projects / BearSSL / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Added certificate name extraction API (from subject DN and SAN extension).
[BearSSL] / src / ssl / ssl_hs_server.c
1 /* Automatically generated code; do not modify directly. */
2
3 #include <stddef.h>
4 #include <stdint.h>
5
6 typedef struct {
7 uint32_t *dp;
8 uint32_t *rp;
9 const unsigned char *ip;
10 } t0_context;
11
12 static uint32_t
13 t0_parse7E_unsigned(const unsigned char **p)
14 {
15 uint32_t x;
16
17 x = 0;
18 for (;;) {
19 unsigned y;
20
21 y = *(*p) ++;
22 x = (x << 7) | (uint32_t)(y & 0x7F);
23 if (y < 0x80) {
24 return x;
25 }
26 }
27 }
28
29 static int32_t
30 t0_parse7E_signed(const unsigned char **p)
31 {
32 int neg;
33 uint32_t x;
34
35 neg = ((**p) >> 6) & 1;
36 x = (uint32_t)-neg;
37 for (;;) {
38 unsigned y;
39
40 y = *(*p) ++;
41 x = (x << 7) | (uint32_t)(y & 0x7F);
42 if (y < 0x80) {
43 if (neg) {
44 return -(int32_t)~x - 1;
45 } else {
46 return (int32_t)x;
47 }
48 }
49 }
50 }
51
52 #define T0_VBYTE(x, n) (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) | 0x80)
53 #define T0_FBYTE(x, n) (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)
54 #define T0_SBYTE(x) (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)
55 #define T0_INT1(x) T0_FBYTE(x, 0)
56 #define T0_INT2(x) T0_VBYTE(x, 7), T0_FBYTE(x, 0)
57 #define T0_INT3(x) T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
58 #define T0_INT4(x) T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
59 #define T0_INT5(x) T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
60
61 static const uint8_t t0_datablock[];
62
63
64 void br_ssl_hs_server_init_main(void *t0ctx);
65
66 void br_ssl_hs_server_run(void *t0ctx);
67
68
69
70 #include <stddef.h>
71 #include <string.h>
72
73 #include "inner.h"
74
75 /*
76 * This macro evaluates to a pointer to the current engine context.
77 */
78 #define ENG ((br_ssl_engine_context *)((unsigned char *)t0ctx - offsetof(br_ssl_engine_context, cpu)))
79
80
81
82
83
84 /*
85 * This macro evaluates to a pointer to the server context, under that
86 * specific name. It must be noted that since the engine context is the
87 * first field of the br_ssl_server_context structure ('eng'), then
88 * pointers values of both types are interchangeable, modulo an
89 * appropriate cast. This also means that "adresses" computed as offsets
90 * within the structure work for both kinds of context.
91 */
92 #define CTX ((br_ssl_server_context *)ENG)
93
94 /*
95 * Decrypt the pre-master secret (RSA key exchange).
96 */
97 static void
98 do_rsa_decrypt(br_ssl_server_context *ctx, int prf_id,
99 unsigned char *epms, size_t len)
100 {
101 uint32_t x;
102 unsigned char rpms[48];
103
104 /*
105 * Decrypt the PMS.
106 */
107 x = (*ctx->policy_vtable)->do_keyx(ctx->policy_vtable, epms, len);
108
109 /*
110 * Set the first two bytes to the maximum supported client
111 * protocol version. These bytes are used for version rollback
112 * detection; forceing the two bytes will make the master secret
113 * wrong if the bytes are not correct. This process is
114 * recommended by RFC 5246 (section 7.4.7.1).
115 */
116 br_enc16be(epms, ctx->client_max_version);
117
118 /*
119 * Make a random PMS and copy it above the decrypted value if the
120 * decryption failed. Note that we use a constant-time conditional
121 * copy.
122 */
123 br_hmac_drbg_generate(&ctx->eng.rng, rpms, sizeof rpms);
124 br_ccopy(x ^ 1, epms, rpms, sizeof rpms);
125
126 /*
127 * Compute master secret.
128 */
129 br_ssl_engine_compute_master(&ctx->eng, prf_id, epms, 48);
130
131 /*
132 * Clear the pre-master secret from RAM: it is normally a buffer
133 * in the context, hence potentially long-lived.
134 */
135 memset(epms, 0, len);
136 }
137
138 /*
139 * Common part for ECDH and ECDHE.
140 */
141 static void
142 ecdh_common(br_ssl_server_context *ctx, int prf_id,
143 unsigned char *cpoint, size_t cpoint_len, uint32_t ctl)
144 {
145 unsigned char rpms[80];
146 size_t pms_len;
147
148 /*
149 * The point length is supposed to be 1+2*Xlen, where Xlen is
150 * the length (in bytes) of the X coordinate, i.e. the pre-master
151 * secret. If the provided point is too large, then it is
152 * obviously incorrect (i.e. everybody can see that it is
153 * incorrect), so leaking that fact is not a problem.
154 */
155 pms_len = cpoint_len >> 1;
156 if (pms_len > sizeof rpms) {
157 pms_len = sizeof rpms;
158 ctl = 0;
159 }
160
161 /*
162 * Make a random PMS and copy it above the decrypted value if the
163 * decryption failed. Note that we use a constant-time conditional
164 * copy.
165 */
166 br_hmac_drbg_generate(&ctx->eng.rng, rpms, pms_len);
167 br_ccopy(ctl ^ 1, cpoint + 1, rpms, pms_len);
168
169 /*
170 * Compute master secret.
171 */
172 br_ssl_engine_compute_master(&ctx->eng, prf_id, cpoint + 1, pms_len);
173
174 /*
175 * Clear the pre-master secret from RAM: it is normally a buffer
176 * in the context, hence potentially long-lived.
177 */
178 memset(cpoint, 0, cpoint_len);
179 }
180
181 /*
182 * Do the ECDH key exchange (not ECDHE).
183 */
184 static void
185 do_ecdh(br_ssl_server_context *ctx, int prf_id,
186 unsigned char *cpoint, size_t cpoint_len)
187 {
188 uint32_t x;
189
190 /*
191 * Finalise the key exchange.
192 */
193 x = (*ctx->policy_vtable)->do_keyx(ctx->policy_vtable,
194 cpoint, cpoint_len);
195 ecdh_common(ctx, prf_id, cpoint, cpoint_len, x);
196 }
197
198 /*
199 * Do the full static ECDH key exchange. When this function is called,
200 * it has already been verified that the cipher suite uses ECDH (not ECDHE),
201 * and the client's public key (from its certificate) has type EC and is
202 * apt for key exchange.
203 */
204 static void
205 do_static_ecdh(br_ssl_server_context *ctx, int prf_id)
206 {
207 unsigned char cpoint[133];
208 size_t cpoint_len;
209 const br_x509_class **xc;
210 const br_x509_pkey *pk;
211
212 xc = ctx->eng.x509ctx;
213 pk = (*xc)->get_pkey(xc, NULL);
214 cpoint_len = pk->key.ec.qlen;
215 if (cpoint_len > sizeof cpoint) {
216 /*
217 * If the point is larger than our buffer then we need to
218 * restrict it. Length 2 is not a valid point length, so
219 * the ECDH will fail.
220 */
221 cpoint_len = 2;
222 }
223 memcpy(cpoint, pk->key.ec.q, cpoint_len);
224 do_ecdh(ctx, prf_id, cpoint, cpoint_len);
225 }
226
227 /*
228 * Do the ECDHE key exchange (part 1: generation of transient key, and
229 * computing of the point to send to the client). Returned value is the
230 * signature length (in bytes), or -x on error (with x being an error
231 * code). The encoded point is written in the ecdhe_point[] context buffer
232 * (length in ecdhe_point_len).
233 */
234 static int
235 do_ecdhe_part1(br_ssl_server_context *ctx, int curve)
236 {
237 int hash;
238 unsigned mask;
239 const unsigned char *order, *generator;
240 size_t olen, glen;
241 br_multihash_context mhc;
242 unsigned char head[4];
243 size_t hv_len, sig_len;
244
245 if (!((ctx->eng.iec->supported_curves >> curve) & 1)) {
246 return -BR_ERR_INVALID_ALGORITHM;
247 }
248 ctx->eng.ecdhe_curve = curve;
249
250 /*
251 * Generate our private key. We need a non-zero random value
252 * which is lower than the curve order, in a "large enough"
253 * range. We force the top bit to 0 and bottom bit to 1, which
254 * does the trick. Note that contrary to what happens in ECDSA,
255 * this is not a problem if we do not cover the full range of
256 * possible values.
257 */
258 order = ctx->eng.iec->order(curve, &olen);
259 mask = 0xFF;
260 while (mask >= order[0]) {
261 mask >>= 1;
262 }
263 br_hmac_drbg_generate(&ctx->eng.rng, ctx->ecdhe_key, olen);
264 ctx->ecdhe_key[0] &= mask;
265 ctx->ecdhe_key[olen - 1] |= 0x01;
266 ctx->ecdhe_key_len = olen;
267
268 /*
269 * Compute our ECDH point.
270 */
271 generator = ctx->eng.iec->generator(curve, &glen);
272 memcpy(ctx->eng.ecdhe_point, generator, glen);
273 ctx->eng.ecdhe_point_len = glen;
274 if (!ctx->eng.iec->mul(ctx->eng.ecdhe_point, glen,
275 ctx->ecdhe_key, olen, curve))
276 {
277 return -BR_ERR_INVALID_ALGORITHM;
278 }
279
280 /*
281 * Compute the signature.
282 */
283 br_multihash_zero(&mhc);
284 br_multihash_copyimpl(&mhc, &ctx->eng.mhash);
285 br_multihash_init(&mhc);
286 br_multihash_update(&mhc,
287 ctx->eng.client_random, sizeof ctx->eng.client_random);
288 br_multihash_update(&mhc,
289 ctx->eng.server_random, sizeof ctx->eng.server_random);
290 head[0] = 3;
291 head[1] = 0;
292 head[2] = curve;
293 head[3] = ctx->eng.ecdhe_point_len;
294 br_multihash_update(&mhc, head, sizeof head);
295 br_multihash_update(&mhc,
296 ctx->eng.ecdhe_point, ctx->eng.ecdhe_point_len);
297 hash = ctx->sign_hash_id;
298 if (hash) {
299 hv_len = br_multihash_out(&mhc, hash, ctx->eng.pad);
300 if (hv_len == 0) {
301 return -BR_ERR_INVALID_ALGORITHM;
302 }
303 } else {
304 if (!br_multihash_out(&mhc, br_md5_ID, ctx->eng.pad)
305 || !br_multihash_out(&mhc,
306 br_sha1_ID, ctx->eng.pad + 16))
307 {
308 return -BR_ERR_INVALID_ALGORITHM;
309 }
310 hv_len = 36;
311 }
312 sig_len = (*ctx->policy_vtable)->do_sign(ctx->policy_vtable,
313 hash, hv_len, ctx->eng.pad, sizeof ctx->eng.pad);
314 return sig_len ? (int)sig_len : -BR_ERR_INVALID_ALGORITHM;
315 }
316
317 /*
318 * Do the ECDHE key exchange (part 2: computation of the shared secret
319 * from the point sent by the client).
