projects / BearSSL / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
New simplified initialisation function for X.509 minimal engine.
[BearSSL] / src / ssl / ssl_hs_server.c
1 /* Automatically generated code; do not modify directly. */
2
3 #include <stddef.h>
4 #include <stdint.h>
5
6 typedef struct {
7 uint32_t *dp;
8 uint32_t *rp;
9 const unsigned char *ip;
10 } t0_context;
11
12 static uint32_t
13 t0_parse7E_unsigned(const unsigned char **p)
14 {
15 uint32_t x;
16
17 x = 0;
18 for (;;) {
19 unsigned y;
20
21 y = *(*p) ++;
22 x = (x << 7) | (uint32_t)(y & 0x7F);
23 if (y < 0x80) {
24 return x;
25 }
26 }
27 }
28
29 static int32_t
30 t0_parse7E_signed(const unsigned char **p)
31 {
32 int neg;
33 uint32_t x;
34
35 neg = ((**p) >> 6) & 1;
36 x = (uint32_t)-neg;
37 for (;;) {
38 unsigned y;
39
40 y = *(*p) ++;
41 x = (x << 7) | (uint32_t)(y & 0x7F);
42 if (y < 0x80) {
43 if (neg) {
44 return -(int32_t)~x - 1;
45 } else {
46 return (int32_t)x;
47 }
48 }
49 }
50 }
51
52 #define T0_VBYTE(x, n) (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) | 0x80)
53 #define T0_FBYTE(x, n) (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)
54 #define T0_SBYTE(x) (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)
55 #define T0_INT1(x) T0_FBYTE(x, 0)
56 #define T0_INT2(x) T0_VBYTE(x, 7), T0_FBYTE(x, 0)
57 #define T0_INT3(x) T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
58 #define T0_INT4(x) T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
59 #define T0_INT5(x) T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
60
61 static const uint8_t t0_datablock[];
62
63
64 void br_ssl_hs_server_init_main(void *t0ctx);
65
66 void br_ssl_hs_server_run(void *t0ctx);
67
68
69
70 #include <stddef.h>
71 #include <string.h>
72
73 #include "inner.h"
74
75 /*
76 * This macro evaluates to a pointer to the current engine context.
77 */
78 #define ENG ((br_ssl_engine_context *)((unsigned char *)t0ctx - offsetof(br_ssl_engine_context, cpu)))
79
80
81
82
83
84 /*
85 * This macro evaluates to a pointer to the server context, under that
86 * specific name. It must be noted that since the engine context is the
87 * first field of the br_ssl_server_context structure ('eng'), then
88 * pointers values of both types are interchangeable, modulo an
89 * appropriate cast. This also means that "adresses" computed as offsets
90 * within the structure work for both kinds of context.
91 */
92 #define CTX ((br_ssl_server_context *)ENG)
93
94 /*
95 * Decrypt the pre-master secret (RSA key exchange).
96 */
97 static void
98 do_rsa_decrypt(br_ssl_server_context *ctx, int prf_id,
99 unsigned char *epms, size_t len)
100 {
101 uint32_t x;
102 unsigned char rpms[48];
103
104 /*
105 * Decrypt the PMS.
106 */
107 x = (*ctx->policy_vtable)->do_keyx(ctx->policy_vtable, epms, len);
108
109 /*
110 * Set the first two bytes to the maximum supported client
111 * protocol version. These bytes are used for version rollback
112 * detection; forceing the two bytes will make the master secret
113 * wrong if the bytes are not correct. This process is
114 * recommended by RFC 5246 (section 7.4.7.1).
115 */
116 br_enc16be(epms, ctx->client_max_version);
117
118 /*
119 * Make a random PMS and copy it above the decrypted value if the
120 * decryption failed. Note that we use a constant-time conditional
121 * copy.
122 */
123 br_hmac_drbg_generate(&ctx->eng.rng, rpms, sizeof rpms);
124 br_ccopy(x ^ 1, epms, rpms, sizeof rpms);
125
126 /*
127 * Compute master secret.
128 */
129 br_ssl_engine_compute_master(&ctx->eng, prf_id, epms, 48);
130
131 /*
132 * Clear the pre-master secret from RAM: it is normally a buffer
133 * in the context, hence potentially long-lived.
134 */
135 memset(epms, 0, len);
136 }
137
138 /*
139 * Common part for ECDH and ECDHE.
140 */
141 static void
142 ecdh_common(br_ssl_server_context *ctx, int prf_id,
143 unsigned char *cpoint, size_t cpoint_len, uint32_t ctl)
144 {
145 unsigned char rpms[80];
146 size_t pms_len;
147
148 /*
149 * The point length is supposed to be 1+2*Xlen, where Xlen is
150 * the length (in bytes) of the X coordinate, i.e. the pre-master
151 * secret. If the provided point is too large, then it is
152 * obviously incorrect (i.e. everybody can see that it is
153 * incorrect), so leaking that fact is not a problem.
154 */
155 pms_len = cpoint_len >> 1;
156 if (pms_len > sizeof rpms) {
157 pms_len = sizeof rpms;
158 ctl = 0;
159 }
160
161 /*
162 * Make a random PMS and copy it above the decrypted value if the
163 * decryption failed. Note that we use a constant-time conditional
164 * copy.
165 */
166 br_hmac_drbg_generate(&ctx->eng.rng, rpms, pms_len);
167 br_ccopy(ctl ^ 1, cpoint + 1, rpms, pms_len);
168
169 /*
170 * Compute master secret.
171 */
172 br_ssl_engine_compute_master(&ctx->eng, prf_id, cpoint + 1, pms_len);
173
174 /*
175 * Clear the pre-master secret from RAM: it is normally a buffer
176 * in the context, hence potentially long-lived.
177 */
178 memset(cpoint, 0, cpoint_len);
179 }
180
181 /*
182 * Do the ECDH key exchange (not ECDHE).
183 */
184 static void
185 do_ecdh(br_ssl_server_context *ctx, int prf_id,
186 unsigned char *cpoint, size_t cpoint_len)
187 {
188 uint32_t x;
189
190 /*
191 * Finalise the key exchange.
192 */
193 x = (*ctx->policy_vtable)->do_keyx(ctx->policy_vtable,
194 cpoint, cpoint_len);
195 ecdh_common(ctx, prf_id, cpoint, cpoint_len, x);
196 }
197
198 /*
199 * Do the full static ECDH key exchange. When this function is called,
200 * it has already been verified that the cipher suite uses ECDH (not ECDHE),
201 * and the client's public key (from its certificate) has type EC and is
202 * apt for key exchange.
203 */
204 static void
205 do_static_ecdh(br_ssl_server_context *ctx, int prf_id)
206 {
207 unsigned char cpoint[133];
208 size_t cpoint_len;
209 const br_x509_class **xc;
210 const br_x509_pkey *pk;
211
212 xc = ctx->eng.x509ctx;
213 pk = (*xc)->get_pkey(xc, NULL);
214 cpoint_len = pk->key.ec.qlen;
215 if (cpoint_len > sizeof cpoint) {
216 /*
217 * If the point is larger than our buffer then we need to
218 * restrict it. Length 2 is not a valid point length, so
219 * the ECDH will fail.
220 */
221 cpoint_len = 2;
222 }
223 memcpy(cpoint, pk->key.ec.q, cpoint_len);
224 do_ecdh(ctx, prf_id, cpoint, cpoint_len);
225 }
226
227 /*
228 * Do the ECDHE key exchange (part 1: generation of transient key, and
229 * computing of the point to send to the client). Returned value is the
230 * signature length (in bytes), or -x on error (with x being an error
231 * code). The encoded point is written in the ecdhe_point[] context buffer
232 * (length in ecdhe_point_len).
233 */
234 static int
235 do_ecdhe_part1(br_ssl_server_context *ctx, int curve)
236 {
237 int hash;
238 unsigned mask;
239 const unsigned char *order, *generator;
240 size_t olen, glen;
241 br_multihash_context mhc;
242 unsigned char head[4];
243 size_t hv_len, sig_len;
244
245 if (!((ctx->eng.iec->supported_curves >> curve) & 1)) {
246 return -BR_ERR_INVALID_ALGORITHM;
247 }
248 ctx->eng.ecdhe_curve = curve;
249
250 /*
251 * Generate our private key. We need a non-zero random value
252 * which is lower than the curve order, in a "large enough"
253 * range. We force the top bit to 0 and bottom bit to 1, which
254 * does the trick. Note that contrary to what happens in ECDSA,
255 * this is not a problem if we do not cover the full range of
256 * possible values.
257 */
258 order = ctx->eng.iec->order(curve, &olen);
259 mask = 0xFF;
260 while (mask >= order[0]) {
261 mask >>= 1;
262 }
263 br_hmac_drbg_generate(&ctx->eng.rng, ctx->ecdhe_key, olen);
264 ctx->ecdhe_key[0] &= mask;
265 ctx->ecdhe_key[olen - 1] |= 0x01;
266 ctx->ecdhe_key_len = olen;
267
268 /*
269 * Compute our ECDH point.
270 */
271 generator = ctx->eng.iec->generator(curve, &glen);
272 memcpy(ctx->eng.ecdhe_point, generator, glen);
273 ctx->eng.ecdhe_point_len = glen;
274 if (!ctx->eng.iec->mul(ctx->eng.ecdhe_point, glen,
275 ctx->ecdhe_key, olen, curve))
276 {
277 return -BR_ERR_INVALID_ALGORITHM;
278 }
279
280 /*
281 * Compute the signature.
282 */
283 br_multihash_zero(&mhc);
284 br_multihash_copyimpl(&mhc, &ctx->eng.mhash);
285 br_multihash_init(&mhc);
286 br_multihash_update(&mhc,
287 ctx->eng.client_random, sizeof ctx->eng.client_random);
288 br_multihash_update(&mhc,
289 ctx->eng.server_random, sizeof ctx->eng.server_random);
290 head[0] = 3;
291 head[1] = 0;
292 head[2] = curve;
293 head[3] = ctx->eng.ecdhe_point_len;
294 br_multihash_update(&mhc, head, sizeof head);
295 br_multihash_update(&mhc,
296 ctx->eng.ecdhe_point, ctx->eng.ecdhe_point_len);
297 hash = ctx->sign_hash_id;
298 if (hash) {
299 hv_len = br_multihash_out(&mhc, hash, ctx->eng.pad);
300 if (hv_len == 0) {
301 return -BR_ERR_INVALID_ALGORITHM;
302 }
303 } else {
304 if (!br_multihash_out(&mhc, br_md5_ID, ctx->eng.pad)
305 || !br_multihash_out(&mhc,
306 br_sha1_ID, ctx->eng.pad + 16))
307 {
308 return -BR_ERR_INVALID_ALGORITHM;
309 }
310 hv_len = 36;
311 }
312 sig_len = (*ctx->policy_vtable)->do_sign(ctx->policy_vtable,
313 hash, hv_len, ctx->eng.pad, sizeof ctx->eng.pad);
314 return sig_len ? (int)sig_len : -BR_ERR_INVALID_ALGORITHM;
315 }
316
317 /*
318 * Do the ECDHE key exchange (part 2: computation of the shared secret
319 * from the point sent by the client).
320 */
321 static void
322 do_ecdhe_part2(br_ssl_server_context *ctx, int prf_id,
323 unsigned char *cpoint, size_t cpoint_len)
324 {
325 int curve;
326 uint32_t x;
327
328 curve = ctx->eng.ecdhe_curve;
329
330 /*
331 * Finalise the key exchange.
