projects / BearSSL / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Fix: make static ECDH selectable with the br_ssl_client_set_single_ec() helper function.
[BearSSL] / ssl / ssl_hs_server.c
1 /* Automatically generated code; do not modify directly. */
2
3 #include <stddef.h>
4 #include <stdint.h>
5
6 typedef struct {
7 uint32_t *dp;
8 uint32_t *rp;
9 const unsigned char *ip;
10 } t0_context;
11
12 static uint32_t
13 t0_parse7E_unsigned(const unsigned char **p)
14 {
15 uint32_t x;
16
17 x = 0;
18 for (;;) {
19 unsigned y;
20
21 y = *(*p) ++;
22 x = (x << 7) | (uint32_t)(y & 0x7F);
23 if (y < 0x80) {
24 return x;
25 }
26 }
27 }
28
29 static int32_t
30 t0_parse7E_signed(const unsigned char **p)
31 {
32 int neg;
33 uint32_t x;
34
35 neg = ((**p) >> 6) & 1;
36 x = (uint32_t)-neg;
37 for (;;) {
38 unsigned y;
39
40 y = *(*p) ++;
41 x = (x << 7) | (uint32_t)(y & 0x7F);
42 if (y < 0x80) {
43 if (neg) {
44 return -(int32_t)~x - 1;
45 } else {
46 return (int32_t)x;
47 }
48 }
49 }
50 }
51
52 #define T0_VBYTE(x, n) (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) | 0x80)
53 #define T0_FBYTE(x, n) (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)
54 #define T0_SBYTE(x) (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)
55 #define T0_INT1(x) T0_FBYTE(x, 0)
56 #define T0_INT2(x) T0_VBYTE(x, 7), T0_FBYTE(x, 0)
57 #define T0_INT3(x) T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
58 #define T0_INT4(x) T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
59 #define T0_INT5(x) T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
60
61 static const uint8_t t0_datablock[];
62
63
64 void br_ssl_hs_server_init_main(void *t0ctx);
65
66 void br_ssl_hs_server_run(void *t0ctx);
67
68
69
70 #include <stddef.h>
71 #include <string.h>
72
73 #include "inner.h"
74
75 /*
76 * This macro evaluates to a pointer to the current engine context.
77 */
78 #define ENG ((br_ssl_engine_context *)((unsigned char *)t0ctx - offsetof(br_ssl_engine_context, cpu)))
79
80
81
82
83
84 /*
85 * This macro evaluates to a pointer to the server context, under that
86 * specific name. It must be noted that since the engine context is the
87 * first field of the br_ssl_server_context structure ('eng'), then
88 * pointers values of both types are interchangeable, modulo an
89 * appropriate cast. This also means that "adresses" computed as offsets
90 * within the structure work for both kinds of context.
91 */
92 #define CTX ((br_ssl_server_context *)ENG)
93
94 /*
95 * Decrypt the pre-master secret (RSA key exchange).
96 */
97 static void
98 do_rsa_decrypt(br_ssl_server_context *ctx, int prf_id,
99 unsigned char *epms, size_t len)
100 {
101 uint32_t x;
102 unsigned char rpms[48];
103
104 /*
105 * Decrypt the PMS.
106 */
107 x = (*ctx->policy_vtable)->do_keyx(ctx->policy_vtable, epms, len);
108
109 /*
110 * Set the first two bytes to the maximum supported client
111 * protocol version. These bytes are used for version rollback
112 * detection; forceing the two bytes will make the master secret
113 * wrong if the bytes are not correct. This process is
114 * recommended by RFC 5246 (section 7.4.7.1).
115 */
116 br_enc16be(epms, ctx->client_max_version);
117
118 /*
119 * Make a random PMS and copy it above the decrypted value if the
120 * decryption failed. Note that we use a constant-time conditional
121 * copy.
122 */
123 br_hmac_drbg_generate(&ctx->eng.rng, rpms, sizeof rpms);
124 br_ccopy(x ^ 1, epms, rpms, sizeof rpms);
125
126 /*
127 * Compute master secret.
128 */
129 br_ssl_engine_compute_master(&ctx->eng, prf_id, epms, 48);
130
131 /*
132 * Clear the pre-master secret from RAM: it is normally a buffer
133 * in the context, hence potentially long-lived.
134 */
135 memset(epms, 0, len);
136 }
137
138 /*
139 * Common part for ECDH and ECDHE.
140 */
141 static void
142 ecdh_common(br_ssl_server_context *ctx, int prf_id,
143 unsigned char *cpoint, size_t cpoint_len, uint32_t ctl)
144 {
145 unsigned char rpms[80];
146 size_t pms_len;
147
148 /*
149 * The point length is supposed to be 1+2*Xlen, where Xlen is
150 * the length (in bytes) of the X coordinate, i.e. the pre-master
151 * secret. If the provided point is too large, then it is
152 * obviously incorrect (i.e. everybody can see that it is
153 * incorrect), so leaking that fact is not a problem.
154 */
155 pms_len = cpoint_len >> 1;
156 if (pms_len > sizeof rpms) {
157 pms_len = sizeof rpms;
158 ctl = 0;
159 }
160
161 /*
162 * Make a random PMS and copy it above the decrypted value if the
163 * decryption failed. Note that we use a constant-time conditional
164 * copy.
165 */
166 br_hmac_drbg_generate(&ctx->eng.rng, rpms, pms_len);
167 br_ccopy(ctl ^ 1, cpoint + 1, rpms, pms_len);
168
169 /*
170 * Compute master secret.
171 */
172 br_ssl_engine_compute_master(&ctx->eng, prf_id, cpoint + 1, pms_len);
173
174 /*
175 * Clear the pre-master secret from RAM: it is normally a buffer
176 * in the context, hence potentially long-lived.
177 */
178 memset(cpoint, 0, cpoint_len);
179 }
180
181 /*
182 * Do the ECDH key exchange (not ECDHE).
183 */
184 static void
185 do_ecdh(br_ssl_server_context *ctx, int prf_id,
186 unsigned char *cpoint, size_t cpoint_len)
187 {
188 uint32_t x;
189
190 /*
191 * Finalise the key exchange.
192 */
193 x = (*ctx->policy_vtable)->do_keyx(ctx->policy_vtable,
194 cpoint, cpoint_len);
195 ecdh_common(ctx, prf_id, cpoint, cpoint_len, x);
196 }
197
198 /*
199 * Do the ECDHE key exchange (part 1: generation of transient key, and
200 * computing of the point to send to the client). Returned value is the
201 * signature length (in bytes), or -x on error (with x being an error
202 * code). The encoded point is written in the ecdhe_point[] context buffer
203 * (length in ecdhe_point_len).
204 */
205 static int
206 do_ecdhe_part1(br_ssl_server_context *ctx, int curve)
207 {
208 int hash;
209 unsigned mask;
210 const unsigned char *order, *generator;
211 size_t olen, glen;
212 br_multihash_context mhc;
213 unsigned char head[4];
214 size_t hv_len, sig_len;
215
216 if (!((ctx->eng.iec->supported_curves >> curve) & 1)) {
217 return -BR_ERR_INVALID_ALGORITHM;
218 }
219 ctx->eng.ecdhe_curve = curve;
220
221 /*
222 * Generate our private key. We need a non-zero random value
223 * which is lower than the curve order, in a "large enough"
224 * range. We force the top bit to 0 and bottom bit to 1, which
225 * does the trick. Note that contrary to what happens in ECDSA,
226 * this is not a problem if we do not cover the full range of
227 * possible values.
228 */
229 order = ctx->eng.iec->order(curve, &olen);
230 mask = 0xFF;
231 while (mask >= order[0]) {
232 mask >>= 1;
233 }
234 br_hmac_drbg_generate(&ctx->eng.rng, ctx->ecdhe_key, olen);
235 ctx->ecdhe_key[0] &= mask;
236 ctx->ecdhe_key[olen - 1] |= 0x01;
237 ctx->ecdhe_key_len = olen;
238
239 /*
240 * Compute our ECDH point.
241 */
242 generator = ctx->eng.iec->generator(curve, &glen);
243 memcpy(ctx->eng.ecdhe_point, generator, glen);
244 ctx->eng.ecdhe_point_len = glen;
245 if (!ctx->eng.iec->mul(ctx->eng.ecdhe_point, glen,
246 ctx->ecdhe_key, olen, curve))
247 {
248 return -BR_ERR_INVALID_ALGORITHM;
249 }
250
251 /*
252 * Compute the signature.
