From b42bd5972f935ffc32019acac6f8a07ae08ae9c2 Mon Sep 17 00:00:00 2001 From: Thomas Pornin Date: Tue, 13 Dec 2016 20:01:19 +0100 Subject: [PATCH 1/1] Added ChaCha20+Poly1305 support (stand-alone, cipher suites). --- Makefile | 19 +- inc/bearssl_block.h | 110 ++++++- inc/bearssl_ssl.h | 189 ++++++++++- samples/client_basic.c | 4 +- samples/server_basic.c | 28 ++ src/inner.h | 18 + src/ssl/ssl_client_full.c | 12 +- src/ssl/ssl_engine.c | 41 +++ src/ssl/ssl_hs_client.c | 470 +++++++++++++------------- src/ssl/ssl_hs_common.t0 | 26 +- src/ssl/ssl_hs_server.c | 579 +++++++++++++++++---------------- src/ssl/ssl_hs_server.t0 | 4 +- src/ssl/ssl_rec_chapol.c | 177 ++++++++++ src/ssl/ssl_rec_gcm.c | 2 +- src/ssl/ssl_server_full_ec.c | 9 + src/ssl/ssl_server_full_rsa.c | 11 +- src/ssl/ssl_server_mine2c.c | 82 +++++ src/ssl/ssl_server_minf2c.c | 85 +++++ src/symcipher/chacha20_ct.c | 106 ++++++ src/symcipher/poly1305_ctmul.c | 260 +++++++++++++++ test/test_crypto.c | 158 +++++++++ test/test_speed.c | 44 +++ tools/brssl.h | 11 +- tools/client.c | 9 + tools/names.c | 12 + tools/server.c | 9 + 26 files changed, 1952 insertions(+), 523 deletions(-) create mode 100644 src/ssl/ssl_rec_chapol.c create mode 100644 src/ssl/ssl_server_mine2c.c create mode 100644 src/ssl/ssl_server_minf2c.c create mode 100644 src/symcipher/chacha20_ct.c create mode 100644 src/symcipher/poly1305_ctmul.c diff --git a/Makefile b/Makefile index 57a0867..0b72db5 100644 --- a/Makefile +++ b/Makefile @@ -54,8 +54,8 @@ OBJINT32 = $(BUILD)/i32_add.o $(BUILD)/i32_bitlen.o $(BUILD)/i32_decmod.o $(BUIL OBJMAC = $(BUILD)/hmac.o $(BUILD)/hmac_ct.o OBJRAND = $(BUILD)/hmac_drbg.o OBJRSA = $(BUILD)/rsa_i31_pkcs1_sign.o $(BUILD)/rsa_i31_pkcs1_vrfy.o $(BUILD)/rsa_i31_priv.o $(BUILD)/rsa_i31_pub.o $(BUILD)/rsa_i32_pkcs1_sign.o $(BUILD)/rsa_i32_pkcs1_vrfy.o $(BUILD)/rsa_i32_priv.o $(BUILD)/rsa_i32_pub.o $(BUILD)/rsa_ssl_decrypt.o -OBJSSL = $(BUILD)/prf.o $(BUILD)/prf_md5sha1.o $(BUILD)/prf_sha256.o $(BUILD)/prf_sha384.o $(BUILD)/ssl_ccert_single_ec.o $(BUILD)/ssl_ccert_single_rsa.o $(BUILD)/ssl_client.o $(BUILD)/ssl_client_full.o $(BUILD)/ssl_engine.o $(BUILD)/ssl_hashes.o $(BUILD)/ssl_hs_client.o $(BUILD)/ssl_hs_server.o $(BUILD)/ssl_io.o $(BUILD)/ssl_lru.o $(BUILD)/ssl_rec_cbc.o $(BUILD)/ssl_rec_gcm.o $(BUILD)/ssl_server.o $(BUILD)/ssl_server_mine2g.o $(BUILD)/ssl_server_minf2g.o $(BUILD)/ssl_server_minr2g.o $(BUILD)/ssl_server_minu2g.o $(BUILD)/ssl_server_minv2g.o $(BUILD)/ssl_server_full_ec.o $(BUILD)/ssl_server_full_rsa.o $(BUILD)/ssl_scert_single_ec.o $(BUILD)/ssl_scert_single_rsa.o -OBJSYMCIPHER = $(BUILD)/aes_big_cbcdec.o $(BUILD)/aes_big_cbcenc.o $(BUILD)/aes_big_ctr.o $(BUILD)/aes_big_dec.o $(BUILD)/aes_big_enc.o $(BUILD)/aes_common.o $(BUILD)/aes_ct.o $(BUILD)/aes_ct64.o $(BUILD)/aes_ct64_cbcdec.o $(BUILD)/aes_ct64_cbcenc.o $(BUILD)/aes_ct64_ctr.o $(BUILD)/aes_ct64_dec.o $(BUILD)/aes_ct64_enc.o $(BUILD)/aes_ct_cbcdec.o $(BUILD)/aes_ct_cbcenc.o $(BUILD)/aes_ct_ctr.o $(BUILD)/aes_ct_dec.o $(BUILD)/aes_ct_enc.o $(BUILD)/aes_small_cbcdec.o $(BUILD)/aes_small_cbcenc.o $(BUILD)/aes_small_ctr.o $(BUILD)/aes_small_dec.o $(BUILD)/aes_small_enc.o $(BUILD)/des_ct.o $(BUILD)/des_ct_cbcdec.o $(BUILD)/des_ct_cbcenc.o $(BUILD)/des_support.o $(BUILD)/des_tab.o $(BUILD)/des_tab_cbcdec.o $(BUILD)/des_tab_cbcenc.o +OBJSSL = $(BUILD)/prf.o $(BUILD)/prf_md5sha1.o $(BUILD)/prf_sha256.o $(BUILD)/prf_sha384.o $(BUILD)/ssl_ccert_single_ec.o $(BUILD)/ssl_ccert_single_rsa.o $(BUILD)/ssl_client.o $(BUILD)/ssl_client_full.o $(BUILD)/ssl_engine.o $(BUILD)/ssl_hashes.o $(BUILD)/ssl_hs_client.o $(BUILD)/ssl_hs_server.o $(BUILD)/ssl_io.o $(BUILD)/ssl_lru.o $(BUILD)/ssl_rec_cbc.o $(BUILD)/ssl_rec_chapol.o $(BUILD)/ssl_rec_gcm.o $(BUILD)/ssl_server.o $(BUILD)/ssl_server_mine2c.o $(BUILD)/ssl_server_mine2g.o $(BUILD)/ssl_server_minf2c.o $(BUILD)/ssl_server_minf2g.o $(BUILD)/ssl_server_minr2g.o $(BUILD)/ssl_server_minu2g.o $(BUILD)/ssl_server_minv2g.o $(BUILD)/ssl_server_full_ec.o $(BUILD)/ssl_server_full_rsa.o $(BUILD)/ssl_scert_single_ec.o $(BUILD)/ssl_scert_single_rsa.o +OBJSYMCIPHER = $(BUILD)/aes_big_cbcdec.o $(BUILD)/aes_big_cbcenc.o $(BUILD)/aes_big_ctr.o $(BUILD)/aes_big_dec.o $(BUILD)/aes_big_enc.o $(BUILD)/aes_common.o $(BUILD)/aes_ct.o $(BUILD)/aes_ct64.o $(BUILD)/aes_ct64_cbcdec.o $(BUILD)/aes_ct64_cbcenc.o $(BUILD)/aes_ct64_ctr.o $(BUILD)/aes_ct64_dec.o $(BUILD)/aes_ct64_enc.o $(BUILD)/aes_ct_cbcdec.o $(BUILD)/aes_ct_cbcenc.o $(BUILD)/aes_ct_ctr.o $(BUILD)/aes_ct_dec.o $(BUILD)/aes_ct_enc.o $(BUILD)/aes_small_cbcdec.o $(BUILD)/aes_small_cbcenc.o $(BUILD)/aes_small_ctr.o $(BUILD)/aes_small_dec.o $(BUILD)/aes_small_enc.o $(BUILD)/chacha20_ct.o $(BUILD)/des_ct.o $(BUILD)/des_ct_cbcdec.o $(BUILD)/des_ct_cbcenc.o $(BUILD)/des_support.o $(BUILD)/des_tab.o $(BUILD)/des_tab_cbcdec.o $(BUILD)/des_tab_cbcenc.o $(BUILD)/poly1305_ctmul.o OBJX509 = $(BUILD)/skey_decoder.o $(BUILD)/x509_decoder.o $(BUILD)/x509_knownkey.o $(BUILD)/x509_minimal.o OBJ = $(OBJCODEC) $(OBJEC) $(OBJHASH) $(OBJINT31) $(OBJINT32) $(OBJMAC) $(OBJRAND) $(OBJRSA) $(OBJSSL) $(OBJSYMCIPHER) $(OBJX509) OBJBRSSL = $(BUILD)/brssl.o $(BUILD)/certs.o $(BUILD)/chain.o $(BUILD)/client.o $(BUILD)/errors.o $(BUILD)/files.o $(BUILD)/keys.o $(BUILD)/names.o $(BUILD)/server.o $(BUILD)/skey.o $(BUILD)/sslio.o $(BUILD)/ta.o $(BUILD)/vector.o $(BUILD)/verify.o $(BUILD)/xmem.o @@ -419,15 +419,24 @@ $(BUILD)/ssl_lru.o: src/ssl/ssl_lru.c $(HEADERS) $(BUILD)/ssl_rec_cbc.o: src/ssl/ssl_rec_cbc.c $(HEADERS) $(CC) $(CFLAGS) -c -o $(BUILD)/ssl_rec_cbc.o src/ssl/ssl_rec_cbc.c +$(BUILD)/ssl_rec_chapol.o: src/ssl/ssl_rec_chapol.c $(HEADERS) + $(CC) $(CFLAGS) -c -o $(BUILD)/ssl_rec_chapol.o src/ssl/ssl_rec_chapol.c + $(BUILD)/ssl_rec_gcm.o: src/ssl/ssl_rec_gcm.c $(HEADERS) $(CC) $(CFLAGS) -c -o $(BUILD)/ssl_rec_gcm.o src/ssl/ssl_rec_gcm.c $(BUILD)/ssl_server.o: src/ssl/ssl_server.c $(HEADERS) $(CC) $(CFLAGS) -c -o $(BUILD)/ssl_server.o src/ssl/ssl_server.c +$(BUILD)/ssl_server_mine2c.o: src/ssl/ssl_server_mine2c.c $(HEADERS) + $(CC) $(CFLAGS) -c -o $(BUILD)/ssl_server_mine2c.o src/ssl/ssl_server_mine2c.c + $(BUILD)/ssl_server_mine2g.o: src/ssl/ssl_server_mine2g.c $(HEADERS) $(CC) $(CFLAGS) -c -o $(BUILD)/ssl_server_mine2g.o src/ssl/ssl_server_mine2g.c +$(BUILD)/ssl_server_minf2c.o: src/ssl/ssl_server_minf2c.c $(HEADERS) + $(CC) $(CFLAGS) -c -o $(BUILD)/ssl_server_minf2c.o src/ssl/ssl_server_minf2c.c + $(BUILD)/ssl_server_minf2g.o: src/ssl/ssl_server_minf2g.c $(HEADERS) $(CC) $(CFLAGS) -c -o $(BUILD)/ssl_server_minf2g.o src/ssl/ssl_server_minf2g.c @@ -521,6 +530,9 @@ $(BUILD)/aes_small_dec.o: src/symcipher/aes_small_dec.c $(HEADERS) $(BUILD)/aes_small_enc.o: src/symcipher/aes_small_enc.c $(HEADERS) $(CC) $(CFLAGS) -c -o $(BUILD)/aes_small_enc.o src/symcipher/aes_small_enc.c +$(BUILD)/chacha20_ct.o: src/symcipher/chacha20_ct.c $(HEADERS) + $(CC) $(CFLAGS) -c -o $(BUILD)/chacha20_ct.o src/symcipher/chacha20_ct.c + $(BUILD)/des_ct.o: src/symcipher/des_ct.c $(HEADERS) $(CC) $(CFLAGS) -c -o $(BUILD)/des_ct.o src/symcipher/des_ct.c @@ -542,6 +554,9 @@ $(BUILD)/des_tab_cbcdec.o: src/symcipher/des_tab_cbcdec.c $(HEADERS) $(BUILD)/des_tab_cbcenc.o: src/symcipher/des_tab_cbcenc.c $(HEADERS) $(CC) $(CFLAGS) -c -o $(BUILD)/des_tab_cbcenc.o src/symcipher/des_tab_cbcenc.c +$(BUILD)/poly1305_ctmul.o: src/symcipher/poly1305_ctmul.c $(HEADERS) + $(CC) $(CFLAGS) -c -o $(BUILD)/poly1305_ctmul.o src/symcipher/poly1305_ctmul.c + $(BUILD)/skey_decoder.o: src/x509/skey_decoder.c $(HEADERS) $(CC) $(CFLAGS) -c -o $(BUILD)/skey_decoder.o src/x509/skey_decoder.c diff --git a/inc/bearssl_block.h b/inc/bearssl_block.h index 38108b7..547f3b2 100644 --- a/inc/bearssl_block.h +++ b/inc/bearssl_block.h @@ -30,9 +30,10 @@ /** \file bearssl_block.h * - * # Block Ciphers + * # Block Ciphers and Symmetric Ciphers * - * This file documents the API for block ciphers. + * This file documents the API for block ciphers and other symmetric + * ciphers. * * * ## Procedural API @@ -227,6 +228,27 @@ * * `des_ct` is an constant-time implementation of DES/3DES. It is * substantially slower than `des_tab`. + * + * ## ChaCha20 and Poly1305 + * + * ChaCha20 is a stream cipher. Poly1305 is a MAC algorithm. They + * are described in [RFC 7539](https://tools.ietf.org/html/rfc7539). + * + * Two function pointer types are defined: + * + * - `br_chacha20_run` describes a function that implements ChaCha20 + * only. + * + * - `br_poly1305_run` describes an implementation of Poly1305, + * in the AEAD combination with ChaCha20 specified in RFC 7539 + * (the ChaCha20 implementation is provided as a function pointer). + * + * `chacha20_ct` is a straightforward implementation of ChaCha20 in + * plain C; it is constant-time, small, and reasonably fast. + * + * `poly1305_ctmul` is an implementation of the ChaCha20+Poly1305 AEAD + * construction, where the Poly1305 part is performed with mixed 32-bit + * multiplications (operands are 32-bit, result is 64-bit). */ /** @@ -1217,4 +1239,88 @@ typedef union { br_des_ct_cbcdec_keys ct; } br_des_gen_cbcdec_keys; +/** + * \brief Type for a ChaCha20 implementation. + * + * An implementation follows the description in RFC 7539: + * + * - Key is 256 bits (`key` points to exactly 32 bytes). + * + * - IV is 96 bits (`iv` points to exactly 12 bytes). + * + * - Block counter is oveer 32 bits and starts at value `cc`; the + * resulting value is returned. + * + * Data (pointed to by `data`, of length `len`) is encrypted/decrypted + * in place. If `len` is not a multiple of 64, then the excess bytes from + * the last block processing are dropped (therefore, "chunked" processing + * works only as long as each non-final chunk has a length multiple of 64). + * + * \param key secret key (32 bytes). + * \param iv IV (12 bytes). + * \param cc initial counter value. + * \param data data to encrypt or decrypt. + * \param len data length (in bytes). + */ +typedef uint32_t (*br_chacha20_run)(const void *key, + const void *iv, uint32_t cc, void *data, size_t len); + +/** + * \brief ChaCha20 implementation (straightforward C code, constant-time). + * + * \see br_chacha20_run + * + * \param key secret key (32 bytes). + * \param iv IV (12 bytes). + * \param cc initial counter value. + * \param data data to encrypt or decrypt. + * \param len data length (in bytes). + */ +uint32_t br_chacha20_ct_run(const void *key, + const void *iv, uint32_t cc, void *data, size_t len); + +/** + * \brief Type for a ChaCha20+Poly1305 AEAD implementation. + * + * The provided data is encrypted or decrypted with ChaCha20. The + * authentication tag is computed on the concatenation of the + * additional data and the ciphertext, with the padding and lengths + * as described in RFC 7539 (section 2.8). + * + * After decryption, the caller is responsible for checking that the + * computed tag matches the expected value. + * + * \param key secret key (32 bytes). + * \param iv nonce (12 bytes). + * \param data data to encrypt or decrypt. + * \param len data length (in bytes). + * \param aad additional authenticated data. + * \param aad_len length of additional authenticated data (in bytes). + * \param tag output buffer for the authentication tag. + * \param ichacha implementation of ChaCha20. + * \param encrypt non-zero for encryption, zero for decryption. + */ +typedef void (*br_poly1305_run)(const void *key, const void *iv, + void *data, size_t len, const void *aad, size_t aad_len, + void *tag, br_chacha20_run ichacha, int encrypt); + +/** + * \brief ChaCha20+Poly1305 AEAD implementation (mixed 32-bit multiplications). + * + * \see br_poly1305_run + * + * \param key secret key (32 bytes). + * \param iv nonce (12 bytes). + * \param data data to encrypt or decrypt. + * \param len data length (in bytes). + * \param aad additional authenticated data. + * \param aad_len length of additional authenticated data (in bytes). + * \param tag output buffer for the authentication tag. + * \param ichacha implementation of ChaCha20. + * \param encrypt non-zero for encryption, zero for decryption. + */ +void br_poly1305_ctmul_run(const void *key, const void *iv, + void *data, size_t len, const void *aad, size_t aad_len, + void *tag, br_chacha20_run ichacha, int encrypt); + #endif diff --git a/inc/bearssl_ssl.h b/inc/bearssl_ssl.h index b038500..9e45514 100644 --- a/inc/bearssl_ssl.h +++ b/inc/bearssl_ssl.h @@ -495,7 +495,7 @@ extern const br_sslrec_out_cbc_class br_sslrec_out_cbc_vtable; * This class type extends the decryption engine class with an * initialisation method that receives the parameters needed * for GCM processing: block cipher implementation, block cipher key, - * GHASH implementtion, and 4-byte IV. + * GHASH implementation, and 4-byte IV. */ typedef struct br_sslrec_in_gcm_class_ br_sslrec_in_gcm_class; struct br_sslrec_in_gcm_class_ { @@ -524,12 +524,12 @@ struct br_sslrec_in_gcm_class_ { }; /** - * \brief Record decryption engine class, for GCM mode. + * \brief Record encryption engine class, for GCM mode. * - * This class type extends the decryption engine class with an + * This class type extends the encryption engine class with an * initialisation method that receives the parameters needed * for GCM processing: block cipher implementation, block cipher key, - * GHASH implementtion, and 4-byte IV. + * GHASH implementation, and 4-byte IV. */ typedef struct br_sslrec_out_gcm_class_ br_sslrec_out_gcm_class; struct br_sslrec_out_gcm_class_ { @@ -596,6 +596,106 @@ extern const br_sslrec_out_gcm_class br_sslrec_out_gcm_vtable; /* ===================================================================== */ +/** + * \brief Record decryption engine class, for ChaCha20+Poly1305. + * + * This class type extends the decryption engine class with an + * initialisation method that receives the parameters needed + * for ChaCha20+Poly1305 processing: ChaCha20 implementation, + * Poly1305 implementation, key, and 12-byte IV. + */ +typedef struct br_sslrec_in_chapol_class_ br_sslrec_in_chapol_class; +struct br_sslrec_in_chapol_class_ { + /** + * \brief Superclass, as first vtable field. + */ + br_sslrec_in_class inner; + + /** + * \brief Engine initialisation method. + * + * This method sets the vtable field in the context. + * + * \param ctx context to initialise. + * \param ichacha ChaCha20 implementation. + * \param ipoly Poly1305 implementation. + * \param key secret key (32 bytes). + * \param iv static IV (12 bytes). + */ + void (*init)(const br_sslrec_in_chapol_class **ctx, + br_chacha20_run ichacha, + br_poly1305_run ipoly, + const void *key, const void *iv); +}; + +/** + * \brief Record encryption engine class, for ChaCha20+Poly1305. + * + * This class type extends the encryption engine class with an + * initialisation method that receives the parameters needed + * for ChaCha20+Poly1305 processing: ChaCha20 implementation, + * Poly1305 implementation, key, and 12-byte IV. + */ +typedef struct br_sslrec_out_chapol_class_ br_sslrec_out_chapol_class; +struct br_sslrec_out_chapol_class_ { + /** + * \brief Superclass, as first vtable field. + */ + br_sslrec_out_class inner; + + /** + * \brief Engine initialisation method. + * + * This method sets the vtable field in the context. + * + * \param ctx context to initialise. + * \param ichacha ChaCha20 implementation. + * \param ipoly Poly1305 implementation. + * \param key secret key (32 bytes). + * \param iv static IV (12 bytes). + */ + void (*init)(const br_sslrec_out_chapol_class **ctx, + br_chacha20_run ichacha, + br_poly1305_run ipoly, + const void *key, const void *iv); +}; + +/** + * \brief Context structure for processing records with ChaCha20+Poly1305. + * + * The same context structure is used for encrypting and decrypting. + * + * The first field points to the vtable. The other fields are opaque + * and shall not be accessed directly. + */ +typedef struct { + /** \brief Pointer to vtable. */ + union { + const void *gen; + const br_sslrec_in_chapol_class *in; + const br_sslrec_out_chapol_class *out; + } vtable; +#ifndef BR_DOXYGEN_IGNORE + uint64_t seq; + unsigned char key[32]; + unsigned char iv[12]; + br_chacha20_run ichacha; + br_poly1305_run ipoly; +#endif +} br_sslrec_chapol_context; + +/** + * \brief Static, constant vtable for record decryption with ChaCha20+Poly1305. + */ +extern const br_sslrec_in_chapol_class br_sslrec_in_chapol_vtable; + +/** + * \brief