projects / BearSSL / blob
? search:


e3864c2427baacac66d4e43b9ace7a83f6381672
[BearSSL] / src / ssl / ssl_hs_client.c
1 /* Automatically generated code; do not modify directly. */
2
3 #include <stddef.h>
4 #include <stdint.h>
5
6 typedef struct {
7 uint32_t *dp;
8 uint32_t *rp;
9 const unsigned char *ip;
10 } t0_context;
11
12 static uint32_t
13 t0_parse7E_unsigned(const unsigned char **p)
14 {
15 uint32_t x;
16
17 x = 0;
18 for (;;) {
19 unsigned y;
20
21 y = *(*p) ++;
22 x = (x << 7) | (uint32_t)(y & 0x7F);
23 if (y < 0x80) {
24 return x;
25 }
26 }
27 }
28
29 static int32_t
30 t0_parse7E_signed(const unsigned char **p)
31 {
32 int neg;
33 uint32_t x;
34
35 neg = ((**p) >> 6) & 1;
36 x = (uint32_t)-neg;
37 for (;;) {
38 unsigned y;
39
40 y = *(*p) ++;
41 x = (x << 7) | (uint32_t)(y & 0x7F);
42 if (y < 0x80) {
43 if (neg) {
44 return -(int32_t)~x - 1;
45 } else {
46 return (int32_t)x;
47 }
48 }
49 }
50 }
51
52 #define T0_VBYTE(x, n) (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) | 0x80)
53 #define T0_FBYTE(x, n) (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)
54 #define T0_SBYTE(x) (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)
55 #define T0_INT1(x) T0_FBYTE(x, 0)
56 #define T0_INT2(x) T0_VBYTE(x, 7), T0_FBYTE(x, 0)
57 #define T0_INT3(x) T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
58 #define T0_INT4(x) T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
59 #define T0_INT5(x) T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
60
61 /* static const unsigned char t0_datablock[]; */
62
63
64 void br_ssl_hs_client_init_main(void *t0ctx);
65
66 void br_ssl_hs_client_run(void *t0ctx);
67
68
69
70 #include <stddef.h>
71 #include <string.h>
72
73 #include "inner.h"
74
75 /*
76 * This macro evaluates to a pointer to the current engine context.
77 */
78 #define ENG ((br_ssl_engine_context *)((unsigned char *)t0ctx - offsetof(br_ssl_engine_context, cpu)))
79
80
81
82
83
84 /*
85 * This macro evaluates to a pointer to the client context, under that
86 * specific name. It must be noted that since the engine context is the
87 * first field of the br_ssl_client_context structure ('eng'), then
88 * pointers values of both types are interchangeable, modulo an
89 * appropriate cast. This also means that "adresses" computed as offsets
90 * within the structure work for both kinds of context.
91 */
92 #define CTX ((br_ssl_client_context *)ENG)
93
94 /*
95 * Generate the pre-master secret for RSA key exchange, and encrypt it
96 * with the server's public key. Returned value is either the encrypted
97 * data length (in bytes), or -x on error, with 'x' being an error code.
98 *
99 * This code assumes that the public key has been already verified (it
100 * was properly obtained by the X.509 engine, and it has the right type,
101 * i.e. it is of type RSA and suitable for encryption).
102 */
103 static int
104 make_pms_rsa(br_ssl_client_context *ctx, int prf_id)
105 {
106 const br_x509_class **xc;
107 const br_x509_pkey *pk;
108 const unsigned char *n;
109 unsigned char *pms;
110 size_t nlen, u;
111
112 xc = ctx->eng.x509ctx;
113 pk = (*xc)->get_pkey(xc, NULL);
114
115 /*
116 * Compute actual RSA key length, in case there are leading zeros.
117 */
118 n = pk->key.rsa.n;
119 nlen = pk->key.rsa.nlen;
120 while (nlen > 0 && *n == 0) {
121 n ++;
122 nlen --;
123 }
124
125 /*
126 * We need at least 59 bytes (48 bytes for pre-master secret, and
127 * 11 bytes for the PKCS#1 type 2 padding). Note that the X.509
128 * minimal engine normally blocks RSA keys shorter than 128 bytes,
129 * so this is mostly for public keys provided explicitly by the
130 * caller.
131 */
132 if (nlen < 59) {
133 return -BR_ERR_X509_WEAK_PUBLIC_KEY;
134 }
135 if (nlen > sizeof ctx->eng.pad) {
136 return -BR_ERR_LIMIT_EXCEEDED;
137 }
138
139 /*
140 * Make PMS.
141 */
142 pms = ctx->eng.pad + nlen - 48;
143 br_enc16be(pms, ctx->eng.version_max);
144 br_hmac_drbg_generate(&ctx->eng.rng, pms + 2, 46);
145 br_ssl_engine_compute_master(&ctx->eng, prf_id, pms, 48);
146
147 /*
148 * Apply PKCS#1 type 2 padding.
149 */
150 ctx->eng.pad[0] = 0x00;
151 ctx->eng.pad[1] = 0x02;
152 ctx->eng.pad[nlen - 49] = 0x00;
153 br_hmac_drbg_generate(&ctx->eng.rng, ctx->eng.pad + 2, nlen - 51);
154 for (u = 2; u < nlen - 49; u ++) {
155 while (ctx->eng.pad[u] == 0) {
156 br_hmac_drbg_generate(&ctx->eng.rng,
157 &ctx->eng.pad[u], 1);
158 }
159 }
160
161 /*
162 * Compute RSA encryption.
163 */
164 if (!ctx->irsapub(ctx->eng.pad, nlen, &pk->key.rsa)) {
165 return -BR_ERR_LIMIT_EXCEEDED;
166 }
167 return (int)nlen;
168 }
169
170 /*
171 * OID for hash functions in RSA signatures.
172 */
173 static const unsigned char *HASH_OID[] = {
174 BR_HASH_OID_SHA1,
175 BR_HASH_OID_SHA224,
176 BR_HASH_OID_SHA256,
177 BR_HASH_OID_SHA384,
178 BR_HASH_OID_SHA512
179 };
180
181 /*
182 * Check the RSA signature on the ServerKeyExchange message.
183 *
184 * hash hash function ID (2 to 6), or 0 for MD5+SHA-1 (with RSA only)
185 * use_rsa non-zero for RSA signature, zero for ECDSA
186 * sig_len signature length (in bytes); signature value is in the pad
187 *
188 * Returned value is 0 on success, or an error code.
189 */
190 static int
191 verify_SKE_sig(br_ssl_client_context *ctx,
192 int hash, int use_rsa, size_t sig_len)
193 {
194 const br_x509_class **xc;
195 const br_x509_pkey *pk;
196 br_multihash_context mhc;
197 unsigned char hv[64], head[4];
198 size_t hv_len;
199
200 xc = ctx->eng.x509ctx;
201 pk = (*xc)->get_pkey(xc, NULL);
202 br_multihash_zero(&mhc);
203 br_multihash_copyimpl(&mhc, &ctx->eng.mhash);
204 br_multihash_init(&mhc);
205 br_multihash_update(&mhc,
206 ctx->eng.client_random, sizeof ctx->eng.client_random);
207 br_multihash_update(&mhc,
208 ctx->eng.server_random, sizeof ctx->eng.server_random);
209 head[0] = 3;
210 head[1] = 0;
211 head[2] = ctx->eng.ecdhe_curve;
212 head[3] = ctx->eng.ecdhe_point_len;
213 br_multihash_update(&mhc, head, sizeof head);
214 br_multihash_update(&mhc,
215 ctx->eng.ecdhe_point, ctx->eng.ecdhe_point_len);
216 if (hash) {
217 hv_len = br_multihash_out(&mhc, hash, hv);
218 if (hv_len == 0) {
219 return BR_ERR_INVALID_ALGORITHM;
220 }
221 } else {
222 if (!br_multihash_out(&mhc, br_md5_ID, hv)
223 || !br_multihash_out(&mhc, br_sha1_ID, hv + 16))
224 {
225 return BR_ERR_INVALID_ALGORITHM;
226 }
227 hv_len = 36;
228 }
229 if (use_rsa) {
230 unsigned char tmp[64];
231 const unsigned char *hash_oid;
232
233 if (hash) {
234 hash_oid = HASH_OID[hash - 2];
235 } else {
236 hash_oid = NULL;
237 }
238 if (!ctx->eng.irsavrfy(ctx->eng.pad, sig_len,
239 hash_oid, hv_len, &pk->key.rsa, tmp)
240 || memcmp(tmp, hv, hv_len) != 0)
241 {
242 return BR_ERR_BAD_SIGNATURE;
243 }
244 } else {
245 if (!ctx->eng.iecdsa(ctx->eng.iec, hv, hv_len, &pk->key.ec,
246 ctx->eng.pad, sig_len))
247 {
248 return BR_ERR_BAD_SIGNATURE;
249 }
250 }
251 return 0;
252 }
253
254 /*
255 * Perform client-side ECDH (or ECDHE). The point that should be sent to
256 * the server is written in the pad; returned value is either the point
257 * length (in bytes), or -x on error, with 'x' being an error code.
258 *
259 * The point _from_ the server is taken from ecdhe_point[] if 'ecdhe'
260 * is non-zero, or from the X.509 engine context if 'ecdhe' is zero
261 * (for static ECDH).
262 */
263 static int
264 make_pms_ecdh(br_ssl_client_context *ctx, unsigned ecdhe, int prf_id)
265 {
266 int curve;
267 unsigned char key[66], point[133];
268 const unsigned char *order, *point_src;
269 size_t glen, olen, point_len, xoff, xlen;
270 unsigned char mask;
271
272 if (ecdhe) {
273 curve = ctx->eng.ecdhe_curve;
274 point_src = ctx->eng.ecdhe_point;
275 point_len = ctx->eng.ecdhe_point_len;
276 } else {
277 const br_x509_class **xc;
278 const br_x509_pkey *pk;
279
280 xc = ctx->eng.x509ctx;
281 pk = (*xc)->get_pkey(xc, NULL);
282 curve = pk->key.ec.curve;
283 point_src = pk->key.ec.q;
284 point_len = pk->key.ec.qlen;
285 }
286 if ((ctx->eng.iec->supported_curves & ((uint32_t)1 << curve)) == 0) {
287 return -BR_ERR_INVALID_ALGORITHM;
288 }
289
290 /*
291 * We need to generate our key, as a non-zero random value which
292 * is lower than the curve order, in a "large enough" range. We
293 * force top bit to 0 and bottom bit to 1, which guarantees that
294 * the value is in the proper range.
295 */
296 order = ctx->eng.iec->order(curve, &olen);
297 mask = 0xFF;
298 while (mask >= order[0]) {
299 mask >>= 1;
300 }
301 br_hmac_drbg_generate(&ctx->eng.rng, key, olen);
302 key[0] &= mask;
303 key[olen - 1] |= 0x01;
304
305 /*
306 * Compute the common ECDH point, whose X coordinate is the
307 * pre-master secret.
308 */
309 ctx->eng.iec->generator(curve, &glen);
310 if (glen != point_len) {
311 return -BR_ERR_INVALID_ALGORITHM;
312 }
313
314 memcpy(point, point_src, glen);
315 if (!ctx->eng.iec->mul(point, glen, key, olen, curve)) {
316 return -BR_ERR_INVALID_ALGORITHM;
317 }
318
319 /*
320 * The pre-master secret is the X coordinate.
