projects / BearSSL / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Fixed displaying of IPv6 addresses.
[BearSSL] / src / ssl / ssl_hs_server.c
1 /* Automatically generated code; do not modify directly. */
2
3 #include <stddef.h>
4 #include <stdint.h>
5
6 typedef struct {
7 uint32_t *dp;
8 uint32_t *rp;
9 const unsigned char *ip;
10 } t0_context;
11
12 static uint32_t
13 t0_parse7E_unsigned(const unsigned char **p)
14 {
15 uint32_t x;
16
17 x = 0;
18 for (;;) {
19 unsigned y;
20
21 y = *(*p) ++;
22 x = (x << 7) | (uint32_t)(y & 0x7F);
23 if (y < 0x80) {
24 return x;
25 }
26 }
27 }
28
29 static int32_t
30 t0_parse7E_signed(const unsigned char **p)
31 {
32 int neg;
33 uint32_t x;
34
35 neg = ((**p) >> 6) & 1;
36 x = (uint32_t)-neg;
37 for (;;) {
38 unsigned y;
39
40 y = *(*p) ++;
41 x = (x << 7) | (uint32_t)(y & 0x7F);
42 if (y < 0x80) {
43 if (neg) {
44 return -(int32_t)~x - 1;
45 } else {
46 return (int32_t)x;
47 }
48 }
49 }
50 }
51
52 #define T0_VBYTE(x, n) (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) | 0x80)
53 #define T0_FBYTE(x, n) (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)
54 #define T0_SBYTE(x) (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)
55 #define T0_INT1(x) T0_FBYTE(x, 0)
56 #define T0_INT2(x) T0_VBYTE(x, 7), T0_FBYTE(x, 0)
57 #define T0_INT3(x) T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
58 #define T0_INT4(x) T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
59 #define T0_INT5(x) T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
60
61 static const uint8_t t0_datablock[];
62
63
64 void br_ssl_hs_server_init_main(void *t0ctx);
65
66 void br_ssl_hs_server_run(void *t0ctx);
67
68
69
70 #include <stddef.h>
71 #include <string.h>
72
73 #include "inner.h"
74
75 /*
76 * This macro evaluates to a pointer to the current engine context.
77 */
78 #define ENG ((br_ssl_engine_context *)((unsigned char *)t0ctx - offsetof(br_ssl_engine_context, cpu)))
79
80
81
82
83
84 /*
85 * This macro evaluates to a pointer to the server context, under that
86 * specific name. It must be noted that since the engine context is the
87 * first field of the br_ssl_server_context structure ('eng'), then
88 * pointers values of both types are interchangeable, modulo an
89 * appropriate cast. This also means that "adresses" computed as offsets
90 * within the structure work for both kinds of context.
91 */
92 #define CTX ((br_ssl_server_context *)ENG)
93
94 /*
95 * Decrypt the pre-master secret (RSA key exchange).
96 */
97 static void
98 do_rsa_decrypt(br_ssl_server_context *ctx, int prf_id,
99 unsigned char *epms, size_t len)
100 {
101 uint32_t x;
102 unsigned char rpms[48];
103
104 /*
105 * Decrypt the PMS.
106 */
107 x = (*ctx->policy_vtable)->do_keyx(ctx->policy_vtable, epms, len);
108
109 /*
110 * Set the first two bytes to the maximum supported client
111 * protocol version. These bytes are used for version rollback
112 * detection; forceing the two bytes will make the master secret
113 * wrong if the bytes are not correct. This process is
114 * recommended by RFC 5246 (section 7.4.7.1).
115 */
116 br_enc16be(epms, ctx->client_max_version);
117
118 /*
119 * Make a random PMS and copy it above the decrypted value if the
120 * decryption failed. Note that we use a constant-time conditional
121 * copy.
122 */
123 br_hmac_drbg_generate(&ctx->eng.rng, rpms, sizeof rpms);
124 br_ccopy(x ^ 1, epms, rpms, sizeof rpms);
125
126 /*
127 * Compute master secret.
128 */
129 br_ssl_engine_compute_master(&ctx->eng, prf_id, epms, 48);
130
131 /*
132 * Clear the pre-master secret from RAM: it is normally a buffer
133 * in the context, hence potentially long-lived.
134 */
135 memset(epms, 0, len);
136 }
137
138 /*
139 * Common part for ECDH and ECDHE.
140 */
141 static void
142 ecdh_common(br_ssl_server_context *ctx, int prf_id,
143 unsigned char *cpoint, size_t cpoint_len, uint32_t ctl)
144 {
145 unsigned char rpms[80];
146 size_t pms_len;
147
148 /*
149 * The point length is supposed to be 1+2*Xlen, where Xlen is
150 * the length (in bytes) of the X coordinate, i.e. the pre-master
151 * secret. If the provided point is too large, then it is
152 * obviously incorrect (i.e. everybody can see that it is
153 * incorrect), so leaking that fact is not a problem.
154 */
155 pms_len = cpoint_len >> 1;
156 if (pms_len > sizeof rpms) {
157 pms_len = sizeof rpms;
158 ctl = 0;
159 }
160
161 /*
162 * Make a random PMS and copy it above the decrypted value if the
163 * decryption failed. Note that we use a constant-time conditional
164 * copy.
165 */
166 br_hmac_drbg_generate(&ctx->eng.rng, rpms, pms_len);
167 br_ccopy(ctl ^ 1, cpoint + 1, rpms, pms_len);
168
169 /*
170 * Compute master secret.
171 */
172 br_ssl_engine_compute_master(&ctx->eng, prf_id, cpoint + 1, pms_len);
173
174 /*
175 * Clear the pre-master secret from RAM: it is normally a buffer
176 * in the context, hence potentially long-lived.
177 */
178 memset(cpoint, 0, cpoint_len);
179 }
180
181 /*
182 * Do the ECDH key exchange (not ECDHE).
183 */
184 static void
185 do_ecdh(br_ssl_server_context *ctx, int prf_id,
186 unsigned char *cpoint, size_t cpoint_len)
187 {
188 uint32_t x;
189
190 /*
191 * Finalise the key exchange.
192 */
193 x = (*ctx->policy_vtable)->do_keyx(ctx->policy_vtable,
194 cpoint, cpoint_len);
195 ecdh_common(ctx, prf_id, cpoint, cpoint_len, x);
196 }
197
198 /*
199 * Do the ECDHE key exchange (part 1: generation of transient key, and
200 * computing of the point to send to the client). Returned value is the
201 * signature length (in bytes), or -x on error (with x being an error
202 * code). The encoded point is written in the ecdhe_point[] context buffer
203 * (length in ecdhe_point_len).
204 */
205 static int
206 do_ecdhe_part1(br_ssl_server_context *ctx, int curve)
207 {
208 int hash;
209 unsigned mask;
210 const unsigned char *order, *generator;
211 size_t olen, glen;
212 br_multihash_context mhc;
213 unsigned char head[4];
214 size_t hv_len, sig_len;
215
216 if (!((ctx->eng.iec->supported_curves >> curve) & 1)) {
217 return -BR_ERR_INVALID_ALGORITHM;
218 }
219 ctx->eng.ecdhe_curve = curve;
220
221 /*
222 * Generate our private key. We need a non-zero random value
223 * which is lower than the curve order, in a "large enough"
224 * range. We force the top bit to 0 and bottom bit to 1, which
225 * does the trick. Note that contrary to what happens in ECDSA,
226 * this is not a problem if we do not cover the full range of
227 * possible values.
228 */
229 order = ctx->eng.iec->order(curve, &olen);
230 mask = 0xFF;
231 while (mask >= order[0]) {
232 mask >>= 1;
233 }
234 br_hmac_drbg_generate(&ctx->eng.rng, ctx->ecdhe_key, olen);
235 ctx->ecdhe_key[0] &= mask;
236 ctx->ecdhe_key[olen - 1] |= 0x01;
237 ctx->ecdhe_key_len = olen;
238
239 /*
240 * Compute our ECDH point.
241 */
242 generator = ctx->eng.iec->generator(curve, &glen);
243 memcpy(ctx->eng.ecdhe_point, generator, glen);
244 ctx->eng.ecdhe_point_len = glen;
245 if (!ctx->eng.iec->mul(ctx->eng.ecdhe_point, glen,
246 ctx->ecdhe_key, olen, curve))
247 {
248 return -BR_ERR_INVALID_ALGORITHM;
249 }
250
251 /*
252 * Compute the signature.