332 */
333 x = ctx->eng.iec->mul(cpoint, cpoint_len,
334 ctx->ecdhe_key, ctx->ecdhe_key_len, curve);
335 ecdh_common(ctx, prf_id, cpoint, cpoint_len, x);
336
337 /*
338 * Clear the ECDHE private key. Forward Secrecy is achieved insofar
339 * as that key does not get stolen, so we'd better destroy it
340 * as soon as it ceases to be useful.
341 */
342 memset(ctx->ecdhe_key, 0, ctx->ecdhe_key_len);
343 }
344
345 /*
346 * Offset for hash value within the pad (when obtaining all hash values,
347 * in preparation for verification of the CertificateVerify message).
348 * Order is MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512; last value
349 * is used to get the total length.
350 */
351 static const unsigned char HASH_PAD_OFF[] = { 0, 16, 36, 64, 96, 144, 208 };
352
353 /*
354 * OID for hash functions in RSA signatures.
355 */
356 static const unsigned char HASH_OID_SHA1[] = {
357 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A
358 };
359
360 static const unsigned char HASH_OID_SHA224[] = {
361 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04
362 };
363
364 static const unsigned char HASH_OID_SHA256[] = {
365 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01
366 };
367
368 static const unsigned char HASH_OID_SHA384[] = {
369 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02
370 };
371
372 static const unsigned char HASH_OID_SHA512[] = {
373 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03
374 };
375
376 static const unsigned char *HASH_OID[] = {
377 HASH_OID_SHA1,
378 HASH_OID_SHA224,
379 HASH_OID_SHA256,
380 HASH_OID_SHA384,
381 HASH_OID_SHA512
382 };
383
384 /*
385 * Verify the signature in CertificateVerify. Returned value is 0 on
386 * success, or a non-zero error code. Lack of implementation of the
387 * designated signature algorithm is reported as a "bad signature"
388 * error (because it means that the peer did not honour our advertised
389 * set of supported signature algorithms).
390 */
391 static int
392 verify_CV_sig(br_ssl_server_context *ctx, size_t sig_len)
393 {
394 const br_x509_class **xc;
395 const br_x509_pkey *pk;
396 int id;
397
398 id = ctx->hash_CV_id;
399 xc = ctx->eng.x509ctx;
400 pk = (*xc)->get_pkey(xc, NULL);
401 if (pk->key_type == BR_KEYTYPE_RSA) {
402 unsigned char tmp[64];
403 const unsigned char *hash_oid;
404
405 if (id == 0) {
406 hash_oid = NULL;
407 } else {
408 hash_oid = HASH_OID[id - 2];
409 }
410 if (ctx->eng.irsavrfy == 0) {
411 return BR_ERR_BAD_SIGNATURE;
412 }
413 if (!ctx->eng.irsavrfy(ctx->eng.pad, sig_len,
414 hash_oid, ctx->hash_CV_len, &pk->key.rsa, tmp)
415 || memcmp(tmp, ctx->hash_CV, ctx->hash_CV_len) != 0)
416 {
417 return BR_ERR_BAD_SIGNATURE;
418 }
419 } else {
420 if (ctx->eng.iecdsa == 0) {
421 return BR_ERR_BAD_SIGNATURE;
422 }
423 if (!ctx->eng.iecdsa(ctx->eng.iec,
424 ctx->hash_CV, ctx->hash_CV_len,
425 &pk->key.ec, ctx->eng.pad, sig_len))
426 {
427 return BR_ERR_BAD_SIGNATURE;
428 }
429 }
430 return 0;
431 }
432
433
434
435 static const uint8_t t0_datablock[] = {
436 0x00, 0x00, 0x0A, 0x00, 0x24, 0x00, 0x2F, 0x01, 0x24, 0x00, 0x35, 0x02,
437 0x24, 0x00, 0x3C, 0x01, 0x44, 0x00, 0x3D, 0x02, 0x44, 0x00, 0x9C, 0x03,
438 0x04, 0x00, 0x9D, 0x04, 0x05, 0xC0, 0x03, 0x40, 0x24, 0xC0, 0x04, 0x41,
439 0x24, 0xC0, 0x05, 0x42, 0x24, 0xC0, 0x08, 0x20, 0x24, 0xC0, 0x09, 0x21,
440 0x24, 0xC0, 0x0A, 0x22, 0x24, 0xC0, 0x0D, 0x30, 0x24, 0xC0, 0x0E, 0x31,
441 0x24, 0xC0, 0x0F, 0x32, 0x24, 0xC0, 0x12, 0x10, 0x24, 0xC0, 0x13, 0x11,
442 0x24, 0xC0, 0x14, 0x12, 0x24, 0xC0, 0x23, 0x21, 0x44, 0xC0, 0x24, 0x22,
443 0x55, 0xC0, 0x25, 0x41, 0x44, 0xC0, 0x26, 0x42, 0x55, 0xC0, 0x27, 0x11,
444 0x44, 0xC0, 0x28, 0x12, 0x55, 0xC0, 0x29, 0x31, 0x44, 0xC0, 0x2A, 0x32,
445 0x55, 0xC0, 0x2B, 0x23, 0x04, 0xC0, 0x2C, 0x24, 0x05, 0xC0, 0x2D, 0x43,
446 0x04, 0xC0, 0x2E, 0x44, 0x05, 0xC0, 0x2F, 0x13, 0x04, 0xC0, 0x30, 0x14,
447 0x05, 0xC0, 0x31, 0x33, 0x04, 0xC0, 0x32, 0x34, 0x05, 0xCC, 0xA8, 0x15,
448 0x04, 0xCC, 0xA9, 0x25, 0x04, 0x00, 0x00
449 };
450
451 static const uint8_t t0_codeblock[] = {
452 0x00, 0x01, 0x00, 0x0B, 0x00, 0x00, 0x01, 0x00, 0x0E, 0x00, 0x00, 0x01,
453 0x00, 0x0F, 0x00, 0x00, 0x01, 0x00, 0x10, 0x00, 0x00, 0x01, 0x01, 0x08,
454 0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x02, 0x08, 0x00, 0x00,
455 0x01, 0x02, 0x09, 0x00, 0x00, 0x29, 0x29, 0x00, 0x00, 0x01,
456 T0_INT1(BR_ERR_BAD_CCS), 0x00, 0x00, 0x01,
457 T0_INT1(BR_ERR_BAD_FINISHED), 0x00, 0x00, 0x01,
458 T0_INT1(BR_ERR_BAD_FRAGLEN), 0x00, 0x00, 0x01,
459 T0_INT1(BR_ERR_BAD_HANDSHAKE), 0x00, 0x00, 0x01,
460 T0_INT1(BR_ERR_BAD_PARAM), 0x00, 0x00, 0x01,
461 T0_INT1(BR_ERR_BAD_SECRENEG), 0x00, 0x00, 0x01,
462 T0_INT1(BR_ERR_BAD_SIGNATURE), 0x00, 0x00, 0x01,
463 T0_INT1(BR_ERR_BAD_VERSION), 0x00, 0x00, 0x01,
464 T0_INT1(BR_ERR_INVALID_ALGORITHM), 0x00, 0x00, 0x01,
465 T0_INT1(BR_ERR_LIMIT_EXCEEDED), 0x00, 0x00, 0x01,
466 T0_INT1(BR_ERR_NO_CLIENT_AUTH), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OK),
467 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OVERSIZED_ID), 0x00, 0x00, 0x01,
468 T0_INT1(BR_ERR_UNEXPECTED), 0x00, 0x00, 0x01,
469 T0_INT1(BR_ERR_WRONG_KEY_USAGE), 0x00, 0x00, 0x01,
470 T0_INT2(offsetof(br_ssl_engine_context, action)), 0x00, 0x00, 0x01,
471 T0_INT2(offsetof(br_ssl_engine_context, alert)), 0x00, 0x00, 0x01,
472 T0_INT2(offsetof(br_ssl_engine_context, application_data)), 0x00, 0x00,
473 0x01,
474 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, cipher_suite)),
475 0x00, 0x00, 0x01,
476 T0_INT2(offsetof(br_ssl_server_context, client_max_version)), 0x00,
477 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, client_random)),
478 0x00, 0x00, 0x01,
479 T0_INT2(offsetof(br_ssl_server_context, client_suites)), 0x00, 0x00,
480 0x01, T0_INT2(offsetof(br_ssl_server_context, client_suites_num)),
481 0x00, 0x00, 0x01,
482 T0_INT2(offsetof(br_ssl_engine_context, close_received)), 0x00, 0x00,
483 0x01, T0_INT2(offsetof(br_ssl_server_context, curves)), 0x00, 0x00,
484 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point)), 0x00,
485 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point_len)),
486 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, flags)),
487 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_server_context, hashes)),
488 0x00, 0x00, 0x79, 0x01,
489 T0_INT2(BR_MAX_CIPHER_SUITES * sizeof(br_suite_translated)), 0x00,
490 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, log_max_frag_len)),
491 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, pad)), 0x00,
492 0x00, 0x01,
493 T0_INT2(offsetof(br_ssl_engine_context, peer_log_max_frag_len)), 0x00,
494 0x00, 0x01,
495 T0_INT2(offsetof(br_ssl_engine_context, protocol_names_num)), 0x00,
496 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, record_type_in)),
497 0x00, 0x00, 0x01,
498 T0_INT2(offsetof(br_ssl_engine_context, record_type_out)), 0x00, 0x00,
499 0x01, T0_INT2(offsetof(br_ssl_engine_context, reneg)), 0x00, 0x00,
500 0x01, T0_INT2(offsetof(br_ssl_engine_context, saved_finished)), 0x00,
