projects / BearSSL / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
New experimental EC implementation (P-256, only 32-bit multiplications, meant for...
[BearSSL] / src / ssl / ssl_hs_client.c
1 /* Automatically generated code; do not modify directly. */
2
3 #include <stddef.h>
4 #include <stdint.h>
5
6 typedef struct {
7 uint32_t *dp;
8 uint32_t *rp;
9 const unsigned char *ip;
10 } t0_context;
11
12 static uint32_t
13 t0_parse7E_unsigned(const unsigned char **p)
14 {
15 uint32_t x;
16
17 x = 0;
18 for (;;) {
19 unsigned y;
20
21 y = *(*p) ++;
22 x = (x << 7) | (uint32_t)(y & 0x7F);
23 if (y < 0x80) {
24 return x;
25 }
26 }
27 }
28
29 static int32_t
30 t0_parse7E_signed(const unsigned char **p)
31 {
32 int neg;
33 uint32_t x;
34
35 neg = ((**p) >> 6) & 1;
36 x = (uint32_t)-neg;
37 for (;;) {
38 unsigned y;
39
40 y = *(*p) ++;
41 x = (x << 7) | (uint32_t)(y & 0x7F);
42 if (y < 0x80) {
43 if (neg) {
44 return -(int32_t)~x - 1;
45 } else {
46 return (int32_t)x;
47 }
48 }
49 }
50 }
51
52 #define T0_VBYTE(x, n) (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) | 0x80)
53 #define T0_FBYTE(x, n) (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)
54 #define T0_SBYTE(x) (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)
55 #define T0_INT1(x) T0_FBYTE(x, 0)
56 #define T0_INT2(x) T0_VBYTE(x, 7), T0_FBYTE(x, 0)
57 #define T0_INT3(x) T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
58 #define T0_INT4(x) T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
59 #define T0_INT5(x) T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
60
61 static const uint8_t t0_datablock[];
62
63
64 void br_ssl_hs_client_init_main(void *t0ctx);
65
66 void br_ssl_hs_client_run(void *t0ctx);
67
68
69
70 #include <stddef.h>
71 #include <string.h>
72
73 #include "inner.h"
74
75 /*
76 * This macro evaluates to a pointer to the current engine context.
77 */
78 #define ENG ((br_ssl_engine_context *)((unsigned char *)t0ctx - offsetof(br_ssl_engine_context, cpu)))
79
80
81
82
83
84 /*
85 * This macro evaluates to a pointer to the client context, under that
86 * specific name. It must be noted that since the engine context is the
87 * first field of the br_ssl_client_context structure ('eng'), then
88 * pointers values of both types are interchangeable, modulo an
89 * appropriate cast. This also means that "adresses" computed as offsets
90 * within the structure work for both kinds of context.
91 */
92 #define CTX ((br_ssl_client_context *)ENG)
93
94 /*
95 * Generate the pre-master secret for RSA key exchange, and encrypt it
96 * with the server's public key. Returned value is either the encrypted
97 * data length (in bytes), or -x on error, with 'x' being an error code.
98 *
99 * This code assumes that the public key has been already verified (it
100 * was properly obtained by the X.509 engine, and it has the right type,
101 * i.e. it is of type RSA and suitable for encryption).
102 */
103 static int
104 make_pms_rsa(br_ssl_client_context *ctx, int prf_id)
105 {
106 const br_x509_class **xc;
107 const br_x509_pkey *pk;
108 const unsigned char *n;
109 unsigned char *pms;
110 size_t nlen, u;
111
112 xc = ctx->eng.x509ctx;
113 pk = (*xc)->get_pkey(xc, NULL);
114
115 /*
116 * Compute actual RSA key length, in case there are leading zeros.
117 */
118 n = pk->key.rsa.n;
119 nlen = pk->key.rsa.nlen;
120 while (nlen > 0 && *n == 0) {
121 n ++;
122 nlen --;
123 }
124
125 /*
126 * We need at least 59 bytes (48 bytes for pre-master secret, and
127 * 11 bytes for the PKCS#1 type 2 padding). Note that the X.509
128 * minimal engine normally blocks RSA keys shorter than 128 bytes,
129 * so this is mostly for public keys provided explicitly by the
130 * caller.
131 */
132 if (nlen < 59) {
133 return -BR_ERR_X509_WEAK_PUBLIC_KEY;
134 }
135 if (nlen > sizeof ctx->eng.pad) {
136 return -BR_ERR_LIMIT_EXCEEDED;
137 }
138
139 /*
140 * Make PMS.
141 */
142 pms = ctx->eng.pad + nlen - 48;
143 br_enc16be(pms, ctx->eng.version_max);
144 br_hmac_drbg_generate(&ctx->eng.rng, pms + 2, 46);
145 br_ssl_engine_compute_master(&ctx->eng, prf_id, pms, 48);
146
147 /*
148 * Apply PKCS#1 type 2 padding.
149 */
150 ctx->eng.pad[0] = 0x00;
151 ctx->eng.pad[1] = 0x02;
152 ctx->eng.pad[nlen - 49] = 0x00;
153 br_hmac_drbg_generate(&ctx->eng.rng, ctx->eng.pad + 2, nlen - 51);
154 for (u = 2; u < nlen - 49; u ++) {
155 while (ctx->eng.pad[u] == 0) {
156 br_hmac_drbg_generate(&ctx->eng.rng,
157 &ctx->eng.pad[u], 1);
158 }
159 }
160
161 /*
162 * Compute RSA encryption.
163 */
164 if (!ctx->irsapub(ctx->eng.pad, nlen, &pk->key.rsa)) {
165 return -BR_ERR_LIMIT_EXCEEDED;
166 }
167 return (int)nlen;
168 }
169
170 /*
171 * OID for hash functions in RSA signatures.
172 */
173 static const unsigned char HASH_OID_SHA1[] = {
174 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A
175 };
176
177 static const unsigned char HASH_OID_SHA224[] = {
178 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04
179 };
180
181 static const unsigned char HASH_OID_SHA256[] = {
182 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01
183 };
184
185 static const unsigned char HASH_OID_SHA384[] = {
186 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02
187 };
188
189 static const unsigned char HASH_OID_SHA512[] = {
190 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03
191 };
192
193 static const unsigned char *HASH_OID[] = {
194 HASH_OID_SHA1,
195 HASH_OID_SHA224,
196 HASH_OID_SHA256,
197 HASH_OID_SHA384,
198 HASH_OID_SHA512
199 };
200
201 /*
202 * Check the RSA signature on the ServerKeyExchange message.
203 *
204 * hash hash function ID (2 to 6), or 0 for MD5+SHA-1 (with RSA only)
205 * use_rsa non-zero for RSA signature, zero for ECDSA
206 * sig_len signature length (in bytes); signature value is in the pad
207 *
208 * Returned value is 0 on success, or an error code.
209 */
210 static int
211 verify_SKE_sig(br_ssl_client_context *ctx,
212 int hash, int use_rsa, size_t sig_len)
213 {
214 const br_x509_class **xc;
215 const br_x509_pkey *pk;
216 br_multihash_context mhc;
217 unsigned char hv[64], head[4];
218 size_t hv_len;
219
220 xc = ctx->eng.x509ctx;
221 pk = (*xc)->get_pkey(xc, NULL);
222 br_multihash_zero(&mhc);
223 br_multihash_copyimpl(&mhc, &ctx->eng.mhash);
224 br_multihash_init(&mhc);
225 br_multihash_update(&mhc,
226 ctx->eng.client_random, sizeof ctx->eng.client_random);
227 br_multihash_update(&mhc,
228 ctx->eng.server_random, sizeof ctx->eng.server_random);
229 head[0] = 3;
230 head[1] = 0;
231 head[2] = ctx->eng.ecdhe_curve;
232 head[3] = ctx->eng.ecdhe_point_len;
233 br_multihash_update(&mhc, head, sizeof head);
234 br_multihash_update(&mhc,
235 ctx->eng.ecdhe_point, ctx->eng.ecdhe_point_len);
236 if (hash) {
237 hv_len = br_multihash_out(&mhc, hash, hv);
238 if (hv_len == 0) {
239 return BR_ERR_INVALID_ALGORITHM;
240 }
241 } else {
242 if (!br_multihash_out(&mhc, br_md5_ID, hv)
243 || !br_multihash_out(&mhc, br_sha1_ID, hv + 16))
244 {
245 return BR_ERR_INVALID_ALGORITHM;
246 }
247 hv_len = 36;
248 }
249 if (use_rsa) {
250 unsigned char tmp[64];
251 const unsigned char *hash_oid;
252
253 if (hash) {
254 hash_oid = HASH_OID[hash - 2];
255 } else {
256 hash_oid = NULL;
257 }
258 if (!ctx->eng.irsavrfy(ctx->eng.pad, sig_len,
259 hash_oid, hv_len, &pk->key.rsa, tmp)
260 || memcmp(tmp, hv, hv_len) != 0)
261 {
262 return BR_ERR_BAD_SIGNATURE;
263 }
264 } else {
265 if (!ctx->eng.iecdsa(ctx->eng.iec, hv, hv_len, &pk->key.ec,
266 ctx->eng.pad, sig_len))
267 {
268 return BR_ERR_BAD_SIGNATURE;
269 }
270 }
271 return 0;
272 }
273
274 /*
275 * Perform client-side ECDH (or ECDHE). The point that should be sent to
276 * the server is written in the pad; returned value is either the point
277 * length (in bytes), or -x on error, with 'x' being an error code.
278 *
279 * The point _from_ the server is taken from ecdhe_point[] if 'ecdhe'
280 * is non-zero, or from the X.509 engine context if 'ecdhe' is zero
281 * (for static ECDH).
282 */
283 static int
284 make_pms_ecdh(br_ssl_client_context *ctx, unsigned ecdhe, int prf_id)
285 {
286 int curve;
287 unsigned char key[66], point[133];
288 const unsigned char *generator, *order, *point_src;
289 size_t glen, olen, point_len;
290 unsigned char mask;
291
292 if (ecdhe) {
293 curve = ctx->eng.ecdhe_curve;
294 point_src = ctx->eng.ecdhe_point;
295 point_len = ctx->eng.ecdhe_point_len;
296 } else {
297 const br_x509_class **xc;
298 const br_x509_pkey *pk;
299
300 xc = ctx->eng.x509ctx;
301 pk = (*xc)->get_pkey(xc, NULL);
302 curve = pk->key.ec.curve;
303 point_src = pk->key.ec.q;
304 point_len = pk->key.ec.qlen;
305 }
306 if ((ctx->eng.iec->supported_curves & ((uint32_t)1 << curve)) == 0) {
307 return -BR_ERR_INVALID_ALGORITHM;
308 }
309
310 /*
311 * We need to generate our key, as a non-zero random value which
312 * is lower than the curve order, in a "large enough" range. We
313 * force top bit to 0 and bottom bit to 1, which guarantees that
314 * the value is in the proper range.
315 */
316 order = ctx->eng.iec->order(curve, &olen);
317 mask = 0xFF;
318 while (mask >= order[0]) {
319 mask >>= 1;
320 }
321 br_hmac_drbg_generate(&ctx->eng.rng, key, olen);
322 key[0] &= mask;
323 key[olen - 1] |= 0x01;
324
325 /*
326 * Compute the common ECDH point, whose X coordinate is the
327 * pre-master secret.
