projects / BearSSL / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Added support for ClientHello padding (RFC 7685) and fixed buffering bug.
[BearSSL] / src / ssl / ssl_hs_server.c
1 /* Automatically generated code; do not modify directly. */
2
3 #include <stddef.h>
4 #include <stdint.h>
5
6 typedef struct {
7 uint32_t *dp;
8 uint32_t *rp;
9 const unsigned char *ip;
10 } t0_context;
11
12 static uint32_t
13 t0_parse7E_unsigned(const unsigned char **p)
14 {
15 uint32_t x;
16
17 x = 0;
18 for (;;) {
19 unsigned y;
20
21 y = *(*p) ++;
22 x = (x << 7) | (uint32_t)(y & 0x7F);
23 if (y < 0x80) {
24 return x;
25 }
26 }
27 }
28
29 static int32_t
30 t0_parse7E_signed(const unsigned char **p)
31 {
32 int neg;
33 uint32_t x;
34
35 neg = ((**p) >> 6) & 1;
36 x = (uint32_t)-neg;
37 for (;;) {
38 unsigned y;
39
40 y = *(*p) ++;
41 x = (x << 7) | (uint32_t)(y & 0x7F);
42 if (y < 0x80) {
43 if (neg) {
44 return -(int32_t)~x - 1;
45 } else {
46 return (int32_t)x;
47 }
48 }
49 }
50 }
51
52 #define T0_VBYTE(x, n) (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) | 0x80)
53 #define T0_FBYTE(x, n) (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)
54 #define T0_SBYTE(x) (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)
55 #define T0_INT1(x) T0_FBYTE(x, 0)
56 #define T0_INT2(x) T0_VBYTE(x, 7), T0_FBYTE(x, 0)
57 #define T0_INT3(x) T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
58 #define T0_INT4(x) T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
59 #define T0_INT5(x) T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
60
61 static const uint8_t t0_datablock[];
62
63
64 void br_ssl_hs_server_init_main(void *t0ctx);
65
66 void br_ssl_hs_server_run(void *t0ctx);
67
68
69
70 #include <stddef.h>
71 #include <string.h>
72
73 #include "inner.h"
74
75 /*
76 * This macro evaluates to a pointer to the current engine context.
77 */
78 #define ENG ((br_ssl_engine_context *)((unsigned char *)t0ctx - offsetof(br_ssl_engine_context, cpu)))
79
80
81
82
83
84 /*
85 * This macro evaluates to a pointer to the server context, under that
86 * specific name. It must be noted that since the engine context is the
87 * first field of the br_ssl_server_context structure ('eng'), then
88 * pointers values of both types are interchangeable, modulo an
89 * appropriate cast. This also means that "adresses" computed as offsets
90 * within the structure work for both kinds of context.
91 */
92 #define CTX ((br_ssl_server_context *)ENG)
93
94 /*
95 * Decrypt the pre-master secret (RSA key exchange).
96 */
97 static void
98 do_rsa_decrypt(br_ssl_server_context *ctx, int prf_id,
99 unsigned char *epms, size_t len)
100 {
101 uint32_t x;
102 unsigned char rpms[48];
103
104 /*
105 * Decrypt the PMS.
106 */
107 x = (*ctx->policy_vtable)->do_keyx(ctx->policy_vtable, epms, len);
108
109 /*
110 * Set the first two bytes to the maximum supported client
111 * protocol version. These bytes are used for version rollback
112 * detection; forceing the two bytes will make the master secret
113 * wrong if the bytes are not correct. This process is
114 * recommended by RFC 5246 (section 7.4.7.1).
115 */
116 br_enc16be(epms, ctx->client_max_version);
117
118 /*
119 * Make a random PMS and copy it above the decrypted value if the
120 * decryption failed. Note that we use a constant-time conditional
121 * copy.
122 */
123 br_hmac_drbg_generate(&ctx->eng.rng, rpms, sizeof rpms);
124 br_ccopy(x ^ 1, epms, rpms, sizeof rpms);
125
126 /*
127 * Compute master secret.
128 */
129 br_ssl_engine_compute_master(&ctx->eng, prf_id, epms, 48);
130
131 /*
132 * Clear the pre-master secret from RAM: it is normally a buffer
133 * in the context, hence potentially long-lived.
134 */
135 memset(epms, 0, len);
136 }
137
138 /*
139 * Common part for ECDH and ECDHE.
140 */
141 static void
142 ecdh_common(br_ssl_server_context *ctx, int prf_id,
143 unsigned char *cpoint, size_t cpoint_len, uint32_t ctl)
144 {
145 unsigned char rpms[80];
146 size_t pms_len;
147
148 /*
149 * The point length is supposed to be 1+2*Xlen, where Xlen is
150 * the length (in bytes) of the X coordinate, i.e. the pre-master
151 * secret. If the provided point is too large, then it is
152 * obviously incorrect (i.e. everybody can see that it is
153 * incorrect), so leaking that fact is not a problem.
154 */
155 pms_len = cpoint_len >> 1;
156 if (pms_len > sizeof rpms) {
157 pms_len = sizeof rpms;
158 ctl = 0;
159 }
160
161 /*
162 * Make a random PMS and copy it above the decrypted value if the
163 * decryption failed. Note that we use a constant-time conditional
164 * copy.
165 */
166 br_hmac_drbg_generate(&ctx->eng.rng, rpms, pms_len);
167 br_ccopy(ctl ^ 1, cpoint + 1, rpms, pms_len);
168
169 /*
170 * Compute master secret.
171 */
172 br_ssl_engine_compute_master(&ctx->eng, prf_id, cpoint + 1, pms_len);
173
174 /*
175 * Clear the pre-master secret from RAM: it is normally a buffer
176 * in the context, hence potentially long-lived.
177 */
178 memset(cpoint, 0, cpoint_len);
179 }
180
181 /*
182 * Do the ECDH key exchange (not ECDHE).
183 */
184 static void
185 do_ecdh(br_ssl_server_context *ctx, int prf_id,
186 unsigned char *cpoint, size_t cpoint_len)
187 {
188 uint32_t x;
189
190 /*
191 * Finalise the key exchange.
192 */
193 x = (*ctx->policy_vtable)->do_keyx(ctx->policy_vtable,
194 cpoint, cpoint_len);
195 ecdh_common(ctx, prf_id, cpoint, cpoint_len, x);
196 }
197
198 /*
199 * Do the ECDHE key exchange (part 1: generation of transient key, and
200 * computing of the point to send to the client). Returned value is the
201 * signature length (in bytes), or -x on error (with x being an error
202 * code). The encoded point is written in the ecdhe_point[] context buffer
203 * (length in ecdhe_point_len).
204 */
205 static int
206 do_ecdhe_part1(br_ssl_server_context *ctx, int curve)
207 {
208 int hash;
209 unsigned mask;
210 const unsigned char *order, *generator;
211 size_t olen, glen;
212 br_multihash_context mhc;
213 unsigned char head[4];
214 size_t hv_len, sig_len;
215
216 if (!((ctx->eng.iec->supported_curves >> curve) & 1)) {
217 return -BR_ERR_INVALID_ALGORITHM;
218 }
219 ctx->eng.ecdhe_curve = curve;
220
221 /*
222 * Generate our private key. We need a non-zero random value
223 * which is lower than the curve order, in a "large enough"
224 * range. We force the top bit to 0 and bottom bit to 1, which
225 * does the trick. Note that contrary to what happens in ECDSA,
226 * this is not a problem if we do not cover the full range of
227 * possible values.
228 */
229 order = ctx->eng.iec->order(curve, &olen);
230 mask = 0xFF;
231 while (mask >= order[0]) {
232 mask >>= 1;
233 }
234 br_hmac_drbg_generate(&ctx->eng.rng, ctx->ecdhe_key, olen);
235 ctx->ecdhe_key[0] &= mask;
236 ctx->ecdhe_key[olen - 1] |= 0x01;
237 ctx->ecdhe_key_len = olen;
238
239 /*
240 * Compute our ECDH point.
241 */
242 generator = ctx->eng.iec->generator(curve, &glen);
243 memcpy(ctx->eng.ecdhe_point, generator, glen);
244 ctx->eng.ecdhe_point_len = glen;
245 if (!ctx->eng.iec->mul(ctx->eng.ecdhe_point, glen,
246 ctx->ecdhe_key, olen, curve))
247 {
248 return -BR_ERR_INVALID_ALGORITHM;
249 }
250
251 /*
252 * Compute the signature.
