projects / BearSSL / blob
? search:


e1aa641d17db6560fabdac9b4740716e2b597603
[BearSSL] / src / ssl / ssl_hs_client.c
1 /* Automatically generated code; do not modify directly. */
2
3 #include <stddef.h>
4 #include <stdint.h>
5
6 typedef struct {
7 uint32_t *dp;
8 uint32_t *rp;
9 const unsigned char *ip;
10 } t0_context;
11
12 static uint32_t
13 t0_parse7E_unsigned(const unsigned char **p)
14 {
15 uint32_t x;
16
17 x = 0;
18 for (;;) {
19 unsigned y;
20
21 y = *(*p) ++;
22 x = (x << 7) | (uint32_t)(y & 0x7F);
23 if (y < 0x80) {
24 return x;
25 }
26 }
27 }
28
29 static int32_t
30 t0_parse7E_signed(const unsigned char **p)
31 {
32 int neg;
33 uint32_t x;
34
35 neg = ((**p) >> 6) & 1;
36 x = (uint32_t)-neg;
37 for (;;) {
38 unsigned y;
39
40 y = *(*p) ++;
41 x = (x << 7) | (uint32_t)(y & 0x7F);
42 if (y < 0x80) {
43 if (neg) {
44 return -(int32_t)~x - 1;
45 } else {
46 return (int32_t)x;
47 }
48 }
49 }
50 }
51
52 #define T0_VBYTE(x, n) (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) | 0x80)
53 #define T0_FBYTE(x, n) (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)
54 #define T0_SBYTE(x) (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)
55 #define T0_INT1(x) T0_FBYTE(x, 0)
56 #define T0_INT2(x) T0_VBYTE(x, 7), T0_FBYTE(x, 0)
57 #define T0_INT3(x) T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
58 #define T0_INT4(x) T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
59 #define T0_INT5(x) T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
60
61 static const uint8_t t0_datablock[];
62
63
64 void br_ssl_hs_client_init_main(void *t0ctx);
65
66 void br_ssl_hs_client_run(void *t0ctx);
67
68
69
70 #include <stddef.h>
71 #include <string.h>
72
73 #include "inner.h"
74
75 /*
76 * This macro evaluates to a pointer to the current engine context.
77 */
78 #define ENG ((br_ssl_engine_context *)((unsigned char *)t0ctx - offsetof(br_ssl_engine_context, cpu)))
79
80
81
82
83
84 /*
85 * This macro evaluates to a pointer to the client context, under that
86 * specific name. It must be noted that since the engine context is the
87 * first field of the br_ssl_client_context structure ('eng'), then
88 * pointers values of both types are interchangeable, modulo an
89 * appropriate cast. This also means that "adresses" computed as offsets
90 * within the structure work for both kinds of context.
91 */
92 #define CTX ((br_ssl_client_context *)ENG)
93
94 /*
95 * Generate the pre-master secret for RSA key exchange, and encrypt it
96 * with the server's public key. Returned value is either the encrypted
97 * data length (in bytes), or -x on error, with 'x' being an error code.
98 *
99 * This code assumes that the public key has been already verified (it
100 * was properly obtained by the X.509 engine, and it has the right type,
101 * i.e. it is of type RSA and suitable for encryption).
102 */
103 static int
104 make_pms_rsa(br_ssl_client_context *ctx, int prf_id)
105 {
106 const br_x509_class **xc;
107 const br_x509_pkey *pk;
108 const unsigned char *n;
109 unsigned char *pms;
110 size_t nlen, u;
111
112 xc = ctx->eng.x509ctx;
113 pk = (*xc)->get_pkey(xc, NULL);
114
115 /*
116 * Compute actual RSA key length, in case there are leading zeros.
117 */
118 n = pk->key.rsa.n;
119 nlen = pk->key.rsa.nlen;
120 while (nlen > 0 && *n == 0) {
121 n ++;
122 nlen --;
123 }
124
125 /*
126 * We need at least 59 bytes (48 bytes for pre-master secret, and
127 * 11 bytes for the PKCS#1 type 2 padding). Note that the X.509
128 * minimal engine normally blocks RSA keys shorter than 128 bytes,
129 * so this is mostly for public keys provided explicitly by the
130 * caller.
131 */
132 if (nlen < 59) {
133 return -BR_ERR_X509_WEAK_PUBLIC_KEY;
134 }
135 if (nlen > sizeof ctx->eng.pad) {
136 return -BR_ERR_LIMIT_EXCEEDED;
137 }
138
139 /*
140 * Make PMS.
141 */
142 pms = ctx->eng.pad + nlen - 48;
143 br_enc16be(pms, ctx->eng.version_max);
144 br_hmac_drbg_generate(&ctx->eng.rng, pms + 2, 46);
145 br_ssl_engine_compute_master(&ctx->eng, prf_id, pms, 48);
146
147 /*
148 * Apply PKCS#1 type 2 padding.
149 */
150 ctx->eng.pad[0] = 0x00;
151 ctx->eng.pad[1] = 0x02;
152 ctx->eng.pad[nlen - 49] = 0x00;
153 br_hmac_drbg_generate(&ctx->eng.rng, ctx->eng.pad + 2, nlen - 51);
154 for (u = 2; u < nlen - 49; u ++) {
155 while (ctx->eng.pad[u] == 0) {
156 br_hmac_drbg_generate(&ctx->eng.rng,
157 &ctx->eng.pad[u], 1);
158 }
159 }
160
161 /*
162 * Compute RSA encryption.
163 */
164 if (!ctx->irsapub(ctx->eng.pad, nlen, &pk->key.rsa)) {
165 return -BR_ERR_LIMIT_EXCEEDED;
166 }
167 return (int)nlen;
168 }
169
170 /*
171 * OID for hash functions in RSA signatures.
172 */
173 static const unsigned char HASH_OID_SHA1[] = {
174 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A
175 };
176
177 static const unsigned char HASH_OID_SHA224[] = {
178 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04
179 };
180
181 static const unsigned char HASH_OID_SHA256[] = {
182 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01
183 };
184
185 static const unsigned char HASH_OID_SHA384[] = {
186 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02
187 };
188
189 static const unsigned char HASH_OID_SHA512[] = {
190 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03
191 };
192
193 static const unsigned char *HASH_OID[] = {
194 HASH_OID_SHA1,
195 HASH_OID_SHA224,
196 HASH_OID_SHA256,
197 HASH_OID_SHA384,
198 HASH_OID_SHA512
199 };
200
201 /*
202 * Check the RSA signature on the ServerKeyExchange message.
203 *
204 * hash hash function ID (2 to 6), or 0 for MD5+SHA-1 (with RSA only)
205 * use_rsa non-zero for RSA signature, zero for ECDSA
206 * sig_len signature length (in bytes); signature value is in the pad
207 *
208 * Returned value is 0 on success, or an error code.
209 */
210 static int
211 verify_SKE_sig(br_ssl_client_context *ctx,
212 int hash, int use_rsa, size_t sig_len)
213 {
214 const br_x509_class **xc;
215 const br_x509_pkey *pk;
216 br_multihash_context mhc;
217 unsigned char hv[64], head[4];
218 size_t hv_len;
219
220 xc = ctx->eng.x509ctx;
221 pk = (*xc)->get_pkey(xc, NULL);
222 br_multihash_zero(&mhc);
223 br_multihash_copyimpl(&mhc, &ctx->eng.mhash);
224 br_multihash_init(&mhc);
225 br_multihash_update(&mhc,
226 ctx->eng.client_random, sizeof ctx->eng.client_random);
227 br_multihash_update(&mhc,
228 ctx->eng.server_random, sizeof ctx->eng.server_random);
229 head[0] = 3;
230 head[1] = 0;
231 head[2] = ctx->eng.ecdhe_curve;
232 head[3] = ctx->eng.ecdhe_point_len;
233 br_multihash_update(&mhc, head, sizeof head);
234 br_multihash_update(&mhc,
235 ctx->eng.ecdhe_point, ctx->eng.ecdhe_point_len);
236 if (hash) {
237 hv_len = br_multihash_out(&mhc, hash, hv);
238 if (hv_len == 0) {
239 return BR_ERR_INVALID_ALGORITHM;
240 }
241 } else {
242 if (!br_multihash_out(&mhc, br_md5_ID, hv)
243 || !br_multihash_out(&mhc, br_sha1_ID, hv + 16))
244 {
245 return BR_ERR_INVALID_ALGORITHM;
246 }
247 hv_len = 36;
248 }
249 if (use_rsa) {
250 unsigned char tmp[64];
251 const unsigned char *hash_oid;
252
253 if (hash) {
254 hash_oid = HASH_OID[hash - 2];
255 } else {
256 hash_oid = NULL;
257 }
258 if (!ctx->eng.irsavrfy(ctx->eng.pad, sig_len,
259 hash_oid, hv_len, &pk->key.rsa, tmp)
260 || memcmp(tmp, hv, hv_len) != 0)
261 {
262 return BR_ERR_BAD_SIGNATURE;
263 }
264 } else {
265 if (!ctx->eng.iecdsa(ctx->eng.iec, hv, hv_len, &pk->key.ec,
266 ctx->eng.pad, sig_len))
267 {
268 return BR_ERR_BAD_SIGNATURE;
269 }
270 }
271 return 0;
272 }
273
274 /*
275 * Perform client-side ECDH (or ECDHE). The point that should be sent to
276 * the server is written in the pad; returned value is either the point
277 * length (in bytes), or -x on error, with 'x' being an error code.
278 *
279 * The point _from_ the server is taken from ecdhe_point[] if 'ecdhe'
280 * is non-zero, or from the X.509 engine context if 'ecdhe' is zero
281 * (for static ECDH).
282 */
283 static int
284 make_pms_ecdh(br_ssl_client_context *ctx, unsigned ecdhe, int prf_id)
285 {
286 int curve;
287 unsigned char key[66], point[133];
288 const unsigned char *generator, *order, *point_src;
289 size_t glen, olen, point_len;
290 unsigned char mask;
291
292 if (ecdhe) {
293 curve = ctx->eng.ecdhe_curve;
294 point_src = ctx->eng.ecdhe_point;
295 point_len = ctx->eng.ecdhe_point_len;
296 } else {
297 const br_x509_class **xc;
298 const br_x509_pkey *pk;
299
300 xc = ctx->eng.x509ctx;
301 pk = (*xc)->get_pkey(xc, NULL);
302 curve = pk->key.ec.curve;
303 point_src = pk->key.ec.q;
304 point_len = pk->key.ec.qlen;
305 }
306 if ((ctx->eng.iec->supported_curves & ((uint32_t)1 << curve)) == 0) {
307 return -BR_ERR_INVALID_ALGORITHM;
308 }
309
310 /*
311 * We need to generate our key, as a non-zero random value which
312 * is lower than the curve order, in a "large enough" range. We
313 * force top bit to 0 and bottom bit to 1, which guarantees that
314 * the value is in the proper range.
315 */
316 order = ctx->eng.iec->order(curve, &olen);
317 mask = 0xFF;
318 while (mask >= order[0]) {
319 mask >>= 1;
320 }
321 br_hmac_drbg_generate(&ctx->eng.rng, key, olen);
322 key[0] &= mask;
323 key[olen - 1] |= 0x01;
324
325 /*
326 * Compute the common ECDH point, whose X coordinate is the
327 * pre-master secret.