501 0x00, 0x01,
502 T0_INT2(offsetof(br_ssl_engine_context, selected_protocol)), 0x00,
503 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, server_name)),
504 0x00, 0x00, 0x01,
505 T0_INT2(offsetof(br_ssl_engine_context, server_random)), 0x00, 0x00,
506 0x01,
507 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id)),
508 0x00, 0x00, 0x01,
509 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id_len)),
510 0x00, 0x00, 0x01,
511 T0_INT2(offsetof(br_ssl_engine_context, shutdown_recv)), 0x00, 0x00,
512 0x01, T0_INT2(offsetof(br_ssl_server_context, sign_hash_id)), 0x00,
513 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_buf)), 0x00,
514 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_num)), 0x00,
515 0x00, 0x01,
516 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, version)),
517 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_in)),
518 0x00, 0x00, 0x01,
519 T0_INT2(offsetof(br_ssl_engine_context, version_max)), 0x00, 0x00,
520 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_min)), 0x00,
521 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_out)),
522 0x00, 0x00, 0x09, 0x2A, 0x5B, 0x06, 0x02, 0x68, 0x2B, 0x00, 0x00, 0x01,
523 0x01, 0x00, 0x01, 0x03, 0x00, 0x99, 0x2A, 0x61, 0x47, 0x9D, 0x2A, 0x05,
524 0x04, 0x63, 0x01, 0x00, 0x00, 0x02, 0x00, 0x0F, 0x06, 0x02, 0x9D, 0x00,
525 0x61, 0x04, 0x6B, 0x00, 0x06, 0x02, 0x68, 0x2B, 0x00, 0x00, 0x2A, 0x89,
526 0x47, 0x05, 0x03, 0x01, 0x0C, 0x08, 0x47, 0x76, 0x2E, 0xA5, 0x1C, 0x83,
527 0x01, 0x0C, 0x33, 0x00, 0x00, 0x2A, 0x22, 0x01, 0x08, 0x0C, 0x47, 0x5F,
528 0x22, 0x08, 0x00, 0x01, 0x03, 0x00, 0x01, 0x00, 0x75, 0x42, 0x2C, 0x19,
529 0x38, 0x06, 0x07, 0x02, 0x00, 0xCC, 0x03, 0x00, 0x04, 0x75, 0x01, 0x00,
530 0xC4, 0x02, 0x00, 0x2A, 0x19, 0x13, 0x06, 0x02, 0x6F, 0x2B, 0xCC, 0x04,
531 0x76, 0x00, 0x01, 0x00, 0x75, 0x42, 0x01, 0x16, 0x87, 0x42, 0x01, 0x00,
532 0x8A, 0x40, 0x36, 0xAE, 0x35, 0x06, 0x02, 0x71, 0x2B, 0x06, 0x0A, 0xD3,
533 0x01, 0x00, 0xCF, 0x01, 0x00, 0xAA, 0x04, 0x80, 0x46, 0xD3, 0xD0, 0x29,
534 0xD5, 0x4E, 0x06, 0x01, 0xD1, 0xD4, 0x2C, 0x4E, 0x06, 0x31, 0x01, 0x00,
535 0xAB, 0x2A, 0x5B, 0x06, 0x0F, 0x01, 0x02, 0xA2, 0x05, 0x02, 0x37, 0x2B,
536 0x29, 0xAF, 0xAD, 0x2A, 0xC5, 0x29, 0x04, 0x19, 0x2A, 0x5D, 0x06, 0x0B,
537 0x29, 0x01, 0x02, 0xA2, 0x05, 0x02, 0x6E, 0x2B, 0xAF, 0x04, 0x0A, 0xB1,
538 0x2A, 0x05, 0x04, 0x29, 0xA8, 0x04, 0x02, 0xB0, 0xAC, 0x04, 0x01, 0xAF,
539 0x01, 0x00, 0xAA, 0x01, 0x00, 0xCF, 0x3E, 0x01, 0x01, 0x75, 0x42, 0x01,
540 0x17, 0x87, 0x42, 0x00, 0x00, 0x3A, 0x3A, 0x00, 0x01, 0x03, 0x00, 0x2C,
541 0x19, 0x38, 0x06, 0x04, 0xCB, 0x29, 0x04, 0x78, 0x01, 0x02, 0x02, 0x00,
542 0xC3, 0x19, 0x38, 0x06, 0x04, 0xCB, 0x29, 0x04, 0x78, 0x02, 0x00, 0x01,
543 0x84, 0x00, 0x08, 0x2B, 0x00, 0x00, 0x7F, 0x2F, 0x47, 0x12, 0x01, 0x01,
544 0x13, 0x37, 0x00, 0x00, 0x01, 0x7F, 0x9F, 0xCB, 0x2A, 0x01, 0x07, 0x13,
545 0x01, 0x00, 0x3A, 0x0F, 0x06, 0x09, 0x29, 0x01, 0x10, 0x13, 0x06, 0x01,
546 0xC2, 0x04, 0x2A, 0x01, 0x01, 0x3A, 0x0F, 0x06, 0x21, 0x29, 0x29, 0x88,
547 0x30, 0x01, 0x01, 0x0F, 0x01, 0x01, 0xA2, 0x39, 0x06, 0x0F, 0x2C, 0x19,
548 0x38, 0x06, 0x04, 0xCB, 0x29, 0x04, 0x78, 0x01, 0x80, 0x64, 0xC4, 0x04,
549 0x03, 0x01, 0x00, 0x9F, 0x04, 0x03, 0x71, 0x2B, 0x29, 0x04, 0x40, 0x01,
550 0x2A, 0x03, 0x00, 0x09, 0x2A, 0x5B, 0x06, 0x02, 0x68, 0x2B, 0x02, 0x00,
551 0x00, 0x00, 0x9A, 0x01, 0x0F, 0x13, 0x00, 0x00, 0x74, 0x30, 0x01, 0x00,
552 0x3A, 0x0F, 0x06, 0x10, 0x29, 0x2A, 0x01, 0x01, 0x0E, 0x06, 0x03, 0x29,
553 0x01, 0x02, 0x74, 0x42, 0x01, 0x00, 0x04, 0x22, 0x01, 0x01, 0x3A, 0x0F,
554 0x06, 0x15, 0x29, 0x01, 0x00, 0x74, 0x42, 0x2A, 0x01, 0x80, 0x64, 0x0F,
555 0x06, 0x05, 0x01, 0x82, 0x00, 0x08, 0x2B, 0x5D, 0x00, 0x04, 0x07, 0x29,
556 0x01, 0x82, 0x00, 0x08, 0x2B, 0x29, 0x00, 0x00, 0x01, 0x00, 0x31, 0x06,
557 0x05, 0x3D, 0xA6, 0x39, 0x04, 0x78, 0x2A, 0x06, 0x04, 0x01, 0x01, 0x8F,
558 0x42, 0x00, 0x00, 0x01, 0x1F, 0x13, 0x01, 0x12, 0x0F, 0x05, 0x02, 0x72,
559 0x2B, 0x76, 0x2E, 0x2A, 0xC7, 0x05, 0x02, 0x71, 0x2B, 0xA5, 0x28, 0x00,
560 0x02, 0x85, 0x2E, 0x05, 0x02, 0xB9, 0x00, 0xBD, 0xA4, 0xBD, 0xA4, 0x01,
561 0x7E, 0x03, 0x00, 0x2A, 0x06, 0x17, 0xBF, 0x2A, 0x03, 0x01, 0x83, 0x47,
562 0xB3, 0x02, 0x01, 0x4F, 0x2A, 0x02, 0x00, 0x51, 0x06, 0x04, 0x03, 0x00,
563 0x04, 0x01, 0x29, 0x04, 0x66, 0x9B, 0x9B, 0x02, 0x00, 0x5F, 0x8A, 0x40,
564 0x00, 0x00, 0x31, 0x06, 0x0B, 0x86, 0x30, 0x01, 0x14, 0x0E, 0x06, 0x02,
565 0x71, 0x2B, 0x04, 0x11, 0xCB, 0x01, 0x07, 0x13, 0x2A, 0x01, 0x02, 0x0E,
566 0x06, 0x06, 0x06, 0x02, 0x71, 0x2B, 0x04, 0x70, 0x29, 0xC0, 0x01, 0x01,
567 0x0E, 0x35, 0x39, 0x06, 0x02, 0x64, 0x2B, 0x2A, 0x01, 0x01, 0xC6, 0x38,
568 0xB2, 0x00, 0x01, 0xB7, 0x01, 0x0B, 0x0F, 0x05, 0x02, 0x71, 0x2B, 0x2A,
569 0x01, 0x03, 0x0F, 0x06, 0x08, 0xBE, 0x06, 0x02, 0x68, 0x2B, 0x47, 0x29,
570 0x00, 0x47, 0x5A, 0xBE, 0xA4, 0x2A, 0x06, 0x23, 0xBE, 0xA4, 0x2A, 0x59,
571 0x2A, 0x06, 0x18, 0x2A, 0x01, 0x82, 0x00, 0x10, 0x06, 0x05, 0x01, 0x82,
572 0x00, 0x04, 0x01, 0x2A, 0x03, 0x00, 0x83, 0x02, 0x00, 0xB3, 0x02, 0x00,
573 0x56, 0x04, 0x65, 0x9B, 0x57, 0x04, 0x5A, 0x9B, 0x9B, 0x58, 0x2A, 0x06,
574 0x02, 0x37, 0x00, 0x29, 0x2D, 0x00, 0x02, 0x2A, 0x01, 0x20, 0x13, 0x05,
575 0x02, 0x72, 0x2B, 0x01, 0x0F, 0x13, 0x03, 0x00, 0xAD, 0x93, 0x2E, 0x01,
576 0x86, 0x03, 0x11, 0x06, 0x23, 0xBD, 0x2A, 0x01, 0x81, 0x7F, 0x13, 0x5F,
577 0x01, 0x01, 0x12, 0x02, 0x00, 0x0F, 0x05, 0x02, 0x6A, 0x2B, 0x01, 0x08,
578 0x12, 0x2A, 0x01, 0x02, 0x0B, 0x3A, 0x01, 0x06, 0x10, 0x39, 0x06, 0x02,
579 0x6C, 0x2B, 0x04, 0x0D, 0x02, 0x00, 0x01, 0x01, 0x0F, 0x06, 0x04, 0x01,
580 0x00, 0x04, 0x02, 0x01, 0x02, 0x20, 0x05, 0x02, 0x6C, 0x2B, 0xBD, 0x2A,
581 0x03, 0x01, 0x2A, 0x01, 0x84, 0x00, 0x10, 0x06, 0x02, 0x6D, 0x2B, 0x83,
582 0x47, 0xB3, 0x02, 0x01, 0x53, 0x2A, 0x06, 0x01, 0x2B, 0x29, 0x9B, 0x00,
583 0x00, 0x1D, 0xB7, 0x01, 0x0F, 0x0F, 0x05, 0x02, 0x71, 0x2B, 0x00, 0x0A,
584 0xB7, 0x01, 0x01, 0x0F, 0x05, 0x02, 0x71, 0x2B, 0xBD, 0x2A, 0x03, 0x00,
585 0x77, 0x40, 0x78, 0x01, 0x20, 0xB3, 0xBF, 0x2A, 0x01, 0x20, 0x10, 0x06,
586 0x02, 0x70, 0x2B, 0x2A, 0x8E, 0x42, 0x8D, 0x47, 0xB3, 0x1A, 0x03, 0x01,
587 0xBD, 0xA4, 0x01, 0x00, 0x03, 0x02, 0x01, 0x00, 0x03, 0x03, 0x81, 0xA0,
588 0x17, 0x3A, 0x08, 0x03, 0x04, 0x03, 0x05, 0x2A, 0x06, 0x80, 0x6D, 0xBD,
589 0x2A, 0x03, 0x06, 0x02, 0x01, 0x06, 0x0A, 0x2A, 0x76, 0x2E, 0x0F, 0x06,
590 0x04, 0x01, 0x7F, 0x03, 0x03, 0x2A, 0x01, 0x81, 0x7F, 0x0F, 0x06, 0x0A,
591 0x88, 0x30, 0x06, 0x02, 0x69, 0x2B, 0x01, 0x7F, 0x03, 0x02, 0x2A, 0x01,
592 0x81, 0xAC, 0x00, 0x0F, 0x06, 0x11, 0x02, 0x00, 0x96, 0x2E, 0x11, 0x02,
593 0x00, 0x95, 0x2E, 0x0B, 0x13, 0x06, 0x04, 0x01, 0x7F, 0x03, 0x00, 0xC1,
594 0x2A, 0x5B, 0x06, 0x03, 0x29, 0x04, 0x26, 0x01, 0x00, 0xA2, 0x06, 0x0B,
595 0x01, 0x02, 0x0C, 0x79, 0x08, 0x02, 0x06, 0x47, 0x40, 0x04, 0x16, 0x29,
596 0x02, 0x05, 0x02, 0x04, 0x11, 0x06, 0x02, 0x67, 0x2B, 0x02, 0x06, 0x02,
597 0x05, 0x40, 0x02, 0x05, 0x01, 0x04, 0x08, 0x03, 0x05, 0x04, 0xFF, 0x0F,
598 0x29, 0x01, 0x00, 0x03, 0x07, 0xBF, 0xA4, 0x2A, 0x06, 0x09, 0xBF, 0x05,
599 0x04, 0x01, 0x7F, 0x03, 0x07, 0x04, 0x74, 0x9B, 0x01, 0x00, 0x8B, 0x42,
