projects / BearSSL / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Made Base64 decoding constant-time (with regards to actual data byte contents).
[BearSSL] / src / ssl / ssl_hs_client.c
1 /* Automatically generated code; do not modify directly. */
2
3 #include <stddef.h>
4 #include <stdint.h>
5
6 typedef struct {
7 uint32_t *dp;
8 uint32_t *rp;
9 const unsigned char *ip;
10 } t0_context;
11
12 static uint32_t
13 t0_parse7E_unsigned(const unsigned char **p)
14 {
15 uint32_t x;
16
17 x = 0;
18 for (;;) {
19 unsigned y;
20
21 y = *(*p) ++;
22 x = (x << 7) | (uint32_t)(y & 0x7F);
23 if (y < 0x80) {
24 return x;
25 }
26 }
27 }
28
29 static int32_t
30 t0_parse7E_signed(const unsigned char **p)
31 {
32 int neg;
33 uint32_t x;
34
35 neg = ((**p) >> 6) & 1;
36 x = (uint32_t)-neg;
37 for (;;) {
38 unsigned y;
39
40 y = *(*p) ++;
41 x = (x << 7) | (uint32_t)(y & 0x7F);
42 if (y < 0x80) {
43 if (neg) {
44 return -(int32_t)~x - 1;
45 } else {
46 return (int32_t)x;
47 }
48 }
49 }
50 }
51
52 #define T0_VBYTE(x, n) (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) | 0x80)
53 #define T0_FBYTE(x, n) (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)
54 #define T0_SBYTE(x) (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)
55 #define T0_INT1(x) T0_FBYTE(x, 0)
56 #define T0_INT2(x) T0_VBYTE(x, 7), T0_FBYTE(x, 0)
57 #define T0_INT3(x) T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
58 #define T0_INT4(x) T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
59 #define T0_INT5(x) T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
60
61 /* static const unsigned char t0_datablock[]; */
62
63
64 void br_ssl_hs_client_init_main(void *t0ctx);
65
66 void br_ssl_hs_client_run(void *t0ctx);
67
68
69
70 #include <stddef.h>
71 #include <string.h>
72
73 #include "inner.h"
74
75 /*
76 * This macro evaluates to a pointer to the current engine context.
77 */
78 #define ENG ((br_ssl_engine_context *)(void *)((unsigned char *)t0ctx - offsetof(br_ssl_engine_context, cpu)))
79
80
81
82
83
84 /*
85 * This macro evaluates to a pointer to the client context, under that
86 * specific name. It must be noted that since the engine context is the
87 * first field of the br_ssl_client_context structure ('eng'), then
88 * pointers values of both types are interchangeable, modulo an
89 * appropriate cast. This also means that "addresses" computed as offsets
90 * within the structure work for both kinds of context.
91 */
92 #define CTX ((br_ssl_client_context *)ENG)
93
94 /*
95 * Generate the pre-master secret for RSA key exchange, and encrypt it
96 * with the server's public key. Returned value is either the encrypted
97 * data length (in bytes), or -x on error, with 'x' being an error code.
98 *
99 * This code assumes that the public key has been already verified (it
100 * was properly obtained by the X.509 engine, and it has the right type,
101 * i.e. it is of type RSA and suitable for encryption).
102 */
103 static int
104 make_pms_rsa(br_ssl_client_context *ctx, int prf_id)
105 {
106 const br_x509_class **xc;
107 const br_x509_pkey *pk;
108 const unsigned char *n;
109 unsigned char *pms;
110 size_t nlen, u;
111
112 xc = ctx->eng.x509ctx;
113 pk = (*xc)->get_pkey(xc, NULL);
114
115 /*
116 * Compute actual RSA key length, in case there are leading zeros.
117 */
118 n = pk->key.rsa.n;
119 nlen = pk->key.rsa.nlen;
120 while (nlen > 0 && *n == 0) {
121 n ++;
122 nlen --;
123 }
124
125 /*
126 * We need at least 59 bytes (48 bytes for pre-master secret, and
127 * 11 bytes for the PKCS#1 type 2 padding). Note that the X.509
128 * minimal engine normally blocks RSA keys shorter than 128 bytes,
129 * so this is mostly for public keys provided explicitly by the
130 * caller.
131 */
132 if (nlen < 59) {
133 return -BR_ERR_X509_WEAK_PUBLIC_KEY;
134 }
135 if (nlen > sizeof ctx->eng.pad) {
136 return -BR_ERR_LIMIT_EXCEEDED;
137 }
138
139 /*
140 * Make PMS.
141 */
142 pms = ctx->eng.pad + nlen - 48;
143 br_enc16be(pms, ctx->eng.version_max);
144 br_hmac_drbg_generate(&ctx->eng.rng, pms + 2, 46);
145 br_ssl_engine_compute_master(&ctx->eng, prf_id, pms, 48);
146
147 /*
148 * Apply PKCS#1 type 2 padding.
149 */
150 ctx->eng.pad[0] = 0x00;
151 ctx->eng.pad[1] = 0x02;
152 ctx->eng.pad[nlen - 49] = 0x00;
153 br_hmac_drbg_generate(&ctx->eng.rng, ctx->eng.pad + 2, nlen - 51);
154 for (u = 2; u < nlen - 49; u ++) {
155 while (ctx->eng.pad[u] == 0) {
156 br_hmac_drbg_generate(&ctx->eng.rng,
157 &ctx->eng.pad[u], 1);
158 }
159 }
160
161 /*
162 * Compute RSA encryption.
163 */
164 if (!ctx->irsapub(ctx->eng.pad, nlen, &pk->key.rsa)) {
165 return -BR_ERR_LIMIT_EXCEEDED;
166 }
167 return (int)nlen;
168 }
169
170 /*
171 * OID for hash functions in RSA signatures.
172 */
173 static const unsigned char *HASH_OID[] = {
174 BR_HASH_OID_SHA1,
175 BR_HASH_OID_SHA224,
176 BR_HASH_OID_SHA256,
177 BR_HASH_OID_SHA384,
178 BR_HASH_OID_SHA512
179 };
180
181 /*
182 * Check the RSA signature on the ServerKeyExchange message.
183 *
184 * hash hash function ID (2 to 6), or 0 for MD5+SHA-1 (with RSA only)
185 * use_rsa non-zero for RSA signature, zero for ECDSA
186 * sig_len signature length (in bytes); signature value is in the pad
187 *
188 * Returned value is 0 on success, or an error code.
189 */
190 static int
191 verify_SKE_sig(br_ssl_client_context *ctx,
192 int hash, int use_rsa, size_t sig_len)
193 {
194 const br_x509_class **xc;
195 const br_x509_pkey *pk;
196 br_multihash_context mhc;
197 unsigned char hv[64], head[4];
198 size_t hv_len;
199
200 xc = ctx->eng.x509ctx;
201 pk = (*xc)->get_pkey(xc, NULL);
202 br_multihash_zero(&mhc);
203 br_multihash_copyimpl(&mhc, &ctx->eng.mhash);
204 br_multihash_init(&mhc);
205 br_multihash_update(&mhc,
206 ctx->eng.client_random, sizeof ctx->eng.client_random);
207 br_multihash_update(&mhc,
208 ctx->eng.server_random, sizeof ctx->eng.server_random);
209 head[0] = 3;
210 head[1] = 0;
211 head[2] = ctx->eng.ecdhe_curve;
212 head[3] = ctx->eng.ecdhe_point_len;
213 br_multihash_update(&mhc, head, sizeof head);
214 br_multihash_update(&mhc,
215 ctx->eng.ecdhe_point, ctx->eng.ecdhe_point_len);
216 if (hash) {
217 hv_len = br_multihash_out(&mhc, hash, hv);
218 if (hv_len == 0) {
219 return BR_ERR_INVALID_ALGORITHM;
220 }
221 } else {
222 if (!br_multihash_out(&mhc, br_md5_ID, hv)
223 || !br_multihash_out(&mhc, br_sha1_ID, hv + 16))
224 {
225 return BR_ERR_INVALID_ALGORITHM;
226 }
227 hv_len = 36;
228 }
229 if (use_rsa) {
230 unsigned char tmp[64];
231 const unsigned char *hash_oid;
232
233 if (hash) {
234 hash_oid = HASH_OID[hash - 2];
235 } else {
236 hash_oid = NULL;
237 }
238 if (!ctx->eng.irsavrfy(ctx->eng.pad, sig_len,
239 hash_oid, hv_len, &pk->key.rsa, tmp)
240 || memcmp(tmp, hv, hv_len) != 0)
241 {
242 return BR_ERR_BAD_SIGNATURE;
243 }
244 } else {
245 if (!ctx->eng.iecdsa(ctx->eng.iec, hv, hv_len, &pk->key.ec,
246 ctx->eng.pad, sig_len))
247 {
248 return BR_ERR_BAD_SIGNATURE;
249 }
250 }
251 return 0;
252 }
253
254 /*
255 * Perform client-side ECDH (or ECDHE). The point that should be sent to
256 * the server is written in the pad; returned value is either the point
257 * length (in bytes), or -x on error, with 'x' being an error code.
258 *
259 * The point _from_ the server is taken from ecdhe_point[] if 'ecdhe'
260 * is non-zero, or from the X.509 engine context if 'ecdhe' is zero
261 * (for static ECDH).
262 */
263 static int
264 make_pms_ecdh(br_ssl_client_context *ctx, unsigned ecdhe, int prf_id)
265 {
266 int curve;
267 unsigned char key[66], point[133];
268 const unsigned char *order, *point_src;
269 size_t glen, olen, point_len, xoff, xlen;
270 unsigned char mask;
271
272 if (ecdhe) {
273 curve = ctx->eng.ecdhe_curve;
274 point_src = ctx->eng.ecdhe_point;
275 point_len = ctx->eng.ecdhe_point_len;
276 } else {
277 const br_x509_class **xc;
278 const br_x509_pkey *pk;
279
280 xc = ctx->eng.x509ctx;
281 pk = (*xc)->get_pkey(xc, NULL);
282 curve = pk->key.ec.curve;
283 point_src = pk->key.ec.q;
284 point_len = pk->key.ec.qlen;
285 }
286 if ((ctx->eng.iec->supported_curves & ((uint32_t)1 << curve)) == 0) {
287 return -BR_ERR_INVALID_ALGORITHM;
288 }
289
290 /*
291 * We need to generate our key, as a non-zero random value which
292 * is lower than the curve order, in a "large enough" range. We
293 * force top bit to 0 and bottom bit to 1, which guarantees that
294 * the value is in the proper range.
295 */
296 order = ctx->eng.iec->order(curve, &olen);
297 mask = 0xFF;
298 while (mask >= order[0]) {
299 mask >>= 1;
300 }
301 br_hmac_drbg_generate(&ctx->eng.rng, key, olen);
302 key[0] &= mask;
303 key[olen - 1] |= 0x01;
304
305 /*
306 * Compute the common ECDH point, whose X coordinate is the
307 * pre-master secret.
308 */
309 ctx->eng.iec->generator(curve, &glen);
310 if (glen != point_len) {
311 return -BR_ERR_INVALID_ALGORITHM;
312 }
313
314 memcpy(point, point_src, glen);
315 if (!ctx->eng.iec->mul(point, glen, key, olen, curve)) {
316 return -BR_ERR_INVALID_ALGORITHM;
317 }
318
319 /*
320 * The pre-master secret is the X coordinate.
