xref: /freebsd/contrib/bearssl/tools/names.c (revision ce6a89e27cd190313be39bb479880aeda4778436)
1 /*
2  * Copyright (c) 2016 Thomas Pornin <pornin@bolet.org>
3  *
4  * Permission is hereby granted, free of charge, to any person obtaining
5  * a copy of this software and associated documentation files (the
6  * "Software"), to deal in the Software without restriction, including
7  * without limitation the rights to use, copy, modify, merge, publish,
8  * distribute, sublicense, and/or sell copies of the Software, and to
9  * permit persons to whom the Software is furnished to do so, subject to
10  * the following conditions:
11  *
12  * The above copyright notice and this permission notice shall be
13  * included in all copies or substantial portions of the Software.
14  *
15  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16  * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18  * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19  * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20  * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21  * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22  * SOFTWARE.
23  */
24 
25 #include "brssl.h"
26 #include "bearssl.h"
27 
28 /* see brssl.h */
29 const protocol_version protocol_versions[] = {
30 	{ "tls10", BR_TLS10, "TLS 1.0" },
31 	{ "tls11", BR_TLS11, "TLS 1.1" },
32 	{ "tls12", BR_TLS12, "TLS 1.2" },
33 	{ NULL, 0, NULL }
34 };
35 
36 /* see brssl.h */
37 const hash_function hash_functions[] = {
38 	{ "md5",     &br_md5_vtable,     "MD5" },
39 	{ "sha1",    &br_sha1_vtable,    "SHA-1" },
40 	{ "sha224",  &br_sha224_vtable,  "SHA-224" },
41 	{ "sha256",  &br_sha256_vtable,  "SHA-256" },
42 	{ "sha384",  &br_sha384_vtable,  "SHA-384" },
43 	{ "sha512",  &br_sha512_vtable,  "SHA-512" },
44 	{ NULL, 0, NULL }
45 };
46 
47 /* see brssl.h */
48 const cipher_suite cipher_suites[] = {
49 	{
50 		"ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
51 		BR_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
52 		REQ_ECDHE_ECDSA | REQ_CHAPOL | REQ_SHA256 | REQ_TLS12,
53 		"ECDHE with ECDSA, ChaCha20+Poly1305 encryption (TLS 1.2+)"
54 	},
55 	{
56 		"ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
57 		BR_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
58 		REQ_ECDHE_RSA | REQ_CHAPOL | REQ_SHA256 | REQ_TLS12,
59 		"ECDHE with RSA, ChaCha20+Poly1305 encryption (TLS 1.2+)"
60 	},
61 	{
62 		"ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
63 		BR_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
64 		REQ_ECDHE_ECDSA | REQ_AESGCM | REQ_SHA256 | REQ_TLS12,
65 		"ECDHE with ECDSA, AES-128/GCM encryption (TLS 1.2+)"
66 	},
67 	{
68 		"ECDHE_RSA_WITH_AES_128_GCM_SHA256",
69 		BR_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
70 		REQ_ECDHE_RSA | REQ_AESGCM | REQ_SHA256 | REQ_TLS12,
71 		"ECDHE with RSA, AES-128/GCM encryption (TLS 1.2+)"
72 	},
73 	{
74 		"ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
75 		BR_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
76 		REQ_ECDHE_ECDSA | REQ_AESGCM | REQ_SHA384 | REQ_TLS12,
77 		"ECDHE with ECDSA, AES-256/GCM encryption (TLS 1.2+)"
78 	},
79 	{
80 		"ECDHE_RSA_WITH_AES_256_GCM_SHA384",
81 		BR_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
82 		REQ_ECDHE_RSA | REQ_AESGCM | REQ_SHA384 | REQ_TLS12,
83 		"ECDHE with RSA, AES-256/GCM encryption (TLS 1.2+)"
84 	},
85 	{
86 		"ECDHE_ECDSA_WITH_AES_128_CCM",
87 		BR_TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
88 		REQ_ECDHE_ECDSA | REQ_AESCCM | REQ_SHA256 | REQ_TLS12,
89 		"ECDHE with ECDSA, AES-128/CCM encryption (TLS 1.2+)"
90 	},
91 	{
92 		"ECDHE_ECDSA_WITH_AES_256_CCM",
93 		BR_TLS_ECDHE_ECDSA_WITH_AES_256_CCM,
94 		REQ_ECDHE_ECDSA | REQ_AESCCM | REQ_SHA256 | REQ_TLS12,
95 		"ECDHE with ECDSA, AES-256/CCM encryption (TLS 1.2+)"
96 	},
97 	{
98 		"ECDHE_ECDSA_WITH_AES_128_CCM_8",
99 		BR_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
100 		REQ_ECDHE_ECDSA | REQ_AESCCM | REQ_SHA256 | REQ_TLS12,
101 		"ECDHE with ECDSA, AES-128/CCM_8 encryption (TLS 1.2+)"
