projects / BearSSL / blob
? search:


2c35f2988a1182985943505dd974035f5b8037a8
[BearSSL] / src / ssl / ssl_hs_client.c
1 /* Automatically generated code; do not modify directly. */
2
3 #include <stddef.h>
4 #include <stdint.h>
5
6 typedef struct {
7 uint32_t *dp;
8 uint32_t *rp;
9 const unsigned char *ip;
10 } t0_context;
11
12 static uint32_t
13 t0_parse7E_unsigned(const unsigned char **p)
14 {
15 uint32_t x;
16
17 x = 0;
18 for (;;) {
19 unsigned y;
20
21 y = *(*p) ++;
22 x = (x << 7) | (uint32_t)(y & 0x7F);
23 if (y < 0x80) {
24 return x;
25 }
26 }
27 }
28
29 static int32_t
30 t0_parse7E_signed(const unsigned char **p)
31 {
32 int neg;
33 uint32_t x;
34
35 neg = ((**p) >> 6) & 1;
36 x = (uint32_t)-neg;
37 for (;;) {
38 unsigned y;
39
40 y = *(*p) ++;
41 x = (x << 7) | (uint32_t)(y & 0x7F);
42 if (y < 0x80) {
43 if (neg) {
44 return -(int32_t)~x - 1;
45 } else {
46 return (int32_t)x;
47 }
48 }
49 }
50 }
51
52 #define T0_VBYTE(x, n) (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) | 0x80)
53 #define T0_FBYTE(x, n) (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)
54 #define T0_SBYTE(x) (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)
55 #define T0_INT1(x) T0_FBYTE(x, 0)
56 #define T0_INT2(x) T0_VBYTE(x, 7), T0_FBYTE(x, 0)
57 #define T0_INT3(x) T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
58 #define T0_INT4(x) T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
59 #define T0_INT5(x) T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
60
61 /* static const unsigned char t0_datablock[]; */
62
63
64 void br_ssl_hs_client_init_main(void *t0ctx);
65
66 void br_ssl_hs_client_run(void *t0ctx);
67
68
69
70 #include <stddef.h>
71 #include <string.h>
72
73 #include "inner.h"
74
75 /*
76 * This macro evaluates to a pointer to the current engine context.
77 */
78 #define ENG ((br_ssl_engine_context *)(void *)((unsigned char *)t0ctx - offsetof(br_ssl_engine_context, cpu)))
79
80
81
82
83
84 /*
85 * This macro evaluates to a pointer to the client context, under that
86 * specific name. It must be noted that since the engine context is the
87 * first field of the br_ssl_client_context structure ('eng'), then
88 * pointers values of both types are interchangeable, modulo an
89 * appropriate cast. This also means that "adresses" computed as offsets
90 * within the structure work for both kinds of context.
91 */
92 #define CTX ((br_ssl_client_context *)ENG)
93
94 /*
95 * Generate the pre-master secret for RSA key exchange, and encrypt it
96 * with the server's public key. Returned value is either the encrypted
97 * data length (in bytes), or -x on error, with 'x' being an error code.
98 *
99 * This code assumes that the public key has been already verified (it
100 * was properly obtained by the X.509 engine, and it has the right type,
101 * i.e. it is of type RSA and suitable for encryption).
102 */
103 static int
104 make_pms_rsa(br_ssl_client_context *ctx, int prf_id)
105 {
106 const br_x509_class **xc;
107 const br_x509_pkey *pk;
108 const unsigned char *n;
109 unsigned char *pms;
110 size_t nlen, u;
111
112 xc = ctx->eng.x509ctx;
113 pk = (*xc)->get_pkey(xc, NULL);
114
115 /*
116 * Compute actual RSA key length, in case there are leading zeros.
117 */
118 n = pk->key.rsa.n;
119 nlen = pk->key.rsa.nlen;
120 while (nlen > 0 && *n == 0) {
121 n ++;
122 nlen --;
123 }
124
125 /*
126 * We need at least 59 bytes (48 bytes for pre-master secret, and
127 * 11 bytes for the PKCS#1 type 2 padding). Note that the X.509
128 * minimal engine normally blocks RSA keys shorter than 128 bytes,
129 * so this is mostly for public keys provided explicitly by the
130 * caller.
131 */
132 if (nlen < 59) {
133 return -BR_ERR_X509_WEAK_PUBLIC_KEY;
134 }
135 if (nlen > sizeof ctx->eng.pad) {
136 return -BR_ERR_LIMIT_EXCEEDED;
137 }
138
139 /*
140 * Make PMS.
141 */
142 pms = ctx->eng.pad + nlen - 48;
143 br_enc16be(pms, ctx->eng.version_max);
144 br_hmac_drbg_generate(&ctx->eng.rng, pms + 2, 46);
145 br_ssl_engine_compute_master(&ctx->eng, prf_id, pms, 48);
146
147 /*
148 * Apply PKCS#1 type 2 padding.
149 */
150 ctx->eng.pad[0] = 0x00;
151 ctx->eng.pad[1] = 0x02;
152 ctx->eng.pad[nlen - 49] = 0x00;
153 br_hmac_drbg_generate(&ctx->eng.rng, ctx->eng.pad + 2, nlen - 51);
154 for (u = 2; u < nlen - 49; u ++) {
155 while (ctx->eng.pad[u] == 0) {
156 br_hmac_drbg_generate(&ctx->eng.rng,
157 &ctx->eng.pad[u], 1);
158 }
159 }
160
161 /*
162 * Compute RSA encryption.
163 */
164 if (!ctx->irsapub(ctx->eng.pad, nlen, &pk->key.rsa)) {
165 return -BR_ERR_LIMIT_EXCEEDED;
166 }
167 return (int)nlen;
168 }
169
170 /*
171 * OID for hash functions in RSA signatures.
172 */
173 static const unsigned char *HASH_OID[] = {
174 BR_HASH_OID_SHA1,
175 BR_HASH_OID_SHA224,
176 BR_HASH_OID_SHA256,
177 BR_HASH_OID_SHA384,
178 BR_HASH_OID_SHA512
179 };
180
181 /*
182 * Check the RSA signature on the ServerKeyExchange message.
183 *
184 * hash hash function ID (2 to 6), or 0 for MD5+SHA-1 (with RSA only)
185 * use_rsa non-zero for RSA signature, zero for ECDSA
186 * sig_len signature length (in bytes); signature value is in the pad
187 *
188 * Returned value is 0 on success, or an error code.
189 */
190 static int
191 verify_SKE_sig(br_ssl_client_context *ctx,
192 int hash, int use_rsa, size_t sig_len)
193 {
194 const br_x509_class **xc;
195 const br_x509_pkey *pk;
196 br_multihash_context mhc;
197 unsigned char hv[64], head[4];
198 size_t hv_len;
199
200 xc = ctx->eng.x509ctx;
201 pk = (*xc)->get_pkey(xc, NULL);
202 br_multihash_zero(&mhc);
203 br_multihash_copyimpl(&mhc, &ctx->eng.mhash);
204 br_multihash_init(&mhc);
205 br_multihash_update(&mhc,
206 ctx->eng.client_random, sizeof ctx->eng.client_random);
207 br_multihash_update(&mhc,
208 ctx->eng.server_random, sizeof ctx->eng.server_random);
209 head[0] = 3;
210 head[1] = 0;
211 head[2] = ctx->eng.ecdhe_curve;
212 head[3] = ctx->eng.ecdhe_point_len;
213 br_multihash_update(&mhc, head, sizeof head);
214 br_multihash_update(&mhc,
215 ctx->eng.ecdhe_point, ctx->eng.ecdhe_point_len);
216 if (hash) {
217 hv_len = br_multihash_out(&mhc, hash, hv);
218 if (hv_len == 0) {
219 return BR_ERR_INVALID_ALGORITHM;
220 }
221 } else {
222 if (!br_multihash_out(&mhc, br_md5_ID, hv)
223 || !br_multihash_out(&mhc, br_sha1_ID, hv + 16))
224 {
225 return BR_ERR_INVALID_ALGORITHM;
226 }
227 hv_len = 36;
228 }
229 if (use_rsa) {
230 unsigned char tmp[64];
231 const unsigned char *hash_oid;
232
233 if (hash) {
234 hash_oid = HASH_OID[hash - 2];
235 } else {
236 hash_oid = NULL;
237 }
238 if (!ctx->eng.irsavrfy(ctx->eng.pad, sig_len,
239 hash_oid, hv_len, &pk->key.rsa, tmp)
240 || memcmp(tmp, hv, hv_len) != 0)
241 {
242 return BR_ERR_BAD_SIGNATURE;
243 }
244 } else {
245 if (!ctx->eng.iecdsa(ctx->eng.iec, hv, hv_len, &pk->key.ec,
246 ctx->eng.pad, sig_len))
247 {
248 return BR_ERR_BAD_SIGNATURE;
249 }
250 }
251 return 0;
252 }
253
254 /*
255 * Perform client-side ECDH (or ECDHE). The point that should be sent to
256 * the server is written in the pad; returned value is either the point
257 * length (in bytes), or -x on error, with 'x' being an error code.
258 *
259 * The point _from_ the server is taken from ecdhe_point[] if 'ecdhe'
260 * is non-zero, or from the X.509 engine context if 'ecdhe' is zero
261 * (for static ECDH).
262 */
263 static int
264 make_pms_ecdh(br_ssl_client_context *ctx, unsigned ecdhe, int prf_id)
265 {
266 int curve;
267 unsigned char key[66], point[133];
268 const unsigned char *order, *point_src;
269 size_t glen, olen, point_len, xoff, xlen;
270 unsigned char mask;
271
272 if (ecdhe) {
273 curve = ctx->eng.ecdhe_curve;
274 point_src = ctx->eng.ecdhe_point;
275 point_len = ctx->eng.ecdhe_point_len;
276 } else {
277 const br_x509_class **xc;
278 const br_x509_pkey *pk;
279
280 xc = ctx->eng.x509ctx;
281 pk = (*xc)->get_pkey(xc, NULL);
282 curve = pk->key.ec.curve;
283 point_src = pk->key.ec.q;
284 point_len = pk->key.ec.qlen;
285 }
286 if ((ctx->eng.iec->supported_curves & ((uint32_t)1 << curve)) == 0) {
287 return -BR_ERR_INVALID_ALGORITHM;
288 }
289
290 /*
291 * We need to generate our key, as a non-zero random value which
292 * is lower than the curve order, in a "large enough" range. We
293 * force top bit to 0 and bottom bit to 1, which guarantees that
294 * the value is in the proper range.
295 */
296 order = ctx->eng.iec->order(curve, &olen);
297 mask = 0xFF;
298 while (mask >= order[0]) {
299 mask >>= 1;
300 }
301 br_hmac_drbg_generate(&ctx->eng.rng, key, olen);
302 key[0] &= mask;
303 key[olen - 1] |= 0x01;
304
305 /*
306 * Compute the common ECDH point, whose X coordinate is the
307 * pre-master secret.
308 */
309 ctx->eng.iec->generator(curve, &glen);
310 if (glen != point_len) {
311 return -BR_ERR_INVALID_ALGORITHM;
312 }
313
314 memcpy(point, point_src, glen);
315 if (!ctx->eng.iec->mul(point, glen, key, olen, curve)) {
316 return -BR_ERR_INVALID_ALGORITHM;
317 }
318
319 /*
320 * The pre-master secret is the X coordinate.
