projects / BearSSL / blob
? search:


14dcf33bf0b330f78f8442cba0031e2c0606da4e
[BearSSL] / src / ssl / ssl_hs_server.c
1 /* Automatically generated code; do not modify directly. */
2
3 #include <stddef.h>
4 #include <stdint.h>
5
6 typedef struct {
7 uint32_t *dp;
8 uint32_t *rp;
9 const unsigned char *ip;
10 } t0_context;
11
12 static uint32_t
13 t0_parse7E_unsigned(const unsigned char **p)
14 {
15 uint32_t x;
16
17 x = 0;
18 for (;;) {
19 unsigned y;
20
21 y = *(*p) ++;
22 x = (x << 7) | (uint32_t)(y & 0x7F);
23 if (y < 0x80) {
24 return x;
25 }
26 }
27 }
28
29 static int32_t
30 t0_parse7E_signed(const unsigned char **p)
31 {
32 int neg;
33 uint32_t x;
34
35 neg = ((**p) >> 6) & 1;
36 x = (uint32_t)-neg;
37 for (;;) {
38 unsigned y;
39
40 y = *(*p) ++;
41 x = (x << 7) | (uint32_t)(y & 0x7F);
42 if (y < 0x80) {
43 if (neg) {
44 return -(int32_t)~x - 1;
45 } else {
46 return (int32_t)x;
47 }
48 }
49 }
50 }
51
52 #define T0_VBYTE(x, n) (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) | 0x80)
53 #define T0_FBYTE(x, n) (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)
54 #define T0_SBYTE(x) (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)
55 #define T0_INT1(x) T0_FBYTE(x, 0)
56 #define T0_INT2(x) T0_VBYTE(x, 7), T0_FBYTE(x, 0)
57 #define T0_INT3(x) T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
58 #define T0_INT4(x) T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
59 #define T0_INT5(x) T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
60
61 static const uint8_t t0_datablock[];
62
63
64 void br_ssl_hs_server_init_main(void *t0ctx);
65
66 void br_ssl_hs_server_run(void *t0ctx);
67
68
69
70 #include <stddef.h>
71 #include <string.h>
72
73 #include "inner.h"
74
75 /*
76 * This macro evaluates to a pointer to the current engine context.
77 */
78 #define ENG ((br_ssl_engine_context *)((unsigned char *)t0ctx - offsetof(br_ssl_engine_context, cpu)))
79
80
81
82
83
84 /*
85 * This macro evaluates to a pointer to the server context, under that
86 * specific name. It must be noted that since the engine context is the
87 * first field of the br_ssl_server_context structure ('eng'), then
88 * pointers values of both types are interchangeable, modulo an
89 * appropriate cast. This also means that "adresses" computed as offsets
90 * within the structure work for both kinds of context.
91 */
92 #define CTX ((br_ssl_server_context *)ENG)
93
94 /*
95 * Decrypt the pre-master secret (RSA key exchange).
96 */
97 static void
98 do_rsa_decrypt(br_ssl_server_context *ctx, int prf_id,
99 unsigned char *epms, size_t len)
100 {
101 uint32_t x;
102 unsigned char rpms[48];
103
104 /*
105 * Decrypt the PMS.
106 */
107 x = (*ctx->policy_vtable)->do_keyx(ctx->policy_vtable, epms, len);
108
109 /*
110 * Set the first two bytes to the maximum supported client
111 * protocol version. These bytes are used for version rollback
112 * detection; forceing the two bytes will make the master secret
113 * wrong if the bytes are not correct. This process is
114 * recommended by RFC 5246 (section 7.4.7.1).
115 */
116 br_enc16be(epms, ctx->client_max_version);
117
118 /*
119 * Make a random PMS and copy it above the decrypted value if the
120 * decryption failed. Note that we use a constant-time conditional
121 * copy.
122 */
123 br_hmac_drbg_generate(&ctx->eng.rng, rpms, sizeof rpms);
124 br_ccopy(x ^ 1, epms, rpms, sizeof rpms);
125
126 /*
127 * Compute master secret.
128 */
129 br_ssl_engine_compute_master(&ctx->eng, prf_id, epms, 48);
130
131 /*
132 * Clear the pre-master secret from RAM: it is normally a buffer
133 * in the context, hence potentially long-lived.
134 */
135 memset(epms, 0, len);
136 }
137
138 /*
139 * Common part for ECDH and ECDHE.
140 */
141 static void
142 ecdh_common(br_ssl_server_context *ctx, int prf_id,
143 unsigned char *cpoint, size_t cpoint_len, uint32_t ctl)
144 {
145 unsigned char rpms[80];
146 size_t pms_len;
147
148 /*
149 * The point length is supposed to be 1+2*Xlen, where Xlen is
150 * the length (in bytes) of the X coordinate, i.e. the pre-master
151 * secret. If the provided point is too large, then it is
152 * obviously incorrect (i.e. everybody can see that it is
153 * incorrect), so leaking that fact is not a problem.
154 */
155 pms_len = cpoint_len >> 1;
156 if (pms_len > sizeof rpms) {
157 pms_len = sizeof rpms;
158 ctl = 0;
159 }
160
161 /*
162 * Make a random PMS and copy it above the decrypted value if the
163 * decryption failed. Note that we use a constant-time conditional
164 * copy.
165 */
166 br_hmac_drbg_generate(&ctx->eng.rng, rpms, pms_len);
167 br_ccopy(ctl ^ 1, cpoint + 1, rpms, pms_len);
168
169 /*
170 * Compute master secret.
171 */
172 br_ssl_engine_compute_master(&ctx->eng, prf_id, cpoint + 1, pms_len);
173
174 /*
175 * Clear the pre-master secret from RAM: it is normally a buffer
176 * in the context, hence potentially long-lived.
177 */
178 memset(cpoint, 0, cpoint_len);
179 }
180
181 /*
182 * Do the ECDH key exchange (not ECDHE).
183 */
184 static void
185 do_ecdh(br_ssl_server_context *ctx, int prf_id,
186 unsigned char *cpoint, size_t cpoint_len)
187 {
188 uint32_t x;
189
190 /*
191 * Finalise the key exchange.
192 */
193 x = (*ctx->policy_vtable)->do_keyx(ctx->policy_vtable,
194 cpoint, cpoint_len);
195 ecdh_common(ctx, prf_id, cpoint, cpoint_len, x);
196 }
197
198 /*
199 * Do the full static ECDH key exchange. When this function is called,
200 * it has already been verified that the cipher suite uses ECDH (not ECDHE),
201 * and the client's public key (from its certificate) has type EC and is
202 * apt for key exchange.
203 */
204 static void
205 do_static_ecdh(br_ssl_server_context *ctx, int prf_id)
206 {
207 unsigned char cpoint[133];
208 size_t cpoint_len;
209 const br_x509_class **xc;
210 const br_x509_pkey *pk;
211
212 xc = ctx->eng.x509ctx;
213 pk = (*xc)->get_pkey(xc, NULL);
214 cpoint_len = pk->key.ec.qlen;
215 if (cpoint_len > sizeof cpoint) {
216 /*
217 * If the point is larger than our buffer then we need to
218 * restrict it. Length 2 is not a valid point length, so
219 * the ECDH will fail.
220 */
221 cpoint_len = 2;
222 }
223 memcpy(cpoint, pk->key.ec.q, cpoint_len);
224 do_ecdh(ctx, prf_id, cpoint, cpoint_len);
225 }
226
227 /*
228 * Do the ECDHE key exchange (part 1: generation of transient key, and
229 * computing of the point to send to the client). Returned value is the
230 * signature length (in bytes), or -x on error (with x being an error
231 * code). The encoded point is written in the ecdhe_point[] context buffer
232 * (length in ecdhe_point_len).
233 */
234 static int
235 do_ecdhe_part1(br_ssl_server_context *ctx, int curve)
236 {
237 int hash;
238 unsigned mask;
239 const unsigned char *order, *generator;
240 size_t olen, glen;
241 br_multihash_context mhc;
242 unsigned char head[4];
243 size_t hv_len, sig_len;
244
245 if (!((ctx->eng.iec->supported_curves >> curve) & 1)) {
246 return -BR_ERR_INVALID_ALGORITHM;
247 }
248 ctx->eng.ecdhe_curve = curve;
249
250 /*
251 * Generate our private key. We need a non-zero random value
252 * which is lower than the curve order, in a "large enough"
253 * range. We force the top bit to 0 and bottom bit to 1, which
254 * does the trick. Note that contrary to what happens in ECDSA,
255 * this is not a problem if we do not cover the full range of
256 * possible values.
257 */
258 order = ctx->eng.iec->order(curve, &olen);
259 mask = 0xFF;
260 while (mask >= order[0]) {
261 mask >>= 1;
262 }
263 br_hmac_drbg_generate(&ctx->eng.rng, ctx->ecdhe_key, olen);
264 ctx->ecdhe_key[0] &= mask;
265 ctx->ecdhe_key[olen - 1] |= 0x01;
266 ctx->ecdhe_key_len = olen;
267
268 /*
269 * Compute our ECDH point.
270 */
271 generator = ctx->eng.iec->generator(curve, &glen);
272 memcpy(ctx->eng.ecdhe_point, generator, glen);
273 ctx->eng.ecdhe_point_len = glen;
274 if (!ctx->eng.iec->mul(ctx->eng.ecdhe_point, glen,
275 ctx->ecdhe_key, olen, curve))
276 {
277 return -BR_ERR_INVALID_ALGORITHM;
278 }
279
280 /*
281 * Compute the signature.
282 */
283 br_multihash_zero(&mhc);
284 br_multihash_copyimpl(&mhc, &ctx->eng.mhash);
285 br_multihash_init(&mhc);
286 br_multihash_update(&mhc,
287 ctx->eng.client_random, sizeof ctx->eng.client_random);
288 br_multihash_update(&mhc,
289 ctx->eng.server_random, sizeof ctx->eng.server_random);
290 head[0] = 3;
291 head[1] = 0;
292 head[2] = curve;
293 head[3] = ctx->eng.ecdhe_point_len;
294 br_multihash_update(&mhc, head, sizeof head);
295 br_multihash_update(&mhc,
296 ctx->eng.ecdhe_point, ctx->eng.ecdhe_point_len);
297 hash = ctx->sign_hash_id;
298 if (hash) {
299 hv_len = br_multihash_out(&mhc, hash, ctx->eng.pad);
300 if (hv_len == 0) {
301 return -BR_ERR_INVALID_ALGORITHM;
302 }
303 } else {
304 if (!br_multihash_out(&mhc, br_md5_ID, ctx->eng.pad)
305 || !br_multihash_out(&mhc,
306 br_sha1_ID, ctx->eng.pad + 16))
307 {
308 return -BR_ERR_INVALID_ALGORITHM;
309 }
310 hv_len = 36;
311 }
312 sig_len = (*ctx->policy_vtable)->do_sign(ctx->policy_vtable,
313 hash, hv_len, ctx->eng.pad, sizeof ctx->eng.pad);
314 return sig_len ? (int)sig_len : -BR_ERR_INVALID_ALGORITHM;
315 }
316
317 /*
318 * Do the ECDHE key exchange (part 2: computation of the shared secret
319 * from the point sent by the client).
320 */
321 static void
322 do_ecdhe_part2(br_ssl_server_context *ctx, int prf_id,
323 unsigned char *cpoint, size_t cpoint_len)
324 {
325 int curve;
326 uint32_t x;
327
328 curve = ctx->eng.ecdhe_curve;
329
330 /*
331 * Finalise the key exchange.