253 */
254 br_multihash_zero(&mhc);
255 br_multihash_copyimpl(&mhc, &ctx->eng.mhash);
256 br_multihash_init(&mhc);
257 br_multihash_update(&mhc,
258 ctx->eng.client_random, sizeof ctx->eng.client_random);
259 br_multihash_update(&mhc,
260 ctx->eng.server_random, sizeof ctx->eng.server_random);
261 head[0] = 3;
262 head[1] = 0;
263 head[2] = curve;
264 head[3] = ctx->eng.ecdhe_point_len;
265 br_multihash_update(&mhc, head, sizeof head);
266 br_multihash_update(&mhc,
267 ctx->eng.ecdhe_point, ctx->eng.ecdhe_point_len);
268 hash = ctx->sign_hash_id;
269 if (hash) {
270 hv_len = br_multihash_out(&mhc, hash, ctx->eng.pad);
271 if (hv_len == 0) {
272 return -BR_ERR_INVALID_ALGORITHM;
273 }
274 } else {
275 if (!br_multihash_out(&mhc, br_md5_ID, ctx->eng.pad)
276 || !br_multihash_out(&mhc,
277 br_sha1_ID, ctx->eng.pad + 16))
278 {
279 return -BR_ERR_INVALID_ALGORITHM;
280 }
281 hv_len = 36;
282 }
283 sig_len = (*ctx->policy_vtable)->do_sign(ctx->policy_vtable,
284 hash, hv_len, ctx->eng.pad, sizeof ctx->eng.pad);
285 return sig_len ? (int)sig_len : -BR_ERR_INVALID_ALGORITHM;
286 }
287
288 /*
289 * Do the ECDHE key exchange (part 2: computation of the shared secret
290 * from the point sent by the client).
291 */
292 static void
293 do_ecdhe_part2(br_ssl_server_context *ctx, int prf_id,
294 unsigned char *cpoint, size_t cpoint_len)
295 {
296 int curve;
297 uint32_t x;
298
299 curve = ctx->eng.ecdhe_curve;
300
301 /*
302 * Finalise the key exchange.
303 */
304 x = ctx->eng.iec->mul(cpoint, cpoint_len,
305 ctx->ecdhe_key, ctx->ecdhe_key_len, curve);
306 ecdh_common(ctx, prf_id, cpoint, cpoint_len, x);
307
308 /*
309 * Clear the ECDHE private key. Forward Secrecy is achieved insofar
310 * as that key does not get stolen, so we'd better destroy it
311 * as soon as it ceases to be useful.
312 */
313 memset(ctx->ecdhe_key, 0, ctx->ecdhe_key_len);
314 }
315
316
317
318 static const uint8_t t0_datablock[] = {
319 0x00, 0x00, 0x0A, 0x00, 0x24, 0x00, 0x2F, 0x01, 0x24, 0x00, 0x35, 0x02,
320 0x24, 0x00, 0x3C, 0x01, 0x44, 0x00, 0x3D, 0x02, 0x44, 0x00, 0x9C, 0x03,
321 0x04, 0x00, 0x9D, 0x04, 0x05, 0xC0, 0x03, 0x40, 0x24, 0xC0, 0x04, 0x41,
322 0x24, 0xC0, 0x05, 0x42, 0x24, 0xC0, 0x08, 0x20, 0x24, 0xC0, 0x09, 0x21,
323 0x24, 0xC0, 0x0A, 0x22, 0x24, 0xC0, 0x0D, 0x30, 0x24, 0xC0, 0x0E, 0x31,
324 0x24, 0xC0, 0x0F, 0x32, 0x24, 0xC0, 0x12, 0x10, 0x24, 0xC0, 0x13, 0x11,
325 0x24, 0xC0, 0x14, 0x12, 0x24, 0xC0, 0x23, 0x21, 0x44, 0xC0, 0x24, 0x22,
326 0x55, 0xC0, 0x25, 0x41, 0x44, 0xC0, 0x26, 0x42, 0x55, 0xC0, 0x27, 0x11,
327 0x44, 0xC0, 0x28, 0x12, 0x55, 0xC0, 0x29, 0x31, 0x44, 0xC0, 0x2A, 0x32,
328 0x55, 0xC0, 0x2B, 0x23, 0x04, 0xC0, 0x2C, 0x24, 0x05, 0xC0, 0x2D, 0x43,
329 0x04, 0xC0, 0x2E, 0x44, 0x05, 0xC0, 0x2F, 0x13, 0x04, 0xC0, 0x30, 0x14,
330 0x05, 0xC0, 0x31, 0x33, 0x04, 0xC0, 0x32, 0x34, 0x05, 0xCC, 0xA8, 0x15,
331 0x04, 0xCC, 0xA9, 0x25, 0x04, 0x00, 0x00
332 };
333
334 static const uint8_t t0_codeblock[] = {
335 0x00, 0x01, 0x00, 0x0A, 0x00, 0x00, 0x01, 0x00, 0x0D, 0x00, 0x00, 0x01,
336 0x00, 0x0E, 0x00, 0x00, 0x01, 0x00, 0x0F, 0x00, 0x00, 0x01, 0x01, 0x08,
337 0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x02, 0x08, 0x00, 0x00,
338 0x21, 0x21, 0x00, 0x00, 0x01, T0_INT1(BR_ERR_BAD_CCS), 0x00, 0x00,
339 0x01, T0_INT1(BR_ERR_BAD_FINISHED), 0x00, 0x00, 0x01,
340 T0_INT1(BR_ERR_BAD_FRAGLEN), 0x00, 0x00, 0x01,
341 T0_INT1(BR_ERR_BAD_HANDSHAKE), 0x00, 0x00, 0x01,
342 T0_INT1(BR_ERR_BAD_PARAM), 0x00, 0x00, 0x01,
343 T0_INT1(BR_ERR_BAD_SECRENEG), 0x00, 0x00, 0x01,
344 T0_INT1(BR_ERR_BAD_VERSION), 0x00, 0x00, 0x01,
345 T0_INT1(BR_ERR_LIMIT_EXCEEDED), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OK),
346 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OVERSIZED_ID), 0x00, 0x00, 0x01,
347 T0_INT1(BR_ERR_UNEXPECTED), 0x00, 0x00, 0x01,
348 T0_INT2(offsetof(br_ssl_engine_context, action)), 0x00, 0x00, 0x01,
349 T0_INT2(offsetof(br_ssl_engine_context, alert)), 0x00, 0x00, 0x01,
350 T0_INT2(offsetof(br_ssl_engine_context, application_data)), 0x00, 0x00,
351 0x01,
352 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, cipher_suite)),
353 0x00, 0x00, 0x01,
354 T0_INT2(offsetof(br_ssl_server_context, client_max_version)), 0x00,
355 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, client_random)),
356 0x00, 0x00, 0x01,
357 T0_INT2(offsetof(br_ssl_server_context, client_suites)), 0x00, 0x00,
358 0x01, T0_INT2(offsetof(br_ssl_server_context, client_suites_num)),
359 0x00, 0x00, 0x01,
360 T0_INT2(offsetof(br_ssl_engine_context, close_received)), 0x00, 0x00,
361 0x01, T0_INT2(offsetof(br_ssl_server_context, curves)), 0x00, 0x00,
362 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point)), 0x00,
363 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point_len)),
364 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_server_context, flags)),
365 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_server_context, hashes)),
366 0x00, 0x00, 0x5D, 0x01,
367 T0_INT2(BR_MAX_CIPHER_SUITES * sizeof(br_suite_translated)), 0x00,
368 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, log_max_frag_len)),
369 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, pad)), 0x00,
370 0x00, 0x01,
371 T0_INT2(offsetof(br_ssl_engine_context, peer_log_max_frag_len)), 0x00,
372 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, record_type_in)),
373 0x00, 0x00, 0x01,
374 T0_INT2(offsetof(br_ssl_engine_context, record_type_out)), 0x00, 0x00,
375 0x01, T0_INT2(offsetof(br_ssl_engine_context, reneg)), 0x00, 0x00,