102 	},
103 	{
104 		"ECDHE_ECDSA_WITH_AES_256_CCM_8",
105 		BR_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,
106 		REQ_ECDHE_ECDSA | REQ_AESCCM | REQ_SHA256 | REQ_TLS12,
107 		"ECDHE with ECDSA, AES-256/CCM_8 encryption (TLS 1.2+)"
108 	},
109 	{
110 		"ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
111 		BR_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
112 		REQ_ECDHE_ECDSA | REQ_AESCBC | REQ_SHA256 | REQ_TLS12,
113 		"ECDHE with ECDSA, AES-128/CBC + SHA-256 (TLS 1.2+)"
114 	},
115 	{
116 		"ECDHE_RSA_WITH_AES_128_CBC_SHA256",
117 		BR_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
118 		REQ_ECDHE_RSA | REQ_AESCBC | REQ_SHA256 | REQ_TLS12,
119 		"ECDHE with RSA, AES-128/CBC + SHA-256 (TLS 1.2+)"
120 	},
121 	{
122 		"ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
123 		BR_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
124 		REQ_ECDHE_ECDSA | REQ_AESCBC | REQ_SHA384 | REQ_TLS12,
125 		"ECDHE with ECDSA, AES-256/CBC + SHA-384 (TLS 1.2+)"
126 	},
127 	{
128 		"ECDHE_RSA_WITH_AES_256_CBC_SHA384",
129 		BR_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
130 		REQ_ECDHE_RSA | REQ_AESCBC | REQ_SHA384 | REQ_TLS12,
131 		"ECDHE with RSA, AES-256/CBC + SHA-384 (TLS 1.2+)"
132 	},
133 	{
134 		"ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
135 		BR_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
136 		REQ_ECDHE_ECDSA | REQ_AESCBC | REQ_SHA1,
137 		"ECDHE with ECDSA, AES-128/CBC + SHA-1"
138 	},
139 	{
140 		"ECDHE_RSA_WITH_AES_128_CBC_SHA",
141 		BR_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
142 		REQ_ECDHE_RSA | REQ_AESCBC | REQ_SHA1,
143 		"ECDHE with RSA, AES-128/CBC + SHA-1"
144 	},
145 	{
146 		"ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
147 		BR_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
148 		REQ_ECDHE_ECDSA | REQ_AESCBC | REQ_SHA1,
149 		"ECDHE with ECDSA, AES-256/CBC + SHA-1"
150 	},
151 	{
152 		"ECDHE_RSA_WITH_AES_256_CBC_SHA",
153 		BR_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
154 		REQ_ECDHE_RSA | REQ_AESCBC | REQ_SHA1,
155 		"ECDHE with RSA, AES-256/CBC + SHA-1"
156 	},
157 	{
158 		"ECDH_ECDSA_WITH_AES_128_GCM_SHA256",
159 		BR_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
160 		REQ_ECDH | REQ_AESGCM | REQ_SHA256 | REQ_TLS12,
161 		"ECDH key exchange (EC cert), AES-128/GCM (TLS 1.2+)"
162 	},
163 	{
164 		"ECDH_RSA_WITH_AES_128_GCM_SHA256",
165 		BR_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
166 		REQ_ECDH | REQ_AESGCM | REQ_SHA256 | REQ_TLS12,
167 		"ECDH key exchange (RSA cert), AES-128/GCM (TLS 1.2+)"
168 	},
169 	{
170 		"ECDH_ECDSA_WITH_AES_256_GCM_SHA384",
171 		BR_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
172 		REQ_ECDH | REQ_AESGCM | REQ_SHA384 | REQ_TLS12,
173 		"ECDH key exchange (EC cert), AES-256/GCM (TLS 1.2+)"
174 	},
175 	{
176 		"ECDH_RSA_WITH_AES_256_GCM_SHA384",
177 		BR_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
178 		REQ_ECDH | REQ_AESGCM | REQ_SHA384 | REQ_TLS12,
179 		"ECDH key exchange (RSA cert), AES-256/GCM (TLS 1.2+)"
180 	},
181 	{
182 		"ECDH_ECDSA_WITH_AES_128_CBC_SHA256",
183 		BR_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
184 		REQ_ECDH | REQ_AESCBC | REQ_SHA256 | REQ_TLS12,
185 		"ECDH key exchange (EC cert), AES-128/CBC + HMAC/SHA-256 (TLS 1.2+)"
186 	},
187 	{
188 		"ECDH_RSA_WITH_AES_128_CBC_SHA256",
189 		BR_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
190 		REQ_ECDH | REQ_AESCBC | REQ_SHA256 | REQ_TLS12,
191 		"ECDH key exchange (RSA cert), AES-128/CBC + HMAC/SHA-256 (TLS 1.2+)"
192 	},
193 	{
194 		"ECDH_ECDSA_WITH_AES_256_CBC_SHA384",
195 		BR_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
196 		REQ_ECDH | REQ_AESCBC | REQ_SHA384 | REQ_TLS12,
197 		"ECDH key exchange (EC cert), AES-256/CBC + HMAC/SHA-384 (TLS 1.2+)"
198 	},
199 	{
200 		"ECDH_RSA_WITH_AES_256_CBC_SHA384",
201 		BR_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
202 		REQ_ECDH | REQ_AESCBC | REQ_SHA384 | REQ_TLS12,
203 		"ECDH key exchange (RSA cert), AES-256/CBC + HMAC/SHA-384 (TLS 1.2+)"