321 */
322 xoff = ctx->eng.iec->xoff(curve, &xlen);
323 br_ssl_engine_compute_master(&ctx->eng, prf_id, point + xoff, xlen);
324
325 ctx->eng.iec->mulgen(point, key, olen, curve);
326 memcpy(ctx->eng.pad, point, glen);
327 return (int)glen;
328 }
329
330 /*
331 * Perform full static ECDH. This occurs only in the context of client
332 * authentication with certificates: the server uses an EC public key,
333 * the cipher suite is of type ECDH (not ECDHE), the server requested a
334 * client certificate and accepts static ECDH, the client has a
335 * certificate with an EC public key in the same curve, and accepts
336 * static ECDH as well.
337 *
338 * Returned value is 0 on success, -1 on error.
339 */
340 static int
341 make_pms_static_ecdh(br_ssl_client_context *ctx, int prf_id)
342 {
343 unsigned char point[133];
344 size_t point_len;
345 const br_x509_class **xc;
346 const br_x509_pkey *pk;
347
348 xc = ctx->eng.x509ctx;
349 pk = (*xc)->get_pkey(xc, NULL);
350 point_len = pk->key.ec.qlen;
351 if (point_len > sizeof point) {
352 return -1;
353 }
354 memcpy(point, pk->key.ec.q, point_len);
355 if (!(*ctx->client_auth_vtable)->do_keyx(
356 ctx->client_auth_vtable, point, &point_len))
357 {
358 return -1;
359 }
360 br_ssl_engine_compute_master(&ctx->eng,
361 prf_id, point, point_len);
362 return 0;
363 }
364
365 /*
366 * Compute the client-side signature. This is invoked only when a
367 * signature-based client authentication was selected. The computed
368 * signature is in the pad; its length (in bytes) is returned. On
369 * error, 0 is returned.
370 */
371 static size_t
372 make_client_sign(br_ssl_client_context *ctx)
373 {
374 size_t hv_len;
375
376 /*
377 * Compute hash of handshake messages so far. This "cannot" fail
378 * because the list of supported hash functions provided to the
379 * client certificate handler was trimmed to include only the
380 * hash functions that the multi-hasher supports.
381 */
382 if (ctx->hash_id) {
383 hv_len = br_multihash_out(&ctx->eng.mhash,
384 ctx->hash_id, ctx->eng.pad);
385 } else {
386 br_multihash_out(&ctx->eng.mhash,
387 br_md5_ID, ctx->eng.pad);
388 br_multihash_out(&ctx->eng.mhash,
389 br_sha1_ID, ctx->eng.pad + 16);
390 hv_len = 36;
391 }
392 return (*ctx->client_auth_vtable)->do_sign(
393 ctx->client_auth_vtable, ctx->hash_id, hv_len,
394 ctx->eng.pad, sizeof ctx->eng.pad);
395 }
396
397
398
399 static const unsigned char t0_datablock[] = {
400 0x00, 0x00, 0x0A, 0x00, 0x24, 0x00, 0x2F, 0x01, 0x24, 0x00, 0x35, 0x02,
401 0x24, 0x00, 0x3C, 0x01, 0x44, 0x00, 0x3D, 0x02, 0x44, 0x00, 0x9C, 0x03,
402 0x04, 0x00, 0x9D, 0x04, 0x05, 0xC0, 0x03, 0x40, 0x24, 0xC0, 0x04, 0x41,
403 0x24, 0xC0, 0x05, 0x42, 0x24, 0xC0, 0x08, 0x20, 0x24, 0xC0, 0x09, 0x21,
404 0x24, 0xC0, 0x0A, 0x22, 0x24, 0xC0, 0x0D, 0x30, 0x24, 0xC0, 0x0E, 0x31,
405 0x24, 0xC0, 0x0F, 0x32, 0x24, 0xC0, 0x12, 0x10, 0x24, 0xC0, 0x13, 0x11,
406 0x24, 0xC0, 0x14, 0x12, 0x24, 0xC0, 0x23, 0x21, 0x44, 0xC0, 0x24, 0x22,
407 0x55, 0xC0, 0x25, 0x41, 0x44, 0xC0, 0x26, 0x42, 0x55, 0xC0, 0x27, 0x11,
408 0x44, 0xC0, 0x28, 0x12, 0x55, 0xC0, 0x29, 0x31, 0x44, 0xC0, 0x2A, 0x32,
409 0x55, 0xC0, 0x2B, 0x23, 0x04, 0xC0, 0x2C, 0x24, 0x05, 0xC0, 0x2D, 0x43,
410 0x04, 0xC0, 0x2E, 0x44, 0x05, 0xC0, 0x2F, 0x13, 0x04, 0xC0, 0x30, 0x14,
411 0x05, 0xC0, 0x31, 0x33, 0x04, 0xC0, 0x32, 0x34, 0x05, 0xCC, 0xA8, 0x15,
412 0x04, 0xCC, 0xA9, 0x25, 0x04, 0x00, 0x00
413 };
414
415 static const unsigned char t0_codeblock[] = {
416 0x00, 0x01, 0x00, 0x0A, 0x00, 0x00, 0x01, 0x00, 0x0D, 0x00, 0x00, 0x01,
417 0x00, 0x0E, 0x00, 0x00, 0x01, 0x00, 0x0F, 0x00, 0x00, 0x01, 0x01, 0x08,
418 0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x02, 0x08, 0x00, 0x00,
419 0x01, 0x02, 0x09, 0x00, 0x00, 0x25, 0x25, 0x00, 0x00, 0x01,
420 T0_INT1(BR_ERR_BAD_CCS), 0x00, 0x00, 0x01,
421 T0_INT1(BR_ERR_BAD_CIPHER_SUITE), 0x00, 0x00, 0x01,
422 T0_INT1(BR_ERR_BAD_COMPRESSION), 0x00, 0x00, 0x01,
423 T0_INT1(BR_ERR_BAD_FINISHED), 0x00, 0x00, 0x01,
424 T0_INT1(BR_ERR_BAD_FRAGLEN), 0x00, 0x00, 0x01,
425 T0_INT1(BR_ERR_BAD_HANDSHAKE), 0x00, 0x00, 0x01,
426 T0_INT1(BR_ERR_BAD_HELLO_DONE), 0x00, 0x00, 0x01,
427 T0_INT1(BR_ERR_BAD_PARAM), 0x00, 0x00, 0x01,
428 T0_INT1(BR_ERR_BAD_SECRENEG), 0x00, 0x00, 0x01,
429 T0_INT1(BR_ERR_BAD_SNI), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_BAD_VERSION),
430 0x00, 0x00, 0x01, T0_INT1(BR_ERR_EXTRA_EXTENSION), 0x00, 0x00, 0x01,
431 T0_INT1(BR_ERR_INVALID_ALGORITHM), 0x00, 0x00, 0x01,
432 T0_INT1(BR_ERR_LIMIT_EXCEEDED), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OK),
433 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OVERSIZED_ID), 0x00, 0x00, 0x01,
434 T0_INT1(BR_ERR_RESUME_MISMATCH), 0x00, 0x00, 0x01,
435 T0_INT1(BR_ERR_UNEXPECTED), 0x00, 0x00, 0x01,
436 T0_INT1(BR_ERR_UNSUPPORTED_VERSION), 0x00, 0x00, 0x01,
437 T0_INT1(BR_ERR_WRONG_KEY_USAGE), 0x00, 0x00, 0x01,
438 T0_INT2(offsetof(br_ssl_engine_context, action)), 0x00, 0x00, 0x01,
439 T0_INT2(offsetof(br_ssl_engine_context, alert)), 0x00, 0x00, 0x01,
440 T0_INT2(offsetof(br_ssl_engine_context, application_data)), 0x00, 0x00,
441 0x01, T0_INT2(offsetof(br_ssl_client_context, auth_type)), 0x00, 0x00,
442 0x01,
443 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, cipher_suite)),
444 0x00, 0x00, 0x01,
445 T0_INT2(offsetof(br_ssl_engine_context, client_random)), 0x00, 0x00,
446 0x01, T0_INT2(offsetof(br_ssl_engine_context, close_received)), 0x00,
447 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_curve)),
448 0x00, 0x00, 0x01,
449 T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point)), 0x00, 0x00,
450 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point_len)), 0x00,
451 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, flags)), 0x00,
452 0x00, 0x01, T0_INT2(offsetof(br_ssl_client_context, hash_id)), 0x00,
453 0x00, 0x01, T0_INT2(offsetof(br_ssl_client_context, hashes)), 0x00,
454 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, log_max_frag_len)),
455 0x00, 0x00, 0x01,
456 T0_INT2(offsetof(br_ssl_client_context, min_clienthello_len)), 0x00,
457 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, pad)), 0x00, 0x00,
458 0x01, T0_INT2(offsetof(br_ssl_engine_context, protocol_names_num)),
459 0x00, 0x00, 0x01,
460 T0_INT2(offsetof(br_ssl_engine_context, record_type_in)), 0x00, 0x00,
461 0x01, T0_INT2(offsetof(br_ssl_engine_context, record_type_out)), 0x00,
462 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, reneg)), 0x00,
463 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, saved_finished)),
464 0x00, 0x00, 0x01,
465 T0_INT2(offsetof(br_ssl_engine_context, selected_protocol)), 0x00,
466 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, server_name)),
467 0x00, 0x00, 0x01,
468 T0_INT2(offsetof(br_ssl_engine_context, server_random)), 0x00, 0x00,
469 0x01,
470 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id)),
471 0x00, 0x00, 0x01,