332 */
333 x = ctx->eng.iec->mul(cpoint, cpoint_len,
334 ctx->ecdhe_key, ctx->ecdhe_key_len, curve);
335 ecdh_common(ctx, prf_id, cpoint, cpoint_len, x);
336
337 /*
338 * Clear the ECDHE private key. Forward Secrecy is achieved insofar
339 * as that key does not get stolen, so we'd better destroy it
340 * as soon as it ceases to be useful.
341 */
342 memset(ctx->ecdhe_key, 0, ctx->ecdhe_key_len);
343 }
344
345 /*
346 * Offset for hash value within the pad (when obtaining all hash values,
347 * in preparation for verification of the CertificateVerify message).
348 * Order is MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512; last value
349 * is used to get the total length.
350 */
351 static const unsigned char HASH_PAD_OFF[] = { 0, 16, 36, 64, 96, 144, 208 };
352
353 /*
354 * OID for hash functions in RSA signatures.
355 */
356 static const unsigned char HASH_OID_SHA1[] = {
357 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A
358 };
359
360 static const unsigned char HASH_OID_SHA224[] = {
361 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04
362 };
363
364 static const unsigned char HASH_OID_SHA256[] = {
365 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01
366 };
367
368 static const unsigned char HASH_OID_SHA384[] = {
369 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02
370 };
371
372 static const unsigned char HASH_OID_SHA512[] = {
373 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03
374 };
375
376 static const unsigned char *HASH_OID[] = {
377 HASH_OID_SHA1,
378 HASH_OID_SHA224,
379 HASH_OID_SHA256,
380 HASH_OID_SHA384,
381 HASH_OID_SHA512
382 };
383
384 /*
385 * Verify the signature in CertificateVerify. Returned value is 0 on
386 * success, or a non-zero error code. Lack of implementation of the
387 * designated signature algorithm is reported as a "bad signature"
388 * error (because it means that the peer did not honour our advertised
389 * set of supported signature algorithms).
390 */
391 static int
392 verify_CV_sig(br_ssl_server_context *ctx, size_t sig_len)
393 {
394 const br_x509_class **xc;
395 const br_x509_pkey *pk;
396 int id;
397
398 id = ctx->hash_CV_id;
399 xc = ctx->eng.x509ctx;
400 pk = (*xc)->get_pkey(xc, NULL);
401 if (pk->key_type == BR_KEYTYPE_RSA) {
402 unsigned char tmp[64];
403 const unsigned char *hash_oid;
404
405 if (id == 0) {
406 hash_oid = NULL;
407 } else {
408 hash_oid = HASH_OID[id - 2];
409 }
410 if (ctx->eng.irsavrfy == 0) {
411 return BR_ERR_BAD_SIGNATURE;
412 }
413 if (!ctx->eng.irsavrfy(ctx->eng.pad, sig_len,
414 hash_oid, ctx->hash_CV_len, &pk->key.rsa, tmp)
415 || memcmp(tmp, ctx->hash_CV, ctx->hash_CV_len) != 0)
416 {
417 return BR_ERR_BAD_SIGNATURE;
418 }
419 } else {
420 if (ctx->eng.iecdsa == 0) {
421 return BR_ERR_BAD_SIGNATURE;
422 }
423 if (!ctx->eng.iecdsa(ctx->eng.iec,
424 ctx->hash_CV, ctx->hash_CV_len,
425 &pk->key.ec, ctx->eng.pad, sig_len))
426 {
427 return BR_ERR_BAD_SIGNATURE;
428 }
429 }
430 return 0;
431 }
432
433
434
435 static const uint8_t t0_datablock[] = {
436 0x00, 0x00, 0x0A, 0x00, 0x24, 0x00, 0x2F, 0x01, 0x24, 0x00, 0x35, 0x02,
437 0x24, 0x00, 0x3C, 0x01, 0x44, 0x00, 0x3D, 0x02, 0x44, 0x00, 0x9C, 0x03,
438 0x04, 0x00, 0x9D, 0x04, 0x05, 0xC0, 0x03, 0x40, 0x24, 0xC0, 0x04, 0x41,
439 0x24, 0xC0, 0x05, 0x42, 0x24, 0xC0, 0x08, 0x20, 0x24, 0xC0, 0x09, 0x21,
440 0x24, 0xC0, 0x0A, 0x22, 0x24, 0xC0, 0x0D, 0x30, 0x24, 0xC0, 0x0E, 0x31,
441 0x24, 0xC0, 0x0F, 0x32, 0x24, 0xC0, 0x12, 0x10, 0x24, 0xC0, 0x13, 0x11,
442 0x24, 0xC0, 0x14, 0x12, 0x24, 0xC0, 0x23, 0x21, 0x44, 0xC0, 0x24, 0x22,
443 0x55, 0xC0, 0x25, 0x41, 0x44, 0xC0, 0x26, 0x42, 0x55, 0xC0, 0x27, 0x11,
444 0x44, 0xC0, 0x28, 0x12, 0x55, 0xC0, 0x29, 0x31, 0x44, 0xC0, 0x2A, 0x32,
445 0x55, 0xC0, 0x2B, 0x23, 0x04, 0xC0, 0x2C, 0x24, 0x05, 0xC0, 0x2D, 0x43,
446 0x04, 0xC0, 0x2E, 0x44, 0x05, 0xC0, 0x2F, 0x13, 0x04, 0xC0, 0x30, 0x14,
447 0x05, 0xC0, 0x31, 0x33, 0x04, 0xC0, 0x32, 0x34, 0x05, 0xCC, 0xA8, 0x15,
448 0x04, 0xCC, 0xA9, 0x25, 0x04, 0x00, 0x00
449 };
450
451 static const uint8_t t0_codeblock[] = {
452 0x00, 0x01, 0x00, 0x0B, 0x00, 0x00, 0x01, 0x00, 0x0E, 0x00, 0x00, 0x01,
453 0x00, 0x0F, 0x00, 0x00, 0x01, 0x00, 0x10, 0x00, 0x00, 0x01, 0x01, 0x08,
454 0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x02, 0x08, 0x00, 0x00,
455 0x28, 0x28, 0x00, 0x00, 0x01, T0_INT1(BR_ERR_BAD_CCS), 0x00, 0x00,
456 0x01, T0_INT1(BR_ERR_BAD_FINISHED), 0x00, 0x00, 0x01,
457 T0_INT1(BR_ERR_BAD_FRAGLEN), 0x00, 0x00, 0x01,
458 T0_INT1(BR_ERR_BAD_HANDSHAKE), 0x00, 0x00, 0x01,
459 T0_INT1(BR_ERR_BAD_PARAM), 0x00, 0x00, 0x01,
460 T0_INT1(BR_ERR_BAD_SECRENEG), 0x00, 0x00, 0x01,
461 T0_INT1(BR_ERR_BAD_SIGNATURE), 0x00, 0x00, 0x01,
462 T0_INT1(BR_ERR_BAD_VERSION), 0x00, 0x00, 0x01,
463 T0_INT1(BR_ERR_INVALID_ALGORITHM), 0x00, 0x00, 0x01,
464 T0_INT1(BR_ERR_LIMIT_EXCEEDED), 0x00, 0x00, 0x01,
465 T0_INT1(BR_ERR_NO_CLIENT_AUTH), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OK),
466 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OVERSIZED_ID), 0x00, 0x00, 0x01,
467 T0_INT1(BR_ERR_UNEXPECTED), 0x00, 0x00, 0x01,
468 T0_INT1(BR_ERR_WRONG_KEY_USAGE), 0x00, 0x00, 0x01,
469 T0_INT2(offsetof(br_ssl_engine_context, action)), 0x00, 0x00, 0x01,
470 T0_INT2(offsetof(br_ssl_engine_context, alert)), 0x00, 0x00, 0x01,
471 T0_INT2(offsetof(br_ssl_engine_context, application_data)), 0x00, 0x00,
472 0x01,
473 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, cipher_suite)),
474 0x00, 0x00, 0x01,
475 T0_INT2(offsetof(br_ssl_server_context, client_max_version)), 0x00,
476 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, client_random)),
477 0x00, 0x00, 0x01,
478 T0_INT2(offsetof(br_ssl_server_context, client_suites)), 0x00, 0x00,
479 0x01, T0_INT2(offsetof(br_ssl_server_context, client_suites_num)),
480 0x00, 0x00, 0x01,
481 T0_INT2(offsetof(br_ssl_engine_context, close_received)), 0x00, 0x00,
482 0x01, T0_INT2(offsetof(br_ssl_server_context, curves)), 0x00, 0x00,
483 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point)), 0x00,
484 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point_len)),
485 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, flags)),
486 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_server_context, hashes)),
487 0x00, 0x00, 0x73, 0x01,
488 T0_INT2(BR_MAX_CIPHER_SUITES * sizeof(br_suite_translated)), 0x00,
489 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, log_max_frag_len)),
490 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, pad)), 0x00,
491 0x00, 0x01,
492 T0_INT2(offsetof(br_ssl_engine_context, peer_log_max_frag_len)), 0x00,
493 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, record_type_in)),
494 0x00, 0x00, 0x01,
495 T0_INT2(offsetof(br_ssl_engine_context, record_type_out)), 0x00, 0x00,
496 0x01, T0_INT2(offsetof(br_ssl_engine_context, reneg)), 0x00, 0x00,
497 0x01, T0_INT2(offsetof(br_ssl_engine_context, saved_finished)), 0x00,
498 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, server_name)),
499 0x00, 0x00, 0x01,
500 T0_INT2(offsetof(br_ssl_engine_context, server_random)), 0x00, 0x00,
501 0x01,