321 */
322 xoff = ctx->eng.iec->xoff(curve, &xlen);
323 br_ssl_engine_compute_master(&ctx->eng, prf_id, point + xoff, xlen);
324
325 ctx->eng.iec->mulgen(point, key, olen, curve);
326 memcpy(ctx->eng.pad, point, glen);
327 return (int)glen;
328 }
329
330 /*
331 * Perform full static ECDH. This occurs only in the context of client
332 * authentication with certificates: the server uses an EC public key,
333 * the cipher suite is of type ECDH (not ECDHE), the server requested a
334 * client certificate and accepts static ECDH, the client has a
335 * certificate with an EC public key in the same curve, and accepts
336 * static ECDH as well.
337 *
338 * Returned value is 0 on success, -1 on error.
339 */
340 static int
341 make_pms_static_ecdh(br_ssl_client_context *ctx, int prf_id)
342 {
343 unsigned char point[133];
344 size_t point_len;
345 const br_x509_class **xc;
346 const br_x509_pkey *pk;
347
348 xc = ctx->eng.x509ctx;
349 pk = (*xc)->get_pkey(xc, NULL);
350 point_len = pk->key.ec.qlen;
351 if (point_len > sizeof point) {
352 return -1;
353 }
354 memcpy(point, pk->key.ec.q, point_len);
355 if (!(*ctx->client_auth_vtable)->do_keyx(
356 ctx->client_auth_vtable, point, &point_len))
357 {
358 return -1;
359 }
360 br_ssl_engine_compute_master(&ctx->eng,
361 prf_id, point, point_len);
362 return 0;
363 }
364
365 /*
366 * Compute the client-side signature. This is invoked only when a
367 * signature-based client authentication was selected. The computed
368 * signature is in the pad; its length (in bytes) is returned. On
369 * error, 0 is returned.
370 */
371 static size_t
372 make_client_sign(br_ssl_client_context *ctx)
373 {
374 size_t hv_len;
375
376 /*
377 * Compute hash of handshake messages so far. This "cannot" fail
378 * because the list of supported hash functions provided to the
379 * client certificate handler was trimmed to include only the
380 * hash functions that the multi-hasher supports.
381 */
382 if (ctx->hash_id) {
383 hv_len = br_multihash_out(&ctx->eng.mhash,
384 ctx->hash_id, ctx->eng.pad);
385 } else {
386 br_multihash_out(&ctx->eng.mhash,
387 br_md5_ID, ctx->eng.pad);
388 br_multihash_out(&ctx->eng.mhash,
389 br_sha1_ID, ctx->eng.pad + 16);
390 hv_len = 36;
391 }
392 return (*ctx->client_auth_vtable)->do_sign(
393 ctx->client_auth_vtable, ctx->hash_id, hv_len,
394 ctx->eng.pad, sizeof ctx->eng.pad);
395 }
396
397
398
399 static const unsigned char t0_datablock[] = {
400 0x00, 0x00, 0x0A, 0x00, 0x24, 0x00, 0x2F, 0x01, 0x24, 0x00, 0x35, 0x02,
401 0x24, 0x00, 0x3C, 0x01, 0x44, 0x00, 0x3D, 0x02, 0x44, 0x00, 0x9C, 0x03,
402 0x04, 0x00, 0x9D, 0x04, 0x05, 0xC0, 0x03, 0x40, 0x24, 0xC0, 0x04, 0x41,
403 0x24, 0xC0, 0x05, 0x42, 0x24, 0xC0, 0x08, 0x20, 0x24, 0xC0, 0x09, 0x21,
404 0x24, 0xC0, 0x0A, 0x22, 0x24, 0xC0, 0x0D, 0x30, 0x24, 0xC0, 0x0E, 0x31,
405 0x24, 0xC0, 0x0F, 0x32, 0x24, 0xC0, 0x12, 0x10, 0x24, 0xC0, 0x13, 0x11,
406 0x24, 0xC0, 0x14, 0x12, 0x24, 0xC0, 0x23, 0x21, 0x44, 0xC0, 0x24, 0x22,
407 0x55, 0xC0, 0x25, 0x41, 0x44, 0xC0, 0x26, 0x42, 0x55, 0xC0, 0x27, 0x11,
408 0x44, 0xC0, 0x28, 0x12, 0x55, 0xC0, 0x29, 0x31, 0x44, 0xC0, 0x2A, 0x32,
409 0x55, 0xC0, 0x2B, 0x23, 0x04, 0xC0, 0x2C, 0x24, 0x05, 0xC0, 0x2D, 0x43,
410 0x04, 0xC0, 0x2E, 0x44, 0x05, 0xC0, 0x2F, 0x13, 0x04, 0xC0, 0x30, 0x14,
411 0x05, 0xC0, 0x31, 0x33, 0x04, 0xC0, 0x32, 0x34, 0x05, 0xC0, 0x9C, 0x06,
412 0x04, 0xC0, 0x9D, 0x07, 0x04, 0xC0, 0xA0, 0x08, 0x04, 0xC0, 0xA1, 0x09,
413 0x04, 0xC0, 0xAC, 0x26, 0x04, 0xC0, 0xAD, 0x27, 0x04, 0xC0, 0xAE, 0x28,
414 0x04, 0xC0, 0xAF, 0x29, 0x04, 0xCC, 0xA8, 0x15, 0x04, 0xCC, 0xA9, 0x25,
415 0x04, 0x00, 0x00
416 };
417
418 static const unsigned char t0_codeblock[] = {
419 0x00, 0x01, 0x00, 0x0A, 0x00, 0x00, 0x01, 0x00, 0x0D, 0x00, 0x00, 0x01,
420 0x00, 0x0E, 0x00, 0x00, 0x01, 0x00, 0x0F, 0x00, 0x00, 0x01, 0x01, 0x08,
421 0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x02, 0x08, 0x00, 0x00,
422 0x01, 0x02, 0x09, 0x00, 0x00, 0x25, 0x25, 0x00, 0x00, 0x01,
423 T0_INT1(BR_ERR_BAD_CCS), 0x00, 0x00, 0x01,
424 T0_INT1(BR_ERR_BAD_CIPHER_SUITE), 0x00, 0x00, 0x01,
425 T0_INT1(BR_ERR_BAD_COMPRESSION), 0x00, 0x00, 0x01,
426 T0_INT1(BR_ERR_BAD_FINISHED), 0x00, 0x00, 0x01,
427 T0_INT1(BR_ERR_BAD_FRAGLEN), 0x00, 0x00, 0x01,
428 T0_INT1(BR_ERR_BAD_HANDSHAKE), 0x00, 0x00, 0x01,
429 T0_INT1(BR_ERR_BAD_HELLO_DONE), 0x00, 0x00, 0x01,
430 T0_INT1(BR_ERR_BAD_PARAM), 0x00, 0x00, 0x01,
431 T0_INT1(BR_ERR_BAD_SECRENEG), 0x00, 0x00, 0x01,
432 T0_INT1(BR_ERR_BAD_SNI), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_BAD_VERSION),
433 0x00, 0x00, 0x01, T0_INT1(BR_ERR_EXTRA_EXTENSION), 0x00, 0x00, 0x01,
434 T0_INT1(BR_ERR_INVALID_ALGORITHM), 0x00, 0x00, 0x01,
435 T0_INT1(BR_ERR_LIMIT_EXCEEDED), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OK),
436 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OVERSIZED_ID), 0x00, 0x00, 0x01,
437 T0_INT1(BR_ERR_RESUME_MISMATCH), 0x00, 0x00, 0x01,
438 T0_INT1(BR_ERR_UNEXPECTED), 0x00, 0x00, 0x01,
439 T0_INT1(BR_ERR_UNSUPPORTED_VERSION), 0x00, 0x00, 0x01,
440 T0_INT1(BR_ERR_WRONG_KEY_USAGE), 0x00, 0x00, 0x01,
441 T0_INT2(offsetof(br_ssl_engine_context, action)), 0x00, 0x00, 0x01,
442 T0_INT2(offsetof(br_ssl_engine_context, alert)), 0x00, 0x00, 0x01,
443 T0_INT2(offsetof(br_ssl_engine_context, application_data)), 0x00, 0x00,
444 0x01, T0_INT2(offsetof(br_ssl_client_context, auth_type)), 0x00, 0x00,
445 0x01,
446 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, cipher_suite)),
447 0x00, 0x00, 0x01,
448 T0_INT2(offsetof(br_ssl_engine_context, client_random)), 0x00, 0x00,
449 0x01, T0_INT2(offsetof(br_ssl_engine_context, close_received)), 0x00,
450 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_curve)),
451 0x00, 0x00, 0x01,
452 T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point)), 0x00, 0x00,
453 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point_len)), 0x00,
454 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, flags)), 0x00,
455 0x00, 0x01, T0_INT2(offsetof(br_ssl_client_context, hash_id)), 0x00,
456 0x00, 0x01, T0_INT2(offsetof(br_ssl_client_context, hashes)), 0x00,
457 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, log_max_frag_len)),
458 0x00, 0x00, 0x01,
459 T0_INT2(offsetof(br_ssl_client_context, min_clienthello_len)), 0x00,
460 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, pad)), 0x00, 0x00,
461 0x01, T0_INT2(offsetof(br_ssl_engine_context, protocol_names_num)),
462 0x00, 0x00, 0x01,
463 T0_INT2(offsetof(br_ssl_engine_context, record_type_in)), 0x00, 0x00,
464 0x01, T0_INT2(offsetof(br_ssl_engine_context, record_type_out)), 0x00,
465 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, reneg)), 0x00,
466 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, saved_finished)),
467 0x00, 0x00, 0x01,
468 T0_INT2(offsetof(br_ssl_engine_context, selected_protocol)), 0x00,
469 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, server_name)),
470 0x00, 0x00, 0x01,
471 T0_INT2(offsetof(br_ssl_engine_context, server_random)), 0x00, 0x00,
472 0x01,
473 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id)),
474 0x00, 0x00, 0x01,