321 */
322 xoff = ctx->eng.iec->xoff(curve, &xlen);
323 br_ssl_engine_compute_master(&ctx->eng, prf_id, point + xoff, xlen);
324
325 ctx->eng.iec->mulgen(point, key, olen, curve);
326 memcpy(ctx->eng.pad, point, glen);
327 return (int)glen;
328 }
329
330 /*
331 * Perform full static ECDH. This occurs only in the context of client
332 * authentication with certificates: the server uses an EC public key,
333 * the cipher suite is of type ECDH (not ECDHE), the server requested a
334 * client certificate and accepts static ECDH, the client has a
335 * certificate with an EC public key in the same curve, and accepts
336 * static ECDH as well.
337 *
338 * Returned value is 0 on success, -1 on error.
339 */
340 static int
341 make_pms_static_ecdh(br_ssl_client_context *ctx, int prf_id)
342 {
343 unsigned char point[133];
344 size_t point_len;
345 const br_x509_class **xc;
346 const br_x509_pkey *pk;
347
348 xc = ctx->eng.x509ctx;
349 pk = (*xc)->get_pkey(xc, NULL);
350 point_len = pk->key.ec.qlen;
351 if (point_len > sizeof point) {
352 return -1;
353 }
354 memcpy(point, pk->key.ec.q, point_len);
355 if (!(*ctx->client_auth_vtable)->do_keyx(
356 ctx->client_auth_vtable, point, &point_len))
357 {
358 return -1;
359 }
360 br_ssl_engine_compute_master(&ctx->eng,
361 prf_id, point, point_len);
362 return 0;
363 }
364
365 /*
366 * Compute the client-side signature. This is invoked only when a
367 * signature-based client authentication was selected. The computed
368 * signature is in the pad; its length (in bytes) is returned. On
369 * error, 0 is returned.
370 */
371 static size_t
372 make_client_sign(br_ssl_client_context *ctx)
373 {
374 size_t hv_len;
375
376 /*
377 * Compute hash of handshake messages so far. This "cannot" fail
378 * because the list of supported hash functions provided to the
379 * client certificate handler was trimmed to include only the
380 * hash functions that the multi-hasher supports.
381 */
382 if (ctx->hash_id) {
383 hv_len = br_multihash_out(&ctx->eng.mhash,
384 ctx->hash_id, ctx->eng.pad);
385 } else {
386 br_multihash_out(&ctx->eng.mhash,
387 br_md5_ID, ctx->eng.pad);
388 br_multihash_out(&ctx->eng.mhash,
389 br_sha1_ID, ctx->eng.pad + 16);
390 hv_len = 36;
391 }
392 return (*ctx->client_auth_vtable)->do_sign(
393 ctx->client_auth_vtable, ctx->hash_id, hv_len,
394 ctx->eng.pad, sizeof ctx->eng.pad);
395 }
396
397
398
399 static const unsigned char t0_datablock[] = {
400 0x00, 0x00, 0x0A, 0x00, 0x24, 0x00, 0x2F, 0x01, 0x24, 0x00, 0x35, 0x02,
401 0x24, 0x00, 0x3C, 0x01, 0x44, 0x00, 0x3D, 0x02, 0x44, 0x00, 0x9C, 0x03,
402 0x04, 0x00, 0x9D, 0x04, 0x05, 0xC0, 0x03, 0x40, 0x24, 0xC0, 0x04, 0x41,
403 0x24, 0xC0, 0x05, 0x42, 0x24, 0xC0, 0x08, 0x20, 0x24, 0xC0, 0x09, 0x21,
404 0x24, 0xC0, 0x0A, 0x22, 0x24, 0xC0, 0x0D, 0x30, 0x24, 0xC0, 0x0E, 0x31,
405 0x24, 0xC0, 0x0F, 0x32, 0x24, 0xC0, 0x12, 0x10, 0x24, 0xC0, 0x13, 0x11,
406 0x24, 0xC0, 0x14, 0x12, 0x24, 0xC0, 0x23, 0x21, 0x44, 0xC0, 0x24, 0x22,
407 0x55, 0xC0, 0x25, 0x41, 0x44, 0xC0, 0x26, 0x42, 0x55, 0xC0, 0x27, 0x11,
408 0x44, 0xC0, 0x28, 0x12, 0x55, 0xC0, 0x29, 0x31, 0x44, 0xC0, 0x2A, 0x32,
409 0x55, 0xC0, 0x2B, 0x23, 0x04, 0xC0, 0x2C, 0x24, 0x05, 0xC0, 0x2D, 0x43,
410 0x04, 0xC0, 0x2E, 0x44, 0x05, 0xC0, 0x2F, 0x13, 0x04, 0xC0, 0x30, 0x14,
411 0x05, 0xC0, 0x31, 0x33, 0x04, 0xC0, 0x32, 0x34, 0x05, 0xCC, 0xA8, 0x15,
412 0x04, 0xCC, 0xA9, 0x25, 0x04, 0x00, 0x00
413 };
414
415 static const unsigned char t0_codeblock[] = {
416 0x00, 0x01, 0x00, 0x0A, 0x00, 0x00, 0x01, 0x00, 0x0D, 0x00, 0x00, 0x01,
417 0x00, 0x0E, 0x00, 0x00, 0x01, 0x00, 0x0F, 0x00, 0x00, 0x01, 0x01, 0x08,
418 0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x02, 0x08, 0x00, 0x00,
419 0x01, 0x02, 0x09, 0x00, 0x00, 0x25, 0x25, 0x00, 0x00, 0x01,
420 T0_INT1(BR_ERR_BAD_CCS), 0x00, 0x00, 0x01,
421 T0_INT1(BR_ERR_BAD_CIPHER_SUITE), 0x00, 0x00, 0x01,
422 T0_INT1(BR_ERR_BAD_COMPRESSION), 0x00, 0x00, 0x01,
423 T0_INT1(BR_ERR_BAD_FINISHED), 0x00, 0x00, 0x01,
424 T0_INT1(BR_ERR_BAD_FRAGLEN), 0x00, 0x00, 0x01,
425 T0_INT1(BR_ERR_BAD_HANDSHAKE), 0x00, 0x00, 0x01,
426 T0_INT1(BR_ERR_BAD_HELLO_DONE), 0x00, 0x00, 0x01,
427 T0_INT1(BR_ERR_BAD_PARAM), 0x00, 0x00, 0x01,
428 T0_INT1(BR_ERR_BAD_SECRENEG), 0x00, 0x00, 0x01,
429 T0_INT1(BR_ERR_BAD_SNI), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_BAD_VERSION),
430 0x00, 0x00, 0x01, T0_INT1(BR_ERR_EXTRA_EXTENSION), 0x00, 0x00, 0x01,
431 T0_INT1(BR_ERR_INVALID_ALGORITHM), 0x00, 0x00, 0x01,
432 T0_INT1(BR_ERR_LIMIT_EXCEEDED), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OK),
433 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OVERSIZED_ID), 0x00, 0x00, 0x01,
434 T0_INT1(BR_ERR_RESUME_MISMATCH), 0x00, 0x00, 0x01,
435 T0_INT1(BR_ERR_UNEXPECTED), 0x00, 0x00, 0x01,
436 T0_INT1(BR_ERR_UNSUPPORTED_VERSION), 0x00, 0x00, 0x01,
437 T0_INT1(BR_ERR_WRONG_KEY_USAGE), 0x00, 0x00, 0x01,
438 T0_INT2(offsetof(br_ssl_engine_context, action)), 0x00, 0x00, 0x01,
439 T0_INT2(offsetof(br_ssl_engine_context, alert)), 0x00, 0x00, 0x01,
440 T0_INT2(offsetof(br_ssl_engine_context, application_data)), 0x00, 0x00,
441 0x01, T0_INT2(offsetof(br_ssl_client_context, auth_type)), 0x00, 0x00,
442 0x01,
443 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, cipher_suite)),
444 0x00, 0x00, 0x01,
445 T0_INT2(offsetof(br_ssl_engine_context, client_random)), 0x00, 0x00,
446 0x01, T0_INT2(offsetof(br_ssl_engine_context, close_received)), 0x00,
447 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_curve)),
448 0x00, 0x00, 0x01,
449 T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point)), 0x00, 0x00,
450 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point_len)), 0x00,
451 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, flags)), 0x00,
452 0x00, 0x01, T0_INT2(offsetof(br_ssl_client_context, hash_id)), 0x00,
453 0x00, 0x01, T0_INT2(offsetof(br_ssl_client_context, hashes)), 0x00,
454 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, log_max_frag_len)),
455 0x00, 0x00, 0x01,
456 T0_INT2(offsetof(br_ssl_client_context, min_clienthello_len)), 0x00,
457 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, pad)), 0x00, 0x00,
458 0x01, T0_INT2(offsetof(br_ssl_engine_context, protocol_names_num)),
459 0x00, 0x00, 0x01,
460 T0_INT2(offsetof(br_ssl_engine_context, record_type_in)), 0x00, 0x00,
461 0x01, T0_INT2(offsetof(br_ssl_engine_context, record_type_out)), 0x00,
462 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, reneg)), 0x00,
463 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, saved_finished)),
464 0x00, 0x00, 0x01,
465 T0_INT2(offsetof(br_ssl_engine_context, selected_protocol)), 0x00,
466 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, server_name)),
467 0x00, 0x00, 0x01,
468 T0_INT2(offsetof(br_ssl_engine_context, server_random)), 0x00, 0x00,
469 0x01,
470 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id)),
471 0x00, 0x00, 0x01,
472 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id_len)),
