projects / BearSSL / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Fixed proper handling of clients with no "secure renegotiation" support.
[BearSSL] / src / ssl / ssl_hs_client.c
1 /* Automatically generated code; do not modify directly. */
2
3 #include <stddef.h>
4 #include <stdint.h>
5
6 typedef struct {
7 uint32_t *dp;
8 uint32_t *rp;
9 const unsigned char *ip;
10 } t0_context;
11
12 static uint32_t
13 t0_parse7E_unsigned(const unsigned char **p)
14 {
15 uint32_t x;
16
17 x = 0;
18 for (;;) {
19 unsigned y;
20
21 y = *(*p) ++;
22 x = (x << 7) | (uint32_t)(y & 0x7F);
23 if (y < 0x80) {
24 return x;
25 }
26 }
27 }
28
29 static int32_t
30 t0_parse7E_signed(const unsigned char **p)
31 {
32 int neg;
33 uint32_t x;
34
35 neg = ((**p) >> 6) & 1;
36 x = (uint32_t)-neg;
37 for (;;) {
38 unsigned y;
39
40 y = *(*p) ++;
41 x = (x << 7) | (uint32_t)(y & 0x7F);
42 if (y < 0x80) {
43 if (neg) {
44 return -(int32_t)~x - 1;
45 } else {
46 return (int32_t)x;
47 }
48 }
49 }
50 }
51
52 #define T0_VBYTE(x, n) (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) | 0x80)
53 #define T0_FBYTE(x, n) (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)
54 #define T0_SBYTE(x) (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)
55 #define T0_INT1(x) T0_FBYTE(x, 0)
56 #define T0_INT2(x) T0_VBYTE(x, 7), T0_FBYTE(x, 0)
57 #define T0_INT3(x) T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
58 #define T0_INT4(x) T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
59 #define T0_INT5(x) T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
60
61 /* static const unsigned char t0_datablock[]; */
62
63
64 void br_ssl_hs_client_init_main(void *t0ctx);
65
66 void br_ssl_hs_client_run(void *t0ctx);
67
68
69
70 #include <stddef.h>
71 #include <string.h>
72
73 #include "inner.h"
74
75 /*
76 * This macro evaluates to a pointer to the current engine context.
77 */
78 #define ENG ((br_ssl_engine_context *)((unsigned char *)t0ctx - offsetof(br_ssl_engine_context, cpu)))
79
80
81
82
83
84 /*
85 * This macro evaluates to a pointer to the client context, under that
86 * specific name. It must be noted that since the engine context is the
87 * first field of the br_ssl_client_context structure ('eng'), then
88 * pointers values of both types are interchangeable, modulo an
89 * appropriate cast. This also means that "adresses" computed as offsets
90 * within the structure work for both kinds of context.
91 */
92 #define CTX ((br_ssl_client_context *)ENG)
93
94 /*
95 * Generate the pre-master secret for RSA key exchange, and encrypt it
96 * with the server's public key. Returned value is either the encrypted
97 * data length (in bytes), or -x on error, with 'x' being an error code.
98 *
99 * This code assumes that the public key has been already verified (it
100 * was properly obtained by the X.509 engine, and it has the right type,
101 * i.e. it is of type RSA and suitable for encryption).
102 */
103 static int
104 make_pms_rsa(br_ssl_client_context *ctx, int prf_id)
105 {
106 const br_x509_class **xc;
107 const br_x509_pkey *pk;
108 const unsigned char *n;
109 unsigned char *pms;
110 size_t nlen, u;
111
112 xc = ctx->eng.x509ctx;
113 pk = (*xc)->get_pkey(xc, NULL);
114
115 /*
116 * Compute actual RSA key length, in case there are leading zeros.
117 */
118 n = pk->key.rsa.n;
119 nlen = pk->key.rsa.nlen;
120 while (nlen > 0 && *n == 0) {
121 n ++;
122 nlen --;
123 }
124
125 /*
126 * We need at least 59 bytes (48 bytes for pre-master secret, and
127 * 11 bytes for the PKCS#1 type 2 padding). Note that the X.509
128 * minimal engine normally blocks RSA keys shorter than 128 bytes,
129 * so this is mostly for public keys provided explicitly by the
130 * caller.
131 */
132 if (nlen < 59) {
133 return -BR_ERR_X509_WEAK_PUBLIC_KEY;
134 }
135 if (nlen > sizeof ctx->eng.pad) {
136 return -BR_ERR_LIMIT_EXCEEDED;
137 }
138
139 /*
140 * Make PMS.
141 */
142 pms = ctx->eng.pad + nlen - 48;
143 br_enc16be(pms, ctx->eng.version_max);
144 br_hmac_drbg_generate(&ctx->eng.rng, pms + 2, 46);
145 br_ssl_engine_compute_master(&ctx->eng, prf_id, pms, 48);
146
147 /*
148 * Apply PKCS#1 type 2 padding.
149 */
150 ctx->eng.pad[0] = 0x00;
151 ctx->eng.pad[1] = 0x02;
152 ctx->eng.pad[nlen - 49] = 0x00;
153 br_hmac_drbg_generate(&ctx->eng.rng, ctx->eng.pad + 2, nlen - 51);
154 for (u = 2; u < nlen - 49; u ++) {
155 while (ctx->eng.pad[u] == 0) {
156 br_hmac_drbg_generate(&ctx->eng.rng,
157 &ctx->eng.pad[u], 1);
158 }
159 }
160
161 /*
162 * Compute RSA encryption.
163 */
164 if (!ctx->irsapub(ctx->eng.pad, nlen, &pk->key.rsa)) {
165 return -BR_ERR_LIMIT_EXCEEDED;
166 }
167 return (int)nlen;
168 }
169
170 /*
171 * OID for hash functions in RSA signatures.
172 */
173 static const unsigned char HASH_OID_SHA1[] = {
174 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A
175 };
176
177 static const unsigned char HASH_OID_SHA224[] = {
178 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04
179 };
180
181 static const unsigned char HASH_OID_SHA256[] = {
182 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01
183 };
184
185 static const unsigned char HASH_OID_SHA384[] = {
186 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02
187 };
188
189 static const unsigned char HASH_OID_SHA512[] = {
190 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03
191 };
192
193 static const unsigned char *HASH_OID[] = {
194 HASH_OID_SHA1,
195 HASH_OID_SHA224,
196 HASH_OID_SHA256,
197 HASH_OID_SHA384,
198 HASH_OID_SHA512
199 };
200
201 /*
202 * Check the RSA signature on the ServerKeyExchange message.
203 *
204 * hash hash function ID (2 to 6), or 0 for MD5+SHA-1 (with RSA only)
205 * use_rsa non-zero for RSA signature, zero for ECDSA
206 * sig_len signature length (in bytes); signature value is in the pad
207 *
208 * Returned value is 0 on success, or an error code.
209 */
210 static int
211 verify_SKE_sig(br_ssl_client_context *ctx,
212 int hash, int use_rsa, size_t sig_len)
213 {
214 const br_x509_class **xc;
215 const br_x509_pkey *pk;
216 br_multihash_context mhc;
217 unsigned char hv[64], head[4];
218 size_t hv_len;
219
220 xc = ctx->eng.x509ctx;
221 pk = (*xc)->get_pkey(xc, NULL);
222 br_multihash_zero(&mhc);
223 br_multihash_copyimpl(&mhc, &ctx->eng.mhash);
224 br_multihash_init(&mhc);
225 br_multihash_update(&mhc,
226 ctx->eng.client_random, sizeof ctx->eng.client_random);
227 br_multihash_update(&mhc,
228 ctx->eng.server_random, sizeof ctx->eng.server_random);
229 head[0] = 3;
230 head[1] = 0;
231 head[2] = ctx->eng.ecdhe_curve;
232 head[3] = ctx->eng.ecdhe_point_len;
233 br_multihash_update(&mhc, head, sizeof head);
234 br_multihash_update(&mhc,
235 ctx->eng.ecdhe_point, ctx->eng.ecdhe_point_len);
236 if (hash) {
237 hv_len = br_multihash_out(&mhc, hash, hv);
238 if (hv_len == 0) {
239 return BR_ERR_INVALID_ALGORITHM;
240 }
241 } else {
242 if (!br_multihash_out(&mhc, br_md5_ID, hv)
243 || !br_multihash_out(&mhc, br_sha1_ID, hv + 16))
244 {
245 return BR_ERR_INVALID_ALGORITHM;
246 }
247 hv_len = 36;
248 }
249 if (use_rsa) {
250 unsigned char tmp[64];
251 const unsigned char *hash_oid;
252
253 if (hash) {
254 hash_oid = HASH_OID[hash - 2];
255 } else {
256 hash_oid = NULL;
257 }
258 if (!ctx->eng.irsavrfy(ctx->eng.pad, sig_len,
259 hash_oid, hv_len, &pk->key.rsa, tmp)
260 || memcmp(tmp, hv, hv_len) != 0)
261 {
262 return BR_ERR_BAD_SIGNATURE;
263 }
264 } else {
265 if (!ctx->eng.iecdsa(ctx->eng.iec, hv, hv_len, &pk->key.ec,
266 ctx->eng.pad, sig_len))
267 {
268 return BR_ERR_BAD_SIGNATURE;
269 }
270 }
271 return 0;
272 }
273
274 /*
275 * Perform client-side ECDH (or ECDHE). The point that should be sent to
276 * the server is written in the pad; returned value is either the point
277 * length (in bytes), or -x on error, with 'x' being an error code.
278 *
279 * The point _from_ the server is taken from ecdhe_point[] if 'ecdhe'
280 * is non-zero, or from the X.509 engine context if 'ecdhe' is zero
281 * (for static ECDH).
282 */
283 static int
284 make_pms_ecdh(br_ssl_client_context *ctx, unsigned ecdhe, int prf_id)
285 {
286 int curve;
287 unsigned char key[66], point[133];
288 const unsigned char *order, *point_src;
289 size_t glen, olen, point_len, xoff, xlen;
290 unsigned char mask;
291
292 if (ecdhe) {
293 curve = ctx->eng.ecdhe_curve;
294 point_src = ctx->eng.ecdhe_point;
295 point_len = ctx->eng.ecdhe_point_len;
296 } else {
297 const br_x509_class **xc;
298 const br_x509_pkey *pk;
299
300 xc = ctx->eng.x509ctx;
301 pk = (*xc)->get_pkey(xc, NULL);
302 curve = pk->key.ec.curve;
303 point_src = pk->key.ec.q;
304 point_len = pk->key.ec.qlen;
305 }
306 if ((ctx->eng.iec->supported_curves & ((uint32_t)1 << curve)) == 0) {
307 return -BR_ERR_INVALID_ALGORITHM;
308 }
309
310 /*
311 * We need to generate our key, as a non-zero random value which
312 * is lower than the curve order, in a "large enough" range. We
313 * force top bit to 0 and bottom bit to 1, which guarantees that
314 * the value is in the proper range.
315 */
316 order = ctx->eng.iec->order(curve, &olen);
317 mask = 0xFF;
318 while (mask >= order[0]) {
319 mask >>= 1;
320 }
321 br_hmac_drbg_generate(&ctx->eng.rng, key, olen);
322 key[0] &= mask;
323 key[olen - 1] |= 0x01;
324
325 /*
326 * Compute the common ECDH point, whose X coordinate is the
327 * pre-master secret.
