1 /* Automatically generated code; do not modify directly. */
9 const unsigned char *ip
;
13 t0_parse7E_unsigned(const unsigned char **p
)
22 x
= (x
<< 7) | (uint32_t)(y
& 0x7F);
30 t0_parse7E_signed(const unsigned char **p
)
35 neg
= ((**p
) >> 6) & 1;
41 x
= (x
<< 7) | (uint32_t)(y
& 0x7F);
44 return -(int32_t)~x
- 1;
52 #define T0_VBYTE(x, n) (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) | 0x80)
53 #define T0_FBYTE(x, n) (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)
54 #define T0_SBYTE(x) (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)
55 #define T0_INT1(x) T0_FBYTE(x, 0)
56 #define T0_INT2(x) T0_VBYTE(x, 7), T0_FBYTE(x, 0)
57 #define T0_INT3(x) T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
58 #define T0_INT4(x) T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
59 #define T0_INT5(x) T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
61 /* static const unsigned char t0_datablock[]; */
64 void br_ssl_hs_client_init_main(void *t0ctx
);
66 void br_ssl_hs_client_run(void *t0ctx
);
76 * This macro evaluates to a pointer to the current engine context.
78 #define ENG ((br_ssl_engine_context *)(void *)((unsigned char *)t0ctx - offsetof(br_ssl_engine_context, cpu)))
85 * This macro evaluates to a pointer to the client context, under that
86 * specific name. It must be noted that since the engine context is the
87 * first field of the br_ssl_client_context structure ('eng'), then
88 * pointers values of both types are interchangeable, modulo an
89 * appropriate cast. This also means that "adresses" computed as offsets
90 * within the structure work for both kinds of context.
92 #define CTX ((br_ssl_client_context *)ENG)
95 * Generate the pre-master secret for RSA key exchange, and encrypt it
96 * with the server's public key. Returned value is either the encrypted
97 * data length (in bytes), or -x on error, with 'x' being an error code.
99 * This code assumes that the public key has been already verified (it
100 * was properly obtained by the X.509 engine, and it has the right type,
101 * i.e. it is of type RSA and suitable for encryption).
104 make_pms_rsa(br_ssl_client_context
*ctx
, int prf_id
)
106 const br_x509_class
**xc
;
107 const br_x509_pkey
*pk
;
108 const unsigned char *n
;
112 xc
= ctx
->eng
.x509ctx
;
113 pk
= (*xc
)->get_pkey(xc
, NULL
);
116 * Compute actual RSA key length, in case there are leading zeros.
119 nlen
= pk
->key
.rsa
.nlen
;
120 while (nlen
> 0 && *n
== 0) {
126 * We need at least 59 bytes (48 bytes for pre-master secret, and
127 * 11 bytes for the PKCS#1 type 2 padding). Note that the X.509
128 * minimal engine normally blocks RSA keys shorter than 128 bytes,
129 * so this is mostly for public keys provided explicitly by the
133 return -BR_ERR_X509_WEAK_PUBLIC_KEY
;
135 if (nlen
> sizeof ctx
->eng
.pad
) {
136 return -BR_ERR_LIMIT_EXCEEDED
;
142 pms
= ctx
->eng
.pad
+ nlen
- 48;
143 br_enc16be(pms
, ctx
->eng
.version_max
);
144 br_hmac_drbg_generate(&ctx
->eng
.rng
, pms
+ 2, 46);
145 br_ssl_engine_compute_master(&ctx
->eng
, prf_id
, pms
, 48);
148 * Apply PKCS#1 type 2 padding.
150 ctx
->eng
.pad
[0] = 0x00;
151 ctx
->eng
.pad
[1] = 0x02;
152 ctx
->eng
.pad
[nlen
- 49] = 0x00;
153 br_hmac_drbg_generate(&ctx
->eng
.rng
, ctx
->eng
.pad
+ 2, nlen
- 51);
154 for (u
= 2; u
< nlen
- 49; u
++) {
155 while (ctx
->eng
.pad
[u
] == 0) {
156 br_hmac_drbg_generate(&ctx
->eng
.rng
,
157 &ctx
->eng
.pad
[u
], 1);
162 * Compute RSA encryption.
164 if (!ctx
->irsapub(ctx
->eng
.pad
, nlen
, &pk
->key
.rsa
)) {
165 return -BR_ERR_LIMIT_EXCEEDED
;
171 * OID for hash functions in RSA signatures.
173 static const unsigned char *HASH_OID
[] = {
182 * Check the RSA signature on the ServerKeyExchange message.
184 * hash hash function ID (2 to 6), or 0 for MD5+SHA-1 (with RSA only)
185 * use_rsa non-zero for RSA signature, zero for ECDSA
186 * sig_len signature length (in bytes); signature value is in the pad
188 * Returned value is 0 on success, or an error code.
191 verify_SKE_sig(br_ssl_client_context
*ctx
,
192 int hash
, int use_rsa
, size_t sig_len
)
194 const br_x509_class
**xc
;
195 const br_x509_pkey
*pk
;
196 br_multihash_context mhc
;
197 unsigned char hv
[64], head
[4];
200 xc
= ctx
->eng
.x509ctx
;
201 pk
= (*xc
)->get_pkey(xc
, NULL
);
202 br_multihash_zero(&mhc
);
203 br_multihash_copyimpl(&mhc
, &ctx
->eng
.mhash
);
204 br_multihash_init(&mhc
);
205 br_multihash_update(&mhc
,
206 ctx
->eng
.client_random
, sizeof ctx
->eng
.client_random
);
207 br_multihash_update(&mhc
,
208 ctx
->eng
.server_random
, sizeof ctx
->eng
.server_random
);
211 head
[2] = ctx
->eng
.ecdhe_curve
;
212 head
[3] = ctx
->eng
.ecdhe_point_len
;
213 br_multihash_update(&mhc
, head
, sizeof head
);
214 br_multihash_update(&mhc
,
215 ctx
->eng
.ecdhe_point
, ctx
->eng
.ecdhe_point_len
);
217 hv_len
= br_multihash_out(&mhc
, hash
, hv
);
219 return BR_ERR_INVALID_ALGORITHM
;
222 if (!br_multihash_out(&mhc
, br_md5_ID
, hv
)
223 || !br_multihash_out(&mhc
, br_sha1_ID
, hv
+ 16))
225 return BR_ERR_INVALID_ALGORITHM
;
230 unsigned char tmp
[64];
231 const unsigned char *hash_oid
;
234 hash_oid
= HASH_OID
[hash
- 2];
238 if (!ctx
->eng
.irsavrfy(ctx
->eng
.pad
, sig_len
,
239 hash_oid
, hv_len
, &pk
->key
.rsa
, tmp
)
240 || memcmp(tmp
, hv
, hv_len
) != 0)
242 return BR_ERR_BAD_SIGNATURE
;
245 if (!ctx
->eng
.iecdsa(ctx
->eng
.iec
, hv
, hv_len
, &pk
->key
.ec
,
246 ctx
->eng
.pad
, sig_len
))
248 return BR_ERR_BAD_SIGNATURE
;
255 * Perform client-side ECDH (or ECDHE). The point that should be sent to
256 * the server is written in the pad; returned value is either the point
257 * length (in bytes), or -x on error, with 'x' being an error code.
259 * The point _from_ the server is taken from ecdhe_point[] if 'ecdhe'
260 * is non-zero, or from the X.509 engine context if 'ecdhe' is zero
264 make_pms_ecdh(br_ssl_client_context
*ctx
, unsigned ecdhe
, int prf_id
)
267 unsigned char key
[66], point
[133];
268 const unsigned char *order
, *point_src
;
269 size_t glen
, olen
, point_len
, xoff
, xlen
;
273 curve
= ctx
->eng
.ecdhe_curve
;
274 point_src
= ctx
->eng
.ecdhe_point
;
275 point_len
= ctx
->eng
.ecdhe_point_len
;
277 const br_x509_class
**xc
;
278 const br_x509_pkey
*pk
;
280 xc
= ctx
->eng
.x509ctx
;
281 pk
= (*xc
)->get_pkey(xc
, NULL
);
282 curve
= pk
->key
.ec
.curve
;
283 point_src
= pk
->key
.ec
.q
;
284 point_len
= pk
->key
.ec
.qlen
;
286 if ((ctx
->eng
.iec
->supported_curves
& ((uint32_t)1 << curve
)) == 0) {
287 return -BR_ERR_INVALID_ALGORITHM
;
291 * We need to generate our key, as a non-zero random value which
292 * is lower than the curve order, in a "large enough" range. We
293 * force top bit to 0 and bottom bit to 1, which guarantees that
294 * the value is in the proper range.
296 order
= ctx
->eng
.iec
->order(curve
, &olen
);
298 while (mask
>= order
[0]) {
301 br_hmac_drbg_generate(&ctx
->eng
.rng
, key
, olen
);
303 key
[olen
- 1] |= 0x01;
306 * Compute the common ECDH point, whose X coordinate is the
309 ctx
->eng
.iec
->generator(curve
, &glen
);
310 if (glen
!= point_len
) {
311 return -BR_ERR_INVALID_ALGORITHM
;
314 memcpy(point
, point_src
, glen
);
315 if (!ctx
->eng
.iec
->mul(point
, glen
, key
, olen
, curve
)) {
316 return -BR_ERR_INVALID_ALGORITHM
;
320 * The pre-master secret is the X coordinate.
