projects / BearSSL / blob
? search:


a46734da8128a75990ffa59ad6bbf5e489dfec75
[BearSSL] / src / ssl / ssl_hs_server.c
1 /* Automatically generated code; do not modify directly. */
2
3 #include <stddef.h>
4 #include <stdint.h>
5
6 typedef struct {
7 uint32_t *dp;
8 uint32_t *rp;
9 const unsigned char *ip;
10 } t0_context;
11
12 static uint32_t
13 t0_parse7E_unsigned(const unsigned char **p)
14 {
15 uint32_t x;
16
17 x = 0;
18 for (;;) {
19 unsigned y;
20
21 y = *(*p) ++;
22 x = (x << 7) | (uint32_t)(y & 0x7F);
23 if (y < 0x80) {
24 return x;
25 }
26 }
27 }
28
29 static int32_t
30 t0_parse7E_signed(const unsigned char **p)
31 {
32 int neg;
33 uint32_t x;
34
35 neg = ((**p) >> 6) & 1;
36 x = (uint32_t)-neg;
37 for (;;) {
38 unsigned y;
39
40 y = *(*p) ++;
41 x = (x << 7) | (uint32_t)(y & 0x7F);
42 if (y < 0x80) {
43 if (neg) {
44 return -(int32_t)~x - 1;
45 } else {
46 return (int32_t)x;
47 }
48 }
49 }
50 }
51
52 #define T0_VBYTE(x, n) (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) | 0x80)
53 #define T0_FBYTE(x, n) (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)
54 #define T0_SBYTE(x) (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)
55 #define T0_INT1(x) T0_FBYTE(x, 0)
56 #define T0_INT2(x) T0_VBYTE(x, 7), T0_FBYTE(x, 0)
57 #define T0_INT3(x) T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
58 #define T0_INT4(x) T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
59 #define T0_INT5(x) T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
60
61 static const uint8_t t0_datablock[];
62
63
64 void br_ssl_hs_server_init_main(void *t0ctx);
65
66 void br_ssl_hs_server_run(void *t0ctx);
67
68
69
70 #include <stddef.h>
71 #include <string.h>
72
73 #include "inner.h"
74
75 /*
76 * This macro evaluates to a pointer to the current engine context.
77 */
78 #define ENG ((br_ssl_engine_context *)((unsigned char *)t0ctx - offsetof(br_ssl_engine_context, cpu)))
79
80
81
82
83
84 /*
85 * This macro evaluates to a pointer to the server context, under that
86 * specific name. It must be noted that since the engine context is the
87 * first field of the br_ssl_server_context structure ('eng'), then
88 * pointers values of both types are interchangeable, modulo an
89 * appropriate cast. This also means that "adresses" computed as offsets
90 * within the structure work for both kinds of context.
91 */
92 #define CTX ((br_ssl_server_context *)ENG)
93
94 /*
95 * Decrypt the pre-master secret (RSA key exchange).
96 */
97 static void
98 do_rsa_decrypt(br_ssl_server_context *ctx, int prf_id,
99 unsigned char *epms, size_t len)
100 {
101 uint32_t x;
102 unsigned char rpms[48];
103
104 /*
105 * Decrypt the PMS.
106 */
107 x = (*ctx->policy_vtable)->do_keyx(ctx->policy_vtable, epms, len);
108
109 /*
110 * Set the first two bytes to the maximum supported client
111 * protocol version. These bytes are used for version rollback
112 * detection; forceing the two bytes will make the master secret
113 * wrong if the bytes are not correct. This process is
114 * recommended by RFC 5246 (section 7.4.7.1).
115 */
116 br_enc16be(epms, ctx->client_max_version);
117
118 /*
119 * Make a random PMS and copy it above the decrypted value if the
120 * decryption failed. Note that we use a constant-time conditional
121 * copy.
122 */
123 br_hmac_drbg_generate(&ctx->eng.rng, rpms, sizeof rpms);
124 br_ccopy(x ^ 1, epms, rpms, sizeof rpms);
125
126 /*
127 * Compute master secret.
128 */
129 br_ssl_engine_compute_master(&ctx->eng, prf_id, epms, 48);
130
131 /*
132 * Clear the pre-master secret from RAM: it is normally a buffer
133 * in the context, hence potentially long-lived.
134 */
135 memset(epms, 0, len);
136 }
137
138 /*
139 * Common part for ECDH and ECDHE.
140 */
141 static void
142 ecdh_common(br_ssl_server_context *ctx, int prf_id,
143 unsigned char *cpoint, size_t cpoint_len, uint32_t ctl)
144 {
145 unsigned char rpms[80];
146 size_t pms_len;
147
148 /*
149 * The point length is supposed to be 1+2*Xlen, where Xlen is
150 * the length (in bytes) of the X coordinate, i.e. the pre-master
151 * secret. If the provided point is too large, then it is
152 * obviously incorrect (i.e. everybody can see that it is
153 * incorrect), so leaking that fact is not a problem.
154 */
155 pms_len = cpoint_len >> 1;
156 if (pms_len > sizeof rpms) {
157 pms_len = sizeof rpms;
158 ctl = 0;
159 }
160
161 /*
162 * Make a random PMS and copy it above the decrypted value if the
163 * decryption failed. Note that we use a constant-time conditional
164 * copy.
165 */
166 br_hmac_drbg_generate(&ctx->eng.rng, rpms, pms_len);
167 br_ccopy(ctl ^ 1, cpoint + 1, rpms, pms_len);
168
169 /*
170 * Compute master secret.
171 */
172 br_ssl_engine_compute_master(&ctx->eng, prf_id, cpoint + 1, pms_len);
173
174 /*
175 * Clear the pre-master secret from RAM: it is normally a buffer
176 * in the context, hence potentially long-lived.
177 */
178 memset(cpoint, 0, cpoint_len);
179 }
180
181 /*
182 * Do the ECDH key exchange (not ECDHE).
183 */
184 static void
185 do_ecdh(br_ssl_server_context *ctx, int prf_id,
186 unsigned char *cpoint, size_t cpoint_len)
187 {
188 uint32_t x;
189
190 /*
191 * Finalise the key exchange.
192 */
193 x = (*ctx->policy_vtable)->do_keyx(ctx->policy_vtable,
194 cpoint, cpoint_len);
195 ecdh_common(ctx, prf_id, cpoint, cpoint_len, x);
196 }
197
198 /*
199 * Do the ECDHE key exchange (part 1: generation of transient key, and
200 * computing of the point to send to the client). Returned value is the
201 * signature length (in bytes), or -x on error (with x being an error
202 * code). The encoded point is written in the ecdhe_point[] context buffer
203 * (length in ecdhe_point_len).
204 */
205 static int
206 do_ecdhe_part1(br_ssl_server_context *ctx, int curve)
207 {
208 int hash;
209 unsigned mask;
210 const unsigned char *order, *generator;
211 size_t olen, glen;
212 br_multihash_context mhc;
213 unsigned char head[4];
214 size_t hv_len, sig_len;
215
216 if (!((ctx->eng.iec->supported_curves >> curve) & 1)) {
217 return -BR_ERR_INVALID_ALGORITHM;
218 }
219 ctx->eng.ecdhe_curve = curve;
220
221 /*
222 * Generate our private key. We need a non-zero random value
223 * which is lower than the curve order, in a "large enough"
224 * range. We force the top bit to 0 and bottom bit to 1, which
225 * does the trick. Note that contrary to what happens in ECDSA,
226 * this is not a problem if we do not cover the full range of
227 * possible values.
228 */
229 order = ctx->eng.iec->order(curve, &olen);
230 mask = 0xFF;
231 while (mask >= order[0]) {
232 mask >>= 1;
233 }
234 br_hmac_drbg_generate(&ctx->eng.rng, ctx->ecdhe_key, olen);
235 ctx->ecdhe_key[0] &= mask;
236 ctx->ecdhe_key[olen - 1] |= 0x01;
237 ctx->ecdhe_key_len = olen;
238
239 /*
240 * Compute our ECDH point.
241 */
242 generator = ctx->eng.iec->generator(curve, &glen);
243 memcpy(ctx->eng.ecdhe_point, generator, glen);
244 ctx->eng.ecdhe_point_len = glen;
245 if (!ctx->eng.iec->mul(ctx->eng.ecdhe_point, glen,
246 ctx->ecdhe_key, olen, curve))
247 {
248 return -BR_ERR_INVALID_ALGORITHM;
249 }
250
251 /*
252 * Compute the signature.