473 0x00, 0x00, 0x01,
474 T0_INT2(offsetof(br_ssl_engine_context, shutdown_recv)), 0x00, 0x00,
475 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_buf)), 0x00, 0x00,
476 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_num)), 0x00, 0x00,
477 0x01,
478 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, version)),
479 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_in)),
480 0x00, 0x00, 0x01,
481 T0_INT2(offsetof(br_ssl_engine_context, version_max)), 0x00, 0x00,
482 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_min)), 0x00,
483 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_out)),
484 0x00, 0x00, 0x09, 0x26, 0x56, 0x06, 0x02, 0x66, 0x28, 0x00, 0x00, 0x06,
485 0x08, 0x2C, 0x0E, 0x05, 0x02, 0x6F, 0x28, 0x04, 0x01, 0x3C, 0x00, 0x00,
486 0x01, 0x01, 0x00, 0x01, 0x03, 0x00, 0x97, 0x26, 0x5C, 0x44, 0x9B, 0x26,
487 0x05, 0x04, 0x5E, 0x01, 0x00, 0x00, 0x02, 0x00, 0x0E, 0x06, 0x02, 0x9B,
488 0x00, 0x5C, 0x04, 0x6B, 0x00, 0x06, 0x02, 0x66, 0x28, 0x00, 0x00, 0x26,
489 0x87, 0x44, 0x05, 0x03, 0x01, 0x0C, 0x08, 0x44, 0x77, 0x2C, 0xA9, 0x1C,
490 0x82, 0x01, 0x0C, 0x31, 0x00, 0x00, 0x26, 0x1F, 0x01, 0x08, 0x0B, 0x44,
491 0x5A, 0x1F, 0x08, 0x00, 0x01, 0x03, 0x00, 0x75, 0x2E, 0x02, 0x00, 0x36,
492 0x17, 0x01, 0x01, 0x0B, 0x75, 0x3E, 0x29, 0x1A, 0x36, 0x06, 0x07, 0x02,
493 0x00, 0xCD, 0x03, 0x00, 0x04, 0x75, 0x01, 0x00, 0xC3, 0x02, 0x00, 0x26,
494 0x1A, 0x17, 0x06, 0x02, 0x6D, 0x28, 0xCD, 0x04, 0x76, 0x01, 0x01, 0x00,
495 0x75, 0x3E, 0x01, 0x16, 0x85, 0x3E, 0x01, 0x00, 0x88, 0x3C, 0x34, 0xD3,
496 0x29, 0xB2, 0x06, 0x09, 0x01, 0x7F, 0xAD, 0x01, 0x7F, 0xD0, 0x04, 0x80,
497 0x53, 0xAF, 0x77, 0x2C, 0x9F, 0x01, T0_INT1(BR_KEYTYPE_SIGN), 0x17,
498 0x06, 0x01, 0xB3, 0xB6, 0x26, 0x01, 0x0D, 0x0E, 0x06, 0x07, 0x25, 0xB5,
499 0xB6, 0x01, 0x7F, 0x04, 0x02, 0x01, 0x00, 0x03, 0x00, 0x01, 0x0E, 0x0E,
500 0x05, 0x02, 0x70, 0x28, 0x06, 0x02, 0x65, 0x28, 0x33, 0x06, 0x02, 0x70,
501 0x28, 0x02, 0x00, 0x06, 0x1C, 0xD1, 0x7E, 0x2E, 0x01, 0x81, 0x7F, 0x0E,
502 0x06, 0x0D, 0x25, 0x01, 0x10, 0xDC, 0x01, 0x00, 0xDB, 0x77, 0x2C, 0xA9,
503 0x24, 0x04, 0x04, 0xD4, 0x06, 0x01, 0xD2, 0x04, 0x01, 0xD4, 0x01, 0x7F,
504 0xD0, 0x01, 0x7F, 0xAD, 0x01, 0x01, 0x75, 0x3E, 0x01, 0x17, 0x85, 0x3E,
505 0x00, 0x00, 0x38, 0x38, 0x00, 0x00, 0x98, 0x01, 0x0C, 0x11, 0x01, 0x00,
506 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
507 T0_INT1(BR_KEYTYPE_RSA | BR_KEYTYPE_KEYX), 0x04, 0x30, 0x01, 0x01,
508 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
509 T0_INT1(BR_KEYTYPE_RSA | BR_KEYTYPE_SIGN), 0x04, 0x25, 0x01, 0x02,
510 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
511 T0_INT1(BR_KEYTYPE_EC | BR_KEYTYPE_SIGN), 0x04, 0x1A, 0x01, 0x03,
512 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
513 T0_INT1(BR_KEYTYPE_EC | BR_KEYTYPE_KEYX), 0x04, 0x0F, 0x01, 0x04,
514 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
515 T0_INT1(BR_KEYTYPE_EC | BR_KEYTYPE_KEYX), 0x04, 0x04, 0x01, 0x00,
516 0x44, 0x25, 0x00, 0x00, 0x80, 0x2E, 0x01, 0x0E, 0x0E, 0x06, 0x04, 0x01,
517 0x00, 0x04, 0x02, 0x01, 0x05, 0x00, 0x00, 0x40, 0x06, 0x04, 0x01, 0x06,
518 0x04, 0x02, 0x01, 0x00, 0x00, 0x00, 0x86, 0x2E, 0x26, 0x06, 0x08, 0x01,
519 0x01, 0x09, 0x01, 0x11, 0x07, 0x04, 0x03, 0x25, 0x01, 0x05, 0x00, 0x01,
520 0x41, 0x03, 0x00, 0x25, 0x01, 0x00, 0x43, 0x06, 0x03, 0x02, 0x00, 0x08,
521 0x42, 0x06, 0x03, 0x02, 0x00, 0x08, 0x26, 0x06, 0x06, 0x01, 0x01, 0x0B,
522 0x01, 0x06, 0x08, 0x00, 0x00, 0x89, 0x3F, 0x26, 0x06, 0x03, 0x01, 0x09,
523 0x08, 0x00, 0x01, 0x40, 0x26, 0x06, 0x1E, 0x01, 0x00, 0x03, 0x00, 0x26,
524 0x06, 0x0E, 0x26, 0x01, 0x01, 0x17, 0x02, 0x00, 0x08, 0x03, 0x00, 0x01,
525 0x01, 0x11, 0x04, 0x6F, 0x25, 0x02, 0x00, 0x01, 0x01, 0x0B, 0x01, 0x06,
526 0x08, 0x00, 0x00, 0x7D, 0x2D, 0x44, 0x11, 0x01, 0x01, 0x17, 0x35, 0x00,
527 0x00, 0x9D, 0xCC, 0x26, 0x01, 0x07, 0x17, 0x01, 0x00, 0x38, 0x0E, 0x06,
528 0x09, 0x25, 0x01, 0x10, 0x17, 0x06, 0x01, 0x9D, 0x04, 0x35, 0x01, 0x01,
529 0x38, 0x0E, 0x06, 0x2C, 0x25, 0x25, 0x01, 0x00, 0x75, 0x3E, 0xB1, 0x86,
530 0x2E, 0x01, 0x01, 0x0E, 0x01, 0x01, 0xA6, 0x37, 0x06, 0x17, 0x29, 0x1A,
531 0x36, 0x06, 0x04, 0xCC, 0x25, 0x04, 0x78, 0x01, 0x80, 0x64, 0xC3, 0x01,
532 0x01, 0x75, 0x3E, 0x01, 0x17, 0x85, 0x3E, 0x04, 0x01, 0x9D, 0x04, 0x03,
533 0x70, 0x28, 0x25, 0x04, 0xFF, 0x34, 0x01, 0x26, 0x03, 0x00, 0x09, 0x26,
534 0x56, 0x06, 0x02, 0x66, 0x28, 0x02, 0x00, 0x00, 0x00, 0x98, 0x01, 0x0F,
535 0x17, 0x00, 0x00, 0x74, 0x2E, 0x01, 0x00, 0x38, 0x0E, 0x06, 0x10, 0x25,
536 0x26, 0x01, 0x01, 0x0D, 0x06, 0x03, 0x25, 0x01, 0x02, 0x74, 0x3E, 0x01,
537 0x00, 0x04, 0x21, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x14, 0x25, 0x01, 0x00,
538 0x74, 0x3E, 0x26, 0x01, 0x80, 0x64, 0x0E, 0x06, 0x05, 0x01, 0x82, 0x00,
539 0x08, 0x28, 0x58, 0x04, 0x07, 0x25, 0x01, 0x82, 0x00, 0x08, 0x28, 0x25,
540 0x00, 0x00, 0x01, 0x00, 0x2F, 0x06, 0x05, 0x3A, 0xAA, 0x37, 0x04, 0x78,
541 0x26, 0x06, 0x04, 0x01, 0x01, 0x8D, 0x3E, 0x00, 0x01, 0xBD, 0xA8, 0xBD,
542 0xA8, 0xBF, 0x82, 0x44, 0x26, 0x03, 0x00, 0xB4, 0x99, 0x99, 0x02, 0x00,
543 0x4B, 0x26, 0x56, 0x06, 0x0A, 0x01, 0x03, 0xA6, 0x06, 0x02, 0x70, 0x28,
544 0x25, 0x04, 0x03, 0x5A, 0x88, 0x3C, 0x00, 0x00, 0x2F, 0x06, 0x0B, 0x84,
545 0x2E, 0x01, 0x14, 0x0D, 0x06, 0x02, 0x70, 0x28, 0x04, 0x11, 0xCC, 0x01,
546 0x07, 0x17, 0x26, 0x01, 0x02, 0x0D, 0x06, 0x06, 0x06, 0x02, 0x70, 0x28,
547 0x04, 0x70, 0x25, 0xC0, 0x01, 0x01, 0x0D, 0x33, 0x37, 0x06, 0x02, 0x5F,
548 0x28, 0x26, 0x01, 0x01, 0xC6, 0x36, 0xB0, 0x00, 0x01, 0xB6, 0x01, 0x0B,
549 0x0E, 0x05, 0x02, 0x70, 0x28, 0x26, 0x01, 0x03, 0x0E, 0x06, 0x08, 0xBE,
550 0x06, 0x02, 0x66, 0x28, 0x44, 0x25, 0x00, 0x44, 0x55, 0xBE, 0xA8, 0x26,
551 0x06, 0x23, 0xBE, 0xA8, 0x26, 0x54, 0x26, 0x06, 0x18, 0x26, 0x01, 0x82,
552 0x00, 0x0F, 0x06, 0x05, 0x01, 0x82, 0x00, 0x04, 0x01, 0x26, 0x03, 0x00,
553 0x82, 0x02, 0x00, 0xB4, 0x02, 0x00, 0x51, 0x04, 0x65, 0x99, 0x52, 0x04,
554 0x5A, 0x99, 0x99, 0x53, 0x26, 0x06, 0x02, 0x35, 0x00, 0x25, 0x2B, 0x00,
555 0x00, 0x77, 0x2C, 0x9F, 0x01, 0x7F, 0xAE, 0x26, 0x56, 0x06, 0x02, 0x35,
556 0x28, 0x26, 0x05, 0x02, 0x70, 0x28, 0x38, 0x17, 0x0D, 0x06, 0x02, 0x72,
557 0x28, 0x3B, 0x00, 0x00, 0x9A, 0xB6, 0x01, 0x14, 0x0D, 0x06, 0x02, 0x70,
558 0x28, 0x82, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0xB4, 0x99, 0x82, 0x26, 0x01,
559 0x0C, 0x08, 0x01, 0x0C, 0x30, 0x05, 0x02, 0x62, 0x28, 0x00, 0x00, 0xB7,
560 0x06, 0x02, 0x70, 0x28, 0x06, 0x02, 0x64, 0x28, 0x00, 0x0A, 0xB6, 0x01,
561 0x02, 0x0E, 0x05, 0x02, 0x70, 0x28, 0xBD, 0x03, 0x00, 0x02, 0x00, 0x93,
562 0x2C, 0x0A, 0x02, 0x00, 0x92, 0x2C, 0x0F, 0x37, 0x06, 0x02, 0x71, 0x28,
563 0x02, 0x00, 0x91, 0x2C, 0x0D, 0x06, 0x02, 0x69, 0x28, 0x02, 0x00, 0x94,
564 0x3C, 0x8A, 0x01, 0x20, 0xB4, 0x01, 0x00, 0x03, 0x01, 0xBF, 0x03, 0x02,
565 0x02, 0x02, 0x01, 0x20, 0x0F, 0x06, 0x02, 0x6E, 0x28, 0x82, 0x02, 0x02,
566 0xB4, 0x02, 0x02, 0x8C, 0x2E, 0x0E, 0x02, 0x02, 0x01, 0x00, 0x0F, 0x17,