253 */
254 br_multihash_zero(&mhc);
255 br_multihash_copyimpl(&mhc, &ctx->eng.mhash);
256 br_multihash_init(&mhc);
257 br_multihash_update(&mhc,
258 ctx->eng.client_random, sizeof ctx->eng.client_random);
259 br_multihash_update(&mhc,
260 ctx->eng.server_random, sizeof ctx->eng.server_random);
261 head[0] = 3;
262 head[1] = 0;
263 head[2] = curve;
264 head[3] = ctx->eng.ecdhe_point_len;
265 br_multihash_update(&mhc, head, sizeof head);
266 br_multihash_update(&mhc,
267 ctx->eng.ecdhe_point, ctx->eng.ecdhe_point_len);
268 hash = ctx->sign_hash_id;
269 if (hash) {
270 hv_len = br_multihash_out(&mhc, hash, ctx->eng.pad);
271 if (hv_len == 0) {
272 return -BR_ERR_INVALID_ALGORITHM;
273 }
274 } else {
275 if (!br_multihash_out(&mhc, br_md5_ID, ctx->eng.pad)
276 || !br_multihash_out(&mhc,
277 br_sha1_ID, ctx->eng.pad + 16))
278 {
279 return -BR_ERR_INVALID_ALGORITHM;
280 }
281 hv_len = 36;
282 }
283 sig_len = (*ctx->policy_vtable)->do_sign(ctx->policy_vtable,
284 hash, hv_len, ctx->eng.pad, sizeof ctx->eng.pad);
285 return sig_len ? (int)sig_len : -BR_ERR_INVALID_ALGORITHM;
286 }
287
288 /*
289 * Do the ECDHE key exchange (part 2: computation of the shared secret
290 * from the point sent by the client).
291 */
292 static void
293 do_ecdhe_part2(br_ssl_server_context *ctx, int prf_id,
294 unsigned char *cpoint, size_t cpoint_len)
295 {
296 int curve;
297 uint32_t x;
298
299 curve = ctx->eng.ecdhe_curve;
300
301 /*
302 * Finalise the key exchange.
303 */
304 x = ctx->eng.iec->mul(cpoint, cpoint_len,
305 ctx->ecdhe_key, ctx->ecdhe_key_len, curve);
306 ecdh_common(ctx, prf_id, cpoint, cpoint_len, x);
307
308 /*
309 * Clear the ECDHE private key. Forward Secrecy is achieved insofar
310 * as that key does not get stolen, so we'd better destroy it
311 * as soon as it ceases to be useful.
312 */
313 memset(ctx->ecdhe_key, 0, ctx->ecdhe_key_len);
314 }
315
316
317
318 static const uint8_t t0_datablock[] = {
319 0x00, 0x00, 0x0A, 0x00, 0x24, 0x00, 0x2F, 0x01, 0x24, 0x00, 0x35, 0x02,
320 0x24, 0x00, 0x3C, 0x01, 0x44, 0x00, 0x3D, 0x02, 0x44, 0x00, 0x9C, 0x03,
321 0x04, 0x00, 0x9D, 0x04, 0x05, 0xC0, 0x03, 0x40, 0x24, 0xC0, 0x04, 0x41,
322 0x24, 0xC0, 0x05, 0x42, 0x24, 0xC0, 0x08, 0x20, 0x24, 0xC0, 0x09, 0x21,
323 0x24, 0xC0, 0x0A, 0x22, 0x24, 0xC0, 0x0D, 0x30, 0x24, 0xC0, 0x0E, 0x31,
324 0x24, 0xC0, 0x0F, 0x32, 0x24, 0xC0, 0x12, 0x10, 0x24, 0xC0, 0x13, 0x11,
325 0x24, 0xC0, 0x14, 0x12, 0x24, 0xC0, 0x23, 0x21, 0x44, 0xC0, 0x24, 0x22,
326 0x55, 0xC0, 0x25, 0x41, 0x44, 0xC0, 0x26, 0x42, 0x55, 0xC0, 0x27, 0x11,
327 0x44, 0xC0, 0x28, 0x12, 0x55, 0xC0, 0x29, 0x31, 0x44, 0xC0, 0x2A, 0x32,
328 0x55, 0xC0, 0x2B, 0x23, 0x04, 0xC0, 0x2C, 0x24, 0x05, 0xC0, 0x2D, 0x43,
329 0x04, 0xC0, 0x2E, 0x44, 0x05, 0xC0, 0x2F, 0x13, 0x04, 0xC0, 0x30, 0x14,
330 0x05, 0xC0, 0x31, 0x33, 0x04, 0xC0, 0x32, 0x34, 0x05, 0xCC, 0xA8, 0x15,
331 0x04, 0xCC, 0xA9, 0x25, 0x04, 0x00, 0x00
332 };
333
334 static const uint8_t t0_codeblock[] = {
335 0x00, 0x01, 0x00, 0x0A, 0x00, 0x00, 0x01, 0x00, 0x0D, 0x00, 0x00, 0x01,
336 0x00, 0x0E, 0x00, 0x00, 0x01, 0x00, 0x0F, 0x00, 0x00, 0x01, 0x01, 0x08,
337 0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x02, 0x08, 0x00, 0x00,
338 0x21, 0x21, 0x00, 0x00, 0x01, T0_INT1(BR_ERR_BAD_CCS), 0x00, 0x00,
339 0x01, T0_INT1(BR_ERR_BAD_FINISHED), 0x00, 0x00, 0x01,
340 T0_INT1(BR_ERR_BAD_FRAGLEN), 0x00, 0x00, 0x01,
341 T0_INT1(BR_ERR_BAD_HANDSHAKE), 0x00, 0x00, 0x01,
342 T0_INT1(BR_ERR_BAD_PARAM), 0x00, 0x00, 0x01,
343 T0_INT1(BR_ERR_BAD_SECRENEG), 0x00, 0x00, 0x01,
344 T0_INT1(BR_ERR_BAD_VERSION), 0x00, 0x00, 0x01,
345 T0_INT1(BR_ERR_LIMIT_EXCEEDED), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OK),
346 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OVERSIZED_ID), 0x00, 0x00, 0x01,
347 T0_INT1(BR_ERR_UNEXPECTED), 0x00, 0x00, 0x01,
348 T0_INT2(offsetof(br_ssl_engine_context, action)), 0x00, 0x00, 0x01,
349 T0_INT2(offsetof(br_ssl_engine_context, alert)), 0x00, 0x00, 0x01,
350 T0_INT2(offsetof(br_ssl_engine_context, application_data)), 0x00, 0x00,
351 0x01,
352 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, cipher_suite)),
353 0x00, 0x00, 0x01,
354 T0_INT2(offsetof(br_ssl_server_context, client_max_version)), 0x00,
355 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, client_random)),
356 0x00, 0x00, 0x01,
357 T0_INT2(offsetof(br_ssl_server_context, client_suites)), 0x00, 0x00,
358 0x01, T0_INT2(offsetof(br_ssl_server_context, client_suites_num)),
359 0x00, 0x00, 0x01,
360 T0_INT2(offsetof(br_ssl_engine_context, close_received)), 0x00, 0x00,
361 0x01, T0_INT2(offsetof(br_ssl_server_context, curves)), 0x00, 0x00,
362 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point)), 0x00,
363 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point_len)),
364 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_server_context, flags)),
365 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_server_context, hashes)),
366 0x00, 0x00, 0x5D, 0x01,
367 T0_INT2(BR_MAX_CIPHER_SUITES * sizeof(br_suite_translated)), 0x00,
368 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, log_max_frag_len)),
369 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, pad)), 0x00,
370 0x00, 0x01,
371 T0_INT2(offsetof(br_ssl_engine_context, peer_log_max_frag_len)), 0x00,
372 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, record_type_in)),
373 0x00, 0x00, 0x01,
374 T0_INT2(offsetof(br_ssl_engine_context, record_type_out)), 0x00, 0x00,
375 0x01, T0_INT2(offsetof(br_ssl_engine_context, reneg)), 0x00, 0x00,