328 */
329 generator = ctx->eng.iec->generator(curve, &glen);
330 if (glen != point_len) {
331 return -BR_ERR_INVALID_ALGORITHM;
332 }
333
334 memcpy(point, point_src, glen);
335 if (!ctx->eng.iec->mul(point, glen, key, olen, curve)) {
336 return -BR_ERR_INVALID_ALGORITHM;
337 }
338
339 /*
340 * The pre-master secret is the X coordinate.
341 */
342 br_ssl_engine_compute_master(&ctx->eng, prf_id, point + 1, glen >> 1);
343
344 ctx->eng.iec->mulgen(point, key, olen, curve);
345 memcpy(ctx->eng.pad, point, glen);
346 return (int)glen;
347 }
348
349 /*
350 * Perform full static ECDH. This occurs only in the context of client
351 * authentication with certificates: the server uses an EC public key,
352 * the cipher suite is of type ECDH (not ECDHE), the server requested a
353 * client certificate and accepts static ECDH, the client has a
354 * certificate with an EC public key in the same curve, and accepts
355 * static ECDH as well.
356 *
357 * Returned value is 0 on success, -1 on error.
358 */
359 static int
360 make_pms_static_ecdh(br_ssl_client_context *ctx, int prf_id)
361 {
362 unsigned char point[133];
363 size_t point_len;
364 const br_x509_class **xc;
365 const br_x509_pkey *pk;
366
367 xc = ctx->eng.x509ctx;
368 pk = (*xc)->get_pkey(xc, NULL);
369 point_len = pk->key.ec.qlen;
370 if (point_len > sizeof point) {
371 return -1;
372 }
373 memcpy(point, pk->key.ec.q, point_len);
374 if (!(*ctx->client_auth_vtable)->do_keyx(
375 ctx->client_auth_vtable, point, point_len))
376 {
377 return -1;
378 }
379 br_ssl_engine_compute_master(&ctx->eng,
380 prf_id, point + 1, point_len >> 1);
381 return 0;
382 }
383
384 /*
385 * Compute the client-side signature. This is invoked only when a
386 * signature-based client authentication was selected. The computed
387 * signature is in the pad; its length (in bytes) is returned. On
388 * error, 0 is returned.
389 */
390 static size_t
391 make_client_sign(br_ssl_client_context *ctx)
392 {
393 size_t hv_len;
394
395 /*
396 * Compute hash of handshake messages so far. This "cannot" fail
397 * because the list of supported hash functions provided to the
398 * client certificate handler was trimmed to include only the
399 * hash functions that the multi-hasher supports.
400 */
401 if (ctx->hash_id) {
402 hv_len = br_multihash_out(&ctx->eng.mhash,
403 ctx->hash_id, ctx->eng.pad);
404 } else {
405 br_multihash_out(&ctx->eng.mhash,
406 br_md5_ID, ctx->eng.pad);
407 br_multihash_out(&ctx->eng.mhash,
408 br_sha1_ID, ctx->eng.pad + 16);
409 hv_len = 36;
410 }
411 return (*ctx->client_auth_vtable)->do_sign(
412 ctx->client_auth_vtable, ctx->hash_id, hv_len,
413 ctx->eng.pad, sizeof ctx->eng.pad);
414 }
415
416
417
418 static const uint8_t t0_datablock[] = {
419 0x00, 0x00, 0x0A, 0x00, 0x24, 0x00, 0x2F, 0x01, 0x24, 0x00, 0x35, 0x02,
420 0x24, 0x00, 0x3C, 0x01, 0x44, 0x00, 0x3D, 0x02, 0x44, 0x00, 0x9C, 0x03,
421 0x04, 0x00, 0x9D, 0x04, 0x05, 0xC0, 0x03, 0x40, 0x24, 0xC0, 0x04, 0x41,
422 0x24, 0xC0, 0x05, 0x42, 0x24, 0xC0, 0x08, 0x20, 0x24, 0xC0, 0x09, 0x21,
423 0x24, 0xC0, 0x0A, 0x22, 0x24, 0xC0, 0x0D, 0x30, 0x24, 0xC0, 0x0E, 0x31,
424 0x24, 0xC0, 0x0F, 0x32, 0x24, 0xC0, 0x12, 0x10, 0x24, 0xC0, 0x13, 0x11,
425 0x24, 0xC0, 0x14, 0x12, 0x24, 0xC0, 0x23, 0x21, 0x44, 0xC0, 0x24, 0x22,
426 0x55, 0xC0, 0x25, 0x41, 0x44, 0xC0, 0x26, 0x42, 0x55, 0xC0, 0x27, 0x11,
427 0x44, 0xC0, 0x28, 0x12, 0x55, 0xC0, 0x29, 0x31, 0x44, 0xC0, 0x2A, 0x32,
428 0x55, 0xC0, 0x2B, 0x23, 0x04, 0xC0, 0x2C, 0x24, 0x05, 0xC0, 0x2D, 0x43,
429 0x04, 0xC0, 0x2E, 0x44, 0x05, 0xC0, 0x2F, 0x13, 0x04, 0xC0, 0x30, 0x14,
430 0x05, 0xC0, 0x31, 0x33, 0x04, 0xC0, 0x32, 0x34, 0x05, 0xCC, 0xA8, 0x15,
431 0x04, 0xCC, 0xA9, 0x25, 0x04, 0x00, 0x00
432 };
433
434 static const uint8_t t0_codeblock[] = {
435 0x00, 0x01, 0x00, 0x0A, 0x00, 0x00, 0x01, 0x00, 0x0D, 0x00, 0x00, 0x01,
436 0x00, 0x0E, 0x00, 0x00, 0x01, 0x00, 0x0F, 0x00, 0x00, 0x01, 0x01, 0x08,
437 0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x02, 0x08, 0x00, 0x00,
438 0x01, 0x02, 0x09, 0x00, 0x00, 0x25, 0x25, 0x00, 0x00, 0x01,
439 T0_INT1(BR_ERR_BAD_CCS), 0x00, 0x00, 0x01,
440 T0_INT1(BR_ERR_BAD_CIPHER_SUITE), 0x00, 0x00, 0x01,
441 T0_INT1(BR_ERR_BAD_COMPRESSION), 0x00, 0x00, 0x01,
442 T0_INT1(BR_ERR_BAD_FINISHED), 0x00, 0x00, 0x01,
443 T0_INT1(BR_ERR_BAD_FRAGLEN), 0x00, 0x00, 0x01,
444 T0_INT1(BR_ERR_BAD_HANDSHAKE), 0x00, 0x00, 0x01,
445 T0_INT1(BR_ERR_BAD_HELLO_DONE), 0x00, 0x00, 0x01,
446 T0_INT1(BR_ERR_BAD_PARAM), 0x00, 0x00, 0x01,
447 T0_INT1(BR_ERR_BAD_SECRENEG), 0x00, 0x00, 0x01,
448 T0_INT1(BR_ERR_BAD_SNI), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_BAD_VERSION),
449 0x00, 0x00, 0x01, T0_INT1(BR_ERR_EXTRA_EXTENSION), 0x00, 0x00, 0x01,
450 T0_INT1(BR_ERR_INVALID_ALGORITHM), 0x00, 0x00, 0x01,
451 T0_INT1(BR_ERR_LIMIT_EXCEEDED), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OK),
452 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OVERSIZED_ID), 0x00, 0x00, 0x01,
453 T0_INT1(BR_ERR_RESUME_MISMATCH), 0x00, 0x00, 0x01,
454 T0_INT1(BR_ERR_UNEXPECTED), 0x00, 0x00, 0x01,
455 T0_INT1(BR_ERR_UNSUPPORTED_VERSION), 0x00, 0x00, 0x01,
456 T0_INT1(BR_ERR_WRONG_KEY_USAGE), 0x00, 0x00, 0x01,
457 T0_INT2(offsetof(br_ssl_engine_context, action)), 0x00, 0x00, 0x01,
458 T0_INT2(offsetof(br_ssl_engine_context, alert)), 0x00, 0x00, 0x01,
459 T0_INT2(offsetof(br_ssl_engine_context, application_data)), 0x00, 0x00,
460 0x01, T0_INT2(offsetof(br_ssl_client_context, auth_type)), 0x00, 0x00,
461 0x01,
462 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, cipher_suite)),
463 0x00, 0x00, 0x01,
464 T0_INT2(offsetof(br_ssl_engine_context, client_random)), 0x00, 0x00,
465 0x01, T0_INT2(offsetof(br_ssl_engine_context, close_received)), 0x00,
466 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_curve)),
467 0x00, 0x00, 0x01,
468 T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point)), 0x00, 0x00,
469 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point_len)), 0x00,
470 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, flags)), 0x00,
471 0x00, 0x01, T0_INT2(offsetof(br_ssl_client_context, hash_id)), 0x00,
472 0x00, 0x01, T0_INT2(offsetof(br_ssl_client_context, hashes)), 0x00,
473 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, log_max_frag_len)),
474 0x00, 0x00, 0x01,
475 T0_INT2(offsetof(br_ssl_client_context, min_clienthello_len)), 0x00,
476 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, pad)), 0x00, 0x00,
477 0x01, T0_INT2(offsetof(br_ssl_engine_context, protocol_names_num)),
478 0x00, 0x00, 0x01,
479 T0_INT2(offsetof(br_ssl_engine_context, record_type_in)), 0x00, 0x00,
480 0x01, T0_INT2(offsetof(br_ssl_engine_context, record_type_out)), 0x00,
481 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, reneg)), 0x00,
482 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, saved_finished)),
