1 /* Automatically generated code; do not modify directly. */
9 const unsigned char *ip
;
13 t0_parse7E_unsigned(const unsigned char **p
)
22 x
= (x
<< 7) | (uint32_t)(y
& 0x7F);
30 t0_parse7E_signed(const unsigned char **p
)
35 neg
= ((**p
) >> 6) & 1;
41 x
= (x
<< 7) | (uint32_t)(y
& 0x7F);
44 return -(int32_t)~x
- 1;
52 #define T0_VBYTE(x, n) (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) | 0x80)
53 #define T0_FBYTE(x, n) (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)
54 #define T0_SBYTE(x) (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)
55 #define T0_INT1(x) T0_FBYTE(x, 0)
56 #define T0_INT2(x) T0_VBYTE(x, 7), T0_FBYTE(x, 0)
57 #define T0_INT3(x) T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
58 #define T0_INT4(x) T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
59 #define T0_INT5(x) T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
61 /* static const unsigned char t0_datablock[]; */
64 void br_ssl_hs_client_init_main(void *t0ctx
);
66 void br_ssl_hs_client_run(void *t0ctx
);
76 * This macro evaluates to a pointer to the current engine context.
78 #define ENG ((br_ssl_engine_context *)(void *)((unsigned char *)t0ctx - offsetof(br_ssl_engine_context, cpu)))
85 * This macro evaluates to a pointer to the client context, under that
86 * specific name. It must be noted that since the engine context is the
87 * first field of the br_ssl_client_context structure ('eng'), then
88 * pointers values of both types are interchangeable, modulo an
89 * appropriate cast. This also means that "addresses" computed as offsets
90 * within the structure work for both kinds of context.
92 #define CTX ((br_ssl_client_context *)ENG)
95 * Generate the pre-master secret for RSA key exchange, and encrypt it
96 * with the server's public key. Returned value is either the encrypted
97 * data length (in bytes), or -x on error, with 'x' being an error code.
99 * This code assumes that the public key has been already verified (it
100 * was properly obtained by the X.509 engine, and it has the right type,
101 * i.e. it is of type RSA and suitable for encryption).
104 make_pms_rsa(br_ssl_client_context
*ctx
, int prf_id
)
106 const br_x509_class
**xc
;
107 const br_x509_pkey
*pk
;
108 const unsigned char *n
;
112 xc
= ctx
->eng
.x509ctx
;
113 pk
= (*xc
)->get_pkey(xc
, NULL
);
116 * Compute actual RSA key length, in case there are leading zeros.
119 nlen
= pk
->key
.rsa
.nlen
;
120 while (nlen
> 0 && *n
== 0) {
126 * We need at least 59 bytes (48 bytes for pre-master secret, and
127 * 11 bytes for the PKCS#1 type 2 padding). Note that the X.509
128 * minimal engine normally blocks RSA keys shorter than 128 bytes,
129 * so this is mostly for public keys provided explicitly by the
133 return -BR_ERR_X509_WEAK_PUBLIC_KEY
;
135 if (nlen
> sizeof ctx
->eng
.pad
) {
136 return -BR_ERR_LIMIT_EXCEEDED
;
142 pms
= ctx
->eng
.pad
+ nlen
- 48;
143 br_enc16be(pms
, ctx
->eng
.version_max
);
144 br_hmac_drbg_generate(&ctx
->eng
.rng
, pms
+ 2, 46);
145 br_ssl_engine_compute_master(&ctx
->eng
, prf_id
, pms
, 48);
148 * Apply PKCS#1 type 2 padding.
150 ctx
->eng
.pad
[0] = 0x00;
151 ctx
->eng
.pad
[1] = 0x02;
152 ctx
->eng
.pad
[nlen
- 49] = 0x00;
153 br_hmac_drbg_generate(&ctx
->eng
.rng
, ctx
->eng
.pad
+ 2, nlen
- 51);
154 for (u
= 2; u
< nlen
- 49; u
++) {
155 while (ctx
->eng
.pad
[u
] == 0) {
156 br_hmac_drbg_generate(&ctx
->eng
.rng
,
157 &ctx
->eng
.pad
[u
], 1);
162 * Compute RSA encryption.
164 if (!ctx
->irsapub(ctx
->eng
.pad
, nlen
, &pk
->key
.rsa
)) {
165 return -BR_ERR_LIMIT_EXCEEDED
;
171 * OID for hash functions in RSA signatures.
173 static const unsigned char *HASH_OID
[] = {
182 * Check the RSA signature on the ServerKeyExchange message.
184 * hash hash function ID (2 to 6), or 0 for MD5+SHA-1 (with RSA only)
185 * use_rsa non-zero for RSA signature, zero for ECDSA
186 * sig_len signature length (in bytes); signature value is in the pad
188 * Returned value is 0 on success, or an error code.
191 verify_SKE_sig(br_ssl_client_context
*ctx
,
192 int hash
, int use_rsa
, size_t sig_len
)
194 const br_x509_class
**xc
;
195 const br_x509_pkey
*pk
;
196 br_multihash_context mhc
;
197 unsigned char hv
[64], head
[4];
200 xc
= ctx
->eng
.x509ctx
;
201 pk
= (*xc
)->get_pkey(xc
, NULL
);
202 br_multihash_zero(&mhc
);
203 br_multihash_copyimpl(&mhc
, &ctx
->eng
.mhash
);
204 br_multihash_init(&mhc
);
205 br_multihash_update(&mhc
,
206 ctx
->eng
.client_random
, sizeof ctx
->eng
.client_random
);
207 br_multihash_update(&mhc
,
208 ctx
->eng
.server_random
, sizeof ctx
->eng
.server_random
);
211 head
[2] = ctx
->eng
.ecdhe_curve
;
212 head
[3] = ctx
->eng
.ecdhe_point_len
;
213 br_multihash_update(&mhc
, head
, sizeof head
);
214 br_multihash_update(&mhc
,
215 ctx
->eng
.ecdhe_point
, ctx
->eng
.ecdhe_point_len
);
217 hv_len
= br_multihash_out(&mhc
, hash
, hv
);
219 return BR_ERR_INVALID_ALGORITHM
;
222 if (!br_multihash_out(&mhc
, br_md5_ID
, hv
)
223 || !br_multihash_out(&mhc
, br_sha1_ID
, hv
+ 16))
225 return BR_ERR_INVALID_ALGORITHM
;
230 unsigned char tmp
[64];
231 const unsigned char *hash_oid
;
234 hash_oid
= HASH_OID
[hash
- 2];
238 if (!ctx
->eng
.irsavrfy(ctx
->eng
.pad
, sig_len
,
239 hash_oid
, hv_len
, &pk
->key
.rsa
, tmp
)
240 || memcmp(tmp
, hv
, hv_len
) != 0)
242 return BR_ERR_BAD_SIGNATURE
;
245 if (!ctx
->eng
.iecdsa(ctx
->eng
.iec
, hv
, hv_len
, &pk
->key
.ec
,
246 ctx
->eng
.pad
, sig_len
))
248 return BR_ERR_BAD_SIGNATURE
;
255 * Perform client-side ECDH (or ECDHE). The point that should be sent to
256 * the server is written in the pad; returned value is either the point
257 * length (in bytes), or -x on error, with 'x' being an error code.
259 * The point _from_ the server is taken from ecdhe_point[] if 'ecdhe'
260 * is non-zero, or from the X.509 engine context if 'ecdhe' is zero
264 make_pms_ecdh(br_ssl_client_context
*ctx
, unsigned ecdhe
, int prf_id
)
267 unsigned char key
[66], point
[133];
268 const unsigned char *order
, *point_src
;
269 size_t glen
, olen
, point_len
, xoff
, xlen
;
273 curve
= ctx
->eng
.ecdhe_curve
;
274 point_src
= ctx
->eng
.ecdhe_point
;
275 point_len
= ctx
->eng
.ecdhe_point_len
;
277 const br_x509_class
**xc
;
278 const br_x509_pkey
*pk
;
280 xc
= ctx
->eng
.x509ctx
;
281 pk
= (*xc
)->get_pkey(xc
, NULL
);
282 curve
= pk
->key
.ec
.curve
;
283 point_src
= pk
->key
.ec
.q
;
284 point_len
= pk
->key
.ec
.qlen
;
286 if ((ctx
->eng
.iec
->supported_curves
& ((uint32_t)1 << curve
)) == 0) {
287 return -BR_ERR_INVALID_ALGORITHM
;
291 * We need to generate our key, as a non-zero random value which
292 * is lower than the curve order, in a "large enough" range. We
293 * force top bit to 0 and bottom bit to 1, which guarantees that
294 * the value is in the proper range.
296 order
= ctx
->eng
.iec
->order(curve
, &olen
);
298 while (mask
>= order
[0]) {
301 br_hmac_drbg_generate(&ctx
->eng
.rng
, key
, olen
);
303 key
[olen
- 1] |= 0x01;
306 * Compute the common ECDH point, whose X coordinate is the
309 ctx
->eng
.iec
->generator(curve
, &glen
);
310 if (glen
!= point_len
) {
311 return -BR_ERR_INVALID_ALGORITHM
;
314 memcpy(point
, point_src
, glen
);
315 if (!ctx
->eng
.iec
->mul(point
, glen
, key
, olen
, curve
)) {
316 return -BR_ERR_INVALID_ALGORITHM
;
320 * The pre-master secret is the X coordinate.
322 xoff
= ctx
->eng
.iec
->xoff(curve
, &xlen
);
323 br_ssl_engine_compute_master(&ctx
->eng
, prf_id
, point
+ xoff
, xlen
);
325 ctx
->eng
.iec
->mulgen(point
, key
, olen
, curve
);
326 memcpy(ctx
->eng
.pad
, point
, glen
);
331 * Perform full static ECDH. This occurs only in the context of client
332 * authentication with certificates: the server uses an EC public key,
333 * the cipher suite is of type ECDH (not ECDHE), the server requested a
334 * client certificate and accepts static ECDH, the client has a
335 * certificate with an EC public key in the same curve, and accepts
336 * static ECDH as well.