204 	},
205 	{
206 		"ECDH_ECDSA_WITH_AES_128_CBC_SHA",
207 		BR_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
208 		REQ_ECDH | REQ_AESCBC | REQ_SHA1,
209 		"ECDH key exchange (EC cert), AES-128/CBC + HMAC/SHA-1"
210 	},
211 	{
212 		"ECDH_RSA_WITH_AES_128_CBC_SHA",
213 		BR_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
214 		REQ_ECDH | REQ_AESCBC | REQ_SHA1,
215 		"ECDH key exchange (RSA cert), AES-128/CBC + HMAC/SHA-1"
216 	},
217 	{
218 		"ECDH_ECDSA_WITH_AES_256_CBC_SHA",
219 		BR_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
220 		REQ_ECDH | REQ_AESCBC | REQ_SHA1,
221 		"ECDH key exchange (EC cert), AES-256/CBC + HMAC/SHA-1"
222 	},
223 	{
224 		"ECDH_RSA_WITH_AES_256_CBC_SHA",
225 		BR_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
226 		REQ_ECDH | REQ_AESCBC | REQ_SHA1,
227 		"ECDH key exchange (RSA cert), AES-256/CBC + HMAC/SHA-1"
228 	},
229 	{
230 		"RSA_WITH_AES_128_GCM_SHA256",
231 		BR_TLS_RSA_WITH_AES_128_GCM_SHA256,
232 		REQ_RSAKEYX | REQ_AESGCM | REQ_SHA256 | REQ_TLS12,
233 		"RSA key exchange, AES-128/GCM encryption (TLS 1.2+)"
234 	},
235 	{
236 		"RSA_WITH_AES_256_GCM_SHA384",
237 		BR_TLS_RSA_WITH_AES_256_GCM_SHA384,
238 		REQ_RSAKEYX | REQ_AESGCM | REQ_SHA384 | REQ_TLS12,
239 		"RSA key exchange, AES-256/GCM encryption (TLS 1.2+)"
240 	},
241 	{
242 		"RSA_WITH_AES_128_CCM",
243 		BR_TLS_RSA_WITH_AES_128_CCM,
244 		REQ_RSAKEYX | REQ_AESCCM | REQ_SHA256 | REQ_TLS12,
245 		"RSA key exchange, AES-128/CCM encryption (TLS 1.2+)"
246 	},
247 	{
248 		"RSA_WITH_AES_256_CCM",
249 		BR_TLS_RSA_WITH_AES_256_CCM,
250 		REQ_RSAKEYX | REQ_AESCCM | REQ_SHA256 | REQ_TLS12,
251 		"RSA key exchange, AES-256/CCM encryption (TLS 1.2+)"
252 	},
253 	{
254 		"RSA_WITH_AES_128_CCM_8",
255 		BR_TLS_RSA_WITH_AES_128_CCM_8,
256 		REQ_RSAKEYX | REQ_AESCCM | REQ_SHA256 | REQ_TLS12,
257 		"RSA key exchange, AES-128/CCM_8 encryption (TLS 1.2+)"
258 	},
259 	{
260 		"RSA_WITH_AES_256_CCM_8",
261 		BR_TLS_RSA_WITH_AES_256_CCM_8,
262 		REQ_RSAKEYX | REQ_AESCCM | REQ_SHA256 | REQ_TLS12,
263 		"RSA key exchange, AES-256/CCM_8 encryption (TLS 1.2+)"
264 	},
265 	{
266 		"RSA_WITH_AES_128_CBC_SHA256",
267 		BR_TLS_RSA_WITH_AES_128_CBC_SHA256,
268 		REQ_RSAKEYX | REQ_AESCBC | REQ_SHA256 | REQ_TLS12,
269 		"RSA key exchange, AES-128/CBC + HMAC/SHA-256 (TLS 1.2+)"
270 	},
271 	{
272 		"RSA_WITH_AES_256_CBC_SHA256",
273 		BR_TLS_RSA_WITH_AES_256_CBC_SHA256,
274 		REQ_RSAKEYX | REQ_AESCBC | REQ_SHA256 | REQ_TLS12,
275 		"RSA key exchange, AES-256/CBC + HMAC/SHA-256 (TLS 1.2+)"
276 	},
277 	{
278 		"RSA_WITH_AES_128_CBC_SHA",
279 		BR_TLS_RSA_WITH_AES_128_CBC_SHA,
280 		REQ_RSAKEYX | REQ_AESCBC | REQ_SHA1,
281 		"RSA key exchange, AES-128/CBC + HMAC/SHA-1"
282 	},
283 	{
284 		"RSA_WITH_AES_256_CBC_SHA",
285 		BR_TLS_RSA_WITH_AES_256_CBC_SHA,
286 		REQ_RSAKEYX | REQ_AESCBC | REQ_SHA1,
287 		"RSA key exchange, AES-256/CBC + HMAC/SHA-1"
288 	},
289 	{
290 		"ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
291 		BR_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
292 		REQ_ECDHE_ECDSA | REQ_3DESCBC | REQ_SHA1,
293 		"ECDHE with ECDSA, 3DES/CBC + SHA-1"
294 	},
295 	{
296 		"ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
297 		BR_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
298 		REQ_ECDHE_RSA | REQ_3DESCBC | REQ_SHA1,
299 		"ECDHE with RSA, 3DES/CBC + SHA-1"
300 	},
301 	{
302 		"ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
303 		BR_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
304 		REQ_ECDH | REQ_3DESCBC | REQ_SHA1,
305 		"ECDH key exchange (EC cert), 3DES/CBC + HMAC/SHA-1"
306 	},
307 	{
308 		"ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
309 		BR_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
310 		REQ_ECDH | REQ_3DESCBC | REQ_SHA1,
311 		"ECDH key exchange (RSA cert), 3DES/CBC + HMAC/SHA-1"
312 	},
313 	{
314 		"RSA_WITH_3DES_EDE_CBC_SHA",
315 		BR_TLS_RSA_WITH_3DES_EDE_CBC_SHA,
316 		REQ_RSAKEYX | REQ_3DESCBC | REQ_SHA1,
317 		"RSA key exchange, 3DES/CBC + HMAC/SHA-1"
