projects / BearSSL / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
New basic implementation of Curve25519 (generic i15 code, experimental).
[BearSSL] / src / ssl / ssl_hs_client.c
1 /* Automatically generated code; do not modify directly. */
2
3 #include <stddef.h>
4 #include <stdint.h>
5
6 typedef struct {
7 uint32_t *dp;
8 uint32_t *rp;
9 const unsigned char *ip;
10 } t0_context;
11
12 static uint32_t
13 t0_parse7E_unsigned(const unsigned char **p)
14 {
15 uint32_t x;
16
17 x = 0;
18 for (;;) {
19 unsigned y;
20
21 y = *(*p) ++;
22 x = (x << 7) | (uint32_t)(y & 0x7F);
23 if (y < 0x80) {
24 return x;
25 }
26 }
27 }
28
29 static int32_t
30 t0_parse7E_signed(const unsigned char **p)
31 {
32 int neg;
33 uint32_t x;
34
35 neg = ((**p) >> 6) & 1;
36 x = (uint32_t)-neg;
37 for (;;) {
38 unsigned y;
39
40 y = *(*p) ++;
41 x = (x << 7) | (uint32_t)(y & 0x7F);
42 if (y < 0x80) {
43 if (neg) {
44 return -(int32_t)~x - 1;
45 } else {
46 return (int32_t)x;
47 }
48 }
49 }
50 }
51
52 #define T0_VBYTE(x, n) (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) | 0x80)
53 #define T0_FBYTE(x, n) (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)
54 #define T0_SBYTE(x) (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)
55 #define T0_INT1(x) T0_FBYTE(x, 0)
56 #define T0_INT2(x) T0_VBYTE(x, 7), T0_FBYTE(x, 0)
57 #define T0_INT3(x) T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
58 #define T0_INT4(x) T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
59 #define T0_INT5(x) T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
60
61 static const uint8_t t0_datablock[];
62
63
64 void br_ssl_hs_client_init_main(void *t0ctx);
65
66 void br_ssl_hs_client_run(void *t0ctx);
67
68
69
70 #include <stddef.h>
71 #include <string.h>
72
73 #include "inner.h"
74
75 /*
76 * This macro evaluates to a pointer to the current engine context.
77 */
78 #define ENG ((br_ssl_engine_context *)((unsigned char *)t0ctx - offsetof(br_ssl_engine_context, cpu)))
79
80
81
82
83
84 /*
85 * This macro evaluates to a pointer to the client context, under that
86 * specific name. It must be noted that since the engine context is the
87 * first field of the br_ssl_client_context structure ('eng'), then
88 * pointers values of both types are interchangeable, modulo an
89 * appropriate cast. This also means that "adresses" computed as offsets
90 * within the structure work for both kinds of context.
91 */
92 #define CTX ((br_ssl_client_context *)ENG)
93
94 /*
95 * Generate the pre-master secret for RSA key exchange, and encrypt it
96 * with the server's public key. Returned value is either the encrypted
97 * data length (in bytes), or -x on error, with 'x' being an error code.
98 *
99 * This code assumes that the public key has been already verified (it
100 * was properly obtained by the X.509 engine, and it has the right type,
101 * i.e. it is of type RSA and suitable for encryption).
102 */
103 static int
104 make_pms_rsa(br_ssl_client_context *ctx, int prf_id)
105 {
106 const br_x509_class **xc;
107 const br_x509_pkey *pk;
108 const unsigned char *n;
109 unsigned char *pms;
110 size_t nlen, u;
111
112 xc = ctx->eng.x509ctx;
113 pk = (*xc)->get_pkey(xc, NULL);
114
115 /*
116 * Compute actual RSA key length, in case there are leading zeros.
117 */
118 n = pk->key.rsa.n;
119 nlen = pk->key.rsa.nlen;
120 while (nlen > 0 && *n == 0) {
121 n ++;
122 nlen --;
123 }
124
125 /*
126 * We need at least 59 bytes (48 bytes for pre-master secret, and
127 * 11 bytes for the PKCS#1 type 2 padding). Note that the X.509
128 * minimal engine normally blocks RSA keys shorter than 128 bytes,
129 * so this is mostly for public keys provided explicitly by the
130 * caller.
131 */
132 if (nlen < 59) {
133 return -BR_ERR_X509_WEAK_PUBLIC_KEY;
134 }
135 if (nlen > sizeof ctx->eng.pad) {
136 return -BR_ERR_LIMIT_EXCEEDED;
137 }
138
139 /*
140 * Make PMS.
141 */
142 pms = ctx->eng.pad + nlen - 48;
143 br_enc16be(pms, ctx->eng.version_max);
144 br_hmac_drbg_generate(&ctx->eng.rng, pms + 2, 46);
145 br_ssl_engine_compute_master(&ctx->eng, prf_id, pms, 48);
146
147 /*
148 * Apply PKCS#1 type 2 padding.
149 */
150 ctx->eng.pad[0] = 0x00;
151 ctx->eng.pad[1] = 0x02;
152 ctx->eng.pad[nlen - 49] = 0x00;
153 br_hmac_drbg_generate(&ctx->eng.rng, ctx->eng.pad + 2, nlen - 51);
154 for (u = 2; u < nlen - 49; u ++) {
155 while (ctx->eng.pad[u] == 0) {
156 br_hmac_drbg_generate(&ctx->eng.rng,
157 &ctx->eng.pad[u], 1);
158 }
159 }
160
161 /*
162 * Compute RSA encryption.
163 */
164 if (!ctx->irsapub(ctx->eng.pad, nlen, &pk->key.rsa)) {
165 return -BR_ERR_LIMIT_EXCEEDED;
166 }
167 return (int)nlen;
168 }
169
170 /*
171 * OID for hash functions in RSA signatures.
172 */
173 static const unsigned char HASH_OID_SHA1[] = {
174 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A
175 };
176
177 static const unsigned char HASH_OID_SHA224[] = {
178 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04
179 };
180
181 static const unsigned char HASH_OID_SHA256[] = {
182 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01
183 };
184
185 static const unsigned char HASH_OID_SHA384[] = {
186 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02
187 };
188
189 static const unsigned char HASH_OID_SHA512[] = {
190 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03
191 };
192
193 static const unsigned char *HASH_OID[] = {
194 HASH_OID_SHA1,
195 HASH_OID_SHA224,
196 HASH_OID_SHA256,
197 HASH_OID_SHA384,
198 HASH_OID_SHA512
199 };
200
201 /*
202 * Check the RSA signature on the ServerKeyExchange message.
203 *
204 * hash hash function ID (2 to 6), or 0 for MD5+SHA-1 (with RSA only)
205 * use_rsa non-zero for RSA signature, zero for ECDSA
206 * sig_len signature length (in bytes); signature value is in the pad
207 *
208 * Returned value is 0 on success, or an error code.
209 */
210 static int
211 verify_SKE_sig(br_ssl_client_context *ctx,
212 int hash, int use_rsa, size_t sig_len)
213 {
214 const br_x509_class **xc;
215 const br_x509_pkey *pk;
216 br_multihash_context mhc;
217 unsigned char hv[64], head[4];
218 size_t hv_len;
219
220 xc = ctx->eng.x509ctx;
221 pk = (*xc)->get_pkey(xc, NULL);
222 br_multihash_zero(&mhc);
223 br_multihash_copyimpl(&mhc, &ctx->eng.mhash);
224 br_multihash_init(&mhc);
225 br_multihash_update(&mhc,
226 ctx->eng.client_random, sizeof ctx->eng.client_random);
227 br_multihash_update(&mhc,
228 ctx->eng.server_random, sizeof ctx->eng.server_random);
229 head[0] = 3;
230 head[1] = 0;
231 head[2] = ctx->eng.ecdhe_curve;
232 head[3] = ctx->eng.ecdhe_point_len;
233 br_multihash_update(&mhc, head, sizeof head);
234 br_multihash_update(&mhc,
235 ctx->eng.ecdhe_point, ctx->eng.ecdhe_point_len);
236 if (hash) {
237 hv_len = br_multihash_out(&mhc, hash, hv);
238 if (hv_len == 0) {
239 return BR_ERR_INVALID_ALGORITHM;
240 }
241 } else {
242 if (!br_multihash_out(&mhc, br_md5_ID, hv)
243 || !br_multihash_out(&mhc, br_sha1_ID, hv + 16))
244 {
245 return BR_ERR_INVALID_ALGORITHM;
246 }
247 hv_len = 36;
248 }
249 if (use_rsa) {
250 unsigned char tmp[64];
251 const unsigned char *hash_oid;
252
253 if (hash) {
254 hash_oid = HASH_OID[hash - 2];
255 } else {
256 hash_oid = NULL;
257 }
258 if (!ctx->eng.irsavrfy(ctx->eng.pad, sig_len,
259 hash_oid, hv_len, &pk->key.rsa, tmp)
260 || memcmp(tmp, hv, hv_len) != 0)
261 {
262 return BR_ERR_BAD_SIGNATURE;
263 }
264 } else {
265 if (!ctx->eng.iecdsa(ctx->eng.iec, hv, hv_len, &pk->key.ec,
266 ctx->eng.pad, sig_len))
267 {
268 return BR_ERR_BAD_SIGNATURE;
269 }
270 }
271 return 0;
272 }
273
274 /*
275 * Perform client-side ECDH (or ECDHE). The point that should be sent to
276 * the server is written in the pad; returned value is either the point
277 * length (in bytes), or -x on error, with 'x' being an error code.
278 *
279 * The point _from_ the server is taken from ecdhe_point[] if 'ecdhe'
280 * is non-zero, or from the X.509 engine context if 'ecdhe' is zero
281 * (for static ECDH).
282 */
283 static int
284 make_pms_ecdh(br_ssl_client_context *ctx, unsigned ecdhe, int prf_id)
285 {
286 int curve;
287 unsigned char key[66], point[133];
288 const unsigned char *order, *point_src;
289 size_t glen, olen, point_len;
290 unsigned char mask;
291
292 if (ecdhe) {
293 curve = ctx->eng.ecdhe_curve;
294 point_src = ctx->eng.ecdhe_point;
295 point_len = ctx->eng.ecdhe_point_len;
296 } else {
297 const br_x509_class **xc;
298 const br_x509_pkey *pk;
299
300 xc = ctx->eng.x509ctx;
301 pk = (*xc)->get_pkey(xc, NULL);
302 curve = pk->key.ec.curve;
303 point_src = pk->key.ec.q;
304 point_len = pk->key.ec.qlen;
305 }
306 if ((ctx->eng.iec->supported_curves & ((uint32_t)1 << curve)) == 0) {
307 return -BR_ERR_INVALID_ALGORITHM;
308 }
309
310 /*
311 * We need to generate our key, as a non-zero random value which
312 * is lower than the curve order, in a "large enough" range. We
313 * force top bit to 0 and bottom bit to 1, which guarantees that
314 * the value is in the proper range.
315 */
316 order = ctx->eng.iec->order(curve, &olen);
317 mask = 0xFF;
318 while (mask >= order[0]) {
319 mask >>= 1;
320 }
321 br_hmac_drbg_generate(&ctx->eng.rng, key, olen);
322 key[0] &= mask;
323 key[olen - 1] |= 0x01;
324
325 /*
326 * Compute the common ECDH point, whose X coordinate is the
327 * pre-master secret.