328 */
329 ctx->eng.iec->generator(curve, &glen);
330 if (glen != point_len) {
331 return -BR_ERR_INVALID_ALGORITHM;
332 }
333
334 memcpy(point, point_src, glen);
335 if (!ctx->eng.iec->mul(point, glen, key, olen, curve)) {
336 return -BR_ERR_INVALID_ALGORITHM;
337 }
338
339 /*
340 * The pre-master secret is the X coordinate.
341 */
342 xoff = ctx->eng.iec->xoff(curve, &xlen);
343 br_ssl_engine_compute_master(&ctx->eng, prf_id, point + xoff, xlen);
344
345 ctx->eng.iec->mulgen(point, key, olen, curve);
346 memcpy(ctx->eng.pad, point, glen);
347 return (int)glen;
348 }
349
350 /*
351 * Perform full static ECDH. This occurs only in the context of client
352 * authentication with certificates: the server uses an EC public key,
353 * the cipher suite is of type ECDH (not ECDHE), the server requested a
354 * client certificate and accepts static ECDH, the client has a
355 * certificate with an EC public key in the same curve, and accepts
356 * static ECDH as well.
357 *
358 * Returned value is 0 on success, -1 on error.
359 */
360 static int
361 make_pms_static_ecdh(br_ssl_client_context *ctx, int prf_id)
362 {
363 unsigned char point[133];
364 size_t point_len;
365 const br_x509_class **xc;
366 const br_x509_pkey *pk;
367
368 xc = ctx->eng.x509ctx;
369 pk = (*xc)->get_pkey(xc, NULL);
370 point_len = pk->key.ec.qlen;
371 if (point_len > sizeof point) {
372 return -1;
373 }
374 memcpy(point, pk->key.ec.q, point_len);
375 if (!(*ctx->client_auth_vtable)->do_keyx(
376 ctx->client_auth_vtable, point, &point_len))
377 {
378 return -1;
379 }
380 br_ssl_engine_compute_master(&ctx->eng,
381 prf_id, point, point_len);
382 return 0;
383 }
384
385 /*
386 * Compute the client-side signature. This is invoked only when a
387 * signature-based client authentication was selected. The computed
388 * signature is in the pad; its length (in bytes) is returned. On
389 * error, 0 is returned.
390 */
391 static size_t
392 make_client_sign(br_ssl_client_context *ctx)
393 {
394 size_t hv_len;
395
396 /*
397 * Compute hash of handshake messages so far. This "cannot" fail
398 * because the list of supported hash functions provided to the
399 * client certificate handler was trimmed to include only the
400 * hash functions that the multi-hasher supports.
401 */
402 if (ctx->hash_id) {
403 hv_len = br_multihash_out(&ctx->eng.mhash,
404 ctx->hash_id, ctx->eng.pad);
405 } else {
406 br_multihash_out(&ctx->eng.mhash,
407 br_md5_ID, ctx->eng.pad);
408 br_multihash_out(&ctx->eng.mhash,
409 br_sha1_ID, ctx->eng.pad + 16);
410 hv_len = 36;
411 }
412 return (*ctx->client_auth_vtable)->do_sign(
413 ctx->client_auth_vtable, ctx->hash_id, hv_len,
414 ctx->eng.pad, sizeof ctx->eng.pad);
415 }
416
417
418
419 static const unsigned char t0_datablock[] = {
420 0x00, 0x00, 0x0A, 0x00, 0x24, 0x00, 0x2F, 0x01, 0x24, 0x00, 0x35, 0x02,
421 0x24, 0x00, 0x3C, 0x01, 0x44, 0x00, 0x3D, 0x02, 0x44, 0x00, 0x9C, 0x03,
422 0x04, 0x00, 0x9D, 0x04, 0x05, 0xC0, 0x03, 0x40, 0x24, 0xC0, 0x04, 0x41,
423 0x24, 0xC0, 0x05, 0x42, 0x24, 0xC0, 0x08, 0x20, 0x24, 0xC0, 0x09, 0x21,
424 0x24, 0xC0, 0x0A, 0x22, 0x24, 0xC0, 0x0D, 0x30, 0x24, 0xC0, 0x0E, 0x31,
425 0x24, 0xC0, 0x0F, 0x32, 0x24, 0xC0, 0x12, 0x10, 0x24, 0xC0, 0x13, 0x11,
426 0x24, 0xC0, 0x14, 0x12, 0x24, 0xC0, 0x23, 0x21, 0x44, 0xC0, 0x24, 0x22,
427 0x55, 0xC0, 0x25, 0x41, 0x44, 0xC0, 0x26, 0x42, 0x55, 0xC0, 0x27, 0x11,
428 0x44, 0xC0, 0x28, 0x12, 0x55, 0xC0, 0x29, 0x31, 0x44, 0xC0, 0x2A, 0x32,
429 0x55, 0xC0, 0x2B, 0x23, 0x04, 0xC0, 0x2C, 0x24, 0x05, 0xC0, 0x2D, 0x43,
430 0x04, 0xC0, 0x2E, 0x44, 0x05, 0xC0, 0x2F, 0x13, 0x04, 0xC0, 0x30, 0x14,
431 0x05, 0xC0, 0x31, 0x33, 0x04, 0xC0, 0x32, 0x34, 0x05, 0xCC, 0xA8, 0x15,
432 0x04, 0xCC, 0xA9, 0x25, 0x04, 0x00, 0x00
433 };
434
435 static const unsigned char t0_codeblock[] = {
436 0x00, 0x01, 0x00, 0x0A, 0x00, 0x00, 0x01, 0x00, 0x0D, 0x00, 0x00, 0x01,
437 0x00, 0x0E, 0x00, 0x00, 0x01, 0x00, 0x0F, 0x00, 0x00, 0x01, 0x01, 0x08,
438 0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x02, 0x08, 0x00, 0x00,
439 0x01, 0x02, 0x09, 0x00, 0x00, 0x25, 0x25, 0x00, 0x00, 0x01,
440 T0_INT1(BR_ERR_BAD_CCS), 0x00, 0x00, 0x01,
441 T0_INT1(BR_ERR_BAD_CIPHER_SUITE), 0x00, 0x00, 0x01,
442 T0_INT1(BR_ERR_BAD_COMPRESSION), 0x00, 0x00, 0x01,
443 T0_INT1(BR_ERR_BAD_FINISHED), 0x00, 0x00, 0x01,
444 T0_INT1(BR_ERR_BAD_FRAGLEN), 0x00, 0x00, 0x01,
445 T0_INT1(BR_ERR_BAD_HANDSHAKE), 0x00, 0x00, 0x01,
446 T0_INT1(BR_ERR_BAD_HELLO_DONE), 0x00, 0x00, 0x01,
447 T0_INT1(BR_ERR_BAD_PARAM), 0x00, 0x00, 0x01,
448 T0_INT1(BR_ERR_BAD_SECRENEG), 0x00, 0x00, 0x01,
449 T0_INT1(BR_ERR_BAD_SNI), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_BAD_VERSION),
450 0x00, 0x00, 0x01, T0_INT1(BR_ERR_EXTRA_EXTENSION), 0x00, 0x00, 0x01,
451 T0_INT1(BR_ERR_INVALID_ALGORITHM), 0x00, 0x00, 0x01,
452 T0_INT1(BR_ERR_LIMIT_EXCEEDED), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OK),
453 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OVERSIZED_ID), 0x00, 0x00, 0x01,
454 T0_INT1(BR_ERR_RESUME_MISMATCH), 0x00, 0x00, 0x01,
455 T0_INT1(BR_ERR_UNEXPECTED), 0x00, 0x00, 0x01,
456 T0_INT1(BR_ERR_UNSUPPORTED_VERSION), 0x00, 0x00, 0x01,
457 T0_INT1(BR_ERR_WRONG_KEY_USAGE), 0x00, 0x00, 0x01,
458 T0_INT2(offsetof(br_ssl_engine_context, action)), 0x00, 0x00, 0x01,
459 T0_INT2(offsetof(br_ssl_engine_context, alert)), 0x00, 0x00, 0x01,
460 T0_INT2(offsetof(br_ssl_engine_context, application_data)), 0x00, 0x00,
461 0x01, T0_INT2(offsetof(br_ssl_client_context, auth_type)), 0x00, 0x00,
462 0x01,
463 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, cipher_suite)),
464 0x00, 0x00, 0x01,
465 T0_INT2(offsetof(br_ssl_engine_context, client_random)), 0x00, 0x00,
466 0x01, T0_INT2(offsetof(br_ssl_engine_context, close_received)), 0x00,
467 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_curve)),
468 0x00, 0x00, 0x01,
469 T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point)), 0x00, 0x00,
470 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point_len)), 0x00,
471 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, flags)), 0x00,
472 0x00, 0x01, T0_INT2(offsetof(br_ssl_client_context, hash_id)), 0x00,
473 0x00, 0x01, T0_INT2(offsetof(br_ssl_client_context, hashes)), 0x00,
474 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, log_max_frag_len)),
475 0x00, 0x00, 0x01,
476 T0_INT2(offsetof(br_ssl_client_context, min_clienthello_len)), 0x00,
477 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, pad)), 0x00, 0x00,
478 0x01, T0_INT2(offsetof(br_ssl_engine_context, protocol_names_num)),
479 0x00, 0x00, 0x01,
480 T0_INT2(offsetof(br_ssl_engine_context, record_type_in)), 0x00, 0x00,
481 0x01, T0_INT2(offsetof(br_ssl_engine_context, record_type_out)), 0x00,
482 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, reneg)), 0x00,
483 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, saved_finished)),
484 0x00, 0x00, 0x01,
485 T0_INT2(offsetof(br_ssl_engine_context, selected_protocol)), 0x00,