318 	},
319 	{ NULL, 0, 0, NULL }
320 };
321 
322 static const struct {
323 	int id;
324 	const char *name;
325 	const char *sid[4];
326 } curves[] = {
327 	{ BR_EC_sect163k1,
328 	  "sect163k1",
329 	  { "sect163k1", "K-163", NULL, NULL } },
330 	{ BR_EC_sect163r1,
331 	  "sect163r1",
332 	  { "sect163r1", NULL, NULL, NULL } },
333 	{ BR_EC_sect163r2,
334 	  "sect163r2",
335 	  { "sect163r2", "B-163", NULL, NULL } },
336 	{ BR_EC_sect193r1,
337 	  "sect193r1",
338 	  { "sect193r1", NULL, NULL, NULL } },
339 	{ BR_EC_sect193r2,
340 	  "sect193r2",
341 	  { "sect193r2", NULL, NULL, NULL } },
342 	{ BR_EC_sect233k1,
343 	  "sect233k1",
344 	  { "sect233k1", "K-233", NULL, NULL } },
345 	{ BR_EC_sect233r1,
346 	  "sect233r1",
347 	  { "sect233r1", "B-233", NULL, NULL } },
348 	{ BR_EC_sect239k1,
349 	  "sect239k1",
350 	  { "sect239k1", NULL, NULL, NULL } },
351 	{ BR_EC_sect283k1,
352 	  "sect283k1",
353 	  { "sect283k1", "K-283", NULL, NULL } },
354 	{ BR_EC_sect283r1,
355 	  "sect283r1",
356 	  { "sect283r1", "B-283", NULL, NULL } },
357 	{ BR_EC_sect409k1,
358 	  "sect409k1",
359 	  { "sect409k1", "K-409", NULL, NULL } },
360 	{ BR_EC_sect409r1,
361 	  "sect409r1",
362 	  { "sect409r1", "B-409", NULL, NULL } },
363 	{ BR_EC_sect571k1,
364 	  "sect571k1",
365 	  { "sect571k1", "K-571", NULL, NULL } },
366 	{ BR_EC_sect571r1,
367 	  "sect571r1",
368 	  { "sect571r1", "B-571", NULL, NULL } },
369 	{ BR_EC_secp160k1,
370 	  "secp160k1",
371 	  { "secp160k1", NULL, NULL, NULL } },
372 	{ BR_EC_secp160r1,
373 	  "secp160r1",
374 	  { "secp160r1", NULL, NULL, NULL } },
375 	{ BR_EC_secp160r2,
376 	  "secp160r2",
377 	  { "secp160r2", NULL, NULL, NULL } },
378 	{ BR_EC_secp192k1,
379 	  "secp192k1",
380 	  { "secp192k1", NULL, NULL, NULL } },
381 	{ BR_EC_secp192r1,
382 	  "secp192r1",
383 	  { "secp192r1", "P-192", NULL, NULL } },
384 	{ BR_EC_secp224k1,
385 	  "secp224k1",
386 	  { "secp224k1", NULL, NULL, NULL } },
387 	{ BR_EC_secp224r1,
388 	  "secp224r1",
389 	  { "secp224r1", "P-224", NULL, NULL } },
390 	{ BR_EC_secp256k1,
391 	  "secp256k1",
392 	  { "secp256k1", NULL, NULL, NULL } },
393 	{ BR_EC_secp256r1,
394 	  "secp256r1 (P-256)",
395 	  { "secp256r1", "P-256", "prime256v1", NULL } },
396 	{ BR_EC_secp384r1,
397 	  "secp384r1 (P-384)",
398 	  { "secp384r1", "P-384", NULL, NULL } },
399 	{ BR_EC_secp521r1,
400 	  "secp521r1 (P-521)",
401 	  { "secp521r1", "P-521", NULL, NULL } },
402 	{ BR_EC_brainpoolP256r1,
403 	  "brainpoolP256r1",
404 	  { "brainpoolP256r1", NULL, NULL, NULL } },
405 	{ BR_EC_brainpoolP384r1,
406 	  "brainpoolP384r1",
407 	  { "brainpoolP384r1", NULL, NULL, NULL } },
408 	{ BR_EC_brainpoolP512r1,
409 	  "brainpoolP512r1",
410 	  { "brainpoolP512r1", NULL, NULL, NULL } },
411 	{ BR_EC_curve25519,
412 	  "Curve25519",
413 	  { "curve25519", "c25519", NULL, NULL } },
414 	{ BR_EC_curve448,
415 	  "Curve448",
416 	  { "curve448", "c448", NULL, NULL } },
417 	{ 0, 0, { 0, 0, 0, 0 } }
418 };
419 
420 static const struct {
421 	const char *long_name;
422 	const char *short_name;
423 	const void *impl;
424 } algo_names[] = {
425 	/* Block ciphers */
426 	{ "aes_big_cbcenc",    "big",         &br_aes_big_cbcenc_vtable },
427 	{ "aes_big_cbcdec",    "big",         &br_aes_big_cbcdec_vtable },
428 	{ "aes_big_ctr",       "big",         &br_aes_big_ctr_vtable },
429 	{ "aes_big_ctrcbc",    "big",         &br_aes_big_ctrcbc_vtable },
430 	{ "aes_small_cbcenc",  "small",       &br_aes_small_cbcenc_vtable },
431 	{ "aes_small_cbcdec",  "small",       &br_aes_small_cbcdec_vtable },
432 	{ "aes_small_ctr",     "small",       &br_aes_small_ctr_vtable },
433 	{ "aes_small_ctrcbc",  "small",       &br_aes_small_ctrcbc_vtable },
434 	{ "aes_ct_cbcenc",     "ct",          &br_aes_ct_cbcenc_vtable },
435 	{ "aes_ct_cbcdec",     "ct",          &br_aes_ct_cbcdec_vtable },
436 	{ "aes_ct_ctr",        "ct",          &br_aes_ct_ctr_vtable },
437 	{ "aes_ct_ctrcbc",     "ct",          &br_aes_ct_ctrcbc_vtable },
438 	{ "aes_ct64_cbcenc",   "ct64",        &br_aes_ct64_cbcenc_vtable },