253 */
254 br_multihash_zero(&mhc);
255 br_multihash_copyimpl(&mhc, &ctx->eng.mhash);
256 br_multihash_init(&mhc);
257 br_multihash_update(&mhc,
258 ctx->eng.client_random, sizeof ctx->eng.client_random);
259 br_multihash_update(&mhc,
260 ctx->eng.server_random, sizeof ctx->eng.server_random);
261 head[0] = 3;
262 head[1] = 0;
263 head[2] = curve;
264 head[3] = ctx->eng.ecdhe_point_len;
265 br_multihash_update(&mhc, head, sizeof head);
266 br_multihash_update(&mhc,
267 ctx->eng.ecdhe_point, ctx->eng.ecdhe_point_len);
268 hash = ctx->sign_hash_id;
269 if (hash) {
270 hv_len = br_multihash_out(&mhc, hash, ctx->eng.pad);
271 if (hv_len == 0) {
272 return -BR_ERR_INVALID_ALGORITHM;
273 }
274 } else {
275 if (!br_multihash_out(&mhc, br_md5_ID, ctx->eng.pad)
276 || !br_multihash_out(&mhc,
277 br_sha1_ID, ctx->eng.pad + 16))
278 {
279 return -BR_ERR_INVALID_ALGORITHM;
280 }
281 hv_len = 36;
282 }
283 sig_len = (*ctx->policy_vtable)->do_sign(ctx->policy_vtable,
284 hash, hv_len, ctx->eng.pad, sizeof ctx->eng.pad);
285 return sig_len ? (int)sig_len : -BR_ERR_INVALID_ALGORITHM;
286 }
287
288 /*
289 * Do the ECDHE key exchange (part 2: computation of the shared secret
290 * from the point sent by the client).
291 */
292 static void
293 do_ecdhe_part2(br_ssl_server_context *ctx, int prf_id,
294 unsigned char *cpoint, size_t cpoint_len)
295 {
296 int curve;
297 uint32_t x;
298
299 curve = ctx->eng.ecdhe_curve;
300
301 /*
302 * Finalise the key exchange.
303 */
304 x = ctx->eng.iec->mul(cpoint, cpoint_len,
305 ctx->ecdhe_key, ctx->ecdhe_key_len, curve);
306 ecdh_common(ctx, prf_id, cpoint, cpoint_len, x);
307
308 /*
309 * Clear the ECDHE private key. Forward Secrecy is achieved insofar
310 * as that key does not get stolen, so we'd better destroy it
311 * as soon as it ceases to be useful.
312 */
313 memset(ctx->ecdhe_key, 0, ctx->ecdhe_key_len);
314 }
315
316
317
318 static const uint8_t t0_datablock[] = {
319 0x00, 0x00, 0x0A, 0x00, 0x24, 0x00, 0x2F, 0x01, 0x24, 0x00, 0x35, 0x02,
320 0x24, 0x00, 0x3C, 0x01, 0x44, 0x00, 0x3D, 0x02, 0x44, 0x00, 0x9C, 0x03,
321 0x04, 0x00, 0x9D, 0x04, 0x05, 0xC0, 0x03, 0x40, 0x24, 0xC0, 0x04, 0x41,
322 0x24, 0xC0, 0x05, 0x42, 0x24, 0xC0, 0x08, 0x20, 0x24, 0xC0, 0x09, 0x21,
323 0x24, 0xC0, 0x0A, 0x22, 0x24, 0xC0, 0x0D, 0x30, 0x24, 0xC0, 0x0E, 0x31,
324 0x24, 0xC0, 0x0F, 0x32, 0x24, 0xC0, 0x12, 0x10, 0x24, 0xC0, 0x13, 0x11,
325 0x24, 0xC0, 0x14, 0x12, 0x24, 0xC0, 0x23, 0x21, 0x44, 0xC0, 0x24, 0x22,
326 0x55, 0xC0, 0x25, 0x41, 0x44, 0xC0, 0x26, 0x42, 0x55, 0xC0, 0x27, 0x11,
327 0x44, 0xC0, 0x28, 0x12, 0x55, 0xC0, 0x29, 0x31, 0x44, 0xC0, 0x2A, 0x32,
328 0x55, 0xC0, 0x2B, 0x23, 0x04, 0xC0, 0x2C, 0x24, 0x05, 0xC0, 0x2D, 0x43,
329 0x04, 0xC0, 0x2E, 0x44, 0x05, 0xC0, 0x2F, 0x13, 0x04, 0xC0, 0x30, 0x14,
330 0x05, 0xC0, 0x31, 0x33, 0x04, 0xC0, 0x32, 0x34, 0x05, 0xCC, 0xA8, 0x15,
331 0x04, 0xCC, 0xA9, 0x25, 0x04, 0x00, 0x00
332 };
333
334 static const uint8_t t0_codeblock[] = {
335 0x00, 0x01, 0x00, 0x0A, 0x00, 0x00, 0x01, 0x00, 0x0D, 0x00, 0x00, 0x01,
336 0x00, 0x0E, 0x00, 0x00, 0x01, 0x00, 0x0F, 0x00, 0x00, 0x01, 0x01, 0x08,
337 0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x02, 0x08, 0x00, 0x00,
338 0x21, 0x21, 0x00, 0x00, 0x01, T0_INT1(BR_ERR_BAD_CCS), 0x00, 0x00,
339 0x01, T0_INT1(BR_ERR_BAD_FINISHED), 0x00, 0x00, 0x01,
340 T0_INT1(BR_ERR_BAD_FRAGLEN), 0x00, 0x00, 0x01,
341 T0_INT1(BR_ERR_BAD_HANDSHAKE), 0x00, 0x00, 0x01,
342 T0_INT1(BR_ERR_BAD_PARAM), 0x00, 0x00, 0x01,
343 T0_INT1(BR_ERR_BAD_SECRENEG), 0x00, 0x00, 0x01,
344 T0_INT1(BR_ERR_BAD_VERSION), 0x00, 0x00, 0x01,
345 T0_INT1(BR_ERR_LIMIT_EXCEEDED), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OK),
346 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OVERSIZED_ID), 0x00, 0x00, 0x01,
347 T0_INT1(BR_ERR_UNEXPECTED), 0x00, 0x00, 0x01,
348 T0_INT2(offsetof(br_ssl_engine_context, action)), 0x00, 0x00, 0x01,
349 T0_INT2(offsetof(br_ssl_engine_context, alert)), 0x00, 0x00, 0x01,
350 T0_INT2(offsetof(br_ssl_engine_context, application_data)), 0x00, 0x00,
351 0x01,
352 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, cipher_suite)),
353 0x00, 0x00, 0x01,
354 T0_INT2(offsetof(br_ssl_server_context, client_max_version)), 0x00,
355 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, client_random)),
356 0x00, 0x00, 0x01,
357 T0_INT2(offsetof(br_ssl_server_context, client_suites)), 0x00, 0x00,
358 0x01, T0_INT2(offsetof(br_ssl_server_context, client_suites_num)),
359 0x00, 0x00, 0x01,
360 T0_INT2(offsetof(br_ssl_engine_context, close_received)), 0x00, 0x00,
361 0x01, T0_INT2(offsetof(br_ssl_server_context, curves)), 0x00, 0x00,
362 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point)), 0x00,
363 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point_len)),
364 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_server_context, flags)),
365 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_server_context, hashes)),
366 0x00, 0x00, 0x5D, 0x01,
367 T0_INT2(BR_MAX_CIPHER_SUITES * sizeof(br_suite_translated)), 0x00,
368 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, log_max_frag_len)),
369 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, pad)), 0x00,
370 0x00, 0x01,
371 T0_INT2(offsetof(br_ssl_engine_context, peer_log_max_frag_len)), 0x00,
372 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, record_type_in)),
373 0x00, 0x00, 0x01,
374 T0_INT2(offsetof(br_ssl_engine_context, record_type_out)), 0x00, 0x00,
375 0x01, T0_INT2(offsetof(br_ssl_engine_context, reneg)), 0x00, 0x00,