472 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id_len)),
473 0x00, 0x00, 0x01,
474 T0_INT2(offsetof(br_ssl_engine_context, shutdown_recv)), 0x00, 0x00,
475 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_buf)), 0x00, 0x00,
476 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_num)), 0x00, 0x00,
477 0x01,
478 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, version)),
479 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_in)),
480 0x00, 0x00, 0x01,
481 T0_INT2(offsetof(br_ssl_engine_context, version_max)), 0x00, 0x00,
482 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_min)), 0x00,
483 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_out)),
484 0x00, 0x00, 0x09, 0x26, 0x56, 0x06, 0x02, 0x66, 0x28, 0x00, 0x00, 0x06,
485 0x08, 0x2C, 0x0E, 0x05, 0x02, 0x6F, 0x28, 0x04, 0x01, 0x3C, 0x00, 0x00,
486 0x01, 0x01, 0x00, 0x01, 0x03, 0x00, 0x97, 0x26, 0x5C, 0x44, 0x9B, 0x26,
487 0x05, 0x04, 0x5E, 0x01, 0x00, 0x00, 0x02, 0x00, 0x0E, 0x06, 0x02, 0x9B,
488 0x00, 0x5C, 0x04, 0x6B, 0x00, 0x06, 0x02, 0x66, 0x28, 0x00, 0x00, 0x26,
489 0x87, 0x44, 0x05, 0x03, 0x01, 0x0C, 0x08, 0x44, 0x77, 0x2C, 0xA9, 0x1C,
490 0x82, 0x01, 0x0C, 0x31, 0x00, 0x00, 0x26, 0x1F, 0x01, 0x08, 0x0B, 0x44,
491 0x5A, 0x1F, 0x08, 0x00, 0x01, 0x03, 0x00, 0x75, 0x2E, 0x02, 0x00, 0x36,
492 0x17, 0x01, 0x01, 0x0B, 0x75, 0x3E, 0x29, 0x1A, 0x36, 0x06, 0x07, 0x02,
493 0x00, 0xCC, 0x03, 0x00, 0x04, 0x75, 0x01, 0x00, 0xC3, 0x02, 0x00, 0x26,
494 0x1A, 0x17, 0x06, 0x02, 0x6D, 0x28, 0xCC, 0x04, 0x76, 0x01, 0x01, 0x00,
495 0x75, 0x3E, 0x01, 0x16, 0x85, 0x3E, 0x01, 0x00, 0x88, 0x3C, 0x34, 0xD2,
496 0x29, 0xB2, 0x06, 0x09, 0x01, 0x7F, 0xAD, 0x01, 0x7F, 0xCF, 0x04, 0x80,
497 0x53, 0xAF, 0x77, 0x2C, 0x9F, 0x01, T0_INT1(BR_KEYTYPE_SIGN), 0x17,
498 0x06, 0x01, 0xB3, 0xB6, 0x26, 0x01, 0x0D, 0x0E, 0x06, 0x07, 0x25, 0xB5,
499 0xB6, 0x01, 0x7F, 0x04, 0x02, 0x01, 0x00, 0x03, 0x00, 0x01, 0x0E, 0x0E,
500 0x05, 0x02, 0x70, 0x28, 0x06, 0x02, 0x65, 0x28, 0x33, 0x06, 0x02, 0x70,
501 0x28, 0x02, 0x00, 0x06, 0x1C, 0xD0, 0x7E, 0x2E, 0x01, 0x81, 0x7F, 0x0E,
502 0x06, 0x0D, 0x25, 0x01, 0x10, 0xDB, 0x01, 0x00, 0xDA, 0x77, 0x2C, 0xA9,
503 0x24, 0x04, 0x04, 0xD3, 0x06, 0x01, 0xD1, 0x04, 0x01, 0xD3, 0x01, 0x7F,
504 0xCF, 0x01, 0x7F, 0xAD, 0x01, 0x01, 0x75, 0x3E, 0x01, 0x17, 0x85, 0x3E,
505 0x00, 0x00, 0x38, 0x38, 0x00, 0x00, 0x98, 0x01, 0x0C, 0x11, 0x01, 0x00,
506 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
507 T0_INT1(BR_KEYTYPE_RSA | BR_KEYTYPE_KEYX), 0x04, 0x30, 0x01, 0x01,
508 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
509 T0_INT1(BR_KEYTYPE_RSA | BR_KEYTYPE_SIGN), 0x04, 0x25, 0x01, 0x02,
510 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
511 T0_INT1(BR_KEYTYPE_EC | BR_KEYTYPE_SIGN), 0x04, 0x1A, 0x01, 0x03,
512 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
513 T0_INT1(BR_KEYTYPE_EC | BR_KEYTYPE_KEYX), 0x04, 0x0F, 0x01, 0x04,
514 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
515 T0_INT1(BR_KEYTYPE_EC | BR_KEYTYPE_KEYX), 0x04, 0x04, 0x01, 0x00,
516 0x44, 0x25, 0x00, 0x00, 0x80, 0x2E, 0x01, 0x0E, 0x0E, 0x06, 0x04, 0x01,
517 0x00, 0x04, 0x02, 0x01, 0x05, 0x00, 0x00, 0x40, 0x06, 0x04, 0x01, 0x06,
518 0x04, 0x02, 0x01, 0x00, 0x00, 0x00, 0x86, 0x2E, 0x26, 0x06, 0x08, 0x01,
519 0x01, 0x09, 0x01, 0x11, 0x07, 0x04, 0x03, 0x25, 0x01, 0x05, 0x00, 0x01,
520 0x41, 0x03, 0x00, 0x25, 0x01, 0x00, 0x43, 0x06, 0x03, 0x02, 0x00, 0x08,
521 0x42, 0x06, 0x03, 0x02, 0x00, 0x08, 0x26, 0x06, 0x06, 0x01, 0x01, 0x0B,
522 0x01, 0x06, 0x08, 0x00, 0x00, 0x89, 0x3F, 0x26, 0x06, 0x03, 0x01, 0x09,
523 0x08, 0x00, 0x01, 0x40, 0x26, 0x06, 0x1E, 0x01, 0x00, 0x03, 0x00, 0x26,
524 0x06, 0x0E, 0x26, 0x01, 0x01, 0x17, 0x02, 0x00, 0x08, 0x03, 0x00, 0x01,
525 0x01, 0x11, 0x04, 0x6F, 0x25, 0x02, 0x00, 0x01, 0x01, 0x0B, 0x01, 0x06,
526 0x08, 0x00, 0x00, 0x7D, 0x2D, 0x44, 0x11, 0x01, 0x01, 0x17, 0x35, 0x00,
527 0x00, 0x9D, 0xCB, 0x26, 0x01, 0x07, 0x17, 0x01, 0x00, 0x38, 0x0E, 0x06,
528 0x09, 0x25, 0x01, 0x10, 0x17, 0x06, 0x01, 0x9D, 0x04, 0x2D, 0x01, 0x01,
529 0x38, 0x0E, 0x06, 0x24, 0x25, 0x25, 0x01, 0x00, 0x75, 0x3E, 0xB1, 0x86,
530 0x2E, 0x01, 0x01, 0x0E, 0x01, 0x01, 0xA6, 0x37, 0x06, 0x0F, 0x29, 0x1A,
531 0x36, 0x06, 0x04, 0xCB, 0x25, 0x04, 0x78, 0x01, 0x80, 0x64, 0xC3, 0x04,
532 0x01, 0x9D, 0x04, 0x03, 0x70, 0x28, 0x25, 0x04, 0xFF, 0x3C, 0x01, 0x26,
533 0x03, 0x00, 0x09, 0x26, 0x56, 0x06, 0x02, 0x66, 0x28, 0x02, 0x00, 0x00,
534 0x00, 0x98, 0x01, 0x0F, 0x17, 0x00, 0x00, 0x74, 0x2E, 0x01, 0x00, 0x38,
535 0x0E, 0x06, 0x10, 0x25, 0x26, 0x01, 0x01, 0x0D, 0x06, 0x03, 0x25, 0x01,
536 0x02, 0x74, 0x3E, 0x01, 0x00, 0x04, 0x21, 0x01, 0x01, 0x38, 0x0E, 0x06,
537 0x14, 0x25, 0x01, 0x00, 0x74, 0x3E, 0x26, 0x01, 0x80, 0x64, 0x0E, 0x06,
538 0x05, 0x01, 0x82, 0x00, 0x08, 0x28, 0x58, 0x04, 0x07, 0x25, 0x01, 0x82,
539 0x00, 0x08, 0x28, 0x25, 0x00, 0x00, 0x01, 0x00, 0x2F, 0x06, 0x05, 0x3A,
540 0xAA, 0x37, 0x04, 0x78, 0x26, 0x06, 0x04, 0x01, 0x01, 0x8D, 0x3E, 0x00,
541 0x01, 0xBD, 0xA8, 0xBD, 0xA8, 0xBF, 0x82, 0x44, 0x26, 0x03, 0x00, 0xB4,
542 0x99, 0x99, 0x02, 0x00, 0x4B, 0x26, 0x56, 0x06, 0x0A, 0x01, 0x03, 0xA6,
543 0x06, 0x02, 0x70, 0x28, 0x25, 0x04, 0x03, 0x5A, 0x88, 0x3C, 0x00, 0x00,
544 0x2F, 0x06, 0x0B, 0x84, 0x2E, 0x01, 0x14, 0x0D, 0x06, 0x02, 0x70, 0x28,
545 0x04, 0x11, 0xCB, 0x01, 0x07, 0x17, 0x26, 0x01, 0x02, 0x0D, 0x06, 0x06,
546 0x06, 0x02, 0x70, 0x28, 0x04, 0x70, 0x25, 0xC0, 0x01, 0x01, 0x0D, 0x33,
547 0x37, 0x06, 0x02, 0x5F, 0x28, 0x26, 0x01, 0x01, 0xC6, 0x36, 0xB0, 0x00,
548 0x01, 0xB6, 0x01, 0x0B, 0x0E, 0x05, 0x02, 0x70, 0x28, 0x26, 0x01, 0x03,
549 0x0E, 0x06, 0x08, 0xBE, 0x06, 0x02, 0x66, 0x28, 0x44, 0x25, 0x00, 0x44,
550 0x55, 0xBE, 0xA8, 0x26, 0x06, 0x23, 0xBE, 0xA8, 0x26, 0x54, 0x26, 0x06,
551 0x18, 0x26, 0x01, 0x82, 0x00, 0x0F, 0x06, 0x05, 0x01, 0x82, 0x00, 0x04,
552 0x01, 0x26, 0x03, 0x00, 0x82, 0x02, 0x00, 0xB4, 0x02, 0x00, 0x51, 0x04,
553 0x65, 0x99, 0x52, 0x04, 0x5A, 0x99, 0x99, 0x53, 0x26, 0x06, 0x02, 0x35,
554 0x00, 0x25, 0x2B, 0x00, 0x00, 0x77, 0x2C, 0x9F, 0x01, 0x7F, 0xAE, 0x26,
555 0x56, 0x06, 0x02, 0x35, 0x28, 0x26, 0x05, 0x02, 0x70, 0x28, 0x38, 0x17,
556 0x0D, 0x06, 0x02, 0x72, 0x28, 0x3B, 0x00, 0x00, 0x9A, 0xB6, 0x01, 0x14,
557 0x0D, 0x06, 0x02, 0x70, 0x28, 0x82, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0xB4,
558 0x99, 0x82, 0x26, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0x30, 0x05, 0x02, 0x62,
559 0x28, 0x00, 0x00, 0xB7, 0x06, 0x02, 0x70, 0x28, 0x06, 0x02, 0x64, 0x28,
560 0x00, 0x0A, 0xB6, 0x01, 0x02, 0x0E, 0x05, 0x02, 0x70, 0x28, 0xBD, 0x03,
561 0x00, 0x02, 0x00, 0x93, 0x2C, 0x0A, 0x02, 0x00, 0x92, 0x2C, 0x0F, 0x37,
562 0x06, 0x02, 0x71, 0x28, 0x02, 0x00, 0x91, 0x2C, 0x0D, 0x06, 0x02, 0x69,
563 0x28, 0x02, 0x00, 0x94, 0x3C, 0x8A, 0x01, 0x20, 0xB4, 0x01, 0x00, 0x03,
564 0x01, 0xBF, 0x03, 0x02, 0x02, 0x02, 0x01, 0x20, 0x0F, 0x06, 0x02, 0x6E,
565 0x28, 0x82, 0x02, 0x02, 0xB4, 0x02, 0x02, 0x8C, 0x2E, 0x0E, 0x02, 0x02,