253 */
254 br_multihash_zero(&mhc);
255 br_multihash_copyimpl(&mhc, &ctx->eng.mhash);
256 br_multihash_init(&mhc);
257 br_multihash_update(&mhc,
258 ctx->eng.client_random, sizeof ctx->eng.client_random);
259 br_multihash_update(&mhc,
260 ctx->eng.server_random, sizeof ctx->eng.server_random);
261 head[0] = 3;
262 head[1] = 0;
263 head[2] = curve;
264 head[3] = ctx->eng.ecdhe_point_len;
265 br_multihash_update(&mhc, head, sizeof head);
266 br_multihash_update(&mhc,
267 ctx->eng.ecdhe_point, ctx->eng.ecdhe_point_len);
268 hash = ctx->sign_hash_id;
269 if (hash) {
270 hv_len = br_multihash_out(&mhc, hash, ctx->eng.pad);
271 if (hv_len == 0) {
272 return -BR_ERR_INVALID_ALGORITHM;
273 }
274 } else {
275 if (!br_multihash_out(&mhc, br_md5_ID, ctx->eng.pad)
276 || !br_multihash_out(&mhc,
277 br_sha1_ID, ctx->eng.pad + 16))
278 {
279 return -BR_ERR_INVALID_ALGORITHM;
280 }
281 hv_len = 36;
282 }
283 sig_len = (*ctx->policy_vtable)->do_sign(ctx->policy_vtable,
284 hash, hv_len, ctx->eng.pad, sizeof ctx->eng.pad);
285 return sig_len ? (int)sig_len : -BR_ERR_INVALID_ALGORITHM;
286 }
287
288 /*
289 * Do the ECDHE key exchange (part 2: computation of the shared secret
290 * from the point sent by the client).
291 */
292 static void
293 do_ecdhe_part2(br_ssl_server_context *ctx, int prf_id,
294 unsigned char *cpoint, size_t cpoint_len)
295 {
296 int curve;
297 uint32_t x;
298
299 curve = ctx->eng.ecdhe_curve;
300
301 /*
302 * Finalise the key exchange.
303 */
304 x = ctx->eng.iec->mul(cpoint, cpoint_len,
305 ctx->ecdhe_key, ctx->ecdhe_key_len, curve);
306 ecdh_common(ctx, prf_id, cpoint, cpoint_len, x);
307
308 /*
309 * Clear the ECDHE private key. Forward Secrecy is achieved insofar
310 * as that key does not get stolen, so we'd better destroy it
311 * as soon as it ceases to be useful.
312 */
313 memset(ctx->ecdhe_key, 0, ctx->ecdhe_key_len);
314 }
315
316
317
318 static const uint8_t t0_datablock[] = {
319 0x00, 0x00, 0x0A, 0x00, 0x24, 0x00, 0x2F, 0x01, 0x24, 0x00, 0x35, 0x02,
320 0x24, 0x00, 0x3C, 0x01, 0x44, 0x00, 0x3D, 0x02, 0x44, 0x00, 0x9C, 0x03,
321 0x04, 0x00, 0x9D, 0x04, 0x05, 0xC0, 0x03, 0x40, 0x24, 0xC0, 0x04, 0x41,
322 0x24, 0xC0, 0x05, 0x42, 0x24, 0xC0, 0x08, 0x20, 0x24, 0xC0, 0x09, 0x21,
323 0x24, 0xC0, 0x0A, 0x22, 0x24, 0xC0, 0x0D, 0x30, 0x24, 0xC0, 0x0E, 0x31,
324 0x24, 0xC0, 0x0F, 0x32, 0x24, 0xC0, 0x12, 0x10, 0x24, 0xC0, 0x13, 0x11,
325 0x24, 0xC0, 0x14, 0x12, 0x24, 0xC0, 0x23, 0x21, 0x44, 0xC0, 0x24, 0x22,
326 0x55, 0xC0, 0x25, 0x41, 0x44, 0xC0, 0x26, 0x42, 0x55, 0xC0, 0x27, 0x11,
327 0x44, 0xC0, 0x28, 0x12, 0x55, 0xC0, 0x29, 0x31, 0x44, 0xC0, 0x2A, 0x32,
328 0x55, 0xC0, 0x2B, 0x23, 0x04, 0xC0, 0x2C, 0x24, 0x05, 0xC0, 0x2D, 0x43,
329 0x04, 0xC0, 0x2E, 0x44, 0x05, 0xC0, 0x2F, 0x13, 0x04, 0xC0, 0x30, 0x14,
330 0x05, 0xC0, 0x31, 0x33, 0x04, 0xC0, 0x32, 0x34, 0x05, 0xCC, 0xA8, 0x15,
331 0x04, 0xCC, 0xA9, 0x25, 0x04, 0x00, 0x00
332 };
333
334 static const uint8_t t0_codeblock[] = {
335 0x00, 0x01, 0x00, 0x0A, 0x00, 0x00, 0x01, 0x00, 0x0D, 0x00, 0x00, 0x01,
336 0x00, 0x0E, 0x00, 0x00, 0x01, 0x00, 0x0F, 0x00, 0x00, 0x01, 0x01, 0x08,
337 0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x02, 0x08, 0x00, 0x00,
338 0x21, 0x21, 0x00, 0x00, 0x01, T0_INT1(BR_ERR_BAD_CCS), 0x00, 0x00,
339 0x01, T0_INT1(BR_ERR_BAD_FINISHED), 0x00, 0x00, 0x01,
340 T0_INT1(BR_ERR_BAD_FRAGLEN), 0x00, 0x00, 0x01,
341 T0_INT1(BR_ERR_BAD_HANDSHAKE), 0x00, 0x00, 0x01,
342 T0_INT1(BR_ERR_BAD_PARAM), 0x00, 0x00, 0x01,
343 T0_INT1(BR_ERR_BAD_SECRENEG), 0x00, 0x00, 0x01,
344 T0_INT1(BR_ERR_BAD_VERSION), 0x00, 0x00, 0x01,
345 T0_INT1(BR_ERR_LIMIT_EXCEEDED), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OK),
346 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OVERSIZED_ID), 0x00, 0x00, 0x01,
347 T0_INT1(BR_ERR_UNEXPECTED), 0x00, 0x00, 0x01,
348 T0_INT2(offsetof(br_ssl_engine_context, action)), 0x00, 0x00, 0x01,
349 T0_INT2(offsetof(br_ssl_engine_context, alert)), 0x00, 0x00, 0x01,
350 T0_INT2(offsetof(br_ssl_engine_context, application_data)), 0x00, 0x00,
351 0x01,
352 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, cipher_suite)),
353 0x00, 0x00, 0x01,
354 T0_INT2(offsetof(br_ssl_server_context, client_max_version)), 0x00,
355 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, client_random)),
356 0x00, 0x00, 0x01,
357 T0_INT2(offsetof(br_ssl_server_context, client_suites)), 0x00, 0x00,
358 0x01, T0_INT2(offsetof(br_ssl_server_context, client_suites_num)),
359 0x00, 0x00, 0x01,
360 T0_INT2(offsetof(br_ssl_engine_context, close_received)), 0x00, 0x00,
361 0x01, T0_INT2(offsetof(br_ssl_server_context, curves)), 0x00, 0x00,
362 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point)), 0x00,
363 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point_len)),
364 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, flags)),
365 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_server_context, hashes)),
366 0x00, 0x00, 0x5D, 0x01,
367 T0_INT2(BR_MAX_CIPHER_SUITES * sizeof(br_suite_translated)), 0x00,
368 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, log_max_frag_len)),
369 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, pad)), 0x00,
370 0x00, 0x01,
371 T0_INT2(offsetof(br_ssl_engine_context, peer_log_max_frag_len)), 0x00,
372 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, record_type_in)),
373 0x00, 0x00, 0x01,
374 T0_INT2(offsetof(br_ssl_engine_context, record_type_out)), 0x00, 0x00,
375 0x01, T0_INT2(offsetof(br_ssl_engine_context, reneg)), 0x00, 0x00,
376 0x01, T0_INT2(offsetof(br_ssl_engine_context, saved_finished)), 0x00,
