projects / BearSSL / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Added ChaCha20+Poly1305 support (stand-alone, cipher suites).
[BearSSL] / src / ssl / ssl_hs_client.c
1 /* Automatically generated code; do not modify directly. */
2
3 #include <stddef.h>
4 #include <stdint.h>
5
6 typedef struct {
7 uint32_t *dp;
8 uint32_t *rp;
9 const unsigned char *ip;
10 } t0_context;
11
12 static uint32_t
13 t0_parse7E_unsigned(const unsigned char **p)
14 {
15 uint32_t x;
16
17 x = 0;
18 for (;;) {
19 unsigned y;
20
21 y = *(*p) ++;
22 x = (x << 7) | (uint32_t)(y & 0x7F);
23 if (y < 0x80) {
24 return x;
25 }
26 }
27 }
28
29 static int32_t
30 t0_parse7E_signed(const unsigned char **p)
31 {
32 int neg;
33 uint32_t x;
34
35 neg = ((**p) >> 6) & 1;
36 x = (uint32_t)-neg;
37 for (;;) {
38 unsigned y;
39
40 y = *(*p) ++;
41 x = (x << 7) | (uint32_t)(y & 0x7F);
42 if (y < 0x80) {
43 if (neg) {
44 return -(int32_t)~x - 1;
45 } else {
46 return (int32_t)x;
47 }
48 }
49 }
50 }
51
52 #define T0_VBYTE(x, n) (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) | 0x80)
53 #define T0_FBYTE(x, n) (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)
54 #define T0_SBYTE(x) (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)
55 #define T0_INT1(x) T0_FBYTE(x, 0)
56 #define T0_INT2(x) T0_VBYTE(x, 7), T0_FBYTE(x, 0)
57 #define T0_INT3(x) T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
58 #define T0_INT4(x) T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
59 #define T0_INT5(x) T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
60
61 static const uint8_t t0_datablock[];
62
63
64 void br_ssl_hs_client_init_main(void *t0ctx);
65
66 void br_ssl_hs_client_run(void *t0ctx);
67
68
69
70 #include <stddef.h>
71 #include <string.h>
72
73 #include "inner.h"
74
75 /*
76 * This macro evaluates to a pointer to the current engine context.
77 */
78 #define ENG ((br_ssl_engine_context *)((unsigned char *)t0ctx - offsetof(br_ssl_engine_context, cpu)))
79
80
81
82
83
84 /*
85 * This macro evaluates to a pointer to the client context, under that
86 * specific name. It must be noted that since the engine context is the
87 * first field of the br_ssl_client_context structure ('eng'), then
88 * pointers values of both types are interchangeable, modulo an
89 * appropriate cast. This also means that "adresses" computed as offsets
90 * within the structure work for both kinds of context.
91 */
92 #define CTX ((br_ssl_client_context *)ENG)
93
94 /*
95 * Generate the pre-master secret for RSA key exchange, and encrypt it
96 * with the server's public key. Returned value is either the encrypted
97 * data length (in bytes), or -x on error, with 'x' being an error code.
98 *
99 * This code assumes that the public key has been already verified (it
100 * was properly obtained by the X.509 engine, and it has the right type,
101 * i.e. it is of type RSA and suitable for encryption).
102 */
103 static int
104 make_pms_rsa(br_ssl_client_context *ctx, int prf_id)
105 {
106 const br_x509_class **xc;
107 const br_x509_pkey *pk;
108 const unsigned char *n;
109 unsigned char *pms;
110 size_t nlen, u;
111
112 xc = ctx->eng.x509ctx;
113 pk = (*xc)->get_pkey(xc, NULL);
114
115 /*
116 * Compute actual RSA key length, in case there are leading zeros.
117 */
118 n = pk->key.rsa.n;
119 nlen = pk->key.rsa.nlen;
120 while (nlen > 0 && *n == 0) {
121 n ++;
122 nlen --;
123 }
124
125 /*
126 * We need at least 59 bytes (48 bytes for pre-master secret, and
127 * 11 bytes for the PKCS#1 type 2 padding). Note that the X.509
128 * minimal engine normally blocks RSA keys shorter than 128 bytes,
129 * so this is mostly for public keys provided explicitly by the
130 * caller.
131 */
132 if (nlen < 59) {
133 return -BR_ERR_X509_WEAK_PUBLIC_KEY;
134 }
135 if (nlen > sizeof ctx->eng.pad) {
136 return -BR_ERR_LIMIT_EXCEEDED;
137 }
138
139 /*
140 * Make PMS.
141 */
142 pms = ctx->eng.pad + nlen - 48;
143 br_enc16be(pms, ctx->eng.version_max);
144 br_hmac_drbg_generate(&ctx->eng.rng, pms + 2, 46);
145 br_ssl_engine_compute_master(&ctx->eng, prf_id, pms, 48);
146
147 /*
148 * Apply PKCS#1 type 2 padding.
149 */
150 ctx->eng.pad[0] = 0x00;
151 ctx->eng.pad[1] = 0x02;
152 ctx->eng.pad[nlen - 49] = 0x00;
153 br_hmac_drbg_generate(&ctx->eng.rng, ctx->eng.pad + 2, nlen - 51);
154 for (u = 2; u < nlen - 49; u ++) {
155 while (ctx->eng.pad[u] == 0) {
156 br_hmac_drbg_generate(&ctx->eng.rng,
157 &ctx->eng.pad[u], 1);
158 }
159 }
160
161 /*
162 * Compute RSA encryption.
163 */
164 if (!ctx->irsapub(ctx->eng.pad, nlen, &pk->key.rsa)) {
165 return -BR_ERR_LIMIT_EXCEEDED;
166 }
167 return (int)nlen;
168 }
169
170 /*
171 * OID for hash functions in RSA signatures.
172 */
173 static const unsigned char HASH_OID_SHA1[] = {
174 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A
175 };
176
177 static const unsigned char HASH_OID_SHA224[] = {
178 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04
179 };
180
181 static const unsigned char HASH_OID_SHA256[] = {
182 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01
183 };
184
185 static const unsigned char HASH_OID_SHA384[] = {
186 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02
187 };
188
189 static const unsigned char HASH_OID_SHA512[] = {
190 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03
191 };
192
193 static const unsigned char *HASH_OID[] = {
194 HASH_OID_SHA1,
195 HASH_OID_SHA224,
196 HASH_OID_SHA256,
197 HASH_OID_SHA384,
198 HASH_OID_SHA512
199 };
200
201 /*
202 * Check the RSA signature on the ServerKeyExchange message.
203 *
204 * hash hash function ID (2 to 6), or 0 for MD5+SHA-1 (with RSA only)
205 * use_rsa non-zero for RSA signature, zero for ECDSA
206 * sig_len signature length (in bytes); signature value is in the pad
207 *
208 * Returned value is 0 on success, or an error code.
209 */
210 static int
211 verify_SKE_sig(br_ssl_client_context *ctx,
212 int hash, int use_rsa, size_t sig_len)
213 {
214 const br_x509_class **xc;
215 const br_x509_pkey *pk;
216 br_multihash_context mhc;
217 unsigned char hv[64], head[4];
218 size_t hv_len;
219
220 xc = ctx->eng.x509ctx;
221 pk = (*xc)->get_pkey(xc, NULL);
222 br_multihash_zero(&mhc);
223 br_multihash_copyimpl(&mhc, &ctx->eng.mhash);
224 br_multihash_init(&mhc);
225 br_multihash_update(&mhc,
226 ctx->eng.client_random, sizeof ctx->eng.client_random);
227 br_multihash_update(&mhc,
228 ctx->eng.server_random, sizeof ctx->eng.server_random);
229 head[0] = 3;
230 head[1] = 0;
231 head[2] = ctx->eng.ecdhe_curve;
232 head[3] = ctx->eng.ecdhe_point_len;
233 br_multihash_update(&mhc, head, sizeof head);
234 br_multihash_update(&mhc,
235 ctx->eng.ecdhe_point, ctx->eng.ecdhe_point_len);
236 if (hash) {
237 hv_len = br_multihash_out(&mhc, hash, hv);
238 if (hv_len == 0) {
239 return BR_ERR_INVALID_ALGORITHM;
240 }
241 } else {
242 if (!br_multihash_out(&mhc, br_md5_ID, hv)
243 || !br_multihash_out(&mhc, br_sha1_ID, hv + 16))
244 {
245 return BR_ERR_INVALID_ALGORITHM;
246 }
247 hv_len = 36;
248 }
249 if (use_rsa) {
250 unsigned char tmp[64];
251 const unsigned char *hash_oid;
252
253 if (hash) {
254 hash_oid = HASH_OID[hash - 2];
255 } else {
256 hash_oid = NULL;
257 }
258 if (!ctx->eng.irsavrfy(ctx->eng.pad, sig_len,
259 hash_oid, hv_len, &pk->key.rsa, tmp)
260 || memcmp(tmp, hv, hv_len) != 0)
261 {
262 return BR_ERR_BAD_SIGNATURE;
263 }
264 } else {
265 if (!ctx->eng.iecdsa(ctx->eng.iec, hv, hv_len, &pk->key.ec,
266 ctx->eng.pad, sig_len))
267 {
268 return BR_ERR_BAD_SIGNATURE;
269 }
270 }
271 return 0;
272 }
273
274 /*
275 * Perform client-side ECDH (or ECDHE). The point that should be sent to
276 * the server is written in the pad; returned value is either the point
277 * length (in bytes), or -x on error, with 'x' being an error code.
278 *
279 * The point _from_ the server is taken from ecdhe_point[] if 'ecdhe'
280 * is non-zero, or from the X.509 engine context if 'ecdhe' is zero
281 * (for static ECDH).
282 */
283 static int
284 make_pms_ecdh(br_ssl_client_context *ctx, unsigned ecdhe, int prf_id)
285 {
286 int curve;
287 unsigned char key[66], point[133];
288 const unsigned char *generator, *order, *point_src;
289 size_t glen, olen, point_len;
290 unsigned char mask;
291
292 if (ecdhe) {
293 curve = ctx->eng.ecdhe_curve;
294 point_src = ctx->eng.ecdhe_point;
295 point_len = ctx->eng.ecdhe_point_len;
296 } else {
297 const br_x509_class **xc;
298 const br_x509_pkey *pk;
299
300 xc = ctx->eng.x509ctx;
301 pk = (*xc)->get_pkey(xc, NULL);
302 curve = pk->key.ec.curve;
303 point_src = pk->key.ec.q;
304 point_len = pk->key.ec.qlen;
305 }
306 if ((ctx->eng.iec->supported_curves & ((uint32_t)1 << curve)) == 0) {
307 return -BR_ERR_INVALID_ALGORITHM;
308 }
309
310 /*
311 * We need to generate our key, as a non-zero random value which
312 * is lower than the curve order, in a "large enough" range. We
313 * force top bit to 0 and bottom bit to 1, which guarantees that
314 * the value is in the proper range.