328 */
329 generator = ctx->eng.iec->generator(curve, &glen);
330 if (glen != point_len) {
331 return -BR_ERR_INVALID_ALGORITHM;
332 }
333
334 memcpy(point, point_src, glen);
335 if (!ctx->eng.iec->mul(point, glen, key, olen, curve)) {
336 return -BR_ERR_INVALID_ALGORITHM;
337 }
338
339 /*
340 * The pre-master secret is the X coordinate.
341 */
342 br_ssl_engine_compute_master(&ctx->eng, prf_id, point + 1, glen >> 1);
343
344 memcpy(point, generator, glen);
345 if (!ctx->eng.iec->mul(point, glen, key, olen, curve)) {
346 return -BR_ERR_INVALID_ALGORITHM;
347 }
348 memcpy(ctx->eng.pad, point, glen);
349 return (int)glen;
350 }
351
352 /*
353 * Perform full static ECDH. This occurs only in the context of client
354 * authentication with certificates: the server uses an EC public key,
355 * the cipher suite is of type ECDH (not ECDHE), the server requested a
356 * client certificate and accepts static ECDH, the client has a
357 * certificate with an EC public key in the same curve, and accepts
358 * static ECDH as well.
359 *
360 * Returned value is 0 on success, -1 on error.
361 */
362 static int
363 make_pms_static_ecdh(br_ssl_client_context *ctx, int prf_id)
364 {
365 unsigned char point[133];
366 size_t point_len;
367 const br_x509_class **xc;
368 const br_x509_pkey *pk;
369
370 xc = ctx->eng.x509ctx;
371 pk = (*xc)->get_pkey(xc, NULL);
372 point_len = pk->key.ec.qlen;
373 if (point_len > sizeof point) {
374 return -1;
375 }
376 memcpy(point, pk->key.ec.q, point_len);
377 if (!(*ctx->client_auth_vtable)->do_keyx(
378 ctx->client_auth_vtable, point, point_len))
379 {
380 return -1;
381 }
382 br_ssl_engine_compute_master(&ctx->eng,
383 prf_id, point + 1, point_len >> 1);
384 return 0;
385 }
386
387 /*
388 * Compute the client-side signature. This is invoked only when a
389 * signature-based client authentication was selected. The computed
390 * signature is in the pad; its length (in bytes) is returned. On
391 * error, 0 is returned.
392 */
393 static size_t
394 make_client_sign(br_ssl_client_context *ctx)
395 {
396 size_t hv_len;
397
398 /*
399 * Compute hash of handshake messages so far. This "cannot" fail
400 * because the list of supported hash functions provided to the
401 * client certificate handler was trimmed to include only the
402 * hash functions that the multi-hasher supports.
403 */
404 if (ctx->hash_id) {
405 hv_len = br_multihash_out(&ctx->eng.mhash,
406 ctx->hash_id, ctx->eng.pad);
407 } else {
408 br_multihash_out(&ctx->eng.mhash,
409 br_md5_ID, ctx->eng.pad);
410 br_multihash_out(&ctx->eng.mhash,
411 br_sha1_ID, ctx->eng.pad + 16);
412 hv_len = 36;
413 }
414 return (*ctx->client_auth_vtable)->do_sign(
415 ctx->client_auth_vtable, ctx->hash_id, hv_len,
416 ctx->eng.pad, sizeof ctx->eng.pad);
417 }
418
419
420
421 static const uint8_t t0_datablock[] = {
422 0x00, 0x00, 0x0A, 0x00, 0x24, 0x00, 0x2F, 0x01, 0x24, 0x00, 0x35, 0x02,
423 0x24, 0x00, 0x3C, 0x01, 0x44, 0x00, 0x3D, 0x02, 0x44, 0x00, 0x9C, 0x03,
424 0x04, 0x00, 0x9D, 0x04, 0x05, 0xC0, 0x03, 0x40, 0x24, 0xC0, 0x04, 0x41,
425 0x24, 0xC0, 0x05, 0x42, 0x24, 0xC0, 0x08, 0x20, 0x24, 0xC0, 0x09, 0x21,
426 0x24, 0xC0, 0x0A, 0x22, 0x24, 0xC0, 0x0D, 0x30, 0x24, 0xC0, 0x0E, 0x31,
427 0x24, 0xC0, 0x0F, 0x32, 0x24, 0xC0, 0x12, 0x10, 0x24, 0xC0, 0x13, 0x11,
428 0x24, 0xC0, 0x14, 0x12, 0x24, 0xC0, 0x23, 0x21, 0x44, 0xC0, 0x24, 0x22,
429 0x55, 0xC0, 0x25, 0x41, 0x44, 0xC0, 0x26, 0x42, 0x55, 0xC0, 0x27, 0x11,
430 0x44, 0xC0, 0x28, 0x12, 0x55, 0xC0, 0x29, 0x31, 0x44, 0xC0, 0x2A, 0x32,
431 0x55, 0xC0, 0x2B, 0x23, 0x04, 0xC0, 0x2C, 0x24, 0x05, 0xC0, 0x2D, 0x43,
432 0x04, 0xC0, 0x2E, 0x44, 0x05, 0xC0, 0x2F, 0x13, 0x04, 0xC0, 0x30, 0x14,
433 0x05, 0xC0, 0x31, 0x33, 0x04, 0xC0, 0x32, 0x34, 0x05, 0xCC, 0xA8, 0x15,
434 0x04, 0xCC, 0xA9, 0x25, 0x04, 0x00, 0x00
435 };
436
437 static const uint8_t t0_codeblock[] = {
438 0x00, 0x01, 0x00, 0x0A, 0x00, 0x00, 0x01, 0x00, 0x0D, 0x00, 0x00, 0x01,
439 0x00, 0x0E, 0x00, 0x00, 0x01, 0x00, 0x0F, 0x00, 0x00, 0x01, 0x01, 0x08,
440 0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x02, 0x08, 0x00, 0x00,
441 0x01, 0x02, 0x09, 0x00, 0x00, 0x25, 0x25, 0x00, 0x00, 0x01,
442 T0_INT1(BR_ERR_BAD_CCS), 0x00, 0x00, 0x01,
443 T0_INT1(BR_ERR_BAD_CIPHER_SUITE), 0x00, 0x00, 0x01,
444 T0_INT1(BR_ERR_BAD_COMPRESSION), 0x00, 0x00, 0x01,
445 T0_INT1(BR_ERR_BAD_FINISHED), 0x00, 0x00, 0x01,
446 T0_INT1(BR_ERR_BAD_FRAGLEN), 0x00, 0x00, 0x01,
447 T0_INT1(BR_ERR_BAD_HANDSHAKE), 0x00, 0x00, 0x01,
448 T0_INT1(BR_ERR_BAD_HELLO_DONE), 0x00, 0x00, 0x01,
449 T0_INT1(BR_ERR_BAD_PARAM), 0x00, 0x00, 0x01,
450 T0_INT1(BR_ERR_BAD_SECRENEG), 0x00, 0x00, 0x01,
451 T0_INT1(BR_ERR_BAD_SNI), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_BAD_VERSION),
452 0x00, 0x00, 0x01, T0_INT1(BR_ERR_EXTRA_EXTENSION), 0x00, 0x00, 0x01,
453 T0_INT1(BR_ERR_INVALID_ALGORITHM), 0x00, 0x00, 0x01,
454 T0_INT1(BR_ERR_LIMIT_EXCEEDED), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OK),
455 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OVERSIZED_ID), 0x00, 0x00, 0x01,
456 T0_INT1(BR_ERR_RESUME_MISMATCH), 0x00, 0x00, 0x01,
457 T0_INT1(BR_ERR_UNEXPECTED), 0x00, 0x00, 0x01,
458 T0_INT1(BR_ERR_UNSUPPORTED_VERSION), 0x00, 0x00, 0x01,
459 T0_INT1(BR_ERR_WRONG_KEY_USAGE), 0x00, 0x00, 0x01,
460 T0_INT2(offsetof(br_ssl_engine_context, action)), 0x00, 0x00, 0x01,
461 T0_INT2(offsetof(br_ssl_engine_context, alert)), 0x00, 0x00, 0x01,
462 T0_INT2(offsetof(br_ssl_engine_context, application_data)), 0x00, 0x00,
463 0x01, T0_INT2(offsetof(br_ssl_client_context, auth_type)), 0x00, 0x00,
464 0x01,
465 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, cipher_suite)),
466 0x00, 0x00, 0x01,
467 T0_INT2(offsetof(br_ssl_engine_context, client_random)), 0x00, 0x00,
468 0x01, T0_INT2(offsetof(br_ssl_engine_context, close_received)), 0x00,
469 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_curve)),
470 0x00, 0x00, 0x01,
471 T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point)), 0x00, 0x00,
472 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point_len)), 0x00,
473 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, flags)), 0x00,
474 0x00, 0x01, T0_INT2(offsetof(br_ssl_client_context, hash_id)), 0x00,
475 0x00, 0x01, T0_INT2(offsetof(br_ssl_client_context, hashes)), 0x00,
476 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, log_max_frag_len)),
477 0x00, 0x00, 0x01,
478 T0_INT2(offsetof(br_ssl_client_context, min_clienthello_len)), 0x00,
479 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, pad)), 0x00, 0x00,
480 0x01, T0_INT2(offsetof(br_ssl_engine_context, protocol_names_num)),
481 0x00, 0x00, 0x01,
482 T0_INT2(offsetof(br_ssl_engine_context, record_type_in)), 0x00, 0x00,
483 0x01, T0_INT2(offsetof(br_ssl_engine_context, record_type_out)), 0x00,
484 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, reneg)), 0x00,