338 * Returned value is 0 on success, -1 on error.
341 make_pms_static_ecdh(br_ssl_client_context
*ctx
, int prf_id
)
343 unsigned char point
[133];
345 const br_x509_class
**xc
;
346 const br_x509_pkey
*pk
;
348 xc
= ctx
->eng
.x509ctx
;
349 pk
= (*xc
)->get_pkey(xc
, NULL
);
350 point_len
= pk
->key
.ec
.qlen
;
351 if (point_len
> sizeof point
) {
354 memcpy(point
, pk
->key
.ec
.q
, point_len
);
355 if (!(*ctx
->client_auth_vtable
)->do_keyx(
356 ctx
->client_auth_vtable
, point
, &point_len
))
360 br_ssl_engine_compute_master(&ctx
->eng
,
361 prf_id
, point
, point_len
);
366 * Compute the client-side signature. This is invoked only when a
367 * signature-based client authentication was selected. The computed
368 * signature is in the pad; its length (in bytes) is returned. On
369 * error, 0 is returned.
372 make_client_sign(br_ssl_client_context
*ctx
)
377 * Compute hash of handshake messages so far. This "cannot" fail
378 * because the list of supported hash functions provided to the
379 * client certificate handler was trimmed to include only the
380 * hash functions that the multi-hasher supports.
383 hv_len
= br_multihash_out(&ctx
->eng
.mhash
,
384 ctx
->hash_id
, ctx
->eng
.pad
);
386 br_multihash_out(&ctx
->eng
.mhash
,
387 br_md5_ID
, ctx
->eng
.pad
);
388 br_multihash_out(&ctx
->eng
.mhash
,
389 br_sha1_ID
, ctx
->eng
.pad
+ 16);
392 return (*ctx
->client_auth_vtable
)->do_sign(
393 ctx
->client_auth_vtable
, ctx
->hash_id
, hv_len
,
394 ctx
->eng
.pad
, sizeof ctx
->eng
.pad
);
399 static const unsigned char t0_datablock
[] = {
400 0x00, 0x00, 0x0A, 0x00, 0x24, 0x00, 0x2F, 0x01, 0x24, 0x00, 0x35, 0x02,
401 0x24, 0x00, 0x3C, 0x01, 0x44, 0x00, 0x3D, 0x02, 0x44, 0x00, 0x9C, 0x03,
402 0x04, 0x00, 0x9D, 0x04, 0x05, 0xC0, 0x03, 0x40, 0x24, 0xC0, 0x04, 0x41,
403 0x24, 0xC0, 0x05, 0x42, 0x24, 0xC0, 0x08, 0x20, 0x24, 0xC0, 0x09, 0x21,
404 0x24, 0xC0, 0x0A, 0x22, 0x24, 0xC0, 0x0D, 0x30, 0x24, 0xC0, 0x0E, 0x31,
405 0x24, 0xC0, 0x0F, 0x32, 0x24, 0xC0, 0x12, 0x10, 0x24, 0xC0, 0x13, 0x11,
406 0x24, 0xC0, 0x14, 0x12, 0x24, 0xC0, 0x23, 0x21, 0x44, 0xC0, 0x24, 0x22,
407 0x55, 0xC0, 0x25, 0x41, 0x44, 0xC0, 0x26, 0x42, 0x55, 0xC0, 0x27, 0x11,
408 0x44, 0xC0, 0x28, 0x12, 0x55, 0xC0, 0x29, 0x31, 0x44, 0xC0, 0x2A, 0x32,
409 0x55, 0xC0, 0x2B, 0x23, 0x04, 0xC0, 0x2C, 0x24, 0x05, 0xC0, 0x2D, 0x43,
410 0x04, 0xC0, 0x2E, 0x44, 0x05, 0xC0, 0x2F, 0x13, 0x04, 0xC0, 0x30, 0x14,
411 0x05, 0xC0, 0x31, 0x33, 0x04, 0xC0, 0x32, 0x34, 0x05, 0xC0, 0x9C, 0x06,
412 0x04, 0xC0, 0x9D, 0x07, 0x04, 0xC0, 0xA0, 0x08, 0x04, 0xC0, 0xA1, 0x09,
413 0x04, 0xC0, 0xAC, 0x26, 0x04, 0xC0, 0xAD, 0x27, 0x04, 0xC0, 0xAE, 0x28,
414 0x04, 0xC0, 0xAF, 0x29, 0x04, 0xCC, 0xA8, 0x15, 0x04, 0xCC, 0xA9, 0x25,
418 static const unsigned char t0_codeblock
[] = {
419 0x00, 0x01, 0x00, 0x0A, 0x00, 0x00, 0x01, 0x00, 0x0D, 0x00, 0x00, 0x01,
420 0x00, 0x0E, 0x00, 0x00, 0x01, 0x00, 0x0F, 0x00, 0x00, 0x01, 0x01, 0x08,
421 0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x02, 0x08, 0x00, 0x00,
422 0x01, 0x02, 0x09, 0x00, 0x00, 0x25, 0x25, 0x00, 0x00, 0x01,
423 T0_INT1(BR_ERR_BAD_CCS
), 0x00, 0x00, 0x01,
424 T0_INT1(BR_ERR_BAD_CIPHER_SUITE
), 0x00, 0x00, 0x01,
425 T0_INT1(BR_ERR_BAD_COMPRESSION
), 0x00, 0x00, 0x01,
426 T0_INT1(BR_ERR_BAD_FINISHED
), 0x00, 0x00, 0x01,
427 T0_INT1(BR_ERR_BAD_FRAGLEN
), 0x00, 0x00, 0x01,
428 T0_INT1(BR_ERR_BAD_HANDSHAKE
), 0x00, 0x00, 0x01,
429 T0_INT1(BR_ERR_BAD_HELLO_DONE
), 0x00, 0x00, 0x01,
430 T0_INT1(BR_ERR_BAD_PARAM
), 0x00, 0x00, 0x01,
431 T0_INT1(BR_ERR_BAD_SECRENEG
), 0x00, 0x00, 0x01,
432 T0_INT1(BR_ERR_BAD_SNI
), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_BAD_VERSION
),
433 0x00, 0x00, 0x01, T0_INT1(BR_ERR_EXTRA_EXTENSION
), 0x00, 0x00, 0x01,
434 T0_INT1(BR_ERR_INVALID_ALGORITHM
), 0x00, 0x00, 0x01,
435 T0_INT1(BR_ERR_LIMIT_EXCEEDED
), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OK
),
436 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OVERSIZED_ID
), 0x00, 0x00, 0x01,
437 T0_INT1(BR_ERR_RESUME_MISMATCH
), 0x00, 0x00, 0x01,
438 T0_INT1(BR_ERR_UNEXPECTED
), 0x00, 0x00, 0x01,
439 T0_INT1(BR_ERR_UNSUPPORTED_VERSION
), 0x00, 0x00, 0x01,
440 T0_INT1(BR_ERR_WRONG_KEY_USAGE
), 0x00, 0x00, 0x01,
441 T0_INT2(offsetof(br_ssl_engine_context
, action
)), 0x00, 0x00, 0x01,
442 T0_INT2(offsetof(br_ssl_engine_context
, alert
)), 0x00, 0x00, 0x01,
443 T0_INT2(offsetof(br_ssl_engine_context
, application_data
)), 0x00, 0x00,
444 0x01, T0_INT2(offsetof(br_ssl_client_context
, auth_type
)), 0x00, 0x00,
446 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, cipher_suite
)),
448 T0_INT2(offsetof(br_ssl_engine_context
, client_random
)), 0x00, 0x00,
449 0x01, T0_INT2(offsetof(br_ssl_engine_context
, close_received
)), 0x00,
450 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, ecdhe_curve
)),
452 T0_INT2(offsetof(br_ssl_engine_context
, ecdhe_point
)), 0x00, 0x00,
453 0x01, T0_INT2(offsetof(br_ssl_engine_context
, ecdhe_point_len
)), 0x00,
454 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, flags
)), 0x00,
455 0x00, 0x01, T0_INT2(offsetof(br_ssl_client_context
, hash_id
)), 0x00,
456 0x00, 0x01, T0_INT2(offsetof(br_ssl_client_context
, hashes
)), 0x00,
457 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, log_max_frag_len
)),
459 T0_INT2(offsetof(br_ssl_client_context
, min_clienthello_len
)), 0x00,
460 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, pad
)), 0x00, 0x00,
461 0x01, T0_INT2(offsetof(br_ssl_engine_context
, protocol_names_num
)),
463 T0_INT2(offsetof(br_ssl_engine_context
, record_type_in
)), 0x00, 0x00,
464 0x01, T0_INT2(offsetof(br_ssl_engine_context
, record_type_out
)), 0x00,
465 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, reneg