502 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id)),
503 0x00, 0x00, 0x01,
504 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id_len)),
505 0x00, 0x00, 0x01,
506 T0_INT2(offsetof(br_ssl_engine_context, shutdown_recv)), 0x00, 0x00,
507 0x01, T0_INT2(offsetof(br_ssl_server_context, sign_hash_id)), 0x00,
508 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_buf)), 0x00,
509 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_num)), 0x00,
510 0x00, 0x01,
511 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, version)),
512 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_in)),
513 0x00, 0x00, 0x01,
514 T0_INT2(offsetof(br_ssl_engine_context, version_max)), 0x00, 0x00,
515 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_min)), 0x00,
516 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_out)),
517 0x00, 0x00, 0x09, 0x29, 0x56, 0x06, 0x02, 0x62, 0x2A, 0x00, 0x00, 0x01,
518 0x01, 0x00, 0x01, 0x03, 0x00, 0x81, 0x11, 0x29, 0x5C, 0x46, 0x81, 0x15,
519 0x29, 0x05, 0x04, 0x5D, 0x01, 0x00, 0x00, 0x02, 0x00, 0x0F, 0x06, 0x03,
520 0x81, 0x15, 0x00, 0x5C, 0x04, 0x69, 0x00, 0x06, 0x02, 0x62, 0x2A, 0x00,
521 0x00, 0x29, 0x81, 0x02, 0x46, 0x05, 0x03, 0x01, 0x0C, 0x08, 0x46, 0x70,
522 0x2D, 0x81, 0x1D, 0x1C, 0x7D, 0x01, 0x0C, 0x32, 0x00, 0x00, 0x29, 0x21,
523 0x01, 0x08, 0x0C, 0x46, 0x5A, 0x21, 0x08, 0x00, 0x01, 0x03, 0x00, 0x01,
524 0x00, 0x6F, 0x41, 0x2B, 0x19, 0x37, 0x06, 0x08, 0x02, 0x00, 0x81, 0x43,
525 0x03, 0x00, 0x04, 0x74, 0x01, 0x00, 0x81, 0x3B, 0x02, 0x00, 0x29, 0x19,
526 0x13, 0x06, 0x02, 0x69, 0x2A, 0x81, 0x43, 0x04, 0x75, 0x00, 0x01, 0x00,
527 0x6F, 0x41, 0x01, 0x16, 0x81, 0x00, 0x41, 0x35, 0x81, 0x25, 0x34, 0x06,
528 0x02, 0x6B, 0x2A, 0x06, 0x0D, 0x81, 0x4A, 0x01, 0x00, 0x81, 0x46, 0x01,
529 0x00, 0x81, 0x21, 0x04, 0x80, 0x59, 0x81, 0x4A, 0x81, 0x47, 0x28, 0x81,
530 0x4C, 0x4B, 0x06, 0x02, 0x81, 0x48, 0x81, 0x4B, 0x2B, 0x4B, 0x06, 0x3C,
531 0x01, 0x00, 0x81, 0x22, 0x29, 0x56, 0x06, 0x13, 0x01, 0x02, 0x81, 0x1A,
532 0x05, 0x02, 0x36, 0x2A, 0x28, 0x81, 0x26, 0x81, 0x24, 0x29, 0x81, 0x3C,
533 0x28, 0x04, 0x1F, 0x29, 0x58, 0x06, 0x0D, 0x28, 0x01, 0x02, 0x81, 0x1A,
534 0x05, 0x02, 0x68, 0x2A, 0x81, 0x26, 0x04, 0x0E, 0x81, 0x28, 0x29, 0x05,
535 0x05, 0x28, 0x81, 0x20, 0x04, 0x04, 0x81, 0x27, 0x81, 0x23, 0x04, 0x02,
536 0x81, 0x26, 0x01, 0x00, 0x81, 0x21, 0x01, 0x00, 0x81, 0x46, 0x3D, 0x01,
537 0x01, 0x6F, 0x41, 0x01, 0x17, 0x81, 0x00, 0x41, 0x00, 0x00, 0x39, 0x39,
538 0x00, 0x01, 0x03, 0x00, 0x2B, 0x19, 0x37, 0x06, 0x05, 0x81, 0x42, 0x28,
539 0x04, 0x77, 0x01, 0x02, 0x02, 0x00, 0x81, 0x3A, 0x19, 0x37, 0x06, 0x05,
540 0x81, 0x42, 0x28, 0x04, 0x77, 0x02, 0x00, 0x01, 0x84, 0x00, 0x08, 0x2A,
541 0x00, 0x00, 0x79, 0x2E, 0x46, 0x12, 0x01, 0x01, 0x13, 0x36, 0x00, 0x00,
542 0x01, 0x7F, 0x81, 0x17, 0x81, 0x42, 0x29, 0x01, 0x07, 0x13, 0x01, 0x00,
543 0x39, 0x0F, 0x06, 0x0A, 0x28, 0x01, 0x10, 0x13, 0x06, 0x02, 0x81, 0x39,
544 0x04, 0x2F, 0x01, 0x01, 0x39, 0x0F, 0x06, 0x26, 0x28, 0x28, 0x81, 0x01,
545 0x2F, 0x01, 0x01, 0x0F, 0x01, 0x01, 0x81, 0x1A, 0x38, 0x06, 0x11, 0x2B,
546 0x19, 0x37, 0x06, 0x05, 0x81, 0x42, 0x28, 0x04, 0x77, 0x01, 0x80, 0x64,
547 0x81, 0x3B, 0x04, 0x04, 0x01, 0x00, 0x81, 0x17, 0x04, 0x03, 0x6B, 0x2A,
548 0x28, 0x04, 0xFF, 0x38, 0x01, 0x29, 0x03, 0x00, 0x09, 0x29, 0x56, 0x06,
549 0x02, 0x62, 0x2A, 0x02, 0x00, 0x00, 0x00, 0x81, 0x12, 0x01, 0x0F, 0x13,
550 0x00, 0x00, 0x6E, 0x2F, 0x01, 0x00, 0x39, 0x0F, 0x06, 0x10, 0x28, 0x29,
551 0x01, 0x01, 0x0E, 0x06, 0x03, 0x28, 0x01, 0x02, 0x6E, 0x41, 0x01, 0x00,
552 0x04, 0x22, 0x01, 0x01, 0x39, 0x0F, 0x06, 0x15, 0x28, 0x01, 0x00, 0x6E,
553 0x41, 0x29, 0x01, 0x80, 0x64, 0x0F, 0x06, 0x05, 0x01, 0x82, 0x00, 0x08,
554 0x2A, 0x58, 0x00, 0x04, 0x07, 0x28, 0x01, 0x82, 0x00, 0x08, 0x2A, 0x28,
555 0x00, 0x00, 0x01, 0x00, 0x30, 0x06, 0x06, 0x3C, 0x81, 0x1E, 0x38, 0x04,
556 0x77, 0x29, 0x06, 0x05, 0x01, 0x01, 0x81, 0x07, 0x41, 0x00, 0x00, 0x01,
557 0x1F, 0x13, 0x01, 0x12, 0x0F, 0x05, 0x02, 0x6C, 0x2A, 0x70, 0x2D, 0x29,
558 0x81, 0x3E, 0x05, 0x02, 0x6B, 0x2A, 0x81, 0x1D, 0x27, 0x00, 0x00, 0x30,
559 0x06, 0x0B, 0x7F, 0x2F, 0x01, 0x14, 0x0E, 0x06, 0x02, 0x6B, 0x2A, 0x04,
560 0x12, 0x81, 0x42, 0x01, 0x07, 0x13, 0x29, 0x01, 0x02, 0x0E, 0x06, 0x06,
561 0x06, 0x02, 0x6B, 0x2A, 0x04, 0x6F, 0x28, 0x81, 0x37, 0x01, 0x01, 0x0E,
562 0x34, 0x38, 0x06, 0x02, 0x5E, 0x2A, 0x29, 0x01, 0x01, 0x81, 0x3D, 0x37,
563 0x81, 0x29, 0x00, 0x01, 0x81, 0x2E, 0x01, 0x0B, 0x0F, 0x05, 0x02, 0x6B,
564 0x2A, 0x29, 0x01, 0x03, 0x0F, 0x06, 0x09, 0x81, 0x35, 0x06, 0x02, 0x62,
565 0x2A, 0x46, 0x28, 0x00, 0x46, 0x55, 0x81, 0x35, 0x81, 0x1C, 0x29, 0x06,
566 0x27, 0x81, 0x35, 0x81, 0x1C, 0x29, 0x54, 0x29, 0x06, 0x19, 0x29, 0x01,
567 0x82, 0x00, 0x10, 0x06, 0x05, 0x01, 0x82, 0x00, 0x04, 0x01, 0x29, 0x03,
568 0x00, 0x7D, 0x02, 0x00, 0x81, 0x2A, 0x02, 0x00, 0x51, 0x04, 0x64, 0x81,
569 0x13, 0x52, 0x04, 0x56, 0x81, 0x13, 0x81, 0x13, 0x53, 0x29, 0x06, 0x02,
570 0x36, 0x00, 0x28, 0x2C, 0x00, 0x02, 0x29, 0x01, 0x20, 0x13, 0x05, 0x02,
571 0x6C, 0x2A, 0x01, 0x0F, 0x13, 0x03, 0x00, 0x81, 0x24, 0x81, 0x0B, 0x2D,
572 0x01, 0x86, 0x03, 0x11, 0x06, 0x24, 0x81, 0x34, 0x29, 0x01, 0x81, 0x7F,
573 0x13, 0x5A, 0x01, 0x01, 0x12, 0x02, 0x00, 0x0F, 0x05, 0x02, 0x64, 0x2A,
574 0x01, 0x08, 0x12, 0x29, 0x01, 0x02, 0x0B, 0x39, 0x01, 0x06, 0x10, 0x38,
575 0x06, 0x02, 0x66, 0x2A, 0x04, 0x0D, 0x02, 0x00, 0x01, 0x01, 0x0F, 0x06,
576 0x04, 0x01, 0x00, 0x04, 0x02, 0x01, 0x02, 0x20, 0x05, 0x02, 0x66, 0x2A,
577 0x81, 0x34, 0x29, 0x03, 0x01, 0x29, 0x01, 0x84, 0x00, 0x10, 0x06, 0x02,
578 0x67, 0x2A, 0x7D, 0x46, 0x81, 0x2A, 0x02, 0x01, 0x4E, 0x29, 0x06, 0x01,
579 0x2A, 0x28, 0x81, 0x13, 0x00, 0x00, 0x1D, 0x81, 0x2E, 0x01, 0x0F, 0x0F,
580 0x05, 0x02, 0x6B, 0x2A, 0x00, 0x0A, 0x81, 0x2E, 0x01, 0x01, 0x0F, 0x05,
581 0x02, 0x6B, 0x2A, 0x81, 0x34, 0x29, 0x03, 0x00, 0x71, 0x3F, 0x72, 0x01,
582 0x20, 0x81, 0x2A, 0x81, 0x36, 0x29, 0x01, 0x20, 0x10, 0x06, 0x02, 0x6A,
583 0x2A, 0x29, 0x81, 0x06, 0x41, 0x81, 0x05, 0x46, 0x81, 0x2A, 0x1A, 0x03,
584 0x01, 0x81, 0x34, 0x81, 0x1C, 0x01, 0x00, 0x03, 0x02, 0x01, 0x00, 0x03,
585 0x03, 0x7B, 0x81, 0x18, 0x17, 0x39, 0x08, 0x03, 0x04, 0x03, 0x05, 0x29,
586 0x06, 0x80, 0x73, 0x81, 0x34, 0x29, 0x03, 0x06, 0x02, 0x01, 0x06, 0x0A,
587 0x29, 0x70, 0x2D, 0x0F, 0x06, 0x04, 0x01, 0x7F, 0x03, 0x03, 0x29, 0x01,
588 0x81, 0x7F, 0x0F, 0x06, 0x0B, 0x81, 0x01, 0x2F, 0x06, 0x02, 0x63, 0x2A,
589 0x01, 0x7F, 0x03, 0x02, 0x29, 0x01, 0x81, 0xAC, 0x00, 0x0F, 0x06, 0x13,
590 0x02, 0x00, 0x81, 0x0E, 0x2D, 0x11, 0x02, 0x00, 0x81, 0x0D, 0x2D, 0x0B,
591 0x13, 0x06, 0x04, 0x01, 0x7F, 0x03, 0x00, 0x81, 0x38, 0x29, 0x56, 0x06,
592 0x03, 0x28, 0x04, 0x27, 0x01, 0x00, 0x81, 0x1A, 0x06, 0x0B, 0x01, 0x02,
593 0x0C, 0x73, 0x08, 0x02, 0x06, 0x46, 0x3F, 0x04, 0x16, 0x28, 0x02, 0x05,
594 0x02, 0x04, 0x11, 0x06, 0x02, 0x61, 0x2A, 0x02, 0x06, 0x02, 0x05, 0x3F,
595 0x02, 0x05, 0x01, 0x04, 0x08, 0x03, 0x05, 0x04, 0xFF, 0x09, 0x28, 0x01,
596 0x00, 0x03, 0x07, 0x81, 0x36, 0x81, 0x1C, 0x29, 0x06, 0x0A, 0x81, 0x36,
597 0x05, 0x04, 0x01, 0x7F, 0x03, 0x07, 0x04, 0x73, 0x81, 0x13, 0x01, 0x00,
598 0x81, 0x03, 0x41, 0x01, 0x88, 0x04, 0x7A, 0x3F, 0x01, 0x84, 0x80, 0x80,