376 0x01, T0_INT2(offsetof(br_ssl_engine_context, saved_finished)), 0x00,
377 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, server_name)),
378 0x00, 0x00, 0x01,
379 T0_INT2(offsetof(br_ssl_engine_context, server_random)), 0x00, 0x00,
380 0x01,
381 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id)),
382 0x00, 0x00, 0x01,
383 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id_len)),
384 0x00, 0x00, 0x01,
385 T0_INT2(offsetof(br_ssl_engine_context, shutdown_recv)), 0x00, 0x00,
386 0x01, T0_INT2(offsetof(br_ssl_server_context, sign_hash_id)), 0x00,
387 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_buf)), 0x00,
388 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_num)), 0x00,
389 0x00, 0x01,
390 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, version)),
391 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_in)),
392 0x00, 0x00, 0x01,
393 T0_INT2(offsetof(br_ssl_engine_context, version_max)), 0x00, 0x00,
394 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_min)), 0x00,
395 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_out)),
396 0x00, 0x00, 0x09, 0x22, 0x44, 0x06, 0x02, 0x50, 0x23, 0x00, 0x00, 0x01,
397 0x01, 0x00, 0x01, 0x03, 0x00, 0x7B, 0x22, 0x4A, 0x3B, 0x7F, 0x22, 0x05,
398 0x04, 0x4B, 0x01, 0x00, 0x00, 0x02, 0x00, 0x0E, 0x06, 0x02, 0x7F, 0x00,
399 0x4A, 0x04, 0x6B, 0x00, 0x06, 0x02, 0x50, 0x23, 0x00, 0x00, 0x22, 0x6C,
400 0x3B, 0x05, 0x03, 0x01, 0x0C, 0x08, 0x3B, 0x5A, 0x25, 0x81, 0x07, 0x19,
401 0x67, 0x01, 0x0C, 0x2A, 0x00, 0x00, 0x22, 0x1B, 0x01, 0x08, 0x0B, 0x3B,
402 0x48, 0x1B, 0x08, 0x00, 0x01, 0x03, 0x00, 0x01, 0x00, 0x59, 0x38, 0x24,
403 0x16, 0x2F, 0x06, 0x08, 0x02, 0x00, 0x81, 0x26, 0x03, 0x00, 0x04, 0x74,
404 0x01, 0x00, 0x81, 0x1E, 0x02, 0x00, 0x22, 0x16, 0x12, 0x06, 0x02, 0x54,
405 0x23, 0x81, 0x26, 0x04, 0x75, 0x00, 0x01, 0x00, 0x59, 0x38, 0x01, 0x16,
406 0x6A, 0x38, 0x2D, 0x81, 0x0B, 0x2C, 0x06, 0x02, 0x56, 0x23, 0x06, 0x0C,
407 0x81, 0x2C, 0x01, 0x00, 0x81, 0x29, 0x01, 0x00, 0x81, 0x0A, 0x04, 0x14,
408 0x81, 0x2C, 0x81, 0x2A, 0x81, 0x2E, 0x81, 0x2D, 0x24, 0x81, 0x0C, 0x01,
409 0x00, 0x81, 0x0A, 0x01, 0x00, 0x81, 0x29, 0x34, 0x01, 0x01, 0x59, 0x38,
410 0x01, 0x17, 0x6A, 0x38, 0x00, 0x00, 0x31, 0x31, 0x00, 0x01, 0x03, 0x00,
411 0x24, 0x16, 0x2F, 0x06, 0x05, 0x81, 0x25, 0x21, 0x04, 0x77, 0x01, 0x02,
412 0x02, 0x00, 0x81, 0x1D, 0x16, 0x2F, 0x06, 0x05, 0x81, 0x25, 0x21, 0x04,
413 0x77, 0x02, 0x00, 0x01, 0x84, 0x00, 0x08, 0x23, 0x00, 0x00, 0x63, 0x26,
414 0x3B, 0x11, 0x01, 0x01, 0x12, 0x2E, 0x00, 0x00, 0x01, 0x7F, 0x81, 0x01,
415 0x81, 0x25, 0x22, 0x01, 0x07, 0x12, 0x01, 0x00, 0x31, 0x0E, 0x06, 0x0A,
416 0x21, 0x01, 0x10, 0x12, 0x06, 0x02, 0x81, 0x1C, 0x04, 0x24, 0x01, 0x01,
417 0x31, 0x0E, 0x06, 0x1B, 0x21, 0x21, 0x6B, 0x27, 0x01, 0x01, 0x0D, 0x06,
418 0x06, 0x01, 0x00, 0x81, 0x01, 0x04, 0x0A, 0x24, 0x16, 0x2F, 0x06, 0x05,
419 0x81, 0x25, 0x21, 0x04, 0x77, 0x04, 0x03, 0x56, 0x23, 0x21, 0x04, 0x44,
420 0x01, 0x22, 0x03, 0x00, 0x09, 0x22, 0x44, 0x06, 0x02, 0x50, 0x23, 0x02,
421 0x00, 0x00, 0x00, 0x7C, 0x01, 0x0F, 0x12, 0x00, 0x00, 0x58, 0x27, 0x01,
422 0x00, 0x31, 0x0E, 0x06, 0x10, 0x21, 0x22, 0x01, 0x01, 0x0D, 0x06, 0x03,
423 0x21, 0x01, 0x02, 0x58, 0x38, 0x01, 0x00, 0x04, 0x15, 0x01, 0x01, 0x31,
424 0x0E, 0x06, 0x09, 0x21, 0x01, 0x00, 0x58, 0x38, 0x46, 0x00, 0x04, 0x06,
425 0x01, 0x82, 0x00, 0x08, 0x23, 0x21, 0x00, 0x00, 0x01, 0x00, 0x28, 0x06,
426 0x06, 0x33, 0x81, 0x08, 0x30, 0x04, 0x77, 0x22, 0x06, 0x04, 0x01, 0x01,
427 0x71, 0x38, 0x00, 0x00, 0x28, 0x06, 0x0B, 0x69, 0x27, 0x01, 0x14, 0x0D,
428 0x06, 0x02, 0x56, 0x23, 0x04, 0x12, 0x81, 0x25, 0x01, 0x07, 0x12, 0x22,
429 0x01, 0x02, 0x0D, 0x06, 0x06, 0x06, 0x02, 0x56, 0x23, 0x04, 0x6F, 0x21,
430 0x81, 0x1A, 0x01, 0x01, 0x0D, 0x2C, 0x30, 0x06, 0x02, 0x4C, 0x23, 0x22,
431 0x01, 0x01, 0x81, 0x20, 0x2F, 0x81, 0x0D, 0x00, 0x0A, 0x81, 0x12, 0x01,
432 0x01, 0x0E, 0x05, 0x02, 0x56, 0x23, 0x81, 0x17, 0x22, 0x03, 0x00, 0x5B,
433 0x36, 0x5C, 0x01, 0x20, 0x81, 0x0E, 0x81, 0x19, 0x22, 0x01, 0x20, 0x0F,
434 0x06, 0x02, 0x55, 0x23, 0x22, 0x70, 0x38, 0x6F, 0x3B, 0x81, 0x0E, 0x17,
435 0x03, 0x01, 0x81, 0x17, 0x81, 0x06, 0x01, 0x00, 0x03, 0x02, 0x01, 0x00,
436 0x03, 0x03, 0x65, 0x81, 0x02, 0x14, 0x31, 0x08, 0x03, 0x04, 0x03, 0x05,
437 0x22, 0x06, 0x80, 0x57, 0x81, 0x17, 0x22, 0x03, 0x06, 0x02, 0x01, 0x06,
438 0x0A, 0x22, 0x5A, 0x25, 0x0E, 0x06, 0x04, 0x01, 0x7F, 0x03, 0x03, 0x22,
439 0x01, 0x81, 0x7F, 0x0E, 0x06, 0x0A, 0x6B, 0x27, 0x06, 0x02, 0x51, 0x23,
440 0x01, 0x7F, 0x03, 0x02, 0x81, 0x1B, 0x22, 0x44, 0x06, 0x03, 0x21, 0x04,
441 0x27, 0x01, 0x00, 0x81, 0x04, 0x06, 0x0B, 0x01, 0x02, 0x0B, 0x5D, 0x08,
442 0x02, 0x06, 0x3B, 0x36, 0x04, 0x16, 0x21, 0x02, 0x05, 0x02, 0x04, 0x10,
443 0x06, 0x02, 0x4F, 0x23, 0x02, 0x06, 0x02, 0x05, 0x36, 0x02, 0x05, 0x01,
444 0x04, 0x08, 0x03, 0x05, 0x04, 0xFF, 0x25, 0x21, 0x01, 0x00, 0x03, 0x07,
445 0x81, 0x19, 0x81, 0x06, 0x22, 0x06, 0x0A, 0x81, 0x19, 0x05, 0x04, 0x01,
446 0x7F, 0x03, 0x07, 0x04, 0x73, 0x7D, 0x01, 0x00, 0x6D, 0x38, 0x01, 0x88,
447 0x04, 0x64, 0x36, 0x01, 0x84, 0x80, 0x80, 0x00, 0x60, 0x37, 0x22, 0x06,
448 0x80, 0x58, 0x81, 0x17, 0x81, 0x06, 0x22, 0x06, 0x80, 0x4F, 0x81, 0x17,
449 0x01, 0x00, 0x31, 0x0E, 0x06, 0x05, 0x21, 0x81, 0x11, 0x04, 0x3F, 0x01,
450 0x01, 0x31, 0x0E, 0x06, 0x05, 0x21, 0x81, 0x0F, 0x04, 0x34, 0x01, 0x83,
451 0xFE, 0x01, 0x31, 0x0E, 0x06, 0x05, 0x21, 0x81, 0x10, 0x04, 0x27, 0x01,
452 0x0D, 0x31, 0x0E, 0x06, 0x05, 0x21, 0x81, 0x15, 0x04, 0x1C, 0x01, 0x0A,
453 0x31, 0x0E, 0x06, 0x05, 0x21, 0x81, 0x16, 0x04, 0x11, 0x01, 0x0B, 0x31,
