Skip to content

Commit

Permalink
chore: add rs signature for p384 & p256 (#1807)
Browse files Browse the repository at this point in the history
Signed-off-by: Firas Qutishat <firas.qutishat@securekey.com>
  • Loading branch information
fqutishat authored Nov 27, 2024
1 parent 55b2309 commit ef7a658
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 4 deletions.
8 changes: 6 additions & 2 deletions pkg/kms/aws/service.go
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,9 @@ var kmsKeyTypes = map[types.SigningAlgorithmSpec]arieskms.KeyType{
// nolint: gochecknoglobals
var keySpecToCurve = map[types.KeySpec]elliptic.Curve{
types.KeySpecEccSecgP256k1: btcec.S256(),
types.KeySpecEccNistP256: elliptic.P256(),
types.KeySpecEccNistP384: elliptic.P384(),
types.KeySpecEccNistP521: elliptic.P521(),
}

const (
Expand Down Expand Up @@ -251,9 +254,10 @@ func (s *Service) Sign(msg []byte, kh interface{}) ([]byte, error) { //nolint: f
return nil, err
}

if describeKey.KeyMetadata.KeySpec == types.KeySpecEccSecgP256k1 {
if describeKey.KeyMetadata.KeySpec == types.KeySpecEccSecgP256k1 ||
describeKey.KeyMetadata.KeySpec == types.KeySpecEccNistP384 ||
describeKey.KeyMetadata.KeySpec == types.KeySpecEccNistP256 {
signature := ecdsaSignature{}

_, err = asn1.Unmarshal(result.Signature, &signature)
if err != nil {
return nil, err
Expand Down
12 changes: 10 additions & 2 deletions pkg/kms/aws/service_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -63,10 +63,18 @@ func TestSign(t *testing.T) {
metric.EXPECT().SignCount()
metric.EXPECT().SignTime(gomock.Any())

sig := ecdsaSignature{
R: big.NewInt(12345),
S: big.NewInt(54321),
}

asnSig, err := asn1.Marshal(sig)
require.NoError(t, err)

client := NewMockawsClient(gomock.NewController(t))
client.EXPECT().Sign(gomock.Any(), gomock.Any(), gomock.Any()).
Return(&kms.SignOutput{
Signature: []byte("data"),
Signature: asnSig,
}, nil)

client.EXPECT().DescribeKey(gomock.Any(), gomock.Any(), gomock.Any()).
Expand All @@ -85,7 +93,7 @@ func TestSign(t *testing.T) {
signature, err := suiteSigner.Sign([]byte("msg"), wrapKID(
"aws-kms://arn:aws:kms:ca-central-1:111122223333:alias/800d5768-3fd7-4edd-a4b8-4c81c3e4c147"))
require.NoError(t, err)
require.Contains(t, string(signature), "data")
require.Contains(t, string(signature), "\xd41")
})
}
})
Expand Down

0 comments on commit ef7a658

Please sign in to comment.