376 0x01, T0_INT2(offsetof(br_ssl_engine_context, saved_finished)), 0x00,
377 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, server_name)),
378 0x00, 0x00, 0x01,
379 T0_INT2(offsetof(br_ssl_engine_context, server_random)), 0x00, 0x00,
380 0x01,
381 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id)),
382 0x00, 0x00, 0x01,
383 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id_len)),
384 0x00, 0x00, 0x01,
385 T0_INT2(offsetof(br_ssl_engine_context, shutdown_recv)), 0x00, 0x00,
386 0x01, T0_INT2(offsetof(br_ssl_server_context, sign_hash_id)), 0x00,
387 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_buf)), 0x00,
388 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_num)), 0x00,
389 0x00, 0x01,
390 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, version)),
391 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_in)),
392 0x00, 0x00, 0x01,
393 T0_INT2(offsetof(br_ssl_engine_context, version_max)), 0x00, 0x00,
394 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_min)), 0x00,
395 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_out)),
396 0x00, 0x00, 0x09, 0x22, 0x44, 0x06, 0x02, 0x50, 0x23, 0x00, 0x00, 0x01,
397 0x01, 0x00, 0x01, 0x03, 0x00, 0x7B, 0x22, 0x4A, 0x3B, 0x7F, 0x22, 0x05,
398 0x04, 0x4B, 0x01, 0x00, 0x00, 0x02, 0x00, 0x0E, 0x06, 0x02, 0x7F, 0x00,
399 0x4A, 0x04, 0x6B, 0x00, 0x06, 0x02, 0x50, 0x23, 0x00, 0x00, 0x22, 0x6C,
400 0x3B, 0x05, 0x03, 0x01, 0x0C, 0x08, 0x3B, 0x5A, 0x25, 0x81, 0x07, 0x19,
401 0x67, 0x01, 0x0C, 0x2A, 0x00, 0x00, 0x22, 0x1B, 0x01, 0x08, 0x0B, 0x3B,
402 0x48, 0x1B, 0x08, 0x00, 0x01, 0x03, 0x00, 0x01, 0x00, 0x59, 0x38, 0x24,
403 0x16, 0x2F, 0x06, 0x08, 0x02, 0x00, 0x81, 0x26, 0x03, 0x00, 0x04, 0x74,
404 0x01, 0x00, 0x81, 0x1E, 0x02, 0x00, 0x22, 0x16, 0x12, 0x06, 0x02, 0x54,
405 0x23, 0x81, 0x26, 0x04, 0x75, 0x00, 0x01, 0x00, 0x59, 0x38, 0x01, 0x16,
406 0x6A, 0x38, 0x2D, 0x81, 0x0B, 0x2C, 0x06, 0x02, 0x56, 0x23, 0x06, 0x0C,
407 0x81, 0x2C, 0x01, 0x00, 0x81, 0x29, 0x01, 0x00, 0x81, 0x0A, 0x04, 0x14,
408 0x81, 0x2C, 0x81, 0x2A, 0x81, 0x2E, 0x81, 0x2D, 0x24, 0x81, 0x0C, 0x01,
409 0x00, 0x81, 0x0A, 0x01, 0x00, 0x81, 0x29, 0x34, 0x01, 0x01, 0x59, 0x38,
410 0x01, 0x17, 0x6A, 0x38, 0x00, 0x00, 0x31, 0x31, 0x00, 0x01, 0x03, 0x00,
411 0x24, 0x16, 0x2F, 0x06, 0x05, 0x81, 0x25, 0x21, 0x04, 0x77, 0x01, 0x02,
412 0x02, 0x00, 0x81, 0x1D, 0x16, 0x2F, 0x06, 0x05, 0x81, 0x25, 0x21, 0x04,
413 0x77, 0x02, 0x00, 0x01, 0x84, 0x00, 0x08, 0x23, 0x00, 0x00, 0x63, 0x26,
414 0x3B, 0x11, 0x01, 0x01, 0x12, 0x2E, 0x00, 0x00, 0x01, 0x7F, 0x81, 0x01,
415 0x81, 0x25, 0x22, 0x01, 0x07, 0x12, 0x01, 0x00, 0x31, 0x0E, 0x06, 0x0A,
416 0x21, 0x01, 0x10, 0x12, 0x06, 0x02, 0x81, 0x1C, 0x04, 0x24, 0x01, 0x01,
417 0x31, 0x0E, 0x06, 0x1B, 0x21, 0x21, 0x6B, 0x27, 0x01, 0x01, 0x0D, 0x06,
418 0x06, 0x01, 0x00, 0x81, 0x01, 0x04, 0x0A, 0x24, 0x16, 0x2F, 0x06, 0x05,
419 0x81, 0x25, 0x21, 0x04, 0x77, 0x04, 0x03, 0x56, 0x23, 0x21, 0x04, 0x44,
420 0x01, 0x22, 0x03, 0x00, 0x09, 0x22, 0x44, 0x06, 0x02, 0x50, 0x23, 0x02,
421 0x00, 0x00, 0x00, 0x7C, 0x01, 0x0F, 0x12, 0x00, 0x00, 0x58, 0x27, 0x01,
422 0x00, 0x31, 0x0E, 0x06, 0x10, 0x21, 0x22, 0x01, 0x01, 0x0D, 0x06, 0x03,
423 0x21, 0x01, 0x02, 0x58, 0x38, 0x01, 0x00, 0x04, 0x15, 0x01, 0x01, 0x31,
424 0x0E, 0x06, 0x09, 0x21, 0x01, 0x00, 0x58, 0x38, 0x46, 0x00, 0x04, 0x06,
425 0x01, 0x82, 0x00, 0x08, 0x23, 0x21, 0x00, 0x00, 0x01, 0x00, 0x28, 0x06,
426 0x06, 0x33, 0x81, 0x08, 0x30, 0x04, 0x77, 0x22, 0x06, 0x04, 0x01, 0x01,
427 0x71, 0x38, 0x00, 0x00, 0x28, 0x06, 0x0B, 0x69, 0x27, 0x01, 0x14, 0x0D,
428 0x06, 0x02, 0x56, 0x23, 0x04, 0x12, 0x81, 0x25, 0x01, 0x07, 0x12, 0x22,
429 0x01, 0x02, 0x0D, 0x06, 0x06, 0x06, 0x02, 0x56, 0x23, 0x04, 0x6F, 0x21,
430 0x81, 0x1A, 0x01, 0x01, 0x0D, 0x2C, 0x30, 0x06, 0x02, 0x4C, 0x23, 0x22,
431 0x01, 0x01, 0x81, 0x20, 0x2F, 0x81, 0x0D, 0x00, 0x0A, 0x81, 0x12, 0x01,
432 0x01, 0x0E, 0x05, 0x02, 0x56, 0x23, 0x81, 0x17, 0x22, 0x03, 0x00, 0x5B,
433 0x36, 0x5C, 0x01, 0x20, 0x81, 0x0E, 0x81, 0x19, 0x22, 0x01, 0x20, 0x0F,
434 0x06, 0x02, 0x55, 0x23, 0x22, 0x70, 0x38, 0x6F, 0x3B, 0x81, 0x0E, 0x17,
435 0x03, 0x01, 0x81, 0x17, 0x81, 0x06, 0x01, 0x00, 0x03, 0x02, 0x01, 0x00,
436 0x03, 0x03, 0x65, 0x81, 0x02, 0x14, 0x31, 0x08, 0x03, 0x04, 0x03, 0x05,
437 0x22, 0x06, 0x80, 0x57, 0x81, 0x17, 0x22, 0x03, 0x06, 0x02, 0x01, 0x06,
438 0x0A, 0x22, 0x5A, 0x25, 0x0E, 0x06, 0x04, 0x01, 0x7F, 0x03, 0x03, 0x22,
439 0x01, 0x81, 0x7F, 0x0E, 0x06, 0x0A, 0x6B, 0x27, 0x06, 0x02, 0x51, 0x23,
440 0x01, 0x7F, 0x03, 0x02, 0x81, 0x1B, 0x22, 0x44, 0x06, 0x03, 0x21, 0x04,
441 0x27, 0x01, 0x00, 0x81, 0x04, 0x06, 0x0B, 0x01, 0x02, 0x0B, 0x5D, 0x08,
442 0x02, 0x06, 0x3B, 0x36, 0x04, 0x16, 0x21, 0x02, 0x05, 0x02, 0x04, 0x10,
443 0x06, 0x02, 0x4F, 0x23, 0x02, 0x06, 0x02, 0x05, 0x36, 0x02, 0x05, 0x01,
444 0x04, 0x08, 0x03, 0x05, 0x04, 0xFF, 0x25, 0x21, 0x01, 0x00, 0x03, 0x07,
445 0x81, 0x19, 0x81, 0x06, 0x22, 0x06, 0x0A, 0x81, 0x19, 0x05, 0x04, 0x01,
446 0x7F, 0x03, 0x07, 0x04, 0x73, 0x7D, 0x01, 0x00, 0x6D, 0x38, 0x01, 0x88,
447 0x04, 0x64, 0x36, 0x01, 0x84, 0x80, 0x80, 0x00, 0x60, 0x37, 0x22, 0x06,
448 0x80, 0x4D, 0x81, 0x17, 0x81, 0x06, 0x22, 0x06, 0x80, 0x44, 0x81, 0x17,
449 0x01, 0x00, 0x31, 0x0E, 0x06, 0x05, 0x21, 0x81, 0x11, 0x04, 0x34, 0x01,
450 0x01, 0x31, 0x0E, 0x06, 0x05, 0x21, 0x81, 0x0F, 0x04, 0x29, 0x01, 0x83,
451 0xFE, 0x01, 0x31, 0x0E, 0x06, 0x05, 0x21, 0x81, 0x10, 0x04, 0x1C, 0x01,
452 0x0D, 0x31, 0x0E, 0x06, 0x05, 0x21, 0x81, 0x15, 0x04, 0x11, 0x01, 0x0A,
