From 0838a3828baa4c3416ecf189e16ef2a4a3d51c64 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Wed, 7 Dec 2016 14:52:41 -0800
Subject: [PATCH] Multicast DTLS 1. Added new cipher suite for use with
 Multicast DTLS,    WDM_WITH_NULL_SHA256. (It should be a private suite.) 2.
 Update the API test to use the new suite.

---
 src/internal.c     | 10 ++++++++++
 src/keys.c         | 13 +++++++++++++
 tests/api.c        |  2 +-
 wolfssl/internal.h |  8 ++++++++
 4 files changed, 32 insertions(+), 1 deletion(-)

diff --git a/src/internal.c b/src/internal.c
index 009c96886..161243dbc 100755
--- a/src/internal.c
+++ b/src/internal.c
@@ -14540,6 +14540,9 @@ static const char* const cipher_names[] =
     "TLS13-AES128-CCM-8-SHA256",
 #endif
 
+#ifdef BUILD_WDM_WITH_NULL_SHA256
+    "WDM-NULL-SHA256",
+#endif
 };
 
 
@@ -15007,6 +15010,9 @@ static int cipher_name_idx[] =
     TLS_AES_128_CCM_8_SHA256,
 #endif
 
+#ifdef BUILD_WDM_WITH_NULL_SHA256
+    WDM_WITH_NULL_SHA256,
+#endif
 };
 
 
@@ -15495,6 +15501,10 @@ const char* wolfSSL_get_cipher_name_from_suite(const unsigned char cipherSuite,
 #ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
             case TLS_DH_anon_WITH_AES_128_CBC_SHA :
                 return "TLS_DH_anon_WITH_AES_128_CBC_SHA";
+#endif
+#ifdef BUILD_WDM_WITH_NULL_SHA256
+            case WDM_WITH_NULL_SHA256 :
+                return "WDM_WITH_NULL_SHA256";
 #endif
             default:
                 return "NONE";
diff --git a/src/keys.c b/src/keys.c
index b8726d28a..d38e1c070 100644
--- a/src/keys.c
+++ b/src/keys.c
@@ -2083,6 +2083,19 @@ int SetCipherSpecs(WOLFSSL* ssl)
             break;
 #endif
 
+#ifdef BUILD_WDM_WITH_NULL_SHA256
+        case WDM_WITH_NULL_SHA256 :
+            ssl->specs.bulk_cipher_algorithm = wolfssl_cipher_null;
+            ssl->specs.cipher_type           = stream;
+            ssl->specs.mac_algorithm         = sha256_mac;
+            ssl->specs.kea                   = no_kea;
+            ssl->specs.sig_algo              = anonymous_sa_algo;
+            ssl->specs.hash_size             = SHA256_DIGEST_SIZE;
+            ssl->specs.pad_size              = PAD_SHA;
+
+            break;
+#endif
+
     default:
         WOLFSSL_MSG("Unsupported cipher suite, SetCipherSpecs");
         return UNSUPPORTED_SUITE;
diff --git a/tests/api.c b/tests/api.c
index dad372caa..57df19572 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -2356,7 +2356,7 @@ static void test_wolfSSL_dtls_mcast(void)
     byte preMasterSecret[512];
     byte clientRandom[32];
     byte serverRandom[32];
-    byte suite[2] = {0, 0xb0};  /* TLS_PSK_WITH_NULL_SHA256 */
+    byte suite[2] = {0, 0xfe};  /* WDM_WITH_NULL_SHA256 */
     byte buf[256];
     byte newId;
 
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index 45b006285..09c7192b4 100755
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -657,6 +657,12 @@ typedef byte word24[3];
     #endif
 #endif
 
+#ifdef WOLFSSL_MULTICAST
+    #if defined(HAVE_NULL_CIPHER) && !defined(NO_SHA256)
+        #define BUILD_WDM_WITH_NULL_SHA256
+    #endif
+#endif
+
 #if defined(BUILD_SSL_RSA_WITH_RC4_128_SHA) || \
     defined(BUILD_SSL_RSA_WITH_RC4_128_MD5)
     #define BUILD_ARC4
@@ -794,6 +800,7 @@ enum {
     TLS_RSA_WITH_HC_128_MD5       = 0xFB,
     TLS_RSA_WITH_HC_128_SHA       = 0xFC,
     TLS_RSA_WITH_RABBIT_SHA       = 0xFD,
+    WDM_WITH_NULL_SHA256          = 0xFE, /* wolfSSL DTLS Multicast */
 
     /* wolfSSL extension - Blake2b 256 */
     TLS_RSA_WITH_AES_128_CBC_B2B256   = 0xF8,
@@ -1028,6 +1035,7 @@ enum Misc {
     DTLS_EXPORT_LEN          = 2,  /* 2 bytes for length and protocol */
     DTLS_EXPORT_IP           = 46, /* max ip size IPv4 mapped IPv6 */
     MAX_EXPORT_BUFFER        = 514, /* max size of buffer for exporting */
+    DTLS_MCAST_ID_MAX        = 100, /* max allowed multicast group ID */
     FINISHED_LABEL_SZ   = 15,  /* TLS finished label size */
     TLS_FINISHED_SZ     = 12,  /* TLS has a shorter size  */
     EXT_MASTER_LABEL_SZ = 22,  /* TLS extended master secret label sz */