486 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, server_name)),
487 0x00, 0x00, 0x01,
488 T0_INT2(offsetof(br_ssl_engine_context, server_random)), 0x00, 0x00,
489 0x01,
490 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id)),
491 0x00, 0x00, 0x01,
492 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id_len)),
493 0x00, 0x00, 0x01,
494 T0_INT2(offsetof(br_ssl_engine_context, shutdown_recv)), 0x00, 0x00,
495 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_buf)), 0x00, 0x00,
496 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_num)), 0x00, 0x00,
497 0x01,
498 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, version)),
499 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_in)),
500 0x00, 0x00, 0x01,
501 T0_INT2(offsetof(br_ssl_engine_context, version_max)), 0x00, 0x00,
502 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_min)), 0x00,
503 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_out)),
504 0x00, 0x00, 0x09, 0x26, 0x56, 0x06, 0x02, 0x66, 0x28, 0x00, 0x00, 0x06,
505 0x08, 0x2C, 0x0E, 0x05, 0x02, 0x6F, 0x28, 0x04, 0x01, 0x3C, 0x00, 0x00,
506 0x01, 0x01, 0x00, 0x01, 0x03, 0x00, 0x97, 0x26, 0x5C, 0x44, 0x9B, 0x26,
507 0x05, 0x04, 0x5E, 0x01, 0x00, 0x00, 0x02, 0x00, 0x0E, 0x06, 0x02, 0x9B,
508 0x00, 0x5C, 0x04, 0x6B, 0x00, 0x06, 0x02, 0x66, 0x28, 0x00, 0x00, 0x26,
509 0x87, 0x44, 0x05, 0x03, 0x01, 0x0C, 0x08, 0x44, 0x77, 0x2C, 0xA9, 0x1C,
510 0x82, 0x01, 0x0C, 0x31, 0x00, 0x00, 0x26, 0x1F, 0x01, 0x08, 0x0B, 0x44,
511 0x5A, 0x1F, 0x08, 0x00, 0x01, 0x03, 0x00, 0x75, 0x2E, 0x02, 0x00, 0x36,
512 0x17, 0x01, 0x01, 0x0B, 0x75, 0x3E, 0x29, 0x1A, 0x36, 0x06, 0x07, 0x02,
513 0x00, 0xCC, 0x03, 0x00, 0x04, 0x75, 0x01, 0x00, 0xC3, 0x02, 0x00, 0x26,
514 0x1A, 0x17, 0x06, 0x02, 0x6D, 0x28, 0xCC, 0x04, 0x76, 0x01, 0x01, 0x00,
515 0x75, 0x3E, 0x01, 0x16, 0x85, 0x3E, 0x01, 0x00, 0x88, 0x3C, 0x34, 0xD2,
516 0x29, 0xB2, 0x06, 0x09, 0x01, 0x7F, 0xAD, 0x01, 0x7F, 0xCF, 0x04, 0x80,
517 0x53, 0xAF, 0x77, 0x2C, 0x9F, 0x01, T0_INT1(BR_KEYTYPE_SIGN), 0x17,
518 0x06, 0x01, 0xB3, 0xB6, 0x26, 0x01, 0x0D, 0x0E, 0x06, 0x07, 0x25, 0xB5,
519 0xB6, 0x01, 0x7F, 0x04, 0x02, 0x01, 0x00, 0x03, 0x00, 0x01, 0x0E, 0x0E,
520 0x05, 0x02, 0x70, 0x28, 0x06, 0x02, 0x65, 0x28, 0x33, 0x06, 0x02, 0x70,
521 0x28, 0x02, 0x00, 0x06, 0x1C, 0xD0, 0x7E, 0x2E, 0x01, 0x81, 0x7F, 0x0E,
522 0x06, 0x0D, 0x25, 0x01, 0x10, 0xDB, 0x01, 0x00, 0xDA, 0x77, 0x2C, 0xA9,
523 0x24, 0x04, 0x04, 0xD3, 0x06, 0x01, 0xD1, 0x04, 0x01, 0xD3, 0x01, 0x7F,
524 0xCF, 0x01, 0x7F, 0xAD, 0x01, 0x01, 0x75, 0x3E, 0x01, 0x17, 0x85, 0x3E,
525 0x00, 0x00, 0x38, 0x38, 0x00, 0x00, 0x98, 0x01, 0x0C, 0x11, 0x01, 0x00,
526 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
527 T0_INT1(BR_KEYTYPE_RSA | BR_KEYTYPE_KEYX), 0x04, 0x30, 0x01, 0x01,
528 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
529 T0_INT1(BR_KEYTYPE_RSA | BR_KEYTYPE_SIGN), 0x04, 0x25, 0x01, 0x02,
530 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
531 T0_INT1(BR_KEYTYPE_EC | BR_KEYTYPE_SIGN), 0x04, 0x1A, 0x01, 0x03,
532 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
533 T0_INT1(BR_KEYTYPE_EC | BR_KEYTYPE_KEYX), 0x04, 0x0F, 0x01, 0x04,
534 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
535 T0_INT1(BR_KEYTYPE_EC | BR_KEYTYPE_KEYX), 0x04, 0x04, 0x01, 0x00,
536 0x44, 0x25, 0x00, 0x00, 0x80, 0x2E, 0x01, 0x0E, 0x0E, 0x06, 0x04, 0x01,
537 0x00, 0x04, 0x02, 0x01, 0x05, 0x00, 0x00, 0x40, 0x06, 0x04, 0x01, 0x06,
538 0x04, 0x02, 0x01, 0x00, 0x00, 0x00, 0x86, 0x2E, 0x26, 0x06, 0x08, 0x01,
539 0x01, 0x09, 0x01, 0x11, 0x07, 0x04, 0x03, 0x25, 0x01, 0x05, 0x00, 0x01,
540 0x41, 0x03, 0x00, 0x25, 0x01, 0x00, 0x43, 0x06, 0x03, 0x02, 0x00, 0x08,
541 0x42, 0x06, 0x03, 0x02, 0x00, 0x08, 0x26, 0x06, 0x06, 0x01, 0x01, 0x0B,
542 0x01, 0x06, 0x08, 0x00, 0x00, 0x89, 0x3F, 0x26, 0x06, 0x03, 0x01, 0x09,
543 0x08, 0x00, 0x01, 0x40, 0x26, 0x06, 0x1E, 0x01, 0x00, 0x03, 0x00, 0x26,
544 0x06, 0x0E, 0x26, 0x01, 0x01, 0x17, 0x02, 0x00, 0x08, 0x03, 0x00, 0x01,
545 0x01, 0x11, 0x04, 0x6F, 0x25, 0x02, 0x00, 0x01, 0x01, 0x0B, 0x01, 0x06,
546 0x08, 0x00, 0x00, 0x7D, 0x2D, 0x44, 0x11, 0x01, 0x01, 0x17, 0x35, 0x00,
547 0x00, 0x9D, 0xCB, 0x26, 0x01, 0x07, 0x17, 0x01, 0x00, 0x38, 0x0E, 0x06,
548 0x09, 0x25, 0x01, 0x10, 0x17, 0x06, 0x01, 0x9D, 0x04, 0x2D, 0x01, 0x01,
549 0x38, 0x0E, 0x06, 0x24, 0x25, 0x25, 0x01, 0x00, 0x75, 0x3E, 0xB1, 0x86,
550 0x2E, 0x01, 0x01, 0x0E, 0x01, 0x01, 0xA6, 0x37, 0x06, 0x0F, 0x29, 0x1A,
551 0x36, 0x06, 0x04, 0xCB, 0x25, 0x04, 0x78, 0x01, 0x80, 0x64, 0xC3, 0x04,
552 0x01, 0x9D, 0x04, 0x03, 0x70, 0x28, 0x25, 0x04, 0xFF, 0x3C, 0x01, 0x26,
553 0x03, 0x00, 0x09, 0x26, 0x56, 0x06, 0x02, 0x66, 0x28, 0x02, 0x00, 0x00,
554 0x00, 0x98, 0x01, 0x0F, 0x17, 0x00, 0x00, 0x74, 0x2E, 0x01, 0x00, 0x38,
555 0x0E, 0x06, 0x10, 0x25, 0x26, 0x01, 0x01, 0x0D, 0x06, 0x03, 0x25, 0x01,
556 0x02, 0x74, 0x3E, 0x01, 0x00, 0x04, 0x21, 0x01, 0x01, 0x38, 0x0E, 0x06,
557 0x14, 0x25, 0x01, 0x00, 0x74, 0x3E, 0x26, 0x01, 0x80, 0x64, 0x0E, 0x06,
558 0x05, 0x01, 0x82, 0x00, 0x08, 0x28, 0x58, 0x04, 0x07, 0x25, 0x01, 0x82,
559 0x00, 0x08, 0x28, 0x25, 0x00, 0x00, 0x01, 0x00, 0x2F, 0x06, 0x05, 0x3A,
560 0xAA, 0x37, 0x04, 0x78, 0x26, 0x06, 0x04, 0x01, 0x01, 0x8D, 0x3E, 0x00,
561 0x01, 0xBD, 0xA8, 0xBD, 0xA8, 0xBF, 0x82, 0x44, 0x26, 0x03, 0x00, 0xB4,
562 0x99, 0x99, 0x02, 0x00, 0x4B, 0x26, 0x56, 0x06, 0x0A, 0x01, 0x03, 0xA6,
563 0x06, 0x02, 0x70, 0x28, 0x25, 0x04, 0x03, 0x5A, 0x88, 0x3C, 0x00, 0x00,
564 0x2F, 0x06, 0x0B, 0x84, 0x2E, 0x01, 0x14, 0x0D, 0x06, 0x02, 0x70, 0x28,
565 0x04, 0x11, 0xCB, 0x01, 0x07, 0x17, 0x26, 0x01, 0x02, 0x0D, 0x06, 0x06,
566 0x06, 0x02, 0x70, 0x28, 0x04, 0x70, 0x25, 0xC0, 0x01, 0x01, 0x0D, 0x33,
567 0x37, 0x06, 0x02, 0x5F, 0x28, 0x26, 0x01, 0x01, 0xC6, 0x36, 0xB0, 0x00,
568 0x01, 0xB6, 0x01, 0x0B, 0x0E, 0x05, 0x02, 0x70, 0x28, 0x26, 0x01, 0x03,
569 0x0E, 0x06, 0x08, 0xBE, 0x06, 0x02, 0x66, 0x28, 0x44, 0x25, 0x00, 0x44,
570 0x55, 0xBE, 0xA8, 0x26, 0x06, 0x23, 0xBE, 0xA8, 0x26, 0x54, 0x26, 0x06,
571 0x18, 0x26, 0x01, 0x82, 0x00, 0x0F, 0x06, 0x05, 0x01, 0x82, 0x00, 0x04,
572 0x01, 0x26, 0x03, 0x00, 0x82, 0x02, 0x00, 0xB4, 0x02, 0x00, 0x51, 0x04,
573 0x65, 0x99, 0x52, 0x04, 0x5A, 0x99, 0x99, 0x53, 0x26, 0x06, 0x02, 0x35,
574 0x00, 0x25, 0x2B, 0x00, 0x00, 0x77, 0x2C, 0x9F, 0x01, 0x7F, 0xAE, 0x26,
575 0x56, 0x06, 0x02, 0x35, 0x28, 0x26, 0x05, 0x02, 0x70, 0x28, 0x38, 0x17,
576 0x0D, 0x06, 0x02, 0x72, 0x28, 0x3B, 0x00, 0x00, 0x9A, 0xB6, 0x01, 0x14,
577 0x0D, 0x06, 0x02, 0x70, 0x28, 0x82, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0xB4,
578 0x99, 0x82, 0x26, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0x30, 0x05, 0x02, 0x62,
579 0x28, 0x00, 0x00, 0xB7, 0x06, 0x02, 0x70, 0x28, 0x06, 0x02, 0x64, 0x28,
580 0x00, 0x0A, 0xB6, 0x01, 0x02, 0x0E, 0x05, 0x02, 0x70, 0x28, 0xBD, 0x03,
581 0x00, 0x02, 0x00, 0x93, 0x2C, 0x0A, 0x02, 0x00, 0x92, 0x2C, 0x0F, 0x37,
582 0x06, 0x02, 0x71, 0x28, 0x02, 0x00, 0x91, 0x2C, 0x0D, 0x06, 0x02, 0x69,