)), 0x00,
466 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, saved_finished
)),
468 T0_INT2(offsetof(br_ssl_engine_context
, selected_protocol
)), 0x00,
469 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, server_name
)),
471 T0_INT2(offsetof(br_ssl_engine_context
, server_random
)), 0x00, 0x00,
473 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, session_id
)),
475 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, session_id_len
)),
477 T0_INT2(offsetof(br_ssl_engine_context
, shutdown_recv
)), 0x00, 0x00,
478 0x01, T0_INT2(offsetof(br_ssl_engine_context
, suites_buf
)), 0x00, 0x00,
479 0x01, T0_INT2(offsetof(br_ssl_engine_context
, suites_num
)), 0x00, 0x00,
481 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, version
)),
482 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, version_in
)),
484 T0_INT2(offsetof(br_ssl_engine_context
, version_max
)), 0x00, 0x00,
485 0x01, T0_INT2(offsetof(br_ssl_engine_context
, version_min
)), 0x00,
486 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, version_out
)),
487 0x00, 0x00, 0x09, 0x26, 0x58, 0x06, 0x02, 0x68, 0x28, 0x00, 0x00, 0x06,
488 0x08, 0x2C, 0x0E, 0x05, 0x02, 0x71, 0x28, 0x04, 0x01, 0x3C, 0x00, 0x00,
489 0x01, 0x01, 0x00, 0x01, 0x03, 0x00, 0x99, 0x26, 0x5E, 0x44, 0x9D, 0x26,
490 0x05, 0x04, 0x60, 0x01, 0x00, 0x00, 0x02, 0x00, 0x0E, 0x06, 0x02, 0x9D,
491 0x00, 0x5E, 0x04, 0x6B, 0x00, 0x06, 0x02, 0x68, 0x28, 0x00, 0x00, 0x26,
492 0x89, 0x44, 0x05, 0x03, 0x01, 0x0C, 0x08, 0x44, 0x79, 0x2C, 0xAB, 0x1C,
493 0x84, 0x01, 0x0C, 0x31, 0x00, 0x00, 0x26, 0x1F, 0x01, 0x08, 0x0B, 0x44,
494 0x5C, 0x1F, 0x08, 0x00, 0x01, 0x03, 0x00, 0x77, 0x2E, 0x02, 0x00, 0x36,
495 0x17, 0x01, 0x01, 0x0B, 0x77, 0x3E, 0x29, 0x1A, 0x36, 0x06, 0x07, 0x02,
496 0x00, 0xCF, 0x03, 0x00, 0x04, 0x75, 0x01, 0x00, 0xC5, 0x02, 0x00, 0x26,
497 0x1A, 0x17, 0x06, 0x02, 0x6F, 0x28, 0xCF, 0x04, 0x76, 0x01, 0x01, 0x00,
498 0x77, 0x3E, 0x01, 0x16, 0x87, 0x3E, 0x01, 0x00, 0x8A, 0x3C, 0x34, 0xD5,
499 0x29, 0xB4, 0x06, 0x09, 0x01, 0x7F, 0xAF, 0x01, 0x7F, 0xD2, 0x04, 0x80,
500 0x53, 0xB1, 0x79, 0x2C, 0xA1, 0x01, T0_INT1(BR_KEYTYPE_SIGN
), 0x17,
501 0x06, 0x01, 0xB5, 0xB8, 0x26, 0x01, 0x0D, 0x0E, 0x06, 0x07, 0x25, 0xB7,
502 0xB8, 0x01, 0x7F, 0x04, 0x02, 0x01, 0x00, 0x03, 0x00, 0x01, 0x0E, 0x0E,
503 0x05, 0x02, 0x72, 0x28, 0x06, 0x02, 0x67, 0x28, 0x33, 0x06, 0x02, 0x72,
504 0x28, 0x02, 0x00, 0x06, 0x1C, 0xD3, 0x80, 0x2E, 0x01, 0x81, 0x7F, 0x0E,
505 0x06, 0x0D, 0x25, 0x01, 0x10, 0xDE, 0x01, 0x00, 0xDD, 0x79, 0x2C, 0xAB,
506 0x24, 0x04, 0x04, 0xD6, 0x06, 0x01, 0xD4, 0x04, 0x01, 0xD6, 0x01, 0x7F,
507 0xD2, 0x01, 0x7F, 0xAF, 0x01, 0x01, 0x77, 0x3E, 0x01, 0x17, 0x87, 0x3E,
508 0x00, 0x00, 0x38, 0x38, 0x00, 0x00, 0x9A, 0x01, 0x0C, 0x11, 0x01, 0x00,
509 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
510 T0_INT1(BR_KEYTYPE_RSA
| BR_KEYTYPE_KEYX
), 0x04, 0x30, 0x01, 0x01,
511 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
512 T0_INT1(BR_KEYTYPE_RSA
| BR_KEYTYPE_SIGN
), 0x04, 0x25, 0x01, 0x02,
513 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
514 T0_INT1(BR_KEYTYPE_EC
| BR_KEYTYPE_SIGN
), 0x04, 0x1A, 0x01, 0x03,
515 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
516 T0_INT1(BR_KEYTYPE_EC
| BR_KEYTYPE_KEYX
), 0x04, 0x0F, 0x01, 0x04,
517 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
518 T0_INT1(BR_KEYTYPE_EC
| BR_KEYTYPE_KEYX
), 0x04, 0x04, 0x01, 0x00,
519 0x44, 0x25, 0x00, 0x00, 0x82, 0x2E, 0x01, 0x0E, 0x0E, 0x06, 0x04, 0x01,
520 0x00, 0x04, 0x02, 0x01, 0x05, 0x00, 0x00, 0x40, 0x06, 0x04, 0x01, 0x06,
521 0x04, 0x02, 0x01, 0x00, 0x00, 0x00, 0x88, 0x2E, 0x26, 0x06, 0x08, 0x01,
522 0x01, 0x09, 0x01, 0x11, 0x07, 0x04, 0x03, 0x25, 0x01, 0x05, 0x00, 0x01,
523 0x41, 0x03, 0x00, 0x25, 0x01, 0x00, 0x43, 0x06, 0x03, 0x02, 0x00, 0x08,
524 0x42, 0x06, 0x03, 0x02, 0x00, 0x08, 0x26, 0x06, 0x06, 0x01, 0x01, 0x0B,
525 0x01, 0x06, 0x08, 0x00, 0x00, 0x8B, 0x3F, 0x26, 0x06, 0x03, 0x01, 0x09,
526 0x08, 0x00, 0x01, 0x40, 0x26, 0x06, 0x1E, 0x01, 0x00, 0x03, 0x00, 0x26,
527 0x06, 0x0E, 0x26, 0x01, 0x01, 0x17, 0x02, 0x00, 0x08, 0x03, 0x00, 0x01,
528 0x01, 0x11, 0x04, 0x6F, 0x25, 0x02, 0x00, 0x01, 0x01, 0x0B, 0x01, 0x06,
529 0x08, 0x00, 0x00, 0x7F, 0x2D, 0x44, 0x11, 0x01, 0x01, 0x17, 0x35, 0x00,
530 0x00, 0x9F, 0xCE, 0x26, 0x01, 0x07, 0x17, 0x01, 0x00, 0x38, 0x0E, 0x06,
531 0x09, 0x25, 0x01, 0x10, 0x17, 0x06, 0x01, 0x9F, 0x04, 0x35, 0x01, 0x01,
532 0x38, 0x0E, 0x06, 0x2C, 0x25, 0x25, 0x01, 0x00, 0x77, 0x3E, 0xB3, 0x88,
533 0x2E, 0x01, 0x01, 0x0E, 0x01, 0x01, 0xA8, 0x37, 0x06, 0x17, 0x29, 0x1A,
534 0x36, 0x06, 0x04, 0xCE, 0x25, 0x04, 0x78, 0x01, 0x80, 0x64, 0xC5, 0x01,
535 0x01, 0x77, 0x3E, 0x01, 0x17, 0x87, 0x3E, 0x04, 0x01, 0x9F, 0x04, 0x03,
536 0x72, 0x28, 0x25, 0x04, 0xFF, 0x34, 0x01, 0x26, 0x03, 0x00, 0x09, 0x26,
537 0x58, 0x06, 0x02, 0x68, 0x28, 0x02, 0x00, 0x00, 0x00, 0x9A, 0x01, 0x0F,
538 0x17, 0x00, 0x00, 0x76, 0x2E, 0x01, 0x00, 0x38, 0x0E, 0x06, 0x10, 0x25,
539 0x26, 0x01, 0x01, 0x0D, 0x06, 0x03, 0x25, 0x01, 0x02, 0x76, 0x3E, 0x01,
540 0x00, 0x04, 0x21, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x14, 0x25, 0x01, 0x00,
541 0x76, 0x3E, 0x26, 0x01, 0x80, 0x64, 0x0E, 0x06, 0x05, 0x01, 0x82, 0x00,
542 0x08, 0x28, 0x5A, 0x04, 0x07, 0x25, 0x01, 0x82, 0x00, 0x08, 0x28, 0x25,
543 0x00, 0x00, 0x01, 0x00, 0x2F, 0x06, 0x05, 0x3A, 0xAC, 0x37, 0x04, 0x78,
544 0x26, 0x06, 0x04, 0x01, 0x01, 0x8F, 0x3E, 0x00, 0x01, 0xBF, 0xAA, 0xBF,
545 0xAA, 0xC1, 0x84, 0x44, 0x26, 0x03, 0x00, 0xB6, 0x9B, 0x9B, 0x02, 0x00,
546 0x4D, 0x26, 0x58, 0x06, 0x0A, 0x01, 0x03, 0xA8, 0x06, 0x02, 0x72, 0x28,
547 0x25, 0x04, 0x03, 0x5C, 0x8A, 0x3C, 0x00, 0x00, 0x2F, 0x06, 0x0B, 0x86,
548 0x2E, 0x01, 0x14, 0x0D, 0x06, 0x02, 0x72, 0x28, 0x04, 0x11, 0xCE, 0x01,
