1 /* Automatically generated code; do not modify directly. */
9 const unsigned char *ip
;
13 t0_parse7E_unsigned(const unsigned char **p
)
22 x
= (x
<< 7) | (uint32_t)(y
& 0x7F);
30 t0_parse7E_signed(const unsigned char **p
)
35 neg
= ((**p
) >> 6) & 1;
41 x
= (x
<< 7) | (uint32_t)(y
& 0x7F);
44 return -(int32_t)~x
- 1;
52 #define T0_VBYTE(x, n) (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) | 0x80)
53 #define T0_FBYTE(x, n) (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)
54 #define T0_SBYTE(x) (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)
55 #define T0_INT1(x) T0_FBYTE(x, 0)
56 #define T0_INT2(x) T0_VBYTE(x, 7), T0_FBYTE(x, 0)
57 #define T0_INT3(x) T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
58 #define T0_INT4(x) T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
59 #define T0_INT5(x) T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
61 /* static const unsigned char t0_datablock[]; */
64 void br_ssl_hs_client_init_main(void *t0ctx
);
66 void br_ssl_hs_client_run(void *t0ctx
);
76 * This macro evaluates to a pointer to the current engine context.
78 #define ENG ((br_ssl_engine_context *)((unsigned char *)t0ctx - offsetof(br_ssl_engine_context, cpu)))
85 * This macro evaluates to a pointer to the client context, under that
86 * specific name. It must be noted that since the engine context is the
87 * first field of the br_ssl_client_context structure ('eng'), then
88 * pointers values of both types are interchangeable, modulo an
89 * appropriate cast. This also means that "adresses" computed as offsets
90 * within the structure work for both kinds of context.
92 #define CTX ((br_ssl_client_context *)ENG)
95 * Generate the pre-master secret for RSA key exchange, and encrypt it
96 * with the server's public key. Returned value is either the encrypted
97 * data length (in bytes), or -x on error, with 'x' being an error code.
99 * This code assumes that the public key has been already verified (it
100 * was properly obtained by the X.509 engine, and it has the right type,
101 * i.e. it is of type RSA and suitable for encryption).
104 make_pms_rsa(br_ssl_client_context
*ctx
, int prf_id
)
106 const br_x509_class
**xc
;
107 const br_x509_pkey
*pk
;
108 const unsigned char *n
;
112 xc
= ctx
->eng
.x509ctx
;
113 pk
= (*xc
)->get_pkey(xc
, NULL
);
116 * Compute actual RSA key length, in case there are leading zeros.
119 nlen
= pk
->key
.rsa
.nlen
;
120 while (nlen
> 0 && *n
== 0) {
126 * We need at least 59 bytes (48 bytes for pre-master secret, and
127 * 11 bytes for the PKCS#1 type 2 padding). Note that the X.509
128 * minimal engine normally blocks RSA keys shorter than 128 bytes,
129 * so this is mostly for public keys provided explicitly by the
133 return -BR_ERR_X509_WEAK_PUBLIC_KEY
;
135 if (nlen
> sizeof ctx
->eng
.pad
) {
136 return -BR_ERR_LIMIT_EXCEEDED
;
142 pms
= ctx
->eng
.pad
+ nlen
- 48;
143 br_enc16be(pms
, ctx
->eng
.version_max
);
144 br_hmac_drbg_generate(&ctx
->eng
.rng
, pms
+ 2, 46);
145 br_ssl_engine_compute_master(&ctx
->eng
, prf_id
, pms
, 48);
148 * Apply PKCS#1 type 2 padding.
150 ctx
->eng
.pad
[0] = 0x00;
151 ctx
->eng
.pad
[1] = 0x02;
152 ctx
->eng
.pad
[nlen
- 49] = 0x00;
153 br_hmac_drbg_generate(&ctx
->eng
.rng
, ctx
->eng
.pad
+ 2, nlen
- 51);
154 for (u
= 2; u
< nlen
- 49; u
++) {
155 while (ctx
->eng
.pad
[u
] == 0) {
156 br_hmac_drbg_generate(&ctx
->eng
.rng
,
157 &ctx
->eng
.pad
[u
], 1);
162 * Compute RSA encryption.
164 if (!ctx
->irsapub(ctx
->eng
.pad
, nlen
, &pk
->key
.rsa
)) {
165 return -BR_ERR_LIMIT_EXCEEDED
;
171 * OID for hash functions in RSA signatures.
173 static const unsigned char *HASH_OID
[] = {
182 * Check the RSA signature on the ServerKeyExchange message.
184 * hash hash function ID (2 to 6), or 0 for MD5+SHA-1 (with RSA only)
185 * use_rsa non-zero for RSA signature, zero for ECDSA
186 * sig_len signature length (in bytes); signature value is in the pad
188 * Returned value is 0 on success, or an error code.
191 verify_SKE_sig(br_ssl_client_context
*ctx
,
192 int hash
, int use_rsa
, size_t sig_len
)
194 const br_x509_class
**xc
;
195 const br_x509_pkey
*pk
;
196 br_multihash_context mhc
;
197 unsigned char hv
[64], head
[4];
200 xc
= ctx
->eng
.x509ctx
;
201 pk
= (*xc
)->get_pkey(xc
, NULL
);
202 br_multihash_zero(&mhc
);
203 br_multihash_copyimpl(&mhc
, &ctx
->eng
.mhash
);
204 br_multihash_init(&mhc
);
205 br_multihash_update(&mhc
,
206 ctx
->eng
.client_random
, sizeof ctx
->eng
.client_random
);
207 br_multihash_update(&mhc
,
208 ctx
->eng
.server_random
, sizeof ctx
->eng
.server_random
);
211 head
[2] = ctx
->eng
.ecdhe_curve
;
212 head
[3] = ctx
->eng
.ecdhe_point_len
;
213 br_multihash_update(&mhc
, head
, sizeof head
);
214 br_multihash_update(&mhc
,
215 ctx
->eng
.ecdhe_point
, ctx
->eng
.ecdhe_point_len
);
217 hv_len
= br_multihash_out(&mhc
, hash
, hv
);
219 return BR_ERR_INVALID_ALGORITHM
;
222 if (!br_multihash_out(&mhc
, br_md5_ID
, hv
)
223 || !br_multihash_out(&mhc
, br_sha1_ID
, hv
+ 16))
225 return BR_ERR_INVALID_ALGORITHM
;
230 unsigned char tmp
[64];
231 const unsigned char *hash_oid
;
234 hash_oid
= HASH_OID
[hash
- 2];
238 if (!ctx
->eng
.irsavrfy(ctx
->eng
.pad
, sig_len
,
239 hash_oid
, hv_len
, &pk
->key
.rsa
, tmp
)
240 || memcmp(tmp
, hv
, hv_len
) != 0)
242 return BR_ERR_BAD_SIGNATURE
;
245 if (!ctx
->eng
.iecdsa(ctx
->eng
.iec
, hv
, hv_len
, &pk
->key
.ec
,
246 ctx
->eng
.pad
, sig_len
))
248 return BR_ERR_BAD_SIGNATURE
;
255 * Perform client-side ECDH (or ECDHE). The point that should be sent to
256 * the server is written in the pad; returned value is either the point
257 * length (in bytes), or -x on error, with 'x' being an error code.
259 * The point _from_ the server is taken from ecdhe_point[] if 'ecdhe'
260 * is non-zero, or from the X.509 engine context if 'ecdhe' is zero
264 make_pms_ecdh(br_ssl_client_context
*ctx
, unsigned ecdhe
, int prf_id
)
267 unsigned char key
[66], point
[133];
268 const unsigned char *order
, *point_src
;
269 size_t glen
, olen
, point_len
, xoff
, xlen
;
273 curve
= ctx
->eng
.ecdhe_curve
;
274 point_src
= ctx
->eng
.ecdhe_point
;
275 point_len
= ctx
->eng
.ecdhe_point_len
;
277 const br_x509_class
**xc
;
278 const br_x509_pkey
*pk
;
280 xc
= ctx
->eng
.x509ctx
;
281 pk
= (*xc
)->get_pkey(xc
, NULL
);
282 curve
= pk
->key
.ec
.curve
;
283 point_src
= pk
->key
.ec
.q
;
284 point_len
= pk
->key
.ec
.qlen
;
286 if ((ctx
->eng
.iec
->supported_curves
& ((uint32_t)1 << curve
)) == 0) {
287 return -BR_ERR_INVALID_ALGORITHM
;
291 * We need to generate our key, as a non-zero random value which
292 * is lower than the curve order, in a "large enough" range. We
293 * force top bit to 0 and bottom bit to 1, which guarantees that
294 * the value is in the proper range.
296 order
= ctx
->eng
.iec
->order(curve
, &olen
);
298 while (mask
>= order
[0]) {
301 br_hmac_drbg_generate(&ctx
->eng
.rng
, key
, olen
);
303 key
[olen
- 1] |= 0x01;
306 * Compute the common ECDH point, whose X coordinate is the
309 ctx
->eng
.iec
->generator(curve
, &glen
);
310 if (glen
!= point_len
) {
311 return -BR_ERR_INVALID_ALGORITHM
;
314 memcpy(point
, point_src
, glen
);
315 if (!ctx
->eng
.iec
->mul(point
, glen
, key
, olen
, curve
)) {
316 return -BR_ERR_INVALID_ALGORITHM
;
320 * The pre-master secret is the X coordinate.