600 0x01, 0x88, 0x04, 0x80, 0x40, 0x01, 0x84, 0x80, 0x80, 0x00, 0x7C, 0x41,
601 0x2A, 0x06, 0x80, 0x4E, 0xBD, 0xA4, 0x2A, 0x06, 0x80, 0x47, 0xBD, 0x01,
602 0x00, 0x3A, 0x0F, 0x06, 0x04, 0x29, 0xB6, 0x04, 0x39, 0x01, 0x01, 0x3A,
603 0x0F, 0x06, 0x04, 0x29, 0xB4, 0x04, 0x2F, 0x01, 0x83, 0xFE, 0x01, 0x3A,
604 0x0F, 0x06, 0x04, 0x29, 0xB5, 0x04, 0x23, 0x01, 0x0D, 0x3A, 0x0F, 0x06,
605 0x04, 0x29, 0xBB, 0x04, 0x19, 0x01, 0x0A, 0x3A, 0x0F, 0x06, 0x04, 0x29,
606 0xBC, 0x04, 0x0F, 0x01, 0x10, 0x3A, 0x0F, 0x06, 0x04, 0x29, 0xA9, 0x04,
607 0x05, 0x29, 0xB9, 0x01, 0x00, 0x29, 0x04, 0xFF, 0x35, 0x9B, 0x9B, 0x02,
608 0x01, 0x02, 0x03, 0x13, 0x03, 0x01, 0x02, 0x00, 0x5B, 0x06, 0x08, 0x77,
609 0x2E, 0x97, 0x40, 0x01, 0x80, 0x56, 0xA1, 0x95, 0x2E, 0x2A, 0x02, 0x00,
610 0x10, 0x06, 0x03, 0x29, 0x02, 0x00, 0x2A, 0x01, 0x86, 0x00, 0x0B, 0x06,
611 0x02, 0x6B, 0x2B, 0x02, 0x00, 0x96, 0x2E, 0x0B, 0x06, 0x04, 0x01, 0x80,
612 0x46, 0xA1, 0x02, 0x01, 0x06, 0x10, 0x93, 0x2E, 0x02, 0x00, 0x0D, 0x06,
613 0x05, 0x29, 0x93, 0x2E, 0x04, 0x04, 0x01, 0x00, 0x03, 0x01, 0x2A, 0x93,
614 0x40, 0x2A, 0x94, 0x40, 0x2A, 0x97, 0x40, 0x01, 0x86, 0x03, 0x11, 0x03,
615 0x08, 0x02, 0x02, 0x06, 0x04, 0x01, 0x02, 0x88, 0x42, 0x02, 0x07, 0x05,
616 0x03, 0x01, 0x28, 0xA1, 0x44, 0x29, 0x01, 0x82, 0x01, 0x07, 0x80, 0x2E,
617 0x13, 0x2A, 0x80, 0x40, 0x2A, 0x01, 0x81, 0x7F, 0x13, 0x5C, 0x37, 0x47,
618 0x01, 0x08, 0x12, 0x5C, 0x01, 0x02, 0x13, 0x39, 0x01, 0x0C, 0x0C, 0x03,
619 0x09, 0x7C, 0x2F, 0x43, 0x13, 0x2A, 0x7C, 0x41, 0x05, 0x04, 0x01, 0x00,
620 0x03, 0x09, 0x02, 0x01, 0x06, 0x03, 0x01, 0x7F, 0x00, 0x8D, 0x01, 0x20,
621 0x34, 0x01, 0x20, 0x8E, 0x42, 0x79, 0x2A, 0x03, 0x05, 0x2A, 0x02, 0x04,
622 0x0B, 0x06, 0x80, 0x49, 0x2A, 0x2E, 0x2A, 0x9A, 0x2A, 0x01, 0x0C, 0x12,
623 0x2A, 0x01, 0x01, 0x0F, 0x47, 0x01, 0x02, 0x0F, 0x39, 0x06, 0x0A, 0x2A,
624 0x02, 0x09, 0x13, 0x05, 0x04, 0x63, 0x01, 0x00, 0x2A, 0x02, 0x08, 0x05,
625 0x0E, 0x2A, 0x01, 0x81, 0x70, 0x13, 0x01, 0x20, 0x0E, 0x06, 0x04, 0x63,
626 0x01, 0x00, 0x2A, 0x2A, 0x06, 0x10, 0x02, 0x05, 0x61, 0x40, 0x02, 0x05,
627 0x40, 0x02, 0x05, 0x01, 0x04, 0x08, 0x03, 0x05, 0x04, 0x01, 0x63, 0x01,
628 0x04, 0x08, 0x04, 0xFF, 0x30, 0x29, 0x02, 0x05, 0x79, 0x09, 0x01, 0x02,
629 0x12, 0x2A, 0x05, 0x03, 0x01, 0x28, 0xA1, 0x7A, 0x42, 0x8A, 0x2E, 0x01,
630 0x83, 0xFF, 0x7F, 0x0F, 0x06, 0x0D, 0x01, 0x03, 0xA2, 0x06, 0x04, 0x01,
631 0x80, 0x78, 0xA1, 0x01, 0x00, 0x8A, 0x40, 0x18, 0x05, 0x03, 0x01, 0x28,
632 0xA1, 0x01, 0x00, 0x00, 0x00, 0xB1, 0xB0, 0x00, 0x04, 0x76, 0x2E, 0xCA,
633 0x06, 0x16, 0xBD, 0x2A, 0x01, 0x84, 0x00, 0x10, 0x06, 0x02, 0x6D, 0x2B,
634 0x2A, 0x03, 0x00, 0x83, 0x47, 0xB3, 0x02, 0x00, 0x76, 0x2E, 0xA5, 0x27,
635 0x76, 0x2E, 0x2A, 0xC8, 0x47, 0xC7, 0x03, 0x01, 0x03, 0x02, 0x02, 0x01,
636 0x02, 0x02, 0x39, 0x06, 0x14, 0xBF, 0x2A, 0x03, 0x03, 0x83, 0x47, 0xB3,
637 0x02, 0x03, 0x76, 0x2E, 0xA5, 0x02, 0x02, 0x06, 0x03, 0x26, 0x04, 0x01,
638 0x24, 0x9B, 0x00, 0x00, 0xB7, 0x01, 0x10, 0x0F, 0x05, 0x02, 0x71, 0x2B,
639 0x00, 0x00, 0x9C, 0xB7, 0x01, 0x14, 0x0E, 0x06, 0x02, 0x71, 0x2B, 0x83,
640 0x01, 0x0C, 0x08, 0x01, 0x0C, 0xB3, 0x9B, 0x83, 0x2A, 0x01, 0x0C, 0x08,
641 0x01, 0x0C, 0x32, 0x05, 0x02, 0x65, 0x2B, 0x00, 0x02, 0x03, 0x00, 0x03,
642 0x01, 0x02, 0x00, 0x98, 0x02, 0x01, 0x02, 0x00, 0x3C, 0x2A, 0x01, 0x00,
643 0x0F, 0x06, 0x02, 0x63, 0x00, 0xCD, 0x04, 0x74, 0x00, 0xBD, 0x01, 0x01,
644 0x0E, 0x06, 0x02, 0x66, 0x2B, 0xBF, 0x2A, 0x2A, 0x5D, 0x47, 0x01, 0x05,
645 0x11, 0x39, 0x06, 0x02, 0x66, 0x2B, 0x01, 0x08, 0x08, 0x2A, 0x82, 0x30,
646 0x0B, 0x06, 0x0D, 0x2A, 0x01, 0x01, 0x47, 0x0C, 0x3F, 0x2A, 0x82, 0x42,
647 0x84, 0x42, 0x04, 0x01, 0x29, 0x00, 0x00, 0xBD, 0x88, 0x30, 0x01, 0x00,
648 0x3A, 0x0F, 0x06, 0x13, 0x29, 0x01, 0x01, 0x0F, 0x05, 0x02, 0x69, 0x2B,
649 0xBF, 0x06, 0x02, 0x69, 0x2B, 0x01, 0x02, 0x88, 0x42, 0x04, 0x28, 0x01,
650 0x02, 0x3A, 0x0F, 0x06, 0x1F, 0x29, 0x01, 0x0D, 0x0F, 0x05, 0x02, 0x69,
651 0x2B, 0xBF, 0x01, 0x0C, 0x0F, 0x05, 0x02, 0x69, 0x2B, 0x83, 0x01, 0x0C,
652 0xB3, 0x89, 0x83, 0x01, 0x0C, 0x32, 0x05, 0x02, 0x69, 0x2B, 0x04, 0x03,
653 0x69, 0x2B, 0x29, 0x00, 0x00, 0xBD, 0xA4, 0xBD, 0xA4, 0x2A, 0x06, 0x1D,
654 0xBF, 0x06, 0x03, 0xB9, 0x04, 0x15, 0xBD, 0x2A, 0x01, 0x81, 0x7F, 0x0D,
655 0x06, 0x0C, 0x2A, 0x8B, 0x08, 0x01, 0x00, 0x47, 0x42, 0x8B, 0x47, 0xB3,
656 0x04, 0x01, 0xC5, 0x04, 0x60, 0x9B, 0x9B, 0x00, 0x00, 0xB8, 0x2A, 0x5D,
657 0x06, 0x07, 0x29, 0x06, 0x02, 0x67, 0x2B, 0x04, 0x74, 0x00, 0x00, 0xC0,
658 0x01, 0x03, 0xBE, 0x47, 0x29, 0x47, 0x00, 0x00, 0xBD, 0xC5, 0x00, 0x03,
659 0x01, 0x00, 0x03, 0x00, 0xBD, 0xA4, 0x2A, 0x06, 0x32, 0xBF, 0x03, 0x01,
660 0xBF, 0x03, 0x02, 0x02, 0x01, 0x01, 0x02, 0x11, 0x02, 0x01, 0x01, 0x06,
661 0x0D, 0x13, 0x02, 0x02, 0x01, 0x01, 0x0F, 0x02, 0x02, 0x01, 0x03, 0x0F,
662 0x39, 0x13, 0x06, 0x11, 0x02, 0x00, 0x01, 0x01, 0x02, 0x02, 0x60, 0x01,
663 0x02, 0x0C, 0x02, 0x01, 0x08, 0x0C, 0x39, 0x03, 0x00, 0x04, 0x4B, 0x9B,
664 0x02, 0x00, 0x00, 0x00, 0xBD, 0xA4, 0xBA, 0x80, 0x40, 0x9B, 0x00, 0x00,
665 0xBD, 0xA4, 0xBD, 0xA4, 0x01, 0x00, 0x7C, 0x41, 0x2A, 0x06, 0x15, 0xBD,
666 0x2A, 0x01, 0x20, 0x0B, 0x06, 0x0B, 0x01, 0x01, 0x47, 0x0C, 0x7C, 0x2F,
667 0x39, 0x7C, 0x41, 0x04, 0x01, 0x29, 0x04, 0x68, 0x9B, 0x9B, 0x00, 0x00,
668 0x01, 0x02, 0x98, 0xC0, 0x01, 0x08, 0x0C, 0xC0, 0x08, 0x00, 0x00, 0x01,
669 0x03, 0x98, 0xC0, 0x01, 0x08, 0x0C, 0xC0, 0x08, 0x01, 0x08, 0x0C, 0xC0,
670 0x08, 0x00, 0x00, 0x01, 0x01, 0x98, 0xC0, 0x00, 0x00, 0x3D, 0x2A, 0x5B,
671 0x05, 0x01, 0x00, 0x29, 0xCD, 0x04, 0x76, 0x02, 0x03, 0x00, 0x92, 0x30,
672 0x03, 0x01, 0x01, 0x00, 0x2A, 0x02, 0x01, 0x0B, 0x06, 0x10, 0x2A, 0x01,
673 0x01, 0x0C, 0x91, 0x08, 0x2E, 0x02, 0x00, 0x0F, 0x06, 0x01, 0x00, 0x5F,
674 0x04, 0x6A, 0x29, 0x01, 0x7F, 0x00, 0x00, 0x2C, 0x19, 0x38, 0x06, 0x04,
675 0xCB, 0x29, 0x04, 0x78, 0x01, 0x16, 0x87, 0x42, 0x01, 0x00, 0xDE, 0x01,
676 0x00, 0xDD, 0x2C, 0x01, 0x17, 0x87, 0x42, 0x00, 0x00, 0x01, 0x15, 0x87,
677 0x42, 0x47, 0x55, 0x29, 0x55, 0x29, 0x2C, 0x00, 0x00, 0x01, 0x01, 0x47,
678 0xC3, 0x00, 0x00, 0x47, 0x3A, 0x98, 0x47, 0x2A, 0x06, 0x05, 0xC0, 0x29,
679 0x60, 0x04, 0x78, 0x29, 0x00, 0x02, 0x03, 0x00, 0x76, 0x2E, 0x9A, 0x03,
680 0x01, 0x02, 0x01, 0x01, 0x0F, 0x13, 0x02, 0x01, 0x01, 0x04, 0x12, 0x01,
681 0x0F, 0x13, 0x02, 0x01, 0x01, 0x08, 0x12, 0x01, 0x0F, 0x13, 0x01, 0x00,
682 0x3A, 0x0F, 0x06, 0x10, 0x29, 0x01, 0x00, 0x01, 0x18, 0x02, 0x00, 0x06,
683 0x03, 0x4A, 0x04, 0x01, 0x4B, 0x04, 0x80, 0x68, 0x01, 0x01, 0x3A, 0x0F,
684 0x06, 0x10, 0x29, 0x01, 0x01, 0x01, 0x10, 0x02, 0x00, 0x06, 0x03, 0x4A,
685 0x04, 0x01, 0x4B, 0x04, 0x80, 0x52, 0x01, 0x02, 0x3A, 0x0F, 0x06, 0x0F,
686 0x29, 0x01, 0x01, 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x4A, 0x04, 0x01,
687 0x4B, 0x04, 0x3D, 0x01, 0x03, 0x3A, 0x0F, 0x06, 0x0E, 0x29, 0x29, 0x01,
688 0x10, 0x02, 0x00, 0x06, 0x03, 0x48, 0x04, 0x01, 0x49, 0x04, 0x29, 0x01,
689 0x04, 0x3A, 0x0F, 0x06, 0x0E, 0x29, 0x29, 0x01, 0x20, 0x02, 0x00, 0x06,
690 0x03, 0x48, 0x04, 0x01, 0x49, 0x04, 0x15, 0x01, 0x05, 0x3A, 0x0F, 0x06,