322 xoff
= ctx
->eng
.iec
->xoff(curve
, &xlen
);
323 br_ssl_engine_compute_master(&ctx
->eng
, prf_id
, point
+ xoff
, xlen
);
325 ctx
->eng
.iec
->mulgen(point
, key
, olen
, curve
);
326 memcpy(ctx
->eng
.pad
, point
, glen
);
331 * Perform full static ECDH. This occurs only in the context of client
332 * authentication with certificates: the server uses an EC public key,
333 * the cipher suite is of type ECDH (not ECDHE), the server requested a
334 * client certificate and accepts static ECDH, the client has a
335 * certificate with an EC public key in the same curve, and accepts
336 * static ECDH as well.
338 * Returned value is 0 on success, -1 on error.
341 make_pms_static_ecdh(br_ssl_client_context
*ctx
, int prf_id
)
343 unsigned char point
[133];
345 const br_x509_class
**xc
;
346 const br_x509_pkey
*pk
;
348 xc
= ctx
->eng
.x509ctx
;
349 pk
= (*xc
)->get_pkey(xc
, NULL
);
350 point_len
= pk
->key
.ec
.qlen
;
351 if (point_len
> sizeof point
) {
354 memcpy(point
, pk
->key
.ec
.q
, point_len
);
355 if (!(*ctx
->client_auth_vtable
)->do_keyx(
356 ctx
->client_auth_vtable
, point
, &point_len
))
360 br_ssl_engine_compute_master(&ctx
->eng
,
361 prf_id
, point
, point_len
);
366 * Compute the client-side signature. This is invoked only when a
367 * signature-based client authentication was selected. The computed
368 * signature is in the pad; its length (in bytes) is returned. On
369 * error, 0 is returned.
372 make_client_sign(br_ssl_client_context
*ctx
)
377 * Compute hash of handshake messages so far. This "cannot" fail
378 * because the list of supported hash functions provided to the
379 * client certificate handler was trimmed to include only the
380 * hash functions that the multi-hasher supports.
383 hv_len
= br_multihash_out(&ctx
->eng
.mhash
,
384 ctx
->hash_id
, ctx
->eng
.pad
);
386 br_multihash_out(&ctx
->eng
.mhash
,
387 br_md5_ID
, ctx
->eng
.pad
);
388 br_multihash_out(&ctx
->eng
.mhash
,
389 br_sha1_ID
, ctx
->eng
.pad
+ 16);
392 return (*ctx
->client_auth_vtable
)->do_sign(
393 ctx
->client_auth_vtable
, ctx
->hash_id
, hv_len
,
394 ctx
->eng
.pad
, sizeof ctx
->eng
.pad
);
399 static const unsigned char t0_datablock
[] = {
400 0x00, 0x00, 0x0A, 0x00, 0x24, 0x00, 0x2F, 0x01, 0x24, 0x00, 0x35, 0x02,
401 0x24, 0x00, 0x3C, 0x01, 0x44, 0x00, 0x3D, 0x02, 0x44, 0x00, 0x9C, 0x03,
402 0x04, 0x00, 0x9D, 0x04, 0x05, 0xC0, 0x03, 0x40, 0x24, 0xC0, 0x04, 0x41,
403 0x24, 0xC0, 0x05, 0x42, 0x24, 0xC0, 0x08, 0x20, 0x24, 0xC0, 0x09, 0x21,
404 0x24, 0xC0, 0x0A, 0x22, 0x24, 0xC0, 0x0D, 0x30, 0x24, 0xC0, 0x0E, 0x31,
405 0x24, 0xC0, 0x0F, 0x32, 0x24, 0xC0, 0x12, 0x10, 0x24, 0xC0, 0x13, 0x11,
406 0x24, 0xC0, 0x14, 0x12, 0x24, 0xC0, 0x23, 0x21, 0x44, 0xC0, 0x24, 0x22,
407 0x55, 0xC0, 0x25, 0x41, 0x44, 0xC0, 0x26, 0x42, 0x55, 0xC0, 0x27, 0x11,
408 0x44, 0xC0, 0x28, 0x12, 0x55, 0xC0, 0x29, 0x31, 0x44, 0xC0, 0x2A, 0x32,
409 0x55, 0xC0, 0x2B, 0x23, 0x04, 0xC0, 0x2C, 0x24, 0x05, 0xC0, 0x2D, 0x43,
410 0x04, 0xC0, 0x2E, 0x44, 0x05, 0xC0, 0x2F, 0x13, 0x04, 0xC0, 0x30, 0x14,
411 0x05, 0xC0, 0x31, 0x33, 0x04, 0xC0, 0x32, 0x34, 0x05, 0xCC, 0xA8, 0x15,
412 0x04, 0xCC, 0xA9, 0x25, 0x04, 0x00, 0x00
415 static const unsigned char t0_codeblock
[] = {
416 0x00, 0x01, 0x00, 0x0A, 0x00, 0x00, 0x01, 0x00, 0x0D, 0x00, 0x00, 0x01,
417 0x00, 0x0E, 0x00, 0x00, 0x01, 0x00, 0x0F, 0x00, 0x00, 0x01, 0x01, 0x08,
418 0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x02, 0x08, 0x00, 0x00,
419 0x01, 0x02, 0x09, 0x00, 0x00, 0x25, 0x25, 0x00, 0x00, 0x01,
420 T0_INT1(BR_ERR_BAD_CCS
), 0x00, 0x00, 0x01,
421 T0_INT1(BR_ERR_BAD_CIPHER_SUITE
), 0x00, 0x00, 0x01,
422 T0_INT1(BR_ERR_BAD_COMPRESSION
), 0x00, 0x00, 0x01,
423 T0_INT1(BR_ERR_BAD_FINISHED
), 0x00, 0x00, 0x01,
424 T0_INT1(BR_ERR_BAD_FRAGLEN
), 0x00, 0x00, 0x01,
425 T0_INT1(BR_ERR_BAD_HANDSHAKE
), 0x00, 0x00, 0x01,
426 T0_INT1(BR_ERR_BAD_HELLO_DONE
), 0x00, 0x00, 0x01,
427 T0_INT1(BR_ERR_BAD_PARAM
), 0x00, 0x00, 0x01,
428 T0_INT1(BR_ERR_BAD_SECRENEG
), 0x00, 0x00, 0x01,
429 T0_INT1(BR_ERR_BAD_SNI
), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_BAD_VERSION
),
430 0x00, 0x00, 0x01, T0_INT1(BR_ERR_EXTRA_EXTENSION
), 0x00, 0x00, 0x01,
431 T0_INT1(BR_ERR_INVALID_ALGORITHM
), 0x00, 0x00, 0x01,
432 T0_INT1(BR_ERR_LIMIT_EXCEEDED
), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OK
),
433 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OVERSIZED_ID
), 0x00, 0x00, 0x01,
434 T0_INT1(BR_ERR_RESUME_MISMATCH
), 0x00, 0x00, 0x01,
435 T0_INT1(BR_ERR_UNEXPECTED
), 0x00, 0x00, 0x01,
436 T0_INT1(BR_ERR_UNSUPPORTED_VERSION
), 0x00, 0x00, 0x01,
437 T0_INT1(BR_ERR_WRONG_KEY_USAGE
), 0x00, 0x00, 0x01,
438 T0_INT2(offsetof(br_ssl_engine_context
, action
)), 0x00, 0x00, 0x01,
439 T0_INT2(offsetof(br_ssl_engine_context
, alert
)), 0x00, 0x00, 0x01,
440 T0_INT2(offsetof(br_ssl_engine_context
, application_data
)), 0x00, 0x00,
441 0x01, T0_INT2(offsetof(br_ssl_client_context
, auth_type
)), 0x00, 0x00,
443 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, cipher_suite
)),
445 T0_INT2(offsetof(br_ssl_engine_context
, client_random
)), 0x00, 0x00,
446 0x01, T0_INT2(offsetof(br_ssl_engine_context
, close_received
)), 0x00,
447 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, ecdhe_curve
)),
449 T0_INT2(offsetof(br_ssl_engine_context
, ecdhe_point
)), 0x00, 0x00,
450 0x01, T0_INT2(offsetof(br_ssl_engine_context
, ecdhe_point_len
)), 0x00,
451 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, flags
)), 0x00,
452 0x00, 0x01, T0_INT2(offsetof(br_ssl_client_context
, hash_id
)), 0x00,
453 0x00, 0x01, T0_INT2(offsetof(br_ssl_client_context
, hashes
)), 0x00,