328 */
329 ctx->eng.iec->generator(curve, &glen);
330 if (glen != point_len) {
331 return -BR_ERR_INVALID_ALGORITHM;
332 }
333
334 memcpy(point, point_src, glen);
335 if (!ctx->eng.iec->mul(point, glen, key, olen, curve)) {
336 return -BR_ERR_INVALID_ALGORITHM;
337 }
338
339 /*
340 * The pre-master secret is the X coordinate.
341 */
342 br_ssl_engine_compute_master(&ctx->eng, prf_id, point + 1, glen >> 1);
343
344 ctx->eng.iec->mulgen(point, key, olen, curve);
345 memcpy(ctx->eng.pad, point, glen);
346 return (int)glen;
347 }
348
349 /*
350 * Perform full static ECDH. This occurs only in the context of client
351 * authentication with certificates: the server uses an EC public key,
352 * the cipher suite is of type ECDH (not ECDHE), the server requested a
353 * client certificate and accepts static ECDH, the client has a
354 * certificate with an EC public key in the same curve, and accepts
355 * static ECDH as well.
356 *
357 * Returned value is 0 on success, -1 on error.
358 */
359 static int
360 make_pms_static_ecdh(br_ssl_client_context *ctx, int prf_id)
361 {
362 unsigned char point[133];
363 size_t point_len;
364 const br_x509_class **xc;
365 const br_x509_pkey *pk;
366
367 xc = ctx->eng.x509ctx;
368 pk = (*xc)->get_pkey(xc, NULL);
369 point_len = pk->key.ec.qlen;
370 if (point_len > sizeof point) {
371 return -1;
372 }
373 memcpy(point, pk->key.ec.q, point_len);
374 if (!(*ctx->client_auth_vtable)->do_keyx(
375 ctx->client_auth_vtable, point, point_len))
376 {
377 return -1;
378 }
379 br_ssl_engine_compute_master(&ctx->eng,
380 prf_id, point + 1, point_len >> 1);
381 return 0;
382 }
383
384 /*
385 * Compute the client-side signature. This is invoked only when a
386 * signature-based client authentication was selected. The computed
387 * signature is in the pad; its length (in bytes) is returned. On
388 * error, 0 is returned.
389 */
390 static size_t
391 make_client_sign(br_ssl_client_context *ctx)
392 {
393 size_t hv_len;
394
395 /*
396 * Compute hash of handshake messages so far. This "cannot" fail
397 * because the list of supported hash functions provided to the
398 * client certificate handler was trimmed to include only the
399 * hash functions that the multi-hasher supports.
400 */
401 if (ctx->hash_id) {
402 hv_len = br_multihash_out(&ctx->eng.mhash,
403 ctx->hash_id, ctx->eng.pad);
404 } else {
405 br_multihash_out(&ctx->eng.mhash,
406 br_md5_ID, ctx->eng.pad);
407 br_multihash_out(&ctx->eng.mhash,
408 br_sha1_ID, ctx->eng.pad + 16);
409 hv_len = 36;
410 }
411 return (*ctx->client_auth_vtable)->do_sign(
412 ctx->client_auth_vtable, ctx->hash_id, hv_len,
413 ctx->eng.pad, sizeof ctx->eng.pad);
414 }
415
416
417
418 static const uint8_t t0_datablock[] = {
419 0x00, 0x00, 0x0A, 0x00, 0x24, 0x00, 0x2F, 0x01, 0x24, 0x00, 0x35, 0x02,
420 0x24, 0x00, 0x3C, 0x01, 0x44, 0x00, 0x3D, 0x02, 0x44, 0x00, 0x9C, 0x03,
421 0x04, 0x00, 0x9D, 0x04, 0x05, 0xC0, 0x03, 0x40, 0x24, 0xC0, 0x04, 0x41,
422 0x24, 0xC0, 0x05, 0x42, 0x24, 0xC0, 0x08, 0x20, 0x24, 0xC0, 0x09, 0x21,
423 0x24, 0xC0, 0x0A, 0x22, 0x24, 0xC0, 0x0D, 0x30, 0x24, 0xC0, 0x0E, 0x31,
424 0x24, 0xC0, 0x0F, 0x32, 0x24, 0xC0, 0x12, 0x10, 0x24, 0xC0, 0x13, 0x11,
425 0x24, 0xC0, 0x14, 0x12, 0x24, 0xC0, 0x23, 0x21, 0x44, 0xC0, 0x24, 0x22,
426 0x55, 0xC0, 0x25, 0x41, 0x44, 0xC0, 0x26, 0x42, 0x55, 0xC0, 0x27, 0x11,
427 0x44, 0xC0, 0x28, 0x12, 0x55, 0xC0, 0x29, 0x31, 0x44, 0xC0, 0x2A, 0x32,
428 0x55, 0xC0, 0x2B, 0x23, 0x04, 0xC0, 0x2C, 0x24, 0x05, 0xC0, 0x2D, 0x43,
429 0x04, 0xC0, 0x2E, 0x44, 0x05, 0xC0, 0x2F, 0x13, 0x04, 0xC0, 0x30, 0x14,
430 0x05, 0xC0, 0x31, 0x33, 0x04, 0xC0, 0x32, 0x34, 0x05, 0xCC, 0xA8, 0x15,
431 0x04, 0xCC, 0xA9, 0x25, 0x04, 0x00, 0x00
432 };
433
434 static const uint8_t t0_codeblock[] = {
435 0x00, 0x01, 0x00, 0x0A, 0x00, 0x00, 0x01, 0x00, 0x0D, 0x00, 0x00, 0x01,
436 0x00, 0x0E, 0x00, 0x00, 0x01, 0x00, 0x0F, 0x00, 0x00, 0x01, 0x01, 0x08,
437 0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x02, 0x08, 0x00, 0x00,
438 0x01, 0x02, 0x09, 0x00, 0x00, 0x25, 0x25, 0x00, 0x00, 0x01,
439 T0_INT1(BR_ERR_BAD_CCS), 0x00, 0x00, 0x01,
440 T0_INT1(BR_ERR_BAD_CIPHER_SUITE), 0x00, 0x00, 0x01,
441 T0_INT1(BR_ERR_BAD_COMPRESSION), 0x00, 0x00, 0x01,
442 T0_INT1(BR_ERR_BAD_FINISHED), 0x00, 0x00, 0x01,
443 T0_INT1(BR_ERR_BAD_FRAGLEN), 0x00, 0x00, 0x01,
444 T0_INT1(BR_ERR_BAD_HANDSHAKE), 0x00, 0x00, 0x01,
445 T0_INT1(BR_ERR_BAD_HELLO_DONE), 0x00, 0x00, 0x01,
446 T0_INT1(BR_ERR_BAD_PARAM), 0x00, 0x00, 0x01,
447 T0_INT1(BR_ERR_BAD_SECRENEG), 0x00, 0x00, 0x01,
448 T0_INT1(BR_ERR_BAD_SNI), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_BAD_VERSION),
449 0x00, 0x00, 0x01, T0_INT1(BR_ERR_EXTRA_EXTENSION), 0x00, 0x00, 0x01,
450 T0_INT1(BR_ERR_INVALID_ALGORITHM), 0x00, 0x00, 0x01,
451 T0_INT1(BR_ERR_LIMIT_EXCEEDED), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OK),
452 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OVERSIZED_ID), 0x00, 0x00, 0x01,
453 T0_INT1(BR_ERR_RESUME_MISMATCH), 0x00, 0x00, 0x01,
454 T0_INT1(BR_ERR_UNEXPECTED), 0x00, 0x00, 0x01,
455 T0_INT1(BR_ERR_UNSUPPORTED_VERSION), 0x00, 0x00, 0x01,
456 T0_INT1(BR_ERR_WRONG_KEY_USAGE), 0x00, 0x00, 0x01,
457 T0_INT2(offsetof(br_ssl_engine_context, action)), 0x00, 0x00, 0x01,
458 T0_INT2(offsetof(br_ssl_engine_context, alert)), 0x00, 0x00, 0x01,
459 T0_INT2(offsetof(br_ssl_engine_context, application_data)), 0x00, 0x00,
460 0x01, T0_INT2(offsetof(br_ssl_client_context, auth_type)), 0x00, 0x00,
461 0x01,
462 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, cipher_suite)),
463 0x00, 0x00, 0x01,
464 T0_INT2(offsetof(br_ssl_engine_context, client_random)), 0x00, 0x00,
465 0x01, T0_INT2(offsetof(br_ssl_engine_context, close_received)), 0x00,
466 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_curve)),
467 0x00, 0x00, 0x01,
468 T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point)), 0x00, 0x00,
469 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point_len)), 0x00,
470 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, flags)), 0x00,
471 0x00, 0x01, T0_INT2(offsetof(br_ssl_client_context, hash_id)), 0x00,
472 0x00, 0x01, T0_INT2(offsetof(br_ssl_client_context, hashes)), 0x00,
473 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, log_max_frag_len)),
474 0x00, 0x00, 0x01,
475 T0_INT2(offsetof(br_ssl_client_context, min_clienthello_len)), 0x00,
476 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, pad)), 0x00, 0x00,
477 0x01, T0_INT2(offsetof(br_ssl_engine_context, protocol_names_num)),
478 0x00, 0x00, 0x01,
479 T0_INT2(offsetof(br_ssl_engine_context, record_type_in)), 0x00, 0x00,
480 0x01, T0_INT2(offsetof(br_ssl_engine_context, record_type_out)), 0x00,
481 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, reneg)), 0x00,
482 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, saved_finished)),
483 0x00, 0x00, 0x01,
484 T0_INT2(offsetof(br_ssl_engine_context, selected_protocol)), 0x00,