567 0x06, 0x0B, 0x8B, 0x82, 0x02, 0x02, 0x30, 0x06, 0x04, 0x01, 0x7F, 0x03,
568 0x01, 0x8B, 0x82, 0x02, 0x02, 0x31, 0x02, 0x02, 0x8C, 0x3E, 0x02, 0x00,
569 0x90, 0x02, 0x01, 0x96, 0xBD, 0x26, 0xC1, 0x56, 0x06, 0x02, 0x60, 0x28,
570 0x26, 0xCB, 0x02, 0x00, 0x01, 0x86, 0x03, 0x0A, 0x17, 0x06, 0x02, 0x60,
571 0x28, 0x77, 0x02, 0x01, 0x96, 0xBF, 0x06, 0x02, 0x61, 0x28, 0x26, 0x06,
572 0x81, 0x47, 0xBD, 0xA8, 0xA4, 0x03, 0x03, 0xA2, 0x03, 0x04, 0xA0, 0x03,
573 0x05, 0xA3, 0x03, 0x06, 0xA5, 0x03, 0x07, 0xA1, 0x03, 0x08, 0x27, 0x03,
574 0x09, 0x26, 0x06, 0x81, 0x18, 0xBD, 0x01, 0x00, 0x38, 0x0E, 0x06, 0x0F,
575 0x25, 0x02, 0x03, 0x05, 0x02, 0x6A, 0x28, 0x01, 0x00, 0x03, 0x03, 0xBC,
576 0x04, 0x80, 0x7F, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x0F, 0x25, 0x02, 0x05,
577 0x05, 0x02, 0x6A, 0x28, 0x01, 0x00, 0x03, 0x05, 0xBA, 0x04, 0x80, 0x6A,
578 0x01, 0x83, 0xFE, 0x01, 0x38, 0x0E, 0x06, 0x0F, 0x25, 0x02, 0x04, 0x05,
579 0x02, 0x6A, 0x28, 0x01, 0x00, 0x03, 0x04, 0xBB, 0x04, 0x80, 0x53, 0x01,
580 0x0D, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x06, 0x05, 0x02, 0x6A, 0x28,
581 0x01, 0x00, 0x03, 0x06, 0xB8, 0x04, 0x3F, 0x01, 0x0A, 0x38, 0x0E, 0x06,
582 0x0E, 0x25, 0x02, 0x07, 0x05, 0x02, 0x6A, 0x28, 0x01, 0x00, 0x03, 0x07,
583 0xB8, 0x04, 0x2B, 0x01, 0x0B, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x08,
584 0x05, 0x02, 0x6A, 0x28, 0x01, 0x00, 0x03, 0x08, 0xB8, 0x04, 0x17, 0x01,
585 0x10, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x09, 0x05, 0x02, 0x6A, 0x28,
586 0x01, 0x00, 0x03, 0x09, 0xAC, 0x04, 0x03, 0x6A, 0x28, 0x25, 0x04, 0xFE,
587 0x64, 0x02, 0x04, 0x06, 0x0D, 0x02, 0x04, 0x01, 0x05, 0x0F, 0x06, 0x02,
588 0x67, 0x28, 0x01, 0x01, 0x86, 0x3E, 0x99, 0x04, 0x0C, 0xA2, 0x01, 0x05,
589 0x0F, 0x06, 0x02, 0x67, 0x28, 0x01, 0x01, 0x86, 0x3E, 0x99, 0x02, 0x01,
590 0x00, 0x04, 0xB6, 0x01, 0x0C, 0x0E, 0x05, 0x02, 0x70, 0x28, 0xBF, 0x01,
591 0x03, 0x0E, 0x05, 0x02, 0x6B, 0x28, 0xBD, 0x26, 0x7A, 0x3E, 0x26, 0x01,
592 0x20, 0x10, 0x06, 0x02, 0x6B, 0x28, 0x40, 0x44, 0x11, 0x01, 0x01, 0x17,
593 0x05, 0x02, 0x6B, 0x28, 0xBF, 0x26, 0x01, 0x81, 0x05, 0x0F, 0x06, 0x02,
594 0x6B, 0x28, 0x26, 0x7C, 0x3E, 0x7B, 0x44, 0xB4, 0x90, 0x2C, 0x01, 0x86,
595 0x03, 0x10, 0x03, 0x00, 0x77, 0x2C, 0xC9, 0x03, 0x01, 0x01, 0x02, 0x03,
596 0x02, 0x02, 0x00, 0x06, 0x21, 0xBF, 0x26, 0x26, 0x01, 0x02, 0x0A, 0x44,
597 0x01, 0x06, 0x0F, 0x37, 0x06, 0x02, 0x6B, 0x28, 0x03, 0x02, 0xBF, 0x02,
598 0x01, 0x01, 0x01, 0x0B, 0x01, 0x03, 0x08, 0x0E, 0x05, 0x02, 0x6B, 0x28,
599 0x04, 0x08, 0x02, 0x01, 0x06, 0x04, 0x01, 0x00, 0x03, 0x02, 0xBD, 0x26,
600 0x03, 0x03, 0x26, 0x01, 0x84, 0x00, 0x0F, 0x06, 0x02, 0x6C, 0x28, 0x82,
601 0x44, 0xB4, 0x02, 0x02, 0x02, 0x01, 0x02, 0x03, 0x4E, 0x26, 0x06, 0x01,
602 0x28, 0x25, 0x99, 0x00, 0x02, 0x03, 0x00, 0x03, 0x01, 0x02, 0x00, 0x95,
603 0x02, 0x01, 0x02, 0x00, 0x39, 0x26, 0x01, 0x00, 0x0E, 0x06, 0x02, 0x5E,
604 0x00, 0xCE, 0x04, 0x74, 0x02, 0x01, 0x00, 0x03, 0x00, 0xBF, 0xA8, 0x26,
605 0x06, 0x80, 0x43, 0xBF, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x06, 0x25, 0x01,
606 0x81, 0x7F, 0x04, 0x2E, 0x01, 0x80, 0x40, 0x38, 0x0E, 0x06, 0x07, 0x25,
607 0x01, 0x83, 0xFE, 0x00, 0x04, 0x20, 0x01, 0x80, 0x41, 0x38, 0x0E, 0x06,
608 0x07, 0x25, 0x01, 0x84, 0x80, 0x00, 0x04, 0x12, 0x01, 0x80, 0x42, 0x38,
609 0x0E, 0x06, 0x07, 0x25, 0x01, 0x88, 0x80, 0x00, 0x04, 0x04, 0x01, 0x00,
610 0x44, 0x25, 0x02, 0x00, 0x37, 0x03, 0x00, 0x04, 0xFF, 0x39, 0x99, 0x77,
611 0x2C, 0xC7, 0x05, 0x09, 0x02, 0x00, 0x01, 0x83, 0xFF, 0x7F, 0x17, 0x03,
612 0x00, 0x90, 0x2C, 0x01, 0x86, 0x03, 0x10, 0x06, 0x3A, 0xB9, 0x26, 0x7F,
613 0x3D, 0x41, 0x25, 0x26, 0x01, 0x08, 0x0B, 0x37, 0x01, 0x8C, 0x80, 0x00,
614 0x37, 0x17, 0x02, 0x00, 0x17, 0x02, 0x00, 0x01, 0x8C, 0x80, 0x00, 0x17,
615 0x06, 0x19, 0x26, 0x01, 0x81, 0x7F, 0x17, 0x06, 0x05, 0x01, 0x84, 0x80,
616 0x00, 0x37, 0x26, 0x01, 0x83, 0xFE, 0x00, 0x17, 0x06, 0x05, 0x01, 0x88,
617 0x80, 0x00, 0x37, 0x03, 0x00, 0x04, 0x09, 0x02, 0x00, 0x01, 0x8C, 0x88,
618 0x01, 0x17, 0x03, 0x00, 0x16, 0xBD, 0xA8, 0x26, 0x06, 0x23, 0xBD, 0xA8,
619 0x26, 0x15, 0x26, 0x06, 0x18, 0x26, 0x01, 0x82, 0x00, 0x0F, 0x06, 0x05,
620 0x01, 0x82, 0x00, 0x04, 0x01, 0x26, 0x03, 0x01, 0x82, 0x02, 0x01, 0xB4,
621 0x02, 0x01, 0x12, 0x04, 0x65, 0x99, 0x13, 0x04, 0x5A, 0x99, 0x14, 0x99,
622 0x02, 0x00, 0x2A, 0x00, 0x00, 0xB7, 0x26, 0x58, 0x06, 0x07, 0x25, 0x06,
623 0x02, 0x64, 0x28, 0x04, 0x74, 0x00, 0x00, 0xC0, 0x01, 0x03, 0xBE, 0x44,
624 0x25, 0x44, 0x00, 0x00, 0xBD, 0xC4, 0x00, 0x03, 0x01, 0x00, 0x03, 0x00,
625 0xBD, 0xA8, 0x26, 0x06, 0x80, 0x50, 0xBF, 0x03, 0x01, 0xBF, 0x03, 0x02,
626 0x02, 0x01, 0x01, 0x08, 0x0E, 0x06, 0x16, 0x02, 0x02, 0x01, 0x0F, 0x0C,
627 0x06, 0x0D, 0x01, 0x01, 0x02, 0x02, 0x01, 0x10, 0x08, 0x0B, 0x02, 0x00,
628 0x37, 0x03, 0x00, 0x04, 0x2A, 0x02, 0x01, 0x01, 0x02, 0x10, 0x02, 0x01,
629 0x01, 0x06, 0x0C, 0x17, 0x02, 0x02, 0x01, 0x01, 0x0E, 0x02, 0x02, 0x01,
630 0x03, 0x0E, 0x37, 0x17, 0x06, 0x11, 0x02, 0x00, 0x01, 0x01, 0x02, 0x02,
631 0x5B, 0x01, 0x02, 0x0B, 0x02, 0x01, 0x08, 0x0B, 0x37, 0x03, 0x00, 0x04,
632 0xFF, 0x2C, 0x99, 0x02, 0x00, 0x00, 0x00, 0xBD, 0x01, 0x01, 0x0E, 0x05,
633 0x02, 0x63, 0x28, 0xBF, 0x01, 0x08, 0x08, 0x80, 0x2E, 0x0E, 0x05, 0x02,
634 0x63, 0x28, 0x00, 0x00, 0xBD, 0x86, 0x2E, 0x05, 0x15, 0x01, 0x01, 0x0E,
635 0x05, 0x02, 0x67, 0x28, 0xBF, 0x01, 0x00, 0x0E, 0x05, 0x02, 0x67, 0x28,
636 0x01, 0x02, 0x86, 0x3E, 0x04, 0x1C, 0x01, 0x19, 0x0E, 0x05, 0x02, 0x67,
637 0x28, 0xBF, 0x01, 0x18, 0x0E, 0x05, 0x02, 0x67, 0x28, 0x82, 0x01, 0x18,
638 0xB4, 0x87, 0x82, 0x01, 0x18, 0x30, 0x05, 0x02, 0x67, 0x28, 0x00, 0x00,
639 0xBD, 0x06, 0x02, 0x68, 0x28, 0x00, 0x00, 0x01, 0x02, 0x95, 0xC0, 0x01,
640 0x08, 0x0B, 0xC0, 0x08, 0x00, 0x00, 0x01, 0x03, 0x95, 0xC0, 0x01, 0x08,
641 0x0B, 0xC0, 0x08, 0x01, 0x08, 0x0B, 0xC0, 0x08, 0x00, 0x00, 0x01, 0x01,
642 0x95, 0xC0, 0x00, 0x00, 0x3A, 0x26, 0x56, 0x05, 0x01, 0x00, 0x25, 0xCE,
643 0x04, 0x76, 0x02, 0x03, 0x00, 0x8F, 0x2E, 0x03, 0x01, 0x01, 0x00, 0x26,
644 0x02, 0x01, 0x0A, 0x06, 0x10, 0x26, 0x01, 0x01, 0x0B, 0x8E, 0x08, 0x2C,
645 0x02, 0x00, 0x0E, 0x06, 0x01, 0x00, 0x5A, 0x04, 0x6A, 0x25, 0x01, 0x7F,
646 0x00, 0x00, 0x01, 0x15, 0x85, 0x3E, 0x44, 0x50, 0x25, 0x50, 0x25, 0x29,
647 0x00, 0x00, 0x01, 0x01, 0x44, 0xC2, 0x00, 0x00, 0x44, 0x38, 0x95, 0x44,
648 0x26, 0x06, 0x05, 0xC0, 0x25, 0x5B, 0x04, 0x78, 0x25, 0x00, 0x00, 0x26,
649 0x01, 0x81, 0xAC, 0x00, 0x0E, 0x06, 0x04, 0x25, 0x01, 0x7F, 0x00, 0x98,
650 0x57, 0x00, 0x02, 0x03, 0x00, 0x77, 0x2C, 0x98, 0x03, 0x01, 0x02, 0x01,
651 0x01, 0x0F, 0x17, 0x02, 0x01, 0x01, 0x04, 0x11, 0x01, 0x0F, 0x17, 0x02,
652 0x01, 0x01, 0x08, 0x11, 0x01, 0x0F, 0x17, 0x01, 0x00, 0x38, 0x0E, 0x06,
653 0x10, 0x25, 0x01, 0x00, 0x01, 0x18, 0x02, 0x00, 0x06, 0x03, 0x47, 0x04,
654 0x01, 0x48, 0x04, 0x80, 0x68, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x10, 0x25,
655 0x01, 0x01, 0x01, 0x10, 0x02, 0x00, 0x06, 0x03, 0x47, 0x04, 0x01, 0x48,
656 0x04, 0x80, 0x52, 0x01, 0x02, 0x38, 0x0E, 0x06, 0x0F, 0x25, 0x01, 0x01,