377 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, server_name)),
378 0x00, 0x00, 0x01,
379 T0_INT2(offsetof(br_ssl_engine_context, server_random)), 0x00, 0x00,
380 0x01,
381 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id)),
382 0x00, 0x00, 0x01,
383 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id_len)),
384 0x00, 0x00, 0x01,
385 T0_INT2(offsetof(br_ssl_engine_context, shutdown_recv)), 0x00, 0x00,
386 0x01, T0_INT2(offsetof(br_ssl_server_context, sign_hash_id)), 0x00,
387 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_buf)), 0x00,
388 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_num)), 0x00,
389 0x00, 0x01,
390 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, version)),
391 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_in)),
392 0x00, 0x00, 0x01,
393 T0_INT2(offsetof(br_ssl_engine_context, version_max)), 0x00, 0x00,
394 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_min)), 0x00,
395 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_out)),
396 0x00, 0x00, 0x09, 0x22, 0x44, 0x06, 0x02, 0x50, 0x23, 0x00, 0x00, 0x01,
397 0x01, 0x00, 0x01, 0x03, 0x00, 0x7B, 0x22, 0x4A, 0x3B, 0x7F, 0x22, 0x05,
398 0x04, 0x4B, 0x01, 0x00, 0x00, 0x02, 0x00, 0x0E, 0x06, 0x02, 0x7F, 0x00,
399 0x4A, 0x04, 0x6B, 0x00, 0x06, 0x02, 0x50, 0x23, 0x00, 0x00, 0x22, 0x6C,
400 0x3B, 0x05, 0x03, 0x01, 0x0C, 0x08, 0x3B, 0x5A, 0x25, 0x81, 0x07, 0x19,
401 0x67, 0x01, 0x0C, 0x2A, 0x00, 0x00, 0x22, 0x1B, 0x01, 0x08, 0x0B, 0x3B,
402 0x48, 0x1B, 0x08, 0x00, 0x01, 0x03, 0x00, 0x01, 0x00, 0x59, 0x38, 0x24,
403 0x16, 0x2F, 0x06, 0x08, 0x02, 0x00, 0x81, 0x26, 0x03, 0x00, 0x04, 0x74,
404 0x01, 0x00, 0x81, 0x1E, 0x02, 0x00, 0x22, 0x16, 0x12, 0x06, 0x02, 0x54,
405 0x23, 0x81, 0x26, 0x04, 0x75, 0x00, 0x01, 0x00, 0x59, 0x38, 0x01, 0x16,
406 0x6A, 0x38, 0x2D, 0x81, 0x0B, 0x2C, 0x06, 0x02, 0x56, 0x23, 0x06, 0x0C,
407 0x81, 0x2C, 0x01, 0x00, 0x81, 0x29, 0x01, 0x00, 0x81, 0x0A, 0x04, 0x14,
408 0x81, 0x2C, 0x81, 0x2A, 0x81, 0x2E, 0x81, 0x2D, 0x24, 0x81, 0x0C, 0x01,
409 0x00, 0x81, 0x0A, 0x01, 0x00, 0x81, 0x29, 0x34, 0x01, 0x01, 0x59, 0x38,
410 0x01, 0x17, 0x6A, 0x38, 0x00, 0x00, 0x31, 0x31, 0x00, 0x01, 0x03, 0x00,
411 0x24, 0x16, 0x2F, 0x06, 0x05, 0x81, 0x25, 0x21, 0x04, 0x77, 0x01, 0x02,
412 0x02, 0x00, 0x81, 0x1D, 0x16, 0x2F, 0x06, 0x05, 0x81, 0x25, 0x21, 0x04,
413 0x77, 0x02, 0x00, 0x01, 0x84, 0x00, 0x08, 0x23, 0x00, 0x00, 0x63, 0x26,
414 0x3B, 0x11, 0x01, 0x01, 0x12, 0x2E, 0x00, 0x00, 0x01, 0x7F, 0x81, 0x01,
415 0x81, 0x25, 0x22, 0x01, 0x07, 0x12, 0x01, 0x00, 0x31, 0x0E, 0x06, 0x0A,
416 0x21, 0x01, 0x10, 0x12, 0x06, 0x02, 0x81, 0x1C, 0x04, 0x2E, 0x01, 0x01,
417 0x31, 0x0E, 0x06, 0x25, 0x21, 0x21, 0x6B, 0x27, 0x01, 0x01, 0x0E, 0x01,
418 0x01, 0x81, 0x04, 0x30, 0x06, 0x11, 0x24, 0x16, 0x2F, 0x06, 0x05, 0x81,
419 0x25, 0x21, 0x04, 0x77, 0x01, 0x80, 0x64, 0x81, 0x1E, 0x04, 0x04, 0x01,
420 0x00, 0x81, 0x01, 0x04, 0x03, 0x56, 0x23, 0x21, 0x04, 0xFF, 0x39, 0x01,
421 0x22, 0x03, 0x00, 0x09, 0x22, 0x44, 0x06, 0x02, 0x50, 0x23, 0x02, 0x00,
422 0x00, 0x00, 0x7C, 0x01, 0x0F, 0x12, 0x00, 0x00, 0x58, 0x27, 0x01, 0x00,
423 0x31, 0x0E, 0x06, 0x10, 0x21, 0x22, 0x01, 0x01, 0x0D, 0x06, 0x03, 0x21,
424 0x01, 0x02, 0x58, 0x38, 0x01, 0x00, 0x04, 0x22, 0x01, 0x01, 0x31, 0x0E,
425 0x06, 0x15, 0x21, 0x01, 0x00, 0x58, 0x38, 0x22, 0x01, 0x80, 0x64, 0x0E,
426 0x06, 0x05, 0x01, 0x82, 0x00, 0x08, 0x23, 0x46, 0x00, 0x04, 0x07, 0x21,
427 0x01, 0x82, 0x00, 0x08, 0x23, 0x21, 0x00, 0x00, 0x01, 0x00, 0x28, 0x06,
428 0x06, 0x33, 0x81, 0x08, 0x30, 0x04, 0x77, 0x22, 0x06, 0x04, 0x01, 0x01,
429 0x71, 0x38, 0x00, 0x00, 0x28, 0x06, 0x0B, 0x69, 0x27, 0x01, 0x14, 0x0D,
430 0x06, 0x02, 0x56, 0x23, 0x04, 0x12, 0x81, 0x25, 0x01, 0x07, 0x12, 0x22,
431 0x01, 0x02, 0x0D, 0x06, 0x06, 0x06, 0x02, 0x56, 0x23, 0x04, 0x6F, 0x21,
432 0x81, 0x1A, 0x01, 0x01, 0x0D, 0x2C, 0x30, 0x06, 0x02, 0x4C, 0x23, 0x22,
433 0x01, 0x01, 0x81, 0x20, 0x2F, 0x81, 0x0D, 0x00, 0x0A, 0x81, 0x12, 0x01,
434 0x01, 0x0E, 0x05, 0x02, 0x56, 0x23, 0x81, 0x17, 0x22, 0x03, 0x00, 0x5B,
435 0x36, 0x5C, 0x01, 0x20, 0x81, 0x0E, 0x81, 0x19, 0x22, 0x01, 0x20, 0x0F,
436 0x06, 0x02, 0x55, 0x23, 0x22, 0x70, 0x38, 0x6F, 0x3B, 0x81, 0x0E, 0x17,
437 0x03, 0x01, 0x81, 0x17, 0x81, 0x06, 0x01, 0x00, 0x03, 0x02, 0x01, 0x00,
438 0x03, 0x03, 0x65, 0x81, 0x02, 0x14, 0x31, 0x08, 0x03, 0x04, 0x03, 0x05,
439 0x22, 0x06, 0x80, 0x70, 0x81, 0x17, 0x22, 0x03, 0x06, 0x02, 0x01, 0x06,
440 0x0A, 0x22, 0x5A, 0x25, 0x0E, 0x06, 0x04, 0x01, 0x7F, 0x03, 0x03, 0x22,
441 0x01, 0x81, 0x7F, 0x0E, 0x06, 0x0A, 0x6B, 0x27, 0x06, 0x02, 0x51, 0x23,
442 0x01, 0x7F, 0x03, 0x02, 0x22, 0x01, 0x81, 0xAC, 0x00, 0x0E, 0x06, 0x11,
443 0x02, 0x00, 0x78, 0x25, 0x10, 0x02, 0x00, 0x77, 0x25, 0x0A, 0x12, 0x06,
444 0x04, 0x01, 0x7F, 0x03, 0x00, 0x81, 0x1B, 0x22, 0x44, 0x06, 0x03, 0x21,
445 0x04, 0x27, 0x01, 0x00, 0x81, 0x04, 0x06, 0x0B, 0x01, 0x02, 0x0B, 0x5D,
446 0x08, 0x02, 0x06, 0x3B, 0x36, 0x04, 0x16, 0x21, 0x02, 0x05, 0x02, 0x04,
447 0x10, 0x06, 0x02, 0x4F, 0x23, 0x02, 0x06, 0x02, 0x05, 0x36, 0x02, 0x05,
448 0x01, 0x04, 0x08, 0x03, 0x05, 0x04, 0xFF, 0x0C, 0x21, 0x01, 0x00, 0x03,
449 0x07, 0x81, 0x19, 0x81, 0x06, 0x22, 0x06, 0x0A, 0x81, 0x19, 0x05, 0x04,
450 0x01, 0x7F, 0x03, 0x07, 0x04, 0x73, 0x7D, 0x01, 0x00, 0x6D, 0x38, 0x01,
451 0x88, 0x04, 0x64, 0x36, 0x01, 0x84, 0x80, 0x80, 0x00, 0x60, 0x37, 0x22,
452 0x06, 0x80, 0x4D, 0x81, 0x17, 0x81, 0x06, 0x22, 0x06, 0x80, 0x44, 0x81,
453 0x17, 0x01, 0x00, 0x31, 0x0E, 0x06, 0x05, 0x21, 0x81, 0x11, 0x04, 0x34,
454 0x01, 0x01, 0x31, 0x0E, 0x06, 0x05, 0x21, 0x81, 0x0F, 0x04, 0x29, 0x01,
