1 /* Automatically generated code; do not modify directly. */
9 const unsigned char *ip
;
13 t0_parse7E_unsigned(const unsigned char **p
)
22 x
= (x
<< 7) | (uint32_t)(y
& 0x7F);
30 t0_parse7E_signed(const unsigned char **p
)
35 neg
= ((**p
) >> 6) & 1;
41 x
= (x
<< 7) | (uint32_t)(y
& 0x7F);
44 return -(int32_t)~x
- 1;
52 #define T0_VBYTE(x, n) (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) | 0x80)
53 #define T0_FBYTE(x, n) (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)
54 #define T0_SBYTE(x) (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)
55 #define T0_INT1(x) T0_FBYTE(x, 0)
56 #define T0_INT2(x) T0_VBYTE(x, 7), T0_FBYTE(x, 0)
57 #define T0_INT3(x) T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
58 #define T0_INT4(x) T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
59 #define T0_INT5(x) T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
61 /* static const unsigned char t0_datablock[]; */
64 void br_ssl_hs_client_init_main(void *t0ctx
);
66 void br_ssl_hs_client_run(void *t0ctx
);
76 * This macro evaluates to a pointer to the current engine context.
78 #define ENG ((br_ssl_engine_context *)((unsigned char *)t0ctx - offsetof(br_ssl_engine_context, cpu)))
85 * This macro evaluates to a pointer to the client context, under that
86 * specific name. It must be noted that since the engine context is the
87 * first field of the br_ssl_client_context structure ('eng'), then
88 * pointers values of both types are interchangeable, modulo an
89 * appropriate cast. This also means that "adresses" computed as offsets
90 * within the structure work for both kinds of context.
92 #define CTX ((br_ssl_client_context *)ENG)
95 * Generate the pre-master secret for RSA key exchange, and encrypt it
96 * with the server's public key. Returned value is either the encrypted
97 * data length (in bytes), or -x on error, with 'x' being an error code.
99 * This code assumes that the public key has been already verified (it
100 * was properly obtained by the X.509 engine, and it has the right type,
101 * i.e. it is of type RSA and suitable for encryption).
104 make_pms_rsa(br_ssl_client_context
*ctx
, int prf_id
)
106 const br_x509_class
**xc
;
107 const br_x509_pkey
*pk
;
108 const unsigned char *n
;
112 xc
= ctx
->eng
.x509ctx
;
113 pk
= (*xc
)->get_pkey(xc
, NULL
);
116 * Compute actual RSA key length, in case there are leading zeros.
119 nlen
= pk
->key
.rsa
.nlen
;
120 while (nlen
> 0 && *n
== 0) {
126 * We need at least 59 bytes (48 bytes for pre-master secret, and
127 * 11 bytes for the PKCS#1 type 2 padding). Note that the X.509
128 * minimal engine normally blocks RSA keys shorter than 128 bytes,
129 * so this is mostly for public keys provided explicitly by the
133 return -BR_ERR_X509_WEAK_PUBLIC_KEY
;
135 if (nlen
> sizeof ctx
->eng
.pad
) {
136 return -BR_ERR_LIMIT_EXCEEDED
;
142 pms
= ctx
->eng
.pad
+ nlen
- 48;
143 br_enc16be(pms
, ctx
->eng
.version_max
);
144 br_hmac_drbg_generate(&ctx
->eng
.rng
, pms
+ 2, 46);
145 br_ssl_engine_compute_master(&ctx
->eng
, prf_id
, pms
, 48);
148 * Apply PKCS#1 type 2 padding.
150 ctx
->eng
.pad
[0] = 0x00;
151 ctx
->eng
.pad
[1] = 0x02;
152 ctx
->eng
.pad
[nlen
- 49] = 0x00;
153 br_hmac_drbg_generate(&ctx
->eng
.rng
, ctx
->eng
.pad
+ 2, nlen
- 51);
154 for (u
= 2; u
< nlen
- 49; u
++) {
155 while (ctx
->eng
.pad
[u
] == 0) {
156 br_hmac_drbg_generate(&ctx
->eng
.rng
,
157 &ctx
->eng
.pad
[u
], 1);
162 * Compute RSA encryption.
164 if (!ctx
->irsapub(ctx
->eng
.pad
, nlen
, &pk
->key
.rsa
)) {
165 return -BR_ERR_LIMIT_EXCEEDED
;
171 * OID for hash functions in RSA signatures.
173 static const unsigned char *HASH_OID
[] = {
182 * Check the RSA signature on the ServerKeyExchange message.
184 * hash hash function ID (2 to 6), or 0 for MD5+SHA-1 (with RSA only)
185 * use_rsa non-zero for RSA signature, zero for ECDSA
186 * sig_len signature length (in bytes); signature value is in the pad
188 * Returned value is 0 on success, or an error code.
191 verify_SKE_sig(br_ssl_client_context
*ctx
,
192 int hash
, int use_rsa
, size_t sig_len
)
194 const br_x509_class
**xc
;
195 const br_x509_pkey
*pk
;
196 br_multihash_context mhc
;
197 unsigned char hv
[64], head
[4];
200 xc
= ctx
->eng
.x509ctx
;
201 pk
= (*xc
)->get_pkey(xc
, NULL
);
202 br_multihash_zero(&mhc
);
203 br_multihash_copyimpl(&mhc
, &ctx
->eng
.mhash
);
204 br_multihash_init(&mhc
);
205 br_multihash_update(&mhc
,
206 ctx
->eng
.client_random
, sizeof ctx
->eng
.client_random
);
207 br_multihash_update(&mhc
,
208 ctx
->eng
.server_random
, sizeof ctx
->eng
.server_random
);
211 head
[2] = ctx
->eng
.ecdhe_curve
;
212 head
[3] = ctx
->eng
.ecdhe_point_len
;
213 br_multihash_update(&mhc
, head
, sizeof head
);
214 br_multihash_update(&mhc
,
215 ctx
->eng
.ecdhe_point
, ctx
->eng
.ecdhe_point_len
);
217 hv_len
= br_multihash_out(&mhc
, hash
, hv
);
219 return BR_ERR_INVALID_ALGORITHM
;
222 if (!br_multihash_out(&mhc
, br_md5_ID
, hv
)
223 || !br_multihash_out(&mhc
, br_sha1_ID
, hv
+ 16))
225 return BR_ERR_INVALID_ALGORITHM
;
230 unsigned char tmp
[64];
231 const unsigned char *hash_oid
;
234 hash_oid
= HASH_OID
[hash
- 2];
238 if (!ctx
->eng
.irsavrfy(ctx
->eng
.pad
, sig_len
,
239 hash_oid
, hv_len
, &pk
->key
.rsa
, tmp
)
240 || memcmp(tmp
, hv
, hv_len
) != 0)
242 return BR_ERR_BAD_SIGNATURE
;
245 if (!ctx
->eng
.iecdsa(ctx
->eng
.iec
, hv
, hv_len
, &pk
->key
.ec
,
246 ctx
->eng
.pad
, sig_len
))
248 return BR_ERR_BAD_SIGNATURE
;
255 * Perform client-side ECDH (or ECDHE). The point that should be sent to
256 * the server is written in the pad; returned value is either the point
257 * length (in bytes), or -x on error, with 'x' being an error code.
259 * The point _from_ the server is taken from ecdhe_point[] if 'ecdhe'
260 * is non-zero, or from the X.509 engine context if 'ecdhe' is zero
264 make_pms_ecdh(br_ssl_client_context
*ctx
, unsigned ecdhe
, int prf_id
)
267 unsigned char key
[66], point
[133];
268 const unsigned char *order
, *point_src
;
269 size_t glen
, olen
, point_len
, xoff
, xlen
;
273 curve
= ctx
->eng
.ecdhe_curve
;
274 point_src
= ctx
->eng
.ecdhe_point
;
275 point_len
= ctx
->eng
.ecdhe_point_len
;
277 const br_x509_class
**xc
;
278 const br_x509_pkey
*pk
;
280 xc
= ctx
->eng
.x509ctx
;
281 pk
= (*xc
)->get_pkey(xc
, NULL
);
282 curve
= pk
->key
.ec
.curve
;
283 point_src
= pk
->key
.ec
.q
;
284 point_len
= pk
->key
.ec
.qlen
;
286 if ((ctx
->eng
.iec
->supported_curves
& ((uint32_t)1 << curve
)) == 0) {
287 return -BR_ERR_INVALID_ALGORITHM
;
291 * We need to generate our key, as a non-zero random value which
292 * is lower than the curve order, in a "large enough" range. We
293 * force top bit to 0 and bottom bit to 1, which guarantees that
294 * the value is in the proper range.
296 order
= ctx
->eng
.iec
->order(curve
, &olen
);
298 while (mask
>= order
[0]) {
301 br_hmac_drbg_generate(&ctx
->eng
.rng
, key
, olen
);
303 key
[olen
- 1] |= 0x01;
306 * Compute the common ECDH point, whose X coordinate is the
309 ctx
->eng
.iec
->generator(curve
, &glen
);
310 if (glen
!= point_len
) {
311 return -BR_ERR_INVALID_ALGORITHM
;
314 memcpy(point
, point_src
, glen
);
315 if (!ctx
->eng
.iec
->mul(point
, glen
, key
, olen
, curve
)) {
316 return -BR_ERR_INVALID_ALGORITHM
;
320 * The pre-master secret is the X coordinate.