453 0x31, 0x0E, 0x06, 0x05, 0x21, 0x81, 0x16, 0x04, 0x06, 0x21, 0x81, 0x14,
454 0x01, 0x00, 0x21, 0x04, 0xFF, 0x38, 0x7D, 0x7D, 0x02, 0x01, 0x02, 0x03,
455 0x12, 0x03, 0x01, 0x77, 0x25, 0x22, 0x02, 0x00, 0x0F, 0x06, 0x03, 0x21,
456 0x02, 0x00, 0x22, 0x01, 0x86, 0x00, 0x0A, 0x06, 0x02, 0x52, 0x23, 0x02,
457 0x00, 0x78, 0x25, 0x0A, 0x06, 0x05, 0x01, 0x80, 0x46, 0x81, 0x03, 0x02,
458 0x01, 0x06, 0x10, 0x75, 0x25, 0x02, 0x00, 0x0C, 0x06, 0x05, 0x21, 0x75,
459 0x25, 0x04, 0x04, 0x01, 0x00, 0x03, 0x01, 0x22, 0x75, 0x36, 0x22, 0x76,
460 0x36, 0x22, 0x79, 0x36, 0x01, 0x86, 0x03, 0x10, 0x03, 0x08, 0x02, 0x02,
461 0x06, 0x04, 0x01, 0x02, 0x6B, 0x38, 0x02, 0x07, 0x05, 0x04, 0x01, 0x28,
462 0x81, 0x03, 0x3A, 0x21, 0x01, 0x82, 0x01, 0x07, 0x64, 0x25, 0x12, 0x22,
463 0x64, 0x36, 0x45, 0x03, 0x09, 0x60, 0x26, 0x39, 0x12, 0x22, 0x60, 0x37,
464 0x05, 0x04, 0x01, 0x00, 0x03, 0x09, 0x02, 0x01, 0x06, 0x03, 0x01, 0x7F,
465 0x00, 0x6F, 0x01, 0x20, 0x2B, 0x5D, 0x22, 0x03, 0x05, 0x22, 0x02, 0x04,
466 0x0A, 0x06, 0x80, 0x47, 0x22, 0x25, 0x22, 0x7C, 0x02, 0x09, 0x05, 0x13,
467 0x22, 0x01, 0x0C, 0x11, 0x22, 0x01, 0x01, 0x0E, 0x3B, 0x01, 0x02, 0x0E,
468 0x30, 0x06, 0x04, 0x4B, 0x01, 0x00, 0x22, 0x02, 0x08, 0x05, 0x0E, 0x22,
469 0x01, 0x81, 0x70, 0x12, 0x01, 0x20, 0x0D, 0x06, 0x04, 0x4B, 0x01, 0x00,
470 0x22, 0x22, 0x06, 0x10, 0x02, 0x05, 0x4A, 0x36, 0x02, 0x05, 0x36, 0x02,
471 0x05, 0x01, 0x04, 0x08, 0x03, 0x05, 0x04, 0x01, 0x4B, 0x01, 0x04, 0x08,
472 0x04, 0xFF, 0x32, 0x21, 0x02, 0x05, 0x5D, 0x09, 0x01, 0x02, 0x11, 0x22,
473 0x05, 0x04, 0x01, 0x28, 0x81, 0x03, 0x5E, 0x38, 0x15, 0x05, 0x04, 0x01,
474 0x28, 0x81, 0x03, 0x01, 0x00, 0x00, 0x04, 0x81, 0x12, 0x01, 0x10, 0x0E,
475 0x05, 0x02, 0x56, 0x23, 0x5A, 0x25, 0x81, 0x24, 0x06, 0x19, 0x81, 0x17,
476 0x22, 0x01, 0x84, 0x00, 0x0F, 0x06, 0x02, 0x53, 0x23, 0x22, 0x03, 0x00,
477 0x67, 0x3B, 0x81, 0x0E, 0x02, 0x00, 0x5A, 0x25, 0x81, 0x07, 0x20, 0x5A,
478 0x25, 0x22, 0x81, 0x22, 0x3B, 0x81, 0x21, 0x03, 0x01, 0x03, 0x02, 0x02,
479 0x01, 0x02, 0x02, 0x30, 0x06, 0x17, 0x81, 0x19, 0x22, 0x03, 0x03, 0x67,
480 0x3B, 0x81, 0x0E, 0x02, 0x03, 0x5A, 0x25, 0x81, 0x07, 0x02, 0x02, 0x06,
481 0x03, 0x1F, 0x04, 0x01, 0x1D, 0x7D, 0x00, 0x00, 0x7E, 0x81, 0x12, 0x01,
482 0x14, 0x0D, 0x06, 0x02, 0x56, 0x23, 0x67, 0x01, 0x0C, 0x08, 0x01, 0x0C,
483 0x81, 0x0E, 0x7D, 0x67, 0x22, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0x29, 0x05,
484 0x02, 0x4D, 0x23, 0x00, 0x02, 0x03, 0x00, 0x03, 0x01, 0x02, 0x00, 0x7A,
485 0x02, 0x01, 0x02, 0x00, 0x32, 0x22, 0x01, 0x00, 0x0E, 0x06, 0x02, 0x4B,
486 0x00, 0x81, 0x27, 0x04, 0x73, 0x00, 0x81, 0x17, 0x01, 0x01, 0x0D, 0x06,
487 0x02, 0x4E, 0x23, 0x81, 0x19, 0x22, 0x22, 0x46, 0x3B, 0x01, 0x05, 0x10,
488 0x30, 0x06, 0x02, 0x4E, 0x23, 0x01, 0x08, 0x08, 0x22, 0x66, 0x27, 0x0A,
489 0x06, 0x0D, 0x22, 0x01, 0x01, 0x3B, 0x0B, 0x35, 0x22, 0x66, 0x38, 0x68,
490 0x38, 0x04, 0x01, 0x21, 0x00, 0x00, 0x81, 0x17, 0x6B, 0x27, 0x01, 0x00,
491 0x31, 0x0E, 0x06, 0x14, 0x21, 0x01, 0x01, 0x0E, 0x05, 0x02, 0x51, 0x23,
492 0x81, 0x19, 0x06, 0x02, 0x51, 0x23, 0x01, 0x02, 0x6B, 0x38, 0x04, 0x2A,
493 0x01, 0x02, 0x31, 0x0E, 0x06, 0x21, 0x21, 0x01, 0x0D, 0x0E, 0x05, 0x02,
494 0x51, 0x23, 0x81, 0x19, 0x01, 0x0C, 0x0E, 0x05, 0x02, 0x51, 0x23, 0x67,
495 0x01, 0x0C, 0x81, 0x0E, 0x6C, 0x67, 0x01, 0x0C, 0x29, 0x05, 0x02, 0x51,
496 0x23, 0x04, 0x03, 0x51, 0x23, 0x21, 0x00, 0x00, 0x81, 0x17, 0x81, 0x06,
497 0x81, 0x17, 0x81, 0x06, 0x22, 0x06, 0x22, 0x81, 0x19, 0x06, 0x04, 0x81,
498 0x14, 0x04, 0x18, 0x81, 0x17, 0x22, 0x01, 0x81, 0x7F, 0x0C, 0x06, 0x0D,
499 0x22, 0x6D, 0x08, 0x01, 0x00, 0x3B, 0x38, 0x6D, 0x3B, 0x81, 0x0E, 0x04,
500 0x02, 0x81, 0x1F, 0x04, 0x5B, 0x7D, 0x7D, 0x00, 0x00, 0x81, 0x13, 0x22,
501 0x46, 0x06, 0x07, 0x21, 0x06, 0x02, 0x4F, 0x23, 0x04, 0x73, 0x00, 0x00,
502 0x81, 0x1A, 0x01, 0x03, 0x81, 0x18, 0x3B, 0x21, 0x3B, 0x00, 0x00, 0x81,
503 0x17, 0x81, 0x1F, 0x00, 0x02, 0x81, 0x17, 0x81, 0x06, 0x01, 0x00, 0x64,
504 0x36, 0x81, 0x17, 0x81, 0x06, 0x22, 0x06, 0x34, 0x81, 0x19, 0x03, 0x00,
505 0x81, 0x19, 0x03, 0x01, 0x02, 0x00, 0x01, 0x02, 0x10, 0x02, 0x00, 0x01,
506 0x06, 0x0C, 0x12, 0x02, 0x01, 0x01, 0x01, 0x0E, 0x02, 0x01, 0x01, 0x03,
507 0x0E, 0x30, 0x12, 0x06, 0x11, 0x64, 0x25, 0x01, 0x01, 0x02, 0x01, 0x49,
508 0x01, 0x02, 0x0B, 0x02, 0x00, 0x08, 0x0B, 0x30, 0x64, 0x36, 0x04, 0x49,
509 0x7D, 0x7D, 0x00, 0x00, 0x81, 0x17, 0x81, 0x06, 0x81, 0x17, 0x81, 0x06,
510 0x01, 0x00, 0x60, 0x37, 0x22, 0x06, 0x16, 0x81, 0x17, 0x22, 0x01, 0x20,
511 0x0A, 0x06, 0x0B, 0x01, 0x01, 0x3B, 0x0B, 0x60, 0x26, 0x30, 0x60, 0x37,
512 0x04, 0x01, 0x21, 0x04, 0x67, 0x7D, 0x7D, 0x00, 0x00, 0x01, 0x02, 0x7A,
513 0x81, 0x1A, 0x01, 0x08, 0x0B, 0x81, 0x1A, 0x08, 0x00, 0x00, 0x01, 0x03,
514 0x7A, 0x81, 0x1A, 0x01, 0x08, 0x0B, 0x81, 0x1A, 0x08, 0x01, 0x08, 0x0B,
515 0x81, 0x1A, 0x08, 0x00, 0x00, 0x01, 0x01, 0x7A, 0x81, 0x1A, 0x00, 0x00,
516 0x33, 0x22, 0x44, 0x05, 0x01, 0x00, 0x21, 0x81, 0x27, 0x04, 0x75, 0x02,
517 0x03, 0x00, 0x74, 0x27, 0x03, 0x01, 0x01, 0x00, 0x22, 0x02, 0x01, 0x0A,
518 0x06, 0x10, 0x22, 0x01, 0x01, 0x0B, 0x73, 0x08, 0x25, 0x02, 0x00, 0x0E,
519 0x06, 0x01, 0x00, 0x48, 0x04, 0x6A, 0x21, 0x01, 0x7F, 0x00, 0x00, 0x24,
520 0x16, 0x2F, 0x06, 0x05, 0x81, 0x25, 0x21, 0x04, 0x77, 0x01, 0x16, 0x6A,
521 0x38, 0x01, 0x00, 0x81, 0x33, 0x01, 0x00, 0x81, 0x32, 0x24, 0x01, 0x17,
522 0x6A, 0x38, 0x00, 0x00, 0x01, 0x15, 0x6A, 0x38, 0x3B, 0x43, 0x21, 0x43,
523 0x21, 0x24, 0x00, 0x00, 0x01, 0x01, 0x3B, 0x81, 0x1D, 0x00, 0x00, 0x3B,
524 0x31, 0x7A, 0x3B, 0x22, 0x06, 0x06, 0x81, 0x1A, 0x21, 0x49, 0x04, 0x77,