454 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, log_max_frag_len
)),
456 T0_INT2(offsetof(br_ssl_client_context
, min_clienthello_len
)), 0x00,
457 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, pad
)), 0x00, 0x00,
458 0x01, T0_INT2(offsetof(br_ssl_engine_context
, protocol_names_num
)),
460 T0_INT2(offsetof(br_ssl_engine_context
, record_type_in
)), 0x00, 0x00,
461 0x01, T0_INT2(offsetof(br_ssl_engine_context
, record_type_out
)), 0x00,
462 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, reneg
)), 0x00,
463 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, saved_finished
)),
465 T0_INT2(offsetof(br_ssl_engine_context
, selected_protocol
)), 0x00,
466 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, server_name
)),
468 T0_INT2(offsetof(br_ssl_engine_context
, server_random
)), 0x00, 0x00,
470 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, session_id
)),
472 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, session_id_len
)),
474 T0_INT2(offsetof(br_ssl_engine_context
, shutdown_recv
)), 0x00, 0x00,
475 0x01, T0_INT2(offsetof(br_ssl_engine_context
, suites_buf
)), 0x00, 0x00,
476 0x01, T0_INT2(offsetof(br_ssl_engine_context
, suites_num
)), 0x00, 0x00,
478 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, version
)),
479 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, version_in
)),
481 T0_INT2(offsetof(br_ssl_engine_context
, version_max
)), 0x00, 0x00,
482 0x01, T0_INT2(offsetof(br_ssl_engine_context
, version_min
)), 0x00,
483 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, version_out
)),
484 0x00, 0x00, 0x09, 0x26, 0x56, 0x06, 0x02, 0x66, 0x28, 0x00, 0x00, 0x06,
485 0x08, 0x2C, 0x0E, 0x05, 0x02, 0x6F, 0x28, 0x04, 0x01, 0x3C, 0x00, 0x00,
486 0x01, 0x01, 0x00, 0x01, 0x03, 0x00, 0x97, 0x26, 0x5C, 0x44, 0x9B, 0x26,
487 0x05, 0x04, 0x5E, 0x01, 0x00, 0x00, 0x02, 0x00, 0x0E, 0x06, 0x02, 0x9B,
488 0x00, 0x5C, 0x04, 0x6B, 0x00, 0x06, 0x02, 0x66, 0x28, 0x00, 0x00, 0x26,
489 0x87, 0x44, 0x05, 0x03, 0x01, 0x0C, 0x08, 0x44, 0x77, 0x2C, 0xA9, 0x1C,
490 0x82, 0x01, 0x0C, 0x31, 0x00, 0x00, 0x26, 0x1F, 0x01, 0x08, 0x0B, 0x44,
491 0x5A, 0x1F, 0x08, 0x00, 0x01, 0x03, 0x00, 0x75, 0x2E, 0x02, 0x00, 0x36,
492 0x17, 0x01, 0x01, 0x0B, 0x75, 0x3E, 0x29, 0x1A, 0x36, 0x06, 0x07, 0x02,
493 0x00, 0xCD, 0x03, 0x00, 0x04, 0x75, 0x01, 0x00, 0xC3, 0x02, 0x00, 0x26,
494 0x1A, 0x17, 0x06, 0x02, 0x6D, 0x28, 0xCD, 0x04, 0x76, 0x01, 0x01, 0x00,
495 0x75, 0x3E, 0x01, 0x16, 0x85, 0x3E, 0x01, 0x00, 0x88, 0x3C, 0x34, 0xD3,
496 0x29, 0xB2, 0x06, 0x09, 0x01, 0x7F, 0xAD, 0x01, 0x7F, 0xD0, 0x04, 0x80,
497 0x53, 0xAF, 0x77, 0x2C, 0x9F, 0x01, T0_INT1(BR_KEYTYPE_SIGN
), 0x17,
498 0x06, 0x01, 0xB3, 0xB6, 0x26, 0x01, 0x0D, 0x0E, 0x06, 0x07, 0x25, 0xB5,
499 0xB6, 0x01, 0x7F, 0x04, 0x02, 0x01, 0x00, 0x03, 0x00, 0x01, 0x0E, 0x0E,
500 0x05, 0x02, 0x70, 0x28, 0x06, 0x02, 0x65, 0x28, 0x33, 0x06, 0x02, 0x70,
501 0x28, 0x02, 0x00, 0x06, 0x1C, 0xD1, 0x7E, 0x2E, 0x01, 0x81, 0x7F, 0x0E,
502 0x06, 0x0D, 0x25, 0x01, 0x10, 0xDC, 0x01, 0x00, 0xDB, 0x77, 0x2C, 0xA9,
503 0x24, 0x04, 0x04, 0xD4, 0x06, 0x01, 0xD2, 0x04, 0x01, 0xD4, 0x01, 0x7F,
504 0xD0, 0x01, 0x7F, 0xAD, 0x01, 0x01, 0x75, 0x3E, 0x01, 0x17, 0x85, 0x3E,
505 0x00, 0x00, 0x38, 0x38, 0x00, 0x00, 0x98, 0x01, 0x0C, 0x11, 0x01, 0x00,
506 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
507 T0_INT1(BR_KEYTYPE_RSA
| BR_KEYTYPE_KEYX
), 0x04, 0x30, 0x01, 0x01,
508 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
509 T0_INT1(BR_KEYTYPE_RSA
| BR_KEYTYPE_SIGN
), 0x04, 0x25, 0x01, 0x02,
510 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
511 T0_INT1(BR_KEYTYPE_EC
| BR_KEYTYPE_SIGN
), 0x04, 0x1A, 0x01, 0x03,
512 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
513 T0_INT1(BR_KEYTYPE_EC
| BR_KEYTYPE_KEYX
), 0x04, 0x0F, 0x01, 0x04,
514 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
515 T0_INT1(BR_KEYTYPE_EC
| BR_KEYTYPE_KEYX
), 0x04, 0x04, 0x01, 0x00,
516 0x44, 0x25, 0x00, 0x00, 0x80, 0x2E, 0x01, 0x0E, 0x0E, 0x06, 0x04, 0x01,
517 0x00, 0x04, 0x02, 0x01, 0x05, 0x00, 0x00, 0x40, 0x06, 0x04, 0x01, 0x06,
518 0x04, 0x02, 0x01, 0x00, 0x00, 0x00, 0x86, 0x2E, 0x26, 0x06, 0x08, 0x01,
519 0x01, 0x09, 0x01, 0x11, 0x07, 0x04, 0x03, 0x25, 0x01, 0x05, 0x00, 0x01,
520 0x41, 0x03, 0x00, 0x25, 0x01, 0x00, 0x43, 0x06, 0x03, 0x02, 0x00, 0x08,
521 0x42, 0x06, 0x03, 0x02, 0x00, 0x08, 0x26, 0x06, 0x06, 0x01, 0x01, 0x0B,
522 0x01, 0x06, 0x08, 0x00, 0x00, 0x89, 0x3F, 0x26, 0x06, 0x03, 0x01, 0x09,
523 0x08, 0x00, 0x01, 0x40, 0x26, 0x06, 0x1E, 0x01, 0x00, 0x03, 0x00, 0x26,
524 0x06, 0x0E, 0x26, 0x01, 0x01, 0x17, 0x02, 0x00, 0x08, 0x03, 0x00, 0x01,
525 0x01, 0x11, 0x04, 0x6F, 0x25, 0x02, 0x00, 0x01, 0x01, 0x0B, 0x01, 0x06,
526 0x08, 0x00, 0x00, 0x7D, 0x2D, 0x44, 0x11, 0x01, 0x01, 0x17, 0x35, 0x00,
527 0x00, 0x9D, 0xCC, 0x26, 0x01, 0x07, 0x17, 0x01, 0x00, 0x38, 0x0E, 0x06,
528 0x09, 0x25, 0x01, 0x10, 0x17, 0x06, 0x01, 0x9D, 0x04, 0x35, 0x01, 0x01,
529 0x38, 0x0E, 0x06, 0x2C, 0x25, 0x25, 0x01, 0x00, 0x75, 0x3E, 0xB1, 0x86,
530 0x2E, 0x01, 0x01, 0x0E, 0x01, 0x01, 0xA6, 0x37, 0x06, 0x17, 0x29, 0x1A,
531 0x36, 0x06, 0x04, 0xCC, 0x25, 0x04, 0x78, 0x01, 0x80, 0x64, 0xC3, 0x01,
532 0x01, 0x75, 0x3E, 0x01, 0x17, 0x85, 0x3E, 0x04, 0x01, 0x9D, 0x04, 0x03,
533 0x70, 0x28, 0x25, 0x04, 0xFF, 0x34, 0x01, 0x26, 0x03, 0x00, 0x09, 0x26,
534 0x56, 0x06, 0x02, 0x66, 0x28, 0x02, 0x00, 0x00, 0x00, 0x98, 0x01, 0x0F,
535 0x17, 0x00, 0x00, 0x74, 0x2E, 0x01, 0x00, 0x38, 0x0E, 0x06, 0x10, 0x25,
536 0x26, 0x01, 0x01, 0x0D, 0x06, 0x03, 0x25, 0x01, 0x02, 0x74, 0x3E, 0x01,
537 0x00, 0x04, 0x21, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x14, 0x25, 0x01, 0x00,
538 0x74, 0x3E, 0x26, 0x01, 0x80, 0x64, 0x0E, 0x06, 0x05, 0x01, 0x82, 0x00,
