projects / BearSSL / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Simple documentation fix.
[BearSSL] / src / ssl / ssl_hs_client.c
1 /* Automatically generated code; do not modify directly. */
2
3 #include <stddef.h>
4 #include <stdint.h>
5
6 typedef struct {
7 uint32_t *dp;
8 uint32_t *rp;
9 const unsigned char *ip;
10 } t0_context;
11
12 static uint32_t
13 t0_parse7E_unsigned(const unsigned char **p)
14 {
15 uint32_t x;
16
17 x = 0;
18 for (;;) {
19 unsigned y;
20
21 y = *(*p) ++;
22 x = (x << 7) | (uint32_t)(y & 0x7F);
23 if (y < 0x80) {
24 return x;
25 }
26 }
27 }
28
29 static int32_t
30 t0_parse7E_signed(const unsigned char **p)
31 {
32 int neg;
33 uint32_t x;
34
35 neg = ((**p) >> 6) & 1;
36 x = (uint32_t)-neg;
37 for (;;) {
38 unsigned y;
39
40 y = *(*p) ++;
41 x = (x << 7) | (uint32_t)(y & 0x7F);
42 if (y < 0x80) {
43 if (neg) {
44 return -(int32_t)~x - 1;
45 } else {
46 return (int32_t)x;
47 }
48 }
49 }
50 }
51
52 #define T0_VBYTE(x, n) (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) | 0x80)
53 #define T0_FBYTE(x, n) (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)
54 #define T0_SBYTE(x) (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)
55 #define T0_INT1(x) T0_FBYTE(x, 0)
56 #define T0_INT2(x) T0_VBYTE(x, 7), T0_FBYTE(x, 0)
57 #define T0_INT3(x) T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
58 #define T0_INT4(x) T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
59 #define T0_INT5(x) T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
60
61 /* static const unsigned char t0_datablock[]; */
62
63
64 void br_ssl_hs_client_init_main(void *t0ctx);
65
66 void br_ssl_hs_client_run(void *t0ctx);
67
68
69
70 #include <stddef.h>
71 #include <string.h>
72
73 #include "inner.h"
74
75 /*
76 * This macro evaluates to a pointer to the current engine context.
77 */
78 #define ENG ((br_ssl_engine_context *)(void *)((unsigned char *)t0ctx - offsetof(br_ssl_engine_context, cpu)))
79
80
81
82
83
84 /*
85 * This macro evaluates to a pointer to the client context, under that
86 * specific name. It must be noted that since the engine context is the
87 * first field of the br_ssl_client_context structure ('eng'), then
88 * pointers values of both types are interchangeable, modulo an
89 * appropriate cast. This also means that "adresses" computed as offsets
90 * within the structure work for both kinds of context.
91 */
92 #define CTX ((br_ssl_client_context *)ENG)
93
94 /*
95 * Generate the pre-master secret for RSA key exchange, and encrypt it
96 * with the server's public key. Returned value is either the encrypted
97 * data length (in bytes), or -x on error, with 'x' being an error code.
98 *
99 * This code assumes that the public key has been already verified (it
100 * was properly obtained by the X.509 engine, and it has the right type,
101 * i.e. it is of type RSA and suitable for encryption).
102 */
103 static int
104 make_pms_rsa(br_ssl_client_context *ctx, int prf_id)
105 {
106 const br_x509_class **xc;
107 const br_x509_pkey *pk;
108 const unsigned char *n;
109 unsigned char *pms;
110 size_t nlen, u;
111
112 xc = ctx->eng.x509ctx;
113 pk = (*xc)->get_pkey(xc, NULL);
114
115 /*
116 * Compute actual RSA key length, in case there are leading zeros.
117 */
118 n = pk->key.rsa.n;
119 nlen = pk->key.rsa.nlen;
120 while (nlen > 0 && *n == 0) {
121 n ++;
122 nlen --;
123 }
124
125 /*
126 * We need at least 59 bytes (48 bytes for pre-master secret, and
127 * 11 bytes for the PKCS#1 type 2 padding). Note that the X.509
128 * minimal engine normally blocks RSA keys shorter than 128 bytes,
129 * so this is mostly for public keys provided explicitly by the
130 * caller.
131 */
132 if (nlen < 59) {
133 return -BR_ERR_X509_WEAK_PUBLIC_KEY;
134 }
135 if (nlen > sizeof ctx->eng.pad) {
136 return -BR_ERR_LIMIT_EXCEEDED;
137 }
138
139 /*
140 * Make PMS.
141 */
142 pms = ctx->eng.pad + nlen - 48;
143 br_enc16be(pms, ctx->eng.version_max);
144 br_hmac_drbg_generate(&ctx->eng.rng, pms + 2, 46);
145 br_ssl_engine_compute_master(&ctx->eng, prf_id, pms, 48);
146
147 /*
148 * Apply PKCS#1 type 2 padding.
149 */
150 ctx->eng.pad[0] = 0x00;
151 ctx->eng.pad[1] = 0x02;
152 ctx->eng.pad[nlen - 49] = 0x00;
153 br_hmac_drbg_generate(&ctx->eng.rng, ctx->eng.pad + 2, nlen - 51);
154 for (u = 2; u < nlen - 49; u ++) {
155 while (ctx->eng.pad[u] == 0) {
156 br_hmac_drbg_generate(&ctx->eng.rng,
157 &ctx->eng.pad[u], 1);
158 }
159 }
160
161 /*
162 * Compute RSA encryption.
163 */
164 if (!ctx->irsapub(ctx->eng.pad, nlen, &pk->key.rsa)) {
165 return -BR_ERR_LIMIT_EXCEEDED;
166 }
167 return (int)nlen;
168 }
169
170 /*
171 * OID for hash functions in RSA signatures.
172 */
173 static const unsigned char *HASH_OID[] = {
174 BR_HASH_OID_SHA1,
175 BR_HASH_OID_SHA224,
176 BR_HASH_OID_SHA256,
177 BR_HASH_OID_SHA384,
178 BR_HASH_OID_SHA512
179 };
180
181 /*
182 * Check the RSA signature on the ServerKeyExchange message.
183 *
184 * hash hash function ID (2 to 6), or 0 for MD5+SHA-1 (with RSA only)
185 * use_rsa non-zero for RSA signature, zero for ECDSA
186 * sig_len signature length (in bytes); signature value is in the pad
187 *
188 * Returned value is 0 on success, or an error code.
189 */
190 static int
191 verify_SKE_sig(br_ssl_client_context *ctx,
192 int hash, int use_rsa, size_t sig_len)
193 {
194 const br_x509_class **xc;
195 const br_x509_pkey *pk;
196 br_multihash_context mhc;
197 unsigned char hv[64], head[4];
198 size_t hv_len;
199
200 xc = ctx->eng.x509ctx;
201 pk = (*xc)->get_pkey(xc, NULL);
202 br_multihash_zero(&mhc);
203 br_multihash_copyimpl(&mhc, &ctx->eng.mhash);
204 br_multihash_init(&mhc);
205 br_multihash_update(&mhc,
206 ctx->eng.client_random, sizeof ctx->eng.client_random);
207 br_multihash_update(&mhc,
208 ctx->eng.server_random, sizeof ctx->eng.server_random);
209 head[0] = 3;
210 head[1] = 0;
211 head[2] = ctx->eng.ecdhe_curve;
212 head[3] = ctx->eng.ecdhe_point_len;
213 br_multihash_update(&mhc, head, sizeof head);
214 br_multihash_update(&mhc,
215 ctx->eng.ecdhe_point, ctx->eng.ecdhe_point_len);
216 if (hash) {
217 hv_len = br_multihash_out(&mhc, hash, hv);
218 if (hv_len == 0) {
219 return BR_ERR_INVALID_ALGORITHM;
220 }
221 } else {
222 if (!br_multihash_out(&mhc, br_md5_ID, hv)
223 || !br_multihash_out(&mhc, br_sha1_ID, hv + 16))
224 {
225 return BR_ERR_INVALID_ALGORITHM;
226 }
227 hv_len = 36;
228 }
229 if (use_rsa) {
230 unsigned char tmp[64];
231 const unsigned char *hash_oid;
232
233 if (hash) {
234 hash_oid = HASH_OID[hash - 2];
235 } else {
236 hash_oid = NULL;
237 }
238 if (!ctx->eng.irsavrfy(ctx->eng.pad, sig_len,
239 hash_oid, hv_len, &pk->key.rsa, tmp)
240 || memcmp(tmp, hv, hv_len) != 0)
241 {
242 return BR_ERR_BAD_SIGNATURE;
243 }
244 } else {
245 if (!ctx->eng.iecdsa(ctx->eng.iec, hv, hv_len, &pk->key.ec,
246 ctx->eng.pad, sig_len))
247 {
248 return BR_ERR_BAD_SIGNATURE;
249 }
250 }
251 return 0;
252 }
253
254 /*
255 * Perform client-side ECDH (or ECDHE). The point that should be sent to
256 * the server is written in the pad; returned value is either the point
257 * length (in bytes), or -x on error, with 'x' being an error code.
258 *
259 * The point _from_ the server is taken from ecdhe_point[] if 'ecdhe'
260 * is non-zero, or from the X.509 engine context if 'ecdhe' is zero
261 * (for static ECDH).
262 */
263 static int
264 make_pms_ecdh(br_ssl_client_context *ctx, unsigned ecdhe, int prf_id)
265 {
266 int curve;
267 unsigned char key[66], point[133];
268 const unsigned char *order, *point_src;
269 size_t glen, olen, point_len, xoff, xlen;
270 unsigned char mask;
271
272 if (ecdhe) {
273 curve = ctx->eng.ecdhe_curve;
274 point_src = ctx->eng.ecdhe_point;
275 point_len = ctx->eng.ecdhe_point_len;
276 } else {
277 const br_x509_class **xc;
278 const br_x509_pkey *pk;
279
280 xc = ctx->eng.x509ctx;
281 pk = (*xc)->get_pkey(xc, NULL);
282 curve = pk->key.ec.curve;
283 point_src = pk->key.ec.q;
284 point_len = pk->key.ec.qlen;
285 }
286 if ((ctx->eng.iec->supported_curves & ((uint32_t)1 << curve)) == 0) {
287 return -BR_ERR_INVALID_ALGORITHM;
288 }
289
290 /*
291 * We need to generate our key, as a non-zero random value which
292 * is lower than the curve order, in a "large enough" range. We
293 * force top bit to 0 and bottom bit to 1, which guarantees that
294 * the value is in the proper range.
295 */
296 order = ctx->eng.iec->order(curve, &olen);
297 mask = 0xFF;
298 while (mask >= order[0]) {
299 mask >>= 1;
300 }
301 br_hmac_drbg_generate(&ctx->eng.rng, key, olen);
302 key[0] &= mask;
303 key[olen - 1] |= 0x01;
304
305 /*
306 * Compute the common ECDH point, whose X coordinate is the
307 * pre-master secret.
308 */
309 ctx->eng.iec->generator(curve, &glen);
310 if (glen != point_len) {
311 return -BR_ERR_INVALID_ALGORITHM;
312 }
313
314 memcpy(point, point_src, glen);
315 if (!ctx->eng.iec->mul(point, glen, key, olen, curve)) {
316 return -BR_ERR_INVALID_ALGORITHM;
317 }
318
319 /*
320 * The pre-master secret is the X coordinate.