583 0x28, 0x02, 0x00, 0x94, 0x3C, 0x8A, 0x01, 0x20, 0xB4, 0x01, 0x00, 0x03,
584 0x01, 0xBF, 0x03, 0x02, 0x02, 0x02, 0x01, 0x20, 0x0F, 0x06, 0x02, 0x6E,
585 0x28, 0x82, 0x02, 0x02, 0xB4, 0x02, 0x02, 0x8C, 0x2E, 0x0E, 0x02, 0x02,
586 0x01, 0x00, 0x0F, 0x17, 0x06, 0x0B, 0x8B, 0x82, 0x02, 0x02, 0x30, 0x06,
587 0x04, 0x01, 0x7F, 0x03, 0x01, 0x8B, 0x82, 0x02, 0x02, 0x31, 0x02, 0x02,
588 0x8C, 0x3E, 0x02, 0x00, 0x90, 0x02, 0x01, 0x96, 0xBD, 0x26, 0xC1, 0x56,
589 0x06, 0x02, 0x60, 0x28, 0x77, 0x02, 0x01, 0x96, 0xBF, 0x06, 0x02, 0x61,
590 0x28, 0x26, 0x06, 0x81, 0x45, 0xBD, 0xA8, 0xA4, 0x03, 0x03, 0xA2, 0x03,
591 0x04, 0xA0, 0x03, 0x05, 0xA3, 0x03, 0x06, 0xA5, 0x03, 0x07, 0xA1, 0x03,
592 0x08, 0x27, 0x03, 0x09, 0x26, 0x06, 0x81, 0x18, 0xBD, 0x01, 0x00, 0x38,
593 0x0E, 0x06, 0x0F, 0x25, 0x02, 0x03, 0x05, 0x02, 0x6A, 0x28, 0x01, 0x00,
594 0x03, 0x03, 0xBC, 0x04, 0x80, 0x7F, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x0F,
595 0x25, 0x02, 0x05, 0x05, 0x02, 0x6A, 0x28, 0x01, 0x00, 0x03, 0x05, 0xBA,
596 0x04, 0x80, 0x6A, 0x01, 0x83, 0xFE, 0x01, 0x38, 0x0E, 0x06, 0x0F, 0x25,
597 0x02, 0x04, 0x05, 0x02, 0x6A, 0x28, 0x01, 0x00, 0x03, 0x04, 0xBB, 0x04,
598 0x80, 0x53, 0x01, 0x0D, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x06, 0x05,
599 0x02, 0x6A, 0x28, 0x01, 0x00, 0x03, 0x06, 0xB8, 0x04, 0x3F, 0x01, 0x0A,
600 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x07, 0x05, 0x02, 0x6A, 0x28, 0x01,
601 0x00, 0x03, 0x07, 0xB8, 0x04, 0x2B, 0x01, 0x0B, 0x38, 0x0E, 0x06, 0x0E,
602 0x25, 0x02, 0x08, 0x05, 0x02, 0x6A, 0x28, 0x01, 0x00, 0x03, 0x08, 0xB8,
603 0x04, 0x17, 0x01, 0x10, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x09, 0x05,
604 0x02, 0x6A, 0x28, 0x01, 0x00, 0x03, 0x09, 0xAC, 0x04, 0x03, 0x6A, 0x28,
605 0x25, 0x04, 0xFE, 0x64, 0x02, 0x04, 0x06, 0x0D, 0x02, 0x04, 0x01, 0x05,
606 0x0F, 0x06, 0x02, 0x67, 0x28, 0x01, 0x01, 0x86, 0x3E, 0x99, 0x99, 0x02,
607 0x01, 0x00, 0x04, 0xB6, 0x01, 0x0C, 0x0E, 0x05, 0x02, 0x70, 0x28, 0xBF,
608 0x01, 0x03, 0x0E, 0x05, 0x02, 0x6B, 0x28, 0xBD, 0x26, 0x7A, 0x3E, 0x26,
609 0x01, 0x20, 0x10, 0x06, 0x02, 0x6B, 0x28, 0x40, 0x44, 0x11, 0x01, 0x01,
610 0x17, 0x05, 0x02, 0x6B, 0x28, 0xBF, 0x26, 0x01, 0x81, 0x05, 0x0F, 0x06,
611 0x02, 0x6B, 0x28, 0x26, 0x7C, 0x3E, 0x7B, 0x44, 0xB4, 0x90, 0x2C, 0x01,
612 0x86, 0x03, 0x10, 0x03, 0x00, 0x77, 0x2C, 0xC9, 0x03, 0x01, 0x01, 0x02,
613 0x03, 0x02, 0x02, 0x00, 0x06, 0x21, 0xBF, 0x26, 0x26, 0x01, 0x02, 0x0A,
614 0x44, 0x01, 0x06, 0x0F, 0x37, 0x06, 0x02, 0x6B, 0x28, 0x03, 0x02, 0xBF,
615 0x02, 0x01, 0x01, 0x01, 0x0B, 0x01, 0x03, 0x08, 0x0E, 0x05, 0x02, 0x6B,
616 0x28, 0x04, 0x08, 0x02, 0x01, 0x06, 0x04, 0x01, 0x00, 0x03, 0x02, 0xBD,
617 0x26, 0x03, 0x03, 0x26, 0x01, 0x84, 0x00, 0x0F, 0x06, 0x02, 0x6C, 0x28,
618 0x82, 0x44, 0xB4, 0x02, 0x02, 0x02, 0x01, 0x02, 0x03, 0x4E, 0x26, 0x06,
619 0x01, 0x28, 0x25, 0x99, 0x00, 0x02, 0x03, 0x00, 0x03, 0x01, 0x02, 0x00,
620 0x95, 0x02, 0x01, 0x02, 0x00, 0x39, 0x26, 0x01, 0x00, 0x0E, 0x06, 0x02,
621 0x5E, 0x00, 0xCD, 0x04, 0x74, 0x02, 0x01, 0x00, 0x03, 0x00, 0xBF, 0xA8,
622 0x26, 0x06, 0x80, 0x43, 0xBF, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x06, 0x25,
623 0x01, 0x81, 0x7F, 0x04, 0x2E, 0x01, 0x80, 0x40, 0x38, 0x0E, 0x06, 0x07,
624 0x25, 0x01, 0x83, 0xFE, 0x00, 0x04, 0x20, 0x01, 0x80, 0x41, 0x38, 0x0E,
625 0x06, 0x07, 0x25, 0x01, 0x84, 0x80, 0x00, 0x04, 0x12, 0x01, 0x80, 0x42,
626 0x38, 0x0E, 0x06, 0x07, 0x25, 0x01, 0x88, 0x80, 0x00, 0x04, 0x04, 0x01,
627 0x00, 0x44, 0x25, 0x02, 0x00, 0x37, 0x03, 0x00, 0x04, 0xFF, 0x39, 0x99,
628 0x77, 0x2C, 0xC7, 0x05, 0x09, 0x02, 0x00, 0x01, 0x83, 0xFF, 0x7F, 0x17,
629 0x03, 0x00, 0x90, 0x2C, 0x01, 0x86, 0x03, 0x10, 0x06, 0x3A, 0xB9, 0x26,
630 0x7F, 0x3D, 0x41, 0x25, 0x26, 0x01, 0x08, 0x0B, 0x37, 0x01, 0x8C, 0x80,
631 0x00, 0x37, 0x17, 0x02, 0x00, 0x17, 0x02, 0x00, 0x01, 0x8C, 0x80, 0x00,
632 0x17, 0x06, 0x19, 0x26, 0x01, 0x81, 0x7F, 0x17, 0x06, 0x05, 0x01, 0x84,
633 0x80, 0x00, 0x37, 0x26, 0x01, 0x83, 0xFE, 0x00, 0x17, 0x06, 0x05, 0x01,
634 0x88, 0x80, 0x00, 0x37, 0x03, 0x00, 0x04, 0x09, 0x02, 0x00, 0x01, 0x8C,
635 0x88, 0x01, 0x17, 0x03, 0x00, 0x16, 0xBD, 0xA8, 0x26, 0x06, 0x23, 0xBD,
636 0xA8, 0x26, 0x15, 0x26, 0x06, 0x18, 0x26, 0x01, 0x82, 0x00, 0x0F, 0x06,
637 0x05, 0x01, 0x82, 0x00, 0x04, 0x01, 0x26, 0x03, 0x01, 0x82, 0x02, 0x01,
638 0xB4, 0x02, 0x01, 0x12, 0x04, 0x65, 0x99, 0x13, 0x04, 0x5A, 0x99, 0x14,
639 0x99, 0x02, 0x00, 0x2A, 0x00, 0x00, 0xB7, 0x26, 0x58, 0x06, 0x07, 0x25,
640 0x06, 0x02, 0x64, 0x28, 0x04, 0x74, 0x00, 0x00, 0xC0, 0x01, 0x03, 0xBE,
641 0x44, 0x25, 0x44, 0x00, 0x00, 0xBD, 0xC4, 0x00, 0x03, 0x01, 0x00, 0x03,
642 0x00, 0xBD, 0xA8, 0x26, 0x06, 0x80, 0x50, 0xBF, 0x03, 0x01, 0xBF, 0x03,
643 0x02, 0x02, 0x01, 0x01, 0x08, 0x0E, 0x06, 0x16, 0x02, 0x02, 0x01, 0x0F,
644 0x0C, 0x06, 0x0D, 0x01, 0x01, 0x02, 0x02, 0x01, 0x10, 0x08, 0x0B, 0x02,
645 0x00, 0x37, 0x03, 0x00, 0x04, 0x2A, 0x02, 0x01, 0x01, 0x02, 0x10, 0x02,
646 0x01, 0x01, 0x06, 0x0C, 0x17, 0x02, 0x02, 0x01, 0x01, 0x0E, 0x02, 0x02,
647 0x01, 0x03, 0x0E, 0x37, 0x17, 0x06, 0x11, 0x02, 0x00, 0x01, 0x01, 0x02,
648 0x02, 0x5B, 0x01, 0x02, 0x0B, 0x02, 0x01, 0x08, 0x0B, 0x37, 0x03, 0x00,
649 0x04, 0xFF, 0x2C, 0x99, 0x02, 0x00, 0x00, 0x00, 0xBD, 0x01, 0x01, 0x0E,
650 0x05, 0x02, 0x63, 0x28, 0xBF, 0x01, 0x08, 0x08, 0x80, 0x2E, 0x0E, 0x05,
651 0x02, 0x63, 0x28, 0x00, 0x00, 0xBD, 0x86, 0x2E, 0x05, 0x15, 0x01, 0x01,
652 0x0E, 0x05, 0x02, 0x67, 0x28, 0xBF, 0x01, 0x00, 0x0E, 0x05, 0x02, 0x67,
653 0x28, 0x01, 0x02, 0x86, 0x3E, 0x04, 0x1C, 0x01, 0x19, 0x0E, 0x05, 0x02,
654 0x67, 0x28, 0xBF, 0x01, 0x18, 0x0E, 0x05, 0x02, 0x67, 0x28, 0x82, 0x01,
655 0x18, 0xB4, 0x87, 0x82, 0x01, 0x18, 0x30, 0x05, 0x02, 0x67, 0x28, 0x00,
656 0x00, 0xBD, 0x06, 0x02, 0x68, 0x28, 0x00, 0x00, 0x01, 0x02, 0x95, 0xC0,
657 0x01, 0x08, 0x0B, 0xC0, 0x08, 0x00, 0x00, 0x01, 0x03, 0x95, 0xC0, 0x01,
658 0x08, 0x0B, 0xC0, 0x08, 0x01, 0x08, 0x0B, 0xC0, 0x08, 0x00, 0x00, 0x01,
659 0x01, 0x95, 0xC0, 0x00, 0x00, 0x3A, 0x26, 0x56, 0x05, 0x01, 0x00, 0x25,
660 0xCD, 0x04, 0x76, 0x02, 0x03, 0x00, 0x8F, 0x2E, 0x03, 0x01, 0x01, 0x00,
661 0x26, 0x02, 0x01, 0x0A, 0x06, 0x10, 0x26, 0x01, 0x01, 0x0B, 0x8E, 0x08,
662 0x2C, 0x02, 0x00, 0x0E, 0x06, 0x01, 0x00, 0x5A, 0x04, 0x6A, 0x25, 0x01,
663 0x7F, 0x00, 0x00, 0x01, 0x15, 0x85, 0x3E, 0x44, 0x50, 0x25, 0x50, 0x25,
664 0x29, 0x00, 0x00, 0x01, 0x01, 0x44, 0xC2, 0x00, 0x00, 0x44, 0x38, 0x95,
665 0x44, 0x26, 0x06, 0x05, 0xC0, 0x25, 0x5B, 0x04, 0x78, 0x25, 0x00, 0x00,
666 0x26, 0x01, 0x81, 0xAC, 0x00, 0x0E, 0x06, 0x04, 0x25, 0x01, 0x7F, 0x00,
667 0x98, 0x57, 0x00, 0x02, 0x03, 0x00, 0x77, 0x2C, 0x98, 0x03, 0x01, 0x02,
668 0x01, 0x01, 0x0F, 0x17, 0x02, 0x01, 0x01, 0x04, 0x11, 0x01, 0x0F, 0x17,
669 0x02, 0x01, 0x01, 0x08, 0x11, 0x01, 0x0F, 0x17, 0x01, 0x00, 0x38, 0x0E,
670 0x06, 0x10, 0x25, 0x01, 0x00, 0x01, 0x18, 0x02, 0x00, 0x06, 0x03, 0x47,
671 0x04, 0x01, 0x48, 0x04, 0x80, 0x68, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x10,
672 0x25, 0x01, 0x01, 0x01, 0x10, 0x02, 0x00, 0x06, 0x03, 0x47, 0x04, 0x01,