475 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id_len)),
476 0x00, 0x00, 0x01,
477 T0_INT2(offsetof(br_ssl_engine_context, shutdown_recv)), 0x00, 0x00,
478 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_buf)), 0x00, 0x00,
479 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_num)), 0x00, 0x00,
480 0x01,
481 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, version)),
482 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_in)),
483 0x00, 0x00, 0x01,
484 T0_INT2(offsetof(br_ssl_engine_context, version_max)), 0x00, 0x00,
485 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_min)), 0x00,
486 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_out)),
487 0x00, 0x00, 0x09, 0x26, 0x58, 0x06, 0x02, 0x68, 0x28, 0x00, 0x00, 0x06,
488 0x08, 0x2C, 0x0E, 0x05, 0x02, 0x71, 0x28, 0x04, 0x01, 0x3C, 0x00, 0x00,
489 0x01, 0x01, 0x00, 0x01, 0x03, 0x00, 0x99, 0x26, 0x5E, 0x44, 0x9D, 0x26,
490 0x05, 0x04, 0x60, 0x01, 0x00, 0x00, 0x02, 0x00, 0x0E, 0x06, 0x02, 0x9D,
491 0x00, 0x5E, 0x04, 0x6B, 0x00, 0x06, 0x02, 0x68, 0x28, 0x00, 0x00, 0x26,
492 0x89, 0x44, 0x05, 0x03, 0x01, 0x0C, 0x08, 0x44, 0x79, 0x2C, 0xAB, 0x1C,
493 0x84, 0x01, 0x0C, 0x31, 0x00, 0x00, 0x26, 0x1F, 0x01, 0x08, 0x0B, 0x44,
494 0x5C, 0x1F, 0x08, 0x00, 0x01, 0x03, 0x00, 0x77, 0x2E, 0x02, 0x00, 0x36,
495 0x17, 0x01, 0x01, 0x0B, 0x77, 0x3E, 0x29, 0x1A, 0x36, 0x06, 0x07, 0x02,
496 0x00, 0xCF, 0x03, 0x00, 0x04, 0x75, 0x01, 0x00, 0xC5, 0x02, 0x00, 0x26,
497 0x1A, 0x17, 0x06, 0x02, 0x6F, 0x28, 0xCF, 0x04, 0x76, 0x01, 0x01, 0x00,
498 0x77, 0x3E, 0x01, 0x16, 0x87, 0x3E, 0x01, 0x00, 0x8A, 0x3C, 0x34, 0xD5,
499 0x29, 0xB4, 0x06, 0x09, 0x01, 0x7F, 0xAF, 0x01, 0x7F, 0xD2, 0x04, 0x80,
500 0x53, 0xB1, 0x79, 0x2C, 0xA1, 0x01, T0_INT1(BR_KEYTYPE_SIGN), 0x17,
501 0x06, 0x01, 0xB5, 0xB8, 0x26, 0x01, 0x0D, 0x0E, 0x06, 0x07, 0x25, 0xB7,
502 0xB8, 0x01, 0x7F, 0x04, 0x02, 0x01, 0x00, 0x03, 0x00, 0x01, 0x0E, 0x0E,
503 0x05, 0x02, 0x72, 0x28, 0x06, 0x02, 0x67, 0x28, 0x33, 0x06, 0x02, 0x72,
504 0x28, 0x02, 0x00, 0x06, 0x1C, 0xD3, 0x80, 0x2E, 0x01, 0x81, 0x7F, 0x0E,
505 0x06, 0x0D, 0x25, 0x01, 0x10, 0xDE, 0x01, 0x00, 0xDD, 0x79, 0x2C, 0xAB,
506 0x24, 0x04, 0x04, 0xD6, 0x06, 0x01, 0xD4, 0x04, 0x01, 0xD6, 0x01, 0x7F,
507 0xD2, 0x01, 0x7F, 0xAF, 0x01, 0x01, 0x77, 0x3E, 0x01, 0x17, 0x87, 0x3E,
508 0x00, 0x00, 0x38, 0x38, 0x00, 0x00, 0x9A, 0x01, 0x0C, 0x11, 0x01, 0x00,
509 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
510 T0_INT1(BR_KEYTYPE_RSA | BR_KEYTYPE_KEYX), 0x04, 0x30, 0x01, 0x01,
511 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
512 T0_INT1(BR_KEYTYPE_RSA | BR_KEYTYPE_SIGN), 0x04, 0x25, 0x01, 0x02,
513 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
514 T0_INT1(BR_KEYTYPE_EC | BR_KEYTYPE_SIGN), 0x04, 0x1A, 0x01, 0x03,
515 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
516 T0_INT1(BR_KEYTYPE_EC | BR_KEYTYPE_KEYX), 0x04, 0x0F, 0x01, 0x04,
517 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
518 T0_INT1(BR_KEYTYPE_EC | BR_KEYTYPE_KEYX), 0x04, 0x04, 0x01, 0x00,
519 0x44, 0x25, 0x00, 0x00, 0x82, 0x2E, 0x01, 0x0E, 0x0E, 0x06, 0x04, 0x01,
520 0x00, 0x04, 0x02, 0x01, 0x05, 0x00, 0x00, 0x40, 0x06, 0x04, 0x01, 0x06,
521 0x04, 0x02, 0x01, 0x00, 0x00, 0x00, 0x88, 0x2E, 0x26, 0x06, 0x08, 0x01,
522 0x01, 0x09, 0x01, 0x11, 0x07, 0x04, 0x03, 0x25, 0x01, 0x05, 0x00, 0x01,
523 0x41, 0x03, 0x00, 0x25, 0x01, 0x00, 0x43, 0x06, 0x03, 0x02, 0x00, 0x08,
524 0x42, 0x06, 0x03, 0x02, 0x00, 0x08, 0x26, 0x06, 0x06, 0x01, 0x01, 0x0B,
525 0x01, 0x06, 0x08, 0x00, 0x00, 0x8B, 0x3F, 0x26, 0x06, 0x03, 0x01, 0x09,
526 0x08, 0x00, 0x01, 0x40, 0x26, 0x06, 0x1E, 0x01, 0x00, 0x03, 0x00, 0x26,
527 0x06, 0x0E, 0x26, 0x01, 0x01, 0x17, 0x02, 0x00, 0x08, 0x03, 0x00, 0x01,
528 0x01, 0x11, 0x04, 0x6F, 0x25, 0x02, 0x00, 0x01, 0x01, 0x0B, 0x01, 0x06,
529 0x08, 0x00, 0x00, 0x7F, 0x2D, 0x44, 0x11, 0x01, 0x01, 0x17, 0x35, 0x00,
530 0x00, 0x9F, 0xCE, 0x26, 0x01, 0x07, 0x17, 0x01, 0x00, 0x38, 0x0E, 0x06,
531 0x09, 0x25, 0x01, 0x10, 0x17, 0x06, 0x01, 0x9F, 0x04, 0x35, 0x01, 0x01,
532 0x38, 0x0E, 0x06, 0x2C, 0x25, 0x25, 0x01, 0x00, 0x77, 0x3E, 0xB3, 0x88,
533 0x2E, 0x01, 0x01, 0x0E, 0x01, 0x01, 0xA8, 0x37, 0x06, 0x17, 0x29, 0x1A,
534 0x36, 0x06, 0x04, 0xCE, 0x25, 0x04, 0x78, 0x01, 0x80, 0x64, 0xC5, 0x01,
535 0x01, 0x77, 0x3E, 0x01, 0x17, 0x87, 0x3E, 0x04, 0x01, 0x9F, 0x04, 0x03,
536 0x72, 0x28, 0x25, 0x04, 0xFF, 0x34, 0x01, 0x26, 0x03, 0x00, 0x09, 0x26,
537 0x58, 0x06, 0x02, 0x68, 0x28, 0x02, 0x00, 0x00, 0x00, 0x9A, 0x01, 0x0F,
538 0x17, 0x00, 0x00, 0x76, 0x2E, 0x01, 0x00, 0x38, 0x0E, 0x06, 0x10, 0x25,
539 0x26, 0x01, 0x01, 0x0D, 0x06, 0x03, 0x25, 0x01, 0x02, 0x76, 0x3E, 0x01,
540 0x00, 0x04, 0x21, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x14, 0x25, 0x01, 0x00,
541 0x76, 0x3E, 0x26, 0x01, 0x80, 0x64, 0x0E, 0x06, 0x05, 0x01, 0x82, 0x00,
542 0x08, 0x28, 0x5A, 0x04, 0x07, 0x25, 0x01, 0x82, 0x00, 0x08, 0x28, 0x25,
543 0x00, 0x00, 0x01, 0x00, 0x2F, 0x06, 0x05, 0x3A, 0xAC, 0x37, 0x04, 0x78,
544 0x26, 0x06, 0x04, 0x01, 0x01, 0x8F, 0x3E, 0x00, 0x01, 0xBF, 0xAA, 0xBF,
545 0xAA, 0xC1, 0x84, 0x44, 0x26, 0x03, 0x00, 0xB6, 0x9B, 0x9B, 0x02, 0x00,
546 0x4D, 0x26, 0x58, 0x06, 0x0A, 0x01, 0x03, 0xA8, 0x06, 0x02, 0x72, 0x28,
547 0x25, 0x04, 0x03, 0x5C, 0x8A, 0x3C, 0x00, 0x00, 0x2F, 0x06, 0x0B, 0x86,
548 0x2E, 0x01, 0x14, 0x0D, 0x06, 0x02, 0x72, 0x28, 0x04, 0x11, 0xCE, 0x01,
549 0x07, 0x17, 0x26, 0x01, 0x02, 0x0D, 0x06, 0x06, 0x06, 0x02, 0x72, 0x28,
550 0x04, 0x70, 0x25, 0xC2, 0x01, 0x01, 0x0D, 0x33, 0x37, 0x06, 0x02, 0x61,
551 0x28, 0x26, 0x01, 0x01, 0xC8, 0x36, 0xB2, 0x00, 0x01, 0xB8, 0x01, 0x0B,
552 0x0E, 0x05, 0x02, 0x72, 0x28, 0x26, 0x01, 0x03, 0x0E, 0x06, 0x08, 0xC0,
553 0x06, 0x02, 0x68, 0x28, 0x44, 0x25, 0x00, 0x44, 0x57, 0xC0, 0xAA, 0x26,
554 0x06, 0x23, 0xC0, 0xAA, 0x26, 0x56, 0x26, 0x06, 0x18, 0x26, 0x01, 0x82,
555 0x00, 0x0F, 0x06, 0x05, 0x01, 0x82, 0x00, 0x04, 0x01, 0x26, 0x03, 0x00,
556 0x84, 0x02, 0x00, 0xB6, 0x02, 0x00, 0x53, 0x04, 0x65, 0x9B, 0x54, 0x04,
557 0x5A, 0x9B, 0x9B, 0x55, 0x26, 0x06, 0x02, 0x35, 0x00, 0x25, 0x2B, 0x00,
558 0x00, 0x79, 0x2C, 0xA1, 0x01, 0x7F, 0xB0, 0x26, 0x58, 0x06, 0x02, 0x35,
559 0x28, 0x26, 0x05, 0x02, 0x72, 0x28, 0x38, 0x17, 0x0D, 0x06, 0x02, 0x74,
560 0x28, 0x3B, 0x00, 0x00, 0x9C, 0xB8, 0x01, 0x14, 0x0D, 0x06, 0x02, 0x72,
561 0x28, 0x84, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0xB6, 0x9B, 0x84, 0x26, 0x01,
562 0x0C, 0x08, 0x01, 0x0C, 0x30, 0x05, 0x02, 0x64, 0x28, 0x00, 0x00, 0xB9,
563 0x06, 0x02, 0x72, 0x28, 0x06, 0x02, 0x66, 0x28, 0x00, 0x0A, 0xB8, 0x01,
564 0x02, 0x0E, 0x05, 0x02, 0x72, 0x28, 0xBF, 0x03, 0x00, 0x02, 0x00, 0x95,
565 0x2C, 0x0A, 0x02, 0x00, 0x94, 0x2C, 0x0F, 0x37, 0x06, 0x02, 0x73, 0x28,
566 0x02, 0x00, 0x93, 0x2C, 0x0D, 0x06, 0x02, 0x6B, 0x28, 0x02, 0x00, 0x96,
567 0x3C, 0x8C, 0x01, 0x20, 0xB6, 0x01, 0x00, 0x03, 0x01, 0xC1, 0x03, 0x02,
568 0x02, 0x02, 0x01, 0x20, 0x0F, 0x06, 0x02, 0x70, 0x28, 0x84, 0x02, 0x02,
569 0xB6, 0x02, 0x02, 0x8E, 0x2E, 0x0E, 0x02, 0x02, 0x01, 0x00, 0x0F, 0x17,
570 0x06, 0x0B, 0x8D, 0x84, 0x02, 0x02, 0x30, 0x06, 0x04, 0x01, 0x7F, 0x03,
571 0x01, 0x8D, 0x84, 0x02, 0x02, 0x31, 0x02, 0x02, 0x8E, 0x3E, 0x02, 0x00,
