Add TLS 1.2 ciphersuite ECDHE_PSK_WITH_AES_128_GCM_SHA256 from RFC 8442

Testing:

./autogen.sh
./configure --enable-psk
make all check

$ ./examples/server/server  -j -l ECDHE-PSK-AES128-GCM-SHA256
SSL version is TLSv1.2
SSL cipher suite is TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256
SSL curve name is SECP256R1
Client message: hello wolfssl!

$ ./examples/client/client  -s -l ECDHE-PSK-AES128-GCM-SHA256
SSL version is TLSv1.2
SSL cipher suite is TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256
SSL curve name is SECP256R1
I hear you fa shizzle!

src/internal.c

@@ -3562,6 +3562,18 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
     }
 #endif
 
+#ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256
+#ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
+    if (tls1_2 && havePSK)
+#else
+    if (tls && havePSK)
+#endif
+    {
+        suites->suites[idx++] = ECDHE_PSK_BYTE;
+        suites->suites[idx++] = TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256;
+    }
+#endif
+
 #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM
     if (tls && havePSK) {
         suites->suites[idx++] = ECC_BYTE;
@@ -10073,6 +10085,21 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
         }   /* switch */
         }   /* if     */
 
+        /* ECC extensions */
+        if (first == ECDHE_PSK_BYTE) {
+
+        switch (second) {
+#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)
+        case TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 :
+            if (requirement == REQUIRES_PSK)
+                return 1;
+            break;
+#endif /* HAVE_ECC || HAVE_CURVE25519 || HAVE_CURVE448 */
+        default:
+            WOLFSSL_MSG("Unsupported cipher suite, CipherRequires ECC PSK");
+            return 0;
+        }   /* switch */
+        }   /* if     */
 #endif /* !WOLFSSL_NO_TLS12 */
 
         /* Distinct TLS v1.3 cipher suites with cipher and digest only. */
@@ -10098,7 +10125,8 @@ static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
 #ifndef WOLFSSL_NO_TLS12
 
         if (first != ECC_BYTE && first != CHACHA_BYTE &&
-            first != TLS13_BYTE) {   /* normal suites */
+            first != TLS13_BYTE && first != ECDHE_PSK_BYTE) {
+        /* normal suites */
         switch (second) {
 
 #ifndef NO_RSA
@@ -21587,6 +21615,10 @@ static const CipherSuiteInfo cipher_names[] =
     SUITE_INFO("ECDHE-PSK-AES128-CBC-SHA256","TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256",ECC_BYTE,TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,TLSv1_MINOR,SSLv3_MAJOR),
 #endif
 
+#ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256
+    SUITE_INFO("ECDHE-PSK-AES128-GCM-SHA256","TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256",ECDHE_PSK_BYTE,TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256,TLSv1_MINOR,SSLv3_MAJOR),
+#endif
+
 #ifdef BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256
     SUITE_INFO("PSK-CHACHA20-POLY1305","TLS_PSK_WITH_CHACHA20_POLY1305_SHA256",CHACHA_BYTE,TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,TLSv1_2_MINOR,SSLv3_MAJOR),
 #endif

src/keys.c

@@ -1226,9 +1226,41 @@ int SetCipherSpecs(WOLFSSL* ssl)
         }
     }
 
+    if (ssl->options.cipherSuite0 == ECDHE_PSK_BYTE) {
+
+    switch (ssl->options.cipherSuite) {
+
+#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)
+#ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256
+    case TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 :
+        ssl->specs.bulk_cipher_algorithm = wolfssl_aes_gcm;
+        ssl->specs.cipher_type           = aead;
+        ssl->specs.mac_algorithm         = sha256_mac;
+        ssl->specs.kea                   = ecdhe_psk_kea;
+        ssl->specs.sig_algo              = anonymous_sa_algo;
+        ssl->specs.hash_size             = WC_SHA256_DIGEST_SIZE;
+        ssl->specs.pad_size              = PAD_SHA;
+        ssl->specs.static_ecdh           = 0;
+        ssl->specs.key_size              = AES_128_KEY_SIZE;
+        ssl->specs.block_size            = AES_BLOCK_SIZE;
+        ssl->specs.iv_size               = AES_IV_SIZE;
+        ssl->specs.aead_mac_size         = AES_GCM_AUTH_SZ;
+
+        ssl->options.usingPSK_cipher     = 1;
+        break;
+#endif
+#endif
+
+    default:
+        break;
+    }
+    }
+
+
     if (ssl->options.cipherSuite0 != ECC_BYTE &&
-            ssl->options.cipherSuite0 != CHACHA_BYTE &&
-            ssl->options.cipherSuite0 != TLS13_BYTE) {   /* normal suites */
+        ssl->options.cipherSuite0 != ECDHE_PSK_BYTE &&
+        ssl->options.cipherSuite0 != CHACHA_BYTE &&
+        ssl->options.cipherSuite0 != TLS13_BYTE) {   /* normal suites */
     switch (ssl->options.cipherSuite) {
 