315 */
316 order = ctx->eng.iec->order(curve, &olen);
317 mask = 0xFF;
318 while (mask >= order[0]) {
319 mask >>= 1;
320 }
321 br_hmac_drbg_generate(&ctx->eng.rng, key, olen);
322 key[0] &= mask;
323 key[olen - 1] |= 0x01;
324
325 /*
326 * Compute the common ECDH point, whose X coordinate is the
327 * pre-master secret.
328 */
329 generator = ctx->eng.iec->generator(curve, &glen);
330 if (glen != point_len) {
331 return -BR_ERR_INVALID_ALGORITHM;
332 }
333
334 memcpy(point, point_src, glen);
335 if (!ctx->eng.iec->mul(point, glen, key, olen, curve)) {
336 return -BR_ERR_INVALID_ALGORITHM;
337 }
338
339 /*
340 * The pre-master secret is the X coordinate.
341 */
342 br_ssl_engine_compute_master(&ctx->eng, prf_id, point + 1, glen >> 1);
343
344 memcpy(point, generator, glen);
345 if (!ctx->eng.iec->mul(point, glen, key, olen, curve)) {
346 return -BR_ERR_INVALID_ALGORITHM;
347 }
348 memcpy(ctx->eng.pad, point, glen);
349 return (int)glen;
350 }
351
352 /*
353 * Perform full static ECDH. This occurs only in the context of client
354 * authentication with certificates: the server uses an EC public key,
355 * the cipher suite is of type ECDH (not ECDHE), the server requested a
356 * client certificate and accepts static ECDH, the client has a
357 * certificate with an EC public key in the same curve, and accepts
358 * static ECDH as well.
359 *
360 * Returned value is 0 on success, -1 on error.
361 */
362 static int
363 make_pms_static_ecdh(br_ssl_client_context *ctx, int prf_id)
364 {
365 unsigned char point[133];
366 size_t point_len;
367 const br_x509_class **xc;
368 const br_x509_pkey *pk;
369
370 xc = ctx->eng.x509ctx;
371 pk = (*xc)->get_pkey(xc, NULL);
372 point_len = pk->key.ec.qlen;
373 if (point_len > sizeof point) {
374 return -1;
375 }
376 memcpy(point, pk->key.ec.q, point_len);
377 if (!(*ctx->client_auth_vtable)->do_keyx(
378 ctx->client_auth_vtable, point, point_len))
379 {
380 return -1;
381 }
382 br_ssl_engine_compute_master(&ctx->eng,
383 prf_id, point + 1, point_len >> 1);
384 return 0;
385 }
386
387 /*
388 * Compute the client-side signature. This is invoked only when a
389 * signature-based client authentication was selected. The computed
390 * signature is in the pad; its length (in bytes) is returned. On
391 * error, 0 is returned.
392 */
393 static size_t
394 make_client_sign(br_ssl_client_context *ctx)
395 {
396 size_t hv_len;
397
398 /*
399 * Compute hash of handshake messages so far. This "cannot" fail
400 * because the list of supported hash functions provided to the
401 * client certificate handler was trimmed to include only the
402 * hash functions that the multi-hasher supports.
403 */
404 if (ctx->hash_id) {
405 hv_len = br_multihash_out(&ctx->eng.mhash,
406 ctx->hash_id, ctx->eng.pad);
407 } else {
408 br_multihash_out(&ctx->eng.mhash,
409 br_md5_ID, ctx->eng.pad);
410 br_multihash_out(&ctx->eng.mhash,
411 br_sha1_ID, ctx->eng.pad + 16);
412 hv_len = 36;
413 }
414 return (*ctx->client_auth_vtable)->do_sign(
415 ctx->client_auth_vtable, ctx->hash_id, hv_len,
416 ctx->eng.pad, sizeof ctx->eng.pad);
417 }
418
419
420
421 static const uint8_t t0_datablock[] = {
422 0x00, 0x00, 0x0A, 0x00, 0x24, 0x00, 0x2F, 0x01, 0x24, 0x00, 0x35, 0x02,
423 0x24, 0x00, 0x3C, 0x01, 0x44, 0x00, 0x3D, 0x02, 0x44, 0x00, 0x9C, 0x03,
424 0x04, 0x00, 0x9D, 0x04, 0x05, 0xC0, 0x03, 0x40, 0x24, 0xC0, 0x04, 0x41,
425 0x24, 0xC0, 0x05, 0x42, 0x24, 0xC0, 0x08, 0x20, 0x24, 0xC0, 0x09, 0x21,
426 0x24, 0xC0, 0x0A, 0x22, 0x24, 0xC0, 0x0D, 0x30, 0x24, 0xC0, 0x0E, 0x31,
427 0x24, 0xC0, 0x0F, 0x32, 0x24, 0xC0, 0x12, 0x10, 0x24, 0xC0, 0x13, 0x11,
428 0x24, 0xC0, 0x14, 0x12, 0x24, 0xC0, 0x23, 0x21, 0x44, 0xC0, 0x24, 0x22,
429 0x55, 0xC0, 0x25, 0x41, 0x44, 0xC0, 0x26, 0x42, 0x55, 0xC0, 0x27, 0x11,
430 0x44, 0xC0, 0x28, 0x12, 0x55, 0xC0, 0x29, 0x31, 0x44, 0xC0, 0x2A, 0x32,
431 0x55, 0xC0, 0x2B, 0x23, 0x04, 0xC0, 0x2C, 0x24, 0x05, 0xC0, 0x2D, 0x43,
432 0x04, 0xC0, 0x2E, 0x44, 0x05, 0xC0, 0x2F, 0x13, 0x04, 0xC0, 0x30, 0x14,
433 0x05, 0xC0, 0x31, 0x33, 0x04, 0xC0, 0x32, 0x34, 0x05, 0xCC, 0xA8, 0x15,
434 0x04, 0xCC, 0xA9, 0x25, 0x04, 0x00, 0x00
435 };
436
437 static const uint8_t t0_codeblock[] = {
438 0x00, 0x01, 0x00, 0x0A, 0x00, 0x00, 0x01, 0x00, 0x0D, 0x00, 0x00, 0x01,
439 0x00, 0x0E, 0x00, 0x00, 0x01, 0x00, 0x0F, 0x00, 0x00, 0x01, 0x01, 0x08,
440 0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x02, 0x08, 0x00, 0x00,
441 0x01, 0x02, 0x09, 0x00, 0x00, 0x24, 0x24, 0x00, 0x00, 0x01,
442 T0_INT1(BR_ERR_BAD_CCS), 0x00, 0x00, 0x01,
443 T0_INT1(BR_ERR_BAD_CIPHER_SUITE), 0x00, 0x00, 0x01,
444 T0_INT1(BR_ERR_BAD_COMPRESSION), 0x00, 0x00, 0x01,
445 T0_INT1(BR_ERR_BAD_FINISHED), 0x00, 0x00, 0x01,
446 T0_INT1(BR_ERR_BAD_FRAGLEN), 0x00, 0x00, 0x01,
447 T0_INT1(BR_ERR_BAD_HANDSHAKE), 0x00, 0x00, 0x01,
448 T0_INT1(BR_ERR_BAD_HELLO_DONE), 0x00, 0x00, 0x01,
449 T0_INT1(BR_ERR_BAD_PARAM), 0x00, 0x00, 0x01,
450 T0_INT1(BR_ERR_BAD_SECRENEG), 0x00, 0x00, 0x01,
451 T0_INT1(BR_ERR_BAD_SNI), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_BAD_VERSION),
452 0x00, 0x00, 0x01, T0_INT1(BR_ERR_EXTRA_EXTENSION), 0x00, 0x00, 0x01,
453 T0_INT1(BR_ERR_INVALID_ALGORITHM), 0x00, 0x00, 0x01,
454 T0_INT1(BR_ERR_LIMIT_EXCEEDED), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OK),
455 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OVERSIZED_ID), 0x00, 0x00, 0x01,
456 T0_INT1(BR_ERR_RESUME_MISMATCH), 0x00, 0x00, 0x01,
457 T0_INT1(BR_ERR_UNEXPECTED), 0x00, 0x00, 0x01,
458 T0_INT1(BR_ERR_UNSUPPORTED_VERSION), 0x00, 0x00, 0x01,
459 T0_INT1(BR_ERR_WRONG_KEY_USAGE), 0x00, 0x00, 0x01,
460 T0_INT2(offsetof(br_ssl_engine_context, action)), 0x00, 0x00, 0x01,
461 T0_INT2(offsetof(br_ssl_engine_context, alert)), 0x00, 0x00, 0x01,
462 T0_INT2(offsetof(br_ssl_engine_context, application_data)), 0x00, 0x00,
463 0x01, T0_INT2(offsetof(br_ssl_client_context, auth_type)), 0x00, 0x00,
464 0x01,
465 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, cipher_suite)),
466 0x00, 0x00, 0x01,
467 T0_INT2(offsetof(br_ssl_engine_context, client_random)), 0x00, 0x00,
468 0x01, T0_INT2(offsetof(br_ssl_engine_context, close_received)), 0x00,
469 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_curve)),
470 0x00, 0x00, 0x01,
471 T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point)), 0x00, 0x00,
472 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point_len)), 0x00,
473 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, flags)), 0x00,
474 0x00, 0x01, T0_INT2(offsetof(br_ssl_client_context, hash_id)), 0x00,
475 0x00, 0x01, T0_INT2(offsetof(br_ssl_client_context, hashes)), 0x00,
