projects / BearSSL / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Added support for client certificates (both client-side and server-side, but still...
[BearSSL] / src / ssl / ssl_hs_client.c
1 /* Automatically generated code; do not modify directly. */
2
3 #include <stddef.h>
4 #include <stdint.h>
5
6 typedef struct {
7 uint32_t *dp;
8 uint32_t *rp;
9 const unsigned char *ip;
10 } t0_context;
11
12 static uint32_t
13 t0_parse7E_unsigned(const unsigned char **p)
14 {
15 uint32_t x;
16
17 x = 0;
18 for (;;) {
19 unsigned y;
20
21 y = *(*p) ++;
22 x = (x << 7) | (uint32_t)(y & 0x7F);
23 if (y < 0x80) {
24 return x;
25 }
26 }
27 }
28
29 static int32_t
30 t0_parse7E_signed(const unsigned char **p)
31 {
32 int neg;
33 uint32_t x;
34
35 neg = ((**p) >> 6) & 1;
36 x = (uint32_t)-neg;
37 for (;;) {
38 unsigned y;
39
40 y = *(*p) ++;
41 x = (x << 7) | (uint32_t)(y & 0x7F);
42 if (y < 0x80) {
43 if (neg) {
44 return -(int32_t)~x - 1;
45 } else {
46 return (int32_t)x;
47 }
48 }
49 }
50 }
51
52 #define T0_VBYTE(x, n) (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) | 0x80)
53 #define T0_FBYTE(x, n) (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)
54 #define T0_SBYTE(x) (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)
55 #define T0_INT1(x) T0_FBYTE(x, 0)
56 #define T0_INT2(x) T0_VBYTE(x, 7), T0_FBYTE(x, 0)
57 #define T0_INT3(x) T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
58 #define T0_INT4(x) T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
59 #define T0_INT5(x) T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
60
61 static const uint8_t t0_datablock[];
62
63
64 void br_ssl_hs_client_init_main(void *t0ctx);
65
66 void br_ssl_hs_client_run(void *t0ctx);
67
68
69
70 #include <stddef.h>
71 #include <string.h>
72
73 #include "inner.h"
74
75 /*
76 * This macro evaluates to a pointer to the current engine context.
77 */
78 #define ENG ((br_ssl_engine_context *)((unsigned char *)t0ctx - offsetof(br_ssl_engine_context, cpu)))
79
80
81
82
83
84 /*
85 * This macro evaluates to a pointer to the client context, under that
86 * specific name. It must be noted that since the engine context is the
87 * first field of the br_ssl_client_context structure ('eng'), then
88 * pointers values of both types are interchangeable, modulo an
89 * appropriate cast. This also means that "adresses" computed as offsets
90 * within the structure work for both kinds of context.
91 */
92 #define CTX ((br_ssl_client_context *)ENG)
93
94 /*
95 * Generate the pre-master secret for RSA key exchange, and encrypt it
96 * with the server's public key. Returned value is either the encrypted
97 * data length (in bytes), or -x on error, with 'x' being an error code.
98 *
99 * This code assumes that the public key has been already verified (it
100 * was properly obtained by the X.509 engine, and it has the right type,
101 * i.e. it is of type RSA and suitable for encryption).
102 */
103 static int
104 make_pms_rsa(br_ssl_client_context *ctx, int prf_id)
105 {
106 const br_x509_class **xc;
107 const br_x509_pkey *pk;
108 const unsigned char *n;
109 unsigned char *pms;
110 size_t nlen, u;
111
112 xc = ctx->eng.x509ctx;
113 pk = (*xc)->get_pkey(xc, NULL);
114
115 /*
116 * Compute actual RSA key length, in case there are leading zeros.
117 */
118 n = pk->key.rsa.n;
119 nlen = pk->key.rsa.nlen;
120 while (nlen > 0 && *n == 0) {
121 n ++;
122 nlen --;
123 }
124
125 /*
126 * We need at least 59 bytes (48 bytes for pre-master secret, and
127 * 11 bytes for the PKCS#1 type 2 padding). Note that the X.509
128 * minimal engine normally blocks RSA keys shorter than 128 bytes,
129 * so this is mostly for public keys provided explicitly by the
130 * caller.
131 */
132 if (nlen < 59) {
133 return -BR_ERR_X509_WEAK_PUBLIC_KEY;
134 }
135 if (nlen > sizeof ctx->eng.pad) {
136 return -BR_ERR_LIMIT_EXCEEDED;
137 }
138
139 /*
140 * Make PMS.
141 */
142 pms = ctx->eng.pad + nlen - 48;
143 br_enc16be(pms, ctx->eng.version_max);
144 br_hmac_drbg_generate(&ctx->eng.rng, pms + 2, 46);
145 br_ssl_engine_compute_master(&ctx->eng, prf_id, pms, 48);
146
147 /*
148 * Apply PKCS#1 type 2 padding.
149 */
150 ctx->eng.pad[0] = 0x00;
151 ctx->eng.pad[1] = 0x02;
152 ctx->eng.pad[nlen - 49] = 0x00;
153 br_hmac_drbg_generate(&ctx->eng.rng, ctx->eng.pad + 2, nlen - 51);
154 for (u = 2; u < nlen - 49; u ++) {
155 while (ctx->eng.pad[u] == 0) {
156 br_hmac_drbg_generate(&ctx->eng.rng,
157 &ctx->eng.pad[u], 1);
158 }
159 }
160
161 /*
162 * Compute RSA encryption.
163 */
164 if (!ctx->irsapub(ctx->eng.pad, nlen, &pk->key.rsa)) {
165 return -BR_ERR_LIMIT_EXCEEDED;
166 }
167 return (int)nlen;
168 }
169
170 /*
171 * OID for hash functions in RSA signatures.
172 */
173 static const unsigned char HASH_OID_SHA1[] = {
174 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A
175 };
176
177 static const unsigned char HASH_OID_SHA224[] = {
178 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04
179 };
180
181 static const unsigned char HASH_OID_SHA256[] = {
182 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01
183 };
184
185 static const unsigned char HASH_OID_SHA384[] = {
186 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02
187 };
188
189 static const unsigned char HASH_OID_SHA512[] = {
190 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03
191 };
192
193 static const unsigned char *HASH_OID[] = {
194 HASH_OID_SHA1,
195 HASH_OID_SHA224,
196 HASH_OID_SHA256,
197 HASH_OID_SHA384,
198 HASH_OID_SHA512
199 };
200
201 /*
202 * Check the RSA signature on the ServerKeyExchange message.
203 *
204 * hash hash function ID (2 to 6), or 0 for MD5+SHA-1 (with RSA only)
205 * use_rsa non-zero for RSA signature, zero for ECDSA
206 * sig_len signature length (in bytes); signature value is in the pad
207 *
208 * Returned value is 0 on success, or an error code.
209 */
210 static int
211 verify_SKE_sig(br_ssl_client_context *ctx,
212 int hash, int use_rsa, size_t sig_len)
213 {
214 const br_x509_class **xc;
215 const br_x509_pkey *pk;
216 br_multihash_context mhc;
217 unsigned char hv[64], head[4];
218 size_t hv_len;
219
220 xc = ctx->eng.x509ctx;
221 pk = (*xc)->get_pkey(xc, NULL);
222 br_multihash_zero(&mhc);
223 br_multihash_copyimpl(&mhc, &ctx->eng.mhash);
224 br_multihash_init(&mhc);
225 br_multihash_update(&mhc,
226 ctx->eng.client_random, sizeof ctx->eng.client_random);
227 br_multihash_update(&mhc,
228 ctx->eng.server_random, sizeof ctx->eng.server_random);
229 head[0] = 3;
230 head[1] = 0;
231 head[2] = ctx->eng.ecdhe_curve;
232 head[3] = ctx->eng.ecdhe_point_len;
233 br_multihash_update(&mhc, head, sizeof head);
234 br_multihash_update(&mhc,
235 ctx->eng.ecdhe_point, ctx->eng.ecdhe_point_len);
236 if (hash) {
237 hv_len = br_multihash_out(&mhc, hash, hv);
238 if (hv_len == 0) {
239 return BR_ERR_INVALID_ALGORITHM;
240 }
241 } else {
242 if (!br_multihash_out(&mhc, br_md5_ID, hv)
243 || !br_multihash_out(&mhc, br_sha1_ID, hv + 16))
244 {
245 return BR_ERR_INVALID_ALGORITHM;
246 }
247 hv_len = 36;
248 }
249 if (use_rsa) {
250 unsigned char tmp[64];
251 const unsigned char *hash_oid;
252
253 if (hash) {
254 hash_oid = HASH_OID[hash - 2];
255 } else {
256 hash_oid = NULL;
257 }
258 if (!ctx->eng.irsavrfy(ctx->eng.pad, sig_len,
259 hash_oid, hv_len, &pk->key.rsa, tmp)
260 || memcmp(tmp, hv, hv_len) != 0)
261 {
262 return BR_ERR_BAD_SIGNATURE;
263 }
264 } else {
265 if (!ctx->eng.iecdsa(ctx->eng.iec, hv, hv_len, &pk->key.ec,
266 ctx->eng.pad, sig_len))
267 {
268 return BR_ERR_BAD_SIGNATURE;
269 }
270 }
271 return 0;
272 }
273
274 /*
275 * Perform client-side ECDH (or ECDHE). The point that should be sent to
276 * the server is written in the pad; returned value is either the point
277 * length (in bytes), or -x on error, with 'x' being an error code.
278 *
279 * The point _from_ the server is taken from ecdhe_point[] if 'ecdhe'
280 * is non-zero, or from the X.509 engine context if 'ecdhe' is zero
281 * (for static ECDH).
282 */
283 static int
284 make_pms_ecdh(br_ssl_client_context *ctx, unsigned ecdhe, int prf_id)
285 {
286 int curve;
287 unsigned char key[66], point[133];
288 const unsigned char *generator, *order, *point_src;
289 size_t glen, olen, point_len;
290 unsigned char mask;
291
292 if (ecdhe) {
293 curve = ctx->eng.ecdhe_curve;
294 point_src = ctx->eng.ecdhe_point;
295 point_len = ctx->eng.ecdhe_point_len;
296 } else {
297 const br_x509_class **xc;
298 const br_x509_pkey *pk;
299
300 xc = ctx->eng.x509ctx;
301 pk = (*xc)->get_pkey(xc, NULL);
302 curve = pk->key.ec.curve;
303 point_src = pk->key.ec.q;
304 point_len = pk->key.ec.qlen;
305 }
306 if ((ctx->eng.iec->supported_curves & ((uint32_t)1 << curve)) == 0) {
307 return -BR_ERR_INVALID_ALGORITHM;
308 }
309
310 /*
311 * We need to generate our key, as a non-zero random value which
312 * is lower than the curve order, in a "large enough" range. We
313 * force top bit to 0 and bottom bit to 1, which guarantees that
314 * the value is in the proper range.
315 */
316 order = ctx->eng.iec->order(curve, &olen);
317 mask = 0xFF;
318 while (mask >= order[0]) {
319 mask >>= 1;
320 }
321 br_hmac_drbg_generate(&ctx->eng.rng, key, olen);
322 key[0] &= mask;
323 key[olen - 1] |= 0x01;
324
325 /*
326 * Compute the common ECDH point, whose X coordinate is the
327 * pre-master secret.
