projects / BearSSL / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Added implementation of keying material export (RFC 5705) (API for PRF implementation...
[BearSSL] / src / ssl / ssl_hs_client.c
1 /* Automatically generated code; do not modify directly. */
2
3 #include <stddef.h>
4 #include <stdint.h>
5
6 typedef struct {
7 uint32_t *dp;
8 uint32_t *rp;
9 const unsigned char *ip;
10 } t0_context;
11
12 static uint32_t
13 t0_parse7E_unsigned(const unsigned char **p)
14 {
15 uint32_t x;
16
17 x = 0;
18 for (;;) {
19 unsigned y;
20
21 y = *(*p) ++;
22 x = (x << 7) | (uint32_t)(y & 0x7F);
23 if (y < 0x80) {
24 return x;
25 }
26 }
27 }
28
29 static int32_t
30 t0_parse7E_signed(const unsigned char **p)
31 {
32 int neg;
33 uint32_t x;
34
35 neg = ((**p) >> 6) & 1;
36 x = (uint32_t)-neg;
37 for (;;) {
38 unsigned y;
39
40 y = *(*p) ++;
41 x = (x << 7) | (uint32_t)(y & 0x7F);
42 if (y < 0x80) {
43 if (neg) {
44 return -(int32_t)~x - 1;
45 } else {
46 return (int32_t)x;
47 }
48 }
49 }
50 }
51
52 #define T0_VBYTE(x, n) (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) | 0x80)
53 #define T0_FBYTE(x, n) (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)
54 #define T0_SBYTE(x) (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)
55 #define T0_INT1(x) T0_FBYTE(x, 0)
56 #define T0_INT2(x) T0_VBYTE(x, 7), T0_FBYTE(x, 0)
57 #define T0_INT3(x) T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
58 #define T0_INT4(x) T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
59 #define T0_INT5(x) T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
60
61 /* static const unsigned char t0_datablock[]; */
62
63
64 void br_ssl_hs_client_init_main(void *t0ctx);
65
66 void br_ssl_hs_client_run(void *t0ctx);
67
68
69
70 #include <stddef.h>
71 #include <string.h>
72
73 #include "inner.h"
74
75 /*
76 * This macro evaluates to a pointer to the current engine context.
77 */
78 #define ENG ((br_ssl_engine_context *)((unsigned char *)t0ctx - offsetof(br_ssl_engine_context, cpu)))
79
80
81
82
83
84 /*
85 * This macro evaluates to a pointer to the client context, under that
86 * specific name. It must be noted that since the engine context is the
87 * first field of the br_ssl_client_context structure ('eng'), then
88 * pointers values of both types are interchangeable, modulo an
89 * appropriate cast. This also means that "adresses" computed as offsets
90 * within the structure work for both kinds of context.
91 */
92 #define CTX ((br_ssl_client_context *)ENG)
93
94 /*
95 * Generate the pre-master secret for RSA key exchange, and encrypt it
96 * with the server's public key. Returned value is either the encrypted
97 * data length (in bytes), or -x on error, with 'x' being an error code.
98 *
99 * This code assumes that the public key has been already verified (it
100 * was properly obtained by the X.509 engine, and it has the right type,
101 * i.e. it is of type RSA and suitable for encryption).
102 */
103 static int
104 make_pms_rsa(br_ssl_client_context *ctx, int prf_id)
105 {
106 const br_x509_class **xc;
107 const br_x509_pkey *pk;
108 const unsigned char *n;
109 unsigned char *pms;
110 size_t nlen, u;
111
112 xc = ctx->eng.x509ctx;
113 pk = (*xc)->get_pkey(xc, NULL);
114
115 /*
116 * Compute actual RSA key length, in case there are leading zeros.
117 */
118 n = pk->key.rsa.n;
119 nlen = pk->key.rsa.nlen;
120 while (nlen > 0 && *n == 0) {
121 n ++;
122 nlen --;
123 }
124
125 /*
126 * We need at least 59 bytes (48 bytes for pre-master secret, and
127 * 11 bytes for the PKCS#1 type 2 padding). Note that the X.509
128 * minimal engine normally blocks RSA keys shorter than 128 bytes,
129 * so this is mostly for public keys provided explicitly by the
130 * caller.
131 */
132 if (nlen < 59) {
133 return -BR_ERR_X509_WEAK_PUBLIC_KEY;
134 }
135 if (nlen > sizeof ctx->eng.pad) {
136 return -BR_ERR_LIMIT_EXCEEDED;
137 }
138
139 /*
140 * Make PMS.
141 */
142 pms = ctx->eng.pad + nlen - 48;
143 br_enc16be(pms, ctx->eng.version_max);
144 br_hmac_drbg_generate(&ctx->eng.rng, pms + 2, 46);
145 br_ssl_engine_compute_master(&ctx->eng, prf_id, pms, 48);
146
147 /*
148 * Apply PKCS#1 type 2 padding.
149 */
150 ctx->eng.pad[0] = 0x00;
151 ctx->eng.pad[1] = 0x02;
152 ctx->eng.pad[nlen - 49] = 0x00;
153 br_hmac_drbg_generate(&ctx->eng.rng, ctx->eng.pad + 2, nlen - 51);
154 for (u = 2; u < nlen - 49; u ++) {
155 while (ctx->eng.pad[u] == 0) {
156 br_hmac_drbg_generate(&ctx->eng.rng,
157 &ctx->eng.pad[u], 1);
158 }
159 }
160
161 /*
162 * Compute RSA encryption.
163 */
164 if (!ctx->irsapub(ctx->eng.pad, nlen, &pk->key.rsa)) {
165 return -BR_ERR_LIMIT_EXCEEDED;
166 }
167 return (int)nlen;
168 }
169
170 /*
171 * OID for hash functions in RSA signatures.
172 */
173 static const unsigned char *HASH_OID[] = {
174 BR_HASH_OID_SHA1,
175 BR_HASH_OID_SHA224,
176 BR_HASH_OID_SHA256,
177 BR_HASH_OID_SHA384,
178 BR_HASH_OID_SHA512
179 };
180
181 /*
182 * Check the RSA signature on the ServerKeyExchange message.
183 *
184 * hash hash function ID (2 to 6), or 0 for MD5+SHA-1 (with RSA only)
185 * use_rsa non-zero for RSA signature, zero for ECDSA
186 * sig_len signature length (in bytes); signature value is in the pad
187 *
188 * Returned value is 0 on success, or an error code.
189 */
190 static int
191 verify_SKE_sig(br_ssl_client_context *ctx,
192 int hash, int use_rsa, size_t sig_len)
193 {
194 const br_x509_class **xc;
195 const br_x509_pkey *pk;
196 br_multihash_context mhc;
197 unsigned char hv[64], head[4];
198 size_t hv_len;
199
200 xc = ctx->eng.x509ctx;
201 pk = (*xc)->get_pkey(xc, NULL);
202 br_multihash_zero(&mhc);
203 br_multihash_copyimpl(&mhc, &ctx->eng.mhash);
204 br_multihash_init(&mhc);
205 br_multihash_update(&mhc,
206 ctx->eng.client_random, sizeof ctx->eng.client_random);
207 br_multihash_update(&mhc,
208 ctx->eng.server_random, sizeof ctx->eng.server_random);
209 head[0] = 3;
210 head[1] = 0;
211 head[2] = ctx->eng.ecdhe_curve;
212 head[3] = ctx->eng.ecdhe_point_len;
213 br_multihash_update(&mhc, head, sizeof head);
214 br_multihash_update(&mhc,
215 ctx->eng.ecdhe_point, ctx->eng.ecdhe_point_len);
216 if (hash) {
217 hv_len = br_multihash_out(&mhc, hash, hv);
218 if (hv_len == 0) {
219 return BR_ERR_INVALID_ALGORITHM;
220 }
221 } else {
222 if (!br_multihash_out(&mhc, br_md5_ID, hv)
223 || !br_multihash_out(&mhc, br_sha1_ID, hv + 16))
224 {
225 return BR_ERR_INVALID_ALGORITHM;
226 }
227 hv_len = 36;
228 }
229 if (use_rsa) {
230 unsigned char tmp[64];
231 const unsigned char *hash_oid;
232
233 if (hash) {
234 hash_oid = HASH_OID[hash - 2];
235 } else {
236 hash_oid = NULL;
237 }
238 if (!ctx->eng.irsavrfy(ctx->eng.pad, sig_len,
239 hash_oid, hv_len, &pk->key.rsa, tmp)
240 || memcmp(tmp, hv, hv_len) != 0)
241 {
242 return BR_ERR_BAD_SIGNATURE;
243 }
244 } else {
245 if (!ctx->eng.iecdsa(ctx->eng.iec, hv, hv_len, &pk->key.ec,
246 ctx->eng.pad, sig_len))
247 {
248 return BR_ERR_BAD_SIGNATURE;
249 }
250 }
251 return 0;
252 }
253
254 /*
255 * Perform client-side ECDH (or ECDHE). The point that should be sent to
256 * the server is written in the pad; returned value is either the point
257 * length (in bytes), or -x on error, with 'x' being an error code.
258 *
259 * The point _from_ the server is taken from ecdhe_point[] if 'ecdhe'
260 * is non-zero, or from the X.509 engine context if 'ecdhe' is zero
261 * (for static ECDH).
262 */
263 static int
264 make_pms_ecdh(br_ssl_client_context *ctx, unsigned ecdhe, int prf_id)
265 {
266 int curve;
267 unsigned char key[66], point[133];
268 const unsigned char *order, *point_src;
269 size_t glen, olen, point_len, xoff, xlen;
270 unsigned char mask;
271
272 if (ecdhe) {
273 curve = ctx->eng.ecdhe_curve;
274 point_src = ctx->eng.ecdhe_point;
275 point_len = ctx->eng.ecdhe_point_len;
276 } else {
277 const br_x509_class **xc;
278 const br_x509_pkey *pk;
279
280 xc = ctx->eng.x509ctx;
281 pk = (*xc)->get_pkey(xc, NULL);
282 curve = pk->key.ec.curve;
283 point_src = pk->key.ec.q;
284 point_len = pk->key.ec.qlen;
285 }
286 if ((ctx->eng.iec->supported_curves & ((uint32_t)1 << curve)) == 0) {
287 return -BR_ERR_INVALID_ALGORITHM;
288 }
289
290 /*
291 * We need to generate our key, as a non-zero random value which
292 * is lower than the curve order, in a "large enough" range. We
293 * force top bit to 0 and bottom bit to 1, which guarantees that
294 * the value is in the proper range.
295 */
296 order = ctx->eng.iec->order(curve, &olen);
297 mask = 0xFF;
298 while (mask >= order[0]) {
299 mask >>= 1;
300 }
301 br_hmac_drbg_generate(&ctx->eng.rng, key, olen);
302 key[0] &= mask;
303 key[olen - 1] |= 0x01;
304
305 /*
306 * Compute the common ECDH point, whose X coordinate is the
307 * pre-master secret.
308 */
309 ctx->eng.iec->generator(curve, &glen);
310 if (glen != point_len) {
311 return -BR_ERR_INVALID_ALGORITHM;
312 }
313
314 memcpy(point, point_src, glen);
315 if (!ctx->eng.iec->mul(point, glen, key, olen, curve)) {
316 return -BR_ERR_INVALID_ALGORITHM;
317 }
318
319 /*
320 * The pre-master secret is the X coordinate.