322 xoff
= ctx
->eng
.iec
->xoff(curve
, &xlen
);
323 br_ssl_engine_compute_master(&ctx
->eng
, prf_id
, point
+ xoff
, xlen
);
325 ctx
->eng
.iec
->mulgen(point
, key
, olen
, curve
);
326 memcpy(ctx
->eng
.pad
, point
, glen
);
331 * Perform full static ECDH. This occurs only in the context of client
332 * authentication with certificates: the server uses an EC public key,
333 * the cipher suite is of type ECDH (not ECDHE), the server requested a
334 * client certificate and accepts static ECDH, the client has a
335 * certificate with an EC public key in the same curve, and accepts
336 * static ECDH as well.
338 * Returned value is 0 on success, -1 on error.
341 make_pms_static_ecdh(br_ssl_client_context
*ctx
, int prf_id
)
343 unsigned char point
[133];
345 const br_x509_class
**xc
;
346 const br_x509_pkey
*pk
;
348 xc
= ctx
->eng
.x509ctx
;
349 pk
= (*xc
)->get_pkey(xc
, NULL
);
350 point_len
= pk
->key
.ec
.qlen
;
351 if (point_len
> sizeof point
) {
354 memcpy(point
, pk
->key
.ec
.q
, point_len
);
355 if (!(*ctx
->client_auth_vtable
)->do_keyx(
356 ctx
->client_auth_vtable
, point
, &point_len
))
360 br_ssl_engine_compute_master(&ctx
->eng
,
361 prf_id
, point
, point_len
);
366 * Compute the client-side signature. This is invoked only when a
367 * signature-based client authentication was selected. The computed
368 * signature is in the pad; its length (in bytes) is returned. On
369 * error, 0 is returned.
372 make_client_sign(br_ssl_client_context
*ctx
)
377 * Compute hash of handshake messages so far. This "cannot" fail
378 * because the list of supported hash functions provided to the
379 * client certificate handler was trimmed to include only the
380 * hash functions that the multi-hasher supports.
383 hv_len
= br_multihash_out(&ctx
->eng
.mhash
,
384 ctx
->hash_id
, ctx
->eng
.pad
);
386 br_multihash_out(&ctx
->eng
.mhash
,
387 br_md5_ID
, ctx
->eng
.pad
);
388 br_multihash_out(&ctx
->eng
.mhash
,
389 br_sha1_ID
, ctx
->eng
.pad
+ 16);
392 return (*ctx
->client_auth_vtable
)->do_sign(
393 ctx
->client_auth_vtable
, ctx
->hash_id
, hv_len
,
394 ctx
->eng
.pad
, sizeof ctx
->eng
.pad
);
399 static const unsigned char t0_datablock
[] = {
400 0x00, 0x00, 0x0A, 0x00, 0x24, 0x00, 0x2F, 0x01, 0x24, 0x00, 0x35, 0x02,
401 0x24, 0x00, 0x3C, 0x01, 0x44, 0x00, 0x3D, 0x02, 0x44, 0x00, 0x9C, 0x03,
402 0x04, 0x00, 0x9D, 0x04, 0x05, 0xC0, 0x03, 0x40, 0x24, 0xC0, 0x04, 0x41,
403 0x24, 0xC0, 0x05, 0x42, 0x24, 0xC0, 0x08, 0x20, 0x24, 0xC0, 0x09, 0x21,
404 0x24, 0xC0, 0x0A, 0x22, 0x24, 0xC0, 0x0D, 0x30, 0x24, 0xC0, 0x0E, 0x31,
405 0x24, 0xC0, 0x0F, 0x32, 0x24, 0xC0, 0x12, 0x10, 0x24, 0xC0, 0x13, 0x11,
406 0x24, 0xC0, 0x14, 0x12, 0x24, 0xC0, 0x23, 0x21, 0x44, 0xC0, 0x24, 0x22,
407 0x55, 0xC0, 0x25, 0x41, 0x44, 0xC0, 0x26, 0x42, 0x55, 0xC0, 0x27, 0x11,
408 0x44, 0xC0, 0x28, 0x12, 0x55, 0xC0, 0x29, 0x31, 0x44, 0xC0, 0x2A, 0x32,
409 0x55, 0xC0, 0x2B, 0x23, 0x04, 0xC0, 0x2C, 0x24, 0x05, 0xC0, 0x2D, 0x43,
410 0x04, 0xC0, 0x2E, 0x44, 0x05, 0xC0, 0x2F, 0x13, 0x04, 0xC0, 0x30, 0x14,
411 0x05, 0xC0, 0x31, 0x33, 0x04, 0xC0, 0x32, 0x34, 0x05, 0xCC, 0xA8, 0x15,
412 0x04, 0xCC, 0xA9, 0x25, 0x04, 0x00, 0x00
415 static const unsigned char t0_codeblock
[] = {
416 0x00, 0x01, 0x00, 0x0A, 0x00, 0x00, 0x01, 0x00, 0x0D, 0x00, 0x00, 0x01,
417 0x00, 0x0E, 0x00, 0x00, 0x01, 0x00, 0x0F, 0x00, 0x00, 0x01, 0x01, 0x08,
418 0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x02, 0x08, 0x00, 0x00,
419 0x01, 0x02, 0x09, 0x00, 0x00, 0x25, 0x25, 0x00, 0x00, 0x01,
420 T0_INT1(BR_ERR_BAD_CCS
), 0x00, 0x00, 0x01,
421 T0_INT1(BR_ERR_BAD_CIPHER_SUITE
), 0x00, 0x00, 0x01,
422 T0_INT1(BR_ERR_BAD_COMPRESSION
), 0x00, 0x00, 0x01,
423 T0_INT1(BR_ERR_BAD_FINISHED
), 0x00, 0x00, 0x01,
424 T0_INT1(BR_ERR_BAD_FRAGLEN
), 0x00, 0x00, 0x01,
425 T0_INT1(BR_ERR_BAD_HANDSHAKE
), 0x00, 0x00, 0x01,
426 T0_INT1(BR_ERR_BAD_HELLO_DONE
), 0x00, 0x00, 0x01,
427 T0_INT1(BR_ERR_BAD_PARAM
), 0x00, 0x00, 0x01,
428 T0_INT1(BR_ERR_BAD_SECRENEG
), 0x00, 0x00, 0x01,
429 T0_INT1(BR_ERR_BAD_SNI
), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_BAD_VERSION
),
430 0x00, 0x00, 0x01, T0_INT1(BR_ERR_EXTRA_EXTENSION
), 0x00, 0x00, 0x01,
431 T0_INT1(BR_ERR_INVALID_ALGORITHM
), 0x00, 0x00, 0x01,
432 T0_INT1(BR_ERR_LIMIT_EXCEEDED
), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OK
),
433 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OVERSIZED_ID
), 0x00, 0x00, 0x01,
434 T0_INT1(BR_ERR_RESUME_MISMATCH
), 0x00, 0x00, 0x01,
435 T0_INT1(BR_ERR_UNEXPECTED
), 0x00, 0x00, 0x01,
436 T0_INT1(BR_ERR_UNSUPPORTED_VERSION
), 0x00, 0x00, 0x01,
437 T0_INT1(BR_ERR_WRONG_KEY_USAGE
), 0x00, 0x00, 0x01,
438 T0_INT2(offsetof(br_ssl_engine_context
, action
)), 0x00, 0x00, 0x01,
439 T0_INT2(offsetof(br_ssl_engine_context
, alert
)), 0x00, 0x00, 0x01,
440 T0_INT2(offsetof(br_ssl_engine_context
, application_data
)), 0x00, 0x00,
441 0x01, T0_INT2(offsetof(br_ssl_client_context
, auth_type
)), 0x00, 0x00,
443 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, cipher_suite
)),
445 T0_INT2(offsetof(br_ssl_engine_context
, client_random
)), 0x00, 0x00,
446 0x01, T0_INT2(offsetof(br_ssl_engine_context
, close_received
)), 0x00,
447 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, ecdhe_curve
)),
449 T0_INT2(offsetof(br_ssl_engine_context
, ecdhe_point
)), 0x00, 0x00,
450 0x01, T0_INT2(offsetof(br_ssl_engine_context
, ecdhe_point_len
)), 0x00,
451 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, flags
)), 0x00,
452 0x00, 0x01, T0_INT2(offsetof(br_ssl_client_context
, hash_id
)), 0x00,
453 0x00, 0x01, T0_INT2(offsetof(br_ssl_client_context