549 0x07, 0x17, 0x26, 0x01, 0x02, 0x0D, 0x06, 0x06, 0x06, 0x02, 0x72, 0x28,
550 0x04, 0x70, 0x25, 0xC2, 0x01, 0x01, 0x0D, 0x33, 0x37, 0x06, 0x02, 0x61,
551 0x28, 0x26, 0x01, 0x01, 0xC8, 0x36, 0xB2, 0x00, 0x01, 0xB8, 0x01, 0x0B,
552 0x0E, 0x05, 0x02, 0x72, 0x28, 0x26, 0x01, 0x03, 0x0E, 0x06, 0x08, 0xC0,
553 0x06, 0x02, 0x68, 0x28, 0x44, 0x25, 0x00, 0x44, 0x57, 0xC0, 0xAA, 0x26,
554 0x06, 0x23, 0xC0, 0xAA, 0x26, 0x56, 0x26, 0x06, 0x18, 0x26, 0x01, 0x82,
555 0x00, 0x0F, 0x06, 0x05, 0x01, 0x82, 0x00, 0x04, 0x01, 0x26, 0x03, 0x00,
556 0x84, 0x02, 0x00, 0xB6, 0x02, 0x00, 0x53, 0x04, 0x65, 0x9B, 0x54, 0x04,
557 0x5A, 0x9B, 0x9B, 0x55, 0x26, 0x06, 0x02, 0x35, 0x00, 0x25, 0x2B, 0x00,
558 0x00, 0x79, 0x2C, 0xA1, 0x01, 0x7F, 0xB0, 0x26, 0x58, 0x06, 0x02, 0x35,
559 0x28, 0x26, 0x05, 0x02, 0x72, 0x28, 0x38, 0x17, 0x0D, 0x06, 0x02, 0x74,
560 0x28, 0x3B, 0x00, 0x00, 0x9C, 0xB8, 0x01, 0x14, 0x0D, 0x06, 0x02, 0x72,
561 0x28, 0x84, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0xB6, 0x9B, 0x84, 0x26, 0x01,
562 0x0C, 0x08, 0x01, 0x0C, 0x30, 0x05, 0x02, 0x64, 0x28, 0x00, 0x00, 0xB9,
563 0x06, 0x02, 0x72, 0x28, 0x06, 0x02, 0x66, 0x28, 0x00, 0x0A, 0xB8, 0x01,
564 0x02, 0x0E, 0x05, 0x02, 0x72, 0x28, 0xBF, 0x03, 0x00, 0x02, 0x00, 0x95,
565 0x2C, 0x0A, 0x02, 0x00, 0x94, 0x2C, 0x0F, 0x37, 0x06, 0x02, 0x73, 0x28,
566 0x02, 0x00, 0x93, 0x2C, 0x0D, 0x06, 0x02, 0x6B, 0x28, 0x02, 0x00, 0x96,
567 0x3C, 0x8C, 0x01, 0x20, 0xB6, 0x01, 0x00, 0x03, 0x01, 0xC1, 0x03, 0x02,
568 0x02, 0x02, 0x01, 0x20, 0x0F, 0x06, 0x02, 0x70, 0x28, 0x84, 0x02, 0x02,
569 0xB6, 0x02, 0x02, 0x8E, 0x2E, 0x0E, 0x02, 0x02, 0x01, 0x00, 0x0F, 0x17,
570 0x06, 0x0B, 0x8D, 0x84, 0x02, 0x02, 0x30, 0x06, 0x04, 0x01, 0x7F, 0x03,
571 0x01, 0x8D, 0x84, 0x02, 0x02, 0x31, 0x02, 0x02, 0x8E, 0x3E, 0x02, 0x00,
572 0x92, 0x02, 0x01, 0x98, 0xBF, 0x26, 0xC3, 0x58, 0x06, 0x02, 0x62, 0x28,
573 0x26, 0xCD, 0x02, 0x00, 0x01, 0x86, 0x03, 0x0A, 0x17, 0x06, 0x02, 0x62,
574 0x28, 0x79, 0x02, 0x01, 0x98, 0xC1, 0x06, 0x02, 0x63, 0x28, 0x26, 0x06,
575 0x81, 0x47, 0xBF, 0xAA, 0xA6, 0x03, 0x03, 0xA4, 0x03, 0x04, 0xA2, 0x03,
576 0x05, 0xA5, 0x03, 0x06, 0xA7, 0x03, 0x07, 0xA3, 0x03, 0x08, 0x27, 0x03,
577 0x09, 0x26, 0x06, 0x81, 0x18, 0xBF, 0x01, 0x00, 0x38, 0x0E, 0x06, 0x0F,
578 0x25, 0x02, 0x03, 0x05, 0x02, 0x6C, 0x28, 0x01, 0x00, 0x03, 0x03, 0xBE,
579 0x04, 0x80, 0x7F, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x0F, 0x25, 0x02, 0x05,
580 0x05, 0x02, 0x6C, 0x28, 0x01, 0x00, 0x03, 0x05, 0xBC, 0x04, 0x80, 0x6A,
581 0x01, 0x83, 0xFE, 0x01, 0x38, 0x0E, 0x06, 0x0F, 0x25, 0x02, 0x04, 0x05,
582 0x02, 0x6C, 0x28, 0x01, 0x00, 0x03, 0x04, 0xBD, 0x04, 0x80, 0x53, 0x01,
583 0x0D, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x06, 0x05, 0x02, 0x6C, 0x28,
584 0x01, 0x00, 0x03, 0x06, 0xBA, 0x04, 0x3F, 0x01, 0x0A, 0x38, 0x0E, 0x06,
585 0x0E, 0x25, 0x02, 0x07, 0x05, 0x02, 0x6C, 0x28, 0x01, 0x00, 0x03, 0x07,
586 0xBA, 0x04, 0x2B, 0x01, 0x0B, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x08,
587 0x05, 0x02, 0x6C, 0x28, 0x01, 0x00, 0x03, 0x08, 0xBA, 0x04, 0x17, 0x01,
588 0x10, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x09, 0x05, 0x02, 0x6C, 0x28,
589 0x01, 0x00, 0x03, 0x09, 0xAE, 0x04, 0x03, 0x6C, 0x28, 0x25, 0x04, 0xFE,
590 0x64, 0x02, 0x04, 0x06, 0x0D, 0x02, 0x04, 0x01, 0x05, 0x0F, 0x06, 0x02,
591 0x69, 0x28, 0x01, 0x01, 0x88, 0x3E, 0x9B, 0x04, 0x0C, 0xA4, 0x01, 0x05,
592 0x0F, 0x06, 0x02, 0x69, 0x28, 0x01, 0x01, 0x88, 0x3E, 0x9B, 0x02, 0x01,
593 0x00, 0x04, 0xB8, 0x01, 0x0C, 0x0E, 0x05, 0x02, 0x72, 0x28, 0xC1, 0x01,
594 0x03, 0x0E, 0x05, 0x02, 0x6D, 0x28, 0xBF, 0x26, 0x7C, 0x3E, 0x26, 0x01,
595 0x20, 0x10, 0x06, 0x02, 0x6D, 0x28, 0x40, 0x44, 0x11, 0x01, 0x01, 0x17,
596 0x05, 0x02, 0x6D, 0x28, 0xC1, 0x26, 0x01, 0x81, 0x05, 0x0F, 0x06, 0x02,
597 0x6D, 0x28, 0x26, 0x7E, 0x3E, 0x7D, 0x44, 0xB6, 0x92, 0x2C, 0x01, 0x86,
598 0x03, 0x10, 0x03, 0x00, 0x79, 0x2C, 0xCB, 0x03, 0x01, 0x01, 0x02, 0x03,
599 0x02, 0x02, 0x00, 0x06, 0x21, 0xC1, 0x26, 0x26, 0x01, 0x02, 0x0A, 0x44,
600 0x01, 0x06, 0x0F, 0x37, 0x06, 0x02, 0x6D, 0x28, 0x03, 0x02, 0xC1, 0x02,
601 0x01, 0x01, 0x01, 0x0B, 0x01, 0x03, 0x08, 0x0E, 0x05, 0x02, 0x6D, 0x28,
602 0x04, 0x08, 0x02, 0x01, 0x06, 0x04, 0x01, 0x00, 0x03, 0x02, 0xBF, 0x26,
603 0x03, 0x03, 0x26, 0x01, 0x84, 0x00, 0x0F, 0x06, 0x02, 0x6E, 0x28, 0x84,
604 0x44, 0xB6, 0x02, 0x02, 0x02, 0x01, 0x02, 0x03, 0x50, 0x26, 0x06, 0x01,
605 0x28, 0x25, 0x9B, 0x00, 0x02, 0x03, 0x00, 0x03, 0x01, 0x02, 0x00, 0x97,
606 0x02, 0x01, 0x02, 0x00, 0x39, 0x26, 0x01, 0x00, 0x0E, 0x06, 0x02, 0x60,
607 0x00, 0xD0, 0x04, 0x74, 0x02, 0x01, 0x00, 0x03, 0x00, 0xC1, 0xAA, 0x26,
608 0x06, 0x80, 0x43, 0xC1, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x06, 0x25, 0x01,
609 0x81, 0x7F, 0x04, 0x2E, 0x01, 0x80, 0x40, 0x38, 0x0E, 0x06, 0x07, 0x25,
610 0x01, 0x83, 0xFE, 0x00, 0x04, 0x20, 0x01, 0x80, 0x41, 0x38, 0x0E, 0x06,
611 0x07, 0x25, 0x01, 0x84, 0x80, 0x00, 0x04, 0x12, 0x01, 0x80, 0x42, 0x38,
612 0x0E, 0x06, 0x07, 0x25, 0x01, 0x88, 0x80, 0x00, 0x04, 0x04, 0x01, 0x00,
613 0x44, 0x25, 0x02, 0x00, 0x37, 0x03, 0x00, 0x04, 0xFF, 0x39, 0x9B, 0x79,
614 0x2C, 0xC9, 0x05, 0x09, 0x02, 0x00, 0x01, 0x83, 0xFF, 0x7F, 0x17, 0x03,
615 0x00, 0x92, 0x2C, 0x01, 0x86, 0x03, 0x10, 0x06, 0x3A, 0xBB, 0x26, 0x81,
616 0x3D, 0x41, 0x25, 0x26, 0x01, 0x08, 0x0B, 0x37, 0x01, 0x8C, 0x80, 0x00,
617 0x37, 0x17, 0x02, 0x00, 0x17, 0x02, 0x00, 0x01, 0x8C, 0x80, 0x00, 0x17,
618 0x06, 0x19, 0x26, 0x01, 0x81, 0x7F, 0x17, 0x06, 0x05, 0x01, 0x84, 0x80,
619 0x00, 0x37, 0x26, 0x01, 0x83, 0xFE, 0x00, 0x17, 0x06, 0x05, 0x01, 0x88,
620 0x80, 0x00, 0x37, 0x03, 0x00, 0x04, 0x09, 0x02, 0x00, 0x01, 0x8C, 0x88,
621 0x01, 0x17, 0x03, 0x00, 0x16, 0xBF, 0xAA, 0x26, 0x06, 0x23, 0xBF, 0xAA,