483 0x00, 0x00, 0x01,
484 T0_INT2(offsetof(br_ssl_engine_context, selected_protocol)), 0x00,
485 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, server_name)),
486 0x00, 0x00, 0x01,
487 T0_INT2(offsetof(br_ssl_engine_context, server_random)), 0x00, 0x00,
488 0x01,
489 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id)),
490 0x00, 0x00, 0x01,
491 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id_len)),
492 0x00, 0x00, 0x01,
493 T0_INT2(offsetof(br_ssl_engine_context, shutdown_recv)), 0x00, 0x00,
494 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_buf)), 0x00, 0x00,
495 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_num)), 0x00, 0x00,
496 0x01,
497 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, version)),
498 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_in)),
499 0x00, 0x00, 0x01,
500 T0_INT2(offsetof(br_ssl_engine_context, version_max)), 0x00, 0x00,
501 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_min)), 0x00,
502 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_out)),
503 0x00, 0x00, 0x09, 0x26, 0x55, 0x06, 0x02, 0x65, 0x28, 0x00, 0x00, 0x06,
504 0x08, 0x2C, 0x0E, 0x05, 0x02, 0x6E, 0x28, 0x04, 0x01, 0x3C, 0x00, 0x00,
505 0x01, 0x01, 0x00, 0x01, 0x03, 0x00, 0x96, 0x26, 0x5B, 0x43, 0x9A, 0x26,
506 0x05, 0x04, 0x5D, 0x01, 0x00, 0x00, 0x02, 0x00, 0x0E, 0x06, 0x02, 0x9A,
507 0x00, 0x5B, 0x04, 0x6B, 0x00, 0x06, 0x02, 0x65, 0x28, 0x00, 0x00, 0x26,
508 0x86, 0x43, 0x05, 0x03, 0x01, 0x0C, 0x08, 0x43, 0x76, 0x2C, 0xA8, 0x1C,
509 0x81, 0x01, 0x0C, 0x31, 0x00, 0x00, 0x26, 0x1F, 0x01, 0x08, 0x0B, 0x43,
510 0x59, 0x1F, 0x08, 0x00, 0x01, 0x03, 0x00, 0x01, 0x00, 0x74, 0x3D, 0x29,
511 0x1A, 0x36, 0x06, 0x07, 0x02, 0x00, 0xCB, 0x03, 0x00, 0x04, 0x75, 0x01,
512 0x00, 0xC2, 0x02, 0x00, 0x26, 0x1A, 0x17, 0x06, 0x02, 0x6C, 0x28, 0xCB,
513 0x04, 0x76, 0x01, 0x01, 0x00, 0x74, 0x3D, 0x01, 0x16, 0x84, 0x3D, 0x01,
514 0x00, 0x87, 0x3C, 0x34, 0xD1, 0x29, 0xB1, 0x06, 0x09, 0x01, 0x7F, 0xAC,
515 0x01, 0x7F, 0xCE, 0x04, 0x80, 0x53, 0xAE, 0x76, 0x2C, 0x9E, 0x01,
516 T0_INT1(BR_KEYTYPE_SIGN), 0x17, 0x06, 0x01, 0xB2, 0xB5, 0x26, 0x01,
517 0x0D, 0x0E, 0x06, 0x07, 0x25, 0xB4, 0xB5, 0x01, 0x7F, 0x04, 0x02, 0x01,
518 0x00, 0x03, 0x00, 0x01, 0x0E, 0x0E, 0x05, 0x02, 0x6F, 0x28, 0x06, 0x02,
519 0x64, 0x28, 0x33, 0x06, 0x02, 0x6F, 0x28, 0x02, 0x00, 0x06, 0x1C, 0xCF,
520 0x7D, 0x2E, 0x01, 0x81, 0x7F, 0x0E, 0x06, 0x0D, 0x25, 0x01, 0x10, 0xDA,
521 0x01, 0x00, 0xD9, 0x76, 0x2C, 0xA8, 0x24, 0x04, 0x04, 0xD2, 0x06, 0x01,
522 0xD0, 0x04, 0x01, 0xD2, 0x01, 0x7F, 0xCE, 0x01, 0x7F, 0xAC, 0x01, 0x01,
523 0x74, 0x3D, 0x01, 0x17, 0x84, 0x3D, 0x00, 0x00, 0x38, 0x38, 0x00, 0x00,
524 0x97, 0x01, 0x0C, 0x11, 0x01, 0x00, 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
525 T0_INT1(BR_KEYTYPE_RSA | BR_KEYTYPE_KEYX), 0x04, 0x30, 0x01, 0x01,
526 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
527 T0_INT1(BR_KEYTYPE_RSA | BR_KEYTYPE_SIGN), 0x04, 0x25, 0x01, 0x02,
528 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
529 T0_INT1(BR_KEYTYPE_EC | BR_KEYTYPE_SIGN), 0x04, 0x1A, 0x01, 0x03,
530 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
531 T0_INT1(BR_KEYTYPE_EC | BR_KEYTYPE_KEYX), 0x04, 0x0F, 0x01, 0x04,
532 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
533 T0_INT1(BR_KEYTYPE_EC | BR_KEYTYPE_KEYX), 0x04, 0x04, 0x01, 0x00,
534 0x43, 0x25, 0x00, 0x00, 0x7F, 0x2E, 0x01, 0x0E, 0x0E, 0x06, 0x04, 0x01,
535 0x00, 0x04, 0x02, 0x01, 0x05, 0x00, 0x00, 0x3F, 0x06, 0x04, 0x01, 0x06,
536 0x04, 0x02, 0x01, 0x00, 0x00, 0x00, 0x85, 0x2E, 0x26, 0x06, 0x08, 0x01,
537 0x01, 0x09, 0x01, 0x11, 0x07, 0x04, 0x03, 0x25, 0x01, 0x05, 0x00, 0x01,
538 0x40, 0x03, 0x00, 0x25, 0x01, 0x00, 0x42, 0x06, 0x03, 0x02, 0x00, 0x08,
539 0x41, 0x06, 0x03, 0x02, 0x00, 0x08, 0x26, 0x06, 0x06, 0x01, 0x01, 0x0B,
540 0x01, 0x06, 0x08, 0x00, 0x00, 0x88, 0x3E, 0x26, 0x06, 0x03, 0x01, 0x09,
541 0x08, 0x00, 0x01, 0x3F, 0x26, 0x06, 0x1E, 0x01, 0x00, 0x03, 0x00, 0x26,
542 0x06, 0x0E, 0x26, 0x01, 0x01, 0x17, 0x02, 0x00, 0x08, 0x03, 0x00, 0x01,
543 0x01, 0x11, 0x04, 0x6F, 0x25, 0x02, 0x00, 0x01, 0x01, 0x0B, 0x01, 0x06,
544 0x08, 0x00, 0x00, 0x7C, 0x2D, 0x43, 0x11, 0x01, 0x01, 0x17, 0x35, 0x00,
545 0x00, 0x9C, 0xCA, 0x26, 0x01, 0x07, 0x17, 0x01, 0x00, 0x38, 0x0E, 0x06,
546 0x09, 0x25, 0x01, 0x10, 0x17, 0x06, 0x01, 0x9C, 0x04, 0x2D, 0x01, 0x01,
547 0x38, 0x0E, 0x06, 0x24, 0x25, 0x25, 0x01, 0x00, 0x74, 0x3D, 0xB0, 0x85,
548 0x2E, 0x01, 0x01, 0x0E, 0x01, 0x01, 0xA5, 0x37, 0x06, 0x0F, 0x29, 0x1A,
549 0x36, 0x06, 0x04, 0xCA, 0x25, 0x04, 0x78, 0x01, 0x80, 0x64, 0xC2, 0x04,
550 0x01, 0x9C, 0x04, 0x03, 0x6F, 0x28, 0x25, 0x04, 0xFF, 0x3C, 0x01, 0x26,
551 0x03, 0x00, 0x09, 0x26, 0x55, 0x06, 0x02, 0x65, 0x28, 0x02, 0x00, 0x00,
552 0x00, 0x97, 0x01, 0x0F, 0x17, 0x00, 0x00, 0x73, 0x2E, 0x01, 0x00, 0x38,
553 0x0E, 0x06, 0x10, 0x25, 0x26, 0x01, 0x01, 0x0D, 0x06, 0x03, 0x25, 0x01,
554 0x02, 0x73, 0x3D, 0x01, 0x00, 0x04, 0x22, 0x01, 0x01, 0x38, 0x0E, 0x06,
555 0x15, 0x25, 0x01, 0x00, 0x73, 0x3D, 0x26, 0x01, 0x80, 0x64, 0x0E, 0x06,
556 0x05, 0x01, 0x82, 0x00, 0x08, 0x28, 0x57, 0x00, 0x04, 0x07, 0x25, 0x01,
557 0x82, 0x00, 0x08, 0x28, 0x25, 0x00, 0x00, 0x01, 0x00, 0x2F, 0x06, 0x05,
558 0x3A, 0xA9, 0x37, 0x04, 0x78, 0x26, 0x06, 0x04, 0x01, 0x01, 0x8C, 0x3D,
559 0x00, 0x01, 0xBC, 0xA7, 0xBC, 0xA7, 0xBE, 0x81, 0x43, 0x26, 0x03, 0x00,
560 0xB3, 0x98, 0x98, 0x02, 0x00, 0x4A, 0x26, 0x55, 0x06, 0x0A, 0x01, 0x03,
561 0xA5, 0x06, 0x02, 0x6F, 0x28, 0x25, 0x04, 0x03, 0x59, 0x87, 0x3C, 0x00,
562 0x00, 0x2F, 0x06, 0x0B, 0x83, 0x2E, 0x01, 0x14, 0x0D, 0x06, 0x02, 0x6F,
563 0x28, 0x04, 0x11, 0xCA, 0x01, 0x07, 0x17, 0x26, 0x01, 0x02, 0x0D, 0x06,
564 0x06, 0x06, 0x02, 0x6F, 0x28, 0x04, 0x70, 0x25, 0xBF, 0x01, 0x01, 0x0D,
565 0x33, 0x37, 0x06, 0x02, 0x5E, 0x28, 0x26, 0x01, 0x01, 0xC5, 0x36, 0xAF,
566 0x00, 0x01, 0xB5, 0x01, 0x0B, 0x0E, 0x05, 0x02, 0x6F, 0x28, 0x26, 0x01,
567 0x03, 0x0E, 0x06, 0x08, 0xBD, 0x06, 0x02, 0x65, 0x28, 0x43, 0x25, 0x00,
568 0x43, 0x54, 0xBD, 0xA7, 0x26, 0x06, 0x23, 0xBD, 0xA7, 0x26, 0x53, 0x26,
569 0x06, 0x18, 0x26, 0x01, 0x82, 0x00, 0x0F, 0x06, 0x05, 0x01, 0x82, 0x00,
570 0x04, 0x01, 0x26, 0x03, 0x00, 0x81, 0x02, 0x00, 0xB3, 0x02, 0x00, 0x50,
571 0x04, 0x65, 0x98, 0x51, 0x04, 0x5A, 0x98, 0x98, 0x52, 0x26, 0x06, 0x02,
572 0x35, 0x00, 0x25, 0x2B, 0x00, 0x00, 0x76, 0x2C, 0x9E, 0x01, 0x7F, 0xAD,
573 0x26, 0x55, 0x06, 0x02, 0x35, 0x28, 0x26, 0x05, 0x02, 0x6F, 0x28, 0x38,
574 0x17, 0x0D, 0x06, 0x02, 0x71, 0x28, 0x3B, 0x00, 0x00, 0x99, 0xB5, 0x01,
575 0x14, 0x0D, 0x06, 0x02, 0x6F, 0x28, 0x81, 0x01, 0x0C, 0x08, 0x01, 0x0C,
576 0xB3, 0x98, 0x81, 0x26, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0x30, 0x05, 0x02,
577 0x61, 0x28, 0x00, 0x00, 0xB6, 0x06, 0x02, 0x6F, 0x28, 0x06, 0x02, 0x63,
578 0x28, 0x00, 0x0A, 0xB5, 0x01, 0x02, 0x0E, 0x05, 0x02, 0x6F, 0x28, 0xBC,
579 0x03, 0x00, 0x02, 0x00, 0x92, 0x2C, 0x0A, 0x02, 0x00, 0x91, 0x2C, 0x0F,