, hashes
)), 0x00,
454 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, log_max_frag_len
)),
456 T0_INT2(offsetof(br_ssl_client_context
, min_clienthello_len
)), 0x00,
457 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, pad
)), 0x00, 0x00,
458 0x01, T0_INT2(offsetof(br_ssl_engine_context
, protocol_names_num
)),
460 T0_INT2(offsetof(br_ssl_engine_context
, record_type_in
)), 0x00, 0x00,
461 0x01, T0_INT2(offsetof(br_ssl_engine_context
, record_type_out
)), 0x00,
462 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, reneg
)), 0x00,
463 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, saved_finished
)),
465 T0_INT2(offsetof(br_ssl_engine_context
, selected_protocol
)), 0x00,
466 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, server_name
)),
468 T0_INT2(offsetof(br_ssl_engine_context
, server_random
)), 0x00, 0x00,
470 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, session_id
)),
472 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, session_id_len
)),
474 T0_INT2(offsetof(br_ssl_engine_context
, shutdown_recv
)), 0x00, 0x00,
475 0x01, T0_INT2(offsetof(br_ssl_engine_context
, suites_buf
)), 0x00, 0x00,
476 0x01, T0_INT2(offsetof(br_ssl_engine_context
, suites_num
)), 0x00, 0x00,
478 T0_INT2(offsetof(br_ssl_engine_context
, session
) + offsetof(br_ssl_session_parameters
, version
)),
479 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, version_in
)),
481 T0_INT2(offsetof(br_ssl_engine_context
, version_max
)), 0x00, 0x00,
482 0x01, T0_INT2(offsetof(br_ssl_engine_context
, version_min
)), 0x00,
483 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context
, version_out
)),
484 0x00, 0x00, 0x09, 0x26, 0x56, 0x06, 0x02, 0x66, 0x28, 0x00, 0x00, 0x06,
485 0x08, 0x2C, 0x0E, 0x05, 0x02, 0x6F, 0x28, 0x04, 0x01, 0x3C, 0x00, 0x00,
486 0x01, 0x01, 0x00, 0x01, 0x03, 0x00, 0x97, 0x26, 0x5C, 0x44, 0x9B, 0x26,
487 0x05, 0x04, 0x5E, 0x01, 0x00, 0x00, 0x02, 0x00, 0x0E, 0x06, 0x02, 0x9B,
488 0x00, 0x5C, 0x04, 0x6B, 0x00, 0x06, 0x02, 0x66, 0x28, 0x00, 0x00, 0x26,
489 0x87, 0x44, 0x05, 0x03, 0x01, 0x0C, 0x08, 0x44, 0x77, 0x2C, 0xA9, 0x1C,
490 0x82, 0x01, 0x0C, 0x31, 0x00, 0x00, 0x26, 0x1F, 0x01, 0x08, 0x0B, 0x44,
491 0x5A, 0x1F, 0x08, 0x00, 0x01, 0x03, 0x00, 0x75, 0x2E, 0x02, 0x00, 0x36,
492 0x17, 0x01, 0x01, 0x0B, 0x75, 0x3E, 0x29, 0x1A, 0x36, 0x06, 0x07, 0x02,
493 0x00, 0xCC, 0x03, 0x00, 0x04, 0x75, 0x01, 0x00, 0xC3, 0x02, 0x00, 0x26,
494 0x1A, 0x17, 0x06, 0x02, 0x6D, 0x28, 0xCC, 0x04, 0x76, 0x01, 0x01, 0x00,
495 0x75, 0x3E, 0x01, 0x16, 0x85, 0x3E, 0x01, 0x00, 0x88, 0x3C, 0x34, 0xD2,
496 0x29, 0xB2, 0x06, 0x09, 0x01, 0x7F, 0xAD, 0x01, 0x7F, 0xCF, 0x04, 0x80,
497 0x53, 0xAF, 0x77, 0x2C, 0x9F, 0x01, T0_INT1(BR_KEYTYPE_SIGN
), 0x17,
498 0x06, 0x01, 0xB3, 0xB6, 0x26, 0x01, 0x0D, 0x0E, 0x06, 0x07, 0x25, 0xB5,
499 0xB6, 0x01, 0x7F, 0x04, 0x02, 0x01, 0x00, 0x03, 0x00, 0x01, 0x0E, 0x0E,
500 0x05, 0x02, 0x70, 0x28, 0x06, 0x02, 0x65, 0x28, 0x33, 0x06, 0x02, 0x70,
501 0x28, 0x02, 0x00, 0x06, 0x1C, 0xD0, 0x7E, 0x2E, 0x01, 0x81, 0x7F, 0x0E,
502 0x06, 0x0D, 0x25, 0x01, 0x10, 0xDB, 0x01, 0x00, 0xDA, 0x77, 0x2C, 0xA9,
503 0x24, 0x04, 0x04, 0xD3, 0x06, 0x01, 0xD1, 0x04, 0x01, 0xD3, 0x01, 0x7F,
504 0xCF, 0x01, 0x7F, 0xAD, 0x01, 0x01, 0x75, 0x3E, 0x01, 0x17, 0x85, 0x3E,
505 0x00, 0x00, 0x38, 0x38, 0x00, 0x00, 0x98, 0x01, 0x0C, 0x11, 0x01, 0x00,
506 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
507 T0_INT1(BR_KEYTYPE_RSA
| BR_KEYTYPE_KEYX
), 0x04, 0x30, 0x01, 0x01,
508 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
509 T0_INT1(BR_KEYTYPE_RSA
| BR_KEYTYPE_SIGN
), 0x04, 0x25, 0x01, 0x02,
510 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
511 T0_INT1(BR_KEYTYPE_EC
| BR_KEYTYPE_SIGN
), 0x04, 0x1A, 0x01, 0x03,
512 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
513 T0_INT1(BR_KEYTYPE_EC
| BR_KEYTYPE_KEYX
), 0x04, 0x0F, 0x01, 0x04,
514 0x38, 0x0E, 0x06, 0x05, 0x25, 0x01,
515 T0_INT1(BR_KEYTYPE_EC
| BR_KEYTYPE_KEYX
), 0x04, 0x04, 0x01, 0x00,
516 0x44, 0x25, 0x00, 0x00, 0x80, 0x2E, 0x01, 0x0E, 0x0E, 0x06, 0x04, 0x01,
517 0x00, 0x04, 0x02, 0x01, 0x05, 0x00, 0x00, 0x40, 0x06, 0x04, 0x01, 0x06,
518 0x04, 0x02, 0x01, 0x00, 0x00, 0x00, 0x86, 0x2E, 0x26, 0x06, 0x08, 0x01,
519 0x01, 0x09, 0x01, 0x11, 0x07, 0x04, 0x03, 0x25, 0x01, 0x05, 0x00, 0x01,
520 0x41, 0x03, 0x00, 0x25, 0x01, 0x00, 0x43, 0x06, 0x03, 0x02, 0x00, 0x08,
521 0x42, 0x06, 0x03, 0x02, 0x00, 0x08, 0x26, 0x06, 0x06, 0x01, 0x01, 0x0B,
522 0x01, 0x06, 0x08, 0x00, 0x00, 0x89, 0x3F, 0x26, 0x06, 0x03, 0x01, 0x09,
523 0x08, 0x00, 0x01, 0x40, 0x26, 0x06, 0x1E, 0x01, 0x00, 0x03, 0x00, 0x26,
524 0x06, 0x0E, 0x26, 0x01, 0x01, 0x17, 0x02, 0x00, 0x08, 0x03, 0x00, 0x01,
525 0x01, 0x11, 0x04, 0x6F, 0x25, 0x02, 0x00, 0x01, 0x01, 0x0B, 0x01, 0x06,
526 0x08, 0x00, 0x00, 0x7D, 0x2D, 0x44, 0x11, 0x01, 0x01, 0x17, 0x35, 0x00,
527 0x00, 0x9D, 0xCB, 0x26, 0x01, 0x07, 0x17, 0x01, 0x00, 0x38, 0x0E, 0x06,
528 0x09, 0x25, 0x01, 0x10, 0x17, 0x06, 0x01, 0x9D, 0x04, 0x2D, 0x01, 0x01,
529 0x38, 0x0E, 0x06, 0x24, 0x25, 0x25, 0x01, 0x00, 0x75, 0x3E, 0xB1, 0x86,
530 0x2E, 0x01, 0x01, 0x0E, 0x01, 0x01, 0xA6, 0x37, 0x06, 0x0F, 0x29, 0x1A,
531 0x36, 0x06, 0x04, 0xCB, 0x25, 0x04, 0x78, 0x01, 0x80, 0x64, 0xC3, 0x04,
532 0x01, 0x9D, 0x04, 0x03, 0x70, 0x28, 0x25, 0x04, 0xFF, 0x3C, 0x01, 0x26,
533 0x03, 0x00, 0x09, 0x26, 0x56, 0x06, 0x02, 0x66, 0x28, 0x02, 0x00, 0x00,
534 0x00, 0x98, 0x01, 0x0F, 0x17, 0x00, 0x00, 0x74, 0x2E, 0x01, 0x00, 0x38,
535 0x0E, 0x06, 0x10, 0x25, 0x26, 0x01, 0x01, 0x0D, 0x06, 0x03, 0x25, 0x01,
536 0x02, 0x74, 0x3E, 0x01, 0x00, 0x04, 0x21, 0x01, 0x01, 0x38, 0x0E, 0x06,