539 0x08, 0x28, 0x58, 0x04, 0x07, 0x25, 0x01, 0x82, 0x00, 0x08, 0x28, 0x25,
540 0x00, 0x00, 0x01, 0x00, 0x2F, 0x06, 0x05, 0x3A, 0xAA, 0x37, 0x04, 0x78,
541 0x26, 0x06, 0x04, 0x01, 0x01, 0x8D, 0x3E, 0x00, 0x01, 0xBD, 0xA8, 0xBD,
542 0xA8, 0xBF, 0x82, 0x44, 0x26, 0x03, 0x00, 0xB4, 0x99, 0x99, 0x02, 0x00,
543 0x4B, 0x26, 0x56, 0x06, 0x0A, 0x01, 0x03, 0xA6, 0x06, 0x02, 0x70, 0x28,
544 0x25, 0x04, 0x03, 0x5A, 0x88, 0x3C, 0x00, 0x00, 0x2F, 0x06, 0x0B, 0x84,
545 0x2E, 0x01, 0x14, 0x0D, 0x06, 0x02, 0x70, 0x28, 0x04, 0x11, 0xCC, 0x01,
546 0x07, 0x17, 0x26, 0x01, 0x02, 0x0D, 0x06, 0x06, 0x06, 0x02, 0x70, 0x28,
547 0x04, 0x70, 0x25, 0xC0, 0x01, 0x01, 0x0D, 0x33, 0x37, 0x06, 0x02, 0x5F,
548 0x28, 0x26, 0x01, 0x01, 0xC6, 0x36, 0xB0, 0x00, 0x01, 0xB6, 0x01, 0x0B,
549 0x0E, 0x05, 0x02, 0x70, 0x28, 0x26, 0x01, 0x03, 0x0E, 0x06, 0x08, 0xBE,
550 0x06, 0x02, 0x66, 0x28, 0x44, 0x25, 0x00, 0x44, 0x55, 0xBE, 0xA8, 0x26,
551 0x06, 0x23, 0xBE, 0xA8, 0x26, 0x54, 0x26, 0x06, 0x18, 0x26, 0x01, 0x82,
552 0x00, 0x0F, 0x06, 0x05, 0x01, 0x82, 0x00, 0x04, 0x01, 0x26, 0x03, 0x00,
553 0x82, 0x02, 0x00, 0xB4, 0x02, 0x00, 0x51, 0x04, 0x65, 0x99, 0x52, 0x04,
554 0x5A, 0x99, 0x99, 0x53, 0x26, 0x06, 0x02, 0x35, 0x00, 0x25, 0x2B, 0x00,
555 0x00, 0x77, 0x2C, 0x9F, 0x01, 0x7F, 0xAE, 0x26, 0x56, 0x06, 0x02, 0x35,
556 0x28, 0x26, 0x05, 0x02, 0x70, 0x28, 0x38, 0x17, 0x0D, 0x06, 0x02, 0x72,
557 0x28, 0x3B, 0x00, 0x00, 0x9A, 0xB6, 0x01, 0x14, 0x0D, 0x06, 0x02, 0x70,
558 0x28, 0x82, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0xB4, 0x99, 0x82, 0x26, 0x01,
559 0x0C, 0x08, 0x01, 0x0C, 0x30, 0x05, 0x02, 0x62, 0x28, 0x00, 0x00, 0xB7,
560 0x06, 0x02, 0x70, 0x28, 0x06, 0x02, 0x64, 0x28, 0x00, 0x0A, 0xB6, 0x01,
561 0x02, 0x0E, 0x05, 0x02, 0x70, 0x28, 0xBD, 0x03, 0x00, 0x02, 0x00, 0x93,
562 0x2C, 0x0A, 0x02, 0x00, 0x92, 0x2C, 0x0F, 0x37, 0x06, 0x02, 0x71, 0x28,
563 0x02, 0x00, 0x91, 0x2C, 0x0D, 0x06, 0x02, 0x69, 0x28, 0x02, 0x00, 0x94,
564 0x3C, 0x8A, 0x01, 0x20, 0xB4, 0x01, 0x00, 0x03, 0x01, 0xBF, 0x03, 0x02,
565 0x02, 0x02, 0x01, 0x20, 0x0F, 0x06, 0x02, 0x6E, 0x28, 0x82, 0x02, 0x02,
566 0xB4, 0x02, 0x02, 0x8C, 0x2E, 0x0E, 0x02, 0x02, 0x01, 0x00, 0x0F, 0x17,
567 0x06, 0x0B, 0x8B, 0x82, 0x02, 0x02, 0x30, 0x06, 0x04, 0x01, 0x7F, 0x03,
568 0x01, 0x8B, 0x82, 0x02, 0x02, 0x31, 0x02, 0x02, 0x8C, 0x3E, 0x02, 0x00,
569 0x90, 0x02, 0x01, 0x96, 0xBD, 0x26, 0xC1, 0x56, 0x06, 0x02, 0x60, 0x28,
570 0x26, 0xCB, 0x02, 0x00, 0x01, 0x86, 0x03, 0x0A, 0x17, 0x06, 0x02, 0x60,
571 0x28, 0x77, 0x02, 0x01, 0x96, 0xBF, 0x06, 0x02, 0x61, 0x28, 0x26, 0x06,
572 0x81, 0x47, 0xBD, 0xA8, 0xA4, 0x03, 0x03, 0xA2, 0x03, 0x04, 0xA0, 0x03,
573 0x05, 0xA3, 0x03, 0x06, 0xA5, 0x03, 0x07, 0xA1, 0x03, 0x08, 0x27, 0x03,
574 0x09, 0x26, 0x06, 0x81, 0x18, 0xBD, 0x01, 0x00, 0x38, 0x0E, 0x06, 0x0F,
575 0x25, 0x02, 0x03, 0x05, 0x02, 0x6A, 0x28, 0x01, 0x00, 0x03, 0x03, 0xBC,
576 0x04, 0x80, 0x7F, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x0F, 0x25, 0x02, 0x05,
577 0x05, 0x02, 0x6A, 0x28, 0x01, 0x00, 0x03, 0x05, 0xBA, 0x04, 0x80, 0x6A,
578 0x01, 0x83, 0xFE, 0x01, 0x38, 0x0E, 0x06, 0x0F, 0x25, 0x02, 0x04, 0x05,
579 0x02, 0x6A, 0x28, 0x01, 0x00, 0x03, 0x04, 0xBB, 0x04, 0x80, 0x53, 0x01,
580 0x0D, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x06, 0x05, 0x02, 0x6A, 0x28,
581 0x01, 0x00, 0x03, 0x06, 0xB8, 0x04, 0x3F, 0x01, 0x0A, 0x38, 0x0E, 0x06,
582 0x0E, 0x25, 0x02, 0x07, 0x05, 0x02, 0x6A, 0x28, 0x01, 0x00, 0x03, 0x07,
583 0xB8, 0x04, 0x2B, 0x01, 0x0B, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x08,
584 0x05, 0x02, 0x6A, 0x28, 0x01, 0x00, 0x03, 0x08, 0xB8, 0x04, 0x17, 0x01,
585 0x10, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x09, 0x05, 0x02, 0x6A, 0x28,
586 0x01, 0x00, 0x03, 0x09, 0xAC, 0x04, 0x03, 0x6A, 0x28, 0x25, 0x04, 0xFE,
587 0x64, 0x02, 0x04, 0x06, 0x0D, 0x02, 0x04, 0x01, 0x05, 0x0F, 0x06, 0x02,
588 0x67, 0x28, 0x01, 0x01, 0x86, 0x3E, 0x99, 0x04, 0x0C, 0xA2, 0x01, 0x05,
589 0x0F, 0x06, 0x02, 0x67, 0x28, 0x01, 0x01, 0x86, 0x3E, 0x99, 0x02, 0x01,
590 0x00, 0x04, 0xB6, 0x01, 0x0C, 0x0E, 0x05, 0x02, 0x70, 0x28, 0xBF, 0x01,
591 0x03, 0x0E, 0x05, 0x02, 0x6B, 0x28, 0xBD, 0x26, 0x7A, 0x3E, 0x26, 0x01,
592 0x20, 0x10, 0x06, 0x02, 0x6B, 0x28, 0x40, 0x44, 0x11, 0x01, 0x01, 0x17,
593 0x05, 0x02, 0x6B, 0x28, 0xBF, 0x26, 0x01, 0x81, 0x05, 0x0F, 0x06, 0x02,
594 0x6B, 0x28, 0x26, 0x7C, 0x3E, 0x7B, 0x44, 0xB4, 0x90, 0x2C, 0x01, 0x86,
595 0x03, 0x10, 0x03, 0x00, 0x77, 0x2C, 0xC9, 0x03, 0x01, 0x01, 0x02, 0x03,
596 0x02, 0x02, 0x00, 0x06, 0x21, 0xBF, 0x26, 0x26, 0x01, 0x02, 0x0A, 0x44,
597 0x01, 0x06, 0x0F, 0x37, 0x06, 0x02, 0x6B, 0x28, 0x03, 0x02, 0xBF, 0x02,
598 0x01, 0x01, 0x01, 0x0B, 0x01, 0x03, 0x08, 0x0E, 0x05, 0x02, 0x6B, 0x28,
599 0x04, 0x08, 0x02, 0x01, 0x06, 0x04, 0x01, 0x00, 0x03, 0x02, 0xBD, 0x26,
600 0x03, 0x03, 0x26, 0x01, 0x84, 0x00, 0x0F, 0x06, 0x02, 0x6C, 0x28, 0x82,
601 0x44, 0xB4, 0x02, 0x02, 0x02, 0x01, 0x02, 0x03, 0x4E, 0x26, 0x06, 0x01,
602 0x28, 0x25, 0x99, 0x00, 0x02, 0x03, 0x00, 0x03, 0x01, 0x02, 0x00, 0x95,
603 0x02, 0x01, 0x02, 0x00, 0x39, 0x26, 0x01, 0x00, 0x0E, 0x06, 0x02, 0x5E,
604 0x00, 0xCE, 0x04, 0x74, 0x02, 0x01, 0x00, 0x03, 0x00, 0xBF, 0xA8, 0x26,
605 0x06, 0x80, 0x43, 0xBF, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x06, 0x25, 0x01,
606 0x81, 0x7F, 0x04, 0x2E, 0x01, 0x80, 0x40, 0x38, 0x0E, 0x06, 0x07, 0x25,
607 0x01, 0x83, 0xFE, 0x00, 0x04, 0x20, 0x01, 0x80, 0x41, 0x38, 0x0E, 0x06,
608 0x07, 0x25, 0x01, 0x84, 0x80, 0x00, 0x04, 0x12, 0x01, 0x80, 0x42, 0x38,
609 0x0E, 0x06, 0x07, 0x25, 0x01, 0x88, 0x80, 0x00, 0x04, 0x04, 0x01, 0x00,
610 0x44, 0x25, 0x02, 0x00, 0x37, 0x03, 0x00, 0x04, 0xFF, 0x39, 0x99, 0x77,