657 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x47, 0x04, 0x01, 0x48, 0x04, 0x3D,
658 0x01, 0x03, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x25, 0x01, 0x10, 0x02, 0x00,
659 0x06, 0x03, 0x45, 0x04, 0x01, 0x46, 0x04, 0x29, 0x01, 0x04, 0x38, 0x0E,
660 0x06, 0x0E, 0x25, 0x25, 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x45, 0x04,
661 0x01, 0x46, 0x04, 0x15, 0x01, 0x05, 0x38, 0x0E, 0x06, 0x0C, 0x25, 0x25,
662 0x02, 0x00, 0x06, 0x03, 0x49, 0x04, 0x01, 0x4A, 0x04, 0x03, 0x66, 0x28,
663 0x25, 0x00, 0x00, 0x98, 0x01, 0x0C, 0x11, 0x01, 0x02, 0x0F, 0x00, 0x00,
664 0x98, 0x01, 0x0C, 0x11, 0x26, 0x59, 0x44, 0x01, 0x03, 0x0A, 0x17, 0x00,
665 0x00, 0x98, 0x01, 0x0C, 0x11, 0x01, 0x01, 0x0E, 0x00, 0x00, 0x98, 0x01,
666 0x0C, 0x11, 0x58, 0x00, 0x00, 0x98, 0x01, 0x81, 0x70, 0x17, 0x01, 0x20,
667 0x0D, 0x00, 0x00, 0x1B, 0x01, 0x00, 0x73, 0x2E, 0x26, 0x06, 0x22, 0x01,
668 0x01, 0x38, 0x0E, 0x06, 0x06, 0x25, 0x01, 0x00, 0x9C, 0x04, 0x14, 0x01,
669 0x02, 0x38, 0x0E, 0x06, 0x0D, 0x25, 0x75, 0x2E, 0x01, 0x01, 0x0E, 0x06,
670 0x03, 0x01, 0x10, 0x37, 0x04, 0x01, 0x25, 0x04, 0x01, 0x25, 0x79, 0x2E,
671 0x05, 0x33, 0x2F, 0x06, 0x30, 0x84, 0x2E, 0x01, 0x14, 0x38, 0x0E, 0x06,
672 0x06, 0x25, 0x01, 0x02, 0x37, 0x04, 0x22, 0x01, 0x15, 0x38, 0x0E, 0x06,
673 0x09, 0x25, 0xAB, 0x06, 0x03, 0x01, 0x7F, 0x9C, 0x04, 0x13, 0x01, 0x16,
674 0x38, 0x0E, 0x06, 0x06, 0x25, 0x01, 0x01, 0x37, 0x04, 0x07, 0x25, 0x01,
675 0x04, 0x37, 0x01, 0x00, 0x25, 0x1A, 0x06, 0x03, 0x01, 0x08, 0x37, 0x00,
676 0x00, 0x1B, 0x26, 0x05, 0x13, 0x2F, 0x06, 0x10, 0x84, 0x2E, 0x01, 0x15,
677 0x0E, 0x06, 0x08, 0x25, 0xAB, 0x01, 0x00, 0x75, 0x3E, 0x04, 0x01, 0x20,
678 0x00, 0x00, 0xCC, 0x01, 0x07, 0x17, 0x01, 0x01, 0x0F, 0x06, 0x02, 0x70,
679 0x28, 0x00, 0x01, 0x03, 0x00, 0x29, 0x1A, 0x06, 0x05, 0x02, 0x00, 0x85,
680 0x3E, 0x00, 0xCC, 0x25, 0x04, 0x74, 0x00, 0x01, 0x14, 0xCF, 0x01, 0x01,
681 0xDC, 0x29, 0x26, 0x01, 0x00, 0xC6, 0x01, 0x16, 0xCF, 0xD5, 0x29, 0x00,
682 0x00, 0x01, 0x0B, 0xDC, 0x4C, 0x26, 0x26, 0x01, 0x03, 0x08, 0xDB, 0xDB,
683 0x18, 0x26, 0x56, 0x06, 0x02, 0x25, 0x00, 0xDB, 0x1D, 0x26, 0x06, 0x05,
684 0x82, 0x44, 0xD6, 0x04, 0x77, 0x25, 0x04, 0x6C, 0x00, 0x21, 0x01, 0x0F,
685 0xDC, 0x26, 0x90, 0x2C, 0x01, 0x86, 0x03, 0x10, 0x06, 0x0C, 0x01, 0x04,
686 0x08, 0xDB, 0x7E, 0x2E, 0xDC, 0x76, 0x2E, 0xDC, 0x04, 0x02, 0x5C, 0xDB,
687 0x26, 0xDA, 0x82, 0x44, 0xD6, 0x00, 0x02, 0xA2, 0xA4, 0x08, 0xA0, 0x08,
688 0xA3, 0x08, 0xA5, 0x08, 0xA1, 0x08, 0x27, 0x08, 0x03, 0x00, 0x01, 0x01,
689 0xDC, 0x01, 0x27, 0x8C, 0x2E, 0x08, 0x8F, 0x2E, 0x01, 0x01, 0x0B, 0x08,
690 0x02, 0x00, 0x06, 0x04, 0x5C, 0x02, 0x00, 0x08, 0x81, 0x2C, 0x38, 0x09,
691 0x26, 0x59, 0x06, 0x24, 0x02, 0x00, 0x05, 0x04, 0x44, 0x5C, 0x44, 0x5D,
692 0x01, 0x04, 0x09, 0x26, 0x56, 0x06, 0x03, 0x25, 0x01, 0x00, 0x26, 0x01,
693 0x04, 0x08, 0x02, 0x00, 0x08, 0x03, 0x00, 0x44, 0x01, 0x04, 0x08, 0x38,
694 0x08, 0x44, 0x04, 0x03, 0x25, 0x01, 0x7F, 0x03, 0x01, 0xDB, 0x92, 0x2C,
695 0xDA, 0x78, 0x01, 0x04, 0x19, 0x78, 0x01, 0x04, 0x08, 0x01, 0x1C, 0x32,
696 0x78, 0x01, 0x20, 0xD6, 0x8B, 0x8C, 0x2E, 0xD8, 0x8F, 0x2E, 0x26, 0x01,
697 0x01, 0x0B, 0xDA, 0x8E, 0x44, 0x26, 0x06, 0x0F, 0x5B, 0x38, 0x2C, 0x26,
698 0xC5, 0x05, 0x02, 0x60, 0x28, 0xDA, 0x44, 0x5C, 0x44, 0x04, 0x6E, 0x5E,
699 0x01, 0x01, 0xDC, 0x01, 0x00, 0xDC, 0x02, 0x00, 0x06, 0x81, 0x5A, 0x02,
700 0x00, 0xDA, 0xA2, 0x06, 0x0E, 0x01, 0x83, 0xFE, 0x01, 0xDA, 0x87, 0xA2,
701 0x01, 0x04, 0x09, 0x26, 0xDA, 0x5B, 0xD8, 0xA4, 0x06, 0x16, 0x01, 0x00,
702 0xDA, 0x89, 0xA4, 0x01, 0x04, 0x09, 0x26, 0xDA, 0x01, 0x02, 0x09, 0x26,
703 0xDA, 0x01, 0x00, 0xDC, 0x01, 0x03, 0x09, 0xD7, 0xA0, 0x06, 0x0C, 0x01,
704 0x01, 0xDA, 0x01, 0x01, 0xDA, 0x80, 0x2E, 0x01, 0x08, 0x09, 0xDC, 0xA3,
705 0x06, 0x19, 0x01, 0x0D, 0xDA, 0xA3, 0x01, 0x04, 0x09, 0x26, 0xDA, 0x01,
706 0x02, 0x09, 0xDA, 0x42, 0x06, 0x03, 0x01, 0x03, 0xD9, 0x43, 0x06, 0x03,
707 0x01, 0x01, 0xD9, 0xA5, 0x26, 0x06, 0x36, 0x01, 0x0A, 0xDA, 0x01, 0x04,
708 0x09, 0x26, 0xDA, 0x5D, 0xDA, 0x40, 0x01, 0x00, 0x26, 0x01, 0x82, 0x80,
709 0x80, 0x80, 0x00, 0x17, 0x06, 0x0A, 0x01, 0xFD, 0xFF, 0xFF, 0xFF, 0x7F,
710 0x17, 0x01, 0x1D, 0xDA, 0x26, 0x01, 0x20, 0x0A, 0x06, 0x0C, 0x9E, 0x11,
711 0x01, 0x01, 0x17, 0x06, 0x02, 0x26, 0xDA, 0x5A, 0x04, 0x6E, 0x5E, 0x04,
712 0x01, 0x25, 0xA1, 0x06, 0x0A, 0x01, 0x0B, 0xDA, 0x01, 0x02, 0xDA, 0x01,
713 0x82, 0x00, 0xDA, 0x27, 0x26, 0x06, 0x1F, 0x01, 0x10, 0xDA, 0x01, 0x04,
714 0x09, 0x26, 0xDA, 0x5D, 0xDA, 0x83, 0x2C, 0x01, 0x00, 0x9E, 0x0F, 0x06,
715 0x0A, 0x26, 0x1E, 0x26, 0xDC, 0x82, 0x44, 0xD6, 0x5A, 0x04, 0x72, 0x5E,
716 0x04, 0x01, 0x25, 0x02, 0x01, 0x56, 0x05, 0x11, 0x01, 0x15, 0xDA, 0x02,
717 0x01, 0x26, 0xDA, 0x26, 0x06, 0x06, 0x5B, 0x01, 0x00, 0xDC, 0x04, 0x77,
718 0x25, 0x00, 0x00, 0x01, 0x10, 0xDC, 0x77, 0x2C, 0x26, 0xCA, 0x06, 0x0C,
719 0xA9, 0x23, 0x26, 0x5C, 0xDB, 0x26, 0xDA, 0x82, 0x44, 0xD6, 0x04, 0x0D,
720 0x26, 0xC8, 0x44, 0xA9, 0x22, 0x26, 0x5A, 0xDB, 0x26, 0xDC, 0x82, 0x44,
721 0xD6, 0x00, 0x00, 0x9A, 0x01, 0x14, 0xDC, 0x01, 0x0C, 0xDB, 0x82, 0x01,
722 0x0C, 0xD6, 0x00, 0x00, 0x4F, 0x26, 0x01, 0x00, 0x0E, 0x06, 0x02, 0x5E,
723 0x00, 0xCC, 0x25, 0x04, 0x73, 0x00, 0x26, 0xDA, 0xD6, 0x00, 0x00, 0x26,
724 0xDC, 0xD6, 0x00, 0x01, 0x03, 0x00, 0x41, 0x25, 0x26, 0x01, 0x10, 0x17,
725 0x06, 0x06, 0x01, 0x04, 0xDC, 0x02, 0x00, 0xDC, 0x26, 0x01, 0x08, 0x17,
726 0x06, 0x06, 0x01, 0x03, 0xDC, 0x02, 0x00, 0xDC, 0x26, 0x01, 0x20, 0x17,
727 0x06, 0x06, 0x01, 0x05, 0xDC, 0x02, 0x00, 0xDC, 0x26, 0x01, 0x80, 0x40,
728 0x17, 0x06, 0x06, 0x01, 0x06, 0xDC, 0x02, 0x00, 0xDC, 0x01, 0x04, 0x17,
729 0x06, 0x06, 0x01, 0x02, 0xDC, 0x02, 0x00, 0xDC, 0x00, 0x00, 0x26, 0x01,
730 0x08, 0x4D, 0xDC, 0xDC, 0x00, 0x00, 0x26, 0x01, 0x10, 0x4D, 0xDC, 0xDA,
731 0x00, 0x00, 0x26, 0x50, 0x06, 0x02, 0x25, 0x00, 0xCC, 0x25, 0x04, 0x76
732 };
733
734 static const uint16_t t0_caddr[] = {
735 0,
736 5,
737 10,
738 15,
739 20,
740 25,
741 30,
742 35,
743 40,
744 44,
745 48,
746 52,
747 56,
748 60,
749 64,
750 68,
751 72,
752 76,
753 80,
754 84,
755 88,
756 92,
757 96,
758 100,
759 104,
760 108,
761 112,
762 116,
763 120,
764 124,
765 129,
766 134,
767 139,
768 144,
769 149,
770 154,
771 159,
772 164,
773 169,
774 174,
775 179,
776 184,
777 189,
778 194,
779 199,
780 204,
781 209,
782 214,
783 219,
784 224,
785 229,
786 234,
787 239,
788 244,
789 249,
790 254,
791 259,
792 264,
793 269,
794 274,
795 279,
796 284,
797 289,
798 294,
799 303,
800 316,
801 320,
802 345,
803 351,
804 370,
805 381,
806 422,
807 542,
808 546,
809 611,
810 626,
811 637,
812 655,
813 684,
814 694,
815 730,
816 740,
817 818,
818 832,
819 838,
820 897,
821 916,
822 951,
823 1000,
824 1076,
825 1103,
826 1134,
827 1145,
828 1497,
829 1644,
830 1668,
831 1884,
832 1898,
833 1907,
834 1911,
835 2006,
836 2027,
837 2083,
838 2090,
839 2101,
840 2117,
841 2123,
842 2134,
843 2169,
844 2181,
845 2187,
846 2202,
847 2218,
848 2374,
849 2383,
850 2396,
851 2405,
852 2412,
853 2422,
854 2528,