321 */
322 xoff = ctx->eng.iec->xoff(curve, &xlen);
323 br_ssl_engine_compute_master(&ctx->eng, prf_id, point + xoff, xlen);
324
325 ctx->eng.iec->mulgen(point, key, olen, curve);
326 memcpy(ctx->eng.pad, point, glen);
327 return (int)glen;
328 }
329
330 /*
331 * Perform full static ECDH. This occurs only in the context of client
332 * authentication with certificates: the server uses an EC public key,
333 * the cipher suite is of type ECDH (not ECDHE), the server requested a
334 * client certificate and accepts static ECDH, the client has a
335 * certificate with an EC public key in the same curve, and accepts
336 * static ECDH as well.
337 *
338 * Returned value is 0 on success, -1 on error.
339 */
340 static int
341 make_pms_static_ecdh(br_ssl_client_context *ctx, int prf_id)
342 {
343 unsigned char point[133];
344 size_t point_len;
345 const br_x509_class **xc;
346 const br_x509_pkey *pk;
347
348 xc = ctx->eng.x509ctx;
349 pk = (*xc)->get_pkey(xc, NULL);
350 point_len = pk->key.ec.qlen;
351 if (point_len > sizeof point) {
352 return -1;
353 }
354 memcpy(point, pk->key.ec.q, point_len);
355 if (!(*ctx->client_auth_vtable)->do_keyx(
356 ctx->client_auth_vtable, point, &point_len))
357 {
358 return -1;
359 }
360 br_ssl_engine_compute_master(&ctx->eng,
361 prf_id, point, point_len);
362 return 0;
363 }
364
365 /*
366 * Compute the client-side signature. This is invoked only when a
367 * signature-based client authentication was selected. The computed
368 * signature is in the pad; its length (in bytes) is returned. On
369 * error, 0 is returned.
370 */
371 static size_t
372 make_client_sign(br_ssl_client_context *ctx)
373 {
374 size_t hv_len;
375
376 /*
377 * Compute hash of handshake messages so far. This "cannot" fail
378 * because the list of supported hash functions provided to the
379 * client certificate handler was trimmed to include only the
380 * hash functions that the multi-hasher supports.
381 */
382 if (ctx->hash_id) {
383 hv_len = br_multihash_out(&ctx->eng.mhash,
384 ctx->hash_id, ctx->eng.pad);
385 } else {
386 br_multihash_out(&ctx->eng.mhash,
387 br_md5_ID, ctx->eng.pad);
388 br_multihash_out(&ctx->eng.mhash,
389 br_sha1_ID, ctx->eng.pad + 16);
390 hv_len = 36;
391 }
392 return (*ctx->client_auth_vtable)->do_sign(
393 ctx->client_auth_vtable, ctx->hash_id, hv_len,
394 ctx->eng.pad, sizeof ctx->eng.pad);
395 }
396
397
398
399 static const unsigned char t0_datablock[] = {
400 0x00, 0x00, 0x0A, 0x00, 0x24, 0x00, 0x2F, 0x01, 0x24, 0x00, 0x35, 0x02,
401 0x24, 0x00, 0x3C, 0x01, 0x44, 0x00, 0x3D, 0x02, 0x44, 0x00, 0x9C, 0x03,
402 0x04, 0x00, 0x9D, 0x04, 0x05, 0xC0, 0x03, 0x40, 0x24, 0xC0, 0x04, 0x41,
403 0x24, 0xC0, 0x05, 0x42, 0x24, 0xC0, 0x08, 0x20, 0x24, 0xC0, 0x09, 0x21,
404 0x24, 0xC0, 0x0A, 0x22, 0x24, 0xC0, 0x0D, 0x30, 0x24, 0xC0, 0x0E, 0x31,
405 0x24, 0xC0, 0x0F, 0x32, 0x24, 0xC0, 0x12, 0x10, 0x24, 0xC0, 0x13, 0x11,
406 0x24, 0xC0, 0x14, 0x12, 0x24, 0xC0, 0x23, 0x21, 0x44, 0xC0, 0x24, 0x22,
407 0x55, 0xC0, 0x25, 0x41, 0x44, 0xC0, 0x26, 0x42, 0x55, 0xC0, 0x27, 0x11,
408 0x44, 0xC0, 0x28, 0x12, 0x55, 0xC0, 0x29, 0x31, 0x44, 0xC0, 0x2A, 0x32,
409 0x55, 0xC0, 0x2B, 0x23, 0x04, 0xC0, 0x2C, 0x24, 0x05, 0xC0, 0x2D, 0x43,
410 0x04, 0xC0, 0x2E, 0x44, 0x05, 0xC0, 0x2F, 0x13, 0x04, 0xC0, 0x30, 0x14,
411 0x05, 0xC0, 0x31, 0x33, 0x04, 0xC0, 0x32, 0x34, 0x05, 0xCC, 0xA8, 0x15,
412 0x04, 0xCC, 0xA9, 0x25, 0x04, 0x00, 0x00
413 };
414
415 static const unsigned char t0_codeblock[] = {
416 0x00, 0x01, 0x00, 0x0A, 0x00, 0x00, 0x01, 0x00, 0x0D, 0x00, 0x00, 0x01,
417 0x00, 0x0E, 0x00, 0x00, 0x01, 0x00, 0x0F, 0x00, 0x00, 0x01, 0x01, 0x08,
418 0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x02, 0x08, 0x00, 0x00,
419 0x01, 0x02, 0x09, 0x00, 0x00, 0x25, 0x25, 0x00, 0x00, 0x01,
420 T0_INT1(BR_ERR_BAD_CCS), 0x00, 0x00, 0x01,
421 T0_INT1(BR_ERR_BAD_CIPHER_SUITE), 0x00, 0x00, 0x01,
422 T0_INT1(BR_ERR_BAD_COMPRESSION), 0x00, 0x00, 0x01,
423 T0_INT1(BR_ERR_BAD_FINISHED), 0x00, 0x00, 0x01,
424 T0_INT1(BR_ERR_BAD_FRAGLEN), 0x00, 0x00, 0x01,
425 T0_INT1(BR_ERR_BAD_HANDSHAKE), 0x00, 0x00, 0x01,
426 T0_INT1(BR_ERR_BAD_HELLO_DONE), 0x00, 0x00, 0x01,
427 T0_INT1(BR_ERR_BAD_PARAM), 0x00, 0x00, 0x01,
428 T0_INT1(BR_ERR_BAD_SECRENEG), 0x00, 0x00, 0x01,
429 T0_INT1(BR_ERR_BAD_SNI), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_BAD_VERSION),
430 0x00, 0x00, 0x01, T0_INT1(BR_ERR_EXTRA_EXTENSION), 0x00, 0x00, 0x01,
431 T0_INT1(BR_ERR_INVALID_ALGORITHM), 0x00, 0x00, 0x01,
432 T0_INT1(BR_ERR_LIMIT_EXCEEDED), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OK),
433 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OVERSIZED_ID), 0x00, 0x00, 0x01,
434 T0_INT1(BR_ERR_RESUME_MISMATCH), 0x00, 0x00, 0x01,
435 T0_INT1(BR_ERR_UNEXPECTED), 0x00, 0x00, 0x01,
436 T0_INT1(BR_ERR_UNSUPPORTED_VERSION), 0x00, 0x00, 0x01,
437 T0_INT1(BR_ERR_WRONG_KEY_USAGE), 0x00, 0x00, 0x01,
438 T0_INT2(offsetof(br_ssl_engine_context, action)), 0x00, 0x00, 0x01,
439 T0_INT2(offsetof(br_ssl_engine_context, alert)), 0x00, 0x00, 0x01,
440 T0_INT2(offsetof(br_ssl_engine_context, application_data)), 0x00, 0x00,
441 0x01, T0_INT2(offsetof(br_ssl_client_context, auth_type)), 0x00, 0x00,
442 0x01,
443 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, cipher_suite)),
444 0x00, 0x00, 0x01,
445 T0_INT2(offsetof(br_ssl_engine_context, client_random)), 0x00, 0x00,
446 0x01, T0_INT2(offsetof(br_ssl_engine_context, close_received)), 0x00,
447 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_curve)),
448 0x00, 0x00, 0x01,
449 T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point)), 0x00, 0x00,
450 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point_len)), 0x00,
451 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, flags)), 0x00,
452 0x00, 0x01, T0_INT2(offsetof(br_ssl_client_context, hash_id)), 0x00,
453 0x00, 0x01, T0_INT2(offsetof(br_ssl_client_context, hashes)), 0x00,
454 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, log_max_frag_len)),
455 0x00, 0x00, 0x01,
456 T0_INT2(offsetof(br_ssl_client_context, min_clienthello_len)), 0x00,
457 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, pad)), 0x00, 0x00,
458 0x01, T0_INT2(offsetof(br_ssl_engine_context, protocol_names_num)),
459 0x00, 0x00, 0x01,
460 T0_INT2(offsetof(br_ssl_engine_context, record_type_in)), 0x00, 0x00,
461 0x01, T0_INT2(offsetof(br_ssl_engine_context, record_type_out)), 0x00,
462 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, reneg)), 0x00,
463 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, saved_finished)),
464 0x00, 0x00, 0x01,
465 T0_INT2(offsetof(br_ssl_engine_context, selected_protocol)), 0x00,
466 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, server_name)),
467 0x00, 0x00, 0x01,
468 T0_INT2(offsetof(br_ssl_engine_context, server_random)), 0x00, 0x00,
469 0x01,
470 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id)),
471 0x00, 0x00, 0x01,