Static, constant vtable for record encryption with ChaCha20+Poly1305. + */ +extern const br_sslrec_out_chapol_class br_sslrec_out_chapol_vtable; + +/* ===================================================================== */ + /** * \brief Type for session parameters, to be saved for session resumption. */ @@ -708,12 +808,14 @@ typedef struct { const br_sslrec_in_class *vtable; br_sslrec_in_cbc_context cbc; br_sslrec_gcm_context gcm; + br_sslrec_chapol_context chapol; } in; union { const br_sslrec_out_class *vtable; br_sslrec_out_clear_context clear; br_sslrec_out_cbc_context cbc; br_sslrec_gcm_context gcm; + br_sslrec_chapol_context chapol; } out; /* @@ -857,10 +959,14 @@ typedef struct { const br_block_cbcenc_class *ides_cbcenc; const br_block_cbcdec_class *ides_cbcdec; br_ghash ighash; + br_chacha20_run ichacha; + br_poly1305_run ipoly; const br_sslrec_in_cbc_class *icbc_in; const br_sslrec_out_cbc_class *icbc_out; const br_sslrec_in_gcm_class *igcm_in; const br_sslrec_out_gcm_class *igcm_out; + const br_sslrec_in_chapol_class *ichapol_in; + const br_sslrec_out_chapol_class *ichapol_out; const br_ec_impl *iec; br_rsa_pkcs1_vrfy irsavrfy; br_ecdsa_vrfy iecdsa; @@ -1150,6 +1256,32 @@ br_ssl_engine_set_ghash(br_ssl_engine_context *cc, br_ghash impl) cc->ighash = impl; } +/** + * \brief Set the ChaCha20 implementation. + * + * \param cc SSL engine context. + * \param ichacha ChaCha20 implementation (or `NULL`). + */ +static inline void +br_ssl_engine_set_chacha20(br_ssl_engine_context *cc, + br_chacha20_run ichacha) +{ + cc->ichacha = ichacha; +} + +/** + * \brief Set the Poly1305 implementation. + * + * \param cc SSL engine context. + * \param ipoly Poly1305 implementation (or `NULL`). + */ +static inline void +br_ssl_engine_set_poly1305(br_ssl_engine_context *cc, + br_poly1305_run ipoly) +{ + cc->ipoly = ipoly; +} + /** * \brief Set the record encryption and decryption engines for CBC + HMAC. * @@ -1182,6 +1314,23 @@ br_ssl_engine_set_gcm(br_ssl_engine_context *cc, cc->igcm_out = impl_out; } +/** + * \brief Set the record encryption and decryption engines for + * ChaCha20+Poly1305. + * + * \param cc SSL engine context. + * \param impl_in record ChaCha20 decryption implementation (or `NULL`). + * \param impl_out record ChaCha20 encryption implementation (or `NULL`). + */ +static inline void +br_ssl_engine_set_chapol(br_ssl_engine_context *cc, + const br_sslrec_in_chapol_class *impl_in, + const br_sslrec_out_chapol_class *impl_out) +{ + cc->ichapol_in = impl_in; + cc->ichapol_out = impl_out; +} + /** * \brief Set the EC implementation. * @@ -2964,6 +3113,38 @@ void br_ssl_server_init_minv2g(br_ssl_server_context *cc, const br_x509_certificate *chain, size_t chain_len, const br_ec_private_key *sk); +/** + * \brief SSL server profile: mine2c. + * + * This profile uses only TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256. + * Server key is RSA, and ECDHE key exchange is used. This suite + * provides forward security. + * + * \param cc server context to initialise. + * \param chain server certificate chain. + * \param chain_len certificate chain length (number of certificate). + * \param sk RSA private key. + */ +void br_ssl_server_init_mine2c(br_ssl_server_context *cc, + const br_x509_certificate *chain, size_t chain_len, + const br_rsa_private_key *sk); + +/** + * \brief SSL server profile: minf2c. + * + * This profile uses only TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256. + * Server key is EC, and ECDHE key exchange is used. This suite provides + * forward security. + * + * \param cc server context to initialise. + * \param chain server certificate chain. + * \param chain_len certificate chain length (number of certificate). + * \param sk EC private key. + */ +void br_ssl_server_init_minf2c(br_ssl_server_context *cc, + const br_x509_certificate *chain, size_t chain_len, + const br_ec_private_key *sk); + /** * \brief Get the supported client suites. * diff --git a/samples/client_basic.c b/samples/client_basic.c index 1609f43..31a88be 100644 --- a/samples/client_basic.c +++ b/samples/client_basic.c @@ -202,7 +202,7 @@ static const unsigned char TA1_EC_Q[] = { static const br_x509_trust_anchor TAs[2] = { { - (unsigned char *)TA0_DN, sizeof TA0_DN, + { (unsigned char *)TA0_DN, sizeof TA0_DN }, BR_X509_TA_CA, { BR_KEYTYPE_RSA, @@ -213,7 +213,7 @@ static const br_x509_trust_anchor TAs[2] = { } }, { - (unsigned char *)TA1_DN, sizeof TA1_DN, + { (unsigned char *)TA1_DN, sizeof TA1_DN }, BR_X509_TA_CA, { BR_KEYTYPE_EC, diff --git a/samples/server_basic.c b/samples/server_basic.c index 92c7d42..3b4c312 100644 --- a/samples/server_basic.c +++ b/samples/server_basic.c @@ -46,6 +46,22 @@ * * The macros below define which chain is selected. This impacts the list * of supported cipher suites. + * + * Other macros, which can be defined (with a non-zero value): + * + * SERVER_PROFILE_MIN_FS + * Select a "minimal" profile with forward security (ECDHE cipher + * suite). + * + * SERVER_PROFILE_MIN_NOFS + * Select a "minimal" profile without forward security (RSA or ECDH + * cipher suite, but not ECDHE). + * + * SERVER_CHACHA20 + * If SERVER_PROFILE_MIN_FS is selected, then this macro selects + * a cipher suite with ChaCha20+Poly1305; otherwise, AES/GCM is + * used. This macro has no effect otherwise, since there is no + * non-forward secure cipher suite that uses ChaCha20+Poly1305. */ #if !(SERVER_RSA || SERVER_EC || SERVER_MIXED) @@ -322,7 +338,11 @@ main(int argc, char *argv[]) */ #if SERVER_RSA #if SERVER_PROFILE_MIN_FS +#if SERVER_CHACHA20 + br_ssl_server_init_mine2c(&sc, CHAIN, CHAIN_LEN, &SKEY); +#else br_ssl_server_init_mine2g(&sc, CHAIN, CHAIN_LEN, &SKEY); +#endif #elif SERVER_PROFILE_MIN_NOFS br_ssl_server_init_minr2g(&sc, CHAIN, CHAIN_LEN, &SKEY); #else @@ -330,7 +350,11 @@ main(int argc, char *argv[]) #endif #elif SERVER_EC #if SERVER_PROFILE_MIN_FS +#if SERVER_CHACHA20 + br_ssl_server_init_minf2c(&sc, CHAIN, CHAIN_LEN, &SKEY); +#else br_ssl_server_init_minf2g(&sc, CHAIN, CHAIN_LEN, &SKEY); +#endif #elif SERVER_PROFILE_MIN_NOFS br_ssl_server_init_minv2g(&sc, CHAIN, CHAIN_LEN, &SKEY); #else @@ -339,7 +363,11 @@ main(int argc, char *argv[]) #endif #else /* SERVER_MIXED */ #if SERVER_PROFILE_MIN_FS +#if SERVER_CHACHA20 + br_ssl_server_init_minf2c(&sc, CHAIN, CHAIN_LEN, &SKEY); +#else br_ssl_server_init_minf2g(&sc, CHAIN, CHAIN_LEN, &SKEY); +#endif #elif SERVER_PROFILE_MIN_NOFS br_ssl_server_init_minu2g(&sc, CHAIN, CHAIN_LEN, &SKEY); #else diff --git a/src/inner.h b/src/inner.h index 9edaadd..d2cc4c9 100644 --- a/src/inner.h +++ b/src/inner.h @@ -1524,6 +1524,24 @@ void br_ssl_engine_switch_gcm_out(br_ssl_engine_context *cc, int is_client, int prf_id, const br_block_ctr_class *bc_impl, size_t cipher_key_len); +/* + * Switch to ChaCha20+Poly1305 decryption for incoming records. + * cc the engine context + * is_client non-zero for a client, zero for a server + * prf_id id of hash function for PRF + */ +void br_ssl_engine_switch_chapol_in(br_ssl_engine_context *cc, + int is_client, int prf_id); + +/* + * Switch to ChaCha20+Poly1305 encryption for outgoing records. + * cc the engine context + * is_client non-zero for a client, zero for a server + * prf_id id of hash function for PRF + */ +void br_ssl_engine_switch_chapol_out(br_ssl_engine_context *cc, + int is_client, int prf_id); + /* * Calls to T0-generated code. */ diff --git a/src/ssl/ssl_client_full.c b/src/ssl/ssl_client_full.c index 64f9327..7480de8 100644 --- a/src/ssl/ssl_client_full.c +++ b/src/ssl/ssl_client_full.c @@ -36,17 +36,20 @@ br_ssl_client_init_full(br_ssl_client_context *cc, * Rationale for suite order, from most important to least * important rule: * - * -- Don't use 3DES if AES is available. + * -- Don't use 3DES if AES or ChaCha20 is available. * -- Try to have Forward Secrecy (ECDHE suite) if possible. * -- When not using Forward Secrecy, ECDH key exchange is * better than RSA key exchange (slightly more expensive on the * client, but much cheaper on the server, and it implies smaller * messages). + * -- ChaCha20+Poly1305 is better than AES/GCM (faster, smaller code). * -- GCM is better than CBC. * -- AES-128 is preferred over AES-256 (AES-128 is already * strong enough, and AES-256 is 40% more expensive). */ static const uint16_t suites[] = { + BR_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, + BR_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, BR_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, BR_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, BR_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, @@ -181,6 +184,10 @@ br_ssl_client_init_full(br_ssl_client_context *cc, br_ssl_engine_set_des_cbc(&cc->eng, &br_des_ct_cbcenc_vtable, &br_des_ct_cbcdec_vtable); + br_ssl_engine_set_chacha20(&cc->eng, + &br_chacha20_ct_run); + br_ssl_engine_set_poly1305(&cc->eng, + &br_poly1305_ctmul_run); /* * Set the SSL record engines (CBC, GCM). @@ -191,4 +198,7 @@ br_ssl_client_init_full(br_ssl_client_context *cc, br_ssl_engine_set_gcm(&cc->eng, &br_sslrec_in_gcm_vtable, &br_sslrec_out_gcm_vtable); + br_ssl_engine_set_chapol(&cc->eng, + &br_sslrec_in_chapol_vtable, + &br_sslrec_out_chapol_vtable); } diff --git a/src/ssl/ssl_engine.c b/src/ssl/ssl_engine.c index 32bc406..1f095f0 100644 --- a/src/ssl/ssl_engine.c +++ b/src/ssl/ssl_engine.c @@ -1474,3 +1474,44 @@ br_ssl_engine_switch_gcm_out(br_ssl_engine_context *cc, cc->igcm_out->init(&cc->out.gcm.vtable.out, bc_impl, cipher_key, cipher_key_len, cc->ighash, iv); } + +/* see inner.h */ +void +br_ssl_engine_switch_chapol_in(br_ssl_engine_context *cc, + int is_client, int prf_id) +{ + unsigned char kb[88]; + unsigned char *cipher_key, *iv; + + compute_key_block(cc, prf_id, 44, kb); + if (is_client) { + cipher_key = &kb[32]; + iv = &kb[76]; + } else { + cipher_key = &kb[0]; + iv = &kb[64]; + } + cc->ichapol_in->init(&cc->in.chapol.vtable.in, + cc->ichacha, cc->ipoly, cipher_key, iv); + cc->incrypt = 1; +} + +/* see inner.h */ +void +br_ssl_engine_switch_chapol_out(br_ssl_engine_context *cc, + int is_client, int prf_id) +{ + unsigned char kb[88]; + unsigned char *cipher_key, *iv; + + compute_key_block(cc, prf_id, 44, kb); + if (is_client) { + cipher_key = &kb[0]; + iv = &kb[64]; + } else { + cipher_key = &kb[32]; + iv = &kb[76]; + } + cc->ichapol_out->init(&cc->out.chapol.vtable.out, + cc->ichacha, cc->ipoly, cipher_key, iv); +} diff --git a/src/ssl/ssl_hs_client.c b/src/ssl/ssl_hs_client.c index b56a3e3..0901441 100644 --- a/src/ssl/ssl_hs_client.c +++ b/src/ssl/ssl_hs_client.c @@ -499,27 +499,27 @@ static const uint8_t t0_codeblock[] = { T0_INT2(offsetof(br_ssl_engine_context, version_max)), 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_min)), 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_out)), - 0x00, 0x00, 0x09, 0x25, 0x50, 0x06, 0x02, 0x60, 0x26, 0x00, 0x00, 0x06, - 0x08, 0x2A, 0x0E, 0x05, 0x02, 0x69, 0x26, 0x04, 0x01, 0x3A, 0x00, 0x00, - 0x01, 0x01, 0x00, 0x01, 0x03, 0x00, 0x8F, 0x25, 0x56, 0x41, 0x93, 0x25, - 0x05, 0x04, 0x58, 0x01, 0x00, 0x00, 0x02, 0x00, 0x0E, 0x06, 0x02, 0x93, - 0x00, 0x56, 0x04, 0x6B, 0x00, 0x06, 0x02, 0x60, 0x26, 0x00, 0x00, 0x25, - 0x80, 0x41, 0x05, 0x03, 0x01, 0x0C, 0x08, 0x41, 0x71, 0x2A, 0xA1, 0x1C, - 0x7C, 0x01, 0x0C, 0x2F, 0x00, 0x00, 0x25, 0x1E, 0x01, 0x08, 0x0B, 0x41, - 0x54, 0x1E, 0x08, 0x00, 0x01, 0x03, 0x00, 0x01, 0x00, 0x6F, 0x3B, 0x27, - 0x1A, 0x34, 0x06, 0x07, 0x02, 0x00, 0xC3, 0x03, 0x00, 0x04, 0x75, 0x01, - 0x00, 0xBA, 0x02, 0x00, 0x25, 0x1A, 0x17, 0x06, 0x02, 0x67, 0x26, 0xC3, - 0x04, 0x76, 0x01, 0x01, 0x00, 0x6F, 0x3B, 0x01, 0x16, 0x7E, 0x3B, 0x32, - 0xC9, 0x27, 0xA9, 0x06, 0x09, 0x01, 0x7F, 0xA4, 0x01, 0x7F, 0xC6, 0x04, - 0x80, 0x53, 0xA6, 0x71, 0x2A, 0x97, 0x01, T0_INT1(BR_KEYTYPE_SIGN), - 0x17, 0x06, 0x01, 0xAA, 0xAD, 0x25, 0x01, 0x0D, 0x0E, 0x06, 0x07, 0x24, - 0xAC, 0xAD, 0x01, 0x7F, 0x04, 0x02, 0x01, 0x00, 0x03, 0x00, 0x01, 0x0E, - 0x0E, 0x05, 0x02, 0x6A, 0x26, 0x06, 0x02, 0x5F, 0x26, 0x31, 0x06, 0x02, - 0x6A, 0x26, 0x02, 0x00, 0x06, 0x1C, 0xC7, 0x78, 0x2C, 0x01, 0x81, 0x7F, - 0x0E, 0x06, 0x0D, 0x24, 0x01, 0x10, 0xD2, 0x01, 0x00, 0xD1, 0x71, 0x2A, - 0xA1, 0x23, 0x04, 0x04, 0xCA, 0x06, 0x01, 0xC8, 0x04, 0x01, 0xCA, 0x01, - 0x7F, 0xC6, 0x01, 0x7F, 0xA4, 0x01, 0x01, 0x6F, 0x3B, 0x01, 0x17, 0x7E, - 0x3B, 0x00, 0x00, 0x36, 0x36, 0x00, 0x00, 0x90, 0x01, 0x0C, 0x11, 0x01, + 0x00, 0x00, 0x09, 0x25, 0x52, 0x06, 0x02, 0x62, 0x26, 0x00, 0x00, 0x06, + 0x08, 0x2A, 0x0E, 0x05, 0x02, 0x6B, 0x26, 0x04, 0x01, 0x3A, 0x00, 0x00, + 0x01, 0x01, 0x00, 0x01, 0x03, 0x00, 0x91, 0x25, 0x58, 0x41, 0x95, 0x25, + 0x05, 0x04, 0x5A, 0x01, 0x00, 0x00, 0x02, 0x00, 0x0E, 0x06, 0x02, 0x95, + 0x00, 0x58, 0x04, 0x6B, 0x00, 0x06, 0x02, 0x62, 0x26, 0x00, 0x00, 0x25, + 0x82, 0x41, 0x05, 0x03, 0x01, 0x0C, 0x08, 0x41, 0x73, 0x2A, 0xA3, 0x1C, + 0x7E, 0x01, 0x0C, 0x2F, 0x00, 0x00, 0x25, 0x1E, 0x01, 0x08, 0x0B, 0x41, + 0x56, 0x1E, 0x08, 0x00, 0x01, 0x03, 0x00, 0x01, 0x00, 0x71, 0x3B, 0x27, + 0x1A, 0x34, 0x06, 0x07, 0x02, 0x00, 0xC5, 0x03, 0x00, 0x04, 0x75, 0x01, + 0x00, 0xBC, 0x02, 0x00, 0x25, 0x1A, 0x17, 0x06, 0x02, 0x69, 0x26, 0xC5, + 0x04, 0x76, 0x01, 0x01, 0x00, 0x71, 0x3B, 0x01, 0x16, 0x80, 0x3B, 0x32, + 0xCB, 0x27, 0xAB, 0x06, 0x09, 0x01, 0x7F, 0xA6, 0x01, 0x7F, 0xC8, 0x04, + 0x80, 0x53, 0xA8, 0x73, 0x2A, 0x99, 0x01, T0_INT1(BR_KEYTYPE_SIGN), + 0x17, 0x06, 0x01, 0xAC, 0xAF, 0x25, 0x01, 0x0D, 0x0E, 0x06, 0x07, 0x24, + 0xAE, 0xAF, 0x01, 0x7F, 0x04, 0x02, 0x01, 0x00, 0x03, 0x00, 0x01, 0x0E, + 0x0E, 0x05, 0x02, 0x6C, 0x26, 0x06, 0x02, 0x61, 0x26, 0x31, 0x06, 0x02, + 0x6C, 0x26, 0x02, 0x00, 0x06, 0x1C, 0xC9, 0x7A, 0x2C, 0x01, 0x81, 0x7F, + 0x0E, 0x06, 0x0D, 0x24, 0x01, 0x10, 0xD4, 0x01, 0x00, 0xD3, 0x73, 0x2A, + 0xA3, 0x23, 0x04, 0x04, 0xCC, 0x06, 0x01, 0xCA, 0x04, 0x01, 0xCC, 0x01, + 0x7F, 0xC8, 0x01, 0x7F, 0xA6, 0x01, 0x01, 0x71, 0x3B, 0x01, 0x17, 0x80, + 0x3B, 0x00, 0x00, 0x36, 0x36, 0x00, 0x00, 0x92, 0x01, 0x0C, 0x11, 0x01, 0x00, 0x36, 0x0E, 0x06, 0x05, 0x24, 0x01, T0_INT1(BR_KEYTYPE_RSA | BR_KEYTYPE_KEYX), 0x04, 0x30, 0x01, 0x01, 0x36, 0x0E, 0x06, 0x05, 0x24, 0x01, @@ -530,204 +530,206 @@ static const uint8_t t0_codeblock[] = { T0_INT1(BR_KEYTYPE_EC | BR_KEYTYPE_KEYX), 0x04, 0x0F, 0x01, 0x04, 0x36, 0x0E, 0x06, 0x05, 0x24, 0x01, T0_INT1(BR_KEYTYPE_EC | BR_KEYTYPE_KEYX), 0x04, 0x04, 0x01, 0x00, - 0x41, 0x24, 0x00, 0x00, 0x7A, 0x2C, 0x01, 0x0E, 0x0E, 0x06, 0x04, 0x01, + 0x41, 0x24, 0x00, 0x00, 0x7C, 0x2C, 0x01, 0x0E, 0x0E, 0x06, 0x04, 0x01, 0x00, 0x04, 0x02, 0x01, 0x05, 0x00, 0x00, 0x3D, 0x06, 0x04, 0x01, 0x06, - 0x04, 0x02, 0x01, 0x00, 0x00, 0x00, 0x7F, 0x2C, 0x25, 0x06, 0x08, 0x01, + 0x04, 0x02, 0x01, 0x00, 0x00, 0x00, 0x81, 0x2C, 0x25, 0x06, 0x08, 0x01, 0x01, 0x09, 0x01, 0x11, 0x07, 0x04, 0x03, 0x24, 0x01, 0x05, 0x00, 0x01, 0x3E, 0x03, 0x00, 0x24, 0x01, 0x00, 0x40, 0x06, 0x03, 0x02, 0x00, 0x08, 0x3F, 0x06, 0x03, 0x02, 0x00, 0x08, 0x25, 0x06, 0x06, 0x01, 0x01, 0x0B, - 0x01, 0x06, 0x08, 0x00, 0x00, 0x81, 0x3C, 0x25, 0x06, 0x03, 0x01, 0x09, + 0x01, 0x06, 0x08, 0x00, 0x00, 0x83, 0x3C, 0x25, 0x06, 0x03, 0x01, 0x09, 0x08, 0x00, 0x01, 0x3D, 0x25, 0x06, 0x1E, 0x01, 0x00, 0x03, 0x00, 0x25, 0x06, 0x0E, 0x25, 0x01, 0x01, 0x17, 0x02, 0x00, 0x08, 0x03, 0x00, 0x01, 0x01, 0x11, 0x04, 0x6F, 0x24, 0x02, 0x00, 0x01, 0x01, 0x0B, 0x01, 0x06, - 0x08, 0x00, 0x00, 0x77, 0x2B, 0x41, 0x11, 0x01, 0x01, 0x17, 0x33, 0x00, - 0x00, 0x95, 0xC2, 0x25, 0x01, 0x07, 0x17, 0x01, 0x00, 0x36, 0x0E, 0x06, - 0x09, 0x24, 0x01, 0x10, 0x17, 0x06, 0x01, 0x95, 0x04, 0x2D, 0x01, 0x01, - 0x36, 0x0E, 0x06, 0x24, 0x24, 0x24, 0x01, 0x00, 0x6F, 0x3B, 0xA8, 0x7F, - 0x2C, 0x01, 0x01, 0x0E, 0x01, 0x01, 0x9E, 0x35, 0x06, 0x0F, 0x27, 0x1A, - 0x34, 0x06, 0x04, 0xC2, 0x24, 0x04, 0x78, 0x01, 0x80, 0x64, 0xBA, 0x04, - 0x01, 0x95, 0x04, 0x03, 0x6A, 0x26, 0x24, 0x04, 0xFF, 0x3C, 0x01, 0x25, - 0x03, 0x00, 0x09, 0x25, 0x50, 0x06, 0x02, 0x60, 0x26, 0x02, 0x00, 0x00, - 0x00, 0x90, 0x01, 0x0F, 0x17, 0x00, 0x00, 0x6E, 0x2C, 0x01, 0x00, 0x36, + 0x08, 0x00, 0x00, 0x79, 0x2B, 0x41, 0x11, 0x01, 0x01, 0x17, 0x33, 0x00, + 0x00, 0x97, 0xC4, 0x25, 0x01, 0x07, 0x17, 0x01, 0x00, 0x36, 0x0E, 0x06, + 0x09, 0x24, 0x01, 0x10, 0x17, 0x06, 0x01, 0x97, 0x04, 0x2D, 0x01, 0x01, + 0x36, 0x0E, 0x06, 0x24, 0x24, 0x24, 0x01, 0x00, 0x71, 0x3B, 0xAA, 0x81, + 0x2C, 0x01, 0x01, 0x0E, 0x01, 0x01, 0xA0, 0x35, 0x06, 0x0F, 0x27, 0x1A, + 0x34, 0x06, 0x04, 0xC4, 0x24, 0x04, 0x78, 0x01, 0x80, 0x64, 0xBC, 0x04, + 