476 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, log_max_frag_len)),
477 0x00, 0x00, 0x01,
478 T0_INT2(offsetof(br_ssl_client_context, min_clienthello_len)), 0x00,
479 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, pad)), 0x00, 0x00,
480 0x01, T0_INT2(offsetof(br_ssl_engine_context, record_type_in)), 0x00,
481 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, record_type_out)),
482 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, reneg)),
483 0x00, 0x00, 0x01,
484 T0_INT2(offsetof(br_ssl_engine_context, saved_finished)), 0x00, 0x00,
485 0x01, T0_INT2(offsetof(br_ssl_engine_context, server_name)), 0x00,
486 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, server_random)),
487 0x00, 0x00, 0x01,
488 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id)),
489 0x00, 0x00, 0x01,
490 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id_len)),
491 0x00, 0x00, 0x01,
492 T0_INT2(offsetof(br_ssl_engine_context, shutdown_recv)), 0x00, 0x00,
493 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_buf)), 0x00, 0x00,
494 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_num)), 0x00, 0x00,
495 0x01,
496 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, version)),
497 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_in)),
498 0x00, 0x00, 0x01,
499 T0_INT2(offsetof(br_ssl_engine_context, version_max)), 0x00, 0x00,
500 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_min)), 0x00,
501 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_out)),
502 0x00, 0x00, 0x09, 0x25, 0x52, 0x06, 0x02, 0x62, 0x26, 0x00, 0x00, 0x06,
503 0x08, 0x2A, 0x0E, 0x05, 0x02, 0x6B, 0x26, 0x04, 0x01, 0x3A, 0x00, 0x00,
504 0x01, 0x01, 0x00, 0x01, 0x03, 0x00, 0x91, 0x25, 0x58, 0x41, 0x95, 0x25,
505 0x05, 0x04, 0x5A, 0x01, 0x00, 0x00, 0x02, 0x00, 0x0E, 0x06, 0x02, 0x95,
506 0x00, 0x58, 0x04, 0x6B, 0x00, 0x06, 0x02, 0x62, 0x26, 0x00, 0x00, 0x25,
507 0x82, 0x41, 0x05, 0x03, 0x01, 0x0C, 0x08, 0x41, 0x73, 0x2A, 0xA3, 0x1C,
508 0x7E, 0x01, 0x0C, 0x2F, 0x00, 0x00, 0x25, 0x1E, 0x01, 0x08, 0x0B, 0x41,
509 0x56, 0x1E, 0x08, 0x00, 0x01, 0x03, 0x00, 0x01, 0x00, 0x71, 0x3B, 0x27,
510 0x1A, 0x34, 0x06, 0x07, 0x02, 0x00, 0xC5, 0x03, 0x00, 0x04, 0x75, 0x01,
511 0x00, 0xBC, 0x02, 0x00, 0x25, 0x1A, 0x17, 0x06, 0x02, 0x69, 0x26, 0xC5,
512 0x04, 0x76, 0x01, 0x01, 0x00, 0x71, 0x3B, 0x01, 0x16, 0x80, 0x3B, 0x32,
513 0xCB, 0x27, 0xAB, 0x06, 0x09, 0x01, 0x7F, 0xA6, 0x01, 0x7F, 0xC8, 0x04,
514 0x80, 0x53, 0xA8, 0x73, 0x2A, 0x99, 0x01, T0_INT1(BR_KEYTYPE_SIGN),
515 0x17, 0x06, 0x01, 0xAC, 0xAF, 0x25, 0x01, 0x0D, 0x0E, 0x06, 0x07, 0x24,
516 0xAE, 0xAF, 0x01, 0x7F, 0x04, 0x02, 0x01, 0x00, 0x03, 0x00, 0x01, 0x0E,
517 0x0E, 0x05, 0x02, 0x6C, 0x26, 0x06, 0x02, 0x61, 0x26, 0x31, 0x06, 0x02,
518 0x6C, 0x26, 0x02, 0x00, 0x06, 0x1C, 0xC9, 0x7A, 0x2C, 0x01, 0x81, 0x7F,
519 0x0E, 0x06, 0x0D, 0x24, 0x01, 0x10, 0xD4, 0x01, 0x00, 0xD3, 0x73, 0x2A,
520 0xA3, 0x23, 0x04, 0x04, 0xCC, 0x06, 0x01, 0xCA, 0x04, 0x01, 0xCC, 0x01,
521 0x7F, 0xC8, 0x01, 0x7F, 0xA6, 0x01, 0x01, 0x71, 0x3B, 0x01, 0x17, 0x80,
522 0x3B, 0x00, 0x00, 0x36, 0x36, 0x00, 0x00, 0x92, 0x01, 0x0C, 0x11, 0x01,
523 0x00, 0x36, 0x0E, 0x06, 0x05, 0x24, 0x01,
524 T0_INT1(BR_KEYTYPE_RSA | BR_KEYTYPE_KEYX), 0x04, 0x30, 0x01, 0x01,
525 0x36, 0x0E, 0x06, 0x05, 0x24, 0x01,
526 T0_INT1(BR_KEYTYPE_RSA | BR_KEYTYPE_SIGN), 0x04, 0x25, 0x01, 0x02,
527 0x36, 0x0E, 0x06, 0x05, 0x24, 0x01,
528 T0_INT1(BR_KEYTYPE_EC | BR_KEYTYPE_SIGN), 0x04, 0x1A, 0x01, 0x03,
529 0x36, 0x0E, 0x06, 0x05, 0x24, 0x01,
530 T0_INT1(BR_KEYTYPE_EC | BR_KEYTYPE_KEYX), 0x04, 0x0F, 0x01, 0x04,
531 0x36, 0x0E, 0x06, 0x05, 0x24, 0x01,
532 T0_INT1(BR_KEYTYPE_EC | BR_KEYTYPE_KEYX), 0x04, 0x04, 0x01, 0x00,
533 0x41, 0x24, 0x00, 0x00, 0x7C, 0x2C, 0x01, 0x0E, 0x0E, 0x06, 0x04, 0x01,
534 0x00, 0x04, 0x02, 0x01, 0x05, 0x00, 0x00, 0x3D, 0x06, 0x04, 0x01, 0x06,
535 0x04, 0x02, 0x01, 0x00, 0x00, 0x00, 0x81, 0x2C, 0x25, 0x06, 0x08, 0x01,
536 0x01, 0x09, 0x01, 0x11, 0x07, 0x04, 0x03, 0x24, 0x01, 0x05, 0x00, 0x01,
537 0x3E, 0x03, 0x00, 0x24, 0x01, 0x00, 0x40, 0x06, 0x03, 0x02, 0x00, 0x08,
538 0x3F, 0x06, 0x03, 0x02, 0x00, 0x08, 0x25, 0x06, 0x06, 0x01, 0x01, 0x0B,
539 0x01, 0x06, 0x08, 0x00, 0x00, 0x83, 0x3C, 0x25, 0x06, 0x03, 0x01, 0x09,
540 0x08, 0x00, 0x01, 0x3D, 0x25, 0x06, 0x1E, 0x01, 0x00, 0x03, 0x00, 0x25,
541 0x06, 0x0E, 0x25, 0x01, 0x01, 0x17, 0x02, 0x00, 0x08, 0x03, 0x00, 0x01,
542 0x01, 0x11, 0x04, 0x6F, 0x24, 0x02, 0x00, 0x01, 0x01, 0x0B, 0x01, 0x06,
543 0x08, 0x00, 0x00, 0x79, 0x2B, 0x41, 0x11, 0x01, 0x01, 0x17, 0x33, 0x00,
544 0x00, 0x97, 0xC4, 0x25, 0x01, 0x07, 0x17, 0x01, 0x00, 0x36, 0x0E, 0x06,
545 0x09, 0x24, 0x01, 0x10, 0x17, 0x06, 0x01, 0x97, 0x04, 0x2D, 0x01, 0x01,
546 0x36, 0x0E, 0x06, 0x24, 0x24, 0x24, 0x01, 0x00, 0x71, 0x3B, 0xAA, 0x81,
547 0x2C, 0x01, 0x01, 0x0E, 0x01, 0x01, 0xA0, 0x35, 0x06, 0x0F, 0x27, 0x1A,
548 0x34, 0x06, 0x04, 0xC4, 0x24, 0x04, 0x78, 0x01, 0x80, 0x64, 0xBC, 0x04,
549 0x01, 0x97, 0x04, 0x03, 0x6C, 0x26, 0x24, 0x04, 0xFF, 0x3C, 0x01, 0x25,
550 0x03, 0x00, 0x09, 0x25, 0x52, 0x06, 0x02, 0x62, 0x26, 0x02, 0x00, 0x00,
551 0x00, 0x92, 0x01, 0x0F, 0x17, 0x00, 0x00, 0x70, 0x2C, 0x01, 0x00, 0x36,
552 0x0E, 0x06, 0x10, 0x24, 0x25, 0x01, 0x01, 0x0D, 0x06, 0x03, 0x24, 0x01,
553 0x02, 0x70, 0x3B, 0x01, 0x00, 0x04, 0x22, 0x01, 0x01, 0x36, 0x0E, 0x06,
554 0x15, 0x24, 0x01, 0x00, 0x70, 0x3B, 0x25, 0x01, 0x80, 0x64, 0x0E, 0x06,
555 0x05, 0x01, 0x82, 0x00, 0x08, 0x26, 0x54, 0x00, 0x04, 0x07, 0x24, 0x01,
556 0x82, 0x00, 0x08, 0x26, 0x24, 0x00, 0x00, 0x01, 0x00, 0x2D, 0x06, 0x05,
557 0x38, 0xA4, 0x35, 0x04, 0x78, 0x25, 0x06, 0x04, 0x01, 0x01, 0x87, 0x3B,
558 0x00, 0x00, 0x2D, 0x06, 0x0B, 0x7F, 0x2C, 0x01, 0x14, 0x0D, 0x06, 0x02,
559 0x6C, 0x26, 0x04, 0x11, 0xC4, 0x01, 0x07, 0x17, 0x25, 0x01, 0x02, 0x0D,
560 0x06, 0x06, 0x06, 0x02, 0x6C, 0x26, 0x04, 0x70, 0x24, 0xB9, 0x01, 0x01,
561 0x0D, 0x31, 0x35, 0x06, 0x02, 0x5B, 0x26, 0x25, 0x01, 0x01, 0xBF, 0x34,
562 0xA9, 0x00, 0x01, 0xAF, 0x01, 0x0B, 0x0E, 0x05, 0x02, 0x6C, 0x26, 0x25,
563 0x01, 0x03, 0x0E, 0x06, 0x08, 0xB7, 0x06, 0x02, 0x62, 0x26, 0x41, 0x24,
564 0x00, 0x41, 0x51, 0xB7, 0xA2, 0x25, 0x06, 0x23, 0xB7, 0xA2, 0x25, 0x50,
565 0x25, 0x06, 0x18, 0x25, 0x01, 0x82, 0x00, 0x0F, 0x06, 0x05, 0x01, 0x82,
566 0x00, 0x04, 0x01, 0x25, 0x03, 0x00, 0x7E, 0x02, 0x00, 0xAD, 0x02, 0x00,
567 0x4D, 0x04, 0x65, 0x93, 0x4E, 0x04, 0x5A, 0x93, 0x93, 0x4F, 0x25, 0x06,
568 0x02, 0x33, 0x00, 0x24, 0x29, 0x00, 0x00, 0x73, 0x2A, 0x99, 0x01, 0x7F,
569 0xA7, 0x25, 0x52, 0x06, 0x02, 0x33, 0x26, 0x25, 0x05, 0x02, 0x6C, 0x26,
570 0x36, 0x17, 0x0D, 0x06, 0x02, 0x6E, 0x26, 0x39, 0x00, 0x00, 0x94, 0xAF,
571 0x01, 0x14, 0x0D, 0x06, 0x02, 0x6C, 0x26, 0x7E, 0x01, 0x0C, 0x08, 0x01,