611 0x2C, 0xC7, 0x05, 0x09, 0x02, 0x00, 0x01, 0x83, 0xFF, 0x7F, 0x17, 0x03,
612 0x00, 0x90, 0x2C, 0x01, 0x86, 0x03, 0x10, 0x06, 0x3A, 0xB9, 0x26, 0x7F,
613 0x3D, 0x41, 0x25, 0x26, 0x01, 0x08, 0x0B, 0x37, 0x01, 0x8C, 0x80, 0x00,
614 0x37, 0x17, 0x02, 0x00, 0x17, 0x02, 0x00, 0x01, 0x8C, 0x80, 0x00, 0x17,
615 0x06, 0x19, 0x26, 0x01, 0x81, 0x7F, 0x17, 0x06, 0x05, 0x01, 0x84, 0x80,
616 0x00, 0x37, 0x26, 0x01, 0x83, 0xFE, 0x00, 0x17, 0x06, 0x05, 0x01, 0x88,
617 0x80, 0x00, 0x37, 0x03, 0x00, 0x04, 0x09, 0x02, 0x00, 0x01, 0x8C, 0x88,
618 0x01, 0x17, 0x03, 0x00, 0x16, 0xBD, 0xA8, 0x26, 0x06, 0x23, 0xBD, 0xA8,
619 0x26, 0x15, 0x26, 0x06, 0x18, 0x26, 0x01, 0x82, 0x00, 0x0F, 0x06, 0x05,
620 0x01, 0x82, 0x00, 0x04, 0x01, 0x26, 0x03, 0x01, 0x82, 0x02, 0x01, 0xB4,
621 0x02, 0x01, 0x12, 0x04, 0x65, 0x99, 0x13, 0x04, 0x5A, 0x99, 0x14, 0x99,
622 0x02, 0x00, 0x2A, 0x00, 0x00, 0xB7, 0x26, 0x58, 0x06, 0x07, 0x25, 0x06,
623 0x02, 0x64, 0x28, 0x04, 0x74, 0x00, 0x00, 0xC0, 0x01, 0x03, 0xBE, 0x44,
624 0x25, 0x44, 0x00, 0x00, 0xBD, 0xC4, 0x00, 0x03, 0x01, 0x00, 0x03, 0x00,
625 0xBD, 0xA8, 0x26, 0x06, 0x80, 0x50, 0xBF, 0x03, 0x01, 0xBF, 0x03, 0x02,
626 0x02, 0x01, 0x01, 0x08, 0x0E, 0x06, 0x16, 0x02, 0x02, 0x01, 0x0F, 0x0C,
627 0x06, 0x0D, 0x01, 0x01, 0x02, 0x02, 0x01, 0x10, 0x08, 0x0B, 0x02, 0x00,
628 0x37, 0x03, 0x00, 0x04, 0x2A, 0x02, 0x01, 0x01, 0x02, 0x10, 0x02, 0x01,
629 0x01, 0x06, 0x0C, 0x17, 0x02, 0x02, 0x01, 0x01, 0x0E, 0x02, 0x02, 0x01,
630 0x03, 0x0E, 0x37, 0x17, 0x06, 0x11, 0x02, 0x00, 0x01, 0x01, 0x02, 0x02,
631 0x5B, 0x01, 0x02, 0x0B, 0x02, 0x01, 0x08, 0x0B, 0x37, 0x03, 0x00, 0x04,
632 0xFF, 0x2C, 0x99, 0x02, 0x00, 0x00, 0x00, 0xBD, 0x01, 0x01, 0x0E, 0x05,
633 0x02, 0x63, 0x28, 0xBF, 0x01, 0x08, 0x08, 0x80, 0x2E, 0x0E, 0x05, 0x02,
634 0x63, 0x28, 0x00, 0x00, 0xBD, 0x86, 0x2E, 0x05, 0x15, 0x01, 0x01, 0x0E,
635 0x05, 0x02, 0x67, 0x28, 0xBF, 0x01, 0x00, 0x0E, 0x05, 0x02, 0x67, 0x28,
636 0x01, 0x02, 0x86, 0x3E, 0x04, 0x1C, 0x01, 0x19, 0x0E, 0x05, 0x02, 0x67,
637 0x28, 0xBF, 0x01, 0x18, 0x0E, 0x05, 0x02, 0x67, 0x28, 0x82, 0x01, 0x18,
638 0xB4, 0x87, 0x82, 0x01, 0x18, 0x30, 0x05, 0x02, 0x67, 0x28, 0x00, 0x00,
639 0xBD, 0x06, 0x02, 0x68, 0x28, 0x00, 0x00, 0x01, 0x02, 0x95, 0xC0, 0x01,
640 0x08, 0x0B, 0xC0, 0x08, 0x00, 0x00, 0x01, 0x03, 0x95, 0xC0, 0x01, 0x08,
641 0x0B, 0xC0, 0x08, 0x01, 0x08, 0x0B, 0xC0, 0x08, 0x00, 0x00, 0x01, 0x01,
642 0x95, 0xC0, 0x00, 0x00, 0x3A, 0x26, 0x56, 0x05, 0x01, 0x00, 0x25, 0xCE,
643 0x04, 0x76, 0x02, 0x03, 0x00, 0x8F, 0x2E, 0x03, 0x01, 0x01, 0x00, 0x26,
644 0x02, 0x01, 0x0A, 0x06, 0x10, 0x26, 0x01, 0x01, 0x0B, 0x8E, 0x08, 0x2C,
645 0x02, 0x00, 0x0E, 0x06, 0x01, 0x00, 0x5A, 0x04, 0x6A, 0x25, 0x01, 0x7F,
646 0x00, 0x00, 0x01, 0x15, 0x85, 0x3E, 0x44, 0x50, 0x25, 0x50, 0x25, 0x29,
647 0x00, 0x00, 0x01, 0x01, 0x44, 0xC2, 0x00, 0x00, 0x44, 0x38, 0x95, 0x44,
648 0x26, 0x06, 0x05, 0xC0, 0x25, 0x5B, 0x04, 0x78, 0x25, 0x00, 0x00, 0x26,
649 0x01, 0x81, 0xAC, 0x00, 0x0E, 0x06, 0x04, 0x25, 0x01, 0x7F, 0x00, 0x98,
650 0x57, 0x00, 0x02, 0x03, 0x00, 0x77, 0x2C, 0x98, 0x03, 0x01, 0x02, 0x01,
651 0x01, 0x0F, 0x17, 0x02, 0x01, 0x01, 0x04, 0x11, 0x01, 0x0F, 0x17, 0x02,
652 0x01, 0x01, 0x08, 0x11, 0x01, 0x0F, 0x17, 0x01, 0x00, 0x38, 0x0E, 0x06,
653 0x10, 0x25, 0x01, 0x00, 0x01, 0x18, 0x02, 0x00, 0x06, 0x03, 0x47, 0x04,
654 0x01, 0x48, 0x04, 0x80, 0x68, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x10, 0x25,
655 0x01, 0x01, 0x01, 0x10, 0x02, 0x00, 0x06, 0x03, 0x47, 0x04, 0x01, 0x48,
656 0x04, 0x80, 0x52, 0x01, 0x02, 0x38, 0x0E, 0x06, 0x0F, 0x25, 0x01, 0x01,
657 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x47, 0x04, 0x01, 0x48, 0x04, 0x3D,
658 0x01, 0x03, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x25, 0x01, 0x10, 0x02, 0x00,
659 0x06, 0x03, 0x45, 0x04, 0x01, 0x46, 0x04, 0x29, 0x01, 0x04, 0x38, 0x0E,
660 0x06, 0x0E, 0x25, 0x25, 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x45, 0x04,
661 0x01, 0x46, 0x04, 0x15, 0x01, 0x05, 0x38, 0x0E, 0x06, 0x0C, 0x25, 0x25,
662 0x02, 0x00, 0x06, 0x03, 0x49, 0x04, 0x01, 0x4A, 0x04, 0x03, 0x66, 0x28,
663 0x25, 0x00, 0x00, 0x98, 0x01, 0x0C, 0x11, 0x01, 0x02, 0x0F, 0x00, 0x00,
664 0x98, 0x01, 0x0C, 0x11, 0x26, 0x59, 0x44, 0x01, 0x03, 0x0A, 0x17, 0x00,
665 0x00, 0x98, 0x01, 0x0C, 0x11, 0x01, 0x01, 0x0E, 0x00, 0x00, 0x98, 0x01,
666 0x0C, 0x11, 0x58, 0x00, 0x00, 0x98, 0x01, 0x81, 0x70, 0x17, 0x01, 0x20,
667 0x0D, 0x00, 0x00, 0x1B, 0x01, 0x00, 0x73, 0x2E, 0x26, 0x06, 0x22, 0x01,
668 0x01, 0x38, 0x0E, 0x06, 0x06, 0x25, 0x01, 0x00, 0x9C, 0x04, 0x14, 0x01,
669 0x02, 0x38, 0x0E, 0x06, 0x0D, 0x25, 0x75, 0x2E, 0x01, 0x01, 0x0E, 0x06,
670 0x03, 0x01, 0x10, 0x37, 0x04, 0x01, 0x25, 0x04, 0x01, 0x25, 0x79, 0x2E,
671 0x05, 0x33, 0x2F, 0x06, 0x30, 0x84, 0x2E, 0x01, 0x14, 0x38, 0x0E, 0x06,
672 0x06, 0x25, 0x01, 0x02, 0x37, 0x04, 0x22, 0x01, 0x15, 0x38, 0x0E, 0x06,
673 0x09, 0x25, 0xAB, 0x06, 0x03, 0x01, 0x7F, 0x9C, 0x04, 0x13, 0x01, 0x16,
674 0x38, 0x0E, 0x06, 0x06, 0x25, 0x01, 0x01, 0x37, 0x04, 0x07, 0x25, 0x01,
675 0x04, 0x37, 0x01, 0x00, 0x25, 0x1A, 0x06, 0x03, 0x01, 0x08, 0x37, 0x00,
676 0x00, 0x1B, 0x26, 0x05, 0x13, 0x2F, 0x06, 0x10, 0x84, 0x2E, 0x01, 0x15,
677 0x0E, 0x06, 0x08, 0x25, 0xAB, 0x01, 0x00, 0x75, 0x3E, 0x04, 0x01, 0x20,
678 0x00, 0x00, 0xCC, 0x01, 0x07, 0x17, 0x01, 0x01, 0x0F, 0x06, 0x02, 0x70,
679 0x28, 0x00, 0x01, 0x03, 0x00, 0x29, 0x1A, 0x06, 0x05, 0x02, 0x00, 0x85,
680 0x3E, 0x00, 0xCC, 0x25, 0x04, 0x74, 0x00, 0x01, 0x14, 0xCF, 0x01, 0x01,
681 0xDC, 0x29, 0x26, 0x01, 0x00, 0xC6, 0x01, 0x16, 0xCF, 0xD5, 0x29, 0x00,
682 0x00, 0x01, 0x0B, 0xDC, 0x4C, 0x26, 0x26, 0x01, 0x03, 0x08, 0xDB, 0xDB,
683 0x18, 0x26, 0x56, 0x06, 0x02, 0x25, 0x00, 0xDB, 0x1D, 0x26, 0x06, 0x05,