376 0x01, T0_INT2(offsetof(br_ssl_engine_context, saved_finished)), 0x00,
377 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, server_name)),
378 0x00, 0x00, 0x01,
379 T0_INT2(offsetof(br_ssl_engine_context, server_random)), 0x00, 0x00,
380 0x01,
381 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id)),
382 0x00, 0x00, 0x01,
383 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id_len)),
384 0x00, 0x00, 0x01,
385 T0_INT2(offsetof(br_ssl_engine_context, shutdown_recv)), 0x00, 0x00,
386 0x01, T0_INT2(offsetof(br_ssl_server_context, sign_hash_id)), 0x00,
387 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_buf)), 0x00,
388 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_num)), 0x00,
389 0x00, 0x01,
390 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, version)),
391 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_in)),
392 0x00, 0x00, 0x01,
393 T0_INT2(offsetof(br_ssl_engine_context, version_max)), 0x00, 0x00,
394 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_min)), 0x00,
395 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_out)),
396 0x00, 0x00, 0x09, 0x22, 0x44, 0x06, 0x02, 0x50, 0x23, 0x00, 0x00, 0x01,
397 0x01, 0x00, 0x01, 0x03, 0x00, 0x7B, 0x22, 0x4A, 0x3B, 0x7F, 0x22, 0x05,
398 0x04, 0x4B, 0x01, 0x00, 0x00, 0x02, 0x00, 0x0E, 0x06, 0x02, 0x7F, 0x00,
399 0x4A, 0x04, 0x6B, 0x00, 0x06, 0x02, 0x50, 0x23, 0x00, 0x00, 0x22, 0x6C,
400 0x3B, 0x05, 0x03, 0x01, 0x0C, 0x08, 0x3B, 0x5A, 0x25, 0x81, 0x07, 0x19,
401 0x67, 0x01, 0x0C, 0x2A, 0x00, 0x00, 0x22, 0x1B, 0x01, 0x08, 0x0B, 0x3B,
402 0x48, 0x1B, 0x08, 0x00, 0x01, 0x03, 0x00, 0x01, 0x00, 0x59, 0x38, 0x24,
403 0x16, 0x2F, 0x06, 0x08, 0x02, 0x00, 0x81, 0x26, 0x03, 0x00, 0x04, 0x74,
404 0x01, 0x00, 0x81, 0x1E, 0x02, 0x00, 0x22, 0x16, 0x12, 0x06, 0x02, 0x54,
405 0x23, 0x81, 0x26, 0x04, 0x75, 0x00, 0x01, 0x00, 0x59, 0x38, 0x01, 0x16,
406 0x6A, 0x38, 0x2D, 0x81, 0x0B, 0x2C, 0x06, 0x02, 0x56, 0x23, 0x06, 0x0C,
407 0x81, 0x2C, 0x01, 0x00, 0x81, 0x29, 0x01, 0x00, 0x81, 0x0A, 0x04, 0x14,
408 0x81, 0x2C, 0x81, 0x2A, 0x81, 0x2E, 0x81, 0x2D, 0x24, 0x81, 0x0C, 0x01,
409 0x00, 0x81, 0x0A, 0x01, 0x00, 0x81, 0x29, 0x34, 0x01, 0x01, 0x59, 0x38,
410 0x01, 0x17, 0x6A, 0x38, 0x00, 0x00, 0x31, 0x31, 0x00, 0x01, 0x03, 0x00,
411 0x24, 0x16, 0x2F, 0x06, 0x05, 0x81, 0x25, 0x21, 0x04, 0x77, 0x01, 0x02,
412 0x02, 0x00, 0x81, 0x1D, 0x16, 0x2F, 0x06, 0x05, 0x81, 0x25, 0x21, 0x04,
413 0x77, 0x02, 0x00, 0x01, 0x84, 0x00, 0x08, 0x23, 0x00, 0x00, 0x63, 0x26,
414 0x3B, 0x11, 0x01, 0x01, 0x12, 0x2E, 0x00, 0x00, 0x01, 0x7F, 0x81, 0x01,
415 0x81, 0x25, 0x22, 0x01, 0x07, 0x12, 0x01, 0x00, 0x31, 0x0E, 0x06, 0x0A,
416 0x21, 0x01, 0x10, 0x12, 0x06, 0x02, 0x81, 0x1C, 0x04, 0x24, 0x01, 0x01,
417 0x31, 0x0E, 0x06, 0x1B, 0x21, 0x21, 0x6B, 0x27, 0x01, 0x01, 0x0D, 0x06,
418 0x06, 0x01, 0x00, 0x81, 0x01, 0x04, 0x0A, 0x24, 0x16, 0x2F, 0x06, 0x05,
419 0x81, 0x25, 0x21, 0x04, 0x77, 0x04, 0x03, 0x56, 0x23, 0x21, 0x04, 0x44,
420 0x01, 0x22, 0x03, 0x00, 0x09, 0x22, 0x44, 0x06, 0x02, 0x50, 0x23, 0x02,
421 0x00, 0x00, 0x00, 0x7C, 0x01, 0x0F, 0x12, 0x00, 0x00, 0x58, 0x27, 0x01,
422 0x00, 0x31, 0x0E, 0x06, 0x10, 0x21, 0x22, 0x01, 0x01, 0x0D, 0x06, 0x03,
423 0x21, 0x01, 0x02, 0x58, 0x38, 0x01, 0x00, 0x04, 0x16, 0x01, 0x01, 0x31,
424 0x0E, 0x06, 0x09, 0x21, 0x01, 0x00, 0x58, 0x38, 0x46, 0x00, 0x04, 0x07,
425 0x21, 0x01, 0x82, 0x00, 0x08, 0x23, 0x21, 0x00, 0x00, 0x01, 0x00, 0x28,
426 0x06, 0x06, 0x33, 0x81, 0x08, 0x30, 0x04, 0x77, 0x22, 0x06, 0x04, 0x01,
427 0x01, 0x71, 0x38, 0x00, 0x00, 0x28, 0x06, 0x0B, 0x69, 0x27, 0x01, 0x14,
428 0x0D, 0x06, 0x02, 0x56, 0x23, 0x04, 0x12, 0x81, 0x25, 0x01, 0x07, 0x12,
429 0x22, 0x01, 0x02, 0x0D, 0x06, 0x06, 0x06, 0x02, 0x56, 0x23, 0x04, 0x6F,
430 0x21, 0x81, 0x1A, 0x01, 0x01, 0x0D, 0x2C, 0x30, 0x06, 0x02, 0x4C, 0x23,
431 0x22, 0x01, 0x01, 0x81, 0x20, 0x2F, 0x81, 0x0D, 0x00, 0x0A, 0x81, 0x12,
432 0x01, 0x01, 0x0E, 0x05, 0x02, 0x56, 0x23, 0x81, 0x17, 0x22, 0x03, 0x00,
433 0x5B, 0x36, 0x5C, 0x01, 0x20, 0x81, 0x0E, 0x81, 0x19, 0x22, 0x01, 0x20,
434 0x0F, 0x06, 0x02, 0x55, 0x23, 0x22, 0x70, 0x38, 0x6F, 0x3B, 0x81, 0x0E,
435 0x17, 0x03, 0x01, 0x81, 0x17, 0x81, 0x06, 0x01, 0x00, 0x03, 0x02, 0x01,
436 0x00, 0x03, 0x03, 0x65, 0x81, 0x02, 0x14, 0x31, 0x08, 0x03, 0x04, 0x03,
437 0x05, 0x22, 0x06, 0x80, 0x70, 0x81, 0x17, 0x22, 0x03, 0x06, 0x02, 0x01,
438 0x06, 0x0A, 0x22, 0x5A, 0x25, 0x0E, 0x06, 0x04, 0x01, 0x7F, 0x03, 0x03,
439 0x22, 0x01, 0x81, 0x7F, 0x0E, 0x06, 0x0A, 0x6B, 0x27, 0x06, 0x02, 0x51,
440 0x23, 0x01, 0x7F, 0x03, 0x02, 0x22, 0x01, 0x81, 0xAC, 0x00, 0x0E, 0x06,
441 0x11, 0x02, 0x00, 0x78, 0x25, 0x10, 0x02, 0x00, 0x77, 0x25, 0x0A, 0x12,
442 0x06, 0x04, 0x01, 0x7F, 0x03, 0x00, 0x81, 0x1B, 0x22, 0x44, 0x06, 0x03,
443 0x21, 0x04, 0x27, 0x01, 0x00, 0x81, 0x04, 0x06, 0x0B, 0x01, 0x02, 0x0B,
444 0x5D, 0x08, 0x02, 0x06, 0x3B, 0x36, 0x04, 0x16, 0x21, 0x02, 0x05, 0x02,
445 0x04, 0x10, 0x06, 0x02, 0x4F, 0x23, 0x02, 0x06, 0x02, 0x05, 0x36, 0x02,
446 0x05, 0x01, 0x04, 0x08, 0x03, 0x05, 0x04, 0xFF, 0x0C, 0x21, 0x01, 0x00,
447 0x03, 0x07, 0x81, 0x19, 0x81, 0x06, 0x22, 0x06, 0x0A, 0x81, 0x19, 0x05,
448 0x04, 0x01, 0x7F, 0x03, 0x07, 0x04, 0x73, 0x7D, 0x01, 0x00, 0x6D, 0x38,
449 0x01, 0x88, 0x04, 0x64, 0x36, 0x01, 0x84, 0x80, 0x80, 0x00, 0x60, 0x37,
450 0x22, 0x06, 0x80, 0x4D, 0x81, 0x17, 0x81, 0x06, 0x22, 0x06, 0x80, 0x44,
451 0x81, 0x17, 0x01, 0x00, 0x31, 0x0E, 0x06, 0x05, 0x21, 0x81, 0x11, 0x04,
452 0x34, 0x01, 0x01, 0x31, 0x0E, 0x06, 0x05, 0x21, 0x81, 0x0F, 0x04, 0x29,
453 0x01, 0x83, 0xFE, 0x01, 0x31, 0x0E, 0x06, 0x05, 0x21, 0x81, 0x10, 0x04,
