From 33261611b6dfdbf8933a0ba32c7528e54b484790 Mon Sep 17 00:00:00 2001
From: Haakon Sporsheim <haakon.sporsheim@gmail.com>
Date: Tue, 29 Jun 2021 17:41:47 +0200
Subject: [PATCH] Add RSA PSS signing options

---
 README.md         |  4 ++++
 kmssign/google.go | 10 ++++++++++
 2 files changed, 14 insertions(+)

diff --git a/README.md b/README.md
index 6431268..5561542 100644
--- a/README.md
+++ b/README.md
@@ -35,6 +35,10 @@ RSA signing algorithms:
 - RSA_SIGN_PKCS1_3072_SHA256
 - RSA_SIGN_PKCS1_4096_SHA256
 - RSA_SIGN_PKCS1_4096_SHA512
+- RSA_SIGN_PSS_2048_SHA256
+- RSA_SIGN_PSS_3072_SHA256
+- RSA_SIGN_PSS_4096_SHA256
+- RSA_SIGN_PSS_4096_SHA512
 
 
 ## Usage
diff --git a/kmssign/google.go b/kmssign/google.go
index 34e24c9..d867d13 100644
--- a/kmssign/google.go
+++ b/kmssign/google.go
@@ -246,6 +246,16 @@ func determineSignatureAlgorithm(
 	case kmspb.CryptoKeyVersion_RSA_SIGN_PKCS1_4096_SHA512:
 		return x509.SHA512WithRSA, crypto.SHA512, nil
 
+	case kmspb.CryptoKeyVersion_RSA_SIGN_PSS_2048_SHA256:
+		fallthrough
+	case kmspb.CryptoKeyVersion_RSA_SIGN_PSS_3072_SHA256:
+		fallthrough
+	case kmspb.CryptoKeyVersion_RSA_SIGN_PSS_4096_SHA256:
+		return x509.SHA256WithRSAPSS, crypto.SHA256, nil
+
+	case kmspb.CryptoKeyVersion_RSA_SIGN_PSS_4096_SHA512:
+		return x509.SHA512WithRSAPSS, crypto.SHA512, nil
+
 	case kmspb.CryptoKeyVersion_EC_SIGN_P256_SHA256:
 		return x509.ECDSAWithSHA256, crypto.SHA256, nil