572 0x0C, 0xAD, 0x93, 0x7E, 0x25, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0x2E, 0x05,
573 0x02, 0x5E, 0x26, 0x00, 0x00, 0xB0, 0x06, 0x02, 0x6C, 0x26, 0x06, 0x02,
574 0x60, 0x26, 0x00, 0x09, 0xAF, 0x01, 0x02, 0x0E, 0x05, 0x02, 0x6C, 0x26,
575 0xB6, 0x03, 0x00, 0x02, 0x00, 0x8D, 0x2A, 0x0A, 0x02, 0x00, 0x8C, 0x2A,
576 0x0F, 0x35, 0x06, 0x02, 0x6D, 0x26, 0x02, 0x00, 0x8B, 0x2A, 0x0D, 0x06,
577 0x02, 0x65, 0x26, 0x02, 0x00, 0x8E, 0x3A, 0x84, 0x01, 0x20, 0xAD, 0x01,
578 0x00, 0x03, 0x01, 0xB8, 0x03, 0x02, 0x02, 0x02, 0x01, 0x20, 0x0F, 0x06,
579 0x02, 0x6A, 0x26, 0x7E, 0x02, 0x02, 0xAD, 0x02, 0x02, 0x86, 0x2C, 0x0E,
580 0x02, 0x02, 0x01, 0x00, 0x0F, 0x17, 0x06, 0x0B, 0x85, 0x7E, 0x02, 0x02,
581 0x2E, 0x06, 0x04, 0x01, 0x7F, 0x03, 0x01, 0x85, 0x7E, 0x02, 0x02, 0x2F,
582 0x02, 0x02, 0x86, 0x3B, 0x02, 0x00, 0x8A, 0x02, 0x01, 0x90, 0xB6, 0x25,
583 0xBA, 0x52, 0x06, 0x02, 0x5C, 0x26, 0x73, 0x02, 0x01, 0x90, 0xB8, 0x06,
584 0x02, 0x5D, 0x26, 0x25, 0x06, 0x81, 0x2D, 0xB6, 0xA2, 0x9E, 0x03, 0x03,
585 0x9C, 0x03, 0x04, 0x9A, 0x03, 0x05, 0x9D, 0x03, 0x06, 0x9F, 0x03, 0x07,
586 0x9B, 0x03, 0x08, 0x25, 0x06, 0x81, 0x03, 0xB6, 0x01, 0x00, 0x36, 0x0E,
587 0x06, 0x0F, 0x24, 0x02, 0x03, 0x05, 0x02, 0x66, 0x26, 0x01, 0x00, 0x03,
588 0x03, 0xB5, 0x04, 0x80, 0x6A, 0x01, 0x01, 0x36, 0x0E, 0x06, 0x0F, 0x24,
589 0x02, 0x05, 0x05, 0x02, 0x66, 0x26, 0x01, 0x00, 0x03, 0x05, 0xB3, 0x04,
590 0x80, 0x55, 0x01, 0x83, 0xFE, 0x01, 0x36, 0x0E, 0x06, 0x0E, 0x24, 0x02,
591 0x04, 0x05, 0x02, 0x66, 0x26, 0x01, 0x00, 0x03, 0x04, 0xB4, 0x04, 0x3F,
592 0x01, 0x0D, 0x36, 0x0E, 0x06, 0x0E, 0x24, 0x02, 0x06, 0x05, 0x02, 0x66,
593 0x26, 0x01, 0x00, 0x03, 0x06, 0xB1, 0x04, 0x2B, 0x01, 0x0A, 0x36, 0x0E,
594 0x06, 0x0E, 0x24, 0x02, 0x07, 0x05, 0x02, 0x66, 0x26, 0x01, 0x00, 0x03,
595 0x07, 0xB1, 0x04, 0x17, 0x01, 0x0B, 0x36, 0x0E, 0x06, 0x0E, 0x24, 0x02,
596 0x08, 0x05, 0x02, 0x66, 0x26, 0x01, 0x00, 0x03, 0x08, 0xB1, 0x04, 0x03,
597 0x66, 0x26, 0x24, 0x04, 0xFE, 0x79, 0x02, 0x04, 0x06, 0x0D, 0x02, 0x04,
598 0x01, 0x05, 0x0F, 0x06, 0x02, 0x63, 0x26, 0x01, 0x01, 0x81, 0x3B, 0x93,
599 0x93, 0x02, 0x01, 0x00, 0x04, 0xAF, 0x01, 0x0C, 0x0E, 0x05, 0x02, 0x6C,
600 0x26, 0xB8, 0x01, 0x03, 0x0E, 0x05, 0x02, 0x67, 0x26, 0xB6, 0x25, 0x76,
601 0x3B, 0x25, 0x01, 0x20, 0x10, 0x06, 0x02, 0x67, 0x26, 0x3D, 0x41, 0x11,
602 0x01, 0x01, 0x17, 0x05, 0x02, 0x67, 0x26, 0xB8, 0x25, 0x01, 0x81, 0x05,
603 0x0F, 0x06, 0x02, 0x67, 0x26, 0x25, 0x78, 0x3B, 0x77, 0x41, 0xAD, 0x8A,
604 0x2A, 0x01, 0x86, 0x03, 0x10, 0x03, 0x00, 0x73, 0x2A, 0xC2, 0x03, 0x01,
605 0x01, 0x02, 0x03, 0x02, 0x02, 0x00, 0x06, 0x21, 0xB8, 0x25, 0x25, 0x01,
606 0x02, 0x0A, 0x41, 0x01, 0x06, 0x0F, 0x35, 0x06, 0x02, 0x67, 0x26, 0x03,
607 0x02, 0xB8, 0x02, 0x01, 0x01, 0x01, 0x0B, 0x01, 0x03, 0x08, 0x0E, 0x05,
608 0x02, 0x67, 0x26, 0x04, 0x08, 0x02, 0x01, 0x06, 0x04, 0x01, 0x00, 0x03,
609 0x02, 0xB6, 0x25, 0x03, 0x03, 0x25, 0x01, 0x84, 0x00, 0x0F, 0x06, 0x02,
610 0x68, 0x26, 0x7E, 0x41, 0xAD, 0x02, 0x02, 0x02, 0x01, 0x02, 0x03, 0x4A,
611 0x25, 0x06, 0x01, 0x26, 0x24, 0x93, 0x00, 0x02, 0x03, 0x00, 0x03, 0x01,
612 0x02, 0x00, 0x8F, 0x02, 0x01, 0x02, 0x00, 0x37, 0x25, 0x01, 0x00, 0x0E,
613 0x06, 0x02, 0x5A, 0x00, 0xC6, 0x04, 0x74, 0x02, 0x01, 0x00, 0x03, 0x00,
614 0xB8, 0xA2, 0x25, 0x06, 0x80, 0x43, 0xB8, 0x01, 0x01, 0x36, 0x0E, 0x06,
615 0x06, 0x24, 0x01, 0x81, 0x7F, 0x04, 0x2E, 0x01, 0x80, 0x40, 0x36, 0x0E,
616 0x06, 0x07, 0x24, 0x01, 0x83, 0xFE, 0x00, 0x04, 0x20, 0x01, 0x80, 0x41,
617 0x36, 0x0E, 0x06, 0x07, 0x24, 0x01, 0x84, 0x80, 0x00, 0x04, 0x12, 0x01,
618 0x80, 0x42, 0x36, 0x0E, 0x06, 0x07, 0x24, 0x01, 0x88, 0x80, 0x00, 0x04,
619 0x04, 0x01, 0x00, 0x41, 0x24, 0x02, 0x00, 0x35, 0x03, 0x00, 0x04, 0xFF,
620 0x39, 0x93, 0x73, 0x2A, 0xC0, 0x05, 0x09, 0x02, 0x00, 0x01, 0x83, 0xFF,
621 0x7F, 0x17, 0x03, 0x00, 0x8A, 0x2A, 0x01, 0x86, 0x03, 0x10, 0x06, 0x3A,
622 0xB2, 0x25, 0x7B, 0x3A, 0x3E, 0x24, 0x25, 0x01, 0x08, 0x0B, 0x35, 0x01,
623 0x8C, 0x80, 0x00, 0x35, 0x17, 0x02, 0x00, 0x17, 0x02, 0x00, 0x01, 0x8C,
624 0x80, 0x00, 0x17, 0x06, 0x19, 0x25, 0x01, 0x81, 0x7F, 0x17, 0x06, 0x05,
625 0x01, 0x84, 0x80, 0x00, 0x35, 0x25, 0x01, 0x83, 0xFE, 0x00, 0x17, 0x06,
626 0x05, 0x01, 0x88, 0x80, 0x00, 0x35, 0x03, 0x00, 0x04, 0x09, 0x02, 0x00,
627 0x01, 0x8C, 0x88, 0x01, 0x17, 0x03, 0x00, 0x16, 0xB6, 0xA2, 0x25, 0x06,
628 0x23, 0xB6, 0xA2, 0x25, 0x15, 0x25, 0x06, 0x18, 0x25, 0x01, 0x82, 0x00,
629 0x0F, 0x06, 0x05, 0x01, 0x82, 0x00, 0x04, 0x01, 0x25, 0x03, 0x01, 0x7E,
630 0x02, 0x01, 0xAD, 0x02, 0x01, 0x12, 0x04, 0x65, 0x93, 0x13, 0x04, 0x5A,
631 0x93, 0x14, 0x93, 0x02, 0x00, 0x28, 0x00, 0x00, 0xB0, 0x25, 0x54, 0x06,
632 0x07, 0x24, 0x06, 0x02, 0x60, 0x26, 0x04, 0x74, 0x00, 0x00, 0xB9, 0x01,
633 0x03, 0xB7, 0x41, 0x24, 0x41, 0x00, 0x00, 0xB6, 0xBD, 0x00, 0x03, 0x01,
634 0x00, 0x03, 0x00, 0xB6, 0xA2, 0x25, 0x06, 0x32, 0xB8, 0x03, 0x01, 0xB8,
635 0x03, 0x02, 0x02, 0x01, 0x01, 0x02, 0x10, 0x02, 0x01, 0x01, 0x06, 0x0C,
636 0x17, 0x02, 0x02, 0x01, 0x01, 0x0E, 0x02, 0x02, 0x01, 0x03, 0x0E, 0x35,
637 0x17, 0x06, 0x11, 0x02, 0x00, 0x01, 0x01, 0x02, 0x02, 0x57, 0x01, 0x02,
638 0x0B, 0x02, 0x01, 0x08, 0x0B, 0x35, 0x03, 0x00, 0x04, 0x4B, 0x93, 0x02,
639 0x00, 0x00, 0x00, 0xB6, 0x01, 0x01, 0x0E, 0x05, 0x02, 0x5F, 0x26, 0xB8,
640 0x01, 0x08, 0x08, 0x7C, 0x2C, 0x0E, 0x05, 0x02, 0x5F, 0x26, 0x00, 0x00,
641 0xB6, 0x81, 0x2C, 0x05, 0x15, 0x01, 0x01, 0x0E, 0x05, 0x02, 0x63, 0x26,
642 0xB8, 0x01, 0x00, 0x0E, 0x05, 0x02, 0x63, 0x26, 0x01, 0x02, 0x81, 0x3B,
643 0x04, 0x1C, 0x01, 0x19, 0x0E, 0x05, 0x02, 0x63, 0x26, 0xB8, 0x01, 0x18,
644 0x0E, 0x05, 0x02, 0x63, 0x26, 0x7E, 0x01, 0x18, 0xAD, 0x82, 0x7E, 0x01,
645 0x18, 0x2E, 0x05, 0x02, 0x63, 0x26, 0x00, 0x00, 0xB6, 0x06, 0x02, 0x64,
646 0x26, 0x00, 0x00, 0x01, 0x02, 0x8F, 0xB9, 0x01, 0x08, 0x0B, 0xB9, 0x08,
647 0x00, 0x00, 0x01, 0x03, 0x8F, 0xB9, 0x01, 0x08, 0x0B, 0xB9, 0x08, 0x01,
648 0x08, 0x0B, 0xB9, 0x08, 0x00, 0x00, 0x01, 0x01, 0x8F, 0xB9, 0x00, 0x00,
649 0x38, 0x25, 0x52, 0x05, 0x01, 0x00, 0x24, 0xC6, 0x04, 0x76, 0x02, 0x03,
650 0x00, 0x89, 0x2C, 0x03, 0x01, 0x01, 0x00, 0x25, 0x02, 0x01, 0x0A, 0x06,
651 0x10, 0x25, 0x01, 0x01, 0x0B, 0x88, 0x08, 0x2A, 0x02, 0x00, 0x0E, 0x06,
652 0x01, 0x00, 0x56, 0x04, 0x6A, 0x24, 0x01, 0x7F, 0x00, 0x00, 0x01, 0x15,
653 0x80, 0x3B, 0x41, 0x4C, 0x24, 0x4C, 0x24, 0x27, 0x00, 0x00, 0x01, 0x01,
654 0x41, 0xBB, 0x00, 0x00, 0x41, 0x36, 0x8F, 0x41, 0x25, 0x06, 0x05, 0xB9,
655 0x24, 0x57, 0x04, 0x78, 0x24, 0x00, 0x00, 0x25, 0x01, 0x81, 0xAC, 0x00,
656 0x0E, 0x06, 0x04, 0x24, 0x01, 0x7F, 0x00, 0x92, 0x53, 0x00, 0x02, 0x03,
657 0x00, 0x73, 0x2A, 0x92, 0x03, 0x01, 0x02, 0x01, 0x01, 0x0F, 0x17, 0x02,
