lib: add function to get cipher by OID

Add function returning gnutls_cipher_algorithm_t by corresponding OID.

Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>

diff --git a/devel/symbols.last b/devel/symbols.last
index 353d1657ddade1c6431d78540240ae653f5db5b3..6fb2aa28abe626a976fd6f3d6d464fe1dc4c2ee7 100644 (file)
--- a/devel/symbols.last
+++ b/devel/symbols.last
@@ -386,6 +386,7 @@ gnutls_ocsp_status_request_enable_client@GNUTLS_3_4
 gnutls_ocsp_status_request_get2@GNUTLS_3_6_3
 gnutls_ocsp_status_request_get@GNUTLS_3_4
 gnutls_ocsp_status_request_is_checked@GNUTLS_3_4
+gnutls_oid_to_cipher@GNUTLS_3_7_0
 gnutls_oid_to_digest@GNUTLS_3_4
 gnutls_oid_to_ecc_curve@GNUTLS_3_4
 gnutls_oid_to_gost_paramset@GNUTLS_3_6_3

diff --git a/doc/Makefile.am b/doc/Makefile.am
index ad729af60db0f0ddb4efa18826b7d6e42f2d81c3..39be1bef08689ea099269c76261c68784b26dfa5 100644 (file)
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -1339,6 +1339,8 @@ FUNCS += functions/gnutls_ocsp_status_request_get2
 FUNCS += functions/gnutls_ocsp_status_request_get2.short
 FUNCS += functions/gnutls_ocsp_status_request_is_checked
 FUNCS += functions/gnutls_ocsp_status_request_is_checked.short
+FUNCS += functions/gnutls_oid_to_cipher
+FUNCS += functions/gnutls_oid_to_cipher.short
 FUNCS += functions/gnutls_oid_to_digest
 FUNCS += functions/gnutls_oid_to_digest.short
 FUNCS += functions/gnutls_oid_to_ecc_curve

diff --git a/doc/manpages/Makefile.am b/doc/manpages/Makefile.am
index 8340cbac1baa85040c979ee03beba5715c36003e..c216bf3cf2f8b8d625507d36ba42a2e52062279d 100644 (file)
--- a/doc/manpages/Makefile.am
+++ b/doc/manpages/Makefile.am
@@ -510,6 +510,7 @@ APIMANS += gnutls_ocsp_status_request_enable_client.3
 APIMANS += gnutls_ocsp_status_request_get.3
 APIMANS += gnutls_ocsp_status_request_get2.3
 APIMANS += gnutls_ocsp_status_request_is_checked.3
+APIMANS += gnutls_oid_to_cipher.3
 APIMANS += gnutls_oid_to_digest.3
 APIMANS += gnutls_oid_to_ecc_curve.3
 APIMANS += gnutls_oid_to_gost_paramset.3

diff --git a/lib/algorithms/ciphers.c b/lib/algorithms/ciphers.c
index ffe936a7a23f9cd3c91acb8879467919e7f73df4..4576a3cedd5b64a90c0244b65dae9520dff24973 100644 (file)
--- a/lib/algorithms/ciphers.c
+++ b/lib/algorithms/ciphers.c
@@ -41,6 +41,7 @@
 static const cipher_entry_st algorithms[] = {
        { .name = "AES-256-CBC",
          .id = GNUTLS_CIPHER_AES_256_CBC,
+         .oid = AES_256_CBC_OID,
          .blocksize = 16,
          .keysize = 32,
          .type = CIPHER_BLOCK,
@@ -48,6 +49,7 @@ static const cipher_entry_st algorithms[] = {
          .cipher_iv = 16},
        { .name = "AES-192-CBC",
          .id = GNUTLS_CIPHER_AES_192_CBC,
+         .oid = AES_192_CBC_OID,
          .blocksize = 16,
          .keysize = 24,
          .type = CIPHER_BLOCK,
@@ -322,6 +324,7 @@ static const cipher_entry_st algorithms[] = {
          .cipher_iv = 16},
        { .name = "3DES-CBC",
          .id = GNUTLS_CIPHER_3DES_CBC,
+         .oid = DES_EDE3_CBC_OID,
          .blocksize = 8,
          .keysize = 24,
          .type = CIPHER_BLOCK,
@@ -329,6 +332,7 @@ static const cipher_entry_st algorithms[] = {
          .cipher_iv = 8},
        { .name = "DES-CBC",
          .id = GNUTLS_CIPHER_DES_CBC,
+         .oid = DES_CBC_OID,
          .blocksize = 8,
          .keysize = 8,
          .type = CIPHER_BLOCK,
@@ -336,11 +340,13 @@ static const cipher_entry_st algorithms[] = {
          .cipher_iv = 8},
        { .name = "ARCFOUR-40",
          .id = GNUTLS_CIPHER_ARCFOUR_40,
+         .oid = RC4_CBC_OID,
          .blocksize = 1,
          .keysize = 5,
          .type = CIPHER_STREAM},
        { .name = "RC2-40",
          .id = GNUTLS_CIPHER_RC2_40_CBC,
+         .oid = RC2_CBC_OID,
          .blocksize = 8,
          .keysize = 5,
          .type = CIPHER_BLOCK,
@@ -527,3 +533,28 @@ const gnutls_cipher_algorithm_t *gnutls_cipher_list(void)
 