580 0x37, 0x06, 0x02, 0x70, 0x28, 0x02, 0x00, 0x90, 0x2C, 0x0D, 0x06, 0x02,
581 0x68, 0x28, 0x02, 0x00, 0x93, 0x3C, 0x89, 0x01, 0x20, 0xB3, 0x01, 0x00,
582 0x03, 0x01, 0xBE, 0x03, 0x02, 0x02, 0x02, 0x01, 0x20, 0x0F, 0x06, 0x02,
583 0x6D, 0x28, 0x81, 0x02, 0x02, 0xB3, 0x02, 0x02, 0x8B, 0x2E, 0x0E, 0x02,
584 0x02, 0x01, 0x00, 0x0F, 0x17, 0x06, 0x0B, 0x8A, 0x81, 0x02, 0x02, 0x30,
585 0x06, 0x04, 0x01, 0x7F, 0x03, 0x01, 0x8A, 0x81, 0x02, 0x02, 0x31, 0x02,
586 0x02, 0x8B, 0x3D, 0x02, 0x00, 0x8F, 0x02, 0x01, 0x95, 0xBC, 0x26, 0xC0,
587 0x55, 0x06, 0x02, 0x5F, 0x28, 0x76, 0x02, 0x01, 0x95, 0xBE, 0x06, 0x02,
588 0x60, 0x28, 0x26, 0x06, 0x81, 0x45, 0xBC, 0xA7, 0xA3, 0x03, 0x03, 0xA1,
589 0x03, 0x04, 0x9F, 0x03, 0x05, 0xA2, 0x03, 0x06, 0xA4, 0x03, 0x07, 0xA0,
590 0x03, 0x08, 0x27, 0x03, 0x09, 0x26, 0x06, 0x81, 0x18, 0xBC, 0x01, 0x00,
591 0x38, 0x0E, 0x06, 0x0F, 0x25, 0x02, 0x03, 0x05, 0x02, 0x69, 0x28, 0x01,
592 0x00, 0x03, 0x03, 0xBB, 0x04, 0x80, 0x7F, 0x01, 0x01, 0x38, 0x0E, 0x06,
593 0x0F, 0x25, 0x02, 0x05, 0x05, 0x02, 0x69, 0x28, 0x01, 0x00, 0x03, 0x05,
594 0xB9, 0x04, 0x80, 0x6A, 0x01, 0x83, 0xFE, 0x01, 0x38, 0x0E, 0x06, 0x0F,
595 0x25, 0x02, 0x04, 0x05, 0x02, 0x69, 0x28, 0x01, 0x00, 0x03, 0x04, 0xBA,
596 0x04, 0x80, 0x53, 0x01, 0x0D, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x06,
597 0x05, 0x02, 0x69, 0x28, 0x01, 0x00, 0x03, 0x06, 0xB7, 0x04, 0x3F, 0x01,
598 0x0A, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x07, 0x05, 0x02, 0x69, 0x28,
599 0x01, 0x00, 0x03, 0x07, 0xB7, 0x04, 0x2B, 0x01, 0x0B, 0x38, 0x0E, 0x06,
600 0x0E, 0x25, 0x02, 0x08, 0x05, 0x02, 0x69, 0x28, 0x01, 0x00, 0x03, 0x08,
601 0xB7, 0x04, 0x17, 0x01, 0x10, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x09,
602 0x05, 0x02, 0x69, 0x28, 0x01, 0x00, 0x03, 0x09, 0xAB, 0x04, 0x03, 0x69,
603 0x28, 0x25, 0x04, 0xFE, 0x64, 0x02, 0x04, 0x06, 0x0D, 0x02, 0x04, 0x01,
604 0x05, 0x0F, 0x06, 0x02, 0x66, 0x28, 0x01, 0x01, 0x85, 0x3D, 0x98, 0x98,
605 0x02, 0x01, 0x00, 0x04, 0xB5, 0x01, 0x0C, 0x0E, 0x05, 0x02, 0x6F, 0x28,
606 0xBE, 0x01, 0x03, 0x0E, 0x05, 0x02, 0x6A, 0x28, 0xBC, 0x26, 0x79, 0x3D,
607 0x26, 0x01, 0x20, 0x10, 0x06, 0x02, 0x6A, 0x28, 0x3F, 0x43, 0x11, 0x01,
608 0x01, 0x17, 0x05, 0x02, 0x6A, 0x28, 0xBE, 0x26, 0x01, 0x81, 0x05, 0x0F,
609 0x06, 0x02, 0x6A, 0x28, 0x26, 0x7B, 0x3D, 0x7A, 0x43, 0xB3, 0x8F, 0x2C,
610 0x01, 0x86, 0x03, 0x10, 0x03, 0x00, 0x76, 0x2C, 0xC8, 0x03, 0x01, 0x01,
611 0x02, 0x03, 0x02, 0x02, 0x00, 0x06, 0x21, 0xBE, 0x26, 0x26, 0x01, 0x02,
612 0x0A, 0x43, 0x01, 0x06, 0x0F, 0x37, 0x06, 0x02, 0x6A, 0x28, 0x03, 0x02,
613 0xBE, 0x02, 0x01, 0x01, 0x01, 0x0B, 0x01, 0x03, 0x08, 0x0E, 0x05, 0x02,
614 0x6A, 0x28, 0x04, 0x08, 0x02, 0x01, 0x06, 0x04, 0x01, 0x00, 0x03, 0x02,
615 0xBC, 0x26, 0x03, 0x03, 0x26, 0x01, 0x84, 0x00, 0x0F, 0x06, 0x02, 0x6B,
616 0x28, 0x81, 0x43, 0xB3, 0x02, 0x02, 0x02, 0x01, 0x02, 0x03, 0x4D, 0x26,
617 0x06, 0x01, 0x28, 0x25, 0x98, 0x00, 0x02, 0x03, 0x00, 0x03, 0x01, 0x02,
618 0x00, 0x94, 0x02, 0x01, 0x02, 0x00, 0x39, 0x26, 0x01, 0x00, 0x0E, 0x06,
619 0x02, 0x5D, 0x00, 0xCC, 0x04, 0x74, 0x02, 0x01, 0x00, 0x03, 0x00, 0xBE,
620 0xA7, 0x26, 0x06, 0x80, 0x43, 0xBE, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x06,
621 0x25, 0x01, 0x81, 0x7F, 0x04, 0x2E, 0x01, 0x80, 0x40, 0x38, 0x0E, 0x06,
622 0x07, 0x25, 0x01, 0x83, 0xFE, 0x00, 0x04, 0x20, 0x01, 0x80, 0x41, 0x38,
623 0x0E, 0x06, 0x07, 0x25, 0x01, 0x84, 0x80, 0x00, 0x04, 0x12, 0x01, 0x80,
624 0x42, 0x38, 0x0E, 0x06, 0x07, 0x25, 0x01, 0x88, 0x80, 0x00, 0x04, 0x04,
625 0x01, 0x00, 0x43, 0x25, 0x02, 0x00, 0x37, 0x03, 0x00, 0x04, 0xFF, 0x39,
626 0x98, 0x76, 0x2C, 0xC6, 0x05, 0x09, 0x02, 0x00, 0x01, 0x83, 0xFF, 0x7F,
627 0x17, 0x03, 0x00, 0x8F, 0x2C, 0x01, 0x86, 0x03, 0x10, 0x06, 0x3A, 0xB8,
628 0x26, 0x7E, 0x3C, 0x40, 0x25, 0x26, 0x01, 0x08, 0x0B, 0x37, 0x01, 0x8C,
629 0x80, 0x00, 0x37, 0x17, 0x02, 0x00, 0x17, 0x02, 0x00, 0x01, 0x8C, 0x80,
630 0x00, 0x17, 0x06, 0x19, 0x26, 0x01, 0x81, 0x7F, 0x17, 0x06, 0x05, 0x01,
631 0x84, 0x80, 0x00, 0x37, 0x26, 0x01, 0x83, 0xFE, 0x00, 0x17, 0x06, 0x05,
632 0x01, 0x88, 0x80, 0x00, 0x37, 0x03, 0x00, 0x04, 0x09, 0x02, 0x00, 0x01,
633 0x8C, 0x88, 0x01, 0x17, 0x03, 0x00, 0x16, 0xBC, 0xA7, 0x26, 0x06, 0x23,
634 0xBC, 0xA7, 0x26, 0x15, 0x26, 0x06, 0x18, 0x26, 0x01, 0x82, 0x00, 0x0F,
635 0x06, 0x05, 0x01, 0x82, 0x00, 0x04, 0x01, 0x26, 0x03, 0x01, 0x81, 0x02,
636 0x01, 0xB3, 0x02, 0x01, 0x12, 0x04, 0x65, 0x98, 0x13, 0x04, 0x5A, 0x98,
637 0x14, 0x98, 0x02, 0x00, 0x2A, 0x00, 0x00, 0xB6, 0x26, 0x57, 0x06, 0x07,
638 0x25, 0x06, 0x02, 0x63, 0x28, 0x04, 0x74, 0x00, 0x00, 0xBF, 0x01, 0x03,
639 0xBD, 0x43, 0x25, 0x43, 0x00, 0x00, 0xBC, 0xC3, 0x00, 0x03, 0x01, 0x00,
640 0x03, 0x00, 0xBC, 0xA7, 0x26, 0x06, 0x32, 0xBE, 0x03, 0x01, 0xBE, 0x03,
641 0x02, 0x02, 0x01, 0x01, 0x02, 0x10, 0x02, 0x01, 0x01, 0x06, 0x0C, 0x17,
642 0x02, 0x02, 0x01, 0x01, 0x0E, 0x02, 0x02, 0x01, 0x03, 0x0E, 0x37, 0x17,
643 0x06, 0x11, 0x02, 0x00, 0x01, 0x01, 0x02, 0x02, 0x5A, 0x01, 0x02, 0x0B,
644 0x02, 0x01, 0x08, 0x0B, 0x37, 0x03, 0x00, 0x04, 0x4B, 0x98, 0x02, 0x00,
645 0x00, 0x00, 0xBC, 0x01, 0x01, 0x0E, 0x05, 0x02, 0x62, 0x28, 0xBE, 0x01,
646 0x08, 0x08, 0x7F, 0x2E, 0x0E, 0x05, 0x02, 0x62, 0x28, 0x00, 0x00, 0xBC,
647 0x85, 0x2E, 0x05, 0x15, 0x01, 0x01, 0x0E, 0x05, 0x02, 0x66, 0x28, 0xBE,
648 0x01, 0x00, 0x0E, 0x05, 0x02, 0x66, 0x28, 0x01, 0x02, 0x85, 0x3D, 0x04,
649 0x1C, 0x01, 0x19, 0x0E, 0x05, 0x02, 0x66, 0x28, 0xBE, 0x01, 0x18, 0x0E,
650 0x05, 0x02, 0x66, 0x28, 0x81, 0x01, 0x18, 0xB3, 0x86, 0x81, 0x01, 0x18,
651 0x30, 0x05, 0x02, 0x66, 0x28, 0x00, 0x00, 0xBC, 0x06, 0x02, 0x67, 0x28,
652 0x00, 0x00, 0x01, 0x02, 0x94, 0xBF, 0x01, 0x08, 0x0B, 0xBF, 0x08, 0x00,
653 0x00, 0x01, 0x03, 0x94, 0xBF, 0x01, 0x08, 0x0B, 0xBF, 0x08, 0x01, 0x08,
654 0x0B, 0xBF, 0x08, 0x00, 0x00, 0x01, 0x01, 0x94, 0xBF, 0x00, 0x00, 0x3A,
655 0x26, 0x55, 0x05, 0x01, 0x00, 0x25, 0xCC, 0x04, 0x76, 0x02, 0x03, 0x00,
656 0x8E, 0x2E, 0x03, 0x01, 0x01, 0x00, 0x26, 0x02, 0x01, 0x0A, 0x06, 0x10,
657 0x26, 0x01, 0x01, 0x0B, 0x8D, 0x08, 0x2C, 0x02, 0x00, 0x0E, 0x06, 0x01,
658 0x00, 0x59, 0x04, 0x6A, 0x25, 0x01, 0x7F, 0x00, 0x00, 0x01, 0x15, 0x84,
659 0x3D, 0x43, 0x4F, 0x25, 0x4F, 0x25, 0x29, 0x00, 0x00, 0x01, 0x01, 0x43,
660 0xC1, 0x00, 0x00, 0x43, 0x38, 0x94, 0x43, 0x26, 0x06, 0x05, 0xBF, 0x25,
661 0x5A, 0x04, 0x78, 0x25, 0x00, 0x00, 0x26, 0x01, 0x81, 0xAC, 0x00, 0x0E,
662 0x06, 0x04, 0x25, 0x01, 0x7F, 0x00, 0x97, 0x56, 0x00, 0x02, 0x03, 0x00,
663 0x76, 0x2C, 0x97, 0x03, 0x01, 0x02, 0x01, 0x01, 0x0F, 0x17, 0x02, 0x01,
664 0x01, 0x04, 0x11, 0x01, 0x0F, 0x17, 0x02, 0x01, 0x01, 0x08, 0x11, 0x01,
665 0x0F, 0x17, 0x01, 0x00, 0x38, 0x0E, 0x06, 0x10, 0x25, 0x01, 0x00, 0x01,
666 0x18, 0x02, 0x00, 0x06, 0x03, 0x46, 0x04, 0x01, 0x47, 0x04, 0x80, 0x68,
667 0x01, 0x01, 0x38, 0x0E, 0x06, 0x10, 0x25, 0x01, 0x01, 0x01, 0x10, 0x02,