599 0x00, 0x76, 0x40, 0x29, 0x06, 0x80, 0x4E, 0x81, 0x34, 0x81, 0x1C, 0x29,
600 0x06, 0x80, 0x44, 0x81, 0x34, 0x01, 0x00, 0x39, 0x0F, 0x06, 0x05, 0x28,
601 0x81, 0x2D, 0x04, 0x34, 0x01, 0x01, 0x39, 0x0F, 0x06, 0x05, 0x28, 0x81,
602 0x2B, 0x04, 0x29, 0x01, 0x83, 0xFE, 0x01, 0x39, 0x0F, 0x06, 0x05, 0x28,
603 0x81, 0x2C, 0x04, 0x1C, 0x01, 0x0D, 0x39, 0x0F, 0x06, 0x05, 0x28, 0x81,
604 0x32, 0x04, 0x11, 0x01, 0x0A, 0x39, 0x0F, 0x06, 0x05, 0x28, 0x81, 0x33,
605 0x04, 0x06, 0x28, 0x81, 0x30, 0x01, 0x00, 0x28, 0x04, 0xFF, 0x38, 0x81,
606 0x13, 0x81, 0x13, 0x02, 0x01, 0x02, 0x03, 0x13, 0x03, 0x01, 0x02, 0x00,
607 0x56, 0x06, 0x0A, 0x71, 0x2D, 0x81, 0x0F, 0x3F, 0x01, 0x80, 0x56, 0x81,
608 0x19, 0x81, 0x0D, 0x2D, 0x29, 0x02, 0x00, 0x10, 0x06, 0x03, 0x28, 0x02,
609 0x00, 0x29, 0x01, 0x86, 0x00, 0x0B, 0x06, 0x02, 0x65, 0x2A, 0x02, 0x00,
610 0x81, 0x0E, 0x2D, 0x0B, 0x06, 0x05, 0x01, 0x80, 0x46, 0x81, 0x19, 0x02,
611 0x01, 0x06, 0x12, 0x81, 0x0B, 0x2D, 0x02, 0x00, 0x0D, 0x06, 0x06, 0x28,
612 0x81, 0x0B, 0x2D, 0x04, 0x04, 0x01, 0x00, 0x03, 0x01, 0x29, 0x81, 0x0B,
613 0x3F, 0x29, 0x81, 0x0C, 0x3F, 0x29, 0x81, 0x0F, 0x3F, 0x01, 0x86, 0x03,
614 0x11, 0x03, 0x08, 0x02, 0x02, 0x06, 0x05, 0x01, 0x02, 0x81, 0x01, 0x41,
615 0x02, 0x07, 0x05, 0x04, 0x01, 0x28, 0x81, 0x19, 0x43, 0x28, 0x01, 0x82,
616 0x01, 0x07, 0x7A, 0x2D, 0x13, 0x29, 0x7A, 0x3F, 0x29, 0x01, 0x81, 0x7F,
617 0x13, 0x57, 0x36, 0x46, 0x01, 0x08, 0x12, 0x57, 0x01, 0x02, 0x13, 0x38,
618 0x03, 0x09, 0x76, 0x2E, 0x42, 0x13, 0x29, 0x76, 0x40, 0x05, 0x04, 0x01,
619 0x00, 0x03, 0x09, 0x02, 0x01, 0x06, 0x03, 0x01, 0x7F, 0x00, 0x81, 0x05,
620 0x01, 0x20, 0x33, 0x01, 0x20, 0x81, 0x06, 0x41, 0x73, 0x29, 0x03, 0x05,
621 0x29, 0x02, 0x04, 0x0B, 0x06, 0x80, 0x4A, 0x29, 0x2D, 0x29, 0x81, 0x12,
622 0x29, 0x01, 0x0C, 0x12, 0x29, 0x01, 0x01, 0x0F, 0x46, 0x01, 0x02, 0x0F,
623 0x38, 0x06, 0x0A, 0x29, 0x02, 0x09, 0x13, 0x05, 0x04, 0x5D, 0x01, 0x00,
624 0x29, 0x02, 0x08, 0x05, 0x0E, 0x29, 0x01, 0x81, 0x70, 0x13, 0x01, 0x20,
625 0x0E, 0x06, 0x04, 0x5D, 0x01, 0x00, 0x29, 0x29, 0x06, 0x10, 0x02, 0x05,
626 0x5C, 0x3F, 0x02, 0x05, 0x3F, 0x02, 0x05, 0x01, 0x04, 0x08, 0x03, 0x05,
627 0x04, 0x01, 0x5D, 0x01, 0x04, 0x08, 0x04, 0xFF, 0x2F, 0x28, 0x02, 0x05,
628 0x73, 0x09, 0x01, 0x02, 0x12, 0x29, 0x05, 0x04, 0x01, 0x28, 0x81, 0x19,
629 0x74, 0x41, 0x18, 0x05, 0x04, 0x01, 0x28, 0x81, 0x19, 0x01, 0x00, 0x00,
630 0x00, 0x81, 0x28, 0x81, 0x27, 0x00, 0x04, 0x70, 0x2D, 0x81, 0x41, 0x06,
631 0x19, 0x81, 0x34, 0x29, 0x01, 0x84, 0x00, 0x10, 0x06, 0x02, 0x67, 0x2A,
632 0x29, 0x03, 0x00, 0x7D, 0x46, 0x81, 0x2A, 0x02, 0x00, 0x70, 0x2D, 0x81,
633 0x1D, 0x26, 0x70, 0x2D, 0x29, 0x81, 0x3F, 0x46, 0x81, 0x3E, 0x03, 0x01,
634 0x03, 0x02, 0x02, 0x01, 0x02, 0x02, 0x38, 0x06, 0x17, 0x81, 0x36, 0x29,
635 0x03, 0x03, 0x7D, 0x46, 0x81, 0x2A, 0x02, 0x03, 0x70, 0x2D, 0x81, 0x1D,
636 0x02, 0x02, 0x06, 0x03, 0x25, 0x04, 0x01, 0x23, 0x81, 0x13, 0x00, 0x00,
637 0x81, 0x2E, 0x01, 0x10, 0x0F, 0x05, 0x02, 0x6B, 0x2A, 0x00, 0x00, 0x81,
638 0x14, 0x81, 0x2E, 0x01, 0x14, 0x0E, 0x06, 0x02, 0x6B, 0x2A, 0x7D, 0x01,
639 0x0C, 0x08, 0x01, 0x0C, 0x81, 0x2A, 0x81, 0x13, 0x7D, 0x29, 0x01, 0x0C,
640 0x08, 0x01, 0x0C, 0x31, 0x05, 0x02, 0x5F, 0x2A, 0x00, 0x02, 0x03, 0x00,
641 0x03, 0x01, 0x02, 0x00, 0x81, 0x10, 0x02, 0x01, 0x02, 0x00, 0x3B, 0x29,
642 0x01, 0x00, 0x0F, 0x06, 0x02, 0x5D, 0x00, 0x81, 0x44, 0x04, 0x73, 0x00,
643 0x81, 0x34, 0x01, 0x01, 0x0E, 0x06, 0x02, 0x60, 0x2A, 0x81, 0x36, 0x29,
644 0x29, 0x58, 0x46, 0x01, 0x05, 0x11, 0x38, 0x06, 0x02, 0x60, 0x2A, 0x01,
645 0x08, 0x08, 0x29, 0x7C, 0x2F, 0x0B, 0x06, 0x0D, 0x29, 0x01, 0x01, 0x46,
646 0x0C, 0x3E, 0x29, 0x7C, 0x41, 0x7E, 0x41, 0x04, 0x01, 0x28, 0x00, 0x00,
647 0x81, 0x34, 0x81, 0x01, 0x2F, 0x01, 0x00, 0x39, 0x0F, 0x06, 0x15, 0x28,
648 0x01, 0x01, 0x0F, 0x05, 0x02, 0x63, 0x2A, 0x81, 0x36, 0x06, 0x02, 0x63,
649 0x2A, 0x01, 0x02, 0x81, 0x01, 0x41, 0x04, 0x2B, 0x01, 0x02, 0x39, 0x0F,
650 0x06, 0x22, 0x28, 0x01, 0x0D, 0x0F, 0x05, 0x02, 0x63, 0x2A, 0x81, 0x36,
651 0x01, 0x0C, 0x0F, 0x05, 0x02, 0x63, 0x2A, 0x7D, 0x01, 0x0C, 0x81, 0x2A,
652 0x81, 0x02, 0x7D, 0x01, 0x0C, 0x31, 0x05, 0x02, 0x63, 0x2A, 0x04, 0x03,
653 0x63, 0x2A, 0x28, 0x00, 0x00, 0x81, 0x34, 0x81, 0x1C, 0x81, 0x34, 0x81,
654 0x1C, 0x29, 0x06, 0x24, 0x81, 0x36, 0x06, 0x04, 0x81, 0x30, 0x04, 0x1A,
655 0x81, 0x34, 0x29, 0x01, 0x81, 0x7F, 0x0D, 0x06, 0x0F, 0x29, 0x81, 0x03,
656 0x08, 0x01, 0x00, 0x46, 0x41, 0x81, 0x03, 0x46, 0x81, 0x2A, 0x04, 0x02,
657 0x81, 0x3C, 0x04, 0x59, 0x81, 0x13, 0x81, 0x13, 0x00, 0x00, 0x81, 0x2F,
658 0x29, 0x58, 0x06, 0x07, 0x28, 0x06, 0x02, 0x61, 0x2A, 0x04, 0x73, 0x00,
659 0x00, 0x81, 0x37, 0x01, 0x03, 0x81, 0x35, 0x46, 0x28, 0x46, 0x00, 0x00,
660 0x81, 0x34, 0x81, 0x3C, 0x00, 0x03, 0x01, 0x00, 0x03, 0x00, 0x81, 0x34,
661 0x81, 0x1C, 0x29, 0x06, 0x34, 0x81, 0x36, 0x03, 0x01, 0x81, 0x36, 0x03,
662 0x02, 0x02, 0x01, 0x01, 0x02, 0x11, 0x02, 0x01, 0x01, 0x06, 0x0D, 0x13,
663 0x02, 0x02, 0x01, 0x01, 0x0F, 0x02, 0x02, 0x01, 0x03, 0x0F, 0x38, 0x13,
664 0x06, 0x11, 0x02, 0x00, 0x01, 0x01, 0x02, 0x02, 0x5B, 0x01, 0x02, 0x0C,
665 0x02, 0x01, 0x08, 0x0C, 0x38, 0x03, 0x00, 0x04, 0x49, 0x81, 0x13, 0x02,
666 0x00, 0x00, 0x00, 0x81, 0x34, 0x81, 0x1C, 0x81, 0x31, 0x7A, 0x3F, 0x81,
667 0x13, 0x00, 0x00, 0x81, 0x34, 0x81, 0x1C, 0x81, 0x34, 0x81, 0x1C, 0x01,
668 0x00, 0x76, 0x40, 0x29, 0x06, 0x16, 0x81, 0x34, 0x29, 0x01, 0x20, 0x0B,
669 0x06, 0x0B, 0x01, 0x01, 0x46, 0x0C, 0x76, 0x2E, 0x38, 0x76, 0x40, 0x04,
670 0x01, 0x28, 0x04, 0x67, 0x81, 0x13, 0x81, 0x13, 0x00, 0x00, 0x01, 0x02,
671 0x81, 0x10, 0x81, 0x37, 0x01, 0x08, 0x0C, 0x81, 0x37, 0x08, 0x00, 0x00,
672 0x01, 0x03, 0x81, 0x10, 0x81, 0x37, 0x01, 0x08, 0x0C, 0x81, 0x37, 0x08,
673 0x01, 0x08, 0x0C, 0x81, 0x37, 0x08, 0x00, 0x00, 0x01, 0x01, 0x81, 0x10,
674 0x81, 0x37, 0x00, 0x00, 0x3C, 0x29, 0x56, 0x05, 0x01, 0x00, 0x28, 0x81,
675 0x44, 0x04, 0x75, 0x02, 0x03, 0x00, 0x81, 0x0A, 0x2F, 0x03, 0x01, 0x01,
676 0x00, 0x29, 0x02, 0x01, 0x0B, 0x06, 0x11, 0x29, 0x01, 0x01, 0x0C, 0x81,
677 0x09, 0x08, 0x2D, 0x02, 0x00, 0x0F, 0x06, 0x01, 0x00, 0x5A, 0x04, 0x69,
678 0x28, 0x01, 0x7F, 0x00, 0x00, 0x2B, 0x19, 0x37, 0x06, 0x05, 0x81, 0x42,
679 0x28, 0x04, 0x77, 0x01, 0x16, 0x81, 0x00, 0x41, 0x01, 0x00, 0x81, 0x55,
680 0x01, 0x00, 0x81, 0x54, 0x2B, 0x01, 0x17, 0x81, 0x00, 0x41, 0x00, 0x00,
681 0x01, 0x15, 0x81, 0x00, 0x41, 0x46, 0x50, 0x28, 0x50, 0x28, 0x2B, 0x00,
682 0x00, 0x01, 0x01, 0x46, 0x81, 0x3A, 0x00, 0x00, 0x46, 0x39, 0x81, 0x10,
683 0x46, 0x29, 0x06, 0x06, 0x81, 0x37, 0x28, 0x5B, 0x04, 0x77, 0x28, 0x00,
684 0x02, 0x03, 0x00, 0x70, 0x2D, 0x81, 0x12, 0x03, 0x01, 0x02, 0x01, 0x01,
685 0x0F, 0x13, 0x02, 0x01, 0x01, 0x04, 0x12, 0x01, 0x0F, 0x13, 0x02, 0x01,
686 0x01, 0x08, 0x12, 0x01, 0x0F, 0x13, 0x01, 0x00, 0x39, 0x0F, 0x06, 0x10,
687 0x28, 0x01, 0x00, 0x01, 0x18, 0x02, 0x00, 0x06, 0x03, 0x49, 0x04, 0x01,
688 0x4A, 0x04, 0x80, 0x56, 0x01, 0x01, 0x39, 0x0F, 0x06, 0x10, 0x28, 0x01,
689 0x01, 0x01, 0x10, 0x02, 0x00, 0x06, 0x03, 0x49, 0x04, 0x01, 0x4A, 0x04,
690 0x80, 0x40, 0x01, 0x02, 0x39, 0x0F, 0x06, 0x0F, 0x28, 0x01, 0x01, 0x01,
691 0x20, 0x02, 0x00, 0x06, 0x03, 0x49, 0x04, 0x01, 0x4A, 0x04, 0x2B, 0x01,