454 0x1C, 0x01, 0x0D, 0x31, 0x0E, 0x06, 0x05, 0x21, 0x81, 0x15, 0x04, 0x11,
455 0x01, 0x0A, 0x31, 0x0E, 0x06, 0x05, 0x21, 0x81, 0x16, 0x04, 0x06, 0x21,
456 0x81, 0x14, 0x01, 0x00, 0x21, 0x04, 0xFF, 0x38, 0x7D, 0x7D, 0x02, 0x01,
457 0x02, 0x03, 0x12, 0x03, 0x01, 0x02, 0x00, 0x44, 0x06, 0x09, 0x5B, 0x25,
458 0x79, 0x36, 0x01, 0x80, 0x56, 0x81, 0x03, 0x77, 0x25, 0x22, 0x02, 0x00,
459 0x0F, 0x06, 0x03, 0x21, 0x02, 0x00, 0x22, 0x01, 0x86, 0x00, 0x0A, 0x06,
460 0x02, 0x52, 0x23, 0x02, 0x00, 0x78, 0x25, 0x0A, 0x06, 0x05, 0x01, 0x80,
461 0x46, 0x81, 0x03, 0x02, 0x01, 0x06, 0x10, 0x75, 0x25, 0x02, 0x00, 0x0C,
462 0x06, 0x05, 0x21, 0x75, 0x25, 0x04, 0x04, 0x01, 0x00, 0x03, 0x01, 0x22,
463 0x75, 0x36, 0x22, 0x76, 0x36, 0x22, 0x79, 0x36, 0x01, 0x86, 0x03, 0x10,
464 0x03, 0x08, 0x02, 0x02, 0x06, 0x04, 0x01, 0x02, 0x6B, 0x38, 0x02, 0x07,
465 0x05, 0x04, 0x01, 0x28, 0x81, 0x03, 0x3A, 0x21, 0x01, 0x82, 0x01, 0x07,
466 0x64, 0x25, 0x12, 0x22, 0x64, 0x36, 0x45, 0x03, 0x09, 0x60, 0x26, 0x39,
467 0x12, 0x22, 0x60, 0x37, 0x05, 0x04, 0x01, 0x00, 0x03, 0x09, 0x02, 0x01,
468 0x06, 0x03, 0x01, 0x7F, 0x00, 0x6F, 0x01, 0x20, 0x2B, 0x5D, 0x22, 0x03,
469 0x05, 0x22, 0x02, 0x04, 0x0A, 0x06, 0x80, 0x47, 0x22, 0x25, 0x22, 0x7C,
470 0x02, 0x09, 0x05, 0x13, 0x22, 0x01, 0x0C, 0x11, 0x22, 0x01, 0x01, 0x0E,
471 0x3B, 0x01, 0x02, 0x0E, 0x30, 0x06, 0x04, 0x4B, 0x01, 0x00, 0x22, 0x02,
472 0x08, 0x05, 0x0E, 0x22, 0x01, 0x81, 0x70, 0x12, 0x01, 0x20, 0x0D, 0x06,
473 0x04, 0x4B, 0x01, 0x00, 0x22, 0x22, 0x06, 0x10, 0x02, 0x05, 0x4A, 0x36,
474 0x02, 0x05, 0x36, 0x02, 0x05, 0x01, 0x04, 0x08, 0x03, 0x05, 0x04, 0x01,
475 0x4B, 0x01, 0x04, 0x08, 0x04, 0xFF, 0x32, 0x21, 0x02, 0x05, 0x5D, 0x09,
476 0x01, 0x02, 0x11, 0x22, 0x05, 0x04, 0x01, 0x28, 0x81, 0x03, 0x5E, 0x38,
477 0x15, 0x05, 0x04, 0x01, 0x28, 0x81, 0x03, 0x01, 0x00, 0x00, 0x04, 0x81,
478 0x12, 0x01, 0x10, 0x0E, 0x05, 0x02, 0x56, 0x23, 0x5A, 0x25, 0x81, 0x24,
479 0x06, 0x19, 0x81, 0x17, 0x22, 0x01, 0x84, 0x00, 0x0F, 0x06, 0x02, 0x53,
480 0x23, 0x22, 0x03, 0x00, 0x67, 0x3B, 0x81, 0x0E, 0x02, 0x00, 0x5A, 0x25,
481 0x81, 0x07, 0x20, 0x5A, 0x25, 0x22, 0x81, 0x22, 0x3B, 0x81, 0x21, 0x03,
482 0x01, 0x03, 0x02, 0x02, 0x01, 0x02, 0x02, 0x30, 0x06, 0x17, 0x81, 0x19,
483 0x22, 0x03, 0x03, 0x67, 0x3B, 0x81, 0x0E, 0x02, 0x03, 0x5A, 0x25, 0x81,
484 0x07, 0x02, 0x02, 0x06, 0x03, 0x1F, 0x04, 0x01, 0x1D, 0x7D, 0x00, 0x00,
485 0x7E, 0x81, 0x12, 0x01, 0x14, 0x0D, 0x06, 0x02, 0x56, 0x23, 0x67, 0x01,
486 0x0C, 0x08, 0x01, 0x0C, 0x81, 0x0E, 0x7D, 0x67, 0x22, 0x01, 0x0C, 0x08,
487 0x01, 0x0C, 0x29, 0x05, 0x02, 0x4D, 0x23, 0x00, 0x02, 0x03, 0x00, 0x03,
488 0x01, 0x02, 0x00, 0x7A, 0x02, 0x01, 0x02, 0x00, 0x32, 0x22, 0x01, 0x00,
489 0x0E, 0x06, 0x02, 0x4B, 0x00, 0x81, 0x27, 0x04, 0x73, 0x00, 0x81, 0x17,
490 0x01, 0x01, 0x0D, 0x06, 0x02, 0x4E, 0x23, 0x81, 0x19, 0x22, 0x22, 0x46,
491 0x3B, 0x01, 0x05, 0x10, 0x30, 0x06, 0x02, 0x4E, 0x23, 0x01, 0x08, 0x08,
492 0x22, 0x66, 0x27, 0x0A, 0x06, 0x0D, 0x22, 0x01, 0x01, 0x3B, 0x0B, 0x35,
493 0x22, 0x66, 0x38, 0x68, 0x38, 0x04, 0x01, 0x21, 0x00, 0x00, 0x81, 0x17,
494 0x6B, 0x27, 0x01, 0x00, 0x31, 0x0E, 0x06, 0x14, 0x21, 0x01, 0x01, 0x0E,
495 0x05, 0x02, 0x51, 0x23, 0x81, 0x19, 0x06, 0x02, 0x51, 0x23, 0x01, 0x02,
496 0x6B, 0x38, 0x04, 0x2A, 0x01, 0x02, 0x31, 0x0E, 0x06, 0x21, 0x21, 0x01,
497 0x0D, 0x0E, 0x05, 0x02, 0x51, 0x23, 0x81, 0x19, 0x01, 0x0C, 0x0E, 0x05,
498 0x02, 0x51, 0x23, 0x67, 0x01, 0x0C, 0x81, 0x0E, 0x6C, 0x67, 0x01, 0x0C,
499 0x29, 0x05, 0x02, 0x51, 0x23, 0x04, 0x03, 0x51, 0x23, 0x21, 0x00, 0x00,
500 0x81, 0x17, 0x81, 0x06, 0x81, 0x17, 0x81, 0x06, 0x22, 0x06, 0x22, 0x81,
501 0x19, 0x06, 0x04, 0x81, 0x14, 0x04, 0x18, 0x81, 0x17, 0x22, 0x01, 0x81,
502 0x7F, 0x0C, 0x06, 0x0D, 0x22, 0x6D, 0x08, 0x01, 0x00, 0x3B, 0x38, 0x6D,
503 0x3B, 0x81, 0x0E, 0x04, 0x02, 0x81, 0x1F, 0x04, 0x5B, 0x7D, 0x7D, 0x00,
504 0x00, 0x81, 0x13, 0x22, 0x46, 0x06, 0x07, 0x21, 0x06, 0x02, 0x4F, 0x23,
505 0x04, 0x73, 0x00, 0x00, 0x81, 0x1A, 0x01, 0x03, 0x81, 0x18, 0x3B, 0x21,
506 0x3B, 0x00, 0x00, 0x81, 0x17, 0x81, 0x1F, 0x00, 0x02, 0x81, 0x17, 0x81,
507 0x06, 0x01, 0x00, 0x64, 0x36, 0x81, 0x17, 0x81, 0x06, 0x22, 0x06, 0x34,
508 0x81, 0x19, 0x03, 0x00, 0x81, 0x19, 0x03, 0x01, 0x02, 0x00, 0x01, 0x02,
509 0x10, 0x02, 0x00, 0x01, 0x06, 0x0C, 0x12, 0x02, 0x01, 0x01, 0x01, 0x0E,
510 0x02, 0x01, 0x01, 0x03, 0x0E, 0x30, 0x12, 0x06, 0x11, 0x64, 0x25, 0x01,
511 0x01, 0x02, 0x01, 0x49, 0x01, 0x02, 0x0B, 0x02, 0x00, 0x08, 0x0B, 0x30,
512 0x64, 0x36, 0x04, 0x49, 0x7D, 0x7D, 0x00, 0x00, 0x81, 0x17, 0x81, 0x06,
513 0x81, 0x17, 0x81, 0x06, 0x01, 0x00, 0x60, 0x37, 0x22, 0x06, 0x16, 0x81,
514 0x17, 0x22, 0x01, 0x20, 0x0A, 0x06, 0x0B, 0x01, 0x01, 0x3B, 0x0B, 0x60,
515 0x26, 0x30, 0x60, 0x37, 0x04, 0x01, 0x21, 0x04, 0x67, 0x7D, 0x7D, 0x00,
516 0x00, 0x01, 0x02, 0x7A, 0x81, 0x1A, 0x01, 0x08, 0x0B, 0x81, 0x1A, 0x08,
517 0x00, 0x00, 0x01, 0x03, 0x7A, 0x81, 0x1A, 0x01, 0x08, 0x0B, 0x81, 0x1A,
518 0x08, 0x01, 0x08, 0x0B, 0x81, 0x1A, 0x08, 0x00, 0x00, 0x01, 0x01, 0x7A,
519 0x81, 0x1A, 0x00, 0x00, 0x33, 0x22, 0x44, 0x05, 0x01, 0x00, 0x21, 0x81,
520 0x27, 0x04, 0x75, 0x02, 0x03, 0x00, 0x74, 0x27, 0x03, 0x01, 0x01, 0x00,
521 0x22, 0x02, 0x01, 0x0A, 0x06, 0x10, 0x22, 0x01, 0x01, 0x0B, 0x73, 0x08,
522 0x25, 0x02, 0x00, 0x0E, 0x06, 0x01, 0x00, 0x48, 0x04, 0x6A, 0x21, 0x01,
523 0x7F, 0x00, 0x00, 0x24, 0x16, 0x2F, 0x06, 0x05, 0x81, 0x25, 0x21, 0x04,
524 0x77, 0x01, 0x16, 0x6A, 0x38, 0x01, 0x00, 0x81, 0x33, 0x01, 0x00, 0x81,
525 0x32, 0x24, 0x01, 0x17, 0x6A, 0x38, 0x00, 0x00, 0x01, 0x15, 0x6A, 0x38,
