Add a runtime map of string->func() which when called return

Transforms and BlockCiphers. Registration for all types is done at
startup but is very cheap as just a std::function and a std::map entry
are created, no actual objects are created until needed. This is a
huge improvement over Algorithm_Factory which used T::clone() as the
function and thus kept a prototype object of each type in memory.

Replace existing lookup mechanisms for ciphers, AEADs, and compression
to use the transform lookup. The existing Engine framework remains in
place for BlockCipher, but the engines now just call to the registry
instead of having hardcoded lookups.

s/Transformation/Transform/ with typedefs for compatability.

Remove lib/selftest code (for runtime selftesting): not the right approach.

3 files changed, 58 insertions, 42 deletions

diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp
index 7bbf7cd7e..f50cf1f3e 100644
--- a/src/lib/tls/tls_policy.cpp
+++ b/src/lib/tls/tls_policy.cpp
@@ -17,7 +17,7 @@ namespace TLS {
 
 std::vector<std::string> Policy::allowed_ciphers() const
    {
-   return std::vector<std::string>({
+   return {
       //"AES-256/OCB(12)",
       //"AES-128/OCB(12)",
       "ChaCha20Poly1305",
@@ -25,8 +25,8 @@ std::vector<std::string> Policy::allowed_ciphers() const
       "AES-128/GCM",
       "AES-256/CCM",
       "AES-128/CCM",
-      "AES-256/CCM-8",
-      "AES-128/CCM-8",
+      "AES-256/CCM(8)",
+      "AES-128/CCM(8)",
       //"Camellia-256/GCM",
       //"Camellia-128/GCM",
       "AES-256",
@@ -36,35 +36,35 @@ std::vector<std::string> Policy::allowed_ciphers() const
       //"SEED"
       //"3DES",
       //"RC4",
-      });
+      };
    }
 
 std::vector<std::string> Policy::allowed_signature_hashes() const
    {
-   return std::vector<std::string>({
+   return {
       "SHA-512",
       "SHA-384",
       "SHA-256",
       "SHA-224",
       //"SHA-1",
       //"MD5",
-      });
+      };
    }
 
 std::vector<std::string> Policy::allowed_macs() const
    {
-   return std::vector<std::string>({
+   return {
       "AEAD",
       "SHA-384",
       "SHA-256",
       "SHA-1",
       //"MD5",
-      });
+      };
    }
 
 std::vector<std::string> Policy::allowed_key_exchange_methods() const
    {
-   return std::vector<std::string>({
+   return {
       "SRP_SHA",
       //"ECDHE_PSK",
       //"DHE_PSK",
@@ -72,22 +72,22 @@ std::vector<std::string> Policy::allowed_key_exchange_methods() const
       "ECDH",
       "DH",
       "RSA",
-      });
+      };
    }
 
 std::vector<std::string> Policy::allowed_signature_methods() const
    {
-   return std::vector<std::string>({
+   return {
       "ECDSA",
       "RSA",
       "DSA",
       //""
-      });
+      };
    }
 
 std::vector<std::string> Policy::allowed_ecc_curves() const
    {
-   return std::vector<std::string>({
+   return {
       "brainpool512r1",
       "secp521r1",
       "brainpool384r1",
@@ -102,7 +102,7 @@ std::vector<std::string> Policy::allowed_ecc_curves() const
       //"secp160r2",
       //"secp160r1",
       //"secp160k1",
-      });
+      };
    }
 
 /*
@@ -352,6 +352,34 @@ void Policy::print(std::ostream& o) const
    o << "minimum_dh_group_size = " << minimum_dh_group_size() << '\n';
    }
 
+std::vector<std::string> Strict_Policy::allowed_ciphers() const
+   {
+   return { "ChaCha20Poly1305", "AES-256/GCM", "AES-128/GCM" };
+   }
+
+std::vector<std::string> Strict_Policy::allowed_signature_hashes() const
+   {
+   return { "SHA-512", "SHA-384"};
+   }
+
+std::vector<std::string> Strict_Policy::allowed_macs() const
+   {
+   return { "AEAD" };
+   }
+
+std::vector<std::string> Strict_Policy::allowed_key_exchange_methods() const
+   {
+   return { "ECDH" };
+   }
+
+bool Strict_Policy::acceptable_protocol_version(Protocol_Version version) const
+   {
+   if(version.is_datagram_protocol())
+      return (version >= Protocol_Version::DTLS_V12);
+   else
+      return (version >= Protocol_Version::TLS_V12);
+   }
+
 }
 
 }
diff --git a/src/lib/tls/tls_policy.h b/src/lib/tls/tls_policy.h
index 247510326..581d04bcd 100644
--- a/src/lib/tls/tls_policy.h
+++ b/src/lib/tls/tls_policy.h
@@ -229,27 +229,15 @@ class BOTAN_DLL Datagram_Policy : public Policy
 class BOTAN_DLL Strict_Policy : public Policy
    {
    public:
-      std::vector<std::string> allowed_ciphers() const override
-         {
-         return { "ChaCha20Poly1305", "AES-256/GCM", "AES-128/GCM" };
-         }
+      std::vector<std::string> allowed_ciphers() const override;
 