 #ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA

src/tls.c

@@ -3860,7 +3860,8 @@ static void TLSX_SupportedCurve_ValidateRequest(WOLFSSL* ssl, byte* semaphore)
         if (ssl->suites->suites[i] == TLS13_BYTE)
             return;
         if ((ssl->suites->suites[i] == ECC_BYTE) ||
-                (ssl->suites->suites[i] == CHACHA_BYTE)) {
+            (ssl->suites->suites[i] == ECDHE_PSK_BYTE) ||
+            (ssl->suites->suites[i] == CHACHA_BYTE)) {
         #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \
                                                           defined(HAVE_CURVE448)
             return;
@@ -3888,7 +3889,8 @@ static void TLSX_PointFormat_ValidateRequest(WOLFSSL* ssl, byte* semaphore)
         if (ssl->suites->suites[i] == TLS13_BYTE)
             return;
         if ((ssl->suites->suites[i] == ECC_BYTE) ||
-                (ssl->suites->suites[i] == CHACHA_BYTE)) {
+            (ssl->suites->suites[i] == ECDHE_PSK_BYTE) ||
+            (ssl->suites->suites[i] == CHACHA_BYTE)) {
         #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \
                                                           defined(HAVE_CURVE448)
             return;
@@ -3919,6 +3921,7 @@ static void TLSX_PointFormat_ValidateResponse(WOLFSSL* ssl, byte* semaphore)
         return;
 #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)
     if (ssl->options.cipherSuite0 == ECC_BYTE ||
+        ssl->options.cipherSuite0 == ECDHE_PSK_BYTE ||
         ssl->options.cipherSuite0 == CHACHA_BYTE) {
         return;
     }
@@ -4439,7 +4442,7 @@ int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first, byte second) {
                 break;
         }
     }
-    if (first == ECC_BYTE || first == CHACHA_BYTE)
+    if (first == ECC_BYTE || first == ECDHE_PSK_BYTE || first == CHACHA_BYTE)
         extension = TLSX_Find(ssl->extensions, TLSX_SUPPORTED_GROUPS);
     if (!extension)
         return 1; /* no suite restriction */
@@ -11115,7 +11118,8 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
                 #endif
 
                 #ifdef HAVE_NULL_CIPHER
-                    if (cipherSuite0 == ECC_BYTE) {
+                    if (cipherSuite0 == ECC_BYTE ||
+                        cipherSuite0 == ECDHE_PSK_BYTE) {
                         if (cipherSuite != TLS_SHA256_SHA256 &&
                                              cipherSuite != TLS_SHA384_SHA384) {
                             continue;

tests/test-dtls-mtu.conf

@@ -43,7 +43,7 @@
 -l ECDHE-ECDSA-CHACHA20-POLY1305
 -A ./certs/ca-ecc-cert.pem
 
-# server TLSv1.2 DHE-PSK-CHACHA20-POLY1305
+# server DTLSv1.2 DHE-PSK-CHACHA20-POLY1305
 -e
 -u
 -f
@@ -51,7 +51,7 @@
 -s
 -l DHE-PSK-CHACHA20-POLY1305
 
-# client TLSv1.2 DHE-PSK-CHACHA20-POLY1305
+# client DTLSv1.2 DHE-PSK-CHACHA20-POLY1305
 -B 4000,1359
 -u
 -f
@@ -59,7 +59,7 @@
 -s
 -l DHE-PSK-CHACHA20-POLY1305
 