525 0x21, 0x00, 0x02, 0x03, 0x00, 0x5A, 0x25, 0x7C, 0x03, 0x01, 0x02, 0x01,
526 0x01, 0x0F, 0x12, 0x02, 0x01, 0x01, 0x04, 0x11, 0x01, 0x0F, 0x12, 0x02,
527 0x01, 0x01, 0x08, 0x11, 0x01, 0x0F, 0x12, 0x01, 0x00, 0x31, 0x0E, 0x06,
528 0x10, 0x21, 0x01, 0x00, 0x01, 0x18, 0x02, 0x00, 0x06, 0x03, 0x3E, 0x04,
529 0x01, 0x3F, 0x04, 0x80, 0x56, 0x01, 0x01, 0x31, 0x0E, 0x06, 0x10, 0x21,
530 0x01, 0x01, 0x01, 0x10, 0x02, 0x00, 0x06, 0x03, 0x3E, 0x04, 0x01, 0x3F,
531 0x04, 0x80, 0x40, 0x01, 0x02, 0x31, 0x0E, 0x06, 0x0F, 0x21, 0x01, 0x01,
532 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x3E, 0x04, 0x01, 0x3F, 0x04, 0x2B,
533 0x01, 0x03, 0x31, 0x0E, 0x06, 0x0E, 0x21, 0x21, 0x01, 0x10, 0x02, 0x00,
534 0x06, 0x03, 0x3C, 0x04, 0x01, 0x3D, 0x04, 0x17, 0x01, 0x04, 0x31, 0x0E,
535 0x06, 0x0E, 0x21, 0x21, 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x3C, 0x04,
536 0x01, 0x3D, 0x04, 0x03, 0x50, 0x23, 0x21, 0x00, 0x00, 0x7C, 0x01, 0x0C,
537 0x11, 0x01, 0x02, 0x0F, 0x00, 0x00, 0x7C, 0x01, 0x0C, 0x11, 0x22, 0x47,
538 0x3B, 0x01, 0x03, 0x0A, 0x12, 0x00, 0x00, 0x7C, 0x01, 0x0C, 0x11, 0x01,
539 0x01, 0x0E, 0x00, 0x00, 0x7C, 0x01, 0x0C, 0x11, 0x46, 0x00, 0x00, 0x18,
540 0x01, 0x00, 0x57, 0x27, 0x22, 0x06, 0x20, 0x01, 0x01, 0x31, 0x0E, 0x06,
541 0x07, 0x21, 0x01, 0x00, 0x81, 0x00, 0x04, 0x11, 0x01, 0x02, 0x31, 0x0E,
542 0x06, 0x0A, 0x21, 0x59, 0x27, 0x06, 0x03, 0x01, 0x10, 0x30, 0x04, 0x01,
543 0x21, 0x04, 0x01, 0x21, 0x5F, 0x27, 0x05, 0x35, 0x28, 0x06, 0x32, 0x69,
544 0x27, 0x01, 0x14, 0x31, 0x0E, 0x06, 0x06, 0x21, 0x01, 0x02, 0x30, 0x04,
545 0x24, 0x01, 0x15, 0x31, 0x0E, 0x06, 0x0B, 0x21, 0x81, 0x09, 0x06, 0x04,
546 0x01, 0x7F, 0x81, 0x00, 0x04, 0x13, 0x01, 0x16, 0x31, 0x0E, 0x06, 0x06,
547 0x21, 0x01, 0x01, 0x30, 0x04, 0x07, 0x21, 0x01, 0x04, 0x30, 0x01, 0x00,
548 0x21, 0x16, 0x06, 0x03, 0x01, 0x08, 0x30, 0x00, 0x00, 0x18, 0x22, 0x05,
549 0x10, 0x28, 0x06, 0x0D, 0x69, 0x27, 0x01, 0x15, 0x0E, 0x06, 0x05, 0x21,
550 0x81, 0x09, 0x04, 0x01, 0x1C, 0x00, 0x00, 0x81, 0x25, 0x01, 0x07, 0x12,
551 0x01, 0x01, 0x0F, 0x06, 0x02, 0x56, 0x23, 0x00, 0x01, 0x03, 0x00, 0x24,
552 0x16, 0x06, 0x05, 0x02, 0x00, 0x6A, 0x38, 0x00, 0x81, 0x25, 0x21, 0x04,
553 0x73, 0x00, 0x01, 0x14, 0x81, 0x28, 0x01, 0x01, 0x81, 0x33, 0x24, 0x22,
554 0x01, 0x00, 0x81, 0x20, 0x01, 0x16, 0x81, 0x28, 0x81, 0x2B, 0x24, 0x00,
555 0x00, 0x01, 0x0B, 0x81, 0x33, 0x40, 0x22, 0x01, 0x03, 0x08, 0x81, 0x32,
556 0x81, 0x32, 0x13, 0x22, 0x44, 0x06, 0x02, 0x21, 0x00, 0x81, 0x32, 0x1A,
557 0x22, 0x06, 0x06, 0x67, 0x3B, 0x81, 0x2F, 0x04, 0x76, 0x21, 0x04, 0x6A,
558 0x00, 0x7E, 0x01, 0x14, 0x81, 0x33, 0x01, 0x0C, 0x81, 0x32, 0x67, 0x01,
559 0x0C, 0x81, 0x2F, 0x00, 0x03, 0x03, 0x00, 0x01, 0x02, 0x81, 0x33, 0x01,
560 0x80, 0x46, 0x6B, 0x27, 0x01, 0x02, 0x0E, 0x06, 0x0C, 0x02, 0x00, 0x06,
561 0x04, 0x01, 0x05, 0x04, 0x02, 0x01, 0x1D, 0x04, 0x02, 0x01, 0x00, 0x03,
562 0x01, 0x68, 0x27, 0x06, 0x04, 0x01, 0x05, 0x04, 0x02, 0x01, 0x00, 0x03,
563 0x02, 0x02, 0x01, 0x02, 0x02, 0x08, 0x22, 0x06, 0x03, 0x01, 0x02, 0x08,
564 0x08, 0x81, 0x32, 0x75, 0x25, 0x81, 0x31, 0x6E, 0x01, 0x04, 0x14, 0x6E,
565 0x01, 0x04, 0x08, 0x01, 0x1C, 0x2B, 0x6E, 0x01, 0x20, 0x81, 0x2F, 0x01,
566 0x20, 0x81, 0x33, 0x6F, 0x01, 0x20, 0x81, 0x2F, 0x5A, 0x25, 0x81, 0x31,
567 0x01, 0x00, 0x81, 0x33, 0x02, 0x01, 0x02, 0x02, 0x08, 0x22, 0x06, 0x30,
568 0x81, 0x31, 0x02, 0x01, 0x22, 0x06, 0x13, 0x01, 0x83, 0xFE, 0x01, 0x81,
569 0x31, 0x01, 0x04, 0x09, 0x22, 0x81, 0x31, 0x49, 0x6C, 0x3B, 0x81, 0x30,
570 0x04, 0x01, 0x21, 0x02, 0x02, 0x06, 0x0F, 0x01, 0x01, 0x81, 0x31, 0x01,
571 0x01, 0x81, 0x31, 0x68, 0x27, 0x01, 0x08, 0x09, 0x81, 0x33, 0x04, 0x01,
572 0x21, 0x00, 0x00, 0x01, 0x0E, 0x81, 0x33, 0x01, 0x00, 0x81, 0x32, 0x00,
573 0x03, 0x5A, 0x25, 0x81, 0x22, 0x05, 0x01, 0x00, 0x60, 0x26, 0x01, 0x00,
574 0x81, 0x02, 0x11, 0x01, 0x01, 0x12, 0x46, 0x06, 0x03, 0x48, 0x04, 0x74,
575 0x03, 0x00, 0x21, 0x02, 0x00, 0x1E, 0x22, 0x44, 0x06, 0x02, 0x2E, 0x23,
576 0x03, 0x01, 0x75, 0x25, 0x01, 0x86, 0x03, 0x10, 0x03, 0x02, 0x01, 0x0C,
577 0x81, 0x33, 0x02, 0x01, 0x62, 0x27, 0x08, 0x02, 0x02, 0x01, 0x02, 0x12,
578 0x08, 0x01, 0x06, 0x08, 0x81, 0x32, 0x01, 0x03, 0x81, 0x33, 0x02, 0x00,
579 0x81, 0x31, 0x61, 0x62, 0x27, 0x81, 0x30, 0x02, 0x02, 0x06, 0x10, 0x72,
580 0x27, 0x81, 0x33, 0x5A, 0x25, 0x81, 0x23, 0x01, 0x01, 0x0B, 0x01, 0x03,
581 0x08, 0x81, 0x33, 0x02, 0x01, 0x81, 0x31, 0x67, 0x02, 0x01, 0x81, 0x2F,
582 0x00, 0x00, 0x42, 0x22, 0x01, 0x00, 0x0E, 0x06, 0x02, 0x4B, 0x00, 0x81,
583 0x25, 0x21, 0x04, 0x72, 0x00, 0x22, 0x81, 0x33, 0x81, 0x2F, 0x00, 0x00,
584 0x22, 0x01, 0x08, 0x41, 0x81, 0x33, 0x81, 0x33, 0x00, 0x00, 0x22, 0x01,
585 0x10, 0x41, 0x81, 0x33, 0x81, 0x31, 0x00, 0x00, 0x22, 0x43, 0x06, 0x02,
586 0x21, 0x00, 0x81, 0x25, 0x21, 0x04, 0x75
587 };
588
589 static const uint16_t t0_caddr[] = {
590 0,
591 5,
592 10,
593 15,
594 20,
595 25,
596 30,
597 35,
598 39,
599 43,
600 47,
601 51,
602 55,
603 59,
604 63,
605 67,
606 71,
607 75,
608 79,
609 83,
610 88,
611 93,
612 98,
613 103,
614 108,
615 113,
616 118,
617 123,
618 128,
619 133,
620 138,
621 143,
622 148,
623 153,
624 159,
625 164,
626 169,
627 174,
628 179,
629 184,
630 189,
631 194,
632 199,
633 204,
634 209,
635 214,
636 219,
637 224,
638 229,
639 234,
640 239,
641 244,
642 249,
643 254,
644 259,
645 268,
646 272,
647 297,
648 303,
649 323,
650 334,
651 371,
652 431,
653 435,
654 471,
655 481,
656 546,
657 560,
658 566,
659 613,
660 633,
661 686,
662 1200,
663 1285,
664 1318,
665 1343,
666 1391,
667 1465,
668 1514,
