Merge pull request jpadilla#40 from sullivanmatt/master

Support for Elliptic Curve signatures (ES256 / ES384 / ES512)

Author: jpadilla

README.md

@@ -8,13 +8,22 @@ A Python implementation of [JSON Web Token draft 01](http://self-issued.info/doc
 $ pip install PyJWT
 ```
 
-**Note**: The RSASSA-PKCS1-v1_5 algorithms depend on PyCrypto. If you plan on
-using any of those algorithms you'll need to install it as well.
+**A Note on Dependencies**:
+
+The RSASSA-PKCS1-v1_5 algorithms depend on PyCrypto. If you plan on
+using any of those algorithms, you'll need to install it as well.
 
 ```
 $ pip install PyCrypto
 ```
 
+The Elliptic Curve Digital Signature algorithms depend on Python-ECDSA. If
+you plan on using any of those algorithms, you'll need to install it as well.
+
+```
+$ pip install ecdsa
+```
+
 ## Usage
 
 ```python
@@ -49,6 +58,9 @@ currently supports:
 * HS256 - HMAC using SHA-256 hash algorithm (default)
 * HS384 - HMAC using SHA-384 hash algorithm
 * HS512 - HMAC using SHA-512 hash algorithm
+* ES256 - ECDSA signature algorithm using SHA-256 hash algorithm
+* ES384 - ECDSA signature algorithm using SHA-384 hash algorithm
+* ES512 - ECDSA signature algorithm using SHA-512 hash algorithm
 * RS256 - RSASSA-PKCS1-v1_5 signature algorithm using SHA-256 hash algorithm
 * RS384 - RSASSA-PKCS1-v1_5 signature algorithm using SHA-384 hash algorithm
 * RS512 - RSASSA-PKCS1-v1_5 signature algorithm using SHA-512 hash algorithm
@@ -61,7 +73,11 @@ jwt.encode({'some': 'payload'}, 'secret', 'HS512')
 
 When using the RSASSA-PKCS1-v1_5 algorithms, the `key` argument in both
 `jwt.encode()` and `jwt.decode()` (`"secret"` in the examples) is expected to
-be an RSA private key as imported with `Crypto.PublicKey.RSA.importKey()`.
+be an RSA public or private key as imported with `Crypto.PublicKey.RSA.importKey()`.
+
+When using the ECDSA algorithms, the `key` argument is expected to
+be an Elliptic Curve private key as imported with `ecdsa.SigningKey.from_pem()`,
+or a public key as imported with `ecdsa.VerifyingKey.from_pem()`.
 
 ## Tests
 

jwt/__init__.py

@@ -108,6 +108,55 @@ def prepare_RS_key(key):
 except ImportError:
     pass
 
+try:
+    import ecdsa
+    from Crypto.Hash import SHA256
+    from Crypto.Hash import SHA384
+    from Crypto.Hash import SHA512
+
+    signing_methods.update({
+        'ES256': lambda msg, key: key.sign(msg, hashfunc=hashlib.sha256, sigencode=ecdsa.util.sigencode_der),
+        'ES384': lambda msg, key: key.sign(msg, hashfunc=hashlib.sha384, sigencode=ecdsa.util.sigencode_der),
+        'ES512': lambda msg, key: key.sign(msg, hashfunc=hashlib.sha512, sigencode=ecdsa.util.sigencode_der),
+    })
+
+    verify_methods.update({
+        'ES256': lambda msg, key, sig: key.verify(sig, msg, hashfunc=hashlib.sha256, sigdecode=ecdsa.util.sigdecode_der),
+        'ES384': lambda msg, key, sig: key.verify(sig, msg, hashfunc=hashlib.sha384, sigdecode=ecdsa.util.sigdecode_der),
+        'ES512': lambda msg, key, sig: key.verify(sig, msg, hashfunc=hashlib.sha512, sigdecode=ecdsa.util.sigdecode_der),
+    })
+
+    def prepare_ES_key(key):
+        if isinstance(key, basestring):
+            if isinstance(key, unicode):
+                key = key.encode('utf-8')
+
+            # Attempt to load key. We don't know if it's
+            # a Signing Key or a Verifying Key, so we try
+            # the Verifying Key first.
+            try:
+                key = ecdsa.VerifyingKey.from_pem(key)
+            except ecdsa.der.UnexpectedDER:
+                try:
+                    key = ecdsa.SigningKey.from_pem(key)
+                except:
+                    raise
+        elif isinstance(key, ecdsa.SigningKey) or isinstance(key, ecdsa.VerifyingKey):
+            pass
+        else:
+            raise TypeError("Expecting a PEM-formatted key.")
+        return key
+
+    prepare_key_methods.update({
+        'ES256': prepare_ES_key,
+        'ES384': prepare_ES_key,
+        'ES512': prepare_ES_key
+    })
+
+except ImportError:
+    pass
+
+
 
 def constant_time_compare(val1, val2):
     """