322 xoff
= ctx
->eng
.iec
->xoff(curve
, &xlen
);
323 br_ssl_engine_compute_master(&ctx
->eng
, prf_id
, point
+ xoff
, xlen
);
325 ctx
->eng
.iec
->mulgen(point
, key
, olen
, curve
);
326 memcpy(ctx
->eng
.pad
, point
, glen
);
331 * Perform full static ECDH. This occurs only in the context of client
332 * authentication with certificates: the server uses an EC public key,
333 * the cipher suite is of type ECDH (not ECDHE), the server requested a
334 * client certificate and accepts static ECDH, the client has a
335 * certificate with an EC public key in the same curve, and accepts
336 * static ECDH as well.
338 * Returned value is 0 on success, -1 on error.
341 make_pms_static_ecdh(br_ssl_client_context
*ctx
, int prf_id
)
343 unsigned char point
[133];
345 const br_x509_class
**xc
;
346 const br_x509_pkey
*pk
;
348 xc
= ctx
->eng
.x509ctx
;
349 pk
= (*xc
)->get_pkey(xc
, NULL
);
350 point_len
= pk
->key
.ec
.qlen
;
351 if (point_len
> sizeof point
) {
354 memcpy(point
, pk
->key
.ec
.q
, point_len
);
355 if (!(*ctx
->client_auth_vtable
)->do_keyx(
356 ctx
->client_auth_vtable
, point
, &point_len
))
360 br_ssl_engine_compute_master(&ctx
->eng
,
361 prf_id
, point
, point_len
);
366 * Compute the client-side signature. This is invoked only when a
367 * signature-based client authentication was selected. The computed
368 * signature is in the pad; its length (in bytes) is returned. On
369 * error, 0 is returned.
372 make_client_sign(br_ssl_client_context
*ctx
)
377 * Compute hash of handshake messages so far. This "cannot" fail
378 * because the list of supported hash functions provided to the
379 * client certificate handler was trimmed to include only the
380 * hash functions that the multi-hasher supports.
383 hv_len
= br_multihash_out(&ctx
->eng
.mhash
,
384 ctx
->hash_id
, ctx
->eng
.pad
);
386 br_multihash_out(&ctx
->eng
.mhash
,
387 br_md5_ID
, ctx
->eng
.pad
);
388 br_multihash_out(&ctx
->eng
.mhash
,
389 br_sha1_ID
, ctx
->eng
.pad
+ 16);
392 return (*ctx
->client_auth_vtable
)->do_sign(
393 ctx
->client_auth_vtable
, ctx
->hash_id
, hv_len
,
394 ctx
->eng
.pad
, sizeof ctx
->eng
.pad
);
399 static const unsigned char t0_datablock
[] = {
400 0x00, 0x00, 0x0A, 0x00, 0x24, 0x00, 0x2F, 0x01, 0x24, 0x00, 0x35, 0x02,
401 0x24, 0x00, 0x3C, 0x01, 0x44, 0x00, 0x3D, 0x02, 0x44, 0x00, 0x9C, 0x03,
402 0x04, 0x00, 0x9D, 0x04, 0x05, 0xC0, 0x03, 0x40, 0x24, 0xC0, 0x04, 0x41,
403 0x24, 0xC0, 0x05, 0x42, 0x24, 0xC0, 0x08, 0x20, 0x24, 0xC0, 0x09, 0x21,
404 0x24, 0xC0, 0x0A, 0x22, 0x24, 0xC0, 0x0D, 0x30, 0x24, 0xC0, 0x0E, 0x31,
405 0x24, 0xC0, 0x0F, 0x32, 0x24, 0xC0, 0x12, 0x10, 0x24, 0xC0, 0x13, 0x11,
406 0x24, 0xC0, 0x14, 0x12, 0x24, 0xC0, 0x23, 0x21, 0x44, 0xC0, 0x24, 0x22,
407 0x55, 0xC0, 0x25, 0x41, 0x44, 0xC0, 0x26, 0x42, 0x55, 0xC0, 0x27, 0x11,
408 0x44, 0xC0, 0x28, 0x12, 0x55, 0xC0, 0x29, 0x31, 0x44, 0xC0, 0x2A, 0x32,
409 0x55, 0xC0, 0x2B, 0x23, 0x04, 0xC0, 0x2C, 0x24, 0x05, 0xC0, 0x2D, 0x43,
410 0x04, 0xC0, 0x2E, 0x44, 0x05, 0xC0, 0x2F, 0x13, 0x04, 0xC0, 0x30, 0x14,
411 0x05, 0xC0, 0x31, 0x33, 0x04, 0xC0, 0x32, 0x34, 0x05, 0xCC, 0xA8, 0x15,
412 0x04, 0xCC, 0xA9, 0x25, 0x04, 0x00, 0x00
415 static const unsigned char t0_codeblock
[] = {
416 0x00, 0x01, 0x00, 0x0A, 0x00, 0x00, 0x01, 0x00, 0x0D, 0x00, 0x00, 0x01,
417 0x00, 0x0E, 0x00, 0x00, 0x01, 0x00, 0x0F, 0x00, 0x00, 0x01, 0x01, 0x08,
418 0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x02, 0x08, 0x00, 0x00,
419 0x01, 0x02, 0x09, 0x00, 0x00, 0x25, 0x25, 0x00, 0x00, 0x01,
420 T0_INT1(BR_ERR_BAD_CCS
), 0x00, 0x00, 0x01,
421 T0_INT1(BR_ERR_BAD_CIPHER_SUITE
), 0x00, 0x00, 0x01,
422 T0_INT1(BR_ERR_BAD_COMPRESSION
), 0x00, 0x00, 0x01,
423 T0_INT1(BR_ERR_BAD_FINISHED
), 0x00, 0x00, 0x01,
424 T0_INT1(BR_ERR_BAD_FRAGLEN
), 0x00, 0x00, 0x01,
425 T0_INT1(BR_ERR_BAD_HANDSHAKE
), 0x00, 0x00, 0x01,
426 T0_INT1(BR_ERR_BAD_HELLO_DONE
), 0x00, 0x00, 0x01,
427 T0_INT1(BR_ERR_BAD_PARAM
), 0x00, 0x00, 0x01,
428 T0_INT1(BR_ERR_BAD_SECRENEG
), 0x00, 0x00, 0x01,
429 T0_INT1(BR_ERR_BAD_SNI
), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_BAD_VERSION
),
430 0x00, 0x00, 0x01, T0_INT1(BR_ERR_EXTRA_EXTENSION
), 0x00, 0x00, 0x01,
431 T0_INT1(BR_ERR_INVALID_ALGORITHM
), 0x00, 0x00, 0x01,
432 T0_INT1(BR_ERR_LIMIT_EXCEEDED
), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OK
),
433 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OVERSIZED_ID
), 0x00, 0x00, 0x01,
434 T0_INT1(BR_ERR_RESUME_MISMATCH
), 0x00, 0x00, 0x01,
435 T0_INT1(BR_ERR_UNEXPECTED
), 0x00, 0x00, 0x01,
436 T0_INT1(BR_ERR_UNSUPPORTED_VERSION
), 0x00, 0x00, 0x01,
437 T0_INT1(BR_ERR_WRONG_KEY_USAGE
), 0x00, 0x00, 0x01,
438 T0_INT2(offsetof(br_ssl_engine_context
, action
)), 0x00, 0x00, 0x01,
439 T0_INT2(offsetof(br_ssl_engine_context
, alert
)), 0x00, 0x00, 0x01,
440 T0_INT2(offsetof(br_ssl_engine_context
, application_data
)), 0x00, 0x00,
441 0x01, T0_INT2(offsetof(br_ssl_client_context
, auth_type
)), 0x00, 0x00,
443 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, cipher_suite
)),
445 T0_INT2(offsetof(br_ssl_engine_context
, client_random
)), 0x00, 0x00,
446 0x01, T0_INT2(offsetof(br_ssl_engine_context
, close_received
)), 0x00,
447 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, ecdhe_curve
)),
449 T0_INT2(offsetof(br_ssl_engine_context
, ecdhe_point
)), 0x00, 0x00,
450 0x01, T0_INT2(offsetof(br_ssl_engine_context
, ecdhe_point_len
)), 0x00,
451 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, flags
)), 0x00,
452 0x00, 0x01, T0_INT2(offsetof(br_ssl_client_context
, hash_id
)), 0x00,
453 0x00, 0x01, T0_INT2(offsetof(br_ssl_client_context
, hashes
)), 0x00,