321 */
322 xoff = ctx->eng.iec->xoff(curve, &xlen);
323 br_ssl_engine_compute_master(&ctx->eng, prf_id, point + xoff, xlen);
324
325 ctx->eng.iec->mulgen(point, key, olen, curve);
326 memcpy(ctx->eng.pad, point, glen);
327 return (int)glen;
328 }
329
330 /*
331 * Perform full static ECDH. This occurs only in the context of client
332 * authentication with certificates: the server uses an EC public key,
333 * the cipher suite is of type ECDH (not ECDHE), the server requested a
334 * client certificate and accepts static ECDH, the client has a
335 * certificate with an EC public key in the same curve, and accepts
336 * static ECDH as well.
337 *
338 * Returned value is 0 on success, -1 on error.
339 */
340 static int
341 make_pms_static_ecdh(br_ssl_client_context *ctx, int prf_id)
342 {
343 unsigned char point[133];
344 size_t point_len;
345 const br_x509_class **xc;
346 const br_x509_pkey *pk;
347
348 xc = ctx->eng.x509ctx;
349 pk = (*xc)->get_pkey(xc, NULL);
350 point_len = pk->key.ec.qlen;
351 if (point_len > sizeof point) {
352 return -1;
353 }
354 memcpy(point, pk->key.ec.q, point_len);
355 if (!(*ctx->client_auth_vtable)->do_keyx(
356 ctx->client_auth_vtable, point, &point_len))
357 {
358 return -1;
359 }
360 br_ssl_engine_compute_master(&ctx->eng,
361 prf_id, point, point_len);
362 return 0;
363 }
364
365 /*
366 * Compute the client-side signature. This is invoked only when a
367 * signature-based client authentication was selected. The computed
368 * signature is in the pad; its length (in bytes) is returned. On
369 * error, 0 is returned.
370 */
371 static size_t
372 make_client_sign(br_ssl_client_context *ctx)
373 {
374 size_t hv_len;
375
376 /*
377 * Compute hash of handshake messages so far. This "cannot" fail
378 * because the list of supported hash functions provided to the
379 * client certificate handler was trimmed to include only the
380 * hash functions that the multi-hasher supports.
381 */
382 if (ctx->hash_id) {
383 hv_len = br_multihash_out(&ctx->eng.mhash,
384 ctx->hash_id, ctx->eng.pad);
385 } else {
386 br_multihash_out(&ctx->eng.mhash,
387 br_md5_ID, ctx->eng.pad);
388 br_multihash_out(&ctx->eng.mhash,
389 br_sha1_ID, ctx->eng.pad + 16);
390 hv_len = 36;
391 }
392 return (*ctx->client_auth_vtable)->do_sign(
393 ctx->client_auth_vtable, ctx->hash_id, hv_len,
394 ctx->eng.pad, sizeof ctx->eng.pad);
395 }
396
397
398
399 static const unsigned char t0_datablock[] = {
400 0x00, 0x00, 0x0A, 0x00, 0x24, 0x00, 0x2F, 0x01, 0x24, 0x00, 0x35, 0x02,
401 0x24, 0x00, 0x3C, 0x01, 0x44, 0x00, 0x3D, 0x02, 0x44, 0x00, 0x9C, 0x03,
402 0x04, 0x00, 0x9D, 0x04, 0x05, 0xC0, 0x03, 0x40, 0x24, 0xC0, 0x04, 0x41,
403 0x24, 0xC0, 0x05, 0x42, 0x24, 0xC0, 0x08, 0x20, 0x24, 0xC0, 0x09, 0x21,
404 0x24, 0xC0, 0x0A, 0x22, 0x24, 0xC0, 0x0D, 0x30, 0x24, 0xC0, 0x0E, 0x31,
405 0x24, 0xC0, 0x0F, 0x32, 0x24, 0xC0, 0x12, 0x10, 0x24, 0xC0, 0x13, 0x11,
406 0x24, 0xC0, 0x14, 0x12, 0x24, 0xC0, 0x23, 0x21, 0x44, 0xC0, 0x24, 0x22,
407 0x55, 0xC0, 0x25, 0x41, 0x44, 0xC0, 0x26, 0x42, 0x55, 0xC0, 0x27, 0x11,
408 0x44, 0xC0, 0x28, 0x12, 0x55, 0xC0, 0x29, 0x31, 0x44, 0xC0, 0x2A, 0x32,
409 0x55, 0xC0, 0x2B, 0x23, 0x04, 0xC0, 0x2C, 0x24, 0x05, 0xC0, 0x2D, 0x43,
410 0x04, 0xC0, 0x2E, 0x44, 0x05, 0xC0, 0x2F, 0x13, 0x04, 0xC0, 0x30, 0x14,
411 0x05, 0xC0, 0x31, 0x33, 0x04, 0xC0, 0x32, 0x34, 0x05, 0xCC, 0xA8, 0x15,
412 0x04, 0xCC, 0xA9, 0x25, 0x04, 0x00, 0x00
413 };
414
415 static const unsigned char t0_codeblock[] = {
416 0x00, 0x01, 0x00, 0x0A, 0x00, 0x00, 0x01, 0x00, 0x0D, 0x00, 0x00, 0x01,
417 0x00, 0x0E, 0x00, 0x00, 0x01, 0x00, 0x0F, 0x00, 0x00, 0x01, 0x01, 0x08,
418 0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x02, 0x08, 0x00, 0x00,
419 0x01, 0x02, 0x09, 0x00, 0x00, 0x25, 0x25, 0x00, 0x00, 0x01,
420 T0_INT1(BR_ERR_BAD_CCS), 0x00, 0x00, 0x01,
421 T0_INT1(BR_ERR_BAD_CIPHER_SUITE), 0x00, 0x00, 0x01,
422 T0_INT1(BR_ERR_BAD_COMPRESSION), 0x00, 0x00, 0x01,
423 T0_INT1(BR_ERR_BAD_FINISHED), 0x00, 0x00, 0x01,
424 T0_INT1(BR_ERR_BAD_FRAGLEN), 0x00, 0x00, 0x01,
425 T0_INT1(BR_ERR_BAD_HANDSHAKE), 0x00, 0x00, 0x01,
426 T0_INT1(BR_ERR_BAD_HELLO_DONE), 0x00, 0x00, 0x01,
427 T0_INT1(BR_ERR_BAD_PARAM), 0x00, 0x00, 0x01,
428 T0_INT1(BR_ERR_BAD_SECRENEG), 0x00, 0x00, 0x01,
429 T0_INT1(BR_ERR_BAD_SNI), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_BAD_VERSION),
430 0x00, 0x00, 0x01, T0_INT1(BR_ERR_EXTRA_EXTENSION), 0x00, 0x00, 0x01,
431 T0_INT1(BR_ERR_INVALID_ALGORITHM), 0x00, 0x00, 0x01,
432 T0_INT1(BR_ERR_LIMIT_EXCEEDED), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OK),
433 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OVERSIZED_ID), 0x00, 0x00, 0x01,
434 T0_INT1(BR_ERR_RESUME_MISMATCH), 0x00, 0x00, 0x01,
435 T0_INT1(BR_ERR_UNEXPECTED), 0x00, 0x00, 0x01,
436 T0_INT1(BR_ERR_UNSUPPORTED_VERSION), 0x00, 0x00, 0x01,
437 T0_INT1(BR_ERR_WRONG_KEY_USAGE), 0x00, 0x00, 0x01,
438 T0_INT2(offsetof(br_ssl_engine_context, action)), 0x00, 0x00, 0x01,
439 T0_INT2(offsetof(br_ssl_engine_context, alert)), 0x00, 0x00, 0x01,
440 T0_INT2(offsetof(br_ssl_engine_context, application_data)), 0x00, 0x00,
441 0x01, T0_INT2(offsetof(br_ssl_client_context, auth_type)), 0x00, 0x00,
442 0x01,
443 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, cipher_suite)),
444 0x00, 0x00, 0x01,
445 T0_INT2(offsetof(br_ssl_engine_context, client_random)), 0x00, 0x00,
446 0x01, T0_INT2(offsetof(br_ssl_engine_context, close_received)), 0x00,
447 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_curve)),
448 0x00, 0x00, 0x01,
449 T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point)), 0x00, 0x00,
450 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point_len)), 0x00,
451 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, flags)), 0x00,
452 0x00, 0x01, T0_INT2(offsetof(br_ssl_client_context, hash_id)), 0x00,
453 0x00, 0x01, T0_INT2(offsetof(br_ssl_client_context, hashes)), 0x00,
454 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, log_max_frag_len)),
455 0x00, 0x00, 0x01,
456 T0_INT2(offsetof(br_ssl_client_context, min_clienthello_len)), 0x00,
457 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, pad)), 0x00, 0x00,
458 0x01, T0_INT2(offsetof(br_ssl_engine_context, protocol_names_num)),
459 0x00, 0x00, 0x01,
460 T0_INT2(offsetof(br_ssl_engine_context, record_type_in)), 0x00, 0x00,
461 0x01, T0_INT2(offsetof(br_ssl_engine_context, record_type_out)), 0x00,
462 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, reneg)), 0x00,
463 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, saved_finished)),
464 0x00, 0x00, 0x01,
465 T0_INT2(offsetof(br_ssl_engine_context, selected_protocol)), 0x00,
466 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, server_name)),
467 0x00, 0x00, 0x01,
468 T0_INT2(offsetof(br_ssl_engine_context, server_random)), 0x00, 0x00,
469 0x01,
470 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id)),
471 0x00, 0x00, 0x01,