658 0x01, 0x01, 0x04, 0x11, 0x01, 0x0F, 0x17, 0x02, 0x01, 0x01, 0x08, 0x11,
659 0x01, 0x0F, 0x17, 0x01, 0x00, 0x36, 0x0E, 0x06, 0x10, 0x24, 0x01, 0x00,
660 0x01, 0x18, 0x02, 0x00, 0x06, 0x03, 0x44, 0x04, 0x01, 0x45, 0x04, 0x80,
661 0x68, 0x01, 0x01, 0x36, 0x0E, 0x06, 0x10, 0x24, 0x01, 0x01, 0x01, 0x10,
662 0x02, 0x00, 0x06, 0x03, 0x44, 0x04, 0x01, 0x45, 0x04, 0x80, 0x52, 0x01,
663 0x02, 0x36, 0x0E, 0x06, 0x0F, 0x24, 0x01, 0x01, 0x01, 0x20, 0x02, 0x00,
664 0x06, 0x03, 0x44, 0x04, 0x01, 0x45, 0x04, 0x3D, 0x01, 0x03, 0x36, 0x0E,
665 0x06, 0x0E, 0x24, 0x24, 0x01, 0x10, 0x02, 0x00, 0x06, 0x03, 0x42, 0x04,
666 0x01, 0x43, 0x04, 0x29, 0x01, 0x04, 0x36, 0x0E, 0x06, 0x0E, 0x24, 0x24,
667 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x42, 0x04, 0x01, 0x43, 0x04, 0x15,
668 0x01, 0x05, 0x36, 0x0E, 0x06, 0x0C, 0x24, 0x24, 0x02, 0x00, 0x06, 0x03,
669 0x46, 0x04, 0x01, 0x47, 0x04, 0x03, 0x62, 0x26, 0x24, 0x00, 0x00, 0x92,
670 0x01, 0x0C, 0x11, 0x01, 0x02, 0x0F, 0x00, 0x00, 0x92, 0x01, 0x0C, 0x11,
671 0x25, 0x55, 0x41, 0x01, 0x03, 0x0A, 0x17, 0x00, 0x00, 0x92, 0x01, 0x0C,
672 0x11, 0x01, 0x01, 0x0E, 0x00, 0x00, 0x92, 0x01, 0x0C, 0x11, 0x54, 0x00,
673 0x00, 0x1B, 0x01, 0x00, 0x6F, 0x2C, 0x25, 0x06, 0x1F, 0x01, 0x01, 0x36,
674 0x0E, 0x06, 0x06, 0x24, 0x01, 0x00, 0x96, 0x04, 0x11, 0x01, 0x02, 0x36,
675 0x0E, 0x06, 0x0A, 0x24, 0x71, 0x2C, 0x06, 0x03, 0x01, 0x10, 0x35, 0x04,
676 0x01, 0x24, 0x04, 0x01, 0x24, 0x75, 0x2C, 0x05, 0x33, 0x2D, 0x06, 0x30,
677 0x7F, 0x2C, 0x01, 0x14, 0x36, 0x0E, 0x06, 0x06, 0x24, 0x01, 0x02, 0x35,
678 0x04, 0x22, 0x01, 0x15, 0x36, 0x0E, 0x06, 0x09, 0x24, 0xA5, 0x06, 0x03,
679 0x01, 0x7F, 0x96, 0x04, 0x13, 0x01, 0x16, 0x36, 0x0E, 0x06, 0x06, 0x24,
680 0x01, 0x01, 0x35, 0x04, 0x07, 0x24, 0x01, 0x04, 0x35, 0x01, 0x00, 0x24,
681 0x1A, 0x06, 0x03, 0x01, 0x08, 0x35, 0x00, 0x00, 0x1B, 0x25, 0x05, 0x0F,
682 0x2D, 0x06, 0x0C, 0x7F, 0x2C, 0x01, 0x15, 0x0E, 0x06, 0x04, 0x24, 0xA5,
683 0x04, 0x01, 0x1F, 0x00, 0x00, 0xC4, 0x01, 0x07, 0x17, 0x01, 0x01, 0x0F,
684 0x06, 0x02, 0x6C, 0x26, 0x00, 0x01, 0x03, 0x00, 0x27, 0x1A, 0x06, 0x05,
685 0x02, 0x00, 0x80, 0x3B, 0x00, 0xC4, 0x24, 0x04, 0x74, 0x00, 0x01, 0x14,
686 0xC7, 0x01, 0x01, 0xD4, 0x27, 0x25, 0x01, 0x00, 0xBF, 0x01, 0x16, 0xC7,
687 0xCD, 0x27, 0x00, 0x00, 0x01, 0x0B, 0xD4, 0x48, 0x25, 0x25, 0x01, 0x03,
688 0x08, 0xD3, 0xD3, 0x18, 0x25, 0x52, 0x06, 0x02, 0x24, 0x00, 0xD3, 0x1D,
689 0x25, 0x06, 0x05, 0x7E, 0x41, 0xCE, 0x04, 0x77, 0x24, 0x04, 0x6C, 0x00,
690 0x20, 0x01, 0x0F, 0xD4, 0x25, 0x8A, 0x2A, 0x01, 0x86, 0x03, 0x10, 0x06,
691 0x0C, 0x01, 0x04, 0x08, 0xD3, 0x7A, 0x2C, 0xD4, 0x72, 0x2C, 0xD4, 0x04,
692 0x02, 0x58, 0xD3, 0x25, 0xD2, 0x7E, 0x41, 0xCE, 0x00, 0x02, 0x9C, 0x9E,
693 0x08, 0x9A, 0x08, 0x9D, 0x08, 0x9F, 0x08, 0x9B, 0x08, 0x03, 0x00, 0x01,
694 0x01, 0xD4, 0x01, 0x27, 0x86, 0x2C, 0x08, 0x89, 0x2C, 0x01, 0x01, 0x0B,
695 0x08, 0x02, 0x00, 0x06, 0x04, 0x58, 0x02, 0x00, 0x08, 0x7D, 0x2A, 0x36,
696 0x09, 0x25, 0x55, 0x06, 0x24, 0x02, 0x00, 0x05, 0x04, 0x41, 0x58, 0x41,
697 0x59, 0x01, 0x04, 0x09, 0x25, 0x52, 0x06, 0x03, 0x24, 0x01, 0x00, 0x25,
698 0x01, 0x04, 0x08, 0x02, 0x00, 0x08, 0x03, 0x00, 0x41, 0x01, 0x04, 0x08,
699 0x36, 0x08, 0x41, 0x04, 0x03, 0x24, 0x01, 0x7F, 0x03, 0x01, 0xD3, 0x8C,
700 0x2A, 0xD2, 0x74, 0x01, 0x04, 0x19, 0x74, 0x01, 0x04, 0x08, 0x01, 0x1C,
701 0x30, 0x74, 0x01, 0x20, 0xCE, 0x85, 0x86, 0x2C, 0xD0, 0x89, 0x2C, 0x25,
702 0x01, 0x01, 0x0B, 0xD2, 0x88, 0x41, 0x25, 0x06, 0x0F, 0x57, 0x36, 0x2A,
703 0x25, 0xBE, 0x05, 0x02, 0x5C, 0x26, 0xD2, 0x41, 0x58, 0x41, 0x04, 0x6E,
704 0x5A, 0x01, 0x01, 0xD4, 0x01, 0x00, 0xD4, 0x02, 0x00, 0x06, 0x81, 0x22,
705 0x02, 0x00, 0xD2, 0x9C, 0x06, 0x0E, 0x01, 0x83, 0xFE, 0x01, 0xD2, 0x82,
706 0x9C, 0x01, 0x04, 0x09, 0x25, 0xD2, 0x57, 0xD0, 0x9E, 0x06, 0x16, 0x01,
707 0x00, 0xD2, 0x83, 0x9E, 0x01, 0x04, 0x09, 0x25, 0xD2, 0x01, 0x02, 0x09,
708 0x25, 0xD2, 0x01, 0x00, 0xD4, 0x01, 0x03, 0x09, 0xCF, 0x9A, 0x06, 0x0C,
709 0x01, 0x01, 0xD2, 0x01, 0x01, 0xD2, 0x7C, 0x2C, 0x01, 0x08, 0x09, 0xD4,
710 0x9D, 0x06, 0x19, 0x01, 0x0D, 0xD2, 0x9D, 0x01, 0x04, 0x09, 0x25, 0xD2,
711 0x01, 0x02, 0x09, 0xD2, 0x3F, 0x06, 0x03, 0x01, 0x03, 0xD1, 0x40, 0x06,
712 0x03, 0x01, 0x01, 0xD1, 0x9F, 0x25, 0x06, 0x22, 0x01, 0x0A, 0xD2, 0x01,
713 0x04, 0x09, 0x25, 0xD2, 0x59, 0xD2, 0x3D, 0x01, 0x00, 0x25, 0x01, 0x20,
714 0x0A, 0x06, 0x0C, 0x98, 0x11, 0x01, 0x01, 0x17, 0x06, 0x02, 0x25, 0xD2,
715 0x56, 0x04, 0x6E, 0x5A, 0x04, 0x01, 0x24, 0x9B, 0x06, 0x0A, 0x01, 0x0B,
716 0xD2, 0x01, 0x02, 0xD2, 0x01, 0x82, 0x00, 0xD2, 0x02, 0x01, 0x52, 0x05,
717 0x11, 0x01, 0x15, 0xD2, 0x02, 0x01, 0x25, 0xD2, 0x25, 0x06, 0x06, 0x57,
718 0x01, 0x00, 0xD4, 0x04, 0x77, 0x24, 0x00, 0x00, 0x01, 0x10, 0xD4, 0x73,
719 0x2A, 0x25, 0xC3, 0x06, 0x0C, 0xA3, 0x22, 0x25, 0x58, 0xD3, 0x25, 0xD2,
720 0x7E, 0x41, 0xCE, 0x04, 0x0D, 0x25, 0xC1, 0x41, 0xA3, 0x21, 0x25, 0x56,
721 0xD3, 0x25, 0xD4, 0x7E, 0x41, 0xCE, 0x00, 0x00, 0x94, 0x01, 0x14, 0xD4,
722 0x01, 0x0C, 0xD3, 0x7E, 0x01, 0x0C, 0xCE, 0x00, 0x00, 0x4B, 0x25, 0x01,
723 0x00, 0x0E, 0x06, 0x02, 0x5A, 0x00, 0xC4, 0x24, 0x04, 0x73, 0x00, 0x25,
724 0xD2, 0xCE, 0x00, 0x00, 0x25, 0xD4, 0xCE, 0x00, 0x01, 0x03, 0x00, 0x3E,
725 0x24, 0x25, 0x01, 0x10, 0x17, 0x06, 0x06, 0x01, 0x04, 0xD4, 0x02, 0x00,
726 0xD4, 0x25, 0x01, 0x08, 0x17, 0x06, 0x06, 0x01, 0x03, 0xD4, 0x02, 0x00,
727 0xD4, 0x25, 0x01, 0x20, 0x17, 0x06, 0x06, 0x01, 0x05, 0xD4, 0x02, 0x00,
728 0xD4, 0x25, 0x01, 0x80, 0x40, 0x17, 0x06, 0x06, 0x01, 0x06, 0xD4, 0x02,
729 0x00, 0xD4, 0x01, 0x04, 0x17, 0x06, 0x06, 0x01, 0x02, 0xD4, 0x02, 0x00,
730 0xD4, 0x00, 0x00, 0x25, 0x01, 0x08, 0x49, 0xD4, 0xD4, 0x00, 0x00, 0x25,
731 0x01, 0x10, 0x49, 0xD4, 0xD2, 0x00, 0x00, 0x25, 0x4C, 0x06, 0x02, 0x24,
732 0x00, 0xC4, 0x24, 0x04, 0x76
733 };
734
735 static const uint16_t t0_caddr[] = {
736 0,
737 5,
738 10,
739 15,
740 20,
741 25,
742 30,
743 35,
744 40,
745 44,
746 48,
747 52,
748 56,
749 60,
750 64,
751 68,
752 72,
753 76,
754 80,
755 84,
756 88,
757 92,
758 96,
759 100,
760 104,
761 108,
762 112,
763 116,
764 120,
765 124,
766 129,
767 134,
768 139,
769 144,
770 149,
771 154,
772 159,
773 164,
774 169,
775 174,
776 179,
777 184,
778 189,
779 194,
780 199,
781 204,
782 209,
783 214,
784 219,
785 224,
786 229,
787 234,
788 239,
789 244,
790 249,
791 254,
792 259,
793 264,
794 269,
795 274,
796 279,
797 284,
798 293,
799 306,
800 310,
801 335,
802 341,
803 360,
804 371,
805 405,
806 521,
807 525,
808 590,
809 605,
810 616,
811 634,
812 663,
813 673,
814 709,
815 719,
816 789,
817 803,
818 809,
819 869,
820 888,
821 937,
822 1013,
823 1040,
824 1071,
825 1082,
826 1383,
827 1530,
828 1554,
829 1770,
830 1784,
831 1793,
832 1797,
833 1861,