526 0x3B, 0x43, 0x21, 0x43, 0x21, 0x24, 0x00, 0x00, 0x01, 0x01, 0x3B, 0x81,
527 0x1D, 0x00, 0x00, 0x3B, 0x31, 0x7A, 0x3B, 0x22, 0x06, 0x06, 0x81, 0x1A,
528 0x21, 0x49, 0x04, 0x77, 0x21, 0x00, 0x02, 0x03, 0x00, 0x5A, 0x25, 0x7C,
529 0x03, 0x01, 0x02, 0x01, 0x01, 0x0F, 0x12, 0x02, 0x01, 0x01, 0x04, 0x11,
530 0x01, 0x0F, 0x12, 0x02, 0x01, 0x01, 0x08, 0x11, 0x01, 0x0F, 0x12, 0x01,
531 0x00, 0x31, 0x0E, 0x06, 0x10, 0x21, 0x01, 0x00, 0x01, 0x18, 0x02, 0x00,
532 0x06, 0x03, 0x3E, 0x04, 0x01, 0x3F, 0x04, 0x80, 0x56, 0x01, 0x01, 0x31,
533 0x0E, 0x06, 0x10, 0x21, 0x01, 0x01, 0x01, 0x10, 0x02, 0x00, 0x06, 0x03,
534 0x3E, 0x04, 0x01, 0x3F, 0x04, 0x80, 0x40, 0x01, 0x02, 0x31, 0x0E, 0x06,
535 0x0F, 0x21, 0x01, 0x01, 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x3E, 0x04,
536 0x01, 0x3F, 0x04, 0x2B, 0x01, 0x03, 0x31, 0x0E, 0x06, 0x0E, 0x21, 0x21,
537 0x01, 0x10, 0x02, 0x00, 0x06, 0x03, 0x3C, 0x04, 0x01, 0x3D, 0x04, 0x17,
538 0x01, 0x04, 0x31, 0x0E, 0x06, 0x0E, 0x21, 0x21, 0x01, 0x20, 0x02, 0x00,
539 0x06, 0x03, 0x3C, 0x04, 0x01, 0x3D, 0x04, 0x03, 0x50, 0x23, 0x21, 0x00,
540 0x00, 0x7C, 0x01, 0x0C, 0x11, 0x01, 0x02, 0x0F, 0x00, 0x00, 0x7C, 0x01,
541 0x0C, 0x11, 0x22, 0x47, 0x3B, 0x01, 0x03, 0x0A, 0x12, 0x00, 0x00, 0x7C,
542 0x01, 0x0C, 0x11, 0x01, 0x01, 0x0E, 0x00, 0x00, 0x7C, 0x01, 0x0C, 0x11,
543 0x46, 0x00, 0x00, 0x18, 0x01, 0x00, 0x57, 0x27, 0x22, 0x06, 0x20, 0x01,
544 0x01, 0x31, 0x0E, 0x06, 0x07, 0x21, 0x01, 0x00, 0x81, 0x00, 0x04, 0x11,
545 0x01, 0x02, 0x31, 0x0E, 0x06, 0x0A, 0x21, 0x59, 0x27, 0x06, 0x03, 0x01,
546 0x10, 0x30, 0x04, 0x01, 0x21, 0x04, 0x01, 0x21, 0x5F, 0x27, 0x05, 0x35,
547 0x28, 0x06, 0x32, 0x69, 0x27, 0x01, 0x14, 0x31, 0x0E, 0x06, 0x06, 0x21,
548 0x01, 0x02, 0x30, 0x04, 0x24, 0x01, 0x15, 0x31, 0x0E, 0x06, 0x0B, 0x21,
549 0x81, 0x09, 0x06, 0x04, 0x01, 0x7F, 0x81, 0x00, 0x04, 0x13, 0x01, 0x16,
550 0x31, 0x0E, 0x06, 0x06, 0x21, 0x01, 0x01, 0x30, 0x04, 0x07, 0x21, 0x01,
551 0x04, 0x30, 0x01, 0x00, 0x21, 0x16, 0x06, 0x03, 0x01, 0x08, 0x30, 0x00,
552 0x00, 0x18, 0x22, 0x05, 0x10, 0x28, 0x06, 0x0D, 0x69, 0x27, 0x01, 0x15,
553 0x0E, 0x06, 0x05, 0x21, 0x81, 0x09, 0x04, 0x01, 0x1C, 0x00, 0x00, 0x81,
554 0x25, 0x01, 0x07, 0x12, 0x01, 0x01, 0x0F, 0x06, 0x02, 0x56, 0x23, 0x00,
555 0x01, 0x03, 0x00, 0x24, 0x16, 0x06, 0x05, 0x02, 0x00, 0x6A, 0x38, 0x00,
556 0x81, 0x25, 0x21, 0x04, 0x73, 0x00, 0x01, 0x14, 0x81, 0x28, 0x01, 0x01,
557 0x81, 0x33, 0x24, 0x22, 0x01, 0x00, 0x81, 0x20, 0x01, 0x16, 0x81, 0x28,
558 0x81, 0x2B, 0x24, 0x00, 0x00, 0x01, 0x0B, 0x81, 0x33, 0x40, 0x22, 0x01,
559 0x03, 0x08, 0x81, 0x32, 0x81, 0x32, 0x13, 0x22, 0x44, 0x06, 0x02, 0x21,
560 0x00, 0x81, 0x32, 0x1A, 0x22, 0x06, 0x06, 0x67, 0x3B, 0x81, 0x2F, 0x04,
561 0x76, 0x21, 0x04, 0x6A, 0x00, 0x7E, 0x01, 0x14, 0x81, 0x33, 0x01, 0x0C,
562 0x81, 0x32, 0x67, 0x01, 0x0C, 0x81, 0x2F, 0x00, 0x03, 0x03, 0x00, 0x01,
563 0x02, 0x81, 0x33, 0x01, 0x80, 0x46, 0x6B, 0x27, 0x01, 0x02, 0x0E, 0x06,
564 0x0C, 0x02, 0x00, 0x06, 0x04, 0x01, 0x05, 0x04, 0x02, 0x01, 0x1D, 0x04,
565 0x02, 0x01, 0x00, 0x03, 0x01, 0x68, 0x27, 0x06, 0x04, 0x01, 0x05, 0x04,
566 0x02, 0x01, 0x00, 0x03, 0x02, 0x02, 0x01, 0x02, 0x02, 0x08, 0x22, 0x06,
567 0x03, 0x01, 0x02, 0x08, 0x08, 0x81, 0x32, 0x75, 0x25, 0x81, 0x31, 0x6E,
568 0x01, 0x04, 0x14, 0x6E, 0x01, 0x04, 0x08, 0x01, 0x1C, 0x2B, 0x6E, 0x01,
569 0x20, 0x81, 0x2F, 0x01, 0x20, 0x81, 0x33, 0x6F, 0x01, 0x20, 0x81, 0x2F,
570 0x5A, 0x25, 0x81, 0x31, 0x01, 0x00, 0x81, 0x33, 0x02, 0x01, 0x02, 0x02,
571 0x08, 0x22, 0x06, 0x30, 0x81, 0x31, 0x02, 0x01, 0x22, 0x06, 0x13, 0x01,
572 0x83, 0xFE, 0x01, 0x81, 0x31, 0x01, 0x04, 0x09, 0x22, 0x81, 0x31, 0x49,
573 0x6C, 0x3B, 0x81, 0x30, 0x04, 0x01, 0x21, 0x02, 0x02, 0x06, 0x0F, 0x01,
574 0x01, 0x81, 0x31, 0x01, 0x01, 0x81, 0x31, 0x68, 0x27, 0x01, 0x08, 0x09,
575 0x81, 0x33, 0x04, 0x01, 0x21, 0x00, 0x00, 0x01, 0x0E, 0x81, 0x33, 0x01,
576 0x00, 0x81, 0x32, 0x00, 0x03, 0x5A, 0x25, 0x81, 0x22, 0x05, 0x01, 0x00,
577 0x60, 0x26, 0x01, 0x00, 0x81, 0x02, 0x11, 0x01, 0x01, 0x12, 0x46, 0x06,
578 0x03, 0x48, 0x04, 0x74, 0x03, 0x00, 0x21, 0x02, 0x00, 0x1E, 0x22, 0x44,
579 0x06, 0x02, 0x2E, 0x23, 0x03, 0x01, 0x75, 0x25, 0x01, 0x86, 0x03, 0x10,
580 0x03, 0x02, 0x01, 0x0C, 0x81, 0x33, 0x02, 0x01, 0x62, 0x27, 0x08, 0x02,
581 0x02, 0x01, 0x02, 0x12, 0x08, 0x01, 0x06, 0x08, 0x81, 0x32, 0x01, 0x03,
582 0x81, 0x33, 0x02, 0x00, 0x81, 0x31, 0x61, 0x62, 0x27, 0x81, 0x30, 0x02,
583 0x02, 0x06, 0x10, 0x72, 0x27, 0x81, 0x33, 0x5A, 0x25, 0x81, 0x23, 0x01,
584 0x01, 0x0B, 0x01, 0x03, 0x08, 0x81, 0x33, 0x02, 0x01, 0x81, 0x31, 0x67,
585 0x02, 0x01, 0x81, 0x2F, 0x00, 0x00, 0x42, 0x22, 0x01, 0x00, 0x0E, 0x06,
586 0x02, 0x4B, 0x00, 0x81, 0x25, 0x21, 0x04, 0x72, 0x00, 0x22, 0x81, 0x33,
587 0x81, 0x2F, 0x00, 0x00, 0x22, 0x01, 0x08, 0x41, 0x81, 0x33, 0x81, 0x33,
588 0x00, 0x00, 0x22, 0x01, 0x10, 0x41, 0x81, 0x33, 0x81, 0x31, 0x00, 0x00,
589 0x22, 0x43, 0x06, 0x02, 0x21, 0x00, 0x81, 0x25, 0x21, 0x04, 0x75
590 };
591
592 static const uint16_t t0_caddr[] = {
593 0,
594 5,
595 10,
596 15,
597 20,
598 25,
599 30,
600 35,
601 39,
602 43,
603 47,
604 51,
605 55,
606 59,
607 63,
608 67,
609 71,
610 75,
611 79,
612 83,
613 88,
614 93,
615 98,
616 103,
617 108,
618 113,
619 118,
620 123,
621 128,
622 133,
623 138,
624 143,
625 148,
626 153,
627 159,
628 164,
629 169,
630 174,
631 179,
632 184,
633 189,
634 194,
635 199,
636 204,
637 209,
638 214,
639 219,
640 224,
641 229,
642 234,
643 239,
644 244,
645 249,
646 254,
647 259,
648 268,
649 272,
650 297,
651 303,
652 323,
653 334,
654 371,
655 431,
656 435,
657 471,
658 481,
659 546,
660 560,
661 566,
662 614,