439 	{ "aes_ct64_cbcdec",   "ct64",        &br_aes_ct64_cbcdec_vtable },
440 	{ "aes_ct64_ctr",      "ct64",        &br_aes_ct64_ctr_vtable },
441 	{ "aes_ct64_ctrcbc",   "ct64",        &br_aes_ct64_ctrcbc_vtable },
442 
443 	{ "des_tab_cbcenc",    "tab",         &br_des_tab_cbcenc_vtable },
444 	{ "des_tab_cbcdec",    "tab",         &br_des_tab_cbcdec_vtable },
445 	{ "des_ct_cbcenc",     "ct",          &br_des_ct_cbcenc_vtable },
446 	{ "des_ct_cbcdec",     "ct",          &br_des_ct_cbcdec_vtable },
447 
448 	{ "chacha20_ct",       "ct",          &br_chacha20_ct_run },
449 
450 	{ "ghash_ctmul",       "ctmul",       &br_ghash_ctmul },
451 	{ "ghash_ctmul32",     "ctmul32",     &br_ghash_ctmul32 },
452 	{ "ghash_ctmul64",     "ctmul64",     &br_ghash_ctmul64 },
453 
454 	{ "poly1305_ctmul",    "ctmul",       &br_poly1305_ctmul_run },
455 	{ "poly1305_ctmul32",  "ctmul32",     &br_poly1305_ctmul32_run },
456 
457 	{ "ec_all_m15",        "all_m15",     &br_ec_all_m15 },
458 	{ "ec_all_m31",        "all_m31",     &br_ec_all_m31 },
459 	{ "ec_c25519_i15",     "c25519_i15",  &br_ec_c25519_i15 },
460 	{ "ec_c25519_i31",     "c25519_i31",  &br_ec_c25519_i31 },
461 	{ "ec_c25519_m15",     "c25519_m15",  &br_ec_c25519_m15 },
462 	{ "ec_c25519_m31",     "c25519_m31",  &br_ec_c25519_m31 },
463 	{ "ec_p256_m15",       "p256_m15",    &br_ec_p256_m15 },
464 	{ "ec_p256_m31",       "p256_m31",    &br_ec_p256_m31 },
465 	{ "ec_prime_i15",      "prime_i15",   &br_ec_prime_i15 },
466 	{ "ec_prime_i31",      "prime_i31",   &br_ec_prime_i31 },
467 
468 	{ "ecdsa_i15_sign_asn1",  "i15_asn1",  &br_ecdsa_i15_sign_asn1 },
469 	{ "ecdsa_i15_sign_raw",   "i15_raw",   &br_ecdsa_i15_sign_raw },
470 	{ "ecdsa_i31_sign_asn1",  "i31_asn1",  &br_ecdsa_i31_sign_asn1 },
471 	{ "ecdsa_i31_sign_raw",   "i31_raw",   &br_ecdsa_i31_sign_raw },
472 	{ "ecdsa_i15_vrfy_asn1",  "i15_asn1",  &br_ecdsa_i15_vrfy_asn1 },
473 	{ "ecdsa_i15_vrfy_raw",   "i15_raw",   &br_ecdsa_i15_vrfy_raw },
474 	{ "ecdsa_i31_vrfy_asn1",  "i31_asn1",  &br_ecdsa_i31_vrfy_asn1 },
475 	{ "ecdsa_i31_vrfy_raw",   "i31_raw",   &br_ecdsa_i31_vrfy_raw },
476 
477 	{ "rsa_i15_pkcs1_sign",   "i15",       &br_rsa_i15_pkcs1_sign },
478 	{ "rsa_i31_pkcs1_sign",   "i31",       &br_rsa_i31_pkcs1_sign },
479 	{ "rsa_i32_pkcs1_sign",   "i32",       &br_rsa_i32_pkcs1_sign },
480 	{ "rsa_i15_pkcs1_vrfy",   "i15",       &br_rsa_i15_pkcs1_vrfy },
481 	{ "rsa_i31_pkcs1_vrfy",   "i31",       &br_rsa_i31_pkcs1_vrfy },
482 	{ "rsa_i32_pkcs1_vrfy",   "i32",       &br_rsa_i32_pkcs1_vrfy },
483 
484 	{ 0, 0, 0 }
485 };
486 
487 static const struct {
488 	const char *long_name;
489 	const char *short_name;
490 	const void *(*get)(void);
491 } algo_names_dyn[] = {
492 	{ "aes_pwr8_cbcenc",      "pwr8",
493 		(const void *(*)(void))&br_aes_pwr8_cbcenc_get_vtable },
494 	{ "aes_pwr8_cbcdec",      "pwr8",
495 		(const void *(*)(void))&br_aes_pwr8_cbcdec_get_vtable },
496 	{ "aes_pwr8_ctr",         "pwr8",
497 		(const void *(*)(void))&br_aes_pwr8_ctr_get_vtable },
498 	{ "aes_pwr8_ctrcbc",      "pwr8",
499 		(const void *(*)(void))&br_aes_pwr8_ctrcbc_get_vtable },
500 	{ "aes_x86ni_cbcenc",     "x86ni",
501 		(const void *(*)(void))&br_aes_x86ni_cbcenc_get_vtable },
502 	{ "aes_x86ni_cbcdec",     "x86ni",
503 		(const void *(*)(void))&br_aes_x86ni_cbcdec_get_vtable },
504 	{ "aes_x86ni_ctr",        "x86ni",
505 		(const void *(*)(void))&br_aes_x86ni_ctr_get_vtable },
506 	{ "aes_x86ni_ctrcbc",     "x86ni",
507 		(const void *(*)(void))&br_aes_x86ni_ctrcbc_get_vtable },
508 	{ "chacha20_sse2",        "sse2",
509 		(const void *(*)(void))&br_chacha20_sse2_get },
510 	{ "ghash_pclmul",         "pclmul",
511 		(const void *(*)(void))&br_ghash_pclmul_get },
512 	{ "ghash_pwr8",           "pwr8",
513 		(const void *(*)(void))&br_ghash_pwr8_get },
514 	{ "poly1305_ctmulq",      "ctmulq",
515 		(const void *(*)(void))&br_poly1305_ctmulq_get },
516 	{ "rsa_i62_pkcs1_sign",   "i62",
517 		(const void *(*)(void))&br_rsa_i62_pkcs1_sign_get },