691 0x0C, 0x29, 0x29, 0x02, 0x00, 0x06, 0x03, 0x4C, 0x04, 0x01, 0x4D, 0x04,
692 0x03, 0x68, 0x2B, 0x29, 0x00, 0x00, 0x9A, 0x01, 0x0C, 0x12, 0x01, 0x02,
693 0x10, 0x00, 0x00, 0x9A, 0x01, 0x0C, 0x12, 0x2A, 0x5E, 0x47, 0x01, 0x03,
694 0x0B, 0x13, 0x00, 0x00, 0x9A, 0x01, 0x0C, 0x12, 0x01, 0x01, 0x0F, 0x00,
695 0x00, 0x9A, 0x01, 0x0C, 0x12, 0x5D, 0x00, 0x00, 0x1B, 0x01, 0x00, 0x73,
696 0x30, 0x2A, 0x06, 0x1F, 0x01, 0x01, 0x3A, 0x0F, 0x06, 0x06, 0x29, 0x01,
697 0x00, 0x9E, 0x04, 0x11, 0x01, 0x02, 0x3A, 0x0F, 0x06, 0x0A, 0x29, 0x75,
698 0x30, 0x06, 0x03, 0x01, 0x10, 0x39, 0x04, 0x01, 0x29, 0x04, 0x01, 0x29,
699 0x7B, 0x30, 0x05, 0x33, 0x31, 0x06, 0x30, 0x86, 0x30, 0x01, 0x14, 0x3A,
700 0x0F, 0x06, 0x06, 0x29, 0x01, 0x02, 0x39, 0x04, 0x22, 0x01, 0x15, 0x3A,
701 0x0F, 0x06, 0x09, 0x29, 0xA7, 0x06, 0x03, 0x01, 0x7F, 0x9E, 0x04, 0x13,
702 0x01, 0x16, 0x3A, 0x0F, 0x06, 0x06, 0x29, 0x01, 0x01, 0x39, 0x04, 0x07,
703 0x29, 0x01, 0x04, 0x39, 0x01, 0x00, 0x29, 0x19, 0x06, 0x03, 0x01, 0x08,
704 0x39, 0x00, 0x00, 0x1B, 0x2A, 0x05, 0x0F, 0x31, 0x06, 0x0C, 0x86, 0x30,
705 0x01, 0x15, 0x0F, 0x06, 0x04, 0x29, 0xA7, 0x04, 0x01, 0x23, 0x00, 0x00,
706 0xCB, 0x01, 0x07, 0x13, 0x01, 0x01, 0x10, 0x06, 0x02, 0x71, 0x2B, 0x00,
707 0x01, 0x03, 0x00, 0x2C, 0x19, 0x06, 0x05, 0x02, 0x00, 0x87, 0x42, 0x00,
708 0xCB, 0x29, 0x04, 0x74, 0x00, 0x01, 0x14, 0xCE, 0x01, 0x01, 0xDE, 0x2C,
709 0x2A, 0x01, 0x00, 0xC6, 0x01, 0x16, 0xCE, 0xD2, 0x2C, 0x00, 0x00, 0x01,
710 0x0B, 0xDE, 0x50, 0x2A, 0x2A, 0x01, 0x03, 0x08, 0xDD, 0xDD, 0x14, 0x2A,
711 0x5B, 0x06, 0x02, 0x29, 0x00, 0xDD, 0x1E, 0x2A, 0x06, 0x05, 0x83, 0x47,
712 0xD6, 0x04, 0x77, 0x29, 0x04, 0x6C, 0x00, 0x01, 0x00, 0xD8, 0x93, 0x2E,
713 0x01, 0x86, 0x03, 0x11, 0x06, 0x05, 0x61, 0x01, 0x00, 0xD9, 0x08, 0x4E,
714 0x08, 0x01, 0x03, 0x08, 0x01, 0x0D, 0xDE, 0xDD, 0x01, 0x00, 0xD8, 0xDE,
715 0x01, 0x01, 0xD8, 0x29, 0x93, 0x2E, 0x01, 0x86, 0x03, 0x11, 0x06, 0x08,
716 0x01, 0x00, 0xD9, 0xDC, 0x01, 0x01, 0xD9, 0x29, 0x4E, 0xDC, 0x16, 0x15,
717 0x2A, 0x5B, 0x06, 0x02, 0x29, 0x00, 0xDC, 0x1F, 0x2A, 0x06, 0x05, 0x83,
718 0x47, 0xD6, 0x04, 0x77, 0x29, 0x04, 0x6C, 0x00, 0x9C, 0x01, 0x14, 0xDE,
719 0x01, 0x0C, 0xDD, 0x83, 0x01, 0x0C, 0xD6, 0x00, 0x04, 0x03, 0x00, 0x01,
720 0x02, 0xDE, 0x01, 0x80, 0x46, 0x88, 0x30, 0x01, 0x02, 0x0F, 0x06, 0x0C,
721 0x02, 0x00, 0x06, 0x04, 0x01, 0x05, 0x04, 0x02, 0x01, 0x1D, 0x04, 0x02,
722 0x01, 0x00, 0x03, 0x01, 0x84, 0x30, 0x06, 0x04, 0x01, 0x05, 0x04, 0x02,
723 0x01, 0x00, 0x03, 0x02, 0x8A, 0x2E, 0x2A, 0x06, 0x05, 0x60, 0x21, 0x01,
724 0x07, 0x08, 0x03, 0x03, 0x02, 0x01, 0x02, 0x02, 0x08, 0x02, 0x03, 0x08,
725 0x2A, 0x06, 0x03, 0x01, 0x02, 0x08, 0x08, 0xDD, 0x93, 0x2E, 0xDC, 0x8C,
726 0x01, 0x04, 0x17, 0x8C, 0x01, 0x04, 0x08, 0x01, 0x1C, 0x34, 0x8C, 0x01,
727 0x20, 0xD6, 0x01, 0x20, 0xDE, 0x8D, 0x01, 0x20, 0xD6, 0x76, 0x2E, 0xDC,
728 0x01, 0x00, 0xDE, 0x02, 0x01, 0x02, 0x02, 0x08, 0x02, 0x03, 0x08, 0x2A,
729 0x06, 0x80, 0x40, 0xDC, 0x02, 0x01, 0x2A, 0x06, 0x10, 0x01, 0x83, 0xFE,
730 0x01, 0xDC, 0x01, 0x04, 0x09, 0x2A, 0xDC, 0x60, 0x89, 0x47, 0xD7, 0x04,
731 0x01, 0x29, 0x02, 0x02, 0x06, 0x0C, 0x01, 0x01, 0xDC, 0x01, 0x01, 0xDC,
732 0x84, 0x30, 0x01, 0x08, 0x09, 0xDE, 0x02, 0x03, 0x2A, 0x06, 0x11, 0x01,
733 0x10, 0xDC, 0x01, 0x04, 0x09, 0x2A, 0xDC, 0x62, 0x2A, 0xDC, 0x60, 0x83,
734 0x47, 0xD7, 0x04, 0x01, 0x29, 0x04, 0x01, 0x29, 0x00, 0x00, 0x01, 0x0E,
735 0xDE, 0x01, 0x00, 0xDD, 0x00, 0x03, 0x76, 0x2E, 0xC8, 0x05, 0x01, 0x00,
736 0x7C, 0x2F, 0x01, 0x00, 0xA0, 0x12, 0x01, 0x01, 0x13, 0x5D, 0x06, 0x03,
737 0x5F, 0x04, 0x75, 0x03, 0x00, 0x29, 0x02, 0x00, 0x25, 0x2A, 0x5B, 0x06,
738 0x02, 0x37, 0x2B, 0x03, 0x01, 0x93, 0x2E, 0x01, 0x86, 0x03, 0x11, 0x03,
739 0x02, 0x01, 0x0C, 0xDE, 0x02, 0x01, 0x7E, 0x30, 0x08, 0x02, 0x02, 0x01,
740 0x02, 0x13, 0x08, 0x01, 0x06, 0x08, 0xDD, 0x01, 0x03, 0xDE, 0x02, 0x00,
741 0xDC, 0x7D, 0x7E, 0x30, 0xD7, 0x02, 0x02, 0x06, 0x0D, 0x90, 0x30, 0xDE,
742 0x76, 0x2E, 0xC9, 0x01, 0x01, 0x0C, 0x01, 0x03, 0x08, 0xDE, 0x02, 0x01,
743 0xDC, 0x83, 0x02, 0x01, 0xD6, 0x00, 0x00, 0x54, 0x2A, 0x01, 0x00, 0x0F,
744 0x06, 0x02, 0x63, 0x00, 0xCB, 0x29, 0x04, 0x73, 0x00, 0x2A, 0xDE, 0xD6,
745 0x00, 0x00, 0x01, 0x00, 0x76, 0x2E, 0xC7, 0x06, 0x0C, 0x61, 0x3A, 0x06,
746 0x08, 0x01, 0x80, 0x41, 0xDE, 0x01, 0x80, 0x42, 0xDE, 0x46, 0x06, 0x07,
747 0x5F, 0x3A, 0x06, 0x03, 0x01, 0x01, 0xDE, 0x45, 0x06, 0x08, 0x5F, 0x3A,
748 0x06, 0x04, 0x01, 0x80, 0x40, 0xDE, 0x47, 0x29, 0x00, 0x01, 0x01, 0x00,
749 0x03, 0x00, 0x46, 0x45, 0x39, 0x05, 0x14, 0x01, 0x01, 0x01, 0x80, 0x7C,
750 0xDA, 0x03, 0x00, 0x01, 0x03, 0x01, 0x80, 0x7C, 0xDA, 0x02, 0x00, 0x08,
751 0x47, 0x29, 0x00, 0x46, 0x06, 0x07, 0x01, 0x01, 0x44, 0x29, 0xDA, 0x03,
752 0x00, 0x45, 0x06, 0x0A, 0x01, 0x03, 0x44, 0x29, 0xDA, 0x02, 0x00, 0x08,
753 0x03, 0x00, 0x29, 0x02, 0x00, 0x00, 0x00, 0x01, 0x00, 0x01, 0x04, 0xDB,
754 0x01, 0x05, 0xDB, 0x01, 0x06, 0xDB, 0x01, 0x03, 0xDB, 0x01, 0x02, 0xDB,
755 0x0A, 0x63, 0x00, 0x01, 0x03, 0x00, 0x3A, 0x01, 0x01, 0x02, 0x00, 0x0C,
756 0x13, 0x05, 0x01, 0x00, 0x61, 0x01, 0x03, 0x3B, 0x06, 0x07, 0x02, 0x00,
757 0xDE, 0x01, 0x02, 0x3B, 0xDE, 0x00, 0x00, 0x2A, 0x01, 0x08, 0x52, 0xDE,
758 0xDE, 0x00, 0x00, 0x2A, 0x01, 0x10, 0x52, 0xDE, 0xDC, 0x00, 0x00, 0x2A,
759 0x55, 0x06, 0x02, 0x29, 0x00, 0xCB, 0x29, 0x04, 0x76
760 };
761
762 static const uint16_t t0_caddr[] = {
763 0,
764 5,
765 10,
766 15,
767 20,
768 25,
769 30,
770 35,
771 40,
772 44,
773 48,
774 52,
775 56,
776 60,
777 64,
778 68,
779 72,
780 76,
781 80,
782 84,
783 88,
784 92,
785 96,
786 100,
787 104,
788 109,
789 114,
790 119,
791 124,
792 129,
793 134,
794 139,
795 144,
796 149,
797 154,
798 159,
799 164,
800 169,
801 174,
802 180,
803 185,
804 190,
805 195,
806 200,
807 205,
808 210,
809 215,
810 220,
811 225,
812 230,
813 235,
814 240,
815 245,
816 250,
817 255,
818 260,
819 265,
820 270,
821 275,
822 280,
823 285,
824 290,
825 299,
826 303,
827 328,
828 334,
829 353,
830 364,
831 398,
832 509,
833 513,
834 546,
835 556,
836 624,
837 638,
838 644,
839 704,
840 723,
841 745,
842 794,
843 843,
844 919,
845 1021,
846 1032,
847 1613,
848 1617,
849 1684,
850 1694,
851 1725,
852 1749,
853 1795,
854 1865,
855 1905,
856 1919,
857 1928,
858 1932,
859 1996,
860 2004,
861 2040,
862 2051,
863 2067,
864 2073,
865 2084,
866 2119,
867 2145,
868 2157,
869 2163,
870 2178,
871 2334,
872 2343,
873 2356,
874 2365,
875 2372,
876 2475,
877 2496,
878 2509,
879 2525,
880 2543,
881 2575,
882 2648,
883 2661,
884 2842,
885 2850,
886 2947,
887 2961,
888 2966,
889 3010,
890 3067,
891 3088,
892 3115,
893 3123,
894 3131
895 };
896
897 #define T0_INTERPRETED 91
898
899 #define T0_ENTER(ip, rp, slot) do { \
900 const unsigned char *t0_newip; \
901 uint32_t t0_lnum; \
902 t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \
903 t0_lnum = t0_parse7E_unsigned(&t0_newip); \
904 (rp) += t0_lnum; \
905 *((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \
906 (ip) = t0_newip; \
907 } while (0)
908
909 #define T0_DEFENTRY(name, slot) \
910 void \
911 name(void *ctx) \
912 { \
913 t0_context *t0ctx = ctx; \
914 t0ctx->ip = &t0_codeblock[0]; \