454 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, log_max_frag_len
)),
456 T0_INT2(offsetof(br_ssl_client_context
, min_clienthello_len
)), 0x00,
457 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, pad
)), 0x00, 0x00,
458 0x01, T0_INT2(offsetof(br_ssl_engine_context
, protocol_names_num
)),
460 T0_INT2(offsetof(br_ssl_engine_context
, record_type_in
)), 0x00, 0x00,
461 0x01, T0_INT2(offsetof(br_ssl_engine_context
, record_type_out
)), 0x00,
462 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, reneg
)), 0x00,
463 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, saved_finished
)),
465 T0_INT2(offsetof(br_ssl_engine_context
, selected_protocol
)), 0x00,
466 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, server_name
)),
468 T0_INT2(offsetof(br_ssl_engine_context
, server_random
)), 0x00, 0x00,
470 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, session_id
)),
472 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, session_id_len
)),
474 T0_INT2(offsetof(br_ssl_engine_context
, shutdown_recv
)), 0x00, 0x00,
475 0x01, T0_INT2(offsetof(br_ssl_engine_context
, suites_buf
)), 0x00, 0x00,
476 0x01, T0_INT2(offsetof(br_ssl_engine_context
, suites_num
)), 0x00, 0x00,
478 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, version
)),
479 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, version_in
)),
481 T0_INT2(offsetof(br_ssl_engine_context
, version_max
)), 0x00, 0x00,
482 0x01, T0_INT2(offsetof(br_ssl_engine_context
, version_min
)), 0x00,
483 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, version_out
)),
484 0x00, 0x00, 0x09, 0x26, 0x56, 0x06, 0x02, 0x66, 0x28, 0x00, 0x00, 0x06,
485 0x08, 0x2C, 0x0E, 0x05, 0x02, 0x6F, 0x28, 0x04, 0x01, 0x3C, 0x00, 0x00,
486 0x01, 0x01, 0x00, 0x01, 0x03, 0x00, 0x97, 0x26, 0x5C, 0x44, 0x9B, 0x26,
487 0x05, 0x04, 0x5E, 0x01, 0x00, 0x00, 0x02, 0x00, 0x0E, 0x06, 0x02, 0x9B,
488 0x00, 0x5C, 0x04, 0x6B, 0x00, 0x06, 0x02, 0x66, 0x28, 0x00, 0x00, 0x26,
489 0x87, 0x44, 0x05, 0x03, 0x01, 0x0C, 0x08, 0x44, 0x77, 0x2C, 0xA9, 0x1C,
490 0x82, 0x01, 0x0C, 0x31, 0x00, 0x00, 0x26, 0x1F, 0x01, 0x08, 0x0B, 0x44,
491 0x5A, 0x1F, 0x08, 0x00, 0x01, 0x03, 0x00, 0x75, 0x2E, 0x02, 0x00, 0x36,
492 0x17, 0x01, 0x01, 0x0B, 0x75, 0x3E, 0x29, 0x1A, 0x36, 0x06, 0x07, 0x02,
493 0x00, 0xCC, 0x03, 0x00, 0x04, 0x75, 0x01, 0x00, 0xC3, 0x02, 0x00, 0x26,
494 0x1A, 0x17, 0x06, 0x02, 0x6D, 0x28, 0xCC, 0x04, 0x76, 0x01, 0x01, 0x00,
495 0x75, 0x3E, 0x01, 0x16, 0x85, 0x3E, 0x01, 0x00, 0x88, 0x3C, 0x34, 0xD2,
496 0x29, 0xB2, 0x06, 0x09, 0x01, 0x7F, 0xAD, 0x01, 0x7F, 0xCF, 0x04, 0x80,
497 0x53, 0xAF, 0x77, 0x2C, 0x9F, 0x01, T0_INT1(BR_KEYTYPE_SIGN
), 0x17,
498 0x06, 0x01, 0xB3, 0xB6, 0x26, 0x01, 0x0D, 0x0E, 0x06, 0x07, 0x25, 0xB5,
499 0xB6, 0x01, 0x7F, 0x04, 0x02, 0x01, 0x00, 0x03, 0x00, 0x01, 0x0E, 0x0E,
500 0x05, 0x02, 0x70, 0x28, 0x06, 0x02, 0x65, 0x28, 0x33, 0x06, 0x02, 0x70,
501 0x28, 0x02, 0x00, 0x06, 0x1C, 0xD0, 0x7E, 0x2E, 0x01, 0x81, 0x7F, 0x0E,
502 0x06, 0x0D, 0x25, 0x01, 0x10, 0xDB, 0x01, 0x00, 0xDA, 0x77, 0x2C, 0xA9,
503 0x24, 0x04, 0x04, 0xD3, 0x06, 0x01, 0xD1, 0x04, 0x01, 0xD3, 0x01, 0x7F,
504 0xCF, 0x01, 0x7F, 0xAD, 0x01, 0x01, 0x75, 0x3E, 0x01, 0x17, 0x85, 0x3E,
505 0x00, 0x00, 0x38, 0x38, 0x00, 0x00, 0x98, 0x01, 0x0C, 0x11, 0x01, 0x00,
506 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
507 T0_INT1(BR_KEYTYPE_RSA
| BR_KEYTYPE_KEYX
), 0x04, 0x30, 0x01, 0x01,
508 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
509 T0_INT1(BR_KEYTYPE_RSA
| BR_KEYTYPE_SIGN
), 0x04, 0x25, 0x01, 0x02,
510 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
511 T0_INT1(BR_KEYTYPE_EC
| BR_KEYTYPE_SIGN
), 0x04, 0x1A, 0x01, 0x03,
512 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
513 T0_INT1(BR_KEYTYPE_EC
| BR_KEYTYPE_KEYX
), 0x04, 0x0F, 0x01, 0x04,
514 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
515 T0_INT1(BR_KEYTYPE_EC
| BR_KEYTYPE_KEYX
), 0x04, 0x04, 0x01, 0x00,
516 0x44, 0x25, 0x00, 0x00, 0x80, 0x2E, 0x01, 0x0E, 0x0E, 0x06, 0x04, 0x01,
517 0x00, 0x04, 0x02, 0x01, 0x05, 0x00, 0x00, 0x40, 0x06, 0x04, 0x01, 0x06,
518 0x04, 0x02, 0x01, 0x00, 0x00, 0x00, 0x86, 0x2E, 0x26, 0x06, 0x08, 0x01,
519 0x01, 0x09, 0x01, 0x11, 0x07, 0x04, 0x03, 0x25, 0x01, 0x05, 0x00, 0x01,
520 0x41, 0x03, 0x00, 0x25, 0x01, 0x00, 0x43, 0x06, 0x03, 0x02, 0x00, 0x08,
521 0x42, 0x06, 0x03, 0x02, 0x00, 0x08, 0x26, 0x06, 0x06, 0x01, 0x01, 0x0B,
522 0x01, 0x06, 0x08, 0x00, 0x00, 0x89, 0x3F, 0x26, 0x06, 0x03, 0x01, 0x09,
523 0x08, 0x00, 0x01, 0x40, 0x26, 0x06, 0x1E, 0x01, 0x00, 0x03, 0x00, 0x26,
524 0x06, 0x0E, 0x26, 0x01, 0x01, 0x17, 0x02, 0x00, 0x08, 0x03, 0x00, 0x01,
525 0x01, 0x11, 0x04, 0x6F, 0x25, 0x02, 0x00, 0x01, 0x01, 0x0B, 0x01, 0x06,
526 0x08, 0x00, 0x00, 0x7D, 0x2D, 0x44, 0x11, 0x01, 0x01, 0x17, 0x35, 0x00,
527 0x00, 0x9D, 0xCB, 0x26, 0x01, 0x07, 0x17, 0x01, 0x00, 0x38, 0x0E, 0x06,
528 0x09, 0x25, 0x01, 0x10, 0x17, 0x06, 0x01, 0x9D, 0x04, 0x35, 0x01, 0x01,
529 0x38, 0x0E, 0x06, 0x2C, 0x25, 0x25, 0x01, 0x00, 0x75, 0x3E, 0xB1, 0x86,
530 0x2E, 0x01, 0x01, 0x0E, 0x01, 0x01, 0xA6, 0x37, 0x06, 0x17, 0x29, 0x1A,
531 0x36, 0x06, 0x04, 0xCB, 0x25, 0x04, 0x78, 0x01, 0x80, 0x64, 0xC3, 0x01,
532 0x01, 0x75, 0x3E, 0x01, 0x17, 0x85, 0x3E, 0x04, 0x01, 0x9D, 0x04, 0x03,
533 0x70, 0x28, 0x25, 0x04, 0xFF, 0x34, 0x01, 0x26, 0x03, 0x00, 0x09, 0x26,
534 0x56, 0x06, 0x02, 0x66, 0x28, 0x02, 0x00, 0x00, 0x00, 0x98, 0x01, 0x0F,
535 0x17, 0x00, 0x00, 0x74, 0x2E, 0x01, 0x00, 0x38, 0x0E, 0x06, 0x10, 0x25,
536 0x26, 0x01, 0x01, 0x0D, 0x06, 0x03, 0x25, 0x01, 0x02, 0x74, 0x3E, 0x01,
537 0x00, 0x04, 0x21, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x14, 0x25, 0x01, 0x00,