485 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, server_name)),
486 0x00, 0x00, 0x01,
487 T0_INT2(offsetof(br_ssl_engine_context, server_random)), 0x00, 0x00,
488 0x01,
489 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id)),
490 0x00, 0x00, 0x01,
491 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id_len)),
492 0x00, 0x00, 0x01,
493 T0_INT2(offsetof(br_ssl_engine_context, shutdown_recv)), 0x00, 0x00,
494 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_buf)), 0x00, 0x00,
495 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_num)), 0x00, 0x00,
496 0x01,
497 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, version)),
498 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_in)),
499 0x00, 0x00, 0x01,
500 T0_INT2(offsetof(br_ssl_engine_context, version_max)), 0x00, 0x00,
501 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_min)), 0x00,
502 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_out)),
503 0x00, 0x00, 0x09, 0x26, 0x56, 0x06, 0x02, 0x66, 0x28, 0x00, 0x00, 0x06,
504 0x08, 0x2C, 0x0E, 0x05, 0x02, 0x6F, 0x28, 0x04, 0x01, 0x3C, 0x00, 0x00,
505 0x01, 0x01, 0x00, 0x01, 0x03, 0x00, 0x97, 0x26, 0x5C, 0x44, 0x9B, 0x26,
506 0x05, 0x04, 0x5E, 0x01, 0x00, 0x00, 0x02, 0x00, 0x0E, 0x06, 0x02, 0x9B,
507 0x00, 0x5C, 0x04, 0x6B, 0x00, 0x06, 0x02, 0x66, 0x28, 0x00, 0x00, 0x26,
508 0x87, 0x44, 0x05, 0x03, 0x01, 0x0C, 0x08, 0x44, 0x77, 0x2C, 0xA9, 0x1C,
509 0x82, 0x01, 0x0C, 0x31, 0x00, 0x00, 0x26, 0x1F, 0x01, 0x08, 0x0B, 0x44,
510 0x5A, 0x1F, 0x08, 0x00, 0x01, 0x03, 0x00, 0x01, 0x00, 0x75, 0x3E, 0x29,
511 0x1A, 0x36, 0x06, 0x07, 0x02, 0x00, 0xCC, 0x03, 0x00, 0x04, 0x75, 0x01,
512 0x00, 0xC3, 0x02, 0x00, 0x26, 0x1A, 0x17, 0x06, 0x02, 0x6D, 0x28, 0xCC,
513 0x04, 0x76, 0x01, 0x01, 0x00, 0x75, 0x3E, 0x01, 0x16, 0x85, 0x3E, 0x01,
514 0x00, 0x88, 0x3C, 0x34, 0xD2, 0x29, 0xB2, 0x06, 0x09, 0x01, 0x7F, 0xAD,
515 0x01, 0x7F, 0xCF, 0x04, 0x80, 0x53, 0xAF, 0x77, 0x2C, 0x9F, 0x01,
516 T0_INT1(BR_KEYTYPE_SIGN), 0x17, 0x06, 0x01, 0xB3, 0xB6, 0x26, 0x01,
517 0x0D, 0x0E, 0x06, 0x07, 0x25, 0xB5, 0xB6, 0x01, 0x7F, 0x04, 0x02, 0x01,
518 0x00, 0x03, 0x00, 0x01, 0x0E, 0x0E, 0x05, 0x02, 0x70, 0x28, 0x06, 0x02,
519 0x65, 0x28, 0x33, 0x06, 0x02, 0x70, 0x28, 0x02, 0x00, 0x06, 0x1C, 0xD0,
520 0x7E, 0x2E, 0x01, 0x81, 0x7F, 0x0E, 0x06, 0x0D, 0x25, 0x01, 0x10, 0xDB,
521 0x01, 0x00, 0xDA, 0x77, 0x2C, 0xA9, 0x24, 0x04, 0x04, 0xD3, 0x06, 0x01,
522 0xD1, 0x04, 0x01, 0xD3, 0x01, 0x7F, 0xCF, 0x01, 0x7F, 0xAD, 0x01, 0x01,
523 0x75, 0x3E, 0x01, 0x17, 0x85, 0x3E, 0x00, 0x00, 0x38, 0x38, 0x00, 0x00,
524 0x98, 0x01, 0x0C, 0x11, 0x01, 0x00, 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
525 T0_INT1(BR_KEYTYPE_RSA | BR_KEYTYPE_KEYX), 0x04, 0x30, 0x01, 0x01,
526 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
527 T0_INT1(BR_KEYTYPE_RSA | BR_KEYTYPE_SIGN), 0x04, 0x25, 0x01, 0x02,
528 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
529 T0_INT1(BR_KEYTYPE_EC | BR_KEYTYPE_SIGN), 0x04, 0x1A, 0x01, 0x03,
530 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
531 T0_INT1(BR_KEYTYPE_EC | BR_KEYTYPE_KEYX), 0x04, 0x0F, 0x01, 0x04,
532 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
533 T0_INT1(BR_KEYTYPE_EC | BR_KEYTYPE_KEYX), 0x04, 0x04, 0x01, 0x00,
534 0x44, 0x25, 0x00, 0x00, 0x80, 0x2E, 0x01, 0x0E, 0x0E, 0x06, 0x04, 0x01,
535 0x00, 0x04, 0x02, 0x01, 0x05, 0x00, 0x00, 0x40, 0x06, 0x04, 0x01, 0x06,
536 0x04, 0x02, 0x01, 0x00, 0x00, 0x00, 0x86, 0x2E, 0x26, 0x06, 0x08, 0x01,
537 0x01, 0x09, 0x01, 0x11, 0x07, 0x04, 0x03, 0x25, 0x01, 0x05, 0x00, 0x01,
538 0x41, 0x03, 0x00, 0x25, 0x01, 0x00, 0x43, 0x06, 0x03, 0x02, 0x00, 0x08,
539 0x42, 0x06, 0x03, 0x02, 0x00, 0x08, 0x26, 0x06, 0x06, 0x01, 0x01, 0x0B,
540 0x01, 0x06, 0x08, 0x00, 0x00, 0x89, 0x3F, 0x26, 0x06, 0x03, 0x01, 0x09,
541 0x08, 0x00, 0x01, 0x40, 0x26, 0x06, 0x1E, 0x01, 0x00, 0x03, 0x00, 0x26,
542 0x06, 0x0E, 0x26, 0x01, 0x01, 0x17, 0x02, 0x00, 0x08, 0x03, 0x00, 0x01,
543 0x01, 0x11, 0x04, 0x6F, 0x25, 0x02, 0x00, 0x01, 0x01, 0x0B, 0x01, 0x06,
544 0x08, 0x00, 0x00, 0x7D, 0x2D, 0x44, 0x11, 0x01, 0x01, 0x17, 0x35, 0x00,
545 0x00, 0x9D, 0xCB, 0x26, 0x01, 0x07, 0x17, 0x01, 0x00, 0x38, 0x0E, 0x06,
546 0x09, 0x25, 0x01, 0x10, 0x17, 0x06, 0x01, 0x9D, 0x04, 0x2D, 0x01, 0x01,
547 0x38, 0x0E, 0x06, 0x24, 0x25, 0x25, 0x01, 0x00, 0x75, 0x3E, 0xB1, 0x86,
548 0x2E, 0x01, 0x01, 0x0E, 0x01, 0x01, 0xA6, 0x37, 0x06, 0x0F, 0x29, 0x1A,
549 0x36, 0x06, 0x04, 0xCB, 0x25, 0x04, 0x78, 0x01, 0x80, 0x64, 0xC3, 0x04,
550 0x01, 0x9D, 0x04, 0x03, 0x70, 0x28, 0x25, 0x04, 0xFF, 0x3C, 0x01, 0x26,
551 0x03, 0x00, 0x09, 0x26, 0x56, 0x06, 0x02, 0x66, 0x28, 0x02, 0x00, 0x00,
552 0x00, 0x98, 0x01, 0x0F, 0x17, 0x00, 0x00, 0x74, 0x2E, 0x01, 0x00, 0x38,
553 0x0E, 0x06, 0x10, 0x25, 0x26, 0x01, 0x01, 0x0D, 0x06, 0x03, 0x25, 0x01,
554 0x02, 0x74, 0x3E, 0x01, 0x00, 0x04, 0x21, 0x01, 0x01, 0x38, 0x0E, 0x06,
555 0x14, 0x25, 0x01, 0x00, 0x74, 0x3E, 0x26, 0x01, 0x80, 0x64, 0x0E, 0x06,
556 0x05, 0x01, 0x82, 0x00, 0x08, 0x28, 0x58, 0x04, 0x07, 0x25, 0x01, 0x82,
557 0x00, 0x08, 0x28, 0x25, 0x00, 0x00, 0x01, 0x00, 0x2F, 0x06, 0x05, 0x3A,
558 0xAA, 0x37, 0x04, 0x78, 0x26, 0x06, 0x04, 0x01, 0x01, 0x8D, 0x3E, 0x00,
559 0x01, 0xBD, 0xA8, 0xBD, 0xA8, 0xBF, 0x82, 0x44, 0x26, 0x03, 0x00, 0xB4,
560 0x99, 0x99, 0x02, 0x00, 0x4B, 0x26, 0x56, 0x06, 0x0A, 0x01, 0x03, 0xA6,
561 0x06, 0x02, 0x70, 0x28, 0x25, 0x04, 0x03, 0x5A, 0x88, 0x3C, 0x00, 0x00,
562 0x2F, 0x06, 0x0B, 0x84, 0x2E, 0x01, 0x14, 0x0D, 0x06, 0x02, 0x70, 0x28,
563 0x04, 0x11, 0xCB, 0x01, 0x07, 0x17, 0x26, 0x01, 0x02, 0x0D, 0x06, 0x06,
564 0x06, 0x02, 0x70, 0x28, 0x04, 0x70, 0x25, 0xC0, 0x01, 0x01, 0x0D, 0x33,
565 0x37, 0x06, 0x02, 0x5F, 0x28, 0x26, 0x01, 0x01, 0xC6, 0x36, 0xB0, 0x00,
566 0x01, 0xB6, 0x01, 0x0B, 0x0E, 0x05, 0x02, 0x70, 0x28, 0x26, 0x01, 0x03,
567 0x0E, 0x06, 0x08, 0xBE, 0x06, 0x02, 0x66, 0x28, 0x44, 0x25, 0x00, 0x44,
568 0x55, 0xBE, 0xA8, 0x26, 0x06, 0x23, 0xBE, 0xA8, 0x26, 0x54, 0x26, 0x06,
569 0x18, 0x26, 0x01, 0x82, 0x00, 0x0F, 0x06, 0x05, 0x01, 0x82, 0x00, 0x04,
570 0x01, 0x26, 0x03, 0x00, 0x82, 0x02, 0x00, 0xB4, 0x02, 0x00, 0x51, 0x04,
571 0x65, 0x99, 0x52, 0x04, 0x5A, 0x99, 0x99, 0x53, 0x26, 0x06, 0x02, 0x35,
572 0x00, 0x25, 0x2B, 0x00, 0x00, 0x77, 0x2C, 0x9F, 0x01, 0x7F, 0xAE, 0x26,
573 0x56, 0x06, 0x02, 0x35, 0x28, 0x26, 0x05, 0x02, 0x70, 0x28, 0x38, 0x17,
574 0x0D, 0x06, 0x02, 0x72, 0x28, 0x3B, 0x00, 0x00, 0x9A, 0xB6, 0x01, 0x14,
575 0x0D, 0x06, 0x02, 0x70, 0x28, 0x82, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0xB4,
576 0x99, 0x82, 0x26, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0x30, 0x05, 0x02, 0x62,
577 0x28, 0x00, 0x00, 0xB7, 0x06, 0x02, 0x70, 0x28, 0x06, 0x02, 0x64, 0x28,
578 0x00, 0x0A, 0xB6, 0x01, 0x02, 0x0E, 0x05, 0x02, 0x70, 0x28, 0xBD, 0x03,
579 0x00, 0x02, 0x00, 0x93, 0x2C, 0x0A, 0x02, 0x00, 0x92, 0x2C, 0x0F, 0x37,
580 0x06, 0x02, 0x71, 0x28, 0x02, 0x00, 0x91, 0x2C, 0x0D, 0x06, 0x02, 0x69,