-# server TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305
+# server DTLSv1.2 ECDHE-PSK-CHACHA20-POLY1305
 -e
 -u
 -f
@@ -67,7 +67,7 @@
 -s
 -l ECDHE-PSK-CHACHA20-POLY1305
 
-# client TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305
+# client DTLSv1.2 ECDHE-PSK-CHACHA20-POLY1305
 -B 4000,1359
 -u
 -f
@@ -75,7 +75,7 @@
 -s
 -l ECDHE-PSK-CHACHA20-POLY1305
 
-# server TLSv1.2 PSK-CHACHA20-POLY1305
+# server DTLSv1.2 PSK-CHACHA20-POLY1305
 -e
 -u
 -f
@@ -83,7 +83,7 @@
 -s
 -l PSK-CHACHA20-POLY1305
 
-# client TLSv1.2 PSK-CHACHA20-POLY1305
+# client DTLSv1.2 PSK-CHACHA20-POLY1305
 -B 4000,1359
 -u
 -f
@@ -234,7 +234,7 @@
 -v 3
 -l ECDHE-RSA-AES256-SHA
 
-# server TLSv1 ECDHE-ECDSA-NULL-SHA
+# server DTLSv1 ECDHE-ECDSA-NULL-SHA
 -e
 -u
 -f
@@ -243,7 +243,7 @@
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 
-# client TLSv1 ECDHE-ECDSA-NULL-SHA
+# client DTLSv1 ECDHE-ECDSA-NULL-SHA
 -B 4000,1355
 -u
 -f
@@ -251,7 +251,7 @@
 -l ECDHE-ECDSA-NULL-SHA
 -A ./certs/ca-ecc-cert.pem
 
-# server TLSv1.1 ECDHE-ECDSA-NULL-SHA
+# server DTLSv1.1 ECDHE-ECDSA-NULL-SHA
 -e
 -u
 -f
@@ -260,7 +260,7 @@
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 
-# client TLSv1 ECDHE-ECDSA-NULL-SHA
+# client DTLSv1 ECDHE-ECDSA-NULL-SHA
 -B 4000,1355
 -u
 -f
@@ -268,7 +268,7 @@
 -l ECDHE-ECDSA-NULL-SHA
 -A ./certs/ca-ecc-cert.pem
 
-# server TLSv1.2 ECDHE-ECDSA-NULL-SHA
+# server DTLSv1.2 ECDHE-ECDSA-NULL-SHA
 -e
 -u
 -f
@@ -277,7 +277,7 @@
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 
-# client TLSv1.2 ECDHE-ECDSA-NULL-SHA
+# client DTLSv1.2 ECDHE-ECDSA-NULL-SHA
 -B 4000,1355
 -u
 -f
@@ -699,7 +699,7 @@
 -l ECDH-ECDSA-AES256-SHA384
 -A ./certs/ca-ecc-cert.pem
 
-# server TLSv1.2 ECDHE-PSK-AES128-CBC-SHA256
+# server DTLSv1.2 ECDHE-PSK-AES128-CBC-SHA256
 -e
 -s
 -u
@@ -707,7 +707,7 @@
 -v 3
 -l ECDHE-PSK-AES128-CBC-SHA256
 
-# client TLSv1.2 ECDHE-PSK-AES128-CBC-SHA256
+# client DTLSv1.2 ECDHE-PSK-AES128-CBC-SHA256
 -B 4000,1298
 -s
 -u
@@ -715,7 +715,7 @@
 -v 3
 -l ECDHE-PSK-AES128-CBC-SHA256
 
-# server TLSv1.2 ECDHE-PSK-NULL-SHA256
+# server DTLSv1.2 ECDHE-PSK-NULL-SHA256
 -e
 -s
 -u
@@ -723,7 +723,7 @@
 -v 3
 -l ECDHE-PSK-NULL-SHA256
 
-# client TLSv1.2 ECDHE-PSK-NULL-SHA256
+# client DTLSv1.2 ECDHE-PSK-NULL-SHA256
 -B 4000,1343
 -s
 -u
@@ -1149,7 +1149,7 @@
 -l ECDHE-ECDSA-CHACHA20-POLY1305
 -A ./certs/ca-ecc-cert.pem
 