320 */
321 static void
322 do_ecdhe_part2(br_ssl_server_context *ctx, int prf_id,
323 unsigned char *cpoint, size_t cpoint_len)
324 {
325 int curve;
326 uint32_t x;
327
328 curve = ctx->eng.ecdhe_curve;
329
330 /*
331 * Finalise the key exchange.
332 */
333 x = ctx->eng.iec->mul(cpoint, cpoint_len,
334 ctx->ecdhe_key, ctx->ecdhe_key_len, curve);
335 ecdh_common(ctx, prf_id, cpoint, cpoint_len, x);
336
337 /*
338 * Clear the ECDHE private key. Forward Secrecy is achieved insofar
339 * as that key does not get stolen, so we'd better destroy it
340 * as soon as it ceases to be useful.
341 */
342 memset(ctx->ecdhe_key, 0, ctx->ecdhe_key_len);
343 }
344
345 /*
346 * Offset for hash value within the pad (when obtaining all hash values,
347 * in preparation for verification of the CertificateVerify message).
348 * Order is MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512; last value
349 * is used to get the total length.
350 */
351 static const unsigned char HASH_PAD_OFF[] = { 0, 16, 36, 64, 96, 144, 208 };
352
353 /*
354 * OID for hash functions in RSA signatures.
355 */
356 static const unsigned char HASH_OID_SHA1[] = {
357 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A
358 };
359
360 static const unsigned char HASH_OID_SHA224[] = {
361 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04
362 };
363
364 static const unsigned char HASH_OID_SHA256[] = {
365 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01
366 };
367
368 static const unsigned char HASH_OID_SHA384[] = {
369 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02
370 };
371
372 static const unsigned char HASH_OID_SHA512[] = {
373 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03
374 };
375
376 static const unsigned char *HASH_OID[] = {
377 HASH_OID_SHA1,
378 HASH_OID_SHA224,
379 HASH_OID_SHA256,
380 HASH_OID_SHA384,
381 HASH_OID_SHA512
382 };
383
384 /*
385 * Verify the signature in CertificateVerify. Returned value is 0 on
386 * success, or a non-zero error code. Lack of implementation of the
387 * designated signature algorithm is reported as a "bad signature"
388 * error (because it means that the peer did not honour our advertised
389 * set of supported signature algorithms).
390 */
391 static int
392 verify_CV_sig(br_ssl_server_context *ctx, size_t sig_len)
393 {
394 const br_x509_class **xc;
395 const br_x509_pkey *pk;
396 int id;
397
398 id = ctx->hash_CV_id;
399 xc = ctx->eng.x509ctx;
400 pk = (*xc)->get_pkey(xc, NULL);
401 if (pk->key_type == BR_KEYTYPE_RSA) {
402 unsigned char tmp[64];
403 const unsigned char *hash_oid;
404
405 if (id == 0) {
406 hash_oid = NULL;
407 } else {
408 hash_oid = HASH_OID[id - 2];
409 }
410 if (ctx->eng.irsavrfy == 0) {
411 return BR_ERR_BAD_SIGNATURE;
412 }
413 if (!ctx->eng.irsavrfy(ctx->eng.pad, sig_len,
414 hash_oid, ctx->hash_CV_len, &pk->key.rsa, tmp)
415 || memcmp(tmp, ctx->hash_CV, ctx->hash_CV_len) != 0)
416 {
417 return BR_ERR_BAD_SIGNATURE;
418 }
419 } else {
420 if (ctx->eng.iecdsa == 0) {
421 return BR_ERR_BAD_SIGNATURE;
422 }
423 if (!ctx->eng.iecdsa(ctx->eng.iec,
424 ctx->hash_CV, ctx->hash_CV_len,
425 &pk->key.ec, ctx->eng.pad, sig_len))
426 {
427 return BR_ERR_BAD_SIGNATURE;
428 }
429 }
430 return 0;
431 }
432
433
434
435 static const uint8_t t0_datablock[] = {
436 0x00, 0x00, 0x0A, 0x00, 0x24, 0x00, 0x2F, 0x01, 0x24, 0x00, 0x35, 0x02,
437 0x24, 0x00, 0x3C, 0x01, 0x44, 0x00, 0x3D, 0x02, 0x44, 0x00, 0x9C, 0x03,
438 0x04, 0x00, 0x9D, 0x04, 0x05, 0xC0, 0x03, 0x40, 0x24, 0xC0, 0x04, 0x41,
439 0x24, 0xC0, 0x05, 0x42, 0x24, 0xC0, 0x08, 0x20, 0x24, 0xC0, 0x09, 0x21,
440 0x24, 0xC0, 0x0A, 0x22, 0x24, 0xC0, 0x0D, 0x30, 0x24, 0xC0, 0x0E, 0x31,
441 0x24, 0xC0, 0x0F, 0x32, 0x24, 0xC0, 0x12, 0x10, 0x24, 0xC0, 0x13, 0x11,
442 0x24, 0xC0, 0x14, 0x12, 0x24, 0xC0, 0x23, 0x21, 0x44, 0xC0, 0x24, 0x22,
443 0x55, 0xC0, 0x25, 0x41, 0x44, 0xC0, 0x26, 0x42, 0x55, 0xC0, 0x27, 0x11,
444 0x44, 0xC0, 0x28, 0x12, 0x55, 0xC0, 0x29, 0x31, 0x44, 0xC0, 0x2A, 0x32,
445 0x55, 0xC0, 0x2B, 0x23, 0x04, 0xC0, 0x2C, 0x24, 0x05, 0xC0, 0x2D, 0x43,
446 0x04, 0xC0, 0x2E, 0x44, 0x05, 0xC0, 0x2F, 0x13, 0x04, 0xC0, 0x30, 0x14,
447 0x05, 0xC0, 0x31, 0x33, 0x04, 0xC0, 0x32, 0x34, 0x05, 0xCC, 0xA8, 0x15,
448 0x04, 0xCC, 0xA9, 0x25, 0x04, 0x00, 0x00
449 };
450
451 static const uint8_t t0_codeblock[] = {
452 0x00, 0x01, 0x00, 0x0B, 0x00, 0x00, 0x01, 0x00, 0x0E, 0x00, 0x00, 0x01,
453 0x00, 0x0F, 0x00, 0x00, 0x01, 0x00, 0x10, 0x00, 0x00, 0x01, 0x01, 0x08,
454 0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x02, 0x08, 0x00, 0x00,
455 0x28, 0x28, 0x00, 0x00, 0x01, T0_INT1(BR_ERR_BAD_CCS), 0x00, 0x00,
456 0x01, T0_INT1(BR_ERR_BAD_FINISHED), 0x00, 0x00, 0x01,
457 T0_INT1(BR_ERR_BAD_FRAGLEN), 0x00, 0x00, 0x01,
458 T0_INT1(BR_ERR_BAD_HANDSHAKE), 0x00, 0x00, 0x01,
459 T0_INT1(BR_ERR_BAD_PARAM), 0x00, 0x00, 0x01,
460 T0_INT1(BR_ERR_BAD_SECRENEG), 0x00, 0x00, 0x01,
461 T0_INT1(BR_ERR_BAD_SIGNATURE), 0x00, 0x00, 0x01,
462 T0_INT1(BR_ERR_BAD_VERSION), 0x00, 0x00, 0x01,
463 T0_INT1(BR_ERR_INVALID_ALGORITHM), 0x00, 0x00, 0x01,
464 T0_INT1(BR_ERR_LIMIT_EXCEEDED), 0x00, 0x00, 0x01,
465 T0_INT1(BR_ERR_NO_CLIENT_AUTH), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OK),
466 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OVERSIZED_ID), 0x00, 0x00, 0x01,
467 T0_INT1(BR_ERR_UNEXPECTED), 0x00, 0x00, 0x01,
468 T0_INT1(BR_ERR_WRONG_KEY_USAGE), 0x00, 0x00, 0x01,
469 T0_INT2(offsetof(br_ssl_engine_context, action)), 0x00, 0x00, 0x01,
470 T0_INT2(offsetof(br_ssl_engine_context, alert)), 0x00, 0x00, 0x01,
471 T0_INT2(offsetof(br_ssl_engine_context, application_data)), 0x00, 0x00,
472 0x01,
473 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, cipher_suite)),
474 0x00, 0x00, 0x01,
475 T0_INT2(offsetof(br_ssl_server_context, client_max_version)), 0x00,
476 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, client_random)),
477 0x00, 0x00, 0x01,
478 T0_INT2(offsetof(br_ssl_server_context, client_suites)), 0x00, 0x00,
479 0x01, T0_INT2(offsetof(br_ssl_server_context, client_suites_num)),
480 0x00, 0x00, 0x01,
481 T0_INT2(offsetof(br_ssl_engine_context, close_received)), 0x00, 0x00,
482 0x01, T0_INT2(offsetof(br_ssl_server_context, curves)), 0x00, 0x00,
483 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point)), 0x00,
484 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point_len)),
485 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, flags)),
486 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_server_context, hashes)),
487 0x00, 0x00, 0x73, 0x01,
488 T0_INT2(BR_MAX_CIPHER_SUITES * sizeof(br_suite_translated)), 0x00,
489 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, log_max_frag_len)),
490 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, pad)), 0x00,
491 0x00, 0x01,
492 T0_INT2(offsetof(br_ssl_engine_context, peer_log_max_frag_len)), 0x00,