328 */
329 generator = ctx->eng.iec->generator(curve, &glen);
330 if (glen != point_len) {
331 return -BR_ERR_INVALID_ALGORITHM;
332 }
333
334 memcpy(point, point_src, glen);
335 if (!ctx->eng.iec->mul(point, glen, key, olen, curve)) {
336 return -BR_ERR_INVALID_ALGORITHM;
337 }
338
339 /*
340 * The pre-master secret is the X coordinate.
341 */
342 br_ssl_engine_compute_master(&ctx->eng, prf_id, point + 1, glen >> 1);
343
344 memcpy(point, generator, glen);
345 if (!ctx->eng.iec->mul(point, glen, key, olen, curve)) {
346 return -BR_ERR_INVALID_ALGORITHM;
347 }
348 memcpy(ctx->eng.pad, point, glen);
349 return (int)glen;
350 }
351
352 /*
353 * Perform full static ECDH. This occurs only in the context of client
354 * authentication with certificates: the server uses an EC public key,
355 * the cipher suite is of type ECDH (not ECDHE), the server requested a
356 * client certificate and accepts static ECDH, the client has a
357 * certificate with an EC public key in the same curve, and accepts
358 * static ECDH as well.
359 *
360 * Returned value is 0 on success, -1 on error.
361 */
362 static int
363 make_pms_static_ecdh(br_ssl_client_context *ctx, int prf_id)
364 {
365 unsigned char point[133];
366 size_t point_len;
367 const br_x509_class **xc;
368 const br_x509_pkey *pk;
369
370 xc = ctx->eng.x509ctx;
371 pk = (*xc)->get_pkey(xc, NULL);
372 point_len = pk->key.ec.qlen;
373 if (point_len > sizeof point) {
374 return -1;
375 }
376 memcpy(point, pk->key.ec.q, point_len);
377 if (!(*ctx->client_auth_vtable)->do_keyx(
378 ctx->client_auth_vtable, point, point_len))
379 {
380 return -1;
381 }
382 br_ssl_engine_compute_master(&ctx->eng,
383 prf_id, point + 1, point_len >> 1);
384 return 0;
385 }
386
387 /*
388 * Compute the client-side signature. This is invoked only when a
389 * signature-based client authentication was selected. The computed
390 * signature is in the pad; its length (in bytes) is returned. On
391 * error, 0 is returned.
392 */
393 static size_t
394 make_client_sign(br_ssl_client_context *ctx)
395 {
396 size_t hv_len;
397
398 /*
399 * Compute hash of handshake messages so far. This "cannot" fail
400 * because the list of supported hash functions provided to the
401 * client certificate handler was trimmed to include only the
402 * hash functions that the multi-hasher supports.
403 */
404 if (ctx->hash_id) {
405 hv_len = br_multihash_out(&ctx->eng.mhash,
406 ctx->hash_id, ctx->eng.pad);
407 } else {
408 br_multihash_out(&ctx->eng.mhash,
409 br_md5_ID, ctx->eng.pad);
410 br_multihash_out(&ctx->eng.mhash,
411 br_sha1_ID, ctx->eng.pad + 16);
412 hv_len = 36;
413 }
414 return (*ctx->client_auth_vtable)->do_sign(
415 ctx->client_auth_vtable, ctx->hash_id, hv_len,
416 ctx->eng.pad, sizeof ctx->eng.pad);
417 }
418
419
420
421 static const uint8_t t0_datablock[] = {
422 0x00, 0x00, 0x0A, 0x00, 0x24, 0x00, 0x2F, 0x01, 0x24, 0x00, 0x35, 0x02,
423 0x24, 0x00, 0x3C, 0x01, 0x44, 0x00, 0x3D, 0x02, 0x44, 0x00, 0x9C, 0x03,
424 0x04, 0x00, 0x9D, 0x04, 0x05, 0xC0, 0x03, 0x40, 0x24, 0xC0, 0x04, 0x41,
425 0x24, 0xC0, 0x05, 0x42, 0x24, 0xC0, 0x08, 0x20, 0x24, 0xC0, 0x09, 0x21,
426 0x24, 0xC0, 0x0A, 0x22, 0x24, 0xC0, 0x0D, 0x30, 0x24, 0xC0, 0x0E, 0x31,
427 0x24, 0xC0, 0x0F, 0x32, 0x24, 0xC0, 0x12, 0x10, 0x24, 0xC0, 0x13, 0x11,
428 0x24, 0xC0, 0x14, 0x12, 0x24, 0xC0, 0x23, 0x21, 0x44, 0xC0, 0x24, 0x22,
429 0x55, 0xC0, 0x25, 0x41, 0x44, 0xC0, 0x26, 0x42, 0x55, 0xC0, 0x27, 0x11,
430 0x44, 0xC0, 0x28, 0x12, 0x55, 0xC0, 0x29, 0x31, 0x44, 0xC0, 0x2A, 0x32,
431 0x55, 0xC0, 0x2B, 0x23, 0x04, 0xC0, 0x2C, 0x24, 0x05, 0xC0, 0x2D, 0x43,
432 0x04, 0xC0, 0x2E, 0x44, 0x05, 0xC0, 0x2F, 0x13, 0x04, 0xC0, 0x30, 0x14,
433 0x05, 0xC0, 0x31, 0x33, 0x04, 0xC0, 0x32, 0x34, 0x05, 0xCC, 0xA8, 0x15,
434 0x04, 0xCC, 0xA9, 0x25, 0x04, 0x00, 0x00
435 };
436
437 static const uint8_t t0_codeblock[] = {
438 0x00, 0x01, 0x00, 0x0A, 0x00, 0x00, 0x01, 0x00, 0x0D, 0x00, 0x00, 0x01,
439 0x00, 0x0E, 0x00, 0x00, 0x01, 0x00, 0x0F, 0x00, 0x00, 0x01, 0x01, 0x08,
440 0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x02, 0x08, 0x00, 0x00,
441 0x01, 0x02, 0x09, 0x00, 0x00, 0x24, 0x24, 0x00, 0x00, 0x01,
442 T0_INT1(BR_ERR_BAD_CCS), 0x00, 0x00, 0x01,
443 T0_INT1(BR_ERR_BAD_CIPHER_SUITE), 0x00, 0x00, 0x01,
444 T0_INT1(BR_ERR_BAD_COMPRESSION), 0x00, 0x00, 0x01,
445 T0_INT1(BR_ERR_BAD_FINISHED), 0x00, 0x00, 0x01,
446 T0_INT1(BR_ERR_BAD_FRAGLEN), 0x00, 0x00, 0x01,
447 T0_INT1(BR_ERR_BAD_HANDSHAKE), 0x00, 0x00, 0x01,
448 T0_INT1(BR_ERR_BAD_HELLO_DONE), 0x00, 0x00, 0x01,
449 T0_INT1(BR_ERR_BAD_PARAM), 0x00, 0x00, 0x01,
450 T0_INT1(BR_ERR_BAD_SECRENEG), 0x00, 0x00, 0x01,
451 T0_INT1(BR_ERR_BAD_SNI), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_BAD_VERSION),
452 0x00, 0x00, 0x01, T0_INT1(BR_ERR_EXTRA_EXTENSION), 0x00, 0x00, 0x01,
453 T0_INT1(BR_ERR_INVALID_ALGORITHM), 0x00, 0x00, 0x01,
454 T0_INT1(BR_ERR_LIMIT_EXCEEDED), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OK),
455 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OVERSIZED_ID), 0x00, 0x00, 0x01,
456 T0_INT1(BR_ERR_RESUME_MISMATCH), 0x00, 0x00, 0x01,
457 T0_INT1(BR_ERR_UNEXPECTED), 0x00, 0x00, 0x01,
458 T0_INT1(BR_ERR_UNSUPPORTED_VERSION), 0x00, 0x00, 0x01,
459 T0_INT1(BR_ERR_WRONG_KEY_USAGE), 0x00, 0x00, 0x01,
460 T0_INT2(offsetof(br_ssl_engine_context, action)), 0x00, 0x00, 0x01,
461 T0_INT2(offsetof(br_ssl_engine_context, alert)), 0x00, 0x00, 0x01,
462 T0_INT2(offsetof(br_ssl_engine_context, application_data)), 0x00, 0x00,
463 0x01, T0_INT2(offsetof(br_ssl_client_context, auth_type)), 0x00, 0x00,
464 0x01,
465 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, cipher_suite)),
466 0x00, 0x00, 0x01,
467 T0_INT2(offsetof(br_ssl_engine_context, client_random)), 0x00, 0x00,
468 0x01, T0_INT2(offsetof(br_ssl_engine_context, close_received)), 0x00,
469 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_curve)),
470 0x00, 0x00, 0x01,
471 T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point)), 0x00, 0x00,
472 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point_len)), 0x00,
473 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, flags)), 0x00,
474 0x00, 0x01, T0_INT2(offsetof(br_ssl_client_context, hash_id)), 0x00,
475 0x00, 0x01, T0_INT2(offsetof(br_ssl_client_context, hashes)), 0x00,
476 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, log_max_frag_len)),
477 0x00, 0x00, 0x01,
478 T0_INT2(offsetof(br_ssl_client_context, min_clienthello_len)), 0x00,
479 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, pad)), 0x00, 0x00,
480 0x01, T0_INT2(offsetof(br_ssl_engine_context, record_type_in)), 0x00,
481 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, record_type_out)),
482 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, reneg)),