581 0x28, 0x02, 0x00, 0x94, 0x3C, 0x8A, 0x01, 0x20, 0xB4, 0x01, 0x00, 0x03,
582 0x01, 0xBF, 0x03, 0x02, 0x02, 0x02, 0x01, 0x20, 0x0F, 0x06, 0x02, 0x6E,
583 0x28, 0x82, 0x02, 0x02, 0xB4, 0x02, 0x02, 0x8C, 0x2E, 0x0E, 0x02, 0x02,
584 0x01, 0x00, 0x0F, 0x17, 0x06, 0x0B, 0x8B, 0x82, 0x02, 0x02, 0x30, 0x06,
585 0x04, 0x01, 0x7F, 0x03, 0x01, 0x8B, 0x82, 0x02, 0x02, 0x31, 0x02, 0x02,
586 0x8C, 0x3E, 0x02, 0x00, 0x90, 0x02, 0x01, 0x96, 0xBD, 0x26, 0xC1, 0x56,
587 0x06, 0x02, 0x60, 0x28, 0x77, 0x02, 0x01, 0x96, 0xBF, 0x06, 0x02, 0x61,
588 0x28, 0x26, 0x06, 0x81, 0x45, 0xBD, 0xA8, 0xA4, 0x03, 0x03, 0xA2, 0x03,
589 0x04, 0xA0, 0x03, 0x05, 0xA3, 0x03, 0x06, 0xA5, 0x03, 0x07, 0xA1, 0x03,
590 0x08, 0x27, 0x03, 0x09, 0x26, 0x06, 0x81, 0x18, 0xBD, 0x01, 0x00, 0x38,
591 0x0E, 0x06, 0x0F, 0x25, 0x02, 0x03, 0x05, 0x02, 0x6A, 0x28, 0x01, 0x00,
592 0x03, 0x03, 0xBC, 0x04, 0x80, 0x7F, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x0F,
593 0x25, 0x02, 0x05, 0x05, 0x02, 0x6A, 0x28, 0x01, 0x00, 0x03, 0x05, 0xBA,
594 0x04, 0x80, 0x6A, 0x01, 0x83, 0xFE, 0x01, 0x38, 0x0E, 0x06, 0x0F, 0x25,
595 0x02, 0x04, 0x05, 0x02, 0x6A, 0x28, 0x01, 0x00, 0x03, 0x04, 0xBB, 0x04,
596 0x80, 0x53, 0x01, 0x0D, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x06, 0x05,
597 0x02, 0x6A, 0x28, 0x01, 0x00, 0x03, 0x06, 0xB8, 0x04, 0x3F, 0x01, 0x0A,
598 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x07, 0x05, 0x02, 0x6A, 0x28, 0x01,
599 0x00, 0x03, 0x07, 0xB8, 0x04, 0x2B, 0x01, 0x0B, 0x38, 0x0E, 0x06, 0x0E,
600 0x25, 0x02, 0x08, 0x05, 0x02, 0x6A, 0x28, 0x01, 0x00, 0x03, 0x08, 0xB8,
601 0x04, 0x17, 0x01, 0x10, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x09, 0x05,
602 0x02, 0x6A, 0x28, 0x01, 0x00, 0x03, 0x09, 0xAC, 0x04, 0x03, 0x6A, 0x28,
603 0x25, 0x04, 0xFE, 0x64, 0x02, 0x04, 0x06, 0x0D, 0x02, 0x04, 0x01, 0x05,
604 0x0F, 0x06, 0x02, 0x67, 0x28, 0x01, 0x01, 0x86, 0x3E, 0x99, 0x99, 0x02,
605 0x01, 0x00, 0x04, 0xB6, 0x01, 0x0C, 0x0E, 0x05, 0x02, 0x70, 0x28, 0xBF,
606 0x01, 0x03, 0x0E, 0x05, 0x02, 0x6B, 0x28, 0xBD, 0x26, 0x7A, 0x3E, 0x26,
607 0x01, 0x20, 0x10, 0x06, 0x02, 0x6B, 0x28, 0x40, 0x44, 0x11, 0x01, 0x01,
608 0x17, 0x05, 0x02, 0x6B, 0x28, 0xBF, 0x26, 0x01, 0x81, 0x05, 0x0F, 0x06,
609 0x02, 0x6B, 0x28, 0x26, 0x7C, 0x3E, 0x7B, 0x44, 0xB4, 0x90, 0x2C, 0x01,
610 0x86, 0x03, 0x10, 0x03, 0x00, 0x77, 0x2C, 0xC9, 0x03, 0x01, 0x01, 0x02,
611 0x03, 0x02, 0x02, 0x00, 0x06, 0x21, 0xBF, 0x26, 0x26, 0x01, 0x02, 0x0A,
612 0x44, 0x01, 0x06, 0x0F, 0x37, 0x06, 0x02, 0x6B, 0x28, 0x03, 0x02, 0xBF,
613 0x02, 0x01, 0x01, 0x01, 0x0B, 0x01, 0x03, 0x08, 0x0E, 0x05, 0x02, 0x6B,
614 0x28, 0x04, 0x08, 0x02, 0x01, 0x06, 0x04, 0x01, 0x00, 0x03, 0x02, 0xBD,
615 0x26, 0x03, 0x03, 0x26, 0x01, 0x84, 0x00, 0x0F, 0x06, 0x02, 0x6C, 0x28,
616 0x82, 0x44, 0xB4, 0x02, 0x02, 0x02, 0x01, 0x02, 0x03, 0x4E, 0x26, 0x06,
617 0x01, 0x28, 0x25, 0x99, 0x00, 0x02, 0x03, 0x00, 0x03, 0x01, 0x02, 0x00,
618 0x95, 0x02, 0x01, 0x02, 0x00, 0x39, 0x26, 0x01, 0x00, 0x0E, 0x06, 0x02,
619 0x5E, 0x00, 0xCD, 0x04, 0x74, 0x02, 0x01, 0x00, 0x03, 0x00, 0xBF, 0xA8,
620 0x26, 0x06, 0x80, 0x43, 0xBF, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x06, 0x25,
621 0x01, 0x81, 0x7F, 0x04, 0x2E, 0x01, 0x80, 0x40, 0x38, 0x0E, 0x06, 0x07,
622 0x25, 0x01, 0x83, 0xFE, 0x00, 0x04, 0x20, 0x01, 0x80, 0x41, 0x38, 0x0E,
623 0x06, 0x07, 0x25, 0x01, 0x84, 0x80, 0x00, 0x04, 0x12, 0x01, 0x80, 0x42,
624 0x38, 0x0E, 0x06, 0x07, 0x25, 0x01, 0x88, 0x80, 0x00, 0x04, 0x04, 0x01,
625 0x00, 0x44, 0x25, 0x02, 0x00, 0x37, 0x03, 0x00, 0x04, 0xFF, 0x39, 0x99,
626 0x77, 0x2C, 0xC7, 0x05, 0x09, 0x02, 0x00, 0x01, 0x83, 0xFF, 0x7F, 0x17,
627 0x03, 0x00, 0x90, 0x2C, 0x01, 0x86, 0x03, 0x10, 0x06, 0x3A, 0xB9, 0x26,
628 0x7F, 0x3D, 0x41, 0x25, 0x26, 0x01, 0x08, 0x0B, 0x37, 0x01, 0x8C, 0x80,
629 0x00, 0x37, 0x17, 0x02, 0x00, 0x17, 0x02, 0x00, 0x01, 0x8C, 0x80, 0x00,
630 0x17, 0x06, 0x19, 0x26, 0x01, 0x81, 0x7F, 0x17, 0x06, 0x05, 0x01, 0x84,
631 0x80, 0x00, 0x37, 0x26, 0x01, 0x83, 0xFE, 0x00, 0x17, 0x06, 0x05, 0x01,
632 0x88, 0x80, 0x00, 0x37, 0x03, 0x00, 0x04, 0x09, 0x02, 0x00, 0x01, 0x8C,
633 0x88, 0x01, 0x17, 0x03, 0x00, 0x16, 0xBD, 0xA8, 0x26, 0x06, 0x23, 0xBD,
634 0xA8, 0x26, 0x15, 0x26, 0x06, 0x18, 0x26, 0x01, 0x82, 0x00, 0x0F, 0x06,
635 0x05, 0x01, 0x82, 0x00, 0x04, 0x01, 0x26, 0x03, 0x01, 0x82, 0x02, 0x01,
636 0xB4, 0x02, 0x01, 0x12, 0x04, 0x65, 0x99, 0x13, 0x04, 0x5A, 0x99, 0x14,
637 0x99, 0x02, 0x00, 0x2A, 0x00, 0x00, 0xB7, 0x26, 0x58, 0x06, 0x07, 0x25,
638 0x06, 0x02, 0x64, 0x28, 0x04, 0x74, 0x00, 0x00, 0xC0, 0x01, 0x03, 0xBE,
639 0x44, 0x25, 0x44, 0x00, 0x00, 0xBD, 0xC4, 0x00, 0x03, 0x01, 0x00, 0x03,
640 0x00, 0xBD, 0xA8, 0x26, 0x06, 0x80, 0x50, 0xBF, 0x03, 0x01, 0xBF, 0x03,
641 0x02, 0x02, 0x01, 0x01, 0x08, 0x0E, 0x06, 0x16, 0x02, 0x02, 0x01, 0x0F,
642 0x0C, 0x06, 0x0D, 0x01, 0x01, 0x02, 0x02, 0x01, 0x10, 0x08, 0x0B, 0x02,
643 0x00, 0x37, 0x03, 0x00, 0x04, 0x2A, 0x02, 0x01, 0x01, 0x02, 0x10, 0x02,
644 0x01, 0x01, 0x06, 0x0C, 0x17, 0x02, 0x02, 0x01, 0x01, 0x0E, 0x02, 0x02,
645 0x01, 0x03, 0x0E, 0x37, 0x17, 0x06, 0x11, 0x02, 0x00, 0x01, 0x01, 0x02,
646 0x02, 0x5B, 0x01, 0x02, 0x0B, 0x02, 0x01, 0x08, 0x0B, 0x37, 0x03, 0x00,
647 0x04, 0xFF, 0x2C, 0x99, 0x02, 0x00, 0x00, 0x00, 0xBD, 0x01, 0x01, 0x0E,
648 0x05, 0x02, 0x63, 0x28, 0xBF, 0x01, 0x08, 0x08, 0x80, 0x2E, 0x0E, 0x05,
649 0x02, 0x63, 0x28, 0x00, 0x00, 0xBD, 0x86, 0x2E, 0x05, 0x15, 0x01, 0x01,
650 0x0E, 0x05, 0x02, 0x67, 0x28, 0xBF, 0x01, 0x00, 0x0E, 0x05, 0x02, 0x67,
651 0x28, 0x01, 0x02, 0x86, 0x3E, 0x04, 0x1C, 0x01, 0x19, 0x0E, 0x05, 0x02,
652 0x67, 0x28, 0xBF, 0x01, 0x18, 0x0E, 0x05, 0x02, 0x67, 0x28, 0x82, 0x01,
653 0x18, 0xB4, 0x87, 0x82, 0x01, 0x18, 0x30, 0x05, 0x02, 0x67, 0x28, 0x00,
654 0x00, 0xBD, 0x06, 0x02, 0x68, 0x28, 0x00, 0x00, 0x01, 0x02, 0x95, 0xC0,
655 0x01, 0x08, 0x0B, 0xC0, 0x08, 0x00, 0x00, 0x01, 0x03, 0x95, 0xC0, 0x01,
656 0x08, 0x0B, 0xC0, 0x08, 0x01, 0x08, 0x0B, 0xC0, 0x08, 0x00, 0x00, 0x01,
657 0x01, 0x95, 0xC0, 0x00, 0x00, 0x3A, 0x26, 0x56, 0x05, 0x01, 0x00, 0x25,
658 0xCD, 0x04, 0x76, 0x02, 0x03, 0x00, 0x8F, 0x2E, 0x03, 0x01, 0x01, 0x00,
659 0x26, 0x02, 0x01, 0x0A, 0x06, 0x10, 0x26, 0x01, 0x01, 0x0B, 0x8E, 0x08,
660 0x2C, 0x02, 0x00, 0x0E, 0x06, 0x01, 0x00, 0x5A, 0x04, 0x6A, 0x25, 0x01,
661 0x7F, 0x00, 0x00, 0x01, 0x15, 0x85, 0x3E, 0x44, 0x50, 0x25, 0x50, 0x25,
662 0x29, 0x00, 0x00, 0x01, 0x01, 0x44, 0xC2, 0x00, 0x00, 0x44, 0x38, 0x95,
663 0x44, 0x26, 0x06, 0x05, 0xC0, 0x25, 0x5B, 0x04, 0x78, 0x25, 0x00, 0x00,
664 0x26, 0x01, 0x81, 0xAC, 0x00, 0x0E, 0x06, 0x04, 0x25, 0x01, 0x7F, 0x00,
665 0x98, 0x57, 0x00, 0x02, 0x03, 0x00, 0x77, 0x2C, 0x98, 0x03, 0x01, 0x02,
666 0x01, 0x01, 0x0F, 0x17, 0x02, 0x01, 0x01, 0x04, 0x11, 0x01, 0x0F, 0x17,
667 0x02, 0x01, 0x01, 0x08, 0x11, 0x01, 0x0F, 0x17, 0x01, 0x00, 0x38, 0x0E,
668 0x06, 0x10, 0x25, 0x01, 0x00, 0x01, 0x18, 0x02, 0x00, 0x06, 0x03, 0x47,
669 0x04, 0x01, 0x48, 0x04, 0x80, 0x68, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x10,