472 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id_len)),
473 0x00, 0x00, 0x01,
474 T0_INT2(offsetof(br_ssl_engine_context, shutdown_recv)), 0x00, 0x00,
475 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_buf)), 0x00, 0x00,
476 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_num)), 0x00, 0x00,
477 0x01,
478 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, version)),
479 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_in)),
480 0x00, 0x00, 0x01,
481 T0_INT2(offsetof(br_ssl_engine_context, version_max)), 0x00, 0x00,
482 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_min)), 0x00,
483 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_out)),
484 0x00, 0x00, 0x09, 0x26, 0x56, 0x06, 0x02, 0x66, 0x28, 0x00, 0x00, 0x06,
485 0x08, 0x2C, 0x0E, 0x05, 0x02, 0x6F, 0x28, 0x04, 0x01, 0x3C, 0x00, 0x00,
486 0x01, 0x01, 0x00, 0x01, 0x03, 0x00, 0x97, 0x26, 0x5C, 0x44, 0x9B, 0x26,
487 0x05, 0x04, 0x5E, 0x01, 0x00, 0x00, 0x02, 0x00, 0x0E, 0x06, 0x02, 0x9B,
488 0x00, 0x5C, 0x04, 0x6B, 0x00, 0x06, 0x02, 0x66, 0x28, 0x00, 0x00, 0x26,
489 0x87, 0x44, 0x05, 0x03, 0x01, 0x0C, 0x08, 0x44, 0x77, 0x2C, 0xA9, 0x1C,
490 0x82, 0x01, 0x0C, 0x31, 0x00, 0x00, 0x26, 0x1F, 0x01, 0x08, 0x0B, 0x44,
491 0x5A, 0x1F, 0x08, 0x00, 0x01, 0x03, 0x00, 0x75, 0x2E, 0x02, 0x00, 0x36,
492 0x17, 0x01, 0x01, 0x0B, 0x75, 0x3E, 0x29, 0x1A, 0x36, 0x06, 0x07, 0x02,
493 0x00, 0xCC, 0x03, 0x00, 0x04, 0x75, 0x01, 0x00, 0xC3, 0x02, 0x00, 0x26,
494 0x1A, 0x17, 0x06, 0x02, 0x6D, 0x28, 0xCC, 0x04, 0x76, 0x01, 0x01, 0x00,
495 0x75, 0x3E, 0x01, 0x16, 0x85, 0x3E, 0x01, 0x00, 0x88, 0x3C, 0x34, 0xD2,
496 0x29, 0xB2, 0x06, 0x09, 0x01, 0x7F, 0xAD, 0x01, 0x7F, 0xCF, 0x04, 0x80,
497 0x53, 0xAF, 0x77, 0x2C, 0x9F, 0x01, T0_INT1(BR_KEYTYPE_SIGN), 0x17,
498 0x06, 0x01, 0xB3, 0xB6, 0x26, 0x01, 0x0D, 0x0E, 0x06, 0x07, 0x25, 0xB5,
499 0xB6, 0x01, 0x7F, 0x04, 0x02, 0x01, 0x00, 0x03, 0x00, 0x01, 0x0E, 0x0E,
500 0x05, 0x02, 0x70, 0x28, 0x06, 0x02, 0x65, 0x28, 0x33, 0x06, 0x02, 0x70,
501 0x28, 0x02, 0x00, 0x06, 0x1C, 0xD0, 0x7E, 0x2E, 0x01, 0x81, 0x7F, 0x0E,
502 0x06, 0x0D, 0x25, 0x01, 0x10, 0xDB, 0x01, 0x00, 0xDA, 0x77, 0x2C, 0xA9,
503 0x24, 0x04, 0x04, 0xD3, 0x06, 0x01, 0xD1, 0x04, 0x01, 0xD3, 0x01, 0x7F,
504 0xCF, 0x01, 0x7F, 0xAD, 0x01, 0x01, 0x75, 0x3E, 0x01, 0x17, 0x85, 0x3E,
505 0x00, 0x00, 0x38, 0x38, 0x00, 0x00, 0x98, 0x01, 0x0C, 0x11, 0x01, 0x00,
506 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
507 T0_INT1(BR_KEYTYPE_RSA | BR_KEYTYPE_KEYX), 0x04, 0x30, 0x01, 0x01,
508 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
509 T0_INT1(BR_KEYTYPE_RSA | BR_KEYTYPE_SIGN), 0x04, 0x25, 0x01, 0x02,
510 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
511 T0_INT1(BR_KEYTYPE_EC | BR_KEYTYPE_SIGN), 0x04, 0x1A, 0x01, 0x03,
512 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
513 T0_INT1(BR_KEYTYPE_EC | BR_KEYTYPE_KEYX), 0x04, 0x0F, 0x01, 0x04,
514 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
515 T0_INT1(BR_KEYTYPE_EC | BR_KEYTYPE_KEYX), 0x04, 0x04, 0x01, 0x00,
516 0x44, 0x25, 0x00, 0x00, 0x80, 0x2E, 0x01, 0x0E, 0x0E, 0x06, 0x04, 0x01,
517 0x00, 0x04, 0x02, 0x01, 0x05, 0x00, 0x00, 0x40, 0x06, 0x04, 0x01, 0x06,
518 0x04, 0x02, 0x01, 0x00, 0x00, 0x00, 0x86, 0x2E, 0x26, 0x06, 0x08, 0x01,
519 0x01, 0x09, 0x01, 0x11, 0x07, 0x04, 0x03, 0x25, 0x01, 0x05, 0x00, 0x01,
520 0x41, 0x03, 0x00, 0x25, 0x01, 0x00, 0x43, 0x06, 0x03, 0x02, 0x00, 0x08,
521 0x42, 0x06, 0x03, 0x02, 0x00, 0x08, 0x26, 0x06, 0x06, 0x01, 0x01, 0x0B,
522 0x01, 0x06, 0x08, 0x00, 0x00, 0x89, 0x3F, 0x26, 0x06, 0x03, 0x01, 0x09,
523 0x08, 0x00, 0x01, 0x40, 0x26, 0x06, 0x1E, 0x01, 0x00, 0x03, 0x00, 0x26,
524 0x06, 0x0E, 0x26, 0x01, 0x01, 0x17, 0x02, 0x00, 0x08, 0x03, 0x00, 0x01,
525 0x01, 0x11, 0x04, 0x6F, 0x25, 0x02, 0x00, 0x01, 0x01, 0x0B, 0x01, 0x06,
526 0x08, 0x00, 0x00, 0x7D, 0x2D, 0x44, 0x11, 0x01, 0x01, 0x17, 0x35, 0x00,
527 0x00, 0x9D, 0xCB, 0x26, 0x01, 0x07, 0x17, 0x01, 0x00, 0x38, 0x0E, 0x06,
528 0x09, 0x25, 0x01, 0x10, 0x17, 0x06, 0x01, 0x9D, 0x04, 0x35, 0x01, 0x01,
529 0x38, 0x0E, 0x06, 0x2C, 0x25, 0x25, 0x01, 0x00, 0x75, 0x3E, 0xB1, 0x86,
530 0x2E, 0x01, 0x01, 0x0E, 0x01, 0x01, 0xA6, 0x37, 0x06, 0x17, 0x29, 0x1A,
531 0x36, 0x06, 0x04, 0xCB, 0x25, 0x04, 0x78, 0x01, 0x80, 0x64, 0xC3, 0x01,
532 0x01, 0x75, 0x3E, 0x01, 0x17, 0x85, 0x3E, 0x04, 0x01, 0x9D, 0x04, 0x03,
533 0x70, 0x28, 0x25, 0x04, 0xFF, 0x34, 0x01, 0x26, 0x03, 0x00, 0x09, 0x26,
534 0x56, 0x06, 0x02, 0x66, 0x28, 0x02, 0x00, 0x00, 0x00, 0x98, 0x01, 0x0F,
535 0x17, 0x00, 0x00, 0x74, 0x2E, 0x01, 0x00, 0x38, 0x0E, 0x06, 0x10, 0x25,
536 0x26, 0x01, 0x01, 0x0D, 0x06, 0x03, 0x25, 0x01, 0x02, 0x74, 0x3E, 0x01,
537 0x00, 0x04, 0x21, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x14, 0x25, 0x01, 0x00,
538 0x74, 0x3E, 0x26, 0x01, 0x80, 0x64, 0x0E, 0x06, 0x05, 0x01, 0x82, 0x00,
539 0x08, 0x28, 0x58, 0x04, 0x07, 0x25, 0x01, 0x82, 0x00, 0x08, 0x28, 0x25,
540 0x00, 0x00, 0x01, 0x00, 0x2F, 0x06, 0x05, 0x3A, 0xAA, 0x37, 0x04, 0x78,
541 0x26, 0x06, 0x04, 0x01, 0x01, 0x8D, 0x3E, 0x00, 0x01, 0xBD, 0xA8, 0xBD,
542 0xA8, 0xBF, 0x82, 0x44, 0x26, 0x03, 0x00, 0xB4, 0x99, 0x99, 0x02, 0x00,
543 0x4B, 0x26, 0x56, 0x06, 0x0A, 0x01, 0x03, 0xA6, 0x06, 0x02, 0x70, 0x28,
544 0x25, 0x04, 0x03, 0x5A, 0x88, 0x3C, 0x00, 0x00, 0x2F, 0x06, 0x0B, 0x84,
545 0x2E, 0x01, 0x14, 0x0D, 0x06, 0x02, 0x70, 0x28, 0x04, 0x11, 0xCB, 0x01,
546 0x07, 0x17, 0x26, 0x01, 0x02, 0x0D, 0x06, 0x06, 0x06, 0x02, 0x70, 0x28,
547 0x04, 0x70, 0x25, 0xC0, 0x01, 0x01, 0x0D, 0x33, 0x37, 0x06, 0x02, 0x5F,
548 0x28, 0x26, 0x01, 0x01, 0xC6, 0x36, 0xB0, 0x00, 0x01, 0xB6, 0x01, 0x0B,
549 0x0E, 0x05, 0x02, 0x70, 0x28, 0x26, 0x01, 0x03, 0x0E, 0x06, 0x08, 0xBE,
550 0x06, 0x02, 0x66, 0x28, 0x44, 0x25, 0x00, 0x44, 0x55, 0xBE, 0xA8, 0x26,
551 0x06, 0x23, 0xBE, 0xA8, 0x26, 0x54, 0x26, 0x06, 0x18, 0x26, 0x01, 0x82,
552 0x00, 0x0F, 0x06, 0x05, 0x01, 0x82, 0x00, 0x04, 0x01, 0x26, 0x03, 0x00,
553 0x82, 0x02, 0x00, 0xB4, 0x02, 0x00, 0x51, 0x04, 0x65, 0x99, 0x52, 0x04,
554 0x5A, 0x99, 0x99, 0x53, 0x26, 0x06, 0x02, 0x35, 0x00, 0x25, 0x2B, 0x00,
555 0x00, 0x77, 0x2C, 0x9F, 0x01, 0x7F, 0xAE, 0x26, 0x56, 0x06, 0x02, 0x35,
556 0x28, 0x26, 0x05, 0x02, 0x70, 0x28, 0x38, 0x17, 0x0D, 0x06, 0x02, 0x72,
557 0x28, 0x3B, 0x00, 0x00, 0x9A, 0xB6, 0x01, 0x14, 0x0D, 0x06, 0x02, 0x70,
558 0x28, 0x82, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0xB4, 0x99, 0x82, 0x26, 0x01,
559 0x0C, 0x08, 0x01, 0x0C, 0x30, 0x05, 0x02, 0x62, 0x28, 0x00, 0x00, 0xB7,
560 0x06, 0x02, 0x70, 0x28, 0x06, 0x02, 0x64, 0x28, 0x00, 0x0A, 0xB6, 0x01,
561 0x02, 0x0E, 0x05, 0x02, 0x70, 0x28, 0xBD, 0x03, 0x00, 0x02, 0x00, 0x93,
562 0x2C, 0x0A, 0x02, 0x00, 0x92, 0x2C, 0x0F, 0x37, 0x06, 0x02, 0x71, 0x28,
563 0x02, 0x00, 0x91, 0x2C, 0x0D, 0x06, 0x02, 0x69, 0x28, 0x02, 0x00, 0x94,
564 0x3C, 0x8A, 0x01, 0x20, 0xB4, 0x01, 0x00, 0x03, 0x01, 0xBF, 0x03, 0x02,
565 0x02, 0x02, 0x01, 0x20, 0x0F, 0x06, 0x02, 0x6E, 0x28, 0x82, 0x02, 0x02,
566 0xB4, 0x02, 0x02, 0x8C, 0x2E, 0x0E, 0x02, 0x02, 0x01, 0x00, 0x0F, 0x17,