622 0x26, 0x15, 0x26, 0x06, 0x18, 0x26, 0x01, 0x82, 0x00, 0x0F, 0x06, 0x05,
623 0x01, 0x82, 0x00, 0x04, 0x01, 0x26, 0x03, 0x01, 0x84, 0x02, 0x01, 0xB6,
624 0x02, 0x01, 0x12, 0x04, 0x65, 0x9B, 0x13, 0x04, 0x5A, 0x9B, 0x14, 0x9B,
625 0x02, 0x00, 0x2A, 0x00, 0x00, 0xB9, 0x26, 0x5A, 0x06, 0x07, 0x25, 0x06,
626 0x02, 0x66, 0x28, 0x04, 0x74, 0x00, 0x00, 0xC2, 0x01, 0x03, 0xC0, 0x44,
627 0x25, 0x44, 0x00, 0x00, 0xBF, 0xC6, 0x00, 0x03, 0x01, 0x00, 0x03, 0x00,
628 0xBF, 0xAA, 0x26, 0x06, 0x80, 0x50, 0xC1, 0x03, 0x01, 0xC1, 0x03, 0x02,
629 0x02, 0x01, 0x01, 0x08, 0x0E, 0x06, 0x16, 0x02, 0x02, 0x01, 0x0F, 0x0C,
630 0x06, 0x0D, 0x01, 0x01, 0x02, 0x02, 0x01, 0x10, 0x08, 0x0B, 0x02, 0x00,
631 0x37, 0x03, 0x00, 0x04, 0x2A, 0x02, 0x01, 0x01, 0x02, 0x10, 0x02, 0x01,
632 0x01, 0x06, 0x0C, 0x17, 0x02, 0x02, 0x01, 0x01, 0x0E, 0x02, 0x02, 0x01,
633 0x03, 0x0E, 0x37, 0x17, 0x06, 0x11, 0x02, 0x00, 0x01, 0x01, 0x02, 0x02,
634 0x5D, 0x01, 0x02, 0x0B, 0x02, 0x01, 0x08, 0x0B, 0x37, 0x03, 0x00, 0x04,
635 0xFF, 0x2C, 0x9B, 0x02, 0x00, 0x00, 0x00, 0xBF, 0x01, 0x01, 0x0E, 0x05,
636 0x02, 0x65, 0x28, 0xC1, 0x01, 0x08, 0x08, 0x82, 0x2E, 0x0E, 0x05, 0x02,
637 0x65, 0x28, 0x00, 0x00, 0xBF, 0x88, 0x2E, 0x05, 0x15, 0x01, 0x01, 0x0E,
638 0x05, 0x02, 0x69, 0x28, 0xC1, 0x01, 0x00, 0x0E, 0x05, 0x02, 0x69, 0x28,
639 0x01, 0x02, 0x88, 0x3E, 0x04, 0x1C, 0x01, 0x19, 0x0E, 0x05, 0x02, 0x69,
640 0x28, 0xC1, 0x01, 0x18, 0x0E, 0x05, 0x02, 0x69, 0x28, 0x84, 0x01, 0x18,
641 0xB6, 0x89, 0x84, 0x01, 0x18, 0x30, 0x05, 0x02, 0x69, 0x28, 0x00, 0x00,
642 0xBF, 0x06, 0x02, 0x6A, 0x28, 0x00, 0x00, 0x01, 0x02, 0x97, 0xC2, 0x01,
643 0x08, 0x0B, 0xC2, 0x08, 0x00, 0x00, 0x01, 0x03, 0x97, 0xC2, 0x01, 0x08,
644 0x0B, 0xC2, 0x08, 0x01, 0x08, 0x0B, 0xC2, 0x08, 0x00, 0x00, 0x01, 0x01,
645 0x97, 0xC2, 0x00, 0x00, 0x3A, 0x26, 0x58, 0x05, 0x01, 0x00, 0x25, 0xD0,
646 0x04, 0x76, 0x02, 0x03, 0x00, 0x91, 0x2E, 0x03, 0x01, 0x01, 0x00, 0x26,
647 0x02, 0x01, 0x0A, 0x06, 0x10, 0x26, 0x01, 0x01, 0x0B, 0x90, 0x08, 0x2C,
648 0x02, 0x00, 0x0E, 0x06, 0x01, 0x00, 0x5C, 0x04, 0x6A, 0x25, 0x01, 0x7F,
649 0x00, 0x00, 0x01, 0x15, 0x87, 0x3E, 0x44, 0x52, 0x25, 0x52, 0x25, 0x29,
650 0x00, 0x00, 0x01, 0x01, 0x44, 0xC4, 0x00, 0x00, 0x44, 0x38, 0x97, 0x44,
651 0x26, 0x06, 0x05, 0xC2, 0x25, 0x5D, 0x04, 0x78, 0x25, 0x00, 0x00, 0x26,
652 0x01, 0x81, 0xAC, 0x00, 0x0E, 0x06, 0x04, 0x25, 0x01, 0x7F, 0x00, 0x9A,
653 0x59, 0x00, 0x02, 0x03, 0x00, 0x79, 0x2C, 0x9A, 0x03, 0x01, 0x02, 0x01,
654 0x01, 0x0F, 0x17, 0x02, 0x01, 0x01, 0x04, 0x11, 0x01, 0x0F, 0x17, 0x02,
655 0x01, 0x01, 0x08, 0x11, 0x01, 0x0F, 0x17, 0x01, 0x00, 0x38, 0x0E, 0x06,
656 0x10, 0x25, 0x01, 0x00, 0x01, 0x18, 0x02, 0x00, 0x06, 0x03, 0x49, 0x04,
657 0x01, 0x4A, 0x04, 0x81, 0x0D, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x10, 0x25,
658 0x01, 0x01, 0x01, 0x10, 0x02, 0x00, 0x06, 0x03, 0x49, 0x04, 0x01, 0x4A,
659 0x04, 0x80, 0x77, 0x01, 0x02, 0x38, 0x0E, 0x06, 0x10, 0x25, 0x01, 0x01,
660 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x49, 0x04, 0x01, 0x4A, 0x04, 0x80,
661 0x61, 0x01, 0x03, 0x38, 0x0E, 0x06, 0x0F, 0x25, 0x25, 0x01, 0x10, 0x02,
662 0x00, 0x06, 0x03, 0x47, 0x04, 0x01, 0x48, 0x04, 0x80, 0x4C, 0x01, 0x04,
663 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x25, 0x01, 0x20, 0x02, 0x00, 0x06, 0x03,
664 0x47, 0x04, 0x01, 0x48, 0x04, 0x38, 0x01, 0x05, 0x38, 0x0E, 0x06, 0x0C,
665 0x25, 0x25, 0x02, 0x00, 0x06, 0x03, 0x4B, 0x04, 0x01, 0x4C, 0x04, 0x26,
666 0x26, 0x01, 0x09, 0x0F, 0x06, 0x02, 0x68, 0x28, 0x44, 0x25, 0x26, 0x01,
667 0x01, 0x17, 0x01, 0x04, 0x0B, 0x01, 0x10, 0x08, 0x44, 0x01, 0x08, 0x17,
668 0x01, 0x10, 0x44, 0x09, 0x02, 0x00, 0x06, 0x03, 0x45, 0x04, 0x01, 0x46,
669 0x00, 0x25, 0x00, 0x00, 0x9A, 0x01, 0x0C, 0x11, 0x01, 0x02, 0x0F, 0x00,
670 0x00, 0x9A, 0x01, 0x0C, 0x11, 0x26, 0x5B, 0x44, 0x01, 0x03, 0x0A, 0x17,
671 0x00, 0x00, 0x9A, 0x01, 0x0C, 0x11, 0x01, 0x01, 0x0E, 0x00, 0x00, 0x9A,
672 0x01, 0x0C, 0x11, 0x5A, 0x00, 0x00, 0x9A, 0x01, 0x81, 0x70, 0x17, 0x01,
673 0x20, 0x0D, 0x00, 0x00, 0x1B, 0x01, 0x00, 0x75, 0x2E, 0x26, 0x06, 0x22,
674 0x01, 0x01, 0x38, 0x0E, 0x06, 0x06, 0x25, 0x01, 0x00, 0x9E, 0x04, 0x14,
675 0x01, 0x02, 0x38, 0x0E, 0x06, 0x0D, 0x25, 0x77, 0x2E, 0x01, 0x01, 0x0E,
676 0x06, 0x03, 0x01, 0x10, 0x37, 0x04, 0x01, 0x25, 0x04, 0x01, 0x25, 0x7B,
677 0x2E, 0x05, 0x33, 0x2F, 0x06, 0x30, 0x86, 0x2E, 0x01, 0x14, 0x38, 0x0E,
678 0x06, 0x06, 0x25, 0x01, 0x02, 0x37, 0x04, 0x22, 0x01, 0x15, 0x38, 0x0E,
679 0x06, 0x09, 0x25, 0xAD, 0x06, 0x03, 0x01, 0x7F, 0x9E, 0x04, 0x13, 0x01,
680 0x16, 0x38, 0x0E, 0x06, 0x06, 0x25, 0x01, 0x01, 0x37, 0x04, 0x07, 0x25,
681 0x01, 0x04, 0x37, 0x01, 0x00, 0x25, 0x1A, 0x06, 0x03, 0x01, 0x08, 0x37,
682 0x00, 0x00, 0x1B, 0x26, 0x05, 0x13, 0x2F, 0x06, 0x10, 0x86, 0x2E, 0x01,
683 0x15, 0x0E, 0x06, 0x08, 0x25, 0xAD, 0x01, 0x00, 0x77, 0x3E, 0x04, 0x01,
684 0x20, 0x00, 0x00, 0xCE, 0x01, 0x07, 0x17, 0x01, 0x01, 0x0F, 0x06, 0x02,
685 0x72, 0x28, 0x00, 0x01, 0x03, 0x00, 0x29, 0x1A, 0x06, 0x05, 0x02, 0x00,
686 0x87, 0x3E, 0x00, 0xCE, 0x25, 0x04, 0x74, 0x00, 0x01, 0x14, 0xD1, 0x01,
687 0x01, 0xDE, 0x29, 0x26, 0x01, 0x00, 0xC8, 0x01, 0x16, 0xD1, 0xD7, 0x29,
688 0x00, 0x00, 0x01, 0x0B, 0xDE, 0x4E, 0x26, 0x26, 0x01, 0x03, 0x08, 0xDD,
689 0xDD, 0x18, 0x26, 0x58, 0x06, 0x02, 0x25, 0x00, 0xDD, 0x1D, 0x26, 0x06,
690 0x05, 0x84, 0x44, 0xD8, 0x04, 0x77, 0x25, 0x04, 0x6C, 0x00, 0x21, 0x01,
691 0x0F, 0xDE, 0x26, 0x92, 0x2C, 0x01, 0x86, 0x03, 0x10, 0x06, 0x0C, 0x01,
692 0x04, 0x08, 0xDD, 0x80, 0x2E, 0xDE, 0x78, 0x2E, 0xDE, 0x04, 0x02, 0x5E,
693 0xDD, 0x26, 0xDC, 0x84, 0x44, 0xD8, 0x00, 0x02, 0xA4, 0xA6, 0x08, 0xA2,
694 0x08, 0xA5, 0x08, 0xA7, 0x08, 0xA3, 0x08, 0x27, 0x08, 0x03, 0x00, 0x01,
695 0x01, 0xDE, 0x01, 0x27, 0x8E, 0x2E, 0x08, 0x91, 0x2E, 0x01, 0x01, 0x0B,