572 0x92, 0x02, 0x01, 0x98, 0xBF, 0x26, 0xC3, 0x58, 0x06, 0x02, 0x62, 0x28,
573 0x26, 0xCD, 0x02, 0x00, 0x01, 0x86, 0x03, 0x0A, 0x17, 0x06, 0x02, 0x62,
574 0x28, 0x79, 0x02, 0x01, 0x98, 0xC1, 0x06, 0x02, 0x63, 0x28, 0x26, 0x06,
575 0x81, 0x47, 0xBF, 0xAA, 0xA6, 0x03, 0x03, 0xA4, 0x03, 0x04, 0xA2, 0x03,
576 0x05, 0xA5, 0x03, 0x06, 0xA7, 0x03, 0x07, 0xA3, 0x03, 0x08, 0x27, 0x03,
577 0x09, 0x26, 0x06, 0x81, 0x18, 0xBF, 0x01, 0x00, 0x38, 0x0E, 0x06, 0x0F,
578 0x25, 0x02, 0x03, 0x05, 0x02, 0x6C, 0x28, 0x01, 0x00, 0x03, 0x03, 0xBE,
579 0x04, 0x80, 0x7F, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x0F, 0x25, 0x02, 0x05,
580 0x05, 0x02, 0x6C, 0x28, 0x01, 0x00, 0x03, 0x05, 0xBC, 0x04, 0x80, 0x6A,
581 0x01, 0x83, 0xFE, 0x01, 0x38, 0x0E, 0x06, 0x0F, 0x25, 0x02, 0x04, 0x05,
582 0x02, 0x6C, 0x28, 0x01, 0x00, 0x03, 0x04, 0xBD, 0x04, 0x80, 0x53, 0x01,
583 0x0D, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x06, 0x05, 0x02, 0x6C, 0x28,
584 0x01, 0x00, 0x03, 0x06, 0xBA, 0x04, 0x3F, 0x01, 0x0A, 0x38, 0x0E, 0x06,
585 0x0E, 0x25, 0x02, 0x07, 0x05, 0x02, 0x6C, 0x28, 0x01, 0x00, 0x03, 0x07,
586 0xBA, 0x04, 0x2B, 0x01, 0x0B, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x08,
587 0x05, 0x02, 0x6C, 0x28, 0x01, 0x00, 0x03, 0x08, 0xBA, 0x04, 0x17, 0x01,
588 0x10, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x09, 0x05, 0x02, 0x6C, 0x28,
589 0x01, 0x00, 0x03, 0x09, 0xAE, 0x04, 0x03, 0x6C, 0x28, 0x25, 0x04, 0xFE,
590 0x64, 0x02, 0x04, 0x06, 0x0D, 0x02, 0x04, 0x01, 0x05, 0x0F, 0x06, 0x02,
591 0x69, 0x28, 0x01, 0x01, 0x88, 0x3E, 0x9B, 0x04, 0x0C, 0xA4, 0x01, 0x05,
592 0x0F, 0x06, 0x02, 0x69, 0x28, 0x01, 0x01, 0x88, 0x3E, 0x9B, 0x02, 0x01,
593 0x00, 0x04, 0xB8, 0x01, 0x0C, 0x0E, 0x05, 0x02, 0x72, 0x28, 0xC1, 0x01,
594 0x03, 0x0E, 0x05, 0x02, 0x6D, 0x28, 0xBF, 0x26, 0x7C, 0x3E, 0x26, 0x01,
595 0x20, 0x10, 0x06, 0x02, 0x6D, 0x28, 0x40, 0x44, 0x11, 0x01, 0x01, 0x17,
596 0x05, 0x02, 0x6D, 0x28, 0xC1, 0x26, 0x01, 0x81, 0x05, 0x0F, 0x06, 0x02,
597 0x6D, 0x28, 0x26, 0x7E, 0x3E, 0x7D, 0x44, 0xB6, 0x92, 0x2C, 0x01, 0x86,
598 0x03, 0x10, 0x03, 0x00, 0x79, 0x2C, 0xCB, 0x03, 0x01, 0x01, 0x02, 0x03,
599 0x02, 0x02, 0x00, 0x06, 0x21, 0xC1, 0x26, 0x26, 0x01, 0x02, 0x0A, 0x44,
600 0x01, 0x06, 0x0F, 0x37, 0x06, 0x02, 0x6D, 0x28, 0x03, 0x02, 0xC1, 0x02,
601 0x01, 0x01, 0x01, 0x0B, 0x01, 0x03, 0x08, 0x0E, 0x05, 0x02, 0x6D, 0x28,
602 0x04, 0x08, 0x02, 0x01, 0x06, 0x04, 0x01, 0x00, 0x03, 0x02, 0xBF, 0x26,
603 0x03, 0x03, 0x26, 0x01, 0x84, 0x00, 0x0F, 0x06, 0x02, 0x6E, 0x28, 0x84,
604 0x44, 0xB6, 0x02, 0x02, 0x02, 0x01, 0x02, 0x03, 0x50, 0x26, 0x06, 0x01,
605 0x28, 0x25, 0x9B, 0x00, 0x02, 0x03, 0x00, 0x03, 0x01, 0x02, 0x00, 0x97,
606 0x02, 0x01, 0x02, 0x00, 0x39, 0x26, 0x01, 0x00, 0x0E, 0x06, 0x02, 0x60,
607 0x00, 0xD0, 0x04, 0x74, 0x02, 0x01, 0x00, 0x03, 0x00, 0xC1, 0xAA, 0x26,
608 0x06, 0x80, 0x43, 0xC1, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x06, 0x25, 0x01,
609 0x81, 0x7F, 0x04, 0x2E, 0x01, 0x80, 0x40, 0x38, 0x0E, 0x06, 0x07, 0x25,
610 0x01, 0x83, 0xFE, 0x00, 0x04, 0x20, 0x01, 0x80, 0x41, 0x38, 0x0E, 0x06,
611 0x07, 0x25, 0x01, 0x84, 0x80, 0x00, 0x04, 0x12, 0x01, 0x80, 0x42, 0x38,
612 0x0E, 0x06, 0x07, 0x25, 0x01, 0x88, 0x80, 0x00, 0x04, 0x04, 0x01, 0x00,
613 0x44, 0x25, 0x02, 0x00, 0x37, 0x03, 0x00, 0x04, 0xFF, 0x39, 0x9B, 0x79,
614 0x2C, 0xC9, 0x05, 0x09, 0x02, 0x00, 0x01, 0x83, 0xFF, 0x7F, 0x17, 0x03,
615 0x00, 0x92, 0x2C, 0x01, 0x86, 0x03, 0x10, 0x06, 0x3A, 0xBB, 0x26, 0x81,
616 0x3D, 0x41, 0x25, 0x26, 0x01, 0x08, 0x0B, 0x37, 0x01, 0x8C, 0x80, 0x00,
617 0x37, 0x17, 0x02, 0x00, 0x17, 0x02, 0x00, 0x01, 0x8C, 0x80, 0x00, 0x17,
618 0x06, 0x19, 0x26, 0x01, 0x81, 0x7F, 0x17, 0x06, 0x05, 0x01, 0x84, 0x80,
619 0x00, 0x37, 0x26, 0x01, 0x83, 0xFE, 0x00, 0x17, 0x06, 0x05, 0x01, 0x88,
620 0x80, 0x00, 0x37, 0x03, 0x00, 0x04, 0x09, 0x02, 0x00, 0x01, 0x8C, 0x88,
621 0x01, 0x17, 0x03, 0x00, 0x16, 0xBF, 0xAA, 0x26, 0x06, 0x23, 0xBF, 0xAA,
622 0x26, 0x15, 0x26, 0x06, 0x18, 0x26, 0x01, 0x82, 0x00, 0x0F, 0x06, 0x05,
623 0x01, 0x82, 0x00, 0x04, 0x01, 0x26, 0x03, 0x01, 0x84, 0x02, 0x01, 0xB6,
624 0x02, 0x01, 0x12, 0x04, 0x65, 0x9B, 0x13, 0x04, 0x5A, 0x9B, 0x14, 0x9B,
625 0x02, 0x00, 0x2A, 0x00, 0x00, 0xB9, 0x26, 0x5A, 0x06, 0x07, 0x25, 0x06,
626 0x02, 0x66, 0x28, 0x04, 0x74, 0x00, 0x00, 0xC2, 0x01, 0x03, 0xC0, 0x44,
627 0x25, 0x44, 0x00, 0x00, 0xBF, 0xC6, 0x00, 0x03, 0x01, 0x00, 0x03, 0x00,
628 0xBF, 0xAA, 0x26, 0x06, 0x80, 0x50, 0xC1, 0x03, 0x01, 0xC1, 0x03, 0x02,
629 0x02, 0x01, 0x01, 0x08, 0x0E, 0x06, 0x16, 0x02, 0x02, 0x01, 0x0F, 0x0C,
630 0x06, 0x0D, 0x01, 0x01, 0x02, 0x02, 0x01, 0x10, 0x08, 0x0B, 0x02, 0x00,
631 0x37, 0x03, 0x00, 0x04, 0x2A, 0x02, 0x01, 0x01, 0x02, 0x10, 0x02, 0x01,
632 0x01, 0x06, 0x0C, 0x17, 0x02, 0x02, 0x01, 0x01, 0x0E, 0x02, 0x02, 0x01,
633 0x03, 0x0E, 0x37, 0x17, 0x06, 0x11, 0x02, 0x00, 0x01, 0x01, 0x02, 0x02,
634 0x5D, 0x01, 0x02, 0x0B, 0x02, 0x01, 0x08, 0x0B, 0x37, 0x03, 0x00, 0x04,
635 0xFF, 0x2C, 0x9B, 0x02, 0x00, 0x00, 0x00, 0xBF, 0x01, 0x01, 0x0E, 0x05,
636 0x02, 0x65, 0x28, 0xC1, 0x01, 0x08, 0x08, 0x82, 0x2E, 0x0E, 0x05, 0x02,
637 0x65, 0x28, 0x00, 0x00, 0xBF, 0x88, 0x2E, 0x05, 0x15, 0x01, 0x01, 0x0E,
638 0x05, 0x02, 0x69, 0x28, 0xC1, 0x01, 0x00, 0x0E, 0x05, 0x02, 0x69, 0x28,
639 0x01, 0x02, 0x88, 0x3E, 0x04, 0x1C, 0x01, 0x19, 0x0E, 0x05, 0x02, 0x69,
640 0x28, 0xC1, 0x01, 0x18, 0x0E, 0x05, 0x02, 0x69, 0x28, 0x84, 0x01, 0x18,
641 0xB6, 0x89, 0x84, 0x01, 0x18, 0x30, 0x05, 0x02, 0x69, 0x28, 0x00, 0x00,
642 0xBF, 0x06, 0x02, 0x6A, 0x28, 0x00, 0x00, 0x01, 0x02, 0x97, 0xC2, 0x01,
643 0x08, 0x0B, 0xC2, 0x08, 0x00, 0x00, 0x01, 0x03, 0x97, 0xC2, 0x01, 0x08,
644 0x0B, 0xC2, 0x08, 0x01, 0x08, 0x0B, 0xC2, 0x08, 0x00, 0x00, 0x01, 0x01,
645 0x97, 0xC2, 0x00, 0x00, 0x3A, 0x26, 0x58, 0x05, 0x01, 0x00, 0x25, 0xD0,
646 0x04, 0x76, 0x02, 0x03, 0x00, 0x91, 0x2E, 0x03, 0x01, 0x01, 0x00, 0x26,
647 0x02, 0x01, 0x0A, 0x06, 0x10, 0x26, 0x01, 0x01, 0x0B, 0x90, 0x08, 0x2C,
648 0x02, 0x00, 0x0E, 0x06, 0x01, 0x00, 0x5C, 0x04, 0x6A, 0x25, 0x01, 0x7F,
649 0x00, 0x00, 0x01, 0x15, 0x87, 0x3E, 0x44, 0x52, 0x25, 0x52, 0x25, 0x29,
650 0x00, 0x00, 0x01, 0x01, 0x44, 0xC4, 0x00, 0x00, 0x44, 0x38, 0x97, 0x44,
651 0x26, 0x06, 0x05, 0xC2, 0x25, 0x5D, 0x04, 0x78, 0x25, 0x00, 0x00, 0x26,
652 0x01, 0x81, 0xAC, 0x00, 0x0E, 0x06, 0x04, 0x25, 0x01, 0x7F, 0x00, 0x9A,
653 0x59, 0x00, 0x02, 0x03, 0x00, 0x79, 0x2C, 0x9A, 0x03, 0x01, 0x02, 0x01,
654 0x01, 0x0F, 0x17, 0x02, 0x01, 0x01, 0x04, 0x11, 0x01, 0x0F, 0x17, 0x02,
655 0x01, 0x01, 0x08, 0x11, 0x01, 0x0F, 0x17, 0x01, 0x00, 0x38, 0x0E, 0x06,
656 0x10, 0x25, 0x01, 0x00, 0x01, 0x18, 0x02, 0x00, 0x06, 0x03, 0x49, 0x04,
657 0x01, 0x4A, 0x04, 0x81, 0x0D, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x10, 0x25,
658 0x01, 0x01, 0x01, 0x10, 0x02, 0x00, 0x06, 0x03, 0x49, 0x04, 0x01, 0x4A,
659 0x04, 0x80, 0x77, 0x01, 0x02, 0x38, 0x0E, 0x06, 0x10, 0x25, 0x01, 0x01,
660 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x49, 0x04, 0x01, 0x4A, 0x04, 0x80,
661 0x61, 0x01, 0x03, 0x38, 0x0E, 0x06, 0x0F, 0x25, 0x25, 0x01, 0x10, 0x02,
662 0x00, 0x06, 0x03, 0x47, 0x04, 0x01, 0x48, 0x04, 0x80, 0x4C, 0x01, 0x04,