567 0x06, 0x0B, 0x8B, 0x82, 0x02, 0x02, 0x30, 0x06, 0x04, 0x01, 0x7F, 0x03,
568 0x01, 0x8B, 0x82, 0x02, 0x02, 0x31, 0x02, 0x02, 0x8C, 0x3E, 0x02, 0x00,
569 0x90, 0x02, 0x01, 0x96, 0xBD, 0x26, 0xC1, 0x56, 0x06, 0x02, 0x60, 0x28,
570 0x77, 0x02, 0x01, 0x96, 0xBF, 0x06, 0x02, 0x61, 0x28, 0x26, 0x06, 0x81,
571 0x47, 0xBD, 0xA8, 0xA4, 0x03, 0x03, 0xA2, 0x03, 0x04, 0xA0, 0x03, 0x05,
572 0xA3, 0x03, 0x06, 0xA5, 0x03, 0x07, 0xA1, 0x03, 0x08, 0x27, 0x03, 0x09,
573 0x26, 0x06, 0x81, 0x18, 0xBD, 0x01, 0x00, 0x38, 0x0E, 0x06, 0x0F, 0x25,
574 0x02, 0x03, 0x05, 0x02, 0x6A, 0x28, 0x01, 0x00, 0x03, 0x03, 0xBC, 0x04,
575 0x80, 0x7F, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x0F, 0x25, 0x02, 0x05, 0x05,
576 0x02, 0x6A, 0x28, 0x01, 0x00, 0x03, 0x05, 0xBA, 0x04, 0x80, 0x6A, 0x01,
577 0x83, 0xFE, 0x01, 0x38, 0x0E, 0x06, 0x0F, 0x25, 0x02, 0x04, 0x05, 0x02,
578 0x6A, 0x28, 0x01, 0x00, 0x03, 0x04, 0xBB, 0x04, 0x80, 0x53, 0x01, 0x0D,
579 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x06, 0x05, 0x02, 0x6A, 0x28, 0x01,
580 0x00, 0x03, 0x06, 0xB8, 0x04, 0x3F, 0x01, 0x0A, 0x38, 0x0E, 0x06, 0x0E,
581 0x25, 0x02, 0x07, 0x05, 0x02, 0x6A, 0x28, 0x01, 0x00, 0x03, 0x07, 0xB8,
582 0x04, 0x2B, 0x01, 0x0B, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x08, 0x05,
583 0x02, 0x6A, 0x28, 0x01, 0x00, 0x03, 0x08, 0xB8, 0x04, 0x17, 0x01, 0x10,
584 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x09, 0x05, 0x02, 0x6A, 0x28, 0x01,
585 0x00, 0x03, 0x09, 0xAC, 0x04, 0x03, 0x6A, 0x28, 0x25, 0x04, 0xFE, 0x64,
586 0x02, 0x04, 0x06, 0x0D, 0x02, 0x04, 0x01, 0x05, 0x0F, 0x06, 0x02, 0x67,
587 0x28, 0x01, 0x01, 0x86, 0x3E, 0x99, 0x04, 0x0C, 0xA2, 0x01, 0x05, 0x0F,
588 0x06, 0x02, 0x67, 0x28, 0x01, 0x01, 0x86, 0x3E, 0x99, 0x02, 0x01, 0x00,
589 0x04, 0xB6, 0x01, 0x0C, 0x0E, 0x05, 0x02, 0x70, 0x28, 0xBF, 0x01, 0x03,
590 0x0E, 0x05, 0x02, 0x6B, 0x28, 0xBD, 0x26, 0x7A, 0x3E, 0x26, 0x01, 0x20,
591 0x10, 0x06, 0x02, 0x6B, 0x28, 0x40, 0x44, 0x11, 0x01, 0x01, 0x17, 0x05,
592 0x02, 0x6B, 0x28, 0xBF, 0x26, 0x01, 0x81, 0x05, 0x0F, 0x06, 0x02, 0x6B,
593 0x28, 0x26, 0x7C, 0x3E, 0x7B, 0x44, 0xB4, 0x90, 0x2C, 0x01, 0x86, 0x03,
594 0x10, 0x03, 0x00, 0x77, 0x2C, 0xC9, 0x03, 0x01, 0x01, 0x02, 0x03, 0x02,
595 0x02, 0x00, 0x06, 0x21, 0xBF, 0x26, 0x26, 0x01, 0x02, 0x0A, 0x44, 0x01,
596 0x06, 0x0F, 0x37, 0x06, 0x02, 0x6B, 0x28, 0x03, 0x02, 0xBF, 0x02, 0x01,
597 0x01, 0x01, 0x0B, 0x01, 0x03, 0x08, 0x0E, 0x05, 0x02, 0x6B, 0x28, 0x04,
598 0x08, 0x02, 0x01, 0x06, 0x04, 0x01, 0x00, 0x03, 0x02, 0xBD, 0x26, 0x03,
599 0x03, 0x26, 0x01, 0x84, 0x00, 0x0F, 0x06, 0x02, 0x6C, 0x28, 0x82, 0x44,
600 0xB4, 0x02, 0x02, 0x02, 0x01, 0x02, 0x03, 0x4E, 0x26, 0x06, 0x01, 0x28,
601 0x25, 0x99, 0x00, 0x02, 0x03, 0x00, 0x03, 0x01, 0x02, 0x00, 0x95, 0x02,
602 0x01, 0x02, 0x00, 0x39, 0x26, 0x01, 0x00, 0x0E, 0x06, 0x02, 0x5E, 0x00,
603 0xCD, 0x04, 0x74, 0x02, 0x01, 0x00, 0x03, 0x00, 0xBF, 0xA8, 0x26, 0x06,
604 0x80, 0x43, 0xBF, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x06, 0x25, 0x01, 0x81,
605 0x7F, 0x04, 0x2E, 0x01, 0x80, 0x40, 0x38, 0x0E, 0x06, 0x07, 0x25, 0x01,
606 0x83, 0xFE, 0x00, 0x04, 0x20, 0x01, 0x80, 0x41, 0x38, 0x0E, 0x06, 0x07,
607 0x25, 0x01, 0x84, 0x80, 0x00, 0x04, 0x12, 0x01, 0x80, 0x42, 0x38, 0x0E,
608 0x06, 0x07, 0x25, 0x01, 0x88, 0x80, 0x00, 0x04, 0x04, 0x01, 0x00, 0x44,
609 0x25, 0x02, 0x00, 0x37, 0x03, 0x00, 0x04, 0xFF, 0x39, 0x99, 0x77, 0x2C,
610 0xC7, 0x05, 0x09, 0x02, 0x00, 0x01, 0x83, 0xFF, 0x7F, 0x17, 0x03, 0x00,
611 0x90, 0x2C, 0x01, 0x86, 0x03, 0x10, 0x06, 0x3A, 0xB9, 0x26, 0x7F, 0x3D,
612 0x41, 0x25, 0x26, 0x01, 0x08, 0x0B, 0x37, 0x01, 0x8C, 0x80, 0x00, 0x37,
613 0x17, 0x02, 0x00, 0x17, 0x02, 0x00, 0x01, 0x8C, 0x80, 0x00, 0x17, 0x06,
614 0x19, 0x26, 0x01, 0x81, 0x7F, 0x17, 0x06, 0x05, 0x01, 0x84, 0x80, 0x00,
615 0x37, 0x26, 0x01, 0x83, 0xFE, 0x00, 0x17, 0x06, 0x05, 0x01, 0x88, 0x80,
616 0x00, 0x37, 0x03, 0x00, 0x04, 0x09, 0x02, 0x00, 0x01, 0x8C, 0x88, 0x01,
617 0x17, 0x03, 0x00, 0x16, 0xBD, 0xA8, 0x26, 0x06, 0x23, 0xBD, 0xA8, 0x26,
618 0x15, 0x26, 0x06, 0x18, 0x26, 0x01, 0x82, 0x00, 0x0F, 0x06, 0x05, 0x01,
619 0x82, 0x00, 0x04, 0x01, 0x26, 0x03, 0x01, 0x82, 0x02, 0x01, 0xB4, 0x02,
620 0x01, 0x12, 0x04, 0x65, 0x99, 0x13, 0x04, 0x5A, 0x99, 0x14, 0x99, 0x02,
621 0x00, 0x2A, 0x00, 0x00, 0xB7, 0x26, 0x58, 0x06, 0x07, 0x25, 0x06, 0x02,
622 0x64, 0x28, 0x04, 0x74, 0x00, 0x00, 0xC0, 0x01, 0x03, 0xBE, 0x44, 0x25,
623 0x44, 0x00, 0x00, 0xBD, 0xC4, 0x00, 0x03, 0x01, 0x00, 0x03, 0x00, 0xBD,
624 0xA8, 0x26, 0x06, 0x80, 0x50, 0xBF, 0x03, 0x01, 0xBF, 0x03, 0x02, 0x02,
625 0x01, 0x01, 0x08, 0x0E, 0x06, 0x16, 0x02, 0x02, 0x01, 0x0F, 0x0C, 0x06,
626 0x0D, 0x01, 0x01, 0x02, 0x02, 0x01, 0x10, 0x08, 0x0B, 0x02, 0x00, 0x37,
627 0x03, 0x00, 0x04, 0x2A, 0x02, 0x01, 0x01, 0x02, 0x10, 0x02, 0x01, 0x01,
628 0x06, 0x0C, 0x17, 0x02, 0x02, 0x01, 0x01, 0x0E, 0x02, 0x02, 0x01, 0x03,
629 0x0E, 0x37, 0x17, 0x06, 0x11, 0x02, 0x00, 0x01, 0x01, 0x02, 0x02, 0x5B,
630 0x01, 0x02, 0x0B, 0x02, 0x01, 0x08, 0x0B, 0x37, 0x03, 0x00, 0x04, 0xFF,
631 0x2C, 0x99, 0x02, 0x00, 0x00, 0x00, 0xBD, 0x01, 0x01, 0x0E, 0x05, 0x02,
632 0x63, 0x28, 0xBF, 0x01, 0x08, 0x08, 0x80, 0x2E, 0x0E, 0x05, 0x02, 0x63,
633 0x28, 0x00, 0x00, 0xBD, 0x86, 0x2E, 0x05, 0x15, 0x01, 0x01, 0x0E, 0x05,
634 0x02, 0x67, 0x28, 0xBF, 0x01, 0x00, 0x0E, 0x05, 0x02, 0x67, 0x28, 0x01,
635 0x02, 0x86, 0x3E, 0x04, 0x1C, 0x01, 0x19, 0x0E, 0x05, 0x02, 0x67, 0x28,
636 0xBF, 0x01, 0x18, 0x0E, 0x05, 0x02, 0x67, 0x28, 0x82, 0x01, 0x18, 0xB4,
637 0x87, 0x82, 0x01, 0x18, 0x30, 0x05, 0x02, 0x67, 0x28, 0x00, 0x00, 0xBD,
638 0x06, 0x02, 0x68, 0x28, 0x00, 0x00, 0x01, 0x02, 0x95, 0xC0, 0x01, 0x08,
639 0x0B, 0xC0, 0x08, 0x00, 0x00, 0x01, 0x03, 0x95, 0xC0, 0x01, 0x08, 0x0B,
640 0xC0, 0x08, 0x01, 0x08, 0x0B, 0xC0, 0x08, 0x00, 0x00, 0x01, 0x01, 0x95,
641 0xC0, 0x00, 0x00, 0x3A, 0x26, 0x56, 0x05, 0x01, 0x00, 0x25, 0xCD, 0x04,
642 0x76, 0x02, 0x03, 0x00, 0x8F, 0x2E, 0x03, 0x01, 0x01, 0x00, 0x26, 0x02,
643 0x01, 0x0A, 0x06, 0x10, 0x26, 0x01, 0x01, 0x0B, 0x8E, 0x08, 0x2C, 0x02,
644 0x00, 0x0E, 0x06, 0x01, 0x00, 0x5A, 0x04, 0x6A, 0x25, 0x01, 0x7F, 0x00,
645 0x00, 0x01, 0x15, 0x85, 0x3E, 0x44, 0x50, 0x25, 0x50, 0x25, 0x29, 0x00,
646 0x00, 0x01, 0x01, 0x44, 0xC2, 0x00, 0x00, 0x44, 0x38, 0x95, 0x44, 0x26,
647 0x06, 0x05, 0xC0, 0x25, 0x5B, 0x04, 0x78, 0x25, 0x00, 0x00, 0x26, 0x01,
648 0x81, 0xAC, 0x00, 0x0E, 0x06, 0x04, 0x25, 0x01, 0x7F, 0x00, 0x98, 0x57,
649 0x00, 0x02, 0x03, 0x00, 0x77, 0x2C, 0x98, 0x03, 0x01, 0x02, 0x01, 0x01,
650 0x0F, 0x17, 0x02, 0x01, 0x01, 0x04, 0x11, 0x01, 0x0F, 0x17, 0x02, 0x01,
651 0x01, 0x08, 0x11, 0x01, 0x0F, 0x17, 0x01, 0x00, 0x38, 0x0E, 0x06, 0x10,
652 0x25, 0x01, 0x00, 0x01, 0x18, 0x02, 0x00, 0x06, 0x03, 0x47, 0x04, 0x01,
653 0x48, 0x04, 0x80, 0x68, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x10, 0x25, 0x01,
654 0x01, 0x01, 0x10, 0x02, 0x00, 0x06, 0x03, 0x47, 0x04, 0x01, 0x48, 0x04,
655 0x80, 0x52, 0x01, 0x02, 0x38, 0x0E, 0x06, 0x0F, 0x25, 0x01, 0x01, 0x01,