455 0x83, 0xFE, 0x01, 0x31, 0x0E, 0x06, 0x05, 0x21, 0x81, 0x10, 0x04, 0x1C,
456 0x01, 0x0D, 0x31, 0x0E, 0x06, 0x05, 0x21, 0x81, 0x15, 0x04, 0x11, 0x01,
457 0x0A, 0x31, 0x0E, 0x06, 0x05, 0x21, 0x81, 0x16, 0x04, 0x06, 0x21, 0x81,
458 0x14, 0x01, 0x00, 0x21, 0x04, 0xFF, 0x38, 0x7D, 0x7D, 0x02, 0x01, 0x02,
459 0x03, 0x12, 0x03, 0x01, 0x02, 0x00, 0x44, 0x06, 0x09, 0x5B, 0x25, 0x79,
460 0x36, 0x01, 0x80, 0x56, 0x81, 0x03, 0x77, 0x25, 0x22, 0x02, 0x00, 0x0F,
461 0x06, 0x03, 0x21, 0x02, 0x00, 0x22, 0x01, 0x86, 0x00, 0x0A, 0x06, 0x02,
462 0x52, 0x23, 0x02, 0x00, 0x78, 0x25, 0x0A, 0x06, 0x05, 0x01, 0x80, 0x46,
463 0x81, 0x03, 0x02, 0x01, 0x06, 0x10, 0x75, 0x25, 0x02, 0x00, 0x0C, 0x06,
464 0x05, 0x21, 0x75, 0x25, 0x04, 0x04, 0x01, 0x00, 0x03, 0x01, 0x22, 0x75,
465 0x36, 0x22, 0x76, 0x36, 0x22, 0x79, 0x36, 0x01, 0x86, 0x03, 0x10, 0x03,
466 0x08, 0x02, 0x02, 0x06, 0x04, 0x01, 0x02, 0x6B, 0x38, 0x02, 0x07, 0x05,
467 0x04, 0x01, 0x28, 0x81, 0x03, 0x3A, 0x21, 0x01, 0x82, 0x01, 0x07, 0x64,
468 0x25, 0x12, 0x22, 0x64, 0x36, 0x45, 0x03, 0x09, 0x60, 0x26, 0x39, 0x12,
469 0x22, 0x60, 0x37, 0x05, 0x04, 0x01, 0x00, 0x03, 0x09, 0x02, 0x01, 0x06,
470 0x03, 0x01, 0x7F, 0x00, 0x6F, 0x01, 0x20, 0x2B, 0x01, 0x20, 0x70, 0x38,
471 0x5D, 0x22, 0x03, 0x05, 0x22, 0x02, 0x04, 0x0A, 0x06, 0x80, 0x47, 0x22,
472 0x25, 0x22, 0x7C, 0x02, 0x09, 0x05, 0x13, 0x22, 0x01, 0x0C, 0x11, 0x22,
473 0x01, 0x01, 0x0E, 0x3B, 0x01, 0x02, 0x0E, 0x30, 0x06, 0x04, 0x4B, 0x01,
474 0x00, 0x22, 0x02, 0x08, 0x05, 0x0E, 0x22, 0x01, 0x81, 0x70, 0x12, 0x01,
475 0x20, 0x0D, 0x06, 0x04, 0x4B, 0x01, 0x00, 0x22, 0x22, 0x06, 0x10, 0x02,
476 0x05, 0x4A, 0x36, 0x02, 0x05, 0x36, 0x02, 0x05, 0x01, 0x04, 0x08, 0x03,
477 0x05, 0x04, 0x01, 0x4B, 0x01, 0x04, 0x08, 0x04, 0xFF, 0x32, 0x21, 0x02,
478 0x05, 0x5D, 0x09, 0x01, 0x02, 0x11, 0x22, 0x05, 0x04, 0x01, 0x28, 0x81,
479 0x03, 0x5E, 0x38, 0x15, 0x05, 0x04, 0x01, 0x28, 0x81, 0x03, 0x01, 0x00,
480 0x00, 0x04, 0x81, 0x12, 0x01, 0x10, 0x0E, 0x05, 0x02, 0x56, 0x23, 0x5A,
481 0x25, 0x81, 0x24, 0x06, 0x19, 0x81, 0x17, 0x22, 0x01, 0x84, 0x00, 0x0F,
482 0x06, 0x02, 0x53, 0x23, 0x22, 0x03, 0x00, 0x67, 0x3B, 0x81, 0x0E, 0x02,
483 0x00, 0x5A, 0x25, 0x81, 0x07, 0x20, 0x5A, 0x25, 0x22, 0x81, 0x22, 0x3B,
484 0x81, 0x21, 0x03, 0x01, 0x03, 0x02, 0x02, 0x01, 0x02, 0x02, 0x30, 0x06,
485 0x17, 0x81, 0x19, 0x22, 0x03, 0x03, 0x67, 0x3B, 0x81, 0x0E, 0x02, 0x03,
486 0x5A, 0x25, 0x81, 0x07, 0x02, 0x02, 0x06, 0x03, 0x1F, 0x04, 0x01, 0x1D,
487 0x7D, 0x00, 0x00, 0x7E, 0x81, 0x12, 0x01, 0x14, 0x0D, 0x06, 0x02, 0x56,
488 0x23, 0x67, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0x81, 0x0E, 0x7D, 0x67, 0x22,
489 0x01, 0x0C, 0x08, 0x01, 0x0C, 0x29, 0x05, 0x02, 0x4D, 0x23, 0x00, 0x02,
490 0x03, 0x00, 0x03, 0x01, 0x02, 0x00, 0x7A, 0x02, 0x01, 0x02, 0x00, 0x32,
491 0x22, 0x01, 0x00, 0x0E, 0x06, 0x02, 0x4B, 0x00, 0x81, 0x27, 0x04, 0x73,
492 0x00, 0x81, 0x17, 0x01, 0x01, 0x0D, 0x06, 0x02, 0x4E, 0x23, 0x81, 0x19,
493 0x22, 0x22, 0x46, 0x3B, 0x01, 0x05, 0x10, 0x30, 0x06, 0x02, 0x4E, 0x23,
494 0x01, 0x08, 0x08, 0x22, 0x66, 0x27, 0x0A, 0x06, 0x0D, 0x22, 0x01, 0x01,
495 0x3B, 0x0B, 0x35, 0x22, 0x66, 0x38, 0x68, 0x38, 0x04, 0x01, 0x21, 0x00,
496 0x00, 0x81, 0x17, 0x6B, 0x27, 0x01, 0x00, 0x31, 0x0E, 0x06, 0x14, 0x21,
497 0x01, 0x01, 0x0E, 0x05, 0x02, 0x51, 0x23, 0x81, 0x19, 0x06, 0x02, 0x51,
498 0x23, 0x01, 0x02, 0x6B, 0x38, 0x04, 0x2A, 0x01, 0x02, 0x31, 0x0E, 0x06,
499 0x21, 0x21, 0x01, 0x0D, 0x0E, 0x05, 0x02, 0x51, 0x23, 0x81, 0x19, 0x01,
500 0x0C, 0x0E, 0x05, 0x02, 0x51, 0x23, 0x67, 0x01, 0x0C, 0x81, 0x0E, 0x6C,
501 0x67, 0x01, 0x0C, 0x29, 0x05, 0x02, 0x51, 0x23, 0x04, 0x03, 0x51, 0x23,
502 0x21, 0x00, 0x00, 0x81, 0x17, 0x81, 0x06, 0x81, 0x17, 0x81, 0x06, 0x22,
503 0x06, 0x22, 0x81, 0x19, 0x06, 0x04, 0x81, 0x14, 0x04, 0x18, 0x81, 0x17,
504 0x22, 0x01, 0x81, 0x7F, 0x0C, 0x06, 0x0D, 0x22, 0x6D, 0x08, 0x01, 0x00,
505 0x3B, 0x38, 0x6D, 0x3B, 0x81, 0x0E, 0x04, 0x02, 0x81, 0x1F, 0x04, 0x5B,
506 0x7D, 0x7D, 0x00, 0x00, 0x81, 0x13, 0x22, 0x46, 0x06, 0x07, 0x21, 0x06,
507 0x02, 0x4F, 0x23, 0x04, 0x73, 0x00, 0x00, 0x81, 0x1A, 0x01, 0x03, 0x81,
508 0x18, 0x3B, 0x21, 0x3B, 0x00, 0x00, 0x81, 0x17, 0x81, 0x1F, 0x00, 0x02,
509 0x81, 0x17, 0x81, 0x06, 0x01, 0x00, 0x64, 0x36, 0x81, 0x17, 0x81, 0x06,
510 0x22, 0x06, 0x34, 0x81, 0x19, 0x03, 0x00, 0x81, 0x19, 0x03, 0x01, 0x02,
511 0x00, 0x01, 0x02, 0x10, 0x02, 0x00, 0x01, 0x06, 0x0C, 0x12, 0x02, 0x01,
512 0x01, 0x01, 0x0E, 0x02, 0x01, 0x01, 0x03, 0x0E, 0x30, 0x12, 0x06, 0x11,
513 0x64, 0x25, 0x01, 0x01, 0x02, 0x01, 0x49, 0x01, 0x02, 0x0B, 0x02, 0x00,
514 0x08, 0x0B, 0x30, 0x64, 0x36, 0x04, 0x49, 0x7D, 0x7D, 0x00, 0x00, 0x81,
515 0x17, 0x81, 0x06, 0x81, 0x17, 0x81, 0x06, 0x01, 0x00, 0x60, 0x37, 0x22,
516 0x06, 0x16, 0x81, 0x17, 0x22, 0x01, 0x20, 0x0A, 0x06, 0x0B, 0x01, 0x01,
517 0x3B, 0x0B, 0x60, 0x26, 0x30, 0x60, 0x37, 0x04, 0x01, 0x21, 0x04, 0x67,
518 0x7D, 0x7D, 0x00, 0x00, 0x01, 0x02, 0x7A, 0x81, 0x1A, 0x01, 0x08, 0x0B,
519 0x81, 0x1A, 0x08, 0x00, 0x00, 0x01, 0x03, 0x7A, 0x81, 0x1A, 0x01, 0x08,
520 0x0B, 0x81, 0x1A, 0x08, 0x01, 0x08, 0x0B, 0x81, 0x1A, 0x08, 0x00, 0x00,
521 0x01, 0x01, 0x7A, 0x81, 0x1A, 0x00, 0x00, 0x33, 0x22, 0x44, 0x05, 0x01,
522 0x00, 0x21, 0x81, 0x27, 0x04, 0x75, 0x02, 0x03, 0x00, 0x74, 0x27, 0x03,
523 0x01, 0x01, 0x00, 0x22, 0x02, 0x01, 0x0A, 0x06, 0x10, 0x22, 0x01, 0x01,
524 0x0B, 0x73, 0x08, 0x25, 0x02, 0x00, 0x0E, 0x06, 0x01, 0x00, 0x48, 0x04,
525 0x6A, 0x21, 0x01, 0x7F, 0x00, 0x00, 0x24, 0x16, 0x2F, 0x06, 0x05, 0x81,
526 0x25, 0x21, 0x04, 0x77, 0x01, 0x16, 0x6A, 0x38, 0x01, 0x00, 0x81, 0x33,