454 0x0E, 0x06, 0x05, 0x21, 0x81, 0x14, 0x04, 0x06, 0x21, 0x81, 0x14, 0x01,
455 0x00, 0x21, 0x04, 0xFF, 0x2D, 0x7D, 0x7D, 0x02, 0x01, 0x02, 0x03, 0x12,
456 0x03, 0x01, 0x77, 0x25, 0x22, 0x02, 0x00, 0x0F, 0x06, 0x03, 0x21, 0x02,
457 0x00, 0x22, 0x01, 0x86, 0x00, 0x0A, 0x06, 0x02, 0x52, 0x23, 0x02, 0x00,
458 0x78, 0x25, 0x0A, 0x06, 0x05, 0x01, 0x80, 0x46, 0x81, 0x03, 0x02, 0x01,
459 0x06, 0x10, 0x75, 0x25, 0x02, 0x00, 0x0C, 0x06, 0x05, 0x21, 0x75, 0x25,
460 0x04, 0x04, 0x01, 0x00, 0x03, 0x01, 0x22, 0x75, 0x36, 0x22, 0x76, 0x36,
461 0x22, 0x79, 0x36, 0x01, 0x86, 0x03, 0x10, 0x03, 0x08, 0x02, 0x02, 0x06,
462 0x04, 0x01, 0x02, 0x6B, 0x38, 0x02, 0x07, 0x05, 0x04, 0x01, 0x28, 0x81,
463 0x03, 0x3A, 0x21, 0x01, 0x82, 0x01, 0x07, 0x64, 0x25, 0x12, 0x22, 0x64,
464 0x36, 0x45, 0x03, 0x09, 0x60, 0x26, 0x39, 0x12, 0x22, 0x60, 0x37, 0x05,
465 0x04, 0x01, 0x00, 0x03, 0x09, 0x02, 0x01, 0x06, 0x03, 0x01, 0x7F, 0x00,
466 0x6F, 0x01, 0x20, 0x2B, 0x5D, 0x22, 0x03, 0x05, 0x22, 0x02, 0x04, 0x0A,
467 0x06, 0x80, 0x47, 0x22, 0x25, 0x22, 0x7C, 0x02, 0x09, 0x05, 0x13, 0x22,
468 0x01, 0x0C, 0x11, 0x22, 0x01, 0x01, 0x0E, 0x3B, 0x01, 0x02, 0x0E, 0x30,
469 0x06, 0x04, 0x4B, 0x01, 0x00, 0x22, 0x02, 0x08, 0x05, 0x0E, 0x22, 0x01,
470 0x81, 0x70, 0x12, 0x01, 0x20, 0x0D, 0x06, 0x04, 0x4B, 0x01, 0x00, 0x22,
471 0x22, 0x06, 0x10, 0x02, 0x05, 0x4A, 0x36, 0x02, 0x05, 0x36, 0x02, 0x05,
472 0x01, 0x04, 0x08, 0x03, 0x05, 0x04, 0x01, 0x4B, 0x01, 0x04, 0x08, 0x04,
473 0xFF, 0x32, 0x21, 0x02, 0x05, 0x5D, 0x09, 0x01, 0x02, 0x11, 0x22, 0x05,
474 0x04, 0x01, 0x28, 0x81, 0x03, 0x5E, 0x38, 0x15, 0x05, 0x04, 0x01, 0x28,
475 0x81, 0x03, 0x01, 0x00, 0x00, 0x04, 0x81, 0x12, 0x01, 0x10, 0x0E, 0x05,
476 0x02, 0x56, 0x23, 0x5A, 0x25, 0x81, 0x24, 0x06, 0x19, 0x81, 0x17, 0x22,
477 0x01, 0x84, 0x00, 0x0F, 0x06, 0x02, 0x53, 0x23, 0x22, 0x03, 0x00, 0x67,
478 0x3B, 0x81, 0x0E, 0x02, 0x00, 0x5A, 0x25, 0x81, 0x07, 0x20, 0x5A, 0x25,
479 0x22, 0x81, 0x22, 0x3B, 0x81, 0x21, 0x03, 0x01, 0x03, 0x02, 0x02, 0x01,
480 0x02, 0x02, 0x30, 0x06, 0x17, 0x81, 0x19, 0x22, 0x03, 0x03, 0x67, 0x3B,
481 0x81, 0x0E, 0x02, 0x03, 0x5A, 0x25, 0x81, 0x07, 0x02, 0x02, 0x06, 0x03,
482 0x1F, 0x04, 0x01, 0x1D, 0x7D, 0x00, 0x00, 0x7E, 0x81, 0x12, 0x01, 0x14,
483 0x0D, 0x06, 0x02, 0x56, 0x23, 0x67, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0x81,
484 0x0E, 0x7D, 0x67, 0x22, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0x29, 0x05, 0x02,
485 0x4D, 0x23, 0x00, 0x02, 0x03, 0x00, 0x03, 0x01, 0x02, 0x00, 0x7A, 0x02,
486 0x01, 0x02, 0x00, 0x32, 0x22, 0x01, 0x00, 0x0E, 0x06, 0x02, 0x4B, 0x00,
487 0x81, 0x27, 0x04, 0x73, 0x00, 0x81, 0x17, 0x01, 0x01, 0x0D, 0x06, 0x02,
488 0x4E, 0x23, 0x81, 0x19, 0x22, 0x22, 0x46, 0x3B, 0x01, 0x05, 0x10, 0x30,
489 0x06, 0x02, 0x4E, 0x23, 0x01, 0x08, 0x08, 0x22, 0x66, 0x27, 0x0A, 0x06,
490 0x0D, 0x22, 0x01, 0x01, 0x3B, 0x0B, 0x35, 0x22, 0x66, 0x38, 0x68, 0x38,
491 0x04, 0x01, 0x21, 0x00, 0x00, 0x81, 0x17, 0x6B, 0x27, 0x01, 0x00, 0x31,
492 0x0E, 0x06, 0x14, 0x21, 0x01, 0x01, 0x0E, 0x05, 0x02, 0x51, 0x23, 0x81,
493 0x19, 0x06, 0x02, 0x51, 0x23, 0x01, 0x02, 0x6B, 0x38, 0x04, 0x2A, 0x01,
494 0x02, 0x31, 0x0E, 0x06, 0x21, 0x21, 0x01, 0x0D, 0x0E, 0x05, 0x02, 0x51,
495 0x23, 0x81, 0x19, 0x01, 0x0C, 0x0E, 0x05, 0x02, 0x51, 0x23, 0x67, 0x01,
496 0x0C, 0x81, 0x0E, 0x6C, 0x67, 0x01, 0x0C, 0x29, 0x05, 0x02, 0x51, 0x23,
497 0x04, 0x03, 0x51, 0x23, 0x21, 0x00, 0x00, 0x81, 0x17, 0x81, 0x06, 0x81,
498 0x17, 0x81, 0x06, 0x22, 0x06, 0x22, 0x81, 0x19, 0x06, 0x04, 0x81, 0x14,
499 0x04, 0x18, 0x81, 0x17, 0x22, 0x01, 0x81, 0x7F, 0x0C, 0x06, 0x0D, 0x22,
500 0x6D, 0x08, 0x01, 0x00, 0x3B, 0x38, 0x6D, 0x3B, 0x81, 0x0E, 0x04, 0x02,
501 0x81, 0x1F, 0x04, 0x5B, 0x7D, 0x7D, 0x00, 0x00, 0x81, 0x13, 0x22, 0x46,
502 0x06, 0x07, 0x21, 0x06, 0x02, 0x4F, 0x23, 0x04, 0x73, 0x00, 0x00, 0x81,
503 0x1A, 0x01, 0x03, 0x81, 0x18, 0x3B, 0x21, 0x3B, 0x00, 0x00, 0x81, 0x17,
504 0x81, 0x1F, 0x00, 0x02, 0x81, 0x17, 0x81, 0x06, 0x01, 0x00, 0x64, 0x36,
505 0x81, 0x17, 0x81, 0x06, 0x22, 0x06, 0x34, 0x81, 0x19, 0x03, 0x00, 0x81,
506 0x19, 0x03, 0x01, 0x02, 0x00, 0x01, 0x02, 0x10, 0x02, 0x00, 0x01, 0x06,
507 0x0C, 0x12, 0x02, 0x01, 0x01, 0x01, 0x0E, 0x02, 0x01, 0x01, 0x03, 0x0E,
508 0x30, 0x12, 0x06, 0x11, 0x64, 0x25, 0x01, 0x01, 0x02, 0x01, 0x49, 0x01,
509 0x02, 0x0B, 0x02, 0x00, 0x08, 0x0B, 0x30, 0x64, 0x36, 0x04, 0x49, 0x7D,
510 0x7D, 0x00, 0x00, 0x81, 0x17, 0x81, 0x06, 0x81, 0x17, 0x81, 0x06, 0x01,
511 0x00, 0x60, 0x37, 0x22, 0x06, 0x16, 0x81, 0x17, 0x22, 0x01, 0x20, 0x0A,
512 0x06, 0x0B, 0x01, 0x01, 0x3B, 0x0B, 0x60, 0x26, 0x30, 0x60, 0x37, 0x04,
513 0x01, 0x21, 0x04, 0x67, 0x7D, 0x7D, 0x00, 0x00, 0x01, 0x02, 0x7A, 0x81,
514 0x1A, 0x01, 0x08, 0x0B, 0x81, 0x1A, 0x08, 0x00, 0x00, 0x01, 0x03, 0x7A,
515 0x81, 0x1A, 0x01, 0x08, 0x0B, 0x81, 0x1A, 0x08, 0x01, 0x08, 0x0B, 0x81,
516 0x1A, 0x08, 0x00, 0x00, 0x01, 0x01, 0x7A, 0x81, 0x1A, 0x00, 0x00, 0x33,
517 0x22, 0x44, 0x05, 0x01, 0x00, 0x21, 0x81, 0x27, 0x04, 0x75, 0x02, 0x03,
518 0x00, 0x74, 0x27, 0x03, 0x01, 0x01, 0x00, 0x22, 0x02, 0x01, 0x0A, 0x06,
519 0x10, 0x22, 0x01, 0x01, 0x0B, 0x73, 0x08, 0x25, 0x02, 0x00, 0x0E, 0x06,
520 0x01, 0x00, 0x48, 0x04, 0x6A, 0x21, 0x01, 0x7F, 0x00, 0x00, 0x24, 0x16,
521 0x2F, 0x06, 0x05, 0x81, 0x25, 0x21, 0x04, 0x77, 0x01, 0x16, 0x6A, 0x38,
522 0x01, 0x00, 0x81, 0x33, 0x01, 0x00, 0x81, 0x32, 0x24, 0x01, 0x17, 0x6A,
523 0x38, 0x00, 0x00, 0x01, 0x15, 0x6A, 0x38, 0x3B, 0x43, 0x21, 0x43, 0x21,
524 0x24, 0x00, 0x00, 0x01, 0x01, 0x3B, 0x81, 0x1D, 0x00, 0x00, 0x3B, 0x31,