656 0x20, 0x02, 0x00, 0x06, 0x03, 0x47, 0x04, 0x01, 0x48, 0x04, 0x3D, 0x01,
657 0x03, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x25, 0x01, 0x10, 0x02, 0x00, 0x06,
658 0x03, 0x45, 0x04, 0x01, 0x46, 0x04, 0x29, 0x01, 0x04, 0x38, 0x0E, 0x06,
659 0x0E, 0x25, 0x25, 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x45, 0x04, 0x01,
660 0x46, 0x04, 0x15, 0x01, 0x05, 0x38, 0x0E, 0x06, 0x0C, 0x25, 0x25, 0x02,
661 0x00, 0x06, 0x03, 0x49, 0x04, 0x01, 0x4A, 0x04, 0x03, 0x66, 0x28, 0x25,
662 0x00, 0x00, 0x98, 0x01, 0x0C, 0x11, 0x01, 0x02, 0x0F, 0x00, 0x00, 0x98,
663 0x01, 0x0C, 0x11, 0x26, 0x59, 0x44, 0x01, 0x03, 0x0A, 0x17, 0x00, 0x00,
664 0x98, 0x01, 0x0C, 0x11, 0x01, 0x01, 0x0E, 0x00, 0x00, 0x98, 0x01, 0x0C,
665 0x11, 0x58, 0x00, 0x00, 0x1B, 0x01, 0x00, 0x73, 0x2E, 0x26, 0x06, 0x22,
666 0x01, 0x01, 0x38, 0x0E, 0x06, 0x06, 0x25, 0x01, 0x00, 0x9C, 0x04, 0x14,
667 0x01, 0x02, 0x38, 0x0E, 0x06, 0x0D, 0x25, 0x75, 0x2E, 0x01, 0x01, 0x0E,
668 0x06, 0x03, 0x01, 0x10, 0x37, 0x04, 0x01, 0x25, 0x04, 0x01, 0x25, 0x79,
669 0x2E, 0x05, 0x33, 0x2F, 0x06, 0x30, 0x84, 0x2E, 0x01, 0x14, 0x38, 0x0E,
670 0x06, 0x06, 0x25, 0x01, 0x02, 0x37, 0x04, 0x22, 0x01, 0x15, 0x38, 0x0E,
671 0x06, 0x09, 0x25, 0xAB, 0x06, 0x03, 0x01, 0x7F, 0x9C, 0x04, 0x13, 0x01,
672 0x16, 0x38, 0x0E, 0x06, 0x06, 0x25, 0x01, 0x01, 0x37, 0x04, 0x07, 0x25,
673 0x01, 0x04, 0x37, 0x01, 0x00, 0x25, 0x1A, 0x06, 0x03, 0x01, 0x08, 0x37,
674 0x00, 0x00, 0x1B, 0x26, 0x05, 0x13, 0x2F, 0x06, 0x10, 0x84, 0x2E, 0x01,
675 0x15, 0x0E, 0x06, 0x08, 0x25, 0xAB, 0x01, 0x00, 0x75, 0x3E, 0x04, 0x01,
676 0x20, 0x00, 0x00, 0xCB, 0x01, 0x07, 0x17, 0x01, 0x01, 0x0F, 0x06, 0x02,
677 0x70, 0x28, 0x00, 0x01, 0x03, 0x00, 0x29, 0x1A, 0x06, 0x05, 0x02, 0x00,
678 0x85, 0x3E, 0x00, 0xCB, 0x25, 0x04, 0x74, 0x00, 0x01, 0x14, 0xCE, 0x01,
679 0x01, 0xDB, 0x29, 0x26, 0x01, 0x00, 0xC6, 0x01, 0x16, 0xCE, 0xD4, 0x29,
680 0x00, 0x00, 0x01, 0x0B, 0xDB, 0x4C, 0x26, 0x26, 0x01, 0x03, 0x08, 0xDA,
681 0xDA, 0x18, 0x26, 0x56, 0x06, 0x02, 0x25, 0x00, 0xDA, 0x1D, 0x26, 0x06,
682 0x05, 0x82, 0x44, 0xD5, 0x04, 0x77, 0x25, 0x04, 0x6C, 0x00, 0x21, 0x01,
683 0x0F, 0xDB, 0x26, 0x90, 0x2C, 0x01, 0x86, 0x03, 0x10, 0x06, 0x0C, 0x01,
684 0x04, 0x08, 0xDA, 0x7E, 0x2E, 0xDB, 0x76, 0x2E, 0xDB, 0x04, 0x02, 0x5C,
685 0xDA, 0x26, 0xD9, 0x82, 0x44, 0xD5, 0x00, 0x02, 0xA2, 0xA4, 0x08, 0xA0,
686 0x08, 0xA3, 0x08, 0xA5, 0x08, 0xA1, 0x08, 0x27, 0x08, 0x03, 0x00, 0x01,
687 0x01, 0xDB, 0x01, 0x27, 0x8C, 0x2E, 0x08, 0x8F, 0x2E, 0x01, 0x01, 0x0B,
688 0x08, 0x02, 0x00, 0x06, 0x04, 0x5C, 0x02, 0x00, 0x08, 0x81, 0x2C, 0x38,
689 0x09, 0x26, 0x59, 0x06, 0x24, 0x02, 0x00, 0x05, 0x04, 0x44, 0x5C, 0x44,
690 0x5D, 0x01, 0x04, 0x09, 0x26, 0x56, 0x06, 0x03, 0x25, 0x01, 0x00, 0x26,
691 0x01, 0x04, 0x08, 0x02, 0x00, 0x08, 0x03, 0x00, 0x44, 0x01, 0x04, 0x08,
692 0x38, 0x08, 0x44, 0x04, 0x03, 0x25, 0x01, 0x7F, 0x03, 0x01, 0xDA, 0x92,
693 0x2C, 0xD9, 0x78, 0x01, 0x04, 0x19, 0x78, 0x01, 0x04, 0x08, 0x01, 0x1C,
694 0x32, 0x78, 0x01, 0x20, 0xD5, 0x8B, 0x8C, 0x2E, 0xD7, 0x8F, 0x2E, 0x26,
695 0x01, 0x01, 0x0B, 0xD9, 0x8E, 0x44, 0x26, 0x06, 0x0F, 0x5B, 0x38, 0x2C,
696 0x26, 0xC5, 0x05, 0x02, 0x60, 0x28, 0xD9, 0x44, 0x5C, 0x44, 0x04, 0x6E,
697 0x5E, 0x01, 0x01, 0xDB, 0x01, 0x00, 0xDB, 0x02, 0x00, 0x06, 0x81, 0x5A,
698 0x02, 0x00, 0xD9, 0xA2, 0x06, 0x0E, 0x01, 0x83, 0xFE, 0x01, 0xD9, 0x87,
699 0xA2, 0x01, 0x04, 0x09, 0x26, 0xD9, 0x5B, 0xD7, 0xA4, 0x06, 0x16, 0x01,
700 0x00, 0xD9, 0x89, 0xA4, 0x01, 0x04, 0x09, 0x26, 0xD9, 0x01, 0x02, 0x09,
701 0x26, 0xD9, 0x01, 0x00, 0xDB, 0x01, 0x03, 0x09, 0xD6, 0xA0, 0x06, 0x0C,
702 0x01, 0x01, 0xD9, 0x01, 0x01, 0xD9, 0x80, 0x2E, 0x01, 0x08, 0x09, 0xDB,
703 0xA3, 0x06, 0x19, 0x01, 0x0D, 0xD9, 0xA3, 0x01, 0x04, 0x09, 0x26, 0xD9,
704 0x01, 0x02, 0x09, 0xD9, 0x42, 0x06, 0x03, 0x01, 0x03, 0xD8, 0x43, 0x06,
705 0x03, 0x01, 0x01, 0xD8, 0xA5, 0x26, 0x06, 0x36, 0x01, 0x0A, 0xD9, 0x01,
706 0x04, 0x09, 0x26, 0xD9, 0x5D, 0xD9, 0x40, 0x01, 0x00, 0x26, 0x01, 0x82,
707 0x80, 0x80, 0x80, 0x00, 0x17, 0x06, 0x0A, 0x01, 0xFD, 0xFF, 0xFF, 0xFF,
708 0x7F, 0x17, 0x01, 0x1D, 0xD9, 0x26, 0x01, 0x20, 0x0A, 0x06, 0x0C, 0x9E,
709 0x11, 0x01, 0x01, 0x17, 0x06, 0x02, 0x26, 0xD9, 0x5A, 0x04, 0x6E, 0x5E,
710 0x04, 0x01, 0x25, 0xA1, 0x06, 0x0A, 0x01, 0x0B, 0xD9, 0x01, 0x02, 0xD9,
711 0x01, 0x82, 0x00, 0xD9, 0x27, 0x26, 0x06, 0x1F, 0x01, 0x10, 0xD9, 0x01,
712 0x04, 0x09, 0x26, 0xD9, 0x5D, 0xD9, 0x83, 0x2C, 0x01, 0x00, 0x9E, 0x0F,
713 0x06, 0x0A, 0x26, 0x1E, 0x26, 0xDB, 0x82, 0x44, 0xD5, 0x5A, 0x04, 0x72,
714 0x5E, 0x04, 0x01, 0x25, 0x02, 0x01, 0x56, 0x05, 0x11, 0x01, 0x15, 0xD9,
715 0x02, 0x01, 0x26, 0xD9, 0x26, 0x06, 0x06, 0x5B, 0x01, 0x00, 0xDB, 0x04,
716 0x77, 0x25, 0x00, 0x00, 0x01, 0x10, 0xDB, 0x77, 0x2C, 0x26, 0xCA, 0x06,
717 0x0C, 0xA9, 0x23, 0x26, 0x5C, 0xDA, 0x26, 0xD9, 0x82, 0x44, 0xD5, 0x04,
718 0x0D, 0x26, 0xC8, 0x44, 0xA9, 0x22, 0x26, 0x5A, 0xDA, 0x26, 0xDB, 0x82,
719 0x44, 0xD5, 0x00, 0x00, 0x9A, 0x01, 0x14, 0xDB, 0x01, 0x0C, 0xDA, 0x82,
720 0x01, 0x0C, 0xD5, 0x00, 0x00, 0x4F, 0x26, 0x01, 0x00, 0x0E, 0x06, 0x02,
721 0x5E, 0x00, 0xCB, 0x25, 0x04, 0x73, 0x00, 0x26, 0xD9, 0xD5, 0x00, 0x00,
722 0x26, 0xDB, 0xD5, 0x00, 0x01, 0x03, 0x00, 0x41, 0x25, 0x26, 0x01, 0x10,
723 0x17, 0x06, 0x06, 0x01, 0x04, 0xDB, 0x02, 0x00, 0xDB, 0x26, 0x01, 0x08,
724 0x17, 0x06, 0x06, 0x01, 0x03, 0xDB, 0x02, 0x00, 0xDB, 0x26, 0x01, 0x20,
725 0x17, 0x06, 0x06, 0x01, 0x05, 0xDB, 0x02, 0x00, 0xDB, 0x26, 0x01, 0x80,
726 0x40, 0x17, 0x06, 0x06, 0x01, 0x06, 0xDB, 0x02, 0x00, 0xDB, 0x01, 0x04,
727 0x17, 0x06, 0x06, 0x01, 0x02, 0xDB, 0x02, 0x00, 0xDB, 0x00, 0x00, 0x26,
728 0x01, 0x08, 0x4D, 0xDB, 0xDB, 0x00, 0x00, 0x26, 0x01, 0x10, 0x4D, 0xDB,
729 0xD9, 0x00, 0x00, 0x26, 0x50, 0x06, 0x02, 0x25, 0x00, 0xCB, 0x25, 0x04,
730 0x76
731 };
732
733 static const uint16_t t0_caddr[] = {
734 0,
735 5,
736 10,
737 15,
738 20,
739 25,
740 30,
741 35,
742 40,
743 44,
744 48,
745 52,
746 56,
747 60,
748 64,
749 68,
750 72,
751 76,
752 80,
753 84,
754 88,
755 92,
756 96,
757 100,
758 104,
759 108,
760 112,
761 116,
762 120,
763 124,
764 129,
765 134,
766 139,
767 144,
768 149,
769 154,
770 159,
771 164,
772 169,
773 174,
774 179,
775 184,
776 189,
777 194,
778 199,
779 204,
780 209,
781 214,
782 219,
783 224,
784 229,
785 234,
786 239,
787 244,
788 249,
789 254,
790 259,
791 264,
792 269,
793 274,
794 279,
795 284,
796 289,
797 294,
798 303,
799 316,
800 320,
801 345,
802 351,
803 370,
804 381,
805 422,
806 542,
807 546,
808 611,
809 626,
810 637,
811 655,
812 684,
813 694,
814 730,
815 740,
816 818,
817 832,
818 838,
819 897,
820 916,
821 951,
822 1000,
823 1076,
824 1103,
825 1134,
826 1145,
827 1484,
828 1631,
829 1655,
830 1871,
831 1885,
832 1894,
833 1898,
834 1993,
835 2014,
836 2070,
837 2077,
838 2088,
839 2104,
840 2110,
841 2121,
842 2156,
843 2168,
844 2174,
845 2189,
846 2205,
847 2361,
848 2370,
849 2383,
850 2392,
851 2399,
852 2505,
853 2530,
854 2543,
855 2559,
856 2577,
857 2609,
858 2643,
859 3011,