670 0x25, 0x01, 0x01, 0x01, 0x10, 0x02, 0x00, 0x06, 0x03, 0x47, 0x04, 0x01,
671 0x48, 0x04, 0x80, 0x52, 0x01, 0x02, 0x38, 0x0E, 0x06, 0x0F, 0x25, 0x01,
672 0x01, 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x47, 0x04, 0x01, 0x48, 0x04,
673 0x3D, 0x01, 0x03, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x25, 0x01, 0x10, 0x02,
674 0x00, 0x06, 0x03, 0x45, 0x04, 0x01, 0x46, 0x04, 0x29, 0x01, 0x04, 0x38,
675 0x0E, 0x06, 0x0E, 0x25, 0x25, 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x45,
676 0x04, 0x01, 0x46, 0x04, 0x15, 0x01, 0x05, 0x38, 0x0E, 0x06, 0x0C, 0x25,
677 0x25, 0x02, 0x00, 0x06, 0x03, 0x49, 0x04, 0x01, 0x4A, 0x04, 0x03, 0x66,
678 0x28, 0x25, 0x00, 0x00, 0x98, 0x01, 0x0C, 0x11, 0x01, 0x02, 0x0F, 0x00,
679 0x00, 0x98, 0x01, 0x0C, 0x11, 0x26, 0x59, 0x44, 0x01, 0x03, 0x0A, 0x17,
680 0x00, 0x00, 0x98, 0x01, 0x0C, 0x11, 0x01, 0x01, 0x0E, 0x00, 0x00, 0x98,
681 0x01, 0x0C, 0x11, 0x58, 0x00, 0x00, 0x1B, 0x01, 0x00, 0x73, 0x2E, 0x26,
682 0x06, 0x1F, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x06, 0x25, 0x01, 0x00, 0x9C,
683 0x04, 0x11, 0x01, 0x02, 0x38, 0x0E, 0x06, 0x0A, 0x25, 0x75, 0x2E, 0x06,
684 0x03, 0x01, 0x10, 0x37, 0x04, 0x01, 0x25, 0x04, 0x01, 0x25, 0x79, 0x2E,
685 0x05, 0x33, 0x2F, 0x06, 0x30, 0x84, 0x2E, 0x01, 0x14, 0x38, 0x0E, 0x06,
686 0x06, 0x25, 0x01, 0x02, 0x37, 0x04, 0x22, 0x01, 0x15, 0x38, 0x0E, 0x06,
687 0x09, 0x25, 0xAB, 0x06, 0x03, 0x01, 0x7F, 0x9C, 0x04, 0x13, 0x01, 0x16,
688 0x38, 0x0E, 0x06, 0x06, 0x25, 0x01, 0x01, 0x37, 0x04, 0x07, 0x25, 0x01,
689 0x04, 0x37, 0x01, 0x00, 0x25, 0x1A, 0x06, 0x03, 0x01, 0x08, 0x37, 0x00,
690 0x00, 0x1B, 0x26, 0x05, 0x0F, 0x2F, 0x06, 0x0C, 0x84, 0x2E, 0x01, 0x15,
691 0x0E, 0x06, 0x04, 0x25, 0xAB, 0x04, 0x01, 0x20, 0x00, 0x00, 0xCB, 0x01,
692 0x07, 0x17, 0x01, 0x01, 0x0F, 0x06, 0x02, 0x70, 0x28, 0x00, 0x01, 0x03,
693 0x00, 0x29, 0x1A, 0x06, 0x05, 0x02, 0x00, 0x85, 0x3E, 0x00, 0xCB, 0x25,
694 0x04, 0x74, 0x00, 0x01, 0x14, 0xCE, 0x01, 0x01, 0xDB, 0x29, 0x26, 0x01,
695 0x00, 0xC6, 0x01, 0x16, 0xCE, 0xD4, 0x29, 0x00, 0x00, 0x01, 0x0B, 0xDB,
696 0x4C, 0x26, 0x26, 0x01, 0x03, 0x08, 0xDA, 0xDA, 0x18, 0x26, 0x56, 0x06,
697 0x02, 0x25, 0x00, 0xDA, 0x1D, 0x26, 0x06, 0x05, 0x82, 0x44, 0xD5, 0x04,
698 0x77, 0x25, 0x04, 0x6C, 0x00, 0x21, 0x01, 0x0F, 0xDB, 0x26, 0x90, 0x2C,
699 0x01, 0x86, 0x03, 0x10, 0x06, 0x0C, 0x01, 0x04, 0x08, 0xDA, 0x7E, 0x2E,
700 0xDB, 0x76, 0x2E, 0xDB, 0x04, 0x02, 0x5C, 0xDA, 0x26, 0xD9, 0x82, 0x44,
701 0xD5, 0x00, 0x02, 0xA2, 0xA4, 0x08, 0xA0, 0x08, 0xA3, 0x08, 0xA5, 0x08,
702 0xA1, 0x08, 0x27, 0x08, 0x03, 0x00, 0x01, 0x01, 0xDB, 0x01, 0x27, 0x8C,
703 0x2E, 0x08, 0x8F, 0x2E, 0x01, 0x01, 0x0B, 0x08, 0x02, 0x00, 0x06, 0x04,
704 0x5C, 0x02, 0x00, 0x08, 0x81, 0x2C, 0x38, 0x09, 0x26, 0x59, 0x06, 0x24,
705 0x02, 0x00, 0x05, 0x04, 0x44, 0x5C, 0x44, 0x5D, 0x01, 0x04, 0x09, 0x26,
706 0x56, 0x06, 0x03, 0x25, 0x01, 0x00, 0x26, 0x01, 0x04, 0x08, 0x02, 0x00,
707 0x08, 0x03, 0x00, 0x44, 0x01, 0x04, 0x08, 0x38, 0x08, 0x44, 0x04, 0x03,
708 0x25, 0x01, 0x7F, 0x03, 0x01, 0xDA, 0x92, 0x2C, 0xD9, 0x78, 0x01, 0x04,
709 0x19, 0x78, 0x01, 0x04, 0x08, 0x01, 0x1C, 0x32, 0x78, 0x01, 0x20, 0xD5,
710 0x8B, 0x8C, 0x2E, 0xD7, 0x8F, 0x2E, 0x26, 0x01, 0x01, 0x0B, 0xD9, 0x8E,
711 0x44, 0x26, 0x06, 0x0F, 0x5B, 0x38, 0x2C, 0x26, 0xC5, 0x05, 0x02, 0x60,
712 0x28, 0xD9, 0x44, 0x5C, 0x44, 0x04, 0x6E, 0x5E, 0x01, 0x01, 0xDB, 0x01,
713 0x00, 0xDB, 0x02, 0x00, 0x06, 0x81, 0x46, 0x02, 0x00, 0xD9, 0xA2, 0x06,
714 0x0E, 0x01, 0x83, 0xFE, 0x01, 0xD9, 0x87, 0xA2, 0x01, 0x04, 0x09, 0x26,
715 0xD9, 0x5B, 0xD7, 0xA4, 0x06, 0x16, 0x01, 0x00, 0xD9, 0x89, 0xA4, 0x01,
716 0x04, 0x09, 0x26, 0xD9, 0x01, 0x02, 0x09, 0x26, 0xD9, 0x01, 0x00, 0xDB,
717 0x01, 0x03, 0x09, 0xD6, 0xA0, 0x06, 0x0C, 0x01, 0x01, 0xD9, 0x01, 0x01,
718 0xD9, 0x80, 0x2E, 0x01, 0x08, 0x09, 0xDB, 0xA3, 0x06, 0x19, 0x01, 0x0D,
719 0xD9, 0xA3, 0x01, 0x04, 0x09, 0x26, 0xD9, 0x01, 0x02, 0x09, 0xD9, 0x42,
720 0x06, 0x03, 0x01, 0x03, 0xD8, 0x43, 0x06, 0x03, 0x01, 0x01, 0xD8, 0xA5,
721 0x26, 0x06, 0x22, 0x01, 0x0A, 0xD9, 0x01, 0x04, 0x09, 0x26, 0xD9, 0x5D,
722 0xD9, 0x40, 0x01, 0x00, 0x26, 0x01, 0x20, 0x0A, 0x06, 0x0C, 0x9E, 0x11,
723 0x01, 0x01, 0x17, 0x06, 0x02, 0x26, 0xD9, 0x5A, 0x04, 0x6E, 0x5E, 0x04,
724 0x01, 0x25, 0xA1, 0x06, 0x0A, 0x01, 0x0B, 0xD9, 0x01, 0x02, 0xD9, 0x01,
725 0x82, 0x00, 0xD9, 0x27, 0x26, 0x06, 0x1F, 0x01, 0x10, 0xD9, 0x01, 0x04,
726 0x09, 0x26, 0xD9, 0x5D, 0xD9, 0x83, 0x2C, 0x01, 0x00, 0x9E, 0x0F, 0x06,
727 0x0A, 0x26, 0x1E, 0x26, 0xDB, 0x82, 0x44, 0xD5, 0x5A, 0x04, 0x72, 0x5E,
728 0x04, 0x01, 0x25, 0x02, 0x01, 0x56, 0x05, 0x11, 0x01, 0x15, 0xD9, 0x02,
729 0x01, 0x26, 0xD9, 0x26, 0x06, 0x06, 0x5B, 0x01, 0x00, 0xDB, 0x04, 0x77,
730 0x25, 0x00, 0x00, 0x01, 0x10, 0xDB, 0x77, 0x2C, 0x26, 0xCA, 0x06, 0x0C,
731 0xA9, 0x23, 0x26, 0x5C, 0xDA, 0x26, 0xD9, 0x82, 0x44, 0xD5, 0x04, 0x0D,
732 0x26, 0xC8, 0x44, 0xA9, 0x22, 0x26, 0x5A, 0xDA, 0x26, 0xDB, 0x82, 0x44,
733 0xD5, 0x00, 0x00, 0x9A, 0x01, 0x14, 0xDB, 0x01, 0x0C, 0xDA, 0x82, 0x01,
734 0x0C, 0xD5, 0x00, 0x00, 0x4F, 0x26, 0x01, 0x00, 0x0E, 0x06, 0x02, 0x5E,
735 0x00, 0xCB, 0x25, 0x04, 0x73, 0x00, 0x26, 0xD9, 0xD5, 0x00, 0x00, 0x26,
736 0xDB, 0xD5, 0x00, 0x01, 0x03, 0x00, 0x41, 0x25, 0x26, 0x01, 0x10, 0x17,
737 0x06, 0x06, 0x01, 0x04, 0xDB, 0x02, 0x00, 0xDB, 0x26, 0x01, 0x08, 0x17,
738 0x06, 0x06, 0x01, 0x03, 0xDB, 0x02, 0x00, 0xDB, 0x26, 0x01, 0x20, 0x17,
739 0x06, 0x06, 0x01, 0x05, 0xDB, 0x02, 0x00, 0xDB, 0x26, 0x01, 0x80, 0x40,
740 0x17, 0x06, 0x06, 0x01, 0x06, 0xDB, 0x02, 0x00, 0xDB, 0x01, 0x04, 0x17,
741 0x06, 0x06, 0x01, 0x02, 0xDB, 0x02, 0x00, 0xDB, 0x00, 0x00, 0x26, 0x01,
742 0x08, 0x4D, 0xDB, 0xDB, 0x00, 0x00, 0x26, 0x01, 0x10, 0x4D, 0xDB, 0xD9,
743 0x00, 0x00, 0x26, 0x50, 0x06, 0x02, 0x25, 0x00, 0xCB, 0x25, 0x04, 0x76
744 };
745
746 static const uint16_t t0_caddr[] = {
747 0,
748 5,
749 10,
750 15,
751 20,
752 25,
753 30,
754 35,
755 40,
756 44,
757 48,
758 52,
759 56,
760 60,
761 64,
762 68,
763 72,
764 76,
765 80,
766 84,
767 88,
768 92,
769 96,
770 100,
771 104,
772 108,
773 112,
774 116,
775 120,
776 124,
777 129,
778 134,
779 139,
780 144,
781 149,
782 154,
783 159,
784 164,
785 169,
786 174,
787 179,
788 184,
789 189,
790 194,
791 199,
792 204,
793 209,
794 214,
795 219,
796 224,
797 229,
798 234,
799 239,
800 244,
801 249,
802 254,
803 259,
804 264,
805 269,
806 274,
807 279,
808 284,
809 289,
810 294,
811 303,
812 316,
813 320,
814 345,
815 351,
816 370,
817 381,
818 415,
819 535,
820 539,
821 604,
822 619,
823 630,
824 648,
825 677,
826 687,
827 723,
828 733,
829 803,
830 817,
831 823,
832 882,
833 901,
834 936,
835 985,
836 1061,
837 1088,
838 1119,
839 1130,
840 1455,
841 1602,
842 1626,
843 1842,
844 1856,
845 1865,
846 1869,
847 1964,
848 1985,
849 2041,
850 2048,
851 2059,
852 2075,
853 2081,
854 2092,
855 2127,
856 2139,
857 2145,
858 2160,
859 2176,
860 2332,
861 2341,
862 2354,
863 2363,
864 2370,
865 2473,
866 2494,
867 2507,
868 2523,
869 2541,
870 2573,
871 2607,
872 2955,