668 0x00, 0x06, 0x03, 0x46, 0x04, 0x01, 0x47, 0x04, 0x80, 0x52, 0x01, 0x02,
669 0x38, 0x0E, 0x06, 0x0F, 0x25, 0x01, 0x01, 0x01, 0x20, 0x02, 0x00, 0x06,
670 0x03, 0x46, 0x04, 0x01, 0x47, 0x04, 0x3D, 0x01, 0x03, 0x38, 0x0E, 0x06,
671 0x0E, 0x25, 0x25, 0x01, 0x10, 0x02, 0x00, 0x06, 0x03, 0x44, 0x04, 0x01,
672 0x45, 0x04, 0x29, 0x01, 0x04, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x25, 0x01,
673 0x20, 0x02, 0x00, 0x06, 0x03, 0x44, 0x04, 0x01, 0x45, 0x04, 0x15, 0x01,
674 0x05, 0x38, 0x0E, 0x06, 0x0C, 0x25, 0x25, 0x02, 0x00, 0x06, 0x03, 0x48,
675 0x04, 0x01, 0x49, 0x04, 0x03, 0x65, 0x28, 0x25, 0x00, 0x00, 0x97, 0x01,
676 0x0C, 0x11, 0x01, 0x02, 0x0F, 0x00, 0x00, 0x97, 0x01, 0x0C, 0x11, 0x26,
677 0x58, 0x43, 0x01, 0x03, 0x0A, 0x17, 0x00, 0x00, 0x97, 0x01, 0x0C, 0x11,
678 0x01, 0x01, 0x0E, 0x00, 0x00, 0x97, 0x01, 0x0C, 0x11, 0x57, 0x00, 0x00,
679 0x1B, 0x01, 0x00, 0x72, 0x2E, 0x26, 0x06, 0x1F, 0x01, 0x01, 0x38, 0x0E,
680 0x06, 0x06, 0x25, 0x01, 0x00, 0x9B, 0x04, 0x11, 0x01, 0x02, 0x38, 0x0E,
681 0x06, 0x0A, 0x25, 0x74, 0x2E, 0x06, 0x03, 0x01, 0x10, 0x37, 0x04, 0x01,
682 0x25, 0x04, 0x01, 0x25, 0x78, 0x2E, 0x05, 0x33, 0x2F, 0x06, 0x30, 0x83,
683 0x2E, 0x01, 0x14, 0x38, 0x0E, 0x06, 0x06, 0x25, 0x01, 0x02, 0x37, 0x04,
684 0x22, 0x01, 0x15, 0x38, 0x0E, 0x06, 0x09, 0x25, 0xAA, 0x06, 0x03, 0x01,
685 0x7F, 0x9B, 0x04, 0x13, 0x01, 0x16, 0x38, 0x0E, 0x06, 0x06, 0x25, 0x01,
686 0x01, 0x37, 0x04, 0x07, 0x25, 0x01, 0x04, 0x37, 0x01, 0x00, 0x25, 0x1A,
687 0x06, 0x03, 0x01, 0x08, 0x37, 0x00, 0x00, 0x1B, 0x26, 0x05, 0x0F, 0x2F,
688 0x06, 0x0C, 0x83, 0x2E, 0x01, 0x15, 0x0E, 0x06, 0x04, 0x25, 0xAA, 0x04,
689 0x01, 0x20, 0x00, 0x00, 0xCA, 0x01, 0x07, 0x17, 0x01, 0x01, 0x0F, 0x06,
690 0x02, 0x6F, 0x28, 0x00, 0x01, 0x03, 0x00, 0x29, 0x1A, 0x06, 0x05, 0x02,
691 0x00, 0x84, 0x3D, 0x00, 0xCA, 0x25, 0x04, 0x74, 0x00, 0x01, 0x14, 0xCD,
692 0x01, 0x01, 0xDA, 0x29, 0x26, 0x01, 0x00, 0xC5, 0x01, 0x16, 0xCD, 0xD3,
693 0x29, 0x00, 0x00, 0x01, 0x0B, 0xDA, 0x4B, 0x26, 0x26, 0x01, 0x03, 0x08,
694 0xD9, 0xD9, 0x18, 0x26, 0x55, 0x06, 0x02, 0x25, 0x00, 0xD9, 0x1D, 0x26,
695 0x06, 0x05, 0x81, 0x43, 0xD4, 0x04, 0x77, 0x25, 0x04, 0x6C, 0x00, 0x21,
696 0x01, 0x0F, 0xDA, 0x26, 0x8F, 0x2C, 0x01, 0x86, 0x03, 0x10, 0x06, 0x0C,
697 0x01, 0x04, 0x08, 0xD9, 0x7D, 0x2E, 0xDA, 0x75, 0x2E, 0xDA, 0x04, 0x02,
698 0x5B, 0xD9, 0x26, 0xD8, 0x81, 0x43, 0xD4, 0x00, 0x02, 0xA1, 0xA3, 0x08,
699 0x9F, 0x08, 0xA2, 0x08, 0xA4, 0x08, 0xA0, 0x08, 0x27, 0x08, 0x03, 0x00,
700 0x01, 0x01, 0xDA, 0x01, 0x27, 0x8B, 0x2E, 0x08, 0x8E, 0x2E, 0x01, 0x01,
701 0x0B, 0x08, 0x02, 0x00, 0x06, 0x04, 0x5B, 0x02, 0x00, 0x08, 0x80, 0x2C,
702 0x38, 0x09, 0x26, 0x58, 0x06, 0x24, 0x02, 0x00, 0x05, 0x04, 0x43, 0x5B,
703 0x43, 0x5C, 0x01, 0x04, 0x09, 0x26, 0x55, 0x06, 0x03, 0x25, 0x01, 0x00,
704 0x26, 0x01, 0x04, 0x08, 0x02, 0x00, 0x08, 0x03, 0x00, 0x43, 0x01, 0x04,
705 0x08, 0x38, 0x08, 0x43, 0x04, 0x03, 0x25, 0x01, 0x7F, 0x03, 0x01, 0xD9,
706 0x91, 0x2C, 0xD8, 0x77, 0x01, 0x04, 0x19, 0x77, 0x01, 0x04, 0x08, 0x01,
707 0x1C, 0x32, 0x77, 0x01, 0x20, 0xD4, 0x8A, 0x8B, 0x2E, 0xD6, 0x8E, 0x2E,
708 0x26, 0x01, 0x01, 0x0B, 0xD8, 0x8D, 0x43, 0x26, 0x06, 0x0F, 0x5A, 0x38,
709 0x2C, 0x26, 0xC4, 0x05, 0x02, 0x5F, 0x28, 0xD8, 0x43, 0x5B, 0x43, 0x04,
710 0x6E, 0x5D, 0x01, 0x01, 0xDA, 0x01, 0x00, 0xDA, 0x02, 0x00, 0x06, 0x81,
711 0x46, 0x02, 0x00, 0xD8, 0xA1, 0x06, 0x0E, 0x01, 0x83, 0xFE, 0x01, 0xD8,
712 0x86, 0xA1, 0x01, 0x04, 0x09, 0x26, 0xD8, 0x5A, 0xD6, 0xA3, 0x06, 0x16,
713 0x01, 0x00, 0xD8, 0x88, 0xA3, 0x01, 0x04, 0x09, 0x26, 0xD8, 0x01, 0x02,
714 0x09, 0x26, 0xD8, 0x01, 0x00, 0xDA, 0x01, 0x03, 0x09, 0xD5, 0x9F, 0x06,
715 0x0C, 0x01, 0x01, 0xD8, 0x01, 0x01, 0xD8, 0x7F, 0x2E, 0x01, 0x08, 0x09,
716 0xDA, 0xA2, 0x06, 0x19, 0x01, 0x0D, 0xD8, 0xA2, 0x01, 0x04, 0x09, 0x26,
717 0xD8, 0x01, 0x02, 0x09, 0xD8, 0x41, 0x06, 0x03, 0x01, 0x03, 0xD7, 0x42,
718 0x06, 0x03, 0x01, 0x01, 0xD7, 0xA4, 0x26, 0x06, 0x22, 0x01, 0x0A, 0xD8,
719 0x01, 0x04, 0x09, 0x26, 0xD8, 0x5C, 0xD8, 0x3F, 0x01, 0x00, 0x26, 0x01,
720 0x20, 0x0A, 0x06, 0x0C, 0x9D, 0x11, 0x01, 0x01, 0x17, 0x06, 0x02, 0x26,
721 0xD8, 0x59, 0x04, 0x6E, 0x5D, 0x04, 0x01, 0x25, 0xA0, 0x06, 0x0A, 0x01,
722 0x0B, 0xD8, 0x01, 0x02, 0xD8, 0x01, 0x82, 0x00, 0xD8, 0x27, 0x26, 0x06,
723 0x1F, 0x01, 0x10, 0xD8, 0x01, 0x04, 0x09, 0x26, 0xD8, 0x5C, 0xD8, 0x82,
724 0x2C, 0x01, 0x00, 0x9D, 0x0F, 0x06, 0x0A, 0x26, 0x1E, 0x26, 0xDA, 0x81,
725 0x43, 0xD4, 0x59, 0x04, 0x72, 0x5D, 0x04, 0x01, 0x25, 0x02, 0x01, 0x55,
726 0x05, 0x11, 0x01, 0x15, 0xD8, 0x02, 0x01, 0x26, 0xD8, 0x26, 0x06, 0x06,
727 0x5A, 0x01, 0x00, 0xDA, 0x04, 0x77, 0x25, 0x00, 0x00, 0x01, 0x10, 0xDA,
728 0x76, 0x2C, 0x26, 0xC9, 0x06, 0x0C, 0xA8, 0x23, 0x26, 0x5B, 0xD9, 0x26,
729 0xD8, 0x81, 0x43, 0xD4, 0x04, 0x0D, 0x26, 0xC7, 0x43, 0xA8, 0x22, 0x26,
730 0x59, 0xD9, 0x26, 0xDA, 0x81, 0x43, 0xD4, 0x00, 0x00, 0x99, 0x01, 0x14,
731 0xDA, 0x01, 0x0C, 0xD9, 0x81, 0x01, 0x0C, 0xD4, 0x00, 0x00, 0x4E, 0x26,
732 0x01, 0x00, 0x0E, 0x06, 0x02, 0x5D, 0x00, 0xCA, 0x25, 0x04, 0x73, 0x00,
733 0x26, 0xD8, 0xD4, 0x00, 0x00, 0x26, 0xDA, 0xD4, 0x00, 0x01, 0x03, 0x00,
734 0x40, 0x25, 0x26, 0x01, 0x10, 0x17, 0x06, 0x06, 0x01, 0x04, 0xDA, 0x02,
735 0x00, 0xDA, 0x26, 0x01, 0x08, 0x17, 0x06, 0x06, 0x01, 0x03, 0xDA, 0x02,
736 0x00, 0xDA, 0x26, 0x01, 0x20, 0x17, 0x06, 0x06, 0x01, 0x05, 0xDA, 0x02,
737 0x00, 0xDA, 0x26, 0x01, 0x80, 0x40, 0x17, 0x06, 0x06, 0x01, 0x06, 0xDA,
738 0x02, 0x00, 0xDA, 0x01, 0x04, 0x17, 0x06, 0x06, 0x01, 0x02, 0xDA, 0x02,
739 0x00, 0xDA, 0x00, 0x00, 0x26, 0x01, 0x08, 0x4C, 0xDA, 0xDA, 0x00, 0x00,
740 0x26, 0x01, 0x10, 0x4C, 0xDA, 0xD8, 0x00, 0x00, 0x26, 0x4F, 0x06, 0x02,
741 0x25, 0x00, 0xCA, 0x25, 0x04, 0x76
742 };
743
744 static const uint16_t t0_caddr[] = {
745 0,
746 5,
747 10,
748 15,
749 20,
750 25,
751 30,
752 35,
753 40,
754 44,
755 48,
756 52,
757 56,
758 60,
759 64,
760 68,
761 72,
762 76,
763 80,
764 84,
765 88,
766 92,
767 96,
768 100,
769 104,
770 108,
771 112,
772 116,
773 120,
774 124,
775 129,
776 134,
777 139,
778 144,
779 149,
780 154,
781 159,
782 164,
783 169,
784 174,
785 179,
786 184,
787 189,
788 194,
789 199,
790 204,
791 209,
792 214,
793 219,
794 224,
795 229,
796 234,
797 239,
798 244,
799 249,
800 254,
801 259,
802 264,
803 269,
804 274,
805 279,
806 284,
807 289,
808 294,
809 303,
810 316,
811 320,
812 345,
813 351,
814 370,
815 381,
816 415,
817 535,
818 539,
819 604,
820 619,
821 630,
822 648,
823 677,
824 687,
825 723,
826 733,
827 803,
828 817,
829 823,
830 883,
831 902,
832 937,
833 986,
834 1062,
835 1089,
836 1120,
837 1131,
838 1456,
839 1603,
840 1627,
841 1843,
842 1857,
843 1866,
844 1870,
845 1934,
846 1955,
847 2011,
848 2018,
849 2029,
850 2045,
851 2051,
852 2062,
853 2097,
854 2109,
855 2115,
856 2130,
857 2146,
858 2302,
859 2311,
860 2324,
861 2333,
862 2340,
863 2443,
864 2464,
865 2477,
866 2493,
867 2511,
868 2543,
869 2577,
870 2925,
871 2961,
872 2974,
873 2988,