684 0x82, 0x44, 0xD6, 0x04, 0x77, 0x25, 0x04, 0x6C, 0x00, 0x21, 0x01, 0x0F,
685 0xDC, 0x26, 0x90, 0x2C, 0x01, 0x86, 0x03, 0x10, 0x06, 0x0C, 0x01, 0x04,
686 0x08, 0xDB, 0x7E, 0x2E, 0xDC, 0x76, 0x2E, 0xDC, 0x04, 0x02, 0x5C, 0xDB,
687 0x26, 0xDA, 0x82, 0x44, 0xD6, 0x00, 0x02, 0xA2, 0xA4, 0x08, 0xA0, 0x08,
688 0xA3, 0x08, 0xA5, 0x08, 0xA1, 0x08, 0x27, 0x08, 0x03, 0x00, 0x01, 0x01,
689 0xDC, 0x01, 0x27, 0x8C, 0x2E, 0x08, 0x8F, 0x2E, 0x01, 0x01, 0x0B, 0x08,
690 0x02, 0x00, 0x06, 0x04, 0x5C, 0x02, 0x00, 0x08, 0x81, 0x2C, 0x38, 0x09,
691 0x26, 0x59, 0x06, 0x24, 0x02, 0x00, 0x05, 0x04, 0x44, 0x5C, 0x44, 0x5D,
692 0x01, 0x04, 0x09, 0x26, 0x56, 0x06, 0x03, 0x25, 0x01, 0x00, 0x26, 0x01,
693 0x04, 0x08, 0x02, 0x00, 0x08, 0x03, 0x00, 0x44, 0x01, 0x04, 0x08, 0x38,
694 0x08, 0x44, 0x04, 0x03, 0x25, 0x01, 0x7F, 0x03, 0x01, 0xDB, 0x92, 0x2C,
695 0xDA, 0x78, 0x01, 0x04, 0x19, 0x78, 0x01, 0x04, 0x08, 0x01, 0x1C, 0x32,
696 0x78, 0x01, 0x20, 0xD6, 0x8B, 0x8C, 0x2E, 0xD8, 0x8F, 0x2E, 0x26, 0x01,
697 0x01, 0x0B, 0xDA, 0x8E, 0x44, 0x26, 0x06, 0x0F, 0x5B, 0x38, 0x2C, 0x26,
698 0xC5, 0x05, 0x02, 0x60, 0x28, 0xDA, 0x44, 0x5C, 0x44, 0x04, 0x6E, 0x5E,
699 0x01, 0x01, 0xDC, 0x01, 0x00, 0xDC, 0x02, 0x00, 0x06, 0x81, 0x5A, 0x02,
700 0x00, 0xDA, 0xA2, 0x06, 0x0E, 0x01, 0x83, 0xFE, 0x01, 0xDA, 0x87, 0xA2,
701 0x01, 0x04, 0x09, 0x26, 0xDA, 0x5B, 0xD8, 0xA4, 0x06, 0x16, 0x01, 0x00,
702 0xDA, 0x89, 0xA4, 0x01, 0x04, 0x09, 0x26, 0xDA, 0x01, 0x02, 0x09, 0x26,
703 0xDA, 0x01, 0x00, 0xDC, 0x01, 0x03, 0x09, 0xD7, 0xA0, 0x06, 0x0C, 0x01,
704 0x01, 0xDA, 0x01, 0x01, 0xDA, 0x80, 0x2E, 0x01, 0x08, 0x09, 0xDC, 0xA3,
705 0x06, 0x19, 0x01, 0x0D, 0xDA, 0xA3, 0x01, 0x04, 0x09, 0x26, 0xDA, 0x01,
706 0x02, 0x09, 0xDA, 0x42, 0x06, 0x03, 0x01, 0x03, 0xD9, 0x43, 0x06, 0x03,
707 0x01, 0x01, 0xD9, 0xA5, 0x26, 0x06, 0x36, 0x01, 0x0A, 0xDA, 0x01, 0x04,
708 0x09, 0x26, 0xDA, 0x5D, 0xDA, 0x40, 0x01, 0x00, 0x26, 0x01, 0x82, 0x80,
709 0x80, 0x80, 0x00, 0x17, 0x06, 0x0A, 0x01, 0xFD, 0xFF, 0xFF, 0xFF, 0x7F,
710 0x17, 0x01, 0x1D, 0xDA, 0x26, 0x01, 0x20, 0x0A, 0x06, 0x0C, 0x9E, 0x11,
711 0x01, 0x01, 0x17, 0x06, 0x02, 0x26, 0xDA, 0x5A, 0x04, 0x6E, 0x5E, 0x04,
712 0x01, 0x25, 0xA1, 0x06, 0x0A, 0x01, 0x0B, 0xDA, 0x01, 0x02, 0xDA, 0x01,
713 0x82, 0x00, 0xDA, 0x27, 0x26, 0x06, 0x1F, 0x01, 0x10, 0xDA, 0x01, 0x04,
714 0x09, 0x26, 0xDA, 0x5D, 0xDA, 0x83, 0x2C, 0x01, 0x00, 0x9E, 0x0F, 0x06,
715 0x0A, 0x26, 0x1E, 0x26, 0xDC, 0x82, 0x44, 0xD6, 0x5A, 0x04, 0x72, 0x5E,
716 0x04, 0x01, 0x25, 0x02, 0x01, 0x56, 0x05, 0x11, 0x01, 0x15, 0xDA, 0x02,
717 0x01, 0x26, 0xDA, 0x26, 0x06, 0x06, 0x5B, 0x01, 0x00, 0xDC, 0x04, 0x77,
718 0x25, 0x00, 0x00, 0x01, 0x10, 0xDC, 0x77, 0x2C, 0x26, 0xCA, 0x06, 0x0C,
719 0xA9, 0x23, 0x26, 0x5C, 0xDB, 0x26, 0xDA, 0x82, 0x44, 0xD6, 0x04, 0x0D,
720 0x26, 0xC8, 0x44, 0xA9, 0x22, 0x26, 0x5A, 0xDB, 0x26, 0xDC, 0x82, 0x44,
721 0xD6, 0x00, 0x00, 0x9A, 0x01, 0x14, 0xDC, 0x01, 0x0C, 0xDB, 0x82, 0x01,
722 0x0C, 0xD6, 0x00, 0x00, 0x4F, 0x26, 0x01, 0x00, 0x0E, 0x06, 0x02, 0x5E,
723 0x00, 0xCC, 0x25, 0x04, 0x73, 0x00, 0x26, 0xDA, 0xD6, 0x00, 0x00, 0x26,
724 0xDC, 0xD6, 0x00, 0x01, 0x03, 0x00, 0x41, 0x25, 0x26, 0x01, 0x10, 0x17,
725 0x06, 0x06, 0x01, 0x04, 0xDC, 0x02, 0x00, 0xDC, 0x26, 0x01, 0x08, 0x17,
726 0x06, 0x06, 0x01, 0x03, 0xDC, 0x02, 0x00, 0xDC, 0x26, 0x01, 0x20, 0x17,
727 0x06, 0x06, 0x01, 0x05, 0xDC, 0x02, 0x00, 0xDC, 0x26, 0x01, 0x80, 0x40,
728 0x17, 0x06, 0x06, 0x01, 0x06, 0xDC, 0x02, 0x00, 0xDC, 0x01, 0x04, 0x17,
729 0x06, 0x06, 0x01, 0x02, 0xDC, 0x02, 0x00, 0xDC, 0x00, 0x00, 0x26, 0x01,
730 0x08, 0x4D, 0xDC, 0xDC, 0x00, 0x00, 0x26, 0x01, 0x10, 0x4D, 0xDC, 0xDA,
731 0x00, 0x00, 0x26, 0x50, 0x06, 0x02, 0x25, 0x00, 0xCC, 0x25, 0x04, 0x76
734 static const uint16_t t0_caddr
[] = {
872 #define T0_INTERPRETED 86
874 #define T0_ENTER(ip, rp, slot) do { \
875 const unsigned char *t0_newip; \
877 t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \
878 t0_lnum = t0_parse7E_unsigned(&t0_newip); \
880 *((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \
884 #define T0_DEFENTRY(name, slot) \
888 t0_context *t0ctx = ctx; \
889 t0ctx->ip = &t0_codeblock[0]; \
890 T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \
893 T0_DEFENTRY(br_ssl_hs_client_init_main
, 167)
895 #define T0_NEXT(t0ipp) (*(*(t0ipp)) ++)
898 br_ssl_hs_client_run(void *t0ctx
)
901 const unsigned char *ip
;
903 #define T0_LOCAL(x) (*(rp - 2 - (x)))
904 #define T0_POP() (*-- dp)
905 #define T0_POPi() (*(int32_t *)(-- dp))
906 #define T0_PEEK(x) (*(dp - 1 - (x)))
907 #define T0_PEEKi(x) (*(int32_t *)(dp - 1 - (x)))
908 #define T0_PUSH(v) do { *dp = (v); dp ++; } while (0)
909 #define T0_PUSHi(v) do { *(int32_t *)dp = (v); dp ++; } while (0)
910 #define T0_RPOP() (*-- rp)
911 #define T0_RPOPi() (*(int32_t *)(-- rp))
912 #define T0_RPUSH(v) do { *rp = (v); rp ++; } while (0)
913 #define T0_RPUSHi(v) do { *(int32_t *)rp = (v); rp ++; } while (0)
914 #define T0_ROLL(x) do { \
915 size_t t0len = (size_t)(x); \
916 uint32_t t0tmp = *(dp - 1 - t0len); \
917 memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \
920 #define T0_SWAP() do { \
921 uint32_t t0tmp = *(dp - 2); \
922 *(dp - 2) = *(dp - 1); \
925 #define T0_ROT() do { \
926 uint32_t t0tmp = *(dp - 3); \
927 *(dp - 3) = *(dp - 2); \
928 *(dp - 2) = *(dp - 1); \
931 #define T0_NROT() do { \
932 uint32_t t0tmp = *(dp - 1); \
933 *(dp - 1) = *(dp - 2); \
934 *(dp - 2) = *(dp - 3); \
937 #define T0_PICK(x) do { \
938 uint32_t t0depth = (x); \
939 T0_PUSH(T0_PEEK(t0depth)); \
941 #define T0_CO() do { \
944 #define T0_RET() goto t0_next
946 dp
= ((t0_context
*)t0ctx
)->dp
;
947 rp
= ((t0_context
*)t0ctx
)->rp
;
948 ip
= ((t0_context
*)t0ctx
)->ip
;
955 if (t0x