855 2553,
856 2566,
857 2582,
858 2600,
859 2632,
860 2666,
861 3034,
862 3070,
863 3083,
864 3097,
865 3102,
866 3107,
867 3173,
868 3181,
869 3189
870 };
871
872 #define T0_INTERPRETED 86
873
874 #define T0_ENTER(ip, rp, slot) do { \
875 const unsigned char *t0_newip; \
876 uint32_t t0_lnum; \
877 t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \
878 t0_lnum = t0_parse7E_unsigned(&t0_newip); \
879 (rp) += t0_lnum; \
880 *((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \
881 (ip) = t0_newip; \
882 } while (0)
883
884 #define T0_DEFENTRY(name, slot) \
885 void \
886 name(void *ctx) \
887 { \
888 t0_context *t0ctx = ctx; \
889 t0ctx->ip = &t0_codeblock[0]; \
890 T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \
891 }
892
893 T0_DEFENTRY(br_ssl_hs_client_init_main, 167)
894
895 #define T0_NEXT(t0ipp) (*(*(t0ipp)) ++)
896
897 void
898 br_ssl_hs_client_run(void *t0ctx)
899 {
900 uint32_t *dp, *rp;
901 const unsigned char *ip;
902
903 #define T0_LOCAL(x) (*(rp - 2 - (x)))
904 #define T0_POP() (*-- dp)
905 #define T0_POPi() (*(int32_t *)(-- dp))
906 #define T0_PEEK(x) (*(dp - 1 - (x)))
907 #define T0_PEEKi(x) (*(int32_t *)(dp - 1 - (x)))
908 #define T0_PUSH(v) do { *dp = (v); dp ++; } while (0)
909 #define T0_PUSHi(v) do { *(int32_t *)dp = (v); dp ++; } while (0)
910 #define T0_RPOP() (*-- rp)
911 #define T0_RPOPi() (*(int32_t *)(-- rp))
912 #define T0_RPUSH(v) do { *rp = (v); rp ++; } while (0)
913 #define T0_RPUSHi(v) do { *(int32_t *)rp = (v); rp ++; } while (0)
914 #define T0_ROLL(x) do { \
915 size_t t0len = (size_t)(x); \
916 uint32_t t0tmp = *(dp - 1 - t0len); \
917 memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \
918 *(dp - 1) = t0tmp; \
919 } while (0)
920 #define T0_SWAP() do { \
921 uint32_t t0tmp = *(dp - 2); \
922 *(dp - 2) = *(dp - 1); \
923 *(dp - 1) = t0tmp; \
924 } while (0)
925 #define T0_ROT() do { \
926 uint32_t t0tmp = *(dp - 3); \
927 *(dp - 3) = *(dp - 2); \
928 *(dp - 2) = *(dp - 1); \
929 *(dp - 1) = t0tmp; \
930 } while (0)
931 #define T0_NROT() do { \
932 uint32_t t0tmp = *(dp - 1); \
933 *(dp - 1) = *(dp - 2); \
934 *(dp - 2) = *(dp - 3); \
935 *(dp - 3) = t0tmp; \
936 } while (0)
937 #define T0_PICK(x) do { \
938 uint32_t t0depth = (x); \
939 T0_PUSH(T0_PEEK(t0depth)); \
940 } while (0)
941 #define T0_CO() do { \
942 goto t0_exit; \
943 } while (0)
944 #define T0_RET() goto t0_next
945
946 dp = ((t0_context *)t0ctx)->dp;
947 rp = ((t0_context *)t0ctx)->rp;
948 ip = ((t0_context *)t0ctx)->ip;
949 goto t0_next;
950 for (;;) {
951 uint32_t t0x;
952
953 t0_next:
954 t0x = T0_NEXT(&ip);
955 if (t0x < T0_INTERPRETED) {
956 switch (t0x) {
957 int32_t t0off;
958
959 case 0: /* ret */
960 t0x = T0_RPOP();
961 rp -= (t0x >> 16);
962 t0x &= 0xFFFF;
963 if (t0x == 0) {
964 ip = NULL;
965 goto t0_exit;
966 }
967 ip = &t0_codeblock[t0x];
968 break;
969 case 1: /* literal constant */
970 T0_PUSHi(t0_parse7E_signed(&ip));
971 break;
972 case 2: /* read local */
973 T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip)));
974 break;
975 case 3: /* write local */
976 T0_LOCAL(t0_parse7E_unsigned(&ip)) = T0_POP();
977 break;
978 case 4: /* jump */
979 t0off = t0_parse7E_signed(&ip);
980 ip += t0off;
981 break;
982 case 5: /* jump if */
983 t0off = t0_parse7E_signed(&ip);
984 if (T0_POP()) {
985 ip += t0off;
986 }
987 break;
988 case 6: /* jump if not */
989 t0off = t0_parse7E_signed(&ip);
990 if (!T0_POP()) {
991 ip += t0off;
992 }
993 break;
994 case 7: {
995 /* * */
996
997 uint32_t b = T0_POP();
998 uint32_t a = T0_POP();
999 T0_PUSH(a * b);
1000
1001 }
1002 break;
1003 case 8: {
1004 /* + */
1005
1006 uint32_t b = T0_POP();
1007 uint32_t a = T0_POP();
1008 T0_PUSH(a + b);
1009
1010 }
1011 break;
1012 case 9: {
1013 /* - */
1014
1015 uint32_t b = T0_POP();
1016 uint32_t a = T0_POP();
1017 T0_PUSH(a - b);
1018
1019 }
1020 break;
1021 case 10: {
1022 /* < */
1023
1024 int32_t b = T0_POPi();
1025 int32_t a = T0_POPi();
1026 T0_PUSH(-(uint32_t)(a < b));
1027
1028 }
1029 break;
1030 case 11: {
1031 /* << */
1032
1033 int c = (int)T0_POPi();
1034 uint32_t x = T0_POP();
1035 T0_PUSH(x << c);
1036
1037 }
1038 break;
1039 case 12: {
1040 /* <= */
1041
1042 int32_t b = T0_POPi();
1043 int32_t a = T0_POPi();
1044 T0_PUSH(-(uint32_t)(a <= b));
1045
1046 }
1047 break;
1048 case 13: {
1049 /* <> */
1050
1051 uint32_t b = T0_POP();
1052 uint32_t a = T0_POP();
1053 T0_PUSH(-(uint32_t)(a != b));
1054
1055 }
1056 break;
1057 case 14: {
1058 /* = */
1059
1060 uint32_t b = T0_POP();
1061 uint32_t a = T0_POP();
1062 T0_PUSH(-(uint32_t)(a == b));
1063
1064 }
1065 break;
1066 case 15: {
1067 /* > */
1068
1069 int32_t b = T0_POPi();
1070 int32_t a = T0_POPi();
1071 T0_PUSH(-(uint32_t)(a > b));
1072
1073 }
1074 break;
1075 case 16: {
1076 /* >= */
1077
1078 int32_t b = T0_POPi();
1079 int32_t a = T0_POPi();
1080 T0_PUSH(-(uint32_t)(a >= b));
1081
1082 }
1083 break;
1084 case 17: {
1085 /* >> */
1086
1087 int c = (int)T0_POPi();
1088 int32_t x = T0_POPi();
1089 T0_PUSHi(x >> c);
1090
1091 }
1092 break;
1093 case 18: {
1094 /* anchor-dn-append-name */
1095
1096 size_t len;
1097
1098 len = T0_POP();
1099 if (CTX->client_auth_vtable != NULL) {
1100 (*CTX->client_auth_vtable)->append_name(
1101 CTX->client_auth_vtable, ENG->pad, len);
1102 }
1103
1104 }
1105 break;
1106 case 19: {
1107 /* anchor-dn-end-name */
1108
1109 if (CTX->client_auth_vtable != NULL) {
1110 (*CTX->client_auth_vtable)->end_name(
1111 CTX->client_auth_vtable);
1112 }
1113
1114 }
1115 break;
1116 case 20: {
1117 /* anchor-dn-end-name-list */
1118
1119 if (CTX->client_auth_vtable != NULL) {
1120 (*CTX->client_auth_vtable)->end_name_list(
1121 CTX->client_auth_vtable);
1122 }
1123
1124 }
1125 break;
1126 case 21: {
1127 /* anchor-dn-start-name */
1128
1129 size_t len;
1130
1131 len = T0_POP();
1132 if (CTX->client_auth_vtable != NULL) {
1133 (*CTX->client_auth_vtable)->start_name(
1134 CTX->client_auth_vtable, len);
1135 }
1136
1137 }
1138 break;
1139 case 22: {
1140 /* anchor-dn-start-name-list */
1141
1142 if (CTX->client_auth_vtable != NULL) {
1143 (*CTX->client_auth_vtable)->start_name_list(
1144 CTX->client_auth_vtable);
1145 }
1146
1147 }
1148 break;
1149 case 23: {
1150 /* and */
1151
1152 uint32_t b = T0_POP();
1153 uint32_t a = T0_POP();
1154 T0_PUSH(a & b);
1155
1156 }
1157 break;
1158 case 24: {
1159 /* begin-cert */
1160
1161 if (ENG->chain_len == 0) {
1162 T0_PUSHi(-1);
1163 } else {
1164 ENG->cert_cur = ENG->chain->data;
1165 ENG->cert_len = ENG->chain->data_len;
1166 ENG->chain ++;
1167 ENG->chain_len --;
1168 T0_PUSH(ENG->cert_len);
1169 }
1170
1171 }
1172 break;
1173 case 25: {
1174 /* bzero */
1175
1176 size_t len = (size_t)T0_POP();
1177 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
1178 memset(addr, 0, len);
1179
1180 }
1181 break;
1182 case 26: {
1183 /* can-output? */
1184
1185 T0_PUSHi(-(ENG->hlen_out > 0));
1186
1187 }
1188 break;
1189 case 27: {
1190 /* co */
1191 T0_CO();
