From 1671134105796056196199908f8b299ccdf095d2 Mon Sep 17 00:00:00 2001
From: Jakob Schlyter <jakob@kirei.se>
Date: Wed, 12 Jul 2023 11:05:59 +0200
Subject: [PATCH 1/3] initial support for P-256K and ES256K per RFC 8812

---
 src/cryptojwt/jwk/__init__.py | 2 ++
 src/cryptojwt/jwk/ec.py       | 1 +
 src/cryptojwt/jws/dsa.py      | 3 +++
 src/cryptojwt/jws/jws.py      | 1 +
 src/cryptojwt/key_bundle.py   | 2 ++
 5 files changed, 9 insertions(+)

diff --git a/src/cryptojwt/jwk/__init__.py b/src/cryptojwt/jwk/__init__.py
index 7f6fd8af..d8fd480a 100644
--- a/src/cryptojwt/jwk/__init__.py
+++ b/src/cryptojwt/jwk/__init__.py
@@ -69,6 +69,7 @@ def __init__(
                     "RS384",
                     "RS512",
                     "ES256",
+                    "ES256K",
                     "ES384",
                     "ES512",
                     "PS256",
@@ -86,6 +87,7 @@ def __init__(
                     "RS384",
                     "RS512",
                     "ES256",
+                    "ES256K",
                     "ES384",
                     "ES512",
                     "PS256",
diff --git a/src/cryptojwt/jwk/ec.py b/src/cryptojwt/jwk/ec.py
index 88134308..f1bc61ea 100644
--- a/src/cryptojwt/jwk/ec.py
+++ b/src/cryptojwt/jwk/ec.py
@@ -28,6 +28,7 @@
     "P-256": ec.SECP256R1,
     "P-224": ec.SECP224R1,
     "P-192": ec.SECP192R1,
+    "P-256K": ec.SECP256K1,
 }
 
 # Inverted NIST2SEC dictionary
diff --git a/src/cryptojwt/jws/dsa.py b/src/cryptojwt/jws/dsa.py
index c9de258b..59f66046 100644
--- a/src/cryptojwt/jws/dsa.py
+++ b/src/cryptojwt/jws/dsa.py
@@ -16,6 +16,9 @@ def __init__(self, algorithm="ES256"):
         if algorithm == "ES256":
             self.hash_algorithm = hashes.SHA256
             self.curve_name = "secp256r1"
+        elif algorithm == "ES256K":
+            self.hash_algorithm = hashes.SHA256
+            self.curve_name = "secp256k1"
         elif algorithm == "ES384":
             self.hash_algorithm = hashes.SHA384
             self.curve_name = "secp384r1"
diff --git a/src/cryptojwt/jws/jws.py b/src/cryptojwt/jws/jws.py
index 1803be11..7da26fa3 100644
--- a/src/cryptojwt/jws/jws.py
+++ b/src/cryptojwt/jws/jws.py
@@ -41,6 +41,7 @@
     "RS384": RSASigner("RS384"),
     "RS512": RSASigner("RS512"),
     "ES256": ECDSASigner("ES256"),
+    "ES256K": ECDSASigner("ES256K"),
     "ES384": ECDSASigner("ES384"),
     "ES512": ECDSASigner("ES512"),
     "PS256": PSSSigner("SHA256"),
diff --git a/src/cryptojwt/key_bundle.py b/src/cryptojwt/key_bundle.py
index b07728e6..451503cb 100755
--- a/src/cryptojwt/key_bundle.py
+++ b/src/cryptojwt/key_bundle.py
@@ -1364,6 +1364,8 @@ def key_by_alg(alg: str):
     elif alg.startswith("ES"):
         if alg == "ES256":
             return key_gen("EC", crv="P-256")
+        elif alg == "ES256K":
+            return key_gen("EC", crv="P-256K")
         elif alg == "ES384":
             return key_gen("EC", crv="P-384")
         elif alg == "ES512":

From 818eb0c53dc8d3435a42daadcade240cacfdfe06 Mon Sep 17 00:00:00 2001
From: Jakob Schlyter <jakob@kirei.se>
Date: Wed, 12 Jul 2023 11:10:59 +0200
Subject: [PATCH 2/3] add some P-256K/ES256K tests

---
 tests/test_06_jws.py | 7 ++++++-
 tests/test_09_jwt.py | 4 ++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/tests/test_06_jws.py b/tests/test_06_jws.py
index 0fb7a5ee..8ce77c2d 100644
--- a/tests/test_06_jws.py
+++ b/tests/test_06_jws.py
@@ -511,7 +511,12 @@ def test_jws_mm():
 
 @pytest.mark.parametrize(
     "ec_func,alg",
-    [(ec.SECP256R1, "ES256"), (ec.SECP384R1, "ES384"), (ec.SECP521R1, "ES512")],
+    [
+        (ec.SECP256R1, "ES256"),
+        (ec.SECP384R1, "ES384"),
+        (ec.SECP521R1, "ES512"),
+        (ec.SECP256K1, "ES256K"),
+    ],
 )
 def test_signer_es(ec_func, alg):
     payload = "Please take a moment to register today"
diff --git a/tests/test_09_jwt.py b/tests/test_09_jwt.py
index b1fa2167..2f645fe7 100755
--- a/tests/test_09_jwt.py
+++ b/tests/test_09_jwt.py
@@ -212,6 +212,7 @@ def test_msg_cls():
     {"type": "RSA", "use": ["sig"]},
     {"type": "RSA", "use": ["enc"]},
     {"type": "EC", "crv": "P-256", "use": ["sig"]},
+    {"type": "EC", "crv": "P-256K", "use": ["sig"]},
     {"type": "EC", "crv": "P-384", "use": ["sig"]},
 ]
 
@@ -230,6 +231,9 @@ def test_pick_key():
     _k = pick_key(keys, "sig", "ES384")
     assert len(_k) == 1
 
+    _k = pick_key(keys, "sig", "ES256K")
+    assert len(_k) == 1
+
     _k = pick_key(keys, "enc", "RSA-OAEP-256")
     assert len(_k) == 1
 

From 4488a73e94542301a62531ae8a2c6aab98cc565d Mon Sep 17 00:00:00 2001
From: Jakob Schlyter <jakob@kirei.se>
Date: Wed, 12 Jul 2023 11:14:46 +0200
Subject: [PATCH 3/3] drop py 3.10 wordaround

---
 .github/workflows/test.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 4bbd6234..d6bfcba1 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -47,8 +47,6 @@ jobs:
         run: |
           pip install poetry
           poetry config virtualenvs.in-project true
-      - name: Python 3.10 workaround
-        run: poetry config experimental.new-installer false
       - name: Install dependencies
         run: poetry install
       - name: Run pytest