From 51545845760baf62c3bc407c72485cc69b2ab0d6 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Tue, 6 Dec 2016 14:08:52 -0800 Subject: [PATCH] Multicast DTLS 1. Add DTLS-multicast to the enable options. 2. Reorg DTLS related enable options together. 3. Update a couple enable option texts to use the AS_HELP_STRING() macro. 4. Add three new APIs for managing a DTLS Multicast session. 5. Add test code for new APIs. 6. Add stub code for the new APIs. --- configure.ac | 33 +++++++++++++++++++++++--- src/ssl.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++ tests/api.c | 45 +++++++++++++++++++++++++++++++++++ wolfssl/internal.h | 3 +++ wolfssl/ssl.h | 7 ++++++ 5 files changed, 143 insertions(+), 3 deletions(-) diff --git a/configure.ac b/configure.ac index 5ecb76338..2881d80f0 100644 --- a/configure.ac +++ b/configure.ac @@ -349,6 +349,29 @@ AS_IF([test "x$ENABLED_SCTP" = "xyes"], ]) +# DTLS-MULTICAST +AC_ARG_ENABLE([mcast], + [AS_HELP_STRING([--enable-mcast],[Enable wolfSSL DTLS multicast support (default: disabled)])], + [ENABLED_MCAST=$enableval], + [ENABLED_MCAST=no]) + +AM_CONDITIONAL([BUILD_MCAST], [test "x$ENABLED_MCAST" = "xyes"]) + + +# RNG +AC_ARG_ENABLE([rng], + [AS_HELP_STRING([--enable-rng],[Enable compiling and using RNG (default: enabled)])], + [ ENABLED_RNG=$enableval ], + [ ENABLED_RNG=yes ] + ) + +if test "$ENABLED_RNG" = "no" +then + AM_CFLAGS="$AM_CFLAGS -DWC_NO_RNG" +fi +AM_CONDITIONAL([BUILD_RNG], [test "x$ENABLED_RNG" = "xyes"]) + + # OpenSSH compatibility Build AC_ARG_ENABLE([openssh], [AS_HELP_STRING([--enable-openssh],[Enable OpenSSH compatibility build (default: disabled)])], @@ -3532,9 +3555,12 @@ AS_IF([test "x$ENABLED_MAXSTRENGTH" = "xyes" && \ AS_IF([test "x$ENABLED_SCTP" = "xyes"], [AM_CFLAGS="-DWOLFSSL_SCTP $AM_CFLAGS"]) -# SCTP requires DTLS -AS_IF([test "x$ENABLED_DTLS" = "xno" && \ - test "x$ENABLED_SCTP" = "xyes"], +AS_IF([test "x$ENABLED_MCAST" = "xyes"], + [AM_CFLAGS="-DWOLFSSL_MULTICAST $AM_CFLAGS"]) + +# SCTP and Multicast require DTLS +AS_IF([(test "x$ENABLED_DTLS" = "xno") && \ + (test "x$ENABLED_SCTP" = "xyes" || test "x$ENABLED_MCAST" = "xyes")], [AM_CFLAGS="-DWOLFSSL_DTLS $AM_CFLAGS" ENABLED_DTLS=yes]) @@ -3816,6 +3842,7 @@ echo " * NGINX: $ENABLED_NGINX" echo " * ERROR_STRINGS: $ENABLED_ERROR_STRINGS" echo " * DTLS: $ENABLED_DTLS" echo " * SCTP: $ENABLED_SCTP" +echo " * Multicast: $ENABLED_MCAST" echo " * Old TLS Versions: $ENABLED_OLD_TLS" echo " * SSL version 3.0: $ENABLED_SSLV3" echo " * TLS v1.3: $ENABLED_TLS13" diff --git a/src/ssl.c b/src/ssl.c index cddc25797..45d6e7772 100755 --- a/src/ssl.c +++ b/src/ssl.c @@ -843,6 +843,64 @@ int wolfSSL_dtls_set_mtu(WOLFSSL* ssl, word16 newMtu) #endif /* WOLFSSL_DTLS && WOLFSSL_SCTP */ + +#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_MULTICAST) + +int wolfSSL_dtls_mcast_set_member_id(WOLFSSL* ssl, byte id) +{ + int ret = SSL_SUCCESS; + + (void)ssl; + (void)id; + + WOLFSSL_ENTER("wolfSSL_dtls_mcast_set_member_id()"); + WOLFSSL_LEAVE("wolfSSL_dtls_mcast_set_member_id()", ret); + return ret; +} + + +int wolfSSL_dtls_mcast_set_secret(WOLFSSL* ssl, unsigned short epoch, + const byte* preMasterSecret, + word32 preMasterSz, + const byte* clientRandom, + const byte* serverRandom, + const byte* suite) +{ + int ret = SSL_SUCCESS; + + (void)ssl; + (void)epoch; + (void)preMasterSecret; + (void)preMasterSz; + (void)clientRandom; + (void)serverRandom; + (void)suite; + + WOLFSSL_ENTER("wolfSSL_dtls_mcast_set_secret()"); + WOLFSSL_LEAVE("wolfSSL_dtls_mcast_set_secret()", ret); + return ret; +} + + +int wolfSSL_dtls_mcast_read(WOLFSSL* ssl, unsigned char* id, + void* data, int