537 0x14, 0x25, 0x01, 0x00, 0x74, 0x3E, 0x26, 0x01, 0x80, 0x64, 0x0E, 0x06,
538 0x05, 0x01, 0x82, 0x00, 0x08, 0x28, 0x58, 0x04, 0x07, 0x25, 0x01, 0x82,
539 0x00, 0x08, 0x28, 0x25, 0x00, 0x00, 0x01, 0x00, 0x2F, 0x06, 0x05, 0x3A,
540 0xAA, 0x37, 0x04, 0x78, 0x26, 0x06, 0x04, 0x01, 0x01, 0x8D, 0x3E, 0x00,
541 0x01, 0xBD, 0xA8, 0xBD, 0xA8, 0xBF, 0x82, 0x44, 0x26, 0x03, 0x00, 0xB4,
542 0x99, 0x99, 0x02, 0x00, 0x4B, 0x26, 0x56, 0x06, 0x0A, 0x01, 0x03, 0xA6,
543 0x06, 0x02, 0x70, 0x28, 0x25, 0x04, 0x03, 0x5A, 0x88, 0x3C, 0x00, 0x00,
544 0x2F, 0x06, 0x0B, 0x84, 0x2E, 0x01, 0x14, 0x0D, 0x06, 0x02, 0x70, 0x28,
545 0x04, 0x11, 0xCB, 0x01, 0x07, 0x17, 0x26, 0x01, 0x02, 0x0D, 0x06, 0x06,
546 0x06, 0x02, 0x70, 0x28, 0x04, 0x70, 0x25, 0xC0, 0x01, 0x01, 0x0D, 0x33,
547 0x37, 0x06, 0x02, 0x5F, 0x28, 0x26, 0x01, 0x01, 0xC6, 0x36, 0xB0, 0x00,
548 0x01, 0xB6, 0x01, 0x0B, 0x0E, 0x05, 0x02, 0x70, 0x28, 0x26, 0x01, 0x03,
549 0x0E, 0x06, 0x08, 0xBE, 0x06, 0x02, 0x66, 0x28, 0x44, 0x25, 0x00, 0x44,
550 0x55, 0xBE, 0xA8, 0x26, 0x06, 0x23, 0xBE, 0xA8, 0x26, 0x54, 0x26, 0x06,
551 0x18, 0x26, 0x01, 0x82, 0x00, 0x0F, 0x06, 0x05, 0x01, 0x82, 0x00, 0x04,
552 0x01, 0x26, 0x03, 0x00, 0x82, 0x02, 0x00, 0xB4, 0x02, 0x00, 0x51, 0x04,
553 0x65, 0x99, 0x52, 0x04, 0x5A, 0x99, 0x99, 0x53, 0x26, 0x06, 0x02, 0x35,
554 0x00, 0x25, 0x2B, 0x00, 0x00, 0x77, 0x2C, 0x9F, 0x01, 0x7F, 0xAE, 0x26,
555 0x56, 0x06, 0x02, 0x35, 0x28, 0x26, 0x05, 0x02, 0x70, 0x28, 0x38, 0x17,
556 0x0D, 0x06, 0x02, 0x72, 0x28, 0x3B, 0x00, 0x00, 0x9A, 0xB6, 0x01, 0x14,
557 0x0D, 0x06, 0x02, 0x70, 0x28, 0x82, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0xB4,
558 0x99, 0x82, 0x26, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0x30, 0x05, 0x02, 0x62,
559 0x28, 0x00, 0x00, 0xB7, 0x06, 0x02, 0x70, 0x28, 0x06, 0x02, 0x64, 0x28,
560 0x00, 0x0A, 0xB6, 0x01, 0x02, 0x0E, 0x05, 0x02, 0x70, 0x28, 0xBD, 0x03,
561 0x00, 0x02, 0x00, 0x93, 0x2C, 0x0A, 0x02, 0x00, 0x92, 0x2C, 0x0F, 0x37,
562 0x06, 0x02, 0x71, 0x28, 0x02, 0x00, 0x91, 0x2C, 0x0D, 0x06, 0x02, 0x69,
563 0x28, 0x02, 0x00, 0x94, 0x3C, 0x8A, 0x01, 0x20, 0xB4, 0x01, 0x00, 0x03,
564 0x01, 0xBF, 0x03, 0x02, 0x02, 0x02, 0x01, 0x20, 0x0F, 0x06, 0x02, 0x6E,
565 0x28, 0x82, 0x02, 0x02, 0xB4, 0x02, 0x02, 0x8C, 0x2E, 0x0E, 0x02, 0x02,
566 0x01, 0x00, 0x0F, 0x17, 0x06, 0x0B, 0x8B, 0x82, 0x02, 0x02, 0x30, 0x06,
567 0x04, 0x01, 0x7F, 0x03, 0x01, 0x8B, 0x82, 0x02, 0x02, 0x31, 0x02, 0x02,
568 0x8C, 0x3E, 0x02, 0x00, 0x90, 0x02, 0x01, 0x96, 0xBD, 0x26, 0xC1, 0x56,
569 0x06, 0x02, 0x60, 0x28, 0x77, 0x02, 0x01, 0x96, 0xBF, 0x06, 0x02, 0x61,
570 0x28, 0x26, 0x06, 0x81, 0x45, 0xBD, 0xA8, 0xA4, 0x03, 0x03, 0xA2, 0x03,
571 0x04, 0xA0, 0x03, 0x05, 0xA3, 0x03, 0x06, 0xA5, 0x03, 0x07, 0xA1, 0x03,
572 0x08, 0x27, 0x03, 0x09, 0x26, 0x06, 0x81, 0x18, 0xBD, 0x01, 0x00, 0x38,
573 0x0E, 0x06, 0x0F, 0x25, 0x02, 0x03, 0x05, 0x02, 0x6A, 0x28, 0x01, 0x00,
574 0x03, 0x03, 0xBC, 0x04, 0x80, 0x7F, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x0F,
575 0x25, 0x02, 0x05, 0x05, 0x02, 0x6A, 0x28, 0x01, 0x00, 0x03, 0x05, 0xBA,
576 0x04, 0x80, 0x6A, 0x01, 0x83, 0xFE, 0x01, 0x38, 0x0E, 0x06, 0x0F, 0x25,
577 0x02, 0x04, 0x05, 0x02, 0x6A, 0x28, 0x01, 0x00, 0x03, 0x04, 0xBB, 0x04,
578 0x80, 0x53, 0x01, 0x0D, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x06, 0x05,
579 0x02, 0x6A, 0x28, 0x01, 0x00, 0x03, 0x06, 0xB8, 0x04, 0x3F, 0x01, 0x0A,
580 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x07, 0x05, 0x02, 0x6A, 0x28, 0x01,
581 0x00, 0x03, 0x07, 0xB8, 0x04, 0x2B, 0x01, 0x0B, 0x38, 0x0E, 0x06, 0x0E,
582 0x25, 0x02, 0x08, 0x05, 0x02, 0x6A, 0x28, 0x01, 0x00, 0x03, 0x08, 0xB8,
583 0x04, 0x17, 0x01, 0x10, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x02, 0x09, 0x05,
584 0x02, 0x6A, 0x28, 0x01, 0x00, 0x03, 0x09, 0xAC, 0x04, 0x03, 0x6A, 0x28,
585 0x25, 0x04, 0xFE, 0x64, 0x02, 0x04, 0x06, 0x0D, 0x02, 0x04, 0x01, 0x05,
586 0x0F, 0x06, 0x02, 0x67, 0x28, 0x01, 0x01, 0x86, 0x3E, 0x99, 0x99, 0x02,
587 0x01, 0x00, 0x04, 0xB6, 0x01, 0x0C, 0x0E, 0x05, 0x02, 0x70, 0x28, 0xBF,
588 0x01, 0x03, 0x0E, 0x05, 0x02, 0x6B, 0x28, 0xBD, 0x26, 0x7A, 0x3E, 0x26,
589 0x01, 0x20, 0x10, 0x06, 0x02, 0x6B, 0x28, 0x40, 0x44, 0x11, 0x01, 0x01,
590 0x17, 0x05, 0x02, 0x6B, 0x28, 0xBF, 0x26, 0x01, 0x81, 0x05, 0x0F, 0x06,
591 0x02, 0x6B, 0x28, 0x26, 0x7C, 0x3E, 0x7B, 0x44, 0xB4, 0x90, 0x2C, 0x01,
592 0x86, 0x03, 0x10, 0x03, 0x00, 0x77, 0x2C, 0xC9, 0x03, 0x01, 0x01, 0x02,
593 0x03, 0x02, 0x02, 0x00, 0x06, 0x21, 0xBF, 0x26, 0x26, 0x01, 0x02, 0x0A,
594 0x44, 0x01, 0x06, 0x0F, 0x37, 0x06, 0x02, 0x6B, 0x28, 0x03, 0x02, 0xBF,
595 0x02, 0x01, 0x01, 0x01, 0x0B, 0x01, 0x03, 0x08, 0x0E, 0x05, 0x02, 0x6B,
596 0x28, 0x04, 0x08, 0x02, 0x01, 0x06, 0x04, 0x01, 0x00, 0x03, 0x02, 0xBD,
597 0x26, 0x03, 0x03, 0x26, 0x01, 0x84, 0x00, 0x0F, 0x06, 0x02, 0x6C, 0x28,
598 0x82, 0x44, 0xB4, 0x02, 0x02, 0x02, 0x01, 0x02, 0x03, 0x4E, 0x26, 0x06,
599 0x01, 0x28, 0x25, 0x99, 0x00, 0x02, 0x03, 0x00, 0x03, 0x01, 0x02, 0x00,
600 0x95, 0x02, 0x01, 0x02, 0x00, 0x39, 0x26, 0x01, 0x00, 0x0E, 0x06, 0x02,
601 0x5E, 0x00, 0xCD, 0x04, 0x74, 0x02, 0x01, 0x00, 0x03, 0x00, 0xBF, 0xA8,
602 0x26, 0x06, 0x80, 0x43, 0xBF, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x06, 0x25,
603 0x01, 0x81, 0x7F, 0x04, 0x2E, 0x01, 0x80, 0x40, 0x38, 0x0E, 0x06, 0x07,
604 0x25, 0x01, 0x83, 0xFE, 0x00, 0x04, 0x20, 0x01, 0x80, 0x41, 0x38, 0x0E,
605 0x06, 0x07, 0x25, 0x01, 0x84, 0x80, 0x00, 0x04, 0x12, 0x01, 0x80, 0x42,
606 0x38, 0x0E, 0x06, 0x07, 0x25, 0x01, 0x88, 0x80, 0x00, 0x04, 0x04, 0x01,
607 0x00, 0x44, 0x25, 0x02, 0x00, 0x37, 0x03, 0x00, 0x04, 0xFF, 0x39, 0x99,
608 0x77, 0x2C, 0xC7, 0x05, 0x09, 0x02, 0x00, 0x01, 0x83, 0xFF, 0x7F, 0x17,