663 634,
664 687,
665 1240,
666 1325,
667 1358,
668 1383,
669 1431,
670 1505,
671 1554,
672 1569,
673 1580,
674 1586,
675 1657,
676 1698,
677 1711,
678 1730,
679 1737,
680 1749,
681 1784,
682 1813,
683 1825,
684 1832,
685 1848,
686 1986,
687 1995,
688 2008,
689 2017,
690 2024,
691 2130,
692 2152,
693 2166,
694 2183,
695 2206,
696 2242,
697 2258,
698 2412,
699 2422,
700 2531,
701 2546,
702 2553,
703 2563,
704 2573
705 };
706
707 #define T0_INTERPRETED 68
708
709 #define T0_ENTER(ip, rp, slot) do { \
710 const unsigned char *t0_newip; \
711 uint32_t t0_lnum; \
712 t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \
713 t0_lnum = t0_parse7E_unsigned(&t0_newip); \
714 (rp) += t0_lnum; \
715 *((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \
716 (ip) = t0_newip; \
717 } while (0)
718
719 #define T0_DEFENTRY(name, slot) \
720 void \
721 name(void *ctx) \
722 { \
723 t0_context *t0ctx = ctx; \
724 t0ctx->ip = &t0_codeblock[0]; \
725 T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \
726 }
727
728 T0_DEFENTRY(br_ssl_hs_server_init_main, 133)
729
730 void
731 br_ssl_hs_server_run(void *t0ctx)
732 {
733 uint32_t *dp, *rp;
734 const unsigned char *ip;
735
736 #define T0_LOCAL(x) (*(rp - 2 - (x)))
737 #define T0_POP() (*-- dp)
738 #define T0_POPi() (*(int32_t *)(-- dp))
739 #define T0_PEEK(x) (*(dp - 1 - (x)))
740 #define T0_PEEKi(x) (*(int32_t *)(dp - 1 - (x)))
741 #define T0_PUSH(v) do { *dp = (v); dp ++; } while (0)
742 #define T0_PUSHi(v) do { *(int32_t *)dp = (v); dp ++; } while (0)
743 #define T0_RPOP() (*-- rp)
744 #define T0_RPOPi() (*(int32_t *)(-- rp))
745 #define T0_RPUSH(v) do { *rp = (v); rp ++; } while (0)
746 #define T0_RPUSHi(v) do { *(int32_t *)rp = (v); rp ++; } while (0)
747 #define T0_ROLL(x) do { \
748 size_t t0len = (size_t)(x); \
749 uint32_t t0tmp = *(dp - 1 - t0len); \
750 memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \
751 *(dp - 1) = t0tmp; \
752 } while (0)
753 #define T0_SWAP() do { \
754 uint32_t t0tmp = *(dp - 2); \
755 *(dp - 2) = *(dp - 1); \
756 *(dp - 1) = t0tmp; \
757 } while (0)
758 #define T0_ROT() do { \
759 uint32_t t0tmp = *(dp - 3); \
760 *(dp - 3) = *(dp - 2); \
761 *(dp - 2) = *(dp - 1); \
762 *(dp - 1) = t0tmp; \
763 } while (0)
764 #define T0_NROT() do { \
765 uint32_t t0tmp = *(dp - 1); \
766 *(dp - 1) = *(dp - 2); \
767 *(dp - 2) = *(dp - 3); \
768 *(dp - 3) = t0tmp; \
769 } while (0)
770 #define T0_PICK(x) do { \
771 uint32_t t0depth = (x); \
772 T0_PUSH(T0_PEEK(t0depth)); \
773 } while (0)
774 #define T0_CO() do { \
775 goto t0_exit; \
776 } while (0)
777 #define T0_RET() break
778
779 dp = ((t0_context *)t0ctx)->dp;
780 rp = ((t0_context *)t0ctx)->rp;
781 ip = ((t0_context *)t0ctx)->ip;
782 for (;;) {
783 uint32_t t0x;
784
785 t0x = t0_parse7E_unsigned(&ip);
786 if (t0x < T0_INTERPRETED) {
787 switch (t0x) {
788 int32_t t0off;
789
790 case 0: /* ret */
791 t0x = T0_RPOP();
792 rp -= (t0x >> 16);
793 t0x &= 0xFFFF;
794 if (t0x == 0) {
795 ip = NULL;
796 goto t0_exit;
797 }
798 ip = &t0_codeblock[t0x];
799 break;
800 case 1: /* literal constant */
801 T0_PUSHi(t0_parse7E_signed(&ip));
802 break;
803 case 2: /* read local */
804 T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip)));
805 break;
806 case 3: /* write local */
807 T0_LOCAL(t0_parse7E_unsigned(&ip)) = T0_POP();
808 break;
809 case 4: /* jump */
810 t0off = t0_parse7E_signed(&ip);
811 ip += t0off;
812 break;
813 case 5: /* jump if */
814 t0off = t0_parse7E_signed(&ip);
815 if (T0_POP()) {
816 ip += t0off;
817 }
818 break;
819 case 6: /* jump if not */
820 t0off = t0_parse7E_signed(&ip);
821 if (!T0_POP()) {
822 ip += t0off;
823 }
824 break;
825 case 7: {
826 /* * */
827
828 uint32_t b = T0_POP();
829 uint32_t a = T0_POP();
830 T0_PUSH(a * b);
831
832 }
833 break;
834 case 8: {
835 /* + */
836
837 uint32_t b = T0_POP();
838 uint32_t a = T0_POP();
839 T0_PUSH(a + b);
840
841 }
842 break;
843 case 9: {
844 /* - */
845
846 uint32_t b = T0_POP();
847 uint32_t a = T0_POP();
848 T0_PUSH(a - b);
849
850 }
851 break;
852 case 10: {
853 /* < */
854
855 int32_t b = T0_POPi();
856 int32_t a = T0_POPi();
857 T0_PUSH(-(uint32_t)(a < b));
858
859 }
860 break;
861 case 11: {
862 /* << */
863
864 int c = (int)T0_POPi();
865 uint32_t x = T0_POP();
866 T0_PUSH(x << c);
867
868 }
869 break;
870 case 12: {
871 /* <= */
872
873 int32_t b = T0_POPi();
874 int32_t a = T0_POPi();
875 T0_PUSH(-(uint32_t)(a <= b));
876
877 }
878 break;
879 case 13: {
880 /* <> */
881
882 uint32_t b = T0_POP();
883 uint32_t a = T0_POP();
884 T0_PUSH(-(uint32_t)(a != b));
885
886 }
887 break;
888 case 14: {
889 /* = */
890
891 uint32_t b = T0_POP();
892 uint32_t a = T0_POP();
893 T0_PUSH(-(uint32_t)(a == b));
894
895 }
896 break;
897 case 15: {
898 /* > */
899
900 int32_t b = T0_POPi();
901 int32_t a = T0_POPi();
902 T0_PUSH(-(uint32_t)(a > b));
903
904 }
905 break;
906 case 16: {
907 /* >= */
908
909 int32_t b = T0_POPi();
910 int32_t a = T0_POPi();
911 T0_PUSH(-(uint32_t)(a >= b));
912
913 }
914 break;
915 case 17: {
916 /* >> */
917
918 int c = (int)T0_POPi();
919 int32_t x = T0_POPi();
920 T0_PUSHi(x >> c);
921
922 }
923 break;
924 case 18: {
925 /* and */
926
927 uint32_t b = T0_POP();
928 uint32_t a = T0_POP();
929 T0_PUSH(a & b);
930
931 }
932 break;
933 case 19: {
934 /* begin-cert */
935
936 if (CTX->chain_len == 0) {
937 T0_PUSHi(-1);
938 } else {
939 CTX->cert_cur = CTX->chain->data;
940 CTX->cert_len = CTX->chain->data_len;
941 CTX->chain ++;
942 CTX->chain_len --;
943 T0_PUSH(CTX->cert_len);
944 }
945