696 0x08, 0x02, 0x00, 0x06, 0x04, 0x5E, 0x02, 0x00, 0x08, 0x83, 0x2C, 0x38,
697 0x09, 0x26, 0x5B, 0x06, 0x24, 0x02, 0x00, 0x05, 0x04, 0x44, 0x5E, 0x44,
698 0x5F, 0x01, 0x04, 0x09, 0x26, 0x58, 0x06, 0x03, 0x25, 0x01, 0x00, 0x26,
699 0x01, 0x04, 0x08, 0x02, 0x00, 0x08, 0x03, 0x00, 0x44, 0x01, 0x04, 0x08,
700 0x38, 0x08, 0x44, 0x04, 0x03, 0x25, 0x01, 0x7F, 0x03, 0x01, 0xDD, 0x94,
701 0x2C, 0xDC, 0x7A, 0x01, 0x04, 0x19, 0x7A, 0x01, 0x04, 0x08, 0x01, 0x1C,
702 0x32, 0x7A, 0x01, 0x20, 0xD8, 0x8D, 0x8E, 0x2E, 0xDA, 0x91, 0x2E, 0x26,
703 0x01, 0x01, 0x0B, 0xDC, 0x90, 0x44, 0x26, 0x06, 0x0F, 0x5D, 0x38, 0x2C,
704 0x26, 0xC7, 0x05, 0x02, 0x62, 0x28, 0xDC, 0x44, 0x5E, 0x44, 0x04, 0x6E,
705 0x60, 0x01, 0x01, 0xDE, 0x01, 0x00, 0xDE, 0x02, 0x00, 0x06, 0x81, 0x5A,
706 0x02, 0x00, 0xDC, 0xA4, 0x06, 0x0E, 0x01, 0x83, 0xFE, 0x01, 0xDC, 0x89,
707 0xA4, 0x01, 0x04, 0x09, 0x26, 0xDC, 0x5D, 0xDA, 0xA6, 0x06, 0x16, 0x01,
708 0x00, 0xDC, 0x8B, 0xA6, 0x01, 0x04, 0x09, 0x26, 0xDC, 0x01, 0x02, 0x09,
709 0x26, 0xDC, 0x01, 0x00, 0xDE, 0x01, 0x03, 0x09, 0xD9, 0xA2, 0x06, 0x0C,
710 0x01, 0x01, 0xDC, 0x01, 0x01, 0xDC, 0x82, 0x2E, 0x01, 0x08, 0x09, 0xDE,
711 0xA5, 0x06, 0x19, 0x01, 0x0D, 0xDC, 0xA5, 0x01, 0x04, 0x09, 0x26, 0xDC,
712 0x01, 0x02, 0x09, 0xDC, 0x42, 0x06, 0x03, 0x01, 0x03, 0xDB, 0x43, 0x06,
713 0x03, 0x01, 0x01, 0xDB, 0xA7, 0x26, 0x06, 0x36, 0x01, 0x0A, 0xDC, 0x01,
714 0x04, 0x09, 0x26, 0xDC, 0x5F, 0xDC, 0x40, 0x01, 0x00, 0x26, 0x01, 0x82,
715 0x80, 0x80, 0x80, 0x00, 0x17, 0x06, 0x0A, 0x01, 0xFD, 0xFF, 0xFF, 0xFF,
716 0x7F, 0x17, 0x01, 0x1D, 0xDC, 0x26, 0x01, 0x20, 0x0A, 0x06, 0x0C, 0xA0,
717 0x11, 0x01, 0x01, 0x17, 0x06, 0x02, 0x26, 0xDC, 0x5C, 0x04, 0x6E, 0x60,
718 0x04, 0x01, 0x25, 0xA3, 0x06, 0x0A, 0x01, 0x0B, 0xDC, 0x01, 0x02, 0xDC,
719 0x01, 0x82, 0x00, 0xDC, 0x27, 0x26, 0x06, 0x1F, 0x01, 0x10, 0xDC, 0x01,
720 0x04, 0x09, 0x26, 0xDC, 0x5F, 0xDC, 0x85, 0x2C, 0x01, 0x00, 0xA0, 0x0F,
721 0x06, 0x0A, 0x26, 0x1E, 0x26, 0xDE, 0x84, 0x44, 0xD8, 0x5C, 0x04, 0x72,
722 0x60, 0x04, 0x01, 0x25, 0x02, 0x01, 0x58, 0x05, 0x11, 0x01, 0x15, 0xDC,
723 0x02, 0x01, 0x26, 0xDC, 0x26, 0x06, 0x06, 0x5D, 0x01, 0x00, 0xDE, 0x04,
724 0x77, 0x25, 0x00, 0x00, 0x01, 0x10, 0xDE, 0x79, 0x2C, 0x26, 0xCC, 0x06,
725 0x0C, 0xAB, 0x23, 0x26, 0x5E, 0xDD, 0x26, 0xDC, 0x84, 0x44, 0xD8, 0x04,
726 0x0D, 0x26, 0xCA, 0x44, 0xAB, 0x22, 0x26, 0x5C, 0xDD, 0x26, 0xDE, 0x84,
727 0x44, 0xD8, 0x00, 0x00, 0x9C, 0x01, 0x14, 0xDE, 0x01, 0x0C, 0xDD, 0x84,
728 0x01, 0x0C, 0xD8, 0x00, 0x00, 0x51, 0x26, 0x01, 0x00, 0x0E, 0x06, 0x02,
729 0x60, 0x00, 0xCE, 0x25, 0x04, 0x73, 0x00, 0x26, 0xDC, 0xD8, 0x00, 0x00,
730 0x26, 0xDE, 0xD8, 0x00, 0x01, 0x03, 0x00, 0x41, 0x25, 0x26, 0x01, 0x10,
731 0x17, 0x06, 0x06, 0x01, 0x04, 0xDE, 0x02, 0x00, 0xDE, 0x26, 0x01, 0x08,
732 0x17, 0x06, 0x06, 0x01, 0x03, 0xDE, 0x02, 0x00, 0xDE, 0x26, 0x01, 0x20,
733 0x17, 0x06, 0x06, 0x01, 0x05, 0xDE, 0x02, 0x00, 0xDE, 0x26, 0x01, 0x80,
734 0x40, 0x17, 0x06, 0x06, 0x01, 0x06, 0xDE, 0x02, 0x00, 0xDE, 0x01, 0x04,
735 0x17, 0x06, 0x06, 0x01, 0x02, 0xDE, 0x02, 0x00, 0xDE, 0x00, 0x00, 0x26,
736 0x01, 0x08, 0x4F, 0xDE, 0xDE, 0x00, 0x00, 0x26, 0x01, 0x10, 0x4F, 0xDE,
737 0xDC, 0x00, 0x00, 0x26, 0x52, 0x06, 0x02, 0x25, 0x00, 0xCE, 0x25, 0x04,
741 static const uint16_t t0_caddr
[] = {
879 #define T0_INTERPRETED 88
881 #define T0_ENTER(ip, rp, slot) do { \
882 const unsigned char *t0_newip; \
884 t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \
885 t0_lnum = t0_parse7E_unsigned(&t0_newip); \
887 *((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \
891 #define T0_DEFENTRY(name, slot) \
895 t0_context *t0ctx = ctx; \
896 t0ctx->ip = &t0_codeblock[0]; \
897 T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \
900 T0_DEFENTRY(br_ssl_hs_client_init_main
, 169)
902 #define T0_NEXT(t0ipp) (*(*(t0ipp)) ++)
905 br_ssl_hs_client_run(void *t0ctx
)
908 const unsigned char *ip
;
910 #define T0_LOCAL(x) (*(rp - 2 - (x)))
911 #define T0_POP() (*-- dp)
912 #define T0_POPi() (*(int32_t *)(-- dp))
913 #define T0_PEEK(x) (*(dp - 1 - (x)))
914 #define T0_PEEKi(x) (*(int32_t *)(dp - 1 - (x)))
915 #define T0_PUSH(v) do { *dp = (v); dp ++; } while (0)
916 #define T0_PUSHi(v) do { *(int32_t *)dp = (v); dp ++; } while (0)
917 #define T0_RPOP() (*-- rp)
918 #define T0_RPOPi() (*(int32_t *)(-- rp))
919 #define T0_RPUSH(v) do { *rp = (v); rp ++; } while (0)
920 #define T0_RPUSHi(v) do { *(int32_t *)rp = (v); rp ++; } while (0)
921 #define T0_ROLL(x) do { \
922 size_t t0len = (size_t)(x); \
923 uint32_t t0tmp = *(dp - 1 - t0len); \
924 memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \
927 #define T0_SWAP() do { \
928 uint32_t t0tmp = *(dp - 2); \
929 *(dp - 2) = *(dp - 1); \
932 #define T0_ROT() do { \
933 uint32_t t0tmp = *(dp - 3); \
934 *(dp - 3) = *(dp - 2); \
935 *(dp - 2) = *(dp - 1); \
938 #define T0_NROT() do { \
939 uint32_t t0tmp = *(dp - 1); \
940 *(dp - 1) = *(dp - 2); \
941 *(dp - 2) = *(dp - 3); \
944 #define T0_PICK(x) do { \
945 uint32_t t0depth = (x); \
946 T0_PUSH(T0_PEEK(t0depth)); \
948 #define T0_CO() do { \
951 #define T0_RET() goto t0_next
953 dp
= ((t0_context
*)t0ctx
)->dp
;
954 rp
= ((t0_context
*)t0ctx
)->rp
;
955 ip
= ((t0_context
*)t0ctx
)->ip
;
962 if (t0x
< T0_INTERPRETED
) {
974 ip
= &t0_codeblock
[t0x
];
976 case 1: /* literal constant */
977 T0_PUSHi(t0_parse7E_signed(&ip
));
979 case 2: /* read local */
980 T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip
)));
982 case 3: /* write local */
983 T0_LOCAL(t0_parse7E_unsigned(&ip
)) = T0_POP();
986 t0off
= t0_parse7E_signed(&ip
);
989 case 5: /* jump if */
990 t0off
= t0_parse7E_signed(&ip
);
995 case 6: /* jump if not */
996 t0off
= t0_parse7E_signed(&ip
