base64_to_long(jwk_dict.get('x'))
         y = base64_to_long(jwk_dict.get('y'))
 
-        ec_pn = ec.EllipticCurvePublicNumbers(x, y, self.curve())
+        curve = {
+            'P-256': ec.SECP256R1,
+            'P-384': ec.SECP384R1,
+            'P-521': ec.SECP521R1,
+        }[jwk_dict['crv']]
+
+        ec_pn = ec.EllipticCurvePublicNumbers(x, y, curve())
         verifying_key = ec_pn.public_key(self.cryptography_backend())
 
         return verifying_key
 
     def sign(self, msg):
+        if self.hash_alg.digest_size * 8 > self.prepared_key.curve.key_size:
+            raise TypeError("this curve (%s) is too short "
+                            "for your digest (%d)" % (self.prepared_key.curve.name,
+                                                      8*self.hash_alg.digest_size))
         signature = self.prepared_key.sign(msg, ec.ECDSA(self.hash_alg()))
-        order = (2 ** self.curve.key_size) - 1
+        order = (2 ** self.prepared_key.curve.key_size) - 1
         return sigencode_string(*sigdecode_der(signature, order), order=order)
 
     def verify(self, msg, sig):
-        order = (2 ** self.curve.key_size) - 1
+        order = (2 ** self.prepared_key.curve.key_size) - 1
         signature = sigencode_der(*sigdecode_string(sig, order), order=order)
         verifier = self.prepared_key.verifier(signature, ec.ECDSA(self.hash_alg()))
         verifier.update(msg)

jose/backends/ecdsa_backend.py

@@ -9,7 +9,7 @@
 from jose.utils import base64_to_long
 
 
-class ECKey(Key):
+class ECDSAECKey(Key):
     """
     Performs signing and verification operations using
     ECDSA and the specified hash function

tests/algorithms/test_EC.py

@@ -1,7 +1,9 @@
 
 from jose.constants import ALGORITHMS
 from jose.exceptions import JOSEError
-from jose.jwk import ECKey
+
+from jose.backends.ecdsa_backend import ECDSAECKey
+from jose.backends.cryptography_backend import CryptographyECKey
 
 import ecdsa
 import pytest
@@ -17,14 +19,24 @@ class TestECAlgorithm:
 
     def test_EC_key(self):
         key = ecdsa.SigningKey.from_pem(private_key)
-        ECKey(key, ALGORITHMS.ES256)
+        ECDSAECKey(key, ALGORITHMS.ES256)
+        CryptographyECKey(key, ALGORITHMS.ES256)
+
+        ECDSAECKey(private_key, ALGORITHMS.ES256)
+        CryptographyECKey(private_key, ALGORITHMS.ES256)
 
     def test_string_secret(self):
         key = 'secret'
         with pytest.raises(JOSEError):
-            ECKey(key, ALGORITHMS.ES256)
+            ECDSAECKey(key, ALGORITHMS.ES256)
+
+        with pytest.raises(JOSEError):
+            CryptographyECKey(key, ALGORITHMS.ES256)
 
     def test_object(self):
         key = object()
         with pytest.raises(JOSEError):
-            ECKey(key, ALGORITHMS.ES256)
+            ECDSAECKey(key, ALGORITHMS.ES256)
+
+        with pytest.raises(JOSEError):
+            CryptographyECKey(key, ALGORITHMS.ES256)

tests/algorithms/test_cryptography_EC.py

@@ -2,7 +2,7 @@
 from jose.constants import ALGORITHMS
 from jose.exceptions import JOSEError
 from jose.backends.cryptography_backend import CryptographyECKey
-from jose.jwk import ECKey
+from jose.backends.ecdsa_backend import ECDSAECKey
 
 import ecdsa
 import pytest
@@ -39,9 +39,9 @@ def test_cryptography_EC_key(self):
         CryptographyECKey(key, ALGORITHMS.ES256)
 
     def test_signing_parity(self):
-        key1 = ECKey(private_key, ALGORITHMS.ES256)
+        key1 = ECDSAECKey(private_key, ALGORITHMS.ES256)
         public_key = key1.public_key().to_pem()
-        vkey1 = ECKey(public_key, ALGORITHMS.ES256)
+        vkey1 = ECDSAECKey(public_key, ALGORITHMS.ES256)
         key2 = CryptographyECKey(private_key, ALGORITHMS.ES256)
         vkey2 = CryptographyECKey(public_key, ALGORITHMS.ES256)
 

tests/test_jwk.py

@@ -1,6 +1,7 @@
 from jose import jwk
 from jose.exceptions import JWKError
 from jose.backends.cryptography_backend import CryptographyECKey
+from jose.backends.ecdsa_backend import ECDSAECKey
 
 import pytest
 
@@ -103,6 +104,8 @@ def test_construct_from_jwk(self):
     def test_construct_EC_from_jwk(self):
         key = CryptographyECKey(ec_key, algorithm='ES512')
         assert isinstance(key, jwk.Key)
+        key = ECDSAECKey(ec_key, algorithm='ES512')
+        assert isinstance(key, jwk.Key)
 
     def test_construct_from_jwk_missing_alg(self):