493 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, record_type_in)),
494 0x00, 0x00, 0x01,
495 T0_INT2(offsetof(br_ssl_engine_context, record_type_out)), 0x00, 0x00,
496 0x01, T0_INT2(offsetof(br_ssl_engine_context, reneg)), 0x00, 0x00,
497 0x01, T0_INT2(offsetof(br_ssl_engine_context, saved_finished)), 0x00,
498 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, server_name)),
499 0x00, 0x00, 0x01,
500 T0_INT2(offsetof(br_ssl_engine_context, server_random)), 0x00, 0x00,
501 0x01,
502 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id)),
503 0x00, 0x00, 0x01,
504 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id_len)),
505 0x00, 0x00, 0x01,
506 T0_INT2(offsetof(br_ssl_engine_context, shutdown_recv)), 0x00, 0x00,
507 0x01, T0_INT2(offsetof(br_ssl_server_context, sign_hash_id)), 0x00,
508 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_buf)), 0x00,
509 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_num)), 0x00,
510 0x00, 0x01,
511 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, version)),
512 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_in)),
513 0x00, 0x00, 0x01,
514 T0_INT2(offsetof(br_ssl_engine_context, version_max)), 0x00, 0x00,
515 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_min)), 0x00,
516 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_out)),
517 0x00, 0x00, 0x09, 0x29, 0x56, 0x06, 0x02, 0x62, 0x2A, 0x00, 0x00, 0x01,
518 0x01, 0x00, 0x01, 0x03, 0x00, 0x91, 0x29, 0x5C, 0x46, 0x95, 0x29, 0x05,
519 0x04, 0x5D, 0x01, 0x00, 0x00, 0x02, 0x00, 0x0F, 0x06, 0x02, 0x95, 0x00,
520 0x5C, 0x04, 0x6B, 0x00, 0x06, 0x02, 0x62, 0x2A, 0x00, 0x00, 0x29, 0x82,
521 0x46, 0x05, 0x03, 0x01, 0x0C, 0x08, 0x46, 0x70, 0x2D, 0x9D, 0x1C, 0x7D,
522 0x01, 0x0C, 0x32, 0x00, 0x00, 0x29, 0x21, 0x01, 0x08, 0x0C, 0x46, 0x5A,
523 0x21, 0x08, 0x00, 0x01, 0x03, 0x00, 0x01, 0x00, 0x6F, 0x41, 0x2B, 0x19,
524 0x37, 0x06, 0x07, 0x02, 0x00, 0xC3, 0x03, 0x00, 0x04, 0x75, 0x01, 0x00,
525 0xBB, 0x02, 0x00, 0x29, 0x19, 0x13, 0x06, 0x02, 0x69, 0x2A, 0xC3, 0x04,
526 0x76, 0x00, 0x01, 0x00, 0x6F, 0x41, 0x01, 0x16, 0x80, 0x41, 0x35, 0xA5,
527 0x34, 0x06, 0x02, 0x6B, 0x2A, 0x06, 0x0A, 0xCA, 0x01, 0x00, 0xC6, 0x01,
528 0x00, 0xA1, 0x04, 0x80, 0x46, 0xCA, 0xC7, 0x28, 0xCC, 0x4B, 0x06, 0x01,
529 0xC8, 0xCB, 0x2B, 0x4B, 0x06, 0x31, 0x01, 0x00, 0xA2, 0x29, 0x56, 0x06,
530 0x0F, 0x01, 0x02, 0x9A, 0x05, 0x02, 0x36, 0x2A, 0x28, 0xA6, 0xA4, 0x29,
531 0xBC, 0x28, 0x04, 0x19, 0x29, 0x58, 0x06, 0x0B, 0x28, 0x01, 0x02, 0x9A,
532 0x05, 0x02, 0x68, 0x2A, 0xA6, 0x04, 0x0A, 0xA8, 0x29, 0x05, 0x04, 0x28,
533 0xA0, 0x04, 0x02, 0xA7, 0xA3, 0x04, 0x01, 0xA6, 0x01, 0x00, 0xA1, 0x01,
534 0x00, 0xC6, 0x3D, 0x01, 0x01, 0x6F, 0x41, 0x01, 0x17, 0x80, 0x41, 0x00,
535 0x00, 0x39, 0x39, 0x00, 0x01, 0x03, 0x00, 0x2B, 0x19, 0x37, 0x06, 0x04,
536 0xC2, 0x28, 0x04, 0x78, 0x01, 0x02, 0x02, 0x00, 0xBA, 0x19, 0x37, 0x06,
537 0x04, 0xC2, 0x28, 0x04, 0x78, 0x02, 0x00, 0x01, 0x84, 0x00, 0x08, 0x2A,
538 0x00, 0x00, 0x79, 0x2E, 0x46, 0x12, 0x01, 0x01, 0x13, 0x36, 0x00, 0x00,
539 0x01, 0x7F, 0x97, 0xC2, 0x29, 0x01, 0x07, 0x13, 0x01, 0x00, 0x39, 0x0F,
540 0x06, 0x09, 0x28, 0x01, 0x10, 0x13, 0x06, 0x01, 0xB9, 0x04, 0x2A, 0x01,
541 0x01, 0x39, 0x0F, 0x06, 0x21, 0x28, 0x28, 0x81, 0x2F, 0x01, 0x01, 0x0F,
542 0x01, 0x01, 0x9A, 0x38, 0x06, 0x0F, 0x2B, 0x19, 0x37, 0x06, 0x04, 0xC2,
543 0x28, 0x04, 0x78, 0x01, 0x80, 0x64, 0xBB, 0x04, 0x03, 0x01, 0x00, 0x97,
544 0x04, 0x03, 0x6B, 0x2A, 0x28, 0x04, 0x40, 0x01, 0x29, 0x03, 0x00, 0x09,
545 0x29, 0x56, 0x06, 0x02, 0x62, 0x2A, 0x02, 0x00, 0x00, 0x00, 0x92, 0x01,
546 0x0F, 0x13, 0x00, 0x00, 0x6E, 0x2F, 0x01, 0x00, 0x39, 0x0F, 0x06, 0x10,
547 0x28, 0x29, 0x01, 0x01, 0x0E, 0x06, 0x03, 0x28, 0x01, 0x02, 0x6E, 0x41,
548 0x01, 0x00, 0x04, 0x22, 0x01, 0x01, 0x39, 0x0F, 0x06, 0x15, 0x28, 0x01,
549 0x00, 0x6E, 0x41, 0x29, 0x01, 0x80, 0x64, 0x0F, 0x06, 0x05, 0x01, 0x82,
550 0x00, 0x08, 0x2A, 0x58, 0x00, 0x04, 0x07, 0x28, 0x01, 0x82, 0x00, 0x08,
551 0x2A, 0x28, 0x00, 0x00, 0x01, 0x00, 0x30, 0x06, 0x05, 0x3C, 0x9E, 0x38,
552 0x04, 0x78, 0x29, 0x06, 0x04, 0x01, 0x01, 0x87, 0x41, 0x00, 0x00, 0x01,
553 0x1F, 0x13, 0x01, 0x12, 0x0F, 0x05, 0x02, 0x6C, 0x2A, 0x70, 0x2D, 0x29,
554 0xBE, 0x05, 0x02, 0x6B, 0x2A, 0x9D, 0x27, 0x00, 0x00, 0x30, 0x06, 0x0B,
555 0x7F, 0x2F, 0x01, 0x14, 0x0E, 0x06, 0x02, 0x6B, 0x2A, 0x04, 0x11, 0xC2,
556 0x01, 0x07, 0x13, 0x29, 0x01, 0x02, 0x0E, 0x06, 0x06, 0x06, 0x02, 0x6B,
557 0x2A, 0x04, 0x70, 0x28, 0xB7, 0x01, 0x01, 0x0E, 0x34, 0x38, 0x06, 0x02,
558 0x5E, 0x2A, 0x29, 0x01, 0x01, 0xBD, 0x37, 0xA9, 0x00, 0x01, 0xAE, 0x01,
559 0x0B, 0x0F, 0x05, 0x02, 0x6B, 0x2A, 0x29, 0x01, 0x03, 0x0F, 0x06, 0x08,
560 0xB5, 0x06, 0x02, 0x62, 0x2A, 0x46, 0x28, 0x00, 0x46, 0x55, 0xB5, 0x9C,
561 0x29, 0x06, 0x23, 0xB5, 0x9C, 0x29, 0x54, 0x29, 0x06, 0x18, 0x29, 0x01,
562 0x82, 0x00, 0x10, 0x06, 0x05, 0x01, 0x82, 0x00, 0x04, 0x01, 0x29, 0x03,
563 0x00, 0x7D, 0x02, 0x00, 0xAA, 0x02, 0x00, 0x51, 0x04, 0x65, 0x93, 0x52,
564 0x04, 0x5A, 0x93, 0x93, 0x53, 0x29, 0x06, 0x02, 0x36, 0x00, 0x28, 0x2C,
565 0x00, 0x02, 0x29, 0x01, 0x20, 0x13, 0x05, 0x02, 0x6C, 0x2A, 0x01, 0x0F,
566 0x13, 0x03, 0x00, 0xA4, 0x8B, 0x2D, 0x01, 0x86, 0x03, 0x11, 0x06, 0x23,
567 0xB4, 0x29, 0x01, 0x81, 0x7F, 0x13, 0x5A, 0x01, 0x01, 0x12, 0x02, 0x00,
568 0x0F, 0x05, 0x02, 0x64, 0x2A, 0x01, 0x08, 0x12, 0x29, 0x01, 0x02, 0x0B,
569 0x39, 0x01, 0x06, 0x10, 0x38, 0x06, 0x02, 0x66, 0x2A, 0x04, 0x0D, 0x02,
570 0x00, 0x01, 0x01, 0x0F, 0x06, 0x04, 0x01, 0x00, 0x04, 0x02, 0x01, 0x02,
571 0x20, 0x05, 0x02, 0x66, 0x2A, 0xB4, 0x29, 0x03, 0x01, 0x29, 0x01, 0x84,
572 0x00, 0x10, 0x06, 0x02, 0x67, 0x2A, 0x7D, 0x46, 0xAA, 0x02, 0x01, 0x4E,
573 0x29, 0x06, 0x01, 0x2A, 0x28, 0x93, 0x00, 0x00, 0x1D, 0xAE, 0x01, 0x0F,
574 0x0F, 0x05, 0x02, 0x6B, 0x2A, 0x00, 0x0A, 0xAE, 0x01, 0x01, 0x0F, 0x05,
575 0x02, 0x6B, 0x2A, 0xB4, 0x29, 0x03, 0x00, 0x71, 0x3F, 0x72, 0x01, 0x20,
576 0xAA, 0xB6, 0x29, 0x01, 0x20, 0x10, 0x06, 0x02, 0x6A, 0x2A, 0x29, 0x86,
577 0x41, 0x85, 0x46, 0xAA, 0x1A, 0x03, 0x01, 0xB4, 0x9C, 0x01, 0x00, 0x03,
578 0x02, 0x01, 0x00, 0x03, 0x03, 0x7B, 0x98, 0x17, 0x39, 0x08, 0x03, 0x04,
579 0x03, 0x05, 0x29, 0x06, 0x80, 0x6D, 0xB4, 0x29, 0x03, 0x06, 0x02, 0x01,
580 0x06, 0x0A, 0x29, 0x70, 0x2D, 0x0F, 0x06, 0x04, 0x01, 0x7F, 0x03, 0x03,
581 0x29, 0x01, 0x81, 0x7F, 0x0F, 0x06, 0x0A, 0x81, 0x2F, 0x06, 0x02, 0x63,
582 0x2A, 0x01, 0x7F, 0x03, 0x02, 0x29, 0x01, 0x81, 0xAC, 0x00, 0x0F, 0x06,
583 0x11, 0x02, 0x00, 0x8E, 0x2D, 0x11, 0x02, 0x00, 0x8D, 0x2D, 0x0B, 0x13,
584 0x06, 0x04, 0x01, 0x7F, 0x03, 0x00, 0xB8, 0x29, 0x56, 0x06, 0x03, 0x28,
585 0x04, 0x26, 0x01, 0x00, 0x9A, 0x06, 0x0B, 0x01, 0x02, 0x0C, 0x73, 0x08,
586 0x02, 0x06, 0x46, 0x3F, 0x04, 0x16, 0x28, 0x02, 0x05, 0x02, 0x04, 0x11,
587 0x06, 0x02, 0x61, 0x2A, 0x02, 0x06, 0x02, 0x05, 0x3F, 0x02, 0x05, 0x01,
588 0x04, 0x08, 0x03, 0x05, 0x04, 0xFF, 0x0F, 0x28, 0x01, 0x00, 0x03, 0x07,