472 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id_len)),
473 0x00, 0x00, 0x01,
474 T0_INT2(offsetof(br_ssl_engine_context, shutdown_recv)), 0x00, 0x00,
475 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_buf)), 0x00, 0x00,
476 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_num)), 0x00, 0x00,
477 0x01,
478 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, version)),
479 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_in)),
480 0x00, 0x00, 0x01,
481 T0_INT2(offsetof(br_ssl_engine_context, version_max)), 0x00, 0x00,
482 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_min)), 0x00,
483 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_out)),
484 0x00, 0x00, 0x09, 0x26, 0x56, 0x06, 0x02, 0x66, 0x28, 0x00, 0x00, 0x06,
485 0x08, 0x2C, 0x0E, 0x05, 0x02, 0x6F, 0x28, 0x04, 0x01, 0x3C, 0x00, 0x00,
486 0x01, 0x01, 0x00, 0x01, 0x03, 0x00, 0x97, 0x26, 0x5C, 0x44, 0x9B, 0x26,
487 0x05, 0x04, 0x5E, 0x01, 0x00, 0x00, 0x02, 0x00, 0x0E, 0x06, 0x02, 0x9B,
488 0x00, 0x5C, 0x04, 0x6B, 0x00, 0x06, 0x02, 0x66, 0x28, 0x00, 0x00, 0x26,
489 0x87, 0x44, 0x05, 0x03, 0x01, 0x0C, 0x08, 0x44, 0x77, 0x2C, 0xA9, 0x1C,
490 0x82, 0x01, 0x0C, 0x31, 0x00, 0x00, 0x26, 0x1F, 0x01, 0x08, 0x0B, 0x44,
491 0x5A, 0x1F, 0x08, 0x00, 0x01, 0x03, 0x00, 0x75, 0x2E, 0x02, 0x00, 0x36,
492 0x17, 0x01, 0x01, 0x0B, 0x75, 0x3E, 0x29, 0x1A, 0x36, 0x06, 0x07, 0x02,
493 0x00, 0xCC, 0x03, 0x00, 0x04, 0x75, 0x01, 0x00, 0xC3, 0x02, 0x00, 0x26,
494 0x1A, 0x17, 0x06, 0x02, 0x6D, 0x28, 0xCC, 0x04, 0x76, 0x01, 0x01, 0x00,
495 0x75, 0x3E, 0x01, 0x16, 0x85, 0x3E, 0x01, 0x00, 0x88, 0x3C, 0x34, 0xD2,
496 0x29, 0xB2, 0x06, 0x09, 0x01, 0x7F, 0xAD, 0x01, 0x7F, 0xCF, 0x04, 0x80,
497 0x53, 0xAF, 0x77, 0x2C, 0x9F, 0x01, T0_INT1(BR_KEYTYPE_SIGN), 0x17,
498 0x06, 0x01, 0xB3, 0xB6, 0x26, 0x01, 0x0D, 0x0E, 0x06, 0x07, 0x25, 0xB5,
499 0xB6, 0x01, 0x7F, 0x04, 0x02, 0x01, 0x00, 0x03, 0x00, 0x01, 0x0E, 0x0E,
500 0x05, 0x02, 0x70, 0x28, 0x06, 0x02, 0x65, 0x28, 0x33, 0x06, 0x02, 0x70,
501 0x28, 0x02, 0x00, 0x06, 0x1C, 0xD0, 0x7E, 0x2E, 0x01, 0x81, 0x7F, 0x0E,
502 0x06, 0x0D, 0x25, 0x01, 0x10, 0xDB, 0x01, 0x00, 0xDA, 0x77, 0x2C, 0xA9,
503 0x24, 0x04, 0x04, 0xD3, 0x06, 0x01, 0xD1, 0x04, 0x01, 0xD3, 0x01, 0x7F,
504 0xCF, 0x01, 0x7F, 0xAD, 0x01, 0x01, 0x75, 0x3E, 0x01, 0x17, 0x85, 0x3E,
505 0x00, 0x00, 0x38, 0x38, 0x00, 0x00, 0x98, 0x01, 0x0C, 0x11, 0x01, 0x00,
506 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
507 T0_INT1(BR_KEYTYPE_RSA | BR_KEYTYPE_KEYX), 0x04, 0x30, 0x01, 0x01,
508 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
509 T0_INT1(BR_KEYTYPE_RSA | BR_KEYTYPE_SIGN), 0x04, 0x25, 0x01, 0x02,
510 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
511 T0_INT1(BR_KEYTYPE_EC | BR_KEYTYPE_SIGN), 0x04, 0x1A, 0x01, 0x03,
512 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
513 T0_INT1(BR_KEYTYPE_EC | BR_KEYTYPE_KEYX), 0x04, 0x0F, 0x01, 0x04,
514 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
515 T0_INT1(BR_KEYTYPE_EC | BR_KEYTYPE_KEYX), 0x04, 0x04, 0x01, 0x00,
516 0x44, 0x25, 0x00, 0x00, 0x80, 0x2E, 0x01, 0x0E, 0x0E, 0x06, 0x04, 0x01,
517 0x00, 0x04, 0x02, 0x01, 0x05, 0x00, 0x00, 0x40, 0x06, 0x04, 0x01, 0x06,
518 0x04, 0x02, 0x01, 0x00, 0x00, 0x00, 0x86, 0x2E, 0x26, 0x06, 0x08, 0x01,
519 0x01, 0x09, 0x01, 0x11, 0x07, 0x04, 0x03, 0x25, 0x01, 0x05, 0x00, 0x01,
520 0x41, 0x03, 0x00, 0x25, 0x01, 0x00, 0x43, 0x06, 0x03, 0x02, 0x00, 0x08,
521 0x42, 0x06, 0x03, 0x02, 0x00, 0x08, 0x26, 0x06, 0x06, 0x01, 0x01, 0x0B,
522 0x01, 0x06, 0x08, 0x00, 0x00, 0x89, 0x3F, 0x26, 0x06, 0x03, 0x01, 0x09,
523 0x08, 0x00, 0x01, 0x40, 0x26, 0x06, 0x1E, 0x01, 0x00, 0x03, 0x00, 0x26,
524 0x06, 0x0E, 0x26, 0x01, 0x01, 0x17, 0x02, 0x00, 0x08, 0x03, 0x00, 0x01,
525 0x01, 0x11, 0x04, 0x6F, 0x25, 0x02, 0x00, 0x01, 0x01, 0x0B, 0x01, 0x06,
526 0x08, 0x00, 0x00, 0x7D, 0x2D, 0x44, 0x11, 0x01, 0x01, 0x17, 0x35, 0x00,
527 0x00, 0x9D, 0xCB, 0x26, 0x01, 0x07, 0x17, 0x01, 0x00, 0x38, 0x0E, 0x06,
528 0x09, 0x25, 0x01, 0x10, 0x17, 0x06, 0x01, 0x9D, 0x04, 0x2D, 0x01, 0x01,
529 0x38, 0x0E, 0x06, 0x24, 0x25, 0x25, 0x01, 0x00, 0x75, 0x3E, 0xB1, 0x86,
530 0x2E, 0x01, 0x01, 0x0E, 0x01, 0x01, 0xA6, 0x37, 0x06, 0x0F, 0x29, 0x1A,
531 0x36, 0x06, 0x04, 0xCB, 0x25, 0x04, 0x78, 0x01, 0x80, 0x64, 0xC3, 0x04,
532 0x01, 0x9D, 0x04, 0x03, 0x70, 0x28, 0x25, 0x04, 0xFF, 0x3C, 0x01, 0x26,
533 0x03, 0x00, 0x09, 0x26, 0x56, 0x06, 0x02, 0x66, 0x28, 0x02, 0x00, 0x00,
534 0x00, 0x98, 0x01, 0x0F, 0x17, 0x00, 0x00, 0x74, 0x2E, 0x01, 0x00, 0x38,
535 0x0E, 0x06, 0x10, 0x25, 0x26, 0x01, 0x01, 0x0D, 0x06, 0x03, 0x25, 0x01,
536 0x02, 0x74, 0x3E, 0x01, 0x00, 0x04, 0x21, 0x01, 0x01, 0x38, 0x0E, 0x06,
537 0x14, 0x25, 0x01, 0x00, 0x74, 0x3E, 0x26, 0x01, 0x80, 0x64, 0x0E, 0x06,
538 0x05, 0x01, 0x82, 0x00, 0x08, 0x28, 0x58, 0x04, 0x07, 0x25, 0x01, 0x82,
539 0x00, 0x08, 0x28, 0x25, 0x00, 0x00, 0x01, 0x00, 0x2F, 0x06, 0x05, 0x3A,
540 0xAA, 0x37, 0x04, 0x78, 0x26, 0x06, 0x04, 0x01, 0x01, 0x8D, 0x3E, 0x00,
541 0x01, 0xBD, 0xA8, 0xBD, 0xA8, 0xBF, 0x82, 0x44, 0x26, 0x03, 0x00, 0xB4,
542 0x99, 0x99, 0x02, 0x00, 0x4B, 0x26, 0x56, 0x06, 0x0A, 0x01, 0x03, 0xA6,
543 0x06, 0x02, 0x70, 0x28, 0x25, 0x04, 0x03, 0x5A, 0x88, 0x3C, 0x00, 0x00,
544 0x2F, 0x06, 0x0B, 0x84, 0x2E, 0x01, 0x14, 0x0D, 0x06, 0x02, 0x70, 0x28,
545 0x04, 0x11, 0xCB, 0x01, 0x07, 0x17, 0x26, 0x01, 0x02, 0x0D, 0x06, 0x06,
546 0x06, 0x02, 0x70, 0x28, 0x04, 0x70, 0x25, 0xC0, 0x01, 0x01, 0x0D, 0x33,
547 0x37, 0x06, 0x02, 0x5F, 0x28, 0x26, 0x01, 0x01, 0xC6, 0x36, 0xB0, 0x00,
548 0x01, 0xB6, 0x01, 0x0B, 0x0E, 0x05, 0x02, 0x70, 0x28, 0x26, 0x01, 0x03,
549 0x0E, 0x06, 0x08, 0xBE, 0x06, 0x02, 0x66, 0x28, 0x44, 0x25, 0x00, 0x44,
550 0x55, 0xBE, 0xA8, 0x26, 0x06, 0x23, 0xBE, 0xA8, 0x26, 0x54, 0x26, 0x06,
551 0x18, 0x26, 0x01, 0x82, 0x00, 0x0F, 0x06, 0x05, 0x01, 0x82, 0x00, 0x04,
552 0x01, 0x26, 0x03, 0x00, 0x82, 0x02, 0x00, 0xB4, 0x02, 0x00, 0x51, 0x04,
553 0x65, 0x99, 0x52, 0x04, 0x5A, 0x99, 0x99, 0x53, 0x26, 0x06, 0x02, 0x35,
554 0x00, 0x25, 0x2B, 0x00, 0x00, 0x77, 0x2C, 0x9F, 0x01, 0x7F, 0xAE, 0x26,
555 0x56, 0x06, 0x02, 0x35, 0x28, 0x26, 0x05, 0x02, 0x70, 0x28, 0x38, 0x17,
556 0x0D, 0x06, 0x02, 0x72, 0x28, 0x3B, 0x00, 0x00, 0x9A, 0xB6, 0x01, 0x14,
557 0x0D, 0x06, 0x02, 0x70, 0x28, 0x82, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0xB4,
558 0x99, 0x82, 0x26, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0x30, 0x05, 0x02, 0x62,
559 0x28, 0x00, 0x00, 0xB7, 0x06, 0x02, 0x70, 0x28, 0x06, 0x02, 0x64, 0x28,
560 0x00, 0x0A, 0xB6, 0x01, 0x02, 0x0E, 0x05, 0x02, 0x70, 0x28, 0xBD, 0x03,
561 0x00, 0x02, 0x00, 0x93, 0x2C, 0x0A, 0x02, 0x00, 0x92, 0x2C, 0x0F, 0x37,
562 0x06, 0x02, 0x71, 0x28, 0x02, 0x00, 0x91, 0x2C, 0x0D, 0x06, 0x02, 0x69,
563 0x28, 0x02, 0x00, 0x94, 0x3C, 0x8A, 0x01, 0x20, 0xB4, 0x01, 0x00, 0x03,
564 0x01, 0xBF, 0x03, 0x02, 0x02, 0x02, 0x01, 0x20, 0x0F, 0x06, 0x02, 0x6E,
565 0x28, 0x82, 0x02, 0x02, 0xB4, 0x02, 0x02, 0x8C, 0x2E, 0x0E, 0x02, 0x02,