485 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, saved_finished)),
486 0x00, 0x00, 0x01,
487 T0_INT2(offsetof(br_ssl_engine_context, selected_protocol)), 0x00,
488 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, server_name)),
489 0x00, 0x00, 0x01,
490 T0_INT2(offsetof(br_ssl_engine_context, server_random)), 0x00, 0x00,
491 0x01,
492 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id)),
493 0x00, 0x00, 0x01,
494 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id_len)),
495 0x00, 0x00, 0x01,
496 T0_INT2(offsetof(br_ssl_engine_context, shutdown_recv)), 0x00, 0x00,
497 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_buf)), 0x00, 0x00,
498 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_num)), 0x00, 0x00,
499 0x01,
500 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, version)),
501 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_in)),
502 0x00, 0x00, 0x01,
503 T0_INT2(offsetof(br_ssl_engine_context, version_max)), 0x00, 0x00,
504 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_min)), 0x00,
505 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_out)),
506 0x00, 0x00, 0x09, 0x26, 0x55, 0x06, 0x02, 0x65, 0x28, 0x00, 0x00, 0x06,
507 0x08, 0x2C, 0x0E, 0x05, 0x02, 0x6E, 0x28, 0x04, 0x01, 0x3C, 0x00, 0x00,
508 0x01, 0x01, 0x00, 0x01, 0x03, 0x00, 0x96, 0x26, 0x5B, 0x43, 0x9A, 0x26,
509 0x05, 0x04, 0x5D, 0x01, 0x00, 0x00, 0x02, 0x00, 0x0E, 0x06, 0x02, 0x9A,
510 0x00, 0x5B, 0x04, 0x6B, 0x00, 0x06, 0x02, 0x65, 0x28, 0x00, 0x00, 0x26,
511 0x86, 0x43, 0x05, 0x03, 0x01, 0x0C, 0x08, 0x43, 0x76, 0x2C, 0xA8, 0x1C,
512 0x81, 0x01, 0x0C, 0x31, 0x00, 0x00, 0x26, 0x1F, 0x01, 0x08, 0x0B, 0x43,
513 0x59, 0x1F, 0x08, 0x00, 0x01, 0x03, 0x00, 0x01, 0x00, 0x74, 0x3D, 0x29,
514 0x1A, 0x36, 0x06, 0x07, 0x02, 0x00, 0xCB, 0x03, 0x00, 0x04, 0x75, 0x01,
515 0x00, 0xC2, 0x02, 0x00, 0x26, 0x1A, 0x17, 0x06, 0x02, 0x6C, 0x28, 0xCB,
516 0x04, 0x76, 0x01, 0x01, 0x00, 0x74, 0x3D, 0x01, 0x16, 0x84, 0x3D, 0x01,
517 0x00, 0x87, 0x3C, 0x34, 0xD1, 0x29, 0xB1, 0x06, 0x09, 0x01, 0x7F, 0xAC,
518 0x01, 0x7F, 0xCE, 0x04, 0x80, 0x53, 0xAE, 0x76, 0x2C, 0x9E, 0x01,
519 T0_INT1(BR_KEYTYPE_SIGN), 0x17, 0x06, 0x01, 0xB2, 0xB5, 0x26, 0x01,
520 0x0D, 0x0E, 0x06, 0x07, 0x25, 0xB4, 0xB5, 0x01, 0x7F, 0x04, 0x02, 0x01,
521 0x00, 0x03, 0x00, 0x01, 0x0E, 0x0E, 0x05, 0x02, 0x6F, 0x28, 0x06, 0x02,
522 0x64, 0x28, 0x33, 0x06, 0x02, 0x6F, 0x28, 0x02, 0x00, 0x06, 0x1C, 0xCF,
523 0x7D, 0x2E, 0x01, 0x81, 0x7F, 0x0E, 0x06, 0x0D, 0x25, 0x01, 0x10, 0xDA,
524 0x01, 0x00, 0xD9, 0x76, 0x2C, 0xA8, 0x24, 0x04, 0x04, 0xD2, 0x06, 0x01,
525 0xD0, 0x04, 0x01, 0xD2, 0x01, 0x7F, 0xCE, 0x01, 0x7F, 0xAC, 0x01, 0x01,
526 0x74, 0x3D, 0x01, 0x17, 0x84, 0x3D, 0x00, 0x00, 0x38, 0x38, 0x00, 0x00,
527 0x97, 0x01, 0x0C, 0x11, 0x01, 0x00, 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
528 T0_INT1(BR_KEYTYPE_RSA | BR_KEYTYPE_KEYX), 0x04, 0x30, 0x01, 0x01,
529 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
530 T0_INT1(BR_KEYTYPE_RSA | BR_KEYTYPE_SIGN), 0x04, 0x25, 0x01, 0x02,
531 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
532 T0_INT1(BR_KEYTYPE_EC | BR_KEYTYPE_SIGN), 0x04, 0x1A, 0x01, 0x03,
533 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
534 T0_INT1(BR_KEYTYPE_EC | BR_KEYTYPE_KEYX), 0x04, 0x0F, 0x01, 0x04,
535 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
536 T0_INT1(BR_KEYTYPE_EC | BR_KEYTYPE_KEYX), 0x04, 0x04, 0x01, 0x00,
537 0x43, 0x25, 0x00, 0x00, 0x7F, 0x2E, 0x01, 0x0E, 0x0E, 0x06, 0x04, 0x01,
538 0x00, 0x04, 0x02, 0x01, 0x05, 0x00, 0x00, 0x3F, 0x06, 0x04, 0x01, 0x06,
539 0x04, 0x02, 0x01, 0x00, 0x00, 0x00, 0x85, 0x2E, 0x26, 0x06, 0x08, 0x01,
540 0x01, 0x09, 0x01, 0x11, 0x07, 0x04, 0x03, 0x25, 0x01, 0x05, 0x00, 0x01,
541 0x40, 0x03, 0x00, 0x25, 0x01, 0x00, 0x42, 0x06, 0x03, 0x02, 0x00, 0x08,
542 0x41, 0x06, 0x03, 0x02, 0x00, 0x08, 0x26, 0x06, 0x06, 0x01, 0x01, 0x0B,
543 0x01, 0x06, 0x08, 0x00, 0x00, 0x88, 0x3E, 0x26, 0x06, 0x03, 0x01, 0x09,
544 0x08, 0x00, 0x01, 0x3F, 0x26, 0x06, 0x1E, 0x01, 0x00, 0x03, 0x00, 0x26,
545 0x06, 0x0E, 0x26, 0x01, 0x01, 0x17, 0x02, 0x00, 0x08, 0x03, 0x00, 0x01,
546 0x01, 0x11, 0x04, 0x6F, 0x25, 0x02, 0x00, 0x01, 0x01, 0x0B, 0x01, 0x06,
547 0x08, 0x00, 0x00, 0x7C, 0x2D, 0x43, 0x11, 0x01, 0x01, 0x17, 0x35, 0x00,
548 0x00, 0x9C, 0xCA, 0x26, 0x01, 0x07, 0x17, 0x01, 0x00, 0x38, 0x0E, 0x06,
549 0x09, 0x25, 0x01, 0x10, 0x17, 0x06, 0x01, 0x9C, 0x04, 0x2D, 0x01, 0x01,
550 0x38, 0x0E, 0x06, 0x24, 0x25, 0x25, 0x01, 0x00, 0x74, 0x3D, 0xB0, 0x85,
551 0x2E, 0x01, 0x01, 0x0E, 0x01, 0x01, 0xA5, 0x37, 0x06, 0x0F, 0x29, 0x1A,
552 0x36, 0x06, 0x04, 0xCA, 0x25, 0x04, 0x78, 0x01, 0x80, 0x64, 0xC2, 0x04,
553 0x01, 0x9C, 0x04, 0x03, 0x6F, 0x28, 0x25, 0x04, 0xFF, 0x3C, 0x01, 0x26,
554 0x03, 0x00, 0x09, 0x26, 0x55, 0x06, 0x02, 0x65, 0x28, 0x02, 0x00, 0x00,
555 0x00, 0x97, 0x01, 0x0F, 0x17, 0x00, 0x00, 0x73, 0x2E, 0x01, 0x00, 0x38,
556 0x0E, 0x06, 0x10, 0x25, 0x26, 0x01, 0x01, 0x0D, 0x06, 0x03, 0x25, 0x01,
557 0x02, 0x73, 0x3D, 0x01, 0x00, 0x04, 0x22, 0x01, 0x01, 0x38, 0x0E, 0x06,
558 0x15, 0x25, 0x01, 0x00, 0x73, 0x3D, 0x26, 0x01, 0x80, 0x64, 0x0E, 0x06,
559 0x05, 0x01, 0x82, 0x00, 0x08, 0x28, 0x57, 0x00, 0x04, 0x07, 0x25, 0x01,
560 0x82, 0x00, 0x08, 0x28, 0x25, 0x00, 0x00, 0x01, 0x00, 0x2F, 0x06, 0x05,
561 0x3A, 0xA9, 0x37, 0x04, 0x78, 0x26, 0x06, 0x04, 0x01, 0x01, 0x8C, 0x3D,
562 0x00, 0x01, 0xBC, 0xA7, 0xBC, 0xA7, 0xBE, 0x81, 0x43, 0x26, 0x03, 0x00,
563 0xB3, 0x98, 0x98, 0x02, 0x00, 0x4A, 0x26, 0x55, 0x06, 0x0A, 0x01, 0x03,
564 0xA5, 0x06, 0x02, 0x6F, 0x28, 0x25, 0x04, 0x03, 0x59, 0x87, 0x3C, 0x00,
565 0x00, 0x2F, 0x06, 0x0B, 0x83, 0x2E, 0x01, 0x14, 0x0D, 0x06, 0x02, 0x6F,
566 0x28, 0x04, 0x11, 0xCA, 0x01, 0x07, 0x17, 0x26, 0x01, 0x02, 0x0D, 0x06,
567 0x06, 0x06, 0x02, 0x6F, 0x28, 0x04, 0x70, 0x25, 0xBF, 0x01, 0x01, 0x0D,
568 0x33, 0x37, 0x06, 0x02, 0x5E, 0x28, 0x26, 0x01, 0x01, 0xC5, 0x36, 0xAF,
569 0x00, 0x01, 0xB5, 0x01, 0x0B, 0x0E, 0x05, 0x02, 0x6F, 0x28, 0x26, 0x01,
570 0x03, 0x0E, 0x06, 0x08, 0xBD, 0x06, 0x02, 0x65, 0x28, 0x43, 0x25, 0x00,
571 0x43, 0x54, 0xBD, 0xA7, 0x26, 0x06, 0x23, 0xBD, 0xA7, 0x26, 0x53, 0x26,
572 0x06, 0x18, 0x26, 0x01, 0x82, 0x00, 0x0F, 0x06, 0x05, 0x01, 0x82, 0x00,
573 0x04, 0x01, 0x26, 0x03, 0x00, 0x81, 0x02, 0x00, 0xB3, 0x02, 0x00, 0x50,
574 0x04, 0x65, 0x98, 0x51, 0x04, 0x5A, 0x98, 0x98, 0x52, 0x26, 0x06, 0x02,
575 0x35, 0x00, 0x25, 0x2B, 0x00, 0x00, 0x76, 0x2C, 0x9E, 0x01, 0x7F, 0xAD,
576 0x26, 0x55, 0x06, 0x02, 0x35, 0x28, 0x26, 0x05, 0x02, 0x6F, 0x28, 0x38,
577 0x17, 0x0D, 0x06, 0x02, 0x71, 0x28, 0x3B, 0x00, 0x00, 0x99, 0xB5, 0x01,
578 0x14, 0x0D, 0x06, 0x02, 0x6F, 0x28, 0x81, 0x01, 0x0C, 0x08, 0x01, 0x0C,
579 0xB3, 0x98, 0x81, 0x26, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0x30, 0x05, 0x02,
580 0x61, 0x28, 0x00, 0x00, 0xB6, 0x06, 0x02, 0x6F, 0x28, 0x06, 0x02, 0x63,
581 0x28, 0x00, 0x0A, 0xB5, 0x01, 0x02, 0x0E, 0x05, 0x02, 0x6F, 0x28, 0xBC,