1192 }
1193 break;
1194 case 28: {
1195 /* compute-Finished-inner */
1196
1197 int prf_id = T0_POP();
1198 int from_client = T0_POPi();
1199 unsigned char tmp[48];
1200 br_tls_prf_seed_chunk seed;
1201
1202 br_tls_prf_impl prf = br_ssl_engine_get_PRF(ENG, prf_id);
1203 seed.data = tmp;
1204 if (ENG->session.version >= BR_TLS12) {
1205 seed.len = br_multihash_out(&ENG->mhash, prf_id, tmp);
1206 } else {
1207 br_multihash_out(&ENG->mhash, br_md5_ID, tmp);
1208 br_multihash_out(&ENG->mhash, br_sha1_ID, tmp + 16);
1209 seed.len = 36;
1210 }
1211 prf(ENG->pad, 12, ENG->session.master_secret,
1212 sizeof ENG->session.master_secret,
1213 from_client ? "client finished" : "server finished",
1214 1, &seed);
1215
1216 }
1217 break;
1218 case 29: {
1219 /* copy-cert-chunk */
1220
1221 size_t clen;
1222
1223 clen = ENG->cert_len;
1224 if (clen > sizeof ENG->pad) {
1225 clen = sizeof ENG->pad;
1226 }
1227 memcpy(ENG->pad, ENG->cert_cur, clen);
1228 ENG->cert_cur += clen;
1229 ENG->cert_len -= clen;
1230 T0_PUSH(clen);
1231
1232 }
1233 break;
1234 case 30: {
1235 /* copy-protocol-name */
1236
1237 size_t idx = T0_POP();
1238 size_t len = strlen(ENG->protocol_names[idx]);
1239 memcpy(ENG->pad, ENG->protocol_names[idx], len);
1240 T0_PUSH(len);
1241
1242 }
1243 break;
1244 case 31: {
1245 /* data-get8 */
1246
1247 size_t addr = T0_POP();
1248 T0_PUSH(t0_datablock[addr]);
1249
1250 }
1251 break;
1252 case 32: {
1253 /* discard-input */
1254
1255 ENG->hlen_in = 0;
1256
1257 }
1258 break;
1259 case 33: {
1260 /* do-client-sign */
1261
1262 size_t sig_len;
1263
1264 sig_len = make_client_sign(CTX);
1265 if (sig_len == 0) {
1266 br_ssl_engine_fail(ENG, BR_ERR_INVALID_ALGORITHM);
1267 T0_CO();
1268 }
1269 T0_PUSH(sig_len);
1270
1271 }
1272 break;
1273 case 34: {
1274 /* do-ecdh */
1275
1276 unsigned prf_id = T0_POP();
1277 unsigned ecdhe = T0_POP();
1278 int x;
1279
1280 x = make_pms_ecdh(CTX, ecdhe, prf_id);
1281 if (x < 0) {
1282 br_ssl_engine_fail(ENG, -x);
1283 T0_CO();
1284 } else {
1285 T0_PUSH(x);
1286 }
1287
1288 }
1289 break;
1290 case 35: {
1291 /* do-rsa-encrypt */
1292
1293 int x;
1294
1295 x = make_pms_rsa(CTX, T0_POP());
1296 if (x < 0) {
1297 br_ssl_engine_fail(ENG, -x);
1298 T0_CO();
1299 } else {
1300 T0_PUSH(x);
1301 }
1302
1303 }
1304 break;
1305 case 36: {
1306 /* do-static-ecdh */
1307
1308 unsigned prf_id = T0_POP();
1309
1310 if (make_pms_static_ecdh(CTX, prf_id) < 0) {
1311 br_ssl_engine_fail(ENG, BR_ERR_INVALID_ALGORITHM);
1312 T0_CO();
1313 }
1314
1315 }
1316 break;
1317 case 37: {
1318 /* drop */
1319 (void)T0_POP();
1320 }
1321 break;
1322 case 38: {
1323 /* dup */
1324 T0_PUSH(T0_PEEK(0));
1325 }
1326 break;
1327 case 39: {
1328 /* ext-ALPN-length */
1329
1330 size_t u, len;
1331
1332 if (ENG->protocol_names_num == 0) {
1333 T0_PUSH(0);
1334 T0_RET();
1335 }
1336 len = 6;
1337 for (u = 0; u < ENG->protocol_names_num; u ++) {
1338 len += 1 + strlen(ENG->protocol_names[u]);
1339 }
1340 T0_PUSH(len);
1341
1342 }
1343 break;
1344 case 40: {
1345 /* fail */
1346
1347 br_ssl_engine_fail(ENG, (int)T0_POPi());
1348 T0_CO();
1349
1350 }
1351 break;
1352 case 41: {
1353 /* flush-record */
1354
1355 br_ssl_engine_flush_record(ENG);
1356
1357 }
1358 break;
1359 case 42: {
1360 /* get-client-chain */
1361
1362 uint32_t auth_types;
1363
1364 auth_types = T0_POP();
1365 if (CTX->client_auth_vtable != NULL) {
1366 br_ssl_client_certificate ux;
1367
1368 (*CTX->client_auth_vtable)->choose(CTX->client_auth_vtable,
1369 CTX, auth_types, &ux);
1370 CTX->auth_type = (unsigned char)ux.auth_type;
1371 CTX->hash_id = (unsigned char)ux.hash_id;
1372 ENG->chain = ux.chain;
1373 ENG->chain_len = ux.chain_len;
1374 } else {
1375 CTX->hash_id = 0;
1376 ENG->chain_len = 0;
1377 }
1378
1379 }
1380 break;
1381 case 43: {
1382 /* get-key-type-usages */
1383
1384 const br_x509_class *xc;
1385 const br_x509_pkey *pk;
1386 unsigned usages;
1387
1388 xc = *(ENG->x509ctx);
1389 pk = xc->get_pkey(ENG->x509ctx, &usages);
1390 if (pk == NULL) {
1391 T0_PUSH(0);
1392 } else {
1393 T0_PUSH(pk->key_type | usages);
1394 }
1395
1396 }
1397 break;
1398 case 44: {
1399 /* get16 */
1400
1401 size_t addr = (size_t)T0_POP();
1402 T0_PUSH(*(uint16_t *)(void *)((unsigned char *)ENG + addr));
1403
1404 }
1405 break;
1406 case 45: {
1407 /* get32 */
1408
1409 size_t addr = (size_t)T0_POP();
1410 T0_PUSH(*(uint32_t *)(void *)((unsigned char *)ENG + addr));
1411
1412 }
1413 break;
1414 case 46: {
1415 /* get8 */
1416
1417 size_t addr = (size_t)T0_POP();
1418 T0_PUSH(*((unsigned char *)ENG + addr));
1419
1420 }
1421 break;
1422 case 47: {
1423 /* has-input? */
1424
1425 T0_PUSHi(-(ENG->hlen_in != 0));
1426
1427 }
1428 break;
1429 case 48: {
1430 /* memcmp */
1431
1432 size_t len = (size_t)T0_POP();
1433 void *addr2 = (unsigned char *)ENG + (size_t)T0_POP();
1434 void *addr1 = (unsigned char *)ENG + (size_t)T0_POP();
1435 int x = memcmp(addr1, addr2, len);
1436 T0_PUSH((uint32_t)-(x == 0));
1437
1438 }
1439 break;
1440 case 49: {
1441 /* memcpy */
1442
1443 size_t len = (size_t)T0_POP();
1444 void *src = (unsigned char *)ENG + (size_t)T0_POP();
1445 void *dst = (unsigned char *)ENG + (size_t)T0_POP();
1446 memcpy(dst, src, len);
1447
1448 }
1449 break;
1450 case 50: {
1451 /* mkrand */
1452
1453 size_t len = (size_t)T0_POP();
1454 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
1455 br_hmac_drbg_generate(&ENG->rng, addr, len);
1456
1457 }
1458 break;
1459 case 51: {
1460 /* more-incoming-bytes? */
1461
1462 T0_PUSHi(ENG->hlen_in != 0 || !br_ssl_engine_recvrec_finished(ENG));
1463
1464 }
1465 break;
1466 case 52: {
1467 /* multihash-init */
1468
1469 br_multihash_init(&ENG->mhash);
1470
1471 }
1472 break;
1473 case 53: {
1474 /* neg */
1475
1476 uint32_t a = T0_POP();
1477 T0_PUSH(-a);
1478
1479 }
1480 break;
1481 case 54: {
1482 /* not */
1483
1484 uint32_t a = T0_POP();
1485 T0_PUSH(~a);
1486
1487 }
1488 break;
1489 case 55: {
1490 /* or */
1491
1492 uint32_t b = T0_POP();
1493 uint32_t a = T0_POP();
1494 T0_PUSH(a | b);
1495
1496 }
1497 break;
1498 case 56: {
1499 /* over */
1500 T0_PUSH(T0_PEEK(1));
1501 }
1502 break;
1503 case 57: {
1504 /* read-chunk-native */
1505
1506 size_t clen = ENG->hlen_in;
1507 if (clen > 0) {
1508 uint32_t addr, len;
1509
1510 len = T0_POP();
1511 addr = T0_POP();
1512 if ((size_t)len < clen) {
1513 clen = (size_t)len;
1514 }
1515 memcpy((unsigned char *)ENG + addr, ENG->hbuf_in, clen);
1516 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1517 br_multihash_update(&ENG->mhash, ENG->hbuf_in, clen);
1518 }
1519 T0_PUSH(addr + (uint32_t)clen);
1520 T0_PUSH(len - (uint32_t)clen);
1521 ENG->hbuf_in += clen;
1522 ENG->hlen_in -= clen;
1523 }
1524
1525 }
1526 break;
1527 case 58: {
1528 /* read8-native */
1529
1530 if (ENG->hlen_in > 0) {
1531 unsigned char x;
1532
1533 x = *ENG->hbuf_in ++;
1534 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1535 br_multihash_update(&ENG->mhash, &x, 1);