483 0x00, 0x00, 0x01,
484 T0_INT2(offsetof(br_ssl_engine_context, saved_finished)), 0x00, 0x00,
485 0x01, T0_INT2(offsetof(br_ssl_engine_context, server_name)), 0x00,
486 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, server_random)),
487 0x00, 0x00, 0x01,
488 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id)),
489 0x00, 0x00, 0x01,
490 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id_len)),
491 0x00, 0x00, 0x01,
492 T0_INT2(offsetof(br_ssl_engine_context, shutdown_recv)), 0x00, 0x00,
493 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_buf)), 0x00, 0x00,
494 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_num)), 0x00, 0x00,
495 0x01,
496 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, version)),
497 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_in)),
498 0x00, 0x00, 0x01,
499 T0_INT2(offsetof(br_ssl_engine_context, version_max)), 0x00, 0x00,
500 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_min)), 0x00,
501 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_out)),
502 0x00, 0x00, 0x09, 0x25, 0x50, 0x06, 0x02, 0x60, 0x26, 0x00, 0x00, 0x06,
503 0x08, 0x2A, 0x0E, 0x05, 0x02, 0x69, 0x26, 0x04, 0x01, 0x3A, 0x00, 0x00,
504 0x01, 0x01, 0x00, 0x01, 0x03, 0x00, 0x81, 0x0F, 0x25, 0x56, 0x41, 0x81,
505 0x13, 0x25, 0x05, 0x04, 0x58, 0x01, 0x00, 0x00, 0x02, 0x00, 0x0E, 0x06,
506 0x03, 0x81, 0x13, 0x00, 0x56, 0x04, 0x69, 0x00, 0x06, 0x02, 0x60, 0x26,
507 0x00, 0x00, 0x25, 0x81, 0x00, 0x41, 0x05, 0x03, 0x01, 0x0C, 0x08, 0x41,
508 0x71, 0x2A, 0x81, 0x21, 0x1C, 0x7C, 0x01, 0x0C, 0x2F, 0x00, 0x00, 0x25,
509 0x1E, 0x01, 0x08, 0x0B, 0x41, 0x54, 0x1E, 0x08, 0x00, 0x01, 0x03, 0x00,
510 0x01, 0x00, 0x6F, 0x3B, 0x27, 0x1A, 0x34, 0x06, 0x08, 0x02, 0x00, 0x81,
511 0x43, 0x03, 0x00, 0x04, 0x74, 0x01, 0x00, 0x81, 0x3A, 0x02, 0x00, 0x25,
512 0x1A, 0x17, 0x06, 0x02, 0x67, 0x26, 0x81, 0x43, 0x04, 0x75, 0x01, 0x01,
513 0x00, 0x6F, 0x3B, 0x01, 0x16, 0x7E, 0x3B, 0x32, 0x81, 0x49, 0x27, 0x81,
514 0x29, 0x06, 0x0B, 0x01, 0x7F, 0x81, 0x24, 0x01, 0x7F, 0x81, 0x46, 0x04,
515 0x80, 0x62, 0x81, 0x26, 0x71, 0x2A, 0x81, 0x17, 0x01,
516 T0_INT1(BR_KEYTYPE_SIGN), 0x17, 0x06, 0x02, 0x81, 0x2A, 0x81, 0x2D,
517 0x25, 0x01, 0x0D, 0x0E, 0x06, 0x09, 0x24, 0x81, 0x2C, 0x81, 0x2D, 0x01,
518 0x7F, 0x04, 0x02, 0x01, 0x00, 0x03, 0x00, 0x01, 0x0E, 0x0E, 0x05, 0x02,
519 0x6A, 0x26, 0x06, 0x02, 0x5F, 0x26, 0x31, 0x06, 0x02, 0x6A, 0x26, 0x02,
520 0x00, 0x06, 0x22, 0x81, 0x47, 0x78, 0x2C, 0x01, 0x81, 0x7F, 0x0E, 0x06,
521 0x10, 0x24, 0x01, 0x10, 0x81, 0x52, 0x01, 0x00, 0x81, 0x51, 0x71, 0x2A,
522 0x81, 0x21, 0x23, 0x04, 0x06, 0x81, 0x4A, 0x06, 0x02, 0x81, 0x48, 0x04,
523 0x02, 0x81, 0x4A, 0x01, 0x7F, 0x81, 0x46, 0x01, 0x7F, 0x81, 0x24, 0x01,
524 0x01, 0x6F, 0x3B, 0x01, 0x17, 0x7E, 0x3B, 0x00, 0x00, 0x36, 0x36, 0x00,
525 0x00, 0x81, 0x10, 0x01, 0x0C, 0x11, 0x01, 0x00, 0x36, 0x0E, 0x06, 0x05,
526 0x24, 0x01, T0_INT1(BR_KEYTYPE_RSA | BR_KEYTYPE_KEYX), 0x04, 0x30,
527 0x01, 0x01, 0x36, 0x0E, 0x06, 0x05, 0x24, 0x01,
528 T0_INT1(BR_KEYTYPE_RSA | BR_KEYTYPE_SIGN), 0x04, 0x25, 0x01, 0x02,
529 0x36, 0x0E, 0x06, 0x05, 0x24, 0x01,
530 T0_INT1(BR_KEYTYPE_EC | BR_KEYTYPE_SIGN), 0x04, 0x1A, 0x01, 0x03,
531 0x36, 0x0E, 0x06, 0x05, 0x24, 0x01,
532 T0_INT1(BR_KEYTYPE_EC | BR_KEYTYPE_KEYX), 0x04, 0x0F, 0x01, 0x04,
533 0x36, 0x0E, 0x06, 0x05, 0x24, 0x01,
534 T0_INT1(BR_KEYTYPE_EC | BR_KEYTYPE_KEYX), 0x04, 0x04, 0x01, 0x00,
535 0x41, 0x24, 0x00, 0x00, 0x7A, 0x2C, 0x01, 0x0E, 0x0E, 0x06, 0x04, 0x01,
536 0x00, 0x04, 0x02, 0x01, 0x05, 0x00, 0x00, 0x3D, 0x06, 0x04, 0x01, 0x06,
537 0x04, 0x02, 0x01, 0x00, 0x00, 0x00, 0x7F, 0x2C, 0x25, 0x06, 0x08, 0x01,
538 0x01, 0x09, 0x01, 0x11, 0x07, 0x04, 0x03, 0x24, 0x01, 0x05, 0x00, 0x01,
539 0x3E, 0x03, 0x00, 0x24, 0x01, 0x00, 0x40, 0x06, 0x03, 0x02, 0x00, 0x08,
540 0x3F, 0x06, 0x03, 0x02, 0x00, 0x08, 0x25, 0x06, 0x06, 0x01, 0x01, 0x0B,
541 0x01, 0x06, 0x08, 0x00, 0x00, 0x81, 0x01, 0x3C, 0x25, 0x06, 0x03, 0x01,
542 0x09, 0x08, 0x00, 0x01, 0x3D, 0x25, 0x06, 0x1E, 0x01, 0x00, 0x03, 0x00,
543 0x25, 0x06, 0x0E, 0x25, 0x01, 0x01, 0x17, 0x02, 0x00, 0x08, 0x03, 0x00,
544 0x01, 0x01, 0x11, 0x04, 0x6F, 0x24, 0x02, 0x00, 0x01, 0x01, 0x0B, 0x01,
545 0x06, 0x08, 0x00, 0x00, 0x77, 0x2B, 0x41, 0x11, 0x01, 0x01, 0x17, 0x33,
546 0x00, 0x00, 0x81, 0x15, 0x81, 0x42, 0x25, 0x01, 0x07, 0x17, 0x01, 0x00,
547 0x36, 0x0E, 0x06, 0x0A, 0x24, 0x01, 0x10, 0x17, 0x06, 0x02, 0x81, 0x15,
548 0x04, 0x32, 0x01, 0x01, 0x36, 0x0E, 0x06, 0x29, 0x24, 0x24, 0x01, 0x00,
549 0x6F, 0x3B, 0x81, 0x28, 0x7F, 0x2C, 0x01, 0x01, 0x0E, 0x01, 0x01, 0x81,
550 0x1E, 0x35, 0x06, 0x11, 0x27, 0x1A, 0x34, 0x06, 0x05, 0x81, 0x42, 0x24,
551 0x04, 0x77, 0x01, 0x80, 0x64, 0x81, 0x3A, 0x04, 0x02, 0x81, 0x15, 0x04,
552 0x03, 0x6A, 0x26, 0x24, 0x04, 0xFF, 0x35, 0x01, 0x25, 0x03, 0x00, 0x09,
553 0x25, 0x50, 0x06, 0x02, 0x60, 0x26, 0x02, 0x00, 0x00, 0x00, 0x81, 0x10,
554 0x01, 0x0F, 0x17, 0x00, 0x00, 0x6E, 0x2C, 0x01, 0x00, 0x36, 0x0E, 0x06,
555 0x10, 0x24, 0x25, 0x01, 0x01, 0x0D, 0x06, 0x03, 0x24, 0x01, 0x02, 0x6E,
556 0x3B, 0x01, 0x00, 0x04, 0x22, 0x01, 0x01, 0x36, 0x0E, 0x06, 0x15, 0x24,
557 0x01, 0x00, 0x6E, 0x3B, 0x25, 0x01, 0x80, 0x64, 0x0E, 0x06, 0x05, 0x01,
558 0x82, 0x00, 0x08, 0x26, 0x52, 0x00, 0x04, 0x07, 0x24, 0x01, 0x82, 0x00,
559 0x08, 0x26, 0x24, 0x00, 0x00, 0x01, 0x00, 0x2D, 0x06, 0x06, 0x38, 0x81,
560 0x22, 0x35, 0x04, 0x77, 0x25, 0x06, 0x05, 0x01, 0x01, 0x81, 0x05, 0x3B,
561 0x00, 0x00, 0x2D, 0x06, 0x0B, 0x7D, 0x2C, 0x01, 0x14, 0x0D, 0x06, 0x02,
562 0x6A, 0x26, 0x04, 0x12, 0x81, 0x42, 0x01, 0x07, 0x17, 0x25, 0x01, 0x02,
563 0x0D, 0x06, 0x06, 0x06, 0x02, 0x6A, 0x26, 0x04, 0x6F, 0x24, 0x81, 0x37,
564 0x01, 0x01, 0x0D, 0x31, 0x35, 0x06, 0x02, 0x59, 0x26, 0x25, 0x01, 0x01,
565 0x81, 0x3D, 0x34, 0x81, 0x27, 0x00, 0x01, 0x81, 0x2D, 0x01, 0x0B, 0x0E,
566 0x05, 0x02, 0x6A, 0x26, 0x25, 0x01, 0x03, 0x0E, 0x06, 0x09, 0x81, 0x35,
567 0x06, 0x02, 0x60, 0x26, 0x41, 0x24, 0x00, 0x41, 0x4F, 0x81, 0x35, 0x81,
568 0x20, 0x25, 0x06, 0x27, 0x81, 0x35, 0x81, 0x20, 0x25, 0x4E, 0x25, 0x06,
569 0x19, 0x25, 0x01, 0x82, 0x00, 0x0F, 0x06, 0x05, 0x01, 0x82, 0x00, 0x04,
570 0x01, 0x25, 0x03, 0x00, 0x7C, 0x02, 0x00, 0x81, 0x2B, 0x02, 0x00, 0x4B,
571 0x04, 0x64, 0x81, 0x11, 0x4C, 0x04, 0x56, 0x81, 0x11, 0x81, 0x11, 0x4D,
572 0x25, 0x06, 0x02, 0x33, 0x00, 0x24, 0x29, 0x00, 0x00, 0x71, 0x2A, 0x81,
573 0x17, 0x01, 0x7F, 0x81, 0x25, 0x25, 0x50, 0x06, 0x02, 0x33, 0x26, 0x25,
574 0x05, 0x02, 0x6A, 0x26, 0x36, 0x17, 0x0D, 0x06, 0x02, 0x6C, 0x26, 0x39,
575 0x00, 0x00, 0x81, 0x12, 0x81, 0x2D, 0x01, 0x14, 0x0D, 0x06, 0x02, 0x6A,
576 0x26, 0x7C, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0x81, 0x2B, 0x81, 0x11, 0x7C,
577 0x25, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0x2E, 0x05, 0x02, 0x5C, 0x26, 0x00,
578 0x00, 0x81, 0x2E, 0x06, 0x02, 0x6A, 0x26, 0x06, 0x02, 0x5E, 0x26, 0x00,