518 	{ "rsa_i62_pkcs1_vrfy",   "i62",
519 		(const void *(*)(void))&br_rsa_i62_pkcs1_vrfy_get },
520 	{ "ec_c25519_m62",        "m62",
521 		(const void *(*)(void))&br_ec_c25519_m62_get },
522 	{ "ec_c25519_m64",        "m64",
523 		(const void *(*)(void))&br_ec_c25519_m64_get },
524 	{ "ec_p256_m62",          "m62",
525 		(const void *(*)(void))&br_ec_p256_m62_get },
526 	{ "ec_p256_m64",          "m64",
527 		(const void *(*)(void))&br_ec_p256_m64_get },
528 	{ 0, 0, 0, }
529 };
530 
531 /* see brssl.h */
532 const char *
533 get_algo_name(const void *impl, int long_name)
534 {
535 	size_t u;
536 
537 	for (u = 0; algo_names[u].long_name; u ++) {
538 		if (impl == algo_names[u].impl) {
539 			return long_name
540 				? algo_names[u].long_name
541 				: algo_names[u].short_name;
542 		}
543 	}
544 	for (u = 0; algo_names_dyn[u].long_name; u ++) {
545 		if (impl == algo_names_dyn[u].get()) {
546 			return long_name
547 				? algo_names_dyn[u].long_name
548 				: algo_names_dyn[u].short_name;
549 		}
550 	}
551 	return "UNKNOWN";
552 }
553 
554 /* see brssl.h */
555 const char *
556 get_curve_name(int id)
557 {
558 	size_t u;
559 
560 	for (u = 0; curves[u].name; u ++) {
561 		if (curves[u].id == id) {
562 			return curves[u].name;
563 		}
564 	}
565 	return NULL;
566 }
567 
568 /* see brssl.h */
569 int
570 get_curve_name_ext(int id, char *dst, size_t len)
571 {
572 	const char *name;
573 	char tmp[30];
574 	size_t n;
575 
576 	name = get_curve_name(id);
577 	if (name == NULL) {
578 		sprintf(tmp, "unknown (%d)", id);
579 		name = tmp;
580 	}
581 	n = 1 + strlen(name);
582 	if (n > len) {
583 		if (len > 0) {
584 			dst[0] = 0;
585 		}
586 		return -1;
587 	}
588 	memcpy(dst, name, n);
589 	return 0;
590 }
591 
592 /* see brssl.h */
593 const char *
594 get_suite_name(unsigned suite)
595 {
596 	size_t u;
597 
598 	for (u = 0; cipher_suites[u].name; u ++) {
599 		if (cipher_suites[u].suite == suite) {
600 			return cipher_suites[u].name;
601 		}
602 	}
603 	return NULL;
604 }
605 
606 /* see brssl.h */
607 int
608 get_suite_name_ext(unsigned suite, char *dst, size_t len)
609 {
610 	const char *name;
611 	char tmp[30];
612 	size_t n;
613 
614 	name = get_suite_name(suite);
615 	if (name == NULL) {
616 		sprintf(tmp, "unknown (0x%04X)", suite);
617 		name = tmp;
618 	}
619 	n = 1 + strlen(name);
620 	if (n > len) {
621 		if (len > 0) {
622 			dst[0] = 0;
623 		}
624 		return -1;
625 	}
626 	memcpy(dst, name, n);
627 	return 0;
628 }
629 
630 /* see brssl.h */
631 int
632 uses_ecdhe(unsigned suite)
633 {
634 	size_t u;
635 
636 	for (u = 0; cipher_suites[u].name; u ++) {
637 		if (cipher_suites[u].suite == suite) {
638 			return (cipher_suites[u].req
639 				& (REQ_ECDHE_RSA | REQ_ECDHE_ECDSA)) != 0;
640 		}
641 	}
642 	return 0;
643 }
644 
645 /* see brssl.h */
646 void
647 list_names(void)
648 {
649 	size_t u;
650 
651 	printf("Protocol versions:\n");
652 	for (u = 0; protocol_versions[u].name; u ++) {
653 		printf("   %-8s %s\n",
654 			protocol_versions[u].name,
655 			protocol_versions[u].comment);
656 	}
657 	printf("Hash functions:\n");
658 	for (u = 0; hash_functions[u].name; u ++) {
659 		printf("   %-8s %s\n",
660 			hash_functions[u].name,
661 			hash_functions[u].comment);
662 	}
663 	printf("Cipher suites:\n");
664 	for (u = 0; cipher_suites[u].name; u ++) {
665 		printf("   %s\n        %s\n",
666 			cipher_suites[u].name,
667 			cipher_suites[u].comment);
668 	}
669 }
670 
671 /* see brssl.h */
672 void
673 list_curves(void)
674 {
675 	size_t u;
676 	for (u = 0; curves[u].name; u ++) {
677 		size_t v;
678 
679 		for (v = 0; curves[u].sid[v]; v ++) {
680 			if (v == 0) {
681 				printf("   ");
682 			} else if (v == 1) {
683 				printf(" (");
684 			} else {
685 				printf(", ");
686 			}
687 			printf("%s", curves[u].sid[v]);
688 		}
689 		if (v > 1) {
690 			printf(")");
691 		}
692 		printf("\n");
693 	}
694 }
695 
696 static int
697 is_ign(int c)
698 {
699 	if (c == 0) {
700 		return 0;
701 	}
702 	if (c <= 32 || c == '-' || c == '_' || c == '.'