834 1882,
835 1938,
836 1945,
837 1956,
838 1972,
839 1978,
840 1989,
841 2024,
842 2036,
843 2042,
844 2057,
845 2073,
846 2229,
847 2238,
848 2251,
849 2260,
850 2267,
851 2370,
852 2391,
853 2404,
854 2420,
855 2438,
856 2470,
857 2504,
858 2814,
859 2850,
860 2863,
861 2877,
862 2882,
863 2887,
864 2953,
865 2961,
866 2969
867 };
868
869 #define T0_INTERPRETED 82
870
871 #define T0_ENTER(ip, rp, slot) do { \
872 const unsigned char *t0_newip; \
873 uint32_t t0_lnum; \
874 t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \
875 t0_lnum = t0_parse7E_unsigned(&t0_newip); \
876 (rp) += t0_lnum; \
877 *((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \
878 (ip) = t0_newip; \
879 } while (0)
880
881 #define T0_DEFENTRY(name, slot) \
882 void \
883 name(void *ctx) \
884 { \
885 t0_context *t0ctx = ctx; \
886 t0ctx->ip = &t0_codeblock[0]; \
887 T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \
888 }
889
890 T0_DEFENTRY(br_ssl_hs_client_init_main, 161)
891
892 #define T0_NEXT(t0ipp) (*(*(t0ipp)) ++)
893
894 void
895 br_ssl_hs_client_run(void *t0ctx)
896 {
897 uint32_t *dp, *rp;
898 const unsigned char *ip;
899
900 #define T0_LOCAL(x) (*(rp - 2 - (x)))
901 #define T0_POP() (*-- dp)
902 #define T0_POPi() (*(int32_t *)(-- dp))
903 #define T0_PEEK(x) (*(dp - 1 - (x)))
904 #define T0_PEEKi(x) (*(int32_t *)(dp - 1 - (x)))
905 #define T0_PUSH(v) do { *dp = (v); dp ++; } while (0)
906 #define T0_PUSHi(v) do { *(int32_t *)dp = (v); dp ++; } while (0)
907 #define T0_RPOP() (*-- rp)
908 #define T0_RPOPi() (*(int32_t *)(-- rp))
909 #define T0_RPUSH(v) do { *rp = (v); rp ++; } while (0)
910 #define T0_RPUSHi(v) do { *(int32_t *)rp = (v); rp ++; } while (0)
911 #define T0_ROLL(x) do { \
912 size_t t0len = (size_t)(x); \
913 uint32_t t0tmp = *(dp - 1 - t0len); \
914 memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \
915 *(dp - 1) = t0tmp; \
916 } while (0)
917 #define T0_SWAP() do { \
918 uint32_t t0tmp = *(dp - 2); \
919 *(dp - 2) = *(dp - 1); \
920 *(dp - 1) = t0tmp; \
921 } while (0)
922 #define T0_ROT() do { \
923 uint32_t t0tmp = *(dp - 3); \
924 *(dp - 3) = *(dp - 2); \
925 *(dp - 2) = *(dp - 1); \
926 *(dp - 1) = t0tmp; \
927 } while (0)
928 #define T0_NROT() do { \
929 uint32_t t0tmp = *(dp - 1); \
930 *(dp - 1) = *(dp - 2); \
931 *(dp - 2) = *(dp - 3); \
932 *(dp - 3) = t0tmp; \
933 } while (0)
934 #define T0_PICK(x) do { \
935 uint32_t t0depth = (x); \
936 T0_PUSH(T0_PEEK(t0depth)); \
937 } while (0)
938 #define T0_CO() do { \
939 goto t0_exit; \
940 } while (0)
941 #define T0_RET() goto t0_next
942
943 dp = ((t0_context *)t0ctx)->dp;
944 rp = ((t0_context *)t0ctx)->rp;
945 ip = ((t0_context *)t0ctx)->ip;
946 goto t0_next;
947 for (;;) {
948 uint32_t t0x;
949
950 t0_next:
951 t0x = T0_NEXT(&ip);
952 if (t0x < T0_INTERPRETED) {
953 switch (t0x) {
954 int32_t t0off;
955
956 case 0: /* ret */
957 t0x = T0_RPOP();
958 rp -= (t0x >> 16);
959 t0x &= 0xFFFF;
960 if (t0x == 0) {
961 ip = NULL;
962 goto t0_exit;
963 }
964 ip = &t0_codeblock[t0x];
965 break;
966 case 1: /* literal constant */
967 T0_PUSHi(t0_parse7E_signed(&ip));
968 break;
969 case 2: /* read local */
970 T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip)));
971 break;
972 case 3: /* write local */
973 T0_LOCAL(t0_parse7E_unsigned(&ip)) = T0_POP();
974 break;
975 case 4: /* jump */
976 t0off = t0_parse7E_signed(&ip);
977 ip += t0off;
978 break;
979 case 5: /* jump if */
980 t0off = t0_parse7E_signed(&ip);
981 if (T0_POP()) {
982 ip += t0off;
983 }
984 break;
985 case 6: /* jump if not */
986 t0off = t0_parse7E_signed(&ip);
987 if (!T0_POP()) {
988 ip += t0off;
989 }
990 break;
991 case 7: {
992 /* * */
993
994 uint32_t b = T0_POP();
995 uint32_t a = T0_POP();
996 T0_PUSH(a * b);
997
998 }
999 break;
1000 case 8: {
1001 /* + */
1002
1003 uint32_t b = T0_POP();
1004 uint32_t a = T0_POP();
1005 T0_PUSH(a + b);
1006
1007 }
1008 break;
1009 case 9: {
1010 /* - */
1011
1012 uint32_t b = T0_POP();
1013 uint32_t a = T0_POP();
1014 T0_PUSH(a - b);
1015
1016 }
1017 break;
1018 case 10: {
1019 /* < */
1020
1021 int32_t b = T0_POPi();
1022 int32_t a = T0_POPi();
1023 T0_PUSH(-(uint32_t)(a < b));
1024
1025 }
1026 break;
1027 case 11: {
1028 /* << */
1029
1030 int c = (int)T0_POPi();
1031 uint32_t x = T0_POP();
1032 T0_PUSH(x << c);
1033
1034 }
1035 break;
1036 case 12: {
1037 /* <= */
1038
1039 int32_t b = T0_POPi();
1040 int32_t a = T0_POPi();
1041 T0_PUSH(-(uint32_t)(a <= b));
1042
1043 }
1044 break;
1045 case 13: {
1046 /* <> */
1047
1048 uint32_t b = T0_POP();
1049 uint32_t a = T0_POP();
1050 T0_PUSH(-(uint32_t)(a != b));
1051
1052 }
1053 break;
1054 case 14: {
1055 /* = */
1056
1057 uint32_t b = T0_POP();
1058 uint32_t a = T0_POP();
1059 T0_PUSH(-(uint32_t)(a == b));
1060
1061 }
1062 break;
1063 case 15: {
1064 /* > */
1065
1066 int32_t b = T0_POPi();
1067 int32_t a = T0_POPi();
1068 T0_PUSH(-(uint32_t)(a > b));
1069
1070 }
1071 break;
1072 case 16: {
1073 /* >= */
1074
1075 int32_t b = T0_POPi();
1076 int32_t a = T0_POPi();
1077 T0_PUSH(-(uint32_t)(a >= b));
1078
1079 }
1080 break;
1081 case 17: {
1082 /* >> */
1083
1084 int c = (int)T0_POPi();
1085 int32_t x = T0_POPi();
1086 T0_PUSHi(x >> c);
1087
1088 }
1089 break;
1090 case 18: {
1091 /* anchor-dn-append-name */
1092
1093 size_t len;
1094
1095 len = T0_POP();
1096 if (CTX->client_auth_vtable != NULL) {
1097 (*CTX->client_auth_vtable)->append_name(
1098 CTX->client_auth_vtable, ENG->pad, len);
1099 }
1100
1101 }
1102 break;
1103 case 19: {
1104 /* anchor-dn-end-name */
1105
1106 if (CTX->client_auth_vtable != NULL) {
1107 (*CTX->client_auth_vtable)->end_name(
1108 CTX->client_auth_vtable);
1109 }
1110
1111 }
1112 break;
1113 case 20: {
1114 /* anchor-dn-end-name-list */
1115
1116 if (CTX->client_auth_vtable != NULL) {
1117 (*CTX->client_auth_vtable)->end_name_list(
1118 CTX->client_auth_vtable);
1119 }
1120
1121 }
1122 break;
1123 case 21: {
1124 /* anchor-dn-start-name */
1125
1126 size_t len;
1127
1128 len = T0_POP();
1129 if (CTX->client_auth_vtable != NULL) {
1130 (*CTX->client_auth_vtable)->start_name(
1131 CTX->client_auth_vtable, len);
1132 }
1133
1134 }
1135 break;
1136 case 22: {
1137 /* anchor-dn-start-name-list */
1138
1139 if (CTX->client_auth_vtable != NULL) {
1140 (*CTX->client_auth_vtable)->start_name_list(
1141 CTX->client_auth_vtable);
1142 }
1143
1144 }
1145 break;
1146 case 23: {
1147 /* and */
1148
1149 uint32_t b = T0_POP();
1150 uint32_t a = T0_POP();
1151 T0_PUSH(a & b);
1152
1153 }
1154 break;
1155 case 24: {
1156 /* begin-cert */
1157
1158 if (ENG->chain_len == 0) {
1159 T0_PUSHi(-1);
1160 } else {