527 0x01, 0x00, 0x81, 0x32, 0x24, 0x01, 0x17, 0x6A, 0x38, 0x00, 0x00, 0x01,
528 0x15, 0x6A, 0x38, 0x3B, 0x43, 0x21, 0x43, 0x21, 0x24, 0x00, 0x00, 0x01,
529 0x01, 0x3B, 0x81, 0x1D, 0x00, 0x00, 0x3B, 0x31, 0x7A, 0x3B, 0x22, 0x06,
530 0x06, 0x81, 0x1A, 0x21, 0x49, 0x04, 0x77, 0x21, 0x00, 0x02, 0x03, 0x00,
531 0x5A, 0x25, 0x7C, 0x03, 0x01, 0x02, 0x01, 0x01, 0x0F, 0x12, 0x02, 0x01,
532 0x01, 0x04, 0x11, 0x01, 0x0F, 0x12, 0x02, 0x01, 0x01, 0x08, 0x11, 0x01,
533 0x0F, 0x12, 0x01, 0x00, 0x31, 0x0E, 0x06, 0x10, 0x21, 0x01, 0x00, 0x01,
534 0x18, 0x02, 0x00, 0x06, 0x03, 0x3E, 0x04, 0x01, 0x3F, 0x04, 0x80, 0x56,
535 0x01, 0x01, 0x31, 0x0E, 0x06, 0x10, 0x21, 0x01, 0x01, 0x01, 0x10, 0x02,
536 0x00, 0x06, 0x03, 0x3E, 0x04, 0x01, 0x3F, 0x04, 0x80, 0x40, 0x01, 0x02,
537 0x31, 0x0E, 0x06, 0x0F, 0x21, 0x01, 0x01, 0x01, 0x20, 0x02, 0x00, 0x06,
538 0x03, 0x3E, 0x04, 0x01, 0x3F, 0x04, 0x2B, 0x01, 0x03, 0x31, 0x0E, 0x06,
539 0x0E, 0x21, 0x21, 0x01, 0x10, 0x02, 0x00, 0x06, 0x03, 0x3C, 0x04, 0x01,
540 0x3D, 0x04, 0x17, 0x01, 0x04, 0x31, 0x0E, 0x06, 0x0E, 0x21, 0x21, 0x01,
541 0x20, 0x02, 0x00, 0x06, 0x03, 0x3C, 0x04, 0x01, 0x3D, 0x04, 0x03, 0x50,
542 0x23, 0x21, 0x00, 0x00, 0x7C, 0x01, 0x0C, 0x11, 0x01, 0x02, 0x0F, 0x00,
543 0x00, 0x7C, 0x01, 0x0C, 0x11, 0x22, 0x47, 0x3B, 0x01, 0x03, 0x0A, 0x12,
544 0x00, 0x00, 0x7C, 0x01, 0x0C, 0x11, 0x01, 0x01, 0x0E, 0x00, 0x00, 0x7C,
545 0x01, 0x0C, 0x11, 0x46, 0x00, 0x00, 0x18, 0x01, 0x00, 0x57, 0x27, 0x22,
546 0x06, 0x20, 0x01, 0x01, 0x31, 0x0E, 0x06, 0x07, 0x21, 0x01, 0x00, 0x81,
547 0x00, 0x04, 0x11, 0x01, 0x02, 0x31, 0x0E, 0x06, 0x0A, 0x21, 0x59, 0x27,
548 0x06, 0x03, 0x01, 0x10, 0x30, 0x04, 0x01, 0x21, 0x04, 0x01, 0x21, 0x5F,
549 0x27, 0x05, 0x35, 0x28, 0x06, 0x32, 0x69, 0x27, 0x01, 0x14, 0x31, 0x0E,
550 0x06, 0x06, 0x21, 0x01, 0x02, 0x30, 0x04, 0x24, 0x01, 0x15, 0x31, 0x0E,
551 0x06, 0x0B, 0x21, 0x81, 0x09, 0x06, 0x04, 0x01, 0x7F, 0x81, 0x00, 0x04,
552 0x13, 0x01, 0x16, 0x31, 0x0E, 0x06, 0x06, 0x21, 0x01, 0x01, 0x30, 0x04,
553 0x07, 0x21, 0x01, 0x04, 0x30, 0x01, 0x00, 0x21, 0x16, 0x06, 0x03, 0x01,
554 0x08, 0x30, 0x00, 0x00, 0x18, 0x22, 0x05, 0x10, 0x28, 0x06, 0x0D, 0x69,
555 0x27, 0x01, 0x15, 0x0E, 0x06, 0x05, 0x21, 0x81, 0x09, 0x04, 0x01, 0x1C,
556 0x00, 0x00, 0x81, 0x25, 0x01, 0x07, 0x12, 0x01, 0x01, 0x0F, 0x06, 0x02,
557 0x56, 0x23, 0x00, 0x01, 0x03, 0x00, 0x24, 0x16, 0x06, 0x05, 0x02, 0x00,
558 0x6A, 0x38, 0x00, 0x81, 0x25, 0x21, 0x04, 0x73, 0x00, 0x01, 0x14, 0x81,
559 0x28, 0x01, 0x01, 0x81, 0x33, 0x24, 0x22, 0x01, 0x00, 0x81, 0x20, 0x01,
560 0x16, 0x81, 0x28, 0x81, 0x2B, 0x24, 0x00, 0x00, 0x01, 0x0B, 0x81, 0x33,
561 0x40, 0x22, 0x01, 0x03, 0x08, 0x81, 0x32, 0x81, 0x32, 0x13, 0x22, 0x44,
562 0x06, 0x02, 0x21, 0x00, 0x81, 0x32, 0x1A, 0x22, 0x06, 0x06, 0x67, 0x3B,
563 0x81, 0x2F, 0x04, 0x76, 0x21, 0x04, 0x6A, 0x00, 0x7E, 0x01, 0x14, 0x81,
564 0x33, 0x01, 0x0C, 0x81, 0x32, 0x67, 0x01, 0x0C, 0x81, 0x2F, 0x00, 0x03,
565 0x03, 0x00, 0x01, 0x02, 0x81, 0x33, 0x01, 0x80, 0x46, 0x6B, 0x27, 0x01,
566 0x02, 0x0E, 0x06, 0x0C, 0x02, 0x00, 0x06, 0x04, 0x01, 0x05, 0x04, 0x02,
567 0x01, 0x1D, 0x04, 0x02, 0x01, 0x00, 0x03, 0x01, 0x68, 0x27, 0x06, 0x04,
568 0x01, 0x05, 0x04, 0x02, 0x01, 0x00, 0x03, 0x02, 0x02, 0x01, 0x02, 0x02,
569 0x08, 0x22, 0x06, 0x03, 0x01, 0x02, 0x08, 0x08, 0x81, 0x32, 0x75, 0x25,
570 0x81, 0x31, 0x6E, 0x01, 0x04, 0x14, 0x6E, 0x01, 0x04, 0x08, 0x01, 0x1C,
571 0x2B, 0x6E, 0x01, 0x20, 0x81, 0x2F, 0x01, 0x20, 0x81, 0x33, 0x6F, 0x01,
572 0x20, 0x81, 0x2F, 0x5A, 0x25, 0x81, 0x31, 0x01, 0x00, 0x81, 0x33, 0x02,
573 0x01, 0x02, 0x02, 0x08, 0x22, 0x06, 0x30, 0x81, 0x31, 0x02, 0x01, 0x22,
574 0x06, 0x13, 0x01, 0x83, 0xFE, 0x01, 0x81, 0x31, 0x01, 0x04, 0x09, 0x22,
575 0x81, 0x31, 0x49, 0x6C, 0x3B, 0x81, 0x30, 0x04, 0x01, 0x21, 0x02, 0x02,
576 0x06, 0x0F, 0x01, 0x01, 0x81, 0x31, 0x01, 0x01, 0x81, 0x31, 0x68, 0x27,
577 0x01, 0x08, 0x09, 0x81, 0x33, 0x04, 0x01, 0x21, 0x00, 0x00, 0x01, 0x0E,
578 0x81, 0x33, 0x01, 0x00, 0x81, 0x32, 0x00, 0x03, 0x5A, 0x25, 0x81, 0x22,
579 0x05, 0x01, 0x00, 0x60, 0x26, 0x01, 0x00, 0x81, 0x02, 0x11, 0x01, 0x01,
580 0x12, 0x46, 0x06, 0x03, 0x48, 0x04, 0x74, 0x03, 0x00, 0x21, 0x02, 0x00,
581 0x1E, 0x22, 0x44, 0x06, 0x02, 0x2E, 0x23, 0x03, 0x01, 0x75, 0x25, 0x01,
582 0x86, 0x03, 0x10, 0x03, 0x02, 0x01, 0x0C, 0x81, 0x33, 0x02, 0x01, 0x62,
583 0x27, 0x08, 0x02, 0x02, 0x01, 0x02, 0x12, 0x08, 0x01, 0x06, 0x08, 0x81,
584 0x32, 0x01, 0x03, 0x81, 0x33, 0x02, 0x00, 0x81, 0x31, 0x61, 0x62, 0x27,
585 0x81, 0x30, 0x02, 0x02, 0x06, 0x10, 0x72, 0x27, 0x81, 0x33, 0x5A, 0x25,
586 0x81, 0x23, 0x01, 0x01, 0x0B, 0x01, 0x03, 0x08, 0x81, 0x33, 0x02, 0x01,
587 0x81, 0x31, 0x67, 0x02, 0x01, 0x81, 0x2F, 0x00, 0x00, 0x42, 0x22, 0x01,
588 0x00, 0x0E, 0x06, 0x02, 0x4B, 0x00, 0x81, 0x25, 0x21, 0x04, 0x72, 0x00,
589 0x22, 0x81, 0x33, 0x81, 0x2F, 0x00, 0x00, 0x22, 0x01, 0x08, 0x41, 0x81,
590 0x33, 0x81, 0x33, 0x00, 0x00, 0x22, 0x01, 0x10, 0x41, 0x81, 0x33, 0x81,
591 0x31, 0x00, 0x00, 0x22, 0x43, 0x06, 0x02, 0x21, 0x00, 0x81, 0x25, 0x21,
592 0x04, 0x75
593 };
594
595 static const uint16_t t0_caddr[] = {
596 0,
597 5,
598 10,
599 15,
600 20,
601 25,
602 30,
603 35,
604 39,
605 43,
606 47,
607 51,
608 55,
609 59,
610 63,
611 67,
612 71,
613 75,
614 79,
615 83,
616 88,
617 93,
618 98,
619 103,
620 108,
621 113,
622 118,
623 123,
624 128,
625 133,
626 138,
627 143,
628 148,
629 153,
630 159,
631 164,
632 169,
633 174,
634 179,
635 184,
636 189,
637 194,
638 199,
639 204,
640 209,
641 214,
642 219,
643 224,
644 229,
645 234,
646 239,
647 244,
648 249,
649 254,
650 259,
651 268,
652 272,
653 297,
654 303,
655 323,
656 334,
657 371,
658 431,