673 0x48, 0x04, 0x80, 0x52, 0x01, 0x02, 0x38, 0x0E, 0x06, 0x0F, 0x25, 0x01,
674 0x01, 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x47, 0x04, 0x01, 0x48, 0x04,
675 0x3D, 0x01, 0x03, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x25, 0x01, 0x10, 0x02,
676 0x00, 0x06, 0x03, 0x45, 0x04, 0x01, 0x46, 0x04, 0x29, 0x01, 0x04, 0x38,
677 0x0E, 0x06, 0x0E, 0x25, 0x25, 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x45,
678 0x04, 0x01, 0x46, 0x04, 0x15, 0x01, 0x05, 0x38, 0x0E, 0x06, 0x0C, 0x25,
679 0x25, 0x02, 0x00, 0x06, 0x03, 0x49, 0x04, 0x01, 0x4A, 0x04, 0x03, 0x66,
680 0x28, 0x25, 0x00, 0x00, 0x98, 0x01, 0x0C, 0x11, 0x01, 0x02, 0x0F, 0x00,
681 0x00, 0x98, 0x01, 0x0C, 0x11, 0x26, 0x59, 0x44, 0x01, 0x03, 0x0A, 0x17,
682 0x00, 0x00, 0x98, 0x01, 0x0C, 0x11, 0x01, 0x01, 0x0E, 0x00, 0x00, 0x98,
683 0x01, 0x0C, 0x11, 0x58, 0x00, 0x00, 0x1B, 0x01, 0x00, 0x73, 0x2E, 0x26,
684 0x06, 0x22, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x06, 0x25, 0x01, 0x00, 0x9C,
685 0x04, 0x14, 0x01, 0x02, 0x38, 0x0E, 0x06, 0x0D, 0x25, 0x75, 0x2E, 0x01,
686 0x01, 0x0E, 0x06, 0x03, 0x01, 0x10, 0x37, 0x04, 0x01, 0x25, 0x04, 0x01,
687 0x25, 0x79, 0x2E, 0x05, 0x33, 0x2F, 0x06, 0x30, 0x84, 0x2E, 0x01, 0x14,
688 0x38, 0x0E, 0x06, 0x06, 0x25, 0x01, 0x02, 0x37, 0x04, 0x22, 0x01, 0x15,
689 0x38, 0x0E, 0x06, 0x09, 0x25, 0xAB, 0x06, 0x03, 0x01, 0x7F, 0x9C, 0x04,
690 0x13, 0x01, 0x16, 0x38, 0x0E, 0x06, 0x06, 0x25, 0x01, 0x01, 0x37, 0x04,
691 0x07, 0x25, 0x01, 0x04, 0x37, 0x01, 0x00, 0x25, 0x1A, 0x06, 0x03, 0x01,
692 0x08, 0x37, 0x00, 0x00, 0x1B, 0x26, 0x05, 0x13, 0x2F, 0x06, 0x10, 0x84,
693 0x2E, 0x01, 0x15, 0x0E, 0x06, 0x08, 0x25, 0xAB, 0x01, 0x00, 0x75, 0x3E,
694 0x04, 0x01, 0x20, 0x00, 0x00, 0xCB, 0x01, 0x07, 0x17, 0x01, 0x01, 0x0F,
695 0x06, 0x02, 0x70, 0x28, 0x00, 0x01, 0x03, 0x00, 0x29, 0x1A, 0x06, 0x05,
696 0x02, 0x00, 0x85, 0x3E, 0x00, 0xCB, 0x25, 0x04, 0x74, 0x00, 0x01, 0x14,
697 0xCE, 0x01, 0x01, 0xDB, 0x29, 0x26, 0x01, 0x00, 0xC6, 0x01, 0x16, 0xCE,
698 0xD4, 0x29, 0x00, 0x00, 0x01, 0x0B, 0xDB, 0x4C, 0x26, 0x26, 0x01, 0x03,
699 0x08, 0xDA, 0xDA, 0x18, 0x26, 0x56, 0x06, 0x02, 0x25, 0x00, 0xDA, 0x1D,
700 0x26, 0x06, 0x05, 0x82, 0x44, 0xD5, 0x04, 0x77, 0x25, 0x04, 0x6C, 0x00,
701 0x21, 0x01, 0x0F, 0xDB, 0x26, 0x90, 0x2C, 0x01, 0x86, 0x03, 0x10, 0x06,
702 0x0C, 0x01, 0x04, 0x08, 0xDA, 0x7E, 0x2E, 0xDB, 0x76, 0x2E, 0xDB, 0x04,
703 0x02, 0x5C, 0xDA, 0x26, 0xD9, 0x82, 0x44, 0xD5, 0x00, 0x02, 0xA2, 0xA4,
704 0x08, 0xA0, 0x08, 0xA3, 0x08, 0xA5, 0x08, 0xA1, 0x08, 0x27, 0x08, 0x03,
705 0x00, 0x01, 0x01, 0xDB, 0x01, 0x27, 0x8C, 0x2E, 0x08, 0x8F, 0x2E, 0x01,
706 0x01, 0x0B, 0x08, 0x02, 0x00, 0x06, 0x04, 0x5C, 0x02, 0x00, 0x08, 0x81,
707 0x2C, 0x38, 0x09, 0x26, 0x59, 0x06, 0x24, 0x02, 0x00, 0x05, 0x04, 0x44,
708 0x5C, 0x44, 0x5D, 0x01, 0x04, 0x09, 0x26, 0x56, 0x06, 0x03, 0x25, 0x01,
709 0x00, 0x26, 0x01, 0x04, 0x08, 0x02, 0x00, 0x08, 0x03, 0x00, 0x44, 0x01,
710 0x04, 0x08, 0x38, 0x08, 0x44, 0x04, 0x03, 0x25, 0x01, 0x7F, 0x03, 0x01,
711 0xDA, 0x92, 0x2C, 0xD9, 0x78, 0x01, 0x04, 0x19, 0x78, 0x01, 0x04, 0x08,
712 0x01, 0x1C, 0x32, 0x78, 0x01, 0x20, 0xD5, 0x8B, 0x8C, 0x2E, 0xD7, 0x8F,
713 0x2E, 0x26, 0x01, 0x01, 0x0B, 0xD9, 0x8E, 0x44, 0x26, 0x06, 0x0F, 0x5B,
714 0x38, 0x2C, 0x26, 0xC5, 0x05, 0x02, 0x60, 0x28, 0xD9, 0x44, 0x5C, 0x44,
715 0x04, 0x6E, 0x5E, 0x01, 0x01, 0xDB, 0x01, 0x00, 0xDB, 0x02, 0x00, 0x06,
716 0x81, 0x5A, 0x02, 0x00, 0xD9, 0xA2, 0x06, 0x0E, 0x01, 0x83, 0xFE, 0x01,
717 0xD9, 0x87, 0xA2, 0x01, 0x04, 0x09, 0x26, 0xD9, 0x5B, 0xD7, 0xA4, 0x06,
718 0x16, 0x01, 0x00, 0xD9, 0x89, 0xA4, 0x01, 0x04, 0x09, 0x26, 0xD9, 0x01,
719 0x02, 0x09, 0x26, 0xD9, 0x01, 0x00, 0xDB, 0x01, 0x03, 0x09, 0xD6, 0xA0,
720 0x06, 0x0C, 0x01, 0x01, 0xD9, 0x01, 0x01, 0xD9, 0x80, 0x2E, 0x01, 0x08,
721 0x09, 0xDB, 0xA3, 0x06, 0x19, 0x01, 0x0D, 0xD9, 0xA3, 0x01, 0x04, 0x09,
722 0x26, 0xD9, 0x01, 0x02, 0x09, 0xD9, 0x42, 0x06, 0x03, 0x01, 0x03, 0xD8,
723 0x43, 0x06, 0x03, 0x01, 0x01, 0xD8, 0xA5, 0x26, 0x06, 0x36, 0x01, 0x0A,
724 0xD9, 0x01, 0x04, 0x09, 0x26, 0xD9, 0x5D, 0xD9, 0x40, 0x01, 0x00, 0x26,
725 0x01, 0x82, 0x80, 0x80, 0x80, 0x00, 0x17, 0x06, 0x0A, 0x01, 0xFD, 0xFF,
726 0xFF, 0xFF, 0x7F, 0x17, 0x01, 0x1D, 0xD9, 0x26, 0x01, 0x20, 0x0A, 0x06,
727 0x0C, 0x9E, 0x11, 0x01, 0x01, 0x17, 0x06, 0x02, 0x26, 0xD9, 0x5A, 0x04,
728 0x6E, 0x5E, 0x04, 0x01, 0x25, 0xA1, 0x06, 0x0A, 0x01, 0x0B, 0xD9, 0x01,
729 0x02, 0xD9, 0x01, 0x82, 0x00, 0xD9, 0x27, 0x26, 0x06, 0x1F, 0x01, 0x10,
730 0xD9, 0x01, 0x04, 0x09, 0x26, 0xD9, 0x5D, 0xD9, 0x83, 0x2C, 0x01, 0x00,
731 0x9E, 0x0F, 0x06, 0x0A, 0x26, 0x1E, 0x26, 0xDB, 0x82, 0x44, 0xD5, 0x5A,
732 0x04, 0x72, 0x5E, 0x04, 0x01, 0x25, 0x02, 0x01, 0x56, 0x05, 0x11, 0x01,
733 0x15, 0xD9, 0x02, 0x01, 0x26, 0xD9, 0x26, 0x06, 0x06, 0x5B, 0x01, 0x00,
734 0xDB, 0x04, 0x77, 0x25, 0x00, 0x00, 0x01, 0x10, 0xDB, 0x77, 0x2C, 0x26,
735 0xCA, 0x06, 0x0C, 0xA9, 0x23, 0x26, 0x5C, 0xDA, 0x26, 0xD9, 0x82, 0x44,
736 0xD5, 0x04, 0x0D, 0x26, 0xC8, 0x44, 0xA9, 0x22, 0x26, 0x5A, 0xDA, 0x26,
737 0xDB, 0x82, 0x44, 0xD5, 0x00, 0x00, 0x9A, 0x01, 0x14, 0xDB, 0x01, 0x0C,
738 0xDA, 0x82, 0x01, 0x0C, 0xD5, 0x00, 0x00, 0x4F, 0x26, 0x01, 0x00, 0x0E,
739 0x06, 0x02, 0x5E, 0x00, 0xCB, 0x25, 0x04, 0x73, 0x00, 0x26, 0xD9, 0xD5,
740 0x00, 0x00, 0x26, 0xDB, 0xD5, 0x00, 0x01, 0x03, 0x00, 0x41, 0x25, 0x26,
741 0x01, 0x10, 0x17, 0x06, 0x06, 0x01, 0x04, 0xDB, 0x02, 0x00, 0xDB, 0x26,
742 0x01, 0x08, 0x17, 0x06, 0x06, 0x01, 0x03, 0xDB, 0x02, 0x00, 0xDB, 0x26,
743 0x01, 0x20, 0x17, 0x06, 0x06, 0x01, 0x05, 0xDB, 0x02, 0x00, 0xDB, 0x26,
744 0x01, 0x80, 0x40, 0x17, 0x06, 0x06, 0x01, 0x06, 0xDB, 0x02, 0x00, 0xDB,
745 0x01, 0x04, 0x17, 0x06, 0x06, 0x01, 0x02, 0xDB, 0x02, 0x00, 0xDB, 0x00,
746 0x00, 0x26, 0x01, 0x08, 0x4D, 0xDB, 0xDB, 0x00, 0x00, 0x26, 0x01, 0x10,
747 0x4D, 0xDB, 0xD9, 0x00, 0x00, 0x26, 0x50, 0x06, 0x02, 0x25, 0x00, 0xCB,
748 0x25, 0x04, 0x76
749 };
750
751 static const uint16_t t0_caddr[] = {
752 0,
753 5,
754 10,
755 15,
756 20,
757 25,
758 30,
759 35,
760 40,
761 44,
762 48,
763 52,
764 56,
765 60,
766 64,
767 68,
768 72,
769 76,
770 80,
771 84,
772 88,
773 92,
774 96,
775 100,
776 104,
777 108,
778 112,
779 116,
780 120,
781 124,
782 129,
783 134,
784 139,
785 144,
786 149,
787 154,
788 159,
789 164,
790 169,
791 174,
792 179,
793 184,
794 189,
795 194,
796 199,
797 204,
798 209,
799 214,
800 219,
801 224,
802 229,
803 234,
804 239,
805 244,
806 249,
807 254,
808 259,
809 264,
810 269,
811 274,
812 279,
813 284,
814 289,
815 294,
816 303,
817 316,
818 320,
819 345,
820 351,
821 370,
822 381,
823 422,
824 542,
825 546,
826 611,
827 626,
828 637,
829 655,
830 684,
831 694,
832 730,
833 740,
834 810,
835 824,
836 830,
837 889,
838 908,
839 943,
840 992,
841 1068,
842 1095,
843 1126,
844 1137,
845 1462,
846 1609,
847 1633,
848 1849,
849 1863,
850 1872,
851 1876,
852 1971,
853 1992,
854 2048,
855 2055,
856 2066,
857 2082,
858 2088,
859 2099,
860 2134,
861 2146,
862 2152,
863 2167,
864 2183,
865 2339,
866 2348,