582 0x03, 0x00, 0x02, 0x00, 0x92, 0x2C, 0x0A, 0x02, 0x00, 0x91, 0x2C, 0x0F,
583 0x37, 0x06, 0x02, 0x70, 0x28, 0x02, 0x00, 0x90, 0x2C, 0x0D, 0x06, 0x02,
584 0x68, 0x28, 0x02, 0x00, 0x93, 0x3C, 0x89, 0x01, 0x20, 0xB3, 0x01, 0x00,
585 0x03, 0x01, 0xBE, 0x03, 0x02, 0x02, 0x02, 0x01, 0x20, 0x0F, 0x06, 0x02,
586 0x6D, 0x28, 0x81, 0x02, 0x02, 0xB3, 0x02, 0x02, 0x8B, 0x2E, 0x0E, 0x02,
587 0x02, 0x01, 0x00, 0x0F, 0x17, 0x06, 0x0B, 0x8A, 0x81, 0x02, 0x02, 0x30,
588 0x06, 0x04, 0x01, 0x7F, 0x03, 0x01, 0x8A, 0x81, 0x02, 0x02, 0x31, 0x02,
589 0x02, 0x8B, 0x3D, 0x02, 0x00, 0x8F, 0x02, 0x01, 0x95, 0xBC, 0x26, 0xC0,
590 0x55, 0x06, 0x02, 0x5F, 0x28, 0x76, 0x02, 0x01, 0x95, 0xBE, 0x06, 0x02,
591 0x60, 0x28, 0x26, 0x06, 0x81, 0x45, 0xBC, 0xA7, 0xA3, 0x03, 0x03, 0xA1,
592 0x03, 0x04, 0x9F, 0x03, 0x05, 0xA2, 0x03, 0x06, 0xA4, 0x03, 0x07, 0xA0,
593 0x03, 0x08, 0x27, 0x03, 0x09, 0x26, 0x06, 0x81, 0x18, 0xBC, 0x01, 0x00,
594 0x38, 0x0E, 0x06, 0x0F, 0x25, 0x02, 0x03, 0x05, 0x02, 0x69, 0x28, 0x01,
595 0x00, 0x03, 0x03, 0xBB, 0x04, 0x80, 0x7F, 0x01, 0x01, 0x38, 0x0E, 0x06,
596 0x0F, 0x25, 0x02, 0x05, 0x05, 0x02, 0x69, 0x28, 0x01, 0x00, 0x03, 0x05,
597 0xB9, 0x04, 0x80, 0x6A, 0x01, 0x83, 0xFE, 0x01, 0x38, 0x0E, 0x06, 0x0F,
598 0x25, 0x02, 0x04, 0x05, 0x02, 0x69, 0x28, 0x01, 0x00, 0x03, 0x04, 0xBA,
599 0x04, 0x80, 0x53, 0x01, 0x0D, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x06,
600 0x05, 0x02, 0x69, 0x28, 0x01, 0x00, 0x03, 0x06, 0xB7, 0x04, 0x3F, 0x01,
601 0x0A, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x07, 0x05, 0x02, 0x69, 0x28,
602 0x01, 0x00, 0x03, 0x07, 0xB7, 0x04, 0x2B, 0x01, 0x0B, 0x38, 0x0E, 0x06,
603 0x0E, 0x25, 0x02, 0x08, 0x05, 0x02, 0x69, 0x28, 0x01, 0x00, 0x03, 0x08,
604 0xB7, 0x04, 0x17, 0x01, 0x10, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x09,
605 0x05, 0x02, 0x69, 0x28, 0x01, 0x00, 0x03, 0x09, 0xAB, 0x04, 0x03, 0x69,
606 0x28, 0x25, 0x04, 0xFE, 0x64, 0x02, 0x04, 0x06, 0x0D, 0x02, 0x04, 0x01,
607 0x05, 0x0F, 0x06, 0x02, 0x66, 0x28, 0x01, 0x01, 0x85, 0x3D, 0x98, 0x98,
608 0x02, 0x01, 0x00, 0x04, 0xB5, 0x01, 0x0C, 0x0E, 0x05, 0x02, 0x6F, 0x28,
609 0xBE, 0x01, 0x03, 0x0E, 0x05, 0x02, 0x6A, 0x28, 0xBC, 0x26, 0x79, 0x3D,
610 0x26, 0x01, 0x20, 0x10, 0x06, 0x02, 0x6A, 0x28, 0x3F, 0x43, 0x11, 0x01,
611 0x01, 0x17, 0x05, 0x02, 0x6A, 0x28, 0xBE, 0x26, 0x01, 0x81, 0x05, 0x0F,
612 0x06, 0x02, 0x6A, 0x28, 0x26, 0x7B, 0x3D, 0x7A, 0x43, 0xB3, 0x8F, 0x2C,
613 0x01, 0x86, 0x03, 0x10, 0x03, 0x00, 0x76, 0x2C, 0xC8, 0x03, 0x01, 0x01,
614 0x02, 0x03, 0x02, 0x02, 0x00, 0x06, 0x21, 0xBE, 0x26, 0x26, 0x01, 0x02,
615 0x0A, 0x43, 0x01, 0x06, 0x0F, 0x37, 0x06, 0x02, 0x6A, 0x28, 0x03, 0x02,
616 0xBE, 0x02, 0x01, 0x01, 0x01, 0x0B, 0x01, 0x03, 0x08, 0x0E, 0x05, 0x02,
617 0x6A, 0x28, 0x04, 0x08, 0x02, 0x01, 0x06, 0x04, 0x01, 0x00, 0x03, 0x02,
618 0xBC, 0x26, 0x03, 0x03, 0x26, 0x01, 0x84, 0x00, 0x0F, 0x06, 0x02, 0x6B,
619 0x28, 0x81, 0x43, 0xB3, 0x02, 0x02, 0x02, 0x01, 0x02, 0x03, 0x4D, 0x26,
620 0x06, 0x01, 0x28, 0x25, 0x98, 0x00, 0x02, 0x03, 0x00, 0x03, 0x01, 0x02,
621 0x00, 0x94, 0x02, 0x01, 0x02, 0x00, 0x39, 0x26, 0x01, 0x00, 0x0E, 0x06,
622 0x02, 0x5D, 0x00, 0xCC, 0x04, 0x74, 0x02, 0x01, 0x00, 0x03, 0x00, 0xBE,
623 0xA7, 0x26, 0x06, 0x80, 0x43, 0xBE, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x06,
624 0x25, 0x01, 0x81, 0x7F, 0x04, 0x2E, 0x01, 0x80, 0x40, 0x38, 0x0E, 0x06,
625 0x07, 0x25, 0x01, 0x83, 0xFE, 0x00, 0x04, 0x20, 0x01, 0x80, 0x41, 0x38,
626 0x0E, 0x06, 0x07, 0x25, 0x01, 0x84, 0x80, 0x00, 0x04, 0x12, 0x01, 0x80,
627 0x42, 0x38, 0x0E, 0x06, 0x07, 0x25, 0x01, 0x88, 0x80, 0x00, 0x04, 0x04,
628 0x01, 0x00, 0x43, 0x25, 0x02, 0x00, 0x37, 0x03, 0x00, 0x04, 0xFF, 0x39,
629 0x98, 0x76, 0x2C, 0xC6, 0x05, 0x09, 0x02, 0x00, 0x01, 0x83, 0xFF, 0x7F,
630 0x17, 0x03, 0x00, 0x8F, 0x2C, 0x01, 0x86, 0x03, 0x10, 0x06, 0x3A, 0xB8,
631 0x26, 0x7E, 0x3C, 0x40, 0x25, 0x26, 0x01, 0x08, 0x0B, 0x37, 0x01, 0x8C,
632 0x80, 0x00, 0x37, 0x17, 0x02, 0x00, 0x17, 0x02, 0x00, 0x01, 0x8C, 0x80,
633 0x00, 0x17, 0x06, 0x19, 0x26, 0x01, 0x81, 0x7F, 0x17, 0x06, 0x05, 0x01,
634 0x84, 0x80, 0x00, 0x37, 0x26, 0x01, 0x83, 0xFE, 0x00, 0x17, 0x06, 0x05,
635 0x01, 0x88, 0x80, 0x00, 0x37, 0x03, 0x00, 0x04, 0x09, 0x02, 0x00, 0x01,
636 0x8C, 0x88, 0x01, 0x17, 0x03, 0x00, 0x16, 0xBC, 0xA7, 0x26, 0x06, 0x23,
637 0xBC, 0xA7, 0x26, 0x15, 0x26, 0x06, 0x18, 0x26, 0x01, 0x82, 0x00, 0x0F,
638 0x06, 0x05, 0x01, 0x82, 0x00, 0x04, 0x01, 0x26, 0x03, 0x01, 0x81, 0x02,
639 0x01, 0xB3, 0x02, 0x01, 0x12, 0x04, 0x65, 0x98, 0x13, 0x04, 0x5A, 0x98,
640 0x14, 0x98, 0x02, 0x00, 0x2A, 0x00, 0x00, 0xB6, 0x26, 0x57, 0x06, 0x07,
641 0x25, 0x06, 0x02, 0x63, 0x28, 0x04, 0x74, 0x00, 0x00, 0xBF, 0x01, 0x03,
642 0xBD, 0x43, 0x25, 0x43, 0x00, 0x00, 0xBC, 0xC3, 0x00, 0x03, 0x01, 0x00,
643 0x03, 0x00, 0xBC, 0xA7, 0x26, 0x06, 0x32, 0xBE, 0x03, 0x01, 0xBE, 0x03,
644 0x02, 0x02, 0x01, 0x01, 0x02, 0x10, 0x02, 0x01, 0x01, 0x06, 0x0C, 0x17,
645 0x02, 0x02, 0x01, 0x01, 0x0E, 0x02, 0x02, 0x01, 0x03, 0x0E, 0x37, 0x17,
646 0x06, 0x11, 0x02, 0x00, 0x01, 0x01, 0x02, 0x02, 0x5A, 0x01, 0x02, 0x0B,
647 0x02, 0x01, 0x08, 0x0B, 0x37, 0x03, 0x00, 0x04, 0x4B, 0x98, 0x02, 0x00,
648 0x00, 0x00, 0xBC, 0x01, 0x01, 0x0E, 0x05, 0x02, 0x62, 0x28, 0xBE, 0x01,
649 0x08, 0x08, 0x7F, 0x2E, 0x0E, 0x05, 0x02, 0x62, 0x28, 0x00, 0x00, 0xBC,
650 0x85, 0x2E, 0x05, 0x15, 0x01, 0x01, 0x0E, 0x05, 0x02, 0x66, 0x28, 0xBE,
651 0x01, 0x00, 0x0E, 0x05, 0x02, 0x66, 0x28, 0x01, 0x02, 0x85, 0x3D, 0x04,
652 0x1C, 0x01, 0x19, 0x0E, 0x05, 0x02, 0x66, 0x28, 0xBE, 0x01, 0x18, 0x0E,
653 0x05, 0x02, 0x66, 0x28, 0x81, 0x01, 0x18, 0xB3, 0x86, 0x81, 0x01, 0x18,
654 0x30, 0x05, 0x02, 0x66, 0x28, 0x00, 0x00, 0xBC, 0x06, 0x02, 0x67, 0x28,
655 0x00, 0x00, 0x01, 0x02, 0x94, 0xBF, 0x01, 0x08, 0x0B, 0xBF, 0x08, 0x00,
656 0x00, 0x01, 0x03, 0x94, 0xBF, 0x01, 0x08, 0x0B, 0xBF, 0x08, 0x01, 0x08,
657 0x0B, 0xBF, 0x08, 0x00, 0x00, 0x01, 0x01, 0x94, 0xBF, 0x00, 0x00, 0x3A,
658 0x26, 0x55, 0x05, 0x01, 0x00, 0x25, 0xCC, 0x04, 0x76, 0x02, 0x03, 0x00,
659 0x8E, 0x2E, 0x03, 0x01, 0x01, 0x00, 0x26, 0x02, 0x01, 0x0A, 0x06, 0x10,
660 0x26, 0x01, 0x01, 0x0B, 0x8D, 0x08, 0x2C, 0x02, 0x00, 0x0E, 0x06, 0x01,
661 0x00, 0x59, 0x04, 0x6A, 0x25, 0x01, 0x7F, 0x00, 0x00, 0x01, 0x15, 0x84,
662 0x3D, 0x43, 0x4F, 0x25, 0x4F, 0x25, 0x29, 0x00, 0x00, 0x01, 0x01, 0x43,
663 0xC1, 0x00, 0x00, 0x43, 0x38, 0x94, 0x43, 0x26, 0x06, 0x05, 0xBF, 0x25,
664 0x5A, 0x04, 0x78, 0x25, 0x00, 0x00, 0x26, 0x01, 0x81, 0xAC, 0x00, 0x0E,
665 0x06, 0x04, 0x25, 0x01, 0x7F, 0x00, 0x97, 0x56, 0x00, 0x02, 0x03, 0x00,
666 0x76, 0x2C, 0x97, 0x03, 0x01, 0x02, 0x01, 0x01, 0x0F, 0x17, 0x02, 0x01,
667 0x01, 0x04, 0x11, 0x01, 0x0F, 0x17, 0x02, 0x01, 0x01, 0x08, 0x11, 0x01,
668 0x0F, 0x17, 0x01, 0x00, 0x38, 0x0E, 0x06, 0x10, 0x25, 0x01, 0x00, 0x01,
669 0x18, 0x02, 0x00, 0x06, 0x03, 0x46, 0x04, 0x01, 0x47, 0x04, 0x80, 0x68,
670 0x01, 0x01, 0x38, 0x0E, 0x06, 0x10, 0x25, 0x01, 0x01, 0x01, 0x10, 0x02,