566 0x01, 0x00, 0x0F, 0x17, 0x06, 0x0B, 0x8B, 0x82, 0x02, 0x02, 0x30, 0x06,
567 0x04, 0x01, 0x7F, 0x03, 0x01, 0x8B, 0x82, 0x02, 0x02, 0x31, 0x02, 0x02,
568 0x8C, 0x3E, 0x02, 0x00, 0x90, 0x02, 0x01, 0x96, 0xBD, 0x26, 0xC1, 0x56,
569 0x06, 0x02, 0x60, 0x28, 0x77, 0x02, 0x01, 0x96, 0xBF, 0x06, 0x02, 0x61,
570 0x28, 0x26, 0x06, 0x81, 0x45, 0xBD, 0xA8, 0xA4, 0x03, 0x03, 0xA2, 0x03,
571 0x04, 0xA0, 0x03, 0x05, 0xA3, 0x03, 0x06, 0xA5, 0x03, 0x07, 0xA1, 0x03,
572 0x08, 0x27, 0x03, 0x09, 0x26, 0x06, 0x81, 0x18, 0xBD, 0x01, 0x00, 0x38,
573 0x0E, 0x06, 0x0F, 0x25, 0x02, 0x03, 0x05, 0x02, 0x6A, 0x28, 0x01, 0x00,
574 0x03, 0x03, 0xBC, 0x04, 0x80, 0x7F, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x0F,
575 0x25, 0x02, 0x05, 0x05, 0x02, 0x6A, 0x28, 0x01, 0x00, 0x03, 0x05, 0xBA,
576 0x04, 0x80, 0x6A, 0x01, 0x83, 0xFE, 0x01, 0x38, 0x0E, 0x06, 0x0F, 0x25,
577 0x02, 0x04, 0x05, 0x02, 0x6A, 0x28, 0x01, 0x00, 0x03, 0x04, 0xBB, 0x04,
578 0x80, 0x53, 0x01, 0x0D, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x06, 0x05,
579 0x02, 0x6A, 0x28, 0x01, 0x00, 0x03, 0x06, 0xB8, 0x04, 0x3F, 0x01, 0x0A,
580 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x07, 0x05, 0x02, 0x6A, 0x28, 0x01,
581 0x00, 0x03, 0x07, 0xB8, 0x04, 0x2B, 0x01, 0x0B, 0x38, 0x0E, 0x06, 0x0E,
582 0x25, 0x02, 0x08, 0x05, 0x02, 0x6A, 0x28, 0x01, 0x00, 0x03, 0x08, 0xB8,
583 0x04, 0x17, 0x01, 0x10, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x09, 0x05,
584 0x02, 0x6A, 0x28, 0x01, 0x00, 0x03, 0x09, 0xAC, 0x04, 0x03, 0x6A, 0x28,
585 0x25, 0x04, 0xFE, 0x64, 0x02, 0x04, 0x06, 0x0D, 0x02, 0x04, 0x01, 0x05,
586 0x0F, 0x06, 0x02, 0x67, 0x28, 0x01, 0x01, 0x86, 0x3E, 0x99, 0x99, 0x02,
587 0x01, 0x00, 0x04, 0xB6, 0x01, 0x0C, 0x0E, 0x05, 0x02, 0x70, 0x28, 0xBF,
588 0x01, 0x03, 0x0E, 0x05, 0x02, 0x6B, 0x28, 0xBD, 0x26, 0x7A, 0x3E, 0x26,
589 0x01, 0x20, 0x10, 0x06, 0x02, 0x6B, 0x28, 0x40, 0x44, 0x11, 0x01, 0x01,
590 0x17, 0x05, 0x02, 0x6B, 0x28, 0xBF, 0x26, 0x01, 0x81, 0x05, 0x0F, 0x06,
591 0x02, 0x6B, 0x28, 0x26, 0x7C, 0x3E, 0x7B, 0x44, 0xB4, 0x90, 0x2C, 0x01,
592 0x86, 0x03, 0x10, 0x03, 0x00, 0x77, 0x2C, 0xC9, 0x03, 0x01, 0x01, 0x02,
593 0x03, 0x02, 0x02, 0x00, 0x06, 0x21, 0xBF, 0x26, 0x26, 0x01, 0x02, 0x0A,
594 0x44, 0x01, 0x06, 0x0F, 0x37, 0x06, 0x02, 0x6B, 0x28, 0x03, 0x02, 0xBF,
595 0x02, 0x01, 0x01, 0x01, 0x0B, 0x01, 0x03, 0x08, 0x0E, 0x05, 0x02, 0x6B,
596 0x28, 0x04, 0x08, 0x02, 0x01, 0x06, 0x04, 0x01, 0x00, 0x03, 0x02, 0xBD,
597 0x26, 0x03, 0x03, 0x26, 0x01, 0x84, 0x00, 0x0F, 0x06, 0x02, 0x6C, 0x28,
598 0x82, 0x44, 0xB4, 0x02, 0x02, 0x02, 0x01, 0x02, 0x03, 0x4E, 0x26, 0x06,
599 0x01, 0x28, 0x25, 0x99, 0x00, 0x02, 0x03, 0x00, 0x03, 0x01, 0x02, 0x00,
600 0x95, 0x02, 0x01, 0x02, 0x00, 0x39, 0x26, 0x01, 0x00, 0x0E, 0x06, 0x02,
601 0x5E, 0x00, 0xCD, 0x04, 0x74, 0x02, 0x01, 0x00, 0x03, 0x00, 0xBF, 0xA8,
602 0x26, 0x06, 0x80, 0x43, 0xBF, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x06, 0x25,
603 0x01, 0x81, 0x7F, 0x04, 0x2E, 0x01, 0x80, 0x40, 0x38, 0x0E, 0x06, 0x07,
604 0x25, 0x01, 0x83, 0xFE, 0x00, 0x04, 0x20, 0x01, 0x80, 0x41, 0x38, 0x0E,
605 0x06, 0x07, 0x25, 0x01, 0x84, 0x80, 0x00, 0x04, 0x12, 0x01, 0x80, 0x42,
606 0x38, 0x0E, 0x06, 0x07, 0x25, 0x01, 0x88, 0x80, 0x00, 0x04, 0x04, 0x01,
607 0x00, 0x44, 0x25, 0x02, 0x00, 0x37, 0x03, 0x00, 0x04, 0xFF, 0x39, 0x99,
608 0x77, 0x2C, 0xC7, 0x05, 0x09, 0x02, 0x00, 0x01, 0x83, 0xFF, 0x7F, 0x17,
609 0x03, 0x00, 0x90, 0x2C, 0x01, 0x86, 0x03, 0x10, 0x06, 0x3A, 0xB9, 0x26,
610 0x7F, 0x3D, 0x41, 0x25, 0x26, 0x01, 0x08, 0x0B, 0x37, 0x01, 0x8C, 0x80,
611 0x00, 0x37, 0x17, 0x02, 0x00, 0x17, 0x02, 0x00, 0x01, 0x8C, 0x80, 0x00,
612 0x17, 0x06, 0x19, 0x26, 0x01, 0x81, 0x7F, 0x17, 0x06, 0x05, 0x01, 0x84,
613 0x80, 0x00, 0x37, 0x26, 0x01, 0x83, 0xFE, 0x00, 0x17, 0x06, 0x05, 0x01,
614 0x88, 0x80, 0x00, 0x37, 0x03, 0x00, 0x04, 0x09, 0x02, 0x00, 0x01, 0x8C,
615 0x88, 0x01, 0x17, 0x03, 0x00, 0x16, 0xBD, 0xA8, 0x26, 0x06, 0x23, 0xBD,
616 0xA8, 0x26, 0x15, 0x26, 0x06, 0x18, 0x26, 0x01, 0x82, 0x00, 0x0F, 0x06,
617 0x05, 0x01, 0x82, 0x00, 0x04, 0x01, 0x26, 0x03, 0x01, 0x82, 0x02, 0x01,
618 0xB4, 0x02, 0x01, 0x12, 0x04, 0x65, 0x99, 0x13, 0x04, 0x5A, 0x99, 0x14,
619 0x99, 0x02, 0x00, 0x2A, 0x00, 0x00, 0xB7, 0x26, 0x58, 0x06, 0x07, 0x25,
620 0x06, 0x02, 0x64, 0x28, 0x04, 0x74, 0x00, 0x00, 0xC0, 0x01, 0x03, 0xBE,
621 0x44, 0x25, 0x44, 0x00, 0x00, 0xBD, 0xC4, 0x00, 0x03, 0x01, 0x00, 0x03,
622 0x00, 0xBD, 0xA8, 0x26, 0x06, 0x80, 0x50, 0xBF, 0x03, 0x01, 0xBF, 0x03,
623 0x02, 0x02, 0x01, 0x01, 0x08, 0x0E, 0x06, 0x16, 0x02, 0x02, 0x01, 0x0F,
624 0x0C, 0x06, 0x0D, 0x01, 0x01, 0x02, 0x02, 0x01, 0x10, 0x08, 0x0B, 0x02,
625 0x00, 0x37, 0x03, 0x00, 0x04, 0x2A, 0x02, 0x01, 0x01, 0x02, 0x10, 0x02,
626 0x01, 0x01, 0x06, 0x0C, 0x17, 0x02, 0x02, 0x01, 0x01, 0x0E, 0x02, 0x02,
627 0x01, 0x03, 0x0E, 0x37, 0x17, 0x06, 0x11, 0x02, 0x00, 0x01, 0x01, 0x02,
628 0x02, 0x5B, 0x01, 0x02, 0x0B, 0x02, 0x01, 0x08, 0x0B, 0x37, 0x03, 0x00,
629 0x04, 0xFF, 0x2C, 0x99, 0x02, 0x00, 0x00, 0x00, 0xBD, 0x01, 0x01, 0x0E,
630 0x05, 0x02, 0x63, 0x28, 0xBF, 0x01, 0x08, 0x08, 0x80, 0x2E, 0x0E, 0x05,
631 0x02, 0x63, 0x28, 0x00, 0x00, 0xBD, 0x86, 0x2E, 0x05, 0x15, 0x01, 0x01,
632 0x0E, 0x05, 0x02, 0x67, 0x28, 0xBF, 0x01, 0x00, 0x0E, 0x05, 0x02, 0x67,
633 0x28, 0x01, 0x02, 0x86, 0x3E, 0x04, 0x1C, 0x01, 0x19, 0x0E, 0x05, 0x02,
634 0x67, 0x28, 0xBF, 0x01, 0x18, 0x0E, 0x05, 0x02, 0x67, 0x28, 0x82, 0x01,
635 0x18, 0xB4, 0x87, 0x82, 0x01, 0x18, 0x30, 0x05, 0x02, 0x67, 0x28, 0x00,
636 0x00, 0xBD, 0x06, 0x02, 0x68, 0x28, 0x00, 0x00, 0x01, 0x02, 0x95, 0xC0,
637 0x01, 0x08, 0x0B, 0xC0, 0x08, 0x00, 0x00, 0x01, 0x03, 0x95, 0xC0, 0x01,
638 0x08, 0x0B, 0xC0, 0x08, 0x01, 0x08, 0x0B, 0xC0, 0x08, 0x00, 0x00, 0x01,
639 0x01, 0x95, 0xC0, 0x00, 0x00, 0x3A, 0x26, 0x56, 0x05, 0x01, 0x00, 0x25,
640 0xCD, 0x04, 0x76, 0x02, 0x03, 0x00, 0x8F, 0x2E, 0x03, 0x01, 0x01, 0x00,
641 0x26, 0x02, 0x01, 0x0A, 0x06, 0x10, 0x26, 0x01, 0x01, 0x0B, 0x8E, 0x08,
642 0x2C, 0x02, 0x00, 0x0E, 0x06, 0x01, 0x00, 0x5A, 0x04, 0x6A, 0x25, 0x01,
643 0x7F, 0x00, 0x00, 0x01, 0x15, 0x85, 0x3E, 0x44, 0x50, 0x25, 0x50, 0x25,
644 0x29, 0x00, 0x00, 0x01, 0x01, 0x44, 0xC2, 0x00, 0x00, 0x44, 0x38, 0x95,
645 0x44, 0x26, 0x06, 0x05, 0xC0, 0x25, 0x5B, 0x04, 0x78, 0x25, 0x00, 0x00,
646 0x26, 0x01, 0x81, 0xAC, 0x00, 0x0E, 0x06, 0x04, 0x25, 0x01, 0x7F, 0x00,
647 0x98, 0x57, 0x00, 0x02, 0x03, 0x00, 0x77, 0x2C, 0x98, 0x03, 0x01, 0x02,
648 0x01, 0x01, 0x0F, 0x17, 0x02, 0x01, 0x01, 0x04, 0x11, 0x01, 0x0F, 0x17,
649 0x02, 0x01, 0x01, 0x08, 0x11, 0x01, 0x0F, 0x17, 0x01, 0x00, 0x38, 0x0E,
650 0x06, 0x10, 0x25, 0x01, 0x00, 0x01, 0x18, 0x02, 0x00, 0x06, 0x03, 0x47,
651 0x04, 0x01, 0x48, 0x04, 0x80, 0x68, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x10,
652 0x25, 0x01, 0x01, 0x01, 0x10, 0x02, 0x00, 0x06, 0x03, 0x47, 0x04, 0x01,
653 0x48, 0x04, 0x80, 0x52, 0x01, 0x02, 0x38, 0x0E, 0x06, 0x0F, 0x25, 0x01,
654 0x01, 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x47, 0x04, 0x01, 0x48, 0x04,