538 0x74, 0x3E, 0x26, 0x01, 0x80, 0x64, 0x0E, 0x06, 0x05, 0x01, 0x82, 0x00,
539 0x08, 0x28, 0x58, 0x04, 0x07, 0x25, 0x01, 0x82, 0x00, 0x08, 0x28, 0x25,
540 0x00, 0x00, 0x01, 0x00, 0x2F, 0x06, 0x05, 0x3A, 0xAA, 0x37, 0x04, 0x78,
541 0x26, 0x06, 0x04, 0x01, 0x01, 0x8D, 0x3E, 0x00, 0x01, 0xBD, 0xA8, 0xBD,
542 0xA8, 0xBF, 0x82, 0x44, 0x26, 0x03, 0x00, 0xB4, 0x99, 0x99, 0x02, 0x00,
543 0x4B, 0x26, 0x56, 0x06, 0x0A, 0x01, 0x03, 0xA6, 0x06, 0x02, 0x70, 0x28,
544 0x25, 0x04, 0x03, 0x5A, 0x88, 0x3C, 0x00, 0x00, 0x2F, 0x06, 0x0B, 0x84,
545 0x2E, 0x01, 0x14, 0x0D, 0x06, 0x02, 0x70, 0x28, 0x04, 0x11, 0xCB, 0x01,
546 0x07, 0x17, 0x26, 0x01, 0x02, 0x0D, 0x06, 0x06, 0x06, 0x02, 0x70, 0x28,
547 0x04, 0x70, 0x25, 0xC0, 0x01, 0x01, 0x0D, 0x33, 0x37, 0x06, 0x02, 0x5F,
548 0x28, 0x26, 0x01, 0x01, 0xC6, 0x36, 0xB0, 0x00, 0x01, 0xB6, 0x01, 0x0B,
549 0x0E, 0x05, 0x02, 0x70, 0x28, 0x26, 0x01, 0x03, 0x0E, 0x06, 0x08, 0xBE,
550 0x06, 0x02, 0x66, 0x28, 0x44, 0x25, 0x00, 0x44, 0x55, 0xBE, 0xA8, 0x26,
551 0x06, 0x23, 0xBE, 0xA8, 0x26, 0x54, 0x26, 0x06, 0x18, 0x26, 0x01, 0x82,
552 0x00, 0x0F, 0x06, 0x05, 0x01, 0x82, 0x00, 0x04, 0x01, 0x26, 0x03, 0x00,
553 0x82, 0x02, 0x00, 0xB4, 0x02, 0x00, 0x51, 0x04, 0x65, 0x99, 0x52, 0x04,
554 0x5A, 0x99, 0x99, 0x53, 0x26, 0x06, 0x02, 0x35, 0x00, 0x25, 0x2B, 0x00,
555 0x00, 0x77, 0x2C, 0x9F, 0x01, 0x7F, 0xAE, 0x26, 0x56, 0x06, 0x02, 0x35,
556 0x28, 0x26, 0x05, 0x02, 0x70, 0x28, 0x38, 0x17, 0x0D, 0x06, 0x02, 0x72,
557 0x28, 0x3B, 0x00, 0x00, 0x9A, 0xB6, 0x01, 0x14, 0x0D, 0x06, 0x02, 0x70,
558 0x28, 0x82, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0xB4, 0x99, 0x82, 0x26, 0x01,
559 0x0C, 0x08, 0x01, 0x0C, 0x30, 0x05, 0x02, 0x62, 0x28, 0x00, 0x00, 0xB7,
560 0x06, 0x02, 0x70, 0x28, 0x06, 0x02, 0x64, 0x28, 0x00, 0x0A, 0xB6, 0x01,
561 0x02, 0x0E, 0x05, 0x02, 0x70, 0x28, 0xBD, 0x03, 0x00, 0x02, 0x00, 0x93,
562 0x2C, 0x0A, 0x02, 0x00, 0x92, 0x2C, 0x0F, 0x37, 0x06, 0x02, 0x71, 0x28,
563 0x02, 0x00, 0x91, 0x2C, 0x0D, 0x06, 0x02, 0x69, 0x28, 0x02, 0x00, 0x94,
564 0x3C, 0x8A, 0x01, 0x20, 0xB4, 0x01, 0x00, 0x03, 0x01, 0xBF, 0x03, 0x02,
565 0x02, 0x02, 0x01, 0x20, 0x0F, 0x06, 0x02, 0x6E, 0x28, 0x82, 0x02, 0x02,
566 0xB4, 0x02, 0x02, 0x8C, 0x2E, 0x0E, 0x02, 0x02, 0x01, 0x00, 0x0F, 0x17,
567 0x06, 0x0B, 0x8B, 0x82, 0x02, 0x02, 0x30, 0x06, 0x04, 0x01, 0x7F, 0x03,
568 0x01, 0x8B, 0x82, 0x02, 0x02, 0x31, 0x02, 0x02, 0x8C, 0x3E, 0x02, 0x00,
569 0x90, 0x02, 0x01, 0x96, 0xBD, 0x26, 0xC1, 0x56, 0x06, 0x02, 0x60, 0x28,
570 0x77, 0x02, 0x01, 0x96, 0xBF, 0x06, 0x02, 0x61, 0x28, 0x26, 0x06, 0x81,
571 0x47, 0xBD, 0xA8, 0xA4, 0x03, 0x03, 0xA2, 0x03, 0x04, 0xA0, 0x03, 0x05,
572 0xA3, 0x03, 0x06, 0xA5, 0x03, 0x07, 0xA1, 0x03, 0x08, 0x27, 0x03, 0x09,
573 0x26, 0x06, 0x81, 0x18, 0xBD, 0x01, 0x00, 0x38, 0x0E, 0x06, 0x0F, 0x25,
574 0x02, 0x03, 0x05, 0x02, 0x6A, 0x28, 0x01, 0x00, 0x03, 0x03, 0xBC, 0x04,
575 0x80, 0x7F, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x0F, 0x25, 0x02, 0x05, 0x05,
576 0x02, 0x6A, 0x28, 0x01, 0x00, 0x03, 0x05, 0xBA, 0x04, 0x80, 0x6A, 0x01,
577 0x83, 0xFE, 0x01, 0x38, 0x0E, 0x06, 0x0F, 0x25, 0x02, 0x04, 0x05, 0x02,
578 0x6A, 0x28, 0x01, 0x00, 0x03, 0x04, 0xBB, 0x04, 0x80, 0x53, 0x01, 0x0D,
579 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x06, 0x05, 0x02, 0x6A, 0x28, 0x01,
580 0x00, 0x03, 0x06, 0xB8, 0x04, 0x3F, 0x01, 0x0A, 0x38, 0x0E, 0x06, 0x0E,
581 0x25, 0x02, 0x07, 0x05, 0x02, 0x6A, 0x28, 0x01, 0x00, 0x03, 0x07, 0xB8,
582 0x04, 0x2B, 0x01, 0x0B, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x08, 0x05,
583 0x02, 0x6A, 0x28, 0x01, 0x00, 0x03, 0x08, 0xB8, 0x04, 0x17, 0x01, 0x10,
584 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x09, 0x05, 0x02, 0x6A, 0x28, 0x01,
585 0x00, 0x03, 0x09, 0xAC, 0x04, 0x03, 0x6A, 0x28, 0x25, 0x04, 0xFE, 0x64,
586 0x02, 0x04, 0x06, 0x0D, 0x02, 0x04, 0x01, 0x05, 0x0F, 0x06, 0x02, 0x67,
587 0x28, 0x01, 0x01, 0x86, 0x3E, 0x99, 0x04, 0x0C, 0xA2, 0x01, 0x05, 0x0F,
588 0x06, 0x02, 0x67, 0x28, 0x01, 0x01, 0x86, 0x3E, 0x99, 0x02, 0x01, 0x00,
589 0x04, 0xB6, 0x01, 0x0C, 0x0E, 0x05, 0x02, 0x70, 0x28, 0xBF, 0x01, 0x03,
590 0x0E, 0x05, 0x02, 0x6B, 0x28, 0xBD, 0x26, 0x7A, 0x3E, 0x26, 0x01, 0x20,
591 0x10, 0x06, 0x02, 0x6B, 0x28, 0x40, 0x44, 0x11, 0x01, 0x01, 0x17, 0x05,
592 0x02, 0x6B, 0x28, 0xBF, 0x26, 0x01, 0x81, 0x05, 0x0F, 0x06, 0x02, 0x6B,
593 0x28, 0x26, 0x7C, 0x3E, 0x7B, 0x44, 0xB4, 0x90, 0x2C, 0x01, 0x86, 0x03,
594 0x10, 0x03, 0x00, 0x77, 0x2C, 0xC9, 0x03, 0x01, 0x01, 0x02, 0x03, 0x02,
595 0x02, 0x00, 0x06, 0x21, 0xBF, 0x26, 0x26, 0x01, 0x02, 0x0A, 0x44, 0x01,
596 0x06, 0x0F, 0x37, 0x06, 0x02, 0x6B, 0x28, 0x03, 0x02, 0xBF, 0x02, 0x01,
597 0x01, 0x01, 0x0B, 0x01, 0x03, 0x08, 0x0E, 0x05, 0x02, 0x6B, 0x28, 0x04,
598 0x08, 0x02, 0x01, 0x06, 0x04, 0x01, 0x00, 0x03, 0x02, 0xBD, 0x26, 0x03,
599 0x03, 0x26, 0x01, 0x84, 0x00, 0x0F, 0x06, 0x02, 0x6C, 0x28, 0x82, 0x44,
600 0xB4, 0x02, 0x02, 0x02, 0x01, 0x02, 0x03, 0x4E, 0x26, 0x06, 0x01, 0x28,
601 0x25, 0x99, 0x00, 0x02, 0x03, 0x00, 0x03, 0x01, 0x02, 0x00, 0x95, 0x02,
602 0x01, 0x02, 0x00, 0x39, 0x26, 0x01, 0x00, 0x0E, 0x06, 0x02, 0x5E, 0x00,
603 0xCD, 0x04, 0x74, 0x02, 0x01, 0x00, 0x03, 0x00, 0xBF, 0xA8, 0x26, 0x06,
604 0x80, 0x43, 0xBF, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x06, 0x25, 0x01, 0x81,
605 0x7F, 0x04, 0x2E, 0x01, 0x80, 0x40, 0x38, 0x0E, 0x06, 0x07, 0x25, 0x01,
606 0x83, 0xFE, 0x00, 0x04, 0x20, 0x01, 0x80, 0x41, 0x38, 0x0E, 0x06, 0x07,
607 0x25, 0x01, 0x84, 0x80, 0x00, 0x04, 0x12, 0x01, 0x80, 0x42, 0x38, 0x0E,
608 0x06, 0x07, 0x25, 0x01, 0x88, 0x80, 0x00, 0x04, 0x04, 0x01, 0x00, 0x44,
609 0x25, 0x02, 0x00, 0x37, 0x03, 0x00, 0x04, 0xFF, 0x39, 0x99, 0x77, 0x2C,