692 0x03, 0x39, 0x0F, 0x06, 0x0E, 0x28, 0x28, 0x01, 0x10, 0x02, 0x00, 0x06,
693 0x03, 0x47, 0x04, 0x01, 0x48, 0x04, 0x17, 0x01, 0x04, 0x39, 0x0F, 0x06,
694 0x0E, 0x28, 0x28, 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x47, 0x04, 0x01,
695 0x48, 0x04, 0x03, 0x62, 0x2A, 0x28, 0x00, 0x00, 0x81, 0x12, 0x01, 0x0C,
696 0x12, 0x01, 0x02, 0x10, 0x00, 0x00, 0x81, 0x12, 0x01, 0x0C, 0x12, 0x29,
697 0x59, 0x46, 0x01, 0x03, 0x0B, 0x13, 0x00, 0x00, 0x81, 0x12, 0x01, 0x0C,
698 0x12, 0x01, 0x01, 0x0F, 0x00, 0x00, 0x81, 0x12, 0x01, 0x0C, 0x12, 0x58,
699 0x00, 0x00, 0x1B, 0x01, 0x00, 0x6D, 0x2F, 0x29, 0x06, 0x20, 0x01, 0x01,
700 0x39, 0x0F, 0x06, 0x07, 0x28, 0x01, 0x00, 0x81, 0x16, 0x04, 0x11, 0x01,
701 0x02, 0x39, 0x0F, 0x06, 0x0A, 0x28, 0x6F, 0x2F, 0x06, 0x03, 0x01, 0x10,
702 0x38, 0x04, 0x01, 0x28, 0x04, 0x01, 0x28, 0x75, 0x2F, 0x05, 0x35, 0x30,
703 0x06, 0x32, 0x7F, 0x2F, 0x01, 0x14, 0x39, 0x0F, 0x06, 0x06, 0x28, 0x01,
704 0x02, 0x38, 0x04, 0x24, 0x01, 0x15, 0x39, 0x0F, 0x06, 0x0B, 0x28, 0x81,
705 0x1F, 0x06, 0x04, 0x01, 0x7F, 0x81, 0x16, 0x04, 0x13, 0x01, 0x16, 0x39,
706 0x0F, 0x06, 0x06, 0x28, 0x01, 0x01, 0x38, 0x04, 0x07, 0x28, 0x01, 0x04,
707 0x38, 0x01, 0x00, 0x28, 0x19, 0x06, 0x03, 0x01, 0x08, 0x38, 0x00, 0x00,
708 0x1B, 0x29, 0x05, 0x10, 0x30, 0x06, 0x0D, 0x7F, 0x2F, 0x01, 0x15, 0x0F,
709 0x06, 0x05, 0x28, 0x81, 0x1F, 0x04, 0x01, 0x22, 0x00, 0x00, 0x81, 0x42,
710 0x01, 0x07, 0x13, 0x01, 0x01, 0x10, 0x06, 0x02, 0x6B, 0x2A, 0x00, 0x01,
711 0x03, 0x00, 0x2B, 0x19, 0x06, 0x06, 0x02, 0x00, 0x81, 0x00, 0x41, 0x00,
712 0x81, 0x42, 0x28, 0x04, 0x72, 0x00, 0x01, 0x14, 0x81, 0x45, 0x01, 0x01,
713 0x81, 0x55, 0x2B, 0x29, 0x01, 0x00, 0x81, 0x3D, 0x01, 0x16, 0x81, 0x45,
714 0x81, 0x49, 0x2B, 0x00, 0x00, 0x01, 0x0B, 0x81, 0x55, 0x4C, 0x29, 0x29,
715 0x01, 0x03, 0x08, 0x81, 0x54, 0x81, 0x54, 0x14, 0x29, 0x56, 0x06, 0x02,
716 0x28, 0x00, 0x81, 0x54, 0x1E, 0x29, 0x06, 0x06, 0x7D, 0x46, 0x81, 0x4D,
717 0x04, 0x76, 0x28, 0x04, 0x6A, 0x00, 0x01, 0x00, 0x81, 0x4F, 0x81, 0x0B,
718 0x2D, 0x01, 0x86, 0x03, 0x11, 0x06, 0x06, 0x5C, 0x01, 0x00, 0x81, 0x50,
719 0x08, 0x4B, 0x08, 0x01, 0x03, 0x08, 0x01, 0x0D, 0x81, 0x55, 0x81, 0x54,
720 0x01, 0x00, 0x81, 0x4F, 0x81, 0x55, 0x01, 0x01, 0x81, 0x4F, 0x28, 0x81,
721 0x0B, 0x2D, 0x01, 0x86, 0x03, 0x11, 0x06, 0x0B, 0x01, 0x00, 0x81, 0x50,
722 0x81, 0x53, 0x01, 0x01, 0x81, 0x50, 0x28, 0x4B, 0x81, 0x53, 0x16, 0x15,
723 0x29, 0x56, 0x06, 0x02, 0x28, 0x00, 0x81, 0x53, 0x1F, 0x29, 0x06, 0x06,
724 0x7D, 0x46, 0x81, 0x4D, 0x04, 0x76, 0x28, 0x04, 0x6A, 0x00, 0x81, 0x14,
725 0x01, 0x14, 0x81, 0x55, 0x01, 0x0C, 0x81, 0x54, 0x7D, 0x01, 0x0C, 0x81,
726 0x4D, 0x00, 0x03, 0x03, 0x00, 0x01, 0x02, 0x81, 0x55, 0x01, 0x80, 0x46,
727 0x81, 0x01, 0x2F, 0x01, 0x02, 0x0F, 0x06, 0x0C, 0x02, 0x00, 0x06, 0x04,
728 0x01, 0x05, 0x04, 0x02, 0x01, 0x1D, 0x04, 0x02, 0x01, 0x00, 0x03, 0x01,
729 0x7E, 0x2F, 0x06, 0x04, 0x01, 0x05, 0x04, 0x02, 0x01, 0x00, 0x03, 0x02,
730 0x02, 0x01, 0x02, 0x02, 0x08, 0x29, 0x06, 0x03, 0x01, 0x02, 0x08, 0x08,
731 0x81, 0x54, 0x81, 0x0B, 0x2D, 0x81, 0x53, 0x81, 0x04, 0x01, 0x04, 0x17,
732 0x81, 0x04, 0x01, 0x04, 0x08, 0x01, 0x1C, 0x33, 0x81, 0x04, 0x01, 0x20,
733 0x81, 0x4D, 0x01, 0x20, 0x81, 0x55, 0x81, 0x05, 0x01, 0x20, 0x81, 0x4D,
734 0x70, 0x2D, 0x81, 0x53, 0x01, 0x00, 0x81, 0x55, 0x02, 0x01, 0x02, 0x02,
735 0x08, 0x29, 0x06, 0x31, 0x81, 0x53, 0x02, 0x01, 0x29, 0x06, 0x14, 0x01,
736 0x83, 0xFE, 0x01, 0x81, 0x53, 0x01, 0x04, 0x09, 0x29, 0x81, 0x53, 0x5B,
737 0x81, 0x02, 0x46, 0x81, 0x4E, 0x04, 0x01, 0x28, 0x02, 0x02, 0x06, 0x0F,
738 0x01, 0x01, 0x81, 0x53, 0x01, 0x01, 0x81, 0x53, 0x7E, 0x2F, 0x01, 0x08,
739 0x09, 0x81, 0x55, 0x04, 0x01, 0x28, 0x00, 0x00, 0x01, 0x0E, 0x81, 0x55,
740 0x01, 0x00, 0x81, 0x54, 0x00, 0x03, 0x70, 0x2D, 0x81, 0x3F, 0x05, 0x01,
741 0x00, 0x76, 0x2E, 0x01, 0x00, 0x81, 0x18, 0x12, 0x01, 0x01, 0x13, 0x58,
742 0x06, 0x03, 0x5A, 0x04, 0x74, 0x03, 0x00, 0x28, 0x02, 0x00, 0x24, 0x29,
743 0x56, 0x06, 0x02, 0x36, 0x2A, 0x03, 0x01, 0x81, 0x0B, 0x2D, 0x01, 0x86,
744 0x03, 0x11, 0x03, 0x02, 0x01, 0x0C, 0x81, 0x55, 0x02, 0x01, 0x78, 0x2F,
745 0x08, 0x02, 0x02, 0x01, 0x02, 0x13, 0x08, 0x01, 0x06, 0x08, 0x81, 0x54,
746 0x01, 0x03, 0x81, 0x55, 0x02, 0x00, 0x81, 0x53, 0x77, 0x78, 0x2F, 0x81,
747 0x4E, 0x02, 0x02, 0x06, 0x11, 0x81, 0x08, 0x2F, 0x81, 0x55, 0x70, 0x2D,
748 0x81, 0x40, 0x01, 0x01, 0x0C, 0x01, 0x03, 0x08, 0x81, 0x55, 0x02, 0x01,
749 0x81, 0x53, 0x7D, 0x02, 0x01, 0x81, 0x4D, 0x00, 0x00, 0x4F, 0x29, 0x01,
750 0x00, 0x0F, 0x06, 0x02, 0x5D, 0x00, 0x81, 0x42, 0x28, 0x04, 0x72, 0x00,
751 0x29, 0x81, 0x55, 0x81, 0x4D, 0x00, 0x00, 0x01, 0x00, 0x70, 0x2D, 0x81,
752 0x3E, 0x06, 0x0E, 0x5C, 0x39, 0x06, 0x0A, 0x01, 0x80, 0x41, 0x81, 0x55,
753 0x01, 0x80, 0x42, 0x81, 0x55, 0x45, 0x06, 0x08, 0x5A, 0x39, 0x06, 0x04,
754 0x01, 0x01, 0x81, 0x55, 0x44, 0x06, 0x09, 0x5A, 0x39, 0x06, 0x05, 0x01,
755 0x80, 0x40, 0x81, 0x55, 0x46, 0x28, 0x00, 0x01, 0x01, 0x00, 0x03, 0x00,
756 0x45, 0x44, 0x38, 0x05, 0x16, 0x01, 0x01, 0x01, 0x80, 0x7C, 0x81, 0x51,
757 0x03, 0x00, 0x01, 0x03, 0x01, 0x80, 0x7C, 0x81, 0x51, 0x02, 0x00, 0x08,
758 0x46, 0x28, 0x00, 0x45, 0x06, 0x08, 0x01, 0x01, 0x43, 0x28, 0x81, 0x51,
759 0x03, 0x00, 0x44, 0x06, 0x0B, 0x01, 0x03, 0x43, 0x28, 0x81, 0x51, 0x02,
760 0x00, 0x08, 0x03, 0x00, 0x28, 0x02, 0x00, 0x00, 0x00, 0x01, 0x00, 0x01,
761 0x04, 0x81, 0x52, 0x01, 0x05, 0x81, 0x52, 0x01, 0x06, 0x81, 0x52, 0x01,
762 0x03, 0x81, 0x52, 0x01, 0x02, 0x81, 0x52, 0x0A, 0x5D, 0x00, 0x01, 0x03,
763 0x00, 0x39, 0x01, 0x01, 0x02, 0x00, 0x0C, 0x13, 0x05, 0x01, 0x00, 0x5C,
764 0x01, 0x03, 0x3A, 0x06, 0x09, 0x02, 0x00, 0x81, 0x55, 0x01, 0x02, 0x3A,
765 0x81, 0x55, 0x00, 0x00, 0x29, 0x01, 0x08, 0x4D, 0x81, 0x55, 0x81, 0x55,
766 0x00, 0x00, 0x29, 0x01, 0x10, 0x4D, 0x81, 0x55, 0x81, 0x53, 0x00, 0x00,
767 0x29, 0x50, 0x06, 0x02, 0x28, 0x00, 0x81, 0x42, 0x28, 0x04, 0x75
768 };
769
770 static const uint16_t t0_caddr[] = {
771 0,
772 5,
773 10,
774 15,
775 20,
776 25,
777 30,
778 35,
779 39,
780 43,
781 47,
782 51,
783 55,
784 59,
785 63,
786 67,
787 71,
788 75,
789 79,
790 83,
791 87,
792 91,
793 95,
794 99,
795 104,
796 109,
797 114,
798 119,
799 124,
800 129,
801 134,
802 139,
803 144,
804 149,
805 154,
806 159,
807 164,
808 169,
809 175,
810 180,
811 185,
812 190,
813 195,
814 200,
815 205,
816 210,
817 215,
818 220,
819 225,
820 230,
821 235,
822 240,
823 245,
824 250,
825 255,
826 260,
827 265,
828 270,
829 275,
830 284,
831 288,
832 316,
833 322,
834 343,
835 354,
836 391,
837 523,
838 527,
839 563,
840 573,
841 650,
842 664,
843 671,
844 731,
845 752,
846 776,
847 829,
848 915,
849 1023,
850 1035,
851 1630,
852 1636,
853 1713,
854 1724,
855 1759,
856 1785,
857 1833,
858 1910,
859 1963,
860 1978,
861 1989,
862 1995,
863 2064,
864 2076,
865 2119,
866 2133,
867 2153,
868 2161,
869 2173,
870 2210,
871 2241,
872 2254,
873 2261,
874 2278,
875 2417,
876 2427,
877 2441,
878 2451,
879 2459,
880 2565,
881 2587,
882 2601,
883 2619,
884 2642,
885 2679,
886 2767,
887 2784,
888 2945,
889 2955,
890 3066,
891 3081,
892 3088,
893 3137,
894 3198,
895 3224,
896 3253,
897 3263,
898 3273
899 };
900
901 #define T0_INTERPRETED 86
902
903 #define T0_ENTER(ip, rp, slot) do { \