873 2991,
874 3004,
875 3018,
876 3023,
877 3028,
878 3094,
879 3102,
880 3110
881 };
882
883 #define T0_INTERPRETED 86
884
885 #define T0_ENTER(ip, rp, slot) do { \
886 const unsigned char *t0_newip; \
887 uint32_t t0_lnum; \
888 t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \
889 t0_lnum = t0_parse7E_unsigned(&t0_newip); \
890 (rp) += t0_lnum; \
891 *((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \
892 (ip) = t0_newip; \
893 } while (0)
894
895 #define T0_DEFENTRY(name, slot) \
896 void \
897 name(void *ctx) \
898 { \
899 t0_context *t0ctx = ctx; \
900 t0ctx->ip = &t0_codeblock[0]; \
901 T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \
902 }
903
904 T0_DEFENTRY(br_ssl_hs_client_init_main, 167)
905
906 #define T0_NEXT(t0ipp) (*(*(t0ipp)) ++)
907
908 void
909 br_ssl_hs_client_run(void *t0ctx)
910 {
911 uint32_t *dp, *rp;
912 const unsigned char *ip;
913
914 #define T0_LOCAL(x) (*(rp - 2 - (x)))
915 #define T0_POP() (*-- dp)
916 #define T0_POPi() (*(int32_t *)(-- dp))
917 #define T0_PEEK(x) (*(dp - 1 - (x)))
918 #define T0_PEEKi(x) (*(int32_t *)(dp - 1 - (x)))
919 #define T0_PUSH(v) do { *dp = (v); dp ++; } while (0)
920 #define T0_PUSHi(v) do { *(int32_t *)dp = (v); dp ++; } while (0)
921 #define T0_RPOP() (*-- rp)
922 #define T0_RPOPi() (*(int32_t *)(-- rp))
923 #define T0_RPUSH(v) do { *rp = (v); rp ++; } while (0)
924 #define T0_RPUSHi(v) do { *(int32_t *)rp = (v); rp ++; } while (0)
925 #define T0_ROLL(x) do { \
926 size_t t0len = (size_t)(x); \
927 uint32_t t0tmp = *(dp - 1 - t0len); \
928 memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \
929 *(dp - 1) = t0tmp; \
930 } while (0)
931 #define T0_SWAP() do { \
932 uint32_t t0tmp = *(dp - 2); \
933 *(dp - 2) = *(dp - 1); \
934 *(dp - 1) = t0tmp; \
935 } while (0)
936 #define T0_ROT() do { \
937 uint32_t t0tmp = *(dp - 3); \
938 *(dp - 3) = *(dp - 2); \
939 *(dp - 2) = *(dp - 1); \
940 *(dp - 1) = t0tmp; \
941 } while (0)
942 #define T0_NROT() do { \
943 uint32_t t0tmp = *(dp - 1); \
944 *(dp - 1) = *(dp - 2); \
945 *(dp - 2) = *(dp - 3); \
946 *(dp - 3) = t0tmp; \
947 } while (0)
948 #define T0_PICK(x) do { \
949 uint32_t t0depth = (x); \
950 T0_PUSH(T0_PEEK(t0depth)); \
951 } while (0)
952 #define T0_CO() do { \
953 goto t0_exit; \
954 } while (0)
955 #define T0_RET() goto t0_next
956
957 dp = ((t0_context *)t0ctx)->dp;
958 rp = ((t0_context *)t0ctx)->rp;
959 ip = ((t0_context *)t0ctx)->ip;
960 goto t0_next;
961 for (;;) {
962 uint32_t t0x;
963
964 t0_next:
965 t0x = T0_NEXT(&ip);
966 if (t0x < T0_INTERPRETED) {
967 switch (t0x) {
968 int32_t t0off;
969
970 case 0: /* ret */
971 t0x = T0_RPOP();
972 rp -= (t0x >> 16);
973 t0x &= 0xFFFF;
974 if (t0x == 0) {
975 ip = NULL;
976 goto t0_exit;
977 }
978 ip = &t0_codeblock[t0x];
979 break;
980 case 1: /* literal constant */
981 T0_PUSHi(t0_parse7E_signed(&ip));
982 break;
983 case 2: /* read local */
984 T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip)));
985 break;
986 case 3: /* write local */
987 T0_LOCAL(t0_parse7E_unsigned(&ip)) = T0_POP();
988 break;
989 case 4: /* jump */
990 t0off = t0_parse7E_signed(&ip);
991 ip += t0off;
992 break;
993 case 5: /* jump if */
994 t0off = t0_parse7E_signed(&ip);
995 if (T0_POP()) {
996 ip += t0off;
997 }
998 break;
999 case 6: /* jump if not */
1000 t0off = t0_parse7E_signed(&ip);
1001 if (!T0_POP()) {
1002 ip += t0off;
1003 }
1004 break;
1005 case 7: {
1006 /* * */
1007
1008 uint32_t b = T0_POP();
1009 uint32_t a = T0_POP();
1010 T0_PUSH(a * b);
1011
1012 }
1013 break;
1014 case 8: {
1015 /* + */
1016
1017 uint32_t b = T0_POP();
1018 uint32_t a = T0_POP();
1019 T0_PUSH(a + b);
1020
1021 }
1022 break;
1023 case 9: {
1024 /* - */
1025
1026 uint32_t b = T0_POP();
1027 uint32_t a = T0_POP();
1028 T0_PUSH(a - b);
1029
1030 }
1031 break;
1032 case 10: {
1033 /* < */
1034
1035 int32_t b = T0_POPi();
1036 int32_t a = T0_POPi();
1037 T0_PUSH(-(uint32_t)(a < b));
1038
1039 }
1040 break;
1041 case 11: {
1042 /* << */
1043
1044 int c = (int)T0_POPi();
1045 uint32_t x = T0_POP();
1046 T0_PUSH(x << c);
1047
1048 }
1049 break;
1050 case 12: {
1051 /* <= */
1052
1053 int32_t b = T0_POPi();
1054 int32_t a = T0_POPi();
1055 T0_PUSH(-(uint32_t)(a <= b));
1056
1057 }
1058 break;
1059 case 13: {
1060 /* <> */
1061
1062 uint32_t b = T0_POP();
1063 uint32_t a = T0_POP();
1064 T0_PUSH(-(uint32_t)(a != b));
1065
1066 }
1067 break;
1068 case 14: {
1069 /* = */
1070
1071 uint32_t b = T0_POP();
1072 uint32_t a = T0_POP();
1073 T0_PUSH(-(uint32_t)(a == b));
1074
1075 }
1076 break;
1077 case 15: {
1078 /* > */
1079
1080 int32_t b = T0_POPi();
1081 int32_t a = T0_POPi();
1082 T0_PUSH(-(uint32_t)(a > b));
1083
1084 }
1085 break;
1086 case 16: {
1087 /* >= */
1088
1089 int32_t b = T0_POPi();
1090 int32_t a = T0_POPi();
1091 T0_PUSH(-(uint32_t)(a >= b));
1092
1093 }
1094 break;
1095 case 17: {
1096 /* >> */
1097
1098 int c = (int)T0_POPi();
1099 int32_t x = T0_POPi();
1100 T0_PUSHi(x >> c);
1101
1102 }
1103 break;
1104 case 18: {
1105 /* anchor-dn-append-name */
1106
1107 size_t len;
1108
1109 len = T0_POP();
1110 if (CTX->client_auth_vtable != NULL) {
1111 (*CTX->client_auth_vtable)->append_name(
1112 CTX->client_auth_vtable, ENG->pad, len);
1113 }
1114
1115 }
1116 break;
1117 case 19: {
1118 /* anchor-dn-end-name */
1119
1120 if (CTX->client_auth_vtable != NULL) {
1121 (*CTX->client_auth_vtable)->end_name(
1122 CTX->client_auth_vtable);
1123 }
1124
1125 }
1126 break;
1127 case 20: {
1128 /* anchor-dn-end-name-list */
1129
1130 if (CTX->client_auth_vtable != NULL) {
1131 (*CTX->client_auth_vtable)->end_name_list(
1132 CTX->client_auth_vtable);
1133 }
1134
1135 }
1136 break;
1137 case 21: {
1138 /* anchor-dn-start-name */
1139
1140 size_t len;
1141
1142 len = T0_POP();
1143 if (CTX->client_auth_vtable != NULL) {
1144 (*CTX->client_auth_vtable)->start_name(
1145 CTX->client_auth_vtable, len);
1146 }
1147
1148 }
1149 break;
1150 case 22: {
1151 /* anchor-dn-start-name-list */
1152
1153 if (CTX->client_auth_vtable != NULL) {
1154 (*CTX->client_auth_vtable)->start_name_list(
1155 CTX->client_auth_vtable);
1156 }
1157
1158 }
1159 break;
1160 case 23: {
1161 /* and */
1162
1163 uint32_t b = T0_POP();
1164 uint32_t a = T0_POP();
1165 T0_PUSH(a & b);
1166
1167 }
1168 break;
1169 case 24: {
1170 /* begin-cert */
1171
1172 if (ENG->chain_len == 0) {
1173 T0_PUSHi(-1);
1174 } else {
1175 ENG->cert_cur = ENG->chain->data;
1176 ENG->cert_len = ENG->chain->data_len;
1177 ENG->chain ++;
1178 ENG->chain_len --;
1179 T0_PUSH(ENG->cert_len);
1180 }
1181
1182 }
1183 break;
1184 case 25: {
1185 /* bzero */
1186
1187 size_t len = (size_t)T0_POP();
1188 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
1189 memset(addr, 0, len);
1190
1191 }
1192 break;
1193 case 26: {
1194 /* can-output? */
1195
1196 T0_PUSHi(-(ENG->hlen_out > 0));
1197
1198 }
1199 break;
1200 case 27: {
1201 /* co */
1202 T0_CO();
1203 }