525 0x7A, 0x3B, 0x22, 0x06, 0x06, 0x81, 0x1A, 0x21, 0x49, 0x04, 0x77, 0x21,
526 0x00, 0x02, 0x03, 0x00, 0x5A, 0x25, 0x7C, 0x03, 0x01, 0x02, 0x01, 0x01,
527 0x0F, 0x12, 0x02, 0x01, 0x01, 0x04, 0x11, 0x01, 0x0F, 0x12, 0x02, 0x01,
528 0x01, 0x08, 0x11, 0x01, 0x0F, 0x12, 0x01, 0x00, 0x31, 0x0E, 0x06, 0x10,
529 0x21, 0x01, 0x00, 0x01, 0x18, 0x02, 0x00, 0x06, 0x03, 0x3E, 0x04, 0x01,
530 0x3F, 0x04, 0x80, 0x56, 0x01, 0x01, 0x31, 0x0E, 0x06, 0x10, 0x21, 0x01,
531 0x01, 0x01, 0x10, 0x02, 0x00, 0x06, 0x03, 0x3E, 0x04, 0x01, 0x3F, 0x04,
532 0x80, 0x40, 0x01, 0x02, 0x31, 0x0E, 0x06, 0x0F, 0x21, 0x01, 0x01, 0x01,
533 0x20, 0x02, 0x00, 0x06, 0x03, 0x3E, 0x04, 0x01, 0x3F, 0x04, 0x2B, 0x01,
534 0x03, 0x31, 0x0E, 0x06, 0x0E, 0x21, 0x21, 0x01, 0x10, 0x02, 0x00, 0x06,
535 0x03, 0x3C, 0x04, 0x01, 0x3D, 0x04, 0x17, 0x01, 0x04, 0x31, 0x0E, 0x06,
536 0x0E, 0x21, 0x21, 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x3C, 0x04, 0x01,
537 0x3D, 0x04, 0x03, 0x50, 0x23, 0x21, 0x00, 0x00, 0x7C, 0x01, 0x0C, 0x11,
538 0x01, 0x02, 0x0F, 0x00, 0x00, 0x7C, 0x01, 0x0C, 0x11, 0x22, 0x47, 0x3B,
539 0x01, 0x03, 0x0A, 0x12, 0x00, 0x00, 0x7C, 0x01, 0x0C, 0x11, 0x01, 0x01,
540 0x0E, 0x00, 0x00, 0x7C, 0x01, 0x0C, 0x11, 0x46, 0x00, 0x00, 0x18, 0x01,
541 0x00, 0x57, 0x27, 0x22, 0x06, 0x20, 0x01, 0x01, 0x31, 0x0E, 0x06, 0x07,
542 0x21, 0x01, 0x00, 0x81, 0x00, 0x04, 0x11, 0x01, 0x02, 0x31, 0x0E, 0x06,
543 0x0A, 0x21, 0x59, 0x27, 0x06, 0x03, 0x01, 0x10, 0x30, 0x04, 0x01, 0x21,
544 0x04, 0x01, 0x21, 0x5F, 0x27, 0x05, 0x35, 0x28, 0x06, 0x32, 0x69, 0x27,
545 0x01, 0x14, 0x31, 0x0E, 0x06, 0x06, 0x21, 0x01, 0x02, 0x30, 0x04, 0x24,
546 0x01, 0x15, 0x31, 0x0E, 0x06, 0x0B, 0x21, 0x81, 0x09, 0x06, 0x04, 0x01,
547 0x7F, 0x81, 0x00, 0x04, 0x13, 0x01, 0x16, 0x31, 0x0E, 0x06, 0x06, 0x21,
548 0x01, 0x01, 0x30, 0x04, 0x07, 0x21, 0x01, 0x04, 0x30, 0x01, 0x00, 0x21,
549 0x16, 0x06, 0x03, 0x01, 0x08, 0x30, 0x00, 0x00, 0x18, 0x22, 0x05, 0x10,
550 0x28, 0x06, 0x0D, 0x69, 0x27, 0x01, 0x15, 0x0E, 0x06, 0x05, 0x21, 0x81,
551 0x09, 0x04, 0x01, 0x1C, 0x00, 0x00, 0x81, 0x25, 0x01, 0x07, 0x12, 0x01,
552 0x01, 0x0F, 0x06, 0x02, 0x56, 0x23, 0x00, 0x01, 0x03, 0x00, 0x24, 0x16,
553 0x06, 0x05, 0x02, 0x00, 0x6A, 0x38, 0x00, 0x81, 0x25, 0x21, 0x04, 0x73,
554 0x00, 0x01, 0x14, 0x81, 0x28, 0x01, 0x01, 0x81, 0x33, 0x24, 0x22, 0x01,
555 0x00, 0x81, 0x20, 0x01, 0x16, 0x81, 0x28, 0x81, 0x2B, 0x24, 0x00, 0x00,
556 0x01, 0x0B, 0x81, 0x33, 0x40, 0x22, 0x01, 0x03, 0x08, 0x81, 0x32, 0x81,
557 0x32, 0x13, 0x22, 0x44, 0x06, 0x02, 0x21, 0x00, 0x81, 0x32, 0x1A, 0x22,
558 0x06, 0x06, 0x67, 0x3B, 0x81, 0x2F, 0x04, 0x76, 0x21, 0x04, 0x6A, 0x00,
559 0x7E, 0x01, 0x14, 0x81, 0x33, 0x01, 0x0C, 0x81, 0x32, 0x67, 0x01, 0x0C,
560 0x81, 0x2F, 0x00, 0x03, 0x03, 0x00, 0x01, 0x02, 0x81, 0x33, 0x01, 0x80,
561 0x46, 0x6B, 0x27, 0x01, 0x02, 0x0E, 0x06, 0x0C, 0x02, 0x00, 0x06, 0x04,
562 0x01, 0x05, 0x04, 0x02, 0x01, 0x1D, 0x04, 0x02, 0x01, 0x00, 0x03, 0x01,
563 0x68, 0x27, 0x06, 0x04, 0x01, 0x05, 0x04, 0x02, 0x01, 0x00, 0x03, 0x02,
564 0x02, 0x01, 0x02, 0x02, 0x08, 0x22, 0x06, 0x03, 0x01, 0x02, 0x08, 0x08,
565 0x81, 0x32, 0x75, 0x25, 0x81, 0x31, 0x6E, 0x01, 0x04, 0x14, 0x6E, 0x01,
566 0x04, 0x08, 0x01, 0x1C, 0x2B, 0x6E, 0x01, 0x20, 0x81, 0x2F, 0x01, 0x20,
567 0x81, 0x33, 0x6F, 0x01, 0x20, 0x81, 0x2F, 0x5A, 0x25, 0x81, 0x31, 0x01,
568 0x00, 0x81, 0x33, 0x02, 0x01, 0x02, 0x02, 0x08, 0x22, 0x06, 0x30, 0x81,
569 0x31, 0x02, 0x01, 0x22, 0x06, 0x13, 0x01, 0x83, 0xFE, 0x01, 0x81, 0x31,
570 0x01, 0x04, 0x09, 0x22, 0x81, 0x31, 0x49, 0x6C, 0x3B, 0x81, 0x30, 0x04,
571 0x01, 0x21, 0x02, 0x02, 0x06, 0x0F, 0x01, 0x01, 0x81, 0x31, 0x01, 0x01,
572 0x81, 0x31, 0x68, 0x27, 0x01, 0x08, 0x09, 0x81, 0x33, 0x04, 0x01, 0x21,
573 0x00, 0x00, 0x01, 0x0E, 0x81, 0x33, 0x01, 0x00, 0x81, 0x32, 0x00, 0x03,
574 0x5A, 0x25, 0x81, 0x22, 0x05, 0x01, 0x00, 0x60, 0x26, 0x01, 0x00, 0x81,
575 0x02, 0x11, 0x01, 0x01, 0x12, 0x46, 0x06, 0x03, 0x48, 0x04, 0x74, 0x03,
576 0x00, 0x21, 0x02, 0x00, 0x1E, 0x22, 0x44, 0x06, 0x02, 0x2E, 0x23, 0x03,
577 0x01, 0x75, 0x25, 0x01, 0x86, 0x03, 0x10, 0x03, 0x02, 0x01, 0x0C, 0x81,
578 0x33, 0x02, 0x01, 0x62, 0x27, 0x08, 0x02, 0x02, 0x01, 0x02, 0x12, 0x08,
579 0x01, 0x06, 0x08, 0x81, 0x32, 0x01, 0x03, 0x81, 0x33, 0x02, 0x00, 0x81,
580 0x31, 0x61, 0x62, 0x27, 0x81, 0x30, 0x02, 0x02, 0x06, 0x10, 0x72, 0x27,
581 0x81, 0x33, 0x5A, 0x25, 0x81, 0x23, 0x01, 0x01, 0x0B, 0x01, 0x03, 0x08,
582 0x81, 0x33, 0x02, 0x01, 0x81, 0x31, 0x67, 0x02, 0x01, 0x81, 0x2F, 0x00,
583 0x00, 0x42, 0x22, 0x01, 0x00, 0x0E, 0x06, 0x02, 0x4B, 0x00, 0x81, 0x25,
584 0x21, 0x04, 0x72, 0x00, 0x22, 0x81, 0x33, 0x81, 0x2F, 0x00, 0x00, 0x22,
585 0x01, 0x08, 0x41, 0x81, 0x33, 0x81, 0x33, 0x00, 0x00, 0x22, 0x01, 0x10,
586 0x41, 0x81, 0x33, 0x81, 0x31, 0x00, 0x00, 0x22, 0x43, 0x06, 0x02, 0x21,
587 0x00, 0x81, 0x25, 0x21, 0x04, 0x75
588 };
589
590 static const uint16_t t0_caddr[] = {
591 0,
592 5,
593 10,
594 15,
595 20,
596 25,
597 30,
598 35,
599 39,
600 43,
601 47,
602 51,
603 55,
604 59,
605 63,
606 67,
607 71,
608 75,
609 79,
610 83,
611 88,
612 93,
613 98,
614 103,
615 108,
616 113,
617 118,
618 123,
619 128,
620 133,
621 138,
622 143,
623 148,
624 153,
625 159,
626 164,
627 169,
628 174,
629 179,
630 184,
631 189,
632 194,
633 199,
634 204,
635 209,
636 214,
637 219,
638 224,
639 229,
640 234,
641 239,
642 244,
643 249,
644 254,
645 259,
646 268,
647 272,
648 297,
649 303,
650 323,
651 334,
652 371,
653 431,
654 435,
655 471,
656 481,
657 546,
658 560,
659 566,
660 613,
661 633,
662 686,
663 1211,
664 1296,
665 1329,
666 1354,