);
1004 uint32_t b
= T0_POP();
1005 uint32_t a
= T0_POP();
1013 uint32_t b
= T0_POP();
1014 uint32_t a
= T0_POP();
1022 uint32_t b
= T0_POP();
1023 uint32_t a
= T0_POP();
1031 int32_t b
= T0_POPi();
1032 int32_t a
= T0_POPi();
1033 T0_PUSH(-(uint32_t)(a
< b
));
1040 int c
= (int)T0_POPi();
1041 uint32_t x
= T0_POP();
1049 int32_t b
= T0_POPi();
1050 int32_t a
= T0_POPi();
1051 T0_PUSH(-(uint32_t)(a
<= b
));
1058 uint32_t b
= T0_POP();
1059 uint32_t a
= T0_POP();
1060 T0_PUSH(-(uint32_t)(a
!= b
));
1067 uint32_t b
= T0_POP();
1068 uint32_t a
= T0_POP();
1069 T0_PUSH(-(uint32_t)(a
== b
));
1076 int32_t b
= T0_POPi();
1077 int32_t a
= T0_POPi();
1078 T0_PUSH(-(uint32_t)(a
> b
));
1085 int32_t b
= T0_POPi();
1086 int32_t a
= T0_POPi();
1087 T0_PUSH(-(uint32_t)(a
>= b
));
1094 int c
= (int)T0_POPi();
1095 int32_t x
= T0_POPi();
1101 /* anchor-dn-append-name */
1106 if (CTX
->client_auth_vtable
!= NULL
) {
1107 (*CTX
->client_auth_vtable
)->append_name(
1108 CTX
->client_auth_vtable
, ENG
->pad
, len
);
1114 /* anchor-dn-end-name */
1116 if (CTX
->client_auth_vtable
!= NULL
) {
1117 (*CTX
->client_auth_vtable
)->end_name(
1118 CTX
->client_auth_vtable
);
1124 /* anchor-dn-end-name-list */
1126 if (CTX
->client_auth_vtable
!= NULL
) {
1127 (*CTX
->client_auth_vtable
)->end_name_list(
1128 CTX
->client_auth_vtable
);
1134 /* anchor-dn-start-name */
1139 if (CTX
->client_auth_vtable
!= NULL
) {
1140 (*CTX
->client_auth_vtable
)->start_name(
1141 CTX
->client_auth_vtable
, len
);
1147 /* anchor-dn-start-name-list */
1149 if (CTX
->client_auth_vtable
!= NULL
) {
1150 (*CTX
->client_auth_vtable
)->start_name_list(
1151 CTX
->client_auth_vtable
);
1159 uint32_t b
= T0_POP();
1160 uint32_t a
= T0_POP();
1168 if (ENG
->chain_len
== 0) {
1171 ENG
->cert_cur
= ENG
->chain
->data
;
1172 ENG
->cert_len
= ENG
->chain
->data_len
;
1175 T0_PUSH(ENG
->cert_len
);
1183 size_t len
= (size_t)T0_POP();
1184 void *addr
= (unsigned char *)ENG
+ (size_t)T0_POP();
1185 memset(addr
, 0, len
);
1192 T0_PUSHi(-(ENG
->hlen_out
> 0));
1202 /* compute-Finished-inner */
1204 int prf_id
= T0_POP();
1205 int from_client
= T0_POPi();
1206 unsigned char tmp
[48];
1207 br_tls_prf_seed_chunk seed
;
1209 br_tls_prf_impl prf
= br_ssl_engine_get_PRF(ENG
, prf_id
);
1211 if (ENG
->session
.version
>= BR_TLS12
) {
1212 seed
.len
= br_multihash_out(&ENG
->mhash
, prf_id
, tmp
);
1214 br_multihash_out(&ENG
->mhash
, br_md5_ID
, tmp
);
1215 br_multihash_out(&ENG
->mhash
, br_sha1_ID
, tmp
+ 16);
1218 prf(ENG
->pad
, 12, ENG
->session
.master_secret
,
1219 sizeof ENG
->session
.master_secret
,
1220 from_client
? "client finished" : "server finished",
1226 /* copy-cert-chunk */
1230 clen
= ENG
->cert_len
;
1231 if (clen
> sizeof ENG
->pad
) {
1232 clen
= sizeof ENG
->pad
;
1234 memcpy(ENG
->pad
, ENG
->cert_cur
, clen
);
1235 ENG
->cert_cur
+= clen
;
1236 ENG
->cert_len
-= clen
;
1242 /* copy-protocol-name */
1244 size_t idx
= T0_POP();
1245 size_t len
= strlen(ENG
->protocol_names
[idx
]);
1246 memcpy(ENG
->pad
, ENG
->protocol_names
[idx
], len
);
1254 size_t addr
= T0_POP();
1255 T0_PUSH(t0_datablock
[addr
]);
1267 /* do-client-sign */
1271 sig_len
= make_client_sign(CTX
);
1273 br_ssl_engine_fail(ENG
, BR_ERR_INVALID_ALGORITHM
);
1283 unsigned prf_id
= T0_POP();
1284 unsigned ecdhe
= T0_POP();
1287 x
= make_pms_ecdh(CTX
, ecdhe
, prf_id
);
1289 br_ssl_engine_fail(ENG
, -x
);
1298 /* do-rsa-encrypt */
1302 x
= make_pms_rsa(CTX
, T0_POP());
1304 br_ssl_engine_fail(ENG
, -x
);
1313 /* do-static-ecdh */
1315 unsigned prf_id
= T0_POP();
1317 if (make_pms_static_ecdh(CTX
, prf_id
) < 0) {
1318 br_ssl_engine_fail(ENG
, BR_ERR_INVALID_ALGORITHM
);
1331 T0_PUSH(T0_PEEK(0));
1335 /* ext-ALPN-length */
1339 if (ENG
->protocol_names_num
== 0) {
1344 for (u
= 0; u
< ENG
->protocol_names_num
; u
++) {
1345 len
+= 1 + strlen(ENG
->protocol_names
[u
]);
1354 br_ssl_engine_fail(ENG
, (int)T0_POPi());
1362 br_ssl_engine_flush_record(ENG
);
1367 /* get-client-chain */
1369 uint32_t auth_types
;
1371 auth_types
= T0_POP();
1372 if (CTX
->client_auth_vtable
!= NULL
) {
1373 br_ssl_client_certificate ux
;
1375 (*CTX
->client_auth_vtable
)->choose(CTX
->client_auth_vtable
,
1376 CTX
, auth_types
, &ux
);
1377 CTX
->auth_type
= (unsigned char)ux
.auth_type
;
1378 CTX
->hash_id
= (unsigned char)ux
.hash_id
;
1379 ENG
->chain
= ux
.chain
;
1380 ENG
->chain_len
= ux
.chain_len
;
1389 /* get-key-type-usages */
1391 const br_x509_class
*xc
;
1392 const br_x509_pkey
*pk
;
1395 xc
= *(ENG
->x509ctx
);
1396 pk
= xc
->get_pkey(ENG
->x509ctx
, &usages
);
1400 T0_PUSH(pk
->key_type
| usages
);
1408 size_t addr
= (size_t)T0_POP();
1409 T0_PUSH(*(uint16_t *)(void *)((unsigned char *)ENG
+ addr
));
1416 size_t addr
= (size_t)T0_POP();
1417 T0_PUSH(*(uint32_t *)(void *)((unsigned char *)ENG
+ addr
));
1424 size_t addr
= (size_t)T0_POP();
1425 T0_PUSH(*((unsigned char *)ENG
+ addr
));
1432 T0_PUSHi(-(ENG
->hlen_in
!= 0));
1439 size_t len
= (size_t)T0_POP();
1440 void *addr2
= (unsigned char *)ENG
+ (size_t)T0_POP();
1441 void *addr1
= (unsigned char *)ENG
+ (size_t)T0_POP();
1442 int x
= memcmp(addr1
, addr2
, len
);
1443 T0_PUSH((uint32_t)-(x
== 0));
1450 size_t len
= (size_t)T0_POP();
1451 void *src
= (unsigned char *)ENG
+ (size_t)T0_POP();
1452 void *dst
= (unsigned char *)ENG
+ (size_t)T0_POP();
1453 memcpy(dst
, src
, len
);
1460 size_t len
= (size_t)T0_POP();
1461 void *addr
= (unsigned char *)ENG
+ (size_t)T0_POP();
1462 br_hmac_drbg_generate(&ENG
->rng
, addr
, len
);
1467 /* more-incoming-bytes? */
1469 T0_PUSHi(ENG
->hlen_in
!= 0 || !br_ssl_engine_recvrec_finished(ENG
));
1474 /* multihash-init */
1476 br_multihash_init(&ENG