671 0x00, 0x06, 0x03, 0x46, 0x04, 0x01, 0x47, 0x04, 0x80, 0x52, 0x01, 0x02,
672 0x38, 0x0E, 0x06, 0x0F, 0x25, 0x01, 0x01, 0x01, 0x20, 0x02, 0x00, 0x06,
673 0x03, 0x46, 0x04, 0x01, 0x47, 0x04, 0x3D, 0x01, 0x03, 0x38, 0x0E, 0x06,
674 0x0E, 0x25, 0x25, 0x01, 0x10, 0x02, 0x00, 0x06, 0x03, 0x44, 0x04, 0x01,
675 0x45, 0x04, 0x29, 0x01, 0x04, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x25, 0x01,
676 0x20, 0x02, 0x00, 0x06, 0x03, 0x44, 0x04, 0x01, 0x45, 0x04, 0x15, 0x01,
677 0x05, 0x38, 0x0E, 0x06, 0x0C, 0x25, 0x25, 0x02, 0x00, 0x06, 0x03, 0x48,
678 0x04, 0x01, 0x49, 0x04, 0x03, 0x65, 0x28, 0x25, 0x00, 0x00, 0x97, 0x01,
679 0x0C, 0x11, 0x01, 0x02, 0x0F, 0x00, 0x00, 0x97, 0x01, 0x0C, 0x11, 0x26,
680 0x58, 0x43, 0x01, 0x03, 0x0A, 0x17, 0x00, 0x00, 0x97, 0x01, 0x0C, 0x11,
681 0x01, 0x01, 0x0E, 0x00, 0x00, 0x97, 0x01, 0x0C, 0x11, 0x57, 0x00, 0x00,
682 0x1B, 0x01, 0x00, 0x72, 0x2E, 0x26, 0x06, 0x1F, 0x01, 0x01, 0x38, 0x0E,
683 0x06, 0x06, 0x25, 0x01, 0x00, 0x9B, 0x04, 0x11, 0x01, 0x02, 0x38, 0x0E,
684 0x06, 0x0A, 0x25, 0x74, 0x2E, 0x06, 0x03, 0x01, 0x10, 0x37, 0x04, 0x01,
685 0x25, 0x04, 0x01, 0x25, 0x78, 0x2E, 0x05, 0x33, 0x2F, 0x06, 0x30, 0x83,
686 0x2E, 0x01, 0x14, 0x38, 0x0E, 0x06, 0x06, 0x25, 0x01, 0x02, 0x37, 0x04,
687 0x22, 0x01, 0x15, 0x38, 0x0E, 0x06, 0x09, 0x25, 0xAA, 0x06, 0x03, 0x01,
688 0x7F, 0x9B, 0x04, 0x13, 0x01, 0x16, 0x38, 0x0E, 0x06, 0x06, 0x25, 0x01,
689 0x01, 0x37, 0x04, 0x07, 0x25, 0x01, 0x04, 0x37, 0x01, 0x00, 0x25, 0x1A,
690 0x06, 0x03, 0x01, 0x08, 0x37, 0x00, 0x00, 0x1B, 0x26, 0x05, 0x0F, 0x2F,
691 0x06, 0x0C, 0x83, 0x2E, 0x01, 0x15, 0x0E, 0x06, 0x04, 0x25, 0xAA, 0x04,
692 0x01, 0x20, 0x00, 0x00, 0xCA, 0x01, 0x07, 0x17, 0x01, 0x01, 0x0F, 0x06,
693 0x02, 0x6F, 0x28, 0x00, 0x01, 0x03, 0x00, 0x29, 0x1A, 0x06, 0x05, 0x02,
694 0x00, 0x84, 0x3D, 0x00, 0xCA, 0x25, 0x04, 0x74, 0x00, 0x01, 0x14, 0xCD,
695 0x01, 0x01, 0xDA, 0x29, 0x26, 0x01, 0x00, 0xC5, 0x01, 0x16, 0xCD, 0xD3,
696 0x29, 0x00, 0x00, 0x01, 0x0B, 0xDA, 0x4B, 0x26, 0x26, 0x01, 0x03, 0x08,
697 0xD9, 0xD9, 0x18, 0x26, 0x55, 0x06, 0x02, 0x25, 0x00, 0xD9, 0x1D, 0x26,
698 0x06, 0x05, 0x81, 0x43, 0xD4, 0x04, 0x77, 0x25, 0x04, 0x6C, 0x00, 0x21,
699 0x01, 0x0F, 0xDA, 0x26, 0x8F, 0x2C, 0x01, 0x86, 0x03, 0x10, 0x06, 0x0C,
700 0x01, 0x04, 0x08, 0xD9, 0x7D, 0x2E, 0xDA, 0x75, 0x2E, 0xDA, 0x04, 0x02,
701 0x5B, 0xD9, 0x26, 0xD8, 0x81, 0x43, 0xD4, 0x00, 0x02, 0xA1, 0xA3, 0x08,
702 0x9F, 0x08, 0xA2, 0x08, 0xA4, 0x08, 0xA0, 0x08, 0x27, 0x08, 0x03, 0x00,
703 0x01, 0x01, 0xDA, 0x01, 0x27, 0x8B, 0x2E, 0x08, 0x8E, 0x2E, 0x01, 0x01,
704 0x0B, 0x08, 0x02, 0x00, 0x06, 0x04, 0x5B, 0x02, 0x00, 0x08, 0x80, 0x2C,
705 0x38, 0x09, 0x26, 0x58, 0x06, 0x24, 0x02, 0x00, 0x05, 0x04, 0x43, 0x5B,
706 0x43, 0x5C, 0x01, 0x04, 0x09, 0x26, 0x55, 0x06, 0x03, 0x25, 0x01, 0x00,
707 0x26, 0x01, 0x04, 0x08, 0x02, 0x00, 0x08, 0x03, 0x00, 0x43, 0x01, 0x04,
708 0x08, 0x38, 0x08, 0x43, 0x04, 0x03, 0x25, 0x01, 0x7F, 0x03, 0x01, 0xD9,
709 0x91, 0x2C, 0xD8, 0x77, 0x01, 0x04, 0x19, 0x77, 0x01, 0x04, 0x08, 0x01,
710 0x1C, 0x32, 0x77, 0x01, 0x20, 0xD4, 0x8A, 0x8B, 0x2E, 0xD6, 0x8E, 0x2E,
711 0x26, 0x01, 0x01, 0x0B, 0xD8, 0x8D, 0x43, 0x26, 0x06, 0x0F, 0x5A, 0x38,
712 0x2C, 0x26, 0xC4, 0x05, 0x02, 0x5F, 0x28, 0xD8, 0x43, 0x5B, 0x43, 0x04,
713 0x6E, 0x5D, 0x01, 0x01, 0xDA, 0x01, 0x00, 0xDA, 0x02, 0x00, 0x06, 0x81,
714 0x46, 0x02, 0x00, 0xD8, 0xA1, 0x06, 0x0E, 0x01, 0x83, 0xFE, 0x01, 0xD8,
715 0x86, 0xA1, 0x01, 0x04, 0x09, 0x26, 0xD8, 0x5A, 0xD6, 0xA3, 0x06, 0x16,
716 0x01, 0x00, 0xD8, 0x88, 0xA3, 0x01, 0x04, 0x09, 0x26, 0xD8, 0x01, 0x02,
717 0x09, 0x26, 0xD8, 0x01, 0x00, 0xDA, 0x01, 0x03, 0x09, 0xD5, 0x9F, 0x06,
718 0x0C, 0x01, 0x01, 0xD8, 0x01, 0x01, 0xD8, 0x7F, 0x2E, 0x01, 0x08, 0x09,
719 0xDA, 0xA2, 0x06, 0x19, 0x01, 0x0D, 0xD8, 0xA2, 0x01, 0x04, 0x09, 0x26,
720 0xD8, 0x01, 0x02, 0x09, 0xD8, 0x41, 0x06, 0x03, 0x01, 0x03, 0xD7, 0x42,
721 0x06, 0x03, 0x01, 0x01, 0xD7, 0xA4, 0x26, 0x06, 0x22, 0x01, 0x0A, 0xD8,
722 0x01, 0x04, 0x09, 0x26, 0xD8, 0x5C, 0xD8, 0x3F, 0x01, 0x00, 0x26, 0x01,
723 0x20, 0x0A, 0x06, 0x0C, 0x9D, 0x11, 0x01, 0x01, 0x17, 0x06, 0x02, 0x26,
724 0xD8, 0x59, 0x04, 0x6E, 0x5D, 0x04, 0x01, 0x25, 0xA0, 0x06, 0x0A, 0x01,
725 0x0B, 0xD8, 0x01, 0x02, 0xD8, 0x01, 0x82, 0x00, 0xD8, 0x27, 0x26, 0x06,
726 0x1F, 0x01, 0x10, 0xD8, 0x01, 0x04, 0x09, 0x26, 0xD8, 0x5C, 0xD8, 0x82,
727 0x2C, 0x01, 0x00, 0x9D, 0x0F, 0x06, 0x0A, 0x26, 0x1E, 0x26, 0xDA, 0x81,
728 0x43, 0xD4, 0x59, 0x04, 0x72, 0x5D, 0x04, 0x01, 0x25, 0x02, 0x01, 0x55,
729 0x05, 0x11, 0x01, 0x15, 0xD8, 0x02, 0x01, 0x26, 0xD8, 0x26, 0x06, 0x06,
730 0x5A, 0x01, 0x00, 0xDA, 0x04, 0x77, 0x25, 0x00, 0x00, 0x01, 0x10, 0xDA,
731 0x76, 0x2C, 0x26, 0xC9, 0x06, 0x0C, 0xA8, 0x23, 0x26, 0x5B, 0xD9, 0x26,
732 0xD8, 0x81, 0x43, 0xD4, 0x04, 0x0D, 0x26, 0xC7, 0x43, 0xA8, 0x22, 0x26,
733 0x59, 0xD9, 0x26, 0xDA, 0x81, 0x43, 0xD4, 0x00, 0x00, 0x99, 0x01, 0x14,
734 0xDA, 0x01, 0x0C, 0xD9, 0x81, 0x01, 0x0C, 0xD4, 0x00, 0x00, 0x4E, 0x26,
735 0x01, 0x00, 0x0E, 0x06, 0x02, 0x5D, 0x00, 0xCA, 0x25, 0x04, 0x73, 0x00,
736 0x26, 0xD8, 0xD4, 0x00, 0x00, 0x26, 0xDA, 0xD4, 0x00, 0x01, 0x03, 0x00,
737 0x40, 0x25, 0x26, 0x01, 0x10, 0x17, 0x06, 0x06, 0x01, 0x04, 0xDA, 0x02,
738 0x00, 0xDA, 0x26, 0x01, 0x08, 0x17, 0x06, 0x06, 0x01, 0x03, 0xDA, 0x02,
739 0x00, 0xDA, 0x26, 0x01, 0x20, 0x17, 0x06, 0x06, 0x01, 0x05, 0xDA, 0x02,
740 0x00, 0xDA, 0x26, 0x01, 0x80, 0x40, 0x17, 0x06, 0x06, 0x01, 0x06, 0xDA,
741 0x02, 0x00, 0xDA, 0x01, 0x04, 0x17, 0x06, 0x06, 0x01, 0x02, 0xDA, 0x02,
742 0x00, 0xDA, 0x00, 0x00, 0x26, 0x01, 0x08, 0x4C, 0xDA, 0xDA, 0x00, 0x00,
743 0x26, 0x01, 0x10, 0x4C, 0xDA, 0xD8, 0x00, 0x00, 0x26, 0x4F, 0x06, 0x02,
744 0x25, 0x00, 0xCA, 0x25, 0x04, 0x76
745 };
746
747 static const uint16_t t0_caddr[] = {
748 0,
749 5,
750 10,
751 15,
752 20,
753 25,
754 30,
755 35,
756 40,
757 44,
758 48,
759 52,
760 56,
761 60,
762 64,
763 68,
764 72,
765 76,
766 80,
767 84,
768 88,
769 92,
770 96,
771 100,
772 104,
773 108,
774 112,
775 116,
776 120,
777 124,
778 129,
779 134,
780 139,
781 144,
782 149,
783 154,
784 159,
785 164,
786 169,
787 174,
788 179,
789 184,
790 189,
791 194,
792 199,
793 204,
794 209,
795 214,
796 219,
797 224,
798 229,
799 234,
800 239,
801 244,
802 249,
803 254,
804 259,
805 264,
806 269,
807 274,
808 279,
809 284,
810 289,
811 294,
812 303,
813 316,
814 320,
815 345,
816 351,
817 370,
818 381,
819 415,
820 535,
821 539,
822 604,
823 619,
824 630,
825 648,
826 677,
827 687,
828 723,
829 733,
830 803,
831 817,
832 823,
833 883,
834 902,
835 937,
836 986,
837 1062,
838 1089,
839 1120,
840 1131,
841 1456,
842 1603,
843 1627,
844 1843,
845 1857,
846 1866,
847 1870,
848 1934,
849 1955,
850 2011,
851 2018,
852 2029,
853 2045,
854 2051,
855 2062,
856 2097,
857 2109,
858 2115,
859 2130,
860 2146,
861 2302,
862 2311,
863 2324,
864 2333,
865 2340,
866 2443,
867 2464,
868 2477,
869 2493,
870 2511,
871 2543,
872 2577,