566 0x01, 0x00, 0x0F, 0x17, 0x06, 0x0B, 0x8B, 0x82, 0x02, 0x02, 0x30, 0x06,
567 0x04, 0x01, 0x7F, 0x03, 0x01, 0x8B, 0x82, 0x02, 0x02, 0x31, 0x02, 0x02,
568 0x8C, 0x3E, 0x02, 0x00, 0x90, 0x02, 0x01, 0x96, 0xBD, 0x26, 0xC1, 0x56,
569 0x06, 0x02, 0x60, 0x28, 0x77, 0x02, 0x01, 0x96, 0xBF, 0x06, 0x02, 0x61,
570 0x28, 0x26, 0x06, 0x81, 0x45, 0xBD, 0xA8, 0xA4, 0x03, 0x03, 0xA2, 0x03,
571 0x04, 0xA0, 0x03, 0x05, 0xA3, 0x03, 0x06, 0xA5, 0x03, 0x07, 0xA1, 0x03,
572 0x08, 0x27, 0x03, 0x09, 0x26, 0x06, 0x81, 0x18, 0xBD, 0x01, 0x00, 0x38,
573 0x0E, 0x06, 0x0F, 0x25, 0x02, 0x03, 0x05, 0x02, 0x6A, 0x28, 0x01, 0x00,
574 0x03, 0x03, 0xBC, 0x04, 0x80, 0x7F, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x0F,
575 0x25, 0x02, 0x05, 0x05, 0x02, 0x6A, 0x28, 0x01, 0x00, 0x03, 0x05, 0xBA,
576 0x04, 0x80, 0x6A, 0x01, 0x83, 0xFE, 0x01, 0x38, 0x0E, 0x06, 0x0F, 0x25,
577 0x02, 0x04, 0x05, 0x02, 0x6A, 0x28, 0x01, 0x00, 0x03, 0x04, 0xBB, 0x04,
578 0x80, 0x53, 0x01, 0x0D, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x06, 0x05,
579 0x02, 0x6A, 0x28, 0x01, 0x00, 0x03, 0x06, 0xB8, 0x04, 0x3F, 0x01, 0x0A,
580 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x07, 0x05, 0x02, 0x6A, 0x28, 0x01,
581 0x00, 0x03, 0x07, 0xB8, 0x04, 0x2B, 0x01, 0x0B, 0x38, 0x0E, 0x06, 0x0E,
582 0x25, 0x02, 0x08, 0x05, 0x02, 0x6A, 0x28, 0x01, 0x00, 0x03, 0x08, 0xB8,
583 0x04, 0x17, 0x01, 0x10, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x09, 0x05,
584 0x02, 0x6A, 0x28, 0x01, 0x00, 0x03, 0x09, 0xAC, 0x04, 0x03, 0x6A, 0x28,
585 0x25, 0x04, 0xFE, 0x64, 0x02, 0x04, 0x06, 0x0D, 0x02, 0x04, 0x01, 0x05,
586 0x0F, 0x06, 0x02, 0x67, 0x28, 0x01, 0x01, 0x86, 0x3E, 0x99, 0x99, 0x02,
587 0x01, 0x00, 0x04, 0xB6, 0x01, 0x0C, 0x0E, 0x05, 0x02, 0x70, 0x28, 0xBF,
588 0x01, 0x03, 0x0E, 0x05, 0x02, 0x6B, 0x28, 0xBD, 0x26, 0x7A, 0x3E, 0x26,
589 0x01, 0x20, 0x10, 0x06, 0x02, 0x6B, 0x28, 0x40, 0x44, 0x11, 0x01, 0x01,
590 0x17, 0x05, 0x02, 0x6B, 0x28, 0xBF, 0x26, 0x01, 0x81, 0x05, 0x0F, 0x06,
591 0x02, 0x6B, 0x28, 0x26, 0x7C, 0x3E, 0x7B, 0x44, 0xB4, 0x90, 0x2C, 0x01,
592 0x86, 0x03, 0x10, 0x03, 0x00, 0x77, 0x2C, 0xC9, 0x03, 0x01, 0x01, 0x02,
593 0x03, 0x02, 0x02, 0x00, 0x06, 0x21, 0xBF, 0x26, 0x26, 0x01, 0x02, 0x0A,
594 0x44, 0x01, 0x06, 0x0F, 0x37, 0x06, 0x02, 0x6B, 0x28, 0x03, 0x02, 0xBF,
595 0x02, 0x01, 0x01, 0x01, 0x0B, 0x01, 0x03, 0x08, 0x0E, 0x05, 0x02, 0x6B,
596 0x28, 0x04, 0x08, 0x02, 0x01, 0x06, 0x04, 0x01, 0x00, 0x03, 0x02, 0xBD,
597 0x26, 0x03, 0x03, 0x26, 0x01, 0x84, 0x00, 0x0F, 0x06, 0x02, 0x6C, 0x28,
598 0x82, 0x44, 0xB4, 0x02, 0x02, 0x02, 0x01, 0x02, 0x03, 0x4E, 0x26, 0x06,
599 0x01, 0x28, 0x25, 0x99, 0x00, 0x02, 0x03, 0x00, 0x03, 0x01, 0x02, 0x00,
600 0x95, 0x02, 0x01, 0x02, 0x00, 0x39, 0x26, 0x01, 0x00, 0x0E, 0x06, 0x02,
601 0x5E, 0x00, 0xCD, 0x04, 0x74, 0x02, 0x01, 0x00, 0x03, 0x00, 0xBF, 0xA8,
602 0x26, 0x06, 0x80, 0x43, 0xBF, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x06, 0x25,
603 0x01, 0x81, 0x7F, 0x04, 0x2E, 0x01, 0x80, 0x40, 0x38, 0x0E, 0x06, 0x07,
604 0x25, 0x01, 0x83, 0xFE, 0x00, 0x04, 0x20, 0x01, 0x80, 0x41, 0x38, 0x0E,
605 0x06, 0x07, 0x25, 0x01, 0x84, 0x80, 0x00, 0x04, 0x12, 0x01, 0x80, 0x42,
606 0x38, 0x0E, 0x06, 0x07, 0x25, 0x01, 0x88, 0x80, 0x00, 0x04, 0x04, 0x01,
607 0x00, 0x44, 0x25, 0x02, 0x00, 0x37, 0x03, 0x00, 0x04, 0xFF, 0x39, 0x99,
608 0x77, 0x2C, 0xC7, 0x05, 0x09, 0x02, 0x00, 0x01, 0x83, 0xFF, 0x7F, 0x17,
609 0x03, 0x00, 0x90, 0x2C, 0x01, 0x86, 0x03, 0x10, 0x06, 0x3A, 0xB9, 0x26,
610 0x7F, 0x3D, 0x41, 0x25, 0x26, 0x01, 0x08, 0x0B, 0x37, 0x01, 0x8C, 0x80,
611 0x00, 0x37, 0x17, 0x02, 0x00, 0x17, 0x02, 0x00, 0x01, 0x8C, 0x80, 0x00,
612 0x17, 0x06, 0x19, 0x26, 0x01, 0x81, 0x7F, 0x17, 0x06, 0x05, 0x01, 0x84,
613 0x80, 0x00, 0x37, 0x26, 0x01, 0x83, 0xFE, 0x00, 0x17, 0x06, 0x05, 0x01,
614 0x88, 0x80, 0x00, 0x37, 0x03, 0x00, 0x04, 0x09, 0x02, 0x00, 0x01, 0x8C,
615 0x88, 0x01, 0x17, 0x03, 0x00, 0x16, 0xBD, 0xA8, 0x26, 0x06, 0x23, 0xBD,
616 0xA8, 0x26, 0x15, 0x26, 0x06, 0x18, 0x26, 0x01, 0x82, 0x00, 0x0F, 0x06,
617 0x05, 0x01, 0x82, 0x00, 0x04, 0x01, 0x26, 0x03, 0x01, 0x82, 0x02, 0x01,
618 0xB4, 0x02, 0x01, 0x12, 0x04, 0x65, 0x99, 0x13, 0x04, 0x5A, 0x99, 0x14,
619 0x99, 0x02, 0x00, 0x2A, 0x00, 0x00, 0xB7, 0x26, 0x58, 0x06, 0x07, 0x25,
620 0x06, 0x02, 0x64, 0x28, 0x04, 0x74, 0x00, 0x00, 0xC0, 0x01, 0x03, 0xBE,
621 0x44, 0x25, 0x44, 0x00, 0x00, 0xBD, 0xC4, 0x00, 0x03, 0x01, 0x00, 0x03,
622 0x00, 0xBD, 0xA8, 0x26, 0x06, 0x80, 0x50, 0xBF, 0x03, 0x01, 0xBF, 0x03,
623 0x02, 0x02, 0x01, 0x01, 0x08, 0x0E, 0x06, 0x16, 0x02, 0x02, 0x01, 0x0F,
624 0x0C, 0x06, 0x0D, 0x01, 0x01, 0x02, 0x02, 0x01, 0x10, 0x08, 0x0B, 0x02,
625 0x00, 0x37, 0x03, 0x00, 0x04, 0x2A, 0x02, 0x01, 0x01, 0x02, 0x10, 0x02,
626 0x01, 0x01, 0x06, 0x0C, 0x17, 0x02, 0x02, 0x01, 0x01, 0x0E, 0x02, 0x02,
627 0x01, 0x03, 0x0E, 0x37, 0x17, 0x06, 0x11, 0x02, 0x00, 0x01, 0x01, 0x02,
628 0x02, 0x5B, 0x01, 0x02, 0x0B, 0x02, 0x01, 0x08, 0x0B, 0x37, 0x03, 0x00,
629 0x04, 0xFF, 0x2C, 0x99, 0x02, 0x00, 0x00, 0x00, 0xBD, 0x01, 0x01, 0x0E,
630 0x05, 0x02, 0x63, 0x28, 0xBF, 0x01, 0x08, 0x08, 0x80, 0x2E, 0x0E, 0x05,
631 0x02, 0x63, 0x28, 0x00, 0x00, 0xBD, 0x86, 0x2E, 0x05, 0x15, 0x01, 0x01,
632 0x0E, 0x05, 0x02, 0x67, 0x28, 0xBF, 0x01, 0x00, 0x0E, 0x05, 0x02, 0x67,
633 0x28, 0x01, 0x02, 0x86, 0x3E, 0x04, 0x1C, 0x01, 0x19, 0x0E, 0x05, 0x02,
634 0x67, 0x28, 0xBF, 0x01, 0x18, 0x0E, 0x05, 0x02, 0x67, 0x28, 0x82, 0x01,
635 0x18, 0xB4, 0x87, 0x82, 0x01, 0x18, 0x30, 0x05, 0x02, 0x67, 0x28, 0x00,
636 0x00, 0xBD, 0x06, 0x02, 0x68, 0x28, 0x00, 0x00, 0x01, 0x02, 0x95, 0xC0,
637 0x01, 0x08, 0x0B, 0xC0, 0x08, 0x00, 0x00, 0x01, 0x03, 0x95, 0xC0, 0x01,
638 0x08, 0x0B, 0xC0, 0x08, 0x01, 0x08, 0x0B, 0xC0, 0x08, 0x00, 0x00, 0x01,
639 0x01, 0x95, 0xC0, 0x00, 0x00, 0x3A, 0x26, 0x56, 0x05, 0x01, 0x00, 0x25,
640 0xCD, 0x04, 0x76, 0x02, 0x03, 0x00, 0x8F, 0x2E, 0x03, 0x01, 0x01, 0x00,
641 0x26, 0x02, 0x01, 0x0A, 0x06, 0x10, 0x26, 0x01, 0x01, 0x0B, 0x8E, 0x08,
642 0x2C, 0x02, 0x00, 0x0E, 0x06, 0x01, 0x00, 0x5A, 0x04, 0x6A, 0x25, 0x01,
643 0x7F, 0x00, 0x00, 0x01, 0x15, 0x85, 0x3E, 0x44, 0x50, 0x25, 0x50, 0x25,
644 0x29, 0x00, 0x00, 0x01, 0x01, 0x44, 0xC2, 0x00, 0x00, 0x44, 0x38, 0x95,
645 0x44, 0x26, 0x06, 0x05, 0xC0, 0x25, 0x5B, 0x04, 0x78, 0x25, 0x00, 0x00,
646 0x26, 0x01, 0x81, 0xAC, 0x00, 0x0E, 0x06, 0x04, 0x25, 0x01, 0x7F, 0x00,
647 0x98, 0x57, 0x00, 0x02, 0x03, 0x00, 0x77, 0x2C, 0x98, 0x03, 0x01, 0x02,
648 0x01, 0x01, 0x0F, 0x17, 0x02, 0x01, 0x01, 0x04, 0x11, 0x01, 0x0F, 0x17,
649 0x02, 0x01, 0x01, 0x08, 0x11, 0x01, 0x0F, 0x17, 0x01, 0x00, 0x38, 0x0E,
650 0x06, 0x10, 0x25, 0x01, 0x00, 0x01, 0x18, 0x02, 0x00, 0x06, 0x03, 0x47,
651 0x04, 0x01, 0x48, 0x04, 0x80, 0x68, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x10,
652 0x25, 0x01, 0x01, 0x01, 0x10, 0x02, 0x00, 0x06, 0x03, 0x47, 0x04, 0x01,
653 0x48, 0x04, 0x80, 0x52, 0x01, 0x02, 0x38, 0x0E, 0x06, 0x0F, 0x25, 0x01,
654 0x01, 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x47, 0x04, 0x01, 0x48, 0x04,