579 0x09, 0x81, 0x2D, 0x01, 0x02, 0x0E, 0x05, 0x02, 0x6A, 0x26, 0x81, 0x34,
580 0x03, 0x00, 0x02, 0x00, 0x81, 0x0B, 0x2A, 0x0A, 0x02, 0x00, 0x81, 0x0A,
581 0x2A, 0x0F, 0x35, 0x06, 0x02, 0x6B, 0x26, 0x02, 0x00, 0x81, 0x09, 0x2A,
582 0x0D, 0x06, 0x02, 0x63, 0x26, 0x02, 0x00, 0x81, 0x0C, 0x3A, 0x81, 0x02,
583 0x01, 0x20, 0x81, 0x2B, 0x01, 0x00, 0x03, 0x01, 0x81, 0x36, 0x03, 0x02,
584 0x02, 0x02, 0x01, 0x20, 0x0F, 0x06, 0x02, 0x68, 0x26, 0x7C, 0x02, 0x02,
585 0x81, 0x2B, 0x02, 0x02, 0x81, 0x04, 0x2C, 0x0E, 0x02, 0x02, 0x01, 0x00,
586 0x0F, 0x17, 0x06, 0x0C, 0x81, 0x03, 0x7C, 0x02, 0x02, 0x2E, 0x06, 0x04,
587 0x01, 0x7F, 0x03, 0x01, 0x81, 0x03, 0x7C, 0x02, 0x02, 0x2F, 0x02, 0x02,
588 0x81, 0x04, 0x3B, 0x02, 0x00, 0x81, 0x08, 0x02, 0x01, 0x81, 0x0E, 0x81,
589 0x34, 0x25, 0x81, 0x38, 0x50, 0x06, 0x02, 0x5A, 0x26, 0x71, 0x02, 0x01,
590 0x81, 0x0E, 0x81, 0x36, 0x06, 0x02, 0x5B, 0x26, 0x25, 0x06, 0x81, 0x3E,
591 0x81, 0x34, 0x81, 0x20, 0x81, 0x1C, 0x03, 0x03, 0x81, 0x1A, 0x03, 0x04,
592 0x81, 0x18, 0x03, 0x05, 0x81, 0x1B, 0x03, 0x06, 0x81, 0x1D, 0x03, 0x07,
593 0x81, 0x19, 0x03, 0x08, 0x25, 0x06, 0x81, 0x0B, 0x81, 0x34, 0x01, 0x00,
594 0x36, 0x0E, 0x06, 0x10, 0x24, 0x02, 0x03, 0x05, 0x02, 0x64, 0x26, 0x01,
595 0x00, 0x03, 0x03, 0x81, 0x33, 0x04, 0x80, 0x70, 0x01, 0x01, 0x36, 0x0E,
596 0x06, 0x10, 0x24, 0x02, 0x05, 0x05, 0x02, 0x64, 0x26, 0x01, 0x00, 0x03,
597 0x05, 0x81, 0x31, 0x04, 0x80, 0x5A, 0x01, 0x83, 0xFE, 0x01, 0x36, 0x0E,
598 0x06, 0x10, 0x24, 0x02, 0x04, 0x05, 0x02, 0x64, 0x26, 0x01, 0x00, 0x03,
599 0x04, 0x81, 0x32, 0x04, 0x80, 0x42, 0x01, 0x0D, 0x36, 0x0E, 0x06, 0x0F,
600 0x24, 0x02, 0x06, 0x05, 0x02, 0x64, 0x26, 0x01, 0x00, 0x03, 0x06, 0x81,
601 0x2F, 0x04, 0x2D, 0x01, 0x0A, 0x36, 0x0E, 0x06, 0x0F, 0x24, 0x02, 0x07,
602 0x05, 0x02, 0x64, 0x26, 0x01, 0x00, 0x03, 0x07, 0x81, 0x2F, 0x04, 0x18,
603 0x01, 0x0B, 0x36, 0x0E, 0x06, 0x0F, 0x24, 0x02, 0x08, 0x05, 0x02, 0x64,
604 0x26, 0x01, 0x00, 0x03, 0x08, 0x81, 0x2F, 0x04, 0x03, 0x64, 0x26, 0x24,
605 0x04, 0xFE, 0x71, 0x02, 0x04, 0x06, 0x0D, 0x02, 0x04, 0x01, 0x05, 0x0F,
606 0x06, 0x02, 0x61, 0x26, 0x01, 0x01, 0x7F, 0x3B, 0x81, 0x11, 0x81, 0x11,
607 0x02, 0x01, 0x00, 0x04, 0x81, 0x2D, 0x01, 0x0C, 0x0E, 0x05, 0x02, 0x6A,
608 0x26, 0x81, 0x36, 0x01, 0x03, 0x0E, 0x05, 0x02, 0x65, 0x26, 0x81, 0x34,
609 0x25, 0x74, 0x3B, 0x25, 0x01, 0x20, 0x10, 0x06, 0x02, 0x65, 0x26, 0x3D,
610 0x41, 0x11, 0x01, 0x01, 0x17, 0x05, 0x02, 0x65, 0x26, 0x81, 0x36, 0x25,
611 0x01, 0x81, 0x05, 0x0F, 0x06, 0x02, 0x65, 0x26, 0x25, 0x76, 0x3B, 0x75,
612 0x41, 0x81, 0x2B, 0x81, 0x08, 0x2A, 0x01, 0x86, 0x03, 0x10, 0x03, 0x00,
613 0x71, 0x2A, 0x81, 0x40, 0x03, 0x01, 0x01, 0x02, 0x03, 0x02, 0x02, 0x00,
614 0x06, 0x23, 0x81, 0x36, 0x25, 0x25, 0x01, 0x02, 0x0A, 0x41, 0x01, 0x06,
615 0x0F, 0x35, 0x06, 0x02, 0x65, 0x26, 0x03, 0x02, 0x81, 0x36, 0x02, 0x01,
616 0x01, 0x01, 0x0B, 0x01, 0x03, 0x08, 0x0E, 0x05, 0x02, 0x65, 0x26, 0x04,
617 0x08, 0x02, 0x01, 0x06, 0x04, 0x01, 0x00, 0x03, 0x02, 0x81, 0x34, 0x25,
618 0x03, 0x03, 0x25, 0x01, 0x84, 0x00, 0x0F, 0x06, 0x02, 0x66, 0x26, 0x7C,
619 0x41, 0x81, 0x2B, 0x02, 0x02, 0x02, 0x01, 0x02, 0x03, 0x48, 0x25, 0x06,
620 0x01, 0x26, 0x24, 0x81, 0x11, 0x00, 0x02, 0x03, 0x00, 0x03, 0x01, 0x02,
621 0x00, 0x81, 0x0D, 0x02, 0x01, 0x02, 0x00, 0x37, 0x25, 0x01, 0x00, 0x0E,
622 0x06, 0x02, 0x58, 0x00, 0x81, 0x44, 0x04, 0x73, 0x02, 0x01, 0x00, 0x03,
623 0x00, 0x81, 0x36, 0x81, 0x20, 0x25, 0x06, 0x80, 0x44, 0x81, 0x36, 0x01,
624 0x01, 0x36, 0x0E, 0x06, 0x06, 0x24, 0x01, 0x81, 0x7F, 0x04, 0x2E, 0x01,
625 0x80, 0x40, 0x36, 0x0E, 0x06, 0x07, 0x24, 0x01, 0x83, 0xFE, 0x00, 0x04,
626 0x20, 0x01, 0x80, 0x41, 0x36, 0x0E, 0x06, 0x07, 0x24, 0x01, 0x84, 0x80,
627 0x00, 0x04, 0x12, 0x01, 0x80, 0x42, 0x36, 0x0E, 0x06, 0x07, 0x24, 0x01,
628 0x88, 0x80, 0x00, 0x04, 0x04, 0x01, 0x00, 0x41, 0x24, 0x02, 0x00, 0x35,
629 0x03, 0x00, 0x04, 0xFF, 0x38, 0x81, 0x11, 0x71, 0x2A, 0x81, 0x3E, 0x05,
630 0x09, 0x02, 0x00, 0x01, 0x83, 0xFF, 0x7F, 0x17, 0x03, 0x00, 0x81, 0x08,
631 0x2A, 0x01, 0x86, 0x03, 0x10, 0x06, 0x3B, 0x81, 0x30, 0x25, 0x79, 0x3A,
632 0x3E, 0x24, 0x25, 0x01, 0x08, 0x0B, 0x35, 0x01, 0x8C, 0x80, 0x00, 0x35,
633 0x17, 0x02, 0x00, 0x17, 0x02, 0x00, 0x01, 0x8C, 0x80, 0x00, 0x17, 0x06,
634 0x19, 0x25, 0x01, 0x81, 0x7F, 0x17, 0x06, 0x05, 0x01, 0x84, 0x80, 0x00,
635 0x35, 0x25, 0x01, 0x83, 0xFE, 0x00, 0x17, 0x06, 0x05, 0x01, 0x88, 0x80,
636 0x00, 0x35, 0x03, 0x00, 0x04, 0x09, 0x02, 0x00, 0x01, 0x8C, 0x88, 0x01,
637 0x17, 0x03, 0x00, 0x16, 0x81, 0x34, 0x81, 0x20, 0x25, 0x06, 0x27, 0x81,
638 0x34, 0x81, 0x20, 0x25, 0x15, 0x25, 0x06, 0x19, 0x25, 0x01, 0x82, 0x00,
639 0x0F, 0x06, 0x05, 0x01, 0x82, 0x00, 0x04, 0x01, 0x25, 0x03, 0x01, 0x7C,
640 0x02, 0x01, 0x81, 0x2B, 0x02, 0x01, 0x12, 0x04, 0x64, 0x81, 0x11, 0x13,
641 0x04, 0x56, 0x81, 0x11, 0x14, 0x81, 0x11, 0x02, 0x00, 0x28, 0x00, 0x00,
642 0x81, 0x2E, 0x25, 0x52, 0x06, 0x07, 0x24, 0x06, 0x02, 0x5E, 0x26, 0x04,
643 0x73, 0x00, 0x00, 0x81, 0x37, 0x01, 0x03, 0x81, 0x35, 0x41, 0x24, 0x41,
644 0x00, 0x00, 0x81, 0x34, 0x81, 0x3B, 0x00, 0x03, 0x01, 0x00, 0x03, 0x00,
645 0x81, 0x34, 0x81, 0x20, 0x25, 0x06, 0x34, 0x81, 0x36, 0x03, 0x01, 0x81,
646 0x36, 0x03, 0x02, 0x02, 0x01, 0x01, 0x02, 0x10, 0x02, 0x01, 0x01, 0x06,
647 0x0C, 0x17, 0x02, 0x02, 0x01, 0x01, 0x0E, 0x02, 0x02, 0x01, 0x03, 0x0E,
648 0x35, 0x17, 0x06, 0x11, 0x02, 0x00, 0x01, 0x01, 0x02, 0x02, 0x55, 0x01,
649 0x02, 0x0B, 0x02, 0x01, 0x08, 0x0B, 0x35, 0x03, 0x00, 0x04, 0x49, 0x81,
650 0x11, 0x02, 0x00, 0x00, 0x00, 0x81, 0x34, 0x01, 0x01, 0x0E, 0x05, 0x02,
651 0x5D, 0x26, 0x81, 0x36, 0x01, 0x08, 0x08, 0x7A, 0x2C, 0x0E, 0x05, 0x02,
652 0x5D, 0x26, 0x00, 0x00, 0x81, 0x34, 0x7F, 0x2C, 0x05, 0x16, 0x01, 0x01,
653 0x0E, 0x05, 0x02, 0x61, 0x26, 0x81, 0x36, 0x01, 0x00, 0x0E, 0x05, 0x02,
654 0x61, 0x26, 0x01, 0x02, 0x7F, 0x3B, 0x04, 0x1F, 0x01, 0x19, 0x0E, 0x05,
655 0x02, 0x61, 0x26, 0x81, 0x36, 0x01, 0x18, 0x0E, 0x05, 0x02, 0x61, 0x26,
656 0x7C, 0x01, 0x18, 0x81, 0x2B, 0x81, 0x00, 0x7C, 0x01, 0x18, 0x2E, 0x05,
657 0x02, 0x61, 0x26, 0x00, 0x00, 0x81, 0x34, 0x06, 0x02, 0x62, 0x26, 0x00,
658 0x00, 0x01, 0x02, 0x81, 0x0D, 0x81, 0x37, 0x01, 0x08, 0x0B, 0x81, 0x37,
659 0x08, 0x00, 0x00, 0x01, 0x03, 0x81, 0x0D, 0x81, 0x37, 0x01, 0x08, 0x0B,
660 0x81, 0x37, 0x08, 0x01, 0x08, 0x0B, 0x81, 0x37, 0x08, 0x00, 0x00, 0x01,
661 0x01, 0x81, 0x0D, 0x81, 0x37, 0x00, 0x00, 0x38, 0x25, 0x50, 0x05, 0x01,
662 0x00, 0x24, 0x81, 0x44, 0x04, 0x75, 0x02, 0x03, 0x00, 0x81, 0x07, 0x2C,
663 0x03, 0x01, 0x01, 0x00, 0x25, 0x02, 0x01, 0x0A, 0x06, 0x11, 0x25, 0x01,
664 0x01, 0x0B, 0x81, 0x06, 0x08, 0x2A, 0x02, 0x00, 0x0E, 0x06, 0x01, 0x00,
665 0x54, 0x04, 0x69, 0x24, 0x01, 0x7F, 0x00, 0x00, 0x01, 0x15, 0x7E, 0x3B,
666 0x41, 0x4A, 0x24, 0x4A, 0x24, 0x27, 0x00, 0x00, 0x01, 0x01, 0x41, 0x81,