1204 break;
1205 case 28: {
1206 /* compute-Finished-inner */
1207
1208 int prf_id = T0_POP();
1209 int from_client = T0_POPi();
1210 unsigned char seed[48];
1211 size_t seed_len;
1212
1213 br_tls_prf_impl prf = br_ssl_engine_get_PRF(ENG, prf_id);
1214 if (ENG->session.version >= BR_TLS12) {
1215 seed_len = br_multihash_out(&ENG->mhash, prf_id, seed);
1216 } else {
1217 br_multihash_out(&ENG->mhash, br_md5_ID, seed);
1218 br_multihash_out(&ENG->mhash, br_sha1_ID, seed + 16);
1219 seed_len = 36;
1220 }
1221 prf(ENG->pad, 12, ENG->session.master_secret,
1222 sizeof ENG->session.master_secret,
1223 from_client ? "client finished" : "server finished",
1224 seed, seed_len);
1225
1226 }
1227 break;
1228 case 29: {
1229 /* copy-cert-chunk */
1230
1231 size_t clen;
1232
1233 clen = ENG->cert_len;
1234 if (clen > sizeof ENG->pad) {
1235 clen = sizeof ENG->pad;
1236 }
1237 memcpy(ENG->pad, ENG->cert_cur, clen);
1238 ENG->cert_cur += clen;
1239 ENG->cert_len -= clen;
1240 T0_PUSH(clen);
1241
1242 }
1243 break;
1244 case 30: {
1245 /* copy-protocol-name */
1246
1247 size_t idx = T0_POP();
1248 size_t len = strlen(ENG->protocol_names[idx]);
1249 memcpy(ENG->pad, ENG->protocol_names[idx], len);
1250 T0_PUSH(len);
1251
1252 }
1253 break;
1254 case 31: {
1255 /* data-get8 */
1256
1257 size_t addr = T0_POP();
1258 T0_PUSH(t0_datablock[addr]);
1259
1260 }
1261 break;
1262 case 32: {
1263 /* discard-input */
1264
1265 ENG->hlen_in = 0;
1266
1267 }
1268 break;
1269 case 33: {
1270 /* do-client-sign */
1271
1272 size_t sig_len;
1273
1274 sig_len = make_client_sign(CTX);
1275 if (sig_len == 0) {
1276 br_ssl_engine_fail(ENG, BR_ERR_INVALID_ALGORITHM);
1277 T0_CO();
1278 }
1279 T0_PUSH(sig_len);
1280
1281 }
1282 break;
1283 case 34: {
1284 /* do-ecdh */
1285
1286 unsigned prf_id = T0_POP();
1287 unsigned ecdhe = T0_POP();
1288 int x;
1289
1290 x = make_pms_ecdh(CTX, ecdhe, prf_id);
1291 if (x < 0) {
1292 br_ssl_engine_fail(ENG, -x);
1293 T0_CO();
1294 } else {
1295 T0_PUSH(x);
1296 }
1297
1298 }
1299 break;
1300 case 35: {
1301 /* do-rsa-encrypt */
1302
1303 int x;
1304
1305 x = make_pms_rsa(CTX, T0_POP());
1306 if (x < 0) {
1307 br_ssl_engine_fail(ENG, -x);
1308 T0_CO();
1309 } else {
1310 T0_PUSH(x);
1311 }
1312
1313 }
1314 break;
1315 case 36: {
1316 /* do-static-ecdh */
1317
1318 unsigned prf_id = T0_POP();
1319
1320 if (make_pms_static_ecdh(CTX, prf_id) < 0) {
1321 br_ssl_engine_fail(ENG, BR_ERR_INVALID_ALGORITHM);
1322 T0_CO();
1323 }
1324
1325 }
1326 break;
1327 case 37: {
1328 /* drop */
1329 (void)T0_POP();
1330 }
1331 break;
1332 case 38: {
1333 /* dup */
1334 T0_PUSH(T0_PEEK(0));
1335 }
1336 break;
1337 case 39: {
1338 /* ext-ALPN-length */
1339
1340 size_t u, len;
1341
1342 if (ENG->protocol_names_num == 0) {
1343 T0_PUSH(0);
1344 T0_RET();
1345 }
1346 len = 6;
1347 for (u = 0; u < ENG->protocol_names_num; u ++) {
1348 len += 1 + strlen(ENG->protocol_names[u]);
1349 }
1350 T0_PUSH(len);
1351
1352 }
1353 break;
1354 case 40: {
1355 /* fail */
1356
1357 br_ssl_engine_fail(ENG, (int)T0_POPi());
1358 T0_CO();
1359
1360 }
1361 break;
1362 case 41: {
1363 /* flush-record */
1364
1365 br_ssl_engine_flush_record(ENG);
1366
1367 }
1368 break;
1369 case 42: {
1370 /* get-client-chain */
1371
1372 uint32_t auth_types;
1373
1374 auth_types = T0_POP();
1375 if (CTX->client_auth_vtable != NULL) {
1376 br_ssl_client_certificate ux;
1377
1378 (*CTX->client_auth_vtable)->choose(CTX->client_auth_vtable,
1379 CTX, auth_types, &ux);
1380 CTX->auth_type = (unsigned char)ux.auth_type;
1381 CTX->hash_id = (unsigned char)ux.hash_id;
1382 ENG->chain = ux.chain;
1383 ENG->chain_len = ux.chain_len;
1384 } else {
1385 CTX->hash_id = 0;
1386 ENG->chain_len = 0;
1387 }
1388
1389 }
1390 break;
1391 case 43: {
1392 /* get-key-type-usages */
1393
1394 const br_x509_class *xc;
1395 const br_x509_pkey *pk;
1396 unsigned usages;
1397
1398 xc = *(ENG->x509ctx);
1399 pk = xc->get_pkey(ENG->x509ctx, &usages);
1400 if (pk == NULL) {
1401 T0_PUSH(0);
1402 } else {
1403 T0_PUSH(pk->key_type | usages);
1404 }
1405
1406 }
1407 break;
1408 case 44: {
1409 /* get16 */
1410
1411 size_t addr = (size_t)T0_POP();
1412 T0_PUSH(*(uint16_t *)((unsigned char *)ENG + addr));
1413
1414 }
1415 break;
1416 case 45: {
1417 /* get32 */
1418
1419 size_t addr = (size_t)T0_POP();
1420 T0_PUSH(*(uint32_t *)((unsigned char *)ENG + addr));
1421
1422 }
1423 break;
1424 case 46: {
1425 /* get8 */
1426
1427 size_t addr = (size_t)T0_POP();
1428 T0_PUSH(*((unsigned char *)ENG + addr));
1429
1430 }
1431 break;
1432 case 47: {
1433 /* has-input? */
1434
1435 T0_PUSHi(-(ENG->hlen_in != 0));
1436
1437 }
1438 break;
1439 case 48: {
1440 /* memcmp */
1441
1442 size_t len = (size_t)T0_POP();
1443 void *addr2 = (unsigned char *)ENG + (size_t)T0_POP();
1444 void *addr1 = (unsigned char *)ENG + (size_t)T0_POP();
1445 int x = memcmp(addr1, addr2, len);
1446 T0_PUSH((uint32_t)-(x == 0));
1447
1448 }
1449 break;
1450 case 49: {
1451 /* memcpy */
1452
1453 size_t len = (size_t)T0_POP();
1454 void *src = (unsigned char *)ENG + (size_t)T0_POP();
1455 void *dst = (unsigned char *)ENG + (size_t)T0_POP();
1456 memcpy(dst, src, len);
1457
1458 }
1459 break;
1460 case 50: {
1461 /* mkrand */
1462
1463 size_t len = (size_t)T0_POP();
1464 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
1465 br_hmac_drbg_generate(&ENG->rng, addr, len);
1466
1467 }
1468 break;
1469 case 51: {
1470 /* more-incoming-bytes? */
1471
1472 T0_PUSHi(ENG->hlen_in != 0 || !br_ssl_engine_recvrec_finished(ENG));
1473
1474 }
1475 break;
1476 case 52: {
1477 /* multihash-init */
1478
1479 br_multihash_init(&ENG->mhash);
1480
1481 }
1482 break;
1483 case 53: {
1484 /* neg */
1485
1486 uint32_t a = T0_POP();
1487 T0_PUSH(-a);
1488
1489 }
1490 break;
1491 case 54: {
1492 /* not */
1493
1494 uint32_t a = T0_POP();
1495 T0_PUSH(~a);
1496
1497 }
1498 break;
1499 case 55: {
1500 /* or */
1501
1502 uint32_t b = T0_POP();
1503 uint32_t a = T0_POP();
1504 T0_PUSH(a | b);
1505
1506 }
1507 break;
1508 case 56: {
1509 /* over */
1510 T0_PUSH(T0_PEEK(1));
1511 }
1512 break;
1513 case 57: {
1514 /* read-chunk-native */
1515
1516 size_t clen = ENG->hlen_in;
1517 if (clen > 0) {
1518 uint32_t addr, len;
1519
1520 len = T0_POP();
1521 addr = T0_POP();
1522 if ((size_t)len < clen) {
1523 clen = (size_t)len;
1524 }
1525 memcpy((unsigned char *)ENG + addr, ENG->hbuf_in, clen);
1526 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1527 br_multihash_update(&ENG->mhash, ENG->hbuf_in, clen);
1528 }
1529 T0_PUSH(addr + (uint32_t)clen);
1530 T0_PUSH(len - (uint32_t)clen);
1531 ENG->hbuf_in += clen;
1532 ENG->hlen_in -= clen;
1533 }
1534
1535 }
1536 break;
1537 case 58: {
1538 /* read8-native */
1539
1540 if (ENG->hlen_in > 0) {
1541 unsigned char x;
1542
1543 x = *ENG->hbuf_in ++;
1544 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1545 br_multihash_update(&ENG->mhash, &x, 1);
1546 }
