Remove RSA-PSK key exchange

[gilles-peskine-arm]

Remove the RSA-PSK key exchange in TLS 1.2.

• Prerequisites: none.
• Config option: MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
• Key exchange type: MBEDTLS_KEY_EXCHANGE_RSA_PSK
• Affected cipher suite macros regex: MBEDTLS_TLS_RSA_PSK_\w+
• Full list of cipher suite names:

  TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256
  TLS-RSA-PSK-WITH-AES-256-GCM-SHA384
  TLS-RSA-PSK-WITH-AES-256-CBC-SHA384
  TLS-RSA-PSK-WITH-AES-256-CBC-SHA
  TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384
  TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384
  TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384
  TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384
  TLS-RSA-PSK-WITH-AES-128-GCM-SHA256
  TLS-RSA-PSK-WITH-AES-128-CBC-SHA256
  TLS-RSA-PSK-WITH-AES-128-CBC-SHA
  TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256
  TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256
  TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256
  TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256
  TLS-RSA-PSK-WITH-NULL-SHA384
  TLS-RSA-PSK-WITH-NULL-SHA256
  TLS-RSA-PSK-WITH-NULL-SHA
  

Generic steps to remove a key exchange type

Generalized from #9613. Typically each step is expected to be a separate commit, or more if it's complicated.

• First, remove test cases that force the use of the key exchange that's being removed (by forcing a cipher suite). These test cases can be classified in three categories:

  • Some test cases are specifically about the removed key exchange. (For example, we are removing RSA, and the test case is specifically about RSA.) Just remove those test cases.
  • Some test cases have an objective that's broader than the removed key exchange, but have an equivalent test case that uses another key exchange. (For example, we are removing RSA, and there is a pair of similar test cases, one using RSA and ECDSA.) Just remove those test cases.
  • Some test cases have an objective that's broader than the removed key exchange, and have no equivalent test case that uses another key exchange. (For example, we are removing RSA, and a test case for DTLS retransmission happens to use RSA but could have equally been written to use ECDSA.) Adapt those test cases to use a different cipher suite that won't be removed.

  For ease of review, removing and adapting the test cases should be done in a first pull request, separate from removing the library code. That way, if there's a debate over which test cases need to be adapted, it won't require complicated back-and-forth. However, if it's obvious that no test cases need to be adapted, it's ok to remove the test cases in a single commit that's part of the same pull request that removes the library code.

• Remove test cases that force an affected cipher suite. At this point (after the prerequisites are done), they should be test cases whose objective is to test that particular cipher suite or at least that particular key exchange.

• Remove the configuration option and all code guarded by it (including the cipher suite definitions).

• Remove the key exchange type in mbedtls_key_exchange_type_t and all code that uses it.

• Remove all easily discoverable mentions of the key exchange type in documentation.

• Remove the uses of the macros for affected cipher suites in include/mbedtls/mbedtls_config.h, library/ssl_ciphersuites.c and tests/compat.sh; and remove the macro definitions in include/mbedtls/ssl_ciphersuites.h.

• Remove code that's specific to this key exchange type or to an associated cipher suite from tests/scripts/translate_ciphers.py.

• Remove any remaining discoverable mention of the key exchange type. This step depends on the key exchange and typically cannot be fully planned out until the other steps are done. If this turns out to be a significant amount of work, file an issue for it, and determine whether that is a blocker for the 4.0 release.

• Changelog entry.