655 0x3D, 0x01, 0x03, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x25, 0x01, 0x10, 0x02,
656 0x00, 0x06, 0x03, 0x45, 0x04, 0x01, 0x46, 0x04, 0x29, 0x01, 0x04, 0x38,
657 0x0E, 0x06, 0x0E, 0x25, 0x25, 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x45,
658 0x04, 0x01, 0x46, 0x04, 0x15, 0x01, 0x05, 0x38, 0x0E, 0x06, 0x0C, 0x25,
659 0x25, 0x02, 0x00, 0x06, 0x03, 0x49, 0x04, 0x01, 0x4A, 0x04, 0x03, 0x66,
660 0x28, 0x25, 0x00, 0x00, 0x98, 0x01, 0x0C, 0x11, 0x01, 0x02, 0x0F, 0x00,
661 0x00, 0x98, 0x01, 0x0C, 0x11, 0x26, 0x59, 0x44, 0x01, 0x03, 0x0A, 0x17,
662 0x00, 0x00, 0x98, 0x01, 0x0C, 0x11, 0x01, 0x01, 0x0E, 0x00, 0x00, 0x98,
663 0x01, 0x0C, 0x11, 0x58, 0x00, 0x00, 0x1B, 0x01, 0x00, 0x73, 0x2E, 0x26,
664 0x06, 0x22, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x06, 0x25, 0x01, 0x00, 0x9C,
665 0x04, 0x14, 0x01, 0x02, 0x38, 0x0E, 0x06, 0x0D, 0x25, 0x75, 0x2E, 0x01,
666 0x01, 0x0E, 0x06, 0x03, 0x01, 0x10, 0x37, 0x04, 0x01, 0x25, 0x04, 0x01,
667 0x25, 0x79, 0x2E, 0x05, 0x33, 0x2F, 0x06, 0x30, 0x84, 0x2E, 0x01, 0x14,
668 0x38, 0x0E, 0x06, 0x06, 0x25, 0x01, 0x02, 0x37, 0x04, 0x22, 0x01, 0x15,
669 0x38, 0x0E, 0x06, 0x09, 0x25, 0xAB, 0x06, 0x03, 0x01, 0x7F, 0x9C, 0x04,
670 0x13, 0x01, 0x16, 0x38, 0x0E, 0x06, 0x06, 0x25, 0x01, 0x01, 0x37, 0x04,
671 0x07, 0x25, 0x01, 0x04, 0x37, 0x01, 0x00, 0x25, 0x1A, 0x06, 0x03, 0x01,
672 0x08, 0x37, 0x00, 0x00, 0x1B, 0x26, 0x05, 0x13, 0x2F, 0x06, 0x10, 0x84,
673 0x2E, 0x01, 0x15, 0x0E, 0x06, 0x08, 0x25, 0xAB, 0x01, 0x00, 0x75, 0x3E,
674 0x04, 0x01, 0x20, 0x00, 0x00, 0xCB, 0x01, 0x07, 0x17, 0x01, 0x01, 0x0F,
675 0x06, 0x02, 0x70, 0x28, 0x00, 0x01, 0x03, 0x00, 0x29, 0x1A, 0x06, 0x05,
676 0x02, 0x00, 0x85, 0x3E, 0x00, 0xCB, 0x25, 0x04, 0x74, 0x00, 0x01, 0x14,
677 0xCE, 0x01, 0x01, 0xDB, 0x29, 0x26, 0x01, 0x00, 0xC6, 0x01, 0x16, 0xCE,
678 0xD4, 0x29, 0x00, 0x00, 0x01, 0x0B, 0xDB, 0x4C, 0x26, 0x26, 0x01, 0x03,
679 0x08, 0xDA, 0xDA, 0x18, 0x26, 0x56, 0x06, 0x02, 0x25, 0x00, 0xDA, 0x1D,
680 0x26, 0x06, 0x05, 0x82, 0x44, 0xD5, 0x04, 0x77, 0x25, 0x04, 0x6C, 0x00,
681 0x21, 0x01, 0x0F, 0xDB, 0x26, 0x90, 0x2C, 0x01, 0x86, 0x03, 0x10, 0x06,
682 0x0C, 0x01, 0x04, 0x08, 0xDA, 0x7E, 0x2E, 0xDB, 0x76, 0x2E, 0xDB, 0x04,
683 0x02, 0x5C, 0xDA, 0x26, 0xD9, 0x82, 0x44, 0xD5, 0x00, 0x02, 0xA2, 0xA4,
684 0x08, 0xA0, 0x08, 0xA3, 0x08, 0xA5, 0x08, 0xA1, 0x08, 0x27, 0x08, 0x03,
685 0x00, 0x01, 0x01, 0xDB, 0x01, 0x27, 0x8C, 0x2E, 0x08, 0x8F, 0x2E, 0x01,
686 0x01, 0x0B, 0x08, 0x02, 0x00, 0x06, 0x04, 0x5C, 0x02, 0x00, 0x08, 0x81,
687 0x2C, 0x38, 0x09, 0x26, 0x59, 0x06, 0x24, 0x02, 0x00, 0x05, 0x04, 0x44,
688 0x5C, 0x44, 0x5D, 0x01, 0x04, 0x09, 0x26, 0x56, 0x06, 0x03, 0x25, 0x01,
689 0x00, 0x26, 0x01, 0x04, 0x08, 0x02, 0x00, 0x08, 0x03, 0x00, 0x44, 0x01,
690 0x04, 0x08, 0x38, 0x08, 0x44, 0x04, 0x03, 0x25, 0x01, 0x7F, 0x03, 0x01,
691 0xDA, 0x92, 0x2C, 0xD9, 0x78, 0x01, 0x04, 0x19, 0x78, 0x01, 0x04, 0x08,
692 0x01, 0x1C, 0x32, 0x78, 0x01, 0x20, 0xD5, 0x8B, 0x8C, 0x2E, 0xD7, 0x8F,
693 0x2E, 0x26, 0x01, 0x01, 0x0B, 0xD9, 0x8E, 0x44, 0x26, 0x06, 0x0F, 0x5B,
694 0x38, 0x2C, 0x26, 0xC5, 0x05, 0x02, 0x60, 0x28, 0xD9, 0x44, 0x5C, 0x44,
695 0x04, 0x6E, 0x5E, 0x01, 0x01, 0xDB, 0x01, 0x00, 0xDB, 0x02, 0x00, 0x06,
696 0x81, 0x5A, 0x02, 0x00, 0xD9, 0xA2, 0x06, 0x0E, 0x01, 0x83, 0xFE, 0x01,
697 0xD9, 0x87, 0xA2, 0x01, 0x04, 0x09, 0x26, 0xD9, 0x5B, 0xD7, 0xA4, 0x06,
698 0x16, 0x01, 0x00, 0xD9, 0x89, 0xA4, 0x01, 0x04, 0x09, 0x26, 0xD9, 0x01,
699 0x02, 0x09, 0x26, 0xD9, 0x01, 0x00, 0xDB, 0x01, 0x03, 0x09, 0xD6, 0xA0,
700 0x06, 0x0C, 0x01, 0x01, 0xD9, 0x01, 0x01, 0xD9, 0x80, 0x2E, 0x01, 0x08,
701 0x09, 0xDB, 0xA3, 0x06, 0x19, 0x01, 0x0D, 0xD9, 0xA3, 0x01, 0x04, 0x09,
702 0x26, 0xD9, 0x01, 0x02, 0x09, 0xD9, 0x42, 0x06, 0x03, 0x01, 0x03, 0xD8,
703 0x43, 0x06, 0x03, 0x01, 0x01, 0xD8, 0xA5, 0x26, 0x06, 0x36, 0x01, 0x0A,
704 0xD9, 0x01, 0x04, 0x09, 0x26, 0xD9, 0x5D, 0xD9, 0x40, 0x01, 0x00, 0x26,
705 0x01, 0x82, 0x80, 0x80, 0x80, 0x00, 0x17, 0x06, 0x0A, 0x01, 0xFD, 0xFF,
706 0xFF, 0xFF, 0x7F, 0x17, 0x01, 0x1D, 0xD9, 0x26, 0x01, 0x20, 0x0A, 0x06,
707 0x0C, 0x9E, 0x11, 0x01, 0x01, 0x17, 0x06, 0x02, 0x26, 0xD9, 0x5A, 0x04,
708 0x6E, 0x5E, 0x04, 0x01, 0x25, 0xA1, 0x06, 0x0A, 0x01, 0x0B, 0xD9, 0x01,
709 0x02, 0xD9, 0x01, 0x82, 0x00, 0xD9, 0x27, 0x26, 0x06, 0x1F, 0x01, 0x10,
710 0xD9, 0x01, 0x04, 0x09, 0x26, 0xD9, 0x5D, 0xD9, 0x83, 0x2C, 0x01, 0x00,
711 0x9E, 0x0F, 0x06, 0x0A, 0x26, 0x1E, 0x26, 0xDB, 0x82, 0x44, 0xD5, 0x5A,
712 0x04, 0x72, 0x5E, 0x04, 0x01, 0x25, 0x02, 0x01, 0x56, 0x05, 0x11, 0x01,
713 0x15, 0xD9, 0x02, 0x01, 0x26, 0xD9, 0x26, 0x06, 0x06, 0x5B, 0x01, 0x00,
714 0xDB, 0x04, 0x77, 0x25, 0x00, 0x00, 0x01, 0x10, 0xDB, 0x77, 0x2C, 0x26,
715 0xCA, 0x06, 0x0C, 0xA9, 0x23, 0x26, 0x5C, 0xDA, 0x26, 0xD9, 0x82, 0x44,
716 0xD5, 0x04, 0x0D, 0x26, 0xC8, 0x44, 0xA9, 0x22, 0x26, 0x5A, 0xDA, 0x26,
717 0xDB, 0x82, 0x44, 0xD5, 0x00, 0x00, 0x9A, 0x01, 0x14, 0xDB, 0x01, 0x0C,
718 0xDA, 0x82, 0x01, 0x0C, 0xD5, 0x00, 0x00, 0x4F, 0x26, 0x01, 0x00, 0x0E,
719 0x06, 0x02, 0x5E, 0x00, 0xCB, 0x25, 0x04, 0x73, 0x00, 0x26, 0xD9, 0xD5,
720 0x00, 0x00, 0x26, 0xDB, 0xD5, 0x00, 0x01, 0x03, 0x00, 0x41, 0x25, 0x26,
721 0x01, 0x10, 0x17, 0x06, 0x06, 0x01, 0x04, 0xDB, 0x02, 0x00, 0xDB, 0x26,
722 0x01, 0x08, 0x17, 0x06, 0x06, 0x01, 0x03, 0xDB, 0x02, 0x00, 0xDB, 0x26,
723 0x01, 0x20, 0x17, 0x06, 0x06, 0x01, 0x05, 0xDB, 0x02, 0x00, 0xDB, 0x26,
724 0x01, 0x80, 0x40, 0x17, 0x06, 0x06, 0x01, 0x06, 0xDB, 0x02, 0x00, 0xDB,
725 0x01, 0x04, 0x17, 0x06, 0x06, 0x01, 0x02, 0xDB, 0x02, 0x00, 0xDB, 0x00,
726 0x00, 0x26, 0x01, 0x08, 0x4D, 0xDB, 0xDB, 0x00, 0x00, 0x26, 0x01, 0x10,
727 0x4D, 0xDB, 0xD9, 0x00, 0x00, 0x26, 0x50, 0x06, 0x02, 0x25, 0x00, 0xCB,
728 0x25, 0x04, 0x76
729 };
730
731 static const uint16_t t0_caddr[] = {
732 0,
733 5,
734 10,
735 15,
736 20,
737 25,
738 30,
739 35,
740 40,
741 44,
742 48,
743 52,
744 56,
745 60,
746 64,
747 68,
748 72,
749 76,
750 80,
751 84,
752 88,
753 92,
754 96,
755 100,
756 104,
757 108,
758 112,
759 116,
760 120,
761 124,
762 129,
763 134,
764 139,
765 144,
766 149,
767 154,
768 159,
769 164,
770 169,
771 174,
772 179,
773 184,
774 189,
775 194,
776 199,
777 204,
778 209,
779 214,
780 219,
781 224,
782 229,
783 234,
784 239,
785 244,
786 249,
787 254,
788 259,
789 264,
790 269,
791 274,
792 279,
793 284,
794 289,
795 294,
796 303,
797 316,
798 320,
799 345,
800 351,
801 370,
802 381,
803 422,
804 542,
805 546,
806 611,
807 626,
808 637,
809 655,
810 684,
811 694,
812 730,
813 740,
814 810,
815 824,
816 830,
817 889,
818 908,
819 943,
820 992,
821 1068,
822 1095,
823 1126,
824 1137,
825 1462,
826 1609,
827 1633,
828 1849,
829 1863,
830 1872,
831 1876,
832 1971,
833 1992,
834 2048,
835 2055,
836 2066,
837 2082,
838 2088,
839 2099,
840 2134,
841 2146,
842 2152,
843 2167,
844 2183,
845 2339,
846 2348,
847 2361,
848 2370,
849 2377,
850 2483,
851 2508,
852 2521,
853 2537,
854 2555,
855 2587,
856 2621,
857 2989,
858 3025,
859 3038,