        return supported_ciphers;
 }
+
+/**
+ * gnutls_oid_to_cipher:
+ * @oid: is an object identifier
+ *
+ * Converts a textual object identifier to a #gnutls_cipher_algorithm_t value.
+ *
+ * Returns: a #gnutls_cipher_algorithm_t id of the specified cipher
+ *   algorithm, or %GNUTLS_CIPHER_UNKNOWN on failure.
+ *
+ * Since: 3.7.0
+ **/
+gnutls_cipher_algorithm_t gnutls_oid_to_cipher(const char *oid)
+{
+       GNUTLS_CIPHER_LOOP(
+               if (p->oid && strcmp(oid, p->oid) == 0) {
+                       if (_gnutls_cipher_exists(p->id)) {
+                               return p->id;
+                       }
+                       break;
+               }
+       );
+
+       return GNUTLS_CIPHER_UNKNOWN;
+}

diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 8daad771c47fb38d0c3e9ae234ee56e4d4b3863f..eb518a25845454453e8a007a20b1e89991039023 100644 (file)
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -632,6 +632,7 @@ typedef struct record_parameters_st record_parameters_st;
 typedef struct cipher_entry_st {
        const char *name;
        gnutls_cipher_algorithm_t id;
+       const char *oid;
        uint16_t blocksize;
        uint16_t keysize;
        cipher_type_t type;

diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index 9b700e03f42c282ee5a3379f78dae8a952305eb5..2e5cf366a1d515ec0097fc61a55464ab4b953cc9 100644 (file)
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -1421,6 +1421,8 @@ gnutls_ecc_curve_t
        gnutls_oid_to_ecc_curve(const char *oid) __GNUTLS_CONST__;
 gnutls_gost_paramset_t
        gnutls_oid_to_gost_paramset(const char *oid) __GNUTLS_CONST__;
+gnutls_cipher_algorithm_t
+       gnutls_oid_to_cipher(const char *oid) __GNUTLS_CONST__;
 
   /* list supported algorithms */
 const gnutls_ecc_curve_t *

diff --git a/lib/libgnutls.map b/lib/libgnutls.map
index 08aa2b7d3039c72b064412db76d7b4345c870831..5ccdebf161d99be86ccfe59dff2ffcd2ea1d3c50 100644 (file)
--- a/lib/libgnutls.map
+++ b/lib/libgnutls.map
@@ -1338,6 +1338,7 @@ GNUTLS_3_7_0
        gnutls_handshake_set_read_function;
        gnutls_handshake_set_secret_function;
        gnutls_handshake_write;
+       gnutls_oid_to_cipher;
        gnutls_pkcs7_digest;
        gnutls_pkcs7_get_digest_algo;
        gnutls_pkcs7_verify_digest;

diff --git a/lib/x509/pkcs7-crypt.c b/lib/x509/pkcs7-crypt.c
index 59eddcd2a43209bb961799849099572e0ccda07e..0dda46ba3652bf6b34817efa53713c3f7c037b11 100644 (file)
--- a/lib/x509/pkcs7-crypt.c
+++ b/lib/x509/pkcs7-crypt.c
@@ -41,11 +41,6 @@
 
 #define PBES2_OID "1.2.840.113549.1.5.13"
 #define PBKDF2_OID "1.2.840.113549.1.5.12"
-#define DES_EDE3_CBC_OID "1.2.840.113549.3.7"
-#define AES_128_CBC_OID "2.16.840.1.101.3.4.1.2"
-#define AES_192_CBC_OID "2.16.840.1.101.3.4.1.22"
-#define AES_256_CBC_OID "2.16.840.1.101.3.4.1.42"
-#define DES_CBC_OID "1.3.14.3.2.7"
 
 /* oid_pbeWithSHAAnd3_KeyTripleDES_CBC */
 #define PKCS12_PBE_3DES_SHA1_OID "1.2.840.113549.1.12.1.3"

diff --git a/lib/x509/x509_int.h b/lib/x509/x509_int.h
index dc12509f17ec88a4e961d7661be45916eb67b9df..f1bc8210f91e085e88426a487a0da5f959e229dc 100644 (file)
--- a/lib/x509/x509_int.h
+++ b/lib/x509/x509_int.h
@@ -56,6 +56,14 @@
 
 #define HASH_OID_GOST_R_3411_94_CRYPTOPRO_PARAMS "1.2.643.2.2.30.1"
 
+#define RC2_CBC_OID "1.2.840.113549.3.2"
+#define RC4_CBC_OID "1.2.840.113549.3.4"
+#define DES_EDE3_CBC_OID "1.2.840.113549.3.7"
+#define AES_128_CBC_OID "2.16.840.1.101.3.4.1.2"
+#define AES_192_CBC_OID "2.16.840.1.101.3.4.1.22"
+#define AES_256_CBC_OID "2.16.840.1.101.3.4.1.42"
+#define DES_CBC_OID "1.3.14.3.2.7"
+
 /* from rfc8479 */
 #define OID_ATTR_PROV_SEED "1.3.6.1.4.1.2312.18.8.1"