1161 ENG->cert_cur = ENG->chain->data;
1162 ENG->cert_len = ENG->chain->data_len;
1163 ENG->chain ++;
1164 ENG->chain_len --;
1165 T0_PUSH(ENG->cert_len);
1166 }
1167
1168 }
1169 break;
1170 case 25: {
1171 /* bzero */
1172
1173 size_t len = (size_t)T0_POP();
1174 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
1175 memset(addr, 0, len);
1176
1177 }
1178 break;
1179 case 26: {
1180 /* can-output? */
1181
1182 T0_PUSHi(-(ENG->hlen_out > 0));
1183
1184 }
1185 break;
1186 case 27: {
1187 /* co */
1188 T0_CO();
1189 }
1190 break;
1191 case 28: {
1192 /* compute-Finished-inner */
1193
1194 int prf_id = T0_POP();
1195 int from_client = T0_POPi();
1196 unsigned char seed[48];
1197 size_t seed_len;
1198
1199 br_tls_prf_impl prf = br_ssl_engine_get_PRF(ENG, prf_id);
1200 if (ENG->session.version >= BR_TLS12) {
1201 seed_len = br_multihash_out(&ENG->mhash, prf_id, seed);
1202 } else {
1203 br_multihash_out(&ENG->mhash, br_md5_ID, seed);
1204 br_multihash_out(&ENG->mhash, br_sha1_ID, seed + 16);
1205 seed_len = 36;
1206 }
1207 prf(ENG->pad, 12, ENG->session.master_secret,
1208 sizeof ENG->session.master_secret,
1209 from_client ? "client finished" : "server finished",
1210 seed, seed_len);
1211
1212 }
1213 break;
1214 case 29: {
1215 /* copy-cert-chunk */
1216
1217 size_t clen;
1218
1219 clen = ENG->cert_len;
1220 if (clen > sizeof ENG->pad) {
1221 clen = sizeof ENG->pad;
1222 }
1223 memcpy(ENG->pad, ENG->cert_cur, clen);
1224 ENG->cert_cur += clen;
1225 ENG->cert_len -= clen;
1226 T0_PUSH(clen);
1227
1228 }
1229 break;
1230 case 30: {
1231 /* data-get8 */
1232
1233 size_t addr = T0_POP();
1234 T0_PUSH(t0_datablock[addr]);
1235
1236 }
1237 break;
1238 case 31: {
1239 /* discard-input */
1240
1241 ENG->hlen_in = 0;
1242
1243 }
1244 break;
1245 case 32: {
1246 /* do-client-sign */
1247
1248 size_t sig_len;
1249
1250 sig_len = make_client_sign(CTX);
1251 if (sig_len == 0) {
1252 br_ssl_engine_fail(ENG, BR_ERR_INVALID_ALGORITHM);
1253 T0_CO();
1254 }
1255 T0_PUSH(sig_len);
1256
1257 }
1258 break;
1259 case 33: {
1260 /* do-ecdh */
1261
1262 unsigned prf_id = T0_POP();
1263 unsigned ecdhe = T0_POP();
1264 int x;
1265
1266 x = make_pms_ecdh(CTX, ecdhe, prf_id);
1267 if (x < 0) {
1268 br_ssl_engine_fail(ENG, -x);
1269 T0_CO();
1270 } else {
1271 T0_PUSH(x);
1272 }
1273
1274 }
1275 break;
1276 case 34: {
1277 /* do-rsa-encrypt */
1278
1279 int x;
1280
1281 x = make_pms_rsa(CTX, T0_POP());
1282 if (x < 0) {
1283 br_ssl_engine_fail(ENG, -x);
1284 T0_CO();
1285 } else {
1286 T0_PUSH(x);
1287 }
1288
1289 }
1290 break;
1291 case 35: {
1292 /* do-static-ecdh */
1293
1294 unsigned prf_id = T0_POP();
1295
1296 if (make_pms_static_ecdh(CTX, prf_id) < 0) {
1297 br_ssl_engine_fail(ENG, BR_ERR_INVALID_ALGORITHM);
1298 T0_CO();
1299 }
1300
1301 }
1302 break;
1303 case 36: {
1304 /* drop */
1305 (void)T0_POP();
1306 }
1307 break;
1308 case 37: {
1309 /* dup */
1310 T0_PUSH(T0_PEEK(0));
1311 }
1312 break;
1313 case 38: {
1314 /* fail */
1315
1316 br_ssl_engine_fail(ENG, (int)T0_POPi());
1317 T0_CO();
1318
1319 }
1320 break;
1321 case 39: {
1322 /* flush-record */
1323
1324 br_ssl_engine_flush_record(ENG);
1325
1326 }
1327 break;
1328 case 40: {
1329 /* get-client-chain */
1330
1331 uint32_t auth_types;
1332
1333 auth_types = T0_POP();
1334 if (CTX->client_auth_vtable != NULL) {
1335 br_ssl_client_certificate ux;
1336
1337 (*CTX->client_auth_vtable)->choose(CTX->client_auth_vtable,
1338 CTX, auth_types, &ux);
1339 CTX->auth_type = (unsigned char)ux.auth_type;
1340 CTX->hash_id = (unsigned char)ux.hash_id;
1341 ENG->chain = ux.chain;
1342 ENG->chain_len = ux.chain_len;
1343 } else {
1344 CTX->hash_id = 0;
1345 ENG->chain_len = 0;
1346 }
1347
1348 }
1349 break;
1350 case 41: {
1351 /* get-key-type-usages */
1352
1353 const br_x509_class *xc;
1354 const br_x509_pkey *pk;
1355 unsigned usages;
1356
1357 xc = *(ENG->x509ctx);
1358 pk = xc->get_pkey(ENG->x509ctx, &usages);
1359 if (pk == NULL) {
1360 T0_PUSH(0);
1361 } else {
1362 T0_PUSH(pk->key_type | usages);
1363 }
1364
1365 }
1366 break;
1367 case 42: {
1368 /* get16 */
1369
1370 size_t addr = (size_t)T0_POP();
1371 T0_PUSH(*(uint16_t *)((unsigned char *)ENG + addr));
1372
1373 }
1374 break;
1375 case 43: {
1376 /* get32 */
1377
1378 size_t addr = (size_t)T0_POP();
1379 T0_PUSH(*(uint32_t *)((unsigned char *)ENG + addr));
1380
1381 }
1382 break;
1383 case 44: {
1384 /* get8 */
1385
1386 size_t addr = (size_t)T0_POP();
1387 T0_PUSH(*((unsigned char *)ENG + addr));
1388
1389 }
1390 break;
1391 case 45: {
1392 /* has-input? */
1393
1394 T0_PUSHi(-(ENG->hlen_in != 0));
1395
1396 }
1397 break;
1398 case 46: {
1399 /* memcmp */
1400
1401 size_t len = (size_t)T0_POP();
1402 void *addr2 = (unsigned char *)ENG + (size_t)T0_POP();
1403 void *addr1 = (unsigned char *)ENG + (size_t)T0_POP();
1404 int x = memcmp(addr1, addr2, len);
1405 T0_PUSH((uint32_t)-(x == 0));
1406
1407 }
1408 break;
1409 case 47: {
1410 /* memcpy */
1411
1412 size_t len = (size_t)T0_POP();
1413 void *src = (unsigned char *)ENG + (size_t)T0_POP();
1414 void *dst = (unsigned char *)ENG + (size_t)T0_POP();
1415 memcpy(dst, src, len);
1416
1417 }
1418 break;
1419 case 48: {
1420 /* mkrand */
1421
1422 size_t len = (size_t)T0_POP();
1423 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
1424 br_hmac_drbg_generate(&ENG->rng, addr, len);
1425
1426 }
1427 break;
1428 case 49: {
1429 /* more-incoming-bytes? */
1430
1431 T0_PUSHi(ENG->hlen_in != 0 || !br_ssl_engine_recvrec_finished(ENG));
1432
1433 }
1434 break;
1435 case 50: {
1436 /* multihash-init */
1437
1438 br_multihash_init(&ENG->mhash);
1439
1440 }
1441 break;
1442 case 51: {
1443 /* neg */
1444
1445 uint32_t a = T0_POP();
1446 T0_PUSH(-a);
1447
1448 }
1449 break;
1450 case 52: {
1451 /* not */
1452
1453 uint32_t a = T0_POP();
1454 T0_PUSH(~a);
1455
1456 }
1457 break;
1458 case 53: {
1459 /* or */
1460
1461 uint32_t b = T0_POP();
1462 uint32_t a = T0_POP();
1463 T0_PUSH(a | b);
1464
1465 }
1466 break;
1467 case 54: {
1468 /* over */
1469 T0_PUSH(T0_PEEK(1));
1470 }
1471 break;
1472 case 55: {
1473 /* read-chunk-native */
1474
1475 size_t clen = ENG->hlen_in;
1476 if (clen > 0) {
1477 uint32_t addr, len;
1478
1479 len = T0_POP();
1480 addr = T0_POP();
1481 if ((size_t)len < clen) {
1482 clen = (size_t)len;
1483 }
1484 memcpy((unsigned char *)ENG + addr, ENG->hbuf_in, clen);
1485 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1486 br_multihash_update(&ENG->mhash, ENG->hbuf_in, clen);
1487 }
1488 T0_PUSH(addr + (uint32_t)clen);
1489 T0_PUSH(len - (uint32_t)clen);
1490 ENG->hbuf_in += clen;
1491 ENG->hlen_in -= clen;
1492 }
1493
1494 }