860 3052,
861 3057,
862 3062,
863 3128,
864 3136,
865 3144
866 };
867
868 #define T0_INTERPRETED 86
869
870 #define T0_ENTER(ip, rp, slot) do { \
871 const unsigned char *t0_newip; \
872 uint32_t t0_lnum; \
873 t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \
874 t0_lnum = t0_parse7E_unsigned(&t0_newip); \
875 (rp) += t0_lnum; \
876 *((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \
877 (ip) = t0_newip; \
878 } while (0)
879
880 #define T0_DEFENTRY(name, slot) \
881 void \
882 name(void *ctx) \
883 { \
884 t0_context *t0ctx = ctx; \
885 t0ctx->ip = &t0_codeblock[0]; \
886 T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \
887 }
888
889 T0_DEFENTRY(br_ssl_hs_client_init_main, 167)
890
891 #define T0_NEXT(t0ipp) (*(*(t0ipp)) ++)
892
893 void
894 br_ssl_hs_client_run(void *t0ctx)
895 {
896 uint32_t *dp, *rp;
897 const unsigned char *ip;
898
899 #define T0_LOCAL(x) (*(rp - 2 - (x)))
900 #define T0_POP() (*-- dp)
901 #define T0_POPi() (*(int32_t *)(-- dp))
902 #define T0_PEEK(x) (*(dp - 1 - (x)))
903 #define T0_PEEKi(x) (*(int32_t *)(dp - 1 - (x)))
904 #define T0_PUSH(v) do { *dp = (v); dp ++; } while (0)
905 #define T0_PUSHi(v) do { *(int32_t *)dp = (v); dp ++; } while (0)
906 #define T0_RPOP() (*-- rp)
907 #define T0_RPOPi() (*(int32_t *)(-- rp))
908 #define T0_RPUSH(v) do { *rp = (v); rp ++; } while (0)
909 #define T0_RPUSHi(v) do { *(int32_t *)rp = (v); rp ++; } while (0)
910 #define T0_ROLL(x) do { \
911 size_t t0len = (size_t)(x); \
912 uint32_t t0tmp = *(dp - 1 - t0len); \
913 memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \
914 *(dp - 1) = t0tmp; \
915 } while (0)
916 #define T0_SWAP() do { \
917 uint32_t t0tmp = *(dp - 2); \
918 *(dp - 2) = *(dp - 1); \
919 *(dp - 1) = t0tmp; \
920 } while (0)
921 #define T0_ROT() do { \
922 uint32_t t0tmp = *(dp - 3); \
923 *(dp - 3) = *(dp - 2); \
924 *(dp - 2) = *(dp - 1); \
925 *(dp - 1) = t0tmp; \
926 } while (0)
927 #define T0_NROT() do { \
928 uint32_t t0tmp = *(dp - 1); \
929 *(dp - 1) = *(dp - 2); \
930 *(dp - 2) = *(dp - 3); \
931 *(dp - 3) = t0tmp; \
932 } while (0)
933 #define T0_PICK(x) do { \
934 uint32_t t0depth = (x); \
935 T0_PUSH(T0_PEEK(t0depth)); \
936 } while (0)
937 #define T0_CO() do { \
938 goto t0_exit; \
939 } while (0)
940 #define T0_RET() goto t0_next
941
942 dp = ((t0_context *)t0ctx)->dp;
943 rp = ((t0_context *)t0ctx)->rp;
944 ip = ((t0_context *)t0ctx)->ip;
945 goto t0_next;
946 for (;;) {
947 uint32_t t0x;
948
949 t0_next:
950 t0x = T0_NEXT(&ip);
951 if (t0x < T0_INTERPRETED) {
952 switch (t0x) {
953 int32_t t0off;
954
955 case 0: /* ret */
956 t0x = T0_RPOP();
957 rp -= (t0x >> 16);
958 t0x &= 0xFFFF;
959 if (t0x == 0) {
960 ip = NULL;
961 goto t0_exit;
962 }
963 ip = &t0_codeblock[t0x];
964 break;
965 case 1: /* literal constant */
966 T0_PUSHi(t0_parse7E_signed(&ip));
967 break;
968 case 2: /* read local */
969 T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip)));
970 break;
971 case 3: /* write local */
972 T0_LOCAL(t0_parse7E_unsigned(&ip)) = T0_POP();
973 break;
974 case 4: /* jump */
975 t0off = t0_parse7E_signed(&ip);
976 ip += t0off;
977 break;
978 case 5: /* jump if */
979 t0off = t0_parse7E_signed(&ip);
980 if (T0_POP()) {
981 ip += t0off;
982 }
983 break;
984 case 6: /* jump if not */
985 t0off = t0_parse7E_signed(&ip);
986 if (!T0_POP()) {
987 ip += t0off;
988 }
989 break;
990 case 7: {
991 /* * */
992
993 uint32_t b = T0_POP();
994 uint32_t a = T0_POP();
995 T0_PUSH(a * b);
996
997 }
998 break;
999 case 8: {
1000 /* + */
1001
1002 uint32_t b = T0_POP();
1003 uint32_t a = T0_POP();
1004 T0_PUSH(a + b);
1005
1006 }
1007 break;
1008 case 9: {
1009 /* - */
1010
1011 uint32_t b = T0_POP();
1012 uint32_t a = T0_POP();
1013 T0_PUSH(a - b);
1014
1015 }
1016 break;
1017 case 10: {
1018 /* < */
1019
1020 int32_t b = T0_POPi();
1021 int32_t a = T0_POPi();
1022 T0_PUSH(-(uint32_t)(a < b));
1023
1024 }
1025 break;
1026 case 11: {
1027 /* << */
1028
1029 int c = (int)T0_POPi();
1030 uint32_t x = T0_POP();
1031 T0_PUSH(x << c);
1032
1033 }
1034 break;
1035 case 12: {
1036 /* <= */
1037
1038 int32_t b = T0_POPi();
1039 int32_t a = T0_POPi();
1040 T0_PUSH(-(uint32_t)(a <= b));
1041
1042 }
1043 break;
1044 case 13: {
1045 /* <> */
1046
1047 uint32_t b = T0_POP();
1048 uint32_t a = T0_POP();
1049 T0_PUSH(-(uint32_t)(a != b));
1050
1051 }
1052 break;
1053 case 14: {
1054 /* = */
1055
1056 uint32_t b = T0_POP();
1057 uint32_t a = T0_POP();
1058 T0_PUSH(-(uint32_t)(a == b));
1059
1060 }
1061 break;
1062 case 15: {
1063 /* > */
1064
1065 int32_t b = T0_POPi();
1066 int32_t a = T0_POPi();
1067 T0_PUSH(-(uint32_t)(a > b));
1068
1069 }
1070 break;
1071 case 16: {
1072 /* >= */
1073
1074 int32_t b = T0_POPi();
1075 int32_t a = T0_POPi();
1076 T0_PUSH(-(uint32_t)(a >= b));
1077
1078 }
1079 break;
1080 case 17: {
1081 /* >> */
1082
1083 int c = (int)T0_POPi();
1084 int32_t x = T0_POPi();
1085 T0_PUSHi(x >> c);
1086
1087 }
1088 break;
1089 case 18: {
1090 /* anchor-dn-append-name */
1091
1092 size_t len;
1093
1094 len = T0_POP();
1095 if (CTX->client_auth_vtable != NULL) {
1096 (*CTX->client_auth_vtable)->append_name(
1097 CTX->client_auth_vtable, ENG->pad, len);
1098 }
1099
1100 }
1101 break;
1102 case 19: {
1103 /* anchor-dn-end-name */
1104
1105 if (CTX->client_auth_vtable != NULL) {
1106 (*CTX->client_auth_vtable)->end_name(
1107 CTX->client_auth_vtable);
1108 }
1109
1110 }
1111 break;
1112 case 20: {
1113 /* anchor-dn-end-name-list */
1114
1115 if (CTX->client_auth_vtable != NULL) {
1116 (*CTX->client_auth_vtable)->end_name_list(
1117 CTX->client_auth_vtable);
1118 }
1119
1120 }
1121 break;
1122 case 21: {
1123 /* anchor-dn-start-name */
1124
1125 size_t len;
1126
1127 len = T0_POP();
1128 if (CTX->client_auth_vtable != NULL) {
1129 (*CTX->client_auth_vtable)->start_name(
1130 CTX->client_auth_vtable, len);
1131 }
1132
1133 }
1134 break;
1135 case 22: {
1136 /* anchor-dn-start-name-list */
1137
1138 if (CTX->client_auth_vtable != NULL) {
1139 (*CTX->client_auth_vtable)->start_name_list(
1140 CTX->client_auth_vtable);
1141 }
1142
1143 }
1144 break;
1145 case 23: {
1146 /* and */
1147
1148 uint32_t b = T0_POP();
1149 uint32_t a = T0_POP();
1150 T0_PUSH(a & b);
1151
1152 }
1153 break;
1154 case 24: {
1155 /* begin-cert */
1156
1157 if (ENG->chain_len == 0) {
1158 T0_PUSHi(-1);
1159 } else {
1160 ENG->cert_cur = ENG->chain->data;
1161 ENG->cert_len = ENG->chain->data_len;
1162 ENG->chain ++;
1163 ENG->chain_len --;
1164 T0_PUSH(ENG->cert_len);
1165 }
1166
1167 }
1168 break;
1169 case 25: {
1170 /* bzero */
1171
1172 size_t len = (size_t)T0_POP();
1173 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
1174 memset(addr, 0, len);
1175
1176 }
1177 break;
1178 case 26: {
1179 /* can-output? */
1180
1181 T0_PUSHi(-(ENG->hlen_out > 0));
1182
1183 }
1184 break;
1185 case 27: {
1186 /* co */
1187 T0_CO();
1188 }
1189 break;
1190 case 28: {