703 		|| c == '/' || c == '+' || c == ':')
704 	{
705 		return 1;
706 	}
707 	return 0;
708 }
709 
710 /*
711  * Get next non-ignored character, normalised:
712  *    ASCII letters are converted to lowercase
713  *    control characters, space, '-', '_', '.', '/', '+' and ':' are ignored
714  * A terminating zero is returned as 0.
715  */
716 static int
717 next_char(const char **ps, const char *limit)
718 {
719 	for (;;) {
720 		int c;
721 
722 		if (*ps == limit) {
723 			return 0;
724 		}
725 		c = *(*ps) ++;
726 		if (c == 0) {
727 			return 0;
728 		}
729 		if (c >= 'A' && c <= 'Z') {
730 			c += 'a' - 'A';
731 		}
732 		if (!is_ign(c)) {
733 			return c;
734 		}
735 	}
736 }
737 
738 /*
739  * Partial string equality comparison, with normalisation.
740  */
741 static int
742 eqstr_chunk(const char *s1, size_t s1_len, const char *s2, size_t s2_len)
743 {
744 	const char *lim1, *lim2;
745 
746 	lim1 = s1 + s1_len;
747 	lim2 = s2 + s2_len;
748 	for (;;) {
749 		int c1, c2;
750 
751 		c1 = next_char(&s1, lim1);
752 		c2 = next_char(&s2, lim2);
753 		if (c1 != c2) {
754 			return 0;
755 		}
756 		if (c1 == 0) {
757 			return 1;
758 		}
759 	}
760 }
761 
762 /* see brssl.h */
763 int
764 eqstr(const char *s1, const char *s2)
765 {
766 	return eqstr_chunk(s1, strlen(s1), s2, strlen(s2));
767 }
768 
769 static int
770 hexval(int c)
771 {
772 	if (c >= '0' && c <= '9') {
773 		return c - '0';
774 	} else if (c >= 'A' && c <= 'F') {
775 		return c - 'A' + 10;
776 	} else if (c >= 'a' && c <= 'f') {
777 		return c - 'a' + 10;
778 	} else {
779 		return -1;
780 	}
781 }
782 
783 /* see brssl.h */
784 size_t
785 parse_size(const char *s)
786 {
787 	int radix;
788 	size_t acc;
789 	const char *t;
790 
791 	t = s;
792 	if (t[0] == '0' && (t[1] == 'x' || t[1] == 'X')) {
793 		radix = 16;
794 		t += 2;
795 	} else {
796 		radix = 10;
797 	}
798 	acc = 0;
799 	for (;;) {
800 		int c, d;
801 		size_t z;
802 
803 		c = *t ++;
804 		if (c == 0) {
805 			return acc;
806 		}
807 		d = hexval(c);
808 		if (d < 0 || d >= radix) {
809 			fprintf(stderr, "ERROR: not a valid digit: '%c'\n", c);
810 			return (size_t)-1;
811 		}
812 		z = acc * (size_t)radix + (size_t)d;
813 		if (z < (size_t)d || (z / (size_t)radix) != acc
814 			|| z == (size_t)-1)
815 		{
816 			fprintf(stderr, "ERROR: value too large: %s\n", s);
817 			return (size_t)-1;
818 		}
819 		acc = z;
820 	}
821 }
822 
823 /*
824  * Comma-separated list enumeration. This returns a pointer to the first
825  * word in the string, skipping leading ignored characters. '*len' is
826  * set to the word length (not counting trailing ignored characters).
827  * '*str' is updated to point to immediately after the next comma, or to
828  * the terminating zero, whichever comes first.
829  *
830  * Empty words are skipped. If there is no next non-empty word, then this
831  * function returns NULL and sets *len to 0.
832  */
833 static const char *
834 next_word(const char **str, size_t *len)
835 {
836 	int c;
837 	const char *begin;
838 	size_t u;
839 
840 	/*
841 	 * Find next non-ignored character which is not a comma.
842 	 */
843 	for (;;) {
844 		c = **str;
845 		if (c == 0) {
846 			*len = 0;
847 			return NULL;
848 		}
849 		if (!is_ign(c) && c != ',') {
850 			break;
851 		}
852 		(*str) ++;
853 	}
854 
855 	/*
856 	 * Find next comma or terminator.
857 	 */
858 	begin = *str;
859 	for (;;) {
860 		c = *(*str);
861 		if (c == 0 || c == ',') {
862 			break;
863 		}
864 		(*str) ++;
865 	}
866 
867 	/*
868 	 * Remove trailing ignored characters.