0x01, 0x97, 0x04, 0x03, 0x6C, 0x26, 0x24, 0x04, 0xFF, 0x3C, 0x01, 0x25, + 0x03, 0x00, 0x09, 0x25, 0x52, 0x06, 0x02, 0x62, 0x26, 0x02, 0x00, 0x00, + 0x00, 0x92, 0x01, 0x0F, 0x17, 0x00, 0x00, 0x70, 0x2C, 0x01, 0x00, 0x36, 0x0E, 0x06, 0x10, 0x24, 0x25, 0x01, 0x01, 0x0D, 0x06, 0x03, 0x24, 0x01, - 0x02, 0x6E, 0x3B, 0x01, 0x00, 0x04, 0x22, 0x01, 0x01, 0x36, 0x0E, 0x06, - 0x15, 0x24, 0x01, 0x00, 0x6E, 0x3B, 0x25, 0x01, 0x80, 0x64, 0x0E, 0x06, - 0x05, 0x01, 0x82, 0x00, 0x08, 0x26, 0x52, 0x00, 0x04, 0x07, 0x24, 0x01, + 0x02, 0x70, 0x3B, 0x01, 0x00, 0x04, 0x22, 0x01, 0x01, 0x36, 0x0E, 0x06, + 0x15, 0x24, 0x01, 0x00, 0x70, 0x3B, 0x25, 0x01, 0x80, 0x64, 0x0E, 0x06, + 0x05, 0x01, 0x82, 0x00, 0x08, 0x26, 0x54, 0x00, 0x04, 0x07, 0x24, 0x01, 0x82, 0x00, 0x08, 0x26, 0x24, 0x00, 0x00, 0x01, 0x00, 0x2D, 0x06, 0x05, - 0x38, 0xA2, 0x35, 0x04, 0x78, 0x25, 0x06, 0x04, 0x01, 0x01, 0x85, 0x3B, - 0x00, 0x00, 0x2D, 0x06, 0x0B, 0x7D, 0x2C, 0x01, 0x14, 0x0D, 0x06, 0x02, - 0x6A, 0x26, 0x04, 0x11, 0xC2, 0x01, 0x07, 0x17, 0x25, 0x01, 0x02, 0x0D, - 0x06, 0x06, 0x06, 0x02, 0x6A, 0x26, 0x04, 0x70, 0x24, 0xB7, 0x01, 0x01, - 0x0D, 0x31, 0x35, 0x06, 0x02, 0x59, 0x26, 0x25, 0x01, 0x01, 0xBD, 0x34, - 0xA7, 0x00, 0x01, 0xAD, 0x01, 0x0B, 0x0E, 0x05, 0x02, 0x6A, 0x26, 0x25, - 0x01, 0x03, 0x0E, 0x06, 0x08, 0xB5, 0x06, 0x02, 0x60, 0x26, 0x41, 0x24, - 0x00, 0x41, 0x4F, 0xB5, 0xA0, 0x25, 0x06, 0x23, 0xB5, 0xA0, 0x25, 0x4E, + 0x38, 0xA4, 0x35, 0x04, 0x78, 0x25, 0x06, 0x04, 0x01, 0x01, 0x87, 0x3B, + 0x00, 0x00, 0x2D, 0x06, 0x0B, 0x7F, 0x2C, 0x01, 0x14, 0x0D, 0x06, 0x02, + 0x6C, 0x26, 0x04, 0x11, 0xC4, 0x01, 0x07, 0x17, 0x25, 0x01, 0x02, 0x0D, + 0x06, 0x06, 0x06, 0x02, 0x6C, 0x26, 0x04, 0x70, 0x24, 0xB9, 0x01, 0x01, + 0x0D, 0x31, 0x35, 0x06, 0x02, 0x5B, 0x26, 0x25, 0x01, 0x01, 0xBF, 0x34, + 0xA9, 0x00, 0x01, 0xAF, 0x01, 0x0B, 0x0E, 0x05, 0x02, 0x6C, 0x26, 0x25, + 0x01, 0x03, 0x0E, 0x06, 0x08, 0xB7, 0x06, 0x02, 0x62, 0x26, 0x41, 0x24, + 0x00, 0x41, 0x51, 0xB7, 0xA2, 0x25, 0x06, 0x23, 0xB7, 0xA2, 0x25, 0x50, 0x25, 0x06, 0x18, 0x25, 0x01, 0x82, 0x00, 0x0F, 0x06, 0x05, 0x01, 0x82, - 0x00, 0x04, 0x01, 0x25, 0x03, 0x00, 0x7C, 0x02, 0x00, 0xAB, 0x02, 0x00, - 0x4B, 0x04, 0x65, 0x91, 0x4C, 0x04, 0x5A, 0x91, 0x91, 0x4D, 0x25, 0x06, - 0x02, 0x33, 0x00, 0x24, 0x29, 0x00, 0x00, 0x71, 0x2A, 0x97, 0x01, 0x7F, - 0xA5, 0x25, 0x50, 0x06, 0x02, 0x33, 0x26, 0x25, 0x05, 0x02, 0x6A, 0x26, - 0x36, 0x17, 0x0D, 0x06, 0x02, 0x6C, 0x26, 0x39, 0x00, 0x00, 0x92, 0xAD, - 0x01, 0x14, 0x0D, 0x06, 0x02, 0x6A, 0x26, 0x7C, 0x01, 0x0C, 0x08, 0x01, - 0x0C, 0xAB, 0x91, 0x7C, 0x25, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0x2E, 0x05, - 0x02, 0x5C, 0x26, 0x00, 0x00, 0xAE, 0x06, 0x02, 0x6A, 0x26, 0x06, 0x02, - 0x5E, 0x26, 0x00, 0x09, 0xAD, 0x01, 0x02, 0x0E, 0x05, 0x02, 0x6A, 0x26, - 0xB4, 0x03, 0x00, 0x02, 0x00, 0x8B, 0x2A, 0x0A, 0x02, 0x00, 0x8A, 0x2A, - 0x0F, 0x35, 0x06, 0x02, 0x6B, 0x26, 0x02, 0x00, 0x89, 0x2A, 0x0D, 0x06, - 0x02, 0x63, 0x26, 0x02, 0x00, 0x8C, 0x3A, 0x82, 0x01, 0x20, 0xAB, 0x01, - 0x00, 0x03, 0x01, 0xB6, 0x03, 0x02, 0x02, 0x02, 0x01, 0x20, 0x0F, 0x06, - 0x02, 0x68, 0x26, 0x7C, 0x02, 0x02, 0xAB, 0x02, 0x02, 0x84, 0x2C, 0x0E, - 0x02, 0x02, 0x01, 0x00, 0x0F, 0x17, 0x06, 0x0B, 0x83, 0x7C, 0x02, 0x02, - 0x2E, 0x06, 0x04, 0x01, 0x7F, 0x03, 0x01, 0x83, 0x7C, 0x02, 0x02, 0x2F, - 0x02, 0x02, 0x84, 0x3B, 0x02, 0x00, 0x88, 0x02, 0x01, 0x8E, 0xB4, 0x25, - 0xB8, 0x50, 0x06, 0x02, 0x5A, 0x26, 0x71, 0x02, 0x01, 0x8E, 0xB6, 0x06, - 0x02, 0x5B, 0x26, 0x25, 0x06, 0x81, 0x2D, 0xB4, 0xA0, 0x9C, 0x03, 0x03, - 0x9A, 0x03, 0x04, 0x98, 0x03, 0x05, 0x9B, 0x03, 0x06, 0x9D, 0x03, 0x07, - 0x99, 0x03, 0x08, 0x25, 0x06, 0x81, 0x03, 0xB4, 0x01, 0x00, 0x36, 0x0E, - 0x06, 0x0F, 0x24, 0x02, 0x03, 0x05, 0x02, 0x64, 0x26, 0x01, 0x00, 0x03, - 0x03, 0xB3, 0x04, 0x80, 0x6A, 0x01, 0x01, 0x36, 0x0E, 0x06, 0x0F, 0x24, - 0x02, 0x05, 0x05, 0x02, 0x64, 0x26, 0x01, 0x00, 0x03, 0x05, 0xB1, 0x04, + 0x00, 0x04, 0x01, 0x25, 0x03, 0x00, 0x7E, 0x02, 0x00, 0xAD, 0x02, 0x00, + 0x4D, 0x04, 0x65, 0x93, 0x4E, 0x04, 0x5A, 0x93, 0x93, 0x4F, 0x25, 0x06, + 0x02, 0x33, 0x00, 0x24, 0x29, 0x00, 0x00, 0x73, 0x2A, 0x99, 0x01, 0x7F, + 0xA7, 0x25, 0x52, 0x06, 0x02, 0x33, 0x26, 0x25, 0x05, 0x02, 0x6C, 0x26, + 0x36, 0x17, 0x0D, 0x06, 0x02, 0x6E, 0x26, 0x39, 0x00, 0x00, 0x94, 0xAF, + 0x01, 0x14, 0x0D, 0x06, 0x02, 0x6C, 0x26, 0x7E, 0x01, 0x0C, 0x08, 0x01, + 0x0C, 0xAD, 0x93, 0x7E, 0x25, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0x2E, 0x05, + 0x02, 0x5E, 0x26, 0x00, 0x00, 0xB0, 0x06, 0x02, 0x6C, 0x26, 0x06, 0x02, + 0x60, 0x26, 0x00, 0x09, 0xAF, 0x01, 0x02, 0x0E, 0x05, 0x02, 0x6C, 0x26, + 0xB6, 0x03, 0x00, 0x02, 0x00, 0x8D, 0x2A, 0x0A, 0x02, 0x00, 0x8C, 0x2A, + 0x0F, 0x35, 0x06, 0x02, 0x6D, 0x26, 0x02, 0x00, 0x8B, 0x2A, 0x0D, 0x06, + 0x02, 0x65, 0x26, 0x02, 0x00, 0x8E, 0x3A, 0x84, 0x01, 0x20, 0xAD, 0x01, + 0x00, 0x03, 0x01, 0xB8, 0x03, 0x02, 0x02, 0x02, 0x01, 0x20, 0x0F, 0x06, + 0x02, 0x6A, 0x26, 0x7E, 0x02, 0x02, 0xAD, 0x02, 0x02, 0x86, 0x2C, 0x0E, + 0x02, 0x02, 0x01, 0x00, 0x0F, 0x17, 0x06, 0x0B, 0x85, 0x7E, 0x02, 0x02, + 0x2E, 0x06, 0x04, 0x01, 0x7F, 0x03, 0x01, 0x85, 0x7E, 0x02, 0x02, 0x2F, + 0x02, 0x02, 0x86, 0x3B, 0x02, 0x00, 0x8A, 0x02, 0x01, 0x90, 0xB6, 0x25, + 0xBA, 0x52, 0x06, 0x02, 0x5C, 0x26, 0x73, 0x02, 0x01, 0x90, 0xB8, 0x06, + 0x02, 0x5D, 0x26, 0x25, 0x06, 0x81, 0x2D, 0xB6, 0xA2, 0x9E, 0x03, 0x03, + 0x9C, 0x03, 0x04, 0x9A, 0x03, 0x05, 0x9D, 0x03, 0x06, 0x9F, 0x03, 0x07, + 0x9B, 0x03, 0x08, 0x25, 0x06, 0x81, 0x03, 0xB6, 0x01, 0x00, 0x36, 0x0E, + 0x06, 0x0F, 0x24, 0x02, 0x03, 0x05, 0x02, 0x66, 0x26, 0x01, 0x00, 0x03, + 0x03, 0xB5, 0x04, 0x80, 0x6A, 0x01, 0x01, 0x36, 0x0E, 0x06, 0x0F, 0x24, + 0x02, 0x05, 0x05, 0x02, 0x66, 0x26, 0x01, 0x00, 0x03, 0x05, 0xB3, 0x04, 0x80, 0x55, 0x01, 0x83, 0xFE, 0x01, 0x36, 0x0E, 0x06, 0x0E, 0x24, 0x02, - 0x04, 0x05, 0x02, 0x64, 0x26, 0x01, 0x00, 0x03, 0x04, 0xB2, 0x04, 0x3F, - 0x01, 0x0D, 0x36, 0x0E, 0x06, 0x0E, 0x24, 0x02, 0x06, 0x05, 0x02, 0x64, - 0x26, 0x01, 0x00, 0x03, 0x06, 0xAF, 0x04, 0x2B, 0x01, 0x0A, 0x36, 0x0E, - 0x06, 0x0E, 0x24, 0x02, 0x07, 0x05, 0x02, 0x64, 0x26, 0x01, 0x00, 0x03, - 0x07, 0xAF, 0x04, 0x17, 0x01, 0x0B, 0x36, 0x0E, 0x06, 0x0E, 0x24, 0x02, - 0x08, 0x05, 0x02, 0x64, 0x26, 0x01, 0x00, 0x03, 0x08, 0xAF, 0x04, 0x03, - 0x64, 0x26, 0x24, 0x04, 0xFE, 0x79, 0x02, 0x04, 0x06, 0x0D, 0x02, 0x04, - 0x01, 0x05, 0x0F, 0x06, 0x02, 0x61, 0x26, 0x01, 0x01, 0x7F, 0x3B, 0x91, - 0x91, 0x02, 0x01, 0x00, 0x04, 0xAD, 0x01, 0x0C, 0x0E, 0x05, 0x02, 0x6A, - 0x26, 0xB6, 0x01, 0x03, 0x0E, 0x05, 0x02, 0x65, 0x26, 0xB4, 0x25, 0x74, - 0x3B, 0x25, 0x01, 0x20, 0x10, 0x06, 0x02, 0x65, 0x26, 0x3D, 0x41, 0x11, - 0x01, 0x01, 0x17, 0x05, 0x02, 0x65, 0x26, 0xB6, 0x25, 0x01, 0x81, 0x05, - 0x0F, 0x06, 0x02, 0x65, 0x26, 0x25, 0x76, 0x3B, 0x75, 0x41, 0xAB, 0x88, - 0x2A, 0x01, 0x86, 0x03, 0x10, 0x03, 0x00, 0x71, 0x2A, 0xC0, 0x03, 0x01, - 0x01, 0x02, 0x03, 0x02, 0x02, 0x00, 0x06, 0x21, 0xB6, 0x25, 0x25, 0x01, - 0x02, 0x0A, 0x41, 0x01, 0x06, 0x0F, 0x35, 0x06, 0x02, 0x65, 0x26, 0x03, - 0x02, 0xB6, 0x02, 0x01, 0x01, 0x01, 0x0B, 0x01, 0x03, 0x08, 0x0E, 0x05, - 0x02, 0x65, 0x26, 0x04, 0x08, 0x02, 0x01, 0x06, 0x04, 0x01, 0x00, 0x03, - 0x02, 0xB4, 0x25, 0x03, 0x03, 0x25, 0x01, 0x84, 0x00, 0x0F, 0x06, 0x02, - 0x66, 0x26, 0x7C, 0x41, 0xAB, 0x02, 0x02, 0x02, 0x01, 0x02, 0x03, 0x48, - 0x25, 0x06, 0x01, 0x26, 0x24, 0x91, 0x00, 0x02, 0x03, 0x00, 0x03, 0x01, - 0x02, 0x00, 0x8D, 0x02, 0x01, 0x02, 0x00, 0x37, 0x25, 0x01, 0x00, 0x0E, - 0x06, 0x02, 0x58, 0x00, 0xC4, 0x04, 0x74, 0x02, 0x01, 0x00, 0x03, 0x00, - 0xB6, 0xA0, 0x25, 0x06, 0x80, 0x43, 0xB6, 0x01, 0x01, 0x36, 0x0E, 0x06, + 0x04, 0x05, 0x02, 0x66, 0x26, 0x01, 0x00, 0x03, 0x04, 0xB4, 0x04, 0x3F, + 0x01, 0x0D, 0x36, 0x0E, 0x06, 0x0E, 0x24, 0x02, 0x06, 0x05, 0x02, 0x66, + 0x26, 0x01, 0x00, 0x03, 0x06, 0xB1, 0x04, 0x2B, 0x01, 0x0A, 0x36, 0x0E, + 0x06, 0x0E, 0x24, 0x02, 0x07, 0x05, 0x02, 0x66, 0x26, 0x01, 0x00, 0x03, + 0x07, 0xB1, 0x04, 0x17, 0x01, 0x0B, 0x36, 0x0E, 0x06, 0x0E, 0x24, 0x02, + 0x08, 0x05, 0x02, 0x66, 0x26, 0x01, 0x00, 0x03, 0x08, 0xB1, 0x04, 0x03, + 0x66, 0x26, 0x24, 0x04, 0xFE, 0x79, 0x02, 0x04, 0x06, 0x0D, 0x02, 0x04, + 0x01, 0x05, 0x0F, 0x06, 0x02, 0x63, 0x26, 0x01, 0x01, 0x81, 0x3B, 0x93, + 0x93, 0x02, 0x01, 0x00, 0x04, 0xAF, 0x01, 0x0C, 0x0E, 0x05, 0x02, 0x6C, + 0x26, 0xB8, 0x01, 0x03, 0x0E, 0x05, 0x02, 0x67, 0x26, 0xB6, 0x25, 0x76, + 0x3B, 0x25, 0x01, 0x20, 0x10, 0x06, 0x02, 0x67, 0x26, 0x3D, 0x41, 0x11, + 0x01, 0x01, 0x17, 0x05, 0x02, 0x67, 0x26, 0xB8, 0x25, 0x01, 0x81, 0x05, + 0x0F, 0x06, 0x02, 0x67, 0x26, 0x25, 0x78, 0x3B, 0x77, 0x41, 0xAD, 0x8A, + 0x2A, 0x01, 0x86, 0x03, 0x10, 0x03, 0x00, 0x73, 0x2A, 0xC2, 0x03, 0x01, + 0x01, 0x02, 0x03, 0x02, 0x02, 0x00, 0x06, 0x21, 0xB8, 0x25, 0x25, 0x01, + 0x02, 0x0A, 0x41, 0x01, 0x06, 0x0F, 0x35, 0x06, 0x02, 0x67, 0x26, 0x03, + 0x02, 0xB8, 0x02, 0x01, 0x01, 0x01, 0x0B, 0x01, 0x03, 0x08, 0x0E, 0x05, + 0x02, 0x67, 0x26, 0x04, 0x08, 0x02, 0x01, 0x06, 0x04, 0x01, 0x00, 0x03, + 0x02, 0xB6, 0x25, 0x03, 0x03, 0x25, 0x01, 0x84, 0x00, 0x0F, 0x06, 0x02, + 0x68, 0x26, 0x7E, 0x41, 0xAD, 0x02, 0x02, 0x02, 0x01, 0x02, 0x03, 0x4A, + 0x25, 0x06, 0x01, 0x26, 0x24, 0x93, 0x00, 0x02, 0x03, 0x00, 0x03, 0x01, + 0x02, 0x00, 0x8F, 0x02, 0x01, 0x02, 0x00, 0x37, 0x25, 0x01, 0x00, 0x0E, + 0x06, 0x02, 0x5A, 0x00, 0xC6, 0x04, 0x74, 0x02, 0x01, 0x00, 0x03, 0x00, + 0xB8, 0xA2, 0x25, 0x06, 0x80, 0x43, 0xB8, 0x01, 0x01, 0x36, 0x0E, 0x06, 0x06, 0x24, 0x01, 0x81, 0x7F, 0x04, 0x2E, 0x01, 0x80, 0x40, 0x36, 0x0E, 0x06, 0x07, 0x24, 0x01, 0x83, 0xFE, 0x00, 0x04, 0x20, 0x01, 0x80, 0x41, 0x36, 0x0E, 0x06, 0x07, 0x24, 0x01, 0x84, 0x80, 0x00, 0x04, 0x12, 0x01, 0x80, 0x42, 0x36, 0x0E, 0x06, 0x07, 0x24, 0x01, 0x88, 0x80, 0x00, 0x04, 0x04, 0x01, 0x00, 0x41, 0x24, 0x02, 0x00, 0x35, 0x03, 0x00, 0x04, 0xFF, - 0x39, 0x91, 0x71, 0x2A, 0xBE, 0x05, 0x09, 0x02, 0x00, 0x01, 0x83, 0xFF, - 0x7F, 0x17, 0x03, 0x00, 0x88, 0x2A, 0x01, 0x86, 0x03, 0x10, 0x06, 0x3A, - 0xB0, 0x25, 0x79, 0x3A, 0x3E, 0x24, 0x25, 0x01, 0x08, 0x0B, 0x35, 0x01, + 0x39, 0x93, 0x73, 0x2A, 0xC0, 0x05, 0x09, 0x02, 0x00, 0x01, 0x83, 0xFF, + 0x7F, 0x17, 0x03, 0x00, 0x8A, 0x2A, 0x01, 0x86, 0x03, 0x10, 0x06, 0x3A, + 0xB2, 0x25, 0x7B, 0x3A, 0x3E, 0x24, 0x25, 0x01, 0x08, 0x0B, 0x35, 0x01, 0x8C, 0x80, 0x00, 0x35, 0x17, 0x02, 0x00, 0x17, 0x02, 0x00, 0x01, 0x8C, 0x80, 0x00, 0x17, 0x06, 0x19, 0x25, 0x01, 0x81, 0x7F, 0x17, 0x06, 0x05, 0x01, 0x84, 0x80, 0x00, 0x35, 0x25, 0x01, 0x83, 0xFE, 0x00, 0x17, 0x06, 0x05, 0x01, 0x88, 0x80, 0x00, 0x35, 0x03, 0x00, 0x04, 0x09, 0x02, 0x00, - 0x01, 0x8C, 0x88, 0x01, 0x17, 0x03, 0x00, 0x16, 0xB4, 0xA0, 0x25, 0x06, - 0x23, 0xB4, 0xA0, 0x25, 0x15, 0x25, 0x06, 0x18, 0x25, 0x01, 0x82, 0x00, - 0x0F, 0x06, 0x05, 0x01, 0x82, 0x00, 0x04, 0x01, 0x25, 0x03, 0x01, 0x7C, - 0x02, 0x01, 0xAB, 0x02, 0x01, 0x12, 0x04, 0x65, 0x91, 0x13, 0x04, 0x5A, - 0x91, 0x14, 0x91, 0x02, 0x00, 0x28, 0x00, 0x00, 0xAE, 0x25, 0x52, 0x06, - 0x07, 0x24, 0x06, 0x02, 0x5E, 0x26, 0x04, 0x74, 0x00, 0x00, 0xB7, 0x01, - 0x03, 0xB5, 0x41, 0x24, 0x41, 0x00, 0x00, 0xB4, 0xBB, 0x00, 0x03, 0x01, - 0x00, 0x03, 0x00, 0xB4, 0xA0, 0x25, 0x06, 0x32, 0xB6, 0x03, 0x01, 0xB6, + 0x01, 0x8C, 0x88, 0x01, 0x17, 0x03, 0x00, 0x16, 0xB6, 0xA2, 0x25, 0x06, + 0x23, 0xB6, 0xA2, 0x25, 0x15, 0x25, 0x06, 0x18, 0x25, 0x01, 0x82, 0x00, + 0x0F, 0x06, 0x05, 0x01, 0x82, 0x00, 0x04, 0x01, 0x25, 0x03, 0x01, 0x7E, + 0x02, 0x01, 0xAD, 0x02, 0x01, 0x12, 0x04, 0x65, 0x93, 0x13, 0x04, 0x5A, + 0x93, 0x14, 0x93, 0x02, 0x00, 0x28, 0x00, 0x00, 0xB0, 0x25, 0x54, 0x06, + 0x07, 0x24, 0x06, 0x02, 0x60, 0x26, 0x04, 0x74, 0x00, 0x00, 0xB9, 0x01, + 0x03, 0xB7, 0x41, 0x24, 0x41, 0x00, 0x00, 0xB6, 0xBD, 0x00, 0x03, 0x01, + 0x00, 0x03, 0x00, 0xB6, 0xA2, 0x25, 0x06, 0x32, 0xB8, 0x03, 0x01, 0xB8, 0x03, 0x02, 0x02, 0x01, 0x01, 0x02, 0x10, 0x02, 0x01, 0x01, 0x06, 0x0C, 0x17, 0x02, 0x02, 0x01, 0x01, 0x0E, 0x02, 0x02, 0x01, 0x03, 0x0E, 0x35, - 0x17, 0x06, 0x11, 0x02, 0x00, 0x01, 0x01, 0x02, 0x02, 0x55, 0x01, 0x02, - 0x0B, 0x02, 0x01, 0x08, 0x0B, 0x35, 0x03, 0x00, 0x04, 0x4B, 0x91, 0x02, - 0x00, 0x00, 0x00, 0xB4, 0x01, 0x01, 0x0E, 0x05, 0x02, 0x5D, 0x26, 0xB6, - 0x01, 0x08, 0x08, 0x7A, 0x2C, 0x0E, 0x05, 0x02, 0x5D, 0x26, 0x00, 0x00, - 0xB4, 0x7F, 0x2C, 0x05, 0x15, 0x01, 0x01, 0x0E, 0x05, 0x02, 0x61, 0x26, - 0xB6, 0x01, 0x00, 0x0E, 0x05, 0x02, 0x61, 0x26, 0x01, 0x02, 0x7F, 0x3B, - 0x04, 0x1C, 0x01, 0x19, 0x0E, 0x05, 0x02, 0x61, 0x26, 0xB6, 0x01, 0x18, - 0x0E, 0x05, 0x02, 0x61, 0x26, 0x7C, 0x01, 0x18, 0xAB, 0x80, 0x7C, 0x01, - 0x18, 0x2E, 0x05, 0x02, 0x61, 0x26, 0x00, 0x00, 0xB4, 0x06, 0x02, 0x62, - 0x26, 0x00, 0x00, 0x01, 0x02, 0x8D, 0xB7, 0x01, 0x08, 0x0B, 0xB7, 0x08, - 0x00, 0x00, 0x01, 0x03, 0x8D, 0xB7, 0x01, 0x08, 0x0B, 0xB7, 0x08, 0x01, - 0x08, 0x0B, 0xB7, 0x08, 0x00, 0x00, 0x01, 0x01, 0x8D, 0xB7, 0x00, 0x00, - 0x38, 0x25, 0x50, 0x05, 0x01, 0x00, 0x24, 0xC4, 0x04, 0x76, 0x02, 0x03, - 0x00, 0x87, 0x2C, 0x03, 0x01, 0x01, 0x00, 0x25, 0x02, 0x01, 0x0A, 0x06, - 0x10, 0x25, 0x01, 0x01, 0x0B, 0x86, 0x08, 0x2A, 0x02, 0x00, 0x0E, 0x06, - 0x01, 0x00, 0x54, 0x04, 0x6A, 0x24, 0x01, 0x7F, 0x00, 0x00, 0x01, 0x15, - 0x7E, 0x3B, 0x41, 0x4A, 0x24, 0x4A, 0x24, 0x27, 0x00, 0x00, 0x01, 0x01, - 0x41, 0xB9, 0x00, 0x00, 0x41, 0x36, 0x8D, 0x41, 0x25, 0x06, 0x05, 0xB7, - 0x24, 0x55, 0x04, 0x78, 0x24, 0x00, 0x00, 0x25, 0x01, 0x81, 0xAC, 0x00, - 0x0E, 0x06, 0x04, 0x24, 0x01, 0x7F, 0x00, 0x90, 0x51, 0x00, 0x02, 0x03, - 0x00, 0x71, 0x2A, 0x90, 0x03, 0x01, 0x02, 0x01, 0x01, 0x0F, 0x17, 0x02, + 0x17, 0x06, 0x11, 0x02, 0x00, 0x01, 0x01, 0x02, 0x02, 0x57, 0x01, 0x02, + 0x0B, 0x02, 0x01, 0x08, 0x0B, 0x35, 0x03, 0x00, 0x04, 0x4B, 0x93, 0x02, + 0x00, 0x00, 0x00, 0xB6, 0x01, 0x01, 0x0E, 0x05, 0x02, 0x5F, 0x26, 0xB8, + 0x01, 0x08, 0x08, 0x7C, 0x2C, 0x0E, 0x05, 0x02, 0x5F, 0x26, 0x00, 0x00, + 0xB6, 0x81, 0x2C, 0x05, 0x15, 0x01, 0x01, 0x0E, 0x05, 0x02, 0x63, 0x26, + 0xB8, 0x01, 0x00, 0x0E, 0x05, 0x02, 0x63, 0x26, 0x01, 0x02, 0x81, 0x3B, + 0x04, 0x1C, 0x01, 0x19, 0x0E, 0x05, 0x02, 0x63, 0x26, 0xB8, 0x01, 0x18, + 0x0E, 0x05, 0x02, 0x63, 0x26, 0x7E, 0x01, 0x18, 0xAD, 0x82, 0x7E, 0x01, + 0x18, 0x2E, 0x05, 0x02, 0x63, 0x26, 0x00, 0x00, 0xB6, 0x06, 0x02, 0x64, + 0x26, 0x00, 0x00, 0x01, 0x02, 0x8F, 0xB9, 0x01, 0x08, 0x0B, 0xB9, 0x08, + 0x00, 0x00, 0x01, 0x03, 0x8F, 0xB9, 0x01, 0x08, 0x0B, 0xB9, 0x08, 0x01, + 0x08, 0x0B, 0xB9, 0x08, 0x00, 0x00, 0x01, 0x01, 0x8F, 0xB9, 0x00, 0x00, + 0x38, 0x25, 0x52, 0x05, 0x01, 0x00, 0x24, 0xC6, 0x04, 0x76, 0x02, 0x03, + 0x00, 0x89, 0x2C, 0x03, 0x01, 0x01, 0x00, 0x25, 0x02, 0x01, 0x0A, 0x06, + 0x10, 0x25, 0x01, 0x01, 0x0B, 0x88, 0x08, 0x2A, 0x02, 0x00, 0x0E, 0x06, + 0x01, 0x00, 0x56, 0x04, 0x6A, 0x24, 0x01, 0x7F, 0x00, 0x00, 0x01, 0x15, + 0x80, 0x3B, 0x41, 0x4C, 0x24, 0x4C, 0x24, 0x27, 0x00, 0x00, 0x01, 0x01, + 0x41, 0xBB, 0x00, 0x00, 0x41, 0x36, 0x8F, 0x41, 0x25, 0x06, 0x05, 0xB9, + 0x24, 0x57, 0x04, 0x78, 0x24, 0x00, 0x00, 0x25, 0x01, 0x81, 0xAC, 0x00, + 0x0E, 0x06, 0x04, 0x24, 0x01, 0x7F, 0x00, 0x92, 0x53, 0x00, 0x02, 0x03, + 0x00, 0x73, 0x2A, 0x92, 0x03, 0x01, 0x02, 0x01, 0x01, 0x0F, 0x17, 0x02, 0x01, 0x01, 0x04, 0x11, 0x01, 0x0F, 0x17, 0x02, 0x01, 0x01, 0x08, 0x11, 0x01, 0x0F, 0x17, 0x01, 0x00, 0x36, 0x0E, 0x06, 0x10, 0x24, 0x01, 0x00, 0x01, 0x18, 0x02, 0x00, 0x06, 0x03, 0x44, 0x04, 0x01, 0x45, 0x04, 0x80, - 0x56, 0x01, 0x01, 0x36, 0x0E, 0x06, 0x10, 0x24, 0x01, 0x01, 0x01, 0x10, - 0x02, 0x00, 0x06, 0x03, 0x44, 0x04, 0x01, 0x45, 0x04, 0x80, 0x40, 0x01, + 0x68, 0x01, 0x01, 0x36, 0x0E, 0x06, 0x10, 0x24, 0x01, 0x01, 0x01, 0x10, + 0x02, 0x00, 0x06, 0x03, 0x44, 0x04, 0x01, 0x45, 0x04, 0x80, 0x52, 0x01, 0x02, 0x36, 0x0E, 0x06, 0x0F, 0x24, 0x01, 0x01, 0x01, 0x20, 0x02, 0x00, - 0x06, 0x03, 0x44, 0x04, 0x01, 0x45, 0x04, 0x2B, 0x01, 0x03, 0x36, 0x0E, + 0x06, 0x03, 0x44, 0x04, 0x01, 0x45, 0x04, 0x3D, 0x01, 0x03, 0x36, 0x0E, 0x06, 0x0E, 0x24, 0x24, 0x01, 0x10, 0x02, 0x00, 0x06, 0x03, 0x42, 0x04, - 0x01, 0x43, 0x04, 0x17, 0x01, 0x04, 0x36, 0x0E, 0x06, 0x0E, 0x24, 0x24, - 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x42, 0x04, 0x01, 0x43, 0x04, 0x03, - 0x60, 0x26, 0x24, 0x00, 0x00, 0x90, 0x01, 0x0C, 0x11, 0x01, 0x02, 0x0F, - 0x00, 0x00, 0x90, 0x01, 0x0C, 0x11, 0x25, 0x53, 0x41, 0x01, 0x03, 0x0A, - 0x17, 0x00, 0x00, 0x90, 0x01, 0x0C, 0x11, 0x01, 0x01, 0x0E, 0x00, 0x00, - 0x90, 0x01, 0x0C, 0x11, 0x52, 0x00, 0x00, 0x1B, 0x01, 0x00, 0x6D, 0x2C, - 0x25, 0x06, 0x1F, 0x01, 0x01, 0x36, 0x0E, 0x06, 0x06, 0x24, 0x01, 0x00, - 0x94, 0x04, 0x11, 0x01, 0x02, 0x36, 0x0E, 0x06, 0x0A, 0x24, 0x6F, 0x2C, - 0x06, 0x03, 0x01, 0x10, 0x35, 0x04, 0x01, 0x24, 0x04, 0x01, 0x24, 