860 3047,
861 3060,
862 3074,
863 3079,
864 3084,
865 3150,
866 3158,
867 3166
868 };
869
870 #define T0_INTERPRETED 86
871
872 #define T0_ENTER(ip, rp, slot) do { \
873 const unsigned char *t0_newip; \
874 uint32_t t0_lnum; \
875 t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \
876 t0_lnum = t0_parse7E_unsigned(&t0_newip); \
877 (rp) += t0_lnum; \
878 *((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \
879 (ip) = t0_newip; \
880 } while (0)
881
882 #define T0_DEFENTRY(name, slot) \
883 void \
884 name(void *ctx) \
885 { \
886 t0_context *t0ctx = ctx; \
887 t0ctx->ip = &t0_codeblock[0]; \
888 T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \
889 }
890
891 T0_DEFENTRY(br_ssl_hs_client_init_main, 167)
892
893 #define T0_NEXT(t0ipp) (*(*(t0ipp)) ++)
894
895 void
896 br_ssl_hs_client_run(void *t0ctx)
897 {
898 uint32_t *dp, *rp;
899 const unsigned char *ip;
900
901 #define T0_LOCAL(x) (*(rp - 2 - (x)))
902 #define T0_POP() (*-- dp)
903 #define T0_POPi() (*(int32_t *)(-- dp))
904 #define T0_PEEK(x) (*(dp - 1 - (x)))
905 #define T0_PEEKi(x) (*(int32_t *)(dp - 1 - (x)))
906 #define T0_PUSH(v) do { *dp = (v); dp ++; } while (0)
907 #define T0_PUSHi(v) do { *(int32_t *)dp = (v); dp ++; } while (0)
908 #define T0_RPOP() (*-- rp)
909 #define T0_RPOPi() (*(int32_t *)(-- rp))
910 #define T0_RPUSH(v) do { *rp = (v); rp ++; } while (0)
911 #define T0_RPUSHi(v) do { *(int32_t *)rp = (v); rp ++; } while (0)
912 #define T0_ROLL(x) do { \
913 size_t t0len = (size_t)(x); \
914 uint32_t t0tmp = *(dp - 1 - t0len); \
915 memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \
916 *(dp - 1) = t0tmp; \
917 } while (0)
918 #define T0_SWAP() do { \
919 uint32_t t0tmp = *(dp - 2); \
920 *(dp - 2) = *(dp - 1); \
921 *(dp - 1) = t0tmp; \
922 } while (0)
923 #define T0_ROT() do { \
924 uint32_t t0tmp = *(dp - 3); \
925 *(dp - 3) = *(dp - 2); \
926 *(dp - 2) = *(dp - 1); \
927 *(dp - 1) = t0tmp; \
928 } while (0)
929 #define T0_NROT() do { \
930 uint32_t t0tmp = *(dp - 1); \
931 *(dp - 1) = *(dp - 2); \
932 *(dp - 2) = *(dp - 3); \
933 *(dp - 3) = t0tmp; \
934 } while (0)
935 #define T0_PICK(x) do { \
936 uint32_t t0depth = (x); \
937 T0_PUSH(T0_PEEK(t0depth)); \
938 } while (0)
939 #define T0_CO() do { \
940 goto t0_exit; \
941 } while (0)
942 #define T0_RET() goto t0_next
943
944 dp = ((t0_context *)t0ctx)->dp;
945 rp = ((t0_context *)t0ctx)->rp;
946 ip = ((t0_context *)t0ctx)->ip;
947 goto t0_next;
948 for (;;) {
949 uint32_t t0x;
950
951 t0_next:
952 t0x = T0_NEXT(&ip);
953 if (t0x < T0_INTERPRETED) {
954 switch (t0x) {
955 int32_t t0off;
956
957 case 0: /* ret */
958 t0x = T0_RPOP();
959 rp -= (t0x >> 16);
960 t0x &= 0xFFFF;
961 if (t0x == 0) {
962 ip = NULL;
963 goto t0_exit;
964 }
965 ip = &t0_codeblock[t0x];
966 break;
967 case 1: /* literal constant */
968 T0_PUSHi(t0_parse7E_signed(&ip));
969 break;
970 case 2: /* read local */
971 T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip)));
972 break;
973 case 3: /* write local */
974 T0_LOCAL(t0_parse7E_unsigned(&ip)) = T0_POP();
975 break;
976 case 4: /* jump */
977 t0off = t0_parse7E_signed(&ip);
978 ip += t0off;
979 break;
980 case 5: /* jump if */
981 t0off = t0_parse7E_signed(&ip);
982 if (T0_POP()) {
983 ip += t0off;
984 }
985 break;
986 case 6: /* jump if not */
987 t0off = t0_parse7E_signed(&ip);
988 if (!T0_POP()) {
989 ip += t0off;
990 }
991 break;
992 case 7: {
993 /* * */
994
995 uint32_t b = T0_POP();
996 uint32_t a = T0_POP();
997 T0_PUSH(a * b);
998
999 }
1000 break;
1001 case 8: {
1002 /* + */
1003
1004 uint32_t b = T0_POP();
1005 uint32_t a = T0_POP();
1006 T0_PUSH(a + b);
1007
1008 }
1009 break;
1010 case 9: {
1011 /* - */
1012
1013 uint32_t b = T0_POP();
1014 uint32_t a = T0_POP();
1015 T0_PUSH(a - b);
1016
1017 }
1018 break;
1019 case 10: {
1020 /* < */
1021
1022 int32_t b = T0_POPi();
1023 int32_t a = T0_POPi();
1024 T0_PUSH(-(uint32_t)(a < b));
1025
1026 }
1027 break;
1028 case 11: {
1029 /* << */
1030
1031 int c = (int)T0_POPi();
1032 uint32_t x = T0_POP();
1033 T0_PUSH(x << c);
1034
1035 }
1036 break;
1037 case 12: {
1038 /* <= */
1039
1040 int32_t b = T0_POPi();
1041 int32_t a = T0_POPi();
1042 T0_PUSH(-(uint32_t)(a <= b));
1043
1044 }
1045 break;
1046 case 13: {
1047 /* <> */
1048
1049 uint32_t b = T0_POP();
1050 uint32_t a = T0_POP();
1051 T0_PUSH(-(uint32_t)(a != b));
1052
1053 }
1054 break;
1055 case 14: {
1056 /* = */
1057
1058 uint32_t b = T0_POP();
1059 uint32_t a = T0_POP();
1060 T0_PUSH(-(uint32_t)(a == b));
1061
1062 }
1063 break;
1064 case 15: {
1065 /* > */
1066
1067 int32_t b = T0_POPi();
1068 int32_t a = T0_POPi();
1069 T0_PUSH(-(uint32_t)(a > b));
1070
1071 }
1072 break;
1073 case 16: {
1074 /* >= */
1075
1076 int32_t b = T0_POPi();
1077 int32_t a = T0_POPi();
1078 T0_PUSH(-(uint32_t)(a >= b));
1079
1080 }
1081 break;
1082 case 17: {
1083 /* >> */
1084
1085 int c = (int)T0_POPi();
1086 int32_t x = T0_POPi();
1087 T0_PUSHi(x >> c);
1088
1089 }
1090 break;
1091 case 18: {
1092 /* anchor-dn-append-name */
1093
1094 size_t len;
1095
1096 len = T0_POP();
1097 if (CTX->client_auth_vtable != NULL) {
1098 (*CTX->client_auth_vtable)->append_name(
1099 CTX->client_auth_vtable, ENG->pad, len);
1100 }
1101
1102 }
1103 break;
1104 case 19: {
1105 /* anchor-dn-end-name */
1106
1107 if (CTX->client_auth_vtable != NULL) {
1108 (*CTX->client_auth_vtable)->end_name(
1109 CTX->client_auth_vtable);
1110 }
1111
1112 }
1113 break;
1114 case 20: {
1115 /* anchor-dn-end-name-list */
1116
1117 if (CTX->client_auth_vtable != NULL) {
1118 (*CTX->client_auth_vtable)->end_name_list(
1119 CTX->client_auth_vtable);
1120 }
1121
1122 }
1123 break;
1124 case 21: {
1125 /* anchor-dn-start-name */
1126
1127 size_t len;
1128
1129 len = T0_POP();
1130 if (CTX->client_auth_vtable != NULL) {
1131 (*CTX->client_auth_vtable)->start_name(
1132 CTX->client_auth_vtable, len);
1133 }
1134
1135 }
1136 break;
1137 case 22: {
1138 /* anchor-dn-start-name-list */
1139
1140 if (CTX->client_auth_vtable != NULL) {
1141 (*CTX->client_auth_vtable)->start_name_list(
1142 CTX->client_auth_vtable);
1143 }
1144
1145 }
1146 break;
1147 case 23: {
1148 /* and */
1149
1150 uint32_t b = T0_POP();
1151 uint32_t a = T0_POP();
1152 T0_PUSH(a & b);
1153
1154 }
1155 break;
1156 case 24: {
1157 /* begin-cert */
1158
1159 if (ENG->chain_len == 0) {
1160 T0_PUSHi(-1);
1161 } else {
1162 ENG->cert_cur = ENG->chain->data;
1163 ENG->cert_len = ENG->chain->data_len;
1164 ENG->chain ++;
1165 ENG->chain_len --;
1166 T0_PUSH(ENG->cert_len);
1167 }
1168
1169 }
1170 break;
1171 case 25: {
1172 /* bzero */
1173
1174 size_t len = (size_t)T0_POP();
1175 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
1176 memset(addr, 0, len);
1177
1178 }
1179 break;
1180 case 26: {
1181 /* can-output? */
1182
1183 T0_PUSHi(-(ENG->hlen_out > 0));
1184
1185 }
1186 break;
1187 case 27: {
1188 /* co */
1189 T0_CO();
1190 }
1191 break;
1192 case 28: {