610 0xC7, 0x05, 0x09, 0x02, 0x00, 0x01, 0x83, 0xFF, 0x7F, 0x17, 0x03, 0x00,
611 0x90, 0x2C, 0x01, 0x86, 0x03, 0x10, 0x06, 0x3A, 0xB9, 0x26, 0x7F, 0x3D,
612 0x41, 0x25, 0x26, 0x01, 0x08, 0x0B, 0x37, 0x01, 0x8C, 0x80, 0x00, 0x37,
613 0x17, 0x02, 0x00, 0x17, 0x02, 0x00, 0x01, 0x8C, 0x80, 0x00, 0x17, 0x06,
614 0x19, 0x26, 0x01, 0x81, 0x7F, 0x17, 0x06, 0x05, 0x01, 0x84, 0x80, 0x00,
615 0x37, 0x26, 0x01, 0x83, 0xFE, 0x00, 0x17, 0x06, 0x05, 0x01, 0x88, 0x80,
616 0x00, 0x37, 0x03, 0x00, 0x04, 0x09, 0x02, 0x00, 0x01, 0x8C, 0x88, 0x01,
617 0x17, 0x03, 0x00, 0x16, 0xBD, 0xA8, 0x26, 0x06, 0x23, 0xBD, 0xA8, 0x26,
618 0x15, 0x26, 0x06, 0x18, 0x26, 0x01, 0x82, 0x00, 0x0F, 0x06, 0x05, 0x01,
619 0x82, 0x00, 0x04, 0x01, 0x26, 0x03, 0x01, 0x82, 0x02, 0x01, 0xB4, 0x02,
620 0x01, 0x12, 0x04, 0x65, 0x99, 0x13, 0x04, 0x5A, 0x99, 0x14, 0x99, 0x02,
621 0x00, 0x2A, 0x00, 0x00, 0xB7, 0x26, 0x58, 0x06, 0x07, 0x25, 0x06, 0x02,
622 0x64, 0x28, 0x04, 0x74, 0x00, 0x00, 0xC0, 0x01, 0x03, 0xBE, 0x44, 0x25,
623 0x44, 0x00, 0x00, 0xBD, 0xC4, 0x00, 0x03, 0x01, 0x00, 0x03, 0x00, 0xBD,
624 0xA8, 0x26, 0x06, 0x80, 0x50, 0xBF, 0x03, 0x01, 0xBF, 0x03, 0x02, 0x02,
625 0x01, 0x01, 0x08, 0x0E, 0x06, 0x16, 0x02, 0x02, 0x01, 0x0F, 0x0C, 0x06,
626 0x0D, 0x01, 0x01, 0x02, 0x02, 0x01, 0x10, 0x08, 0x0B, 0x02, 0x00, 0x37,
627 0x03, 0x00, 0x04, 0x2A, 0x02, 0x01, 0x01, 0x02, 0x10, 0x02, 0x01, 0x01,
628 0x06, 0x0C, 0x17, 0x02, 0x02, 0x01, 0x01, 0x0E, 0x02, 0x02, 0x01, 0x03,
629 0x0E, 0x37, 0x17, 0x06, 0x11, 0x02, 0x00, 0x01, 0x01, 0x02, 0x02, 0x5B,
630 0x01, 0x02, 0x0B, 0x02, 0x01, 0x08, 0x0B, 0x37, 0x03, 0x00, 0x04, 0xFF,
631 0x2C, 0x99, 0x02, 0x00, 0x00, 0x00, 0xBD, 0x01, 0x01, 0x0E, 0x05, 0x02,
632 0x63, 0x28, 0xBF, 0x01, 0x08, 0x08, 0x80, 0x2E, 0x0E, 0x05, 0x02, 0x63,
633 0x28, 0x00, 0x00, 0xBD, 0x86, 0x2E, 0x05, 0x15, 0x01, 0x01, 0x0E, 0x05,
634 0x02, 0x67, 0x28, 0xBF, 0x01, 0x00, 0x0E, 0x05, 0x02, 0x67, 0x28, 0x01,
635 0x02, 0x86, 0x3E, 0x04, 0x1C, 0x01, 0x19, 0x0E, 0x05, 0x02, 0x67, 0x28,
636 0xBF, 0x01, 0x18, 0x0E, 0x05, 0x02, 0x67, 0x28, 0x82, 0x01, 0x18, 0xB4,
637 0x87, 0x82, 0x01, 0x18, 0x30, 0x05, 0x02, 0x67, 0x28, 0x00, 0x00, 0xBD,
638 0x06, 0x02, 0x68, 0x28, 0x00, 0x00, 0x01, 0x02, 0x95, 0xC0, 0x01, 0x08,
639 0x0B, 0xC0, 0x08, 0x00, 0x00, 0x01, 0x03, 0x95, 0xC0, 0x01, 0x08, 0x0B,
640 0xC0, 0x08, 0x01, 0x08, 0x0B, 0xC0, 0x08, 0x00, 0x00, 0x01, 0x01, 0x95,
641 0xC0, 0x00, 0x00, 0x3A, 0x26, 0x56, 0x05, 0x01, 0x00, 0x25, 0xCD, 0x04,
642 0x76, 0x02, 0x03, 0x00, 0x8F, 0x2E, 0x03, 0x01, 0x01, 0x00, 0x26, 0x02,
643 0x01, 0x0A, 0x06, 0x10, 0x26, 0x01, 0x01, 0x0B, 0x8E, 0x08, 0x2C, 0x02,
644 0x00, 0x0E, 0x06, 0x01, 0x00, 0x5A, 0x04, 0x6A, 0x25, 0x01, 0x7F, 0x00,
645 0x00, 0x01, 0x15, 0x85, 0x3E, 0x44, 0x50, 0x25, 0x50, 0x25, 0x29, 0x00,
646 0x00, 0x01, 0x01, 0x44, 0xC2, 0x00, 0x00, 0x44, 0x38, 0x95, 0x44, 0x26,
647 0x06, 0x05, 0xC0, 0x25, 0x5B, 0x04, 0x78, 0x25, 0x00, 0x00, 0x26, 0x01,
648 0x81, 0xAC, 0x00, 0x0E, 0x06, 0x04, 0x25, 0x01, 0x7F, 0x00, 0x98, 0x57,
649 0x00, 0x02, 0x03, 0x00, 0x77, 0x2C, 0x98, 0x03, 0x01, 0x02, 0x01, 0x01,
650 0x0F, 0x17, 0x02, 0x01, 0x01, 0x04, 0x11, 0x01, 0x0F, 0x17, 0x02, 0x01,
651 0x01, 0x08, 0x11, 0x01, 0x0F, 0x17, 0x01, 0x00, 0x38, 0x0E, 0x06, 0x10,
652 0x25, 0x01, 0x00, 0x01, 0x18, 0x02, 0x00, 0x06, 0x03, 0x47, 0x04, 0x01,
653 0x48, 0x04, 0x80, 0x68, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x10, 0x25, 0x01,
654 0x01, 0x01, 0x10, 0x02, 0x00, 0x06, 0x03, 0x47, 0x04, 0x01, 0x48, 0x04,
655 0x80, 0x52, 0x01, 0x02, 0x38, 0x0E, 0x06, 0x0F, 0x25, 0x01, 0x01, 0x01,
656 0x20, 0x02, 0x00, 0x06, 0x03, 0x47, 0x04, 0x01, 0x48, 0x04, 0x3D, 0x01,
657 0x03, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x25, 0x01, 0x10, 0x02, 0x00, 0x06,
658 0x03, 0x45, 0x04, 0x01, 0x46, 0x04, 0x29, 0x01, 0x04, 0x38, 0x0E, 0x06,
659 0x0E, 0x25, 0x25, 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x45, 0x04, 0x01,
660 0x46, 0x04, 0x15, 0x01, 0x05, 0x38, 0x0E, 0x06, 0x0C, 0x25, 0x25, 0x02,
661 0x00, 0x06, 0x03, 0x49, 0x04, 0x01, 0x4A, 0x04, 0x03, 0x66, 0x28, 0x25,
662 0x00, 0x00, 0x98, 0x01, 0x0C, 0x11, 0x01, 0x02, 0x0F, 0x00, 0x00, 0x98,
663 0x01, 0x0C, 0x11, 0x26, 0x59, 0x44, 0x01, 0x03, 0x0A, 0x17, 0x00, 0x00,
664 0x98, 0x01, 0x0C, 0x11, 0x01, 0x01, 0x0E, 0x00, 0x00, 0x98, 0x01, 0x0C,
665 0x11, 0x58, 0x00, 0x00, 0x1B, 0x01, 0x00, 0x73, 0x2E, 0x26, 0x06, 0x22,
666 0x01, 0x01, 0x38, 0x0E, 0x06, 0x06, 0x25, 0x01, 0x00, 0x9C, 0x04, 0x14,
667 0x01, 0x02, 0x38, 0x0E, 0x06, 0x0D, 0x25, 0x75, 0x2E, 0x01, 0x01, 0x0E,
668 0x06, 0x03, 0x01, 0x10, 0x37, 0x04, 0x01, 0x25, 0x04, 0x01, 0x25, 0x79,
669 0x2E, 0x05, 0x33, 0x2F, 0x06, 0x30, 0x84, 0x2E, 0x01, 0x14, 0x38, 0x0E,
670 0x06, 0x06, 0x25, 0x01, 0x02, 0x37, 0x04, 0x22, 0x01, 0x15, 0x38, 0x0E,
671 0x06, 0x09, 0x25, 0xAB, 0x06, 0x03, 0x01, 0x7F, 0x9C, 0x04, 0x13, 0x01,
672 0x16, 0x38, 0x0E, 0x06, 0x06, 0x25, 0x01, 0x01, 0x37, 0x04, 0x07, 0x25,
673 0x01, 0x04, 0x37, 0x01, 0x00, 0x25, 0x1A, 0x06, 0x03, 0x01, 0x08, 0x37,
674 0x00, 0x00, 0x1B, 0x26, 0x05, 0x13, 0x2F, 0x06, 0x10, 0x84, 0x2E, 0x01,
675 0x15, 0x0E, 0x06, 0x08, 0x25, 0xAB, 0x01, 0x00, 0x75, 0x3E, 0x04, 0x01,
676 0x20, 0x00, 0x00, 0xCB, 0x01, 0x07, 0x17, 0x01, 0x01, 0x0F, 0x06, 0x02,
677 0x70, 0x28, 0x00, 0x01, 0x03, 0x00, 0x29, 0x1A, 0x06, 0x05, 0x02, 0x00,
678 0x85, 0x3E, 0x00, 0xCB, 0x25, 0x04, 0x74, 0x00, 0x01, 0x14, 0xCE, 0x01,
679 0x01, 0xDB, 0x29, 0x26, 0x01, 0x00, 0xC6, 0x01, 0x16, 0xCE, 0xD4, 0x29,
680 0x00, 0x00, 0x01, 0x0B, 0xDB, 0x4C, 0x26, 0x26, 0x01, 0x03, 0x08, 0xDA,
681 0xDA, 0x18, 0x26, 0x56, 0x06, 0x02, 0x25, 0x00, 0xDA, 0x1D, 0x26, 0x06,
682 0x05, 0x82, 0x44, 0xD5, 0x04, 0x77, 0x25, 0x04, 0x6C, 0x00, 0x21, 0x01,