0x73, - 0x2C, 0x05, 0x33, 0x2D, 0x06, 0x30, 0x7D, 0x2C, 0x01, 0x14, 0x36, 0x0E, - 0x06, 0x06, 0x24, 0x01, 0x02, 0x35, 0x04, 0x22, 0x01, 0x15, 0x36, 0x0E, - 0x06, 0x09, 0x24, 0xA3, 0x06, 0x03, 0x01, 0x7F, 0x94, 0x04, 0x13, 0x01, - 0x16, 0x36, 0x0E, 0x06, 0x06, 0x24, 0x01, 0x01, 0x35, 0x04, 0x07, 0x24, - 0x01, 0x04, 0x35, 0x01, 0x00, 0x24, 0x1A, 0x06, 0x03, 0x01, 0x08, 0x35, - 0x00, 0x00, 0x1B, 0x25, 0x05, 0x0F, 0x2D, 0x06, 0x0C, 0x7D, 0x2C, 0x01, - 0x15, 0x0E, 0x06, 0x04, 0x24, 0xA3, 0x04, 0x01, 0x1F, 0x00, 0x00, 0xC2, - 0x01, 0x07, 0x17, 0x01, 0x01, 0x0F, 0x06, 0x02, 0x6A, 0x26, 0x00, 0x01, - 0x03, 0x00, 0x27, 0x1A, 0x06, 0x05, 0x02, 0x00, 0x7E, 0x3B, 0x00, 0xC2, - 0x24, 0x04, 0x74, 0x00, 0x01, 0x14, 0xC5, 0x01, 0x01, 0xD2, 0x27, 0x25, - 0x01, 0x00, 0xBD, 0x01, 0x16, 0xC5, 0xCB, 0x27, 0x00, 0x00, 0x01, 0x0B, - 0xD2, 0x46, 0x25, 0x25, 0x01, 0x03, 0x08, 0xD1, 0xD1, 0x18, 0x25, 0x50, - 0x06, 0x02, 0x24, 0x00, 0xD1, 0x1D, 0x25, 0x06, 0x05, 0x7C, 0x41, 0xCC, - 0x04, 0x77, 0x24, 0x04, 0x6C, 0x00, 0x20, 0x01, 0x0F, 0xD2, 0x25, 0x88, - 0x2A, 0x01, 0x86, 0x03, 0x10, 0x06, 0x0C, 0x01, 0x04, 0x08, 0xD1, 0x78, - 0x2C, 0xD2, 0x70, 0x2C, 0xD2, 0x04, 0x02, 0x56, 0xD1, 0x25, 0xD0, 0x7C, - 0x41, 0xCC, 0x00, 0x02, 0x9A, 0x9C, 0x08, 0x98, 0x08, 0x9B, 0x08, 0x9D, - 0x08, 0x99, 0x08, 0x03, 0x00, 0x01, 0x01, 0xD2, 0x01, 0x27, 0x84, 0x2C, - 0x08, 0x87, 0x2C, 0x01, 0x01, 0x0B, 0x08, 0x02, 0x00, 0x06, 0x04, 0x56, - 0x02, 0x00, 0x08, 0x7B, 0x2A, 0x36, 0x09, 0x25, 0x53, 0x06, 0x24, 0x02, - 0x00, 0x05, 0x04, 0x41, 0x56, 0x41, 0x57, 0x01, 0x04, 0x09, 0x25, 0x50, - 0x06, 0x03, 0x24, 0x01, 0x00, 0x25, 0x01, 0x04, 0x08, 0x02, 0x00, 0x08, - 0x03, 0x00, 0x41, 0x01, 0x04, 0x08, 0x36, 0x08, 0x41, 0x04, 0x03, 0x24, - 0x01, 0x7F, 0x03, 0x01, 0xD1, 0x8A, 0x2A, 0xD0, 0x72, 0x01, 0x04, 0x19, - 0x72, 0x01, 0x04, 0x08, 0x01, 0x1C, 0x30, 0x72, 0x01, 0x20, 0xCC, 0x83, - 0x84, 0x2C, 0xCE, 0x87, 0x2C, 0x25, 0x01, 0x01, 0x0B, 0xD0, 0x86, 0x41, - 0x25, 0x06, 0x0F, 0x55, 0x36, 0x2A, 0x25, 0xBC, 0x05, 0x02, 0x5A, 0x26, - 0xD0, 0x41, 0x56, 0x41, 0x04, 0x6E, 0x58, 0x01, 0x01, 0xD2, 0x01, 0x00, - 0xD2, 0x02, 0x00, 0x06, 0x81, 0x22, 0x02, 0x00, 0xD0, 0x9A, 0x06, 0x0E, - 0x01, 0x83, 0xFE, 0x01, 0xD0, 0x80, 0x9A, 0x01, 0x04, 0x09, 0x25, 0xD0, - 0x55, 0xCE, 0x9C, 0x06, 0x16, 0x01, 0x00, 0xD0, 0x81, 0x9C, 0x01, 0x04, - 0x09, 0x25, 0xD0, 0x01, 0x02, 0x09, 0x25, 0xD0, 0x01, 0x00, 0xD2, 0x01, - 0x03, 0x09, 0xCD, 0x98, 0x06, 0x0C, 0x01, 0x01, 0xD0, 0x01, 0x01, 0xD0, - 0x7A, 0x2C, 0x01, 0x08, 0x09, 0xD2, 0x9B, 0x06, 0x19, 0x01, 0x0D, 0xD0, - 0x9B, 0x01, 0x04, 0x09, 0x25, 0xD0, 0x01, 0x02, 0x09, 0xD0, 0x3F, 0x06, - 0x03, 0x01, 0x03, 0xCF, 0x40, 0x06, 0x03, 0x01, 0x01, 0xCF, 0x9D, 0x25, - 0x06, 0x22, 0x01, 0x0A, 0xD0, 0x01, 0x04, 0x09, 0x25, 0xD0, 0x57, 0xD0, - 0x3D, 0x01, 0x00, 0x25, 0x01, 0x20, 0x0A, 0x06, 0x0C, 0x96, 0x11, 0x01, - 0x01, 0x17, 0x06, 0x02, 0x25, 0xD0, 0x54, 0x04, 0x6E, 0x58, 0x04, 0x01, - 0x24, 0x99, 0x06, 0x0A, 0x01, 0x0B, 0xD0, 0x01, 0x02, 0xD0, 0x01, 0x82, - 0x00, 0xD0, 0x02, 0x01, 0x50, 0x05, 0x11, 0x01, 0x15, 0xD0, 0x02, 0x01, - 0x25, 0xD0, 0x25, 0x06, 0x06, 0x55, 0x01, 0x00, 0xD2, 0x04, 0x77, 0x24, - 0x00, 0x00, 0x01, 0x10, 0xD2, 0x71, 0x2A, 0x25, 0xC1, 0x06, 0x0C, 0xA1, - 0x22, 0x25, 0x56, 0xD1, 0x25, 0xD0, 0x7C, 0x41, 0xCC, 0x04, 0x0D, 0x25, - 0xBF, 0x41, 0xA1, 0x21, 0x25, 0x54, 0xD1, 0x25, 0xD2, 0x7C, 0x41, 0xCC, - 0x00, 0x00, 0x92, 0x01, 0x14, 0xD2, 0x01, 0x0C, 0xD1, 0x7C, 0x01, 0x0C, - 0xCC, 0x00, 0x00, 0x49, 0x25, 0x01, 0x00, 0x0E, 0x06, 0x02, 0x58, 0x00, - 0xC2, 0x24, 0x04, 0x73, 0x00, 0x25, 0xD0, 0xCC, 0x00, 0x00, 0x25, 0xD2, - 0xCC, 0x00, 0x01, 0x03, 0x00, 0x3E, 0x24, 0x25, 0x01, 0x10, 0x17, 0x06, - 0x06, 0x01, 0x04, 0xD2, 0x02, 0x00, 0xD2, 0x25, 0x01, 0x08, 0x17, 0x06, - 0x06, 0x01, 0x03, 0xD2, 0x02, 0x00, 0xD2, 0x25, 0x01, 0x20, 0x17, 0x06, - 0x06, 0x01, 0x05, 0xD2, 0x02, 0x00, 0xD2, 0x25, 0x01, 0x80, 0x40, 0x17, - 0x06, 0x06, 0x01, 0x06, 0xD2, 0x02, 0x00, 0xD2, 0x01, 0x04, 0x17, 0x06, - 0x06, 0x01, 0x02, 0xD2, 0x02, 0x00, 0xD2, 0x00, 0x00, 0x25, 0x01, 0x08, - 0x47, 0xD2, 0xD2, 0x00, 0x00, 0x25, 0x01, 0x10, 0x47, 0xD2, 0xD0, 0x00, - 0x00, 0x25, 0x4A, 0x06, 0x02, 0x24, 0x00, 0xC2, 0x24, 0x04, 0x76 + 0x01, 0x43, 0x04, 0x29, 0x01, 0x04, 0x36, 0x0E, 0x06, 0x0E, 0x24, 0x24, + 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x42, 0x04, 0x01, 0x43, 0x04, 0x15, + 0x01, 0x05, 0x36, 0x0E, 0x06, 0x0C, 0x24, 0x24, 0x02, 0x00, 0x06, 0x03, + 0x46, 0x04, 0x01, 0x47, 0x04, 0x03, 0x62, 0x26, 0x24, 0x00, 0x00, 0x92, + 0x01, 0x0C, 0x11, 0x01, 0x02, 0x0F, 0x00, 0x00, 0x92, 0x01, 0x0C, 0x11, + 0x25, 0x55, 0x41, 0x01, 0x03, 0x0A, 0x17, 0x00, 0x00, 0x92, 0x01, 0x0C, + 0x11, 0x01, 0x01, 0x0E, 0x00, 0x00, 0x92, 0x01, 0x0C, 0x11, 0x54, 0x00, + 0x00, 0x1B, 0x01, 0x00, 0x6F, 0x2C, 0x25, 0x06, 0x1F, 0x01, 0x01, 0x36, + 0x0E, 0x06, 0x06, 0x24, 0x01, 0x00, 0x96, 0x04, 0x11, 0x01, 0x02, 0x36, + 0x0E, 0x06, 0x0A, 0x24, 0x71, 0x2C, 0x06, 0x03, 0x01, 0x10, 0x35, 0x04, + 0x01, 0x24, 0x04, 0x01, 0x24, 0x75, 0x2C, 0x05, 0x33, 0x2D, 0x06, 0x30, + 0x7F, 0x2C, 0x01, 0x14, 0x36, 0x0E, 0x06, 0x06, 0x24, 0x01, 0x02, 0x35, + 0x04, 0x22, 0x01, 0x15, 0x36, 0x0E, 0x06, 0x09, 0x24, 0xA5, 0x06, 0x03, + 0x01, 0x7F, 0x96, 0x04, 0x13, 0x01, 0x16, 0x36, 0x0E, 0x06, 0x06, 0x24, + 0x01, 0x01, 0x35, 0x04, 0x07, 0x24, 0x01, 0x04, 0x35, 0x01, 0x00, 0x24, + 0x1A, 0x06, 0x03, 0x01, 0x08, 0x35, 0x00, 0x00, 0x1B, 0x25, 0x05, 0x0F, + 0x2D, 0x06, 0x0C, 0x7F, 0x2C, 0x01, 0x15, 0x0E, 0x06, 0x04, 0x24, 0xA5, + 0x04, 0x01, 0x1F, 0x00, 0x00, 0xC4, 0x01, 0x07, 0x17, 0x01, 0x01, 0x0F, + 0x06, 0x02, 0x6C, 0x26, 0x00, 0x01, 0x03, 0x00, 0x27, 0x1A, 0x06, 0x05, + 0x02, 0x00, 0x80, 0x3B, 0x00, 0xC4, 0x24, 0x04, 0x74, 0x00, 0x01, 0x14, + 0xC7, 0x01, 0x01, 0xD4, 0x27, 0x25, 0x01, 0x00, 0xBF, 0x01, 0x16, 0xC7, + 0xCD, 0x27, 0x00, 0x00, 0x01, 0x0B, 0xD4, 0x48, 0x25, 0x25, 0x01, 0x03, + 0x08, 0xD3, 0xD3, 0x18, 0x25, 0x52, 0x06, 0x02, 0x24, 0x00, 0xD3, 0x1D, + 0x25, 0x06, 0x05, 0x7E, 0x41, 0xCE, 0x04, 0x77, 0x24, 0x04, 0x6C, 0x00, + 0x20, 0x01, 0x0F, 0xD4, 0x25, 0x8A, 0x2A, 0x01, 0x86, 0x03, 0x10, 0x06, + 0x0C, 0x01, 0x04, 0x08, 0xD3, 0x7A, 0x2C, 0xD4, 0x72, 0x2C, 0xD4, 0x04, + 0x02, 0x58, 0xD3, 0x25, 0xD2, 0x7E, 0x41, 0xCE, 0x00, 0x02, 0x9C, 0x9E, + 0x08, 0x9A, 0x08, 0x9D, 0x08, 0x9F, 0x08, 0x9B, 0x08, 0x03, 0x00, 0x01, + 0x01, 0xD4, 0x01, 0x27, 0x86, 0x2C, 0x08, 0x89, 0x2C, 0x01, 0x01, 0x0B, + 0x08, 0x02, 0x00, 0x06, 0x04, 0x58, 0x02, 0x00, 0x08, 0x7D, 0x2A, 0x36, + 0x09, 0x25, 0x55, 0x06, 0x24, 0x02, 0x00, 0x05, 0x04, 0x41, 0x58, 0x41, + 0x59, 0x01, 0x04, 0x09, 0x25, 0x52, 0x06, 0x03, 0x24, 0x01, 0x00, 0x25, + 0x01, 0x04, 0x08, 0x02, 0x00, 0x08, 0x03, 0x00, 0x41, 0x01, 0x04, 0x08, + 0x36, 0x08, 0x41, 0x04, 0x03, 0x24, 0x01, 0x7F, 0x03, 0x01, 0xD3, 0x8C, + 0x2A, 0xD2, 0x74, 0x01, 0x04, 0x19, 0x74, 0x01, 0x04, 0x08, 0x01, 0x1C, + 0x30, 0x74, 0x01, 0x20, 0xCE, 0x85, 0x86, 0x2C, 0xD0, 0x89, 0x2C, 0x25, + 0x01, 0x01, 0x0B, 0xD2, 0x88, 0x41, 0x25, 0x06, 0x0F, 0x57, 0x36, 0x2A, + 0x25, 0xBE, 0x05, 0x02, 0x5C, 0x26, 0xD2, 0x41, 0x58, 0x41, 0x04, 0x6E, + 0x5A, 0x01, 0x01, 0xD4, 0x01, 0x00, 0xD4, 0x02, 0x00, 0x06, 0x81, 0x22, + 0x02, 0x00, 0xD2, 0x9C, 0x06, 0x0E, 0x01, 0x83, 0xFE, 0x01, 0xD2, 0x82, + 0x9C, 0x01, 0x04, 0x09, 0x25, 0xD2, 0x57, 0xD0, 0x9E, 0x06, 0x16, 0x01, + 0x00, 0xD2, 0x83, 0x9E, 0x01, 0x04, 0x09, 0x25, 0xD2, 0x01, 0x02, 0x09, + 0x25, 0xD2, 0x01, 0x00, 0xD4, 0x01, 0x03, 0x09, 0xCF, 0x9A, 0x06, 0x0C, + 0x01, 0x01, 0xD2, 0x01, 0x01, 0xD2, 0x7C, 0x2C, 0x01, 0x08, 0x09, 0xD4, + 0x9D, 0x06, 0x19, 0x01, 0x0D, 0xD2, 0x9D, 0x01, 0x04, 0x09, 0x25, 0xD2, + 0x01, 0x02, 0x09, 0xD2, 0x3F, 0x06, 0x03, 0x01, 0x03, 0xD1, 0x40, 0x06, + 0x03, 0x01, 0x01, 0xD1, 0x9F, 0x25, 0x06, 0x22, 0x01, 0x0A, 0xD2, 0x01, + 0x04, 0x09, 0x25, 0xD2, 0x59, 0xD2, 0x3D, 0x01, 0x00, 0x25, 0x01, 0x20, + 0x0A, 0x06, 0x0C, 0x98, 0x11, 0x01, 0x01, 0x17, 0x06, 0x02, 0x25, 0xD2, + 0x56, 0x04, 0x6E, 0x5A, 0x04, 0x01, 0x24, 0x9B, 0x06, 0x0A, 0x01, 0x0B, + 0xD2, 0x01, 0x02, 0xD2, 0x01, 0x82, 0x00, 0xD2, 0x02, 0x01, 0x52, 0x05, + 0x11, 0x01, 0x15, 0xD2, 0x02, 0x01, 0x25, 0xD2, 0x25, 0x06, 0x06, 0x57, + 0x01, 0x00, 0xD4, 0x04, 0x77, 0x24, 0x00, 0x00, 0x01, 0x10, 0xD4, 0x73, + 0x2A, 0x25, 0xC3, 0x06, 0x0C, 0xA3, 0x22, 0x25, 0x58, 0xD3, 0x25, 0xD2, + 0x7E, 0x41, 0xCE, 0x04, 0x0D, 0x25, 0xC1, 0x41, 0xA3, 0x21, 0x25, 0x56, + 0xD3, 0x25, 0xD4, 0x7E, 0x41, 0xCE, 0x00, 0x00, 0x94, 0x01, 0x14, 0xD4, + 0x01, 0x0C, 0xD3, 0x7E, 0x01, 0x0C, 0xCE, 0x00, 0x00, 0x4B, 0x25, 0x01, + 0x00, 0x0E, 0x06, 0x02, 0x5A, 0x00, 0xC4, 0x24, 0x04, 0x73, 0x00, 0x25, + 0xD2, 0xCE, 0x00, 0x00, 0x25, 0xD4, 0xCE, 0x00, 0x01, 0x03, 0x00, 0x3E, + 0x24, 0x25, 0x01, 0x10, 0x17, 0x06, 0x06, 0x01, 0x04, 0xD4, 0x02, 0x00, + 0xD4, 0x25, 0x01, 0x08, 0x17, 0x06, 0x06, 0x01, 0x03, 0xD4, 0x02, 0x00, + 0xD4, 0x25, 0x01, 0x20, 0x17, 0x06, 0x06, 0x01, 0x05, 0xD4, 0x02, 0x00, + 0xD4, 0x25, 0x01, 0x80, 0x40, 0x17, 0x06, 0x06, 0x01, 0x06, 0xD4, 0x02, + 0x00, 0xD4, 0x01, 0x04, 0x17, 0x06, 0x06, 0x01, 0x02, 0xD4, 0x02, 0x00, + 0xD4, 0x00, 0x00, 0x25, 0x01, 0x08, 0x49, 0xD4, 0xD4, 0x00, 0x00, 0x25, + 0x01, 0x10, 0x49, 0xD4, 0xD2, 0x00, 0x00, 0x25, 0x4C, 0x06, 0x02, 0x24, + 0x00, 0xC4, 0x24, 0x04, 0x76 }; static const uint16_t t0_caddr[] = { @@ -841,30 +843,30 @@ static const uint16_t t0_caddr[] = { 2042, 2057, 2073, - 2211, - 2220, - 2233, - 2242, - 2249, - 2352, - 2373, - 2386, - 2402, + 2229, + 2238, + 2251, + 2260, + 2267, + 2370, + 2391, + 2404, 2420, - 2452, - 2486, - 2796, - 2832, - 2845, - 2859, - 2864, - 2869, - 2935, - 2943, - 2951 + 2438, + 2470, + 2504, + 2814, + 2850, + 2863, + 2877, + 2882, + 2887, + 2953, + 2961, + 2969 }; -#define T0_INTERPRETED 80 +#define T0_INTERPRETED 82 #define T0_ENTER(ip, rp, slot) do { \ const unsigned char *t0_newip; \ @@ -885,7 +887,7 @@ name(void *ctx) \ T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \ } -T0_DEFENTRY(br_ssl_hs_client_init_main, 159) +T0_DEFENTRY(br_ssl_hs_client_init_main, 161) #define T0_NEXT(t0ipp) (*(*(t0ipp)) ++) @@ -1653,6 +1655,28 @@ br_ssl_hs_client_run(void *t0ctx) } break; case 70: { + /* switch-chapol-in */ + + int is_client, prf_id; + + prf_id = T0_POP(); + is_client = T0_POP(); + br_ssl_engine_switch_chapol_in(ENG, is_client, prf_id); + + } + break; + case 71: { + /* switch-chapol-out */ + + int is_client, prf_id; + + prf_id = T0_POP(); + is_client = T0_POP(); + br_ssl_engine_switch_chapol_out(ENG, is_client, prf_id); + + } + break; + case 72: { /* total-chain-length */ size_t u; @@ -1666,7 +1690,7 @@ br_ssl_hs_client_run(void *t0ctx) } break; - case 71: { + case 73: { /* u>> */ int c = (int)T0_POPi(); @@ -1675,7 +1699,7 @@ br_ssl_hs_client_run(void *t0ctx) } break; - case 72: { + case 74: { /* verify-SKE-sig */ size_t sig_len = T0_POP(); @@ -1686,7 +1710,7 @@ br_ssl_hs_client_run(void *t0ctx) } break; - case 73: { + case 75: { /* write-blob-chunk */ size_t clen = ENG->hlen_out; @@ -1710,7 +1734,7 @@ br_ssl_hs_client_run(void *t0ctx) } break; - case 74: { + case 76: { /* write8-native */ unsigned char x; @@ -1729,7 +1753,7 @@ br_ssl_hs_client_run(void *t0ctx) } break; - case 75: { + case 77: { /* x509-append */ const br_x509_class *xc; @@ -1741,7 +1765,7 @@ br_ssl_hs_client_run(void *t0ctx) } break; - case 76: { + case 78: { /* x509-end-cert */ const br_x509_class *xc; @@ -1751,7 +1775,7 @@ br_ssl_hs_client_run(void *t0ctx) } break; - case 77: { + case 79: { /* x509-end-chain */ const br_x509_class *xc; @@ -1761,7 +1785,7 @@ br_ssl_hs_client_run(void *t0ctx) } break; - case 78: { + case 80: { /* x509-start-cert */ const br_x509_class *xc; @@ -1771,7 +1795,7 @@ br_ssl_hs_client_run(void *t0ctx) } break; - case 79: { + case 81: { /* x509-start-chain */ const br_x509_class *xc; diff --git a/src/ssl/ssl_hs_common.t0 b/src/ssl/ssl_hs_common.t0 index da6fc8a..bbd37ac 100644 --- a/src/ssl/ssl_hs_common.t0 +++ b/src/ssl/ssl_hs_common.t0 @@ -903,8 +903,14 @@ hexb| 0000 | \ List terminator. then endof - \ ChaCha20/Poly1305 - \ 5 of endof + \ ChaCha20+Poly1305 + 5 of drop + for-input if + switch-chapol-in + else + switch-chapol-out + then + endof ERR_BAD_PARAM fail endcase @@ -958,6 +964,22 @@ cc: switch-aesgcm-in ( is_client prf_id cipher_key_len -- ) { ENG->iaes_ctr, cipher_key_len); } +cc: switch-chapol-out ( is_client prf_id -- ) { + int is_client, prf_id; + + prf_id = T0_POP(); + is_client = T0_POP(); + br_ssl_engine_switch_chapol_out(ENG, is_client, prf_id); +} + +cc: switch-chapol-in ( is_client prf_id -- ) { + int is_client, prf_id; + + prf_id = T0_POP(); + is_client = T0_POP(); + br_ssl_engine_switch_chapol_in(ENG, is_client, prf_id); +} + \ Write Finished message. : write-Finished ( from_client -- ) compute-Finished diff --git a/src/ssl/ssl_hs_server.c b/src/ssl/ssl_hs_server.c index 4fa054d..c8f934c 100644 --- a/src/ssl/ssl_hs_server.c +++ b/src/ssl/ssl_hs_server.c @@ -484,7 +484,7 @@ static const uint8_t t0_codeblock[] = { 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point_len)), 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, flags)), 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_server_context, hashes)), - 0x00, 0x00, 0x73, 0x01, + 0x00, 0x00, 0x75, 0x01, T0_INT2(BR_MAX_CIPHER_SUITES * sizeof(br_suite_translated)), 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, log_max_frag_len)), 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, pad)), 0x00, @@ -514,232 +514,233 @@ static const uint8_t t0_codeblock[] = { T0_INT2(offsetof(br_ssl_engine_context, version_max)), 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_min)), 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_out)), - 0x00, 0x00, 0x09, 0x29, 0x56, 0x06, 0x02, 0x62, 0x2A, 0x00, 0x00, 0x01, - 0x01, 0x00, 0x01, 0x03, 0x00, 0x91, 0x29, 0x5C, 0x46, 0x95, 0x29, 0x05, - 0x04, 0x5D, 0x01, 0x00, 0x00, 0x02, 0x00, 0x0F, 0x06, 0x02, 0x95, 0x00, - 0x5C, 0x04, 0x6B, 0x00, 0x06, 0x02, 0x62, 0x2A, 0x00, 0x00, 0x29, 0x82, - 0x46, 0x05, 0x03, 0x01, 0x0C, 0x08, 0x46, 0x70, 0x2D, 0x9D, 0x1C, 0x7D, - 0x01, 0x0C, 0x32, 0x00, 0x00, 0x29, 0x21, 0x01, 0x08, 0x0C, 0x46, 0x5A, - 0x21, 0x08, 0x00, 0x01, 0x03, 0x00, 0x01, 0x00, 0x6F, 0x41, 0x2B, 0x19, - 0x37, 0x06, 0x07, 0x02, 0x00, 0xC3, 0x03, 0x00, 0x04, 0x75, 0x01, 0x00, - 0xBB, 0x02, 0x00, 0x29, 0x19, 0x13, 0x06, 0x02, 0x69, 0x2A, 0xC3, 0x04, - 0x76, 0x00, 0x01, 0x00, 0x6F, 0x41, 0x01, 0x16, 0x80, 0x41, 0x35, 0xA5, - 0x34, 0x06, 0x02, 0x6B, 0x2A, 0x06, 0x0A, 0xCA, 0x01, 0x00, 0xC6, 0x01, - 0x00, 0xA1, 0x04, 0x80, 0x46, 0xCA, 0xC7, 0x28, 0xCC, 0x4B, 0x06, 0x01, - 0xC8, 0xCB, 0x2B, 0x4B, 0x06, 0x31, 0x01, 0x00, 0xA2, 0x29, 0x56, 0x06, - 0x0F, 0x01, 0x02, 0x9A, 0x05, 0x02, 0x36, 0x2A, 0x28, 0xA6, 0xA4, 0x29, - 0xBC, 0x28, 0x04, 0x19, 0x29, 0x58, 0x06, 0x0B, 0x28, 0x01, 0x02, 0x9A, - 0x05, 0x02, 0x68, 0x2A, 0xA6, 0x04, 0x0A, 0xA8, 0x29, 0x05, 0x04, 0x28, - 0xA0, 0x04, 0x02, 0xA7, 0xA3, 0x04, 0x01, 0xA6, 0x01, 0x00, 0xA1, 0x01, - 0x00, 0xC6, 0x3D, 0x01, 0x01, 0x6F, 0x41, 0x01, 0x17, 0x80, 0x41, 0x00, + 0x00, 0x00, 0x09, 0x29, 0x58, 0x06, 0x02, 0x64, 0x2A, 0x00, 0x00, 0x01, + 0x01, 0x00, 0x01, 0x03, 0x00, 0x93, 0x29, 0x5E, 0x46, 0x97, 0x29, 0x05, + 0x04, 0x5F, 0x01, 0x00, 0x00, 0x02, 0x00, 0x0F, 0x06, 0x02, 0x97, 0x00, + 0x5E, 0x04, 0x6B, 0x00, 0x06, 0x02, 0x64, 0x2A, 0x00, 0x00, 0x29, 0x84, + 0x46, 0x05, 0x03, 0x01, 0x0C, 0x08, 0x46, 0x72, 0x2D, 0x9F, 0x1C, 0x7F, + 0x01, 0x0C, 0x32, 0x00, 0x00, 0x29, 0x21, 0x01, 0x08, 0x0C, 0x46, 0x5C, + 0x21, 0x08, 0x00, 0x01, 0x03, 0x00, 0x01, 0x00, 0x71, 0x41, 0x2B, 0x19, + 0x37, 0x06, 0x07, 0x02, 0x00, 0xC5, 0x03, 0x00, 0x04, 0x75, 0x01, 0x00, + 0xBD, 0x02, 0x00, 0x29, 0x19, 0x13, 0x06, 0x02, 0x6B, 0x2A, 0xC5, 0x04, + 0x76, 0x00, 0x01, 0x00, 0x71, 0x41, 0x01, 0x16, 0x82, 0x41, 0x35, 0xA7, + 0x34, 0x06, 0x02, 0x6D, 0x2A, 0x06, 0x0A, 0xCC, 0x01, 0x00, 0xC8, 0x01, + 0x00, 0xA3, 0x04, 0x80, 0x46, 0xCC, 0xC9, 0x28, 0xCE, 0x4D, 0x06, 0x01, + 0xCA, 0xCD, 0x2B, 0x4D, 0x06, 0x31, 0x01, 0x00, 0xA4, 0x29, 0x58, 0x06, + 0x0F, 0x01, 0x02, 0x9C, 0x05, 0x02, 0x36, 0x2A, 0x28, 0xA8, 0xA6, 0x29, + 0xBE, 0x28, 0x04, 0x19, 0x29, 0x5A, 0x06, 0x0B, 0x28, 0x01, 0x02, 0x9C, + 0x05, 0x02, 0x6A, 0x2A, 0xA8, 0x04, 0x0A, 0xAA, 0x29, 0x05, 0x04, 0x28, + 0xA2, 0x04, 0x02, 0xA9, 0xA5, 0x04, 0x01, 0xA8, 0x01, 0x00, 0xA3, 0x01, + 0x00, 0xC8, 0x3D, 0x01, 0x01, 0x71, 0x41, 0x01, 0x17, 0x82, 0x41, 0x00, 0x00, 0x39, 0x39, 0x00, 0x01, 0x03, 0x00, 0x2B, 0x19, 0x37, 0x06, 0x04, - 0xC2, 0x28, 0x04, 0x78, 0x01, 0x02, 0x02, 0x00, 0xBA, 0x19, 0x37, 0x06, - 0x04, 0xC2, 0x28, 0x04, 0x78, 0x02, 