659 435,
660 471,
661 481,
662 557,
663 571,
664 577,
665 637,
666 657,
667 710,
668 1267,
669 1352,
670 1385,
671 1410,
672 1458,
673 1532,
674 1581,
675 1596,
676 1607,
677 1613,
678 1684,
679 1725,
680 1738,
681 1757,
682 1764,
683 1776,
684 1811,
685 1840,
686 1852,
687 1859,
688 1875,
689 2013,
690 2022,
691 2035,
692 2044,
693 2051,
694 2157,
695 2179,
696 2193,
697 2210,
698 2233,
699 2269,
700 2285,
701 2439,
702 2449,
703 2558,
704 2573,
705 2580,
706 2590,
707 2600
708 };
709
710 #define T0_INTERPRETED 68
711
712 #define T0_ENTER(ip, rp, slot) do { \
713 const unsigned char *t0_newip; \
714 uint32_t t0_lnum; \
715 t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \
716 t0_lnum = t0_parse7E_unsigned(&t0_newip); \
717 (rp) += t0_lnum; \
718 *((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \
719 (ip) = t0_newip; \
720 } while (0)
721
722 #define T0_DEFENTRY(name, slot) \
723 void \
724 name(void *ctx) \
725 { \
726 t0_context *t0ctx = ctx; \
727 t0ctx->ip = &t0_codeblock[0]; \
728 T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \
729 }
730
731 T0_DEFENTRY(br_ssl_hs_server_init_main, 133)
732
733 void
734 br_ssl_hs_server_run(void *t0ctx)
735 {
736 uint32_t *dp, *rp;
737 const unsigned char *ip;
738
739 #define T0_LOCAL(x) (*(rp - 2 - (x)))
740 #define T0_POP() (*-- dp)
741 #define T0_POPi() (*(int32_t *)(-- dp))
742 #define T0_PEEK(x) (*(dp - 1 - (x)))
743 #define T0_PEEKi(x) (*(int32_t *)(dp - 1 - (x)))
744 #define T0_PUSH(v) do { *dp = (v); dp ++; } while (0)
745 #define T0_PUSHi(v) do { *(int32_t *)dp = (v); dp ++; } while (0)
746 #define T0_RPOP() (*-- rp)
747 #define T0_RPOPi() (*(int32_t *)(-- rp))
748 #define T0_RPUSH(v) do { *rp = (v); rp ++; } while (0)
749 #define T0_RPUSHi(v) do { *(int32_t *)rp = (v); rp ++; } while (0)
750 #define T0_ROLL(x) do { \
751 size_t t0len = (size_t)(x); \
752 uint32_t t0tmp = *(dp - 1 - t0len); \
753 memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \
754 *(dp - 1) = t0tmp; \
755 } while (0)
756 #define T0_SWAP() do { \
757 uint32_t t0tmp = *(dp - 2); \
758 *(dp - 2) = *(dp - 1); \
759 *(dp - 1) = t0tmp; \
760 } while (0)
761 #define T0_ROT() do { \
762 uint32_t t0tmp = *(dp - 3); \
763 *(dp - 3) = *(dp - 2); \
764 *(dp - 2) = *(dp - 1); \
765 *(dp - 1) = t0tmp; \
766 } while (0)
767 #define T0_NROT() do { \
768 uint32_t t0tmp = *(dp - 1); \
769 *(dp - 1) = *(dp - 2); \
770 *(dp - 2) = *(dp - 3); \
771 *(dp - 3) = t0tmp; \
772 } while (0)
773 #define T0_PICK(x) do { \
774 uint32_t t0depth = (x); \
775 T0_PUSH(T0_PEEK(t0depth)); \
776 } while (0)
777 #define T0_CO() do { \
778 goto t0_exit; \
779 } while (0)
780 #define T0_RET() break
781
782 dp = ((t0_context *)t0ctx)->dp;
783 rp = ((t0_context *)t0ctx)->rp;
784 ip = ((t0_context *)t0ctx)->ip;
785 for (;;) {
786 uint32_t t0x;
787
788 t0x = t0_parse7E_unsigned(&ip);
789 if (t0x < T0_INTERPRETED) {
790 switch (t0x) {
791 int32_t t0off;
792
793 case 0: /* ret */
794 t0x = T0_RPOP();
795 rp -= (t0x >> 16);
796 t0x &= 0xFFFF;
797 if (t0x == 0) {
798 ip = NULL;
799 goto t0_exit;
800 }
801 ip = &t0_codeblock[t0x];
802 break;
803 case 1: /* literal constant */
804 T0_PUSHi(t0_parse7E_signed(&ip));
805 break;
806 case 2: /* read local */
807 T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip)));
808 break;
809 case 3: /* write local */
810 T0_LOCAL(t0_parse7E_unsigned(&ip)) = T0_POP();
811 break;
812 case 4: /* jump */
813 t0off = t0_parse7E_signed(&ip);
814 ip += t0off;
815 break;
816 case 5: /* jump if */
817 t0off = t0_parse7E_signed(&ip);
818 if (T0_POP()) {
819 ip += t0off;
820 }
821 break;
822 case 6: /* jump if not */
823 t0off = t0_parse7E_signed(&ip);
824 if (!T0_POP()) {
825 ip += t0off;
826 }
827 break;
828 case 7: {
829 /* * */
830
831 uint32_t b = T0_POP();
832 uint32_t a = T0_POP();
833 T0_PUSH(a * b);
834
835 }
836 break;
837 case 8: {
838 /* + */
839
840 uint32_t b = T0_POP();
841 uint32_t a = T0_POP();
842 T0_PUSH(a + b);
843
844 }
845 break;
846 case 9: {
847 /* - */
848
849 uint32_t b = T0_POP();
850 uint32_t a = T0_POP();
851 T0_PUSH(a - b);
852
853 }
854 break;
855 case 10: {
856 /* < */
857
858 int32_t b = T0_POPi();
859 int32_t a = T0_POPi();
860 T0_PUSH(-(uint32_t)(a < b));
861
862 }
863 break;
864 case 11: {
865 /* << */
866
867 int c = (int)T0_POPi();
868 uint32_t x = T0_POP();
869 T0_PUSH(x << c);
870
871 }
872 break;
873 case 12: {
874 /* <= */
875
876 int32_t b = T0_POPi();
877 int32_t a = T0_POPi();
878 T0_PUSH(-(uint32_t)(a <= b));
879
880 }
881 break;
882 case 13: {
883 /* <> */
884
885 uint32_t b = T0_POP();
886 uint32_t a = T0_POP();
887 T0_PUSH(-(uint32_t)(a != b));
888
889 }
890 break;
891 case 14: {
892 /* = */
893
894 uint32_t b = T0_POP();
895 uint32_t a = T0_POP();
896 T0_PUSH(-(uint32_t)(a == b));
897
898 }
899 break;
900 case 15: {
901 /* > */
902
903 int32_t b = T0_POPi();
904 int32_t a = T0_POPi();
905 T0_PUSH(-(uint32_t)(a > b));
906
907 }
908 break;
909 case 16: {
910 /* >= */
911
912 int32_t b = T0_POPi();
913 int32_t a = T0_POPi();
914 T0_PUSH(-(uint32_t)(a >= b));
915
916 }
917 break;
918 case 17: {
919 /* >> */
920
921 int c = (int)T0_POPi();
922 int32_t x = T0_POPi();
923 T0_PUSHi(x >> c);
924
925 }
926 break;
927 case 18: {
928 /* and */
929
930 uint32_t b = T0_POP();
931 uint32_t a = T0_POP();
932 T0_PUSH(a & b);
933
934 }
935 break;
936 case 19: {
937 /* begin-cert */
938
939 if (CTX->chain_len == 0) {
940 T0_PUSHi(-1);
941 } else {
942 CTX->cert_cur = CTX->chain->data;
943 CTX->cert_len = CTX->chain->data_len;
944 CTX->chain ++;
945 CTX->chain_len --;
