Multicast DTLS

1. Add DTLS-multicast to the enable options.
2. Reorg DTLS related enable options together.
3. Update a couple enable option texts to use the AS_HELP_STRING() macro.
4. Add three new APIs for managing a DTLS Multicast session.
5. Add test code for new APIs.
6. Add stub code for the new APIs.

configure.ac

@@ -349,6 +349,29 @@ AS_IF([test "x$ENABLED_SCTP" = "xyes"],
 ])
 
 
+# DTLS-MULTICAST
+AC_ARG_ENABLE([mcast],
+    [AS_HELP_STRING([--enable-mcast],[Enable wolfSSL DTLS multicast support (default: disabled)])],
+    [ENABLED_MCAST=$enableval],
+    [ENABLED_MCAST=no])
+
+AM_CONDITIONAL([BUILD_MCAST], [test "x$ENABLED_MCAST" = "xyes"])
+
+
+# RNG
+AC_ARG_ENABLE([rng],
+    [AS_HELP_STRING([--enable-rng],[Enable compiling and using RNG (default: enabled)])],
+    [ ENABLED_RNG=$enableval ],
+    [ ENABLED_RNG=yes ]
+    )
+
+if test "$ENABLED_RNG" = "no"
+then
+    AM_CFLAGS="$AM_CFLAGS -DWC_NO_RNG"
+fi
+AM_CONDITIONAL([BUILD_RNG], [test "x$ENABLED_RNG" = "xyes"])
+
+
 # OpenSSH compatibility Build
 AC_ARG_ENABLE([openssh],
     [AS_HELP_STRING([--enable-openssh],[Enable OpenSSH compatibility build (default: disabled)])],
@@ -3532,9 +3555,12 @@ AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \
 AS_IF([test "x$ENABLED_SCTP" = "xyes"],
       [AM_CFLAGS="-DWOLFSSL_SCTP $AM_CFLAGS"])
 
-# SCTP requires DTLS
-AS_IF([test "x$ENABLED_DTLS" = "xno" && \
-       test "x$ENABLED_SCTP" = "xyes"],
+AS_IF([test "x$ENABLED_MCAST" = "xyes"],
+      [AM_CFLAGS="-DWOLFSSL_MULTICAST $AM_CFLAGS"])
+
+# SCTP and Multicast require DTLS
+AS_IF([(test "x$ENABLED_DTLS" = "xno") && \
+        (test "x$ENABLED_SCTP" = "xyes" || test "x$ENABLED_MCAST" = "xyes")],
       [AM_CFLAGS="-DWOLFSSL_DTLS $AM_CFLAGS"
        ENABLED_DTLS=yes])
 
@@ -3816,6 +3842,7 @@ echo "   * NGINX:                      $ENABLED_NGINX"
 echo "   * ERROR_STRINGS:              $ENABLED_ERROR_STRINGS"
 echo "   * DTLS:                       $ENABLED_DTLS"
 echo "   * SCTP:                       $ENABLED_SCTP"
+echo "   * Multicast:                  $ENABLED_MCAST"
 echo "   * Old TLS Versions:           $ENABLED_OLD_TLS"
 echo "   * SSL version 3.0:            $ENABLED_SSLV3"
 echo "   * TLS v1.3:                   $ENABLED_TLS13"

src/ssl.c

@@ -843,6 +843,64 @@ int wolfSSL_dtls_set_mtu(WOLFSSL* ssl, word16 newMtu)
 
 #endif /* WOLFSSL_DTLS && WOLFSSL_SCTP */
 
+
+#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_MULTICAST)
+
+int wolfSSL_dtls_mcast_set_member_id(WOLFSSL* ssl, byte id)
+{
+    int ret = SSL_SUCCESS;
+
+    (void)ssl;
+    (void)id;
+
+    WOLFSSL_ENTER("wolfSSL_dtls_mcast_set_member_id()");
+    WOLFSSL_LEAVE("wolfSSL_dtls_mcast_set_member_id()", ret);
+    return ret;
+}
+
+
+int wolfSSL_dtls_mcast_set_secret(WOLFSSL* ssl, unsigned short epoch,
+                                  const byte* preMasterSecret,
+                                  word32 preMasterSz,
+                                  const byte* clientRandom,
+                                  const byte* serverRandom,
+                                  const byte* suite)
+{
+    int ret = SSL_SUCCESS;
+
+    (void)ssl;
+    (void)epoch;
+    (void)preMasterSecret;
+    (void)preMasterSz;
+    (void)clientRandom;
+    (void)serverRandom;
+    (void)suite;
+
+    WOLFSSL_ENTER("wolfSSL_dtls_mcast_set_secret()");
+    WOLFSSL_LEAVE("wolfSSL_dtls_mcast_set_secret()", ret);
+    return ret;
+}
+
+
+int wolfSSL_dtls_mcast_read(WOLFSSL* ssl, unsigned char* id,
+                            void* data, int sz)
+{
+    int ret = 0;
+
+    (void)ssl;
+    (void)data;
+    (void)sz;
+
+    WOLFSSL_ENTER("wolfSSL_dtls_mcast_read()");
+    if (id != NULL)
+        *id = 0;
+    WOLFSSL_LEAVE("wolfSSL_dtls_mcast_read()", ret);
+    return ret;
+}
+
+#endif /* WOLFSSL_DTLS && WOLFSSL_MULTICAST */
+
+
 #endif /* WOLFSSL_LEANPSK */
 