< T0_INTERPRETED
) {
967 ip
= &t0_codeblock
[t0x
];
969 case 1: /* literal constant */
970 T0_PUSHi(t0_parse7E_signed(&ip
));
972 case 2: /* read local */
973 T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip
)));
975 case 3: /* write local */
976 T0_LOCAL(t0_parse7E_unsigned(&ip
)) = T0_POP();
979 t0off
= t0_parse7E_signed(&ip
);
982 case 5: /* jump if */
983 t0off
= t0_parse7E_signed(&ip
);
988 case 6: /* jump if not */
989 t0off
= t0_parse7E_signed(&ip
);
997 uint32_t b
= T0_POP();
998 uint32_t a
= T0_POP();
1006 uint32_t b
= T0_POP();
1007 uint32_t a
= T0_POP();
1015 uint32_t b
= T0_POP();
1016 uint32_t a
= T0_POP();
1024 int32_t b
= T0_POPi();
1025 int32_t a
= T0_POPi();
1026 T0_PUSH(-(uint32_t)(a
< b
));
1033 int c
= (int)T0_POPi();
1034 uint32_t x
= T0_POP();
1042 int32_t b
= T0_POPi();
1043 int32_t a
= T0_POPi();
1044 T0_PUSH(-(uint32_t)(a
<= b
));
1051 uint32_t b
= T0_POP();
1052 uint32_t a
= T0_POP();
1053 T0_PUSH(-(uint32_t)(a
!= b
));
1060 uint32_t b
= T0_POP();
1061 uint32_t a
= T0_POP();
1062 T0_PUSH(-(uint32_t)(a
== b
));
1069 int32_t b
= T0_POPi();
1070 int32_t a
= T0_POPi();
1071 T0_PUSH(-(uint32_t)(a
> b
));
1078 int32_t b
= T0_POPi();
1079 int32_t a
= T0_POPi();
1080 T0_PUSH(-(uint32_t)(a
>= b
));
1087 int c
= (int)T0_POPi();
1088 int32_t x
= T0_POPi();
1094 /* anchor-dn-append-name */
1099 if (CTX
->client_auth_vtable
!= NULL
) {
1100 (*CTX
->client_auth_vtable
)->append_name(
1101 CTX
->client_auth_vtable
, ENG
->pad
, len
);
1107 /* anchor-dn-end-name */
1109 if (CTX
->client_auth_vtable
!= NULL
) {
1110 (*CTX
->client_auth_vtable
)->end_name(
1111 CTX
->client_auth_vtable
);
1117 /* anchor-dn-end-name-list */
1119 if (CTX
->client_auth_vtable
!= NULL
) {
1120 (*CTX
->client_auth_vtable
)->end_name_list(
1121 CTX
->client_auth_vtable
);
1127 /* anchor-dn-start-name */
1132 if (CTX
->client_auth_vtable
!= NULL
) {
1133 (*CTX
->client_auth_vtable
)->start_name(
1134 CTX
->client_auth_vtable
, len
);
1140 /* anchor-dn-start-name-list */
1142 if (CTX
->client_auth_vtable
!= NULL
) {
1143 (*CTX
->client_auth_vtable
)->start_name_list(
1144 CTX
->client_auth_vtable
);
1152 uint32_t b
= T0_POP();
1153 uint32_t a
= T0_POP();
1161 if (ENG
->chain_len
== 0) {
1164 ENG
->cert_cur
= ENG
->chain
->data
;
1165 ENG
->cert_len
= ENG
->chain
->data_len
;
1168 T0_PUSH(ENG
->cert_len
);
1176 size_t len
= (size_t)T0_POP();
1177 void *addr
= (unsigned char *)ENG
+ (size_t)T0_POP();
1178 memset(addr
, 0, len
);
1185 T0_PUSHi(-(ENG
->hlen_out
> 0));
1195 /* compute-Finished-inner */
1197 int prf_id
= T0_POP();
1198 int from_client
= T0_POPi();
1199 unsigned char tmp
[48];
1200 br_tls_prf_seed_chunk seed
;
1202 br_tls_prf_impl prf
= br_ssl_engine_get_PRF(ENG
, prf_id
);
1204 if (ENG
->session
.version
>= BR_TLS12
) {
1205 seed
.len
= br_multihash_out(&ENG
->mhash
, prf_id
, tmp
);
1207 br_multihash_out(&ENG
->mhash
, br_md5_ID
, tmp
);
1208 br_multihash_out(&ENG
->mhash
, br_sha1_ID
, tmp
+ 16);
1211 prf(ENG
->pad
, 12, ENG
->session
.master_secret
,
1212 sizeof ENG
->session
.master_secret
,
1213 from_client
? "client finished" : "server finished",
1219 /* copy-cert-chunk */
1223 clen
= ENG
->cert_len
;
1224 if (clen
> sizeof ENG
->pad
) {
1225 clen
= sizeof ENG
->pad
;
1227 memcpy(ENG
->pad
, ENG
->cert_cur
, clen
);
1228 ENG
->cert_cur
+= clen
;
1229 ENG
->cert_len
-= clen
;
1235 /* copy-protocol-name */
1237 size_t idx
= T0_POP();
1238 size_t len
= strlen(ENG
->protocol_names
[idx
]);
1239 memcpy(ENG
->pad
, ENG
->protocol_names
[idx
], len
);
1247 size_t addr
= T0_POP();
1248 T0_PUSH(t0_datablock
[addr
]);
1260 /* do-client-sign */
1264 sig_len
= make_client_sign(CTX
);
1266 br_ssl_engine_fail(ENG
, BR_ERR_INVALID_ALGORITHM
);
1276 unsigned prf_id
= T0_POP();
1277 unsigned ecdhe
= T0_POP();
1280 x
= make_pms_ecdh(CTX
, ecdhe
, prf_id
);
1282 br_ssl_engine_fail(ENG
, -x
);
1291 /* do-rsa-encrypt */
1295 x
= make_pms_rsa(CTX
, T0_POP());
1297 br_ssl_engine_fail(ENG
, -x
);
1306 /* do-static-ecdh */
1308 unsigned prf_id
= T0_POP();
1310 if (make_pms_static_ecdh(CTX
, prf_id
) < 0) {
1311 br_ssl_engine_fail(ENG
, BR_ERR_INVALID_ALGORITHM
);
1324 T0_PUSH(T0_PEEK(0));
1328 /* ext-ALPN-length */
1332 if (ENG
->protocol_names_num
== 0) {
1337 for (u
= 0; u
< ENG
->protocol_names_num
; u
++) {
1338 len
+= 1 + strlen(ENG
->protocol_names
[u
]);
1347 br_ssl_engine_fail(ENG
, (int)T0_POPi());
1355 br_ssl_engine_flush_record(ENG
);
1360 /* get-client-chain */
1362 uint32_t auth_types
;
1364 auth_types
= T0_POP();
1365 if (CTX
->client_auth_vtable
!= NULL
) {
1366 br_ssl_client_certificate ux
;
1368 (*CTX
->client_auth_vtable
)->choose(CTX
->client_auth_vtable
,
1369 CTX
, auth_types
, &ux
);
1370 CTX
->auth_type
= (unsigned char)ux
.auth_type
;
1371 CTX
->hash_id
= (unsigned char)ux
.hash_id
;
1372 ENG
->chain
= ux
.chain
;
1373 ENG
->chain_len
= ux
.chain_len
;
1382 /* get-key-type-usages */
1384 const br_x509_class
*xc
;
1385 const br_x509_pkey
*pk
;
1388 xc
= *(ENG
->x509ctx
);
1389 pk
= xc
->get_pkey(ENG
->x509ctx
, &usages
);
1393 T0_PUSH(pk
->key_type
| usages
);
1401 size_t addr
= (size_t)T0_POP();
1402 T0_PUSH(*(uint16_t *)(void *)((unsigned char *)ENG
+ addr
));
1409 size_t addr
= (size_t)T0_POP();
1410 T0_PUSH(*(uint32_t *)(void *)((unsigned char *)ENG
+ addr
));
1417 size_t addr
= (size_t)T0_POP();
1418 T0_PUSH(*((unsigned char *)ENG
+ addr
));
1425 T0_PUSHi(-(ENG
->hlen_in
!= 0));
1432 size_t len
= (size_t)T0_POP();
1433 void *addr2
= (unsigned char *)ENG
+ (size_t)T0_POP();
1434 void *addr1
= (unsigned char *)ENG
+ (size_t)T0_POP();
1435 int x
= memcmp(addr1
, addr2
, len
);
1436 T0_PUSH((uint32_t)-(x
== 0));