1495 break;
1496 case 56: {
1497 /* read8-native */
1498
1499 if (ENG->hlen_in > 0) {
1500 unsigned char x;
1501
1502 x = *ENG->hbuf_in ++;
1503 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1504 br_multihash_update(&ENG->mhash, &x, 1);
1505 }
1506 T0_PUSH(x);
1507 ENG->hlen_in --;
1508 } else {
1509 T0_PUSHi(-1);
1510 }
1511
1512 }
1513 break;
1514 case 57: {
1515 /* set-server-curve */
1516
1517 const br_x509_class *xc;
1518 const br_x509_pkey *pk;
1519
1520 xc = *(ENG->x509ctx);
1521 pk = xc->get_pkey(ENG->x509ctx, NULL);
1522 CTX->server_curve =
1523 (pk->key_type == BR_KEYTYPE_EC) ? pk->key.ec.curve : 0;
1524
1525 }
1526 break;
1527 case 58: {
1528 /* set16 */
1529
1530 size_t addr = (size_t)T0_POP();
1531 *(uint16_t *)((unsigned char *)ENG + addr) = (uint16_t)T0_POP();
1532
1533 }
1534 break;
1535 case 59: {
1536 /* set8 */
1537
1538 size_t addr = (size_t)T0_POP();
1539 *((unsigned char *)ENG + addr) = (unsigned char)T0_POP();
1540
1541 }
1542 break;
1543 case 60: {
1544 /* strlen */
1545
1546 void *str = (unsigned char *)ENG + (size_t)T0_POP();
1547 T0_PUSH((uint32_t)strlen(str));
1548
1549 }
1550 break;
1551 case 61: {
1552 /* supported-curves */
1553
1554 uint32_t x = ENG->iec == NULL ? 0 : ENG->iec->supported_curves;
1555 T0_PUSH(x);
1556
1557 }
1558 break;
1559 case 62: {
1560 /* supported-hash-functions */
1561
1562 int i;
1563 unsigned x, num;
1564
1565 x = 0;
1566 num = 0;
1567 for (i = br_sha1_ID; i <= br_sha512_ID; i ++) {
1568 if (br_multihash_getimpl(&ENG->mhash, i)) {
1569 x |= 1U << i;
1570 num ++;
1571 }
1572 }
1573 T0_PUSH(x);
1574 T0_PUSH(num);
1575
1576 }
1577 break;
1578 case 63: {
1579 /* supports-ecdsa? */
1580
1581 T0_PUSHi(-(ENG->iecdsa != 0));
1582
1583 }
1584 break;
1585 case 64: {
1586 /* supports-rsa-sign? */
1587
1588 T0_PUSHi(-(ENG->irsavrfy != 0));
1589
1590 }
1591 break;
1592 case 65: {
1593 /* swap */
1594 T0_SWAP();
1595 }
1596 break;
1597 case 66: {
1598 /* switch-aesgcm-in */
1599
1600 int is_client, prf_id;
1601 unsigned cipher_key_len;
1602
1603 cipher_key_len = T0_POP();
1604 prf_id = T0_POP();
1605 is_client = T0_POP();
1606 br_ssl_engine_switch_gcm_in(ENG, is_client, prf_id,
1607 ENG->iaes_ctr, cipher_key_len);
1608
1609 }
1610 break;
1611 case 67: {
1612 /* switch-aesgcm-out */
1613
1614 int is_client, prf_id;
1615 unsigned cipher_key_len;
1616
1617 cipher_key_len = T0_POP();
1618 prf_id = T0_POP();
1619 is_client = T0_POP();
1620 br_ssl_engine_switch_gcm_out(ENG, is_client, prf_id,
1621 ENG->iaes_ctr, cipher_key_len);
1622
1623 }
1624 break;
1625 case 68: {
1626 /* switch-cbc-in */
1627
1628 int is_client, prf_id, mac_id, aes;
1629 unsigned cipher_key_len;
1630
1631 cipher_key_len = T0_POP();
1632 aes = T0_POP();
1633 mac_id = T0_POP();
1634 prf_id = T0_POP();
1635 is_client = T0_POP();
1636 br_ssl_engine_switch_cbc_in(ENG, is_client, prf_id, mac_id,
1637 aes ? ENG->iaes_cbcdec : ENG->ides_cbcdec, cipher_key_len);
1638
1639 }
1640 break;
1641 case 69: {
1642 /* switch-cbc-out */
1643
1644 int is_client, prf_id, mac_id, aes;
1645 unsigned cipher_key_len;
1646
1647 cipher_key_len = T0_POP();
1648 aes = T0_POP();
1649 mac_id = T0_POP();
1650 prf_id = T0_POP();
1651 is_client = T0_POP();
1652 br_ssl_engine_switch_cbc_out(ENG, is_client, prf_id, mac_id,
1653 aes ? ENG->iaes_cbcenc : ENG->ides_cbcenc, cipher_key_len);
1654
1655 }
1656 break;
1657 case 70: {
1658 /* switch-chapol-in */
1659
1660 int is_client, prf_id;
1661
1662 prf_id = T0_POP();
1663 is_client = T0_POP();
1664 br_ssl_engine_switch_chapol_in(ENG, is_client, prf_id);
1665
1666 }
1667 break;
1668 case 71: {
1669 /* switch-chapol-out */
1670
1671 int is_client, prf_id;
1672
1673 prf_id = T0_POP();
1674 is_client = T0_POP();
1675 br_ssl_engine_switch_chapol_out(ENG, is_client, prf_id);
1676
1677 }
1678 break;
1679 case 72: {
1680 /* total-chain-length */
1681
1682 size_t u;
1683 uint32_t total;
1684
1685 total = 0;
1686 for (u = 0; u < ENG->chain_len; u ++) {
1687 total += 3 + (uint32_t)ENG->chain[u].data_len;
1688 }
1689 T0_PUSH(total);
1690
1691 }
1692 break;
1693 case 73: {
1694 /* u>> */
1695
1696 int c = (int)T0_POPi();
1697 uint32_t x = T0_POP();
1698 T0_PUSH(x >> c);
1699
1700 }
1701 break;
1702 case 74: {
1703 /* verify-SKE-sig */
1704
1705 size_t sig_len = T0_POP();
1706 int use_rsa = T0_POPi();
1707 int hash = T0_POPi();
1708
1709 T0_PUSH(verify_SKE_sig(CTX, hash, use_rsa, sig_len));
1710
1711 }
1712 break;
1713 case 75: {
1714 /* write-blob-chunk */
1715
1716 size_t clen = ENG->hlen_out;
1717 if (clen > 0) {
1718 uint32_t addr, len;
1719
1720 len = T0_POP();
1721 addr = T0_POP();
1722 if ((size_t)len < clen) {
1723 clen = (size_t)len;
1724 }
1725 memcpy(ENG->hbuf_out, (unsigned char *)ENG + addr, clen);
1726 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1727 br_multihash_update(&ENG->mhash, ENG->hbuf_out, clen);
1728 }
1729 T0_PUSH(addr + (uint32_t)clen);
1730 T0_PUSH(len - (uint32_t)clen);
1731 ENG->hbuf_out += clen;
1732 ENG->hlen_out -= clen;
1733 }
1734
1735 }
1736 break;
1737 case 76: {
1738 /* write8-native */
1739
1740 unsigned char x;
1741
1742 x = (unsigned char)T0_POP();
1743 if (ENG->hlen_out > 0) {
1744 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1745 br_multihash_update(&ENG->mhash, &x, 1);
1746 }
1747 *ENG->hbuf_out ++ = x;
1748 ENG->hlen_out --;
1749 T0_PUSHi(-1);
1750 } else {
1751 T0_PUSHi(0);
1752 }
1753
1754 }
1755 break;
1756 case 77: {
1757 /* x509-append */
1758
1759 const br_x509_class *xc;
1760 size_t len;
1761
1762 xc = *(ENG->x509ctx);
1763 len = T0_POP();
1764 xc->append(ENG->x509ctx, ENG->pad, len);
1765
1766 }
1767 break;
1768 case 78: {
1769 /* x509-end-cert */
1770
1771 const br_x509_class *xc;
1772
1773 xc = *(ENG->x509ctx);
1774 xc->end_cert(ENG->x509ctx);
1775
1776 }
1777 break;
1778 case 79: {
1779 /* x509-end-chain */
1780
1781 const br_x509_class *xc;
1782
1783 xc = *(ENG->x509ctx);
1784 T0_PUSH(xc->end_chain(ENG->x509ctx));
1785
1786 }
1787 break;
1788 case 80: {
1789 /* x509-start-cert */
1790
1791 const br_x509_class *xc;
1792
1793 xc = *(ENG->x509ctx);
1794 xc->start_cert(ENG->x509ctx, T0_POP());
1795
1796 }
1797 break;
1798 case 81: {
1799 /* x509-start-chain */
1800
1801 const br_x509_class *xc;
1802 uint32_t bc;
1803
1804 bc = T0_POP();
1805 xc = *(ENG->x509ctx);
1806 xc->start_chain(ENG->x509ctx, bc ? ENG->server_name : NULL);
1807
1808 }
1809 break;
1810 }
1811
1812 } else {
1813 T0_ENTER(ip, rp, t0x);
1814 }
1815 }
1816 t0_exit:
1817 ((t0_context *)t0ctx)->dp = dp;
1818 ((t0_context *)t0ctx)->rp = rp;
1819 ((t0_context *)t0ctx)->ip = ip;
1820 }
The BearSSL library and tools.