From 81121941e0d2dbe0967095637d007d4fd9d7f412 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C3=A9ter=20Dimitrov?= <peterdmv@erlang.org>
Date: Wed, 24 Apr 2019 16:48:06 +0200
Subject: ssl: Enable additional ciphers for TLS 1.3

Enable TLS_CHACHA20_POLY1305_SHA256 and TLS_AES_128_CCM_SHA256.

Change-Id: I04e32bcbf0683bb517f235a3e352facffc674692
---
 lib/ssl/src/ssl_cipher.hrl        |  4 ++--
 lib/ssl/src/ssl_cipher_format.erl | 24 ++++++++++++------------
 lib/ssl/src/tls_v1.erl            |  8 ++++----
 3 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/lib/ssl/src/ssl_cipher.hrl b/lib/ssl/src/ssl_cipher.hrl
index 9c5e2f80a9..0fa5f66c49 100644
--- a/lib/ssl/src/ssl_cipher.hrl
+++ b/lib/ssl/src/ssl_cipher.hrl
@@ -690,9 +690,9 @@
 -define(TLS_CHACHA20_POLY1305_SHA256, <<?BYTE(16#13),?BYTE(16#03)>>).
 
 %% %% TLS_AES_128_CCM_SHA256       = {0x13,0x04}
-%% -define(TLS_AES_128_CCM_SHA256, <<?BYTE(16#13), ?BYTE(16#04)>>).
+-define(TLS_AES_128_CCM_SHA256, <<?BYTE(16#13), ?BYTE(16#04)>>).
 
 %% %%  TLS_AES_128_CCM_8_SHA256    = {0x13,0x05}
-%% -define(TLS_AES_128_CCM_8_SHA256, <<?BYTE(16#13),?BYTE(16#05)>>).
+-define(TLS_AES_128_CCM_8_SHA256, <<?BYTE(16#13),?BYTE(16#05)>>).
 
 -endif. % -ifdef(ssl_cipher).
diff --git a/lib/ssl/src/ssl_cipher_format.erl b/lib/ssl/src/ssl_cipher_format.erl
index 887eb6c653..577156a4b5 100644
--- a/lib/ssl/src/ssl_cipher_format.erl
+++ b/lib/ssl/src/ssl_cipher_format.erl
@@ -955,12 +955,12 @@ suite_bin_to_map(?TLS_CHACHA20_POLY1305_SHA256) ->
     #{key_exchange => any,
       cipher => chacha20_poly1305,
       mac => aead,
-      prf => sha256}.
-%% suite_bin_to_map(?TLS_AES_128_CCM_SHA256) ->
-%%      #{key_exchange => any,
-%%        cipher => aes_128_ccm,
-%%        mac => aead
-%%        prf => sha256};
+      prf => sha256};
+suite_bin_to_map(?TLS_AES_128_CCM_SHA256) ->
+     #{key_exchange => any,
+       cipher => aes_128_ccm,
+       mac => aead,
+       prf => sha256}.
 %% suite_bin_to_map(?TLS_AES_128_CCM_8_SHA256) ->
 %%      #{key_exchange => any,
 %%       cipher => aes_128_ccm_8,
@@ -1690,12 +1690,12 @@ suite_map_to_bin(#{key_exchange := any,
       cipher := chacha20_poly1305,
       mac := aead,
       prf := sha256}) ->
-    ?TLS_CHACHA20_POLY1305_SHA256.
-%% suite_map_to_bin(#{key_exchange := any,
-%%       cipher := aes_128_ccm,
-%%       mac := aead,
-%%       prf := sha256}) ->
-%%     ?TLS_AES_128_CCM_SHA256;
+    ?TLS_CHACHA20_POLY1305_SHA256;
+suite_map_to_bin(#{key_exchange := any,
+      cipher := aes_128_ccm,
+      mac := aead,
+      prf := sha256}) ->
+    ?TLS_AES_128_CCM_SHA256.
 %% suite_map_to_bin(#{key_exchange := any,
 %%       cipher := aes_128_ccm_8,
 %%       mac := aead,
diff --git a/lib/ssl/src/tls_v1.erl b/lib/ssl/src/tls_v1.erl
index f103f3218b..27cd5765e5 100644
--- a/lib/ssl/src/tls_v1.erl
+++ b/lib/ssl/src/tls_v1.erl
@@ -501,18 +501,18 @@ suites(3) ->
 suites(4) ->
     [?TLS_AES_256_GCM_SHA384,
      ?TLS_AES_128_GCM_SHA256,
-     ?TLS_CHACHA20_POLY1305_SHA256
+     ?TLS_CHACHA20_POLY1305_SHA256,
+     ?TLS_AES_128_CCM_SHA256
      %% Not supported
-     %% ?TLS_AES_128_CCM_SHA256,
      %% ?TLS_AES_128_CCM_8_SHA256
     ] ++ suites(3);
 
 suites('TLS_v1.3') ->
     [?TLS_AES_256_GCM_SHA384,
      ?TLS_AES_128_GCM_SHA256,
-     ?TLS_CHACHA20_POLY1305_SHA256
+     ?TLS_CHACHA20_POLY1305_SHA256,
+     ?TLS_AES_128_CCM_SHA256
      %% Not supported
-     %% ?TLS_AES_128_CCM_SHA256,
      %% ?TLS_AES_128_CCM_8_SHA256
     ].
 
-- 
cgit v1.2.3