915 T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \
916 }
917
918 T0_DEFENTRY(br_ssl_hs_server_init_main, 163)
919
920 #define T0_NEXT(t0ipp) (*(*(t0ipp)) ++)
921
922 void
923 br_ssl_hs_server_run(void *t0ctx)
924 {
925 uint32_t *dp, *rp;
926 const unsigned char *ip;
927
928 #define T0_LOCAL(x) (*(rp - 2 - (x)))
929 #define T0_POP() (*-- dp)
930 #define T0_POPi() (*(int32_t *)(-- dp))
931 #define T0_PEEK(x) (*(dp - 1 - (x)))
932 #define T0_PEEKi(x) (*(int32_t *)(dp - 1 - (x)))
933 #define T0_PUSH(v) do { *dp = (v); dp ++; } while (0)
934 #define T0_PUSHi(v) do { *(int32_t *)dp = (v); dp ++; } while (0)
935 #define T0_RPOP() (*-- rp)
936 #define T0_RPOPi() (*(int32_t *)(-- rp))
937 #define T0_RPUSH(v) do { *rp = (v); rp ++; } while (0)
938 #define T0_RPUSHi(v) do { *(int32_t *)rp = (v); rp ++; } while (0)
939 #define T0_ROLL(x) do { \
940 size_t t0len = (size_t)(x); \
941 uint32_t t0tmp = *(dp - 1 - t0len); \
942 memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \
943 *(dp - 1) = t0tmp; \
944 } while (0)
945 #define T0_SWAP() do { \
946 uint32_t t0tmp = *(dp - 2); \
947 *(dp - 2) = *(dp - 1); \
948 *(dp - 1) = t0tmp; \
949 } while (0)
950 #define T0_ROT() do { \
951 uint32_t t0tmp = *(dp - 3); \
952 *(dp - 3) = *(dp - 2); \
953 *(dp - 2) = *(dp - 1); \
954 *(dp - 1) = t0tmp; \
955 } while (0)
956 #define T0_NROT() do { \
957 uint32_t t0tmp = *(dp - 1); \
958 *(dp - 1) = *(dp - 2); \
959 *(dp - 2) = *(dp - 3); \
960 *(dp - 3) = t0tmp; \
961 } while (0)
962 #define T0_PICK(x) do { \
963 uint32_t t0depth = (x); \
964 T0_PUSH(T0_PEEK(t0depth)); \
965 } while (0)
966 #define T0_CO() do { \
967 goto t0_exit; \
968 } while (0)
969 #define T0_RET() goto t0_next
970
971 dp = ((t0_context *)t0ctx)->dp;
972 rp = ((t0_context *)t0ctx)->rp;
973 ip = ((t0_context *)t0ctx)->ip;
974 goto t0_next;
975 for (;;) {
976 uint32_t t0x;
977
978 t0_next:
979 t0x = T0_NEXT(&ip);
980 if (t0x < T0_INTERPRETED) {
981 switch (t0x) {
982 int32_t t0off;
983
984 case 0: /* ret */
985 t0x = T0_RPOP();
986 rp -= (t0x >> 16);
987 t0x &= 0xFFFF;
988 if (t0x == 0) {
989 ip = NULL;
990 goto t0_exit;
991 }
992 ip = &t0_codeblock[t0x];
993 break;
994 case 1: /* literal constant */
995 T0_PUSHi(t0_parse7E_signed(&ip));
996 break;
997 case 2: /* read local */
998 T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip)));
999 break;
1000 case 3: /* write local */
1001 T0_LOCAL(t0_parse7E_unsigned(&ip)) = T0_POP();
1002 break;
1003 case 4: /* jump */
1004 t0off = t0_parse7E_signed(&ip);
1005 ip += t0off;
1006 break;
1007 case 5: /* jump if */
1008 t0off = t0_parse7E_signed(&ip);
1009 if (T0_POP()) {
1010 ip += t0off;
1011 }
1012 break;
1013 case 6: /* jump if not */
1014 t0off = t0_parse7E_signed(&ip);
1015 if (!T0_POP()) {
1016 ip += t0off;
1017 }
1018 break;
1019 case 7: {
1020 /* * */
1021
1022 uint32_t b = T0_POP();
1023 uint32_t a = T0_POP();
1024 T0_PUSH(a * b);
1025
1026 }
1027 break;
1028 case 8: {
1029 /* + */
1030
1031 uint32_t b = T0_POP();
1032 uint32_t a = T0_POP();
1033 T0_PUSH(a + b);
1034
1035 }
1036 break;
1037 case 9: {
1038 /* - */
1039
1040 uint32_t b = T0_POP();
1041 uint32_t a = T0_POP();
1042 T0_PUSH(a - b);
1043
1044 }
1045 break;
1046 case 10: {
1047 /* -rot */
1048 T0_NROT();
1049 }
1050 break;
1051 case 11: {
1052 /* < */
1053
1054 int32_t b = T0_POPi();
1055 int32_t a = T0_POPi();
1056 T0_PUSH(-(uint32_t)(a < b));
1057
1058 }
1059 break;
1060 case 12: {
1061 /* << */
1062
1063 int c = (int)T0_POPi();
1064 uint32_t x = T0_POP();
1065 T0_PUSH(x << c);
1066
1067 }
1068 break;
1069 case 13: {
1070 /* <= */
1071
1072 int32_t b = T0_POPi();
1073 int32_t a = T0_POPi();
1074 T0_PUSH(-(uint32_t)(a <= b));
1075
1076 }
1077 break;
1078 case 14: {
1079 /* <> */
1080
1081 uint32_t b = T0_POP();
1082 uint32_t a = T0_POP();
1083 T0_PUSH(-(uint32_t)(a != b));
1084
1085 }
1086 break;
1087 case 15: {
1088 /* = */
1089
1090 uint32_t b = T0_POP();
1091 uint32_t a = T0_POP();
1092 T0_PUSH(-(uint32_t)(a == b));
1093
1094 }
1095 break;
1096 case 16: {
1097 /* > */
1098
1099 int32_t b = T0_POPi();
1100 int32_t a = T0_POPi();
1101 T0_PUSH(-(uint32_t)(a > b));
1102
1103 }
1104 break;
1105 case 17: {
1106 /* >= */
1107
1108 int32_t b = T0_POPi();
1109 int32_t a = T0_POPi();
1110 T0_PUSH(-(uint32_t)(a >= b));
1111
1112 }
1113 break;
1114 case 18: {
1115 /* >> */
1116
1117 int c = (int)T0_POPi();
1118 int32_t x = T0_POPi();
1119 T0_PUSHi(x >> c);
1120
1121 }
1122 break;
1123 case 19: {
1124 /* and */
1125
1126 uint32_t b = T0_POP();
1127 uint32_t a = T0_POP();
1128 T0_PUSH(a & b);
1129
1130 }
1131 break;
1132 case 20: {
1133 /* begin-cert */
1134
1135 if (ENG->chain_len == 0) {
1136 T0_PUSHi(-1);
1137 } else {
1138 ENG->cert_cur = ENG->chain->data;
1139 ENG->cert_len = ENG->chain->data_len;
1140 ENG->chain ++;
1141 ENG->chain_len --;
1142 T0_PUSH(ENG->cert_len);
1143 }
1144
1145 }
1146 break;
1147 case 21: {
1148 /* begin-ta-name */
1149
1150 const br_x500_name *dn;
1151 if (CTX->cur_dn_index >= CTX->num_tas) {
1152 T0_PUSHi(-1);
1153 } else {
1154 if (CTX->ta_names == NULL) {
1155 dn = &CTX->tas[CTX->cur_dn_index].dn;
1156 } else {
1157 dn = &CTX->ta_names[CTX->cur_dn_index];
1158 }
1159 CTX->cur_dn_index ++;
1160 CTX->cur_dn = dn->data;
1161 CTX->cur_dn_len = dn->len;
1162 T0_PUSH(CTX->cur_dn_len);
1163 }
1164
1165 }
1166 break;
1167 case 22: {
1168 /* begin-ta-name-list */
1169
1170 CTX->cur_dn_index = 0;
1171
1172 }
1173 break;
1174 case 23: {
1175 /* bzero */
1176
1177 size_t len = (size_t)T0_POP();
1178 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
1179 memset(addr, 0, len);
1180
1181 }
1182 break;
1183 case 24: {
1184 /* call-policy-handler */
1185
1186 int x;
1187 br_ssl_server_choices choices;
1188
1189 x = (*CTX->policy_vtable)->choose(
1190 CTX->policy_vtable, CTX, &choices);
1191 ENG->session.cipher_suite = choices.cipher_suite;
1192 CTX->sign_hash_id = choices.hash_id;
1193 ENG->chain = choices.chain;
1194 ENG->chain_len = choices.chain_len;
1195 T0_PUSHi(-(x != 0));
1196
1197 }
1198 break;
1199 case 25: {
1200 /* can-output? */
1201
1202 T0_PUSHi(-(ENG->hlen_out > 0));
1203
1204 }
1205 break;
1206 case 26: {
1207 /* check-resume */
1208
1209 if (ENG->session.session_id_len == 32
1210 && CTX->cache_vtable != NULL && (*CTX->cache_vtable)->load(
1211 CTX->cache_vtable, CTX, &ENG->session))
1212 {
1213 T0_PUSHi(-1);
1214 } else {
1215 T0_PUSH(0);
1216 }
1217
1218 }
1219 break;
1220 case 27: {
1221 /* co */
1222 T0_CO();
1223 }
1224 break;
1225 case 28: {
1226 /* compute-Finished-inner */
1227
1228 int prf_id = T0_POP();
1229 int from_client = T0_POPi();
1230 unsigned char seed[48];
1231 size_t seed_len;
1232
1233 br_tls_prf_impl prf = br_ssl_engine_get_PRF(ENG, prf_id);
1234 if (ENG->session.version >= BR_TLS12) {
1235 seed_len = br_multihash_out(&ENG->mhash, prf_id, seed);
1236 } else {
1237 br_multihash_out(&ENG->mhash, br_md5_ID, seed);
1238 br_multihash_out(&ENG->mhash, br_sha1_ID, seed + 16);
1239 seed_len = 36;
1240 }
1241 prf(ENG->pad, 12, ENG->session.master_secret,