655 0x3D, 0x01, 0x03, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x25, 0x01, 0x10, 0x02,
656 0x00, 0x06, 0x03, 0x45, 0x04, 0x01, 0x46, 0x04, 0x29, 0x01, 0x04, 0x38,
657 0x0E, 0x06, 0x0E, 0x25, 0x25, 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x45,
658 0x04, 0x01, 0x46, 0x04, 0x15, 0x01, 0x05, 0x38, 0x0E, 0x06, 0x0C, 0x25,
659 0x25, 0x02, 0x00, 0x06, 0x03, 0x49, 0x04, 0x01, 0x4A, 0x04, 0x03, 0x66,
660 0x28, 0x25, 0x00, 0x00, 0x98, 0x01, 0x0C, 0x11, 0x01, 0x02, 0x0F, 0x00,
661 0x00, 0x98, 0x01, 0x0C, 0x11, 0x26, 0x59, 0x44, 0x01, 0x03, 0x0A, 0x17,
662 0x00, 0x00, 0x98, 0x01, 0x0C, 0x11, 0x01, 0x01, 0x0E, 0x00, 0x00, 0x98,
663 0x01, 0x0C, 0x11, 0x58, 0x00, 0x00, 0x1B, 0x01, 0x00, 0x73, 0x2E, 0x26,
664 0x06, 0x22, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x06, 0x25, 0x01, 0x00, 0x9C,
665 0x04, 0x14, 0x01, 0x02, 0x38, 0x0E, 0x06, 0x0D, 0x25, 0x75, 0x2E, 0x01,
666 0x01, 0x0E, 0x06, 0x03, 0x01, 0x10, 0x37, 0x04, 0x01, 0x25, 0x04, 0x01,
667 0x25, 0x79, 0x2E, 0x05, 0x33, 0x2F, 0x06, 0x30, 0x84, 0x2E, 0x01, 0x14,
668 0x38, 0x0E, 0x06, 0x06, 0x25, 0x01, 0x02, 0x37, 0x04, 0x22, 0x01, 0x15,
669 0x38, 0x0E, 0x06, 0x09, 0x25, 0xAB, 0x06, 0x03, 0x01, 0x7F, 0x9C, 0x04,
670 0x13, 0x01, 0x16, 0x38, 0x0E, 0x06, 0x06, 0x25, 0x01, 0x01, 0x37, 0x04,
671 0x07, 0x25, 0x01, 0x04, 0x37, 0x01, 0x00, 0x25, 0x1A, 0x06, 0x03, 0x01,
672 0x08, 0x37, 0x00, 0x00, 0x1B, 0x26, 0x05, 0x13, 0x2F, 0x06, 0x10, 0x84,
673 0x2E, 0x01, 0x15, 0x0E, 0x06, 0x08, 0x25, 0xAB, 0x01, 0x00, 0x75, 0x3E,
674 0x04, 0x01, 0x20, 0x00, 0x00, 0xCB, 0x01, 0x07, 0x17, 0x01, 0x01, 0x0F,
675 0x06, 0x02, 0x70, 0x28, 0x00, 0x01, 0x03, 0x00, 0x29, 0x1A, 0x06, 0x05,
676 0x02, 0x00, 0x85, 0x3E, 0x00, 0xCB, 0x25, 0x04, 0x74, 0x00, 0x01, 0x14,
677 0xCE, 0x01, 0x01, 0xDB, 0x29, 0x26, 0x01, 0x00, 0xC6, 0x01, 0x16, 0xCE,
678 0xD4, 0x29, 0x00, 0x00, 0x01, 0x0B, 0xDB, 0x4C, 0x26, 0x26, 0x01, 0x03,
679 0x08, 0xDA, 0xDA, 0x18, 0x26, 0x56, 0x06, 0x02, 0x25, 0x00, 0xDA, 0x1D,
680 0x26, 0x06, 0x05, 0x82, 0x44, 0xD5, 0x04, 0x77, 0x25, 0x04, 0x6C, 0x00,
681 0x21, 0x01, 0x0F, 0xDB, 0x26, 0x90, 0x2C, 0x01, 0x86, 0x03, 0x10, 0x06,
682 0x0C, 0x01, 0x04, 0x08, 0xDA, 0x7E, 0x2E, 0xDB, 0x76, 0x2E, 0xDB, 0x04,
683 0x02, 0x5C, 0xDA, 0x26, 0xD9, 0x82, 0x44, 0xD5, 0x00, 0x02, 0xA2, 0xA4,
684 0x08, 0xA0, 0x08, 0xA3, 0x08, 0xA5, 0x08, 0xA1, 0x08, 0x27, 0x08, 0x03,
685 0x00, 0x01, 0x01, 0xDB, 0x01, 0x27, 0x8C, 0x2E, 0x08, 0x8F, 0x2E, 0x01,
686 0x01, 0x0B, 0x08, 0x02, 0x00, 0x06, 0x04, 0x5C, 0x02, 0x00, 0x08, 0x81,
687 0x2C, 0x38, 0x09, 0x26, 0x59, 0x06, 0x24, 0x02, 0x00, 0x05, 0x04, 0x44,
688 0x5C, 0x44, 0x5D, 0x01, 0x04, 0x09, 0x26, 0x56, 0x06, 0x03, 0x25, 0x01,
689 0x00, 0x26, 0x01, 0x04, 0x08, 0x02, 0x00, 0x08, 0x03, 0x00, 0x44, 0x01,
690 0x04, 0x08, 0x38, 0x08, 0x44, 0x04, 0x03, 0x25, 0x01, 0x7F, 0x03, 0x01,
691 0xDA, 0x92, 0x2C, 0xD9, 0x78, 0x01, 0x04, 0x19, 0x78, 0x01, 0x04, 0x08,
692 0x01, 0x1C, 0x32, 0x78, 0x01, 0x20, 0xD5, 0x8B, 0x8C, 0x2E, 0xD7, 0x8F,
693 0x2E, 0x26, 0x01, 0x01, 0x0B, 0xD9, 0x8E, 0x44, 0x26, 0x06, 0x0F, 0x5B,
694 0x38, 0x2C, 0x26, 0xC5, 0x05, 0x02, 0x60, 0x28, 0xD9, 0x44, 0x5C, 0x44,
695 0x04, 0x6E, 0x5E, 0x01, 0x01, 0xDB, 0x01, 0x00, 0xDB, 0x02, 0x00, 0x06,
696 0x81, 0x5A, 0x02, 0x00, 0xD9, 0xA2, 0x06, 0x0E, 0x01, 0x83, 0xFE, 0x01,
697 0xD9, 0x87, 0xA2, 0x01, 0x04, 0x09, 0x26, 0xD9, 0x5B, 0xD7, 0xA4, 0x06,
698 0x16, 0x01, 0x00, 0xD9, 0x89, 0xA4, 0x01, 0x04, 0x09, 0x26, 0xD9, 0x01,
699 0x02, 0x09, 0x26, 0xD9, 0x01, 0x00, 0xDB, 0x01, 0x03, 0x09, 0xD6, 0xA0,
700 0x06, 0x0C, 0x01, 0x01, 0xD9, 0x01, 0x01, 0xD9, 0x80, 0x2E, 0x01, 0x08,
701 0x09, 0xDB, 0xA3, 0x06, 0x19, 0x01, 0x0D, 0xD9, 0xA3, 0x01, 0x04, 0x09,
702 0x26, 0xD9, 0x01, 0x02, 0x09, 0xD9, 0x42, 0x06, 0x03, 0x01, 0x03, 0xD8,
703 0x43, 0x06, 0x03, 0x01, 0x01, 0xD8, 0xA5, 0x26, 0x06, 0x36, 0x01, 0x0A,
704 0xD9, 0x01, 0x04, 0x09, 0x26, 0xD9, 0x5D, 0xD9, 0x40, 0x01, 0x00, 0x26,
705 0x01, 0x82, 0x80, 0x80, 0x80, 0x00, 0x17, 0x06, 0x0A, 0x01, 0xFD, 0xFF,
706 0xFF, 0xFF, 0x7F, 0x17, 0x01, 0x1D, 0xD9, 0x26, 0x01, 0x20, 0x0A, 0x06,
707 0x0C, 0x9E, 0x11, 0x01, 0x01, 0x17, 0x06, 0x02, 0x26, 0xD9, 0x5A, 0x04,
708 0x6E, 0x5E, 0x04, 0x01, 0x25, 0xA1, 0x06, 0x0A, 0x01, 0x0B, 0xD9, 0x01,
709 0x02, 0xD9, 0x01, 0x82, 0x00, 0xD9, 0x27, 0x26, 0x06, 0x1F, 0x01, 0x10,
710 0xD9, 0x01, 0x04, 0x09, 0x26, 0xD9, 0x5D, 0xD9, 0x83, 0x2C, 0x01, 0x00,
711 0x9E, 0x0F, 0x06, 0x0A, 0x26, 0x1E, 0x26, 0xDB, 0x82, 0x44, 0xD5, 0x5A,
712 0x04, 0x72, 0x5E, 0x04, 0x01, 0x25, 0x02, 0x01, 0x56, 0x05, 0x11, 0x01,
713 0x15, 0xD9, 0x02, 0x01, 0x26, 0xD9, 0x26, 0x06, 0x06, 0x5B, 0x01, 0x00,
714 0xDB, 0x04, 0x77, 0x25, 0x00, 0x00, 0x01, 0x10, 0xDB, 0x77, 0x2C, 0x26,
715 0xCA, 0x06, 0x0C, 0xA9, 0x23, 0x26, 0x5C, 0xDA, 0x26, 0xD9, 0x82, 0x44,
716 0xD5, 0x04, 0x0D, 0x26, 0xC8, 0x44, 0xA9, 0x22, 0x26, 0x5A, 0xDA, 0x26,
717 0xDB, 0x82, 0x44, 0xD5, 0x00, 0x00, 0x9A, 0x01, 0x14, 0xDB, 0x01, 0x0C,
718 0xDA, 0x82, 0x01, 0x0C, 0xD5, 0x00, 0x00, 0x4F, 0x26, 0x01, 0x00, 0x0E,
719 0x06, 0x02, 0x5E, 0x00, 0xCB, 0x25, 0x04, 0x73, 0x00, 0x26, 0xD9, 0xD5,
720 0x00, 0x00, 0x26, 0xDB, 0xD5, 0x00, 0x01, 0x03, 0x00, 0x41, 0x25, 0x26,
721 0x01, 0x10, 0x17, 0x06, 0x06, 0x01, 0x04, 0xDB, 0x02, 0x00, 0xDB, 0x26,
722 0x01, 0x08, 0x17, 0x06, 0x06, 0x01, 0x03, 0xDB, 0x02, 0x00, 0xDB, 0x26,
723 0x01, 0x20, 0x17, 0x06, 0x06, 0x01, 0x05, 0xDB, 0x02, 0x00, 0xDB, 0x26,
724 0x01, 0x80, 0x40, 0x17, 0x06, 0x06, 0x01, 0x06, 0xDB, 0x02, 0x00, 0xDB,
725 0x01, 0x04, 0x17, 0x06, 0x06, 0x01, 0x02, 0xDB, 0x02, 0x00, 0xDB, 0x00,
726 0x00, 0x26, 0x01, 0x08, 0x4D, 0xDB, 0xDB, 0x00, 0x00, 0x26, 0x01, 0x10,
727 0x4D, 0xDB, 0xD9, 0x00, 0x00, 0x26, 0x50, 0x06, 0x02, 0x25, 0x00, 0xCB,
728 0x25, 0x04, 0x76
729 };
730
731 static const uint16_t t0_caddr[] = {
732 0,
733 5,
734 10,
735 15,
736 20,
737 25,
738 30,
739 35,
740 40,
741 44,
742 48,
743 52,
744 56,
745 60,
746 64,
747 68,
748 72,
749 76,
750 80,
751 84,
752 88,
753 92,
754 96,
755 100,
756 104,
757 108,
758 112,
759 116,
760 120,
761 124,
762 129,
763 134,
764 139,
765 144,
766 149,
767 154,
768 159,
769 164,
770 169,
771 174,
772 179,
773 184,
774 189,
775 194,
776 199,
777 204,
778 209,
779 214,
780 219,
781 224,
782 229,
783 234,
784 239,
785 244,
786 249,
787 254,
788 259,
789 264,
790 269,
791 274,
792 279,
793 284,
794 289,
795 294,
796 303,
797 316,
798 320,
799 345,
800 351,
801 370,
802 381,
803 422,
804 542,
805 546,
806 611,
807 626,
808 637,
809 655,
810 684,
811 694,
812 730,
813 740,
814 810,
815 824,
816 830,
817 889,
818 908,
819 943,
820 992,
821 1068,
822 1095,
823 1126,
824 1137,
825 1462,
826 1609,
827 1633,
828 1849,
829 1863,
830 1872,
831 1876,
832 1971,
833 1992,
834 2048,
835 2055,
836 2066,
837 2082,
838 2088,
839 2099,
840 2134,
841 2146,
842 2152,
843 2167,
844 2183,
845 2339,
846 2348,
847 2361,
848 2370,
849 2377,
850 2483,
851 2508,
852 2521,
853 2537,
854 2555,
855 2587,
856 2621,
857 2989,
858 3025,
859 3038,
860 3052,