667 0x39, 0x00, 0x00, 0x41, 0x36, 0x81, 0x0D, 0x41, 0x25, 0x06, 0x06, 0x81,
668 0x37, 0x24, 0x55, 0x04, 0x77, 0x24, 0x00, 0x00, 0x25, 0x01, 0x81, 0xAC,
669 0x00, 0x0E, 0x06, 0x04, 0x24, 0x01, 0x7F, 0x00, 0x81, 0x10, 0x51, 0x00,
670 0x02, 0x03, 0x00, 0x71, 0x2A, 0x81, 0x10, 0x03, 0x01, 0x02, 0x01, 0x01,
671 0x0F, 0x17, 0x02, 0x01, 0x01, 0x04, 0x11, 0x01, 0x0F, 0x17, 0x02, 0x01,
672 0x01, 0x08, 0x11, 0x01, 0x0F, 0x17, 0x01, 0x00, 0x36, 0x0E, 0x06, 0x10,
673 0x24, 0x01, 0x00, 0x01, 0x18, 0x02, 0x00, 0x06, 0x03, 0x44, 0x04, 0x01,
674 0x45, 0x04, 0x80, 0x56, 0x01, 0x01, 0x36, 0x0E, 0x06, 0x10, 0x24, 0x01,
675 0x01, 0x01, 0x10, 0x02, 0x00, 0x06, 0x03, 0x44, 0x04, 0x01, 0x45, 0x04,
676 0x80, 0x40, 0x01, 0x02, 0x36, 0x0E, 0x06, 0x0F, 0x24, 0x01, 0x01, 0x01,
677 0x20, 0x02, 0x00, 0x06, 0x03, 0x44, 0x04, 0x01, 0x45, 0x04, 0x2B, 0x01,
678 0x03, 0x36, 0x0E, 0x06, 0x0E, 0x24, 0x24, 0x01, 0x10, 0x02, 0x00, 0x06,
679 0x03, 0x42, 0x04, 0x01, 0x43, 0x04, 0x17, 0x01, 0x04, 0x36, 0x0E, 0x06,
680 0x0E, 0x24, 0x24, 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x42, 0x04, 0x01,
681 0x43, 0x04, 0x03, 0x60, 0x26, 0x24, 0x00, 0x00, 0x81, 0x10, 0x01, 0x0C,
682 0x11, 0x01, 0x02, 0x0F, 0x00, 0x00, 0x81, 0x10, 0x01, 0x0C, 0x11, 0x25,
683 0x53, 0x41, 0x01, 0x03, 0x0A, 0x17, 0x00, 0x00, 0x81, 0x10, 0x01, 0x0C,
684 0x11, 0x01, 0x01, 0x0E, 0x00, 0x00, 0x81, 0x10, 0x01, 0x0C, 0x11, 0x52,
685 0x00, 0x00, 0x1B, 0x01, 0x00, 0x6D, 0x2C, 0x25, 0x06, 0x20, 0x01, 0x01,
686 0x36, 0x0E, 0x06, 0x07, 0x24, 0x01, 0x00, 0x81, 0x14, 0x04, 0x11, 0x01,
687 0x02, 0x36, 0x0E, 0x06, 0x0A, 0x24, 0x6F, 0x2C, 0x06, 0x03, 0x01, 0x10,
688 0x35, 0x04, 0x01, 0x24, 0x04, 0x01, 0x24, 0x73, 0x2C, 0x05, 0x35, 0x2D,
689 0x06, 0x32, 0x7D, 0x2C, 0x01, 0x14, 0x36, 0x0E, 0x06, 0x06, 0x24, 0x01,
690 0x02, 0x35, 0x04, 0x24, 0x01, 0x15, 0x36, 0x0E, 0x06, 0x0B, 0x24, 0x81,
691 0x23, 0x06, 0x04, 0x01, 0x7F, 0x81, 0x14, 0x04, 0x13, 0x01, 0x16, 0x36,
692 0x0E, 0x06, 0x06, 0x24, 0x01, 0x01, 0x35, 0x04, 0x07, 0x24, 0x01, 0x04,
693 0x35, 0x01, 0x00, 0x24, 0x1A, 0x06, 0x03, 0x01, 0x08, 0x35, 0x00, 0x00,
694 0x1B, 0x25, 0x05, 0x10, 0x2D, 0x06, 0x0D, 0x7D, 0x2C, 0x01, 0x15, 0x0E,
695 0x06, 0x05, 0x24, 0x81, 0x23, 0x04, 0x01, 0x1F, 0x00, 0x00, 0x81, 0x42,
696 0x01, 0x07, 0x17, 0x01, 0x01, 0x0F, 0x06, 0x02, 0x6A, 0x26, 0x00, 0x01,
697 0x03, 0x00, 0x27, 0x1A, 0x06, 0x05, 0x02, 0x00, 0x7E, 0x3B, 0x00, 0x81,
698 0x42, 0x24, 0x04, 0x73, 0x00, 0x01, 0x14, 0x81, 0x45, 0x01, 0x01, 0x81,
699 0x52, 0x27, 0x25, 0x01, 0x00, 0x81, 0x3D, 0x01, 0x16, 0x81, 0x45, 0x81,
700 0x4B, 0x27, 0x00, 0x00, 0x01, 0x0B, 0x81, 0x52, 0x46, 0x25, 0x25, 0x01,
701 0x03, 0x08, 0x81, 0x51, 0x81, 0x51, 0x18, 0x25, 0x50, 0x06, 0x02, 0x24,
702 0x00, 0x81, 0x51, 0x1D, 0x25, 0x06, 0x06, 0x7C, 0x41, 0x81, 0x4C, 0x04,
703 0x76, 0x24, 0x04, 0x6A, 0x00, 0x20, 0x01, 0x0F, 0x81, 0x52, 0x25, 0x81,
704 0x08, 0x2A, 0x01, 0x86, 0x03, 0x10, 0x06, 0x0F, 0x01, 0x04, 0x08, 0x81,
705 0x51, 0x78, 0x2C, 0x81, 0x52, 0x70, 0x2C, 0x81, 0x52, 0x04, 0x03, 0x56,
706 0x81, 0x51, 0x25, 0x81, 0x50, 0x7C, 0x41, 0x81, 0x4C, 0x00, 0x02, 0x81,
707 0x1A, 0x81, 0x1C, 0x08, 0x81, 0x18, 0x08, 0x81, 0x1B, 0x08, 0x81, 0x1D,
708 0x08, 0x81, 0x19, 0x08, 0x03, 0x00, 0x01, 0x01, 0x81, 0x52, 0x01, 0x27,
709 0x81, 0x04, 0x2C, 0x08, 0x81, 0x07, 0x2C, 0x01, 0x01, 0x0B, 0x08, 0x02,
710 0x00, 0x06, 0x04, 0x56, 0x02, 0x00, 0x08, 0x7B, 0x2A, 0x36, 0x09, 0x25,
711 0x53, 0x06, 0x24, 0x02, 0x00, 0x05, 0x04, 0x41, 0x56, 0x41, 0x57, 0x01,
712 0x04, 0x09, 0x25, 0x50, 0x06, 0x03, 0x24, 0x01, 0x00, 0x25, 0x01, 0x04,
713 0x08, 0x02, 0x00, 0x08, 0x03, 0x00, 0x41, 0x01, 0x04, 0x08, 0x36, 0x08,
714 0x41, 0x04, 0x03, 0x24, 0x01, 0x7F, 0x03, 0x01, 0x81, 0x51, 0x81, 0x0A,
715 0x2A, 0x81, 0x50, 0x72, 0x01, 0x04, 0x19, 0x72, 0x01, 0x04, 0x08, 0x01,
716 0x1C, 0x30, 0x72, 0x01, 0x20, 0x81, 0x4C, 0x81, 0x03, 0x81, 0x04, 0x2C,
717 0x81, 0x4E, 0x81, 0x07, 0x2C, 0x25, 0x01, 0x01, 0x0B, 0x81, 0x50, 0x81,
718 0x06, 0x41, 0x25, 0x06, 0x11, 0x55, 0x36, 0x2A, 0x25, 0x81, 0x3C, 0x05,
719 0x02, 0x5A, 0x26, 0x81, 0x50, 0x41, 0x56, 0x41, 0x04, 0x6C, 0x58, 0x01,
720 0x01, 0x81, 0x52, 0x01, 0x00, 0x81, 0x52, 0x02, 0x00, 0x06, 0x81, 0x49,
721 0x02, 0x00, 0x81, 0x50, 0x81, 0x1A, 0x06, 0x13, 0x01, 0x83, 0xFE, 0x01,
722 0x81, 0x50, 0x81, 0x00, 0x81, 0x1A, 0x01, 0x04, 0x09, 0x25, 0x81, 0x50,
723 0x55, 0x81, 0x4E, 0x81, 0x1C, 0x06, 0x1D, 0x01, 0x00, 0x81, 0x50, 0x81,
724 0x01, 0x81, 0x1C, 0x01, 0x04, 0x09, 0x25, 0x81, 0x50, 0x01, 0x02, 0x09,
725 0x25, 0x81, 0x50, 0x01, 0x00, 0x81, 0x52, 0x01, 0x03, 0x09, 0x81, 0x4D,
726 0x81, 0x18, 0x06, 0x0F, 0x01, 0x01, 0x81, 0x50, 0x01, 0x01, 0x81, 0x50,
727 0x7A, 0x2C, 0x01, 0x08, 0x09, 0x81, 0x52, 0x81, 0x1B, 0x06, 0x1F, 0x01,
728 0x0D, 0x81, 0x50, 0x81, 0x1B, 0x01, 0x04, 0x09, 0x25, 0x81, 0x50, 0x01,
729 0x02, 0x09, 0x81, 0x50, 0x3F, 0x06, 0x04, 0x01, 0x03, 0x81, 0x4F, 0x40,
730 0x06, 0x04, 0x01, 0x01, 0x81, 0x4F, 0x81, 0x1D, 0x25, 0x06, 0x27, 0x01,
731 0x0A, 0x81, 0x50, 0x01, 0x04, 0x09, 0x25, 0x81, 0x50, 0x57, 0x81, 0x50,
732 0x3D, 0x01, 0x00, 0x25, 0x01, 0x20, 0x0A, 0x06, 0x0E, 0x81, 0x16, 0x11,
733 0x01, 0x01, 0x17, 0x06, 0x03, 0x25, 0x81, 0x50, 0x54, 0x04, 0x6C, 0x58,
734 0x04, 0x01, 0x24, 0x81, 0x19, 0x06, 0x0D, 0x01, 0x0B, 0x81, 0x50, 0x01,
735 0x02, 0x81, 0x50, 0x01, 0x82, 0x00, 0x81, 0x50, 0x02, 0x01, 0x50, 0x05,
736 0x14, 0x01, 0x15, 0x81, 0x50, 0x02, 0x01, 0x25, 0x81, 0x50, 0x25, 0x06,
737 0x07, 0x55, 0x01, 0x00, 0x81, 0x52, 0x04, 0x76, 0x24, 0x00, 0x00, 0x01,
738 0x10, 0x81, 0x52, 0x71, 0x2A, 0x25, 0x81, 0x41, 0x06, 0x10, 0x81, 0x21,
739 0x22, 0x25, 0x56, 0x81, 0x51, 0x25, 0x81, 0x50, 0x7C, 0x41, 0x81, 0x4C,
740 0x04, 0x12, 0x25, 0x81, 0x3F, 0x41, 0x81, 0x21, 0x21, 0x25, 0x54, 0x81,
741 0x51, 0x25, 0x81, 0x52, 0x7C, 0x41, 0x81, 0x4C, 0x00, 0x00, 0x81, 0x12,
742 0x01, 0x14, 0x81, 0x52, 0x01, 0x0C, 0x81, 0x51, 0x7C, 0x01, 0x0C, 0x81,
743 0x4C, 0x00, 0x00, 0x49, 0x25, 0x01, 0x00, 0x0E, 0x06, 0x02, 0x58, 0x00,
744 0x81, 0x42, 0x24, 0x04, 0x72, 0x00, 0x25, 0x81, 0x50, 0x81, 0x4C, 0x00,
745 0x00, 0x25, 0x81, 0x52, 0x81, 0x4C, 0x00, 0x01, 0x03, 0x00, 0x3E, 0x24,
746 0x25, 0x01, 0x10, 0x17, 0x06, 0x08, 0x01, 0x04, 0x81, 0x52, 0x02, 0x00,
747 0x81, 0x52, 0x25, 0x01, 0x08, 0x17, 0x06, 0x08, 0x01, 0x03, 0x81, 0x52,
748 0x02, 0x00, 0x81, 0x52, 0x25, 0x01, 0x20, 0x17, 0x06, 0x08, 0x01, 0x05,
749 0x81, 0x52, 0x02, 0x00, 0x81, 0x52, 0x25, 0x01, 0x80, 0x40, 0x17, 0x06,
750 0x08, 0x01, 0x06, 0x81, 0x52, 0x02, 0x00, 0x81, 0x52, 0x01, 0x04, 0x17,
751 0x06, 0x08, 0x01, 0x02, 0x81, 0x52, 0x02, 0x00, 0x81, 0x52, 0x00, 0x00,
752 0x25, 0x01, 0x08, 0x47, 0x81, 0x52, 0x81, 0x52, 0x00, 0x00, 0x25, 0x01,
753 0x10, 0x47, 0x81, 0x52, 0x81, 0x50, 0x00, 0x00, 0x25, 0x4A, 0x06, 0x02,
754 0x24, 0x00, 0x81, 0x42, 0x24, 0x04, 0x75
755 };
756
757 static const uint16_t t0_caddr[] = {