0x00, 0x01, 0x84, 0x00, 0x08, 0x2A, - 0x00, 0x00, 0x79, 0x2E, 0x46, 0x12, 0x01, 0x01, 0x13, 0x36, 0x00, 0x00, - 0x01, 0x7F, 0x97, 0xC2, 0x29, 0x01, 0x07, 0x13, 0x01, 0x00, 0x39, 0x0F, - 0x06, 0x09, 0x28, 0x01, 0x10, 0x13, 0x06, 0x01, 0xB9, 0x04, 0x2A, 0x01, - 0x01, 0x39, 0x0F, 0x06, 0x21, 0x28, 0x28, 0x81, 0x2F, 0x01, 0x01, 0x0F, - 0x01, 0x01, 0x9A, 0x38, 0x06, 0x0F, 0x2B, 0x19, 0x37, 0x06, 0x04, 0xC2, - 0x28, 0x04, 0x78, 0x01, 0x80, 0x64, 0xBB, 0x04, 0x03, 0x01, 0x00, 0x97, - 0x04, 0x03, 0x6B, 0x2A, 0x28, 0x04, 0x40, 0x01, 0x29, 0x03, 0x00, 0x09, - 0x29, 0x56, 0x06, 0x02, 0x62, 0x2A, 0x02, 0x00, 0x00, 0x00, 0x92, 0x01, - 0x0F, 0x13, 0x00, 0x00, 0x6E, 0x2F, 0x01, 0x00, 0x39, 0x0F, 0x06, 0x10, - 0x28, 0x29, 0x01, 0x01, 0x0E, 0x06, 0x03, 0x28, 0x01, 0x02, 0x6E, 0x41, + 0xC4, 0x28, 0x04, 0x78, 0x01, 0x02, 0x02, 0x00, 0xBC, 0x19, 0x37, 0x06, + 0x04, 0xC4, 0x28, 0x04, 0x78, 0x02, 0x00, 0x01, 0x84, 0x00, 0x08, 0x2A, + 0x00, 0x00, 0x7B, 0x2E, 0x46, 0x12, 0x01, 0x01, 0x13, 0x36, 0x00, 0x00, + 0x01, 0x7F, 0x99, 0xC4, 0x29, 0x01, 0x07, 0x13, 0x01, 0x00, 0x39, 0x0F, + 0x06, 0x09, 0x28, 0x01, 0x10, 0x13, 0x06, 0x01, 0xBB, 0x04, 0x2A, 0x01, + 0x01, 0x39, 0x0F, 0x06, 0x21, 0x28, 0x28, 0x83, 0x2F, 0x01, 0x01, 0x0F, + 0x01, 0x01, 0x9C, 0x38, 0x06, 0x0F, 0x2B, 0x19, 0x37, 0x06, 0x04, 0xC4, + 0x28, 0x04, 0x78, 0x01, 0x80, 0x64, 0xBD, 0x04, 0x03, 0x01, 0x00, 0x99, + 0x04, 0x03, 0x6D, 0x2A, 0x28, 0x04, 0x40, 0x01, 0x29, 0x03, 0x00, 0x09, + 0x29, 0x58, 0x06, 0x02, 0x64, 0x2A, 0x02, 0x00, 0x00, 0x00, 0x94, 0x01, + 0x0F, 0x13, 0x00, 0x00, 0x70, 0x2F, 0x01, 0x00, 0x39, 0x0F, 0x06, 0x10, + 0x28, 0x29, 0x01, 0x01, 0x0E, 0x06, 0x03, 0x28, 0x01, 0x02, 0x70, 0x41, 0x01, 0x00, 0x04, 0x22, 0x01, 0x01, 0x39, 0x0F, 0x06, 0x15, 0x28, 0x01, - 0x00, 0x6E, 0x41, 0x29, 0x01, 0x80, 0x64, 0x0F, 0x06, 0x05, 0x01, 0x82, - 0x00, 0x08, 0x2A, 0x58, 0x00, 0x04, 0x07, 0x28, 0x01, 0x82, 0x00, 0x08, - 0x2A, 0x28, 0x00, 0x00, 0x01, 0x00, 0x30, 0x06, 0x05, 0x3C, 0x9E, 0x38, - 0x04, 0x78, 0x29, 0x06, 0x04, 0x01, 0x01, 0x87, 0x41, 0x00, 0x00, 0x01, - 0x1F, 0x13, 0x01, 0x12, 0x0F, 0x05, 0x02, 0x6C, 0x2A, 0x70, 0x2D, 0x29, - 0xBE, 0x05, 0x02, 0x6B, 0x2A, 0x9D, 0x27, 0x00, 0x00, 0x30, 0x06, 0x0B, - 0x7F, 0x2F, 0x01, 0x14, 0x0E, 0x06, 0x02, 0x6B, 0x2A, 0x04, 0x11, 0xC2, - 0x01, 0x07, 0x13, 0x29, 0x01, 0x02, 0x0E, 0x06, 0x06, 0x06, 0x02, 0x6B, - 0x2A, 0x04, 0x70, 0x28, 0xB7, 0x01, 0x01, 0x0E, 0x34, 0x38, 0x06, 0x02, - 0x5E, 0x2A, 0x29, 0x01, 0x01, 0xBD, 0x37, 0xA9, 0x00, 0x01, 0xAE, 0x01, - 0x0B, 0x0F, 0x05, 0x02, 0x6B, 0x2A, 0x29, 0x01, 0x03, 0x0F, 0x06, 0x08, - 0xB5, 0x06, 0x02, 0x62, 0x2A, 0x46, 0x28, 0x00, 0x46, 0x55, 0xB5, 0x9C, - 0x29, 0x06, 0x23, 0xB5, 0x9C, 0x29, 0x54, 0x29, 0x06, 0x18, 0x29, 0x01, + 0x00, 0x70, 0x41, 0x29, 0x01, 0x80, 0x64, 0x0F, 0x06, 0x05, 0x01, 0x82, + 0x00, 0x08, 0x2A, 0x5A, 0x00, 0x04, 0x07, 0x28, 0x01, 0x82, 0x00, 0x08, + 0x2A, 0x28, 0x00, 0x00, 0x01, 0x00, 0x30, 0x06, 0x05, 0x3C, 0xA0, 0x38, + 0x04, 0x78, 0x29, 0x06, 0x04, 0x01, 0x01, 0x89, 0x41, 0x00, 0x00, 0x01, + 0x1F, 0x13, 0x01, 0x12, 0x0F, 0x05, 0x02, 0x6E, 0x2A, 0x72, 0x2D, 0x29, + 0xC0, 0x05, 0x02, 0x6D, 0x2A, 0x9F, 0x27, 0x00, 0x00, 0x30, 0x06, 0x0B, + 0x81, 0x2F, 0x01, 0x14, 0x0E, 0x06, 0x02, 0x6D, 0x2A, 0x04, 0x11, 0xC4, + 0x01, 0x07, 0x13, 0x29, 0x01, 0x02, 0x0E, 0x06, 0x06, 0x06, 0x02, 0x6D, + 0x2A, 0x04, 0x70, 0x28, 0xB9, 0x01, 0x01, 0x0E, 0x34, 0x38, 0x06, 0x02, + 0x60, 0x2A, 0x29, 0x01, 0x01, 0xBF, 0x37, 0xAB, 0x00, 0x01, 0xB0, 0x01, + 0x0B, 0x0F, 0x05, 0x02, 0x6D, 0x2A, 0x29, 0x01, 0x03, 0x0F, 0x06, 0x08, + 0xB7, 0x06, 0x02, 0x64, 0x2A, 0x46, 0x28, 0x00, 0x46, 0x57, 0xB7, 0x9E, + 0x29, 0x06, 0x23, 0xB7, 0x9E, 0x29, 0x56, 0x29, 0x06, 0x18, 0x29, 0x01, 0x82, 0x00, 0x10, 0x06, 0x05, 0x01, 0x82, 0x00, 0x04, 0x01, 0x29, 0x03, - 0x00, 0x7D, 0x02, 0x00, 0xAA, 0x02, 0x00, 0x51, 0x04, 0x65, 0x93, 0x52, - 0x04, 0x5A, 0x93, 0x93, 0x53, 0x29, 0x06, 0x02, 0x36, 0x00, 0x28, 0x2C, - 0x00, 0x02, 0x29, 0x01, 0x20, 0x13, 0x05, 0x02, 0x6C, 0x2A, 0x01, 0x0F, - 0x13, 0x03, 0x00, 0xA4, 0x8B, 0x2D, 0x01, 0x86, 0x03, 0x11, 0x06, 0x23, - 0xB4, 0x29, 0x01, 0x81, 0x7F, 0x13, 0x5A, 0x01, 0x01, 0x12, 0x02, 0x00, - 0x0F, 0x05, 0x02, 0x64, 0x2A, 0x01, 0x08, 0x12, 0x29, 0x01, 0x02, 0x0B, - 0x39, 0x01, 0x06, 0x10, 0x38, 0x06, 0x02, 0x66, 0x2A, 0x04, 0x0D, 0x02, + 0x00, 0x7F, 0x02, 0x00, 0xAC, 0x02, 0x00, 0x53, 0x04, 0x65, 0x95, 0x54, + 0x04, 0x5A, 0x95, 0x95, 0x55, 0x29, 0x06, 0x02, 0x36, 0x00, 0x28, 0x2C, + 0x00, 0x02, 0x29, 0x01, 0x20, 0x13, 0x05, 0x02, 0x6E, 0x2A, 0x01, 0x0F, + 0x13, 0x03, 0x00, 0xA6, 0x8D, 0x2D, 0x01, 0x86, 0x03, 0x11, 0x06, 0x23, + 0xB6, 0x29, 0x01, 0x81, 0x7F, 0x13, 0x5C, 0x01, 0x01, 0x12, 0x02, 0x00, + 0x0F, 0x05, 0x02, 0x66, 0x2A, 0x01, 0x08, 0x12, 0x29, 0x01, 0x02, 0x0B, + 0x39, 0x01, 0x06, 0x10, 0x38, 0x06, 0x02, 0x68, 0x2A, 0x04, 0x0D, 0x02, 0x00, 0x01, 0x01, 0x0F, 0x06, 0x04, 0x01, 0x00, 0x04, 0x02, 0x01, 0x02, - 0x20, 0x05, 0x02, 0x66, 0x2A, 0xB4, 0x29, 0x03, 0x01, 0x29, 0x01, 0x84, - 0x00, 0x10, 0x06, 0x02, 0x67, 0x2A, 0x7D, 0x46, 0xAA, 0x02, 0x01, 0x4E, - 0x29, 0x06, 0x01, 0x2A, 0x28, 0x93, 0x00, 0x00, 0x1D, 0xAE, 0x01, 0x0F, - 0x0F, 0x05, 0x02, 0x6B, 0x2A, 0x00, 0x0A, 0xAE, 0x01, 0x01, 0x0F, 0x05, - 0x02, 0x6B, 0x2A, 0xB4, 0x29, 0x03, 0x00, 0x71, 0x3F, 0x72, 0x01, 0x20, - 0xAA, 0xB6, 0x29, 0x01, 0x20, 0x10, 0x06, 0x02, 0x6A, 0x2A, 0x29, 0x86, - 0x41, 0x85, 0x46, 0xAA, 0x1A, 0x03, 0x01, 0xB4, 0x9C, 0x01, 0x00, 0x03, - 0x02, 0x01, 0x00, 0x03, 0x03, 0x7B, 0x98, 0x17, 0x39, 0x08, 0x03, 0x04, - 0x03, 0x05, 0x29, 0x06, 0x80, 0x6D, 0xB4, 0x29, 0x03, 0x06, 0x02, 0x01, - 0x06, 0x0A, 0x29, 0x70, 0x2D, 0x0F, 0x06, 0x04, 0x01, 0x7F, 0x03, 0x03, - 0x29, 0x01, 0x81, 0x7F, 0x0F, 0x06, 0x0A, 0x81, 0x2F, 0x06, 0x02, 0x63, + 0x20, 0x05, 0x02, 0x68, 0x2A, 0xB6, 0x29, 0x03, 0x01, 0x29, 0x01, 0x84, + 0x00, 0x10, 0x06, 0x02, 0x69, 0x2A, 0x7F, 0x46, 0xAC, 0x02, 0x01, 0x50, + 0x29, 0x06, 0x01, 0x2A, 0x28, 0x95, 0x00, 0x00, 0x1D, 0xB0, 0x01, 0x0F, + 0x0F, 0x05, 0x02, 0x6D, 0x2A, 0x00, 0x0A, 0xB0, 0x01, 0x01, 0x0F, 0x05, + 0x02, 0x6D, 0x2A, 0xB6, 0x29, 0x03, 0x00, 0x73, 0x3F, 0x74, 0x01, 0x20, + 0xAC, 0xB8, 0x29, 0x01, 0x20, 0x10, 0x06, 0x02, 0x6C, 0x2A, 0x29, 0x88, + 0x41, 0x87, 0x46, 0xAC, 0x1A, 0x03, 0x01, 0xB6, 0x9E, 0x01, 0x00, 0x03, + 0x02, 0x01, 0x00, 0x03, 0x03, 0x7D, 0x9A, 0x17, 0x39, 0x08, 0x03, 0x04, + 0x03, 0x05, 0x29, 0x06, 0x80, 0x6D, 0xB6, 0x29, 0x03, 0x06, 0x02, 0x01, + 0x06, 0x0A, 0x29, 0x72, 0x2D, 0x0F, 0x06, 0x04, 0x01, 0x7F, 0x03, 0x03, + 0x29, 0x01, 0x81, 0x7F, 0x0F, 0x06, 0x0A, 0x83, 0x2F, 0x06, 0x02, 0x65, 0x2A, 0x01, 0x7F, 0x03, 0x02, 0x29, 0x01, 0x81, 0xAC, 0x00, 0x0F, 0x06, - 0x11, 0x02, 0x00, 0x8E, 0x2D, 0x11, 0x02, 0x00, 0x8D, 0x2D, 0x0B, 0x13, - 0x06, 0x04, 0x01, 0x7F, 0x03, 0x00, 0xB8, 0x29, 0x56, 0x06, 0x03, 0x28, - 0x04, 0x26, 0x01, 0x00, 0x9A, 0x06, 0x0B, 0x01, 0x02, 0x0C, 0x73, 0x08, + 0x11, 0x02, 0x00, 0x90, 0x2D, 0x11, 0x02, 0x00, 0x8F, 0x2D, 0x0B, 0x13, + 0x06, 0x04, 0x01, 0x7F, 0x03, 0x00, 0xBA, 0x29, 0x58, 0x06, 0x03, 0x28, + 0x04, 0x26, 0x01, 0x00, 0x9C, 0x06, 0x0B, 0x01, 0x02, 0x0C, 0x75, 0x08, 0x02, 0x06, 0x46, 0x3F, 0x04, 0x16, 0x28, 0x02, 0x05, 0x02, 0x04, 0x11, - 0x06, 0x02, 0x61, 0x2A, 0x02, 0x06, 0x02, 0x05, 0x3F, 0x02, 0x05, 0x01, + 0x06, 0x02, 0x63, 0x2A, 0x02, 0x06, 0x02, 0x05, 0x3F, 0x02, 0x05, 0x01, 0x04, 0x08, 0x03, 0x05, 0x04, 0xFF, 0x0F, 0x28, 0x01, 0x00, 0x03, 0x07, - 0xB6, 0x9C, 0x29, 0x06, 0x09, 0xB6, 0x05, 0x04, 0x01, 0x7F, 0x03, 0x07, - 0x04, 0x74, 0x93, 0x01, 0x00, 0x83, 0x41, 0x01, 0x88, 0x04, 0x7A, 0x3F, - 0x01, 0x84, 0x80, 0x80, 0x00, 0x76, 0x40, 0x29, 0x06, 0x80, 0x42, 0xB4, - 0x9C, 0x29, 0x06, 0x3C, 0xB4, 0x01, 0x00, 0x39, 0x0F, 0x06, 0x04, 0x28, - 0xAD, 0x04, 0x2F, 0x01, 0x01, 0x39, 0x0F, 0x06, 0x04, 0x28, 0xAB, 0x04, - 0x25, 0x01, 0x83, 0xFE, 0x01, 0x39, 0x0F, 0x06, 0x04, 0x28, 0xAC, 0x04, - 0x19, 0x01, 0x0D, 0x39, 0x0F, 0x06, 0x04, 0x28, 0xB2, 0x04, 0x0F, 0x01, - 0x0A, 0x39, 0x0F, 0x06, 0x04, 0x28, 0xB3, 0x04, 0x05, 0x28, 0xB0, 0x01, - 0x00, 0x28, 0x04, 0x41, 0x93, 0x93, 0x02, 0x01, 0x02, 0x03, 0x13, 0x03, - 0x01, 0x02, 0x00, 0x56, 0x06, 0x08, 0x71, 0x2D, 0x8F, 0x3F, 0x01, 0x80, - 0x56, 0x99, 0x8D, 0x2D, 0x29, 0x02, 0x00, 0x10, 0x06, 0x03, 0x28, 0x02, - 0x00, 0x29, 0x01, 0x86, 0x00, 0x0B, 0x06, 0x02, 0x65, 0x2A, 0x02, 0x00, - 0x8E, 0x2D, 0x0B, 0x06, 0x04, 0x01, 0x80, 0x46, 0x99, 0x02, 0x01, 0x06, - 0x10, 0x8B, 0x2D, 0x02, 0x00, 0x0D, 0x06, 0x05, 0x28, 0x8B, 0x2D, 0x04, - 0x04, 0x01, 0x00, 0x03, 0x01, 0x29, 0x8B, 0x3F, 0x29, 0x8C, 0x3F, 0x29, - 0x8F, 0x3F, 0x01, 0x86, 0x03, 0x11, 0x03, 0x08, 0x02, 0x02, 0x06, 0x04, - 0x01, 0x02, 0x81, 0x41, 0x02, 0x07, 0x05, 0x03, 0x01, 0x28, 0x99, 0x43, - 0x28, 0x01, 0x82, 0x01, 0x07, 0x7A, 0x2D, 0x13, 0x29, 0x7A, 0x3F, 0x29, - 0x01, 0x81, 0x7F, 0x13, 0x57, 0x36, 0x46, 0x01, 0x08, 0x12, 0x57, 0x01, - 0x02, 0x13, 0x38, 0x03, 0x09, 0x76, 0x2E, 0x42, 0x13, 0x29, 0x76, 0x40, - 0x05, 0x04, 0x01, 0x00, 0x03, 0x09, 0x02, 0x01, 0x06, 0x03, 0x01, 0x7F, - 0x00, 0x85, 0x01, 0x20, 0x33, 0x01, 0x20, 0x86, 0x41, 0x73, 0x29, 0x03, - 0x05, 0x29, 0x02, 0x04, 0x0B, 0x06, 0x80, 0x49, 0x29, 0x2D, 0x29, 0x92, - 0x29, 0x01, 0x0C, 0x12, 0x29, 0x01, 0x01, 0x0F, 0x46, 0x01, 0x02, 0x0F, - 0x38, 0x06, 0x0A, 0x29, 0x02, 0x09, 0x13, 0x05, 0x04, 0x5D, 0x01, 0x00, - 0x29, 0x02, 0x08, 0x05, 0x0E, 0x29, 0x01, 0x81, 0x70, 0x13, 0x01, 0x20, - 0x0E, 0x06, 0x04, 0x5D, 0x01, 0x00, 0x29, 0x29, 0x06, 0x10, 0x02, 0x05, - 0x5C, 0x3F, 0x02, 0x05, 0x3F, 0x02, 0x05, 0x01, 0x04, 0x08, 0x03, 0x05, - 0x04, 0x01, 0x5D, 0x01, 0x04, 0x08, 0x04, 0xFF, 0x30, 0x28, 0x02, 0x05, - 0x73, 0x09, 0x01, 0x02, 0x12, 0x29, 0x05, 0x03, 0x01, 0x28, 0x99, 0x74, - 0x41, 0x18, 0x05, 0x03, 0x01, 0x28, 0x99, 0x01, 0x00, 0x00, 0x00, 0xA8, - 0xA7, 0x00, 0x04, 0x70, 0x2D, 0xC1, 0x06, 0x16, 0xB4, 0x29, 0x01, 0x84, - 0x00, 0x10, 0x06, 0x02, 0x67, 0x2A, 0x29, 0x03, 0x00, 0x7D, 0x46, 0xAA, - 0x02, 0x00, 0x70, 0x2D, 0x9D, 0x26, 0x70, 0x2D, 0x29, 0xBF, 0x46, 0xBE, - 0x03, 0x01, 0x03, 0x02, 0x02, 0x01, 0x02, 0x02, 0x38, 0x06, 0x14, 0xB6, - 0x29, 0x03, 0x03, 0x7D, 0x46, 0xAA, 0x02, 0x03, 0x70, 0x2D, 0x9D, 0x02, - 0x02, 0x06, 0x03, 0x25, 0x04, 0x01, 0x23, 0x93, 0x00, 0x00, 0xAE, 0x01, - 0x10, 0x0F, 0x05, 0x02, 0x6B, 0x2A, 0x00, 0x00, 0x94, 0xAE, 0x01, 0x14, - 0x0E, 0x06, 0x02, 0x6B, 0x2A, 0x7D, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0xAA, - 0x93, 0x7D, 0x29, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0x31, 0x05, 0x02, 0x5F, - 0x2A, 0x00, 0x02, 0x03, 0x00, 0x03, 0x01, 0x02, 0x00, 0x90, 0x02, 0x01, - 0x02, 0x00, 0x3B, 0x29, 0x01, 0x00, 0x0F, 0x06, 0x02, 0x5D, 0x00, 0xC4, - 0x04, 0x74, 0x00, 0xB4, 0x01, 0x01, 0x0E, 0x06, 0x02, 0x60, 0x2A, 0xB6, - 0x29, 0x29, 0x58, 0x46, 0x01, 0x05, 0x11, 0x38, 0x06, 0x02, 0x60, 0x2A, - 0x01, 0x08, 0x08, 0x29, 0x7C, 0x2F, 0x0B, 0x06, 0x0D, 0x29, 0x01, 0x01, - 0x46, 0x0C, 0x3E, 0x29, 0x7C, 0x41, 0x7E, 0x41, 0x04, 0x01, 0x28, 0x00, - 0x00, 0xB4, 0x81, 0x2F, 0x01, 0x00, 0x39, 0x0F, 0x06, 0x13, 0x28, 0x01, - 0x01, 0x0F, 0x05, 0x02, 0x63, 0x2A, 0xB6, 0x06, 0x02, 0x63, 0x2A, 0x01, - 0x02, 0x81, 0x41, 0x04, 0x28, 0x01, 0x02, 0x39, 0x0F, 0x06, 0x1F, 0x28, - 0x01, 0x0D, 0x0F, 0x05, 0x02, 0x63, 0x2A, 0xB6, 0x01, 0x0C, 0x0F, 0x05, - 0x02, 0x63, 0x2A, 0x7D, 0x01, 0x0C, 0xAA, 0x82, 0x7D, 0x01, 0x0C, 0x31, - 0x05, 0x02, 0x63, 0x2A, 0x04, 0x03, 0x63, 0x2A, 0x28, 0x00, 0x00, 0xB4, - 0x9C, 0xB4, 0x9C, 0x29, 0x06, 0x1D, 0xB6, 0x06, 0x03, 0xB0, 0x04, 0x15, - 0xB4, 0x29, 0x01, 0x81, 0x7F, 0x0D, 0x06, 0x0C, 0x29, 0x83, 0x08, 0x01, - 0x00, 0x46, 0x41, 0x83, 0x46, 0xAA, 0x04, 0x01, 0xBC, 0x04, 0x60, 0x93, - 0x93, 0x00, 0x00, 0xAF, 0x29, 0x58, 0x06, 0x07, 0x28, 0x06, 0x02, 0x61, - 0x2A, 0x04, 0x74, 0x00, 0x00, 0xB7, 0x01, 0x03, 0xB5, 0x46, 0x28, 0x46, - 0x00, 0x00, 0xB4, 0xBC, 0x00, 0x03, 0x01, 0x00, 0x03, 0x00, 0xB4, 0x9C, - 0x29, 0x06, 0x32, 0xB6, 0x03, 0x01, 0xB6, 0x03, 0x02, 0x02, 0x01, 0x01, - 0x02, 0x11, 0x02, 0x01, 0x01, 0x06, 0x0D, 0x13, 0x02, 0x02, 0x01, 0x01, - 0x0F, 0x02, 0x02, 0x01, 0x03, 0x0F, 0x38, 0x13, 0x06, 0x11, 0x02, 0x00, - 0x01, 0x01, 0x02, 0x02, 0x5B, 0x01, 0x02, 0x0C, 0x02, 0x01, 0x08, 0x0C, - 0x38, 0x03, 0x00, 0x04, 0x4B, 0x93, 0x02, 0x00, 0x00, 0x00, 0xB4, 0x9C, - 0xB1, 0x7A, 0x3F, 0x93, 0x00, 0x00, 0xB4, 0x9C, 0xB4, 0x9C, 0x01, 0x00, - 0x76, 0x40, 0x29, 0x06, 0x15, 0xB4, 0x29, 0x01, 0x20, 0x0B, 0x06, 0x0B, - 0x01, 0x01, 0x46, 0x0C, 0x76, 0x2E, 0x38, 0x76, 0x40, 0x04, 0x01, 0x28, - 0x04, 0x68, 0x93, 0x93, 0x00, 0x00, 0x01, 0x02, 0x90, 0xB7, 0x01, 0x08, - 0x0C, 0xB7, 0x08, 0x00, 0x00, 0x01, 0x03, 0x90, 0xB7, 0x01, 0x08, 0x0C, - 0xB7, 0x08, 0x01, 0x08, 0x0C, 0xB7, 0x08, 0x00, 0x00, 0x01, 0x01, 0x90, - 0xB7, 0x00, 0x00, 0x3C, 0x29, 0x56, 0x05, 0x01, 0x00, 0x28, 0xC4, 0x04, - 0x76, 0x02, 0x03, 0x00, 0x8A, 0x2F, 0x03, 0x01, 0x01, 0x00, 0x29, 0x02, - 0x01, 0x0B, 0x06, 0x10, 0x29, 0x01, 0x01, 0x0C, 0x89, 0x08, 0x2D, 0x02, - 0x00, 0x0F, 0x06, 0x01, 0x00, 0x5A, 0x04, 0x6A, 0x28, 0x01, 0x7F, 0x00, - 0x00, 0x2B, 0x19, 0x37, 0x06, 0x04, 0xC2, 0x28, 0x04, 0x78, 0x01, 0x16, - 0x80, 0x41, 0x01, 0x00, 0xD5, 0x01, 0x00, 0xD4, 0x2B, 0x01, 0x17, 0x80, - 0x41, 0x00, 0x00, 0x01, 0x15, 0x80, 0x41, 0x46, 0x50, 0x28, 0x50, 0x28, - 0x2B, 0x00, 0x00, 0x01, 0x01, 0x46, 0xBA, 0x00, 0x00, 0x46, 0x39, 0x90, - 0x46, 0x29, 0x06, 0x05, 0xB7, 0x28, 0x5B, 0x04, 0x78, 0x28, 0x00, 0x02, - 0x03, 0x00, 0x70, 0x2D, 0x92, 0x03, 0x01, 0x02, 0x01, 0x01, 0x0F, 0x13, - 0x02, 0x01, 0x01, 0x04, 0x12, 0x01, 0x0F, 0x13, 0x02, 0x01, 0x01, 0x08, - 0x12, 0x01, 0x0F, 0x13, 0x01, 0x00, 0x39, 0x0F, 0x06, 0x10, 0x28, 0x01, - 0x00, 0x01, 0x18, 0x02, 0x00, 0x06, 0x03, 0x49, 0x04, 0x01, 0x4A, 0x04, - 0x80, 0x56, 0x01, 0x01, 0x39, 0x0F, 0x06, 0x10, 0x28, 0x01, 0x01, 0x01, - 0x10, 0x02, 0x00, 0x06, 0x03, 0x49, 0x04, 0x01, 0x4A, 0x04, 0x80, 0x40, - 0x01, 0x02, 0x39, 0x0F, 0x06, 0x0F, 0x28, 0x01, 0x01, 0x01, 0x20, 0x02, - 0x00, 0x06, 0x03, 0x49, 0x04, 0x01, 0x4A, 0x04, 0x2B, 0x01, 0x03, 0x39, - 0x0F, 0x06, 0x0E, 0x28, 0x28, 0x01, 0x10, 0x02, 0x00, 0x06, 0x03, 0x47, - 0x04, 0x01, 0x48, 0x04, 0x17, 0x01, 0x04, 0x39, 0x0F, 0x06, 0x0E, 0x28, - 0x28, 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x47, 0x04, 0x01, 0x48, 0x04, - 0x03, 0x62, 0x2A, 0x28, 0x00, 0x00, 0x92, 0x01, 0x0C, 0x12, 0x01, 0x02, - 0x10, 0x00, 0x00, 0x92, 0x01, 0x0C, 0x12, 0x29, 0x59, 0x46, 0x01, 0x03, - 0x0B, 0x13, 0x00, 0x00, 0x92, 0x01, 0x0C, 0x12, 0x01, 0x01, 0x0F, 0x00, - 0x00, 0x92, 0x01, 0x0C, 0x12, 0x58, 0x00, 0x00, 0x1B, 0x01, 0x00, 0x6D, - 0x2F, 0x29, 0x06, 0x1F, 0x01, 0x01, 0x39, 0x0F, 0x06, 0x06, 0x28, 0x01, - 0x00, 0x96, 0x04, 0x11, 0x01, 0x02, 0x39, 0x0F, 0x06, 0x0A, 0x28, 0x6F, - 0x2F, 0x06, 0x03, 0x01, 0x10, 0x38, 0x04, 0x01, 0x28, 0x04, 0x01, 0x28, - 0x75, 0x2F, 0x05, 0x33, 0x30, 0x06, 0x30, 0x7F, 0x2F, 0x01, 0x14, 0x39, - 0x0F, 0x06, 0x06, 0x28, 0x01, 0x02, 0x38, 0x04, 0x22, 0x01, 0x15, 0x39, - 0x0F, 0x06, 0x09, 0x28, 0x9F, 0x06, 0x03, 0x01, 0x7F, 0x96, 0x04, 0x13, - 0x01, 0x16, 0x39, 0x0F, 0x06, 0x06, 0x28, 0x01, 0x01, 0x38, 0x04, 0x07, - 0x28, 0x01, 0x04, 0x38, 0x01, 0x00, 0x28, 0x19, 0x06, 0x03, 0x01, 0x08, - 0x38, 0x00, 0x00, 0x1B, 0x29, 0x05, 0x0F, 0x30, 0x06, 0x0C, 0x7F, 0x2F, - 0x01, 0x15, 0x0F, 0x06, 0x04, 0x28, 0x9F, 0x04, 0x01, 0x22, 0x00, 0x00, - 0xC2, 0x01, 0x07, 0x13, 0x01, 0x01, 0x10, 0x06, 0x02, 0x6B, 0x2A, 0x00, - 0x01, 0x03, 0x00, 0x2B, 0x19, 0x06, 0x05, 0x02, 0x00, 0x80, 0x41, 0x00, - 0xC2, 0x28, 0x04, 0x74, 0x00, 0x01, 0x14, 0xC5, 0x01, 0x01, 0xD5, 0x2B, - 0x29, 0x01, 0x00, 0xBD, 0x01, 0x16, 0xC5, 0xC9, 0x2B, 0x00, 0x00, 0x01, - 0x0B, 0xD5, 0x4C, 0x29, 0x29, 0x01, 0x03, 0x08, 0xD4, 0xD4, 0x14, 0x29, - 0x56, 0x06, 0x02, 0x28, 0x00, 0xD4, 0x1E, 0x29, 0x06, 0x05, 0x7D, 0x46, - 0xCD, 0x04, 0x77, 0x28, 0x04, 0x6C, 0x00, 0x01, 0x00, 0xCF, 0x8B, 0x2D, - 0x01, 0x86, 0x03, 0x11, 0x06, 0x05, 0x5C, 0x01, 0x00, 0xD0, 0x08, 0x4B, - 0x08, 0x01, 0x03, 0x08, 0x01, 0x0D, 0xD5, 0xD4, 0x01, 0x00, 0xCF, 0xD5, - 0x01, 0x01, 0xCF, 0x28, 0x8B, 0x2D, 0x01, 0x86, 0x03, 0x11, 0x06, 0x08, - 0x01, 0x00, 0xD0, 0xD3, 0x01, 0x01, 0xD0, 0x28, 0x4B, 0xD3, 0x16, 0x15, - 0x29, 0x56, 0x06, 0x02, 0x28, 0x00, 0xD3, 0x1F, 0x29, 0x06, 0x05, 0x7D, - 0x46, 0xCD, 0x04, 0x77, 0x28, 0x04, 0x6C, 0x00, 0x94, 0x01, 0x14, 0xD5, - 0x01, 0x0C, 0xD4, 0x7D, 0x01, 0x0C, 0xCD, 0x00, 0x03, 0x03, 0x00, 0x01, - 0x02, 0xD5, 0x01, 0x80, 0x46, 0x81, 0x2F, 0x01, 0x02, 0x0F, 0x06, 0x0C, - 0x02, 0x00, 0x06, 0x04, 0x01, 0x05, 0x04, 0x02, 0x01, 0x1D, 0x04, 0x02, - 0x01, 0x00, 0x03, 0x01, 0x7E, 0x2F, 0x06, 0x04, 0x01, 0x05, 0x04, 0x02, - 0x01, 0x00, 0x03, 0x02, 0x02, 0x01, 0x02, 0x02, 0x08, 0x29, 0x06, 0x03, - 0x01, 