683 0x0F, 0xDB, 0x26, 0x90, 0x2C, 0x01, 0x86, 0x03, 0x10, 0x06, 0x0C, 0x01,
684 0x04, 0x08, 0xDA, 0x7E, 0x2E, 0xDB, 0x76, 0x2E, 0xDB, 0x04, 0x02, 0x5C,
685 0xDA, 0x26, 0xD9, 0x82, 0x44, 0xD5, 0x00, 0x02, 0xA2, 0xA4, 0x08, 0xA0,
686 0x08, 0xA3, 0x08, 0xA5, 0x08, 0xA1, 0x08, 0x27, 0x08, 0x03, 0x00, 0x01,
687 0x01, 0xDB, 0x01, 0x27, 0x8C, 0x2E, 0x08, 0x8F, 0x2E, 0x01, 0x01, 0x0B,
688 0x08, 0x02, 0x00, 0x06, 0x04, 0x5C, 0x02, 0x00, 0x08, 0x81, 0x2C, 0x38,
689 0x09, 0x26, 0x59, 0x06, 0x24, 0x02, 0x00, 0x05, 0x04, 0x44, 0x5C, 0x44,
690 0x5D, 0x01, 0x04, 0x09, 0x26, 0x56, 0x06, 0x03, 0x25, 0x01, 0x00, 0x26,
691 0x01, 0x04, 0x08, 0x02, 0x00, 0x08, 0x03, 0x00, 0x44, 0x01, 0x04, 0x08,
692 0x38, 0x08, 0x44, 0x04, 0x03, 0x25, 0x01, 0x7F, 0x03, 0x01, 0xDA, 0x92,
693 0x2C, 0xD9, 0x78, 0x01, 0x04, 0x19, 0x78, 0x01, 0x04, 0x08, 0x01, 0x1C,
694 0x32, 0x78, 0x01, 0x20, 0xD5, 0x8B, 0x8C, 0x2E, 0xD7, 0x8F, 0x2E, 0x26,
695 0x01, 0x01, 0x0B, 0xD9, 0x8E, 0x44, 0x26, 0x06, 0x0F, 0x5B, 0x38, 0x2C,
696 0x26, 0xC5, 0x05, 0x02, 0x60, 0x28, 0xD9, 0x44, 0x5C, 0x44, 0x04, 0x6E,
697 0x5E, 0x01, 0x01, 0xDB, 0x01, 0x00, 0xDB, 0x02, 0x00, 0x06, 0x81, 0x5A,
698 0x02, 0x00, 0xD9, 0xA2, 0x06, 0x0E, 0x01, 0x83, 0xFE, 0x01, 0xD9, 0x87,
699 0xA2, 0x01, 0x04, 0x09, 0x26, 0xD9, 0x5B, 0xD7, 0xA4, 0x06, 0x16, 0x01,
700 0x00, 0xD9, 0x89, 0xA4, 0x01, 0x04, 0x09, 0x26, 0xD9, 0x01, 0x02, 0x09,
701 0x26, 0xD9, 0x01, 0x00, 0xDB, 0x01, 0x03, 0x09, 0xD6, 0xA0, 0x06, 0x0C,
702 0x01, 0x01, 0xD9, 0x01, 0x01, 0xD9, 0x80, 0x2E, 0x01, 0x08, 0x09, 0xDB,
703 0xA3, 0x06, 0x19, 0x01, 0x0D, 0xD9, 0xA3, 0x01, 0x04, 0x09, 0x26, 0xD9,
704 0x01, 0x02, 0x09, 0xD9, 0x42, 0x06, 0x03, 0x01, 0x03, 0xD8, 0x43, 0x06,
705 0x03, 0x01, 0x01, 0xD8, 0xA5, 0x26, 0x06, 0x36, 0x01, 0x0A, 0xD9, 0x01,
706 0x04, 0x09, 0x26, 0xD9, 0x5D, 0xD9, 0x40, 0x01, 0x00, 0x26, 0x01, 0x82,
707 0x80, 0x80, 0x80, 0x00, 0x17, 0x06, 0x0A, 0x01, 0xFD, 0xFF, 0xFF, 0xFF,
708 0x7F, 0x17, 0x01, 0x1D, 0xD9, 0x26, 0x01, 0x20, 0x0A, 0x06, 0x0C, 0x9E,
709 0x11, 0x01, 0x01, 0x17, 0x06, 0x02, 0x26, 0xD9, 0x5A, 0x04, 0x6E, 0x5E,
710 0x04, 0x01, 0x25, 0xA1, 0x06, 0x0A, 0x01, 0x0B, 0xD9, 0x01, 0x02, 0xD9,
711 0x01, 0x82, 0x00, 0xD9, 0x27, 0x26, 0x06, 0x1F, 0x01, 0x10, 0xD9, 0x01,
712 0x04, 0x09, 0x26, 0xD9, 0x5D, 0xD9, 0x83, 0x2C, 0x01, 0x00, 0x9E, 0x0F,
713 0x06, 0x0A, 0x26, 0x1E, 0x26, 0xDB, 0x82, 0x44, 0xD5, 0x5A, 0x04, 0x72,
714 0x5E, 0x04, 0x01, 0x25, 0x02, 0x01, 0x56, 0x05, 0x11, 0x01, 0x15, 0xD9,
715 0x02, 0x01, 0x26, 0xD9, 0x26, 0x06, 0x06, 0x5B, 0x01, 0x00, 0xDB, 0x04,
716 0x77, 0x25, 0x00, 0x00, 0x01, 0x10, 0xDB, 0x77, 0x2C, 0x26, 0xCA, 0x06,
717 0x0C, 0xA9, 0x23, 0x26, 0x5C, 0xDA, 0x26, 0xD9, 0x82, 0x44, 0xD5, 0x04,
718 0x0D, 0x26, 0xC8, 0x44, 0xA9, 0x22, 0x26, 0x5A, 0xDA, 0x26, 0xDB, 0x82,
719 0x44, 0xD5, 0x00, 0x00, 0x9A, 0x01, 0x14, 0xDB, 0x01, 0x0C, 0xDA, 0x82,
720 0x01, 0x0C, 0xD5, 0x00, 0x00, 0x4F, 0x26, 0x01, 0x00, 0x0E, 0x06, 0x02,
721 0x5E, 0x00, 0xCB, 0x25, 0x04, 0x73, 0x00, 0x26, 0xD9, 0xD5, 0x00, 0x00,
722 0x26, 0xDB, 0xD5, 0x00, 0x01, 0x03, 0x00, 0x41, 0x25, 0x26, 0x01, 0x10,
723 0x17, 0x06, 0x06, 0x01, 0x04, 0xDB, 0x02, 0x00, 0xDB, 0x26, 0x01, 0x08,
724 0x17, 0x06, 0x06, 0x01, 0x03, 0xDB, 0x02, 0x00, 0xDB, 0x26, 0x01, 0x20,
725 0x17, 0x06, 0x06, 0x01, 0x05, 0xDB, 0x02, 0x00, 0xDB, 0x26, 0x01, 0x80,
726 0x40, 0x17, 0x06, 0x06, 0x01, 0x06, 0xDB, 0x02, 0x00, 0xDB, 0x01, 0x04,
727 0x17, 0x06, 0x06, 0x01, 0x02, 0xDB, 0x02, 0x00, 0xDB, 0x00, 0x00, 0x26,
728 0x01, 0x08, 0x4D, 0xDB, 0xDB, 0x00, 0x00, 0x26, 0x01, 0x10, 0x4D, 0xDB,
729 0xD9, 0x00, 0x00, 0x26, 0x50, 0x06, 0x02, 0x25, 0x00, 0xCB, 0x25, 0x04,
733 static const uint16_t t0_caddr
[] = {
870 #define T0_INTERPRETED 86
872 #define T0_ENTER(ip, rp, slot) do { \
873 const unsigned char *t0_newip; \
875 t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \
876 t0_lnum = t0_parse7E_unsigned(&t0_newip); \
878 *((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \
882 #define T0_DEFENTRY(name, slot) \
886 t0_context *t0ctx = ctx; \
887 t0ctx->ip = &t0_codeblock[0]; \
888 T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \
891 T0_DEFENTRY(br_ssl_hs_client_init_main
, 167)
893 #define T0_NEXT(t0ipp) (*(*(t0ipp)) ++)
896 br_ssl_hs_client_run(void *t0ctx
)
899 const unsigned char *ip
;
901 #define T0_LOCAL(x) (*(rp - 2 - (x)))
902 #define T0_POP() (*-- dp)
903 #define T0_POPi() (*(int32_t *)(-- dp))
904 #define T0_PEEK(x) (*(dp - 1 - (x)))
905 #define T0_PEEKi(x) (*(int32_t *)(dp - 1 - (x)))
906 #define T0_PUSH(v) do { *dp = (v); dp ++; } while (0)
907 #define T0_PUSHi(v) do { *(int32_t *)dp = (v); dp ++; } while (0)
908 #define T0_RPOP() (*-- rp)
909 #define T0_RPOPi() (*(int32_t *)(-- rp))
910 #define T0_RPUSH(v) do { *rp = (v); rp ++; } while (0)
911 #define T0_RPUSHi(v) do { *(int32_t *)rp = (v); rp ++; } while (0)
912 #define T0_ROLL(x) do { \
913 size_t t0len = (size_t)(x); \
914 uint32_t t0tmp = *(dp - 1 - t0len); \
915 memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \
918 #define T0_SWAP() do { \
919 uint32_t t0tmp = *(dp - 2); \
920 *(dp - 2) = *(dp - 1); \
923 #define T0_ROT() do { \
924 uint32_t t0tmp = *(dp - 3); \
925 *(dp - 3) = *(dp - 2); \
926 *(dp - 2) = *(dp - 1); \
929 #define T0_NROT() do { \
930 uint32_t t0tmp = *(dp - 1); \
931 *(dp - 1) = *(dp - 2); \
932 *(dp - 2) = *(dp - 3); \
935 #define T0_PICK(x) do { \
936 uint32_t t0depth = (x); \
937 T0_PUSH(T0_PEEK(t0depth)); \
939 #define T0_CO() do { \
942 #define T0_RET() goto t0_next
944 dp
= ((t0_context
*)t0ctx
)->dp
;
945 rp
= ((t0_context
*)t0ctx
)->rp
;
946 ip
= ((t0_context
*)t0ctx
)->ip
;
953 if (t0x
< T0_INTERPRETED
) {
965 ip