sz) +{ + int ret = 0; + + (void)ssl; + (void)data; + (void)sz; + + WOLFSSL_ENTER("wolfSSL_dtls_mcast_read()"); + if (id != NULL) + *id = 0; + WOLFSSL_LEAVE("wolfSSL_dtls_mcast_read()", ret); + return ret; +} + +#endif /* WOLFSSL_DTLS && WOLFSSL_MULTICAST */ + + #endif /* WOLFSSL_LEANPSK */ diff --git a/tests/api.c b/tests/api.c index 5b8f55602..dad372caa 100644 --- a/tests/api.c +++ b/tests/api.c @@ -2344,6 +2344,48 @@ static int test_wolfSSL_UseOCSPStaplingV2 (void) } /*END test_wolfSSL_UseOCSPStaplingV2*/ +/*----------------------------------------------------------------------------* + | DTLS Multicast Tests + *----------------------------------------------------------------------------*/ +static void test_wolfSSL_dtls_mcast(void) +{ +#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_MULTICAST) + WOLFSSL_CTX* ctx; + WOLFSSL* ssl; + int result; + byte preMasterSecret[512]; + byte clientRandom[32]; + byte serverRandom[32]; + byte suite[2] = {0, 0xb0}; /* TLS_PSK_WITH_NULL_SHA256 */ + byte buf[256]; + byte newId; + + ctx = wolfSSL_CTX_new(wolfDTLSv1_2_client_method()); + AssertNotNull(ctx); + ssl = wolfSSL_new(ctx); + AssertNotNull(ssl); + + result = wolfSSL_dtls_mcast_set_member_id(ssl, 0); + AssertIntEQ(result, SSL_SUCCESS); + + XMEMSET(preMasterSecret, 0x23, sizeof(preMasterSecret)); + XMEMSET(clientRandom, 0xA5, sizeof(clientRandom)); + XMEMSET(serverRandom, 0x5A, sizeof(serverRandom)); + result = wolfSSL_dtls_mcast_set_secret(ssl, 23, + preMasterSecret, sizeof(preMasterSecret), + clientRandom, serverRandom, suite); + AssertIntEQ(result, SSL_SUCCESS); + + result = wolfSSL_dtls_mcast_read(ssl, &newId, buf, sizeof(buf)); + AssertIntLE(result, 0); + AssertIntLE(newId, 100); + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); +#endif /* WOLFSSL_DTLS && WOLFSSL_MULTICAST */ +} + + /*----------------------------------------------------------------------------* | Wolfcrypt *----------------------------------------------------------------------------*/ @@ -9675,6 +9717,9 @@ void ApiTest(void) AssertIntEQ(test_wolfSSL_UseOCSPStapling(), SSL_SUCCESS); AssertIntEQ(test_wolfSSL_UseOCSPStaplingV2(), SSL_SUCCESS); + /* DTLS-MULTICAST */ + test_wolfSSL_dtls_mcast(); + /* compatibility tests */ test_wolfSSL_DES(); test_wolfSSL_certs(); diff --git a/wolfssl/internal.h b/wolfssl/internal.h index d77da93de..45b006285 100755 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -2832,6 +2832,9 @@ typedef struct Options { #ifdef WOLFSSL_SCTP word16 dtlsSctp:1; /* DTLS-over-SCTP mode */ #endif +#ifdef WOLFSSL_MULTICAST + word16 dtlsMcast:1; /* using multicast ? */ +#endif #endif word16 haveEMS:1; /* using extended master secret */ #if defined(HAVE_TLS_EXTENSIONS) && defined(HAVE_SUPPORTED_CURVES) diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 8082aded2..3a673e0e4 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -509,6 +509,13 @@ WOLFSSL_API int wolfSSL_dtls_set_sctp(WOLFSSL*); WOLFSSL_API int wolfSSL_CTX_dtls_set_mtu(WOLFSSL_CTX*, unsigned short); WOLFSSL_API int wolfSSL_dtls_set_mtu(WOLFSSL*, unsigned short); +WOLFSSL_API int wolfSSL_dtls_mcast_set_member_id(WOLFSSL*, unsigned char); +WOLFSSL_API int wolfSSL_dtls_mcast_set_secret(WOLFSSL*, unsigned short, + const unsigned char*, unsigned int, + const unsigned char*, const unsigned char*, + const unsigned char*); +WOLFSSL_API int wolfSSL_dtls_mcast_read(WOLFSSL*, unsigned char*, void*, int); + WOLFSSL_API int wolfSSL_ERR_GET_REASON(unsigned long err); WOLFSSL_API char* wolfSSL_ERR_error_string(unsigned long,char*); WOLFSSL_API void wolfSSL_ERR_error_string_n(unsigned long e, char* buf,