0x02, 0x08, 0x08, 0xD4, 0x8B, 0x2D, 0xD3, 0x84, 0x01, 0x04, 0x17, - 0x84, 0x01, 0x04, 0x08, 0x01, 0x1C, 0x33, 0x84, 0x01, 0x20, 0xCD, 0x01, - 0x20, 0xD5, 0x85, 0x01, 0x20, 0xCD, 0x70, 0x2D, 0xD3, 0x01, 0x00, 0xD5, - 0x02, 0x01, 0x02, 0x02, 0x08, 0x29, 0x06, 0x29, 0xD3, 0x02, 0x01, 0x29, - 0x06, 0x10, 0x01, 0x83, 0xFE, 0x01, 0xD3, 0x01, 0x04, 0x09, 0x29, 0xD3, - 0x5B, 0x82, 0x46, 0xCE, 0x04, 0x01, 0x28, 0x02, 0x02, 0x06, 0x0C, 0x01, - 0x01, 0xD3, 0x01, 0x01, 0xD3, 0x7E, 0x2F, 0x01, 0x08, 0x09, 0xD5, 0x04, - 0x01, 0x28, 0x00, 0x00, 0x01, 0x0E, 0xD5, 0x01, 0x00, 0xD4, 0x00, 0x03, - 0x70, 0x2D, 0xBF, 0x05, 0x01, 0x00, 0x76, 0x2E, 0x01, 0x00, 0x98, 0x12, - 0x01, 0x01, 0x13, 0x58, 0x06, 0x03, 0x5A, 0x04, 0x75, 0x03, 0x00, 0x28, - 0x02, 0x00, 0x24, 0x29, 0x56, 0x06, 0x02, 0x36, 0x2A, 0x03, 0x01, 0x8B, - 0x2D, 0x01, 0x86, 0x03, 0x11, 0x03, 0x02, 0x01, 0x0C, 0xD5, 0x02, 0x01, - 0x78, 0x2F, 0x08, 0x02, 0x02, 0x01, 0x02, 0x13, 0x08, 0x01, 0x06, 0x08, - 0xD4, 0x01, 0x03, 0xD5, 0x02, 0x00, 0xD3, 0x77, 0x78, 0x2F, 0xCE, 0x02, - 0x02, 0x06, 0x0D, 0x88, 0x2F, 0xD5, 0x70, 0x2D, 0xC0, 0x01, 0x01, 0x0C, - 0x01, 0x03, 0x08, 0xD5, 0x02, 0x01, 0xD3, 0x7D, 0x02, 0x01, 0xCD, 0x00, - 0x00, 0x4F, 0x29, 0x01, 0x00, 0x0F, 0x06, 0x02, 0x5D, 0x00, 0xC2, 0x28, - 0x04, 0x73, 0x00, 0x29, 0xD5, 0xCD, 0x00, 0x00, 0x01, 0x00, 0x70, 0x2D, - 0xBE, 0x06, 0x0C, 0x5C, 0x39, 0x06, 0x08, 0x01, 0x80, 0x41, 0xD5, 0x01, - 0x80, 0x42, 0xD5, 0x45, 0x06, 0x07, 0x5A, 0x39, 0x06, 0x03, 0x01, 0x01, - 0xD5, 0x44, 0x06, 0x08, 0x5A, 0x39, 0x06, 0x04, 0x01, 0x80, 0x40, 0xD5, - 0x46, 0x28, 0x00, 0x01, 0x01, 0x00, 0x03, 0x00, 0x45, 0x44, 0x38, 0x05, - 0x14, 0x01, 0x01, 0x01, 0x80, 0x7C, 0xD1, 0x03, 0x00, 0x01, 0x03, 0x01, - 0x80, 0x7C, 0xD1, 0x02, 0x00, 0x08, 0x46, 0x28, 0x00, 0x45, 0x06, 0x07, - 0x01, 0x01, 0x43, 0x28, 0xD1, 0x03, 0x00, 0x44, 0x06, 0x0A, 0x01, 0x03, - 0x43, 0x28, 0xD1, 0x02, 0x00, 0x08, 0x03, 0x00, 0x28, 0x02, 0x00, 0x00, - 0x00, 0x01, 0x00, 0x01, 0x04, 0xD2, 0x01, 0x05, 0xD2, 0x01, 0x06, 0xD2, - 0x01, 0x03, 0xD2, 0x01, 0x02, 0xD2, 0x0A, 0x5D, 0x00, 0x01, 0x03, 0x00, - 0x39, 0x01, 0x01, 0x02, 0x00, 0x0C, 0x13, 0x05, 0x01, 0x00, 0x5C, 0x01, - 0x03, 0x3A, 0x06, 0x07, 0x02, 0x00, 0xD5, 0x01, 0x02, 0x3A, 0xD5, 0x00, - 0x00, 0x29, 0x01, 0x08, 0x4D, 0xD5, 0xD5, 0x00, 0x00, 0x29, 0x01, 0x10, - 0x4D, 0xD5, 0xD3, 0x00, 0x00, 0x29, 0x50, 0x06, 0x02, 0x28, 0x00, 0xC2, - 0x28, 0x04, 0x76 + 0xB8, 0x9E, 0x29, 0x06, 0x09, 0xB8, 0x05, 0x04, 0x01, 0x7F, 0x03, 0x07, + 0x04, 0x74, 0x95, 0x01, 0x00, 0x85, 0x41, 0x01, 0x88, 0x04, 0x7C, 0x3F, + 0x01, 0x84, 0x80, 0x80, 0x00, 0x78, 0x40, 0x29, 0x06, 0x80, 0x42, 0xB6, + 0x9E, 0x29, 0x06, 0x3C, 0xB6, 0x01, 0x00, 0x39, 0x0F, 0x06, 0x04, 0x28, + 0xAF, 0x04, 0x2F, 0x01, 0x01, 0x39, 0x0F, 0x06, 0x04, 0x28, 0xAD, 0x04, + 0x25, 0x01, 0x83, 0xFE, 0x01, 0x39, 0x0F, 0x06, 0x04, 0x28, 0xAE, 0x04, + 0x19, 0x01, 0x0D, 0x39, 0x0F, 0x06, 0x04, 0x28, 0xB4, 0x04, 0x0F, 0x01, + 0x0A, 0x39, 0x0F, 0x06, 0x04, 0x28, 0xB5, 0x04, 0x05, 0x28, 0xB2, 0x01, + 0x00, 0x28, 0x04, 0x41, 0x95, 0x95, 0x02, 0x01, 0x02, 0x03, 0x13, 0x03, + 0x01, 0x02, 0x00, 0x58, 0x06, 0x08, 0x73, 0x2D, 0x91, 0x3F, 0x01, 0x80, + 0x56, 0x9B, 0x8F, 0x2D, 0x29, 0x02, 0x00, 0x10, 0x06, 0x03, 0x28, 0x02, + 0x00, 0x29, 0x01, 0x86, 0x00, 0x0B, 0x06, 0x02, 0x67, 0x2A, 0x02, 0x00, + 0x90, 0x2D, 0x0B, 0x06, 0x04, 0x01, 0x80, 0x46, 0x9B, 0x02, 0x01, 0x06, + 0x10, 0x8D, 0x2D, 0x02, 0x00, 0x0D, 0x06, 0x05, 0x28, 0x8D, 0x2D, 0x04, + 0x04, 0x01, 0x00, 0x03, 0x01, 0x29, 0x8D, 0x3F, 0x29, 0x8E, 0x3F, 0x29, + 0x91, 0x3F, 0x01, 0x86, 0x03, 0x11, 0x03, 0x08, 0x02, 0x02, 0x06, 0x04, + 0x01, 0x02, 0x83, 0x41, 0x02, 0x07, 0x05, 0x03, 0x01, 0x28, 0x9B, 0x43, + 0x28, 0x01, 0x82, 0x01, 0x07, 0x7C, 0x2D, 0x13, 0x29, 0x7C, 0x3F, 0x29, + 0x01, 0x81, 0x7F, 0x13, 0x59, 0x36, 0x46, 0x01, 0x08, 0x12, 0x59, 0x01, + 0x02, 0x13, 0x38, 0x01, 0x0C, 0x0C, 0x03, 0x09, 0x78, 0x2E, 0x42, 0x13, + 0x29, 0x78, 0x40, 0x05, 0x04, 0x01, 0x00, 0x03, 0x09, 0x02, 0x01, 0x06, + 0x03, 0x01, 0x7F, 0x00, 0x87, 0x01, 0x20, 0x33, 0x01, 0x20, 0x88, 0x41, + 0x75, 0x29, 0x03, 0x05, 0x29, 0x02, 0x04, 0x0B, 0x06, 0x80, 0x49, 0x29, + 0x2D, 0x29, 0x94, 0x29, 0x01, 0x0C, 0x12, 0x29, 0x01, 0x01, 0x0F, 0x46, + 0x01, 0x02, 0x0F, 0x38, 0x06, 0x0A, 0x29, 0x02, 0x09, 0x13, 0x05, 0x04, + 0x5F, 0x01, 0x00, 0x29, 0x02, 0x08, 0x05, 0x0E, 0x29, 0x01, 0x81, 0x70, + 0x13, 0x01, 0x20, 0x0E, 0x06, 0x04, 0x5F, 0x01, 0x00, 0x29, 0x29, 0x06, + 0x10, 0x02, 0x05, 0x5E, 0x3F, 0x02, 0x05, 0x3F, 0x02, 0x05, 0x01, 0x04, + 0x08, 0x03, 0x05, 0x04, 0x01, 0x5F, 0x01, 0x04, 0x08, 0x04, 0xFF, 0x30, + 0x28, 0x02, 0x05, 0x75, 0x09, 0x01, 0x02, 0x12, 0x29, 0x05, 0x03, 0x01, + 0x28, 0x9B, 0x76, 0x41, 0x18, 0x05, 0x03, 0x01, 0x28, 0x9B, 0x01, 0x00, + 0x00, 0x00, 0xAA, 0xA9, 0x00, 0x04, 0x72, 0x2D, 0xC3, 0x06, 0x16, 0xB6, + 0x29, 0x01, 0x84, 0x00, 0x10, 0x06, 0x02, 0x69, 0x2A, 0x29, 0x03, 0x00, + 0x7F, 0x46, 0xAC, 0x02, 0x00, 0x72, 0x2D, 0x9F, 0x26, 0x72, 0x2D, 0x29, + 0xC1, 0x46, 0xC0, 0x03, 0x01, 0x03, 0x02, 0x02, 0x01, 0x02, 0x02, 0x38, + 0x06, 0x14, 0xB8, 0x29, 0x03, 0x03, 0x7F, 0x46, 0xAC, 0x02, 0x03, 0x72, + 0x2D, 0x9F, 0x02, 0x02, 0x06, 0x03, 0x25, 0x04, 0x01, 0x23, 0x95, 0x00, + 0x00, 0xB0, 0x01, 0x10, 0x0F, 0x05, 0x02, 0x6D, 0x2A, 0x00, 0x00, 0x96, + 0xB0, 0x01, 0x14, 0x0E, 0x06, 0x02, 0x6D, 0x2A, 0x7F, 0x01, 0x0C, 0x08, + 0x01, 0x0C, 0xAC, 0x95, 0x7F, 0x29, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0x31, + 0x05, 0x02, 0x61, 0x2A, 0x00, 0x02, 0x03, 0x00, 0x03, 0x01, 0x02, 0x00, + 0x92, 0x02, 0x01, 0x02, 0x00, 0x3B, 0x29, 0x01, 0x00, 0x0F, 0x06, 0x02, + 0x5F, 0x00, 0xC6, 0x04, 0x74, 0x00, 0xB6, 0x01, 0x01, 0x0E, 0x06, 0x02, + 0x62, 0x2A, 0xB8, 0x29, 0x29, 0x5A, 0x46, 0x01, 0x05, 0x11, 0x38, 0x06, + 0x02, 0x62, 0x2A, 0x01, 0x08, 0x08, 0x29, 0x7E, 0x2F, 0x0B, 0x06, 0x0D, + 0x29, 0x01, 0x01, 0x46, 0x0C, 0x3E, 0x29, 0x7E, 0x41, 0x80, 0x41, 0x04, + 0x01, 0x28, 0x00, 0x00, 0xB6, 0x83, 0x2F, 0x01, 0x00, 0x39, 0x0F, 0x06, + 0x13, 0x28, 0x01, 0x01, 0x0F, 0x05, 0x02, 0x65, 0x2A, 0xB8, 0x06, 0x02, + 0x65, 0x2A, 0x01, 0x02, 0x83, 0x41, 0x04, 0x28, 0x01, 0x02, 0x39, 0x0F, + 0x06, 0x1F, 0x28, 0x01, 0x0D, 0x0F, 0x05, 0x02, 0x65, 0x2A, 0xB8, 0x01, + 0x0C, 0x0F, 0x05, 0x02, 0x65, 0x2A, 0x7F, 0x01, 0x0C, 0xAC, 0x84, 0x7F, + 0x01, 0x0C, 0x31, 0x05, 0x02, 0x65, 0x2A, 0x04, 0x03, 0x65, 0x2A, 0x28, + 0x00, 0x00, 0xB6, 0x9E, 0xB6, 0x9E, 0x29, 0x06, 0x1D, 0xB8, 0x06, 0x03, + 0xB2, 0x04, 0x15, 0xB6, 0x29, 0x01, 0x81, 0x7F, 0x0D, 0x06, 0x0C, 0x29, + 0x85, 0x08, 0x01, 0x00, 0x46, 0x41, 0x85, 0x46, 0xAC, 0x04, 0x01, 0xBE, + 0x04, 0x60, 0x95, 0x95, 0x00, 0x00, 0xB1, 0x29, 0x5A, 0x06, 0x07, 0x28, + 0x06, 0x02, 0x63, 0x2A, 0x04, 0x74, 0x00, 0x00, 0xB9, 0x01, 0x03, 0xB7, + 0x46, 0x28, 0x46, 0x00, 0x00, 0xB6, 0xBE, 0x00, 0x03, 0x01, 0x00, 0x03, + 0x00, 0xB6, 0x9E, 0x29, 0x06, 0x32, 0xB8, 0x03, 0x01, 0xB8, 0x03, 0x02, + 0x02, 0x01, 0x01, 0x02, 0x11, 0x02, 0x01, 0x01, 0x06, 0x0D, 0x13, 0x02, + 0x02, 0x01, 0x01, 0x0F, 0x02, 0x02, 0x01, 0x03, 0x0F, 0x38, 0x13, 0x06, + 0x11, 0x02, 0x00, 0x01, 0x01, 0x02, 0x02, 0x5D, 0x01, 0x02, 0x0C, 0x02, + 0x01, 0x08, 0x0C, 0x38, 0x03, 0x00, 0x04, 0x4B, 0x95, 0x02, 0x00, 0x00, + 0x00, 0xB6, 0x9E, 0xB3, 0x7C, 0x3F, 0x95, 0x00, 0x00, 0xB6, 0x9E, 0xB6, + 0x9E, 0x01, 0x00, 0x78, 0x40, 0x29, 0x06, 0x15, 0xB6, 0x29, 0x01, 0x20, + 0x0B, 0x06, 0x0B, 0x01, 0x01, 0x46, 0x0C, 0x78, 0x2E, 0x38, 0x78, 0x40, + 0x04, 0x01, 0x28, 0x04, 0x68, 0x95, 0x95, 0x00, 0x00, 0x01, 0x02, 0x92, + 0xB9, 0x01, 0x08, 0x0C, 0xB9, 0x08, 0x00, 0x00, 0x01, 0x03, 0x92, 0xB9, + 0x01, 0x08, 0x0C, 0xB9, 0x08, 0x01, 0x08, 0x0C, 0xB9, 0x08, 0x00, 0x00, + 0x01, 0x01, 0x92, 0xB9, 0x00, 0x00, 0x3C, 0x29, 0x58, 0x05, 0x01, 0x00, + 0x28, 0xC6, 0x04, 0x76, 0x02, 0x03, 0x00, 0x8C, 0x2F, 0x03, 0x01, 0x01, + 0x00, 0x29, 0x02, 0x01, 0x0B, 0x06, 0x10, 0x29, 0x01, 0x01, 0x0C, 0x8B, + 0x08, 0x2D, 0x02, 0x00, 0x0F, 0x06, 0x01, 0x00, 0x5C, 0x04, 0x6A, 0x28, + 0x01, 0x7F, 0x00, 0x00, 0x2B, 0x19, 0x37, 0x06, 0x04, 0xC4, 0x28, 0x04, + 0x78, 0x01, 0x16, 0x82, 0x41, 0x01, 0x00, 0xD7, 0x01, 0x00, 0xD6, 0x2B, + 0x01, 0x17, 0x82, 0x41, 0x00, 0x00, 0x01, 0x15, 0x82, 0x41, 0x46, 0x52, + 0x28, 0x52, 0x28, 0x2B, 0x00, 0x00, 0x01, 0x01, 0x46, 0xBC, 0x00, 0x00, + 0x46, 0x39, 0x92, 0x46, 0x29, 0x06, 0x05, 0xB9, 0x28, 0x5D, 0x04, 0x78, + 0x28, 0x00, 0x02, 0x03, 0x00, 0x72, 0x2D, 0x94, 0x03, 0x01, 0x02, 0x01, + 0x01, 0x0F, 0x13, 0x02, 0x01, 0x01, 0x04, 0x12, 0x01, 0x0F, 0x13, 0x02, + 0x01, 0x01, 0x08, 0x12, 0x01, 0x0F, 0x13, 0x01, 0x00, 0x39, 0x0F, 0x06, + 0x10, 0x28, 0x01, 0x00, 0x01, 0x18, 0x02, 0x00, 0x06, 0x03, 0x49, 0x04, + 0x01, 0x4A, 0x04, 0x80, 0x68, 0x01, 0x01, 0x39, 0x0F, 0x06, 0x10, 0x28, + 0x01, 0x01, 0x01, 0x10, 0x02, 0x00, 0x06, 0x03, 0x49, 0x04, 0x01, 0x4A, + 0x04, 0x80, 0x52, 0x01, 0x02, 0x39, 0x0F, 0x06, 0x0F, 0x28, 0x01, 0x01, + 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x49, 0x04, 0x01, 0x4A, 0x04, 0x3D, + 0x01, 0x03, 0x39, 0x0F, 0x06, 0x0E, 0x28, 0x28, 0x01, 0x10, 0x02, 0x00, + 0x06, 0x03, 0x47, 0x04, 0x01, 0x48, 0x04, 0x29, 0x01, 0x04, 0x39, 0x0F, + 0x06, 0x0E, 0x28, 0x28, 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x47, 0x04, + 0x01, 0x48, 0x04, 0x15, 0x01, 0x05, 0x39, 0x0F, 0x06, 0x0C, 0x28, 0x28, + 0x02, 0x00, 0x06, 0x03, 0x4B, 0x04, 0x01, 0x4C, 0x04, 0x03, 0x64, 0x2A, + 0x28, 0x00, 0x00, 0x94, 0x01, 0x0C, 0x12, 0x01, 0x02, 0x10, 0x00, 0x00, + 0x94, 0x01, 0x0C, 0x12, 0x29, 0x5B, 0x46, 0x01, 0x03, 0x0B, 0x13, 0x00, + 0x00, 0x94, 0x01, 0x0C, 0x12, 0x01, 0x01, 0x0F, 0x00, 0x00, 0x94, 0x01, + 0x0C, 0x12, 0x5A, 0x00, 0x00, 0x1B, 0x01, 0x00, 0x6F, 0x2F, 0x29, 0x06, + 0x1F, 0x01, 0x01, 0x39, 0x0F, 0x06, 0x06, 0x28, 0x01, 0x00, 0x98, 0x04, + 0x11, 0x01, 0x02, 0x39, 0x0F, 0x06, 0x0A, 0x28, 0x71, 0x2F, 0x06, 0x03, + 0x01, 0x10, 0x38, 0x04, 0x01, 0x28, 0x04, 0x01, 0x28, 0x77, 0x2F, 0x05, + 0x33, 0x30, 0x06, 0x30, 0x81, 0x2F, 0x01, 0x14, 0x39, 0x0F, 0x06, 0x06, + 0x28, 0x01, 0x02, 0x38, 0x04, 0x22, 0x01, 0x15, 0x39, 0x0F, 0x06, 0x09, + 0x28, 0xA1, 0x06, 0x03, 0x01, 0x7F, 0x98, 0x04, 0x13, 0x01, 0x16, 0x39, + 0x0F, 0x06, 0x06, 0x28, 0x01, 0x01, 0x38, 0x04, 0x07, 0x28, 0x01, 0x04, + 0x38, 0x01, 0x00, 0x28, 0x19, 0x06, 0x03, 0x01, 0x08, 0x38, 0x00, 0x00, + 0x1B, 0x29, 0x05, 0x0F, 0x30, 0x06, 0x0C, 0x81, 0x2F, 0x01, 0x15, 0x0F, + 0x06, 0x04, 0x28, 0xA1, 0x04, 0x01, 0x22, 0x00, 0x00, 0xC4, 0x01, 0x07, + 0x13, 0x01, 0x01, 0x10, 0x06, 0x02, 0x6D, 0x2A, 0x00, 0x01, 0x03, 0x00, + 0x2B, 0x19, 0x06, 0x05, 0x02, 0x00, 0x82, 0x41, 0x00, 0xC4, 0x28, 0x04, + 0x74, 0x00, 0x01, 0x14, 0xC7, 0x01, 0x01, 0xD7, 0x2B, 0x29, 0x01, 0x00, + 0xBF, 0x01, 0x16, 0xC7, 0xCB, 0x2B, 0x00, 0x00, 0x01, 0x0B, 0xD7, 0x4E, + 0x29, 0x29, 0x01, 0x03, 0x08, 0xD6, 0xD6, 0x14, 0x29, 0x58, 0x06, 0x02, + 0x28, 0x00, 0xD6, 0x1E, 0x29, 0x06, 0x05, 0x7F, 0x46, 0xCF, 0x04, 0x77, + 0x28, 0x04, 0x6C, 0x00, 0x01, 0x00, 0xD1, 0x8D, 0x2D, 0x01, 0x86, 0x03, + 0x11, 0x06, 0x05, 0x5E, 0x01, 0x00, 0xD2, 0x08, 0x4D, 0x08, 0x01, 0x03, + 0x08, 0x01, 0x0D, 0xD7, 0xD6, 0x01, 0x00, 0xD1, 0xD7, 0x01, 0x01, 0xD1, + 0x28, 0x8D, 0x2D, 0x01, 0x86, 0x03, 0x11, 0x06, 0x08, 0x01, 0x00, 0xD2, + 0xD5, 0x01, 0x01, 0xD2, 0x28, 0x4D, 0xD5, 0x16, 0x15, 0x29, 0x58, 0x06, + 0x02, 0x28, 0x00, 0xD5, 0x1F, 0x29, 0x06, 0x05, 0x7F, 0x46, 0xCF, 0x04, + 0x77, 0x28, 0x04, 0x6C, 0x00, 0x96, 0x01, 0x14, 0xD7, 0x01, 0x0C, 0xD6, + 0x7F, 0x01, 0x0C, 0xCF, 0x00, 0x03, 0x03, 0x00, 0x01, 0x02, 0xD7, 0x01, + 0x80, 0x46, 0x83, 0x2F, 0x01, 0x02, 0x0F, 0x06, 0x0C, 0x02, 0x00, 0x06, + 0x04, 0x01, 0x05, 0x04, 0x02, 0x01, 0x1D, 0x04, 0x02, 0x01, 0x00, 0x03, + 0x01, 0x80, 0x2F, 0x06, 0x04, 0x01, 0x05, 0x04, 0x02, 0x01, 0x00, 0x03, + 0x02, 0x02, 0x01, 0x02, 0x02, 0x08, 0x29, 0x06, 0x03, 0x01, 0x02, 0x08, + 0x08, 0xD6, 0x8D, 0x2D, 0xD5, 0x86, 0x01, 0x04, 0x17, 0x86, 0x01, 0x04, + 0x08, 0x01, 0x1C, 0x33, 0x86, 0x01, 0x20, 0xCF, 0x01, 0x20, 0xD7, 0x87, + 0x01, 0x20, 0xCF, 0x72, 0x2D, 0xD5, 0x01, 0x00, 0xD7, 0x02, 0x01, 0x02, + 0x02, 0x08, 0x29, 0x06, 0x29, 0xD5, 0x02, 0x01, 0x29, 0x06, 0x10, 0x01, + 0x83, 0xFE, 0x01, 0xD5, 0x01, 0x04, 0x09, 0x29, 0xD5, 0x5D, 0x84, 0x46, + 0xD0, 0x04, 0x01, 0x28, 0x02, 0x02, 0x06, 0x0C, 0x01, 0x01, 0xD5, 0x01, + 0x01, 0xD5, 0x80, 0x2F, 0x01, 0x08, 0x09, 0xD7, 0x04, 0x01, 0x28, 0x00, + 0x00, 0x01, 0x0E, 0xD7, 0x01, 0x00, 0xD6, 0x00, 0x03, 0x72, 0x2D, 0xC1, + 0x05, 0x01, 0x00, 0x78, 0x2E, 0x01, 0x00, 0x9A, 0x12, 0x01, 0x01, 0x13, + 0x5A, 0x06, 0x03, 0x5C, 0x04, 0x75, 0x03, 0x00, 0x28, 0x02, 0x00, 0x24, + 0x29, 0x58, 0x06, 0x02, 0x36, 0x2A, 0x03, 0x01, 0x8D, 0x2D, 0x01, 0x86, + 0x03, 0x11, 0x03, 0x02, 0x01, 0x0C, 0xD7, 0x02, 0x01, 0x7A, 0x2F, 0x08, + 0x02, 0x02, 0x01, 0x02, 0x13, 0x08, 0x01, 0x06, 0x08, 0xD6, 0x01, 0x03, + 0xD7, 0x02, 0x00, 0xD5, 0x79, 0x7A, 0x2F, 0xD0, 0x02, 0x02, 0x06, 0x0D, + 0x8A, 0x2F, 0xD7, 0x72, 0x2D, 0xC2, 0x01, 0x01, 0x0C, 0x01, 0x03, 0x08, + 0xD7, 0x02, 0x01, 0xD5, 0x7F, 0x02, 0x01, 0xCF, 0x00, 0x00, 0x51, 0x29, + 0x01, 0x00, 0x0F, 0x06, 0x02, 0x5F, 0x00, 0xC4, 0x28, 0x04, 0x73, 0x00, + 0x29, 0xD7, 0xCF, 0x00, 0x00, 0x01, 0x00, 0x72, 0x2D, 0xC0, 0x06, 0x0C, + 0x5E, 0x39, 0x06, 0x08, 0x01, 0x80, 0x41, 0xD7, 0x01, 0x80, 0x42, 0xD7, + 0x45, 0x06, 0x07, 0x5C, 0x39, 0x06, 0x03, 0x01, 0x01, 0xD7, 0x44, 0x06, + 0x08, 0x5C, 0x39, 0x06, 0x04, 0x01, 0x80, 0x40, 0xD7, 0x46, 0x28, 0x00, + 0x01, 0x01, 0x00, 0x03, 0x00, 0x45, 0x44, 0x38, 0x05, 0x14, 0x01, 0x01, + 0x01, 0x80, 0x7C, 0xD3, 0x03, 0x00, 0x01, 0x03, 0x01, 0x80, 0x7C, 0xD3, + 0x02, 0x00, 0x08, 0x46, 0x28, 0x00, 0x45, 0x06, 0x07, 0x01, 0x01, 0x43, + 0x28, 0xD3, 0x03, 0x00, 0x44, 0x06, 0x0A, 0x01, 0x03, 0x43, 0x28, 0xD3, + 0x02, 0x00, 0x08, 0x03, 0x00, 0x28, 0x02, 0x00, 0x00, 0x00, 0x01, 0x00, + 0x01, 0x04, 0xD4, 0x01, 0x05, 0xD4, 0x01, 0x06, 0xD4, 0x01, 0x03, 0xD4, + 0x01, 0x02, 0xD4, 0x0A, 0x5F, 0x00, 0x01, 0x03, 0x00, 0x39, 0x01, 0x01, + 0x02, 0x00, 0x0C, 0x13, 0x05, 0x01, 0x00, 0x5E, 0x01, 0x03, 0x3A, 0x06, + 0x07, 0x02, 0x00, 0xD7, 0x01, 0x02, 0x3A, 0xD7, 0x00, 0x00, 0x29, 0x01, + 0x08, 0x4F, 0xD7, 0xD7, 0x00, 0x00, 0x29, 0x01, 0x10, 0x4F, 0xD7, 0xD5, + 0x00, 0x00, 0x29, 0x52, 0x06, 0x02, 0x28, 0x00, 0xC4, 0x28, 0x04, 0x76 }; static const uint16_t t0_caddr[] = { @@ -823,57 +824,57 @@ static const uint16_t t0_caddr[] = { 851, 953, 964, - 1508, - 1512, - 1579, - 1589, - 1620, - 1644, - 1690, - 1760, - 1800, - 1814, - 1823, - 1827, - 1891, - 1899, - 1935, - 1946, - 1962, - 1968, - 1979, - 2014, - 2040, - 2052, - 2058, - 2073, - 2211, - 2220, - 2233, - 2242, - 2249, - 2352, + 1511, + 1515, + 1582, + 1592, + 1623, + 1647, + 1693, + 1763, + 1803, + 1817, + 1826, + 1830, + 1894, + 1902, + 1938, + 1949, + 1965, + 1971, + 1982, + 2017, + 2043, + 2055, + 2061, + 2076, + 2232, + 2241, + 2254, + 2263, + 2270, 2373, - 2386, - 2402, - 2420, - 2452, - 2525, - 2538, - 2677, - 2685, - 2782, - 2796, - 2801, - 2845, - 2902, + 2394, + 2407, + 2423, + 2441, + 2473, + 2546, + 2559, + 2698, + 2706, + 2803, + 2817, + 2822, + 2866, 2923, - 2950, - 2958, - 2966 + 2944, + 2971, + 2979, + 2987 }; -#define T0_INTERPRETED 86 +#define T0_INTERPRETED 88 #define T0_ENTER(ip, rp, slot) do { \ const unsigned char *t0_newip; \ @@ -894,7 +895,7 @@ name(void *ctx) \ T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \ } -T0_DEFENTRY(br_ssl_hs_server_init_main, 155) +T0_DEFENTRY(br_ssl_hs_server_init_main, 157) #define T0_NEXT(t0ipp) (*(*(t0ipp)) ++) @@ -1703,6 +1704,28 @@ br_ssl_hs_server_run(void *t0ctx) } break; case 75: { + /* switch-chapol-in */ + + int is_client, prf_id; + + prf_id = T0_POP(); + is_client = T0_POP(); + br_ssl_engine_switch_chapol_in(ENG, is_client, prf_id); + + } + break; + case 76: { + /* switch-chapol-out */ + + int is_client, prf_id; + + prf_id = T0_POP(); + is_client = T0_POP(); + br_ssl_engine_switch_chapol_out(ENG, is_client, prf_id); + + } + break; + case 77: { /* ta-names-total-length */ size_t u, len; @@ -1721,7 +1744,7 @@ br_ssl_hs_server_run(void *t0ctx) } break; - case 76: { + case 78: { /* total-chain-length */ size_t u; @@ -1735,7 +1758,7 @@ br_ssl_hs_server_run(void *t0ctx) } break; - case 77: { + case 79: { /* u>> */ int c = (int)T0_POPi(); @@ -1744,7 +1767,7 @@ br_ssl_hs_server_run(void *t0ctx) } break; - case 78: { + case 80: { /* verify-CV-sig */ int err; @@ -1754,7 +1777,7 @@ br_ssl_hs_server_run(void *t0ctx) } break; - case 79: { + case 81: { /* write-blob-chunk */ size_t clen = ENG->hlen_out; @@ -1778,7 +1801,7 @@ br_ssl_hs_server_run(void *t0ctx) } break; - case 80: { + case 82: { /* write8-native */ unsigned char x; @@ -1797,7 +1820,7 @@ br_ssl_hs_server_run(void *t0ctx) } break; - case 81: { + case 83: { /* x509-append */ const br_x509_class *xc; @@ -1809,7 +1832,7 @@ br_ssl_hs_server_run(void *t0ctx) } break; - case 82: { + case 84: { /* x509-end-cert */ const br_x509_class *xc; @@ -1819,7 +1842,7 @@ br_ssl_hs_server_run(void *t0ctx) } break; - case 83: { + case 85: { /* x509-end-chain */ const br_x509_class *xc; @@ -1829,7 +1852,7 @@ br_ssl_hs_server_run(void *t0ctx) } break; - case 84: { + case 86: { /* x509-start-cert */ const br_x509_class *xc; @@ -1839,7 +1862,7 @@ br_ssl_hs_server_run(void *t0ctx) } break; - case 85: { + case 87: { /* x509-start-chain */ const br_x509_class *xc; diff --git a/src/ssl/ssl_hs_server.t0 b/src/ssl/ssl_hs_server.t0 index 862e0fb..7f5fe85 100644 --- a/src/ssl/ssl_hs_server.t0 +++ b/src/ssl/ssl_hs_server.t0 @@ -585,7 +585,7 @@ cc: save-session ( -- ) { check-resume { resume } \ Cipher suites. We read all cipher suites from client, each time - \ matching against our own list. We accumulare suites in the + \ matching against our own list. We accumulate suites in the \ client_suites[] context buffer: we keep suites that are \ supported by both the client and the server (so the list size \ cannot exceed that of the server list), and we keep them in @@ -772,7 +772,7 @@ cc: save-session ( -- ) { \ In 'can-ecdhe', bit 12 is set if ECDHE_RSA is possible, bit 13 is \ set if ECDHE_ECDSA is possible. dup 0xFF and 0<> neg - swap 8 >> 0<> 2 and or { can-ecdhe } + swap 8 >> 0<> 2 and or 12 << { can-ecdhe } \ Filter supported curves. If there is no common curve between \ client and us, then ECDHE suites cannot be used. Note that we diff --git a/src/ssl/ssl_rec_chapol.c b/src/ssl/ssl_rec_chapol.c new file mode 100644 index 0000000..73b3c78 --- /dev/null +++ b/src/ssl/ssl_rec_chapol.c @@ -0,0 +1,177 @@ +/* + * Copyright (c) 2016 Thomas Pornin + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +#include "inner.h" + +static void +gen_chapol_init(br_sslrec_chapol_context *cc, + br_chacha20_run ichacha, br_poly1305_run ipoly, + const void *key, const void *iv) +{ + cc->seq = 0; + cc->ichacha = ichacha; + cc->ipoly = ipoly; + memcpy(cc->key, key, sizeof cc->key); + memcpy(cc->iv, iv, sizeof cc->iv); +} + +static void +gen_chapol_process(br_sslrec_chapol_context *cc, + int record_type, unsigned version, void *data, size_t len, + void *tag, int encrypt) +{ + unsigned char header[13]; + unsigned char nonce[12]; + uint64_t seq; + size_t u; + + seq = cc->seq ++; + br_enc64be(header, seq); + header[8] = (unsigned char)record_type; + br_enc16be(header + 9, version); + br_enc16be(header + 11, len); + memcpy(nonce, cc->iv, 12); + for (u = 0; u < 8; u ++) { + nonce[11 - u] ^= (unsigned char)seq; + seq >>= 8; + } + cc->ipoly(cc->key, nonce, data, len, header, sizeof header, + tag, cc->ichacha, encrypt); +} + +static void +in_chapol_init(br_sslrec_chapol_context *cc, + br_chacha20_run ichacha, br_poly1305_run ipoly, + const void *key, const void *iv) +{ + cc->vtable.in = &br_sslrec_in_chapol_vtable; + gen_chapol_init(cc, ichacha, ipoly, key, iv); +} + +static int +chapol_check_length(const br_sslrec_chapol_context *cc, size_t rlen) +{ + /* + * Overhead is just the authentication tag (16 bytes). + */ + (void)cc; + return rlen >= 16 && rlen <= (16384 + 16); +} + +static unsigned char * +chapol_decrypt(br_sslrec_chapol_context *cc, + int record_type, unsigned version, void *data, size_t *data_len) +{ + unsigned char *buf; + size_t u, len; + unsigned char tag[16]; + unsigned bad; + + buf = data; + len = *data_len - 16; + gen_chapol_process(cc, record_type, version, buf, len, tag, 0); + bad = 0; + for (u = 0; u < 16; u ++) { + bad |= tag[u] ^ buf[len + u]; + } + if (bad) { + return NULL; + } + *data_len = len; + return buf; +} + +/* see bearssl_ssl.h */ +const br_sslrec_in_chapol_class br_sslrec_in_chapol_vtable = { + { + sizeof(br_sslrec_chapol_context), + (int (*)(const br_sslrec_in_class *const *, size_t)) + &chapol_check_length, + (unsigned char *(*)(const br_sslrec_in_class **, + int, unsigned, void *, size_t *)) + &chapol_decrypt + }, + (void (*)(const br_sslrec_in_chapol_class **, + br_chacha20_run, br_poly1305_run, + const void *, const void *)) + &in_chapol_init +}; + +static void +out_chapol_init(br_sslrec_chapol_context *cc, + br_chacha20_run ichacha, br_poly1305_run ipoly, + const void *key, const void *iv) +{ + cc->vtable.out = &br_sslrec_out_chapol_vtable; + gen_chapol_init(cc, ichacha, ipoly, key, iv); +} + +static void +chapol_max_plaintext(const br_sslrec_chapol_context *cc, + size_t *start, size_t *end) +{ + size_t len; + + (void)cc; + len = *end - *start - 16; + if (len > 16384) { + len = 16384; + } + *end = *start + len; +} + +static unsigned char * +chapol_encrypt(br_sslrec_chapol_context *cc, + int record_type, unsigned version, void *data, size_t *data_len) +{ + unsigned char *buf; + size_t len; + + buf = data; + len = *data_len; + gen_chapol_process(cc, record_type, version, buf, len, buf + len, 1); + buf -= 5; + buf[0] = (unsigned char)record_type; + br_enc16be(buf + 1, version); + br_enc16be(buf + 3, len + 16); + *data_len = len + 21; + return buf; +} + +/* see bearssl_ssl.h */ +const br_sslrec_out_chapol_class br_sslrec_out_chapol_vtable = { + { + sizeof(br_sslrec_chapol_context), + (void (*)(const br_sslrec_out_class *const *, + size_t *, size_t *)) + &chapol_max_plaintext, + (unsigned char *(*)(const br_sslrec_out_class **, + int, unsigned, void *, size_t *)) + &chapol_encrypt + }, + (void (*)(const br_sslrec_out_chapol_class **, + br_chacha20_run, br_poly1305_run, + const void *, const void *)) + &out_chapol_init +}; diff --git a/src/ssl/ssl_rec_gcm.c b/src/ssl/ssl_rec_gcm.c index cfbccec..70df277 100644 --- a/src/ssl/ssl_rec_gcm.c +++ b/src/ssl/ssl_rec_gcm.c @@ -67,7 +67,7 @@ gcm_check_length(const br_sslrec_gcm_context *cc, size_t rlen) * 16 bytes for the authentication tag (after the ciphertext) */ (void)cc; - return rlen >= 24 && rlen <= (16384 + rlen); + return rlen >= 24 && rlen <= (16384 + 24); } /* diff --git a/src/ssl/ssl_server_full_ec.c b/src/ssl/ssl_server_full_ec.c index eed4002..824ee13 100644 --- a/src/ssl/ssl_server_full_ec.c +++ b/src/ssl/ssl_server_full_ec.c @@ -38,6 +38,7 @@ br_ssl_server_init_full_ec(br_ssl_server_context *cc, * * -- Don't use 3DES if AES is available. * -- Try to have Forward Secrecy (ECDHE suite) if possible. + * -- ChaCha20+Poly1305 is better than AES/GCM (faster, smaller). * -- GCM is better than CBC. * -- AES-128 is preferred over AES-256 (AES-128 is already * strong enough, and AES-256 is 40% more expensive). @@ -46,6 +47,7 @@ br_ssl_server_init_full_ec(br_ssl_server_context *cc, * filtered based on the issuing CA key type. */ static const uint16_t suites[] = { + BR_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, BR_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, BR_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, BR_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, @@ -152,6 +154,10 @@ br_ssl_server_init_full_ec(br_ssl_server_context *cc, br_ssl_engine_set_des_cbc(&cc->eng, &br_des_ct_cbcenc_vtable, &br_des_ct_cbcdec_vtable); + br_ssl_engine_set_chacha20(&cc->eng, + &br_chacha20_ct_run); + br_ssl_engine_set_poly1305(&cc->eng, + &br_poly1305_ctmul_run); /* * Set the SSL record engines (CBC, GCM). @@ -162,4 +168,7 @@ br_ssl_server_init_full_ec(br_ssl_server_context *cc, br_ssl_engine_set_gcm(&cc->eng, &br_sslrec_in_gcm_vtable, &br_sslrec_out_gcm_vtable); + br_ssl_engine_set_chapol(&cc->eng, + &br_sslrec_in_chapol_vtable, + &br_sslrec_out_chapol_vtable); } diff --git a/src/ssl/ssl_server_full_rsa.c b/src/ssl/ssl_server_full_rsa.c index 21be99d..6b0f59a 100644 --- a/src/ssl/ssl_server_full_rsa.c +++ b/src/ssl/ssl_server_full_rsa.c @@ -38,11 +38,13 @@ br_ssl_server_init_full_rsa(br_ssl_server_context *cc, * * -- Don't use 3DES if AES is available. * -- Try to have Forward Secrecy (ECDHE suite) if possible. + * -- ChaCha20+Poly1305 is better than AES/GCM (faster, smaller). * -- GCM is better than CBC. * -- AES-128 is preferred over AES-256 (AES-128 is already * strong enough, and AES-256 is 40% more expensive). */ static const uint16_t suites[] = { + BR_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, BR_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, BR_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, BR_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, @@ -141,9 +143,13 @@ br_ssl_server_init_full_rsa(br_ssl_server_context *cc, br_ssl_engine_set_des_cbc(&cc->eng, &br_des_ct_cbcenc_vtable, &br_des_ct_cbcdec_vtable); + br_ssl_engine_set_chacha20(&cc->eng, + &br_chacha20_ct_run); + br_ssl_engine_set_poly1305(&cc->eng, + &br_poly1305_ctmul_run); /* - * Set the SSL record engines (CBC, GCM). + * Set the SSL record engines (CBC, GCM, ChaCha20). */ br_ssl_engine_set_cbc(&cc->eng, &br_sslrec_in_cbc_vtable, @@ -151,4 +157,7 @@ br_ssl_server_init_full_rsa(br_ssl_server_context *cc, br_ssl_engine_set_gcm(&cc->eng, &br_sslrec_in_gcm_vtable, &br_sslrec_out_gcm_vtable); + br_ssl_engine_set_chapol(&cc->eng, + &br_sslrec_in_chapol_vtable, + &br_sslrec_out_chapol_vtable); } diff --git a/src/ssl/ssl_server_mine2c.c b/src/ssl/ssl_server_mine2c.c new file mode 100644 index 0000000..396d921 --- /dev/null +++ b/src/ssl/ssl_server_mine2c.c @@ -0,0 +1,82 @@ +/* + * Copyright (c) 2016 Thomas Pornin + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +#include "inner.h" + +/* see bearssl_ssl.h */ +void +br_ssl_server_init_mine2c(br_ssl_server_context *cc, + const br_x509_certificate *chain, size_t chain_len, + const br_rsa_private_key *sk) +{ + static const uint16_t suites[] = { + BR_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 + }; + + /* + * Reset server context and set supported versions to TLS-1.2 (only). + */ + br_ssl_server_zero(cc); + br_ssl_engine_set_versions(&cc->eng, BR_TLS12, BR_TLS12); + + /* + * Set suites and elliptic curve implementation (for ECDHE). + */ + br_ssl_engine_set_suites(&cc->eng, suites, + (sizeof suites) / (sizeof suites[0])); + br_ssl_engine_set_ec(&cc->eng, &br_ec_prime_i31); + + /* + * Set the "server policy": handler for the certificate chain + * and private key operations. + */ + br_ssl_server_set_single_rsa(cc, chain, chain_len, sk, + BR_KEYTYPE_SIGN, 0, br_rsa_i31_pkcs1_sign); + + /* + * Set supported hash functions. + */ + br_ssl_engine_set_hash(&cc->eng, br_sha256_ID, &br_sha256_vtable); + + /* + * Set the PRF implementations. + */ + br_ssl_engine_set_prf_sha256(&cc->eng, &br_tls12_sha256_prf); + + /* + * Symmetric encryption. We use the "constant-time" + * implementations, which are the safest. + */ + br_ssl_engine_set_chacha20(&cc->eng, + &br_chacha20_ct_run); + br_ssl_engine_set_poly1305(&cc->eng, + &br_poly1305_ctmul_run); + + /* + * Set the SSL record engines. + */ + br_ssl_engine_set_chapol(&cc->eng, + &br_sslrec_in_chapol_vtable, + &br_sslrec_out_chapol_vtable); +} diff --git a/src/ssl/ssl_server_minf2c.c b/src/ssl/ssl_server_minf2c.c new file mode 100644 index 0000000..10cc5fe --- /dev/null +++ b/src/ssl/ssl_server_minf2c.c @@ -0,0 +1,85 @@ +/* + * Copyright (c) 2016 Thomas Pornin + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +#include "inner.h" + +/* see bearssl_ssl.h */ +void +br_ssl_server_init_minf2g(br_ssl_server_context *cc, + const br_x509_certificate *chain, size_t chain_len, + const br_ec_private_key *sk) +{ + static const uint16_t suites[] = { + BR_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 + }; + + /* + * Reset server context and set supported versions to TLS-1.2 (only). + */ + br_ssl_server_zero(cc); + br_ssl_engine_set_versions(&cc->eng, BR_TLS12, BR_TLS12); + + /* + * Set suites and elliptic curve implementation (for ECDHE). + */ + br_ssl_engine_set_suites(&cc->eng, suites, + (sizeof suites) / (sizeof suites[0])); + br_ssl_engine_set_ec(&cc->eng, &br_ec_prime_i31); + + /* + * Set the "server policy": handler for the certificate chain + * and private key operations. + */ + br_ssl_server_set_single_ec(cc, chain, chain_len, sk, + BR_KEYTYPE_SIGN, 0, &br_ec_prime_i31, br_ecdsa_i31_sign_asn1); + + /* + * Set supported hash functions. + */ + br_ssl_engine_set_hash(&cc->eng, br_sha256_ID, &br_sha256_vtable); + + /* + * Set the PRF implementations. + */ + br_ssl_engine_set_prf_sha256(&cc->eng, &br_tls12_sha256_prf); + + /* + * Symmetric encryption. We use the "constant-time" + * implementations, which are the safest. + * + * On architectures detected as "64-bit", use the 64-bit + * versions (aes_ct64, ghash_ctmul64). + */ + br_ssl_engine_set_chacha20(&cc->eng, + &br_chacha20_ct_run); + br_ssl_engine_set_poly1305(&cc->eng, + &br_poly1305_ctmul_run); + + /* + * Set the SSL record engines. + */ + br_ssl_engine_set_chapol(&cc->eng, + &br_sslrec_in_chapol_vtable, + &br_sslrec_out_chapol_vtable); +} diff --git a/src/symcipher/chacha20_ct.c b/src/symcipher/chacha20_ct.c new file mode 100644 index 0000000..9961eb1 --- /dev/null +++ b/src/symcipher/chacha20_ct.c @@ -0,0 +1,106 @@ +/* + * Copyright (c) 2016 Thomas Pornin + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +#include "inner.h" + +/* see bearssl_block.h */ +uint32_t +br_chacha20_ct_run(const void *key, + const void *iv, uint32_t cc, void *data, size_t len) +{ + unsigned char *buf; + uint32_t kw[8], ivw[3]; + size_t u; + + static const uint32_t CW[] = { + 0x61707865, 0x3320646e, 0x79622d32, 0x6b206574 + }; + + buf = data; + for (u = 0; u < 8; u ++) { + kw[u] = br_dec32le((const unsigned char *)key + (u << 2)); + } + for (u = 0; u < 3; u ++) { + ivw[u] = br_dec32le((const unsigned char *)iv + (u << 2)); + } + while (len > 0) { + uint32_t state[16]; + int i; + size_t clen; + unsigned char tmp[64]; + + memcpy(&state[0], CW, sizeof CW); + memcpy(&state[4], kw, sizeof kw); + state[12] = cc; + memcpy(&state[13], ivw, sizeof ivw); + for (i = 0; i < 10; i ++) { + +#define QROUND(a, b, c, d) do { \ + state[a] += state[b]; \ + state[d] ^= state[a]; \ + state[d] = (state[d] << 16) | (state[d] >> 16); \ + state[c] += state[d]; \ + state[b] ^= state[c]; \ + state[b] = (state[b] << 12) | (state[b] >> 20); \ + state[a] += state[b]; \ + state[d] ^= state[a]; \ + state[d] = (state[d] << 8) | (state[d] >> 24); \ + state[c] += state[d]; \ + state[b] ^= state[c]; \ + state[b] = (state[b] << 7) | (state[b] >> 25); \ + } while (0) + + QROUND( 0, 4, 8, 12); + QROUND( 1, 5, 9, 13); + QROUND( 2, 6, 10, 14); + QROUND( 3, 7, 11, 15); + QROUND( 0, 5, 10, 15); + QROUND( 1, 6, 11, 12); + QROUND( 2, 7, 8, 13); + QROUND( 3, 4, 9, 14); + +#undef QROUND + + } + for (u = 0; u < 4; u ++) { + br_enc32le(&tmp[u << 2], state[u] + CW[u]); + } + for (u = 4; u < 12; u ++) { + br_enc32le(&tmp[u << 2], state[u] + kw[u - 4]); + } + br_enc32le(&tmp[48], state[12] + cc); + for (u = 13; u < 16; u ++) { + br_enc32le(&tmp[u << 2], state[u] + ivw[u - 13]); + } + + clen = len < 64 ? len : 64; + for (u = 0; u < clen; u ++) { + buf[u] ^= tmp[u]; + } + buf += clen; + len -= clen; + cc ++; + } + return cc; +} diff --git a/src/symcipher/poly1305_ctmul.c b/src/symcipher/poly1305_ctmul.c new file mode 100644 index 0000000..150e610 --- /dev/null +++ b/src/symcipher/poly1305_ctmul.c @@ -0,0 +1,260 @@ +/* + * Copyright (c) 2016 Thomas Pornin + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS + * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN + * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN + * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +#include "inner.h" + +/* + * Perform the inner processing of blocks for Poly1305. The accumulator + * and the r key are provided as arrays of 26-bit words (these words + * are allowed to have an extra bit, i.e. use 27 bits). + * + * On output, all accumulator words fit on 26 bits, except acc[1], which + * may be slightly larger (but by a very small amount only). + */ +static void +poly1305_inner(uint32_t *acc, const uint32_t *r, const void *data, size_t len) +{ + /* + * Implementation notes: we split the 130-bit values into five + * 26-bit words. This gives us some space for carries. + * + * This code is inspired from the public-domain code available + * on: + * https://github.com/floodyberry/poly1305-donna + * + * Since we compute modulo 2^130-5, the "upper words" become + * low words with a factor of 5; that is, x*2^130 = x*5 mod p. + */ + const unsigned char *buf; + uint32_t a0, a1, a2, a3, a4; + uint32_t