946 T0_PUSH(CTX->cert_len);
947 }
948
949 }
950 break;
951 case 20: {
952 /* bzero */
953
954 size_t len = (size_t)T0_POP();
955 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
956 memset(addr, 0, len);
957
958 }
959 break;
960 case 21: {
961 /* call-policy-handler */
962
963 int x;
964 br_ssl_server_choices choices;
965
966 x = (*CTX->policy_vtable)->choose(
967 CTX->policy_vtable, CTX, &choices);
968 ENG->session.cipher_suite = choices.cipher_suite;
969 CTX->sign_hash_id = choices.hash_id;
970 CTX->chain = choices.chain;
971 CTX->chain_len = choices.chain_len;
972 T0_PUSHi(-(x != 0));
973
974 }
975 break;
976 case 22: {
977 /* can-output? */
978
979 T0_PUSHi(-(ENG->hlen_out > 0));
980
981 }
982 break;
983 case 23: {
984 /* check-resume */
985
986 if (ENG->session.session_id_len == 32
987 && CTX->cache_vtable != NULL && (*CTX->cache_vtable)->load(
988 CTX->cache_vtable, CTX, &ENG->session))
989 {
990 T0_PUSHi(-1);
991 } else {
992 T0_PUSH(0);
993 }
994
995 }
996 break;
997 case 24: {
998 /* co */
999 T0_CO();
1000 }
1001 break;
1002 case 25: {
1003 /* compute-Finished-inner */
1004
1005 int prf_id = T0_POP();
1006 int from_client = T0_POPi();
1007 unsigned char seed[48];
1008 size_t seed_len;
1009
1010 br_tls_prf_impl prf = br_ssl_engine_get_PRF(ENG, prf_id);
1011 if (ENG->session.version >= BR_TLS12) {
1012 seed_len = br_multihash_out(&ENG->mhash, prf_id, seed);
1013 } else {
1014 br_multihash_out(&ENG->mhash, br_md5_ID, seed);
1015 br_multihash_out(&ENG->mhash, br_sha1_ID, seed + 16);
1016 seed_len = 36;
1017 }
1018 prf(ENG->pad, 12, ENG->session.master_secret,
1019 sizeof ENG->session.master_secret,
1020 from_client ? "client finished" : "server finished",
1021 seed, seed_len);
1022
1023 }
1024 break;
1025 case 26: {
1026 /* copy-cert-chunk */
1027
1028 size_t clen;
1029
1030 clen = CTX->cert_len;
1031 if (clen > sizeof ENG->pad) {
1032 clen = sizeof ENG->pad;
1033 }
1034 memcpy(ENG->pad, CTX->cert_cur, clen);
1035 CTX->cert_cur += clen;
1036 CTX->cert_len -= clen;
1037 T0_PUSH(clen);
1038
1039 }
1040 break;
1041 case 27: {
1042 /* data-get8 */
1043
1044 size_t addr = T0_POP();
1045 T0_PUSH(t0_datablock[addr]);
1046
1047 }
1048 break;
1049 case 28: {
1050 /* discard-input */
1051
1052 ENG->hlen_in = 0;
1053
1054 }
1055 break;
1056 case 29: {
1057 /* do-ecdh */
1058
1059 int prf_id = T0_POPi();
1060 size_t len = T0_POP();
1061 do_ecdh(CTX, prf_id, ENG->pad, len);
1062
1063 }
1064 break;
1065 case 30: {
1066 /* do-ecdhe-part1 */
1067
1068 int curve = T0_POPi();
1069 T0_PUSHi(do_ecdhe_part1(CTX, curve));
1070
1071 }
1072 break;
1073 case 31: {
1074 /* do-ecdhe-part2 */
1075
1076 int prf_id = T0_POPi();
1077 size_t len = T0_POP();
1078 do_ecdhe_part2(CTX, prf_id, ENG->pad, len);
1079
1080 }
1081 break;
1082 case 32: {
1083 /* do-rsa-decrypt */
1084
1085 int prf_id = T0_POPi();
1086 size_t len = T0_POP();
1087 do_rsa_decrypt(CTX, prf_id, ENG->pad, len);
1088
1089 }
1090 break;
1091 case 33: {
1092 /* drop */
1093 (void)T0_POP();
1094 }
1095 break;
1096 case 34: {
1097 /* dup */
1098 T0_PUSH(T0_PEEK(0));
1099 }
1100 break;
1101 case 35: {
1102 /* fail */
1103
1104 br_ssl_engine_fail(ENG, (int)T0_POPi());
1105 T0_CO();
1106
1107 }
1108 break;
1109 case 36: {
1110 /* flush-record */
1111
1112 br_ssl_engine_flush_record(ENG);
1113
1114 }
1115 break;
1116 case 37: {
1117 /* get16 */
1118
1119 size_t addr = (size_t)T0_POP();
1120 T0_PUSH(*(uint16_t *)((unsigned char *)ENG + addr));
1121
1122 }
1123 break;
1124 case 38: {
1125 /* get32 */
1126
1127 size_t addr = (size_t)T0_POP();
1128 T0_PUSH(*(uint32_t *)((unsigned char *)ENG + addr));
1129
1130 }
1131 break;
1132 case 39: {
1133 /* get8 */
1134
1135 size_t addr = (size_t)T0_POP();
1136 T0_PUSH(*((unsigned char *)ENG + addr));
1137
1138 }
1139 break;
1140 case 40: {
1141 /* has-input? */
1142
1143 T0_PUSHi(-(ENG->hlen_in != 0));
1144
1145 }
1146 break;
1147 case 41: {
1148 /* memcmp */
1149
1150 size_t len = (size_t)T0_POP();
1151 void *addr2 = (unsigned char *)ENG + (size_t)T0_POP();
1152 void *addr1 = (unsigned char *)ENG + (size_t)T0_POP();
1153 int x = memcmp(addr1, addr2, len);
1154 T0_PUSH((uint32_t)-(x == 0));
1155
1156 }
1157 break;
1158 case 42: {
1159 /* memcpy */
1160
1161 size_t len = (size_t)T0_POP();
1162 void *src = (unsigned char *)ENG + (size_t)T0_POP();
1163 void *dst = (unsigned char *)ENG + (size_t)T0_POP();
1164 memcpy(dst, src, len);
1165
1166 }
1167 break;
1168 case 43: {
1169 /* mkrand */
1170
1171 size_t len = (size_t)T0_POP();
1172 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
1173 br_hmac_drbg_generate(&ENG->rng, addr, len);
1174
1175 }
1176 break;
1177 case 44: {
1178 /* more-incoming-bytes? */
1179
1180 T0_PUSHi(ENG->hlen_in != 0 || !br_ssl_engine_recvrec_finished(ENG));
1181
1182 }
1183 break;
1184 case 45: {
1185 /* multihash-init */
1186
1187 br_multihash_init(&ENG->mhash);
1188
1189 }
1190 break;
1191 case 46: {
1192 /* neg */
1193
1194 uint32_t a = T0_POP();
1195 T0_PUSH(-a);
1196
1197 }
1198 break;
1199 case 47: {
1200 /* not */
1201
1202 uint32_t a = T0_POP();
1203 T0_PUSH(~a);
1204
1205 }
1206 break;
1207 case 48: {
1208 /* or */
1209
1210 uint32_t b = T0_POP();
1211 uint32_t a = T0_POP();
1212 T0_PUSH(a | b);
1213
1214 }
1215 break;
1216 case 49: {
1217 /* over */
1218 T0_PUSH(T0_PEEK(1));
1219 }
1220 break;
1221 case 50: {
1222 /* read-chunk-native */
1223
1224 size_t clen = ENG->hlen_in;
1225 if (clen > 0) {
1226 uint32_t addr, len;
1227
1228 len = T0_POP();
1229 addr = T0_POP();
1230 if ((size_t)len < clen) {