= &t0_codeblock
[t0x
];
967 case 1: /* literal constant */
968 T0_PUSHi(t0_parse7E_signed(&ip
));
970 case 2: /* read local */
971 T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip
)));
973 case 3: /* write local */
974 T0_LOCAL(t0_parse7E_unsigned(&ip
)) = T0_POP();
977 t0off
= t0_parse7E_signed(&ip
);
980 case 5: /* jump if */
981 t0off
= t0_parse7E_signed(&ip
);
986 case 6: /* jump if not */
987 t0off
= t0_parse7E_signed(&ip
);
995 uint32_t b
= T0_POP();
996 uint32_t a
= T0_POP();
1004 uint32_t b
= T0_POP();
1005 uint32_t a
= T0_POP();
1013 uint32_t b
= T0_POP();
1014 uint32_t a
= T0_POP();
1022 int32_t b
= T0_POPi();
1023 int32_t a
= T0_POPi();
1024 T0_PUSH(-(uint32_t)(a
< b
));
1031 int c
= (int)T0_POPi();
1032 uint32_t x
= T0_POP();
1040 int32_t b
= T0_POPi();
1041 int32_t a
= T0_POPi();
1042 T0_PUSH(-(uint32_t)(a
<= b
));
1049 uint32_t b
= T0_POP();
1050 uint32_t a
= T0_POP();
1051 T0_PUSH(-(uint32_t)(a
!= b
));
1058 uint32_t b
= T0_POP();
1059 uint32_t a
= T0_POP();
1060 T0_PUSH(-(uint32_t)(a
== b
));
1067 int32_t b
= T0_POPi();
1068 int32_t a
= T0_POPi();
1069 T0_PUSH(-(uint32_t)(a
> b
));
1076 int32_t b
= T0_POPi();
1077 int32_t a
= T0_POPi();
1078 T0_PUSH(-(uint32_t)(a
>= b
));
1085 int c
= (int)T0_POPi();
1086 int32_t x
= T0_POPi();
1092 /* anchor-dn-append-name */
1097 if (CTX
->client_auth_vtable
!= NULL
) {
1098 (*CTX
->client_auth_vtable
)->append_name(
1099 CTX
->client_auth_vtable
, ENG
->pad
, len
);
1105 /* anchor-dn-end-name */
1107 if (CTX
->client_auth_vtable
!= NULL
) {
1108 (*CTX
->client_auth_vtable
)->end_name(
1109 CTX
->client_auth_vtable
);
1115 /* anchor-dn-end-name-list */
1117 if (CTX
->client_auth_vtable
!= NULL
) {
1118 (*CTX
->client_auth_vtable
)->end_name_list(
1119 CTX
->client_auth_vtable
);
1125 /* anchor-dn-start-name */
1130 if (CTX
->client_auth_vtable
!= NULL
) {
1131 (*CTX
->client_auth_vtable
)->start_name(
1132 CTX
->client_auth_vtable
, len
);
1138 /* anchor-dn-start-name-list */
1140 if (CTX
->client_auth_vtable
!= NULL
) {
1141 (*CTX
->client_auth_vtable
)->start_name_list(
1142 CTX
->client_auth_vtable
);
1150 uint32_t b
= T0_POP();
1151 uint32_t a
= T0_POP();
1159 if (ENG
->chain_len
== 0) {
1162 ENG
->cert_cur
= ENG
->chain
->data
;
1163 ENG
->cert_len
= ENG
->chain
->data_len
;
1166 T0_PUSH(ENG
->cert_len
);
1174 size_t len
= (size_t)T0_POP();
1175 void *addr
= (unsigned char *)ENG
+ (size_t)T0_POP();
1176 memset(addr
, 0, len
);
1183 T0_PUSHi(-(ENG
->hlen_out
> 0));
1193 /* compute-Finished-inner */
1195 int prf_id
= T0_POP();
1196 int from_client
= T0_POPi();
1197 unsigned char tmp
[48];
1198 br_tls_prf_seed_chunk seed
;
1200 br_tls_prf_impl prf
= br_ssl_engine_get_PRF(ENG
, prf_id
);
1202 if (ENG
->session
.version
>= BR_TLS12
) {
1203 seed
.len
= br_multihash_out(&ENG
->mhash
, prf_id
, tmp
);
1205 br_multihash_out(&ENG
->mhash
, br_md5_ID
, tmp
);
1206 br_multihash_out(&ENG
->mhash
, br_sha1_ID
, tmp
+ 16);
1209 prf(ENG
->pad
, 12, ENG
->session
.master_secret
,
1210 sizeof ENG
->session
.master_secret
,
1211 from_client
? "client finished" : "server finished",
1217 /* copy-cert-chunk */
1221 clen
= ENG
->cert_len
;
1222 if (clen
> sizeof ENG
->pad
) {
1223 clen
= sizeof ENG
->pad
;
1225 memcpy(ENG
->pad
, ENG
->cert_cur
, clen
);
1226 ENG
->cert_cur
+= clen
;
1227 ENG
->cert_len
-= clen
;
1233 /* copy-protocol-name */
1235 size_t idx
= T0_POP();
1236 size_t len
= strlen(ENG
->protocol_names
[idx
]);
1237 memcpy(ENG
->pad
, ENG
->protocol_names
[idx
], len
);
1245 size_t addr
= T0_POP();
1246 T0_PUSH(t0_datablock
[addr
]);
1258 /* do-client-sign */
1262 sig_len
= make_client_sign(CTX
);
1264 br_ssl_engine_fail(ENG
, BR_ERR_INVALID_ALGORITHM
);
1274 unsigned prf_id
= T0_POP();
1275 unsigned ecdhe
= T0_POP();
1278 x
= make_pms_ecdh(CTX
, ecdhe
, prf_id
);
1280 br_ssl_engine_fail(ENG
, -x
);
1289 /* do-rsa-encrypt */
1293 x
= make_pms_rsa(CTX
, T0_POP());
1295 br_ssl_engine_fail(ENG
, -x
);
1304 /* do-static-ecdh */
1306 unsigned prf_id
= T0_POP();
1308 if (make_pms_static_ecdh(CTX
, prf_id
) < 0) {
1309 br_ssl_engine_fail(ENG
, BR_ERR_INVALID_ALGORITHM
);
1322 T0_PUSH(T0_PEEK(0));
1326 /* ext-ALPN-length */
1330 if (ENG
->protocol_names_num
== 0) {
1335 for (u
= 0; u
< ENG
->protocol_names_num
; u
++) {
1336 len
+= 1 + strlen(ENG
->protocol_names
[u
]);
1345 br_ssl_engine_fail(ENG
, (int)T0_POPi());
1353 br_ssl_engine_flush_record(ENG
);
1358 /* get-client-chain */
1360 uint32_t auth_types
;
1362 auth_types
= T0_POP();
1363 if (CTX
->client_auth_vtable
!= NULL
) {
1364 br_ssl_client_certificate ux
;
1366 (*CTX
->client_auth_vtable
)->choose(CTX
->client_auth_vtable
,
1367 CTX
, auth_types
, &ux
);
1368 CTX
->auth_type
= (unsigned char)ux
.auth_type
;
1369 CTX
->hash_id
= (unsigned char)ux
.hash_id
;
1370 ENG
->chain
= ux
.chain
;
1371 ENG
->chain_len
= ux
.chain_len
;
1380 /* get-key-type-usages */
1382 const br_x509_class
*xc
;
1383 const br_x509_pkey
*pk
;
1386 xc
= *(ENG
->x509ctx
);
1387 pk
= xc
->get_pkey(ENG
->x509ctx
, &usages
);
1391 T0_PUSH(pk
->key_type
| usages
);
1399 size_t addr
= (size_t)T0_POP();
1400 T0_PUSH(*(uint16_t *)((unsigned char *)ENG
+ addr
));
1407 size_t addr
= (size_t)T0_POP();
1408 T0_PUSH(*(uint32_t *)((unsigned char *)ENG
+ addr
));
1415 size_t addr
= (size_t)T0_POP();
1416 T0_PUSH(*((unsigned char *)ENG
+ addr
));
1423 T0_PUSHi(-(ENG
->hlen_in
!= 0));
1430 size_t len
= (size_t)T0_POP();
1431 void *addr2
= (unsigned char *)ENG
+ (size_t)T0_POP();
1432 void *addr1
= (unsigned char *)ENG
+ (size_t)T0_POP();
1433 int x
= memcmp(addr1
, addr2
, len
);
1434 T0_PUSH((uint32_t)-(x
== 0));
1441 size_t len