874 2993,
875 2998,
876 3064,
877 3072,
878 3080
879 };
880
881 #define T0_INTERPRETED 85
882
883 #define T0_ENTER(ip, rp, slot) do { \
884 const unsigned char *t0_newip; \
885 uint32_t t0_lnum; \
886 t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \
887 t0_lnum = t0_parse7E_unsigned(&t0_newip); \
888 (rp) += t0_lnum; \
889 *((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \
890 (ip) = t0_newip; \
891 } while (0)
892
893 #define T0_DEFENTRY(name, slot) \
894 void \
895 name(void *ctx) \
896 { \
897 t0_context *t0ctx = ctx; \
898 t0ctx->ip = &t0_codeblock[0]; \
899 T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \
900 }
901
902 T0_DEFENTRY(br_ssl_hs_client_init_main, 166)
903
904 #define T0_NEXT(t0ipp) (*(*(t0ipp)) ++)
905
906 void
907 br_ssl_hs_client_run(void *t0ctx)
908 {
909 uint32_t *dp, *rp;
910 const unsigned char *ip;
911
912 #define T0_LOCAL(x) (*(rp - 2 - (x)))
913 #define T0_POP() (*-- dp)
914 #define T0_POPi() (*(int32_t *)(-- dp))
915 #define T0_PEEK(x) (*(dp - 1 - (x)))
916 #define T0_PEEKi(x) (*(int32_t *)(dp - 1 - (x)))
917 #define T0_PUSH(v) do { *dp = (v); dp ++; } while (0)
918 #define T0_PUSHi(v) do { *(int32_t *)dp = (v); dp ++; } while (0)
919 #define T0_RPOP() (*-- rp)
920 #define T0_RPOPi() (*(int32_t *)(-- rp))
921 #define T0_RPUSH(v) do { *rp = (v); rp ++; } while (0)
922 #define T0_RPUSHi(v) do { *(int32_t *)rp = (v); rp ++; } while (0)
923 #define T0_ROLL(x) do { \
924 size_t t0len = (size_t)(x); \
925 uint32_t t0tmp = *(dp - 1 - t0len); \
926 memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \
927 *(dp - 1) = t0tmp; \
928 } while (0)
929 #define T0_SWAP() do { \
930 uint32_t t0tmp = *(dp - 2); \
931 *(dp - 2) = *(dp - 1); \
932 *(dp - 1) = t0tmp; \
933 } while (0)
934 #define T0_ROT() do { \
935 uint32_t t0tmp = *(dp - 3); \
936 *(dp - 3) = *(dp - 2); \
937 *(dp - 2) = *(dp - 1); \
938 *(dp - 1) = t0tmp; \
939 } while (0)
940 #define T0_NROT() do { \
941 uint32_t t0tmp = *(dp - 1); \
942 *(dp - 1) = *(dp - 2); \
943 *(dp - 2) = *(dp - 3); \
944 *(dp - 3) = t0tmp; \
945 } while (0)
946 #define T0_PICK(x) do { \
947 uint32_t t0depth = (x); \
948 T0_PUSH(T0_PEEK(t0depth)); \
949 } while (0)
950 #define T0_CO() do { \
951 goto t0_exit; \
952 } while (0)
953 #define T0_RET() goto t0_next
954
955 dp = ((t0_context *)t0ctx)->dp;
956 rp = ((t0_context *)t0ctx)->rp;
957 ip = ((t0_context *)t0ctx)->ip;
958 goto t0_next;
959 for (;;) {
960 uint32_t t0x;
961
962 t0_next:
963 t0x = T0_NEXT(&ip);
964 if (t0x < T0_INTERPRETED) {
965 switch (t0x) {
966 int32_t t0off;
967
968 case 0: /* ret */
969 t0x = T0_RPOP();
970 rp -= (t0x >> 16);
971 t0x &= 0xFFFF;
972 if (t0x == 0) {
973 ip = NULL;
974 goto t0_exit;
975 }
976 ip = &t0_codeblock[t0x];
977 break;
978 case 1: /* literal constant */
979 T0_PUSHi(t0_parse7E_signed(&ip));
980 break;
981 case 2: /* read local */
982 T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip)));
983 break;
984 case 3: /* write local */
985 T0_LOCAL(t0_parse7E_unsigned(&ip)) = T0_POP();
986 break;
987 case 4: /* jump */
988 t0off = t0_parse7E_signed(&ip);
989 ip += t0off;
990 break;
991 case 5: /* jump if */
992 t0off = t0_parse7E_signed(&ip);
993 if (T0_POP()) {
994 ip += t0off;
995 }
996 break;
997 case 6: /* jump if not */
998 t0off = t0_parse7E_signed(&ip);
999 if (!T0_POP()) {
1000 ip += t0off;
1001 }
1002 break;
1003 case 7: {
1004 /* * */
1005
1006 uint32_t b = T0_POP();
1007 uint32_t a = T0_POP();
1008 T0_PUSH(a * b);
1009
1010 }
1011 break;
1012 case 8: {
1013 /* + */
1014
1015 uint32_t b = T0_POP();
1016 uint32_t a = T0_POP();
1017 T0_PUSH(a + b);
1018
1019 }
1020 break;
1021 case 9: {
1022 /* - */
1023
1024 uint32_t b = T0_POP();
1025 uint32_t a = T0_POP();
1026 T0_PUSH(a - b);
1027
1028 }
1029 break;
1030 case 10: {
1031 /* < */
1032
1033 int32_t b = T0_POPi();
1034 int32_t a = T0_POPi();
1035 T0_PUSH(-(uint32_t)(a < b));
1036
1037 }
1038 break;
1039 case 11: {
1040 /* << */
1041
1042 int c = (int)T0_POPi();
1043 uint32_t x = T0_POP();
1044 T0_PUSH(x << c);
1045
1046 }
1047 break;
1048 case 12: {
1049 /* <= */
1050
1051 int32_t b = T0_POPi();
1052 int32_t a = T0_POPi();
1053 T0_PUSH(-(uint32_t)(a <= b));
1054
1055 }
1056 break;
1057 case 13: {
1058 /* <> */
1059
1060 uint32_t b = T0_POP();
1061 uint32_t a = T0_POP();
1062 T0_PUSH(-(uint32_t)(a != b));
1063
1064 }
1065 break;
1066 case 14: {
1067 /* = */
1068
1069 uint32_t b = T0_POP();
1070 uint32_t a = T0_POP();
1071 T0_PUSH(-(uint32_t)(a == b));
1072
1073 }
1074 break;
1075 case 15: {
1076 /* > */
1077
1078 int32_t b = T0_POPi();
1079 int32_t a = T0_POPi();
1080 T0_PUSH(-(uint32_t)(a > b));
1081
1082 }
1083 break;
1084 case 16: {
1085 /* >= */
1086
1087 int32_t b = T0_POPi();
1088 int32_t a = T0_POPi();
1089 T0_PUSH(-(uint32_t)(a >= b));
1090
1091 }
1092 break;
1093 case 17: {
1094 /* >> */
1095
1096 int c = (int)T0_POPi();
1097 int32_t x = T0_POPi();
1098 T0_PUSHi(x >> c);
1099
1100 }
1101 break;
1102 case 18: {
1103 /* anchor-dn-append-name */
1104
1105 size_t len;
1106
1107 len = T0_POP();
1108 if (CTX->client_auth_vtable != NULL) {
1109 (*CTX->client_auth_vtable)->append_name(
1110 CTX->client_auth_vtable, ENG->pad, len);
1111 }
1112
1113 }
1114 break;
1115 case 19: {
1116 /* anchor-dn-end-name */
1117
1118 if (CTX->client_auth_vtable != NULL) {
1119 (*CTX->client_auth_vtable)->end_name(
1120 CTX->client_auth_vtable);
1121 }
1122
1123 }
1124 break;
1125 case 20: {
1126 /* anchor-dn-end-name-list */
1127
1128 if (CTX->client_auth_vtable != NULL) {
1129 (*CTX->client_auth_vtable)->end_name_list(
1130 CTX->client_auth_vtable);
1131 }
1132
1133 }
1134 break;
1135 case 21: {
1136 /* anchor-dn-start-name */
1137
1138 size_t len;
1139
1140 len = T0_POP();
1141 if (CTX->client_auth_vtable != NULL) {
1142 (*CTX->client_auth_vtable)->start_name(
1143 CTX->client_auth_vtable, len);
1144 }
1145
1146 }
1147 break;
1148 case 22: {
1149 /* anchor-dn-start-name-list */
1150
1151 if (CTX->client_auth_vtable != NULL) {
1152 (*CTX->client_auth_vtable)->start_name_list(
1153 CTX->client_auth_vtable);
1154 }
1155
1156 }
1157 break;
1158 case 23: {
1159 /* and */
1160
1161 uint32_t b = T0_POP();
1162 uint32_t a = T0_POP();
1163 T0_PUSH(a & b);
1164
1165 }
1166 break;
1167 case 24: {
1168 /* begin-cert */
1169
1170 if (ENG->chain_len == 0) {
1171 T0_PUSHi(-1);
1172 } else {
1173 ENG->cert_cur = ENG->chain->data;
1174 ENG->cert_len = ENG->chain->data_len;
1175 ENG->chain ++;
1176 ENG->chain_len --;
1177 T0_PUSH(ENG->cert_len);
1178 }
1179
1180 }
1181 break;
1182 case 25: {
1183 /* bzero */
1184
1185 size_t len = (size_t)T0_POP();
1186 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
1187 memset(addr, 0, len);
1188
1189 }
1190 break;
1191 case 26: {
1192 /* can-output? */
1193
1194 T0_PUSHi(-(ENG->hlen_out > 0));
1195
1196 }
1197 break;
1198 case 27: {
