Add ECDHE-PSK-AES{128,256}-SHA cipher suites.

If we're going to have PSK and use standard cipher suites, this might be
the best that we can do for the moment.

(This is a cherry-pick of BoringSSL's 85bc5601.)

Bug: 21522548
Change-Id: Ic94c74a2b3ee2387f640efff510646d1836efbfb

1 files changed, 4 insertions, 0 deletions

diff --git a/src/ssl/test/runner/cipher_suites.go b/src/ssl/test/runner/cipher_suites.go
index 162c0c0..70c7262 100644
--- a/src/ssl/test/runner/cipher_suites.go
+++ b/src/ssl/test/runner/cipher_suites.go
@@ -124,6 +124,8 @@ var cipherSuites = []*cipherSuite{
 	{TLS_PSK_WITH_RC4_128_SHA, 16, 20, 0, pskKA, suiteNoDTLS | suitePSK, cipherRC4, macSHA1, nil},
 	{TLS_PSK_WITH_AES_128_CBC_SHA, 16, 20, 16, pskKA, suitePSK, cipherAES, macSHA1, nil},
 	{TLS_PSK_WITH_AES_256_CBC_SHA, 32, 20, 16, pskKA, suitePSK, cipherAES, macSHA1, nil},
+	{TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, 16, 20, 16, ecdhePSKKA, suiteECDHE | suitePSK, cipherAES, macSHA1, nil},
+	{TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA, 32, 20, 16, ecdhePSKKA, suiteECDHE | suitePSK, cipherAES, macSHA1, nil},
 }
 
 func cipherRC4(key, iv []byte, isRead bool) interface{} {
@@ -402,6 +404,8 @@ const (
 	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 uint16 = 0xc02c
 	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   uint16 = 0xc02f
 	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384   uint16 = 0xc030
+	TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA      uint16 = 0xc035
+	TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA      uint16 = 0xc036
 	fallbackSCSV                            uint16 = 0x5600
 )