609 0x03, 0x00, 0x90, 0x2C, 0x01, 0x86, 0x03, 0x10, 0x06, 0x3A, 0xB9, 0x26,
610 0x7F, 0x3D, 0x41, 0x25, 0x26, 0x01, 0x08, 0x0B, 0x37, 0x01, 0x8C, 0x80,
611 0x00, 0x37, 0x17, 0x02, 0x00, 0x17, 0x02, 0x00, 0x01, 0x8C, 0x80, 0x00,
612 0x17, 0x06, 0x19, 0x26, 0x01, 0x81, 0x7F, 0x17, 0x06, 0x05, 0x01, 0x84,
613 0x80, 0x00, 0x37, 0x26, 0x01, 0x83, 0xFE, 0x00, 0x17, 0x06, 0x05, 0x01,
614 0x88, 0x80, 0x00, 0x37, 0x03, 0x00, 0x04, 0x09, 0x02, 0x00, 0x01, 0x8C,
615 0x88, 0x01, 0x17, 0x03, 0x00, 0x16, 0xBD, 0xA8, 0x26, 0x06, 0x23, 0xBD,
616 0xA8, 0x26, 0x15, 0x26, 0x06, 0x18, 0x26, 0x01, 0x82, 0x00, 0x0F, 0x06,
617 0x05, 0x01, 0x82, 0x00, 0x04, 0x01, 0x26, 0x03, 0x01, 0x82, 0x02, 0x01,
618 0xB4, 0x02, 0x01, 0x12, 0x04, 0x65, 0x99, 0x13, 0x04, 0x5A, 0x99, 0x14,
619 0x99, 0x02, 0x00, 0x2A, 0x00, 0x00, 0xB7, 0x26, 0x58, 0x06, 0x07, 0x25,
620 0x06, 0x02, 0x64, 0x28, 0x04, 0x74, 0x00, 0x00, 0xC0, 0x01, 0x03, 0xBE,
621 0x44, 0x25, 0x44, 0x00, 0x00, 0xBD, 0xC4, 0x00, 0x03, 0x01, 0x00, 0x03,
622 0x00, 0xBD, 0xA8, 0x26, 0x06, 0x80, 0x50, 0xBF, 0x03, 0x01, 0xBF, 0x03,
623 0x02, 0x02, 0x01, 0x01, 0x08, 0x0E, 0x06, 0x16, 0x02, 0x02, 0x01, 0x0F,
624 0x0C, 0x06, 0x0D, 0x01, 0x01, 0x02, 0x02, 0x01, 0x10, 0x08, 0x0B, 0x02,
625 0x00, 0x37, 0x03, 0x00, 0x04, 0x2A, 0x02, 0x01, 0x01, 0x02, 0x10, 0x02,
626 0x01, 0x01, 0x06, 0x0C, 0x17, 0x02, 0x02, 0x01, 0x01, 0x0E, 0x02, 0x02,
627 0x01, 0x03, 0x0E, 0x37, 0x17, 0x06, 0x11, 0x02, 0x00, 0x01, 0x01, 0x02,
628 0x02, 0x5B, 0x01, 0x02, 0x0B, 0x02, 0x01, 0x08, 0x0B, 0x37, 0x03, 0x00,
629 0x04, 0xFF, 0x2C, 0x99, 0x02, 0x00, 0x00, 0x00, 0xBD, 0x01, 0x01, 0x0E,
630 0x05, 0x02, 0x63, 0x28, 0xBF, 0x01, 0x08, 0x08, 0x80, 0x2E, 0x0E, 0x05,
631 0x02, 0x63, 0x28, 0x00, 0x00, 0xBD, 0x86, 0x2E, 0x05, 0x15, 0x01, 0x01,
632 0x0E, 0x05, 0x02, 0x67, 0x28, 0xBF, 0x01, 0x00, 0x0E, 0x05, 0x02, 0x67,
633 0x28, 0x01, 0x02, 0x86, 0x3E, 0x04, 0x1C, 0x01, 0x19, 0x0E, 0x05, 0x02,
634 0x67, 0x28, 0xBF, 0x01, 0x18, 0x0E, 0x05, 0x02, 0x67, 0x28, 0x82, 0x01,
635 0x18, 0xB4, 0x87, 0x82, 0x01, 0x18, 0x30, 0x05, 0x02, 0x67, 0x28, 0x00,
636 0x00, 0xBD, 0x06, 0x02, 0x68, 0x28, 0x00, 0x00, 0x01, 0x02, 0x95, 0xC0,
637 0x01, 0x08, 0x0B, 0xC0, 0x08, 0x00, 0x00, 0x01, 0x03, 0x95, 0xC0, 0x01,
638 0x08, 0x0B, 0xC0, 0x08, 0x01, 0x08, 0x0B, 0xC0, 0x08, 0x00, 0x00, 0x01,
639 0x01, 0x95, 0xC0, 0x00, 0x00, 0x3A, 0x26, 0x56, 0x05, 0x01, 0x00, 0x25,
640 0xCD, 0x04, 0x76, 0x02, 0x03, 0x00, 0x8F, 0x2E, 0x03, 0x01, 0x01, 0x00,
641 0x26, 0x02, 0x01, 0x0A, 0x06, 0x10, 0x26, 0x01, 0x01, 0x0B, 0x8E, 0x08,
642 0x2C, 0x02, 0x00, 0x0E, 0x06, 0x01, 0x00, 0x5A, 0x04, 0x6A, 0x25, 0x01,
643 0x7F, 0x00, 0x00, 0x01, 0x15, 0x85, 0x3E, 0x44, 0x50, 0x25, 0x50, 0x25,
644 0x29, 0x00, 0x00, 0x01, 0x01, 0x44, 0xC2, 0x00, 0x00, 0x44, 0x38, 0x95,
645 0x44, 0x26, 0x06, 0x05, 0xC0, 0x25, 0x5B, 0x04, 0x78, 0x25, 0x00, 0x00,
646 0x26, 0x01, 0x81, 0xAC, 0x00, 0x0E, 0x06, 0x04, 0x25, 0x01, 0x7F, 0x00,
647 0x98, 0x57, 0x00, 0x02, 0x03, 0x00, 0x77, 0x2C, 0x98, 0x03, 0x01, 0x02,
648 0x01, 0x01, 0x0F, 0x17, 0x02, 0x01, 0x01, 0x04, 0x11, 0x01, 0x0F, 0x17,
649 0x02, 0x01, 0x01, 0x08, 0x11, 0x01, 0x0F, 0x17, 0x01, 0x00, 0x38, 0x0E,
650 0x06, 0x10, 0x25, 0x01, 0x00, 0x01, 0x18, 0x02, 0x00, 0x06, 0x03, 0x47,
651 0x04, 0x01, 0x48, 0x04, 0x80, 0x68, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x10,
652 0x25, 0x01, 0x01, 0x01, 0x10, 0x02, 0x00, 0x06, 0x03, 0x47, 0x04, 0x01,
653 0x48, 0x04, 0x80, 0x52, 0x01, 0x02, 0x38, 0x0E, 0x06, 0x0F, 0x25, 0x01,
654 0x01, 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x47, 0x04, 0x01, 0x48, 0x04,
655 0x3D, 0x01, 0x03, 0x38, 0x0E, 0x06, 0x0E, 0x25, 0x25, 0x01, 0x10, 0x02,
656 0x00, 0x06, 0x03, 0x45, 0x04, 0x01, 0x46, 0x04, 0x29, 0x01, 0x04, 0x38,
657 0x0E, 0x06, 0x0E, 0x25, 0x25, 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x45,
658 0x04, 0x01, 0x46, 0x04, 0x15, 0x01, 0x05, 0x38, 0x0E, 0x06, 0x0C, 0x25,
659 0x25, 0x02, 0x00, 0x06, 0x03, 0x49, 0x04, 0x01, 0x4A, 0x04, 0x03, 0x66,
660 0x28, 0x25, 0x00, 0x00, 0x98, 0x01, 0x0C, 0x11, 0x01, 0x02, 0x0F, 0x00,
661 0x00, 0x98, 0x01, 0x0C, 0x11, 0x26, 0x59, 0x44, 0x01, 0x03, 0x0A, 0x17,
662 0x00, 0x00, 0x98, 0x01, 0x0C, 0x11, 0x01, 0x01, 0x0E, 0x00, 0x00, 0x98,
663 0x01, 0x0C, 0x11, 0x58, 0x00, 0x00, 0x1B, 0x01, 0x00, 0x73, 0x2E, 0x26,
664 0x06, 0x22, 0x01, 0x01, 0x38, 0x0E, 0x06, 0x06, 0x25, 0x01, 0x00, 0x9C,
665 0x04, 0x14, 0x01, 0x02, 0x38, 0x0E, 0x06, 0x0D, 0x25, 0x75, 0x2E, 0x01,
666 0x01, 0x0E, 0x06, 0x03, 0x01, 0x10, 0x37, 0x04, 0x01, 0x25, 0x04, 0x01,
667 0x25, 0x79, 0x2E, 0x05, 0x33, 0x2F, 0x06, 0x30, 0x84, 0x2E, 0x01, 0x14,
668 0x38, 0x0E, 0x06, 0x06, 0x25, 0x01, 0x02, 0x37, 0x04, 0x22, 0x01, 0x15,
669 0x38, 0x0E, 0x06, 0x09, 0x25, 0xAB, 0x06, 0x03, 0x01, 0x7F, 0x9C, 0x04,
670 0x13, 0x01, 0x16, 0x38, 0x0E, 0x06, 0x06, 0x25, 0x01, 0x01, 0x37, 0x04,
671 0x07, 0x25, 0x01, 0x04, 0x37, 0x01, 0x00, 0x25, 0x1A, 0x06, 0x03, 0x01,
672 0x08, 0x37, 0x00, 0x00, 0x1B, 0x26, 0x05, 0x13, 0x2F, 0x06, 0x10, 0x84,
673 0x2E, 0x01, 0x15, 0x0E, 0x06, 0x08, 0x25, 0xAB, 0x01, 0x00, 0x75, 0x3E,
674 0x04, 0x01, 0x20, 0x00, 0x00, 0xCB, 0x01, 0x07, 0x17, 0x01, 0x01, 0x0F,
675 0x06, 0x02, 0x70, 0x28, 0x00, 0x01, 0x03, 0x00, 0x29, 0x1A, 0x06, 0x05,
676 0x02, 0x00, 0x85, 0x3E, 0x00, 0xCB, 0x25, 0x04, 0x74, 0x00, 0x01, 0x14,
677 0xCE, 0x01, 0x01, 0xDB, 0x29, 0x26, 0x01, 0x00, 0xC6, 0x01, 0x16, 0xCE,
678 0xD4, 0x29, 0x00, 0x00, 0x01, 0x0B, 0xDB, 0x4C, 0x26, 0x26, 0x01, 0x03,
679 0x08, 0xDA, 0xDA, 0x18, 0x26, 0x56, 0x06, 0x02, 0x25, 0x00, 0xDA, 0x1D,
680 0x26, 0x06, 0x05, 0x82, 0x44, 0xD5, 0x04, 0x77, 0x25, 0x04, 0x6C, 0x00,