 

tests/api.c

@@ -2344,6 +2344,48 @@ static int test_wolfSSL_UseOCSPStaplingV2 (void)
 
 } /*END test_wolfSSL_UseOCSPStaplingV2*/
 
+/*----------------------------------------------------------------------------*
+ | DTLS Multicast Tests
+ *----------------------------------------------------------------------------*/
+static void test_wolfSSL_dtls_mcast(void)
+{
+#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_MULTICAST)
+    WOLFSSL_CTX* ctx;
+    WOLFSSL* ssl;
+    int result;
+    byte preMasterSecret[512];
+    byte clientRandom[32];
+    byte serverRandom[32];
+    byte suite[2] = {0, 0xb0};  /* TLS_PSK_WITH_NULL_SHA256 */
+    byte buf[256];
+    byte newId;
+
+    ctx = wolfSSL_CTX_new(wolfDTLSv1_2_client_method());
+    AssertNotNull(ctx);
+    ssl = wolfSSL_new(ctx);
+    AssertNotNull(ssl);
+
+    result = wolfSSL_dtls_mcast_set_member_id(ssl, 0);
+    AssertIntEQ(result, SSL_SUCCESS);
+
+    XMEMSET(preMasterSecret, 0x23, sizeof(preMasterSecret));
+    XMEMSET(clientRandom, 0xA5, sizeof(clientRandom));
+    XMEMSET(serverRandom, 0x5A, sizeof(serverRandom));
+    result = wolfSSL_dtls_mcast_set_secret(ssl, 23,
+            preMasterSecret, sizeof(preMasterSecret),
+            clientRandom, serverRandom, suite);
+    AssertIntEQ(result, SSL_SUCCESS);
+
+    result = wolfSSL_dtls_mcast_read(ssl, &newId, buf, sizeof(buf));
+    AssertIntLE(result, 0);
+    AssertIntLE(newId, 100);
+
+    wolfSSL_free(ssl);
+    wolfSSL_CTX_free(ctx);
+#endif /* WOLFSSL_DTLS && WOLFSSL_MULTICAST */
+}
+
+
 /*----------------------------------------------------------------------------*
  |  Wolfcrypt
  *----------------------------------------------------------------------------*/
@@ -9675,6 +9717,9 @@ void ApiTest(void)
     AssertIntEQ(test_wolfSSL_UseOCSPStapling(), SSL_SUCCESS);
     AssertIntEQ(test_wolfSSL_UseOCSPStaplingV2(), SSL_SUCCESS);
 
+    /* DTLS-MULTICAST */
+    test_wolfSSL_dtls_mcast();
+
     /* compatibility tests */
     test_wolfSSL_DES();
     test_wolfSSL_certs();

wolfssl/internal.h

@@ -2832,6 +2832,9 @@ typedef struct Options {
 #ifdef WOLFSSL_SCTP
     word16            dtlsSctp:1;         /* DTLS-over-SCTP mode */
 #endif
+#ifdef WOLFSSL_MULTICAST
+    word16            dtlsMcast:1;        /* using multicast ? */
+#endif
 #endif
     word16            haveEMS:1;          /* using extended master secret */
 #if defined(HAVE_TLS_EXTENSIONS) && defined(HAVE_SUPPORTED_CURVES)

wolfssl/ssl.h

@@ -509,6 +509,13 @@ WOLFSSL_API int  wolfSSL_dtls_set_sctp(WOLFSSL*);
 WOLFSSL_API int  wolfSSL_CTX_dtls_set_mtu(WOLFSSL_CTX*, unsigned short);
 WOLFSSL_API int  wolfSSL_dtls_set_mtu(WOLFSSL*, unsigned short);
 
+WOLFSSL_API int  wolfSSL_dtls_mcast_set_member_id(WOLFSSL*, unsigned char);
+WOLFSSL_API int  wolfSSL_dtls_mcast_set_secret(WOLFSSL*, unsigned short,
+                     const unsigned char*, unsigned int,
+                     const unsigned char*, const unsigned char*,
+                     const unsigned char*);
+WOLFSSL_API int  wolfSSL_dtls_mcast_read(WOLFSSL*, unsigned char*, void*, int);
+
 WOLFSSL_API int   wolfSSL_ERR_GET_REASON(unsigned long err);
 WOLFSSL_API char* wolfSSL_ERR_error_string(unsigned long,char*);
 WOLFSSL_API void  wolfSSL_ERR_error_string_n(unsigned long e, char* buf,