667 1402,
668 1476,
669 1525,
670 1540,
671 1551,
672 1557,
673 1628,
674 1669,
675 1682,
676 1701,
677 1708,
678 1720,
679 1755,
680 1784,
681 1796,
682 1803,
683 1819,
684 1957,
685 1966,
686 1979,
687 1988,
688 1995,
689 2101,
690 2123,
691 2137,
692 2154,
693 2177,
694 2213,
695 2229,
696 2383,
697 2393,
698 2502,
699 2517,
700 2524,
701 2534,
702 2544
703 };
704
705 #define T0_INTERPRETED 68
706
707 #define T0_ENTER(ip, rp, slot) do { \
708 const unsigned char *t0_newip; \
709 uint32_t t0_lnum; \
710 t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \
711 t0_lnum = t0_parse7E_unsigned(&t0_newip); \
712 (rp) += t0_lnum; \
713 *((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \
714 (ip) = t0_newip; \
715 } while (0)
716
717 #define T0_DEFENTRY(name, slot) \
718 void \
719 name(void *ctx) \
720 { \
721 t0_context *t0ctx = ctx; \
722 t0ctx->ip = &t0_codeblock[0]; \
723 T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \
724 }
725
726 T0_DEFENTRY(br_ssl_hs_server_init_main, 133)
727
728 void
729 br_ssl_hs_server_run(void *t0ctx)
730 {
731 uint32_t *dp, *rp;
732 const unsigned char *ip;
733
734 #define T0_LOCAL(x) (*(rp - 2 - (x)))
735 #define T0_POP() (*-- dp)
736 #define T0_POPi() (*(int32_t *)(-- dp))
737 #define T0_PEEK(x) (*(dp - 1 - (x)))
738 #define T0_PEEKi(x) (*(int32_t *)(dp - 1 - (x)))
739 #define T0_PUSH(v) do { *dp = (v); dp ++; } while (0)
740 #define T0_PUSHi(v) do { *(int32_t *)dp = (v); dp ++; } while (0)
741 #define T0_RPOP() (*-- rp)
742 #define T0_RPOPi() (*(int32_t *)(-- rp))
743 #define T0_RPUSH(v) do { *rp = (v); rp ++; } while (0)
744 #define T0_RPUSHi(v) do { *(int32_t *)rp = (v); rp ++; } while (0)
745 #define T0_ROLL(x) do { \
746 size_t t0len = (size_t)(x); \
747 uint32_t t0tmp = *(dp - 1 - t0len); \
748 memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \
749 *(dp - 1) = t0tmp; \
750 } while (0)
751 #define T0_SWAP() do { \
752 uint32_t t0tmp = *(dp - 2); \
753 *(dp - 2) = *(dp - 1); \
754 *(dp - 1) = t0tmp; \
755 } while (0)
756 #define T0_ROT() do { \
757 uint32_t t0tmp = *(dp - 3); \
758 *(dp - 3) = *(dp - 2); \
759 *(dp - 2) = *(dp - 1); \
760 *(dp - 1) = t0tmp; \
761 } while (0)
762 #define T0_NROT() do { \
763 uint32_t t0tmp = *(dp - 1); \
764 *(dp - 1) = *(dp - 2); \
765 *(dp - 2) = *(dp - 3); \
766 *(dp - 3) = t0tmp; \
767 } while (0)
768 #define T0_PICK(x) do { \
769 uint32_t t0depth = (x); \
770 T0_PUSH(T0_PEEK(t0depth)); \
771 } while (0)
772 #define T0_CO() do { \
773 goto t0_exit; \
774 } while (0)
775 #define T0_RET() break
776
777 dp = ((t0_context *)t0ctx)->dp;
778 rp = ((t0_context *)t0ctx)->rp;
779 ip = ((t0_context *)t0ctx)->ip;
780 for (;;) {
781 uint32_t t0x;
782
783 t0x = t0_parse7E_unsigned(&ip);
784 if (t0x < T0_INTERPRETED) {
785 switch (t0x) {
786 int32_t t0off;
787
788 case 0: /* ret */
789 t0x = T0_RPOP();
790 rp -= (t0x >> 16);
791 t0x &= 0xFFFF;
792 if (t0x == 0) {
793 ip = NULL;
794 goto t0_exit;
795 }
796 ip = &t0_codeblock[t0x];
797 break;
798 case 1: /* literal constant */
799 T0_PUSHi(t0_parse7E_signed(&ip));
800 break;
801 case 2: /* read local */
802 T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip)));
803 break;
804 case 3: /* write local */
805 T0_LOCAL(t0_parse7E_unsigned(&ip)) = T0_POP();
806 break;
807 case 4: /* jump */
808 t0off = t0_parse7E_signed(&ip);
809 ip += t0off;
810 break;
811 case 5: /* jump if */
812 t0off = t0_parse7E_signed(&ip);
813 if (T0_POP()) {
814 ip += t0off;
815 }
816 break;
817 case 6: /* jump if not */
818 t0off = t0_parse7E_signed(&ip);
819 if (!T0_POP()) {
820 ip += t0off;
821 }
822 break;
823 case 7: {
824 /* * */
825
826 uint32_t b = T0_POP();
827 uint32_t a = T0_POP();
828 T0_PUSH(a * b);
829
830 }
831 break;
832 case 8: {
833 /* + */
834
835 uint32_t b = T0_POP();
836 uint32_t a = T0_POP();
837 T0_PUSH(a + b);
838
839 }
840 break;
841 case 9: {
842 /* - */
843
844 uint32_t b = T0_POP();
845 uint32_t a = T0_POP();
846 T0_PUSH(a - b);
847
848 }
849 break;
850 case 10: {
851 /* < */
852
853 int32_t b = T0_POPi();
854 int32_t a = T0_POPi();
855 T0_PUSH(-(uint32_t)(a < b));
856
857 }
858 break;
859 case 11: {
860 /* << */
861
862 int c = (int)T0_POPi();
863 uint32_t x = T0_POP();
864 T0_PUSH(x << c);
865
866 }
867 break;
868 case 12: {
869 /* <= */
870
871 int32_t b = T0_POPi();
872 int32_t a = T0_POPi();
873 T0_PUSH(-(uint32_t)(a <= b));
874
875 }
876 break;
877 case 13: {
878 /* <> */
879
880 uint32_t b = T0_POP();
881 uint32_t a = T0_POP();
882 T0_PUSH(-(uint32_t)(a != b));
883
884 }
885 break;
886 case 14: {
887 /* = */
888
889 uint32_t b = T0_POP();
890 uint32_t a = T0_POP();
891 T0_PUSH(-(uint32_t)(a == b));
892
893 }
894 break;
895 case 15: {
896 /* > */
897
898 int32_t b = T0_POPi();
899 int32_t a = T0_POPi();
900 T0_PUSH(-(uint32_t)(a > b));
901
902 }
903 break;
904 case 16: {
905 /* >= */
906
907 int32_t b = T0_POPi();
908 int32_t a = T0_POPi();
909 T0_PUSH(-(uint32_t)(a >= b));
910
911 }
912 break;
913 case 17: {
914 /* >> */
915
916 int c = (int)T0_POPi();
917 int32_t x = T0_POPi();
918 T0_PUSHi(x >> c);
919
920 }
921 break;
922 case 18: {
923 /* and */
924
925 uint32_t b = T0_POP();
926 uint32_t a = T0_POP();
927 T0_PUSH(a & b);
928
929 }
930 break;
931 case 19: {
932 /* begin-cert */
933
934 if (CTX->chain_len == 0) {
935 T0_PUSHi(-1);
936 } else {
937 CTX->cert_cur = CTX->chain->data;
938 CTX->cert_len = CTX->chain->data_len;
939 CTX->chain ++;
940 CTX->chain_len --;
941 T0_PUSH(CTX->cert_len);
942 }
943
944 }
945 break;
946 case 20: {