663 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x25, 0x01, 0x20, 0x02, 0x00, 0x06, 0x03,
664 0x47, 0x04, 0x01, 0x48, 0x04, 0x38, 0x01, 0x05, 0x38, 0x0E, 0x06, 0x0C,
665 0x25, 0x25, 0x02, 0x00, 0x06, 0x03, 0x4B, 0x04, 0x01, 0x4C, 0x04, 0x26,
666 0x26, 0x01, 0x09, 0x0F, 0x06, 0x02, 0x68, 0x28, 0x44, 0x25, 0x26, 0x01,
667 0x01, 0x17, 0x01, 0x04, 0x0B, 0x01, 0x10, 0x08, 0x44, 0x01, 0x08, 0x17,
668 0x01, 0x10, 0x44, 0x09, 0x02, 0x00, 0x06, 0x03, 0x45, 0x04, 0x01, 0x46,
669 0x00, 0x25, 0x00, 0x00, 0x9A, 0x01, 0x0C, 0x11, 0x01, 0x02, 0x0F, 0x00,
670 0x00, 0x9A, 0x01, 0x0C, 0x11, 0x26, 0x5B, 0x44, 0x01, 0x03, 0x0A, 0x17,
671 0x00, 0x00, 0x9A, 0x01, 0x0C, 0x11, 0x01, 0x01, 0x0E, 0x00, 0x00, 0x9A,
672 0x01, 0x0C, 0x11, 0x5A, 0x00, 0x00, 0x9A, 0x01, 0x81, 0x70, 0x17, 0x01,
673 0x20, 0x0D, 0x00, 0x00, 0x1B, 0x01, 0x00, 0x75, 0x2E, 0x26, 0x06, 0x22,
674 0x01, 0x01, 0x38, 0x0E, 0x06, 0x06, 0x25, 0x01, 0x00, 0x9E, 0x04, 0x14,
675 0x01, 0x02, 0x38, 0x0E, 0x06, 0x0D, 0x25, 0x77, 0x2E, 0x01, 0x01, 0x0E,
676 0x06, 0x03, 0x01, 0x10, 0x37, 0x04, 0x01, 0x25, 0x04, 0x01, 0x25, 0x7B,
677 0x2E, 0x05, 0x33, 0x2F, 0x06, 0x30, 0x86, 0x2E, 0x01, 0x14, 0x38, 0x0E,
678 0x06, 0x06, 0x25, 0x01, 0x02, 0x37, 0x04, 0x22, 0x01, 0x15, 0x38, 0x0E,
679 0x06, 0x09, 0x25, 0xAD, 0x06, 0x03, 0x01, 0x7F, 0x9E, 0x04, 0x13, 0x01,
680 0x16, 0x38, 0x0E, 0x06, 0x06, 0x25, 0x01, 0x01, 0x37, 0x04, 0x07, 0x25,
681 0x01, 0x04, 0x37, 0x01, 0x00, 0x25, 0x1A, 0x06, 0x03, 0x01, 0x08, 0x37,
682 0x00, 0x00, 0x1B, 0x26, 0x05, 0x13, 0x2F, 0x06, 0x10, 0x86, 0x2E, 0x01,
683 0x15, 0x0E, 0x06, 0x08, 0x25, 0xAD, 0x01, 0x00, 0x77, 0x3E, 0x04, 0x01,
684 0x20, 0x00, 0x00, 0xCE, 0x01, 0x07, 0x17, 0x01, 0x01, 0x0F, 0x06, 0x02,
685 0x72, 0x28, 0x00, 0x01, 0x03, 0x00, 0x29, 0x1A, 0x06, 0x05, 0x02, 0x00,
686 0x87, 0x3E, 0x00, 0xCE, 0x25, 0x04, 0x74, 0x00, 0x01, 0x14, 0xD1, 0x01,
687 0x01, 0xDE, 0x29, 0x26, 0x01, 0x00, 0xC8, 0x01, 0x16, 0xD1, 0xD7, 0x29,
688 0x00, 0x00, 0x01, 0x0B, 0xDE, 0x4E, 0x26, 0x26, 0x01, 0x03, 0x08, 0xDD,
689 0xDD, 0x18, 0x26, 0x58, 0x06, 0x02, 0x25, 0x00, 0xDD, 0x1D, 0x26, 0x06,
690 0x05, 0x84, 0x44, 0xD8, 0x04, 0x77, 0x25, 0x04, 0x6C, 0x00, 0x21, 0x01,
691 0x0F, 0xDE, 0x26, 0x92, 0x2C, 0x01, 0x86, 0x03, 0x10, 0x06, 0x0C, 0x01,
692 0x04, 0x08, 0xDD, 0x80, 0x2E, 0xDE, 0x78, 0x2E, 0xDE, 0x04, 0x02, 0x5E,
693 0xDD, 0x26, 0xDC, 0x84, 0x44, 0xD8, 0x00, 0x02, 0xA4, 0xA6, 0x08, 0xA2,
694 0x08, 0xA5, 0x08, 0xA7, 0x08, 0xA3, 0x08, 0x27, 0x08, 0x03, 0x00, 0x01,
695 0x01, 0xDE, 0x01, 0x27, 0x8E, 0x2E, 0x08, 0x91, 0x2E, 0x01, 0x01, 0x0B,
696 0x08, 0x02, 0x00, 0x06, 0x04, 0x5E, 0x02, 0x00, 0x08, 0x83, 0x2C, 0x38,
697 0x09, 0x26, 0x5B, 0x06, 0x24, 0x02, 0x00, 0x05, 0x04, 0x44, 0x5E, 0x44,
698 0x5F, 0x01, 0x04, 0x09, 0x26, 0x58, 0x06, 0x03, 0x25, 0x01, 0x00, 0x26,
699 0x01, 0x04, 0x08, 0x02, 0x00, 0x08, 0x03, 0x00, 0x44, 0x01, 0x04, 0x08,
700 0x38, 0x08, 0x44, 0x04, 0x03, 0x25, 0x01, 0x7F, 0x03, 0x01, 0xDD, 0x94,
701 0x2C, 0xDC, 0x7A, 0x01, 0x04, 0x19, 0x7A, 0x01, 0x04, 0x08, 0x01, 0x1C,
702 0x32, 0x7A, 0x01, 0x20, 0xD8, 0x8D, 0x8E, 0x2E, 0xDA, 0x91, 0x2E, 0x26,
703 0x01, 0x01, 0x0B, 0xDC, 0x90, 0x44, 0x26, 0x06, 0x0F, 0x5D, 0x38, 0x2C,
704 0x26, 0xC7, 0x05, 0x02, 0x62, 0x28, 0xDC, 0x44, 0x5E, 0x44, 0x04, 0x6E,
705 0x60, 0x01, 0x01, 0xDE, 0x01, 0x00, 0xDE, 0x02, 0x00, 0x06, 0x81, 0x5A,
706 0x02, 0x00, 0xDC, 0xA4, 0x06, 0x0E, 0x01, 0x83, 0xFE, 0x01, 0xDC, 0x89,
707 0xA4, 0x01, 0x04, 0x09, 0x26, 0xDC, 0x5D, 0xDA, 0xA6, 0x06, 0x16, 0x01,
708 0x00, 0xDC, 0x8B, 0xA6, 0x01, 0x04, 0x09, 0x26, 0xDC, 0x01, 0x02, 0x09,
709 0x26, 0xDC, 0x01, 0x00, 0xDE, 0x01, 0x03, 0x09, 0xD9, 0xA2, 0x06, 0x0C,
710 0x01, 0x01, 0xDC, 0x01, 0x01, 0xDC, 0x82, 0x2E, 0x01, 0x08, 0x09, 0xDE,
711 0xA5, 0x06, 0x19, 0x01, 0x0D, 0xDC, 0xA5, 0x01, 0x04, 0x09, 0x26, 0xDC,
712 0x01, 0x02, 0x09, 0xDC, 0x42, 0x06, 0x03, 0x01, 0x03, 0xDB, 0x43, 0x06,
713 0x03, 0x01, 0x01, 0xDB, 0xA7, 0x26, 0x06, 0x36, 0x01, 0x0A, 0xDC, 0x01,
714 0x04, 0x09, 0x26, 0xDC, 0x5F, 0xDC, 0x40, 0x01, 0x00, 0x26, 0x01, 0x82,
715 0x80, 0x80, 0x80, 0x00, 0x17, 0x06, 0x0A, 0x01, 0xFD, 0xFF, 0xFF, 0xFF,
716 0x7F, 0x17, 0x01, 0x1D, 0xDC, 0x26, 0x01, 0x20, 0x0A, 0x06, 0x0C, 0xA0,
717 0x11, 0x01, 0x01, 0x17, 0x06, 0x02, 0x26, 0xDC, 0x5C, 0x04, 0x6E, 0x60,
718 0x04, 0x01, 0x25, 0xA3, 0x06, 0x0A, 0x01, 0x0B, 0xDC, 0x01, 0x02, 0xDC,
719 0x01, 0x82, 0x00, 0xDC, 0x27, 0x26, 0x06, 0x1F, 0x01, 0x10, 0xDC, 0x01,
720 0x04, 0x09, 0x26, 0xDC, 0x5F, 0xDC, 0x85, 0x2C, 0x01, 0x00, 0xA0, 0x0F,
721 0x06, 0x0A, 0x26, 0x1E, 0x26, 0xDE, 0x84, 0x44, 0xD8, 0x5C, 0x04, 0x72,
722 0x60, 0x04, 0x01, 0x25, 0x02, 0x01, 0x58, 0x05, 0x11, 0x01, 0x15, 0xDC,
723 0x02, 0x01, 0x26, 0xDC, 0x26, 0x06, 0x06, 0x5D, 0x01, 0x00, 0xDE, 0x04,
724 0x77, 0x25, 0x00, 0x00, 0x01, 0x10, 0xDE, 0x79, 0x2C, 0x26, 0xCC, 0x06,
725 0x0C, 0xAB, 0x23, 0x26, 0x5E, 0xDD, 0x26, 0xDC, 0x84, 0x44, 0xD8, 0x04,
726 0x0D, 0x26, 0xCA, 0x44, 0xAB, 0x22, 0x26, 0x5C, 0xDD, 0x26, 0xDE, 0x84,
727 0x44, 0xD8, 0x00, 0x00, 0x9C, 0x01, 0x14, 0xDE, 0x01, 0x0C, 0xDD, 0x84,
728 0x01, 0x0C, 0xD8, 0x00, 0x00, 0x51, 0x26, 0x01, 0x00, 0x0E, 0x06, 0x02,
729 0x60, 0x00, 0xCE, 0x25, 0x04, 0x73, 0x00, 0x26, 0xDC, 0xD8, 0x00, 0x00,
730 0x26, 0xDE, 0xD8, 0x00, 0x01, 0x03, 0x00, 0x41, 0x25, 0x26, 0x01, 0x10,
731 0x17, 0x06, 0x06, 0x01, 0x04, 0xDE, 0x02, 0x00, 0xDE, 0x26, 0x01, 0x08,
732 0x17, 0x06, 0x06, 0x01, 0x03, 0xDE, 0x02, 0x00, 0xDE, 0x26, 0x01, 0x20,
733 0x17, 0x06, 0x06, 0x01, 0x05, 0xDE, 0x02, 0x00, 0xDE, 0x26, 0x01, 0x80,
734 0x40, 0x17, 0x06, 0x06, 0x01, 0x06, 0xDE, 0x02, 0x00, 0xDE, 0x01, 0x04,
735 0x17, 0x06, 0x06, 0x01, 0x02, 0xDE, 0x02, 0x00, 0xDE, 0x00, 0x00, 0x26,
736 0x01, 0x08, 0x4F, 0xDE, 0xDE, 0x00, 0x00, 0x26, 0x01, 0x10, 0x4F, 0xDE,
737 0xDC, 0x00, 0x00, 0x26, 0x52, 0x06, 0x02, 0x25, 0x00, 0xCE, 0x25, 0x04,
738 0x76
739 };
740
741 static const uint16_t t0_caddr[] = {
742 0,
743 5,
744 10,
745 15,
746 20,
747 25,
748 30,
749 35,
750 40,
751 44,
752 48,
753 52,
754 56,
755 60,
756 64,
757 68,
758 72,
759 76,
760 80,
761 84,
762 88,
763 92,
764 96,
765 100,
766 104,
767 108,
768 112,
769 116,
770 120,
771 124,
772 129,
773 134,
774 139,
775 144,
776 149,
777 154,
778 159,
779 164,
780 169,
781 174,
782 179,
783 184,
784 189,
785 194,
786 199,
787 204,
788 209,
789 214,
790 219,
791 224,
792 229,
793 234,
794 239,
795 244,
796 249,
797 254,
798 259,
799 264,
800 269,
801 274,
802 279,
803 284,
804 289,
805 294,
806 303,
807 316,
808 320,
809 345,
810 351,
811 370,
812 381,
813 422,
814 542,
815 546,
816 611,
817 626,
818 637,
819 655,
820 684,
821 694,
822 730,
823 740,
824 818,
825 832,
826 838,
827 897,
828 916,
829 951,
830 1000,
831 1076,
832 1103,
833 1134,
834 1145,
835 1497,
836 1644,
837 1668,
838 1884,
839 1898,
840 1907,
841 1911,
842 2006,
843 2027,
844 2083,
845 2090,
846 2101,
847 2117,
848 2123,
849 2134,
850 2169,
851 2181,
852 2187,
853 2202,
854 2218,
855 2411,
856 2420,
857 2433,
858 2442,
859 2449,
860 2459,
861 2565,
862 2590,
863 2603,
864 2619,
865 2637,
866 2669,
867 2703,
868 3071,
869 3107,
870 3120,
871 3134,
872 3139,
873 3144,
874 3210,
875 3218,
876 3226
877 };
878
879 #define T0_INTERPRETED 88
880
881 #define T0_ENTER(ip, rp, slot) do { \