1193 /* compute-Finished-inner */
1194
1195 int prf_id = T0_POP();
1196 int from_client = T0_POPi();
1197 unsigned char tmp[48];
1198 br_tls_prf_seed_chunk seed;
1199
1200 br_tls_prf_impl prf = br_ssl_engine_get_PRF(ENG, prf_id);
1201 seed.data = tmp;
1202 if (ENG->session.version >= BR_TLS12) {
1203 seed.len = br_multihash_out(&ENG->mhash, prf_id, tmp);
1204 } else {
1205 br_multihash_out(&ENG->mhash, br_md5_ID, tmp);
1206 br_multihash_out(&ENG->mhash, br_sha1_ID, tmp + 16);
1207 seed.len = 36;
1208 }
1209 prf(ENG->pad, 12, ENG->session.master_secret,
1210 sizeof ENG->session.master_secret,
1211 from_client ? "client finished" : "server finished",
1212 1, &seed);
1213
1214 }
1215 break;
1216 case 29: {
1217 /* copy-cert-chunk */
1218
1219 size_t clen;
1220
1221 clen = ENG->cert_len;
1222 if (clen > sizeof ENG->pad) {
1223 clen = sizeof ENG->pad;
1224 }
1225 memcpy(ENG->pad, ENG->cert_cur, clen);
1226 ENG->cert_cur += clen;
1227 ENG->cert_len -= clen;
1228 T0_PUSH(clen);
1229
1230 }
1231 break;
1232 case 30: {
1233 /* copy-protocol-name */
1234
1235 size_t idx = T0_POP();
1236 size_t len = strlen(ENG->protocol_names[idx]);
1237 memcpy(ENG->pad, ENG->protocol_names[idx], len);
1238 T0_PUSH(len);
1239
1240 }
1241 break;
1242 case 31: {
1243 /* data-get8 */
1244
1245 size_t addr = T0_POP();
1246 T0_PUSH(t0_datablock[addr]);
1247
1248 }
1249 break;
1250 case 32: {
1251 /* discard-input */
1252
1253 ENG->hlen_in = 0;
1254
1255 }
1256 break;
1257 case 33: {
1258 /* do-client-sign */
1259
1260 size_t sig_len;
1261
1262 sig_len = make_client_sign(CTX);
1263 if (sig_len == 0) {
1264 br_ssl_engine_fail(ENG, BR_ERR_INVALID_ALGORITHM);
1265 T0_CO();
1266 }
1267 T0_PUSH(sig_len);
1268
1269 }
1270 break;
1271 case 34: {
1272 /* do-ecdh */
1273
1274 unsigned prf_id = T0_POP();
1275 unsigned ecdhe = T0_POP();
1276 int x;
1277
1278 x = make_pms_ecdh(CTX, ecdhe, prf_id);
1279 if (x < 0) {
1280 br_ssl_engine_fail(ENG, -x);
1281 T0_CO();
1282 } else {
1283 T0_PUSH(x);
1284 }
1285
1286 }
1287 break;
1288 case 35: {
1289 /* do-rsa-encrypt */
1290
1291 int x;
1292
1293 x = make_pms_rsa(CTX, T0_POP());
1294 if (x < 0) {
1295 br_ssl_engine_fail(ENG, -x);
1296 T0_CO();
1297 } else {
1298 T0_PUSH(x);
1299 }
1300
1301 }
1302 break;
1303 case 36: {
1304 /* do-static-ecdh */
1305
1306 unsigned prf_id = T0_POP();
1307
1308 if (make_pms_static_ecdh(CTX, prf_id) < 0) {
1309 br_ssl_engine_fail(ENG, BR_ERR_INVALID_ALGORITHM);
1310 T0_CO();
1311 }
1312
1313 }
1314 break;
1315 case 37: {
1316 /* drop */
1317 (void)T0_POP();
1318 }
1319 break;
1320 case 38: {
1321 /* dup */
1322 T0_PUSH(T0_PEEK(0));
1323 }
1324 break;
1325 case 39: {
1326 /* ext-ALPN-length */
1327
1328 size_t u, len;
1329
1330 if (ENG->protocol_names_num == 0) {
1331 T0_PUSH(0);
1332 T0_RET();
1333 }
1334 len = 6;
1335 for (u = 0; u < ENG->protocol_names_num; u ++) {
1336 len += 1 + strlen(ENG->protocol_names[u]);
1337 }
1338 T0_PUSH(len);
1339
1340 }
1341 break;
1342 case 40: {
1343 /* fail */
1344
1345 br_ssl_engine_fail(ENG, (int)T0_POPi());
1346 T0_CO();
1347
1348 }
1349 break;
1350 case 41: {
1351 /* flush-record */
1352
1353 br_ssl_engine_flush_record(ENG);
1354
1355 }
1356 break;
1357 case 42: {
1358 /* get-client-chain */
1359
1360 uint32_t auth_types;
1361
1362 auth_types = T0_POP();
1363 if (CTX->client_auth_vtable != NULL) {
1364 br_ssl_client_certificate ux;
1365
1366 (*CTX->client_auth_vtable)->choose(CTX->client_auth_vtable,
1367 CTX, auth_types, &ux);
1368 CTX->auth_type = (unsigned char)ux.auth_type;
1369 CTX->hash_id = (unsigned char)ux.hash_id;
1370 ENG->chain = ux.chain;
1371 ENG->chain_len = ux.chain_len;
1372 } else {
1373 CTX->hash_id = 0;
1374 ENG->chain_len = 0;
1375 }
1376
1377 }
1378 break;
1379 case 43: {
1380 /* get-key-type-usages */
1381
1382 const br_x509_class *xc;
1383 const br_x509_pkey *pk;
1384 unsigned usages;
1385
1386 xc = *(ENG->x509ctx);
1387 pk = xc->get_pkey(ENG->x509ctx, &usages);
1388 if (pk == NULL) {
1389 T0_PUSH(0);
1390 } else {
1391 T0_PUSH(pk->key_type | usages);
1392 }
1393
1394 }
1395 break;
1396 case 44: {
1397 /* get16 */
1398
1399 size_t addr = (size_t)T0_POP();
1400 T0_PUSH(*(uint16_t *)(void *)((unsigned char *)ENG + addr));
1401
1402 }
1403 break;
1404 case 45: {
1405 /* get32 */
1406
1407 size_t addr = (size_t)T0_POP();
1408 T0_PUSH(*(uint32_t *)(void *)((unsigned char *)ENG + addr));
1409
1410 }
1411 break;
1412 case 46: {
1413 /* get8 */
1414
1415 size_t addr = (size_t)T0_POP();
1416 T0_PUSH(*((unsigned char *)ENG + addr));
1417
1418 }
1419 break;
1420 case 47: {
1421 /* has-input? */
1422
1423 T0_PUSHi(-(ENG->hlen_in != 0));
1424
1425 }
1426 break;
1427 case 48: {
1428 /* memcmp */
1429
1430 size_t len = (size_t)T0_POP();
1431 void *addr2 = (unsigned char *)ENG + (size_t)T0_POP();
1432 void *addr1 = (unsigned char *)ENG + (size_t)T0_POP();
1433 int x = memcmp(addr1, addr2, len);
1434 T0_PUSH((uint32_t)-(x == 0));
1435
1436 }
1437 break;
1438 case 49: {
1439 /* memcpy */
1440
1441 size_t len = (size_t)T0_POP();
1442 void *src = (unsigned char *)ENG + (size_t)T0_POP();
1443 void *dst = (unsigned char *)ENG + (size_t)T0_POP();
1444 memcpy(dst, src, len);
1445
1446 }
1447 break;
1448 case 50: {
1449 /* mkrand */
1450
1451 size_t len = (size_t)T0_POP();
1452 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
1453 br_hmac_drbg_generate(&ENG->rng, addr, len);
1454
1455 }
1456 break;
1457 case 51: {
1458 /* more-incoming-bytes? */
1459
1460 T0_PUSHi(ENG->hlen_in != 0 || !br_ssl_engine_recvrec_finished(ENG));
1461
1462 }
1463 break;
1464 case 52: {
1465 /* multihash-init */
1466
1467 br_multihash_init(&ENG->mhash);
1468
1469 }
1470 break;
1471 case 53: {
1472 /* neg */
1473
1474 uint32_t a = T0_POP();
1475 T0_PUSH(-a);
1476
1477 }
1478 break;
1479 case 54: {
1480 /* not */
1481
1482 uint32_t a = T0_POP();
1483 T0_PUSH(~a);
1484
1485 }
1486 break;
1487 case 55: {
1488 /* or */
1489
1490 uint32_t b = T0_POP();
1491 uint32_t a = T0_POP();
1492 T0_PUSH(a | b);
1493
1494 }
1495 break;
1496 case 56: {
1497 /* over */
1498 T0_PUSH(T0_PEEK(1));
1499 }
1500 break;
1501 case 57: {
1502 /* read-chunk-native */
1503
1504 size_t clen = ENG->hlen_in;
1505 if (clen > 0) {
1506 uint32_t addr, len;
1507
1508 len = T0_POP();
1509 addr = T0_POP();
1510 if ((size_t)len < clen) {
1511 clen = (size_t)len;
1512 }
1513 memcpy((unsigned char *)ENG + addr, ENG->hbuf_in, clen);
1514 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1515 br_multihash_update(&ENG->mhash, ENG->hbuf_in, clen);
1516 }
1517 T0_PUSH(addr + (uint32_t)clen);
1518 T0_PUSH(len - (uint32_t)clen);
1519 ENG->hbuf_in += clen;
1520 ENG->hlen_in -= clen;
1521 }
1522
1523 }
1524 break;
1525 case 58: {
1526 /* read8-native */
1527
1528 if (ENG->hlen_in > 0) {
1529 unsigned char x;
1530
1531 x = *ENG->hbuf_in ++;
1532 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1533 br_multihash_update(&ENG->mhash, &x, 1);
1534 }
1535 T0_PUSH(x);