1191 /* compute-Finished-inner */
1192
1193 int prf_id = T0_POP();
1194 int from_client = T0_POPi();
1195 unsigned char seed[48];
1196 size_t seed_len;
1197
1198 br_tls_prf_impl prf = br_ssl_engine_get_PRF(ENG, prf_id);
1199 if (ENG->session.version >= BR_TLS12) {
1200 seed_len = br_multihash_out(&ENG->mhash, prf_id, seed);
1201 } else {
1202 br_multihash_out(&ENG->mhash, br_md5_ID, seed);
1203 br_multihash_out(&ENG->mhash, br_sha1_ID, seed + 16);
1204 seed_len = 36;
1205 }
1206 prf(ENG->pad, 12, ENG->session.master_secret,
1207 sizeof ENG->session.master_secret,
1208 from_client ? "client finished" : "server finished",
1209 seed, seed_len);
1210
1211 }
1212 break;
1213 case 29: {
1214 /* copy-cert-chunk */
1215
1216 size_t clen;
1217
1218 clen = ENG->cert_len;
1219 if (clen > sizeof ENG->pad) {
1220 clen = sizeof ENG->pad;
1221 }
1222 memcpy(ENG->pad, ENG->cert_cur, clen);
1223 ENG->cert_cur += clen;
1224 ENG->cert_len -= clen;
1225 T0_PUSH(clen);
1226
1227 }
1228 break;
1229 case 30: {
1230 /* copy-protocol-name */
1231
1232 size_t idx = T0_POP();
1233 size_t len = strlen(ENG->protocol_names[idx]);
1234 memcpy(ENG->pad, ENG->protocol_names[idx], len);
1235 T0_PUSH(len);
1236
1237 }
1238 break;
1239 case 31: {
1240 /* data-get8 */
1241
1242 size_t addr = T0_POP();
1243 T0_PUSH(t0_datablock[addr]);
1244
1245 }
1246 break;
1247 case 32: {
1248 /* discard-input */
1249
1250 ENG->hlen_in = 0;
1251
1252 }
1253 break;
1254 case 33: {
1255 /* do-client-sign */
1256
1257 size_t sig_len;
1258
1259 sig_len = make_client_sign(CTX);
1260 if (sig_len == 0) {
1261 br_ssl_engine_fail(ENG, BR_ERR_INVALID_ALGORITHM);
1262 T0_CO();
1263 }
1264 T0_PUSH(sig_len);
1265
1266 }
1267 break;
1268 case 34: {
1269 /* do-ecdh */
1270
1271 unsigned prf_id = T0_POP();
1272 unsigned ecdhe = T0_POP();
1273 int x;
1274
1275 x = make_pms_ecdh(CTX, ecdhe, prf_id);
1276 if (x < 0) {
1277 br_ssl_engine_fail(ENG, -x);
1278 T0_CO();
1279 } else {
1280 T0_PUSH(x);
1281 }
1282
1283 }
1284 break;
1285 case 35: {
1286 /* do-rsa-encrypt */
1287
1288 int x;
1289
1290 x = make_pms_rsa(CTX, T0_POP());
1291 if (x < 0) {
1292 br_ssl_engine_fail(ENG, -x);
1293 T0_CO();
1294 } else {
1295 T0_PUSH(x);
1296 }
1297
1298 }
1299 break;
1300 case 36: {
1301 /* do-static-ecdh */
1302
1303 unsigned prf_id = T0_POP();
1304
1305 if (make_pms_static_ecdh(CTX, prf_id) < 0) {
1306 br_ssl_engine_fail(ENG, BR_ERR_INVALID_ALGORITHM);
1307 T0_CO();
1308 }
1309
1310 }
1311 break;
1312 case 37: {
1313 /* drop */
1314 (void)T0_POP();
1315 }
1316 break;
1317 case 38: {
1318 /* dup */
1319 T0_PUSH(T0_PEEK(0));
1320 }
1321 break;
1322 case 39: {
1323 /* ext-ALPN-length */
1324
1325 size_t u, len;
1326
1327 if (ENG->protocol_names_num == 0) {
1328 T0_PUSH(0);
1329 T0_RET();
1330 }
1331 len = 6;
1332 for (u = 0; u < ENG->protocol_names_num; u ++) {
1333 len += 1 + strlen(ENG->protocol_names[u]);
1334 }
1335 T0_PUSH(len);
1336
1337 }
1338 break;
1339 case 40: {
1340 /* fail */
1341
1342 br_ssl_engine_fail(ENG, (int)T0_POPi());
1343 T0_CO();
1344
1345 }
1346 break;
1347 case 41: {
1348 /* flush-record */
1349
1350 br_ssl_engine_flush_record(ENG);
1351
1352 }
1353 break;
1354 case 42: {
1355 /* get-client-chain */
1356
1357 uint32_t auth_types;
1358
1359 auth_types = T0_POP();
1360 if (CTX->client_auth_vtable != NULL) {
1361 br_ssl_client_certificate ux;
1362
1363 (*CTX->client_auth_vtable)->choose(CTX->client_auth_vtable,
1364 CTX, auth_types, &ux);
1365 CTX->auth_type = (unsigned char)ux.auth_type;
1366 CTX->hash_id = (unsigned char)ux.hash_id;
1367 ENG->chain = ux.chain;
1368 ENG->chain_len = ux.chain_len;
1369 } else {
1370 CTX->hash_id = 0;
1371 ENG->chain_len = 0;
1372 }
1373
1374 }
1375 break;
1376 case 43: {
1377 /* get-key-type-usages */
1378
1379 const br_x509_class *xc;
1380 const br_x509_pkey *pk;
1381 unsigned usages;
1382
1383 xc = *(ENG->x509ctx);
1384 pk = xc->get_pkey(ENG->x509ctx, &usages);
1385 if (pk == NULL) {
1386 T0_PUSH(0);
1387 } else {
1388 T0_PUSH(pk->key_type | usages);
1389 }
1390
1391 }
1392 break;
1393 case 44: {
1394 /* get16 */
1395
1396 size_t addr = (size_t)T0_POP();
1397 T0_PUSH(*(uint16_t *)((unsigned char *)ENG + addr));
1398
1399 }
1400 break;
1401 case 45: {
1402 /* get32 */
1403
1404 size_t addr = (size_t)T0_POP();
1405 T0_PUSH(*(uint32_t *)((unsigned char *)ENG + addr));
1406
1407 }
1408 break;
1409 case 46: {
1410 /* get8 */
1411
1412 size_t addr = (size_t)T0_POP();
1413 T0_PUSH(*((unsigned char *)ENG + addr));
1414
1415 }
1416 break;
1417 case 47: {
1418 /* has-input? */
1419
1420 T0_PUSHi(-(ENG->hlen_in != 0));
1421
1422 }
1423 break;
1424 case 48: {
1425 /* memcmp */
1426
1427 size_t len = (size_t)T0_POP();
1428 void *addr2 = (unsigned char *)ENG + (size_t)T0_POP();
1429 void *addr1 = (unsigned char *)ENG + (size_t)T0_POP();
1430 int x = memcmp(addr1, addr2, len);
1431 T0_PUSH((uint32_t)-(x == 0));
1432
1433 }
1434 break;
1435 case 49: {
1436 /* memcpy */
1437
1438 size_t len = (size_t)T0_POP();
1439 void *src = (unsigned char *)ENG + (size_t)T0_POP();
1440 void *dst = (unsigned char *)ENG + (size_t)T0_POP();
1441 memcpy(dst, src, len);
1442
1443 }
1444 break;
1445 case 50: {
1446 /* mkrand */
1447
1448 size_t len = (size_t)T0_POP();
1449 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
1450 br_hmac_drbg_generate(&ENG->rng, addr, len);
1451
1452 }
1453 break;
1454 case 51: {
1455 /* more-incoming-bytes? */
1456
1457 T0_PUSHi(ENG->hlen_in != 0 || !br_ssl_engine_recvrec_finished(ENG));
1458
1459 }
1460 break;
1461 case 52: {
1462 /* multihash-init */
1463
1464 br_multihash_init(&ENG->mhash);
1465
1466 }
1467 break;
1468 case 53: {
1469 /* neg */
1470
1471 uint32_t a = T0_POP();
1472 T0_PUSH(-a);
1473
1474 }
1475 break;
1476 case 54: {
1477 /* not */
1478
1479 uint32_t a = T0_POP();
1480 T0_PUSH(~a);
1481
1482 }
1483 break;
1484 case 55: {
1485 /* or */
1486
1487 uint32_t b = T0_POP();
1488 uint32_t a = T0_POP();
1489 T0_PUSH(a | b);
1490
1491 }
1492 break;
1493 case 56: {
1494 /* over */
1495 T0_PUSH(T0_PEEK(1));
1496 }
1497 break;
1498 case 57: {
1499 /* read-chunk-native */
1500
1501 size_t clen = ENG->hlen_in;
1502 if (clen > 0) {
1503 uint32_t addr, len;
1504
1505 len = T0_POP();
1506 addr = T0_POP();
1507 if ((size_t)len < clen) {
1508 clen = (size_t)len;
1509 }
1510 memcpy((unsigned char *)ENG + addr, ENG->hbuf_in, clen);
1511 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1512 br_multihash_update(&ENG->mhash, ENG->hbuf_in, clen);
1513 }
1514 T0_PUSH(addr + (uint32_t)clen);
1515 T0_PUSH(len - (uint32_t)clen);
1516 ENG->hbuf_in += clen;
1517 ENG->hlen_in -= clen;
1518 }
1519
1520 }
1521 break;
1522 case 58: {
1523 /* read8-native */
1524
1525 if (ENG->hlen_in > 0) {
1526 unsigned char x;
1527
1528 x = *ENG->hbuf_in ++;
1529 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1530 br_multihash_update(&ENG->mhash, &x, 1);
1531 }
1532 T0_PUSH(x);