873 2925,
874 2961,
875 2974,
876 2988,
877 2993,
878 2998,
879 3064,
880 3072,
881 3080
882 };
883
884 #define T0_INTERPRETED 85
885
886 #define T0_ENTER(ip, rp, slot) do { \
887 const unsigned char *t0_newip; \
888 uint32_t t0_lnum; \
889 t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \
890 t0_lnum = t0_parse7E_unsigned(&t0_newip); \
891 (rp) += t0_lnum; \
892 *((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \
893 (ip) = t0_newip; \
894 } while (0)
895
896 #define T0_DEFENTRY(name, slot) \
897 void \
898 name(void *ctx) \
899 { \
900 t0_context *t0ctx = ctx; \
901 t0ctx->ip = &t0_codeblock[0]; \
902 T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \
903 }
904
905 T0_DEFENTRY(br_ssl_hs_client_init_main, 166)
906
907 #define T0_NEXT(t0ipp) (*(*(t0ipp)) ++)
908
909 void
910 br_ssl_hs_client_run(void *t0ctx)
911 {
912 uint32_t *dp, *rp;
913 const unsigned char *ip;
914
915 #define T0_LOCAL(x) (*(rp - 2 - (x)))
916 #define T0_POP() (*-- dp)
917 #define T0_POPi() (*(int32_t *)(-- dp))
918 #define T0_PEEK(x) (*(dp - 1 - (x)))
919 #define T0_PEEKi(x) (*(int32_t *)(dp - 1 - (x)))
920 #define T0_PUSH(v) do { *dp = (v); dp ++; } while (0)
921 #define T0_PUSHi(v) do { *(int32_t *)dp = (v); dp ++; } while (0)
922 #define T0_RPOP() (*-- rp)
923 #define T0_RPOPi() (*(int32_t *)(-- rp))
924 #define T0_RPUSH(v) do { *rp = (v); rp ++; } while (0)
925 #define T0_RPUSHi(v) do { *(int32_t *)rp = (v); rp ++; } while (0)
926 #define T0_ROLL(x) do { \
927 size_t t0len = (size_t)(x); \
928 uint32_t t0tmp = *(dp - 1 - t0len); \
929 memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \
930 *(dp - 1) = t0tmp; \
931 } while (0)
932 #define T0_SWAP() do { \
933 uint32_t t0tmp = *(dp - 2); \
934 *(dp - 2) = *(dp - 1); \
935 *(dp - 1) = t0tmp; \
936 } while (0)
937 #define T0_ROT() do { \
938 uint32_t t0tmp = *(dp - 3); \
939 *(dp - 3) = *(dp - 2); \
940 *(dp - 2) = *(dp - 1); \
941 *(dp - 1) = t0tmp; \
942 } while (0)
943 #define T0_NROT() do { \
944 uint32_t t0tmp = *(dp - 1); \
945 *(dp - 1) = *(dp - 2); \
946 *(dp - 2) = *(dp - 3); \
947 *(dp - 3) = t0tmp; \
948 } while (0)
949 #define T0_PICK(x) do { \
950 uint32_t t0depth = (x); \
951 T0_PUSH(T0_PEEK(t0depth)); \
952 } while (0)
953 #define T0_CO() do { \
954 goto t0_exit; \
955 } while (0)
956 #define T0_RET() goto t0_next
957
958 dp = ((t0_context *)t0ctx)->dp;
959 rp = ((t0_context *)t0ctx)->rp;
960 ip = ((t0_context *)t0ctx)->ip;
961 goto t0_next;
962 for (;;) {
963 uint32_t t0x;
964
965 t0_next:
966 t0x = T0_NEXT(&ip);
967 if (t0x < T0_INTERPRETED) {
968 switch (t0x) {
969 int32_t t0off;
970
971 case 0: /* ret */
972 t0x = T0_RPOP();
973 rp -= (t0x >> 16);
974 t0x &= 0xFFFF;
975 if (t0x == 0) {
976 ip = NULL;
977 goto t0_exit;
978 }
979 ip = &t0_codeblock[t0x];
980 break;
981 case 1: /* literal constant */
982 T0_PUSHi(t0_parse7E_signed(&ip));
983 break;
984 case 2: /* read local */
985 T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip)));
986 break;
987 case 3: /* write local */
988 T0_LOCAL(t0_parse7E_unsigned(&ip)) = T0_POP();
989 break;
990 case 4: /* jump */
991 t0off = t0_parse7E_signed(&ip);
992 ip += t0off;
993 break;
994 case 5: /* jump if */
995 t0off = t0_parse7E_signed(&ip);
996 if (T0_POP()) {
997 ip += t0off;
998 }
999 break;
1000 case 6: /* jump if not */
1001 t0off = t0_parse7E_signed(&ip);
1002 if (!T0_POP()) {
1003 ip += t0off;
1004 }
1005 break;
1006 case 7: {
1007 /* * */
1008
1009 uint32_t b = T0_POP();
1010 uint32_t a = T0_POP();
1011 T0_PUSH(a * b);
1012
1013 }
1014 break;
1015 case 8: {
1016 /* + */
1017
1018 uint32_t b = T0_POP();
1019 uint32_t a = T0_POP();
1020 T0_PUSH(a + b);
1021
1022 }
1023 break;
1024 case 9: {
1025 /* - */
1026
1027 uint32_t b = T0_POP();
1028 uint32_t a = T0_POP();
1029 T0_PUSH(a - b);
1030
1031 }
1032 break;
1033 case 10: {
1034 /* < */
1035
1036 int32_t b = T0_POPi();
1037 int32_t a = T0_POPi();
1038 T0_PUSH(-(uint32_t)(a < b));
1039
1040 }
1041 break;
1042 case 11: {
1043 /* << */
1044
1045 int c = (int)T0_POPi();
1046 uint32_t x = T0_POP();
1047 T0_PUSH(x << c);
1048
1049 }
1050 break;
1051 case 12: {
1052 /* <= */
1053
1054 int32_t b = T0_POPi();
1055 int32_t a = T0_POPi();
1056 T0_PUSH(-(uint32_t)(a <= b));
1057
1058 }
1059 break;
1060 case 13: {
1061 /* <> */
1062
1063 uint32_t b = T0_POP();
1064 uint32_t a = T0_POP();
1065 T0_PUSH(-(uint32_t)(a != b));
1066
1067 }
1068 break;
1069 case 14: {
1070 /* = */
1071
1072 uint32_t b = T0_POP();
1073 uint32_t a = T0_POP();
1074 T0_PUSH(-(uint32_t)(a == b));
1075
1076 }
1077 break;
1078 case 15: {
1079 /* > */
1080
1081 int32_t b = T0_POPi();
1082 int32_t a = T0_POPi();
1083 T0_PUSH(-(uint32_t)(a > b));
1084
1085 }
1086 break;
1087 case 16: {
1088 /* >= */
1089
1090 int32_t b = T0_POPi();
1091 int32_t a = T0_POPi();
1092 T0_PUSH(-(uint32_t)(a >= b));
1093
1094 }
1095 break;
1096 case 17: {
1097 /* >> */
1098
1099 int c = (int)T0_POPi();
1100 int32_t x = T0_POPi();
1101 T0_PUSHi(x >> c);
1102
1103 }
1104 break;
1105 case 18: {
1106 /* anchor-dn-append-name */
1107
1108 size_t len;
1109
1110 len = T0_POP();
1111 if (CTX->client_auth_vtable != NULL) {
1112 (*CTX->client_auth_vtable)->append_name(
1113 CTX->client_auth_vtable, ENG->pad, len);
1114 }
1115
1116 }
1117 break;
1118 case 19: {
1119 /* anchor-dn-end-name */
1120
1121 if (CTX->client_auth_vtable != NULL) {
1122 (*CTX->client_auth_vtable)->end_name(
1123 CTX->client_auth_vtable);
1124 }
1125
1126 }
1127 break;
1128 case 20: {
1129 /* anchor-dn-end-name-list */
1130
1131 if (CTX->client_auth_vtable != NULL) {
1132 (*CTX->client_auth_vtable)->end_name_list(
1133 CTX->client_auth_vtable);
1134 }
1135
1136 }
1137 break;
1138 case 21: {
1139 /* anchor-dn-start-name */
1140
1141 size_t len;
1142
1143 len = T0_POP();
1144 if (CTX->client_auth_vtable != NULL) {
1145 (*CTX->client_auth_vtable)->start_name(
1146 CTX->client_auth_vtable, len);
1147 }
1148
1149 }
1150 break;
1151 case 22: {
1152 /* anchor-dn-start-name-list */
1153
1154 if (CTX->client_auth_vtable != NULL) {
1155 (*CTX->client_auth_vtable)->start_name_list(
1156 CTX->client_auth_vtable);
1157 }
1158
1159 }
1160 break;
1161 case 23: {
1162 /* and */
1163
1164 uint32_t b = T0_POP();
1165 uint32_t a = T0_POP();
1166 T0_PUSH(a & b);
1167
1168 }
1169 break;
1170 case 24: {
1171 /* begin-cert */
1172
1173 if (ENG->chain_len == 0) {
1174 T0_PUSHi(-1);
1175 } else {
1176 ENG->cert_cur = ENG->chain->data;
1177 ENG->cert_len = ENG->chain->data_len;
1178 ENG->chain ++;
1179 ENG->chain_len --;
1180 T0_PUSH(ENG->cert_len);
1181 }
1182
1183 }
1184 break;
1185 case 25: {
1186 /* bzero */
1187
1188 size_t len = (size_t)T0_POP();
1189 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
1190 memset(addr, 0, len);
1191
1192 }
1193 break;
1194 case 26: {
1195 /* can-output? */
1196
1197 T0_PUSHi(-(ENG->hlen_out > 0));
1198
1199 }