882 const unsigned char *t0_newip; \
883 uint32_t t0_lnum; \
884 t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \
885 t0_lnum = t0_parse7E_unsigned(&t0_newip); \
886 (rp) += t0_lnum; \
887 *((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \
888 (ip) = t0_newip; \
889 } while (0)
890
891 #define T0_DEFENTRY(name, slot) \
892 void \
893 name(void *ctx) \
894 { \
895 t0_context *t0ctx = ctx; \
896 t0ctx->ip = &t0_codeblock[0]; \
897 T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \
898 }
899
900 T0_DEFENTRY(br_ssl_hs_client_init_main, 169)
901
902 #define T0_NEXT(t0ipp) (*(*(t0ipp)) ++)
903
904 void
905 br_ssl_hs_client_run(void *t0ctx)
906 {
907 uint32_t *dp, *rp;
908 const unsigned char *ip;
909
910 #define T0_LOCAL(x) (*(rp - 2 - (x)))
911 #define T0_POP() (*-- dp)
912 #define T0_POPi() (*(int32_t *)(-- dp))
913 #define T0_PEEK(x) (*(dp - 1 - (x)))
914 #define T0_PEEKi(x) (*(int32_t *)(dp - 1 - (x)))
915 #define T0_PUSH(v) do { *dp = (v); dp ++; } while (0)
916 #define T0_PUSHi(v) do { *(int32_t *)dp = (v); dp ++; } while (0)
917 #define T0_RPOP() (*-- rp)
918 #define T0_RPOPi() (*(int32_t *)(-- rp))
919 #define T0_RPUSH(v) do { *rp = (v); rp ++; } while (0)
920 #define T0_RPUSHi(v) do { *(int32_t *)rp = (v); rp ++; } while (0)
921 #define T0_ROLL(x) do { \
922 size_t t0len = (size_t)(x); \
923 uint32_t t0tmp = *(dp - 1 - t0len); \
924 memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \
925 *(dp - 1) = t0tmp; \
926 } while (0)
927 #define T0_SWAP() do { \
928 uint32_t t0tmp = *(dp - 2); \
929 *(dp - 2) = *(dp - 1); \
930 *(dp - 1) = t0tmp; \
931 } while (0)
932 #define T0_ROT() do { \
933 uint32_t t0tmp = *(dp - 3); \
934 *(dp - 3) = *(dp - 2); \
935 *(dp - 2) = *(dp - 1); \
936 *(dp - 1) = t0tmp; \
937 } while (0)
938 #define T0_NROT() do { \
939 uint32_t t0tmp = *(dp - 1); \
940 *(dp - 1) = *(dp - 2); \
941 *(dp - 2) = *(dp - 3); \
942 *(dp - 3) = t0tmp; \
943 } while (0)
944 #define T0_PICK(x) do { \
945 uint32_t t0depth = (x); \
946 T0_PUSH(T0_PEEK(t0depth)); \
947 } while (0)
948 #define T0_CO() do { \
949 goto t0_exit; \
950 } while (0)
951 #define T0_RET() goto t0_next
952
953 dp = ((t0_context *)t0ctx)->dp;
954 rp = ((t0_context *)t0ctx)->rp;
955 ip = ((t0_context *)t0ctx)->ip;
956 goto t0_next;
957 for (;;) {
958 uint32_t t0x;
959
960 t0_next:
961 t0x = T0_NEXT(&ip);
962 if (t0x < T0_INTERPRETED) {
963 switch (t0x) {
964 int32_t t0off;
965
966 case 0: /* ret */
967 t0x = T0_RPOP();
968 rp -= (t0x >> 16);
969 t0x &= 0xFFFF;
970 if (t0x == 0) {
971 ip = NULL;
972 goto t0_exit;
973 }
974 ip = &t0_codeblock[t0x];
975 break;
976 case 1: /* literal constant */
977 T0_PUSHi(t0_parse7E_signed(&ip));
978 break;
979 case 2: /* read local */
980 T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip)));
981 break;
982 case 3: /* write local */
983 T0_LOCAL(t0_parse7E_unsigned(&ip)) = T0_POP();
984 break;
985 case 4: /* jump */
986 t0off = t0_parse7E_signed(&ip);
987 ip += t0off;
988 break;
989 case 5: /* jump if */
990 t0off = t0_parse7E_signed(&ip);
991 if (T0_POP()) {
992 ip += t0off;
993 }
994 break;
995 case 6: /* jump if not */
996 t0off = t0_parse7E_signed(&ip);
997 if (!T0_POP()) {
998 ip += t0off;
999 }
1000 break;
1001 case 7: {
1002 /* * */
1003
1004 uint32_t b = T0_POP();
1005 uint32_t a = T0_POP();
1006 T0_PUSH(a * b);
1007
1008 }
1009 break;
1010 case 8: {
1011 /* + */
1012
1013 uint32_t b = T0_POP();
1014 uint32_t a = T0_POP();
1015 T0_PUSH(a + b);
1016
1017 }
1018 break;
1019 case 9: {
1020 /* - */
1021
1022 uint32_t b = T0_POP();
1023 uint32_t a = T0_POP();
1024 T0_PUSH(a - b);
1025
1026 }
1027 break;
1028 case 10: {
1029 /* < */
1030
1031 int32_t b = T0_POPi();
1032 int32_t a = T0_POPi();
1033 T0_PUSH(-(uint32_t)(a < b));
1034
1035 }
1036 break;
1037 case 11: {
1038 /* << */
1039
1040 int c = (int)T0_POPi();
1041 uint32_t x = T0_POP();
1042 T0_PUSH(x << c);
1043
1044 }
1045 break;
1046 case 12: {
1047 /* <= */
1048
1049 int32_t b = T0_POPi();
1050 int32_t a = T0_POPi();
1051 T0_PUSH(-(uint32_t)(a <= b));
1052
1053 }
1054 break;
1055 case 13: {
1056 /* <> */
1057
1058 uint32_t b = T0_POP();
1059 uint32_t a = T0_POP();
1060 T0_PUSH(-(uint32_t)(a != b));
1061
1062 }
1063 break;
1064 case 14: {
1065 /* = */
1066
1067 uint32_t b = T0_POP();
1068 uint32_t a = T0_POP();
1069 T0_PUSH(-(uint32_t)(a == b));
1070
1071 }
1072 break;
1073 case 15: {
1074 /* > */
1075
1076 int32_t b = T0_POPi();
1077 int32_t a = T0_POPi();
1078 T0_PUSH(-(uint32_t)(a > b));
1079
1080 }
1081 break;
1082 case 16: {
1083 /* >= */
1084
1085 int32_t b = T0_POPi();
1086 int32_t a = T0_POPi();
1087 T0_PUSH(-(uint32_t)(a >= b));
1088
1089 }
1090 break;
1091 case 17: {
1092 /* >> */
1093
1094 int c = (int)T0_POPi();
1095 int32_t x = T0_POPi();
1096 T0_PUSHi(x >> c);
1097
1098 }
1099 break;
1100 case 18: {
1101 /* anchor-dn-append-name */
1102
1103 size_t len;
1104
1105 len = T0_POP();
1106 if (CTX->client_auth_vtable != NULL) {
1107 (*CTX->client_auth_vtable)->append_name(
1108 CTX->client_auth_vtable, ENG->pad, len);
1109 }
1110
1111 }
1112 break;
1113 case 19: {
1114 /* anchor-dn-end-name */
1115
1116 if (CTX->client_auth_vtable != NULL) {
1117 (*CTX->client_auth_vtable)->end_name(
1118 CTX->client_auth_vtable);
1119 }
1120
1121 }
1122 break;
1123 case 20: {
1124 /* anchor-dn-end-name-list */
1125
1126 if (CTX->client_auth_vtable != NULL) {
1127 (*CTX->client_auth_vtable)->end_name_list(
1128 CTX->client_auth_vtable);
1129 }
1130
1131 }
1132 break;
1133 case 21: {
1134 /* anchor-dn-start-name */
1135
1136 size_t len;
1137
1138 len = T0_POP();
1139 if (CTX->client_auth_vtable != NULL) {
1140 (*CTX->client_auth_vtable)->start_name(
1141 CTX->client_auth_vtable, len);
1142 }
1143
1144 }
1145 break;
1146 case 22: {
1147 /* anchor-dn-start-name-list */
1148
1149 if (CTX->client_auth_vtable != NULL) {
1150 (*CTX->client_auth_vtable)->start_name_list(
1151 CTX->client_auth_vtable);
1152 }
1153
1154 }
1155 break;
1156 case 23: {
1157 /* and */
1158
1159 uint32_t b = T0_POP();
1160 uint32_t a = T0_POP();
1161 T0_PUSH(a & b);
1162
1163 }
1164 break;
1165 case 24: {
1166 /* begin-cert */
1167
1168 if (ENG->chain_len == 0) {
1169 T0_PUSHi(-1);
1170 } else {
1171 ENG->cert_cur = ENG->chain->data;
1172 ENG->cert_len = ENG->chain->data_len;
1173 ENG->chain ++;
1174 ENG->chain_len --;
1175 T0_PUSH(ENG->cert_len);
1176 }
1177
1178 }
1179 break;
1180 case 25: {
1181 /* bzero */
1182
1183 size_t len = (size_t)T0_POP();
1184 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
1185 memset(addr, 0, len);
1186
1187 }
1188 break;
1189 case 26: {
1190 /* can-output? */
1191
1192 T0_PUSHi(-(ENG->hlen_out > 0));
1193
1194 }
1195 break;
1196 case 27: {
1197 /* co */
1198 T0_CO();
1199 }
1200 break;
1201 case 28: {
1202 /* compute-Finished-inner */
1203
1204 int prf_id = T0_POP();
1205 int from_client = T0_POPi();
1206 unsigned char tmp[48];
1207 br_tls_prf_seed_chunk seed;
1208
1209 br_tls_prf_impl prf = br_ssl_engine_get_PRF(ENG, prf_id);
1210 seed.data = tmp;
1211 if (ENG->session.version >= BR_TLS12) {
1212 seed.len = br_multihash_out(&ENG->mhash, prf_id, tmp);