861 3057,
862 3062,
863 3128,
864 3136,
865 3144
866 };
867
868 #define T0_INTERPRETED 86
869
870 #define T0_ENTER(ip, rp, slot) do { \
871 const unsigned char *t0_newip; \
872 uint32_t t0_lnum; \
873 t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \
874 t0_lnum = t0_parse7E_unsigned(&t0_newip); \
875 (rp) += t0_lnum; \
876 *((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \
877 (ip) = t0_newip; \
878 } while (0)
879
880 #define T0_DEFENTRY(name, slot) \
881 void \
882 name(void *ctx) \
883 { \
884 t0_context *t0ctx = ctx; \
885 t0ctx->ip = &t0_codeblock[0]; \
886 T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \
887 }
888
889 T0_DEFENTRY(br_ssl_hs_client_init_main, 167)
890
891 #define T0_NEXT(t0ipp) (*(*(t0ipp)) ++)
892
893 void
894 br_ssl_hs_client_run(void *t0ctx)
895 {
896 uint32_t *dp, *rp;
897 const unsigned char *ip;
898
899 #define T0_LOCAL(x) (*(rp - 2 - (x)))
900 #define T0_POP() (*-- dp)
901 #define T0_POPi() (*(int32_t *)(-- dp))
902 #define T0_PEEK(x) (*(dp - 1 - (x)))
903 #define T0_PEEKi(x) (*(int32_t *)(dp - 1 - (x)))
904 #define T0_PUSH(v) do { *dp = (v); dp ++; } while (0)
905 #define T0_PUSHi(v) do { *(int32_t *)dp = (v); dp ++; } while (0)
906 #define T0_RPOP() (*-- rp)
907 #define T0_RPOPi() (*(int32_t *)(-- rp))
908 #define T0_RPUSH(v) do { *rp = (v); rp ++; } while (0)
909 #define T0_RPUSHi(v) do { *(int32_t *)rp = (v); rp ++; } while (0)
910 #define T0_ROLL(x) do { \
911 size_t t0len = (size_t)(x); \
912 uint32_t t0tmp = *(dp - 1 - t0len); \
913 memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \
914 *(dp - 1) = t0tmp; \
915 } while (0)
916 #define T0_SWAP() do { \
917 uint32_t t0tmp = *(dp - 2); \
918 *(dp - 2) = *(dp - 1); \
919 *(dp - 1) = t0tmp; \
920 } while (0)
921 #define T0_ROT() do { \
922 uint32_t t0tmp = *(dp - 3); \
923 *(dp - 3) = *(dp - 2); \
924 *(dp - 2) = *(dp - 1); \
925 *(dp - 1) = t0tmp; \
926 } while (0)
927 #define T0_NROT() do { \
928 uint32_t t0tmp = *(dp - 1); \
929 *(dp - 1) = *(dp - 2); \
930 *(dp - 2) = *(dp - 3); \
931 *(dp - 3) = t0tmp; \
932 } while (0)
933 #define T0_PICK(x) do { \
934 uint32_t t0depth = (x); \
935 T0_PUSH(T0_PEEK(t0depth)); \
936 } while (0)
937 #define T0_CO() do { \
938 goto t0_exit; \
939 } while (0)
940 #define T0_RET() goto t0_next
941
942 dp = ((t0_context *)t0ctx)->dp;
943 rp = ((t0_context *)t0ctx)->rp;
944 ip = ((t0_context *)t0ctx)->ip;
945 goto t0_next;
946 for (;;) {
947 uint32_t t0x;
948
949 t0_next:
950 t0x = T0_NEXT(&ip);
951 if (t0x < T0_INTERPRETED) {
952 switch (t0x) {
953 int32_t t0off;
954
955 case 0: /* ret */
956 t0x = T0_RPOP();
957 rp -= (t0x >> 16);
958 t0x &= 0xFFFF;
959 if (t0x == 0) {
960 ip = NULL;
961 goto t0_exit;
962 }
963 ip = &t0_codeblock[t0x];
964 break;
965 case 1: /* literal constant */
966 T0_PUSHi(t0_parse7E_signed(&ip));
967 break;
968 case 2: /* read local */
969 T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip)));
970 break;
971 case 3: /* write local */
972 T0_LOCAL(t0_parse7E_unsigned(&ip)) = T0_POP();
973 break;
974 case 4: /* jump */
975 t0off = t0_parse7E_signed(&ip);
976 ip += t0off;
977 break;
978 case 5: /* jump if */
979 t0off = t0_parse7E_signed(&ip);
980 if (T0_POP()) {
981 ip += t0off;
982 }
983 break;
984 case 6: /* jump if not */
985 t0off = t0_parse7E_signed(&ip);
986 if (!T0_POP()) {
987 ip += t0off;
988 }
989 break;
990 case 7: {
991 /* * */
992
993 uint32_t b = T0_POP();
994 uint32_t a = T0_POP();
995 T0_PUSH(a * b);
996
997 }
998 break;
999 case 8: {
1000 /* + */
1001
1002 uint32_t b = T0_POP();
1003 uint32_t a = T0_POP();
1004 T0_PUSH(a + b);
1005
1006 }
1007 break;
1008 case 9: {
1009 /* - */
1010
1011 uint32_t b = T0_POP();
1012 uint32_t a = T0_POP();
1013 T0_PUSH(a - b);
1014
1015 }
1016 break;
1017 case 10: {
1018 /* < */
1019
1020 int32_t b = T0_POPi();
1021 int32_t a = T0_POPi();
1022 T0_PUSH(-(uint32_t)(a < b));
1023
1024 }
1025 break;
1026 case 11: {
1027 /* << */
1028
1029 int c = (int)T0_POPi();
1030 uint32_t x = T0_POP();
1031 T0_PUSH(x << c);
1032
1033 }
1034 break;
1035 case 12: {
1036 /* <= */
1037
1038 int32_t b = T0_POPi();
1039 int32_t a = T0_POPi();
1040 T0_PUSH(-(uint32_t)(a <= b));
1041
1042 }
1043 break;
1044 case 13: {
1045 /* <> */
1046
1047 uint32_t b = T0_POP();
1048 uint32_t a = T0_POP();
1049 T0_PUSH(-(uint32_t)(a != b));
1050
1051 }
1052 break;
1053 case 14: {
1054 /* = */
1055
1056 uint32_t b = T0_POP();
1057 uint32_t a = T0_POP();
1058 T0_PUSH(-(uint32_t)(a == b));
1059
1060 }
1061 break;
1062 case 15: {
1063 /* > */
1064
1065 int32_t b = T0_POPi();
1066 int32_t a = T0_POPi();
1067 T0_PUSH(-(uint32_t)(a > b));
1068
1069 }
1070 break;
1071 case 16: {
1072 /* >= */
1073
1074 int32_t b = T0_POPi();
1075 int32_t a = T0_POPi();
1076 T0_PUSH(-(uint32_t)(a >= b));
1077
1078 }
1079 break;
1080 case 17: {
1081 /* >> */
1082
1083 int c = (int)T0_POPi();
1084 int32_t x = T0_POPi();
1085 T0_PUSHi(x >> c);
1086
1087 }
1088 break;
1089 case 18: {
1090 /* anchor-dn-append-name */
1091
1092 size_t len;
1093
1094 len = T0_POP();
1095 if (CTX->client_auth_vtable != NULL) {
1096 (*CTX->client_auth_vtable)->append_name(
1097 CTX->client_auth_vtable, ENG->pad, len);
1098 }
1099
1100 }
1101 break;
1102 case 19: {
1103 /* anchor-dn-end-name */
1104
1105 if (CTX->client_auth_vtable != NULL) {
1106 (*CTX->client_auth_vtable)->end_name(
1107 CTX->client_auth_vtable);
1108 }
1109
1110 }
1111 break;
1112 case 20: {
1113 /* anchor-dn-end-name-list */
1114
1115 if (CTX->client_auth_vtable != NULL) {
1116 (*CTX->client_auth_vtable)->end_name_list(
1117 CTX->client_auth_vtable);
1118 }
1119
1120 }
1121 break;
1122 case 21: {
1123 /* anchor-dn-start-name */
1124
1125 size_t len;
1126
1127 len = T0_POP();
1128 if (CTX->client_auth_vtable != NULL) {
1129 (*CTX->client_auth_vtable)->start_name(
1130 CTX->client_auth_vtable, len);
1131 }
1132
1133 }
1134 break;
1135 case 22: {
1136 /* anchor-dn-start-name-list */
1137
1138 if (CTX->client_auth_vtable != NULL) {
1139 (*CTX->client_auth_vtable)->start_name_list(
1140 CTX->client_auth_vtable);
1141 }
1142
1143 }
1144 break;
1145 case 23: {
1146 /* and */
1147
1148 uint32_t b = T0_POP();
1149 uint32_t a = T0_POP();
1150 T0_PUSH(a & b);
1151
1152 }
1153 break;
1154 case 24: {
1155 /* begin-cert */
1156
1157 if (ENG->chain_len == 0) {
1158 T0_PUSHi(-1);
1159 } else {
1160 ENG->cert_cur = ENG->chain->data;
1161 ENG->cert_len = ENG->chain->data_len;
1162 ENG->chain ++;
1163 ENG->chain_len --;
1164 T0_PUSH(ENG->cert_len);
1165 }
1166
1167 }
1168 break;
1169 case 25: {
1170 /* bzero */
1171
1172 size_t len = (size_t)T0_POP();
1173 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
1174 memset(addr, 0, len);
1175
1176 }
1177 break;
1178 case 26: {
1179 /* can-output? */
1180
1181 T0_PUSHi(-(ENG->hlen_out > 0));
1182
1183 }
1184 break;
1185 case 27: {
1186 /* co */
1187 T0_CO();
1188 }
1189 break;
1190 case 28: {