669 1529,
670 1540,
671 1546,
672 1617,
673 1658,
674 1671,
675 1690,
676 1697,
677 1709,
678 1744,
679 1773,
680 1785,
681 1792,
682 1808,
683 1946,
684 1955,
685 1968,
686 1977,
687 1984,
688 2090,
689 2112,
690 2126,
691 2143,
692 2166,
693 2202,
694 2218,
695 2372,
696 2382,
697 2491,
698 2506,
699 2513,
700 2523,
701 2533
702 };
703
704 #define T0_INTERPRETED 68
705
706 #define T0_ENTER(ip, rp, slot) do { \
707 const unsigned char *t0_newip; \
708 uint32_t t0_lnum; \
709 t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \
710 t0_lnum = t0_parse7E_unsigned(&t0_newip); \
711 (rp) += t0_lnum; \
712 *((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \
713 (ip) = t0_newip; \
714 } while (0)
715
716 #define T0_DEFENTRY(name, slot) \
717 void \
718 name(void *ctx) \
719 { \
720 t0_context *t0ctx = ctx; \
721 t0ctx->ip = &t0_codeblock[0]; \
722 T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \
723 }
724
725 T0_DEFENTRY(br_ssl_hs_server_init_main, 133)
726
727 void
728 br_ssl_hs_server_run(void *t0ctx)
729 {
730 uint32_t *dp, *rp;
731 const unsigned char *ip;
732
733 #define T0_LOCAL(x) (*(rp - 2 - (x)))
734 #define T0_POP() (*-- dp)
735 #define T0_POPi() (*(int32_t *)(-- dp))
736 #define T0_PEEK(x) (*(dp - 1 - (x)))
737 #define T0_PEEKi(x) (*(int32_t *)(dp - 1 - (x)))
738 #define T0_PUSH(v) do { *dp = (v); dp ++; } while (0)
739 #define T0_PUSHi(v) do { *(int32_t *)dp = (v); dp ++; } while (0)
740 #define T0_RPOP() (*-- rp)
741 #define T0_RPOPi() (*(int32_t *)(-- rp))
742 #define T0_RPUSH(v) do { *rp = (v); rp ++; } while (0)
743 #define T0_RPUSHi(v) do { *(int32_t *)rp = (v); rp ++; } while (0)
744 #define T0_ROLL(x) do { \
745 size_t t0len = (size_t)(x); \
746 uint32_t t0tmp = *(dp - 1 - t0len); \
747 memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \
748 *(dp - 1) = t0tmp; \
749 } while (0)
750 #define T0_SWAP() do { \
751 uint32_t t0tmp = *(dp - 2); \
752 *(dp - 2) = *(dp - 1); \
753 *(dp - 1) = t0tmp; \
754 } while (0)
755 #define T0_ROT() do { \
756 uint32_t t0tmp = *(dp - 3); \
757 *(dp - 3) = *(dp - 2); \
758 *(dp - 2) = *(dp - 1); \
759 *(dp - 1) = t0tmp; \
760 } while (0)
761 #define T0_NROT() do { \
762 uint32_t t0tmp = *(dp - 1); \
763 *(dp - 1) = *(dp - 2); \
764 *(dp - 2) = *(dp - 3); \
765 *(dp - 3) = t0tmp; \
766 } while (0)
767 #define T0_PICK(x) do { \
768 uint32_t t0depth = (x); \
769 T0_PUSH(T0_PEEK(t0depth)); \
770 } while (0)
771 #define T0_CO() do { \
772 goto t0_exit; \
773 } while (0)
774 #define T0_RET() break
775
776 dp = ((t0_context *)t0ctx)->dp;
777 rp = ((t0_context *)t0ctx)->rp;
778 ip = ((t0_context *)t0ctx)->ip;
779 for (;;) {
780 uint32_t t0x;
781
782 t0x = t0_parse7E_unsigned(&ip);
783 if (t0x < T0_INTERPRETED) {
784 switch (t0x) {
785 int32_t t0off;
786
787 case 0: /* ret */
788 t0x = T0_RPOP();
789 rp -= (t0x >> 16);
790 t0x &= 0xFFFF;
791 if (t0x == 0) {
792 ip = NULL;
793 goto t0_exit;
794 }
795 ip = &t0_codeblock[t0x];
796 break;
797 case 1: /* literal constant */
798 T0_PUSHi(t0_parse7E_signed(&ip));
799 break;
800 case 2: /* read local */
801 T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip)));
802 break;
803 case 3: /* write local */
804 T0_LOCAL(t0_parse7E_unsigned(&ip)) = T0_POP();
805 break;
806 case 4: /* jump */
807 t0off = t0_parse7E_signed(&ip);
808 ip += t0off;
809 break;
810 case 5: /* jump if */
811 t0off = t0_parse7E_signed(&ip);
812 if (T0_POP()) {
813 ip += t0off;
814 }
815 break;
816 case 6: /* jump if not */
817 t0off = t0_parse7E_signed(&ip);
818 if (!T0_POP()) {
819 ip += t0off;
820 }
821 break;
822 case 7: {
823 /* * */
824
825 uint32_t b = T0_POP();
826 uint32_t a = T0_POP();
827 T0_PUSH(a * b);
828
829 }
830 break;
831 case 8: {
832 /* + */
833
834 uint32_t b = T0_POP();
835 uint32_t a = T0_POP();
836 T0_PUSH(a + b);
837
838 }
839 break;
840 case 9: {
841 /* - */
842
843 uint32_t b = T0_POP();
844 uint32_t a = T0_POP();
845 T0_PUSH(a - b);
846
847 }
848 break;
849 case 10: {
850 /* < */
851
852 int32_t b = T0_POPi();
853 int32_t a = T0_POPi();
854 T0_PUSH(-(uint32_t)(a < b));
855
856 }
857 break;
858 case 11: {
859 /* << */
860
861 int c = (int)T0_POPi();
862 uint32_t x = T0_POP();
863 T0_PUSH(x << c);
864
865 }
866 break;
867 case 12: {
868 /* <= */
869
870 int32_t b = T0_POPi();
871 int32_t a = T0_POPi();
872 T0_PUSH(-(uint32_t)(a <= b));
873
874 }
875 break;
876 case 13: {
877 /* <> */
878
879 uint32_t b = T0_POP();
880 uint32_t a = T0_POP();
881 T0_PUSH(-(uint32_t)(a != b));
882
883 }
884 break;
885 case 14: {
886 /* = */
887
888 uint32_t b = T0_POP();
889 uint32_t a = T0_POP();
890 T0_PUSH(-(uint32_t)(a == b));
891
892 }
893 break;
894 case 15: {
895 /* > */
896
897 int32_t b = T0_POPi();
898 int32_t a = T0_POPi();
899 T0_PUSH(-(uint32_t)(a > b));
900
901 }
902 break;
903 case 16: {
904 /* >= */
905
906 int32_t b = T0_POPi();
907 int32_t a = T0_POPi();
908 T0_PUSH(-(uint32_t)(a >= b));
909
910 }
911 break;
912 case 17: {
913 /* >> */
914
915 int c = (int)T0_POPi();
916 int32_t x = T0_POPi();
917 T0_PUSHi(x >> c);
918
919 }
920 break;
921 case 18: {
922 /* and */
923
924 uint32_t b = T0_POP();
925 uint32_t a = T0_POP();
926 T0_PUSH(a & b);
927
928 }
929 break;
930 case 19: {
931 /* begin-cert */
932
933 if (CTX->chain_len == 0) {
934 T0_PUSHi(-1);
935 } else {
936 CTX->cert_cur = CTX->chain->data;
937 CTX->cert_len = CTX->chain->data_len;
938 CTX->chain ++;
939 CTX->chain_len --;
940 T0_PUSH(CTX->cert_len);
941 }
942
943 }
944 break;
945 case 20: {
946 /* bzero */
947