1547 T0_PUSH(x);
1548 ENG->hlen_in --;
1549 } else {
1550 T0_PUSHi(-1);
1551 }
1552
1553 }
1554 break;
1555 case 59: {
1556 /* set-server-curve */
1557
1558 const br_x509_class *xc;
1559 const br_x509_pkey *pk;
1560
1561 xc = *(ENG->x509ctx);
1562 pk = xc->get_pkey(ENG->x509ctx, NULL);
1563 CTX->server_curve =
1564 (pk->key_type == BR_KEYTYPE_EC) ? pk->key.ec.curve : 0;
1565
1566 }
1567 break;
1568 case 60: {
1569 /* set16 */
1570
1571 size_t addr = (size_t)T0_POP();
1572 *(uint16_t *)((unsigned char *)ENG + addr) = (uint16_t)T0_POP();
1573
1574 }
1575 break;
1576 case 61: {
1577 /* set32 */
1578
1579 size_t addr = (size_t)T0_POP();
1580 *(uint32_t *)((unsigned char *)ENG + addr) = (uint32_t)T0_POP();
1581
1582 }
1583 break;
1584 case 62: {
1585 /* set8 */
1586
1587 size_t addr = (size_t)T0_POP();
1588 *((unsigned char *)ENG + addr) = (unsigned char)T0_POP();
1589
1590 }
1591 break;
1592 case 63: {
1593 /* strlen */
1594
1595 void *str = (unsigned char *)ENG + (size_t)T0_POP();
1596 T0_PUSH((uint32_t)strlen(str));
1597
1598 }
1599 break;
1600 case 64: {
1601 /* supported-curves */
1602
1603 uint32_t x = ENG->iec == NULL ? 0 : ENG->iec->supported_curves;
1604 T0_PUSH(x);
1605
1606 }
1607 break;
1608 case 65: {
1609 /* supported-hash-functions */
1610
1611 int i;
1612 unsigned x, num;
1613
1614 x = 0;
1615 num = 0;
1616 for (i = br_sha1_ID; i <= br_sha512_ID; i ++) {
1617 if (br_multihash_getimpl(&ENG->mhash, i)) {
1618 x |= 1U << i;
1619 num ++;
1620 }
1621 }
1622 T0_PUSH(x);
1623 T0_PUSH(num);
1624
1625 }
1626 break;
1627 case 66: {
1628 /* supports-ecdsa? */
1629
1630 T0_PUSHi(-(ENG->iecdsa != 0));
1631
1632 }
1633 break;
1634 case 67: {
1635 /* supports-rsa-sign? */
1636
1637 T0_PUSHi(-(ENG->irsavrfy != 0));
1638
1639 }
1640 break;
1641 case 68: {
1642 /* swap */
1643 T0_SWAP();
1644 }
1645 break;
1646 case 69: {
1647 /* switch-aesgcm-in */
1648
1649 int is_client, prf_id;
1650 unsigned cipher_key_len;
1651
1652 cipher_key_len = T0_POP();
1653 prf_id = T0_POP();
1654 is_client = T0_POP();
1655 br_ssl_engine_switch_gcm_in(ENG, is_client, prf_id,
1656 ENG->iaes_ctr, cipher_key_len);
1657
1658 }
1659 break;
1660 case 70: {
1661 /* switch-aesgcm-out */
1662
1663 int is_client, prf_id;
1664 unsigned cipher_key_len;
1665
1666 cipher_key_len = T0_POP();
1667 prf_id = T0_POP();
1668 is_client = T0_POP();
1669 br_ssl_engine_switch_gcm_out(ENG, is_client, prf_id,
1670 ENG->iaes_ctr, cipher_key_len);
1671
1672 }
1673 break;
1674 case 71: {
1675 /* switch-cbc-in */
1676
1677 int is_client, prf_id, mac_id, aes;
1678 unsigned cipher_key_len;
1679
1680 cipher_key_len = T0_POP();
1681 aes = T0_POP();
1682 mac_id = T0_POP();
1683 prf_id = T0_POP();
1684 is_client = T0_POP();
1685 br_ssl_engine_switch_cbc_in(ENG, is_client, prf_id, mac_id,
1686 aes ? ENG->iaes_cbcdec : ENG->ides_cbcdec, cipher_key_len);
1687
1688 }
1689 break;
1690 case 72: {
1691 /* switch-cbc-out */
1692
1693 int is_client, prf_id, mac_id, aes;
1694 unsigned cipher_key_len;
1695
1696 cipher_key_len = T0_POP();
1697 aes = T0_POP();
1698 mac_id = T0_POP();
1699 prf_id = T0_POP();
1700 is_client = T0_POP();
1701 br_ssl_engine_switch_cbc_out(ENG, is_client, prf_id, mac_id,
1702 aes ? ENG->iaes_cbcenc : ENG->ides_cbcenc, cipher_key_len);
1703
1704 }
1705 break;
1706 case 73: {
1707 /* switch-chapol-in */
1708
1709 int is_client, prf_id;
1710
1711 prf_id = T0_POP();
1712 is_client = T0_POP();
1713 br_ssl_engine_switch_chapol_in(ENG, is_client, prf_id);
1714
1715 }
1716 break;
1717 case 74: {
1718 /* switch-chapol-out */
1719
1720 int is_client, prf_id;
1721
1722 prf_id = T0_POP();
1723 is_client = T0_POP();
1724 br_ssl_engine_switch_chapol_out(ENG, is_client, prf_id);
1725
1726 }
1727 break;
1728 case 75: {
1729 /* test-protocol-name */
1730
1731 size_t len = T0_POP();
1732 size_t u;
1733
1734 for (u = 0; u < ENG->protocol_names_num; u ++) {
1735 const char *name;
1736
1737 name = ENG->protocol_names[u];
1738 if (len == strlen(name) && memcmp(ENG->pad, name, len) == 0) {
1739 T0_PUSH(u);
1740 T0_RET();
1741 }
1742 }
1743 T0_PUSHi(-1);
1744
1745 }
1746 break;
1747 case 76: {
1748 /* total-chain-length */
1749
1750 size_t u;
1751 uint32_t total;
1752
1753 total = 0;
1754 for (u = 0; u < ENG->chain_len; u ++) {
1755 total += 3 + (uint32_t)ENG->chain[u].data_len;
1756 }
1757 T0_PUSH(total);
1758
1759 }
1760 break;
1761 case 77: {
1762 /* u>> */
1763
1764 int c = (int)T0_POPi();
1765 uint32_t x = T0_POP();
1766 T0_PUSH(x >> c);
1767
1768 }
1769 break;
1770 case 78: {
1771 /* verify-SKE-sig */
1772
1773 size_t sig_len = T0_POP();
1774 int use_rsa = T0_POPi();
1775 int hash = T0_POPi();
1776
1777 T0_PUSH(verify_SKE_sig(CTX, hash, use_rsa, sig_len));
1778
1779 }
1780 break;
1781 case 79: {
1782 /* write-blob-chunk */
1783
1784 size_t clen = ENG->hlen_out;
1785 if (clen > 0) {
1786 uint32_t addr, len;
1787
1788 len = T0_POP();
1789 addr = T0_POP();
1790 if ((size_t)len < clen) {
1791 clen = (size_t)len;
1792 }
1793 memcpy(ENG->hbuf_out, (unsigned char *)ENG + addr, clen);
1794 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1795 br_multihash_update(&ENG->mhash, ENG->hbuf_out, clen);
1796 }
1797 T0_PUSH(addr + (uint32_t)clen);
1798 T0_PUSH(len - (uint32_t)clen);
1799 ENG->hbuf_out += clen;
1800 ENG->hlen_out -= clen;
1801 }
1802
1803 }
1804 break;
1805 case 80: {
1806 /* write8-native */
1807
1808 unsigned char x;
1809
1810 x = (unsigned char)T0_POP();
1811 if (ENG->hlen_out > 0) {
1812 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1813 br_multihash_update(&ENG->mhash, &x, 1);
1814 }
1815 *ENG->hbuf_out ++ = x;
1816 ENG->hlen_out --;
1817 T0_PUSHi(-1);
1818 } else {
1819 T0_PUSHi(0);
1820 }
1821
1822 }
1823 break;
1824 case 81: {
1825 /* x509-append */
1826
1827 const br_x509_class *xc;
1828 size_t len;
1829
1830 xc = *(ENG->x509ctx);
1831 len = T0_POP();
1832 xc->append(ENG->x509ctx, ENG->pad, len);
1833
1834 }
1835 break;
1836 case 82: {
1837 /* x509-end-cert */
1838
1839 const br_x509_class *xc;
1840
1841 xc = *(ENG->x509ctx);
1842 xc->end_cert(ENG->x509ctx);
1843
1844 }
1845 break;
1846 case 83: {
1847 /* x509-end-chain */
1848
1849 const br_x509_class *xc;
1850
1851 xc = *(ENG->x509ctx);
1852 T0_PUSH(xc->end_chain(ENG->x509ctx));
1853
1854 }
1855 break;
1856 case 84: {
1857 /* x509-start-cert */
1858
1859 const br_x509_class *xc;
1860
1861 xc = *(ENG->x509ctx);
1862 xc->start_cert(ENG->x509ctx, T0_POP());
1863
1864 }
1865 break;
1866 case 85: {
1867 /* x509-start-chain */
1868
1869 const br_x509_class *xc;
1870 uint32_t bc;
1871
1872 bc = T0_POP();
1873 xc = *(ENG->x509ctx);
1874 xc->start_chain(ENG->x509ctx, bc ? ENG->server_name : NULL);
1875
1876 }
1877 break;
1878 }
1879
1880 } else {
1881 T0_ENTER(ip, rp, t0x);
1882 }
1883 }
1884 t0_exit:
1885 ((t0_context *)t0ctx)->dp = dp;
1886 ((t0_context *)t0ctx)->rp = rp;
1887 ((t0_context *)t0ctx)->ip = ip;
1888 }
The BearSSL library and tools.