681 0x21, 0x01, 0x0F, 0xDB, 0x26, 0x90, 0x2C, 0x01, 0x86, 0x03, 0x10, 0x06,
682 0x0C, 0x01, 0x04, 0x08, 0xDA, 0x7E, 0x2E, 0xDB, 0x76, 0x2E, 0xDB, 0x04,
683 0x02, 0x5C, 0xDA, 0x26, 0xD9, 0x82, 0x44, 0xD5, 0x00, 0x02, 0xA2, 0xA4,
684 0x08, 0xA0, 0x08, 0xA3, 0x08, 0xA5, 0x08, 0xA1, 0x08, 0x27, 0x08, 0x03,
685 0x00, 0x01, 0x01, 0xDB, 0x01, 0x27, 0x8C, 0x2E, 0x08, 0x8F, 0x2E, 0x01,
686 0x01, 0x0B, 0x08, 0x02, 0x00, 0x06, 0x04, 0x5C, 0x02, 0x00, 0x08, 0x81,
687 0x2C, 0x38, 0x09, 0x26, 0x59, 0x06, 0x24, 0x02, 0x00, 0x05, 0x04, 0x44,
688 0x5C, 0x44, 0x5D, 0x01, 0x04, 0x09, 0x26, 0x56, 0x06, 0x03, 0x25, 0x01,
689 0x00, 0x26, 0x01, 0x04, 0x08, 0x02, 0x00, 0x08, 0x03, 0x00, 0x44, 0x01,
690 0x04, 0x08, 0x38, 0x08, 0x44, 0x04, 0x03, 0x25, 0x01, 0x7F, 0x03, 0x01,
691 0xDA, 0x92, 0x2C, 0xD9, 0x78, 0x01, 0x04, 0x19, 0x78, 0x01, 0x04, 0x08,
692 0x01, 0x1C, 0x32, 0x78, 0x01, 0x20, 0xD5, 0x8B, 0x8C, 0x2E, 0xD7, 0x8F,
693 0x2E, 0x26, 0x01, 0x01, 0x0B, 0xD9, 0x8E, 0x44, 0x26, 0x06, 0x0F, 0x5B,
694 0x38, 0x2C, 0x26, 0xC5, 0x05, 0x02, 0x60, 0x28, 0xD9, 0x44, 0x5C, 0x44,
695 0x04, 0x6E, 0x5E, 0x01, 0x01, 0xDB, 0x01, 0x00, 0xDB, 0x02, 0x00, 0x06,
696 0x81, 0x5A, 0x02, 0x00, 0xD9, 0xA2, 0x06, 0x0E, 0x01, 0x83, 0xFE, 0x01,
697 0xD9, 0x87, 0xA2, 0x01, 0x04, 0x09, 0x26, 0xD9, 0x5B, 0xD7, 0xA4, 0x06,
698 0x16, 0x01, 0x00, 0xD9, 0x89, 0xA4, 0x01, 0x04, 0x09, 0x26, 0xD9, 0x01,
699 0x02, 0x09, 0x26, 0xD9, 0x01, 0x00, 0xDB, 0x01, 0x03, 0x09, 0xD6, 0xA0,
700 0x06, 0x0C, 0x01, 0x01, 0xD9, 0x01, 0x01, 0xD9, 0x80, 0x2E, 0x01, 0x08,
701 0x09, 0xDB, 0xA3, 0x06, 0x19, 0x01, 0x0D, 0xD9, 0xA3, 0x01, 0x04, 0x09,
702 0x26, 0xD9, 0x01, 0x02, 0x09, 0xD9, 0x42, 0x06, 0x03, 0x01, 0x03, 0xD8,
703 0x43, 0x06, 0x03, 0x01, 0x01, 0xD8, 0xA5, 0x26, 0x06, 0x36, 0x01, 0x0A,
704 0xD9, 0x01, 0x04, 0x09, 0x26, 0xD9, 0x5D, 0xD9, 0x40, 0x01, 0x00, 0x26,
705 0x01, 0x82, 0x80, 0x80, 0x80, 0x00, 0x17, 0x06, 0x0A, 0x01, 0xFD, 0xFF,
706 0xFF, 0xFF, 0x7F, 0x17, 0x01, 0x1D, 0xD9, 0x26, 0x01, 0x20, 0x0A, 0x06,
707 0x0C, 0x9E, 0x11, 0x01, 0x01, 0x17, 0x06, 0x02, 0x26, 0xD9, 0x5A, 0x04,
708 0x6E, 0x5E, 0x04, 0x01, 0x25, 0xA1, 0x06, 0x0A, 0x01, 0x0B, 0xD9, 0x01,
709 0x02, 0xD9, 0x01, 0x82, 0x00, 0xD9, 0x27, 0x26, 0x06, 0x1F, 0x01, 0x10,
710 0xD9, 0x01, 0x04, 0x09, 0x26, 0xD9, 0x5D, 0xD9, 0x83, 0x2C, 0x01, 0x00,
711 0x9E, 0x0F, 0x06, 0x0A, 0x26, 0x1E, 0x26, 0xDB, 0x82, 0x44, 0xD5, 0x5A,
712 0x04, 0x72, 0x5E, 0x04, 0x01, 0x25, 0x02, 0x01, 0x56, 0x05, 0x11, 0x01,
713 0x15, 0xD9, 0x02, 0x01, 0x26, 0xD9, 0x26, 0x06, 0x06, 0x5B, 0x01, 0x00,
714 0xDB, 0x04, 0x77, 0x25, 0x00, 0x00, 0x01, 0x10, 0xDB, 0x77, 0x2C, 0x26,
715 0xCA, 0x06, 0x0C, 0xA9, 0x23, 0x26, 0x5C, 0xDA, 0x26, 0xD9, 0x82, 0x44,
716 0xD5, 0x04, 0x0D, 0x26, 0xC8, 0x44, 0xA9, 0x22, 0x26, 0x5A, 0xDA, 0x26,
717 0xDB, 0x82, 0x44, 0xD5, 0x00, 0x00, 0x9A, 0x01, 0x14, 0xDB, 0x01, 0x0C,
718 0xDA, 0x82, 0x01, 0x0C, 0xD5, 0x00, 0x00, 0x4F, 0x26, 0x01, 0x00, 0x0E,
719 0x06, 0x02, 0x5E, 0x00, 0xCB, 0x25, 0x04, 0x73, 0x00, 0x26, 0xD9, 0xD5,
720 0x00, 0x00, 0x26, 0xDB, 0xD5, 0x00, 0x01, 0x03, 0x00, 0x41, 0x25, 0x26,
721 0x01, 0x10, 0x17, 0x06, 0x06, 0x01, 0x04, 0xDB, 0x02, 0x00, 0xDB, 0x26,
722 0x01, 0x08, 0x17, 0x06, 0x06, 0x01, 0x03, 0xDB, 0x02, 0x00, 0xDB, 0x26,
723 0x01, 0x20, 0x17, 0x06, 0x06, 0x01, 0x05, 0xDB, 0x02, 0x00, 0xDB, 0x26,
724 0x01, 0x80, 0x40, 0x17, 0x06, 0x06, 0x01, 0x06, 0xDB, 0x02, 0x00, 0xDB,
725 0x01, 0x04, 0x17, 0x06, 0x06, 0x01, 0x02, 0xDB, 0x02, 0x00, 0xDB, 0x00,
726 0x00, 0x26, 0x01, 0x08, 0x4D, 0xDB, 0xDB, 0x00, 0x00, 0x26, 0x01, 0x10,
727 0x4D, 0xDB, 0xD9, 0x00, 0x00, 0x26, 0x50, 0x06, 0x02, 0x25, 0x00, 0xCB,
731 static const uint16_t t0_caddr
[] = {
868 #define T0_INTERPRETED 86
870 #define T0_ENTER(ip, rp, slot) do { \
871 const unsigned char *t0_newip; \
873 t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \
874 t0_lnum = t0_parse7E_unsigned(&t0_newip); \
876 *((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \
880 #define T0_DEFENTRY(name, slot) \
884 t0_context *t0ctx = ctx; \
885 t0ctx->ip = &t0_codeblock[0]; \
886 T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \
889 T0_DEFENTRY(br_ssl_hs_client_init_main
, 167)
891 #define T0_NEXT(t0ipp) (*(*(t0ipp)) ++)
894 br_ssl_hs_client_run(void *t0ctx
)
897 const unsigned char *ip
;
899 #define T0_LOCAL(x) (*(rp - 2 - (x)))
900 #define T0_POP() (*-- dp)
901 #define T0_POPi() (*(int32_t *)(-- dp))
902 #define T0_PEEK(x) (*(dp - 1 - (x)))
903 #define T0_PEEKi(x) (*(int32_t *)(dp - 1 - (x)))
904 #define T0_PUSH(v) do { *dp = (v); dp ++; } while (0)
905 #define T0_PUSHi(v) do { *(int32_t *)dp = (v); dp ++; } while (0)
906 #define T0_RPOP() (*-- rp)
907 #define T0_RPOPi() (*(int32_t *)(-- rp))
908 #define T0_RPUSH(v) do { *rp = (v); rp ++; } while (0)
909 #define T0_RPUSHi(v) do { *(int32_t *)rp = (v); rp ++; } while (0)
910 #define T0_ROLL(x) do { \
911 size_t t0len = (size_t)(x); \
912 uint32_t t0tmp = *(dp - 1 - t0len); \
913 memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \
916 #define T0_SWAP() do { \
917 uint32_t t0tmp = *(dp - 2); \
918 *(dp - 2) = *(dp - 1); \
921 #define T0_ROT() do { \
922 uint32_t t0tmp = *(dp - 3); \
923 *(dp - 3) = *(dp - 2); \
924 *(dp - 2) = *(dp - 1); \
927 #define T0_NROT() do { \
928 uint32_t t0tmp = *(dp - 1); \
929 *(dp - 1) = *(dp - 2); \
930 *(dp - 2) = *(dp - 3); \
933 #define T0_PICK(x) do { \
934 uint32_t t0depth = (x); \
935 T0_PUSH(T0_PEEK(t0depth)); \
937 #define T0_CO() do { \
940 #define T0_RET() goto t0_next
942 dp
= ((t0_context
*)t0ctx
)->dp
;
943 rp
= ((t0_context
*)t0ctx
)->rp
;
944 ip
= ((t0_context
*)t0ctx
)->ip
;
951 if (t0x
< T0_INTERPRETED
) {
963 ip
= &t0_codeblock
