Merge branch 'peterdmv/ssl/tls13-poly-chacha/OTP-15383'

* peterdmv/ssl/tls13-poly-chacha/OTP-15383:
  ssl: Update standards compliance
  ssl: Enable additional ciphers for TLS 1.3

Change-Id: I2dc6eb73bc1b8809e7226e6b8e83f58b02a3e1e6

4 files changed, 26 insertions, 25 deletions

diff --git a/lib/ssl/doc/src/standards_compliance.xml b/lib/ssl/doc/src/standards_compliance.xml
index 25840d0fc6..ca98385f85 100644
--- a/lib/ssl/doc/src/standards_compliance.xml
+++ b/lib/ssl/doc/src/standards_compliance.xml
@@ -133,7 +133,8 @@
     <list type="bulleted">
       <item>Key Exchange: ECDHE</item>
       <item>Groups: all standard groups supported for the Diffie-Hellman key exchange</item>
-      <item>Ciphers: TLS_AES_128_GCM_SHA256 and TLS_AES_256_GCM_SHA384</item>
+      <item>Ciphers: TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384,
+      TLS_CHACHA20_POLY1305_SHA256 and TLS_AES_128_CCM_SHA256</item>
       <item>Signature Algorithms: RSA and RSA PSS</item>
       <item>Certificates: currently only certificates with RSA keys are supported</item>
     </list>
@@ -1967,8 +1968,8 @@
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">SHOULD implement the TLS_CHACHA20_POLY1305_SHA256</cell>
-	<cell align="left" valign="middle"><em>NC</em></cell>
-	<cell align="left" valign="middle"></cell>
+	<cell align="left" valign="middle"><em>C</em></cell>
+	<cell align="left" valign="middle">22</cell>
       </row>
 
       <row>
@@ -2203,14 +2204,14 @@
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">TLS_CHACHA20_POLY1305_SHA256</cell>
-	<cell align="left" valign="middle"><em>NC</em></cell>
-	<cell align="left" valign="middle"></cell>
+	<cell align="left" valign="middle"><em>C</em></cell>
+	<cell align="left" valign="middle">22</cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
         <cell align="left" valign="middle">TLS_AES_128_CCM_SHA256</cell>
-	<cell align="left" valign="middle"><em>NC</em></cell>
-	<cell align="left" valign="middle"></cell>
+	<cell align="left" valign="middle"><em>C</em></cell>
+	<cell align="left" valign="middle">22</cell>
       </row>
       <row>
         <cell align="left" valign="middle"></cell>
diff --git a/lib/ssl/src/ssl_cipher.hrl b/lib/ssl/src/ssl_cipher.hrl
index 9c5e2f80a9..0fa5f66c49 100644
--- a/lib/ssl/src/ssl_cipher.hrl
+++ b/lib/ssl/src/ssl_cipher.hrl
@@ -690,9 +690,9 @@
 -define(TLS_CHACHA20_POLY1305_SHA256, <<?BYTE(16#13),?BYTE(16#03)>>).
 
 %% %% TLS_AES_128_CCM_SHA256       = {0x13,0x04}
-%% -define(TLS_AES_128_CCM_SHA256, <<?BYTE(16#13), ?BYTE(16#04)>>).
+-define(TLS_AES_128_CCM_SHA256, <<?BYTE(16#13), ?BYTE(16#04)>>).
 
 %% %%  TLS_AES_128_CCM_8_SHA256    = {0x13,0x05}
-%% -define(TLS_AES_128_CCM_8_SHA256, <<?BYTE(16#13),?BYTE(16#05)>>).
+-define(TLS_AES_128_CCM_8_SHA256, <<?BYTE(16#13),?BYTE(16#05)>>).
 
 -endif. % -ifdef(ssl_cipher).
diff --git a/lib/ssl/src/ssl_cipher_format.erl b/lib/ssl/src/ssl_cipher_format.erl
index 887eb6c653..577156a4b5 100644
--- a/lib/ssl/src/ssl_cipher_format.erl
+++ b/lib/ssl/src/ssl_cipher_format.erl
@@ -955,12 +955,12 @@ suite_bin_to_map(?TLS_CHACHA20_POLY1305_SHA256) ->
     #{key_exchange => any,
       cipher => chacha20_poly1305,
       mac => aead,
-      prf => sha256}.
-%% suite_bin_to_map(?TLS_AES_128_CCM_SHA256) ->
-%%      #{key_exchange => any,
-%%        cipher => aes_128_ccm,
-%%        mac => aead
-%%        prf => sha256};
+      prf => sha256};
+suite_bin_to_map(?TLS_AES_128_CCM_SHA256) ->
+     #{key_exchange => any,
+       cipher => aes_128_ccm,
+       mac => aead,
+       prf => sha256}.
 %% suite_bin_to_map(?TLS_AES_128_CCM_8_SHA256) ->
 %%      #{key_exchange => any,
 %%       cipher => aes_128_ccm_8,
@@ -1690,12 +1690,12 @@ suite_map_to_bin(#{key_exchange := any,
       cipher := chacha20_poly1305,
       mac := aead,
       prf := sha256}) ->
-    ?TLS_CHACHA20_POLY1305_SHA256.
-%% suite_map_to_bin(#{key_exchange := any,
-%%       cipher := aes_128_ccm,
-%%       mac := aead,
-%%       prf := sha256}) ->
-%%     ?TLS_AES_128_CCM_SHA256;
+    ?TLS_CHACHA20_POLY1305_SHA256;
+suite_map_to_bin(#{key_exchange := any,
+      cipher := aes_128_ccm,
+      mac := aead,
+      prf := sha256}) ->
+    ?TLS_AES_128_CCM_SHA256.
 %% suite_map_to_bin(#{key_exchange := any,
 %%       cipher := aes_128_ccm_8,
 %%       mac := aead,
diff --git a/lib/ssl/src/tls_v1.erl b/lib/ssl/src/tls_v1.erl
index f103f3218b..27cd5765e5 100644
--- a/lib/ssl/src/tls_v1.erl
+++ b/lib/ssl/src/tls_v1.erl
@@ -501,18 +501,18 @@ suites(3) ->
 suites(4) ->
     [?TLS_AES_256_GCM_SHA384,
      ?TLS_AES_128_GCM_SHA256,
-     ?TLS_CHACHA20_POLY1305_SHA256
+     ?TLS_CHACHA20_POLY1305_SHA256,
+     ?TLS_AES_128_CCM_SHA256
      %% Not supported
-     %% ?TLS_AES_128_CCM_SHA256,
      %% ?TLS_AES_128_CCM_8_SHA256
     ] ++ suites(3);
 
 suites('TLS_v1.3') ->
     [?TLS_AES_256_GCM_SHA384,
      ?TLS_AES_128_GCM_SHA256,
-     ?TLS_CHACHA20_POLY1305_SHA256
+     ?TLS_CHACHA20_POLY1305_SHA256,
+     ?TLS_AES_128_CCM_SHA256
      %% Not supported
-     %% ?TLS_AES_128_CCM_SHA256,
      %% ?TLS_AES_128_CCM_8_SHA256
     ].