867 2361,
868 2370,
869 2377,
870 2483,
871 2508,
872 2521,
873 2537,
874 2555,
875 2587,
876 2621,
877 2989,
878 3025,
879 3038,
880 3052,
881 3057,
882 3062,
883 3128,
884 3136,
885 3144
886 };
887
888 #define T0_INTERPRETED 86
889
890 #define T0_ENTER(ip, rp, slot) do { \
891 const unsigned char *t0_newip; \
892 uint32_t t0_lnum; \
893 t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \
894 t0_lnum = t0_parse7E_unsigned(&t0_newip); \
895 (rp) += t0_lnum; \
896 *((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \
897 (ip) = t0_newip; \
898 } while (0)
899
900 #define T0_DEFENTRY(name, slot) \
901 void \
902 name(void *ctx) \
903 { \
904 t0_context *t0ctx = ctx; \
905 t0ctx->ip = &t0_codeblock[0]; \
906 T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \
907 }
908
909 T0_DEFENTRY(br_ssl_hs_client_init_main, 167)
910
911 #define T0_NEXT(t0ipp) (*(*(t0ipp)) ++)
912
913 void
914 br_ssl_hs_client_run(void *t0ctx)
915 {
916 uint32_t *dp, *rp;
917 const unsigned char *ip;
918
919 #define T0_LOCAL(x) (*(rp - 2 - (x)))
920 #define T0_POP() (*-- dp)
921 #define T0_POPi() (*(int32_t *)(-- dp))
922 #define T0_PEEK(x) (*(dp - 1 - (x)))
923 #define T0_PEEKi(x) (*(int32_t *)(dp - 1 - (x)))
924 #define T0_PUSH(v) do { *dp = (v); dp ++; } while (0)
925 #define T0_PUSHi(v) do { *(int32_t *)dp = (v); dp ++; } while (0)
926 #define T0_RPOP() (*-- rp)
927 #define T0_RPOPi() (*(int32_t *)(-- rp))
928 #define T0_RPUSH(v) do { *rp = (v); rp ++; } while (0)
929 #define T0_RPUSHi(v) do { *(int32_t *)rp = (v); rp ++; } while (0)
930 #define T0_ROLL(x) do { \
931 size_t t0len = (size_t)(x); \
932 uint32_t t0tmp = *(dp - 1 - t0len); \
933 memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \
934 *(dp - 1) = t0tmp; \
935 } while (0)
936 #define T0_SWAP() do { \
937 uint32_t t0tmp = *(dp - 2); \
938 *(dp - 2) = *(dp - 1); \
939 *(dp - 1) = t0tmp; \
940 } while (0)
941 #define T0_ROT() do { \
942 uint32_t t0tmp = *(dp - 3); \
943 *(dp - 3) = *(dp - 2); \
944 *(dp - 2) = *(dp - 1); \
945 *(dp - 1) = t0tmp; \
946 } while (0)
947 #define T0_NROT() do { \
948 uint32_t t0tmp = *(dp - 1); \
949 *(dp - 1) = *(dp - 2); \
950 *(dp - 2) = *(dp - 3); \
951 *(dp - 3) = t0tmp; \
952 } while (0)
953 #define T0_PICK(x) do { \
954 uint32_t t0depth = (x); \
955 T0_PUSH(T0_PEEK(t0depth)); \
956 } while (0)
957 #define T0_CO() do { \
958 goto t0_exit; \
959 } while (0)
960 #define T0_RET() goto t0_next
961
962 dp = ((t0_context *)t0ctx)->dp;
963 rp = ((t0_context *)t0ctx)->rp;
964 ip = ((t0_context *)t0ctx)->ip;
965 goto t0_next;
966 for (;;) {
967 uint32_t t0x;
968
969 t0_next:
970 t0x = T0_NEXT(&ip);
971 if (t0x < T0_INTERPRETED) {
972 switch (t0x) {
973 int32_t t0off;
974
975 case 0: /* ret */
976 t0x = T0_RPOP();
977 rp -= (t0x >> 16);
978 t0x &= 0xFFFF;
979 if (t0x == 0) {
980 ip = NULL;
981 goto t0_exit;
982 }
983 ip = &t0_codeblock[t0x];
984 break;
985 case 1: /* literal constant */
986 T0_PUSHi(t0_parse7E_signed(&ip));
987 break;
988 case 2: /* read local */
989 T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip)));
990 break;
991 case 3: /* write local */
992 T0_LOCAL(t0_parse7E_unsigned(&ip)) = T0_POP();
993 break;
994 case 4: /* jump */
995 t0off = t0_parse7E_signed(&ip);
996 ip += t0off;
997 break;
998 case 5: /* jump if */
999 t0off = t0_parse7E_signed(&ip);
1000 if (T0_POP()) {
1001 ip += t0off;
1002 }
1003 break;
1004 case 6: /* jump if not */
1005 t0off = t0_parse7E_signed(&ip);
1006 if (!T0_POP()) {
1007 ip += t0off;
1008 }
1009 break;
1010 case 7: {
1011 /* * */
1012
1013 uint32_t b = T0_POP();
1014 uint32_t a = T0_POP();
1015 T0_PUSH(a * b);
1016
1017 }
1018 break;
1019 case 8: {
1020 /* + */
1021
1022 uint32_t b = T0_POP();
1023 uint32_t a = T0_POP();
1024 T0_PUSH(a + b);
1025
1026 }
1027 break;
1028 case 9: {
1029 /* - */
1030
1031 uint32_t b = T0_POP();
1032 uint32_t a = T0_POP();
1033 T0_PUSH(a - b);
1034
1035 }
1036 break;
1037 case 10: {
1038 /* < */
1039
1040 int32_t b = T0_POPi();
1041 int32_t a = T0_POPi();
1042 T0_PUSH(-(uint32_t)(a < b));
1043
1044 }
1045 break;
1046 case 11: {
1047 /* << */
1048
1049 int c = (int)T0_POPi();
1050 uint32_t x = T0_POP();
1051 T0_PUSH(x << c);
1052
1053 }
1054 break;
1055 case 12: {
1056 /* <= */
1057
1058 int32_t b = T0_POPi();
1059 int32_t a = T0_POPi();
1060 T0_PUSH(-(uint32_t)(a <= b));
1061
1062 }
1063 break;
1064 case 13: {
1065 /* <> */
1066
1067 uint32_t b = T0_POP();
1068 uint32_t a = T0_POP();
1069 T0_PUSH(-(uint32_t)(a != b));
1070
1071 }
1072 break;
1073 case 14: {
1074 /* = */
1075
1076 uint32_t b = T0_POP();
1077 uint32_t a = T0_POP();
1078 T0_PUSH(-(uint32_t)(a == b));
1079
1080 }
1081 break;
1082 case 15: {
1083 /* > */
1084
1085 int32_t b = T0_POPi();
1086 int32_t a = T0_POPi();
1087 T0_PUSH(-(uint32_t)(a > b));
1088
1089 }
1090 break;
1091 case 16: {
1092 /* >= */
1093
1094 int32_t b = T0_POPi();
1095 int32_t a = T0_POPi();
1096 T0_PUSH(-(uint32_t)(a >= b));
1097
1098 }
1099 break;
1100 case 17: {
1101 /* >> */
1102
1103 int c = (int)T0_POPi();
1104 int32_t x = T0_POPi();
1105 T0_PUSHi(x >> c);
1106
1107 }
1108 break;
1109 case 18: {
1110 /* anchor-dn-append-name */
1111
1112 size_t len;
1113
1114 len = T0_POP();
1115 if (CTX->client_auth_vtable != NULL) {
1116 (*CTX->client_auth_vtable)->append_name(
1117 CTX->client_auth_vtable, ENG->pad, len);
1118 }
1119
1120 }
1121 break;
1122 case 19: {
1123 /* anchor-dn-end-name */
1124
1125 if (CTX->client_auth_vtable != NULL) {
1126 (*CTX->client_auth_vtable)->end_name(
1127 CTX->client_auth_vtable);
1128 }
1129
1130 }
1131 break;
1132 case 20: {
1133 /* anchor-dn-end-name-list */
1134
1135 if (CTX->client_auth_vtable != NULL) {
1136 (*CTX->client_auth_vtable)->end_name_list(
1137 CTX->client_auth_vtable);
1138 }
1139
1140 }
1141 break;
1142 case 21: {
1143 /* anchor-dn-start-name */
1144
1145 size_t len;
1146
1147 len = T0_POP();
1148 if (CTX->client_auth_vtable != NULL) {
1149 (*CTX->client_auth_vtable)->start_name(
1150 CTX->client_auth_vtable, len);
1151 }
1152
1153 }
1154 break;
1155 case 22: {
1156 /* anchor-dn-start-name-list */
1157
1158 if (CTX->client_auth_vtable != NULL) {
1159 (*CTX->client_auth_vtable)->start_name_list(
1160 CTX->client_auth_vtable);
1161 }
1162
1163 }
1164 break;
1165 case 23: {
1166 /* and */
1167
1168 uint32_t b = T0_POP();
1169 uint32_t a = T0_POP();
1170 T0_PUSH(a & b);
1171
1172 }
1173 break;
1174 case 24: {
1175 /* begin-cert */
1176
1177 if (ENG->chain_len == 0) {
1178 T0_PUSHi(-1);
1179 } else {
1180 ENG->cert_cur = ENG->chain->data;
1181 ENG->cert_len = ENG->chain->data_len;
1182 ENG->chain ++;
1183 ENG->chain_len --;
1184 T0_PUSH(ENG->cert_len);
1185 }
1186
1187 }
1188 break;
1189 case 25: {
1190 /* bzero */
1191
1192 size_t len = (size_t)T0_POP();
1193 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
1194 memset(addr, 0, len);
1195
1196 }
1197 break;
1198 case 26: {
1199 /* can-output? */
1200
1201 T0_PUSHi(-(ENG->hlen_out > 0));