1213 } else {
1214 br_multihash_out(&ENG->mhash, br_md5_ID, tmp);
1215 br_multihash_out(&ENG->mhash, br_sha1_ID, tmp + 16);
1216 seed.len = 36;
1217 }
1218 prf(ENG->pad, 12, ENG->session.master_secret,
1219 sizeof ENG->session.master_secret,
1220 from_client ? "client finished" : "server finished",
1221 1, &seed);
1222
1223 }
1224 break;
1225 case 29: {
1226 /* copy-cert-chunk */
1227
1228 size_t clen;
1229
1230 clen = ENG->cert_len;
1231 if (clen > sizeof ENG->pad) {
1232 clen = sizeof ENG->pad;
1233 }
1234 memcpy(ENG->pad, ENG->cert_cur, clen);
1235 ENG->cert_cur += clen;
1236 ENG->cert_len -= clen;
1237 T0_PUSH(clen);
1238
1239 }
1240 break;
1241 case 30: {
1242 /* copy-protocol-name */
1243
1244 size_t idx = T0_POP();
1245 size_t len = strlen(ENG->protocol_names[idx]);
1246 memcpy(ENG->pad, ENG->protocol_names[idx], len);
1247 T0_PUSH(len);
1248
1249 }
1250 break;
1251 case 31: {
1252 /* data-get8 */
1253
1254 size_t addr = T0_POP();
1255 T0_PUSH(t0_datablock[addr]);
1256
1257 }
1258 break;
1259 case 32: {
1260 /* discard-input */
1261
1262 ENG->hlen_in = 0;
1263
1264 }
1265 break;
1266 case 33: {
1267 /* do-client-sign */
1268
1269 size_t sig_len;
1270
1271 sig_len = make_client_sign(CTX);
1272 if (sig_len == 0) {
1273 br_ssl_engine_fail(ENG, BR_ERR_INVALID_ALGORITHM);
1274 T0_CO();
1275 }
1276 T0_PUSH(sig_len);
1277
1278 }
1279 break;
1280 case 34: {
1281 /* do-ecdh */
1282
1283 unsigned prf_id = T0_POP();
1284 unsigned ecdhe = T0_POP();
1285 int x;
1286
1287 x = make_pms_ecdh(CTX, ecdhe, prf_id);
1288 if (x < 0) {
1289 br_ssl_engine_fail(ENG, -x);
1290 T0_CO();
1291 } else {
1292 T0_PUSH(x);
1293 }
1294
1295 }
1296 break;
1297 case 35: {
1298 /* do-rsa-encrypt */
1299
1300 int x;
1301
1302 x = make_pms_rsa(CTX, T0_POP());
1303 if (x < 0) {
1304 br_ssl_engine_fail(ENG, -x);
1305 T0_CO();
1306 } else {
1307 T0_PUSH(x);
1308 }
1309
1310 }
1311 break;
1312 case 36: {
1313 /* do-static-ecdh */
1314
1315 unsigned prf_id = T0_POP();
1316
1317 if (make_pms_static_ecdh(CTX, prf_id) < 0) {
1318 br_ssl_engine_fail(ENG, BR_ERR_INVALID_ALGORITHM);
1319 T0_CO();
1320 }
1321
1322 }
1323 break;
1324 case 37: {
1325 /* drop */
1326 (void)T0_POP();
1327 }
1328 break;
1329 case 38: {
1330 /* dup */
1331 T0_PUSH(T0_PEEK(0));
1332 }
1333 break;
1334 case 39: {
1335 /* ext-ALPN-length */
1336
1337 size_t u, len;
1338
1339 if (ENG->protocol_names_num == 0) {
1340 T0_PUSH(0);
1341 T0_RET();
1342 }
1343 len = 6;
1344 for (u = 0; u < ENG->protocol_names_num; u ++) {
1345 len += 1 + strlen(ENG->protocol_names[u]);
1346 }
1347 T0_PUSH(len);
1348
1349 }
1350 break;
1351 case 40: {
1352 /* fail */
1353
1354 br_ssl_engine_fail(ENG, (int)T0_POPi());
1355 T0_CO();
1356
1357 }
1358 break;
1359 case 41: {
1360 /* flush-record */
1361
1362 br_ssl_engine_flush_record(ENG);
1363
1364 }
1365 break;
1366 case 42: {
1367 /* get-client-chain */
1368
1369 uint32_t auth_types;
1370
1371 auth_types = T0_POP();
1372 if (CTX->client_auth_vtable != NULL) {
1373 br_ssl_client_certificate ux;
1374
1375 (*CTX->client_auth_vtable)->choose(CTX->client_auth_vtable,
1376 CTX, auth_types, &ux);
1377 CTX->auth_type = (unsigned char)ux.auth_type;
1378 CTX->hash_id = (unsigned char)ux.hash_id;
1379 ENG->chain = ux.chain;
1380 ENG->chain_len = ux.chain_len;
1381 } else {
1382 CTX->hash_id = 0;
1383 ENG->chain_len = 0;
1384 }
1385
1386 }
1387 break;
1388 case 43: {
1389 /* get-key-type-usages */
1390
1391 const br_x509_class *xc;
1392 const br_x509_pkey *pk;
1393 unsigned usages;
1394
1395 xc = *(ENG->x509ctx);
1396 pk = xc->get_pkey(ENG->x509ctx, &usages);
1397 if (pk == NULL) {
1398 T0_PUSH(0);
1399 } else {
1400 T0_PUSH(pk->key_type | usages);
1401 }
1402
1403 }
1404 break;
1405 case 44: {
1406 /* get16 */
1407
1408 size_t addr = (size_t)T0_POP();
1409 T0_PUSH(*(uint16_t *)(void *)((unsigned char *)ENG + addr));
1410
1411 }
1412 break;
1413 case 45: {
1414 /* get32 */
1415
1416 size_t addr = (size_t)T0_POP();
1417 T0_PUSH(*(uint32_t *)(void *)((unsigned char *)ENG + addr));
1418
1419 }
1420 break;
1421 case 46: {
1422 /* get8 */
1423
1424 size_t addr = (size_t)T0_POP();
1425 T0_PUSH(*((unsigned char *)ENG + addr));
1426
1427 }
1428 break;
1429 case 47: {
1430 /* has-input? */
1431
1432 T0_PUSHi(-(ENG->hlen_in != 0));
1433
1434 }
1435 break;
1436 case 48: {
1437 /* memcmp */
1438
1439 size_t len = (size_t)T0_POP();
1440 void *addr2 = (unsigned char *)ENG + (size_t)T0_POP();
1441 void *addr1 = (unsigned char *)ENG + (size_t)T0_POP();
1442 int x = memcmp(addr1, addr2, len);
1443 T0_PUSH((uint32_t)-(x == 0));
1444
1445 }
1446 break;
1447 case 49: {
1448 /* memcpy */
1449
1450 size_t len = (size_t)T0_POP();
1451 void *src = (unsigned char *)ENG + (size_t)T0_POP();
1452 void *dst = (unsigned char *)ENG + (size_t)T0_POP();
1453 memcpy(dst, src, len);
1454
1455 }
1456 break;
1457 case 50: {
1458 /* mkrand */
1459
1460 size_t len = (size_t)T0_POP();
1461 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
1462 br_hmac_drbg_generate(&ENG->rng, addr, len);
1463
1464 }
1465 break;
1466 case 51: {
1467 /* more-incoming-bytes? */
1468
1469 T0_PUSHi(ENG->hlen_in != 0 || !br_ssl_engine_recvrec_finished(ENG));
1470
1471 }
1472 break;
1473 case 52: {
1474 /* multihash-init */
1475
1476 br_multihash_init(&ENG->mhash);
1477
1478 }
1479 break;
1480 case 53: {
1481 /* neg */
1482
1483 uint32_t a = T0_POP();
1484 T0_PUSH(-a);
1485
1486 }
1487 break;
1488 case 54: {
1489 /* not */
1490
1491 uint32_t a = T0_POP();
1492 T0_PUSH(~a);
1493
1494 }
1495 break;
1496 case 55: {
1497 /* or */
1498
1499 uint32_t b = T0_POP();
1500 uint32_t a = T0_POP();
1501 T0_PUSH(a | b);
1502
1503 }
1504 break;
1505 case 56: {
1506 /* over */
1507 T0_PUSH(T0_PEEK(1));
1508 }
1509 break;
1510 case 57: {
1511 /* read-chunk-native */
1512
1513 size_t clen = ENG->hlen_in;
1514 if (clen > 0) {
1515 uint32_t addr, len;
1516
1517 len = T0_POP();
1518 addr = T0_POP();
1519 if ((size_t)len < clen) {
1520 clen = (size_t)len;
1521 }
1522 memcpy((unsigned char *)ENG + addr, ENG->hbuf_in, clen);
1523 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1524 br_multihash_update(&ENG->mhash, ENG->hbuf_in, clen);
1525 }
1526 T0_PUSH(addr + (uint32_t)clen);
1527 T0_PUSH(len - (uint32_t)clen);
1528 ENG->hbuf_in += clen;
1529 ENG->hlen_in -= clen;
1530 }
1531
1532 }
1533 break;
1534 case 58: {
1535 /* read8-native */
1536
1537 if (ENG->hlen_in > 0) {
1538 unsigned char x;
1539
1540 x = *ENG->hbuf_in ++;
1541 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1542 br_multihash_update(&ENG->mhash, &x, 1);
1543 }
1544 T0_PUSH(x);
1545 ENG->hlen_in --;
1546 } else {
1547 T0_PUSHi(-1);
1548 }
1549
1550 }
1551 break;
1552 case 59: {
1553 /* set-server-curve */
1554
1555 const br_x509_class *xc;
1556 const br_x509_pkey *pk;
1557
1558 xc = *(ENG->x509ctx);
1559 pk = xc->get_pkey(ENG->x509ctx, NULL);
1560 CTX->server_curve =
1561 (pk->key_type == BR_KEYTYPE_EC) ? pk->key.ec.curve : 0;
1562
1563 }
1564 break;
1565 case 60: {
1566 /* set16 */
1567
1568 size_t addr = (size_t)T0_POP();
1569 *(uint16_t *)(void *)((unsigned char *)ENG + addr) = (uint16_t)T0_POP();