[t0x
];
965 case 1: /* literal constant */
966 T0_PUSHi(t0_parse7E_signed(&ip
));
968 case 2: /* read local */
969 T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip
)));
971 case 3: /* write local */
972 T0_LOCAL(t0_parse7E_unsigned(&ip
)) = T0_POP();
975 t0off
= t0_parse7E_signed(&ip
);
978 case 5: /* jump if */
979 t0off
= t0_parse7E_signed(&ip
);
984 case 6: /* jump if not */
985 t0off
= t0_parse7E_signed(&ip
);
993 uint32_t b
= T0_POP();
994 uint32_t a
= T0_POP();
1002 uint32_t b
= T0_POP();
1003 uint32_t a
= T0_POP();
1011 uint32_t b
= T0_POP();
1012 uint32_t a
= T0_POP();
1020 int32_t b
= T0_POPi();
1021 int32_t a
= T0_POPi();
1022 T0_PUSH(-(uint32_t)(a
< b
));
1029 int c
= (int)T0_POPi();
1030 uint32_t x
= T0_POP();
1038 int32_t b
= T0_POPi();
1039 int32_t a
= T0_POPi();
1040 T0_PUSH(-(uint32_t)(a
<= b
));
1047 uint32_t b
= T0_POP();
1048 uint32_t a
= T0_POP();
1049 T0_PUSH(-(uint32_t)(a
!= b
));
1056 uint32_t b
= T0_POP();
1057 uint32_t a
= T0_POP();
1058 T0_PUSH(-(uint32_t)(a
== b
));
1065 int32_t b
= T0_POPi();
1066 int32_t a
= T0_POPi();
1067 T0_PUSH(-(uint32_t)(a
> b
));
1074 int32_t b
= T0_POPi();
1075 int32_t a
= T0_POPi();
1076 T0_PUSH(-(uint32_t)(a
>= b
));
1083 int c
= (int)T0_POPi();
1084 int32_t x
= T0_POPi();
1090 /* anchor-dn-append-name */
1095 if (CTX
->client_auth_vtable
!= NULL
) {
1096 (*CTX
->client_auth_vtable
)->append_name(
1097 CTX
->client_auth_vtable
, ENG
->pad
, len
);
1103 /* anchor-dn-end-name */
1105 if (CTX
->client_auth_vtable
!= NULL
) {
1106 (*CTX
->client_auth_vtable
)->end_name(
1107 CTX
->client_auth_vtable
);
1113 /* anchor-dn-end-name-list */
1115 if (CTX
->client_auth_vtable
!= NULL
) {
1116 (*CTX
->client_auth_vtable
)->end_name_list(
1117 CTX
->client_auth_vtable
);
1123 /* anchor-dn-start-name */
1128 if (CTX
->client_auth_vtable
!= NULL
) {
1129 (*CTX
->client_auth_vtable
)->start_name(
1130 CTX
->client_auth_vtable
, len
);
1136 /* anchor-dn-start-name-list */
1138 if (CTX
->client_auth_vtable
!= NULL
) {
1139 (*CTX
->client_auth_vtable
)->start_name_list(
1140 CTX
->client_auth_vtable
);
1148 uint32_t b
= T0_POP();
1149 uint32_t a
= T0_POP();
1157 if (ENG
->chain_len
== 0) {
1160 ENG
->cert_cur
= ENG
->chain
->data
;
1161 ENG
->cert_len
= ENG
->chain
->data_len
;
1164 T0_PUSH(ENG
->cert_len
);
1172 size_t len
= (size_t)T0_POP();
1173 void *addr
= (unsigned char *)ENG
+ (size_t)T0_POP();
1174 memset(addr
, 0, len
);
1181 T0_PUSHi(-(ENG
->hlen_out
> 0));
1191 /* compute-Finished-inner */
1193 int prf_id
= T0_POP();
1194 int from_client
= T0_POPi();
1195 unsigned char seed
[48];
1198 br_tls_prf_impl prf
= br_ssl_engine_get_PRF(ENG
, prf_id
);
1199 if (ENG
->session
.version
>= BR_TLS12
) {
1200 seed_len
= br_multihash_out(&ENG
->mhash
, prf_id
, seed
);
1202 br_multihash_out(&ENG
->mhash
, br_md5_ID
, seed
);
1203 br_multihash_out(&ENG
->mhash
, br_sha1_ID
, seed
+ 16);
1206 prf(ENG
->pad
, 12, ENG
->session
.master_secret
,
1207 sizeof ENG
->session
.master_secret
,
1208 from_client
? "client finished" : "server finished",
1214 /* copy-cert-chunk */
1218 clen
= ENG
->cert_len
;
1219 if (clen
> sizeof ENG
->pad
) {
1220 clen
= sizeof ENG
->pad
;
1222 memcpy(ENG
->pad
, ENG
->cert_cur
, clen
);
1223 ENG
->cert_cur
+= clen
;
1224 ENG
->cert_len
-= clen
;
1230 /* copy-protocol-name */
1232 size_t idx
= T0_POP();
1233 size_t len
= strlen(ENG
->protocol_names
[idx
]);
1234 memcpy(ENG
->pad
, ENG
->protocol_names
[idx
], len
);
1242 size_t addr
= T0_POP();
1243 T0_PUSH(t0_datablock
[addr
]);
1255 /* do-client-sign */
1259 sig_len
= make_client_sign(CTX
);
1261 br_ssl_engine_fail(ENG
, BR_ERR_INVALID_ALGORITHM
);
1271 unsigned prf_id
= T0_POP();
1272 unsigned ecdhe
= T0_POP();
1275 x
= make_pms_ecdh(CTX
, ecdhe
, prf_id
);
1277 br_ssl_engine_fail(ENG
, -x
);
1286 /* do-rsa-encrypt */
1290 x
= make_pms_rsa(CTX
, T0_POP());
1292 br_ssl_engine_fail(ENG
, -x
);
1301 /* do-static-ecdh */
1303 unsigned prf_id
= T0_POP();
1305 if (make_pms_static_ecdh(CTX
, prf_id
) < 0) {
1306 br_ssl_engine_fail(ENG
, BR_ERR_INVALID_ALGORITHM
);
1319 T0_PUSH(T0_PEEK(0));
1323 /* ext-ALPN-length */
1327 if (ENG
->protocol_names_num
== 0) {
1332 for (u
= 0; u
< ENG
->protocol_names_num
; u
++) {
1333 len
+= 1 + strlen(ENG
->protocol_names
[u
]);
1342 br_ssl_engine_fail(ENG
, (int)T0_POPi());
1350 br_ssl_engine_flush_record(ENG
);
1355 /* get-client-chain */
1357 uint32_t auth_types
;
1359 auth_types
= T0_POP();
1360 if (CTX
->client_auth_vtable
!= NULL
) {
1361 br_ssl_client_certificate ux
;
1363 (*CTX
->client_auth_vtable
)->choose(CTX
->client_auth_vtable
,
1364 CTX
, auth_types
, &ux
);
1365 CTX
->auth_type
= (unsigned char)ux
.auth_type
;
1366 CTX
->hash_id
= (unsigned char)ux
.hash_id
;
1367 ENG
->chain
= ux
.chain
;
1368 ENG
->chain_len
= ux
.chain_len
;
1377 /* get-key-type-usages */
1379 const br_x509_class
*xc
;
1380 const br_x509_pkey
*pk
;
1383 xc
= *(ENG
->x509ctx
);
1384 pk
= xc
->get_pkey(ENG
->x509ctx
, &usages
);
1388 T0_PUSH(pk
->key_type
| usages
);
1396 size_t addr
= (size_t)T0_POP();
1397 T0_PUSH(*(uint16_t *)((unsigned char *)ENG
+ addr
));
1404 size_t addr
= (size_t)T0_POP();
1405 T0_PUSH(*(uint32_t *)((unsigned char *)ENG
+ addr
));
1412 size_t addr
= (size_t)T0_POP();
1413 T0_PUSH(*((unsigned char *)ENG
+ addr
));
1420 T0_PUSHi(-(ENG
->hlen_in
!= 0));
1427 size_t len
= (size_t)T0_POP();
1428 void *addr2
= (unsigned char *)ENG
+ (size_t)T0_POP();
1429 void *addr1
= (unsigned char *)ENG
+ (size_t)T0_POP();
1430 int x
= memcmp(addr1
, addr2
, len
);
1431 T0_PUSH((uint32_t)-(x
== 0));
1438 size_t len
= (size_t)T0_POP();