-# server TLSv1.2 DHE-PSK-CHACHA20-POLY1305
+# server DTLSv1.2 DHE-PSK-CHACHA20-POLY1305
 -e
 -u 1024
 -f
@@ -1157,7 +1157,7 @@
 -s
 -l DHE-PSK-CHACHA20-POLY1305
 
-# client TLSv1.2 DHE-PSK-CHACHA20-POLY1305
+# client DTLSv1.2 DHE-PSK-CHACHA20-POLY1305
 -B 4000,983
 -u 1024
 -f
@@ -1165,7 +1165,7 @@
 -s
 -l DHE-PSK-CHACHA20-POLY1305
 
-# server TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305
+# server DTLSv1.2 ECDHE-PSK-CHACHA20-POLY1305
 -e
 -u 1024
 -f
@@ -1173,7 +1173,7 @@
 -s
 -l ECDHE-PSK-CHACHA20-POLY1305
 
-# client TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305
+# client DTLSv1.2 ECDHE-PSK-CHACHA20-POLY1305
 -B 4000,983
 -u 1024
 -f
@@ -1181,7 +1181,7 @@
 -s
 -l ECDHE-PSK-CHACHA20-POLY1305
 
-# server TLSv1.2 PSK-CHACHA20-POLY1305
+# server DTLSv1.2 PSK-CHACHA20-POLY1305
 -e
 -u 1024
 -f
@@ -1189,7 +1189,7 @@
 -s
 -l PSK-CHACHA20-POLY1305
 
-# client TLSv1.2 PSK-CHACHA20-POLY1305
+# client DTLSv1.2 PSK-CHACHA20-POLY1305
 -B 4000,983
 -u 1024
 -f
@@ -1340,7 +1340,7 @@
 -v 3
 -l ECDHE-RSA-AES256-SHA
 
-# server TLSv1 ECDHE-ECDSA-NULL-SHA
+# server DTLSv1 ECDHE-ECDSA-NULL-SHA
 -e
 -u 1024
 -f
@@ -1349,7 +1349,7 @@
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 
-# client TLSv1 ECDHE-ECDSA-NULL-SHA
+# client DTLSv1 ECDHE-ECDSA-NULL-SHA
 -B 4000,979
 -u 1024
 -f
@@ -1357,7 +1357,7 @@
 -l ECDHE-ECDSA-NULL-SHA
 -A ./certs/ca-ecc-cert.pem
 
-# server TLSv1.1 ECDHE-ECDSA-NULL-SHA
+# server DTLSv1.1 ECDHE-ECDSA-NULL-SHA
 -e
 -u 1024
 -f
@@ -1366,7 +1366,7 @@
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 
-# client TLSv1 ECDHE-ECDSA-NULL-SHA
+# client DTLSv1 ECDHE-ECDSA-NULL-SHA
 -B 4000,979
 -u 1024
 -f
@@ -1374,7 +1374,7 @@
 -l ECDHE-ECDSA-NULL-SHA
 -A ./certs/ca-ecc-cert.pem
 
-# server TLSv1.2 ECDHE-ECDSA-NULL-SHA
+# server DTLSv1.2 ECDHE-ECDSA-NULL-SHA
 -e
 -u 1024
 -f
@@ -1383,7 +1383,7 @@
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 
-# client TLSv1.2 ECDHE-ECDSA-NULL-SHA
+# client DTLSv1.2 ECDHE-ECDSA-NULL-SHA
 -B 4000,979
 -u 1024
 -f
@@ -1805,7 +1805,7 @@
 -l ECDH-ECDSA-AES256-SHA384
 -A ./certs/ca-ecc-cert.pem
 
-# server TLSv1.2 ECDHE-PSK-AES128-CBC-SHA256
+# server DTLSv1.2 ECDHE-PSK-AES128-CBC-SHA256
 -e
 -s
 -u 1024
@@ -1813,7 +1813,7 @@
 -v 3
 -l ECDHE-PSK-AES128-CBC-SHA256
 
-# client TLSv1.2 ECDHE-PSK-AES128-CBC-SHA256
+# client DTLSv1.2 ECDHE-PSK-AES128-CBC-SHA256
 -B 4000,922
 -s
 -u 1024
@@ -1821,21 +1821,21 @@
 -v 3
 -l ECDHE-PSK-AES128-CBC-SHA256
 