589 0xB6, 0x9C, 0x29, 0x06, 0x09, 0xB6, 0x05, 0x04, 0x01, 0x7F, 0x03, 0x07,
590 0x04, 0x74, 0x93, 0x01, 0x00, 0x83, 0x41, 0x01, 0x88, 0x04, 0x7A, 0x3F,
591 0x01, 0x84, 0x80, 0x80, 0x00, 0x76, 0x40, 0x29, 0x06, 0x80, 0x42, 0xB4,
592 0x9C, 0x29, 0x06, 0x3C, 0xB4, 0x01, 0x00, 0x39, 0x0F, 0x06, 0x04, 0x28,
593 0xAD, 0x04, 0x2F, 0x01, 0x01, 0x39, 0x0F, 0x06, 0x04, 0x28, 0xAB, 0x04,
594 0x25, 0x01, 0x83, 0xFE, 0x01, 0x39, 0x0F, 0x06, 0x04, 0x28, 0xAC, 0x04,
595 0x19, 0x01, 0x0D, 0x39, 0x0F, 0x06, 0x04, 0x28, 0xB2, 0x04, 0x0F, 0x01,
596 0x0A, 0x39, 0x0F, 0x06, 0x04, 0x28, 0xB3, 0x04, 0x05, 0x28, 0xB0, 0x01,
597 0x00, 0x28, 0x04, 0x41, 0x93, 0x93, 0x02, 0x01, 0x02, 0x03, 0x13, 0x03,
598 0x01, 0x02, 0x00, 0x56, 0x06, 0x08, 0x71, 0x2D, 0x8F, 0x3F, 0x01, 0x80,
599 0x56, 0x99, 0x8D, 0x2D, 0x29, 0x02, 0x00, 0x10, 0x06, 0x03, 0x28, 0x02,
600 0x00, 0x29, 0x01, 0x86, 0x00, 0x0B, 0x06, 0x02, 0x65, 0x2A, 0x02, 0x00,
601 0x8E, 0x2D, 0x0B, 0x06, 0x04, 0x01, 0x80, 0x46, 0x99, 0x02, 0x01, 0x06,
602 0x10, 0x8B, 0x2D, 0x02, 0x00, 0x0D, 0x06, 0x05, 0x28, 0x8B, 0x2D, 0x04,
603 0x04, 0x01, 0x00, 0x03, 0x01, 0x29, 0x8B, 0x3F, 0x29, 0x8C, 0x3F, 0x29,
604 0x8F, 0x3F, 0x01, 0x86, 0x03, 0x11, 0x03, 0x08, 0x02, 0x02, 0x06, 0x04,
605 0x01, 0x02, 0x81, 0x41, 0x02, 0x07, 0x05, 0x03, 0x01, 0x28, 0x99, 0x43,
606 0x28, 0x01, 0x82, 0x01, 0x07, 0x7A, 0x2D, 0x13, 0x29, 0x7A, 0x3F, 0x29,
607 0x01, 0x81, 0x7F, 0x13, 0x57, 0x36, 0x46, 0x01, 0x08, 0x12, 0x57, 0x01,
608 0x02, 0x13, 0x38, 0x03, 0x09, 0x76, 0x2E, 0x42, 0x13, 0x29, 0x76, 0x40,
609 0x05, 0x04, 0x01, 0x00, 0x03, 0x09, 0x02, 0x01, 0x06, 0x03, 0x01, 0x7F,
610 0x00, 0x85, 0x01, 0x20, 0x33, 0x01, 0x20, 0x86, 0x41, 0x73, 0x29, 0x03,
611 0x05, 0x29, 0x02, 0x04, 0x0B, 0x06, 0x80, 0x49, 0x29, 0x2D, 0x29, 0x92,
612 0x29, 0x01, 0x0C, 0x12, 0x29, 0x01, 0x01, 0x0F, 0x46, 0x01, 0x02, 0x0F,
613 0x38, 0x06, 0x0A, 0x29, 0x02, 0x09, 0x13, 0x05, 0x04, 0x5D, 0x01, 0x00,
614 0x29, 0x02, 0x08, 0x05, 0x0E, 0x29, 0x01, 0x81, 0x70, 0x13, 0x01, 0x20,
615 0x0E, 0x06, 0x04, 0x5D, 0x01, 0x00, 0x29, 0x29, 0x06, 0x10, 0x02, 0x05,
616 0x5C, 0x3F, 0x02, 0x05, 0x3F, 0x02, 0x05, 0x01, 0x04, 0x08, 0x03, 0x05,
617 0x04, 0x01, 0x5D, 0x01, 0x04, 0x08, 0x04, 0xFF, 0x30, 0x28, 0x02, 0x05,
618 0x73, 0x09, 0x01, 0x02, 0x12, 0x29, 0x05, 0x03, 0x01, 0x28, 0x99, 0x74,
619 0x41, 0x18, 0x05, 0x03, 0x01, 0x28, 0x99, 0x01, 0x00, 0x00, 0x00, 0xA8,
620 0xA7, 0x00, 0x04, 0x70, 0x2D, 0xC1, 0x06, 0x16, 0xB4, 0x29, 0x01, 0x84,
621 0x00, 0x10, 0x06, 0x02, 0x67, 0x2A, 0x29, 0x03, 0x00, 0x7D, 0x46, 0xAA,
622 0x02, 0x00, 0x70, 0x2D, 0x9D, 0x26, 0x70, 0x2D, 0x29, 0xBF, 0x46, 0xBE,
623 0x03, 0x01, 0x03, 0x02, 0x02, 0x01, 0x02, 0x02, 0x38, 0x06, 0x14, 0xB6,
624 0x29, 0x03, 0x03, 0x7D, 0x46, 0xAA, 0x02, 0x03, 0x70, 0x2D, 0x9D, 0x02,
625 0x02, 0x06, 0x03, 0x25, 0x04, 0x01, 0x23, 0x93, 0x00, 0x00, 0xAE, 0x01,
626 0x10, 0x0F, 0x05, 0x02, 0x6B, 0x2A, 0x00, 0x00, 0x94, 0xAE, 0x01, 0x14,
627 0x0E, 0x06, 0x02, 0x6B, 0x2A, 0x7D, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0xAA,
628 0x93, 0x7D, 0x29, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0x31, 0x05, 0x02, 0x5F,
629 0x2A, 0x00, 0x02, 0x03, 0x00, 0x03, 0x01, 0x02, 0x00, 0x90, 0x02, 0x01,
630 0x02, 0x00, 0x3B, 0x29, 0x01, 0x00, 0x0F, 0x06, 0x02, 0x5D, 0x00, 0xC4,
631 0x04, 0x74, 0x00, 0xB4, 0x01, 0x01, 0x0E, 0x06, 0x02, 0x60, 0x2A, 0xB6,
632 0x29, 0x29, 0x58, 0x46, 0x01, 0x05, 0x11, 0x38, 0x06, 0x02, 0x60, 0x2A,
633 0x01, 0x08, 0x08, 0x29, 0x7C, 0x2F, 0x0B, 0x06, 0x0D, 0x29, 0x01, 0x01,
634 0x46, 0x0C, 0x3E, 0x29, 0x7C, 0x41, 0x7E, 0x41, 0x04, 0x01, 0x28, 0x00,
635 0x00, 0xB4, 0x81, 0x2F, 0x01, 0x00, 0x39, 0x0F, 0x06, 0x13, 0x28, 0x01,
636 0x01, 0x0F, 0x05, 0x02, 0x63, 0x2A, 0xB6, 0x06, 0x02, 0x63, 0x2A, 0x01,
637 0x02, 0x81, 0x41, 0x04, 0x28, 0x01, 0x02, 0x39, 0x0F, 0x06, 0x1F, 0x28,
638 0x01, 0x0D, 0x0F, 0x05, 0x02, 0x63, 0x2A, 0xB6, 0x01, 0x0C, 0x0F, 0x05,
639 0x02, 0x63, 0x2A, 0x7D, 0x01, 0x0C, 0xAA, 0x82, 0x7D, 0x01, 0x0C, 0x31,
640 0x05, 0x02, 0x63, 0x2A, 0x04, 0x03, 0x63, 0x2A, 0x28, 0x00, 0x00, 0xB4,
641 0x9C, 0xB4, 0x9C, 0x29, 0x06, 0x1D, 0xB6, 0x06, 0x03, 0xB0, 0x04, 0x15,
642 0xB4, 0x29, 0x01, 0x81, 0x7F, 0x0D, 0x06, 0x0C, 0x29, 0x83, 0x08, 0x01,
643 0x00, 0x46, 0x41, 0x83, 0x46, 0xAA, 0x04, 0x01, 0xBC, 0x04, 0x60, 0x93,
644 0x93, 0x00, 0x00, 0xAF, 0x29, 0x58, 0x06, 0x07, 0x28, 0x06, 0x02, 0x61,
645 0x2A, 0x04, 0x74, 0x00, 0x00, 0xB7, 0x01, 0x03, 0xB5, 0x46, 0x28, 0x46,
646 0x00, 0x00, 0xB4, 0xBC, 0x00, 0x03, 0x01, 0x00, 0x03, 0x00, 0xB4, 0x9C,
647 0x29, 0x06, 0x32, 0xB6, 0x03, 0x01, 0xB6, 0x03, 0x02, 0x02, 0x01, 0x01,
648 0x02, 0x11, 0x02, 0x01, 0x01, 0x06, 0x0D, 0x13, 0x02, 0x02, 0x01, 0x01,
649 0x0F, 0x02, 0x02, 0x01, 0x03, 0x0F, 0x38, 0x13, 0x06, 0x11, 0x02, 0x00,
650 0x01, 0x01, 0x02, 0x02, 0x5B, 0x01, 0x02, 0x0C, 0x02, 0x01, 0x08, 0x0C,
651 0x38, 0x03, 0x00, 0x04, 0x4B, 0x93, 0x02, 0x00, 0x00, 0x00, 0xB4, 0x9C,
652 0xB1, 0x7A, 0x3F, 0x93, 0x00, 0x00, 0xB4, 0x9C, 0xB4, 0x9C, 0x01, 0x00,
653 0x76, 0x40, 0x29, 0x06, 0x15, 0xB4, 0x29, 0x01, 0x20, 0x0B, 0x06, 0x0B,
654 0x01, 0x01, 0x46, 0x0C, 0x76, 0x2E, 0x38, 0x76, 0x40, 0x04, 0x01, 0x28,
655 0x04, 0x68, 0x93, 0x93, 0x00, 0x00, 0x01, 0x02, 0x90, 0xB7, 0x01, 0x08,
656 0x0C, 0xB7, 0x08, 0x00, 0x00, 0x01, 0x03, 0x90, 0xB7, 0x01, 0x08, 0x0C,
657 0xB7, 0x08, 0x01, 0x08, 0x0C, 0xB7, 0x08, 0x00, 0x00, 0x01, 0x01, 0x90,
658 0xB7, 0x00, 0x00, 0x3C, 0x29, 0x56, 0x05, 0x01, 0x00, 0x28, 0xC4, 0x04,
659 0x76, 0x02, 0x03, 0x00, 0x8A, 0x2F, 0x03, 0x01, 0x01, 0x00, 0x29, 0x02,
660 0x01, 0x0B, 0x06, 0x10, 0x29, 0x01, 0x01, 0x0C, 0x89, 0x08, 0x2D, 0x02,
661 0x00, 0x0F, 0x06, 0x01, 0x00, 0x5A, 0x04, 0x6A, 0x28, 0x01, 0x7F, 0x00,
662 0x00, 0x2B, 0x19, 0x37, 0x06, 0x04, 0xC2, 0x28, 0x04, 0x78, 0x01, 0x16,
663 0x80, 0x41, 0x01, 0x00, 0xD5, 0x01, 0x00, 0xD4, 0x2B, 0x01, 0x17, 0x80,
664 0x41, 0x00, 0x00, 0x01, 0x15, 0x80, 0x41, 0x46, 0x50, 0x28, 0x50, 0x28,
665 0x2B, 0x00, 0x00, 0x01, 0x01, 0x46, 0xBA, 0x00, 0x00, 0x46, 0x39, 0x90,
666 0x46, 0x29, 0x06, 0x05, 0xB7, 0x28, 0x5B, 0x04, 0x78, 0x28, 0x00, 0x02,
667 0x03, 0x00, 0x70, 0x2D, 0x92, 0x03, 0x01, 0x02, 0x01, 0x01, 0x0F, 0x13,
668 0x02, 0x01, 0x01, 0x04, 0x12, 0x01, 0x0F, 0x13, 0x02, 0x01, 0x01, 0x08,
669 0x12, 0x01, 0x0F, 0x13, 0x01, 0x00, 0x39, 0x0F, 0x06, 0x10, 0x28, 0x01,
670 0x00, 0x01, 0x18, 0x02, 0x00, 0x06, 0x03, 0x49, 0x04, 0x01, 0x4A, 0x04,
671 0x80, 0x56, 0x01, 0x01, 0x39, 0x0F, 0x06, 0x10, 0x28, 0x01, 0x01, 0x01,
672 0x10, 0x02, 0x00, 0x06, 0x03, 0x49, 0x04, 0x01, 0x4A, 0x04, 0x80, 0x40,
673 0x01, 0x02, 0x39, 0x0F, 0x06, 0x0F, 0x28, 0x01, 0x01, 0x01, 0x20, 0x02,
674 0x00, 0x06, 0x03, 0x49, 0x04, 0x01, 0x4A, 0x04, 0x2B, 0x01, 0x03, 0x39,
675 0x0F, 0x06, 0x0E, 0x28, 0x28, 0x01, 0x10, 0x02, 0x00, 0x06, 0x03, 0x47,
676 0x04, 0x01, 0x48, 0x04, 0x17, 0x01, 0x04, 0x39, 0x0F, 0x06, 0x0E, 0x28,
677 0x28, 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x47, 0x04, 0x01, 0x48, 0x04,