1439 void *src
= (unsigned char *)ENG
+ (size_t)T0_POP();
1440 void *dst
= (unsigned char *)ENG
+ (size_t)T0_POP();
1441 memcpy(dst
, src
, len
);
1448 size_t len
= (size_t)T0_POP();
1449 void *addr
= (unsigned char *)ENG
+ (size_t)T0_POP();
1450 br_hmac_drbg_generate(&ENG
->rng
, addr
, len
);
1455 /* more-incoming-bytes? */
1457 T0_PUSHi(ENG
->hlen_in
!= 0 || !br_ssl_engine_recvrec_finished(ENG
));
1462 /* multihash-init */
1464 br_multihash_init(&ENG
->mhash
);
1471 uint32_t a
= T0_POP();
1479 uint32_t a
= T0_POP();
1487 uint32_t b
= T0_POP();
1488 uint32_t a
= T0_POP();
1495 T0_PUSH(T0_PEEK(1));
1499 /* read-chunk-native */
1501 size_t clen
= ENG
->hlen_in
;
1507 if ((size_t)len
< clen
) {
1510 memcpy((unsigned char *)ENG
+ addr
, ENG
->hbuf_in
, clen
);
1511 if (ENG
->record_type_in
== BR_SSL_HANDSHAKE
) {
1512 br_multihash_update(&ENG
->mhash
, ENG
->hbuf_in
, clen
);
1514 T0_PUSH(addr
+ (uint32_t)clen
);
1515 T0_PUSH(len
- (uint32_t)clen
);
1516 ENG
->hbuf_in
+= clen
;
1517 ENG
->hlen_in
-= clen
;
1525 if (ENG
->hlen_in
> 0) {
1528 x
= *ENG
->hbuf_in
++;
1529 if (ENG
->record_type_in
== BR_SSL_HANDSHAKE
) {
1530 br_multihash_update(&ENG
->mhash
, &x
, 1);
1541 /* set-server-curve */
1543 const br_x509_class
*xc
;
1544 const br_x509_pkey
*pk
;
1546 xc
= *(ENG
->x509ctx
);
1547 pk
= xc
->get_pkey(ENG
->x509ctx
, NULL
);
1549 (pk
->key_type
== BR_KEYTYPE_EC
) ? pk
->key
.ec
.curve
: 0;
1556 size_t addr
= (size_t)T0_POP();
1557 *(uint16_t *)((unsigned char *)ENG
+ addr
) = (uint16_t)T0_POP();
1564 size_t addr
= (size_t)T0_POP();
1565 *(uint32_t *)((unsigned char *)ENG
+ addr
) = (uint32_t)T0_POP();
1572 size_t addr
= (size_t)T0_POP();
1573 *((unsigned char *)ENG
+ addr
) = (unsigned char)T0_POP();
1580 void *str
= (unsigned char *)ENG
+ (size_t)T0_POP();
1581 T0_PUSH((uint32_t)strlen(str
));
1586 /* supported-curves */
1588 uint32_t x
= ENG
->iec
== NULL
? 0 : ENG
->iec
->supported_curves
;
1594 /* supported-hash-functions */
1601 for (i
= br_sha1_ID
; i
<= br_sha512_ID
; i
++) {
1602 if (br_multihash_getimpl(&ENG
->mhash
, i
)) {
1613 /* supports-ecdsa? */
1615 T0_PUSHi(-(ENG
->iecdsa
!= 0));
1620 /* supports-rsa-sign? */
1622 T0_PUSHi(-(ENG
->irsavrfy
!= 0));
1632 /* switch-aesgcm-in */
1634 int is_client
, prf_id
;
1635 unsigned cipher_key_len
;
1637 cipher_key_len
= T0_POP();
1639 is_client
= T0_POP();
1640 br_ssl_engine_switch_gcm_in(ENG
, is_client
, prf_id
,
1641 ENG
->iaes_ctr
, cipher_key_len
);
1646 /* switch-aesgcm-out */
1648 int is_client
, prf_id
;
1649 unsigned cipher_key_len
;
1651 cipher_key_len
= T0_POP();
1653 is_client
= T0_POP();
1654 br_ssl_engine_switch_gcm_out(ENG
, is_client
, prf_id
,
1655 ENG
->iaes_ctr
, cipher_key_len
);
1662 int is_client
, prf_id
, mac_id
, aes
;
1663 unsigned cipher_key_len
;
1665 cipher_key_len
= T0_POP();
1669 is_client
= T0_POP();
1670 br_ssl_engine_switch_cbc_in(ENG
, is_client
, prf_id
, mac_id
,
1671 aes
? ENG
->iaes_cbcdec
: ENG
->ides_cbcdec
, cipher_key_len
);
1676 /* switch-cbc-out */
1678 int is_client
, prf_id
, mac_id
, aes
;
1679 unsigned cipher_key_len
;
1681 cipher_key_len
= T0_POP();
1685 is_client
= T0_POP();
1686 br_ssl_engine_switch_cbc_out(ENG
, is_client
, prf_id
, mac_id
,
1687 aes
? ENG
->iaes_cbcenc
: ENG
->ides_cbcenc
, cipher_key_len
);
1692 /* switch-chapol-in */
1694 int is_client
, prf_id
;
1697 is_client
= T0_POP();
1698 br_ssl_engine_switch_chapol_in(ENG
, is_client
, prf_id
);
1703 /* switch-chapol-out */
1705 int is_client
, prf_id
;
1708 is_client
= T0_POP();
1709 br_ssl_engine_switch_chapol_out(ENG
, is_client
, prf_id
);
1714 /* test-protocol-name */
1716 size_t len
= T0_POP();
1719 for (u
= 0; u
< ENG
->protocol_names_num
; u
++) {
1722 name
= ENG
->protocol_names
[u
];
1723 if (len
== strlen(name
) && memcmp(ENG
->pad
, name
, len
) == 0) {
1733 /* total-chain-length */
1739 for (u
= 0; u
< ENG
->chain_len
; u
++) {
1740 total
+= 3 + (uint32_t)ENG
->chain
[u
].data_len
;
1749 int c
= (int)T0_POPi();
1750 uint32_t x
= T0_POP();
1756 /* verify-SKE-sig */
1758 size_t sig_len
= T0_POP();
1759 int use_rsa
= T0_POPi();
1760 int hash
= T0_POPi();
1762 T0_PUSH(verify_SKE_sig(CTX
, hash
, use_rsa
, sig_len
));
1767 /* write-blob-chunk */
1769 size_t clen
= ENG
->hlen_out
;
1775 if ((size_t)len
< clen
) {
1778 memcpy(ENG
->hbuf_out
, (unsigned char *)ENG
+ addr
, clen
);
1779 if (ENG
->record_type_out
== BR_SSL_HANDSHAKE
) {
1780 br_multihash_update(&ENG
->mhash
, ENG
->hbuf_out
, clen
);
1782 T0_PUSH(addr
+ (uint32_t)clen
);
1783 T0_PUSH(len
- (uint32_t)clen
);
1784 ENG
->hbuf_out
+= clen
;
1785 ENG
->hlen_out
-= clen
;
1795 x
= (unsigned char)T0_POP();
1796 if (ENG
->hlen_out
> 0) {
1797 if (ENG
->record_type_out
== BR_SSL_HANDSHAKE
) {
1798 br_multihash_update(&ENG
->mhash
, &x
, 1);
1800 *ENG
->hbuf_out
++ = x
;
1812 const br_x509_class
*xc
;
1815 xc
= *(ENG
->x509ctx
);
1817 xc
->append(ENG
->x509ctx
, ENG
->pad
, len
);
1824 const br_x509_class
*xc
;
1826 xc
= *(ENG
->x509ctx
);
1827 xc
->end_cert(ENG
->x509ctx
);
1832 /* x509-end-chain */
1834 const br_x509_class
*xc
;
1836 xc
= *(ENG
->x509ctx
);
1837 T0_PUSH(xc
->end_chain(ENG
->x509ctx
));
1842 /* x509-start-cert */
1844 const br_x509_class
*xc
;
1846 xc
= *(ENG
->x509ctx
);
1847 xc
->start_cert(ENG
->x509ctx
, T0_POP());
1852 /* x509-start-chain */
1854 const br_x509_class
*xc
;
1858 xc
= *(ENG
->x509ctx
);
1859 xc
->start_chain(ENG
->x509ctx
, bc
? ENG
->server_name
: NULL
);
1866 T0_ENTER(ip
, rp
, t0x
);
1870 ((t0_context
*)t0ctx
)->dp
= dp
;
1871 ((t0_context
*)t0ctx
)->rp
= rp
;
1872 ((t0_context
*)t0ctx
)->ip
= ip
;