758 0,
759 5,
760 10,
761 15,
762 20,
763 25,
764 30,
765 35,
766 40,
767 44,
768 48,
769 52,
770 56,
771 60,
772 64,
773 68,
774 72,
775 76,
776 80,
777 84,
778 88,
779 92,
780 96,
781 100,
782 104,
783 108,
784 112,
785 116,
786 120,
787 124,
788 129,
789 134,
790 139,
791 144,
792 149,
793 154,
794 159,
795 164,
796 169,
797 174,
798 179,
799 184,
800 189,
801 194,
802 199,
803 204,
804 209,
805 214,
806 219,
807 224,
808 229,
809 234,
810 239,
811 244,
812 249,
813 254,
814 259,
815 264,
816 269,
817 274,
818 279,
819 284,
820 293,
821 306,
822 310,
823 338,
824 344,
825 365,
826 376,
827 413,
828 548,
829 552,
830 618,
831 633,
832 644,
833 662,
834 691,
835 702,
836 738,
837 748,
838 826,
839 840,
840 847,
841 907,
842 928,
843 981,
844 1067,
845 1096,
846 1131,
847 1143,
848 1482,
849 1641,
850 1667,
851 1898,
852 1913,
853 1924,
854 1930,
855 1999,
856 2022,
857 2083,
858 2091,
859 2105,
860 2125,
861 2133,
862 2145,
863 2182,
864 2194,
865 2201,
866 2218,
867 2235,
868 2374,
869 2384,
870 2398,
871 2408,
872 2416,
873 2522,
874 2544,
875 2558,
876 2575,
877 2598,
878 2635,
879 2677,
880 3049,
881 3096,
882 3113,
883 3128,
884 3135,
885 3142,
886 3218,
887 3228,
888 3238
889 };
890
891 #define T0_INTERPRETED 80
892
893 #define T0_ENTER(ip, rp, slot) do { \
894 const unsigned char *t0_newip; \
895 uint32_t t0_lnum; \
896 t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \
897 t0_lnum = t0_parse7E_unsigned(&t0_newip); \
898 (rp) += t0_lnum; \
899 *((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \
900 (ip) = t0_newip; \
901 } while (0)
902
903 #define T0_DEFENTRY(name, slot) \
904 void \
905 name(void *ctx) \
906 { \
907 t0_context *t0ctx = ctx; \
908 t0ctx->ip = &t0_codeblock[0]; \
909 T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \
910 }
911
912 T0_DEFENTRY(br_ssl_hs_client_init_main, 159)
913
914 void
915 br_ssl_hs_client_run(void *t0ctx)
916 {
917 uint32_t *dp, *rp;
918 const unsigned char *ip;
919
920 #define T0_LOCAL(x) (*(rp - 2 - (x)))
921 #define T0_POP() (*-- dp)
922 #define T0_POPi() (*(int32_t *)(-- dp))
923 #define T0_PEEK(x) (*(dp - 1 - (x)))
924 #define T0_PEEKi(x) (*(int32_t *)(dp - 1 - (x)))
925 #define T0_PUSH(v) do { *dp = (v); dp ++; } while (0)
926 #define T0_PUSHi(v) do { *(int32_t *)dp = (v); dp ++; } while (0)
927 #define T0_RPOP() (*-- rp)
928 #define T0_RPOPi() (*(int32_t *)(-- rp))
929 #define T0_RPUSH(v) do { *rp = (v); rp ++; } while (0)
930 #define T0_RPUSHi(v) do { *(int32_t *)rp = (v); rp ++; } while (0)
931 #define T0_ROLL(x) do { \
932 size_t t0len = (size_t)(x); \
933 uint32_t t0tmp = *(dp - 1 - t0len); \
934 memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \
935 *(dp - 1) = t0tmp; \
936 } while (0)
937 #define T0_SWAP() do { \
938 uint32_t t0tmp = *(dp - 2); \
939 *(dp - 2) = *(dp - 1); \
940 *(dp - 1) = t0tmp; \
941 } while (0)
942 #define T0_ROT() do { \
943 uint32_t t0tmp = *(dp - 3); \
944 *(dp - 3) = *(dp - 2); \
945 *(dp - 2) = *(dp - 1); \
946 *(dp - 1) = t0tmp; \
947 } while (0)
948 #define T0_NROT() do { \
949 uint32_t t0tmp = *(dp - 1); \
950 *(dp - 1) = *(dp - 2); \
951 *(dp - 2) = *(dp - 3); \
952 *(dp - 3) = t0tmp; \
953 } while (0)
954 #define T0_PICK(x) do { \
955 uint32_t t0depth = (x); \
956 T0_PUSH(T0_PEEK(t0depth)); \
957 } while (0)
958 #define T0_CO() do { \
959 goto t0_exit; \
960 } while (0)
961 #define T0_RET() break
962
963 dp = ((t0_context *)t0ctx)->dp;
964 rp = ((t0_context *)t0ctx)->rp;
965 ip = ((t0_context *)t0ctx)->ip;
966 for (;;) {
967 uint32_t t0x;
968
969 t0x = t0_parse7E_unsigned(&ip);
970 if (t0x < T0_INTERPRETED) {
971 switch (t0x) {
972 int32_t t0off;
973
974 case 0: /* ret */
975 t0x = T0_RPOP();
976 rp -= (t0x >> 16);
977 t0x &= 0xFFFF;
978 if (t0x == 0) {
979 ip = NULL;
980 goto t0_exit;
981 }
982 ip = &t0_codeblock[t0x];
983 break;
984 case 1: /* literal constant */
985 T0_PUSHi(t0_parse7E_signed(&ip));
986 break;
987 case 2: /* read local */
988 T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip)));
989 break;
990 case 3: /* write local */
991 T0_LOCAL(t0_parse7E_unsigned(&ip)) = T0_POP();
992 break;
993 case 4: /* jump */
994 t0off = t0_parse7E_signed(&ip);
995 ip += t0off;
996 break;
997 case 5: /* jump if */
998 t0off = t0_parse7E_signed(&ip);
999 if (T0_POP()) {
1000 ip += t0off;
1001 }
1002 break;
1003 case 6: /* jump if not */
1004 t0off = t0_parse7E_signed(&ip);
1005 if (!T0_POP()) {
1006 ip += t0off;
1007 }
1008 break;
1009 case 7: {
1010 /* * */
1011
1012 uint32_t b = T0_POP();
1013 uint32_t a = T0_POP();
1014 T0_PUSH(a * b);
1015
1016 }
1017 break;
1018 case 8: {
1019 /* + */
1020
1021 uint32_t b = T0_POP();
1022 uint32_t a = T0_POP();
1023 T0_PUSH(a + b);
1024
1025 }
1026 break;
1027 case 9: {
1028 /* - */
1029
1030 uint32_t b = T0_POP();
1031 uint32_t a = T0_POP();
1032 T0_PUSH(a - b);
1033
1034 }
1035 break;
1036 case 10: {
1037 /* < */
1038
1039 int32_t b = T0_POPi();
1040 int32_t a = T0_POPi();
1041 T0_PUSH(-(uint32_t)(a < b));
1042
1043 }
1044 break;
1045 case 11: {
1046 /* << */
1047
1048 int c = (int)T0_POPi();
1049 uint32_t x = T0_POP();
1050 T0_PUSH(x << c);
1051
1052 }
1053 break;
1054 case 12: {
1055 /* <= */
1056
1057 int32_t b = T0_POPi();
1058 int32_t a = T0_POPi();
1059 T0_PUSH(-(uint32_t)(a <= b));
1060
1061 }
1062 break;
1063 case 13: {
1064 /* <> */
1065
1066 uint32_t b = T0_POP();
1067 uint32_t a = T0_POP();
1068 T0_PUSH(-(uint32_t)(a != b));
1069
1070 }
1071 break;
1072 case 14: {
1073 /* = */
1074
1075 uint32_t b = T0_POP();
1076 uint32_t a = T0_POP();
1077 T0_PUSH(-(uint32_t)(a == b));
1078
1079 }
1080 break;
1081 case 15: {
1082 /* > */
1083
1084 int32_t b = T0_POPi();
1085 int32_t a = T0_POPi();
1086 T0_PUSH(-(uint32_t)(a > b));
1087
1088 }
1089 break;
1090 case 16: {
1091 /* >= */
1092
1093 int32_t b = T0_POPi();
1094 int32_t a = T0_POPi();
1095 T0_PUSH(-(uint32_t)(a >= b));
1096
1097 }
1098 break;
1099 case 17: {
1100 /* >> */
1101
1102 int c = (int)T0_POPi();
1103 int32_t x = T0_POPi();
1104 T0_PUSHi(x >> c);
1105
1106 }
1107 break;
1108 case 18: {
1109 /* anchor-dn-append-name */
1110
1111 size_t len;
1112
1113 len = T0_POP();
1114 if (CTX->client_auth_vtable != NULL) {
1115 (*CTX->client_auth_vtable)->append_name(
1116 CTX->client_auth_vtable, ENG->pad, len);
1117 }
1118
1119 }
1120 break;
1121 case 19: {
1122 /* anchor-dn-end-name */
1123
1124 if (CTX->client_auth_vtable != NULL) {
1125 (*CTX->client_auth_vtable)->end_name(
1126 CTX->client_auth_vtable);
1127 }
1128
1129 }
1130 break;
1131 case 20: {
1132 /* anchor-dn-end-name-list */
1133
1134 if (CTX->client_auth_vtable != NULL) {
1135 (*CTX->client_auth_vtable)->end_name_list(
1136 CTX->client_auth_vtable);
1137 }
1138
1139 }
1140 break;
1141 case 21: {