= (size_t)T0_POP();
1442 void *src
= (unsigned char *)ENG
+ (size_t)T0_POP();
1443 void *dst
= (unsigned char *)ENG
+ (size_t)T0_POP();
1444 memcpy(dst
, src
, len
);
1451 size_t len
= (size_t)T0_POP();
1452 void *addr
= (unsigned char *)ENG
+ (size_t)T0_POP();
1453 br_hmac_drbg_generate(&ENG
->rng
, addr
, len
);
1458 /* more-incoming-bytes? */
1460 T0_PUSHi(ENG
->hlen_in
!= 0 || !br_ssl_engine_recvrec_finished(ENG
));
1465 /* multihash-init */
1467 br_multihash_init(&ENG
->mhash
);
1474 uint32_t a
= T0_POP();
1482 uint32_t a
= T0_POP();
1490 uint32_t b
= T0_POP();
1491 uint32_t a
= T0_POP();
1498 T0_PUSH(T0_PEEK(1));
1502 /* read-chunk-native */
1504 size_t clen
= ENG
->hlen_in
;
1510 if ((size_t)len
< clen
) {
1513 memcpy((unsigned char *)ENG
+ addr
, ENG
->hbuf_in
, clen
);
1514 if (ENG
->record_type_in
== BR_SSL_HANDSHAKE
) {
1515 br_multihash_update(&ENG
->mhash
, ENG
->hbuf_in
, clen
);
1517 T0_PUSH(addr
+ (uint32_t)clen
);
1518 T0_PUSH(len
- (uint32_t)clen
);
1519 ENG
->hbuf_in
+= clen
;
1520 ENG
->hlen_in
-= clen
;
1528 if (ENG
->hlen_in
> 0) {
1531 x
= *ENG
->hbuf_in
++;
1532 if (ENG
->record_type_in
== BR_SSL_HANDSHAKE
) {
1533 br_multihash_update(&ENG
->mhash
, &x
, 1);
1544 /* set-server-curve */
1546 const br_x509_class
*xc
;
1547 const br_x509_pkey
*pk
;
1549 xc
= *(ENG
->x509ctx
);
1550 pk
= xc
->get_pkey(ENG
->x509ctx
, NULL
);
1552 (pk
->key_type
== BR_KEYTYPE_EC
) ? pk
->key
.ec
.curve
: 0;
1559 size_t addr
= (size_t)T0_POP();
1560 *(uint16_t *)((unsigned char *)ENG
+ addr
) = (uint16_t)T0_POP();
1567 size_t addr
= (size_t)T0_POP();
1568 *(uint32_t *)((unsigned char *)ENG
+ addr
) = (uint32_t)T0_POP();
1575 size_t addr
= (size_t)T0_POP();
1576 *((unsigned char *)ENG
+ addr
) = (unsigned char)T0_POP();
1583 void *str
= (unsigned char *)ENG
+ (size_t)T0_POP();
1584 T0_PUSH((uint32_t)strlen(str
));
1589 /* supported-curves */
1591 uint32_t x
= ENG
->iec
== NULL
? 0 : ENG
->iec
->supported_curves
;
1597 /* supported-hash-functions */
1604 for (i
= br_sha1_ID
; i
<= br_sha512_ID
; i
++) {
1605 if (br_multihash_getimpl(&ENG
->mhash
, i
)) {
1616 /* supports-ecdsa? */
1618 T0_PUSHi(-(ENG
->iecdsa
!= 0));
1623 /* supports-rsa-sign? */
1625 T0_PUSHi(-(ENG
->irsavrfy
!= 0));
1635 /* switch-aesgcm-in */
1637 int is_client
, prf_id
;
1638 unsigned cipher_key_len
;
1640 cipher_key_len
= T0_POP();
1642 is_client
= T0_POP();
1643 br_ssl_engine_switch_gcm_in(ENG
, is_client
, prf_id
,
1644 ENG
->iaes_ctr
, cipher_key_len
);
1649 /* switch-aesgcm-out */
1651 int is_client
, prf_id
;
1652 unsigned cipher_key_len
;
1654 cipher_key_len
= T0_POP();
1656 is_client
= T0_POP();
1657 br_ssl_engine_switch_gcm_out(ENG
, is_client
, prf_id
,
1658 ENG
->iaes_ctr
, cipher_key_len
);
1665 int is_client
, prf_id
, mac_id
, aes
;
1666 unsigned cipher_key_len
;
1668 cipher_key_len
= T0_POP();
1672 is_client
= T0_POP();
1673 br_ssl_engine_switch_cbc_in(ENG
, is_client
, prf_id
, mac_id
,
1674 aes
? ENG
->iaes_cbcdec
: ENG
->ides_cbcdec
, cipher_key_len
);
1679 /* switch-cbc-out */
1681 int is_client
, prf_id
, mac_id
, aes
;
1682 unsigned cipher_key_len
;
1684 cipher_key_len
= T0_POP();
1688 is_client
= T0_POP();
1689 br_ssl_engine_switch_cbc_out(ENG
, is_client
, prf_id
, mac_id
,
1690 aes
? ENG
->iaes_cbcenc
: ENG
->ides_cbcenc
, cipher_key_len
);
1695 /* switch-chapol-in */
1697 int is_client
, prf_id
;
1700 is_client
= T0_POP();
1701 br_ssl_engine_switch_chapol_in(ENG
, is_client
, prf_id
);
1706 /* switch-chapol-out */
1708 int is_client
, prf_id
;
1711 is_client
= T0_POP();
1712 br_ssl_engine_switch_chapol_out(ENG
, is_client
, prf_id
);
1717 /* test-protocol-name */
1719 size_t len
= T0_POP();
1722 for (u
= 0; u
< ENG
->protocol_names_num
; u
++) {
1725 name
= ENG
->protocol_names
[u
];
1726 if (len
== strlen(name
) && memcmp(ENG
->pad
, name
, len
) == 0) {
1736 /* total-chain-length */
1742 for (u
= 0; u
< ENG
->chain_len
; u
++) {
1743 total
+= 3 + (uint32_t)ENG
->chain
[u
].data_len
;
1752 int c
= (int)T0_POPi();
1753 uint32_t x
= T0_POP();
1759 /* verify-SKE-sig */
1761 size_t sig_len
= T0_POP();
1762 int use_rsa
= T0_POPi();
1763 int hash
= T0_POPi();
1765 T0_PUSH(verify_SKE_sig(CTX
, hash
, use_rsa
, sig_len
));
1770 /* write-blob-chunk */
1772 size_t clen
= ENG
->hlen_out
;
1778 if ((size_t)len
< clen
) {
1781 memcpy(ENG
->hbuf_out
, (unsigned char *)ENG
+ addr
, clen
);
1782 if (ENG
->record_type_out
== BR_SSL_HANDSHAKE
) {
1783 br_multihash_update(&ENG
->mhash
, ENG
->hbuf_out
, clen
);
1785 T0_PUSH(addr
+ (uint32_t)clen
);
1786 T0_PUSH(len
- (uint32_t)clen
);
1787 ENG
->hbuf_out
+= clen
;
1788 ENG
->hlen_out
-= clen
;
1798 x
= (unsigned char)T0_POP();
1799 if (ENG
->hlen_out
> 0) {
1800 if (ENG
->record_type_out
== BR_SSL_HANDSHAKE
) {
1801 br_multihash_update(&ENG
->mhash
, &x
, 1);
1803 *ENG
->hbuf_out
++ = x
;
1815 const br_x509_class
*xc
;
1818 xc
= *(ENG
->x509ctx
);
1820 xc
->append(ENG
->x509ctx
, ENG
->pad
, len
);
1827 const br_x509_class
*xc
;
1829 xc
= *(ENG
->x509ctx
);
1830 xc
->end_cert(ENG
->x509ctx
);
1835 /* x509-end-chain */
1837 const br_x509_class
*xc
;
1839 xc
= *(ENG
->x509ctx
);
1840 T0_PUSH(xc
->end_chain(ENG
->x509ctx
));
1845 /* x509-start-cert */
1847 const br_x509_class
*xc
;
1849 xc
= *(ENG
->x509ctx
);
1850 xc
->start_cert(ENG
->x509ctx
, T0_POP());
1855 /* x509-start-chain */
1857 const br_x509_class
*xc
;
1861 xc
= *(ENG
->x509ctx
);
1862 xc
->start_chain(ENG
->x509ctx
, bc
? ENG
->server_name
: NULL
);
1869 T0_ENTER(ip
, rp
, t0x
);
1873 ((t0_context
*)t0ctx
)->dp
= dp
;
1874 ((t0_context
*)t0ctx
)->rp
= rp
;
1875 ((t0_context
*)t0ctx
)->ip
= ip
;