-      std::vector<std::string> allowed_signature_hashes() const override
-         { return { "SHA-512", "SHA-384"}; }
+      std::vector<std::string> allowed_signature_hashes() const override;
 
-      std::vector<std::string> allowed_macs() const override
-         { return { "AEAD" }; }
+      std::vector<std::string> allowed_macs() const override;
 
-      std::vector<std::string> allowed_key_exchange_methods() const override
-         { return { "ECDH" }; }
+      std::vector<std::string> allowed_key_exchange_methods() const override;
 
-      bool acceptable_protocol_version(Protocol_Version version) const override
-         {
-         if(version.is_datagram_protocol())
-            return (version >= Protocol_Version::DTLS_V12);
-         else
-            return (version >= Protocol_Version::TLS_V12);
-         }
+      bool acceptable_protocol_version(Protocol_Version version) const override;
    };
 
 class BOTAN_DLL Text_Policy : public Policy
diff --git a/src/lib/tls/tls_suite_info.cpp b/src/lib/tls/tls_suite_info.cpp
index 60777672a..02d277173 100644
--- a/src/lib/tls/tls_suite_info.cpp
+++ b/src/lib/tls/tls_suite_info.cpp
@@ -3,7 +3,7 @@
 *
 * This file was automatically generated from the IANA assignments
 * (tls-parameters.txt hash 4bc98b6f75ad5b63952b5f457fa7adbfef60f095)
-* by ./src/scripts/tls_suite_info.py on 2015-01-21
+* by ./src/scripts/tls_suite_info.py on 2015-01-30
 *
 * Botan is released under the Simplified BSD License (see license.txt)
 */
@@ -124,7 +124,7 @@ Ciphersuite Ciphersuite::by_id(u16bit suite)
          return Ciphersuite(0xC09E, "RSA", "DH", "AES-128/CCM", 16, 4, 8, "AEAD", 0, "SHA-256");
 
       case 0xC0A2: // DHE_RSA_WITH_AES_128_CCM_8
-         return Ciphersuite(0xC0A2, "RSA", "DH", "AES-128/CCM-8", 16, 4, 8, "AEAD", 0, "SHA-256");
+         return Ciphersuite(0xC0A2, "RSA", "DH", "AES-128/CCM(8)", 16, 4, 8, "AEAD", 0, "SHA-256");
 
       case 0x009E: // DHE_RSA_WITH_AES_128_GCM_SHA256
          return Ciphersuite(0x009E, "RSA", "DH", "AES-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256");
@@ -142,7 +142,7 @@ Ciphersuite Ciphersuite::by_id(u16bit suite)
          return Ciphersuite(0xC09F, "RSA", "DH", "AES-256/CCM", 32, 4, 8, "AEAD", 0, "SHA-256");
 
       case 0xC0A3: // DHE_RSA_WITH_AES_256_CCM_8
-         return Ciphersuite(0xC0A3, "RSA", "DH", "AES-256/CCM-8", 32, 4, 8, "AEAD", 0, "SHA-256");
+         return Ciphersuite(0xC0A3, "RSA", "DH", "AES-256/CCM(8)", 32, 4, 8, "AEAD", 0, "SHA-256");
 
       case 0x009F: // DHE_RSA_WITH_AES_256_GCM_SHA384
          return Ciphersuite(0x009F, "RSA", "DH", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384");
@@ -232,7 +232,7 @@ Ciphersuite Ciphersuite::by_id(u16bit suite)
          return Ciphersuite(0xC0AC, "ECDSA", "ECDH", "AES-128/CCM", 16, 4, 8, "AEAD", 0, "SHA-256");
 
       case 0xC0AE: // ECDHE_ECDSA_WITH_AES_128_CCM_8
-         return Ciphersuite(0xC0AE, "ECDSA", "ECDH", "AES-128/CCM-8", 16, 4, 8, "AEAD", 0, "SHA-256");
+         return Ciphersuite(0xC0AE, "ECDSA", "ECDH", "AES-128/CCM(8)", 16, 4, 8, "AEAD", 0, "SHA-256");
 
       case 0xC02B: // ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
          return Ciphersuite(0xC02B, "ECDSA", "ECDH", "AES-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256");
@@ -250,7 +250,7 @@ Ciphersuite Ciphersuite::by_id(u16bit suite)
          return Ciphersuite(0xC0AD, "ECDSA", "ECDH", "AES-256/CCM", 32, 4, 8, "AEAD", 0, "SHA-256");
 
       case 0xC0AF: // ECDHE_ECDSA_WITH_AES_256_CCM_8
-         return Ciphersuite(0xC0AF, "ECDSA", "ECDH", "AES-256/CCM-8", 32, 4, 8, "AEAD", 0, "SHA-256");
+         return Ciphersuite(0xC0AF, "ECDSA", "ECDH", "AES-256/CCM(8)", 32, 4, 8, "AEAD", 0, "SHA-256");
 