948 size_t len = (size_t)T0_POP();
949 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
950 memset(addr, 0, len);
951
952 }
953 break;
954 case 21: {
955 /* call-policy-handler */
956
957 int x;
958 br_ssl_server_choices choices;
959
960 x = (*CTX->policy_vtable)->choose(
961 CTX->policy_vtable, CTX, &choices);
962 ENG->session.cipher_suite = choices.cipher_suite;
963 CTX->sign_hash_id = choices.hash_id;
964 CTX->chain = choices.chain;
965 CTX->chain_len = choices.chain_len;
966 T0_PUSHi(-(x != 0));
967
968 }
969 break;
970 case 22: {
971 /* can-output? */
972
973 T0_PUSHi(-(ENG->hlen_out > 0));
974
975 }
976 break;
977 case 23: {
978 /* check-resume */
979
980 if (ENG->session.session_id_len == 32
981 && CTX->cache_vtable != NULL && (*CTX->cache_vtable)->load(
982 CTX->cache_vtable, CTX, &ENG->session))
983 {
984 T0_PUSHi(-1);
985 } else {
986 T0_PUSH(0);
987 }
988
989 }
990 break;
991 case 24: {
992 /* co */
993 T0_CO();
994 }
995 break;
996 case 25: {
997 /* compute-Finished-inner */
998
999 int prf_id = T0_POP();
1000 int from_client = T0_POPi();
1001 unsigned char seed[48];
1002 size_t seed_len;
1003
1004 br_tls_prf_impl prf = br_ssl_engine_get_PRF(ENG, prf_id);
1005 if (ENG->session.version >= BR_TLS12) {
1006 seed_len = br_multihash_out(&ENG->mhash, prf_id, seed);
1007 } else {
1008 br_multihash_out(&ENG->mhash, br_md5_ID, seed);
1009 br_multihash_out(&ENG->mhash, br_sha1_ID, seed + 16);
1010 seed_len = 36;
1011 }
1012 prf(ENG->pad, 12, ENG->session.master_secret,
1013 sizeof ENG->session.master_secret,
1014 from_client ? "client finished" : "server finished",
1015 seed, seed_len);
1016
1017 }
1018 break;
1019 case 26: {
1020 /* copy-cert-chunk */
1021
1022 size_t clen;
1023
1024 clen = CTX->cert_len;
1025 if (clen > sizeof ENG->pad) {
1026 clen = sizeof ENG->pad;
1027 }
1028 memcpy(ENG->pad, CTX->cert_cur, clen);
1029 CTX->cert_cur += clen;
1030 CTX->cert_len -= clen;
1031 T0_PUSH(clen);
1032
1033 }
1034 break;
1035 case 27: {
1036 /* data-get8 */
1037
1038 size_t addr = T0_POP();
1039 T0_PUSH(t0_datablock[addr]);
1040
1041 }
1042 break;
1043 case 28: {
1044 /* discard-input */
1045
1046 ENG->hlen_in = 0;
1047
1048 }
1049 break;
1050 case 29: {
1051 /* do-ecdh */
1052
1053 int prf_id = T0_POPi();
1054 size_t len = T0_POP();
1055 do_ecdh(CTX, prf_id, ENG->pad, len);
1056
1057 }
1058 break;
1059 case 30: {
1060 /* do-ecdhe-part1 */
1061
1062 int curve = T0_POPi();
1063 T0_PUSHi(do_ecdhe_part1(CTX, curve));
1064
1065 }
1066 break;
1067 case 31: {
1068 /* do-ecdhe-part2 */
1069
1070 int prf_id = T0_POPi();
1071 size_t len = T0_POP();
1072 do_ecdhe_part2(CTX, prf_id, ENG->pad, len);
1073
1074 }
1075 break;
1076 case 32: {
1077 /* do-rsa-decrypt */
1078
1079 int prf_id = T0_POPi();
1080 size_t len = T0_POP();
1081 do_rsa_decrypt(CTX, prf_id, ENG->pad, len);
1082
1083 }
1084 break;
1085 case 33: {
1086 /* drop */
1087 (void)T0_POP();
1088 }
1089 break;
1090 case 34: {
1091 /* dup */
1092 T0_PUSH(T0_PEEK(0));
1093 }
1094 break;
1095 case 35: {
1096 /* fail */
1097
1098 br_ssl_engine_fail(ENG, (int)T0_POPi());
1099 T0_CO();
1100
1101 }
1102 break;
1103 case 36: {
1104 /* flush-record */
1105
1106 br_ssl_engine_flush_record(ENG);
1107
1108 }
1109 break;
1110 case 37: {
1111 /* get16 */
1112
1113 size_t addr = (size_t)T0_POP();
1114 T0_PUSH(*(uint16_t *)((unsigned char *)ENG + addr));
1115
1116 }
1117 break;
1118 case 38: {
1119 /* get32 */
1120
1121 size_t addr = (size_t)T0_POP();
1122 T0_PUSH(*(uint32_t *)((unsigned char *)ENG + addr));
1123
1124 }
1125 break;
1126 case 39: {
1127 /* get8 */
1128
1129 size_t addr = (size_t)T0_POP();
1130 T0_PUSH(*((unsigned char *)ENG + addr));
1131
1132 }
1133 break;
1134 case 40: {
1135 /* has-input? */
1136
1137 T0_PUSHi(-(ENG->hlen_in != 0));
1138
1139 }
1140 break;
1141 case 41: {
1142 /* memcmp */
1143
1144 size_t len = (size_t)T0_POP();
1145 void *addr2 = (unsigned char *)ENG + (size_t)T0_POP();
1146 void *addr1 = (unsigned char *)ENG + (size_t)T0_POP();
1147 int x = memcmp(addr1, addr2, len);
1148 T0_PUSH((uint32_t)-(x == 0));
1149
1150 }
1151 break;
1152 case 42: {
1153 /* memcpy */
1154
1155 size_t len = (size_t)T0_POP();
1156 void *src = (unsigned char *)ENG + (size_t)T0_POP();
1157 void *dst = (unsigned char *)ENG + (size_t)T0_POP();
1158 memcpy(dst, src, len);
1159
1160 }
1161 break;
1162 case 43: {
1163 /* mkrand */
1164
1165 size_t len = (size_t)T0_POP();
1166 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
1167 br_hmac_drbg_generate(&ENG->rng, addr, len);
1168
1169 }
1170 break;
1171 case 44: {
1172 /* more-incoming-bytes? */
1173
1174 T0_PUSHi(ENG->hlen_in != 0 || !br_ssl_engine_recvrec_finished(ENG));
1175
1176 }
1177 break;
1178 case 45: {
1179 /* multihash-init */
1180
1181 br_multihash_init(&ENG->mhash);
1182
1183 }
1184 break;
1185 case 46: {
1186 /* neg */
1187
1188 uint32_t a = T0_POP();
1189 T0_PUSH(-a);
1190
1191 }
1192 break;
1193 case 47: {
1194 /* not */
1195
1196 uint32_t a = T0_POP();
1197 T0_PUSH(~a);
1198
1199 }
1200 break;
1201 case 48: {
1202 /* or */
1203
1204 uint32_t b = T0_POP();
1205 uint32_t a = T0_POP();
1206 T0_PUSH(a | b);
1207
1208 }
1209 break;
1210 case 49: {
1211 /* over */
1212 T0_PUSH(T0_PEEK(1));
1213 }
1214 break;
1215 case 50: {
1216 /* read-chunk-native */
1217
1218 size_t clen = ENG->hlen_in;
1219 if (clen > 0) {
1220 uint32_t addr, len;
1221
1222 len = T0_POP();
1223 addr = T0_POP();
1224 if ((size_t)len < clen) {
1225 clen = (size_t)len;
1226 }