1191 /* compute-Finished-inner */
1192
1193 int prf_id = T0_POP();
1194 int from_client = T0_POPi();
1195 unsigned char tmp[48];
1196 br_tls_prf_seed_chunk seed;
1197
1198 br_tls_prf_impl prf = br_ssl_engine_get_PRF(ENG, prf_id);
1199 seed.data = tmp;
1200 if (ENG->session.version >= BR_TLS12) {
1201 seed.len = br_multihash_out(&ENG->mhash, prf_id, tmp);
1202 } else {
1203 br_multihash_out(&ENG->mhash, br_md5_ID, tmp);
1204 br_multihash_out(&ENG->mhash, br_sha1_ID, tmp + 16);
1205 seed.len = 36;
1206 }
1207 prf(ENG->pad, 12, ENG->session.master_secret,
1208 sizeof ENG->session.master_secret,
1209 from_client ? "client finished" : "server finished",
1210 1, &seed);
1211
1212 }
1213 break;
1214 case 29: {
1215 /* copy-cert-chunk */
1216
1217 size_t clen;
1218
1219 clen = ENG->cert_len;
1220 if (clen > sizeof ENG->pad) {
1221 clen = sizeof ENG->pad;
1222 }
1223 memcpy(ENG->pad, ENG->cert_cur, clen);
1224 ENG->cert_cur += clen;
1225 ENG->cert_len -= clen;
1226 T0_PUSH(clen);
1227
1228 }
1229 break;
1230 case 30: {
1231 /* copy-protocol-name */
1232
1233 size_t idx = T0_POP();
1234 size_t len = strlen(ENG->protocol_names[idx]);
1235 memcpy(ENG->pad, ENG->protocol_names[idx], len);
1236 T0_PUSH(len);
1237
1238 }
1239 break;
1240 case 31: {
1241 /* data-get8 */
1242
1243 size_t addr = T0_POP();
1244 T0_PUSH(t0_datablock[addr]);
1245
1246 }
1247 break;
1248 case 32: {
1249 /* discard-input */
1250
1251 ENG->hlen_in = 0;
1252
1253 }
1254 break;
1255 case 33: {
1256 /* do-client-sign */
1257
1258 size_t sig_len;
1259
1260 sig_len = make_client_sign(CTX);
1261 if (sig_len == 0) {
1262 br_ssl_engine_fail(ENG, BR_ERR_INVALID_ALGORITHM);
1263 T0_CO();
1264 }
1265 T0_PUSH(sig_len);
1266
1267 }
1268 break;
1269 case 34: {
1270 /* do-ecdh */
1271
1272 unsigned prf_id = T0_POP();
1273 unsigned ecdhe = T0_POP();
1274 int x;
1275
1276 x = make_pms_ecdh(CTX, ecdhe, prf_id);
1277 if (x < 0) {
1278 br_ssl_engine_fail(ENG, -x);
1279 T0_CO();
1280 } else {
1281 T0_PUSH(x);
1282 }
1283
1284 }
1285 break;
1286 case 35: {
1287 /* do-rsa-encrypt */
1288
1289 int x;
1290
1291 x = make_pms_rsa(CTX, T0_POP());
1292 if (x < 0) {
1293 br_ssl_engine_fail(ENG, -x);
1294 T0_CO();
1295 } else {
1296 T0_PUSH(x);
1297 }
1298
1299 }
1300 break;
1301 case 36: {
1302 /* do-static-ecdh */
1303
1304 unsigned prf_id = T0_POP();
1305
1306 if (make_pms_static_ecdh(CTX, prf_id) < 0) {
1307 br_ssl_engine_fail(ENG, BR_ERR_INVALID_ALGORITHM);
1308 T0_CO();
1309 }
1310
1311 }
1312 break;
1313 case 37: {
1314 /* drop */
1315 (void)T0_POP();
1316 }
1317 break;
1318 case 38: {
1319 /* dup */
1320 T0_PUSH(T0_PEEK(0));
1321 }
1322 break;
1323 case 39: {
1324 /* ext-ALPN-length */
1325
1326 size_t u, len;
1327
1328 if (ENG->protocol_names_num == 0) {
1329 T0_PUSH(0);
1330 T0_RET();
1331 }
1332 len = 6;
1333 for (u = 0; u < ENG->protocol_names_num; u ++) {
1334 len += 1 + strlen(ENG->protocol_names[u]);
1335 }
1336 T0_PUSH(len);
1337
1338 }
1339 break;
1340 case 40: {
1341 /* fail */
1342
1343 br_ssl_engine_fail(ENG, (int)T0_POPi());
1344 T0_CO();
1345
1346 }
1347 break;
1348 case 41: {
1349 /* flush-record */
1350
1351 br_ssl_engine_flush_record(ENG);
1352
1353 }
1354 break;
1355 case 42: {
1356 /* get-client-chain */
1357
1358 uint32_t auth_types;
1359
1360 auth_types = T0_POP();
1361 if (CTX->client_auth_vtable != NULL) {
1362 br_ssl_client_certificate ux;
1363
1364 (*CTX->client_auth_vtable)->choose(CTX->client_auth_vtable,
1365 CTX, auth_types, &ux);
1366 CTX->auth_type = (unsigned char)ux.auth_type;
1367 CTX->hash_id = (unsigned char)ux.hash_id;
1368 ENG->chain = ux.chain;
1369 ENG->chain_len = ux.chain_len;
1370 } else {
1371 CTX->hash_id = 0;
1372 ENG->chain_len = 0;
1373 }
1374
1375 }
1376 break;
1377 case 43: {
1378 /* get-key-type-usages */
1379
1380 const br_x509_class *xc;
1381 const br_x509_pkey *pk;
1382 unsigned usages;
1383
1384 xc = *(ENG->x509ctx);
1385 pk = xc->get_pkey(ENG->x509ctx, &usages);
1386 if (pk == NULL) {
1387 T0_PUSH(0);
1388 } else {
1389 T0_PUSH(pk->key_type | usages);
1390 }
1391
1392 }
1393 break;
1394 case 44: {
1395 /* get16 */
1396
1397 size_t addr = (size_t)T0_POP();
1398 T0_PUSH(*(uint16_t *)((unsigned char *)ENG + addr));
1399
1400 }
1401 break;
1402 case 45: {
1403 /* get32 */
1404
1405 size_t addr = (size_t)T0_POP();
1406 T0_PUSH(*(uint32_t *)((unsigned char *)ENG + addr));
1407
1408 }
1409 break;
1410 case 46: {
1411 /* get8 */
1412
1413 size_t addr = (size_t)T0_POP();
1414 T0_PUSH(*((unsigned char *)ENG + addr));
1415
1416 }
1417 break;
1418 case 47: {
1419 /* has-input? */
1420
1421 T0_PUSHi(-(ENG->hlen_in != 0));
1422
1423 }
1424 break;
1425 case 48: {
1426 /* memcmp */
1427
1428 size_t len = (size_t)T0_POP();
1429 void *addr2 = (unsigned char *)ENG + (size_t)T0_POP();
1430 void *addr1 = (unsigned char *)ENG + (size_t)T0_POP();
1431 int x = memcmp(addr1, addr2, len);
1432 T0_PUSH((uint32_t)-(x == 0));
1433
1434 }
1435 break;
1436 case 49: {
1437 /* memcpy */
1438
1439 size_t len = (size_t)T0_POP();
1440 void *src = (unsigned char *)ENG + (size_t)T0_POP();
1441 void *dst = (unsigned char *)ENG + (size_t)T0_POP();
1442 memcpy(dst, src, len);
1443
1444 }
1445 break;
1446 case 50: {
1447 /* mkrand */
1448
1449 size_t len = (size_t)T0_POP();
1450 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
1451 br_hmac_drbg_generate(&ENG->rng, addr, len);
1452
1453 }
1454 break;
1455 case 51: {
1456 /* more-incoming-bytes? */
1457
1458 T0_PUSHi(ENG->hlen_in != 0 || !br_ssl_engine_recvrec_finished(ENG));
1459
1460 }
1461 break;
1462 case 52: {
1463 /* multihash-init */
1464
1465 br_multihash_init(&ENG->mhash);
1466
1467 }
1468 break;
1469 case 53: {
1470 /* neg */
1471
1472 uint32_t a = T0_POP();
1473 T0_PUSH(-a);
1474
1475 }
1476 break;
1477 case 54: {
1478 /* not */
1479
1480 uint32_t a = T0_POP();
1481 T0_PUSH(~a);
1482
1483 }
1484 break;
1485 case 55: {
1486 /* or */
1487
1488 uint32_t b = T0_POP();
1489 uint32_t a = T0_POP();
1490 T0_PUSH(a | b);
1491
1492 }
1493 break;
1494 case 56: {
1495 /* over */
1496 T0_PUSH(T0_PEEK(1));
1497 }
1498 break;
1499 case 57: {
1500 /* read-chunk-native */
1501
1502 size_t clen = ENG->hlen_in;
1503 if (clen > 0) {
1504 uint32_t addr, len;
1505
1506 len = T0_POP();
1507 addr = T0_POP();
1508 if ((size_t)len < clen) {
1509 clen = (size_t)len;
1510 }
1511 memcpy((unsigned char *)ENG + addr, ENG->hbuf_in, clen);
1512 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1513 br_multihash_update(&ENG->mhash, ENG->hbuf_in, clen);
1514 }
1515 T0_PUSH(addr + (uint32_t)clen);
1516 T0_PUSH(len - (uint32_t)clen);
1517 ENG->hbuf_in += clen;
1518 ENG->hlen_in -= clen;
1519 }
1520
1521 }
1522 break;
1523 case 58: {
1524 /* read8-native */
1525
1526 if (ENG->hlen_in > 0) {
1527 unsigned char x;
1528
1529 x = *ENG->hbuf_in ++;
1530 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1531 br_multihash_update(&ENG->mhash, &x, 1);
1532 }
1533 T0_PUSH(x);
