diff --git a/kms/awskms/awskms.go b/kms/awskms/awskms.go index 82665429..fae9b987 100644 --- a/kms/awskms/awskms.go +++ b/kms/awskms/awskms.go @@ -46,6 +46,12 @@ var customerMasterKeySpecMapping = map[apiv1.SignatureAlgorithm]interface{}{ 3072: types.KeySpecRsa3072, 4096: types.KeySpecRsa4096, }, + apiv1.SHA384WithRSA: map[int]types.KeySpec{ + 0: types.KeySpecRsa3072, + 2048: types.KeySpecRsa2048, + 3072: types.KeySpecRsa3072, + 4096: types.KeySpecRsa4096, + }, apiv1.SHA512WithRSA: map[int]types.KeySpec{ 0: types.KeySpecRsa3072, 2048: types.KeySpecRsa2048, @@ -58,6 +64,12 @@ var customerMasterKeySpecMapping = map[apiv1.SignatureAlgorithm]interface{}{ 3072: types.KeySpecRsa3072, 4096: types.KeySpecRsa4096, }, + apiv1.SHA384WithRSAPSS: map[int]types.KeySpec{ + 0: types.KeySpecRsa3072, + 2048: types.KeySpecRsa2048, + 3072: types.KeySpecRsa3072, + 4096: types.KeySpecRsa4096, + }, apiv1.SHA512WithRSAPSS: map[int]types.KeySpec{ 0: types.KeySpecRsa3072, 2048: types.KeySpecRsa2048, diff --git a/kms/awskms/awskms_test.go b/kms/awskms/awskms_test.go index cd821346..b3763a86 100644 --- a/kms/awskms/awskms_test.go +++ b/kms/awskms/awskms_test.go @@ -371,6 +371,10 @@ func Test_getCustomerMasterKeySpecMapping(t *testing.T) { {"SHA256WithRSA+2048", args{apiv1.SHA256WithRSA, 2048}, types.KeySpecRsa2048, assert.NoError}, {"SHA256WithRSA+3072", args{apiv1.SHA256WithRSA, 3072}, types.KeySpecRsa3072, assert.NoError}, {"SHA256WithRSA+4096", args{apiv1.SHA256WithRSA, 4096}, types.KeySpecRsa4096, assert.NoError}, + {"SHA384WithRSA", args{apiv1.SHA384WithRSA, 0}, types.KeySpecRsa3072, assert.NoError}, + {"SHA384WithRSA+2048", args{apiv1.SHA384WithRSA, 2048}, types.KeySpecRsa2048, assert.NoError}, + {"SHA384WithRSA+3072", args{apiv1.SHA384WithRSA, 3072}, types.KeySpecRsa3072, assert.NoError}, + {"SHA384WithRSA+4096", args{apiv1.SHA384WithRSA, 4096}, types.KeySpecRsa4096, assert.NoError}, {"SHA512WithRSA", args{apiv1.SHA512WithRSA, 0}, types.KeySpecRsa3072, assert.NoError}, {"SHA512WithRSA+2048", args{apiv1.SHA512WithRSA, 2048}, types.KeySpecRsa2048, assert.NoError}, {"SHA512WithRSA+3072", args{apiv1.SHA512WithRSA, 3072}, types.KeySpecRsa3072, assert.NoError}, @@ -379,6 +383,10 @@ func Test_getCustomerMasterKeySpecMapping(t *testing.T) { {"SHA256WithRSAPSS+2048", args{apiv1.SHA256WithRSAPSS, 2048}, types.KeySpecRsa2048, assert.NoError}, {"SHA256WithRSAPSS+3072", args{apiv1.SHA256WithRSAPSS, 3072}, types.KeySpecRsa3072, assert.NoError}, {"SHA256WithRSAPSS+4096", args{apiv1.SHA256WithRSAPSS, 4096}, types.KeySpecRsa4096, assert.NoError}, + {"SHA384WithRSAPSS", args{apiv1.SHA384WithRSAPSS, 0}, types.KeySpecRsa3072, assert.NoError}, + {"SHA384WithRSAPSS+2048", args{apiv1.SHA384WithRSAPSS, 2048}, types.KeySpecRsa2048, assert.NoError}, + {"SHA384WithRSAPSS+3072", args{apiv1.SHA384WithRSAPSS, 3072}, types.KeySpecRsa3072, assert.NoError}, + {"SHA384WithRSAPSS+4096", args{apiv1.SHA384WithRSAPSS, 4096}, types.KeySpecRsa4096, assert.NoError}, {"SHA512WithRSAPSS", args{apiv1.SHA512WithRSAPSS, 0}, types.KeySpecRsa3072, assert.NoError}, {"SHA512WithRSAPSS+2048", args{apiv1.SHA512WithRSAPSS, 2048}, types.KeySpecRsa2048, assert.NoError}, {"SHA512WithRSAPSS+3072", args{apiv1.SHA512WithRSAPSS, 3072}, types.KeySpecRsa3072, assert.NoError}, diff --git a/kms/mackms/mackms.go b/kms/mackms/mackms.go index 32e86989..4efdb366 100644 --- a/kms/mackms/mackms.go +++ b/kms/mackms/mackms.go @@ -402,7 +402,7 @@ func (k *MacKMS) LoadCertificateChain(req *apiv1.LoadCertificateChainRequest) ([ cert, err := loadCertificate(u.label, u.serialNumber, nil) if err != nil { - return nil, fmt.Errorf("mackms LoadCertificateChain failed1: %w", apiv1Error(err)) + return nil, fmt.Errorf("mackms LoadCertificateChain failed: %w", apiv1Error(err)) } chain := []*x509.Certificate{cert} @@ -424,6 +424,7 @@ func (k *MacKMS) LoadCertificateChain(req *apiv1.LoadCertificateChainRequest) ([ chain = append(chain, cert) } + //nolint:nilerr // return only the intermediates present in keychain return chain, nil }