1536 ENG->hlen_in --;
1537 } else {
1538 T0_PUSHi(-1);
1539 }
1540
1541 }
1542 break;
1543 case 59: {
1544 /* set-server-curve */
1545
1546 const br_x509_class *xc;
1547 const br_x509_pkey *pk;
1548
1549 xc = *(ENG->x509ctx);
1550 pk = xc->get_pkey(ENG->x509ctx, NULL);
1551 CTX->server_curve =
1552 (pk->key_type == BR_KEYTYPE_EC) ? pk->key.ec.curve : 0;
1553
1554 }
1555 break;
1556 case 60: {
1557 /* set16 */
1558
1559 size_t addr = (size_t)T0_POP();
1560 *(uint16_t *)(void *)((unsigned char *)ENG + addr) = (uint16_t)T0_POP();
1561
1562 }
1563 break;
1564 case 61: {
1565 /* set32 */
1566
1567 size_t addr = (size_t)T0_POP();
1568 *(uint32_t *)(void *)((unsigned char *)ENG + addr) = (uint32_t)T0_POP();
1569
1570 }
1571 break;
1572 case 62: {
1573 /* set8 */
1574
1575 size_t addr = (size_t)T0_POP();
1576 *((unsigned char *)ENG + addr) = (unsigned char)T0_POP();
1577
1578 }
1579 break;
1580 case 63: {
1581 /* strlen */
1582
1583 void *str = (unsigned char *)ENG + (size_t)T0_POP();
1584 T0_PUSH((uint32_t)strlen(str));
1585
1586 }
1587 break;
1588 case 64: {
1589 /* supported-curves */
1590
1591 uint32_t x = ENG->iec == NULL ? 0 : ENG->iec->supported_curves;
1592 T0_PUSH(x);
1593
1594 }
1595 break;
1596 case 65: {
1597 /* supported-hash-functions */
1598
1599 int i;
1600 unsigned x, num;
1601
1602 x = 0;
1603 num = 0;
1604 for (i = br_sha1_ID; i <= br_sha512_ID; i ++) {
1605 if (br_multihash_getimpl(&ENG->mhash, i)) {
1606 x |= 1U << i;
1607 num ++;
1608 }
1609 }
1610 T0_PUSH(x);
1611 T0_PUSH(num);
1612
1613 }
1614 break;
1615 case 66: {
1616 /* supports-ecdsa? */
1617
1618 T0_PUSHi(-(ENG->iecdsa != 0));
1619
1620 }
1621 break;
1622 case 67: {
1623 /* supports-rsa-sign? */
1624
1625 T0_PUSHi(-(ENG->irsavrfy != 0));
1626
1627 }
1628 break;
1629 case 68: {
1630 /* swap */
1631 T0_SWAP();
1632 }
1633 break;
1634 case 69: {
1635 /* switch-aesgcm-in */
1636
1637 int is_client, prf_id;
1638 unsigned cipher_key_len;
1639
1640 cipher_key_len = T0_POP();
1641 prf_id = T0_POP();
1642 is_client = T0_POP();
1643 br_ssl_engine_switch_gcm_in(ENG, is_client, prf_id,
1644 ENG->iaes_ctr, cipher_key_len);
1645
1646 }
1647 break;
1648 case 70: {
1649 /* switch-aesgcm-out */
1650
1651 int is_client, prf_id;
1652 unsigned cipher_key_len;
1653
1654 cipher_key_len = T0_POP();
1655 prf_id = T0_POP();
1656 is_client = T0_POP();
1657 br_ssl_engine_switch_gcm_out(ENG, is_client, prf_id,
1658 ENG->iaes_ctr, cipher_key_len);
1659
1660 }
1661 break;
1662 case 71: {
1663 /* switch-cbc-in */
1664
1665 int is_client, prf_id, mac_id, aes;
1666 unsigned cipher_key_len;
1667
1668 cipher_key_len = T0_POP();
1669 aes = T0_POP();
1670 mac_id = T0_POP();
1671 prf_id = T0_POP();
1672 is_client = T0_POP();
1673 br_ssl_engine_switch_cbc_in(ENG, is_client, prf_id, mac_id,
1674 aes ? ENG->iaes_cbcdec : ENG->ides_cbcdec, cipher_key_len);
1675
1676 }
1677 break;
1678 case 72: {
1679 /* switch-cbc-out */
1680
1681 int is_client, prf_id, mac_id, aes;
1682 unsigned cipher_key_len;
1683
1684 cipher_key_len = T0_POP();
1685 aes = T0_POP();
1686 mac_id = T0_POP();
1687 prf_id = T0_POP();
1688 is_client = T0_POP();
1689 br_ssl_engine_switch_cbc_out(ENG, is_client, prf_id, mac_id,
1690 aes ? ENG->iaes_cbcenc : ENG->ides_cbcenc, cipher_key_len);
1691
1692 }
1693 break;
1694 case 73: {
1695 /* switch-chapol-in */
1696
1697 int is_client, prf_id;
1698
1699 prf_id = T0_POP();
1700 is_client = T0_POP();
1701 br_ssl_engine_switch_chapol_in(ENG, is_client, prf_id);
1702
1703 }
1704 break;
1705 case 74: {
1706 /* switch-chapol-out */
1707
1708 int is_client, prf_id;
1709
1710 prf_id = T0_POP();
1711 is_client = T0_POP();
1712 br_ssl_engine_switch_chapol_out(ENG, is_client, prf_id);
1713
1714 }
1715 break;
1716 case 75: {
1717 /* test-protocol-name */
1718
1719 size_t len = T0_POP();
1720 size_t u;
1721
1722 for (u = 0; u < ENG->protocol_names_num; u ++) {
1723 const char *name;
1724
1725 name = ENG->protocol_names[u];
1726 if (len == strlen(name) && memcmp(ENG->pad, name, len) == 0) {
1727 T0_PUSH(u);
1728 T0_RET();
1729 }
1730 }
1731 T0_PUSHi(-1);
1732
1733 }
1734 break;
1735 case 76: {
1736 /* total-chain-length */
1737
1738 size_t u;
1739 uint32_t total;
1740
1741 total = 0;
1742 for (u = 0; u < ENG->chain_len; u ++) {
1743 total += 3 + (uint32_t)ENG->chain[u].data_len;
1744 }
1745 T0_PUSH(total);
1746
1747 }
1748 break;
1749 case 77: {
1750 /* u>> */
1751
1752 int c = (int)T0_POPi();
1753 uint32_t x = T0_POP();
1754 T0_PUSH(x >> c);
1755
1756 }
1757 break;
1758 case 78: {
1759 /* verify-SKE-sig */
1760
1761 size_t sig_len = T0_POP();
1762 int use_rsa = T0_POPi();
1763 int hash = T0_POPi();
1764
1765 T0_PUSH(verify_SKE_sig(CTX, hash, use_rsa, sig_len));
1766
1767 }
1768 break;
1769 case 79: {
1770 /* write-blob-chunk */
1771
1772 size_t clen = ENG->hlen_out;
1773 if (clen > 0) {
1774 uint32_t addr, len;
1775
1776 len = T0_POP();
1777 addr = T0_POP();
1778 if ((size_t)len < clen) {
1779 clen = (size_t)len;
1780 }
1781 memcpy(ENG->hbuf_out, (unsigned char *)ENG + addr, clen);
1782 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1783 br_multihash_update(&ENG->mhash, ENG->hbuf_out, clen);
1784 }
1785 T0_PUSH(addr + (uint32_t)clen);
1786 T0_PUSH(len - (uint32_t)clen);
1787 ENG->hbuf_out += clen;
1788 ENG->hlen_out -= clen;
1789 }
1790
1791 }
1792 break;
1793 case 80: {
1794 /* write8-native */
1795
1796 unsigned char x;
1797
1798 x = (unsigned char)T0_POP();
1799 if (ENG->hlen_out > 0) {
1800 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1801 br_multihash_update(&ENG->mhash, &x, 1);
1802 }
1803 *ENG->hbuf_out ++ = x;
1804 ENG->hlen_out --;
1805 T0_PUSHi(-1);
1806 } else {
1807 T0_PUSHi(0);
1808 }
1809
1810 }
1811 break;
1812 case 81: {
1813 /* x509-append */
1814
1815 const br_x509_class *xc;
1816 size_t len;
1817
1818 xc = *(ENG->x509ctx);
1819 len = T0_POP();
1820 xc->append(ENG->x509ctx, ENG->pad, len);
1821
1822 }
1823 break;
1824 case 82: {
1825 /* x509-end-cert */
1826
1827 const br_x509_class *xc;
1828
1829 xc = *(ENG->x509ctx);
1830 xc->end_cert(ENG->x509ctx);
1831
1832 }
1833 break;
1834 case 83: {
1835 /* x509-end-chain */
1836
1837 const br_x509_class *xc;
1838
1839 xc = *(ENG->x509ctx);
1840 T0_PUSH(xc->end_chain(ENG->x509ctx));
1841
1842 }
1843 break;
1844 case 84: {
1845 /* x509-start-cert */
1846
1847 const br_x509_class *xc;
1848
1849 xc = *(ENG->x509ctx);
1850 xc->start_cert(ENG->x509ctx, T0_POP());
1851
1852 }
1853 break;
1854 case 85: {
1855 /* x509-start-chain */
1856
1857 const br_x509_class *xc;
1858 uint32_t bc;
1859
1860 bc = T0_POP();
1861 xc = *(ENG->x509ctx);
1862 xc->start_chain(ENG->x509ctx, bc ? ENG->server_name : NULL);
1863
1864 }
1865 break;
1866 }
1867
1868 } else {
1869 T0_ENTER(ip, rp, t0x);
1870 }
1871 }
1872 t0_exit:
1873 ((t0_context *)t0ctx)->dp = dp;
1874 ((t0_context *)t0ctx)->rp = rp;
1875 ((t0_context *)t0ctx)->ip = ip;
1876 }
The BearSSL library and tools.