947 /* bzero */
948
949 size_t len = (size_t)T0_POP();
950 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
951 memset(addr, 0, len);
952
953 }
954 break;
955 case 21: {
956 /* call-policy-handler */
957
958 int x;
959 br_ssl_server_choices choices;
960
961 x = (*CTX->policy_vtable)->choose(
962 CTX->policy_vtable, CTX, &choices);
963 ENG->session.cipher_suite = choices.cipher_suite;
964 CTX->sign_hash_id = choices.hash_id;
965 CTX->chain = choices.chain;
966 CTX->chain_len = choices.chain_len;
967 T0_PUSHi(-(x != 0));
968
969 }
970 break;
971 case 22: {
972 /* can-output? */
973
974 T0_PUSHi(-(ENG->hlen_out > 0));
975
976 }
977 break;
978 case 23: {
979 /* check-resume */
980
981 if (ENG->session.session_id_len == 32
982 && CTX->cache_vtable != NULL && (*CTX->cache_vtable)->load(
983 CTX->cache_vtable, CTX, &ENG->session))
984 {
985 T0_PUSHi(-1);
986 } else {
987 T0_PUSH(0);
988 }
989
990 }
991 break;
992 case 24: {
993 /* co */
994 T0_CO();
995 }
996 break;
997 case 25: {
998 /* compute-Finished-inner */
999
1000 int prf_id = T0_POP();
1001 int from_client = T0_POPi();
1002 unsigned char seed[48];
1003 size_t seed_len;
1004
1005 br_tls_prf_impl prf = br_ssl_engine_get_PRF(ENG, prf_id);
1006 if (ENG->session.version >= BR_TLS12) {
1007 seed_len = br_multihash_out(&ENG->mhash, prf_id, seed);
1008 } else {
1009 br_multihash_out(&ENG->mhash, br_md5_ID, seed);
1010 br_multihash_out(&ENG->mhash, br_sha1_ID, seed + 16);
1011 seed_len = 36;
1012 }
1013 prf(ENG->pad, 12, ENG->session.master_secret,
1014 sizeof ENG->session.master_secret,
1015 from_client ? "client finished" : "server finished",
1016 seed, seed_len);
1017
1018 }
1019 break;
1020 case 26: {
1021 /* copy-cert-chunk */
1022
1023 size_t clen;
1024
1025 clen = CTX->cert_len;
1026 if (clen > sizeof ENG->pad) {
1027 clen = sizeof ENG->pad;
1028 }
1029 memcpy(ENG->pad, CTX->cert_cur, clen);
1030 CTX->cert_cur += clen;
1031 CTX->cert_len -= clen;
1032 T0_PUSH(clen);
1033
1034 }
1035 break;
1036 case 27: {
1037 /* data-get8 */
1038
1039 size_t addr = T0_POP();
1040 T0_PUSH(t0_datablock[addr]);
1041
1042 }
1043 break;
1044 case 28: {
1045 /* discard-input */
1046
1047 ENG->hlen_in = 0;
1048
1049 }
1050 break;
1051 case 29: {
1052 /* do-ecdh */
1053
1054 int prf_id = T0_POPi();
1055 size_t len = T0_POP();
1056 do_ecdh(CTX, prf_id, ENG->pad, len);
1057
1058 }
1059 break;
1060 case 30: {
1061 /* do-ecdhe-part1 */
1062
1063 int curve = T0_POPi();
1064 T0_PUSHi(do_ecdhe_part1(CTX, curve));
1065
1066 }
1067 break;
1068 case 31: {
1069 /* do-ecdhe-part2 */
1070
1071 int prf_id = T0_POPi();
1072 size_t len = T0_POP();
1073 do_ecdhe_part2(CTX, prf_id, ENG->pad, len);
1074
1075 }
1076 break;
1077 case 32: {
1078 /* do-rsa-decrypt */
1079
1080 int prf_id = T0_POPi();
1081 size_t len = T0_POP();
1082 do_rsa_decrypt(CTX, prf_id, ENG->pad, len);
1083
1084 }
1085 break;
1086 case 33: {
1087 /* drop */
1088 (void)T0_POP();
1089 }
1090 break;
1091 case 34: {
1092 /* dup */
1093 T0_PUSH(T0_PEEK(0));
1094 }
1095 break;
1096 case 35: {
1097 /* fail */
1098
1099 br_ssl_engine_fail(ENG, (int)T0_POPi());
1100 T0_CO();
1101
1102 }
1103 break;
1104 case 36: {
1105 /* flush-record */
1106
1107 br_ssl_engine_flush_record(ENG);
1108
1109 }
1110 break;
1111 case 37: {
1112 /* get16 */
1113
1114 size_t addr = (size_t)T0_POP();
1115 T0_PUSH(*(uint16_t *)((unsigned char *)ENG + addr));
1116
1117 }
1118 break;
1119 case 38: {
1120 /* get32 */
1121
1122 size_t addr = (size_t)T0_POP();
1123 T0_PUSH(*(uint32_t *)((unsigned char *)ENG + addr));
1124
1125 }
1126 break;
1127 case 39: {
1128 /* get8 */
1129
1130 size_t addr = (size_t)T0_POP();
1131 T0_PUSH(*((unsigned char *)ENG + addr));
1132
1133 }
1134 break;
1135 case 40: {
1136 /* has-input? */
1137
1138 T0_PUSHi(-(ENG->hlen_in != 0));
1139
1140 }
1141 break;
1142 case 41: {
1143 /* memcmp */
1144
1145 size_t len = (size_t)T0_POP();
1146 void *addr2 = (unsigned char *)ENG + (size_t)T0_POP();
1147 void *addr1 = (unsigned char *)ENG + (size_t)T0_POP();
1148 int x = memcmp(addr1, addr2, len);
1149 T0_PUSH((uint32_t)-(x == 0));
1150
1151 }
1152 break;
1153 case 42: {
1154 /* memcpy */
1155
1156 size_t len = (size_t)T0_POP();
1157 void *src = (unsigned char *)ENG + (size_t)T0_POP();
1158 void *dst = (unsigned char *)ENG + (size_t)T0_POP();
1159 memcpy(dst, src, len);
1160
1161 }
1162 break;
1163 case 43: {
1164 /* mkrand */
1165
1166 size_t len = (size_t)T0_POP();
1167 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
1168 br_hmac_drbg_generate(&ENG->rng, addr, len);
1169
1170 }
1171 break;
1172 case 44: {
1173 /* more-incoming-bytes? */
1174
1175 T0_PUSHi(ENG->hlen_in != 0 || !br_ssl_engine_recvrec_finished(ENG));
1176
1177 }
1178 break;
1179 case 45: {
1180 /* multihash-init */
1181
1182 br_multihash_init(&ENG->mhash);
1183
1184 }
1185 break;
1186 case 46: {
1187 /* neg */
1188
1189 uint32_t a = T0_POP();
1190 T0_PUSH(-a);
1191
1192 }
1193 break;
1194 case 47: {
1195 /* not */
1196
1197 uint32_t a = T0_POP();
1198 T0_PUSH(~a);
1199
1200 }
1201 break;
1202 case 48: {
1203 /* or */
1204
1205 uint32_t b = T0_POP();
1206 uint32_t a = T0_POP();
1207 T0_PUSH(a | b);
1208
1209 }
1210 break;
1211 case 49: {
1212 /* over */
1213 T0_PUSH(T0_PEEK(1));
1214 }
1215 break;
1216 case 50: {
1217 /* read-chunk-native */
1218
1219 size_t clen = ENG->hlen_in;
1220 if (clen > 0) {
1221 uint32_t addr, len;
1222
1223 len = T0_POP();
1224 addr = T0_POP();
1225 if ((size_t)len < clen) {
1226 clen = (size_t)len;
1227 }