678 0x03, 0x62, 0x2A, 0x28, 0x00, 0x00, 0x92, 0x01, 0x0C, 0x12, 0x01, 0x02,
679 0x10, 0x00, 0x00, 0x92, 0x01, 0x0C, 0x12, 0x29, 0x59, 0x46, 0x01, 0x03,
680 0x0B, 0x13, 0x00, 0x00, 0x92, 0x01, 0x0C, 0x12, 0x01, 0x01, 0x0F, 0x00,
681 0x00, 0x92, 0x01, 0x0C, 0x12, 0x58, 0x00, 0x00, 0x1B, 0x01, 0x00, 0x6D,
682 0x2F, 0x29, 0x06, 0x1F, 0x01, 0x01, 0x39, 0x0F, 0x06, 0x06, 0x28, 0x01,
683 0x00, 0x96, 0x04, 0x11, 0x01, 0x02, 0x39, 0x0F, 0x06, 0x0A, 0x28, 0x6F,
684 0x2F, 0x06, 0x03, 0x01, 0x10, 0x38, 0x04, 0x01, 0x28, 0x04, 0x01, 0x28,
685 0x75, 0x2F, 0x05, 0x33, 0x30, 0x06, 0x30, 0x7F, 0x2F, 0x01, 0x14, 0x39,
686 0x0F, 0x06, 0x06, 0x28, 0x01, 0x02, 0x38, 0x04, 0x22, 0x01, 0x15, 0x39,
687 0x0F, 0x06, 0x09, 0x28, 0x9F, 0x06, 0x03, 0x01, 0x7F, 0x96, 0x04, 0x13,
688 0x01, 0x16, 0x39, 0x0F, 0x06, 0x06, 0x28, 0x01, 0x01, 0x38, 0x04, 0x07,
689 0x28, 0x01, 0x04, 0x38, 0x01, 0x00, 0x28, 0x19, 0x06, 0x03, 0x01, 0x08,
690 0x38, 0x00, 0x00, 0x1B, 0x29, 0x05, 0x0F, 0x30, 0x06, 0x0C, 0x7F, 0x2F,
691 0x01, 0x15, 0x0F, 0x06, 0x04, 0x28, 0x9F, 0x04, 0x01, 0x22, 0x00, 0x00,
692 0xC2, 0x01, 0x07, 0x13, 0x01, 0x01, 0x10, 0x06, 0x02, 0x6B, 0x2A, 0x00,
693 0x01, 0x03, 0x00, 0x2B, 0x19, 0x06, 0x05, 0x02, 0x00, 0x80, 0x41, 0x00,
694 0xC2, 0x28, 0x04, 0x74, 0x00, 0x01, 0x14, 0xC5, 0x01, 0x01, 0xD5, 0x2B,
695 0x29, 0x01, 0x00, 0xBD, 0x01, 0x16, 0xC5, 0xC9, 0x2B, 0x00, 0x00, 0x01,
696 0x0B, 0xD5, 0x4C, 0x29, 0x29, 0x01, 0x03, 0x08, 0xD4, 0xD4, 0x14, 0x29,
697 0x56, 0x06, 0x02, 0x28, 0x00, 0xD4, 0x1E, 0x29, 0x06, 0x05, 0x7D, 0x46,
698 0xCD, 0x04, 0x77, 0x28, 0x04, 0x6C, 0x00, 0x01, 0x00, 0xCF, 0x8B, 0x2D,
699 0x01, 0x86, 0x03, 0x11, 0x06, 0x05, 0x5C, 0x01, 0x00, 0xD0, 0x08, 0x4B,
700 0x08, 0x01, 0x03, 0x08, 0x01, 0x0D, 0xD5, 0xD4, 0x01, 0x00, 0xCF, 0xD5,
701 0x01, 0x01, 0xCF, 0x28, 0x8B, 0x2D, 0x01, 0x86, 0x03, 0x11, 0x06, 0x08,
702 0x01, 0x00, 0xD0, 0xD3, 0x01, 0x01, 0xD0, 0x28, 0x4B, 0xD3, 0x16, 0x15,
703 0x29, 0x56, 0x06, 0x02, 0x28, 0x00, 0xD3, 0x1F, 0x29, 0x06, 0x05, 0x7D,
704 0x46, 0xCD, 0x04, 0x77, 0x28, 0x04, 0x6C, 0x00, 0x94, 0x01, 0x14, 0xD5,
705 0x01, 0x0C, 0xD4, 0x7D, 0x01, 0x0C, 0xCD, 0x00, 0x03, 0x03, 0x00, 0x01,
706 0x02, 0xD5, 0x01, 0x80, 0x46, 0x81, 0x2F, 0x01, 0x02, 0x0F, 0x06, 0x0C,
707 0x02, 0x00, 0x06, 0x04, 0x01, 0x05, 0x04, 0x02, 0x01, 0x1D, 0x04, 0x02,
708 0x01, 0x00, 0x03, 0x01, 0x7E, 0x2F, 0x06, 0x04, 0x01, 0x05, 0x04, 0x02,
709 0x01, 0x00, 0x03, 0x02, 0x02, 0x01, 0x02, 0x02, 0x08, 0x29, 0x06, 0x03,
710 0x01, 0x02, 0x08, 0x08, 0xD4, 0x8B, 0x2D, 0xD3, 0x84, 0x01, 0x04, 0x17,
711 0x84, 0x01, 0x04, 0x08, 0x01, 0x1C, 0x33, 0x84, 0x01, 0x20, 0xCD, 0x01,
712 0x20, 0xD5, 0x85, 0x01, 0x20, 0xCD, 0x70, 0x2D, 0xD3, 0x01, 0x00, 0xD5,
713 0x02, 0x01, 0x02, 0x02, 0x08, 0x29, 0x06, 0x29, 0xD3, 0x02, 0x01, 0x29,
714 0x06, 0x10, 0x01, 0x83, 0xFE, 0x01, 0xD3, 0x01, 0x04, 0x09, 0x29, 0xD3,
715 0x5B, 0x82, 0x46, 0xCE, 0x04, 0x01, 0x28, 0x02, 0x02, 0x06, 0x0C, 0x01,
716 0x01, 0xD3, 0x01, 0x01, 0xD3, 0x7E, 0x2F, 0x01, 0x08, 0x09, 0xD5, 0x04,
717 0x01, 0x28, 0x00, 0x00, 0x01, 0x0E, 0xD5, 0x01, 0x00, 0xD4, 0x00, 0x03,
718 0x70, 0x2D, 0xBF, 0x05, 0x01, 0x00, 0x76, 0x2E, 0x01, 0x00, 0x98, 0x12,
719 0x01, 0x01, 0x13, 0x58, 0x06, 0x03, 0x5A, 0x04, 0x75, 0x03, 0x00, 0x28,
720 0x02, 0x00, 0x24, 0x29, 0x56, 0x06, 0x02, 0x36, 0x2A, 0x03, 0x01, 0x8B,
721 0x2D, 0x01, 0x86, 0x03, 0x11, 0x03, 0x02, 0x01, 0x0C, 0xD5, 0x02, 0x01,
722 0x78, 0x2F, 0x08, 0x02, 0x02, 0x01, 0x02, 0x13, 0x08, 0x01, 0x06, 0x08,
723 0xD4, 0x01, 0x03, 0xD5, 0x02, 0x00, 0xD3, 0x77, 0x78, 0x2F, 0xCE, 0x02,
724 0x02, 0x06, 0x0D, 0x88, 0x2F, 0xD5, 0x70, 0x2D, 0xC0, 0x01, 0x01, 0x0C,
725 0x01, 0x03, 0x08, 0xD5, 0x02, 0x01, 0xD3, 0x7D, 0x02, 0x01, 0xCD, 0x00,
726 0x00, 0x4F, 0x29, 0x01, 0x00, 0x0F, 0x06, 0x02, 0x5D, 0x00, 0xC2, 0x28,
727 0x04, 0x73, 0x00, 0x29, 0xD5, 0xCD, 0x00, 0x00, 0x01, 0x00, 0x70, 0x2D,
728 0xBE, 0x06, 0x0C, 0x5C, 0x39, 0x06, 0x08, 0x01, 0x80, 0x41, 0xD5, 0x01,
729 0x80, 0x42, 0xD5, 0x45, 0x06, 0x07, 0x5A, 0x39, 0x06, 0x03, 0x01, 0x01,
730 0xD5, 0x44, 0x06, 0x08, 0x5A, 0x39, 0x06, 0x04, 0x01, 0x80, 0x40, 0xD5,
731 0x46, 0x28, 0x00, 0x01, 0x01, 0x00, 0x03, 0x00, 0x45, 0x44, 0x38, 0x05,
732 0x14, 0x01, 0x01, 0x01, 0x80, 0x7C, 0xD1, 0x03, 0x00, 0x01, 0x03, 0x01,
733 0x80, 0x7C, 0xD1, 0x02, 0x00, 0x08, 0x46, 0x28, 0x00, 0x45, 0x06, 0x07,
734 0x01, 0x01, 0x43, 0x28, 0xD1, 0x03, 0x00, 0x44, 0x06, 0x0A, 0x01, 0x03,
735 0x43, 0x28, 0xD1, 0x02, 0x00, 0x08, 0x03, 0x00, 0x28, 0x02, 0x00, 0x00,
736 0x00, 0x01, 0x00, 0x01, 0x04, 0xD2, 0x01, 0x05, 0xD2, 0x01, 0x06, 0xD2,
737 0x01, 0x03, 0xD2, 0x01, 0x02, 0xD2, 0x0A, 0x5D, 0x00, 0x01, 0x03, 0x00,
738 0x39, 0x01, 0x01, 0x02, 0x00, 0x0C, 0x13, 0x05, 0x01, 0x00, 0x5C, 0x01,
739 0x03, 0x3A, 0x06, 0x07, 0x02, 0x00, 0xD5, 0x01, 0x02, 0x3A, 0xD5, 0x00,
740 0x00, 0x29, 0x01, 0x08, 0x4D, 0xD5, 0xD5, 0x00, 0x00, 0x29, 0x01, 0x10,
741 0x4D, 0xD5, 0xD3, 0x00, 0x00, 0x29, 0x50, 0x06, 0x02, 0x28, 0x00, 0xC2,
742 0x28, 0x04, 0x76
743 };
744
745 static const uint16_t t0_caddr[] = {
746 0,
747 5,
748 10,
749 15,
750 20,
751 25,
752 30,
753 35,
754 39,
755 43,
756 47,
757 51,
758 55,
759 59,
760 63,
761 67,
762 71,
763 75,
764 79,
765 83,
766 87,
767 91,
768 95,
769 99,
770 104,
771 109,
772 114,
773 119,
774 124,
775 129,
776 134,
777 139,
778 144,
779 149,
780 154,
781 159,
782 164,
783 169,
784 175,
785 180,
786 185,
787 190,
788 195,
789 200,
790 205,
791 210,
792 215,
793 220,
794 225,
795 230,
796 235,
797 240,
798 245,
799 250,
800 255,
801 260,
802 265,
803 270,
804 275,
805 284,
806 288,
807 313,
808 319,
809 338,
810 349,
811 383,
812 490,
813 494,
814 527,
815 537,
816 605,
817 619,
818 625,
819 685,
820 704,
821 726,
822 775,
823 851,
824 953,
825 964,
826 1508,
827 1512,
828 1579,
829 1589,
830 1620,
831 1644,
832 1690,
833 1760,
834 1800,
835 1814,
836 1823,
837 1827,
838 1891,
839 1899,
840 1935,
841 1946,
842 1962,
843 1968,
844 1979,
845 2014,
846 2040,
847 2052,
848 2058,
849 2073,
850 2211,
851 2220,
852 2233,
853 2242,
854 2249,
855 2352,
856 2373,
857 2386,
858 2402,
859 2420,
860 2452,
861 2525,
862 2538,
863 2677,
864 2685,
865 2782,
866 2796,
867 2801,
868 2845,
869 2902,
870 2923,
871 2950,
872 2958,
873 2966
874 };
875
876 #define T0_INTERPRETED 86
877
878 #define T0_ENTER(ip, rp, slot) do { \
879 const unsigned char *t0_newip; \
880 uint32_t t0_lnum; \
881 t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \
882 t0_lnum = t0_parse7E_unsigned(&t0_newip); \
883 (rp) += t0_lnum; \
884 *((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \
885 (ip) = t0_newip; \
886 } while (0)
887
888 #define T0_DEFENTRY(name, slot) \
889 void \
890 name(void *ctx) \
891 { \
892 t0_context *t0ctx = ctx; \
893 t0ctx->ip = &t0_codeblock[0]; \
894 T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \
895 }
896
897 T0_DEFENTRY(br_ssl_hs_server_init_main, 155)
898