1570
1571 }
1572 break;
1573 case 61: {
1574 /* set32 */
1575
1576 size_t addr = (size_t)T0_POP();
1577 *(uint32_t *)(void *)((unsigned char *)ENG + addr) = (uint32_t)T0_POP();
1578
1579 }
1580 break;
1581 case 62: {
1582 /* set8 */
1583
1584 size_t addr = (size_t)T0_POP();
1585 *((unsigned char *)ENG + addr) = (unsigned char)T0_POP();
1586
1587 }
1588 break;
1589 case 63: {
1590 /* strlen */
1591
1592 void *str = (unsigned char *)ENG + (size_t)T0_POP();
1593 T0_PUSH((uint32_t)strlen(str));
1594
1595 }
1596 break;
1597 case 64: {
1598 /* supported-curves */
1599
1600 uint32_t x = ENG->iec == NULL ? 0 : ENG->iec->supported_curves;
1601 T0_PUSH(x);
1602
1603 }
1604 break;
1605 case 65: {
1606 /* supported-hash-functions */
1607
1608 int i;
1609 unsigned x, num;
1610
1611 x = 0;
1612 num = 0;
1613 for (i = br_sha1_ID; i <= br_sha512_ID; i ++) {
1614 if (br_multihash_getimpl(&ENG->mhash, i)) {
1615 x |= 1U << i;
1616 num ++;
1617 }
1618 }
1619 T0_PUSH(x);
1620 T0_PUSH(num);
1621
1622 }
1623 break;
1624 case 66: {
1625 /* supports-ecdsa? */
1626
1627 T0_PUSHi(-(ENG->iecdsa != 0));
1628
1629 }
1630 break;
1631 case 67: {
1632 /* supports-rsa-sign? */
1633
1634 T0_PUSHi(-(ENG->irsavrfy != 0));
1635
1636 }
1637 break;
1638 case 68: {
1639 /* swap */
1640 T0_SWAP();
1641 }
1642 break;
1643 case 69: {
1644 /* switch-aesccm-in */
1645
1646 int is_client, prf_id;
1647 unsigned cipher_key_len, tag_len;
1648
1649 tag_len = T0_POP();
1650 cipher_key_len = T0_POP();
1651 prf_id = T0_POP();
1652 is_client = T0_POP();
1653 br_ssl_engine_switch_ccm_in(ENG, is_client, prf_id,
1654 ENG->iaes_ctrcbc, cipher_key_len, tag_len);
1655
1656 }
1657 break;
1658 case 70: {
1659 /* switch-aesccm-out */
1660
1661 int is_client, prf_id;
1662 unsigned cipher_key_len, tag_len;
1663
1664 tag_len = T0_POP();
1665 cipher_key_len = T0_POP();
1666 prf_id = T0_POP();
1667 is_client = T0_POP();
1668 br_ssl_engine_switch_ccm_out(ENG, is_client, prf_id,
1669 ENG->iaes_ctrcbc, cipher_key_len, tag_len);
1670
1671 }
1672 break;
1673 case 71: {
1674 /* switch-aesgcm-in */
1675
1676 int is_client, prf_id;
1677 unsigned cipher_key_len;
1678
1679 cipher_key_len = T0_POP();
1680 prf_id = T0_POP();
1681 is_client = T0_POP();
1682 br_ssl_engine_switch_gcm_in(ENG, is_client, prf_id,
1683 ENG->iaes_ctr, cipher_key_len);
1684
1685 }
1686 break;
1687 case 72: {
1688 /* switch-aesgcm-out */
1689
1690 int is_client, prf_id;
1691 unsigned cipher_key_len;
1692
1693 cipher_key_len = T0_POP();
1694 prf_id = T0_POP();
1695 is_client = T0_POP();
1696 br_ssl_engine_switch_gcm_out(ENG, is_client, prf_id,
1697 ENG->iaes_ctr, cipher_key_len);
1698
1699 }
1700 break;
1701 case 73: {
1702 /* switch-cbc-in */
1703
1704 int is_client, prf_id, mac_id, aes;
1705 unsigned cipher_key_len;
1706
1707 cipher_key_len = T0_POP();
1708 aes = T0_POP();
1709 mac_id = T0_POP();
1710 prf_id = T0_POP();
1711 is_client = T0_POP();
1712 br_ssl_engine_switch_cbc_in(ENG, is_client, prf_id, mac_id,
1713 aes ? ENG->iaes_cbcdec : ENG->ides_cbcdec, cipher_key_len);
1714
1715 }
1716 break;
1717 case 74: {
1718 /* switch-cbc-out */
1719
1720 int is_client, prf_id, mac_id, aes;
1721 unsigned cipher_key_len;
1722
1723 cipher_key_len = T0_POP();
1724 aes = T0_POP();
1725 mac_id = T0_POP();
1726 prf_id = T0_POP();
1727 is_client = T0_POP();
1728 br_ssl_engine_switch_cbc_out(ENG, is_client, prf_id, mac_id,
1729 aes ? ENG->iaes_cbcenc : ENG->ides_cbcenc, cipher_key_len);
1730
1731 }
1732 break;
1733 case 75: {
1734 /* switch-chapol-in */
1735
1736 int is_client, prf_id;
1737
1738 prf_id = T0_POP();
1739 is_client = T0_POP();
1740 br_ssl_engine_switch_chapol_in(ENG, is_client, prf_id);
1741
1742 }
1743 break;
1744 case 76: {
1745 /* switch-chapol-out */
1746
1747 int is_client, prf_id;
1748
1749 prf_id = T0_POP();
1750 is_client = T0_POP();
1751 br_ssl_engine_switch_chapol_out(ENG, is_client, prf_id);
1752
1753 }
1754 break;
1755 case 77: {
1756 /* test-protocol-name */
1757
1758 size_t len = T0_POP();
1759 size_t u;
1760
1761 for (u = 0; u < ENG->protocol_names_num; u ++) {
1762 const char *name;
1763
1764 name = ENG->protocol_names[u];
1765 if (len == strlen(name) && memcmp(ENG->pad, name, len) == 0) {
1766 T0_PUSH(u);
1767 T0_RET();
1768 }
1769 }
1770 T0_PUSHi(-1);
1771
1772 }
1773 break;
1774 case 78: {
1775 /* total-chain-length */
1776
1777 size_t u;
1778 uint32_t total;
1779
1780 total = 0;
1781 for (u = 0; u < ENG->chain_len; u ++) {
1782 total += 3 + (uint32_t)ENG->chain[u].data_len;
1783 }
1784 T0_PUSH(total);
1785
1786 }
1787 break;
1788 case 79: {
1789 /* u>> */
1790
1791 int c = (int)T0_POPi();
1792 uint32_t x = T0_POP();
1793 T0_PUSH(x >> c);
1794
1795 }
1796 break;
1797 case 80: {
1798 /* verify-SKE-sig */
1799
1800 size_t sig_len = T0_POP();
1801 int use_rsa = T0_POPi();
1802 int hash = T0_POPi();
1803
1804 T0_PUSH(verify_SKE_sig(CTX, hash, use_rsa, sig_len));
1805
1806 }
1807 break;
1808 case 81: {
1809 /* write-blob-chunk */
1810
1811 size_t clen = ENG->hlen_out;
1812 if (clen > 0) {
1813 uint32_t addr, len;
1814
1815 len = T0_POP();
1816 addr = T0_POP();
1817 if ((size_t)len < clen) {
1818 clen = (size_t)len;
1819 }
1820 memcpy(ENG->hbuf_out, (unsigned char *)ENG + addr, clen);
1821 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1822 br_multihash_update(&ENG->mhash, ENG->hbuf_out, clen);
1823 }
1824 T0_PUSH(addr + (uint32_t)clen);
1825 T0_PUSH(len - (uint32_t)clen);
1826 ENG->hbuf_out += clen;
1827 ENG->hlen_out -= clen;
1828 }
1829
1830 }
1831 break;
1832 case 82: {
1833 /* write8-native */
1834
1835 unsigned char x;
1836
1837 x = (unsigned char)T0_POP();
1838 if (ENG->hlen_out > 0) {
1839 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1840 br_multihash_update(&ENG->mhash, &x, 1);
1841 }
1842 *ENG->hbuf_out ++ = x;
1843 ENG->hlen_out --;
1844 T0_PUSHi(-1);
1845 } else {
1846 T0_PUSHi(0);
1847 }
1848
1849 }
1850 break;
1851 case 83: {
1852 /* x509-append */
1853
1854 const br_x509_class *xc;
1855 size_t len;
1856
1857 xc = *(ENG->x509ctx);
1858 len = T0_POP();
1859 xc->append(ENG->x509ctx, ENG->pad, len);
1860
1861 }
1862 break;
1863 case 84: {
1864 /* x509-end-cert */
1865
1866 const br_x509_class *xc;
1867
1868 xc = *(ENG->x509ctx);
1869 xc->end_cert(ENG->x509ctx);
1870
1871 }
1872 break;
1873 case 85: {
1874 /* x509-end-chain */
1875
1876 const br_x509_class *xc;
1877
1878 xc = *(ENG->x509ctx);
1879 T0_PUSH(xc->end_chain(ENG->x509ctx));
1880
1881 }
1882 break;
1883 case 86: {
1884 /* x509-start-cert */
1885
1886 const br_x509_class *xc;
1887
1888 xc = *(ENG->x509ctx);
1889 xc->start_cert(ENG->x509ctx, T0_POP());
1890
1891 }
1892 break;
1893 case 87: {
1894 /* x509-start-chain */
1895
1896 const br_x509_class *xc;
1897 uint32_t bc;
1898
1899 bc = T0_POP();
1900 xc = *(ENG->x509ctx);
1901 xc->start_chain(ENG->x509ctx, bc ? ENG->server_name : NULL);
1902
1903 }
1904 break;
1905 }
1906
1907 } else {
1908 T0_ENTER(ip, rp, t0x);
1909 }
1910 }
1911 t0_exit:
1912 ((t0_context *)t0ctx)->dp = dp;
1913 ((t0_context *)t0ctx)->rp = rp;
1914 ((t0_context *)t0ctx)->ip = ip;
1915 }
The BearSSL library and tools.