1199 /* co */
1200 T0_CO();
1201 }
1202 break;
1203 case 28: {
1204 /* compute-Finished-inner */
1205
1206 int prf_id = T0_POP();
1207 int from_client = T0_POPi();
1208 unsigned char seed[48];
1209 size_t seed_len;
1210
1211 br_tls_prf_impl prf = br_ssl_engine_get_PRF(ENG, prf_id);
1212 if (ENG->session.version >= BR_TLS12) {
1213 seed_len = br_multihash_out(&ENG->mhash, prf_id, seed);
1214 } else {
1215 br_multihash_out(&ENG->mhash, br_md5_ID, seed);
1216 br_multihash_out(&ENG->mhash, br_sha1_ID, seed + 16);
1217 seed_len = 36;
1218 }
1219 prf(ENG->pad, 12, ENG->session.master_secret,
1220 sizeof ENG->session.master_secret,
1221 from_client ? "client finished" : "server finished",
1222 seed, seed_len);
1223
1224 }
1225 break;
1226 case 29: {
1227 /* copy-cert-chunk */
1228
1229 size_t clen;
1230
1231 clen = ENG->cert_len;
1232 if (clen > sizeof ENG->pad) {
1233 clen = sizeof ENG->pad;
1234 }
1235 memcpy(ENG->pad, ENG->cert_cur, clen);
1236 ENG->cert_cur += clen;
1237 ENG->cert_len -= clen;
1238 T0_PUSH(clen);
1239
1240 }
1241 break;
1242 case 30: {
1243 /* copy-protocol-name */
1244
1245 size_t idx = T0_POP();
1246 size_t len = strlen(ENG->protocol_names[idx]);
1247 memcpy(ENG->pad, ENG->protocol_names[idx], len);
1248 T0_PUSH(len);
1249
1250 }
1251 break;
1252 case 31: {
1253 /* data-get8 */
1254
1255 size_t addr = T0_POP();
1256 T0_PUSH(t0_datablock[addr]);
1257
1258 }
1259 break;
1260 case 32: {
1261 /* discard-input */
1262
1263 ENG->hlen_in = 0;
1264
1265 }
1266 break;
1267 case 33: {
1268 /* do-client-sign */
1269
1270 size_t sig_len;
1271
1272 sig_len = make_client_sign(CTX);
1273 if (sig_len == 0) {
1274 br_ssl_engine_fail(ENG, BR_ERR_INVALID_ALGORITHM);
1275 T0_CO();
1276 }
1277 T0_PUSH(sig_len);
1278
1279 }
1280 break;
1281 case 34: {
1282 /* do-ecdh */
1283
1284 unsigned prf_id = T0_POP();
1285 unsigned ecdhe = T0_POP();
1286 int x;
1287
1288 x = make_pms_ecdh(CTX, ecdhe, prf_id);
1289 if (x < 0) {
1290 br_ssl_engine_fail(ENG, -x);
1291 T0_CO();
1292 } else {
1293 T0_PUSH(x);
1294 }
1295
1296 }
1297 break;
1298 case 35: {
1299 /* do-rsa-encrypt */
1300
1301 int x;
1302
1303 x = make_pms_rsa(CTX, T0_POP());
1304 if (x < 0) {
1305 br_ssl_engine_fail(ENG, -x);
1306 T0_CO();
1307 } else {
1308 T0_PUSH(x);
1309 }
1310
1311 }
1312 break;
1313 case 36: {
1314 /* do-static-ecdh */
1315
1316 unsigned prf_id = T0_POP();
1317
1318 if (make_pms_static_ecdh(CTX, prf_id) < 0) {
1319 br_ssl_engine_fail(ENG, BR_ERR_INVALID_ALGORITHM);
1320 T0_CO();
1321 }
1322
1323 }
1324 break;
1325 case 37: {
1326 /* drop */
1327 (void)T0_POP();
1328 }
1329 break;
1330 case 38: {
1331 /* dup */
1332 T0_PUSH(T0_PEEK(0));
1333 }
1334 break;
1335 case 39: {
1336 /* ext-ALPN-length */
1337
1338 size_t u, len;
1339
1340 if (ENG->protocol_names_num == 0) {
1341 T0_PUSH(0);
1342 T0_RET();
1343 }
1344 len = 6;
1345 for (u = 0; u < ENG->protocol_names_num; u ++) {
1346 len += 1 + strlen(ENG->protocol_names[u]);
1347 }
1348 T0_PUSH(len);
1349
1350 }
1351 break;
1352 case 40: {
1353 /* fail */
1354
1355 br_ssl_engine_fail(ENG, (int)T0_POPi());
1356 T0_CO();
1357
1358 }
1359 break;
1360 case 41: {
1361 /* flush-record */
1362
1363 br_ssl_engine_flush_record(ENG);
1364
1365 }
1366 break;
1367 case 42: {
1368 /* get-client-chain */
1369
1370 uint32_t auth_types;
1371
1372 auth_types = T0_POP();
1373 if (CTX->client_auth_vtable != NULL) {
1374 br_ssl_client_certificate ux;
1375
1376 (*CTX->client_auth_vtable)->choose(CTX->client_auth_vtable,
1377 CTX, auth_types, &ux);
1378 CTX->auth_type = (unsigned char)ux.auth_type;
1379 CTX->hash_id = (unsigned char)ux.hash_id;
1380 ENG->chain = ux.chain;
1381 ENG->chain_len = ux.chain_len;
1382 } else {
1383 CTX->hash_id = 0;
1384 ENG->chain_len = 0;
1385 }
1386
1387 }
1388 break;
1389 case 43: {
1390 /* get-key-type-usages */
1391
1392 const br_x509_class *xc;
1393 const br_x509_pkey *pk;
1394 unsigned usages;
1395
1396 xc = *(ENG->x509ctx);
1397 pk = xc->get_pkey(ENG->x509ctx, &usages);
1398 if (pk == NULL) {
1399 T0_PUSH(0);
1400 } else {
1401 T0_PUSH(pk->key_type | usages);
1402 }
1403
1404 }
1405 break;
1406 case 44: {
1407 /* get16 */
1408
1409 size_t addr = (size_t)T0_POP();
1410 T0_PUSH(*(uint16_t *)((unsigned char *)ENG + addr));
1411
1412 }
1413 break;
1414 case 45: {
1415 /* get32 */
1416
1417 size_t addr = (size_t)T0_POP();
1418 T0_PUSH(*(uint32_t *)((unsigned char *)ENG + addr));
1419
1420 }
1421 break;
1422 case 46: {
1423 /* get8 */
1424
1425 size_t addr = (size_t)T0_POP();
1426 T0_PUSH(*((unsigned char *)ENG + addr));
1427
1428 }
1429 break;
1430 case 47: {
1431 /* has-input? */
1432
1433 T0_PUSHi(-(ENG->hlen_in != 0));
1434
1435 }
1436 break;
1437 case 48: {
1438 /* memcmp */
1439
1440 size_t len = (size_t)T0_POP();
1441 void *addr2 = (unsigned char *)ENG + (size_t)T0_POP();
1442 void *addr1 = (unsigned char *)ENG + (size_t)T0_POP();
1443 int x = memcmp(addr1, addr2, len);
1444 T0_PUSH((uint32_t)-(x == 0));
1445
1446 }
1447 break;
1448 case 49: {
1449 /* memcpy */
1450
1451 size_t len = (size_t)T0_POP();
1452 void *src = (unsigned char *)ENG + (size_t)T0_POP();
1453 void *dst = (unsigned char *)ENG + (size_t)T0_POP();
1454 memcpy(dst, src, len);
1455
1456 }
1457 break;
1458 case 50: {
1459 /* mkrand */
1460
1461 size_t len = (size_t)T0_POP();
1462 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
1463 br_hmac_drbg_generate(&ENG->rng, addr, len);
1464
1465 }
1466 break;
1467 case 51: {
1468 /* more-incoming-bytes? */
1469
1470 T0_PUSHi(ENG->hlen_in != 0 || !br_ssl_engine_recvrec_finished(ENG));
1471
1472 }
1473 break;
1474 case 52: {
1475 /* multihash-init */
1476
1477 br_multihash_init(&ENG->mhash);
1478
1479 }
1480 break;
1481 case 53: {
1482 /* neg */
1483
1484 uint32_t a = T0_POP();
1485 T0_PUSH(-a);
1486
1487 }
1488 break;
1489 case 54: {
1490 /* not */
1491
1492 uint32_t a = T0_POP();
1493 T0_PUSH(~a);
1494
1495 }
1496 break;
1497 case 55: {
1498 /* or */
1499
1500 uint32_t b = T0_POP();
1501 uint32_t a = T0_POP();
1502 T0_PUSH(a | b);
1503
1504 }
1505 break;
1506 case 56: {
1507 /* over */
1508 T0_PUSH(T0_PEEK(1));
1509 }
1510 break;
1511 case 57: {
1512 /* read-chunk-native */
1513
1514 size_t clen = ENG->hlen_in;
1515 if (clen > 0) {
1516 uint32_t addr, len;
1517
1518 len = T0_POP();
1519 addr = T0_POP();
1520 if ((size_t)len < clen) {
1521 clen = (size_t)len;
1522 }
1523 memcpy((unsigned char *)ENG + addr, ENG->hbuf_in, clen);
1524 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1525 br_multihash_update(&ENG->mhash, ENG->hbuf_in, clen);
1526 }
1527 T0_PUSH(addr + (uint32_t)clen);
1528 T0_PUSH(len - (uint32_t)clen);
1529 ENG->hbuf_in += clen;
1530 ENG->hlen_in -= clen;
1531 }
1532
1533 }
1534 break;
1535 case 58: {
1536 /* read8-native */
1537
1538 if (ENG->hlen_in > 0) {
1539 unsigned char x;
1540
1541 x = *ENG->hbuf_in ++;