946 }
947 break;
948 case 20: {
949 /* bzero */
950
951 size_t len = (size_t)T0_POP();
952 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
953 memset(addr, 0, len);
954
955 }
956 break;
957 case 21: {
958 /* call-policy-handler */
959
960 int x;
961 br_ssl_server_choices choices;
962
963 x = (*CTX->policy_vtable)->choose(
964 CTX->policy_vtable, CTX, &choices);
965 ENG->session.cipher_suite = choices.cipher_suite;
966 CTX->sign_hash_id = choices.hash_id;
967 CTX->chain = choices.chain;
968 CTX->chain_len = choices.chain_len;
969 T0_PUSHi(-(x != 0));
970
971 }
972 break;
973 case 22: {
974 /* can-output? */
975
976 T0_PUSHi(-(ENG->hlen_out > 0));
977
978 }
979 break;
980 case 23: {
981 /* check-resume */
982
983 if (ENG->session.session_id_len == 32
984 && CTX->cache_vtable != NULL && (*CTX->cache_vtable)->load(
985 CTX->cache_vtable, CTX, &ENG->session))
986 {
987 T0_PUSHi(-1);
988 } else {
989 T0_PUSH(0);
990 }
991
992 }
993 break;
994 case 24: {
995 /* co */
996 T0_CO();
997 }
998 break;
999 case 25: {
1000 /* compute-Finished-inner */
1001
1002 int prf_id = T0_POP();
1003 int from_client = T0_POPi();
1004 unsigned char seed[48];
1005 size_t seed_len;
1006
1007 br_tls_prf_impl prf = br_ssl_engine_get_PRF(ENG, prf_id);
1008 if (ENG->session.version >= BR_TLS12) {
1009 seed_len = br_multihash_out(&ENG->mhash, prf_id, seed);
1010 } else {
1011 br_multihash_out(&ENG->mhash, br_md5_ID, seed);
1012 br_multihash_out(&ENG->mhash, br_sha1_ID, seed + 16);
1013 seed_len = 36;
1014 }
1015 prf(ENG->pad, 12, ENG->session.master_secret,
1016 sizeof ENG->session.master_secret,
1017 from_client ? "client finished" : "server finished",
1018 seed, seed_len);
1019
1020 }
1021 break;
1022 case 26: {
1023 /* copy-cert-chunk */
1024
1025 size_t clen;
1026
1027 clen = CTX->cert_len;
1028 if (clen > sizeof ENG->pad) {
1029 clen = sizeof ENG->pad;
1030 }
1031 memcpy(ENG->pad, CTX->cert_cur, clen);
1032 CTX->cert_cur += clen;
1033 CTX->cert_len -= clen;
1034 T0_PUSH(clen);
1035
1036 }
1037 break;
1038 case 27: {
1039 /* data-get8 */
1040
1041 size_t addr = T0_POP();
1042 T0_PUSH(t0_datablock[addr]);
1043
1044 }
1045 break;
1046 case 28: {
1047 /* discard-input */
1048
1049 ENG->hlen_in = 0;
1050
1051 }
1052 break;
1053 case 29: {
1054 /* do-ecdh */
1055
1056 int prf_id = T0_POPi();
1057 size_t len = T0_POP();
1058 do_ecdh(CTX, prf_id, ENG->pad, len);
1059
1060 }
1061 break;
1062 case 30: {
1063 /* do-ecdhe-part1 */
1064
1065 int curve = T0_POPi();
1066 T0_PUSHi(do_ecdhe_part1(CTX, curve));
1067
1068 }
1069 break;
1070 case 31: {
1071 /* do-ecdhe-part2 */
1072
1073 int prf_id = T0_POPi();
1074 size_t len = T0_POP();
1075 do_ecdhe_part2(CTX, prf_id, ENG->pad, len);
1076
1077 }
1078 break;
1079 case 32: {
1080 /* do-rsa-decrypt */
1081
1082 int prf_id = T0_POPi();
1083 size_t len = T0_POP();
1084 do_rsa_decrypt(CTX, prf_id, ENG->pad, len);
1085
1086 }
1087 break;
1088 case 33: {
1089 /* drop */
1090 (void)T0_POP();
1091 }
1092 break;
1093 case 34: {
1094 /* dup */
1095 T0_PUSH(T0_PEEK(0));
1096 }
1097 break;
1098 case 35: {
1099 /* fail */
1100
1101 br_ssl_engine_fail(ENG, (int)T0_POPi());
1102 T0_CO();
1103
1104 }
1105 break;
1106 case 36: {
1107 /* flush-record */
1108
1109 br_ssl_engine_flush_record(ENG);
1110
1111 }
1112 break;
1113 case 37: {
1114 /* get16 */
1115
1116 size_t addr = (size_t)T0_POP();
1117 T0_PUSH(*(uint16_t *)((unsigned char *)ENG + addr));
1118
1119 }
1120 break;
1121 case 38: {
1122 /* get32 */
1123
1124 size_t addr = (size_t)T0_POP();
1125 T0_PUSH(*(uint32_t *)((unsigned char *)ENG + addr));
1126
1127 }
1128 break;
1129 case 39: {
1130 /* get8 */
1131
1132 size_t addr = (size_t)T0_POP();
1133 T0_PUSH(*((unsigned char *)ENG + addr));
1134
1135 }
1136 break;
1137 case 40: {
1138 /* has-input? */
1139
1140 T0_PUSHi(-(ENG->hlen_in != 0));
1141
1142 }
1143 break;
1144 case 41: {
1145 /* memcmp */
1146
1147 size_t len = (size_t)T0_POP();
1148 void *addr2 = (unsigned char *)ENG + (size_t)T0_POP();
1149 void *addr1 = (unsigned char *)ENG + (size_t)T0_POP();
1150 int x = memcmp(addr1, addr2, len);
1151 T0_PUSH((uint32_t)-(x == 0));
1152
1153 }
1154 break;
1155 case 42: {
1156 /* memcpy */
1157
1158 size_t len = (size_t)T0_POP();
1159 void *src = (unsigned char *)ENG + (size_t)T0_POP();
1160 void *dst = (unsigned char *)ENG + (size_t)T0_POP();
1161 memcpy(dst, src, len);
1162
1163 }
1164 break;
1165 case 43: {
1166 /* mkrand */
1167
1168 size_t len = (size_t)T0_POP();
1169 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
1170 br_hmac_drbg_generate(&ENG->rng, addr, len);
1171
1172 }
1173 break;
1174 case 44: {
1175 /* more-incoming-bytes? */
1176
1177 T0_PUSHi(ENG->hlen_in != 0 || !br_ssl_engine_recvrec_finished(ENG));
1178
1179 }
1180 break;
1181 case 45: {
1182 /* multihash-init */
1183
1184 br_multihash_init(&ENG->mhash);
1185
1186 }
1187 break;
1188 case 46: {
1189 /* neg */
1190
1191 uint32_t a = T0_POP();
1192 T0_PUSH(-a);
1193
1194 }
1195 break;
1196 case 47: {
1197 /* not */
1198
1199 uint32_t a = T0_POP();
1200 T0_PUSH(~a);
1201
1202 }
1203 break;
1204 case 48: {
1205 /* or */
1206
1207 uint32_t b = T0_POP();
1208 uint32_t a = T0_POP();
1209 T0_PUSH(a | b);
1210
1211 }
1212 break;
1213 case 49: {
1214 /* over */
1215 T0_PUSH(T0_PEEK(1));
1216 }
1217 break;
1218 case 50: {
1219 /* read-chunk-native */
1220
1221 size_t clen = ENG->hlen_in;
1222 if (clen > 0) {
1223 uint32_t addr, len;
1224
1225 len = T0_POP();
1226 addr = T0_POP();
1227 if ((size_t)len < clen) {
1228 clen = (size_t)len;
1229 }
