1 files changed, 158 insertions, 29 deletions

diff --git a/lib/ssl/src/ssl_cipher_format.erl b/lib/ssl/src/ssl_cipher_format.erl
index b592295d56..8737181922 100644
--- a/lib/ssl/src/ssl_cipher_format.erl
+++ b/lib/ssl/src/ssl_cipher_format.erl
@@ -467,16 +467,16 @@ suite_definition(?TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384) ->
       cipher => aes_256_gcm, 
       mac => null, 
       prf => sha384};
-%% suite_definition(?TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256) ->
-%%     #{key_exchange => ecdhe_psk, 
-%%       cipher => aes_128_ccm, 
-%%       mac => null, 
-%%       prf =>sha256};
-%% suite_definition(?TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256) ->
-%%     #{key_exchange => ecdhe_psk, 
-%%       cipher => aes_256_ccm, 
-%%       mac => null, 
-%%       prf => sha256};
+suite_definition(?TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256) ->
+     #{key_exchange => ecdhe_psk, 
+      cipher => aes_128_ccm, 
+       mac => null, 
+       prf =>sha256};
+suite_definition(?TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256) ->
+    #{key_exchange => ecdhe_psk, 
+      cipher => aes_128_ccm_8, 
+      mac => null, 
+      prf =>sha256};
 %%% SRP Cipher Suites RFC 5054
 suite_definition(?TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA) ->
     #{key_exchange => srp_anon, 
@@ -792,7 +792,53 @@ suite_definition(?TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384) ->
       cipher => aes_256_gcm, 
       mac => aead, 
       prf => sha384};
-%% draft-agl-tls-chacha20poly1305-04 Chacha20/Poly1305 Suites
+suite_definition(?TLS_PSK_WITH_AES_128_CCM) ->
+    #{key_exchange => psk,
+      cipher => aes_128_ccm,
+      mac => aead,
+      prf => sha256};
+suite_definition(?TLS_PSK_WITH_AES_256_CCM) -> 
+    #{key_exchange => psk,
+      cipher => aes_256_ccm,
+      mac => aead,
+      prf => sha256};
+suite_definition(?TLS_DHE_PSK_WITH_AES_128_CCM) ->
+    #{key_exchange => dhe_psk,
+      cipher => aes_128_ccm,
+      mac => aead,
+      prf => sha256};
+suite_definition(?TLS_DHE_PSK_WITH_AES_256_CCM) ->
+    #{key_exchange => dhe_psk,
+      cipher => aes_256_ccm,
+      mac => aead,
+      prf => sha256};
+suite_definition(?TLS_PSK_WITH_AES_128_CCM_8) ->
+    #{key_exchange => psk,
+      cipher => aes_128_ccm_8,
+      mac => aead,
+      prf => sha256};
+suite_definition(?TLS_PSK_WITH_AES_256_CCM_8) ->
+    #{key_exchange => psk,
+      cipher => aes_256_ccm_8,
+      mac => aead,
+      prf => sha256};
+suite_definition(?TLS_PSK_DHE_WITH_AES_128_CCM_8) ->
+  #{key_exchange => dhe_psk,
+    cipher => aes_128_ccm_8,
+    mac => aead,
+    prf => sha256};
+suite_definition(?TLS_PSK_DHE_WITH_AES_256_CCM_8) ->
+  #{key_exchange => dhe_psk,
+    cipher => aes_256_ccm_8,
+    mac => aead,
+    prf => sha256};
+suite_definition(#{key_exchange := psk_dhe,
+                   cipher := aes_256_ccm_8,
+                   mac := aead,
+                   prf := sha256}) ->
+    ?TLS_PSK_DHE_WITH_AES_256_CCM_8;
+
+% draft-agl-tls-chacha20poly1305-04 Chacha20/Poly1305 Suites
 suite_definition(?TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256) ->
     #{key_exchange => ecdhe_rsa, 
       cipher => chacha20_poly1305, 
@@ -825,16 +871,15 @@ suite_definition(?TLS_CHACHA20_POLY1305_SHA256) ->
       mac => aead,
       prf => sha256}.
 %% suite_definition(?TLS_AES_128_CCM_SHA256) ->
-%%     #{key_exchange => any,
-%%       cipher => aes_128_ccm,
-%%       mac => aead,
-%%       prf => sha256};
+%%      #{key_exchange => any,
+%%        cipher => aes_128_ccm,
+%%        mac => aead,
+%%        prf => sha256};
 %% suite_definition(?TLS_AES_128_CCM_8_SHA256) ->
-%%     #{key_exchange => any,
+%%      #{key_exchange => any,
 %%       cipher => aes_128_ccm_8,
-%%       mac => aead,
-%%       prf => sha256}.
-
+%%        mac => aead,
+%%        prf => sha256}.
 
 %%--------------------------------------------------------------------
 -spec erl_suite_definition(cipher_suite() | internal_erl_cipher_suite()) -> old_erl_cipher_suite().