1242 sizeof ENG->session.master_secret,
1243 from_client ? "client finished" : "server finished",
1244 seed, seed_len);
1245
1246 }
1247 break;
1248 case 29: {
1249 /* compute-hash-CV */
1250
1251 int i;
1252
1253 for (i = 1; i <= 6; i ++) {
1254 br_multihash_out(&ENG->mhash, i,
1255 ENG->pad + HASH_PAD_OFF[i - 1]);
1256 }
1257
1258 }
1259 break;
1260 case 30: {
1261 /* copy-cert-chunk */
1262
1263 size_t clen;
1264
1265 clen = ENG->cert_len;
1266 if (clen > sizeof ENG->pad) {
1267 clen = sizeof ENG->pad;
1268 }
1269 memcpy(ENG->pad, ENG->cert_cur, clen);
1270 ENG->cert_cur += clen;
1271 ENG->cert_len -= clen;
1272 T0_PUSH(clen);
1273
1274 }
1275 break;
1276 case 31: {
1277 /* copy-dn-chunk */
1278
1279 size_t clen;
1280
1281 clen = CTX->cur_dn_len;
1282 if (clen > sizeof ENG->pad) {
1283 clen = sizeof ENG->pad;
1284 }
1285 memcpy(ENG->pad, CTX->cur_dn, clen);
1286 CTX->cur_dn += clen;
1287 CTX->cur_dn_len -= clen;
1288 T0_PUSH(clen);
1289
1290 }
1291 break;
1292 case 32: {
1293 /* copy-hash-CV */
1294
1295 int id = T0_POP();
1296 size_t off, len;
1297
1298 if (id == 0) {
1299 off = 0;
1300 len = 36;
1301 } else {
1302 if (br_multihash_getimpl(&ENG->mhash, id) == 0) {
1303 T0_PUSH(0);
1304 T0_RET();
1305 }
1306 off = HASH_PAD_OFF[id - 1];
1307 len = HASH_PAD_OFF[id] - off;
1308 }
1309 memcpy(CTX->hash_CV, ENG->pad + off, len);
1310 CTX->hash_CV_len = len;
1311 CTX->hash_CV_id = id;
1312 T0_PUSHi(-1);
1313
1314 }
1315 break;
1316 case 33: {
1317 /* copy-protocol-name */
1318
1319 size_t idx = T0_POP();
1320 size_t len = strlen(ENG->protocol_names[idx]);
1321 memcpy(ENG->pad, ENG->protocol_names[idx], len);
1322 T0_PUSH(len);
1323
1324 }
1325 break;
1326 case 34: {
1327 /* data-get8 */
1328
1329 size_t addr = T0_POP();
1330 T0_PUSH(t0_datablock[addr]);
1331
1332 }
1333 break;
1334 case 35: {
1335 /* discard-input */
1336
1337 ENG->hlen_in = 0;
1338
1339 }
1340 break;
1341 case 36: {
1342 /* do-ecdh */
1343
1344 int prf_id = T0_POPi();
1345 size_t len = T0_POP();
1346 do_ecdh(CTX, prf_id, ENG->pad, len);
1347
1348 }
1349 break;
1350 case 37: {
1351 /* do-ecdhe-part1 */
1352
1353 int curve = T0_POPi();
1354 T0_PUSHi(do_ecdhe_part1(CTX, curve));
1355
1356 }
1357 break;
1358 case 38: {
1359 /* do-ecdhe-part2 */
1360
1361 int prf_id = T0_POPi();
1362 size_t len = T0_POP();
1363 do_ecdhe_part2(CTX, prf_id, ENG->pad, len);
1364
1365 }
1366 break;
1367 case 39: {
1368 /* do-rsa-decrypt */
1369
1370 int prf_id = T0_POPi();
1371 size_t len = T0_POP();
1372 do_rsa_decrypt(CTX, prf_id, ENG->pad, len);
1373
1374 }
1375 break;
1376 case 40: {
1377 /* do-static-ecdh */
1378
1379 do_static_ecdh(CTX, T0_POP());
1380
1381 }
1382 break;
1383 case 41: {
1384 /* drop */
1385 (void)T0_POP();
1386 }
1387 break;
1388 case 42: {
1389 /* dup */
1390 T0_PUSH(T0_PEEK(0));
1391 }
1392 break;
1393 case 43: {
1394 /* fail */
1395
1396 br_ssl_engine_fail(ENG, (int)T0_POPi());
1397 T0_CO();
1398
1399 }
1400 break;
1401 case 44: {
1402 /* flush-record */
1403
1404 br_ssl_engine_flush_record(ENG);
1405
1406 }
1407 break;
1408 case 45: {
1409 /* get-key-type-usages */
1410
1411 const br_x509_class *xc;
1412 const br_x509_pkey *pk;
1413 unsigned usages;
1414
1415 xc = *(ENG->x509ctx);
1416 pk = xc->get_pkey(ENG->x509ctx, &usages);
1417 if (pk == NULL) {
1418 T0_PUSH(0);
1419 } else {
1420 T0_PUSH(pk->key_type | usages);
1421 }
1422
1423 }
1424 break;
1425 case 46: {
1426 /* get16 */
1427
1428 size_t addr = (size_t)T0_POP();
1429 T0_PUSH(*(uint16_t *)((unsigned char *)ENG + addr));
1430
1431 }
1432 break;
1433 case 47: {
1434 /* get32 */
1435
1436 size_t addr = (size_t)T0_POP();
1437 T0_PUSH(*(uint32_t *)((unsigned char *)ENG + addr));
1438
1439 }
1440 break;
1441 case 48: {
1442 /* get8 */
1443
1444 size_t addr = (size_t)T0_POP();
1445 T0_PUSH(*((unsigned char *)ENG + addr));
1446
1447 }
1448 break;
1449 case 49: {
1450 /* has-input? */
1451
1452 T0_PUSHi(-(ENG->hlen_in != 0));
1453
1454 }
1455 break;
1456 case 50: {
1457 /* memcmp */
1458
1459 size_t len = (size_t)T0_POP();
1460 void *addr2 = (unsigned char *)ENG + (size_t)T0_POP();
1461 void *addr1 = (unsigned char *)ENG + (size_t)T0_POP();
1462 int x = memcmp(addr1, addr2, len);
1463 T0_PUSH((uint32_t)-(x == 0));
1464
1465 }
1466 break;
1467 case 51: {
1468 /* memcpy */
1469
1470 size_t len = (size_t)T0_POP();
1471 void *src = (unsigned char *)ENG + (size_t)T0_POP();
1472 void *dst = (unsigned char *)ENG + (size_t)T0_POP();
1473 memcpy(dst, src, len);
1474
1475 }
1476 break;
1477 case 52: {
1478 /* mkrand */
1479
1480 size_t len = (size_t)T0_POP();
1481 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
1482 br_hmac_drbg_generate(&ENG->rng, addr, len);
1483
1484 }
1485 break;
1486 case 53: {
1487 /* more-incoming-bytes? */
1488
1489 T0_PUSHi(ENG->hlen_in != 0 || !br_ssl_engine_recvrec_finished(ENG));
1490
1491 }
1492 break;
1493 case 54: {
1494 /* multihash-init */
1495
1496 br_multihash_init(&ENG->mhash);
1497
1498 }
1499 break;
1500 case 55: {
1501 /* neg */
1502
1503 uint32_t a = T0_POP();
1504 T0_PUSH(-a);
1505
1506 }
1507 break;
1508 case 56: {
1509 /* not */
1510
1511 uint32_t a = T0_POP();
1512 T0_PUSH(~a);
1513
1514 }
1515 break;
1516 case 57: {
1517 /* or */
1518
1519 uint32_t b = T0_POP();
1520 uint32_t a = T0_POP();
1521 T0_PUSH(a | b);
1522
1523 }
1524 break;
1525 case 58: {
1526 /* over */
1527 T0_PUSH(T0_PEEK(1));
1528 }
1529 break;
1530 case 59: {
1531 /* pick */
1532 T0_PICK(T0_POP());
1533 }
1534 break;
1535 case 60: {
1536 /* read-chunk-native */
1537
1538 size_t clen = ENG->hlen_in;
1539 if (clen > 0) {
1540 uint32_t addr, len;
1541
1542 len = T0_POP();
1543 addr = T0_POP();
1544 if ((size_t)len < clen) {
1545 clen = (size_t)len;
1546 }
1547 memcpy((unsigned char *)ENG + addr, ENG->hbuf_in, clen);
1548 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1549 br_multihash_update(&ENG->mhash, ENG->hbuf_in, clen);
1550 }
1551 T0_PUSH(addr + (uint32_t)clen);
1552 T0_PUSH(len - (uint32_t)clen);
1553 ENG->hbuf_in += clen;
1554 ENG->hlen_in -= clen;
1555 }
1556
1557 }
1558 break;
1559 case 61: {
1560 /* read8-native */
1561
1562 if (ENG->hlen_in > 0) {
1563 unsigned char x;
1564
1565 x = *ENG->hbuf_in ++;
1566 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1567 br_multihash_update(&ENG->mhash, &x, 1);
1568 }
1569 T0_PUSH(x);
1570 ENG->hlen_in --;
1571 } else {
1572 T0_PUSHi(-1);
1573 }
1574
1575 }
1576 break;
1577 case 62: {
1578 /* save-session */
1579
1580 if (CTX->cache_vtable != NULL) {
1581 (*CTX->cache_vtable)->save(
1582 CTX->cache_vtable, CTX, &ENG->session);
1583 }
1584
1585 }
1586 break;
1587 case 63: {
1588 /* set-max-frag-len */
1589
1590 size_t max_frag_len = T0_POP();
1591
1592 br_ssl_engine_new_max_frag_len(ENG, max_frag_len);
1593
1594 /*
1595 * We must adjust our own output limit. Since we call this only
1596 * after receiving a ClientHello and before beginning to send
1597 * the ServerHello, the next output record should be empty at
1598 * that point, so we can use max_frag_len as a limit.