1202
1203 }
1204 break;
1205 case 27: {
1206 /* co */
1207 T0_CO();
1208 }
1209 break;
1210 case 28: {
1211 /* compute-Finished-inner */
1212
1213 int prf_id = T0_POP();
1214 int from_client = T0_POPi();
1215 unsigned char seed[48];
1216 size_t seed_len;
1217
1218 br_tls_prf_impl prf = br_ssl_engine_get_PRF(ENG, prf_id);
1219 if (ENG->session.version >= BR_TLS12) {
1220 seed_len = br_multihash_out(&ENG->mhash, prf_id, seed);
1221 } else {
1222 br_multihash_out(&ENG->mhash, br_md5_ID, seed);
1223 br_multihash_out(&ENG->mhash, br_sha1_ID, seed + 16);
1224 seed_len = 36;
1225 }
1226 prf(ENG->pad, 12, ENG->session.master_secret,
1227 sizeof ENG->session.master_secret,
1228 from_client ? "client finished" : "server finished",
1229 seed, seed_len);
1230
1231 }
1232 break;
1233 case 29: {
1234 /* copy-cert-chunk */
1235
1236 size_t clen;
1237
1238 clen = ENG->cert_len;
1239 if (clen > sizeof ENG->pad) {
1240 clen = sizeof ENG->pad;
1241 }
1242 memcpy(ENG->pad, ENG->cert_cur, clen);
1243 ENG->cert_cur += clen;
1244 ENG->cert_len -= clen;
1245 T0_PUSH(clen);
1246
1247 }
1248 break;
1249 case 30: {
1250 /* copy-protocol-name */
1251
1252 size_t idx = T0_POP();
1253 size_t len = strlen(ENG->protocol_names[idx]);
1254 memcpy(ENG->pad, ENG->protocol_names[idx], len);
1255 T0_PUSH(len);
1256
1257 }
1258 break;
1259 case 31: {
1260 /* data-get8 */
1261
1262 size_t addr = T0_POP();
1263 T0_PUSH(t0_datablock[addr]);
1264
1265 }
1266 break;
1267 case 32: {
1268 /* discard-input */
1269
1270 ENG->hlen_in = 0;
1271
1272 }
1273 break;
1274 case 33: {
1275 /* do-client-sign */
1276
1277 size_t sig_len;
1278
1279 sig_len = make_client_sign(CTX);
1280 if (sig_len == 0) {
1281 br_ssl_engine_fail(ENG, BR_ERR_INVALID_ALGORITHM);
1282 T0_CO();
1283 }
1284 T0_PUSH(sig_len);
1285
1286 }
1287 break;
1288 case 34: {
1289 /* do-ecdh */
1290
1291 unsigned prf_id = T0_POP();
1292 unsigned ecdhe = T0_POP();
1293 int x;
1294
1295 x = make_pms_ecdh(CTX, ecdhe, prf_id);
1296 if (x < 0) {
1297 br_ssl_engine_fail(ENG, -x);
1298 T0_CO();
1299 } else {
1300 T0_PUSH(x);
1301 }
1302
1303 }
1304 break;
1305 case 35: {
1306 /* do-rsa-encrypt */
1307
1308 int x;
1309
1310 x = make_pms_rsa(CTX, T0_POP());
1311 if (x < 0) {
1312 br_ssl_engine_fail(ENG, -x);
1313 T0_CO();
1314 } else {
1315 T0_PUSH(x);
1316 }
1317
1318 }
1319 break;
1320 case 36: {
1321 /* do-static-ecdh */
1322
1323 unsigned prf_id = T0_POP();
1324
1325 if (make_pms_static_ecdh(CTX, prf_id) < 0) {
1326 br_ssl_engine_fail(ENG, BR_ERR_INVALID_ALGORITHM);
1327 T0_CO();
1328 }
1329
1330 }
1331 break;
1332 case 37: {
1333 /* drop */
1334 (void)T0_POP();
1335 }
1336 break;
1337 case 38: {
1338 /* dup */
1339 T0_PUSH(T0_PEEK(0));
1340 }
1341 break;
1342 case 39: {
1343 /* ext-ALPN-length */
1344
1345 size_t u, len;
1346
1347 if (ENG->protocol_names_num == 0) {
1348 T0_PUSH(0);
1349 T0_RET();
1350 }
1351 len = 6;
1352 for (u = 0; u < ENG->protocol_names_num; u ++) {
1353 len += 1 + strlen(ENG->protocol_names[u]);
1354 }
1355 T0_PUSH(len);
1356
1357 }
1358 break;
1359 case 40: {
1360 /* fail */
1361
1362 br_ssl_engine_fail(ENG, (int)T0_POPi());
1363 T0_CO();
1364
1365 }
1366 break;
1367 case 41: {
1368 /* flush-record */
1369
1370 br_ssl_engine_flush_record(ENG);
1371
1372 }
1373 break;
1374 case 42: {
1375 /* get-client-chain */
1376
1377 uint32_t auth_types;
1378
1379 auth_types = T0_POP();
1380 if (CTX->client_auth_vtable != NULL) {
1381 br_ssl_client_certificate ux;
1382
1383 (*CTX->client_auth_vtable)->choose(CTX->client_auth_vtable,
1384 CTX, auth_types, &ux);
1385 CTX->auth_type = (unsigned char)ux.auth_type;
1386 CTX->hash_id = (unsigned char)ux.hash_id;
1387 ENG->chain = ux.chain;
1388 ENG->chain_len = ux.chain_len;
1389 } else {
1390 CTX->hash_id = 0;
1391 ENG->chain_len = 0;
1392 }
1393
1394 }
1395 break;
1396 case 43: {
1397 /* get-key-type-usages */
1398
1399 const br_x509_class *xc;
1400 const br_x509_pkey *pk;
1401 unsigned usages;
1402
1403 xc = *(ENG->x509ctx);
1404 pk = xc->get_pkey(ENG->x509ctx, &usages);
1405 if (pk == NULL) {
1406 T0_PUSH(0);
1407 } else {
1408 T0_PUSH(pk->key_type | usages);
1409 }
1410
1411 }
1412 break;
1413 case 44: {
1414 /* get16 */
1415
1416 size_t addr = (size_t)T0_POP();
1417 T0_PUSH(*(uint16_t *)((unsigned char *)ENG + addr));
1418
1419 }
1420 break;
1421 case 45: {
1422 /* get32 */
1423
1424 size_t addr = (size_t)T0_POP();
1425 T0_PUSH(*(uint32_t *)((unsigned char *)ENG + addr));
1426
1427 }
1428 break;
1429 case 46: {
1430 /* get8 */
1431
1432 size_t addr = (size_t)T0_POP();
1433 T0_PUSH(*((unsigned char *)ENG + addr));
1434
1435 }
1436 break;
1437 case 47: {
1438 /* has-input? */
1439
1440 T0_PUSHi(-(ENG->hlen_in != 0));
1441
1442 }
1443 break;
1444 case 48: {
1445 /* memcmp */
1446
1447 size_t len = (size_t)T0_POP();
1448 void *addr2 = (unsigned char *)ENG + (size_t)T0_POP();
1449 void *addr1 = (unsigned char *)ENG + (size_t)T0_POP();
1450 int x = memcmp(addr1, addr2, len);
1451 T0_PUSH((uint32_t)-(x == 0));
1452
1453 }
1454 break;
1455 case 49: {
1456 /* memcpy */
1457
1458 size_t len = (size_t)T0_POP();
1459 void *src = (unsigned char *)ENG + (size_t)T0_POP();
1460 void *dst = (unsigned char *)ENG + (size_t)T0_POP();
1461 memcpy(dst, src, len);
1462
1463 }
1464 break;
1465 case 50: {
1466 /* mkrand */
1467
1468 size_t len = (size_t)T0_POP();
1469 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
1470 br_hmac_drbg_generate(&ENG->rng, addr, len);
1471
1472 }
1473 break;
1474 case 51: {
1475 /* more-incoming-bytes? */
1476
1477 T0_PUSHi(ENG->hlen_in != 0 || !br_ssl_engine_recvrec_finished(ENG));
1478
1479 }
1480 break;
1481 case 52: {
1482 /* multihash-init */
1483
1484 br_multihash_init(&ENG->mhash);
1485
1486 }
1487 break;
1488 case 53: {
1489 /* neg */
1490
1491 uint32_t a = T0_POP();
1492 T0_PUSH(-a);
1493
1494 }
1495 break;
1496 case 54: {
1497 /* not */
1498
1499 uint32_t a = T0_POP();
1500 T0_PUSH(~a);
1501
1502 }
1503 break;
1504 case 55: {
1505 /* or */
1506
1507 uint32_t b = T0_POP();
1508 uint32_t a = T0_POP();
1509 T0_PUSH(a | b);
1510
1511 }
1512 break;
1513 case 56: {
1514 /* over */
1515 T0_PUSH(T0_PEEK(1));
1516 }
1517 break;
1518 case 57: {
1519 /* read-chunk-native */
1520
1521 size_t clen = ENG->hlen_in;
1522 if (clen > 0) {
1523 uint32_t addr, len;
1524
1525 len = T0_POP();
1526 addr = T0_POP();
1527 if ((size_t)len < clen) {
1528 clen = (size_t)len;
1529 }
1530 memcpy((unsigned char *)ENG + addr, ENG->hbuf_in, clen);
1531 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1532 br_multihash_update(&ENG->mhash, ENG->hbuf_in, clen);
1533 }
1534 T0_PUSH(addr + (uint32_t)clen);
1535 T0_PUSH(len - (uint32_t)clen);
1536 ENG->hbuf_in += clen;
1537 ENG->hlen_in -= clen;
1538 }
1539
1540 }
1541 break;
1542 case 58: {
1543 /* read8-native */
1544
1545 if (ENG->hlen_in > 0) {
1546 unsigned char x;
1547
1548 x = *ENG->hbuf_in ++;
1549 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1550 br_multihash_update(&ENG->mhash, &x, 1);