1542 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1543 br_multihash_update(&ENG->mhash, &x, 1);
1544 }
1545 T0_PUSH(x);
1546 ENG->hlen_in --;
1547 } else {
1548 T0_PUSHi(-1);
1549 }
1550
1551 }
1552 break;
1553 case 59: {
1554 /* set-server-curve */
1555
1556 const br_x509_class *xc;
1557 const br_x509_pkey *pk;
1558
1559 xc = *(ENG->x509ctx);
1560 pk = xc->get_pkey(ENG->x509ctx, NULL);
1561 CTX->server_curve =
1562 (pk->key_type == BR_KEYTYPE_EC) ? pk->key.ec.curve : 0;
1563
1564 }
1565 break;
1566 case 60: {
1567 /* set16 */
1568
1569 size_t addr = (size_t)T0_POP();
1570 *(uint16_t *)((unsigned char *)ENG + addr) = (uint16_t)T0_POP();
1571
1572 }
1573 break;
1574 case 61: {
1575 /* set8 */
1576
1577 size_t addr = (size_t)T0_POP();
1578 *((unsigned char *)ENG + addr) = (unsigned char)T0_POP();
1579
1580 }
1581 break;
1582 case 62: {
1583 /* strlen */
1584
1585 void *str = (unsigned char *)ENG + (size_t)T0_POP();
1586 T0_PUSH((uint32_t)strlen(str));
1587
1588 }
1589 break;
1590 case 63: {
1591 /* supported-curves */
1592
1593 uint32_t x = ENG->iec == NULL ? 0 : ENG->iec->supported_curves;
1594 T0_PUSH(x);
1595
1596 }
1597 break;
1598 case 64: {
1599 /* supported-hash-functions */
1600
1601 int i;
1602 unsigned x, num;
1603
1604 x = 0;
1605 num = 0;
1606 for (i = br_sha1_ID; i <= br_sha512_ID; i ++) {
1607 if (br_multihash_getimpl(&ENG->mhash, i)) {
1608 x |= 1U << i;
1609 num ++;
1610 }
1611 }
1612 T0_PUSH(x);
1613 T0_PUSH(num);
1614
1615 }
1616 break;
1617 case 65: {
1618 /* supports-ecdsa? */
1619
1620 T0_PUSHi(-(ENG->iecdsa != 0));
1621
1622 }
1623 break;
1624 case 66: {
1625 /* supports-rsa-sign? */
1626
1627 T0_PUSHi(-(ENG->irsavrfy != 0));
1628
1629 }
1630 break;
1631 case 67: {
1632 /* swap */
1633 T0_SWAP();
1634 }
1635 break;
1636 case 68: {
1637 /* switch-aesgcm-in */
1638
1639 int is_client, prf_id;
1640 unsigned cipher_key_len;
1641
1642 cipher_key_len = T0_POP();
1643 prf_id = T0_POP();
1644 is_client = T0_POP();
1645 br_ssl_engine_switch_gcm_in(ENG, is_client, prf_id,
1646 ENG->iaes_ctr, cipher_key_len);
1647
1648 }
1649 break;
1650 case 69: {
1651 /* switch-aesgcm-out */
1652
1653 int is_client, prf_id;
1654 unsigned cipher_key_len;
1655
1656 cipher_key_len = T0_POP();
1657 prf_id = T0_POP();
1658 is_client = T0_POP();
1659 br_ssl_engine_switch_gcm_out(ENG, is_client, prf_id,
1660 ENG->iaes_ctr, cipher_key_len);
1661
1662 }
1663 break;
1664 case 70: {
1665 /* switch-cbc-in */
1666
1667 int is_client, prf_id, mac_id, aes;
1668 unsigned cipher_key_len;
1669
1670 cipher_key_len = T0_POP();
1671 aes = T0_POP();
1672 mac_id = T0_POP();
1673 prf_id = T0_POP();
1674 is_client = T0_POP();
1675 br_ssl_engine_switch_cbc_in(ENG, is_client, prf_id, mac_id,
1676 aes ? ENG->iaes_cbcdec : ENG->ides_cbcdec, cipher_key_len);
1677
1678 }
1679 break;
1680 case 71: {
1681 /* switch-cbc-out */
1682
1683 int is_client, prf_id, mac_id, aes;
1684 unsigned cipher_key_len;
1685
1686 cipher_key_len = T0_POP();
1687 aes = T0_POP();
1688 mac_id = T0_POP();
1689 prf_id = T0_POP();
1690 is_client = T0_POP();
1691 br_ssl_engine_switch_cbc_out(ENG, is_client, prf_id, mac_id,
1692 aes ? ENG->iaes_cbcenc : ENG->ides_cbcenc, cipher_key_len);
1693
1694 }
1695 break;
1696 case 72: {
1697 /* switch-chapol-in */
1698
1699 int is_client, prf_id;
1700
1701 prf_id = T0_POP();
1702 is_client = T0_POP();
1703 br_ssl_engine_switch_chapol_in(ENG, is_client, prf_id);
1704
1705 }
1706 break;
1707 case 73: {
1708 /* switch-chapol-out */
1709
1710 int is_client, prf_id;
1711
1712 prf_id = T0_POP();
1713 is_client = T0_POP();
1714 br_ssl_engine_switch_chapol_out(ENG, is_client, prf_id);
1715
1716 }
1717 break;
1718 case 74: {
1719 /* test-protocol-name */
1720
1721 size_t len = T0_POP();
1722 size_t u;
1723
1724 for (u = 0; u < ENG->protocol_names_num; u ++) {
1725 const char *name;
1726
1727 name = ENG->protocol_names[u];
1728 if (len == strlen(name) && memcmp(ENG->pad, name, len) == 0) {
1729 T0_PUSH(u);
1730 T0_RET();
1731 }
1732 }
1733 T0_PUSHi(-1);
1734
1735 }
1736 break;
1737 case 75: {
1738 /* total-chain-length */
1739
1740 size_t u;
1741 uint32_t total;
1742
1743 total = 0;
1744 for (u = 0; u < ENG->chain_len; u ++) {
1745 total += 3 + (uint32_t)ENG->chain[u].data_len;
1746 }
1747 T0_PUSH(total);
1748
1749 }
1750 break;
1751 case 76: {
1752 /* u>> */
1753
1754 int c = (int)T0_POPi();
1755 uint32_t x = T0_POP();
1756 T0_PUSH(x >> c);
1757
1758 }
1759 break;
1760 case 77: {
1761 /* verify-SKE-sig */
1762
1763 size_t sig_len = T0_POP();
1764 int use_rsa = T0_POPi();
1765 int hash = T0_POPi();
1766
1767 T0_PUSH(verify_SKE_sig(CTX, hash, use_rsa, sig_len));
1768
1769 }
1770 break;
1771 case 78: {
1772 /* write-blob-chunk */
1773
1774 size_t clen = ENG->hlen_out;
1775 if (clen > 0) {
1776 uint32_t addr, len;
1777
1778 len = T0_POP();
1779 addr = T0_POP();
1780 if ((size_t)len < clen) {
1781 clen = (size_t)len;
1782 }
1783 memcpy(ENG->hbuf_out, (unsigned char *)ENG + addr, clen);
1784 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1785 br_multihash_update(&ENG->mhash, ENG->hbuf_out, clen);
1786 }
1787 T0_PUSH(addr + (uint32_t)clen);
1788 T0_PUSH(len - (uint32_t)clen);
1789 ENG->hbuf_out += clen;
1790 ENG->hlen_out -= clen;
1791 }
1792
1793 }
1794 break;
1795 case 79: {
1796 /* write8-native */
1797
1798 unsigned char x;
1799
1800 x = (unsigned char)T0_POP();
1801 if (ENG->hlen_out > 0) {
1802 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1803 br_multihash_update(&ENG->mhash, &x, 1);
1804 }
1805 *ENG->hbuf_out ++ = x;
1806 ENG->hlen_out --;
1807 T0_PUSHi(-1);
1808 } else {
1809 T0_PUSHi(0);
1810 }
1811
1812 }
1813 break;
1814 case 80: {
1815 /* x509-append */
1816
1817 const br_x509_class *xc;
1818 size_t len;
1819
1820 xc = *(ENG->x509ctx);
1821 len = T0_POP();
1822 xc->append(ENG->x509ctx, ENG->pad, len);
1823
1824 }
1825 break;
1826 case 81: {
1827 /* x509-end-cert */
1828
1829 const br_x509_class *xc;
1830
1831 xc = *(ENG->x509ctx);
1832 xc->end_cert(ENG->x509ctx);
1833
1834 }
1835 break;
1836 case 82: {
1837 /* x509-end-chain */
1838
1839 const br_x509_class *xc;
1840
1841 xc = *(ENG->x509ctx);
1842 T0_PUSH(xc->end_chain(ENG->x509ctx));
1843
1844 }
1845 break;
1846 case 83: {
1847 /* x509-start-cert */
1848
1849 const br_x509_class *xc;
1850
1851 xc = *(ENG->x509ctx);
1852 xc->start_cert(ENG->x509ctx, T0_POP());
1853
1854 }
1855 break;
1856 case 84: {
1857 /* x509-start-chain */
1858
1859 const br_x509_class *xc;
1860 uint32_t bc;
1861
1862 bc = T0_POP();
1863 xc = *(ENG->x509ctx);
1864 xc->start_chain(ENG->x509ctx, bc ? ENG->server_name : NULL);
1865
1866 }
1867 break;
1868 }
1869
1870 } else {
1871 T0_ENTER(ip, rp, t0x);
1872 }
1873 }
1874 t0_exit:
1875 ((t0_context *)t0ctx)->dp = dp;
1876 ((t0_context *)t0ctx)->rp = rp;
1877 ((t0_context *)t0ctx)->ip = ip;
1878 }
The BearSSL library and tools.