869 	 */
870 	u = (size_t)(*str - begin);
871 	while (u > 0 && is_ign(begin[u - 1])) {
872 		u --;
873 	}
874 	if (c == ',') {
875 		(*str) ++;
876 	}
877 	*len = u;
878 	return begin;
879 }
880 
881 /* see brssl.h */
882 unsigned
883 parse_version(const char *name, size_t len)
884 {
885 	size_t u;
886 
887 	for (u = 0;; u ++) {
888 		const char *ref;
889 
890 		ref = protocol_versions[u].name;
891 		if (ref == NULL) {
892 			fprintf(stderr, "ERROR: unrecognised protocol"
893 				" version name: '%s'\n", name);
894 			return 0;
895 		}
896 		if (eqstr_chunk(ref, strlen(ref), name, len)) {
897 			return protocol_versions[u].version;
898 		}
899 	}
900 }
901 
902 /* see brssl.h */
903 unsigned
904 parse_hash_functions(const char *arg)
905 {
906 	unsigned r;
907 
908 	r = 0;
909 	for (;;) {
910 		const char *name;
911 		size_t len;
912 		size_t u;
913 
914 		name = next_word(&arg, &len);
915 		if (name == NULL) {
916 			break;
917 		}
918 		for (u = 0;; u ++) {
919 			const char *ref;
920 
921 			ref = hash_functions[u].name;
922 			if (ref == 0) {
923 				fprintf(stderr, "ERROR: unrecognised"
924 					" hash function name: '");
925 				fwrite(name, 1, len, stderr);
926 				fprintf(stderr, "'\n");
927 				return 0;
928 			}
929 			if (eqstr_chunk(ref, strlen(ref), name, len)) {
930 				int id;
931 
932 				id = (hash_functions[u].hclass->desc
933 					>> BR_HASHDESC_ID_OFF)
934 					& BR_HASHDESC_ID_MASK;
935 				r |= (unsigned)1 << id;
936 				break;
937 			}
938 		}
939 	}
940 	if (r == 0) {
941 		fprintf(stderr, "ERROR: no hash function name provided\n");
942 	}
943 	return r;
944 }
945 
946 /* see brssl.h */
947 cipher_suite *
948 parse_suites(const char *arg, size_t *num)
949 {
950 	VECTOR(cipher_suite) suites = VEC_INIT;
951 	cipher_suite *r;
952 
953 	for (;;) {
954 		const char *name;
955 		size_t u, len;
956 
957 		name = next_word(&arg, &len);
958 		if (name == NULL) {
959 			break;
960 		}
961 		for (u = 0;; u ++) {
962 			const char *ref;
963 
964 			ref = cipher_suites[u].name;
965 			if (ref == NULL) {
966 				fprintf(stderr, "ERROR: unrecognised"
967 					" cipher suite '");
968 				fwrite(name, 1, len, stderr);
969 				fprintf(stderr, "'\n");
970 				return 0;
971 			}
972 			if (eqstr_chunk(ref, strlen(ref), name, len)) {
973 				VEC_ADD(suites, cipher_suites[u]);
974 				break;
975 			}
976 		}
977 	}
978 	if (VEC_LEN(suites) == 0) {
979 		fprintf(stderr, "ERROR: no cipher suite provided\n");
980 	}
981 	r = VEC_TOARRAY(suites);
982 	*num = VEC_LEN(suites);
983 	VEC_CLEAR(suites);
984 	return r;
985 }
986 
987 /* see brssl.h */
988 const char *
989 ec_curve_name(int curve)
990 {
991 	switch (curve) {
992 	case BR_EC_sect163k1:        return "sect163k1";
993 	case BR_EC_sect163r1:        return "sect163r1";
994 	case BR_EC_sect163r2:        return "sect163r2";
995 	case BR_EC_sect193r1:        return "sect193r1";
996 	case BR_EC_sect193r2:        return "sect193r2";
997 	case BR_EC_sect233k1:        return "sect233k1";
998 	case BR_EC_sect233r1:        return "sect233r1";
999 	case BR_EC_sect239k1:        return "sect239k1";
1000 	case BR_EC_sect283k1:        return "sect283k1";
1001 	case BR_EC_sect283r1:        return "sect283r1";
1002 	case BR_EC_sect409k1:        return "sect409k1";
1003 	case BR_EC_sect409r1:        return "sect409r1";
1004 	case BR_EC_sect571k1:        return "sect571k1";
1005 	case BR_EC_sect571r1:        return "sect571r1";
1006 	case BR_EC_secp160k1:        return "secp160k1";
1007 	case BR_EC_secp160r1:        return "secp160r1";
1008 	case BR_EC_secp160r2:        return "secp160r2";
1009 	case BR_EC_secp192k1:        return "secp192k1";
1010 	case BR_EC_secp192r1:        return "secp192r1";
1011 	case BR_EC_secp224k1:        return "secp224k1";
1012 	case BR_EC_secp224r1:        return "secp224r1";
1013 	case BR_EC_secp256k1:        return "secp256k1";
1014 	case BR_EC_secp256r1:        return "secp256r1";
1015 	case BR_EC_secp384r1:        return "secp384r1";
1016 	case BR_EC_secp521r1:        return "secp521r1";
1017 	case BR_EC_brainpoolP256r1:  return "brainpoolP256r1";
1018 	case BR_EC_brainpoolP384r1:  return "brainpoolP384r1";
1019 	case BR_EC_brainpoolP512r1:  return "brainpoolP512r1";
1020 	default:
1021 		return "unknown";
1022 	}
1023 }
1024 
1025 /* see brssl.h */
1026 int
1027 get_curve_by_name(const char *str)
1028 {
1029 	size_t u, v;
1030 
1031 	for (u = 0; curves[u].name; u ++) {
1032 		for (v = 0; curves[u].sid[v]; v ++) {
1033 			if (eqstr(curves[u].sid[v], str)) {
1034 				return curves[u].id;
1035 			}
1036 		}
1037 	}
1038 	return -1;
1039 }
1040 
1041 /* see brssl.h */
1042 const char *
1043 hash_function_name(int id)
1044 {
1045 	switch (id) {
1046 	case br_md5sha1_ID:  return "MD5+SHA-1";
1047 	case br_md5_ID:      return "MD5";
1048 	case br_sha1_ID:     return "SHA-1";
1049 	case br_sha224_ID:   return "SHA-224";
1050 	case br_sha256_ID:   return "SHA-256";
1051 	case br_sha384_ID:   return "SHA-384";
1052 	case br_sha512_ID:   return "SHA-512";
1053 	default:
1054 		return "unknown";
1055 	}
1056 }
1057