904 const unsigned char *t0_newip; \
905 uint32_t t0_lnum; \
906 t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \
907 t0_lnum = t0_parse7E_unsigned(&t0_newip); \
908 (rp) += t0_lnum; \
909 *((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \
910 (ip) = t0_newip; \
911 } while (0)
912
913 #define T0_DEFENTRY(name, slot) \
914 void \
915 name(void *ctx) \
916 { \
917 t0_context *t0ctx = ctx; \
918 t0ctx->ip = &t0_codeblock[0]; \
919 T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \
920 }
921
922 T0_DEFENTRY(br_ssl_hs_server_init_main, 155)
923
924 void
925 br_ssl_hs_server_run(void *t0ctx)
926 {
927 uint32_t *dp, *rp;
928 const unsigned char *ip;
929
930 #define T0_LOCAL(x) (*(rp - 2 - (x)))
931 #define T0_POP() (*-- dp)
932 #define T0_POPi() (*(int32_t *)(-- dp))
933 #define T0_PEEK(x) (*(dp - 1 - (x)))
934 #define T0_PEEKi(x) (*(int32_t *)(dp - 1 - (x)))
935 #define T0_PUSH(v) do { *dp = (v); dp ++; } while (0)
936 #define T0_PUSHi(v) do { *(int32_t *)dp = (v); dp ++; } while (0)
937 #define T0_RPOP() (*-- rp)
938 #define T0_RPOPi() (*(int32_t *)(-- rp))
939 #define T0_RPUSH(v) do { *rp = (v); rp ++; } while (0)
940 #define T0_RPUSHi(v) do { *(int32_t *)rp = (v); rp ++; } while (0)
941 #define T0_ROLL(x) do { \
942 size_t t0len = (size_t)(x); \
943 uint32_t t0tmp = *(dp - 1 - t0len); \
944 memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \
945 *(dp - 1) = t0tmp; \
946 } while (0)
947 #define T0_SWAP() do { \
948 uint32_t t0tmp = *(dp - 2); \
949 *(dp - 2) = *(dp - 1); \
950 *(dp - 1) = t0tmp; \
951 } while (0)
952 #define T0_ROT() do { \
953 uint32_t t0tmp = *(dp - 3); \
954 *(dp - 3) = *(dp - 2); \
955 *(dp - 2) = *(dp - 1); \
956 *(dp - 1) = t0tmp; \
957 } while (0)
958 #define T0_NROT() do { \
959 uint32_t t0tmp = *(dp - 1); \
960 *(dp - 1) = *(dp - 2); \
961 *(dp - 2) = *(dp - 3); \
962 *(dp - 3) = t0tmp; \
963 } while (0)
964 #define T0_PICK(x) do { \
965 uint32_t t0depth = (x); \
966 T0_PUSH(T0_PEEK(t0depth)); \
967 } while (0)
968 #define T0_CO() do { \
969 goto t0_exit; \
970 } while (0)
971 #define T0_RET() break
972
973 dp = ((t0_context *)t0ctx)->dp;
974 rp = ((t0_context *)t0ctx)->rp;
975 ip = ((t0_context *)t0ctx)->ip;
976 for (;;) {
977 uint32_t t0x;
978
979 t0x = t0_parse7E_unsigned(&ip);
980 if (t0x < T0_INTERPRETED) {
981 switch (t0x) {
982 int32_t t0off;
983
984 case 0: /* ret */
985 t0x = T0_RPOP();
986 rp -= (t0x >> 16);
987 t0x &= 0xFFFF;
988 if (t0x == 0) {
989 ip = NULL;
990 goto t0_exit;
991 }
992 ip = &t0_codeblock[t0x];
993 break;
994 case 1: /* literal constant */
995 T0_PUSHi(t0_parse7E_signed(&ip));
996 break;
997 case 2: /* read local */
998 T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip)));
999 break;
1000 case 3: /* write local */
1001 T0_LOCAL(t0_parse7E_unsigned(&ip)) = T0_POP();
1002 break;
1003 case 4: /* jump */
1004 t0off = t0_parse7E_signed(&ip);
1005 ip += t0off;
1006 break;
1007 case 5: /* jump if */
1008 t0off = t0_parse7E_signed(&ip);
1009 if (T0_POP()) {
1010 ip += t0off;
1011 }
1012 break;
1013 case 6: /* jump if not */
1014 t0off = t0_parse7E_signed(&ip);
1015 if (!T0_POP()) {
1016 ip += t0off;
1017 }
1018 break;
1019 case 7: {
1020 /* * */
1021
1022 uint32_t b = T0_POP();
1023 uint32_t a = T0_POP();
1024 T0_PUSH(a * b);
1025
1026 }
1027 break;
1028 case 8: {
1029 /* + */
1030
1031 uint32_t b = T0_POP();
1032 uint32_t a = T0_POP();
1033 T0_PUSH(a + b);
1034
1035 }
1036 break;
1037 case 9: {
1038 /* - */
1039
1040 uint32_t b = T0_POP();
1041 uint32_t a = T0_POP();
1042 T0_PUSH(a - b);
1043
1044 }
1045 break;
1046 case 10: {
1047 /* -rot */
1048 T0_NROT();
1049 }
1050 break;
1051 case 11: {
1052 /* < */
1053
1054 int32_t b = T0_POPi();
1055 int32_t a = T0_POPi();
1056 T0_PUSH(-(uint32_t)(a < b));
1057
1058 }
1059 break;
1060 case 12: {
1061 /* << */
1062
1063 int c = (int)T0_POPi();
1064 uint32_t x = T0_POP();
1065 T0_PUSH(x << c);
1066
1067 }
1068 break;
1069 case 13: {
1070 /* <= */
1071
1072 int32_t b = T0_POPi();
1073 int32_t a = T0_POPi();
1074 T0_PUSH(-(uint32_t)(a <= b));
1075
1076 }
1077 break;
1078 case 14: {
1079 /* <> */
1080
1081 uint32_t b = T0_POP();
1082 uint32_t a = T0_POP();
1083 T0_PUSH(-(uint32_t)(a != b));
1084
1085 }
1086 break;
1087 case 15: {
1088 /* = */
1089
1090 uint32_t b = T0_POP();
1091 uint32_t a = T0_POP();
1092 T0_PUSH(-(uint32_t)(a == b));
1093
1094 }
1095 break;
1096 case 16: {
1097 /* > */
1098
1099 int32_t b = T0_POPi();
1100 int32_t a = T0_POPi();
1101 T0_PUSH(-(uint32_t)(a > b));
1102
1103 }
1104 break;
1105 case 17: {
1106 /* >= */
1107
1108 int32_t b = T0_POPi();
1109 int32_t a = T0_POPi();
1110 T0_PUSH(-(uint32_t)(a >= b));
1111
1112 }
1113 break;
1114 case 18: {
1115 /* >> */
1116
1117 int c = (int)T0_POPi();
1118 int32_t x = T0_POPi();
1119 T0_PUSHi(x >> c);
1120
1121 }
1122 break;
1123 case 19: {
1124 /* and */
1125
1126 uint32_t b = T0_POP();
1127 uint32_t a = T0_POP();
1128 T0_PUSH(a & b);
1129
1130 }
1131 break;
1132 case 20: {
1133 /* begin-cert */
1134
1135 if (ENG->chain_len == 0) {
1136 T0_PUSHi(-1);
1137 } else {
1138 ENG->cert_cur = ENG->chain->data;
1139 ENG->cert_len = ENG->chain->data_len;
1140 ENG->chain ++;
1141 ENG->chain_len --;
1142 T0_PUSH(ENG->cert_len);
1143 }
1144
1145 }
1146 break;
1147 case 21: {
1148 /* begin-ta-name */
1149
1150 const br_x500_name *dn;
1151 if (CTX->cur_dn_index >= CTX->num_tas) {
1152 T0_PUSHi(-1);
1153 } else {
1154 if (CTX->ta_names == NULL) {
1155 dn = &CTX->tas[CTX->cur_dn_index].dn;
1156 } else {
1157 dn = &CTX->ta_names[CTX->cur_dn_index];
1158 }
1159 CTX->cur_dn_index ++;
1160 CTX->cur_dn = dn->data;
1161 CTX->cur_dn_len = dn->len;
1162 T0_PUSH(CTX->cur_dn_len);
1163 }
1164
1165 }
1166 break;
1167 case 22: {
1168 /* begin-ta-name-list */
1169
1170 CTX->cur_dn_index = 0;
1171
1172 }
1173 break;
1174 case 23: {
1175 /* bzero */
1176
1177 size_t len = (size_t)T0_POP();
1178 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
1179 memset(addr, 0, len);
1180
1181 }
1182 break;
1183 case 24: {
1184 /* call-policy-handler */
1185
1186 int x;
1187 br_ssl_server_choices choices;
1188
1189 x = (*CTX->policy_vtable)->choose(
1190 CTX->policy_vtable, CTX, &choices);
1191 ENG->session.cipher_suite = choices.cipher_suite;
1192 CTX->sign_hash_id = choices.hash_id;
1193 ENG->chain = choices.chain;
1194 ENG->chain_len = choices.chain_len;
1195 T0_PUSHi(-(x != 0));
1196
1197 }
1198 break;
1199 case 25: {
1200 /* can-output? */
1201
1202 T0_PUSHi(-(ENG->hlen_out > 0));
1203
1204 }
1205 break;
1206 case 26: {
1207 /* check-resume */
1208
1209 if (ENG->session.session_id_len == 32
1210 && CTX->cache_vtable != NULL && (*CTX->cache_vtable)->load(
1211 CTX->cache_vtable, CTX, &ENG->session))
1212 {
1213 T0_PUSHi(-1);
1214 } else {
1215 T0_PUSH(0);
1216 }
1217
1218 }
1219 break;
1220 case 27: {
1221 /* co */
1222 T0_CO();
1223 }
1224 break;
1225 case 28: {
1226 /* compute-Finished-inner */
1227
1228 int prf_id = T0_POP();
1229 int from_client = T0_POPi();
1230 unsigned char seed[48];
1231 size_t seed_len;
1232
1233 br_tls_prf_impl prf = br_ssl_engine_get_PRF(ENG, prf_id);