1536 }
1537 T0_PUSH(x);
1538 ENG->hlen_in --;
1539 } else {
1540 T0_PUSHi(-1);
1541 }
1542
1543 }
1544 break;
1545 case 59: {
1546 /* set-server-curve */
1547
1548 const br_x509_class *xc;
1549 const br_x509_pkey *pk;
1550
1551 xc = *(ENG->x509ctx);
1552 pk = xc->get_pkey(ENG->x509ctx, NULL);
1553 CTX->server_curve =
1554 (pk->key_type == BR_KEYTYPE_EC) ? pk->key.ec.curve : 0;
1555
1556 }
1557 break;
1558 case 60: {
1559 /* set16 */
1560
1561 size_t addr = (size_t)T0_POP();
1562 *(uint16_t *)(void *)((unsigned char *)ENG + addr) = (uint16_t)T0_POP();
1563
1564 }
1565 break;
1566 case 61: {
1567 /* set32 */
1568
1569 size_t addr = (size_t)T0_POP();
1570 *(uint32_t *)(void *)((unsigned char *)ENG + addr) = (uint32_t)T0_POP();
1571
1572 }
1573 break;
1574 case 62: {
1575 /* set8 */
1576
1577 size_t addr = (size_t)T0_POP();
1578 *((unsigned char *)ENG + addr) = (unsigned char)T0_POP();
1579
1580 }
1581 break;
1582 case 63: {
1583 /* strlen */
1584
1585 void *str = (unsigned char *)ENG + (size_t)T0_POP();
1586 T0_PUSH((uint32_t)strlen(str));
1587
1588 }
1589 break;
1590 case 64: {
1591 /* supported-curves */
1592
1593 uint32_t x = ENG->iec == NULL ? 0 : ENG->iec->supported_curves;
1594 T0_PUSH(x);
1595
1596 }
1597 break;
1598 case 65: {
1599 /* supported-hash-functions */
1600
1601 int i;
1602 unsigned x, num;
1603
1604 x = 0;
1605 num = 0;
1606 for (i = br_sha1_ID; i <= br_sha512_ID; i ++) {
1607 if (br_multihash_getimpl(&ENG->mhash, i)) {
1608 x |= 1U << i;
1609 num ++;
1610 }
1611 }
1612 T0_PUSH(x);
1613 T0_PUSH(num);
1614
1615 }
1616 break;
1617 case 66: {
1618 /* supports-ecdsa? */
1619
1620 T0_PUSHi(-(ENG->iecdsa != 0));
1621
1622 }
1623 break;
1624 case 67: {
1625 /* supports-rsa-sign? */
1626
1627 T0_PUSHi(-(ENG->irsavrfy != 0));
1628
1629 }
1630 break;
1631 case 68: {
1632 /* swap */
1633 T0_SWAP();
1634 }
1635 break;
1636 case 69: {
1637 /* switch-aesgcm-in */
1638
1639 int is_client, prf_id;
1640 unsigned cipher_key_len;
1641
1642 cipher_key_len = T0_POP();
1643 prf_id = T0_POP();
1644 is_client = T0_POP();
1645 br_ssl_engine_switch_gcm_in(ENG, is_client, prf_id,
1646 ENG->iaes_ctr, cipher_key_len);
1647
1648 }
1649 break;
1650 case 70: {
1651 /* switch-aesgcm-out */
1652
1653 int is_client, prf_id;
1654 unsigned cipher_key_len;
1655
1656 cipher_key_len = T0_POP();
1657 prf_id = T0_POP();
1658 is_client = T0_POP();
1659 br_ssl_engine_switch_gcm_out(ENG, is_client, prf_id,
1660 ENG->iaes_ctr, cipher_key_len);
1661
1662 }
1663 break;
1664 case 71: {
1665 /* switch-cbc-in */
1666
1667 int is_client, prf_id, mac_id, aes;
1668 unsigned cipher_key_len;
1669
1670 cipher_key_len = T0_POP();
1671 aes = T0_POP();
1672 mac_id = T0_POP();
1673 prf_id = T0_POP();
1674 is_client = T0_POP();
1675 br_ssl_engine_switch_cbc_in(ENG, is_client, prf_id, mac_id,
1676 aes ? ENG->iaes_cbcdec : ENG->ides_cbcdec, cipher_key_len);
1677
1678 }
1679 break;
1680 case 72: {
1681 /* switch-cbc-out */
1682
1683 int is_client, prf_id, mac_id, aes;
1684 unsigned cipher_key_len;
1685
1686 cipher_key_len = T0_POP();
1687 aes = T0_POP();
1688 mac_id = T0_POP();
1689 prf_id = T0_POP();
1690 is_client = T0_POP();
1691 br_ssl_engine_switch_cbc_out(ENG, is_client, prf_id, mac_id,
1692 aes ? ENG->iaes_cbcenc : ENG->ides_cbcenc, cipher_key_len);
1693
1694 }
1695 break;
1696 case 73: {
1697 /* switch-chapol-in */
1698
1699 int is_client, prf_id;
1700
1701 prf_id = T0_POP();
1702 is_client = T0_POP();
1703 br_ssl_engine_switch_chapol_in(ENG, is_client, prf_id);
1704
1705 }
1706 break;
1707 case 74: {
1708 /* switch-chapol-out */
1709
1710 int is_client, prf_id;
1711
1712 prf_id = T0_POP();
1713 is_client = T0_POP();
1714 br_ssl_engine_switch_chapol_out(ENG, is_client, prf_id);
1715
1716 }
1717 break;
1718 case 75: {
1719 /* test-protocol-name */
1720
1721 size_t len = T0_POP();
1722 size_t u;
1723
1724 for (u = 0; u < ENG->protocol_names_num; u ++) {
1725 const char *name;
1726
1727 name = ENG->protocol_names[u];
1728 if (len == strlen(name) && memcmp(ENG->pad, name, len) == 0) {
1729 T0_PUSH(u);
1730 T0_RET();
1731 }
1732 }
1733 T0_PUSHi(-1);
1734
1735 }
1736 break;
1737 case 76: {
1738 /* total-chain-length */
1739
1740 size_t u;
1741 uint32_t total;
1742
1743 total = 0;
1744 for (u = 0; u < ENG->chain_len; u ++) {
1745 total += 3 + (uint32_t)ENG->chain[u].data_len;
1746 }
1747 T0_PUSH(total);
1748
1749 }
1750 break;
1751 case 77: {
1752 /* u>> */
1753
1754 int c = (int)T0_POPi();
1755 uint32_t x = T0_POP();
1756 T0_PUSH(x >> c);
1757
1758 }
1759 break;
1760 case 78: {
1761 /* verify-SKE-sig */
1762
1763 size_t sig_len = T0_POP();
1764 int use_rsa = T0_POPi();
1765 int hash = T0_POPi();
1766
1767 T0_PUSH(verify_SKE_sig(CTX, hash, use_rsa, sig_len));
1768
1769 }
1770 break;
1771 case 79: {
1772 /* write-blob-chunk */
1773
1774 size_t clen = ENG->hlen_out;
1775 if (clen > 0) {
1776 uint32_t addr, len;
1777
1778 len = T0_POP();
1779 addr = T0_POP();
1780 if ((size_t)len < clen) {
1781 clen = (size_t)len;
1782 }
1783 memcpy(ENG->hbuf_out, (unsigned char *)ENG + addr, clen);
1784 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1785 br_multihash_update(&ENG->mhash, ENG->hbuf_out, clen);
1786 }
1787 T0_PUSH(addr + (uint32_t)clen);
1788 T0_PUSH(len - (uint32_t)clen);
1789 ENG->hbuf_out += clen;
1790 ENG->hlen_out -= clen;
1791 }
1792
1793 }
1794 break;
1795 case 80: {
1796 /* write8-native */
1797
1798 unsigned char x;
1799
1800 x = (unsigned char)T0_POP();
1801 if (ENG->hlen_out > 0) {
1802 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1803 br_multihash_update(&ENG->mhash, &x, 1);
1804 }
1805 *ENG->hbuf_out ++ = x;
1806 ENG->hlen_out --;
1807 T0_PUSHi(-1);
1808 } else {
1809 T0_PUSHi(0);
1810 }
1811
1812 }
1813 break;
1814 case 81: {
1815 /* x509-append */
1816
1817 const br_x509_class *xc;
1818 size_t len;
1819
1820 xc = *(ENG->x509ctx);
1821 len = T0_POP();
1822 xc->append(ENG->x509ctx, ENG->pad, len);
1823
1824 }
1825 break;
1826 case 82: {
1827 /* x509-end-cert */
1828
1829 const br_x509_class *xc;
1830
1831 xc = *(ENG->x509ctx);
1832 xc->end_cert(ENG->x509ctx);
1833
1834 }
1835 break;
1836 case 83: {
1837 /* x509-end-chain */
1838
1839 const br_x509_class *xc;
1840
1841 xc = *(ENG->x509ctx);
1842 T0_PUSH(xc->end_chain(ENG->x509ctx));
1843
1844 }
1845 break;
1846 case 84: {
1847 /* x509-start-cert */
1848
1849 const br_x509_class *xc;
1850
1851 xc = *(ENG->x509ctx);
1852 xc->start_cert(ENG->x509ctx, T0_POP());
1853
1854 }
1855 break;
1856 case 85: {
1857 /* x509-start-chain */
1858
1859 const br_x509_class *xc;
1860 uint32_t bc;
1861
1862 bc = T0_POP();
1863 xc = *(ENG->x509ctx);
1864 xc->start_chain(ENG->x509ctx, bc ? ENG->server_name : NULL);
1865
1866 }
1867 break;
1868 }
1869
1870 } else {
1871 T0_ENTER(ip, rp, t0x);
1872 }
1873 }
1874 t0_exit:
1875 ((t0_context *)t0ctx)->dp = dp;
1876 ((t0_context *)t0ctx)->rp = rp;
1877 ((t0_context *)t0ctx)->ip = ip;
1878 }
The BearSSL library and tools.