1142 /* anchor-dn-start-name */
1143
1144 size_t len;
1145
1146 len = T0_POP();
1147 if (CTX->client_auth_vtable != NULL) {
1148 (*CTX->client_auth_vtable)->start_name(
1149 CTX->client_auth_vtable, len);
1150 }
1151
1152 }
1153 break;
1154 case 22: {
1155 /* anchor-dn-start-name-list */
1156
1157 if (CTX->client_auth_vtable != NULL) {
1158 (*CTX->client_auth_vtable)->start_name_list(
1159 CTX->client_auth_vtable);
1160 }
1161
1162 }
1163 break;
1164 case 23: {
1165 /* and */
1166
1167 uint32_t b = T0_POP();
1168 uint32_t a = T0_POP();
1169 T0_PUSH(a & b);
1170
1171 }
1172 break;
1173 case 24: {
1174 /* begin-cert */
1175
1176 if (ENG->chain_len == 0) {
1177 T0_PUSHi(-1);
1178 } else {
1179 ENG->cert_cur = ENG->chain->data;
1180 ENG->cert_len = ENG->chain->data_len;
1181 ENG->chain ++;
1182 ENG->chain_len --;
1183 T0_PUSH(ENG->cert_len);
1184 }
1185
1186 }
1187 break;
1188 case 25: {
1189 /* bzero */
1190
1191 size_t len = (size_t)T0_POP();
1192 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
1193 memset(addr, 0, len);
1194
1195 }
1196 break;
1197 case 26: {
1198 /* can-output? */
1199
1200 T0_PUSHi(-(ENG->hlen_out > 0));
1201
1202 }
1203 break;
1204 case 27: {
1205 /* co */
1206 T0_CO();
1207 }
1208 break;
1209 case 28: {
1210 /* compute-Finished-inner */
1211
1212 int prf_id = T0_POP();
1213 int from_client = T0_POPi();
1214 unsigned char seed[48];
1215 size_t seed_len;
1216
1217 br_tls_prf_impl prf = br_ssl_engine_get_PRF(ENG, prf_id);
1218 if (ENG->session.version >= BR_TLS12) {
1219 seed_len = br_multihash_out(&ENG->mhash, prf_id, seed);
1220 } else {
1221 br_multihash_out(&ENG->mhash, br_md5_ID, seed);
1222 br_multihash_out(&ENG->mhash, br_sha1_ID, seed + 16);
1223 seed_len = 36;
1224 }
1225 prf(ENG->pad, 12, ENG->session.master_secret,
1226 sizeof ENG->session.master_secret,
1227 from_client ? "client finished" : "server finished",
1228 seed, seed_len);
1229
1230 }
1231 break;
1232 case 29: {
1233 /* copy-cert-chunk */
1234
1235 size_t clen;
1236
1237 clen = ENG->cert_len;
1238 if (clen > sizeof ENG->pad) {
1239 clen = sizeof ENG->pad;
1240 }
1241 memcpy(ENG->pad, ENG->cert_cur, clen);
1242 ENG->cert_cur += clen;
1243 ENG->cert_len -= clen;
1244 T0_PUSH(clen);
1245
1246 }
1247 break;
1248 case 30: {
1249 /* data-get8 */
1250
1251 size_t addr = T0_POP();
1252 T0_PUSH(t0_datablock[addr]);
1253
1254 }
1255 break;
1256 case 31: {
1257 /* discard-input */
1258
1259 ENG->hlen_in = 0;
1260
1261 }
1262 break;
1263 case 32: {
1264 /* do-client-sign */
1265
1266 size_t sig_len;
1267
1268 sig_len = make_client_sign(CTX);
1269 if (sig_len == 0) {
1270 br_ssl_engine_fail(ENG, BR_ERR_INVALID_ALGORITHM);
1271 T0_CO();
1272 }
1273 T0_PUSH(sig_len);
1274
1275 }
1276 break;
1277 case 33: {
1278 /* do-ecdh */
1279
1280 unsigned prf_id = T0_POP();
1281 unsigned ecdhe = T0_POP();
1282 int x;
1283
1284 x = make_pms_ecdh(CTX, ecdhe, prf_id);
1285 if (x < 0) {
1286 br_ssl_engine_fail(ENG, -x);
1287 T0_CO();
1288 } else {
1289 T0_PUSH(x);
1290 }
1291
1292 }
1293 break;
1294 case 34: {
1295 /* do-rsa-encrypt */
1296
1297 int x;
1298
1299 x = make_pms_rsa(CTX, T0_POP());
1300 if (x < 0) {
1301 br_ssl_engine_fail(ENG, -x);
1302 T0_CO();
1303 } else {
1304 T0_PUSH(x);
1305 }
1306
1307 }
1308 break;
1309 case 35: {
1310 /* do-static-ecdh */
1311
1312 unsigned prf_id = T0_POP();
1313
1314 if (make_pms_static_ecdh(CTX, prf_id) < 0) {
1315 br_ssl_engine_fail(ENG, BR_ERR_INVALID_ALGORITHM);
1316 T0_CO();
1317 }
1318
1319 }
1320 break;
1321 case 36: {
1322 /* drop */
1323 (void)T0_POP();
1324 }
1325 break;
1326 case 37: {
1327 /* dup */
1328 T0_PUSH(T0_PEEK(0));
1329 }
1330 break;
1331 case 38: {
1332 /* fail */
1333
1334 br_ssl_engine_fail(ENG, (int)T0_POPi());
1335 T0_CO();
1336
1337 }
1338 break;
1339 case 39: {
1340 /* flush-record */
1341
1342 br_ssl_engine_flush_record(ENG);
1343
1344 }
1345 break;
1346 case 40: {
1347 /* get-client-chain */
1348
1349 uint32_t auth_types;
1350
1351 auth_types = T0_POP();
1352 if (CTX->client_auth_vtable != NULL) {
1353 br_ssl_client_certificate ux;
1354
1355 (*CTX->client_auth_vtable)->choose(CTX->client_auth_vtable,
1356 CTX, auth_types, &ux);
1357 CTX->auth_type = (unsigned char)ux.auth_type;
1358 CTX->hash_id = (unsigned char)ux.hash_id;
1359 ENG->chain = ux.chain;
1360 ENG->chain_len = ux.chain_len;
1361 } else {
1362 CTX->hash_id = 0;
1363 ENG->chain_len = 0;
1364 }
1365
1366 }
1367 break;
1368 case 41: {
1369 /* get-key-type-usages */
1370
1371 const br_x509_class *xc;
1372 const br_x509_pkey *pk;
1373 unsigned usages;
1374
1375 xc = *(ENG->x509ctx);
1376 pk = xc->get_pkey(ENG->x509ctx, &usages);
1377 if (pk == NULL) {
1378 T0_PUSH(0);
1379 } else {
1380 T0_PUSH(pk->key_type | usages);
1381 }
1382
1383 }
1384 break;
1385 case 42: {
1386 /* get16 */
1387
1388 size_t addr = (size_t)T0_POP();
1389 T0_PUSH(*(uint16_t *)((unsigned char *)ENG + addr));
1390
1391 }
1392 break;
1393 case 43: {
1394 /* get32 */
1395
1396 size_t addr = (size_t)T0_POP();
1397 T0_PUSH(*(uint32_t *)((unsigned char *)ENG + addr));
1398
1399 }
1400 break;
1401 case 44: {
1402 /* get8 */
1403
1404 size_t addr = (size_t)T0_POP();
1405 T0_PUSH(*((unsigned char *)ENG + addr));
1406
1407 }
1408 break;
1409 case 45: {
1410 /* has-input? */
1411
1412 T0_PUSHi(-(ENG->hlen_in != 0));
1413
1414 }
1415 break;
1416 case 46: {
1417 /* memcmp */
1418
1419 size_t len = (size_t)T0_POP();
1420 void *addr2 = (unsigned char *)ENG + (size_t)T0_POP();
1421 void *addr1 = (unsigned char *)ENG + (size_t)T0_POP();
1422 int x = memcmp(addr1, addr2, len);
1423 T0_PUSH((uint32_t)-(x == 0));
1424
1425 }
1426 break;
1427 case 47: {
1428 /* memcpy */
1429
1430 size_t len = (size_t)T0_POP();
1431 void *src = (unsigned char *)ENG + (size_t)T0_POP();
1432 void *dst = (unsigned char *)ENG + (size_t)T0_POP();
1433 memcpy(dst, src, len);
1434
1435 }
1436 break;
1437 case 48: {
1438 /* mkrand */
1439
1440 size_t len = (size_t)T0_POP();
1441 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
1442 br_hmac_drbg_generate(&ENG->rng, addr, len);
1443
1444 }
1445 break;
1446 case 49: {
1447 /* more-incoming-bytes? */
1448
1449 T0_PUSHi(ENG->hlen_in != 0 || !br_ssl_engine_recvrec_finished(ENG));
1450
1451 }
1452 break;
1453 case 50: {
1454 /* multihash-init */
1455
1456 br_multihash_init(&ENG->mhash);
1457
1458 }
1459 break;
1460 case 51: {
1461 /* neg */
1462
1463 uint32_t a = T0_POP();
1464 T0_PUSH(-a);
1465
1466 }
1467 break;
1468 case 52: {
1469 /* not */
1470
1471 uint32_t a = T0_POP();
1472 T0_PUSH(~a);
1473
1474 }
1475 break;
1476 case 53: {
1477 /* or */
1478
1479 uint32_t b = T0_POP();
1480 uint32_t a = T0_POP();
1481 T0_PUSH(a | b);
1482
1483 }
1484 break;
1485 case 54: {
1486 /* over */
1487 T0_PUSH(T0_PEEK(1));
1488 }
1489 break;