r0, r1, r2, r3, r4; + uint32_t u1, u2, u3, u4; + + r0 = r[0]; + r1 = r[1]; + r2 = r[2]; + r3 = r[3]; + r4 = r[4]; + + u1 = r1 * 5; + u2 = r2 * 5; + u3 = r3 * 5; + u4 = r4 * 5; + + a0 = acc[0]; + a1 = acc[1]; + a2 = acc[2]; + a3 = acc[3]; + a4 = acc[4]; + + buf = data; + while (len > 0) { + uint64_t w0, w1, w2, w3, w4; + uint64_t c; + unsigned char tmp[16]; + + /* + * If there is a partial block, right-pad it with zeros. + */ + if (len < 16) { + memset(tmp, 0, sizeof tmp); + memcpy(tmp, buf, len); + buf = tmp; + len = 16; + } + + /* + * Decode next block and apply the "high bit"; that value + * is added to the accumulator. + */ + a0 += br_dec32le(buf) & 0x03FFFFFF; + a1 += (br_dec32le(buf + 3) >> 2) & 0x03FFFFFF; + a2 += (br_dec32le(buf + 6) >> 4) & 0x03FFFFFF; + a3 += (br_dec32le(buf + 9) >> 6) & 0x03FFFFFF; + a4 += (br_dec32le(buf + 12) >> 8) | 0x01000000; + + /* + * Compute multiplication. + */ +#define M(x, y) ((uint64_t)(x) * (uint64_t)(y)) + + w0 = M(a0, r0) + M(a1, u4) + M(a2, u3) + M(a3, u2) + M(a4, u1); + w1 = M(a0, r1) + M(a1, r0) + M(a2, u4) + M(a3, u3) + M(a4, u2); + w2 = M(a0, r2) + M(a1, r1) + M(a2, r0) + M(a3, u4) + M(a4, u3); + w3 = M(a0, r3) + M(a1, r2) + M(a2, r1) + M(a3, r0) + M(a4, u4); + w4 = M(a0, r4) + M(a1, r3) + M(a2, r2) + M(a3, r1) + M(a4, r0); + +#undef M + /* + * Perform some (partial) modular reduction. This step is + * enough to keep values in ranges such that there won't + * be carry overflows. Most of the reduction was done in + * the multiplication step (by using the 'u*' values, and + * using the fact that 2^130 = -5 mod p); here we perform + * some carry propagation. + */ + c = w0 >> 26; + a0 = (uint32_t)w0 & 0x3FFFFFF; + w1 += c; + c = w1 >> 26; + a1 = (uint32_t)w1 & 0x3FFFFFF; + w2 += c; + c = w2 >> 26; + a2 = (uint32_t)w2 & 0x3FFFFFF; + w3 += c; + c = w3 >> 26; + a3 = (uint32_t)w3 & 0x3FFFFFF; + w4 += c; + c = w4 >> 26; + a4 = (uint32_t)w4 & 0x3FFFFFF; + a0 += (uint32_t)c * 5; + a1 += a0 >> 26; + a0 &= 0x3FFFFFF; + + buf += 16; + len -= 16; + } + + acc[0] = a0; + acc[1] = a1; + acc[2] = a2; + acc[3] = a3; + acc[4] = a4; +} + +/* see bearssl_block.h */ +void +br_poly1305_ctmul_run(const void *key, const void *iv, + void *data, size_t len, const void *aad, size_t aad_len, + void *tag, br_chacha20_run ichacha, int encrypt) +{ + unsigned char pkey[32], foot[16]; + uint32_t r[5], acc[5], cc, ctl, hi; + uint64_t w; + int i; + + /* + * Compute the MAC key. The 'r' value is the first 16 bytes of + * pkey[]. + */ + memset(pkey, 0, sizeof pkey); + ichacha(key, iv, 0, pkey, sizeof pkey); + + /* + * If encrypting, ChaCha20 must run first, followed by Poly1305. + * When decrypting, the operations are reversed. + */ + if (encrypt) { + ichacha(key, iv, 1, data, len); + } + + /* + * Run Poly1305. We must process the AAD, then ciphertext, then + * the footer (with the lengths). Note that the AAD and ciphertext + * are meant to be padded with zeros up to the next multiple of 16, + * and the length of the footer is 16 bytes as well. + */ + + /* + * Decode the 'r' value into 26-bit words, with the "clamping" + * operation applied. + */ + r[0] = br_dec32le(pkey) & 0x03FFFFFF; + r[1] = (br_dec32le(pkey + 3) >> 2) & 0x03FFFF03; + r[2] = (br_dec32le(pkey + 6) >> 4) & 0x03FFC0FF; + r[3] = (br_dec32le(pkey + 9) >> 6) & 0x03F03FFF; + r[4] = (br_dec32le(pkey + 12) >> 8) & 0x000FFFFF; + + /* + * Accumulator is 0. + */ + memset(acc, 0, sizeof acc); + + /* + * Process the additional authenticated data, ciphertext, and + * footer in due order. + */ + br_enc64le(foot, (uint64_t)aad_len); + br_enc64le(foot + 8, (uint64_t)len); + poly1305_inner(acc, r, aad, aad_len); + poly1305_inner(acc, r, data, len); + poly1305_inner(acc, r, foot, sizeof foot); + + /* + * Finalise modular reduction. This is done with carry propagation + * and applying the '2^130 = -5 mod p' rule. Note that the output + * of poly1035_inner() is already mostly reduced, since only + * acc[1] may be (very slightly) above 2^26. A single loop back + * to acc[1] will be enough to make the value fit in 130 bits. + */ + cc = 0; + for (i = 1; i <= 6; i ++) { + int j; + + j = (i >= 5) ? i - 5 : i; + acc[j] += cc; + cc = acc[j] >> 26; + acc[j] &= 0x03FFFFFF; + } + + /* + * We may still have a value in the 2^130-5..2^130-1 range, in + * which case we must reduce it again. The code below selects, + * in constant-time, between 'acc' and 'acc-p', + */ + ctl = GT(acc[0], 0x03FFFFFA); + for (i = 1; i < 5; i ++) { + ctl &= EQ(acc[i], 0x03FFFFFF); + } + cc = 5; + for (i = 0; i < 5; i ++) { + uint32_t t; + + t = (acc[i] + cc); + cc = t >> 26; + t &= 0x03FFFFFF; + acc[i] = MUX(ctl, t, acc[i]); + } + + /* + * Convert back the accumulator to 32-bit words, and add the + * 's' value (second half of pkey[]). That addition is done + * modulo 2^128. + */ + w = (uint64_t)acc[0] + ((uint64_t)acc[1] << 26) + br_dec32le(pkey + 16); + br_enc32le((unsigned char *)tag, (uint32_t)w); + w = (w >> 32) + ((uint64_t)acc[2] << 20) + br_dec32le(pkey + 20); + br_enc32le((unsigned char *)tag + 4, (uint32_t)w); + w = (w >> 32) + ((uint64_t)acc[3] << 14) + br_dec32le(pkey + 24); + br_enc32le((unsigned char *)tag + 8, (uint32_t)w); + hi = (uint32_t)(w >> 32) + (acc[4] << 8) + br_dec32le(pkey + 28); + br_enc32le((unsigned char *)tag + 12, hi); + + /* + * If decrypting, then ChaCha20 runs _after_ Poly1305. + */ + if (!encrypt) { + ichacha(key, iv, 1, data, len); + } +} diff --git a/test/test_crypto.c b/test/test_crypto.c index ce0f64f..58615ec 100644 --- a/test/test_crypto.c +++ b/test/test_crypto.c @@ -4006,6 +4006,162 @@ test_DES_ct(void) 1, 1); } +static const struct { + const char *skey; + const char *snonce; + uint32_t counter; + const char *splain; + const char *scipher; +} KAT_CHACHA20[] = { + { + "0000000000000000000000000000000000000000000000000000000000000000", + "000000000000000000000000", + 0, + "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", + "76b8e0ada0f13d90405d6ae55386bd28bdd219b8a08ded1aa836efcc8b770dc7da41597c5157488d7724e03fb8d84a376a43b8f41518a11cc387b669b2ee6586" + }, + { + "0000000000000000000000000000000000000000000000000000000000000001", + "000000000000000000000002", + 1, + "416e79207375626d697373696f6e20746f20746865204945544620696e74656e6465642062792074686520436f6e7472696275746f7220666f72207075626c69636174696f6e20617320616c6c206f722070617274206f6620616e204945544620496e7465726e65742d4472616674206f722052464320616e6420616e792073746174656d656e74206d6164652077697468696e2074686520636f6e74657874206f6620616e204945544620616374697669747920697320636f6e7369646572656420616e20224945544620436f6e747269627574696f6e222e20537563682073746174656d656e747320696e636c756465206f72616c2073746174656d656e747320696e20494554462073657373696f6e732c2061732077656c6c206173207772697474656e20616e6420656c656374726f6e696320636f6d6d756e69636174696f6e73206d61646520617420616e792074696d65206f7220706c6163652c207768696368206172652061646472657373656420746f", + "a3fbf07df3fa2fde4f376ca23e82737041605d9f4f4f57bd8cff2c1d4b7955ec2a97948bd3722915c8f3d337f7d370050e9e96d647b7c39f56e031ca5eb6250d4042e02785ececfa4b4bb5e8ead0440e20b6e8db09d881a7c6132f420e52795042bdfa7773d8a9051447b3291ce1411c680465552aa6c405b7764d5e87bea85ad00f8449ed8f72d0d662ab052691ca66424bc86d2df80ea41f43abf937d3259dc4b2d0dfb48a6c9139ddd7f76966e928e635553ba76c5c879d7b35d49eb2e62b0871cdac638939e25e8a1e0ef9d5280fa8ca328b351c3c765989cbcf3daa8b6ccc3aaf9f3979c92b3720fc88dc95ed84a1be059c6499b9fda236e7e818b04b0bc39c1e876b193bfe5569753f88128cc08aaa9b63d1a16f80ef2554d7189c411f5869ca52c5b83fa36ff216b9c1d30062bebcfd2dc5bce0911934fda79a86f6e698ced759c3ff9b6477338f3da4f9cd8514ea9982ccafb341b2384dd902f3d1ab7ac61dd29c6f21ba5b862f3730e37cfdc4fd806c22f221" + }, + { + "1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0", + "000000000000000000000002", + 42, + "2754776173206272696c6c69672c20616e642074686520736c6974687920746f7665730a446964206779726520616e642067696d626c6520696e2074686520776162653a0a416c6c206d696d737920776572652074686520626f726f676f7665732c0a416e6420746865206d6f6d65207261746873206f757467726162652e", + "62e6347f95ed87a45ffae7426f27a1df5fb69110044c0d73118effa95b01e5cf166d3df2d721caf9b21e5fb14c616871fd84c54f9d65b283196c7fe4f60553ebf39c6402c42234e32a356b3e764312a61a5532055716ead6962568f87d3f3f7704c6a8d1bcd1bf4d50d6154b6da731b187b58dfd728afa36757a797ac188d1" + }, + { 0, 0, 0, 0, 0 } +}; + +static void +test_ChaCha20_ct(void) +{ + size_t u; + + printf("Test ChaCha20_ct: "); + fflush(stdout); + + for (u = 0; KAT_CHACHA20[u].skey; u ++) { + unsigned char key[32], nonce[12], plain[400], cipher[400]; + uint32_t cc; + size_t v, len; + + hextobin(key, KAT_CHACHA20[u].skey); + hextobin(nonce, KAT_CHACHA20[u].snonce); + cc = KAT_CHACHA20[u].counter; + len = hextobin(plain, KAT_CHACHA20[u].splain); + hextobin(cipher, KAT_CHACHA20[u].scipher); + + for (v = 0; v < len; v ++) { + unsigned char tmp[400]; + size_t w; + + memset(tmp, 0, sizeof tmp); + memcpy(tmp, plain, v); + if (br_chacha20_ct_run(key, nonce, cc, tmp, v) + != cc + (uint32_t)((v + 63) >> 6)) + { + fprintf(stderr, "ChaCha20: wrong counter\n"); + exit(EXIT_FAILURE); + } + if (memcmp(tmp, cipher, v) != 0) { + fprintf(stderr, "ChaCha20 KAT fail (1)\n"); + exit(EXIT_FAILURE); + } + for (w = v; w < sizeof tmp; w ++) { + if (tmp[w] != 0) { + fprintf(stderr, "ChaCha20: overrun\n"); + exit(EXIT_FAILURE); + } + } + br_chacha20_ct_run(key, nonce, cc, tmp, v); + if (memcmp(tmp, plain, v) != 0) { + fprintf(stderr, "ChaCha20 KAT fail (2)\n"); + exit(EXIT_FAILURE); + } + } + + printf("."); + fflush(stdout); + } + + printf(" done.\n"); + fflush(stdout); +} + +static const struct { + const char *splain; + const char *saad; + const char *skey; + const char *snonce; + const char *scipher; + const char *stag; +} KAT_POLY1305[] = { + { + "4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e", + "50515253c0c1c2c3c4c5c6c7", + "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "070000004041424344454647", + "d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116", + "1ae10b594f09e26a7e902ecbd0600691" + }, + { 0, 0, 0, 0, 0, 0 } +}; + +static void +test_Poly1305_ctmul(void) +{ + size_t u; + + printf("Test Poly1305_ctmul: "); + fflush(stdout); + + for (u = 0; KAT_POLY1305[u].skey; u ++) { + unsigned char key[32], nonce[12], plain[400], cipher[400]; + unsigned char aad[400], tag[16], data[400], tmp[16]; + size_t len, aad_len; + + len = hextobin(plain, KAT_POLY1305[u].splain); + aad_len = hextobin(aad, KAT_POLY1305[u].saad); + hextobin(key, KAT_POLY1305[u].skey); + hextobin(nonce, KAT_POLY1305[u].snonce); + hextobin(cipher, KAT_POLY1305[u].scipher); + hextobin(tag, KAT_POLY1305[u].stag); + + memcpy(data, plain, len); + br_poly1305_ctmul_run(key, nonce, data, len, + aad, aad_len, tmp, br_chacha20_ct_run, 1); + if (memcmp(data, cipher, len) != 0) { + fprintf(stderr, "ChaCha20+Poly1305 KAT failed (1)\n"); + exit(EXIT_FAILURE); + } + if (memcmp(tmp, tag, 16) != 0) { + fprintf(stderr, "ChaCha20+Poly1305 KAT failed (2)\n"); + exit(EXIT_FAILURE); + } + br_poly1305_ctmul_run(key, nonce, data, len, + aad, aad_len, tmp, br_chacha20_ct_run, 0); + if (memcmp(data, plain, len) != 0) { + fprintf(stderr, "ChaCha20+Poly1305 KAT failed (3)\n"); + exit(EXIT_FAILURE); + } + if (memcmp(tmp, tag, 16) != 0) { + fprintf(stderr, "ChaCha20+Poly1305 KAT failed (4)\n"); + exit(EXIT_FAILURE); + } + + printf("."); + fflush(stdout); + } + + printf(" done.\n"); + fflush(stdout); +} + /* * A 1024-bit RSA key, generated with OpenSSL. */ @@ -5115,6 +5271,8 @@ static const struct { STU(AES_ct64), STU(DES_tab), STU(DES_ct), + STU(ChaCha20_ct), + STU(Poly1305_ctmul), STU(RSA_i31), STU(RSA_i32), STU(GHASH_ctmul), diff --git a/test/test_speed.c b/test/test_speed.c index b4049fe..4304cd7 100644 --- a/test/test_speed.c +++ b/test/test_speed.c @@ -161,6 +161,46 @@ test_speed_ ## fname(void) \ } \ } +#define SPEED_CHACHA20(Name, fname) \ +static void \ +test_speed_ ## fname(void) \ +{ \ + unsigned char key[32]; \ + unsigned char buf[8192]; \ + unsigned char iv[12]; \ + int i; \ + long num; \ + \ + memset(key, 'T', sizeof key); \ + memset(buf, 'P', sizeof buf); \ + memset(iv, 'X', sizeof iv); \ + for (i = 0; i < 10; i ++) { \ + br_ ## fname ## _run(key, iv, i, buf, sizeof buf); \ + } \ + num = 10; \ + for (;;) { \ + clock_t begin, end; \ + double tt; \ + long k; \ + \ + begin = clock(); \ + for (k = num; k > 0; k --) { \ + br_ ## fname ## _run(key, iv, \ + (uint32_t)k, buf, sizeof buf); \ + } \ + end = clock(); \ + tt = (double)(end - begin) / CLOCKS_PER_SEC; \ + if (tt >= 2.0) { \ + printf("%-30s %8.2f MB/s\n", #Name, \ + ((double)sizeof buf) * (double)num \ + / (tt * 1000000.0)); \ + fflush(stdout); \ + return; \ + } \ + num <<= 1; \ + } \ +} + SPEED_HASH(MD5, md5) SPEED_HASH(SHA-1, sha1) SPEED_HASH(SHA-256, sha256) @@ -191,6 +231,8 @@ SPEED_BLOCKCIPHER_CBC(3DES CBC decrypt (iname), 3des_ ## iname ## _cbcdec, des_ SPEED_DES(tab) SPEED_DES(ct) +SPEED_CHACHA20(ChaCha20, chacha20_ct) + static void test_speed_ghash_inner(char *name, br_ghash gh) { @@ -1018,6 +1060,8 @@ static const struct { STU(3des_ct_cbcenc), STU(3des_ct_cbcdec), + STU(chacha20_ct), + STU(ghash_ctmul), STU(ghash_ctmul32), STU(ghash_ctmul64), diff --git a/tools/brssl.h b/tools/brssl.h index e93ed4c..cf1cea3 100644 --- a/tools/brssl.h +++ b/tools/brssl.h @@ -235,11 +235,12 @@ extern const cipher_suite cipher_suites[]; #define REQ_SHA384 0x0008 /* suite needs SHA-384 */ #define REQ_AESCBC 0x0010 /* suite needs AES/CBC encryption */ #define REQ_AESGCM 0x0020 /* suite needs AES/GCM encryption */ -#define REQ_3DESCBC 0x0040 /* suite needs 3DES/CBC encryption */ -#define REQ_RSAKEYX 0x0080 /* suite uses RSA key exchange */ -#define REQ_ECDHE_RSA 0x0100 /* suite uses ECDHE_RSA key exchange */ -#define REQ_ECDHE_ECDSA 0x0200 /* suite uses ECDHE_ECDSA key exchange */ -#define REQ_ECDH 0x0400 /* suite uses static ECDH key exchange */ +#define REQ_CHAPOL 0x0040 /* suite needs ChaCha20+Poly1305 */ +#define REQ_3DESCBC 0x0080 /* suite needs 3DES/CBC encryption */ +#define REQ_RSAKEYX 0x0100 /* suite uses RSA key exchange */ +#define REQ_ECDHE_RSA 0x0200 /* suite uses ECDHE_RSA key exchange */ +#define REQ_ECDHE_ECDSA 0x0400 /* suite uses ECDHE_ECDSA key exchange */ +#define REQ_ECDH 0x0800 /* suite uses static ECDH key exchange */ /* * Parse a list of cipher suite names. The names are comma-separated. If diff --git a/tools/client.c b/tools/client.c index 102d43b..dcf888a 100644 --- a/tools/client.c +++ b/tools/client.c @@ -915,6 +915,15 @@ do_client(int argc, char *argv[]) &br_sslrec_in_gcm_vtable, &br_sslrec_out_gcm_vtable); } + if ((req & REQ_CHAPOL) != 0) { + br_ssl_engine_set_chacha20(&cc.eng, + &br_chacha20_ct_run); + br_ssl_engine_set_poly1305(&cc.eng, + &br_poly1305_ctmul_run); + br_ssl_engine_set_chapol(&cc.eng, + &br_sslrec_in_chapol_vtable, + &br_sslrec_out_chapol_vtable); + } if ((req & REQ_3DESCBC) != 0) { br_ssl_engine_set_des_cbc(&cc.eng, &br_des_ct_cbcenc_vtable, diff --git a/tools/names.c b/tools/names.c index 06b2cdb..60ff08f 100644 --- a/tools/names.c +++ b/tools/names.c @@ -46,6 +46,18 @@ const hash_function hash_functions[] = { /* see brssl.h */ const cipher_suite cipher_suites[] = { + { + "ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", + BR_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, + REQ_ECDHE_ECDSA | REQ_CHAPOL | REQ_SHA256 | REQ_TLS12, + "ECDHE with ECDSA, ChaCha20+Poly1305 encryption (TLS 1.2+)" + }, + { + "ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", + BR_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, + REQ_ECDHE_RSA | REQ_CHAPOL | REQ_SHA256 | REQ_TLS12, + "ECDHE with ECDSA, ChaCha20+Poly1305 encryption (TLS 1.2+)" + }, { "ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", BR_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, diff --git a/tools/server.c b/tools/server.c index 5e9315d..67d2fa6 100644 --- a/tools/server.c +++ b/tools/server.c @@ -947,6 +947,15 @@ do_server(int argc, char *argv[]) &br_sslrec_in_gcm_vtable, &br_sslrec_out_gcm_vtable); } + if ((req & REQ_CHAPOL) != 0) { + br_ssl_engine_set_chacha20(&cc.eng, + &br_chacha20_ct_run); + br_ssl_engine_set_poly1305(&cc.eng, + &br_poly1305_ctmul_run); + br_ssl_engine_set_chapol(&cc.eng, + &br_sslrec_in_chapol_vtable, + &br_sslrec_out_chapol_vtable); + } if ((req & REQ_3DESCBC) != 0) { br_ssl_engine_set_des_cbc(&cc.eng, &br_des_ct_cbcenc_vtable, -- 2.17.1