@@ -1154,16 +1199,16 @@ suite(#{key_exchange := ecdhe_psk,
        mac := null, 
        prf := sha384}) ->
     ?TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384;
- %% suite(#{key_exchange := ecdhe_psk, 
- %%        cipher := aes_128_ccm, 
- %%        mac := null, 
- %%        prf := sha256}) ->
- %%    ?TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256;
- %% suite(#{key_exchange := ecdhe_psk, 
- %%         cipher := aes_256_ccm, 
- %%         mac := null, 
- %%         prf := sha256}) ->
- %%    ?TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256;
+suite(#{key_exchange := ecdhe_psk, 
+        cipher := aes_128_ccm_8, 
+        mac := null, 
+        prf := sha256}) ->
+    ?TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256;
+suite(#{key_exchange := ecdhe_psk, 
+        cipher := aes_128_ccm, 
+         mac := null, 
+         prf := sha256}) ->
+    ?TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256;
 %%% SRP Cipher Suites RFC 5054
 suite(#{key_exchange := srp_anon, 
         cipher := '3des_ede_cbc',
@@ -1460,6 +1505,90 @@ suite(#{key_exchange := dhe_rsa,
         mac := aead, 
         prf := sha256}) ->
     ?TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256;
+
+%% RFC 6655 - TLS-1.2 cipher suites
+suite(#{key_exchange := psk,
+        cipher := aes_128_ccm,
+        mac := aead,
+        prf := sha256}) ->
+    ?TLS_PSK_WITH_AES_128_CCM;
+suite(#{key_exchange := psk,
+        cipher := aes_256_ccm,
+        mac := aead,
+        prf := sha256}) ->
+    ?TLS_PSK_WITH_AES_256_CCM;
+suite(#{key_exchange := dhe_psk,
+        cipher := aes_128_ccm,
+        mac := aead,
+        prf := sha256}) ->
+    ?TLS_DHE_PSK_WITH_AES_128_CCM;
+suite(#{key_exchange := dhe_psk,
+        cipher := aes_256_ccm,
+        mac := aead,
+        prf := sha256}) ->
+    ?TLS_DHE_PSK_WITH_AES_256_CCM;
+suite(#{key_exchange := rsa,
+        cipher := aes_128_ccm,
+        mac := aead,
+        prf := sha256}) ->
+    ?TLS_RSA_WITH_AES_128_CCM;
+suite(#{key_exchange := rsa,
+        cipher := aes_256_ccm,
+        mac := aead,
+        prf := sha256}) ->
+    ?TLS_RSA_WITH_AES_256_CCM;
+suite(#{key_exchange := dhe_rsa,
+        cipher := aes_128_ccm,
+        mac := aead,
+        prf := sha256}) ->
+    ?TLS_DHE_RSA_WITH_AES_128_CCM;
+suite(#{key_exchange := dhe_rsa,
+        cipher := aes_256_ccm,
+        mac := aead,
+        prf := sha256}) ->
+    ?TLS_DHE_RSA_WITH_AES_256_CCM;
+
+suite(#{key_exchange := psk,
+        cipher := aes_128_ccm_8,
+        mac := aead,
+        prf := sha256}) ->
+    ?TLS_PSK_WITH_AES_128_CCM_8;
+suite(#{key_exchange := psk,
+        cipher := aes_256_ccm_8,
+        mac := aead,
+        prf := sha256}) ->
+    ?TLS_PSK_WITH_AES_256_CCM_8;
+suite(#{key_exchange := dhe_psk,
+        cipher := aes_128_ccm_8,
+        mac := aead,
+        prf := sha256}) ->
+    ?TLS_PSK_DHE_WITH_AES_128_CCM_8;
+suite(#{key_exchange := dhe_psk,
+        cipher := aes_256_ccm_8,
+        mac := aead,
+        prf := sha256}) ->
+    ?TLS_PSK_DHE_WITH_AES_256_CCM_8;
+suite(#{key_exchange := rsa,
+        cipher := aes_128_ccm_8,
+        mac := aead,
+        prf := sha256}) ->
+    ?TLS_RSA_WITH_AES_128_CCM_8;
+suite(#{key_exchange := rsa,
+        cipher := aes_256_ccm_8,
+        mac := aead,
+        prf := sha256}) ->
+    ?TLS_RSA_WITH_AES_256_CCM_8;
+suite(#{key_exchange := dhe_rsa,
+        cipher := aes_128_ccm_8,
+        mac := aead,
+        prf := sha256}) ->
+    ?TLS_DHE_RSA_WITH_AES_128_CCM_8;
+suite(#{key_exchange := dhe_rsa,
+        cipher := aes_256_ccm_8,
+        mac := aead,
+        prf := sha256}) ->
+    ?TLS_DHE_RSA_WITH_AES_256_CCM_8;
+
 %% TLS 1.3 Cipher Suites RFC8446
 suite(#{key_exchange := any,
         cipher := aes_128_gcm,