1234 if (ENG->session.version >= BR_TLS12) {
1235 seed_len = br_multihash_out(&ENG->mhash, prf_id, seed);
1236 } else {
1237 br_multihash_out(&ENG->mhash, br_md5_ID, seed);
1238 br_multihash_out(&ENG->mhash, br_sha1_ID, seed + 16);
1239 seed_len = 36;
1240 }
1241 prf(ENG->pad, 12, ENG->session.master_secret,
1242 sizeof ENG->session.master_secret,
1243 from_client ? "client finished" : "server finished",
1244 seed, seed_len);
1245
1246 }
1247 break;
1248 case 29: {
1249 /* compute-hash-CV */
1250
1251 int i;
1252
1253 for (i = 1; i <= 6; i ++) {
1254 br_multihash_out(&ENG->mhash, i,
1255 ENG->pad + HASH_PAD_OFF[i - 1]);
1256 }
1257
1258 }
1259 break;
1260 case 30: {
1261 /* copy-cert-chunk */
1262
1263 size_t clen;
1264
1265 clen = ENG->cert_len;
1266 if (clen > sizeof ENG->pad) {
1267 clen = sizeof ENG->pad;
1268 }
1269 memcpy(ENG->pad, ENG->cert_cur, clen);
1270 ENG->cert_cur += clen;
1271 ENG->cert_len -= clen;
1272 T0_PUSH(clen);
1273
1274 }
1275 break;
1276 case 31: {
1277 /* copy-dn-chunk */
1278
1279 size_t clen;
1280
1281 clen = CTX->cur_dn_len;
1282 if (clen > sizeof ENG->pad) {
1283 clen = sizeof ENG->pad;
1284 }
1285 memcpy(ENG->pad, CTX->cur_dn, clen);
1286 CTX->cur_dn += clen;
1287 CTX->cur_dn_len -= clen;
1288 T0_PUSH(clen);
1289
1290 }
1291 break;
1292 case 32: {
1293 /* copy-hash-CV */
1294
1295 int id = T0_POP();
1296 size_t off, len;
1297
1298 if (id == 0) {
1299 off = 0;
1300 len = 36;
1301 } else {
1302 if (br_multihash_getimpl(&ENG->mhash, id) == 0) {
1303 T0_PUSH(0);
1304 T0_RET();
1305 }
1306 off = HASH_PAD_OFF[id - 1];
1307 len = HASH_PAD_OFF[id] - off;
1308 }
1309 memcpy(CTX->hash_CV, ENG->pad + off, len);
1310 CTX->hash_CV_len = len;
1311 CTX->hash_CV_id = id;
1312 T0_PUSHi(-1);
1313
1314 }
1315 break;
1316 case 33: {
1317 /* data-get8 */
1318
1319 size_t addr = T0_POP();
1320 T0_PUSH(t0_datablock[addr]);
1321
1322 }
1323 break;
1324 case 34: {
1325 /* discard-input */
1326
1327 ENG->hlen_in = 0;
1328
1329 }
1330 break;
1331 case 35: {
1332 /* do-ecdh */
1333
1334 int prf_id = T0_POPi();
1335 size_t len = T0_POP();
1336 do_ecdh(CTX, prf_id, ENG->pad, len);
1337
1338 }
1339 break;
1340 case 36: {
1341 /* do-ecdhe-part1 */
1342
1343 int curve = T0_POPi();
1344 T0_PUSHi(do_ecdhe_part1(CTX, curve));
1345
1346 }
1347 break;
1348 case 37: {
1349 /* do-ecdhe-part2 */
1350
1351 int prf_id = T0_POPi();
1352 size_t len = T0_POP();
1353 do_ecdhe_part2(CTX, prf_id, ENG->pad, len);
1354
1355 }
1356 break;
1357 case 38: {
1358 /* do-rsa-decrypt */
1359
1360 int prf_id = T0_POPi();
1361 size_t len = T0_POP();
1362 do_rsa_decrypt(CTX, prf_id, ENG->pad, len);
1363
1364 }
1365 break;
1366 case 39: {
1367 /* do-static-ecdh */
1368
1369 do_static_ecdh(CTX, T0_POP());
1370
1371 }
1372 break;
1373 case 40: {
1374 /* drop */
1375 (void)T0_POP();
1376 }
1377 break;
1378 case 41: {
1379 /* dup */
1380 T0_PUSH(T0_PEEK(0));
1381 }
1382 break;
1383 case 42: {
1384 /* fail */
1385
1386 br_ssl_engine_fail(ENG, (int)T0_POPi());
1387 T0_CO();
1388
1389 }
1390 break;
1391 case 43: {
1392 /* flush-record */
1393
1394 br_ssl_engine_flush_record(ENG);
1395
1396 }
1397 break;
1398 case 44: {
1399 /* get-key-type-usages */
1400
1401 const br_x509_class *xc;
1402 const br_x509_pkey *pk;
1403 unsigned usages;
1404
1405 xc = *(ENG->x509ctx);
1406 pk = xc->get_pkey(ENG->x509ctx, &usages);
1407 if (pk == NULL) {
1408 T0_PUSH(0);
1409 } else {
1410 T0_PUSH(pk->key_type | usages);
1411 }
1412
1413 }
1414 break;
1415 case 45: {
1416 /* get16 */
1417
1418 size_t addr = (size_t)T0_POP();
1419 T0_PUSH(*(uint16_t *)((unsigned char *)ENG + addr));
1420
1421 }
1422 break;
1423 case 46: {
1424 /* get32 */
1425
1426 size_t addr = (size_t)T0_POP();
1427 T0_PUSH(*(uint32_t *)((unsigned char *)ENG + addr));
1428
1429 }
1430 break;
1431 case 47: {
1432 /* get8 */
1433
1434 size_t addr = (size_t)T0_POP();
1435 T0_PUSH(*((unsigned char *)ENG + addr));
1436
1437 }
1438 break;
1439 case 48: {
1440 /* has-input? */
1441
1442 T0_PUSHi(-(ENG->hlen_in != 0));
1443
1444 }
1445 break;
1446 case 49: {
1447 /* memcmp */
1448
1449 size_t len = (size_t)T0_POP();
1450 void *addr2 = (unsigned char *)ENG + (size_t)T0_POP();
1451 void *addr1 = (unsigned char *)ENG + (size_t)T0_POP();
1452 int x = memcmp(addr1, addr2, len);
1453 T0_PUSH((uint32_t)-(x == 0));
1454
1455 }
1456 break;
1457 case 50: {
1458 /* memcpy */
1459
1460 size_t len = (size_t)T0_POP();
1461 void *src = (unsigned char *)ENG + (size_t)T0_POP();
1462 void *dst = (unsigned char *)ENG + (size_t)T0_POP();
1463 memcpy(dst, src, len);
1464
1465 }
1466 break;
1467 case 51: {
1468 /* mkrand */
1469
1470 size_t len = (size_t)T0_POP();
1471 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
1472 br_hmac_drbg_generate(&ENG->rng, addr, len);
1473
1474 }
1475 break;
1476 case 52: {
1477 /* more-incoming-bytes? */
1478
1479 T0_PUSHi(ENG->hlen_in != 0 || !br_ssl_engine_recvrec_finished(ENG));
1480
1481 }
1482 break;
1483 case 53: {
1484 /* multihash-init */
1485
1486 br_multihash_init(&ENG->mhash);
1487
1488 }
1489 break;
1490 case 54: {
1491 /* neg */
1492
1493 uint32_t a = T0_POP();
1494 T0_PUSH(-a);
1495
1496 }
1497 break;
1498 case 55: {
1499 /* not */
1500
1501 uint32_t a = T0_POP();
1502 T0_PUSH(~a);
1503
1504 }
1505 break;
1506 case 56: {
1507 /* or */
1508
1509 uint32_t b = T0_POP();
1510 uint32_t a = T0_POP();
1511 T0_PUSH(a | b);
1512
1513 }
1514 break;
1515 case 57: {
1516 /* over */
1517 T0_PUSH(T0_PEEK(1));
1518 }
1519 break;
1520 case 58: {
1521 /* pick */
1522 T0_PICK(T0_POP());
1523 }
1524 break;
1525 case 59: {
1526 /* read-chunk-native */
1527
1528 size_t clen = ENG->hlen_in;
1529 if (clen > 0) {
1530 uint32_t addr, len;
1531
1532 len = T0_POP();
1533 addr = T0_POP();
1534 if ((size_t)len < clen) {
1535 clen = (size_t)len;
1536 }
1537 memcpy((unsigned char *)ENG + addr, ENG->hbuf_in, clen);
1538 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1539 br_multihash_update(&ENG->mhash, ENG->hbuf_in, clen);
1540 }
1541 T0_PUSH(addr + (uint32_t)clen);
1542 T0_PUSH(len - (uint32_t)clen);
1543 ENG->hbuf_in += clen;
1544 ENG->hlen_in -= clen;
1545 }
1546
1547 }
1548 break;
1549 case 60: {
1550 /* read8-native */
1551
1552 if (ENG->hlen_in > 0) {
1553 unsigned char x;
1554
1555 x = *ENG->hbuf_in ++;
1556 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1557 br_multihash_update(&ENG->mhash, &x, 1);
1558 }
1559 T0_PUSH(x);
1560 ENG->hlen_in --;
1561 } else {
1562 T0_PUSHi(-1);
1563 }
1564
1565 }
1566 break;
1567 case 61: {
1568 /* save-session */
1569
1570 if (CTX->cache_vtable != NULL) {
1571 (*CTX->cache_vtable)->save(
1572 CTX->cache_vtable, CTX, &ENG->session);
1573 }
1574
1575 }
1576 break;
1577 case 62: {
1578 /* set-max-frag-len */
1579
1580 size_t max_frag_len = T0_POP();
1581
1582 br_ssl_engine_new_max_frag_len(ENG, max_frag_len);
1583
1584 /*
1585 * We must adjust our own output limit. Since we call this only
1586 * after receiving a ClientHello and before beginning to send
1587 * the ServerHello, the next output record should be empty at
1588 * that point, so we can use max_frag_len as a limit.