1599 */
1600 if (ENG->hlen_out > max_frag_len) {
1601 ENG->hlen_out = max_frag_len;
1602 }
1603
1604 }
1605 break;
1606 case 64: {
1607 /* set16 */
1608
1609 size_t addr = (size_t)T0_POP();
1610 *(uint16_t *)((unsigned char *)ENG + addr) = (uint16_t)T0_POP();
1611
1612 }
1613 break;
1614 case 65: {
1615 /* set32 */
1616
1617 size_t addr = (size_t)T0_POP();
1618 *(uint32_t *)((unsigned char *)ENG + addr) = (uint32_t)T0_POP();
1619
1620 }
1621 break;
1622 case 66: {
1623 /* set8 */
1624
1625 size_t addr = (size_t)T0_POP();
1626 *((unsigned char *)ENG + addr) = (unsigned char)T0_POP();
1627
1628 }
1629 break;
1630 case 67: {
1631 /* supported-curves */
1632
1633 uint32_t x = ENG->iec == NULL ? 0 : ENG->iec->supported_curves;
1634 T0_PUSH(x);
1635
1636 }
1637 break;
1638 case 68: {
1639 /* supported-hash-functions */
1640
1641 int i;
1642 unsigned x, num;
1643
1644 x = 0;
1645 num = 0;
1646 for (i = br_sha1_ID; i <= br_sha512_ID; i ++) {
1647 if (br_multihash_getimpl(&ENG->mhash, i)) {
1648 x |= 1U << i;
1649 num ++;
1650 }
1651 }
1652 T0_PUSH(x);
1653 T0_PUSH(num);
1654
1655 }
1656 break;
1657 case 69: {
1658 /* supports-ecdsa? */
1659
1660 T0_PUSHi(-(ENG->iecdsa != 0));
1661
1662 }
1663 break;
1664 case 70: {
1665 /* supports-rsa-sign? */
1666
1667 T0_PUSHi(-(ENG->irsavrfy != 0));
1668
1669 }
1670 break;
1671 case 71: {
1672 /* swap */
1673 T0_SWAP();
1674 }
1675 break;
1676 case 72: {
1677 /* switch-aesgcm-in */
1678
1679 int is_client, prf_id;
1680 unsigned cipher_key_len;
1681
1682 cipher_key_len = T0_POP();
1683 prf_id = T0_POP();
1684 is_client = T0_POP();
1685 br_ssl_engine_switch_gcm_in(ENG, is_client, prf_id,
1686 ENG->iaes_ctr, cipher_key_len);
1687
1688 }
1689 break;
1690 case 73: {
1691 /* switch-aesgcm-out */
1692
1693 int is_client, prf_id;
1694 unsigned cipher_key_len;
1695
1696 cipher_key_len = T0_POP();
1697 prf_id = T0_POP();
1698 is_client = T0_POP();
1699 br_ssl_engine_switch_gcm_out(ENG, is_client, prf_id,
1700 ENG->iaes_ctr, cipher_key_len);
1701
1702 }
1703 break;
1704 case 74: {
1705 /* switch-cbc-in */
1706
1707 int is_client, prf_id, mac_id, aes;
1708 unsigned cipher_key_len;
1709
1710 cipher_key_len = T0_POP();
1711 aes = T0_POP();
1712 mac_id = T0_POP();
1713 prf_id = T0_POP();
1714 is_client = T0_POP();
1715 br_ssl_engine_switch_cbc_in(ENG, is_client, prf_id, mac_id,
1716 aes ? ENG->iaes_cbcdec : ENG->ides_cbcdec, cipher_key_len);
1717
1718 }
1719 break;
1720 case 75: {
1721 /* switch-cbc-out */
1722
1723 int is_client, prf_id, mac_id, aes;
1724 unsigned cipher_key_len;
1725
1726 cipher_key_len = T0_POP();
1727 aes = T0_POP();
1728 mac_id = T0_POP();
1729 prf_id = T0_POP();
1730 is_client = T0_POP();
1731 br_ssl_engine_switch_cbc_out(ENG, is_client, prf_id, mac_id,
1732 aes ? ENG->iaes_cbcenc : ENG->ides_cbcenc, cipher_key_len);
1733
1734 }
1735 break;
1736 case 76: {
1737 /* switch-chapol-in */
1738
1739 int is_client, prf_id;
1740
1741 prf_id = T0_POP();
1742 is_client = T0_POP();
1743 br_ssl_engine_switch_chapol_in(ENG, is_client, prf_id);
1744
1745 }
1746 break;
1747 case 77: {
1748 /* switch-chapol-out */
1749
1750 int is_client, prf_id;
1751
1752 prf_id = T0_POP();
1753 is_client = T0_POP();
1754 br_ssl_engine_switch_chapol_out(ENG, is_client, prf_id);
1755
1756 }
1757 break;
1758 case 78: {
1759 /* ta-names-total-length */
1760
1761 size_t u, len;
1762
1763 len = 0;
1764 if (CTX->ta_names != NULL) {
1765 for (u = 0; u < CTX->num_tas; u ++) {
1766 len += CTX->ta_names[u].len + 2;
1767 }
1768 } else if (CTX->tas != NULL) {
1769 for (u = 0; u < CTX->num_tas; u ++) {
1770 len += CTX->tas[u].dn.len + 2;
1771 }
1772 }
1773 T0_PUSH(len);
1774
1775 }
1776 break;
1777 case 79: {
1778 /* test-protocol-name */
1779
1780 size_t len = T0_POP();
1781 size_t u;
1782
1783 for (u = 0; u < ENG->protocol_names_num; u ++) {
1784 const char *name;
1785
1786 name = ENG->protocol_names[u];
1787 if (len == strlen(name) && memcmp(ENG->pad, name, len) == 0) {
1788 T0_PUSH(u);
1789 T0_RET();
1790 }
1791 }
1792 T0_PUSHi(-1);
1793
1794 }
1795 break;
1796 case 80: {
1797 /* total-chain-length */
1798
1799 size_t u;
1800 uint32_t total;
1801
1802 total = 0;
1803 for (u = 0; u < ENG->chain_len; u ++) {
1804 total += 3 + (uint32_t)ENG->chain[u].data_len;
1805 }
1806 T0_PUSH(total);
1807
1808 }
1809 break;
1810 case 81: {
1811 /* u< */
1812
1813 uint32_t b = T0_POP();
1814 uint32_t a = T0_POP();
1815 T0_PUSH(-(uint32_t)(a < b));
1816
1817 }
1818 break;
1819 case 82: {
1820 /* u>> */
1821
1822 int c = (int)T0_POPi();
1823 uint32_t x = T0_POP();
1824 T0_PUSH(x >> c);
1825
1826 }
1827 break;
1828 case 83: {
1829 /* verify-CV-sig */
1830
1831 int err;
1832
1833 err = verify_CV_sig(CTX, T0_POP());
1834 T0_PUSHi(err);
1835
1836 }
1837 break;
1838 case 84: {
1839 /* write-blob-chunk */
1840
1841 size_t clen = ENG->hlen_out;
1842 if (clen > 0) {
1843 uint32_t addr, len;
1844
1845 len = T0_POP();
1846 addr = T0_POP();
1847 if ((size_t)len < clen) {
1848 clen = (size_t)len;
1849 }
1850 memcpy(ENG->hbuf_out, (unsigned char *)ENG + addr, clen);
1851 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1852 br_multihash_update(&ENG->mhash, ENG->hbuf_out, clen);
1853 }
1854 T0_PUSH(addr + (uint32_t)clen);
1855 T0_PUSH(len - (uint32_t)clen);
1856 ENG->hbuf_out += clen;
1857 ENG->hlen_out -= clen;
1858 }
1859
1860 }
1861 break;
1862 case 85: {
1863 /* write8-native */
1864
1865 unsigned char x;
1866
1867 x = (unsigned char)T0_POP();
1868 if (ENG->hlen_out > 0) {
1869 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1870 br_multihash_update(&ENG->mhash, &x, 1);
1871 }
1872 *ENG->hbuf_out ++ = x;
1873 ENG->hlen_out --;
1874 T0_PUSHi(-1);
1875 } else {
1876 T0_PUSHi(0);
1877 }
1878
1879 }
1880 break;
1881 case 86: {
1882 /* x509-append */
1883
1884 const br_x509_class *xc;
1885 size_t len;
1886
1887 xc = *(ENG->x509ctx);
1888 len = T0_POP();
1889 xc->append(ENG->x509ctx, ENG->pad, len);
1890
1891 }
1892 break;
1893 case 87: {
1894 /* x509-end-cert */
1895
1896 const br_x509_class *xc;
1897
1898 xc = *(ENG->x509ctx);
1899 xc->end_cert(ENG->x509ctx);
1900
1901 }
1902 break;
1903 case 88: {
1904 /* x509-end-chain */
1905
1906 const br_x509_class *xc;
1907
1908 xc = *(ENG->x509ctx);
1909 T0_PUSH(xc->end_chain(ENG->x509ctx));
1910
1911 }
1912 break;
1913 case 89: {
1914 /* x509-start-cert */
1915
1916 const br_x509_class *xc;
1917
1918 xc = *(ENG->x509ctx);
1919 xc->start_cert(ENG->x509ctx, T0_POP());
1920
1921 }
1922 break;
1923 case 90: {
1924 /* x509-start-chain */
1925
1926 const br_x509_class *xc;
1927 uint32_t bc;
1928
1929 bc = T0_POP();
1930 xc = *(ENG->x509ctx);
1931 xc->start_chain(ENG->x509ctx, bc ? ENG->server_name : NULL);
1932
1933 }
1934 break;
1935 }
1936
1937 } else {
1938 T0_ENTER(ip, rp, t0x);
1939 }
1940 }
1941 t0_exit:
1942 ((t0_context *)t0ctx)->dp = dp;
1943 ((t0_context *)t0ctx)->rp = rp;
1944 ((t0_context *)t0ctx)->ip = ip;
1945 }
The BearSSL library and tools.