1534 ENG->hlen_in --;
1535 } else {
1536 T0_PUSHi(-1);
1537 }
1538
1539 }
1540 break;
1541 case 59: {
1542 /* set-server-curve */
1543
1544 const br_x509_class *xc;
1545 const br_x509_pkey *pk;
1546
1547 xc = *(ENG->x509ctx);
1548 pk = xc->get_pkey(ENG->x509ctx, NULL);
1549 CTX->server_curve =
1550 (pk->key_type == BR_KEYTYPE_EC) ? pk->key.ec.curve : 0;
1551
1552 }
1553 break;
1554 case 60: {
1555 /* set16 */
1556
1557 size_t addr = (size_t)T0_POP();
1558 *(uint16_t *)((unsigned char *)ENG + addr) = (uint16_t)T0_POP();
1559
1560 }
1561 break;
1562 case 61: {
1563 /* set32 */
1564
1565 size_t addr = (size_t)T0_POP();
1566 *(uint32_t *)((unsigned char *)ENG + addr) = (uint32_t)T0_POP();
1567
1568 }
1569 break;
1570 case 62: {
1571 /* set8 */
1572
1573 size_t addr = (size_t)T0_POP();
1574 *((unsigned char *)ENG + addr) = (unsigned char)T0_POP();
1575
1576 }
1577 break;
1578 case 63: {
1579 /* strlen */
1580
1581 void *str = (unsigned char *)ENG + (size_t)T0_POP();
1582 T0_PUSH((uint32_t)strlen(str));
1583
1584 }
1585 break;
1586 case 64: {
1587 /* supported-curves */
1588
1589 uint32_t x = ENG->iec == NULL ? 0 : ENG->iec->supported_curves;
1590 T0_PUSH(x);
1591
1592 }
1593 break;
1594 case 65: {
1595 /* supported-hash-functions */
1596
1597 int i;
1598 unsigned x, num;
1599
1600 x = 0;
1601 num = 0;
1602 for (i = br_sha1_ID; i <= br_sha512_ID; i ++) {
1603 if (br_multihash_getimpl(&ENG->mhash, i)) {
1604 x |= 1U << i;
1605 num ++;
1606 }
1607 }
1608 T0_PUSH(x);
1609 T0_PUSH(num);
1610
1611 }
1612 break;
1613 case 66: {
1614 /* supports-ecdsa? */
1615
1616 T0_PUSHi(-(ENG->iecdsa != 0));
1617
1618 }
1619 break;
1620 case 67: {
1621 /* supports-rsa-sign? */
1622
1623 T0_PUSHi(-(ENG->irsavrfy != 0));
1624
1625 }
1626 break;
1627 case 68: {
1628 /* swap */
1629 T0_SWAP();
1630 }
1631 break;
1632 case 69: {
1633 /* switch-aesgcm-in */
1634
1635 int is_client, prf_id;
1636 unsigned cipher_key_len;
1637
1638 cipher_key_len = T0_POP();
1639 prf_id = T0_POP();
1640 is_client = T0_POP();
1641 br_ssl_engine_switch_gcm_in(ENG, is_client, prf_id,
1642 ENG->iaes_ctr, cipher_key_len);
1643
1644 }
1645 break;
1646 case 70: {
1647 /* switch-aesgcm-out */
1648
1649 int is_client, prf_id;
1650 unsigned cipher_key_len;
1651
1652 cipher_key_len = T0_POP();
1653 prf_id = T0_POP();
1654 is_client = T0_POP();
1655 br_ssl_engine_switch_gcm_out(ENG, is_client, prf_id,
1656 ENG->iaes_ctr, cipher_key_len);
1657
1658 }
1659 break;
1660 case 71: {
1661 /* switch-cbc-in */
1662
1663 int is_client, prf_id, mac_id, aes;
1664 unsigned cipher_key_len;
1665
1666 cipher_key_len = T0_POP();
1667 aes = T0_POP();
1668 mac_id = T0_POP();
1669 prf_id = T0_POP();
1670 is_client = T0_POP();
1671 br_ssl_engine_switch_cbc_in(ENG, is_client, prf_id, mac_id,
1672 aes ? ENG->iaes_cbcdec : ENG->ides_cbcdec, cipher_key_len);
1673
1674 }
1675 break;
1676 case 72: {
1677 /* switch-cbc-out */
1678
1679 int is_client, prf_id, mac_id, aes;
1680 unsigned cipher_key_len;
1681
1682 cipher_key_len = T0_POP();
1683 aes = T0_POP();
1684 mac_id = T0_POP();
1685 prf_id = T0_POP();
1686 is_client = T0_POP();
1687 br_ssl_engine_switch_cbc_out(ENG, is_client, prf_id, mac_id,
1688 aes ? ENG->iaes_cbcenc : ENG->ides_cbcenc, cipher_key_len);
1689
1690 }
1691 break;
1692 case 73: {
1693 /* switch-chapol-in */
1694
1695 int is_client, prf_id;
1696
1697 prf_id = T0_POP();
1698 is_client = T0_POP();
1699 br_ssl_engine_switch_chapol_in(ENG, is_client, prf_id);
1700
1701 }
1702 break;
1703 case 74: {
1704 /* switch-chapol-out */
1705
1706 int is_client, prf_id;
1707
1708 prf_id = T0_POP();
1709 is_client = T0_POP();
1710 br_ssl_engine_switch_chapol_out(ENG, is_client, prf_id);
1711
1712 }
1713 break;
1714 case 75: {
1715 /* test-protocol-name */
1716
1717 size_t len = T0_POP();
1718 size_t u;
1719
1720 for (u = 0; u < ENG->protocol_names_num; u ++) {
1721 const char *name;
1722
1723 name = ENG->protocol_names[u];
1724 if (len == strlen(name) && memcmp(ENG->pad, name, len) == 0) {
1725 T0_PUSH(u);
1726 T0_RET();
1727 }
1728 }
1729 T0_PUSHi(-1);
1730
1731 }
1732 break;
1733 case 76: {
1734 /* total-chain-length */
1735
1736 size_t u;
1737 uint32_t total;
1738
1739 total = 0;
1740 for (u = 0; u < ENG->chain_len; u ++) {
1741 total += 3 + (uint32_t)ENG->chain[u].data_len;
1742 }
1743 T0_PUSH(total);
1744
1745 }
1746 break;
1747 case 77: {
1748 /* u>> */
1749
1750 int c = (int)T0_POPi();
1751 uint32_t x = T0_POP();
1752 T0_PUSH(x >> c);
1753
1754 }
1755 break;
1756 case 78: {
1757 /* verify-SKE-sig */
1758
1759 size_t sig_len = T0_POP();
1760 int use_rsa = T0_POPi();
1761 int hash = T0_POPi();
1762
1763 T0_PUSH(verify_SKE_sig(CTX, hash, use_rsa, sig_len));
1764
1765 }
1766 break;
1767 case 79: {
1768 /* write-blob-chunk */
1769
1770 size_t clen = ENG->hlen_out;
1771 if (clen > 0) {
1772 uint32_t addr, len;
1773
1774 len = T0_POP();
1775 addr = T0_POP();
1776 if ((size_t)len < clen) {
1777 clen = (size_t)len;
1778 }
1779 memcpy(ENG->hbuf_out, (unsigned char *)ENG + addr, clen);
1780 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1781 br_multihash_update(&ENG->mhash, ENG->hbuf_out, clen);
1782 }
1783 T0_PUSH(addr + (uint32_t)clen);
1784 T0_PUSH(len - (uint32_t)clen);
1785 ENG->hbuf_out += clen;
1786 ENG->hlen_out -= clen;
1787 }
1788
1789 }
1790 break;
1791 case 80: {
1792 /* write8-native */
1793
1794 unsigned char x;
1795
1796 x = (unsigned char)T0_POP();
1797 if (ENG->hlen_out > 0) {
1798 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1799 br_multihash_update(&ENG->mhash, &x, 1);
1800 }
1801 *ENG->hbuf_out ++ = x;
1802 ENG->hlen_out --;
1803 T0_PUSHi(-1);
1804 } else {
1805 T0_PUSHi(0);
1806 }
1807
1808 }
1809 break;
1810 case 81: {
1811 /* x509-append */
1812
1813 const br_x509_class *xc;
1814 size_t len;
1815
1816 xc = *(ENG->x509ctx);
1817 len = T0_POP();
1818 xc->append(ENG->x509ctx, ENG->pad, len);
1819
1820 }
1821 break;
1822 case 82: {
1823 /* x509-end-cert */
1824
1825 const br_x509_class *xc;
1826
1827 xc = *(ENG->x509ctx);
1828 xc->end_cert(ENG->x509ctx);
1829
1830 }
1831 break;
1832 case 83: {
1833 /* x509-end-chain */
1834
1835 const br_x509_class *xc;
1836
1837 xc = *(ENG->x509ctx);
1838 T0_PUSH(xc->end_chain(ENG->x509ctx));
1839
1840 }
1841 break;
1842 case 84: {
1843 /* x509-start-cert */
1844
1845 const br_x509_class *xc;
1846
1847 xc = *(ENG->x509ctx);
1848 xc->start_cert(ENG->x509ctx, T0_POP());
1849
1850 }
1851 break;
1852 case 85: {
1853 /* x509-start-chain */
1854
1855 const br_x509_class *xc;
1856 uint32_t bc;
1857
1858 bc = T0_POP();
1859 xc = *(ENG->x509ctx);
1860 xc->start_chain(ENG->x509ctx, bc ? ENG->server_name : NULL);
1861
1862 }
1863 break;
1864 }
1865
1866 } else {
1867 T0_ENTER(ip, rp, t0x);
1868 }
1869 }
1870 t0_exit:
1871 ((t0_context *)t0ctx)->dp = dp;
1872 ((t0_context *)t0ctx)->rp = rp;
1873 ((t0_context *)t0ctx)->ip = ip;
1874 }
The BearSSL library and tools.