-# server TLSv1.2 ECDHE-PSK-AES128-SHA256
+# server DTLSv1.2 ECDHE-PSK-AES128-SHA256
 -s
 -u 1024
 -f
 -v 3
 -l ECDHE-PSK-AES128-SHA256
 
-# client TLSv1.2 ECDHE-PSK-AES128-SHA256
+# client DTLSv1.2 ECDHE-PSK-AES128-SHA256
 -s
 -u 1024
 -f
 -v 3
 -l ECDHE-PSK-AES128-SHA256
 
-# server TLSv1.2 ECDHE-PSK-NULL-SHA256
+# server DTLSv1.2 ECDHE-PSK-NULL-SHA256
 -e
 -s
 -u 1024
@@ -1843,7 +1843,7 @@
 -v 3
 -l ECDHE-PSK-NULL-SHA256
 
-# client TLSv1.2 ECDHE-PSK-NULL-SHA256
+# client DTLSv1.2 ECDHE-PSK-NULL-SHA256
 -B 4000,967
 -s
 -u 1024
@@ -2365,7 +2365,7 @@
 -l ECDHE-ECDSA-CHACHA20-POLY1305
 -A ./certs/ca-ecc-cert.pem
 
-# server TLSv1.2 DHE-PSK-CHACHA20-POLY1305
+# server DTLSv1.2 DHE-PSK-CHACHA20-POLY1305
 -e
 -u 512
 -f
@@ -2373,7 +2373,7 @@
 -s
 -l DHE-PSK-CHACHA20-POLY1305
 
-# client TLSv1.2 DHE-PSK-CHACHA20-POLY1305
+# client DTLSv1.2 DHE-PSK-CHACHA20-POLY1305
 -B 4000,471
 -u 512
 -f
@@ -2381,7 +2381,7 @@
 -s
 -l DHE-PSK-CHACHA20-POLY1305
 
-# server TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305
+# server DTLSv1.2 ECDHE-PSK-CHACHA20-POLY1305
 -e
 -u 512
 -f
@@ -2389,7 +2389,7 @@
 -s
 -l ECDHE-PSK-CHACHA20-POLY1305
 
-# client TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305
+# client DTLSv1.2 ECDHE-PSK-CHACHA20-POLY1305
 -B 4000,471
 -u 512
 -f
@@ -2397,7 +2397,7 @@
 -s
 -l ECDHE-PSK-CHACHA20-POLY1305
 
-# server TLSv1.2 PSK-CHACHA20-POLY1305
+# server DTLSv1.2 PSK-CHACHA20-POLY1305
 -e
 -u 512
 -f
@@ -2405,7 +2405,7 @@
 -s
 -l PSK-CHACHA20-POLY1305
 
-# client TLSv1.2 PSK-CHACHA20-POLY1305
+# client DTLSv1.2 PSK-CHACHA20-POLY1305
 -B 4000,471
 -u 512
 -f
@@ -2556,7 +2556,7 @@
 -v 3
 -l ECDHE-RSA-AES256-SHA
 
-# server TLSv1 ECDHE-ECDSA-NULL-SHA
+# server DTLSv1 ECDHE-ECDSA-NULL-SHA
 -e
 -u 512
 -f
@@ -2565,7 +2565,7 @@
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 
-# client TLSv1 ECDHE-ECDSA-NULL-SHA
+# client DTLSv1 ECDHE-ECDSA-NULL-SHA
 -B 4000,467
 -u 512
 -f
@@ -2573,7 +2573,7 @@
 -l ECDHE-ECDSA-NULL-SHA
 -A ./certs/ca-ecc-cert.pem
 
-# server TLSv1.1 ECDHE-ECDSA-NULL-SHA
+# server DTLSv1.1 ECDHE-ECDSA-NULL-SHA
 -e
 -u 512
 -f
@@ -2582,7 +2582,7 @@
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 
-# client TLSv1 ECDHE-ECDSA-NULL-SHA
+# client DTLSv1 ECDHE-ECDSA-NULL-SHA
 -B 4000,467
 -u 512
 -f
@@ -2590,7 +2590,7 @@
 -l ECDHE-ECDSA-NULL-SHA
 -A ./certs/ca-ecc-cert.pem
 