1230 memcpy((unsigned char *)ENG + addr, ENG->hbuf_in, clen);
1231 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1232 br_multihash_update(&ENG->mhash, ENG->hbuf_in, clen);
1233 }
1234 T0_PUSH(addr + (uint32_t)clen);
1235 T0_PUSH(len - (uint32_t)clen);
1236 ENG->hbuf_in += clen;
1237 ENG->hlen_in -= clen;
1238 }
1239
1240 }
1241 break;
1242 case 51: {
1243 /* read8-native */
1244
1245 if (ENG->hlen_in > 0) {
1246 unsigned char x;
1247
1248 x = *ENG->hbuf_in ++;
1249 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1250 br_multihash_update(&ENG->mhash, &x, 1);
1251 }
1252 T0_PUSH(x);
1253 ENG->hlen_in --;
1254 } else {
1255 T0_PUSHi(-1);
1256 }
1257
1258 }
1259 break;
1260 case 52: {
1261 /* save-session */
1262
1263 if (CTX->cache_vtable != NULL) {
1264 (*CTX->cache_vtable)->save(
1265 CTX->cache_vtable, CTX, &ENG->session);
1266 }
1267
1268 }
1269 break;
1270 case 53: {
1271 /* set-max-frag-len */
1272
1273 size_t max_frag_len = T0_POP();
1274
1275 br_ssl_engine_new_max_frag_len(ENG, max_frag_len);
1276
1277 /*
1278 * We must adjust our own output limit. Since we call this only
1279 * after receiving a ClientHello and before beginning to send
1280 * the ServerHello, the next output record should be empty at
1281 * that point, so we can use max_frag_len as a limit.
1282 */
1283 if (ENG->hlen_out > max_frag_len) {
1284 ENG->hlen_out = max_frag_len;
1285 }
1286
1287 }
1288 break;
1289 case 54: {
1290 /* set16 */
1291
1292 size_t addr = (size_t)T0_POP();
1293 *(uint16_t *)((unsigned char *)ENG + addr) = (uint16_t)T0_POP();
1294
1295 }
1296 break;
1297 case 55: {
1298 /* set32 */
1299
1300 size_t addr = (size_t)T0_POP();
1301 *(uint32_t *)((unsigned char *)ENG + addr) = (uint32_t)T0_POP();
1302
1303 }
1304 break;
1305 case 56: {
1306 /* set8 */
1307
1308 size_t addr = (size_t)T0_POP();
1309 *((unsigned char *)ENG + addr) = (unsigned char)T0_POP();
1310
1311 }
1312 break;
1313 case 57: {
1314 /* supported-curves */
1315
1316 uint32_t x = ENG->iec == NULL ? 0 : ENG->iec->supported_curves;
1317 T0_PUSH(x);
1318
1319 }
1320 break;
1321 case 58: {
1322 /* supported-hash-functions */
1323
1324 int i;
1325 unsigned x, num;
1326
1327 x = 0;
1328 num = 0;
1329 for (i = br_sha1_ID; i <= br_sha512_ID; i ++) {
1330 if (br_multihash_getimpl(&ENG->mhash, i)) {
1331 x |= 1U << i;
1332 num ++;
1333 }
1334 }
1335 T0_PUSH(x);
1336 T0_PUSH(num);
1337
1338 }
1339 break;
1340 case 59: {
1341 /* swap */
1342 T0_SWAP();
1343 }
1344 break;
1345 case 60: {
1346 /* switch-aesgcm-in */
1347
1348 int is_client, prf_id;
1349 unsigned cipher_key_len;
1350
1351 cipher_key_len = T0_POP();
1352 prf_id = T0_POP();
1353 is_client = T0_POP();
1354 br_ssl_engine_switch_gcm_in(ENG, is_client, prf_id,
1355 ENG->iaes_ctr, cipher_key_len);
1356
1357 }
1358 break;
1359 case 61: {
1360 /* switch-aesgcm-out */
1361
1362 int is_client, prf_id;
1363 unsigned cipher_key_len;
1364
1365 cipher_key_len = T0_POP();
1366 prf_id = T0_POP();
1367 is_client = T0_POP();
1368 br_ssl_engine_switch_gcm_out(ENG, is_client, prf_id,
1369 ENG->iaes_ctr, cipher_key_len);
1370
1371 }
1372 break;
1373 case 62: {
1374 /* switch-cbc-in */
1375
1376 int is_client, prf_id, mac_id, aes;
1377 unsigned cipher_key_len;
1378
1379 cipher_key_len = T0_POP();
1380 aes = T0_POP();
1381 mac_id = T0_POP();
1382 prf_id = T0_POP();
1383 is_client = T0_POP();
1384 br_ssl_engine_switch_cbc_in(ENG, is_client, prf_id, mac_id,
1385 aes ? ENG->iaes_cbcdec : ENG->ides_cbcdec, cipher_key_len);
1386
1387 }
1388 break;
1389 case 63: {
1390 /* switch-cbc-out */
1391
1392 int is_client, prf_id, mac_id, aes;
1393 unsigned cipher_key_len;
1394
1395 cipher_key_len = T0_POP();
1396 aes = T0_POP();
1397 mac_id = T0_POP();
1398 prf_id = T0_POP();
1399 is_client = T0_POP();
1400 br_ssl_engine_switch_cbc_out(ENG, is_client, prf_id, mac_id,
1401 aes ? ENG->iaes_cbcenc : ENG->ides_cbcenc, cipher_key_len);
1402
1403 }
1404 break;
1405 case 64: {
1406 /* total-chain-length */
1407
1408 size_t u;
1409 uint32_t total;
1410
1411 total = 0;
1412 for (u = 0; u < CTX->chain_len; u ++) {
1413 total += 3 + (uint32_t)CTX->chain[u].data_len;
1414 }
1415 T0_PUSH(total);
1416
1417 }
1418 break;
1419 case 65: {
1420 /* u>> */
1421
1422 int c = (int)T0_POPi();
1423 uint32_t x = T0_POP();
1424 T0_PUSH(x >> c);
1425
1426 }
1427 break;
1428 case 66: {
1429 /* write-blob-chunk */
1430
1431 size_t clen = ENG->hlen_out;
1432 if (clen > 0) {
1433 uint32_t addr, len;
1434
1435 len = T0_POP();
1436 addr = T0_POP();
1437 if ((size_t)len < clen) {
1438 clen = (size_t)len;
1439 }
1440 memcpy(ENG->hbuf_out, (unsigned char *)ENG + addr, clen);
1441 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1442 br_multihash_update(&ENG->mhash, ENG->hbuf_out, clen);
1443 }
1444 T0_PUSH(addr + (uint32_t)clen);
1445 T0_PUSH(len - (uint32_t)clen);
1446 ENG->hbuf_out += clen;
1447 ENG->hlen_out -= clen;
1448 }
1449
1450 }
1451 break;
1452 case 67: {
1453 /* write8-native */
1454
1455 unsigned char x;
1456
1457 x = (unsigned char)T0_POP();
1458 if (ENG->hlen_out > 0) {
1459 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1460 br_multihash_update(&ENG->mhash, &x, 1);
1461 }
1462 *ENG->hbuf_out ++ = x;
1463 ENG->hlen_out --;
1464 T0_PUSHi(-1);
1465 } else {
1466 T0_PUSHi(0);
1467 }
1468
1469 }
1470 break;
1471 }
1472
1473 } else {
1474 T0_ENTER(ip, rp, t0x);
1475 }
1476 }
1477 t0_exit:
1478 ((t0_context *)t0ctx)->dp = dp;
1479 ((t0_context *)t0ctx)->rp = rp;
1480 ((t0_context *)t0ctx)->ip = ip;
1481 }
The BearSSL library and tools.