1200 break;
1201 case 27: {
1202 /* co */
1203 T0_CO();
1204 }
1205 break;
1206 case 28: {
1207 /* compute-Finished-inner */
1208
1209 int prf_id = T0_POP();
1210 int from_client = T0_POPi();
1211 unsigned char seed[48];
1212 size_t seed_len;
1213
1214 br_tls_prf_impl prf = br_ssl_engine_get_PRF(ENG, prf_id);
1215 if (ENG->session.version >= BR_TLS12) {
1216 seed_len = br_multihash_out(&ENG->mhash, prf_id, seed);
1217 } else {
1218 br_multihash_out(&ENG->mhash, br_md5_ID, seed);
1219 br_multihash_out(&ENG->mhash, br_sha1_ID, seed + 16);
1220 seed_len = 36;
1221 }
1222 prf(ENG->pad, 12, ENG->session.master_secret,
1223 sizeof ENG->session.master_secret,
1224 from_client ? "client finished" : "server finished",
1225 seed, seed_len);
1226
1227 }
1228 break;
1229 case 29: {
1230 /* copy-cert-chunk */
1231
1232 size_t clen;
1233
1234 clen = ENG->cert_len;
1235 if (clen > sizeof ENG->pad) {
1236 clen = sizeof ENG->pad;
1237 }
1238 memcpy(ENG->pad, ENG->cert_cur, clen);
1239 ENG->cert_cur += clen;
1240 ENG->cert_len -= clen;
1241 T0_PUSH(clen);
1242
1243 }
1244 break;
1245 case 30: {
1246 /* copy-protocol-name */
1247
1248 size_t idx = T0_POP();
1249 size_t len = strlen(ENG->protocol_names[idx]);
1250 memcpy(ENG->pad, ENG->protocol_names[idx], len);
1251 T0_PUSH(len);
1252
1253 }
1254 break;
1255 case 31: {
1256 /* data-get8 */
1257
1258 size_t addr = T0_POP();
1259 T0_PUSH(t0_datablock[addr]);
1260
1261 }
1262 break;
1263 case 32: {
1264 /* discard-input */
1265
1266 ENG->hlen_in = 0;
1267
1268 }
1269 break;
1270 case 33: {
1271 /* do-client-sign */
1272
1273 size_t sig_len;
1274
1275 sig_len = make_client_sign(CTX);
1276 if (sig_len == 0) {
1277 br_ssl_engine_fail(ENG, BR_ERR_INVALID_ALGORITHM);
1278 T0_CO();
1279 }
1280 T0_PUSH(sig_len);
1281
1282 }
1283 break;
1284 case 34: {
1285 /* do-ecdh */
1286
1287 unsigned prf_id = T0_POP();
1288 unsigned ecdhe = T0_POP();
1289 int x;
1290
1291 x = make_pms_ecdh(CTX, ecdhe, prf_id);
1292 if (x < 0) {
1293 br_ssl_engine_fail(ENG, -x);
1294 T0_CO();
1295 } else {
1296 T0_PUSH(x);
1297 }
1298
1299 }
1300 break;
1301 case 35: {
1302 /* do-rsa-encrypt */
1303
1304 int x;
1305
1306 x = make_pms_rsa(CTX, T0_POP());
1307 if (x < 0) {
1308 br_ssl_engine_fail(ENG, -x);
1309 T0_CO();
1310 } else {
1311 T0_PUSH(x);
1312 }
1313
1314 }
1315 break;
1316 case 36: {
1317 /* do-static-ecdh */
1318
1319 unsigned prf_id = T0_POP();
1320
1321 if (make_pms_static_ecdh(CTX, prf_id) < 0) {
1322 br_ssl_engine_fail(ENG, BR_ERR_INVALID_ALGORITHM);
1323 T0_CO();
1324 }
1325
1326 }
1327 break;
1328 case 37: {
1329 /* drop */
1330 (void)T0_POP();
1331 }
1332 break;
1333 case 38: {
1334 /* dup */
1335 T0_PUSH(T0_PEEK(0));
1336 }
1337 break;
1338 case 39: {
1339 /* ext-ALPN-length */
1340
1341 size_t u, len;
1342
1343 if (ENG->protocol_names_num == 0) {
1344 T0_PUSH(0);
1345 T0_RET();
1346 }
1347 len = 6;
1348 for (u = 0; u < ENG->protocol_names_num; u ++) {
1349 len += 1 + strlen(ENG->protocol_names[u]);
1350 }
1351 T0_PUSH(len);
1352
1353 }
1354 break;
1355 case 40: {
1356 /* fail */
1357
1358 br_ssl_engine_fail(ENG, (int)T0_POPi());
1359 T0_CO();
1360
1361 }
1362 break;
1363 case 41: {
1364 /* flush-record */
1365
1366 br_ssl_engine_flush_record(ENG);
1367
1368 }
1369 break;
1370 case 42: {
1371 /* get-client-chain */
1372
1373 uint32_t auth_types;
1374
1375 auth_types = T0_POP();
1376 if (CTX->client_auth_vtable != NULL) {
1377 br_ssl_client_certificate ux;
1378
1379 (*CTX->client_auth_vtable)->choose(CTX->client_auth_vtable,
1380 CTX, auth_types, &ux);
1381 CTX->auth_type = (unsigned char)ux.auth_type;
1382 CTX->hash_id = (unsigned char)ux.hash_id;
1383 ENG->chain = ux.chain;
1384 ENG->chain_len = ux.chain_len;
1385 } else {
1386 CTX->hash_id = 0;
1387 ENG->chain_len = 0;
1388 }
1389
1390 }
1391 break;
1392 case 43: {
1393 /* get-key-type-usages */
1394
1395 const br_x509_class *xc;
1396 const br_x509_pkey *pk;
1397 unsigned usages;
1398
1399 xc = *(ENG->x509ctx);
1400 pk = xc->get_pkey(ENG->x509ctx, &usages);
1401 if (pk == NULL) {
1402 T0_PUSH(0);
1403 } else {
1404 T0_PUSH(pk->key_type | usages);
1405 }
1406
1407 }
1408 break;
1409 case 44: {
1410 /* get16 */
1411
1412 size_t addr = (size_t)T0_POP();
1413 T0_PUSH(*(uint16_t *)((unsigned char *)ENG + addr));
1414
1415 }
1416 break;
1417 case 45: {
1418 /* get32 */
1419
1420 size_t addr = (size_t)T0_POP();
1421 T0_PUSH(*(uint32_t *)((unsigned char *)ENG + addr));
1422
1423 }
1424 break;
1425 case 46: {
1426 /* get8 */
1427
1428 size_t addr = (size_t)T0_POP();
1429 T0_PUSH(*((unsigned char *)ENG + addr));
1430
1431 }
1432 break;
1433 case 47: {
1434 /* has-input? */
1435
1436 T0_PUSHi(-(ENG->hlen_in != 0));
1437
1438 }
1439 break;
1440 case 48: {
1441 /* memcmp */
1442
1443 size_t len = (size_t)T0_POP();
1444 void *addr2 = (unsigned char *)ENG + (size_t)T0_POP();
1445 void *addr1 = (unsigned char *)ENG + (size_t)T0_POP();
1446 int x = memcmp(addr1, addr2, len);
1447 T0_PUSH((uint32_t)-(x == 0));
1448
1449 }
1450 break;
1451 case 49: {
1452 /* memcpy */
1453
1454 size_t len = (size_t)T0_POP();
1455 void *src = (unsigned char *)ENG + (size_t)T0_POP();
1456 void *dst = (unsigned char *)ENG + (size_t)T0_POP();
1457 memcpy(dst, src, len);
1458
1459 }
1460 break;
1461 case 50: {
1462 /* mkrand */
1463
1464 size_t len = (size_t)T0_POP();
1465 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
1466 br_hmac_drbg_generate(&ENG->rng, addr, len);
1467
1468 }
1469 break;
1470 case 51: {
1471 /* more-incoming-bytes? */
1472
1473 T0_PUSHi(ENG->hlen_in != 0 || !br_ssl_engine_recvrec_finished(ENG));
1474
1475 }
1476 break;
1477 case 52: {
1478 /* multihash-init */
1479
1480 br_multihash_init(&ENG->mhash);
1481
1482 }
1483 break;
1484 case 53: {
1485 /* neg */
1486
1487 uint32_t a = T0_POP();
1488 T0_PUSH(-a);
1489
1490 }
1491 break;
1492 case 54: {
1493 /* not */
1494
1495 uint32_t a = T0_POP();
1496 T0_PUSH(~a);
1497
1498 }
1499 break;
1500 case 55: {
1501 /* or */
1502
1503 uint32_t b = T0_POP();
1504 uint32_t a = T0_POP();
1505 T0_PUSH(a | b);
1506
1507 }
1508 break;
1509 case 56: {
1510 /* over */
1511 T0_PUSH(T0_PEEK(1));
1512 }
1513 break;
1514 case 57: {
1515 /* read-chunk-native */
1516
1517 size_t clen = ENG->hlen_in;
1518 if (clen > 0) {
1519 uint32_t addr, len;
1520
1521 len = T0_POP();
1522 addr = T0_POP();
1523 if ((size_t)len < clen) {
1524 clen = (size_t)len;
1525 }
1526 memcpy((unsigned char *)ENG + addr, ENG->hbuf_in, clen);
1527 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1528 br_multihash_update(&ENG->mhash, ENG->hbuf_in, clen);
1529 }
1530 T0_PUSH(addr + (uint32_t)clen);
1531 T0_PUSH(len - (uint32_t)clen);
1532 ENG->hbuf_in += clen;
1533 ENG->hlen_in -= clen;
1534 }
1535
1536 }
1537 break;
1538 case 58: {
1539 /* read8-native */
1540
1541 if (ENG->hlen_in > 0) {
1542 unsigned char x;
1543
1544 x = *ENG->hbuf_in ++;