-# server TLSv1.2 ECDHE-ECDSA-NULL-SHA
+# server DTLSv1.2 ECDHE-ECDSA-NULL-SHA
 -e
 -u 512
 -f
@@ -2599,7 +2599,7 @@
 -c ./certs/server-ecc.pem
 -k ./certs/ecc-key.pem
 
-# client TLSv1.2 ECDHE-ECDSA-NULL-SHA
+# client DTLSv1.2 ECDHE-ECDSA-NULL-SHA
 -B 4000,467
 -u 512
 -f
@@ -3021,7 +3021,7 @@
 -l ECDH-ECDSA-AES256-SHA384
 -A ./certs/ca-ecc-cert.pem
 
-# server TLSv1.2 ECDHE-PSK-AES128-CBC-SHA256
+# server DTLSv1.2 ECDHE-PSK-AES128-CBC-SHA256
 -e
 -s
 -u 512
@@ -3029,7 +3029,7 @@
 -v 3
 -l ECDHE-PSK-AES128-CBC-SHA256
 
-# client TLSv1.2 ECDHE-PSK-AES128-CBC-SHA256
+# client DTLSv1.2 ECDHE-PSK-AES128-CBC-SHA256
 -B 4000,410
 -s
 -u 512
@@ -3037,7 +3037,7 @@
 -v 3
 -l ECDHE-PSK-AES128-CBC-SHA256
 
-# server TLSv1.2 ECDHE-PSK-NULL-SHA256
+# server DTLSv1.2 ECDHE-PSK-NULL-SHA256
 -e
 -s
 -u 512
@@ -3045,7 +3045,7 @@
 -v 3
 -l ECDHE-PSK-NULL-SHA256
 
-# client TLSv1.2 ECDHE-PSK-NULL-SHA256
+# client DTLSv1.2 ECDHE-PSK-NULL-SHA256
 -B 4000,455
 -s
 -u 512

tests/test-psk.conf

@@ -5,3 +5,11 @@
 # client- standard PSK
 -s
 -l PSK-CHACHA20-POLY1305
+
+# server
+-j
+-l ECDHE-PSK-AES128-GCM-SHA256
+
+# client
+-s
+-l ECDHE-PSK-AES128-GCM-SHA256

wolfssl/internal.h

@@ -667,6 +667,10 @@
             defined(WOLFSSL_AES_128) && defined(HAVE_AES_CBC)
             #define BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
         #endif
+        #if !defined(NO_PSK) && !defined(NO_SHA256) && !defined(NO_AES) && \
+            defined(WOLFSSL_AES_128) && defined(HAVE_AESGCM)
+            #define BUILD_TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256
+        #endif
     #endif
     #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256)
         #if !defined(NO_OLD_POLY1305)
@@ -1050,6 +1054,9 @@ enum {
     TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x14,
     TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256     = 0x15,
 
+    /* ECDHE_PSK RFC8442, first byte is 0xD0 (EDHE_PSK_BYTE) */
+    TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256    = 0x01,
+
     /* TLS v1.3 cipher suites */
     TLS_AES_128_GCM_SHA256       = 0x01,
     TLS_AES_256_GCM_SHA384       = 0x02,
@@ -1159,10 +1166,11 @@ enum {
 #endif
 
 enum Misc {
-    CIPHER_BYTE = 0x00,            /* Default ciphers */
-    ECC_BYTE    = 0xC0,            /* ECC first cipher suite byte */
-    CHACHA_BYTE = 0xCC,            /* ChaCha first cipher suite */
-    TLS13_BYTE  = 0x13,            /* TLS v1.3 first byte of cipher suite */
+    CIPHER_BYTE    = 0x00,         /* Default ciphers */
+    ECC_BYTE       = 0xC0,         /* ECC first cipher suite byte */
+    CHACHA_BYTE    = 0xCC,         /* ChaCha first cipher suite */
+    TLS13_BYTE     = 0x13,         /* TLS v1.3 first byte of cipher suite */
+    ECDHE_PSK_BYTE = 0xD0,         /* RFC 8442 */
 
     SEND_CERT       = 1,
     SEND_BLANK_CERT = 2,