1443 size_t len
= (size_t)T0_POP();
1444 void *src
= (unsigned char *)ENG
+ (size_t)T0_POP();
1445 void *dst
= (unsigned char *)ENG
+ (size_t)T0_POP();
1446 memcpy(dst
, src
, len
);
1453 size_t len
= (size_t)T0_POP();
1454 void *addr
= (unsigned char *)ENG
+ (size_t)T0_POP();
1455 br_hmac_drbg_generate(&ENG
->rng
, addr
, len
);
1460 /* more-incoming-bytes? */
1462 T0_PUSHi(ENG
->hlen_in
!= 0 || !br_ssl_engine_recvrec_finished(ENG
));
1467 /* multihash-init */
1469 br_multihash_init(&ENG
->mhash
);
1476 uint32_t a
= T0_POP();
1484 uint32_t a
= T0_POP();
1492 uint32_t b
= T0_POP();
1493 uint32_t a
= T0_POP();
1500 T0_PUSH(T0_PEEK(1));
1504 /* read-chunk-native */
1506 size_t clen
= ENG
->hlen_in
;
1512 if ((size_t)len
< clen
) {
1515 memcpy((unsigned char *)ENG
+ addr
, ENG
->hbuf_in
, clen
);
1516 if (ENG
->record_type_in
== BR_SSL_HANDSHAKE
) {
1517 br_multihash_update(&ENG
->mhash
, ENG
->hbuf_in
, clen
);
1519 T0_PUSH(addr
+ (uint32_t)clen
);
1520 T0_PUSH(len
- (uint32_t)clen
);
1521 ENG
->hbuf_in
+= clen
;
1522 ENG
->hlen_in
-= clen
;
1530 if (ENG
->hlen_in
> 0) {
1533 x
= *ENG
->hbuf_in
++;
1534 if (ENG
->record_type_in
== BR_SSL_HANDSHAKE
) {
1535 br_multihash_update(&ENG
->mhash
, &x
, 1);
1546 /* set-server-curve */
1548 const br_x509_class
*xc
;
1549 const br_x509_pkey
*pk
;
1551 xc
= *(ENG
->x509ctx
);
1552 pk
= xc
->get_pkey(ENG
->x509ctx
, NULL
);
1554 (pk
->key_type
== BR_KEYTYPE_EC
) ? pk
->key
.ec
.curve
: 0;
1561 size_t addr
= (size_t)T0_POP();
1562 *(uint16_t *)(void *)((unsigned char *)ENG
+ addr
) = (uint16_t)T0_POP();
1569 size_t addr
= (size_t)T0_POP();
1570 *(uint32_t *)(void *)((unsigned char *)ENG
+ addr
) = (uint32_t)T0_POP();
1577 size_t addr
= (size_t)T0_POP();
1578 *((unsigned char *)ENG
+ addr
) = (unsigned char)T0_POP();
1585 void *str
= (unsigned char *)ENG
+ (size_t)T0_POP();
1586 T0_PUSH((uint32_t)strlen(str
));
1591 /* supported-curves */
1593 uint32_t x
= ENG
->iec
== NULL
? 0 : ENG
->iec
->supported_curves
;
1599 /* supported-hash-functions */
1606 for (i
= br_sha1_ID
; i
<= br_sha512_ID
; i
++) {
1607 if (br_multihash_getimpl(&ENG
->mhash
, i
)) {
1618 /* supports-ecdsa? */
1620 T0_PUSHi(-(ENG
->iecdsa
!= 0));
1625 /* supports-rsa-sign? */
1627 T0_PUSHi(-(ENG
->irsavrfy
!= 0));
1637 /* switch-aesgcm-in */
1639 int is_client
, prf_id
;
1640 unsigned cipher_key_len
;
1642 cipher_key_len
= T0_POP();
1644 is_client
= T0_POP();
1645 br_ssl_engine_switch_gcm_in(ENG
, is_client
, prf_id
,
1646 ENG
->iaes_ctr
, cipher_key_len
);
1651 /* switch-aesgcm-out */
1653 int is_client
, prf_id
;
1654 unsigned cipher_key_len
;
1656 cipher_key_len
= T0_POP();
1658 is_client
= T0_POP();
1659 br_ssl_engine_switch_gcm_out(ENG
, is_client
, prf_id
,
1660 ENG
->iaes_ctr
, cipher_key_len
);
1667 int is_client
, prf_id
, mac_id
, aes
;
1668 unsigned cipher_key_len
;
1670 cipher_key_len
= T0_POP();
1674 is_client
= T0_POP();
1675 br_ssl_engine_switch_cbc_in(ENG
, is_client
, prf_id
, mac_id
,
1676 aes
? ENG
->iaes_cbcdec
: ENG
->ides_cbcdec
, cipher_key_len
);
1681 /* switch-cbc-out */
1683 int is_client
, prf_id
, mac_id
, aes
;
1684 unsigned cipher_key_len
;
1686 cipher_key_len
= T0_POP();
1690 is_client
= T0_POP();
1691 br_ssl_engine_switch_cbc_out(ENG
, is_client
, prf_id
, mac_id
,
1692 aes
? ENG
->iaes_cbcenc
: ENG
->ides_cbcenc
, cipher_key_len
);
1697 /* switch-chapol-in */
1699 int is_client
, prf_id
;
1702 is_client
= T0_POP();
1703 br_ssl_engine_switch_chapol_in(ENG
, is_client
, prf_id
);
1708 /* switch-chapol-out */
1710 int is_client
, prf_id
;
1713 is_client
= T0_POP();
1714 br_ssl_engine_switch_chapol_out(ENG
, is_client
, prf_id
);
1719 /* test-protocol-name */
1721 size_t len
= T0_POP();
1724 for (u
= 0; u
< ENG
->protocol_names_num
; u
++) {
1727 name
= ENG
->protocol_names
[u
];
1728 if (len
== strlen(name
) && memcmp(ENG
->pad
, name
, len
) == 0) {
1738 /* total-chain-length */
1744 for (u
= 0; u
< ENG
->chain_len
; u
++) {
1745 total
+= 3 + (uint32_t)ENG
->chain
[u
].data_len
;
1754 int c
= (int)T0_POPi();
1755 uint32_t x
= T0_POP();
1761 /* verify-SKE-sig */
1763 size_t sig_len
= T0_POP();
1764 int use_rsa
= T0_POPi();
1765 int hash
= T0_POPi();
1767 T0_PUSH(verify_SKE_sig(CTX
, hash
, use_rsa
, sig_len
));
1772 /* write-blob-chunk */
1774 size_t clen
= ENG
->hlen_out
;
1780 if ((size_t)len
< clen
) {
1783 memcpy(ENG
->hbuf_out
, (unsigned char *)ENG
+ addr
, clen
);
1784 if (ENG
->record_type_out
== BR_SSL_HANDSHAKE
) {
1785 br_multihash_update(&ENG
->mhash
, ENG
->hbuf_out
, clen
);
1787 T0_PUSH(addr
+ (uint32_t)clen
);
1788 T0_PUSH(len
- (uint32_t)clen
);
1789 ENG
->hbuf_out
+= clen
;
1790 ENG
->hlen_out
-= clen
;
1800 x
= (unsigned char)T0_POP();
1801 if (ENG
->hlen_out
> 0) {
1802 if (ENG
->record_type_out
== BR_SSL_HANDSHAKE
) {
1803 br_multihash_update(&ENG
->mhash
, &x
, 1);
1805 *ENG
->hbuf_out
++ = x
;
1817 const br_x509_class
*xc
;
1820 xc
= *(ENG
->x509ctx
);
1822 xc
->append(ENG
->x509ctx
, ENG
->pad
, len
);
1829 const br_x509_class
*xc
;
1831 xc
= *(ENG
->x509ctx
);
1832 xc
->end_cert(ENG
->x509ctx
);
1837 /* x509-end-chain */
1839 const br_x509_class
*xc
;
1841 xc
= *(ENG
->x509ctx
);
1842 T0_PUSH(xc
->end_chain(ENG
->x509ctx
));
1847 /* x509-start-cert */
1849 const br_x509_class
*xc
;
1851 xc
= *(ENG
->x509ctx
);
1852 xc
->start_cert(ENG
->x509ctx
, T0_POP());
1857 /* x509-start-chain */
1859 const br_x509_class
*xc
;
1863 xc
= *(ENG
->x509ctx
);
1864 xc
->start_chain(ENG
->x509ctx
, bc
? ENG
->server_name
: NULL
);
1871 T0_ENTER(ip
, rp
, t0x
);
1875 ((t0_context
*)t0ctx
)->dp
= dp
;
1876 ((t0_context
*)t0ctx
)->rp
= rp
;
1877 ((t0_context
*)t0ctx
)->ip
= ip
;