       case 0xC02C: // ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
          return Ciphersuite(0xC02C, "ECDSA", "ECDH", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384");
@@ -364,10 +364,10 @@ Ciphersuite Ciphersuite::by_id(u16bit suite)
          return Ciphersuite(0xC016, "", "ECDH", "RC4", 16, 0, 0, "SHA-1", 20);
 
       case 0xC0AA: // PSK_DHE_WITH_AES_128_CCM_8
-         return Ciphersuite(0xC0AA, "", "DHE_PSK", "AES-128/CCM-8", 16, 4, 8, "AEAD", 0, "SHA-256");
+         return Ciphersuite(0xC0AA, "", "DHE_PSK", "AES-128/CCM(8)", 16, 4, 8, "AEAD", 0, "SHA-256");
 
       case 0xC0AB: // PSK_DHE_WITH_AES_256_CCM_8
-         return Ciphersuite(0xC0AB, "", "DHE_PSK", "AES-256/CCM-8", 32, 4, 8, "AEAD", 0, "SHA-256");
+         return Ciphersuite(0xC0AB, "", "DHE_PSK", "AES-256/CCM(8)", 32, 4, 8, "AEAD", 0, "SHA-256");
 
       case 0x008B: // PSK_WITH_3DES_EDE_CBC_SHA
          return Ciphersuite(0x008B, "", "PSK", "3DES", 24, 8, 0, "SHA-1", 20);
@@ -382,7 +382,7 @@ Ciphersuite Ciphersuite::by_id(u16bit suite)
          return Ciphersuite(0xC0A4, "", "PSK", "AES-128/CCM", 16, 4, 8, "AEAD", 0, "SHA-256");
 
       case 0xC0A8: // PSK_WITH_AES_128_CCM_8
-         return Ciphersuite(0xC0A8, "", "PSK", "AES-128/CCM-8", 16, 4, 8, "AEAD", 0, "SHA-256");
+         return Ciphersuite(0xC0A8, "", "PSK", "AES-128/CCM(8)", 16, 4, 8, "AEAD", 0, "SHA-256");
 
       case 0x00A8: // PSK_WITH_AES_128_GCM_SHA256
          return Ciphersuite(0x00A8, "", "PSK", "AES-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256");
@@ -400,7 +400,7 @@ Ciphersuite Ciphersuite::by_id(u16bit suite)
          return Ciphersuite(0xC0A5, "", "PSK", "AES-256/CCM", 32, 4, 8, "AEAD", 0, "SHA-256");
 
       case 0xC0A9: // PSK_WITH_AES_256_CCM_8
-         return Ciphersuite(0xC0A9, "", "PSK", "AES-256/CCM-8", 32, 4, 8, "AEAD", 0, "SHA-256");
+         return Ciphersuite(0xC0A9, "", "PSK", "AES-256/CCM(8)", 32, 4, 8, "AEAD", 0, "SHA-256");
 
       case 0x00A9: // PSK_WITH_AES_256_GCM_SHA384
          return Ciphersuite(0x00A9, "", "PSK", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384");
@@ -436,7 +436,7 @@ Ciphersuite Ciphersuite::by_id(u16bit suite)
          return Ciphersuite(0xC09C, "RSA", "RSA", "AES-128/CCM", 16, 4, 8, "AEAD", 0, "SHA-256");
 
       case 0xC0A0: // RSA_WITH_AES_128_CCM_8
-         return Ciphersuite(0xC0A0, "RSA", "RSA", "AES-128/CCM-8", 16, 4, 8, "AEAD", 0, "SHA-256");
+         return Ciphersuite(0xC0A0, "RSA", "RSA", "AES-128/CCM(8)", 16, 4, 8, "AEAD", 0, "SHA-256");
 
       case 0x009C: // RSA_WITH_AES_128_GCM_SHA256
          return Ciphersuite(0x009C, "RSA", "RSA", "AES-128/GCM", 16, 4, 8, "AEAD", 0, "SHA-256");
@@ -451,7 +451,7 @@ Ciphersuite Ciphersuite::by_id(u16bit suite)
          return Ciphersuite(0xC09D, "RSA", "RSA", "AES-256/CCM", 32, 4, 8, "AEAD", 0, "SHA-256");
 
       case 0xC0A1: // RSA_WITH_AES_256_CCM_8
-         return Ciphersuite(0xC0A1, "RSA", "RSA", "AES-256/CCM-8", 32, 4, 8, "AEAD", 0, "SHA-256");
+         return Ciphersuite(0xC0A1, "RSA", "RSA", "AES-256/CCM(8)", 32, 4, 8, "AEAD", 0, "SHA-256");
 
       case 0x009D: // RSA_WITH_AES_256_GCM_SHA384
          return Ciphersuite(0x009D, "RSA", "RSA", "AES-256/GCM", 32, 4, 8, "AEAD", 0, "SHA-384");