1231 clen = (size_t)len;
1232 }
1233 memcpy((unsigned char *)ENG + addr, ENG->hbuf_in, clen);
1234 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1235 br_multihash_update(&ENG->mhash, ENG->hbuf_in, clen);
1236 }
1237 T0_PUSH(addr + (uint32_t)clen);
1238 T0_PUSH(len - (uint32_t)clen);
1239 ENG->hbuf_in += clen;
1240 ENG->hlen_in -= clen;
1241 }
1242
1243 }
1244 break;
1245 case 51: {
1246 /* read8-native */
1247
1248 if (ENG->hlen_in > 0) {
1249 unsigned char x;
1250
1251 x = *ENG->hbuf_in ++;
1252 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1253 br_multihash_update(&ENG->mhash, &x, 1);
1254 }
1255 T0_PUSH(x);
1256 ENG->hlen_in --;
1257 } else {
1258 T0_PUSHi(-1);
1259 }
1260
1261 }
1262 break;
1263 case 52: {
1264 /* save-session */
1265
1266 if (CTX->cache_vtable != NULL) {
1267 (*CTX->cache_vtable)->save(
1268 CTX->cache_vtable, CTX, &ENG->session);
1269 }
1270
1271 }
1272 break;
1273 case 53: {
1274 /* set-max-frag-len */
1275
1276 size_t max_frag_len = T0_POP();
1277
1278 br_ssl_engine_new_max_frag_len(ENG, max_frag_len);
1279
1280 /*
1281 * We must adjust our own output limit. Since we call this only
1282 * after receiving a ClientHello and before beginning to send
1283 * the ServerHello, the next output record should be empty at
1284 * that point, so we can use max_frag_len as a limit.
1285 */
1286 if (ENG->hlen_out > max_frag_len) {
1287 ENG->hlen_out = max_frag_len;
1288 }
1289
1290 }
1291 break;
1292 case 54: {
1293 /* set16 */
1294
1295 size_t addr = (size_t)T0_POP();
1296 *(uint16_t *)((unsigned char *)ENG + addr) = (uint16_t)T0_POP();
1297
1298 }
1299 break;
1300 case 55: {
1301 /* set32 */
1302
1303 size_t addr = (size_t)T0_POP();
1304 *(uint32_t *)((unsigned char *)ENG + addr) = (uint32_t)T0_POP();
1305
1306 }
1307 break;
1308 case 56: {
1309 /* set8 */
1310
1311 size_t addr = (size_t)T0_POP();
1312 *((unsigned char *)ENG + addr) = (unsigned char)T0_POP();
1313
1314 }
1315 break;
1316 case 57: {
1317 /* supported-curves */
1318
1319 uint32_t x = ENG->iec == NULL ? 0 : ENG->iec->supported_curves;
1320 T0_PUSH(x);
1321
1322 }
1323 break;
1324 case 58: {
1325 /* supported-hash-functions */
1326
1327 int i;
1328 unsigned x, num;
1329
1330 x = 0;
1331 num = 0;
1332 for (i = br_sha1_ID; i <= br_sha512_ID; i ++) {
1333 if (br_multihash_getimpl(&ENG->mhash, i)) {
1334 x |= 1U << i;
1335 num ++;
1336 }
1337 }
1338 T0_PUSH(x);
1339 T0_PUSH(num);
1340
1341 }
1342 break;
1343 case 59: {
1344 /* swap */
1345 T0_SWAP();
1346 }
1347 break;
1348 case 60: {
1349 /* switch-aesgcm-in */
1350
1351 int is_client, prf_id;
1352 unsigned cipher_key_len;
1353
1354 cipher_key_len = T0_POP();
1355 prf_id = T0_POP();
1356 is_client = T0_POP();
1357 br_ssl_engine_switch_gcm_in(ENG, is_client, prf_id,
1358 ENG->iaes_ctr, cipher_key_len);
1359
1360 }
1361 break;
1362 case 61: {
1363 /* switch-aesgcm-out */
1364
1365 int is_client, prf_id;
1366 unsigned cipher_key_len;
1367
1368 cipher_key_len = T0_POP();
1369 prf_id = T0_POP();
1370 is_client = T0_POP();
1371 br_ssl_engine_switch_gcm_out(ENG, is_client, prf_id,
1372 ENG->iaes_ctr, cipher_key_len);
1373
1374 }
1375 break;
1376 case 62: {
1377 /* switch-cbc-in */
1378
1379 int is_client, prf_id, mac_id, aes;
1380 unsigned cipher_key_len;
1381
1382 cipher_key_len = T0_POP();
1383 aes = T0_POP();
1384 mac_id = T0_POP();
1385 prf_id = T0_POP();
1386 is_client = T0_POP();
1387 br_ssl_engine_switch_cbc_in(ENG, is_client, prf_id, mac_id,
1388 aes ? ENG->iaes_cbcdec : ENG->ides_cbcdec, cipher_key_len);
1389
1390 }
1391 break;
1392 case 63: {
1393 /* switch-cbc-out */
1394
1395 int is_client, prf_id, mac_id, aes;
1396 unsigned cipher_key_len;
1397
1398 cipher_key_len = T0_POP();
1399 aes = T0_POP();
1400 mac_id = T0_POP();
1401 prf_id = T0_POP();
1402 is_client = T0_POP();
1403 br_ssl_engine_switch_cbc_out(ENG, is_client, prf_id, mac_id,
1404 aes ? ENG->iaes_cbcenc : ENG->ides_cbcenc, cipher_key_len);
1405
1406 }
1407 break;
1408 case 64: {
1409 /* total-chain-length */
1410
1411 size_t u;
1412 uint32_t total;
1413
1414 total = 0;
1415 for (u = 0; u < CTX->chain_len; u ++) {
1416 total += 3 + (uint32_t)CTX->chain[u].data_len;
1417 }
1418 T0_PUSH(total);
1419
1420 }
1421 break;
1422 case 65: {
1423 /* u>> */
1424
1425 int c = (int)T0_POPi();
1426 uint32_t x = T0_POP();
1427 T0_PUSH(x >> c);
1428
1429 }
1430 break;
1431 case 66: {
1432 /* write-blob-chunk */
1433
1434 size_t clen = ENG->hlen_out;
1435 if (clen > 0) {
1436 uint32_t addr, len;
1437
1438 len = T0_POP();
1439 addr = T0_POP();
1440 if ((size_t)len < clen) {
1441 clen = (size_t)len;
1442 }
1443 memcpy(ENG->hbuf_out, (unsigned char *)ENG + addr, clen);
1444 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1445 br_multihash_update(&ENG->mhash, ENG->hbuf_out, clen);
1446 }
1447 T0_PUSH(addr + (uint32_t)clen);
1448 T0_PUSH(len - (uint32_t)clen);
1449 ENG->hbuf_out += clen;
1450 ENG->hlen_out -= clen;
1451 }
1452
1453 }
1454 break;
1455 case 67: {
1456 /* write8-native */
1457
1458 unsigned char x;
1459
1460 x = (unsigned char)T0_POP();
1461 if (ENG->hlen_out > 0) {
1462 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1463 br_multihash_update(&ENG->mhash, &x, 1);
1464 }
1465 *ENG->hbuf_out ++ = x;
1466 ENG->hlen_out --;
1467 T0_PUSHi(-1);
1468 } else {
1469 T0_PUSHi(0);
1470 }
1471
1472 }
1473 break;
1474 }
1475
1476 } else {
1477 T0_ENTER(ip, rp, t0x);
1478 }
1479 }
1480 t0_exit:
1481 ((t0_context *)t0ctx)->dp = dp;
1482 ((t0_context *)t0ctx)->rp = rp;
1483 ((t0_context *)t0ctx)->ip = ip;
1484 }
The BearSSL library and tools.