1551 }
1552 T0_PUSH(x);
1553 ENG->hlen_in --;
1554 } else {
1555 T0_PUSHi(-1);
1556 }
1557
1558 }
1559 break;
1560 case 59: {
1561 /* set-server-curve */
1562
1563 const br_x509_class *xc;
1564 const br_x509_pkey *pk;
1565
1566 xc = *(ENG->x509ctx);
1567 pk = xc->get_pkey(ENG->x509ctx, NULL);
1568 CTX->server_curve =
1569 (pk->key_type == BR_KEYTYPE_EC) ? pk->key.ec.curve : 0;
1570
1571 }
1572 break;
1573 case 60: {
1574 /* set16 */
1575
1576 size_t addr = (size_t)T0_POP();
1577 *(uint16_t *)((unsigned char *)ENG + addr) = (uint16_t)T0_POP();
1578
1579 }
1580 break;
1581 case 61: {
1582 /* set32 */
1583
1584 size_t addr = (size_t)T0_POP();
1585 *(uint32_t *)((unsigned char *)ENG + addr) = (uint32_t)T0_POP();
1586
1587 }
1588 break;
1589 case 62: {
1590 /* set8 */
1591
1592 size_t addr = (size_t)T0_POP();
1593 *((unsigned char *)ENG + addr) = (unsigned char)T0_POP();
1594
1595 }
1596 break;
1597 case 63: {
1598 /* strlen */
1599
1600 void *str = (unsigned char *)ENG + (size_t)T0_POP();
1601 T0_PUSH((uint32_t)strlen(str));
1602
1603 }
1604 break;
1605 case 64: {
1606 /* supported-curves */
1607
1608 uint32_t x = ENG->iec == NULL ? 0 : ENG->iec->supported_curves;
1609 T0_PUSH(x);
1610
1611 }
1612 break;
1613 case 65: {
1614 /* supported-hash-functions */
1615
1616 int i;
1617 unsigned x, num;
1618
1619 x = 0;
1620 num = 0;
1621 for (i = br_sha1_ID; i <= br_sha512_ID; i ++) {
1622 if (br_multihash_getimpl(&ENG->mhash, i)) {
1623 x |= 1U << i;
1624 num ++;
1625 }
1626 }
1627 T0_PUSH(x);
1628 T0_PUSH(num);
1629
1630 }
1631 break;
1632 case 66: {
1633 /* supports-ecdsa? */
1634
1635 T0_PUSHi(-(ENG->iecdsa != 0));
1636
1637 }
1638 break;
1639 case 67: {
1640 /* supports-rsa-sign? */
1641
1642 T0_PUSHi(-(ENG->irsavrfy != 0));
1643
1644 }
1645 break;
1646 case 68: {
1647 /* swap */
1648 T0_SWAP();
1649 }
1650 break;
1651 case 69: {
1652 /* switch-aesgcm-in */
1653
1654 int is_client, prf_id;
1655 unsigned cipher_key_len;
1656
1657 cipher_key_len = T0_POP();
1658 prf_id = T0_POP();
1659 is_client = T0_POP();
1660 br_ssl_engine_switch_gcm_in(ENG, is_client, prf_id,
1661 ENG->iaes_ctr, cipher_key_len);
1662
1663 }
1664 break;
1665 case 70: {
1666 /* switch-aesgcm-out */
1667
1668 int is_client, prf_id;
1669 unsigned cipher_key_len;
1670
1671 cipher_key_len = T0_POP();
1672 prf_id = T0_POP();
1673 is_client = T0_POP();
1674 br_ssl_engine_switch_gcm_out(ENG, is_client, prf_id,
1675 ENG->iaes_ctr, cipher_key_len);
1676
1677 }
1678 break;
1679 case 71: {
1680 /* switch-cbc-in */
1681
1682 int is_client, prf_id, mac_id, aes;
1683 unsigned cipher_key_len;
1684
1685 cipher_key_len = T0_POP();
1686 aes = T0_POP();
1687 mac_id = T0_POP();
1688 prf_id = T0_POP();
1689 is_client = T0_POP();
1690 br_ssl_engine_switch_cbc_in(ENG, is_client, prf_id, mac_id,
1691 aes ? ENG->iaes_cbcdec : ENG->ides_cbcdec, cipher_key_len);
1692
1693 }
1694 break;
1695 case 72: {
1696 /* switch-cbc-out */
1697
1698 int is_client, prf_id, mac_id, aes;
1699 unsigned cipher_key_len;
1700
1701 cipher_key_len = T0_POP();
1702 aes = T0_POP();
1703 mac_id = T0_POP();
1704 prf_id = T0_POP();
1705 is_client = T0_POP();
1706 br_ssl_engine_switch_cbc_out(ENG, is_client, prf_id, mac_id,
1707 aes ? ENG->iaes_cbcenc : ENG->ides_cbcenc, cipher_key_len);
1708
1709 }
1710 break;
1711 case 73: {
1712 /* switch-chapol-in */
1713
1714 int is_client, prf_id;
1715
1716 prf_id = T0_POP();
1717 is_client = T0_POP();
1718 br_ssl_engine_switch_chapol_in(ENG, is_client, prf_id);
1719
1720 }
1721 break;
1722 case 74: {
1723 /* switch-chapol-out */
1724
1725 int is_client, prf_id;
1726
1727 prf_id = T0_POP();
1728 is_client = T0_POP();
1729 br_ssl_engine_switch_chapol_out(ENG, is_client, prf_id);
1730
1731 }
1732 break;
1733 case 75: {
1734 /* test-protocol-name */
1735
1736 size_t len = T0_POP();
1737 size_t u;
1738
1739 for (u = 0; u < ENG->protocol_names_num; u ++) {
1740 const char *name;
1741
1742 name = ENG->protocol_names[u];
1743 if (len == strlen(name) && memcmp(ENG->pad, name, len) == 0) {
1744 T0_PUSH(u);
1745 T0_RET();
1746 }
1747 }
1748 T0_PUSHi(-1);
1749
1750 }
1751 break;
1752 case 76: {
1753 /* total-chain-length */
1754
1755 size_t u;
1756 uint32_t total;
1757
1758 total = 0;
1759 for (u = 0; u < ENG->chain_len; u ++) {
1760 total += 3 + (uint32_t)ENG->chain[u].data_len;
1761 }
1762 T0_PUSH(total);
1763
1764 }
1765 break;
1766 case 77: {
1767 /* u>> */
1768
1769 int c = (int)T0_POPi();
1770 uint32_t x = T0_POP();
1771 T0_PUSH(x >> c);
1772
1773 }
1774 break;
1775 case 78: {
1776 /* verify-SKE-sig */
1777
1778 size_t sig_len = T0_POP();
1779 int use_rsa = T0_POPi();
1780 int hash = T0_POPi();
1781
1782 T0_PUSH(verify_SKE_sig(CTX, hash, use_rsa, sig_len));
1783
1784 }
1785 break;
1786 case 79: {
1787 /* write-blob-chunk */
1788
1789 size_t clen = ENG->hlen_out;
1790 if (clen > 0) {
1791 uint32_t addr, len;
1792
1793 len = T0_POP();
1794 addr = T0_POP();
1795 if ((size_t)len < clen) {
1796 clen = (size_t)len;
1797 }
1798 memcpy(ENG->hbuf_out, (unsigned char *)ENG + addr, clen);
1799 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1800 br_multihash_update(&ENG->mhash, ENG->hbuf_out, clen);
1801 }
1802 T0_PUSH(addr + (uint32_t)clen);
1803 T0_PUSH(len - (uint32_t)clen);
1804 ENG->hbuf_out += clen;
1805 ENG->hlen_out -= clen;
1806 }
1807
1808 }
1809 break;
1810 case 80: {
1811 /* write8-native */
1812
1813 unsigned char x;
1814
1815 x = (unsigned char)T0_POP();
1816 if (ENG->hlen_out > 0) {
1817 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1818 br_multihash_update(&ENG->mhash, &x, 1);
1819 }
1820 *ENG->hbuf_out ++ = x;
1821 ENG->hlen_out --;
1822 T0_PUSHi(-1);
1823 } else {
1824 T0_PUSHi(0);
1825 }
1826
1827 }
1828 break;
1829 case 81: {
1830 /* x509-append */
1831
1832 const br_x509_class *xc;
1833 size_t len;
1834
1835 xc = *(ENG->x509ctx);
1836 len = T0_POP();
1837 xc->append(ENG->x509ctx, ENG->pad, len);
1838
1839 }
1840 break;
1841 case 82: {
1842 /* x509-end-cert */
1843
1844 const br_x509_class *xc;
1845
1846 xc = *(ENG->x509ctx);
1847 xc->end_cert(ENG->x509ctx);
1848
1849 }
1850 break;
1851 case 83: {
1852 /* x509-end-chain */
1853
1854 const br_x509_class *xc;
1855
1856 xc = *(ENG->x509ctx);
1857 T0_PUSH(xc->end_chain(ENG->x509ctx));
1858
1859 }
1860 break;
1861 case 84: {
1862 /* x509-start-cert */
1863
1864 const br_x509_class *xc;
1865
1866 xc = *(ENG->x509ctx);
1867 xc->start_cert(ENG->x509ctx, T0_POP());
1868
1869 }
1870 break;
1871 case 85: {
1872 /* x509-start-chain */
1873
1874 const br_x509_class *xc;
1875 uint32_t bc;
1876
1877 bc = T0_POP();
1878 xc = *(ENG->x509ctx);
1879 xc->start_chain(ENG->x509ctx, bc ? ENG->server_name : NULL);
1880
1881 }
1882 break;
1883 }
1884
1885 } else {
1886 T0_ENTER(ip, rp, t0x);
1887 }
1888 }
1889 t0_exit:
1890 ((t0_context *)t0ctx)->dp = dp;
1891 ((t0_context *)t0ctx)->rp = rp;
1892 ((t0_context *)t0ctx)->ip = ip;
1893 }
The BearSSL library and tools.