1545 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1546 br_multihash_update(&ENG->mhash, &x, 1);
1547 }
1548 T0_PUSH(x);
1549 ENG->hlen_in --;
1550 } else {
1551 T0_PUSHi(-1);
1552 }
1553
1554 }
1555 break;
1556 case 59: {
1557 /* set-server-curve */
1558
1559 const br_x509_class *xc;
1560 const br_x509_pkey *pk;
1561
1562 xc = *(ENG->x509ctx);
1563 pk = xc->get_pkey(ENG->x509ctx, NULL);
1564 CTX->server_curve =
1565 (pk->key_type == BR_KEYTYPE_EC) ? pk->key.ec.curve : 0;
1566
1567 }
1568 break;
1569 case 60: {
1570 /* set16 */
1571
1572 size_t addr = (size_t)T0_POP();
1573 *(uint16_t *)((unsigned char *)ENG + addr) = (uint16_t)T0_POP();
1574
1575 }
1576 break;
1577 case 61: {
1578 /* set8 */
1579
1580 size_t addr = (size_t)T0_POP();
1581 *((unsigned char *)ENG + addr) = (unsigned char)T0_POP();
1582
1583 }
1584 break;
1585 case 62: {
1586 /* strlen */
1587
1588 void *str = (unsigned char *)ENG + (size_t)T0_POP();
1589 T0_PUSH((uint32_t)strlen(str));
1590
1591 }
1592 break;
1593 case 63: {
1594 /* supported-curves */
1595
1596 uint32_t x = ENG->iec == NULL ? 0 : ENG->iec->supported_curves;
1597 T0_PUSH(x);
1598
1599 }
1600 break;
1601 case 64: {
1602 /* supported-hash-functions */
1603
1604 int i;
1605 unsigned x, num;
1606
1607 x = 0;
1608 num = 0;
1609 for (i = br_sha1_ID; i <= br_sha512_ID; i ++) {
1610 if (br_multihash_getimpl(&ENG->mhash, i)) {
1611 x |= 1U << i;
1612 num ++;
1613 }
1614 }
1615 T0_PUSH(x);
1616 T0_PUSH(num);
1617
1618 }
1619 break;
1620 case 65: {
1621 /* supports-ecdsa? */
1622
1623 T0_PUSHi(-(ENG->iecdsa != 0));
1624
1625 }
1626 break;
1627 case 66: {
1628 /* supports-rsa-sign? */
1629
1630 T0_PUSHi(-(ENG->irsavrfy != 0));
1631
1632 }
1633 break;
1634 case 67: {
1635 /* swap */
1636 T0_SWAP();
1637 }
1638 break;
1639 case 68: {
1640 /* switch-aesgcm-in */
1641
1642 int is_client, prf_id;
1643 unsigned cipher_key_len;
1644
1645 cipher_key_len = T0_POP();
1646 prf_id = T0_POP();
1647 is_client = T0_POP();
1648 br_ssl_engine_switch_gcm_in(ENG, is_client, prf_id,
1649 ENG->iaes_ctr, cipher_key_len);
1650
1651 }
1652 break;
1653 case 69: {
1654 /* switch-aesgcm-out */
1655
1656 int is_client, prf_id;
1657 unsigned cipher_key_len;
1658
1659 cipher_key_len = T0_POP();
1660 prf_id = T0_POP();
1661 is_client = T0_POP();
1662 br_ssl_engine_switch_gcm_out(ENG, is_client, prf_id,
1663 ENG->iaes_ctr, cipher_key_len);
1664
1665 }
1666 break;
1667 case 70: {
1668 /* switch-cbc-in */
1669
1670 int is_client, prf_id, mac_id, aes;
1671 unsigned cipher_key_len;
1672
1673 cipher_key_len = T0_POP();
1674 aes = T0_POP();
1675 mac_id = T0_POP();
1676 prf_id = T0_POP();
1677 is_client = T0_POP();
1678 br_ssl_engine_switch_cbc_in(ENG, is_client, prf_id, mac_id,
1679 aes ? ENG->iaes_cbcdec : ENG->ides_cbcdec, cipher_key_len);
1680
1681 }
1682 break;
1683 case 71: {
1684 /* switch-cbc-out */
1685
1686 int is_client, prf_id, mac_id, aes;
1687 unsigned cipher_key_len;
1688
1689 cipher_key_len = T0_POP();
1690 aes = T0_POP();
1691 mac_id = T0_POP();
1692 prf_id = T0_POP();
1693 is_client = T0_POP();
1694 br_ssl_engine_switch_cbc_out(ENG, is_client, prf_id, mac_id,
1695 aes ? ENG->iaes_cbcenc : ENG->ides_cbcenc, cipher_key_len);
1696
1697 }
1698 break;
1699 case 72: {
1700 /* switch-chapol-in */
1701
1702 int is_client, prf_id;
1703
1704 prf_id = T0_POP();
1705 is_client = T0_POP();
1706 br_ssl_engine_switch_chapol_in(ENG, is_client, prf_id);
1707
1708 }
1709 break;
1710 case 73: {
1711 /* switch-chapol-out */
1712
1713 int is_client, prf_id;
1714
1715 prf_id = T0_POP();
1716 is_client = T0_POP();
1717 br_ssl_engine_switch_chapol_out(ENG, is_client, prf_id);
1718
1719 }
1720 break;
1721 case 74: {
1722 /* test-protocol-name */
1723
1724 size_t len = T0_POP();
1725 size_t u;
1726
1727 for (u = 0; u < ENG->protocol_names_num; u ++) {
1728 const char *name;
1729
1730 name = ENG->protocol_names[u];
1731 if (len == strlen(name) && memcmp(ENG->pad, name, len) == 0) {
1732 T0_PUSH(u);
1733 T0_RET();
1734 }
1735 }
1736 T0_PUSHi(-1);
1737
1738 }
1739 break;
1740 case 75: {
1741 /* total-chain-length */
1742
1743 size_t u;
1744 uint32_t total;
1745
1746 total = 0;
1747 for (u = 0; u < ENG->chain_len; u ++) {
1748 total += 3 + (uint32_t)ENG->chain[u].data_len;
1749 }
1750 T0_PUSH(total);
1751
1752 }
1753 break;
1754 case 76: {
1755 /* u>> */
1756
1757 int c = (int)T0_POPi();
1758 uint32_t x = T0_POP();
1759 T0_PUSH(x >> c);
1760
1761 }
1762 break;
1763 case 77: {
1764 /* verify-SKE-sig */
1765
1766 size_t sig_len = T0_POP();
1767 int use_rsa = T0_POPi();
1768 int hash = T0_POPi();
1769
1770 T0_PUSH(verify_SKE_sig(CTX, hash, use_rsa, sig_len));
1771
1772 }
1773 break;
1774 case 78: {
1775 /* write-blob-chunk */
1776
1777 size_t clen = ENG->hlen_out;
1778 if (clen > 0) {
1779 uint32_t addr, len;
1780
1781 len = T0_POP();
1782 addr = T0_POP();
1783 if ((size_t)len < clen) {
1784 clen = (size_t)len;
1785 }
1786 memcpy(ENG->hbuf_out, (unsigned char *)ENG + addr, clen);
1787 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1788 br_multihash_update(&ENG->mhash, ENG->hbuf_out, clen);
1789 }
1790 T0_PUSH(addr + (uint32_t)clen);
1791 T0_PUSH(len - (uint32_t)clen);
1792 ENG->hbuf_out += clen;
1793 ENG->hlen_out -= clen;
1794 }
1795
1796 }
1797 break;
1798 case 79: {
1799 /* write8-native */
1800
1801 unsigned char x;
1802
1803 x = (unsigned char)T0_POP();
1804 if (ENG->hlen_out > 0) {
1805 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1806 br_multihash_update(&ENG->mhash, &x, 1);
1807 }
1808 *ENG->hbuf_out ++ = x;
1809 ENG->hlen_out --;
1810 T0_PUSHi(-1);
1811 } else {
1812 T0_PUSHi(0);
1813 }
1814
1815 }
1816 break;
1817 case 80: {
1818 /* x509-append */
1819
1820 const br_x509_class *xc;
1821 size_t len;
1822
1823 xc = *(ENG->x509ctx);
1824 len = T0_POP();
1825 xc->append(ENG->x509ctx, ENG->pad, len);
1826
1827 }
1828 break;
1829 case 81: {
1830 /* x509-end-cert */
1831
1832 const br_x509_class *xc;
1833
1834 xc = *(ENG->x509ctx);
1835 xc->end_cert(ENG->x509ctx);
1836
1837 }
1838 break;
1839 case 82: {
1840 /* x509-end-chain */
1841
1842 const br_x509_class *xc;
1843
1844 xc = *(ENG->x509ctx);
1845 T0_PUSH(xc->end_chain(ENG->x509ctx));
1846
1847 }
1848 break;
1849 case 83: {
1850 /* x509-start-cert */
1851
1852 const br_x509_class *xc;
1853
1854 xc = *(ENG->x509ctx);
1855 xc->start_cert(ENG->x509ctx, T0_POP());
1856
1857 }
1858 break;
1859 case 84: {
1860 /* x509-start-chain */
1861
1862 const br_x509_class *xc;
1863 uint32_t bc;
1864
1865 bc = T0_POP();
1866 xc = *(ENG->x509ctx);
1867 xc->start_chain(ENG->x509ctx, bc ? ENG->server_name : NULL);
1868
1869 }
1870 break;
1871 }
1872
1873 } else {
1874 T0_ENTER(ip, rp, t0x);
1875 }
1876 }
1877 t0_exit:
1878 ((t0_context *)t0ctx)->dp = dp;
1879 ((t0_context *)t0ctx)->rp = rp;
1880 ((t0_context *)t0ctx)->ip = ip;
1881 }
The BearSSL library and tools.