1533 ENG->hlen_in --;
1534 } else {
1535 T0_PUSHi(-1);
1536 }
1537
1538 }
1539 break;
1540 case 59: {
1541 /* set-server-curve */
1542
1543 const br_x509_class *xc;
1544 const br_x509_pkey *pk;
1545
1546 xc = *(ENG->x509ctx);
1547 pk = xc->get_pkey(ENG->x509ctx, NULL);
1548 CTX->server_curve =
1549 (pk->key_type == BR_KEYTYPE_EC) ? pk->key.ec.curve : 0;
1550
1551 }
1552 break;
1553 case 60: {
1554 /* set16 */
1555
1556 size_t addr = (size_t)T0_POP();
1557 *(uint16_t *)((unsigned char *)ENG + addr) = (uint16_t)T0_POP();
1558
1559 }
1560 break;
1561 case 61: {
1562 /* set32 */
1563
1564 size_t addr = (size_t)T0_POP();
1565 *(uint32_t *)((unsigned char *)ENG + addr) = (uint32_t)T0_POP();
1566
1567 }
1568 break;
1569 case 62: {
1570 /* set8 */
1571
1572 size_t addr = (size_t)T0_POP();
1573 *((unsigned char *)ENG + addr) = (unsigned char)T0_POP();
1574
1575 }
1576 break;
1577 case 63: {
1578 /* strlen */
1579
1580 void *str = (unsigned char *)ENG + (size_t)T0_POP();
1581 T0_PUSH((uint32_t)strlen(str));
1582
1583 }
1584 break;
1585 case 64: {
1586 /* supported-curves */
1587
1588 uint32_t x = ENG->iec == NULL ? 0 : ENG->iec->supported_curves;
1589 T0_PUSH(x);
1590
1591 }
1592 break;
1593 case 65: {
1594 /* supported-hash-functions */
1595
1596 int i;
1597 unsigned x, num;
1598
1599 x = 0;
1600 num = 0;
1601 for (i = br_sha1_ID; i <= br_sha512_ID; i ++) {
1602 if (br_multihash_getimpl(&ENG->mhash, i)) {
1603 x |= 1U << i;
1604 num ++;
1605 }
1606 }
1607 T0_PUSH(x);
1608 T0_PUSH(num);
1609
1610 }
1611 break;
1612 case 66: {
1613 /* supports-ecdsa? */
1614
1615 T0_PUSHi(-(ENG->iecdsa != 0));
1616
1617 }
1618 break;
1619 case 67: {
1620 /* supports-rsa-sign? */
1621
1622 T0_PUSHi(-(ENG->irsavrfy != 0));
1623
1624 }
1625 break;
1626 case 68: {
1627 /* swap */
1628 T0_SWAP();
1629 }
1630 break;
1631 case 69: {
1632 /* switch-aesgcm-in */
1633
1634 int is_client, prf_id;
1635 unsigned cipher_key_len;
1636
1637 cipher_key_len = T0_POP();
1638 prf_id = T0_POP();
1639 is_client = T0_POP();
1640 br_ssl_engine_switch_gcm_in(ENG, is_client, prf_id,
1641 ENG->iaes_ctr, cipher_key_len);
1642
1643 }
1644 break;
1645 case 70: {
1646 /* switch-aesgcm-out */
1647
1648 int is_client, prf_id;
1649 unsigned cipher_key_len;
1650
1651 cipher_key_len = T0_POP();
1652 prf_id = T0_POP();
1653 is_client = T0_POP();
1654 br_ssl_engine_switch_gcm_out(ENG, is_client, prf_id,
1655 ENG->iaes_ctr, cipher_key_len);
1656
1657 }
1658 break;
1659 case 71: {
1660 /* switch-cbc-in */
1661
1662 int is_client, prf_id, mac_id, aes;
1663 unsigned cipher_key_len;
1664
1665 cipher_key_len = T0_POP();
1666 aes = T0_POP();
1667 mac_id = T0_POP();
1668 prf_id = T0_POP();
1669 is_client = T0_POP();
1670 br_ssl_engine_switch_cbc_in(ENG, is_client, prf_id, mac_id,
1671 aes ? ENG->iaes_cbcdec : ENG->ides_cbcdec, cipher_key_len);
1672
1673 }
1674 break;
1675 case 72: {
1676 /* switch-cbc-out */
1677
1678 int is_client, prf_id, mac_id, aes;
1679 unsigned cipher_key_len;
1680
1681 cipher_key_len = T0_POP();
1682 aes = T0_POP();
1683 mac_id = T0_POP();
1684 prf_id = T0_POP();
1685 is_client = T0_POP();
1686 br_ssl_engine_switch_cbc_out(ENG, is_client, prf_id, mac_id,
1687 aes ? ENG->iaes_cbcenc : ENG->ides_cbcenc, cipher_key_len);
1688
1689 }
1690 break;
1691 case 73: {
1692 /* switch-chapol-in */
1693
1694 int is_client, prf_id;
1695
1696 prf_id = T0_POP();
1697 is_client = T0_POP();
1698 br_ssl_engine_switch_chapol_in(ENG, is_client, prf_id);
1699
1700 }
1701 break;
1702 case 74: {
1703 /* switch-chapol-out */
1704
1705 int is_client, prf_id;
1706
1707 prf_id = T0_POP();
1708 is_client = T0_POP();
1709 br_ssl_engine_switch_chapol_out(ENG, is_client, prf_id);
1710
1711 }
1712 break;
1713 case 75: {
1714 /* test-protocol-name */
1715
1716 size_t len = T0_POP();
1717 size_t u;
1718
1719 for (u = 0; u < ENG->protocol_names_num; u ++) {
1720 const char *name;
1721
1722 name = ENG->protocol_names[u];
1723 if (len == strlen(name) && memcmp(ENG->pad, name, len) == 0) {
1724 T0_PUSH(u);
1725 T0_RET();
1726 }
1727 }
1728 T0_PUSHi(-1);
1729
1730 }
1731 break;
1732 case 76: {
1733 /* total-chain-length */
1734
1735 size_t u;
1736 uint32_t total;
1737
1738 total = 0;
1739 for (u = 0; u < ENG->chain_len; u ++) {
1740 total += 3 + (uint32_t)ENG->chain[u].data_len;
1741 }
1742 T0_PUSH(total);
1743
1744 }
1745 break;
1746 case 77: {
1747 /* u>> */
1748
1749 int c = (int)T0_POPi();
1750 uint32_t x = T0_POP();
1751 T0_PUSH(x >> c);
1752
1753 }
1754 break;
1755 case 78: {
1756 /* verify-SKE-sig */
1757
1758 size_t sig_len = T0_POP();
1759 int use_rsa = T0_POPi();
1760 int hash = T0_POPi();
1761
1762 T0_PUSH(verify_SKE_sig(CTX, hash, use_rsa, sig_len));
1763
1764 }
1765 break;
1766 case 79: {
1767 /* write-blob-chunk */
1768
1769 size_t clen = ENG->hlen_out;
1770 if (clen > 0) {
1771 uint32_t addr, len;
1772
1773 len = T0_POP();
1774 addr = T0_POP();
1775 if ((size_t)len < clen) {
1776 clen = (size_t)len;
1777 }
1778 memcpy(ENG->hbuf_out, (unsigned char *)ENG + addr, clen);
1779 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1780 br_multihash_update(&ENG->mhash, ENG->hbuf_out, clen);
1781 }
1782 T0_PUSH(addr + (uint32_t)clen);
1783 T0_PUSH(len - (uint32_t)clen);
1784 ENG->hbuf_out += clen;
1785 ENG->hlen_out -= clen;
1786 }
1787
1788 }
1789 break;
1790 case 80: {
1791 /* write8-native */
1792
1793 unsigned char x;
1794
1795 x = (unsigned char)T0_POP();
1796 if (ENG->hlen_out > 0) {
1797 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1798 br_multihash_update(&ENG->mhash, &x, 1);
1799 }
1800 *ENG->hbuf_out ++ = x;
1801 ENG->hlen_out --;
1802 T0_PUSHi(-1);
1803 } else {
1804 T0_PUSHi(0);
1805 }
1806
1807 }
1808 break;
1809 case 81: {
1810 /* x509-append */
1811
1812 const br_x509_class *xc;
1813 size_t len;
1814
1815 xc = *(ENG->x509ctx);
1816 len = T0_POP();
1817 xc->append(ENG->x509ctx, ENG->pad, len);
1818
1819 }
1820 break;
1821 case 82: {
1822 /* x509-end-cert */
1823
1824 const br_x509_class *xc;
1825
1826 xc = *(ENG->x509ctx);
1827 xc->end_cert(ENG->x509ctx);
1828
1829 }
1830 break;
1831 case 83: {
1832 /* x509-end-chain */
1833
1834 const br_x509_class *xc;
1835
1836 xc = *(ENG->x509ctx);
1837 T0_PUSH(xc->end_chain(ENG->x509ctx));
1838
1839 }
1840 break;
1841 case 84: {
1842 /* x509-start-cert */
1843
1844 const br_x509_class *xc;
1845
1846 xc = *(ENG->x509ctx);
1847 xc->start_cert(ENG->x509ctx, T0_POP());
1848
1849 }
1850 break;
1851 case 85: {
1852 /* x509-start-chain */
1853
1854 const br_x509_class *xc;
1855 uint32_t bc;
1856
1857 bc = T0_POP();
1858 xc = *(ENG->x509ctx);
1859 xc->start_chain(ENG->x509ctx, bc ? ENG->server_name : NULL);
1860
1861 }
1862 break;
1863 }
1864
1865 } else {
1866 T0_ENTER(ip, rp, t0x);
1867 }
1868 }
1869 t0_exit:
1870 ((t0_context *)t0ctx)->dp = dp;
1871 ((t0_context *)t0ctx)->rp = rp;
1872 ((t0_context *)t0ctx)->ip = ip;
1873 }
The BearSSL library and tools.