1589 */
1590 if (ENG->hlen_out > max_frag_len) {
1591 ENG->hlen_out = max_frag_len;
1592 }
1593
1594 }
1595 break;
1596 case 63: {
1597 /* set16 */
1598
1599 size_t addr = (size_t)T0_POP();
1600 *(uint16_t *)((unsigned char *)ENG + addr) = (uint16_t)T0_POP();
1601
1602 }
1603 break;
1604 case 64: {
1605 /* set32 */
1606
1607 size_t addr = (size_t)T0_POP();
1608 *(uint32_t *)((unsigned char *)ENG + addr) = (uint32_t)T0_POP();
1609
1610 }
1611 break;
1612 case 65: {
1613 /* set8 */
1614
1615 size_t addr = (size_t)T0_POP();
1616 *((unsigned char *)ENG + addr) = (unsigned char)T0_POP();
1617
1618 }
1619 break;
1620 case 66: {
1621 /* supported-curves */
1622
1623 uint32_t x = ENG->iec == NULL ? 0 : ENG->iec->supported_curves;
1624 T0_PUSH(x);
1625
1626 }
1627 break;
1628 case 67: {
1629 /* supported-hash-functions */
1630
1631 int i;
1632 unsigned x, num;
1633
1634 x = 0;
1635 num = 0;
1636 for (i = br_sha1_ID; i <= br_sha512_ID; i ++) {
1637 if (br_multihash_getimpl(&ENG->mhash, i)) {
1638 x |= 1U << i;
1639 num ++;
1640 }
1641 }
1642 T0_PUSH(x);
1643 T0_PUSH(num);
1644
1645 }
1646 break;
1647 case 68: {
1648 /* supports-ecdsa? */
1649
1650 T0_PUSHi(-(ENG->iecdsa != 0));
1651
1652 }
1653 break;
1654 case 69: {
1655 /* supports-rsa-sign? */
1656
1657 T0_PUSHi(-(ENG->irsavrfy != 0));
1658
1659 }
1660 break;
1661 case 70: {
1662 /* swap */
1663 T0_SWAP();
1664 }
1665 break;
1666 case 71: {
1667 /* switch-aesgcm-in */
1668
1669 int is_client, prf_id;
1670 unsigned cipher_key_len;
1671
1672 cipher_key_len = T0_POP();
1673 prf_id = T0_POP();
1674 is_client = T0_POP();
1675 br_ssl_engine_switch_gcm_in(ENG, is_client, prf_id,
1676 ENG->iaes_ctr, cipher_key_len);
1677
1678 }
1679 break;
1680 case 72: {
1681 /* switch-aesgcm-out */
1682
1683 int is_client, prf_id;
1684 unsigned cipher_key_len;
1685
1686 cipher_key_len = T0_POP();
1687 prf_id = T0_POP();
1688 is_client = T0_POP();
1689 br_ssl_engine_switch_gcm_out(ENG, is_client, prf_id,
1690 ENG->iaes_ctr, cipher_key_len);
1691
1692 }
1693 break;
1694 case 73: {
1695 /* switch-cbc-in */
1696
1697 int is_client, prf_id, mac_id, aes;
1698 unsigned cipher_key_len;
1699
1700 cipher_key_len = T0_POP();
1701 aes = T0_POP();
1702 mac_id = T0_POP();
1703 prf_id = T0_POP();
1704 is_client = T0_POP();
1705 br_ssl_engine_switch_cbc_in(ENG, is_client, prf_id, mac_id,
1706 aes ? ENG->iaes_cbcdec : ENG->ides_cbcdec, cipher_key_len);
1707
1708 }
1709 break;
1710 case 74: {
1711 /* switch-cbc-out */
1712
1713 int is_client, prf_id, mac_id, aes;
1714 unsigned cipher_key_len;
1715
1716 cipher_key_len = T0_POP();
1717 aes = T0_POP();
1718 mac_id = T0_POP();
1719 prf_id = T0_POP();
1720 is_client = T0_POP();
1721 br_ssl_engine_switch_cbc_out(ENG, is_client, prf_id, mac_id,
1722 aes ? ENG->iaes_cbcenc : ENG->ides_cbcenc, cipher_key_len);
1723
1724 }
1725 break;
1726 case 75: {
1727 /* ta-names-total-length */
1728
1729 size_t u, len;
1730
1731 len = 0;
1732 if (CTX->ta_names != NULL) {
1733 for (u = 0; u < CTX->num_tas; u ++) {
1734 len += CTX->ta_names[u].len + 2;
1735 }
1736 } else if (CTX->tas != NULL) {
1737 for (u = 0; u < CTX->num_tas; u ++) {
1738 len += CTX->tas[u].dn.len + 2;
1739 }
1740 }
1741 T0_PUSH(len);
1742
1743 }
1744 break;
1745 case 76: {
1746 /* total-chain-length */
1747
1748 size_t u;
1749 uint32_t total;
1750
1751 total = 0;
1752 for (u = 0; u < ENG->chain_len; u ++) {
1753 total += 3 + (uint32_t)ENG->chain[u].data_len;
1754 }
1755 T0_PUSH(total);
1756
1757 }
1758 break;
1759 case 77: {
1760 /* u>> */
1761
1762 int c = (int)T0_POPi();
1763 uint32_t x = T0_POP();
1764 T0_PUSH(x >> c);
1765
1766 }
1767 break;
1768 case 78: {
1769 /* verify-CV-sig */
1770
1771 int err;
1772
1773 err = verify_CV_sig(CTX, T0_POP());
1774 T0_PUSHi(err);
1775
1776 }
1777 break;
1778 case 79: {
1779 /* write-blob-chunk */
1780
1781 size_t clen = ENG->hlen_out;
1782 if (clen > 0) {
1783 uint32_t addr, len;
1784
1785 len = T0_POP();
1786 addr = T0_POP();
1787 if ((size_t)len < clen) {
1788 clen = (size_t)len;
1789 }
1790 memcpy(ENG->hbuf_out, (unsigned char *)ENG + addr, clen);
1791 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1792 br_multihash_update(&ENG->mhash, ENG->hbuf_out, clen);
1793 }
1794 T0_PUSH(addr + (uint32_t)clen);
1795 T0_PUSH(len - (uint32_t)clen);
1796 ENG->hbuf_out += clen;
1797 ENG->hlen_out -= clen;
1798 }
1799
1800 }
1801 break;
1802 case 80: {
1803 /* write8-native */
1804
1805 unsigned char x;
1806
1807 x = (unsigned char)T0_POP();
1808 if (ENG->hlen_out > 0) {
1809 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1810 br_multihash_update(&ENG->mhash, &x, 1);
1811 }
1812 *ENG->hbuf_out ++ = x;
1813 ENG->hlen_out --;
1814 T0_PUSHi(-1);
1815 } else {
1816 T0_PUSHi(0);
1817 }
1818
1819 }
1820 break;
1821 case 81: {
1822 /* x509-append */
1823
1824 const br_x509_class *xc;
1825 size_t len;
1826
1827 xc = *(ENG->x509ctx);
1828 len = T0_POP();
1829 xc->append(ENG->x509ctx, ENG->pad, len);
1830
1831 }
1832 break;
1833 case 82: {
1834 /* x509-end-cert */
1835
1836 const br_x509_class *xc;
1837
1838 xc = *(ENG->x509ctx);
1839 xc->end_cert(ENG->x509ctx);
1840
1841 }
1842 break;
1843 case 83: {
1844 /* x509-end-chain */
1845
1846 const br_x509_class *xc;
1847
1848 xc = *(ENG->x509ctx);
1849 T0_PUSH(xc->end_chain(ENG->x509ctx));
1850
1851 }
1852 break;
1853 case 84: {
1854 /* x509-start-cert */
1855
1856 const br_x509_class *xc;
1857
1858 xc = *(ENG->x509ctx);
1859 xc->start_cert(ENG->x509ctx, T0_POP());
1860
1861 }
1862 break;
1863 case 85: {
1864 /* x509-start-chain */
1865
1866 const br_x509_class *xc;
1867 uint32_t bc;
1868
1869 bc = T0_POP();
1870 xc = *(ENG->x509ctx);
1871 xc->start_chain(ENG->x509ctx, bc ? ENG->server_name : NULL);
1872
1873 }
1874 break;
1875 }
1876
1877 } else {
1878 T0_ENTER(ip, rp, t0x);
1879 }
1880 }
1881 t0_exit:
1882 ((t0_context *)t0ctx)->dp = dp;
1883 ((t0_context *)t0ctx)->rp = rp;
1884 ((t0_context *)t0ctx)->ip = ip;
1885 }
The BearSSL library and tools.