899 #define T0_NEXT(t0ipp) (*(*(t0ipp)) ++)
900
901 void
902 br_ssl_hs_server_run(void *t0ctx)
903 {
904 uint32_t *dp, *rp;
905 const unsigned char *ip;
906
907 #define T0_LOCAL(x) (*(rp - 2 - (x)))
908 #define T0_POP() (*-- dp)
909 #define T0_POPi() (*(int32_t *)(-- dp))
910 #define T0_PEEK(x) (*(dp - 1 - (x)))
911 #define T0_PEEKi(x) (*(int32_t *)(dp - 1 - (x)))
912 #define T0_PUSH(v) do { *dp = (v); dp ++; } while (0)
913 #define T0_PUSHi(v) do { *(int32_t *)dp = (v); dp ++; } while (0)
914 #define T0_RPOP() (*-- rp)
915 #define T0_RPOPi() (*(int32_t *)(-- rp))
916 #define T0_RPUSH(v) do { *rp = (v); rp ++; } while (0)
917 #define T0_RPUSHi(v) do { *(int32_t *)rp = (v); rp ++; } while (0)
918 #define T0_ROLL(x) do { \
919 size_t t0len = (size_t)(x); \
920 uint32_t t0tmp = *(dp - 1 - t0len); \
921 memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \
922 *(dp - 1) = t0tmp; \
923 } while (0)
924 #define T0_SWAP() do { \
925 uint32_t t0tmp = *(dp - 2); \
926 *(dp - 2) = *(dp - 1); \
927 *(dp - 1) = t0tmp; \
928 } while (0)
929 #define T0_ROT() do { \
930 uint32_t t0tmp = *(dp - 3); \
931 *(dp - 3) = *(dp - 2); \
932 *(dp - 2) = *(dp - 1); \
933 *(dp - 1) = t0tmp; \
934 } while (0)
935 #define T0_NROT() do { \
936 uint32_t t0tmp = *(dp - 1); \
937 *(dp - 1) = *(dp - 2); \
938 *(dp - 2) = *(dp - 3); \
939 *(dp - 3) = t0tmp; \
940 } while (0)
941 #define T0_PICK(x) do { \
942 uint32_t t0depth = (x); \
943 T0_PUSH(T0_PEEK(t0depth)); \
944 } while (0)
945 #define T0_CO() do { \
946 goto t0_exit; \
947 } while (0)
948 #define T0_RET() goto t0_next
949
950 dp = ((t0_context *)t0ctx)->dp;
951 rp = ((t0_context *)t0ctx)->rp;
952 ip = ((t0_context *)t0ctx)->ip;
953 goto t0_next;
954 for (;;) {
955 uint32_t t0x;
956
957 t0_next:
958 t0x = T0_NEXT(&ip);
959 if (t0x < T0_INTERPRETED) {
960 switch (t0x) {
961 int32_t t0off;
962
963 case 0: /* ret */
964 t0x = T0_RPOP();
965 rp -= (t0x >> 16);
966 t0x &= 0xFFFF;
967 if (t0x == 0) {
968 ip = NULL;
969 goto t0_exit;
970 }
971 ip = &t0_codeblock[t0x];
972 break;
973 case 1: /* literal constant */
974 T0_PUSHi(t0_parse7E_signed(&ip));
975 break;
976 case 2: /* read local */
977 T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip)));
978 break;
979 case 3: /* write local */
980 T0_LOCAL(t0_parse7E_unsigned(&ip)) = T0_POP();
981 break;
982 case 4: /* jump */
983 t0off = t0_parse7E_signed(&ip);
984 ip += t0off;
985 break;
986 case 5: /* jump if */
987 t0off = t0_parse7E_signed(&ip);
988 if (T0_POP()) {
989 ip += t0off;
990 }
991 break;
992 case 6: /* jump if not */
993 t0off = t0_parse7E_signed(&ip);
994 if (!T0_POP()) {
995 ip += t0off;
996 }
997 break;
998 case 7: {
999 /* * */
1000
1001 uint32_t b = T0_POP();
1002 uint32_t a = T0_POP();
1003 T0_PUSH(a * b);
1004
1005 }
1006 break;
1007 case 8: {
1008 /* + */
1009
1010 uint32_t b = T0_POP();
1011 uint32_t a = T0_POP();
1012 T0_PUSH(a + b);
1013
1014 }
1015 break;
1016 case 9: {
1017 /* - */
1018
1019 uint32_t b = T0_POP();
1020 uint32_t a = T0_POP();
1021 T0_PUSH(a - b);
1022
1023 }
1024 break;
1025 case 10: {
1026 /* -rot */
1027 T0_NROT();
1028 }
1029 break;
1030 case 11: {
1031 /* < */
1032
1033 int32_t b = T0_POPi();
1034 int32_t a = T0_POPi();
1035 T0_PUSH(-(uint32_t)(a < b));
1036
1037 }
1038 break;
1039 case 12: {
1040 /* << */
1041
1042 int c = (int)T0_POPi();
1043 uint32_t x = T0_POP();
1044 T0_PUSH(x << c);
1045
1046 }
1047 break;
1048 case 13: {
1049 /* <= */
1050
1051 int32_t b = T0_POPi();
1052 int32_t a = T0_POPi();
1053 T0_PUSH(-(uint32_t)(a <= b));
1054
1055 }
1056 break;
1057 case 14: {
1058 /* <> */
1059
1060 uint32_t b = T0_POP();
1061 uint32_t a = T0_POP();
1062 T0_PUSH(-(uint32_t)(a != b));
1063
1064 }
1065 break;
1066 case 15: {
1067 /* = */
1068
1069 uint32_t b = T0_POP();
1070 uint32_t a = T0_POP();
1071 T0_PUSH(-(uint32_t)(a == b));
1072
1073 }
1074 break;
1075 case 16: {
1076 /* > */
1077
1078 int32_t b = T0_POPi();
1079 int32_t a = T0_POPi();
1080 T0_PUSH(-(uint32_t)(a > b));
1081
1082 }
1083 break;
1084 case 17: {
1085 /* >= */
1086
1087 int32_t b = T0_POPi();
1088 int32_t a = T0_POPi();
1089 T0_PUSH(-(uint32_t)(a >= b));
1090
1091 }
1092 break;
1093 case 18: {
1094 /* >> */
1095
1096 int c = (int)T0_POPi();
1097 int32_t x = T0_POPi();
1098 T0_PUSHi(x >> c);
1099
1100 }
1101 break;
1102 case 19: {
1103 /* and */
1104
1105 uint32_t b = T0_POP();
1106 uint32_t a = T0_POP();
1107 T0_PUSH(a & b);
1108
1109 }
1110 break;
1111 case 20: {
1112 /* begin-cert */
1113
1114 if (ENG->chain_len == 0) {
1115 T0_PUSHi(-1);
1116 } else {
1117 ENG->cert_cur = ENG->chain->data;
1118 ENG->cert_len = ENG->chain->data_len;
1119 ENG->chain ++;
1120 ENG->chain_len --;
1121 T0_PUSH(ENG->cert_len);
1122 }
1123
1124 }
1125 break;
1126 case 21: {
1127 /* begin-ta-name */
1128
1129 const br_x500_name *dn;
1130 if (CTX->cur_dn_index >= CTX->num_tas) {
1131 T0_PUSHi(-1);
1132 } else {
1133 if (CTX->ta_names == NULL) {
1134 dn = &CTX->tas[CTX->cur_dn_index].dn;
1135 } else {
1136 dn = &CTX->ta_names[CTX->cur_dn_index];
1137 }
1138 CTX->cur_dn_index ++;
1139 CTX->cur_dn = dn->data;
1140 CTX->cur_dn_len = dn->len;
1141 T0_PUSH(CTX->cur_dn_len);
1142 }
1143
1144 }
1145 break;
1146 case 22: {
1147 /* begin-ta-name-list */
1148
1149 CTX->cur_dn_index = 0;
1150
1151 }
1152 break;
1153 case 23: {
1154 /* bzero */
1155
1156 size_t len = (size_t)T0_POP();
1157 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
1158 memset(addr, 0, len);
1159
1160 }
1161 break;
1162 case 24: {
1163 /* call-policy-handler */
1164
1165 int x;
1166 br_ssl_server_choices choices;
1167
1168 x = (*CTX->policy_vtable)->choose(
1169 CTX->policy_vtable, CTX, &choices);
1170 ENG->session.cipher_suite = choices.cipher_suite;
1171 CTX->sign_hash_id = choices.hash_id;
1172 ENG->chain = choices.chain;
1173 ENG->chain_len = choices.chain_len;
1174 T0_PUSHi(-(x != 0));
1175
1176 }
1177 break;
1178 case 25: {
1179 /* can-output? */
1180
1181 T0_PUSHi(-(ENG->hlen_out > 0));
1182
1183 }
1184 break;
1185 case 26: {
1186 /* check-resume */
1187
1188 if (ENG->session.session_id_len == 32
1189 && CTX->cache_vtable != NULL && (*CTX->cache_vtable)->load(
1190 CTX->cache_vtable, CTX, &ENG->session))
1191 {
1192 T0_PUSHi(-1);
1193 } else {
1194 T0_PUSH(0);
1195 }
1196
1197 }
1198 break;
1199 case 27: {
1200 /* co */
1201 T0_CO();
1202 }
1203 break;
1204 case 28: {
1205 /* compute-Finished-inner */
1206
1207 int prf_id = T0_POP();
1208 int from_client = T0_POPi();
1209 unsigned char seed[48];
1210 size_t seed_len;
1211
1212 br_tls_prf_impl prf = br_ssl_engine_get_PRF(ENG, prf_id);
1213 if (ENG->session.version >= BR_TLS12) {
1214 seed_len = br_multihash_out(&ENG->mhash, prf_id, seed);
1215 } else {
1216 br_multihash_out(&ENG->mhash, br_md5_ID, seed);
1217 br_multihash_out(&ENG->mhash, br_sha1_ID, seed + 16);
1218 seed_len = 36;
1219 }
