Add support for ECDHE-PSK-AES-GCM/CCM ciphersuites

[mpg]

Description

• Type: Feature Request
• Priority: Minor

Enhancement\Feature Request

Add support for the new ciphersuites with ECDHE-PSK key exchange and AEAD encryption from RFC 8442.

Justification - why does the library need this feature?

ECDHE-PSK key exchange can be interesting in a number of constrained scenarios including IoT. It is currently supported by Mbed TLS but the only ciphersuites defined with it use NULL, RC4 or CBC-mode encryption, all of which are deprecated or have issues. The draft adds ciphersuites based on ECDHE-PSK and modern AEAD algorithms such as AES-GCM and AES-CCM.

Support for these ciphersuites would be easy to add to Mbed TLS as we already have all the building blocks.

[jethrogb]

This is now RFC 8442. +1 for this feature.

[dimakuv]

Not sure if this will help bump the priority, but our Gramine project would like this feature to be added to mbedTLS: https://github.com/Mbed-TLS/mbedtls/issues/8170#issuecomment-2172715014

[mpg]

I've added the labels "help-wanted" and "good-first-issue" to indicate that we would welcome a PR for this, and it should not require deep knowledge of the library to achieve. Here's an outline of steps

• [ ] Add a paragraph to include/ssl/ssl_ciphersuites.h defining macros for the new ciphersuites with the value from section 4 - should go between RFC 7902 and RFC 8446 (TLS 1.3).
• [ ] Add definitions for this ciphersuites in ciphersuite_definitions in library/ssl_ciphersuites.c. Check existing similar ciphersuites (some with ECDHE-PSK, some with AES-GCM, AES-CCM, AES-CCM-8) for applicable values and feature guard macros.
• [ ] Add the ciphersuites to ciphersuite_preference inlibrary/ssl_ciphersuites.c` - check the comment at the top for where to insert them (and look at existing entries).
• [ ] Manually confirm that everything works my invoking programs/ssl/ssl_server2 and programs/ssl/ssl_client2 with appropriate options (forcing TLS 1.2 and use of one of the new ciphersuites).
• [ ] Add test cases for the new ciphersuites in tests/suites/test_suite_ssl.data using the function handshake_psk_cipher (check existing uses of this function for examples).
• [ ] Add the ciphersuites to tests/compat.sh - check if they are supported by OpenSSL and GnuTLS (if you are unsure about which versions we use on the CI, feel free to ask).

(And of course see CONTRIBUTING.md.)