1490 case 55: {
1491 /* read-chunk-native */
1492
1493 size_t clen = ENG->hlen_in;
1494 if (clen > 0) {
1495 uint32_t addr, len;
1496
1497 len = T0_POP();
1498 addr = T0_POP();
1499 if ((size_t)len < clen) {
1500 clen = (size_t)len;
1501 }
1502 memcpy((unsigned char *)ENG + addr, ENG->hbuf_in, clen);
1503 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1504 br_multihash_update(&ENG->mhash, ENG->hbuf_in, clen);
1505 }
1506 T0_PUSH(addr + (uint32_t)clen);
1507 T0_PUSH(len - (uint32_t)clen);
1508 ENG->hbuf_in += clen;
1509 ENG->hlen_in -= clen;
1510 }
1511
1512 }
1513 break;
1514 case 56: {
1515 /* read8-native */
1516
1517 if (ENG->hlen_in > 0) {
1518 unsigned char x;
1519
1520 x = *ENG->hbuf_in ++;
1521 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1522 br_multihash_update(&ENG->mhash, &x, 1);
1523 }
1524 T0_PUSH(x);
1525 ENG->hlen_in --;
1526 } else {
1527 T0_PUSHi(-1);
1528 }
1529
1530 }
1531 break;
1532 case 57: {
1533 /* set-server-curve */
1534
1535 const br_x509_class *xc;
1536 const br_x509_pkey *pk;
1537
1538 xc = *(ENG->x509ctx);
1539 pk = xc->get_pkey(ENG->x509ctx, NULL);
1540 CTX->server_curve =
1541 (pk->key_type == BR_KEYTYPE_EC) ? pk->key.ec.curve : 0;
1542
1543 }
1544 break;
1545 case 58: {
1546 /* set16 */
1547
1548 size_t addr = (size_t)T0_POP();
1549 *(uint16_t *)((unsigned char *)ENG + addr) = (uint16_t)T0_POP();
1550
1551 }
1552 break;
1553 case 59: {
1554 /* set8 */
1555
1556 size_t addr = (size_t)T0_POP();
1557 *((unsigned char *)ENG + addr) = (unsigned char)T0_POP();
1558
1559 }
1560 break;
1561 case 60: {
1562 /* strlen */
1563
1564 void *str = (unsigned char *)ENG + (size_t)T0_POP();
1565 T0_PUSH((uint32_t)strlen(str));
1566
1567 }
1568 break;
1569 case 61: {
1570 /* supported-curves */
1571
1572 uint32_t x = ENG->iec == NULL ? 0 : ENG->iec->supported_curves;
1573 T0_PUSH(x);
1574
1575 }
1576 break;
1577 case 62: {
1578 /* supported-hash-functions */
1579
1580 int i;
1581 unsigned x, num;
1582
1583 x = 0;
1584 num = 0;
1585 for (i = br_sha1_ID; i <= br_sha512_ID; i ++) {
1586 if (br_multihash_getimpl(&ENG->mhash, i)) {
1587 x |= 1U << i;
1588 num ++;
1589 }
1590 }
1591 T0_PUSH(x);
1592 T0_PUSH(num);
1593
1594 }
1595 break;
1596 case 63: {
1597 /* supports-ecdsa? */
1598
1599 T0_PUSHi(-(ENG->iecdsa != 0));
1600
1601 }
1602 break;
1603 case 64: {
1604 /* supports-rsa-sign? */
1605
1606 T0_PUSHi(-(ENG->irsavrfy != 0));
1607
1608 }
1609 break;
1610 case 65: {
1611 /* swap */
1612 T0_SWAP();
1613 }
1614 break;
1615 case 66: {
1616 /* switch-aesgcm-in */
1617
1618 int is_client, prf_id;
1619 unsigned cipher_key_len;
1620
1621 cipher_key_len = T0_POP();
1622 prf_id = T0_POP();
1623 is_client = T0_POP();
1624 br_ssl_engine_switch_gcm_in(ENG, is_client, prf_id,
1625 ENG->iaes_ctr, cipher_key_len);
1626
1627 }
1628 break;
1629 case 67: {
1630 /* switch-aesgcm-out */
1631
1632 int is_client, prf_id;
1633 unsigned cipher_key_len;
1634
1635 cipher_key_len = T0_POP();
1636 prf_id = T0_POP();
1637 is_client = T0_POP();
1638 br_ssl_engine_switch_gcm_out(ENG, is_client, prf_id,
1639 ENG->iaes_ctr, cipher_key_len);
1640
1641 }
1642 break;
1643 case 68: {
1644 /* switch-cbc-in */
1645
1646 int is_client, prf_id, mac_id, aes;
1647 unsigned cipher_key_len;
1648
1649 cipher_key_len = T0_POP();
1650 aes = T0_POP();
1651 mac_id = T0_POP();
1652 prf_id = T0_POP();
1653 is_client = T0_POP();
1654 br_ssl_engine_switch_cbc_in(ENG, is_client, prf_id, mac_id,
1655 aes ? ENG->iaes_cbcdec : ENG->ides_cbcdec, cipher_key_len);
1656
1657 }
1658 break;
1659 case 69: {
1660 /* switch-cbc-out */
1661
1662 int is_client, prf_id, mac_id, aes;
1663 unsigned cipher_key_len;
1664
1665 cipher_key_len = T0_POP();
1666 aes = T0_POP();
1667 mac_id = T0_POP();
1668 prf_id = T0_POP();
1669 is_client = T0_POP();
1670 br_ssl_engine_switch_cbc_out(ENG, is_client, prf_id, mac_id,
1671 aes ? ENG->iaes_cbcenc : ENG->ides_cbcenc, cipher_key_len);
1672
1673 }
1674 break;
1675 case 70: {
1676 /* total-chain-length */
1677
1678 size_t u;
1679 uint32_t total;
1680
1681 total = 0;
1682 for (u = 0; u < ENG->chain_len; u ++) {
1683 total += 3 + (uint32_t)ENG->chain[u].data_len;
1684 }
1685 T0_PUSH(total);
1686
1687 }
1688 break;
1689 case 71: {
1690 /* u>> */
1691
1692 int c = (int)T0_POPi();
1693 uint32_t x = T0_POP();
1694 T0_PUSH(x >> c);
1695
1696 }
1697 break;
1698 case 72: {
1699 /* verify-SKE-sig */
1700
1701 size_t sig_len = T0_POP();
1702 int use_rsa = T0_POPi();
1703 int hash = T0_POPi();
1704
1705 T0_PUSH(verify_SKE_sig(CTX, hash, use_rsa, sig_len));
1706
1707 }
1708 break;
1709 case 73: {
1710 /* write-blob-chunk */
1711
1712 size_t clen = ENG->hlen_out;
1713 if (clen > 0) {
1714 uint32_t addr, len;
1715
1716 len = T0_POP();
1717 addr = T0_POP();
1718 if ((size_t)len < clen) {
1719 clen = (size_t)len;
1720 }
1721 memcpy(ENG->hbuf_out, (unsigned char *)ENG + addr, clen);
1722 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1723 br_multihash_update(&ENG->mhash, ENG->hbuf_out, clen);
1724 }
1725 T0_PUSH(addr + (uint32_t)clen);
1726 T0_PUSH(len - (uint32_t)clen);
1727 ENG->hbuf_out += clen;
1728 ENG->hlen_out -= clen;
1729 }
1730
1731 }
1732 break;
1733 case 74: {
1734 /* write8-native */
1735
1736 unsigned char x;
1737
1738 x = (unsigned char)T0_POP();
1739 if (ENG->hlen_out > 0) {
1740 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1741 br_multihash_update(&ENG->mhash, &x, 1);
1742 }
1743 *ENG->hbuf_out ++ = x;
1744 ENG->hlen_out --;
1745 T0_PUSHi(-1);
1746 } else {
1747 T0_PUSHi(0);
1748 }
1749
1750 }
1751 break;
1752 case 75: {
1753 /* x509-append */
1754
1755 const br_x509_class *xc;
1756 size_t len;
1757
1758 xc = *(ENG->x509ctx);
1759 len = T0_POP();
1760 xc->append(ENG->x509ctx, ENG->pad, len);
1761
1762 }
1763 break;
1764 case 76: {
1765 /* x509-end-cert */
1766
1767 const br_x509_class *xc;
1768
1769 xc = *(ENG->x509ctx);
1770 xc->end_cert(ENG->x509ctx);
1771
1772 }
1773 break;
1774 case 77: {
1775 /* x509-end-chain */
1776
1777 const br_x509_class *xc;
1778
1779 xc = *(ENG->x509ctx);
1780 T0_PUSH(xc->end_chain(ENG->x509ctx));
1781
1782 }
1783 break;
1784 case 78: {
1785 /* x509-start-cert */
1786
1787 const br_x509_class *xc;
1788
1789 xc = *(ENG->x509ctx);
1790 xc->start_cert(ENG->x509ctx, T0_POP());
1791
1792 }
1793 break;
1794 case 79: {
1795 /* x509-start-chain */
1796
1797 const br_x509_class *xc;
1798 uint32_t bc;
1799
1800 bc = T0_POP();
1801 xc = *(ENG->x509ctx);
1802 xc->start_chain(ENG->x509ctx, bc ? ENG->server_name : NULL);
1803
1804 }
1805 break;
1806 }
1807
1808 } else {
1809 T0_ENTER(ip, rp, t0x);
1810 }
1811 }
1812 t0_exit:
1813 ((t0_context *)t0ctx)->dp = dp;
1814 ((t0_context *)t0ctx)->rp = rp;
1815 ((t0_context *)t0ctx)->ip = ip;
1816 }
The BearSSL library and tools.