1228 memcpy((unsigned char *)ENG + addr, ENG->hbuf_in, clen);
1229 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1230 br_multihash_update(&ENG->mhash, ENG->hbuf_in, clen);
1231 }
1232 T0_PUSH(addr + (uint32_t)clen);
1233 T0_PUSH(len - (uint32_t)clen);
1234 ENG->hbuf_in += clen;
1235 ENG->hlen_in -= clen;
1236 }
1237
1238 }
1239 break;
1240 case 51: {
1241 /* read8-native */
1242
1243 if (ENG->hlen_in > 0) {
1244 unsigned char x;
1245
1246 x = *ENG->hbuf_in ++;
1247 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1248 br_multihash_update(&ENG->mhash, &x, 1);
1249 }
1250 T0_PUSH(x);
1251 ENG->hlen_in --;
1252 } else {
1253 T0_PUSHi(-1);
1254 }
1255
1256 }
1257 break;
1258 case 52: {
1259 /* save-session */
1260
1261 if (CTX->cache_vtable != NULL) {
1262 (*CTX->cache_vtable)->save(
1263 CTX->cache_vtable, CTX, &ENG->session);
1264 }
1265
1266 }
1267 break;
1268 case 53: {
1269 /* set-max-frag-len */
1270
1271 size_t max_frag_len = T0_POP();
1272
1273 br_ssl_engine_new_max_frag_len(ENG, max_frag_len);
1274
1275 /*
1276 * We must adjust our own output limit. Since we call this only
1277 * after receiving a ClientHello and before beginning to send
1278 * the ServerHello, the next output record should be empty at
1279 * that point, so we can use max_frag_len as a limit.
1280 */
1281 if (ENG->hlen_out > max_frag_len) {
1282 ENG->hlen_out = max_frag_len;
1283 }
1284
1285 }
1286 break;
1287 case 54: {
1288 /* set16 */
1289
1290 size_t addr = (size_t)T0_POP();
1291 *(uint16_t *)((unsigned char *)ENG + addr) = (uint16_t)T0_POP();
1292
1293 }
1294 break;
1295 case 55: {
1296 /* set32 */
1297
1298 size_t addr = (size_t)T0_POP();
1299 *(uint32_t *)((unsigned char *)ENG + addr) = (uint32_t)T0_POP();
1300
1301 }
1302 break;
1303 case 56: {
1304 /* set8 */
1305
1306 size_t addr = (size_t)T0_POP();
1307 *((unsigned char *)ENG + addr) = (unsigned char)T0_POP();
1308
1309 }
1310 break;
1311 case 57: {
1312 /* supported-curves */
1313
1314 uint32_t x = ENG->iec == NULL ? 0 : ENG->iec->supported_curves;
1315 T0_PUSH(x);
1316
1317 }
1318 break;
1319 case 58: {
1320 /* supported-hash-functions */
1321
1322 int i;
1323 unsigned x, num;
1324
1325 x = 0;
1326 num = 0;
1327 for (i = br_sha1_ID; i <= br_sha512_ID; i ++) {
1328 if (br_multihash_getimpl(&ENG->mhash, i)) {
1329 x |= 1U << i;
1330 num ++;
1331 }
1332 }
1333 T0_PUSH(x);
1334 T0_PUSH(num);
1335
1336 }
1337 break;
1338 case 59: {
1339 /* swap */
1340 T0_SWAP();
1341 }
1342 break;
1343 case 60: {
1344 /* switch-aesgcm-in */
1345
1346 int is_client, prf_id;
1347 unsigned cipher_key_len;
1348
1349 cipher_key_len = T0_POP();
1350 prf_id = T0_POP();
1351 is_client = T0_POP();
1352 br_ssl_engine_switch_gcm_in(ENG, is_client, prf_id,
1353 ENG->iaes_ctr, cipher_key_len);
1354
1355 }
1356 break;
1357 case 61: {
1358 /* switch-aesgcm-out */
1359
1360 int is_client, prf_id;
1361 unsigned cipher_key_len;
1362
1363 cipher_key_len = T0_POP();
1364 prf_id = T0_POP();
1365 is_client = T0_POP();
1366 br_ssl_engine_switch_gcm_out(ENG, is_client, prf_id,
1367 ENG->iaes_ctr, cipher_key_len);
1368
1369 }
1370 break;
1371 case 62: {
1372 /* switch-cbc-in */
1373
1374 int is_client, prf_id, mac_id, aes;
1375 unsigned cipher_key_len;
1376
1377 cipher_key_len = T0_POP();
1378 aes = T0_POP();
1379 mac_id = T0_POP();
1380 prf_id = T0_POP();
1381 is_client = T0_POP();
1382 br_ssl_engine_switch_cbc_in(ENG, is_client, prf_id, mac_id,
1383 aes ? ENG->iaes_cbcdec : ENG->ides_cbcdec, cipher_key_len);
1384
1385 }
1386 break;
1387 case 63: {
1388 /* switch-cbc-out */
1389
1390 int is_client, prf_id, mac_id, aes;
1391 unsigned cipher_key_len;
1392
1393 cipher_key_len = T0_POP();
1394 aes = T0_POP();
1395 mac_id = T0_POP();
1396 prf_id = T0_POP();
1397 is_client = T0_POP();
1398 br_ssl_engine_switch_cbc_out(ENG, is_client, prf_id, mac_id,
1399 aes ? ENG->iaes_cbcenc : ENG->ides_cbcenc, cipher_key_len);
1400
1401 }
1402 break;
1403 case 64: {
1404 /* total-chain-length */
1405
1406 size_t u;
1407 uint32_t total;
1408
1409 total = 0;
1410 for (u = 0; u < CTX->chain_len; u ++) {
1411 total += 3 + (uint32_t)CTX->chain[u].data_len;
1412 }
1413 T0_PUSH(total);
1414
1415 }
1416 break;
1417 case 65: {
1418 /* u>> */
1419
1420 int c = (int)T0_POPi();
1421 uint32_t x = T0_POP();
1422 T0_PUSH(x >> c);
1423
1424 }
1425 break;
1426 case 66: {
1427 /* write-blob-chunk */
1428
1429 size_t clen = ENG->hlen_out;
1430 if (clen > 0) {
1431 uint32_t addr, len;
1432
1433 len = T0_POP();
1434 addr = T0_POP();
1435 if ((size_t)len < clen) {
1436 clen = (size_t)len;
1437 }
1438 memcpy(ENG->hbuf_out, (unsigned char *)ENG + addr, clen);
1439 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1440 br_multihash_update(&ENG->mhash, ENG->hbuf_out, clen);
1441 }
1442 T0_PUSH(addr + (uint32_t)clen);
1443 T0_PUSH(len - (uint32_t)clen);
1444 ENG->hbuf_out += clen;
1445 ENG->hlen_out -= clen;
1446 }
1447
1448 }
1449 break;
1450 case 67: {
1451 /* write8-native */
1452
1453 unsigned char x;
1454
1455 x = (unsigned char)T0_POP();
1456 if (ENG->hlen_out > 0) {
1457 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1458 br_multihash_update(&ENG->mhash, &x, 1);
1459 }
1460 *ENG->hbuf_out ++ = x;
1461 ENG->hlen_out --;
1462 T0_PUSHi(-1);
1463 } else {
1464 T0_PUSHi(0);
1465 }
1466
1467 }
1468 break;
1469 }
1470
1471 } else {
1472 T0_ENTER(ip, rp, t0x);
1473 }
1474 }
1475 t0_exit:
1476 ((t0_context *)t0ctx)->dp = dp;
1477 ((t0_context *)t0ctx)->rp = rp;
1478 ((t0_context *)t0ctx)->ip = ip;
1479 }
The BearSSL library and tools.