1220 prf(ENG->pad, 12, ENG->session.master_secret,
1221 sizeof ENG->session.master_secret,
1222 from_client ? "client finished" : "server finished",
1223 seed, seed_len);
1224
1225 }
1226 break;
1227 case 29: {
1228 /* compute-hash-CV */
1229
1230 int i;
1231
1232 for (i = 1; i <= 6; i ++) {
1233 br_multihash_out(&ENG->mhash, i,
1234 ENG->pad + HASH_PAD_OFF[i - 1]);
1235 }
1236
1237 }
1238 break;
1239 case 30: {
1240 /* copy-cert-chunk */
1241
1242 size_t clen;
1243
1244 clen = ENG->cert_len;
1245 if (clen > sizeof ENG->pad) {
1246 clen = sizeof ENG->pad;
1247 }
1248 memcpy(ENG->pad, ENG->cert_cur, clen);
1249 ENG->cert_cur += clen;
1250 ENG->cert_len -= clen;
1251 T0_PUSH(clen);
1252
1253 }
1254 break;
1255 case 31: {
1256 /* copy-dn-chunk */
1257
1258 size_t clen;
1259
1260 clen = CTX->cur_dn_len;
1261 if (clen > sizeof ENG->pad) {
1262 clen = sizeof ENG->pad;
1263 }
1264 memcpy(ENG->pad, CTX->cur_dn, clen);
1265 CTX->cur_dn += clen;
1266 CTX->cur_dn_len -= clen;
1267 T0_PUSH(clen);
1268
1269 }
1270 break;
1271 case 32: {
1272 /* copy-hash-CV */
1273
1274 int id = T0_POP();
1275 size_t off, len;
1276
1277 if (id == 0) {
1278 off = 0;
1279 len = 36;
1280 } else {
1281 if (br_multihash_getimpl(&ENG->mhash, id) == 0) {
1282 T0_PUSH(0);
1283 T0_RET();
1284 }
1285 off = HASH_PAD_OFF[id - 1];
1286 len = HASH_PAD_OFF[id] - off;
1287 }
1288 memcpy(CTX->hash_CV, ENG->pad + off, len);
1289 CTX->hash_CV_len = len;
1290 CTX->hash_CV_id = id;
1291 T0_PUSHi(-1);
1292
1293 }
1294 break;
1295 case 33: {
1296 /* data-get8 */
1297
1298 size_t addr = T0_POP();
1299 T0_PUSH(t0_datablock[addr]);
1300
1301 }
1302 break;
1303 case 34: {
1304 /* discard-input */
1305
1306 ENG->hlen_in = 0;
1307
1308 }
1309 break;
1310 case 35: {
1311 /* do-ecdh */
1312
1313 int prf_id = T0_POPi();
1314 size_t len = T0_POP();
1315 do_ecdh(CTX, prf_id, ENG->pad, len);
1316
1317 }
1318 break;
1319 case 36: {
1320 /* do-ecdhe-part1 */
1321
1322 int curve = T0_POPi();
1323 T0_PUSHi(do_ecdhe_part1(CTX, curve));
1324
1325 }
1326 break;
1327 case 37: {
1328 /* do-ecdhe-part2 */
1329
1330 int prf_id = T0_POPi();
1331 size_t len = T0_POP();
1332 do_ecdhe_part2(CTX, prf_id, ENG->pad, len);
1333
1334 }
1335 break;
1336 case 38: {
1337 /* do-rsa-decrypt */
1338
1339 int prf_id = T0_POPi();
1340 size_t len = T0_POP();
1341 do_rsa_decrypt(CTX, prf_id, ENG->pad, len);
1342
1343 }
1344 break;
1345 case 39: {
1346 /* do-static-ecdh */
1347
1348 do_static_ecdh(CTX, T0_POP());
1349
1350 }
1351 break;
1352 case 40: {
1353 /* drop */
1354 (void)T0_POP();
1355 }
1356 break;
1357 case 41: {
1358 /* dup */
1359 T0_PUSH(T0_PEEK(0));
1360 }
1361 break;
1362 case 42: {
1363 /* fail */
1364
1365 br_ssl_engine_fail(ENG, (int)T0_POPi());
1366 T0_CO();
1367
1368 }
1369 break;
1370 case 43: {
1371 /* flush-record */
1372
1373 br_ssl_engine_flush_record(ENG);
1374
1375 }
1376 break;
1377 case 44: {
1378 /* get-key-type-usages */
1379
1380 const br_x509_class *xc;
1381 const br_x509_pkey *pk;
1382 unsigned usages;
1383
1384 xc = *(ENG->x509ctx);
1385 pk = xc->get_pkey(ENG->x509ctx, &usages);
1386 if (pk == NULL) {
1387 T0_PUSH(0);
1388 } else {
1389 T0_PUSH(pk->key_type | usages);
1390 }
1391
1392 }
1393 break;
1394 case 45: {
1395 /* get16 */
1396
1397 size_t addr = (size_t)T0_POP();
1398 T0_PUSH(*(uint16_t *)((unsigned char *)ENG + addr));
1399
1400 }
1401 break;
1402 case 46: {
1403 /* get32 */
1404
1405 size_t addr = (size_t)T0_POP();
1406 T0_PUSH(*(uint32_t *)((unsigned char *)ENG + addr));
1407
1408 }
1409 break;
1410 case 47: {
1411 /* get8 */
1412
1413 size_t addr = (size_t)T0_POP();
1414 T0_PUSH(*((unsigned char *)ENG + addr));
1415
1416 }
1417 break;
1418 case 48: {
1419 /* has-input? */
1420
1421 T0_PUSHi(-(ENG->hlen_in != 0));
1422
1423 }
1424 break;
1425 case 49: {
1426 /* memcmp */
1427
1428 size_t len = (size_t)T0_POP();
1429 void *addr2 = (unsigned char *)ENG + (size_t)T0_POP();
1430 void *addr1 = (unsigned char *)ENG + (size_t)T0_POP();
1431 int x = memcmp(addr1, addr2, len);
1432 T0_PUSH((uint32_t)-(x == 0));
1433
1434 }
1435 break;
1436 case 50: {
1437 /* memcpy */
1438
1439 size_t len = (size_t)T0_POP();
1440 void *src = (unsigned char *)ENG + (size_t)T0_POP();
1441 void *dst = (unsigned char *)ENG + (size_t)T0_POP();
1442 memcpy(dst, src, len);
1443
1444 }
1445 break;
1446 case 51: {
1447 /* mkrand */
1448
1449 size_t len = (size_t)T0_POP();
1450 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
1451 br_hmac_drbg_generate(&ENG->rng, addr, len);
1452
1453 }
1454 break;
1455 case 52: {
1456 /* more-incoming-bytes? */
1457
1458 T0_PUSHi(ENG->hlen_in != 0 || !br_ssl_engine_recvrec_finished(ENG));
1459
1460 }
1461 break;
1462 case 53: {
1463 /* multihash-init */
1464
1465 br_multihash_init(&ENG->mhash);
1466
1467 }
1468 break;
1469 case 54: {
1470 /* neg */
1471
1472 uint32_t a = T0_POP();
1473 T0_PUSH(-a);
1474
1475 }
1476 break;
1477 case 55: {
1478 /* not */
1479
1480 uint32_t a = T0_POP();
1481 T0_PUSH(~a);
1482
1483 }
1484 break;
1485 case 56: {
1486 /* or */
1487
1488 uint32_t b = T0_POP();
1489 uint32_t a = T0_POP();
1490 T0_PUSH(a | b);
1491
1492 }
1493 break;
1494 case 57: {
1495 /* over */
1496 T0_PUSH(T0_PEEK(1));
1497 }
1498 break;
1499 case 58: {
1500 /* pick */
1501 T0_PICK(T0_POP());
1502 }
1503 break;
1504 case 59: {
1505 /* read-chunk-native */
1506
1507 size_t clen = ENG->hlen_in;
1508 if (clen > 0) {
1509 uint32_t addr, len;
1510
1511 len = T0_POP();
1512 addr = T0_POP();
1513 if ((size_t)len < clen) {
1514 clen = (size_t)len;
1515 }
1516 memcpy((unsigned char *)ENG + addr, ENG->hbuf_in, clen);
1517 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1518 br_multihash_update(&ENG->mhash, ENG->hbuf_in, clen);
1519 }
1520 T0_PUSH(addr + (uint32_t)clen);
1521 T0_PUSH(len - (uint32_t)clen);
1522 ENG->hbuf_in += clen;
1523 ENG->hlen_in -= clen;
1524 }
1525
1526 }
1527 break;
1528 case 60: {
1529 /* read8-native */
1530
1531 if (ENG->hlen_in > 0) {
1532 unsigned char x;
1533
1534 x = *ENG->hbuf_in ++;
1535 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1536 br_multihash_update(&ENG->mhash, &x, 1);
1537 }
1538 T0_PUSH(x);
1539 ENG->hlen_in --;
1540 } else {
1541 T0_PUSHi(-1);
1542 }
1543
1544 }
1545 break;
1546 case 61: {
1547 /* save-session */
1548
1549 if (CTX->cache_vtable != NULL) {
1550 (*CTX->cache_vtable)->save(
1551 CTX->cache_vtable, CTX, &ENG->session);
1552 }
1553
1554 }
1555 break;
1556 case 62: {
1557 /* set-max-frag-len */
1558
1559 size_t max_frag_len = T0_POP();
1560
1561 br_ssl_engine_new_max_frag_len(ENG, max_frag_len);
1562
1563 /*
1564 * We must adjust our own output limit. Since we call this only
1565 * after receiving a ClientHello and before beginning to send
1566 * the ServerHello, the next output record should be empty at
1567 * that point, so we can use max_frag_len as a limit.
