commit 3a58b462b6c64435c233a13c766ca6169c09eb65
author Jerry Yu <jerry.h.yu@arm.com> Tue Feb 22 16:42:29 2022 +0800
committer Jerry Yu <jerry.h.yu@arm.com> Tue Mar 22 15:13:34 2022 +0800
tree 7726246a53aa76fd735b65ce9007964976d99b8d
parent bfcfe74b4e7ce9ed83dd9a9627b4b453501c3875

add pss_rsae_sha{384,512}

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>

library/ssl_misc.h

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index a02b712..cb9b6aa 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -2058,6 +2058,10 @@
     defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
             case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256:
                 break;
+            case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384:
+                break;
+            case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512:
+                break;
 #endif /* MBEDTLS_SHA256_C &&
           MBEDTLS_X509_RSASSA_PSS_SUPPORT */
 

library/ssl_tls13_generic.c

diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 8b0f668..913280e 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -350,11 +350,26 @@
             sig_alg = MBEDTLS_PK_ECDSA;
             break;
 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
+#if defined(MBEDTLS_SHA256_C)
         case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256:
-            MBEDTLS_SSL_DEBUG_MSG( 4, ( "Certificate Verify: using RSA PSS" ) );
             md_alg = MBEDTLS_MD_SHA256;
             sig_alg = MBEDTLS_PK_RSASSA_PSS;
             break;
+#endif /* MBEDTLS_SHA256_C */
+
+#if defined(MBEDTLS_SHA384_C)
+        case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384:
+            md_alg = MBEDTLS_MD_SHA384;
+            sig_alg = MBEDTLS_PK_RSASSA_PSS;
+            break;
+#endif /* MBEDTLS_SHA384_C */
+
+#if defined(MBEDTLS_SHA512_C)
+        case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512:
+            md_alg = MBEDTLS_MD_SHA256;
+            sig_alg = MBEDTLS_PK_RSASSA_PSS;
+            break;
+#endif /* MBEDTLS_SHA512_C */
 #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
         default:
             MBEDTLS_SSL_DEBUG_MSG( 1, ( "Certificate Verify: Unknown signature algorithm." ) );
@@ -1062,6 +1077,8 @@
             {
                 md_alg  = MBEDTLS_MD_SHA256;
                 algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256;
+                MBEDTLS_SSL_DEBUG_MSG( 1,
+                            ( "signature algorthm is rsa_pss_rsae_sha256" ) );
             }
             else if( own_key_size <= 3072 &&
                      mbedtls_ssl_sig_alg_is_received( ssl,
@@ -1069,6 +1086,8 @@
             {
                 md_alg  = MBEDTLS_MD_SHA384;
                 algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384;
+                MBEDTLS_SSL_DEBUG_MSG( 1,
+                            ( "signature algorthm is rsa_pss_rsae_sha384" ) );
             }
             else if( own_key_size <= 4096 &&
                      mbedtls_ssl_sig_alg_is_received( ssl,
@@ -1076,6 +1095,8 @@
             {
                 md_alg  = MBEDTLS_MD_SHA512;
                 algorithm = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512;
+                MBEDTLS_SSL_DEBUG_MSG( 1,
+                            ( "signature algorthm is rsa_pss_rsae_sha512" ) );
             }
             else
             {