->mhash
);
1483 uint32_t a
= T0_POP();
1491 uint32_t a
= T0_POP();
1499 uint32_t b
= T0_POP();
1500 uint32_t a
= T0_POP();
1507 T0_PUSH(T0_PEEK(1));
1511 /* read-chunk-native */
1513 size_t clen
= ENG
->hlen_in
;
1519 if ((size_t)len
< clen
) {
1522 memcpy((unsigned char *)ENG
+ addr
, ENG
->hbuf_in
, clen
);
1523 if (ENG
->record_type_in
== BR_SSL_HANDSHAKE
) {
1524 br_multihash_update(&ENG
->mhash
, ENG
->hbuf_in
, clen
);
1526 T0_PUSH(addr
+ (uint32_t)clen
);
1527 T0_PUSH(len
- (uint32_t)clen
);
1528 ENG
->hbuf_in
+= clen
;
1529 ENG
->hlen_in
-= clen
;
1537 if (ENG
->hlen_in
> 0) {
1540 x
= *ENG
->hbuf_in
++;
1541 if (ENG
->record_type_in
== BR_SSL_HANDSHAKE
) {
1542 br_multihash_update(&ENG
->mhash
, &x
, 1);
1553 /* set-server-curve */
1555 const br_x509_class
*xc
;
1556 const br_x509_pkey
*pk
;
1558 xc
= *(ENG
->x509ctx
);
1559 pk
= xc
->get_pkey(ENG
->x509ctx
, NULL
);
1561 (pk
->key_type
== BR_KEYTYPE_EC
) ? pk
->key
.ec
.curve
: 0;
1568 size_t addr
= (size_t)T0_POP();
1569 *(uint16_t *)(void *)((unsigned char *)ENG
+ addr
) = (uint16_t)T0_POP();
1576 size_t addr
= (size_t)T0_POP();
1577 *(uint32_t *)(void *)((unsigned char *)ENG
+ addr
) = (uint32_t)T0_POP();
1584 size_t addr
= (size_t)T0_POP();
1585 *((unsigned char *)ENG
+ addr
) = (unsigned char)T0_POP();
1592 void *str
= (unsigned char *)ENG
+ (size_t)T0_POP();
1593 T0_PUSH((uint32_t)strlen(str
));
1598 /* supported-curves */
1600 uint32_t x
= ENG
->iec
== NULL
? 0 : ENG
->iec
->supported_curves
;
1606 /* supported-hash-functions */
1613 for (i
= br_sha1_ID
; i
<= br_sha512_ID
; i
++) {
1614 if (br_multihash_getimpl(&ENG
->mhash
, i
)) {
1625 /* supports-ecdsa? */
1627 T0_PUSHi(-(ENG
->iecdsa
!= 0));
1632 /* supports-rsa-sign? */
1634 T0_PUSHi(-(ENG
->irsavrfy
!= 0));
1644 /* switch-aesccm-in */
1646 int is_client
, prf_id
;
1647 unsigned cipher_key_len
, tag_len
;
1650 cipher_key_len
= T0_POP();
1652 is_client
= T0_POP();
1653 br_ssl_engine_switch_ccm_in(ENG
, is_client
, prf_id
,
1654 ENG
->iaes_ctrcbc
, cipher_key_len
, tag_len
);
1659 /* switch-aesccm-out */
1661 int is_client
, prf_id
;
1662 unsigned cipher_key_len
, tag_len
;
1665 cipher_key_len
= T0_POP();
1667 is_client
= T0_POP();
1668 br_ssl_engine_switch_ccm_out(ENG
, is_client
, prf_id
,
1669 ENG
->iaes_ctrcbc
, cipher_key_len
, tag_len
);
1674 /* switch-aesgcm-in */
1676 int is_client
, prf_id
;
1677 unsigned cipher_key_len
;
1679 cipher_key_len
= T0_POP();
1681 is_client
= T0_POP();
1682 br_ssl_engine_switch_gcm_in(ENG
, is_client
, prf_id
,
1683 ENG
->iaes_ctr
, cipher_key_len
);
1688 /* switch-aesgcm-out */
1690 int is_client
, prf_id
;
1691 unsigned cipher_key_len
;
1693 cipher_key_len
= T0_POP();
1695 is_client
= T0_POP();
1696 br_ssl_engine_switch_gcm_out(ENG
, is_client
, prf_id
,
1697 ENG
->iaes_ctr
, cipher_key_len
);
1704 int is_client
, prf_id
, mac_id
, aes
;
1705 unsigned cipher_key_len
;
1707 cipher_key_len
= T0_POP();
1711 is_client
= T0_POP();
1712 br_ssl_engine_switch_cbc_in(ENG
, is_client
, prf_id
, mac_id
,
1713 aes
? ENG
->iaes_cbcdec
: ENG
->ides_cbcdec
, cipher_key_len
);
1718 /* switch-cbc-out */
1720 int is_client
, prf_id
, mac_id
, aes
;
1721 unsigned cipher_key_len
;
1723 cipher_key_len
= T0_POP();
1727 is_client
= T0_POP();
1728 br_ssl_engine_switch_cbc_out(ENG
, is_client
, prf_id
, mac_id
,
1729 aes
? ENG
->iaes_cbcenc
: ENG
->ides_cbcenc
, cipher_key_len
);
1734 /* switch-chapol-in */
1736 int is_client
, prf_id
;
1739 is_client
= T0_POP();
1740 br_ssl_engine_switch_chapol_in(ENG
, is_client
, prf_id
);
1745 /* switch-chapol-out */
1747 int is_client
, prf_id
;
1750 is_client
= T0_POP();
1751 br_ssl_engine_switch_chapol_out(ENG
, is_client
, prf_id
);
1756 /* test-protocol-name */
1758 size_t len
= T0_POP();
1761 for (u
= 0; u
< ENG
->protocol_names_num
; u
++) {
1764 name
= ENG
->protocol_names
[u
];
1765 if (len
== strlen(name
) && memcmp(ENG
->pad
, name
, len
) == 0) {
1775 /* total-chain-length */
1781 for (u
= 0; u
< ENG
->chain_len
; u
++) {
1782 total
+= 3 + (uint32_t)ENG
->chain
[u
].data_len
;
1791 int c
= (int)T0_POPi();
1792 uint32_t x
= T0_POP();
1798 /* verify-SKE-sig */
1800 size_t sig_len
= T0_POP();
1801 int use_rsa
= T0_POPi();
1802 int hash
= T0_POPi();
1804 T0_PUSH(verify_SKE_sig(CTX
, hash
, use_rsa
, sig_len
));
1809 /* write-blob-chunk */
1811 size_t clen
= ENG
->hlen_out
;
1817 if ((size_t)len
< clen
) {
1820 memcpy(ENG
->hbuf_out
, (unsigned char *)ENG
+ addr
, clen
);
1821 if (ENG
->record_type_out
== BR_SSL_HANDSHAKE
) {
1822 br_multihash_update(&ENG
->mhash
, ENG
->hbuf_out
, clen
);
1824 T0_PUSH(addr
+ (uint32_t)clen
);
1825 T0_PUSH(len
- (uint32_t)clen
);
1826 ENG
->hbuf_out
+= clen
;
1827 ENG
->hlen_out
-= clen
;
1837 x
= (unsigned char)T0_POP();
1838 if (ENG
->hlen_out
> 0) {
1839 if (ENG
->record_type_out
== BR_SSL_HANDSHAKE
) {
1840 br_multihash_update(&ENG
->mhash
, &x
, 1);
1842 *ENG
->hbuf_out
++ = x
;
1854 const br_x509_class
*xc
;
1857 xc
= *(ENG
->x509ctx
);
1859 xc
->append(ENG
->x509ctx
, ENG
->pad
, len
);
1866 const br_x509_class
*xc
;
1868 xc
= *(ENG
->x509ctx
);
1869 xc
->end_cert(ENG
->x509ctx
);
1874 /* x509-end-chain */
1876 const br_x509_class
*xc
;
1878 xc
= *(ENG
->x509ctx
);
1879 T0_PUSH(xc
->end_chain(ENG
->x509ctx
));
1884 /* x509-start-cert */
1886 const br_x509_class
*xc
;
1888 xc
= *(ENG
->x509ctx
);
1889 xc
->start_cert(ENG
->x509ctx
, T0_POP());
1894 /* x509-start-chain */
1896 const br_x509_class
*xc
;
1900 xc
= *(ENG
->x509ctx
);
1901 xc
->start_chain(ENG
->x509ctx
, bc
? ENG
->server_name
: NULL
);
1908 T0_ENTER(ip
, rp
, t0x
);
1912 ((t0_context
*)t0ctx
)->dp
= dp
;
1913 ((t0_context
*)t0ctx
)->rp
= rp
;
1914 ((t0_context
*)t0ctx
)->ip
= ip
;