1568 */
1569 if (ENG->hlen_out > max_frag_len) {
1570 ENG->hlen_out = max_frag_len;
1571 }
1572
1573 }
1574 break;
1575 case 63: {
1576 /* set16 */
1577
1578 size_t addr = (size_t)T0_POP();
1579 *(uint16_t *)((unsigned char *)ENG + addr) = (uint16_t)T0_POP();
1580
1581 }
1582 break;
1583 case 64: {
1584 /* set32 */
1585
1586 size_t addr = (size_t)T0_POP();
1587 *(uint32_t *)((unsigned char *)ENG + addr) = (uint32_t)T0_POP();
1588
1589 }
1590 break;
1591 case 65: {
1592 /* set8 */
1593
1594 size_t addr = (size_t)T0_POP();
1595 *((unsigned char *)ENG + addr) = (unsigned char)T0_POP();
1596
1597 }
1598 break;
1599 case 66: {
1600 /* supported-curves */
1601
1602 uint32_t x = ENG->iec == NULL ? 0 : ENG->iec->supported_curves;
1603 T0_PUSH(x);
1604
1605 }
1606 break;
1607 case 67: {
1608 /* supported-hash-functions */
1609
1610 int i;
1611 unsigned x, num;
1612
1613 x = 0;
1614 num = 0;
1615 for (i = br_sha1_ID; i <= br_sha512_ID; i ++) {
1616 if (br_multihash_getimpl(&ENG->mhash, i)) {
1617 x |= 1U << i;
1618 num ++;
1619 }
1620 }
1621 T0_PUSH(x);
1622 T0_PUSH(num);
1623
1624 }
1625 break;
1626 case 68: {
1627 /* supports-ecdsa? */
1628
1629 T0_PUSHi(-(ENG->iecdsa != 0));
1630
1631 }
1632 break;
1633 case 69: {
1634 /* supports-rsa-sign? */
1635
1636 T0_PUSHi(-(ENG->irsavrfy != 0));
1637
1638 }
1639 break;
1640 case 70: {
1641 /* swap */
1642 T0_SWAP();
1643 }
1644 break;
1645 case 71: {
1646 /* switch-aesgcm-in */
1647
1648 int is_client, prf_id;
1649 unsigned cipher_key_len;
1650
1651 cipher_key_len = T0_POP();
1652 prf_id = T0_POP();
1653 is_client = T0_POP();
1654 br_ssl_engine_switch_gcm_in(ENG, is_client, prf_id,
1655 ENG->iaes_ctr, cipher_key_len);
1656
1657 }
1658 break;
1659 case 72: {
1660 /* switch-aesgcm-out */
1661
1662 int is_client, prf_id;
1663 unsigned cipher_key_len;
1664
1665 cipher_key_len = T0_POP();
1666 prf_id = T0_POP();
1667 is_client = T0_POP();
1668 br_ssl_engine_switch_gcm_out(ENG, is_client, prf_id,
1669 ENG->iaes_ctr, cipher_key_len);
1670
1671 }
1672 break;
1673 case 73: {
1674 /* switch-cbc-in */
1675
1676 int is_client, prf_id, mac_id, aes;
1677 unsigned cipher_key_len;
1678
1679 cipher_key_len = T0_POP();
1680 aes = T0_POP();
1681 mac_id = T0_POP();
1682 prf_id = T0_POP();
1683 is_client = T0_POP();
1684 br_ssl_engine_switch_cbc_in(ENG, is_client, prf_id, mac_id,
1685 aes ? ENG->iaes_cbcdec : ENG->ides_cbcdec, cipher_key_len);
1686
1687 }
1688 break;
1689 case 74: {
1690 /* switch-cbc-out */
1691
1692 int is_client, prf_id, mac_id, aes;
1693 unsigned cipher_key_len;
1694
1695 cipher_key_len = T0_POP();
1696 aes = T0_POP();
1697 mac_id = T0_POP();
1698 prf_id = T0_POP();
1699 is_client = T0_POP();
1700 br_ssl_engine_switch_cbc_out(ENG, is_client, prf_id, mac_id,
1701 aes ? ENG->iaes_cbcenc : ENG->ides_cbcenc, cipher_key_len);
1702
1703 }
1704 break;
1705 case 75: {
1706 /* ta-names-total-length */
1707
1708 size_t u, len;
1709
1710 len = 0;
1711 if (CTX->ta_names != NULL) {
1712 for (u = 0; u < CTX->num_tas; u ++) {
1713 len += CTX->ta_names[u].len + 2;
1714 }
1715 } else if (CTX->tas != NULL) {
1716 for (u = 0; u < CTX->num_tas; u ++) {
1717 len += CTX->tas[u].dn.len + 2;
1718 }
1719 }
1720 T0_PUSH(len);
1721
1722 }
1723 break;
1724 case 76: {
1725 /* total-chain-length */
1726
1727 size_t u;
1728 uint32_t total;
1729
1730 total = 0;
1731 for (u = 0; u < ENG->chain_len; u ++) {
1732 total += 3 + (uint32_t)ENG->chain[u].data_len;
1733 }
1734 T0_PUSH(total);
1735
1736 }
1737 break;
1738 case 77: {
1739 /* u>> */
1740
1741 int c = (int)T0_POPi();
1742 uint32_t x = T0_POP();
1743 T0_PUSH(x >> c);
1744
1745 }
1746 break;
1747 case 78: {
1748 /* verify-CV-sig */
1749
1750 int err;
1751
1752 err = verify_CV_sig(CTX, T0_POP());
1753 T0_PUSHi(err);
1754
1755 }
1756 break;
1757 case 79: {
1758 /* write-blob-chunk */
1759
1760 size_t clen = ENG->hlen_out;
1761 if (clen > 0) {
1762 uint32_t addr, len;
1763
1764 len = T0_POP();
1765 addr = T0_POP();
1766 if ((size_t)len < clen) {
1767 clen = (size_t)len;
1768 }
1769 memcpy(ENG->hbuf_out, (unsigned char *)ENG + addr, clen);
1770 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1771 br_multihash_update(&ENG->mhash, ENG->hbuf_out, clen);
1772 }
1773 T0_PUSH(addr + (uint32_t)clen);
1774 T0_PUSH(len - (uint32_t)clen);
1775 ENG->hbuf_out += clen;
1776 ENG->hlen_out -= clen;
1777 }
1778
1779 }
1780 break;
1781 case 80: {
1782 /* write8-native */
1783
1784 unsigned char x;
1785
1786 x = (unsigned char)T0_POP();
1787 if (ENG->hlen_out > 0) {
1788 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1789 br_multihash_update(&ENG->mhash, &x, 1);
1790 }
1791 *ENG->hbuf_out ++ = x;
1792 ENG->hlen_out --;
1793 T0_PUSHi(-1);
1794 } else {
1795 T0_PUSHi(0);
1796 }
1797
1798 }
1799 break;
1800 case 81: {
1801 /* x509-append */
1802
1803 const br_x509_class *xc;
1804 size_t len;
1805
1806 xc = *(ENG->x509ctx);
1807 len = T0_POP();
1808 xc->append(ENG->x509ctx, ENG->pad, len);
1809
1810 }
1811 break;
1812 case 82: {
1813 /* x509-end-cert */
1814
1815 const br_x509_class *xc;
1816
1817 xc = *(ENG->x509ctx);
1818 xc->end_cert(ENG->x509ctx);
1819
1820 }
1821 break;
1822 case 83: {
1823 /* x509-end-chain */
1824
1825 const br_x509_class *xc;
1826
1827 xc = *(ENG->x509ctx);
1828 T0_PUSH(xc->end_chain(ENG->x509ctx));
1829
1830 }
1831 break;
1832 case 84: {
1833 /* x509-start-cert */
1834
1835 const br_x509_class *xc;
1836
1837 xc = *(ENG->x509ctx);
1838 xc->start_cert(ENG->x509ctx, T0_POP());
1839
1840 }
1841 break;
1842 case 85: {
1843 /* x509-start-chain */
1844
1845 const br_x509_class *xc;
1846 uint32_t bc;
1847
1848 bc = T0_POP();
1849 xc = *(ENG->x509ctx);
1850 xc->start_chain(ENG->x509ctx, bc ? ENG->server_name : NULL);
1851
1852 }
1853 break;
1854 }
1855
1856 } else {
1857 T0_ENTER(ip, rp, t0x);
1858 }
1859 }
1860 t0_exit:
1861 ((t0_context *)t0ctx)->dp = dp;
1862 ((t0_context *)t0ctx)->rp = rp;
1863 ((t0_context *)t0ctx)->ip = ip;
1864 }
The BearSSL library and tools.