1227 memcpy((unsigned char *)ENG + addr, ENG->hbuf_in, clen);
1228 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1229 br_multihash_update(&ENG->mhash, ENG->hbuf_in, clen);
1230 }
1231 T0_PUSH(addr + (uint32_t)clen);
1232 T0_PUSH(len - (uint32_t)clen);
1233 ENG->hbuf_in += clen;
1234 ENG->hlen_in -= clen;
1235 }
1236
1237 }
1238 break;
1239 case 51: {
1240 /* read8-native */
1241
1242 if (ENG->hlen_in > 0) {
1243 unsigned char x;
1244
1245 x = *ENG->hbuf_in ++;
1246 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1247 br_multihash_update(&ENG->mhash, &x, 1);
1248 }
1249 T0_PUSH(x);
1250 ENG->hlen_in --;
1251 } else {
1252 T0_PUSHi(-1);
1253 }
1254
1255 }
1256 break;
1257 case 52: {
1258 /* save-session */
1259
1260 if (CTX->cache_vtable != NULL) {
1261 (*CTX->cache_vtable)->save(
1262 CTX->cache_vtable, CTX, &ENG->session);
1263 }
1264
1265 }
1266 break;
1267 case 53: {
1268 /* set-max-frag-len */
1269
1270 size_t max_frag_len = T0_POP();
1271
1272 br_ssl_engine_new_max_frag_len(ENG, max_frag_len);
1273
1274 /*
1275 * We must adjust our own output limit. Since we call this only
1276 * after receiving a ClientHello and before beginning to send
1277 * the ServerHello, the next output record should be empty at
1278 * that point, so we can use max_frag_len as a limit.
1279 */
1280 if (ENG->hlen_out > max_frag_len) {
1281 ENG->hlen_out = max_frag_len;
1282 }
1283
1284 }
1285 break;
1286 case 54: {
1287 /* set16 */
1288
1289 size_t addr = (size_t)T0_POP();
1290 *(uint16_t *)((unsigned char *)ENG + addr) = (uint16_t)T0_POP();
1291
1292 }
1293 break;
1294 case 55: {
1295 /* set32 */
1296
1297 size_t addr = (size_t)T0_POP();
1298 *(uint32_t *)((unsigned char *)ENG + addr) = (uint32_t)T0_POP();
1299
1300 }
1301 break;
1302 case 56: {
1303 /* set8 */
1304
1305 size_t addr = (size_t)T0_POP();
1306 *((unsigned char *)ENG + addr) = (unsigned char)T0_POP();
1307
1308 }
1309 break;
1310 case 57: {
1311 /* supported-curves */
1312
1313 uint32_t x = ENG->iec == NULL ? 0 : ENG->iec->supported_curves;
1314 T0_PUSH(x);
1315
1316 }
1317 break;
1318 case 58: {
1319 /* supported-hash-functions */
1320
1321 int i;
1322 unsigned x, num;
1323
1324 x = 0;
1325 num = 0;
1326 for (i = br_sha1_ID; i <= br_sha512_ID; i ++) {
1327 if (br_multihash_getimpl(&ENG->mhash, i)) {
1328 x |= 1U << i;
1329 num ++;
1330 }
1331 }
1332 T0_PUSH(x);
1333 T0_PUSH(num);
1334
1335 }
1336 break;
1337 case 59: {
1338 /* swap */
1339 T0_SWAP();
1340 }
1341 break;
1342 case 60: {
1343 /* switch-aesgcm-in */
1344
1345 int is_client, prf_id;
1346 unsigned cipher_key_len;
1347
1348 cipher_key_len = T0_POP();
1349 prf_id = T0_POP();
1350 is_client = T0_POP();
1351 br_ssl_engine_switch_gcm_in(ENG, is_client, prf_id,
1352 ENG->iaes_ctr, cipher_key_len);
1353
1354 }
1355 break;
1356 case 61: {
1357 /* switch-aesgcm-out */
1358
1359 int is_client, prf_id;
1360 unsigned cipher_key_len;
1361
1362 cipher_key_len = T0_POP();
1363 prf_id = T0_POP();
1364 is_client = T0_POP();
1365 br_ssl_engine_switch_gcm_out(ENG, is_client, prf_id,
1366 ENG->iaes_ctr, cipher_key_len);
1367
1368 }
1369 break;
1370 case 62: {
1371 /* switch-cbc-in */
1372
1373 int is_client, prf_id, mac_id, aes;
1374 unsigned cipher_key_len;
1375
1376 cipher_key_len = T0_POP();
1377 aes = T0_POP();
1378 mac_id = T0_POP();
1379 prf_id = T0_POP();
1380 is_client = T0_POP();
1381 br_ssl_engine_switch_cbc_in(ENG, is_client, prf_id, mac_id,
1382 aes ? ENG->iaes_cbcdec : ENG->ides_cbcdec, cipher_key_len);
1383
1384 }
1385 break;
1386 case 63: {
1387 /* switch-cbc-out */
1388
1389 int is_client, prf_id, mac_id, aes;
1390 unsigned cipher_key_len;
1391
1392 cipher_key_len = T0_POP();
1393 aes = T0_POP();
1394 mac_id = T0_POP();
1395 prf_id = T0_POP();
1396 is_client = T0_POP();
1397 br_ssl_engine_switch_cbc_out(ENG, is_client, prf_id, mac_id,
1398 aes ? ENG->iaes_cbcenc : ENG->ides_cbcenc, cipher_key_len);
1399
1400 }
1401 break;
1402 case 64: {
1403 /* total-chain-length */
1404
1405 size_t u;
1406 uint32_t total;
1407
1408 total = 0;
1409 for (u = 0; u < CTX->chain_len; u ++) {
1410 total += 3 + (uint32_t)CTX->chain[u].data_len;
1411 }
1412 T0_PUSH(total);
1413
1414 }
1415 break;
1416 case 65: {
1417 /* u>> */
1418
1419 int c = (int)T0_POPi();
1420 uint32_t x = T0_POP();
1421 T0_PUSH(x >> c);
1422
1423 }
1424 break;
1425 case 66: {
1426 /* write-blob-chunk */
1427
1428 size_t clen = ENG->hlen_out;
1429 if (clen > 0) {
1430 uint32_t addr, len;
1431
1432 len = T0_POP();
1433 addr = T0_POP();
1434 if ((size_t)len < clen) {
1435 clen = (size_t)len;
1436 }
1437 memcpy(ENG->hbuf_out, (unsigned char *)ENG + addr, clen);
1438 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1439 br_multihash_update(&ENG->mhash, ENG->hbuf_out, clen);
1440 }
1441 T0_PUSH(addr + (uint32_t)clen);
1442 T0_PUSH(len - (uint32_t)clen);
1443 ENG->hbuf_out += clen;
1444 ENG->hlen_out -= clen;
1445 }
1446
1447 }
1448 break;
1449 case 67: {
1450 /* write8-native */
1451
1452 unsigned char x;
1453
1454 x = (unsigned char)T0_POP();
1455 if (ENG->hlen_out > 0) {
1456 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1457 br_multihash_update(&ENG->mhash, &x, 1);
1458 }
1459 *ENG->hbuf_out ++ = x;
1460 ENG->hlen_out --;
1461 T0_PUSHi(-1);
1462 } else {
1463 T0_PUSHi(0);
1464 }
1465
1466 }
1467 break;
1468 }
1469
1470 } else {
1471 T0_ENTER(ip, rp, t0x);
1472 }
1473 }
1474 t0_exit:
1475 ((t0_context *)t0ctx)->dp = dp;
1476 ((t0_context *)t0ctx)->rp = rp;
1477 ((t0_context *)t0ctx)->ip = ip;
1478 }
The BearSSL library and tools.