projects / BearSSL / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Fixed scheduling error (jumping back to failed engine, could lead to segfault).
[BearSSL] / src / ssl / ssl_hs_server.c
1 /* Automatically generated code; do not modify directly. */
2
3 #include <stddef.h>
4 #include <stdint.h>
5
6 typedef struct {
7 uint32_t *dp;
8 uint32_t *rp;
9 const unsigned char *ip;
10 } t0_context;
11
12 static uint32_t
13 t0_parse7E_unsigned(const unsigned char **p)
14 {
15 uint32_t x;
16
17 x = 0;
18 for (;;) {
19 unsigned y;
20
21 y = *(*p) ++;
22 x = (x << 7) | (uint32_t)(y & 0x7F);
23 if (y < 0x80) {
24 return x;
25 }
26 }
27 }
28
29 static int32_t
30 t0_parse7E_signed(const unsigned char **p)
31 {
32 int neg;
33 uint32_t x;
34
35 neg = ((**p) >> 6) & 1;
36 x = (uint32_t)-neg;
37 for (;;) {
38 unsigned y;
39
40 y = *(*p) ++;
41 x = (x << 7) | (uint32_t)(y & 0x7F);
42 if (y < 0x80) {
43 if (neg) {
44 return -(int32_t)~x - 1;
45 } else {
46 return (int32_t)x;
47 }
48 }
49 }
50 }
51
52 #define T0_VBYTE(x, n) (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) | 0x80)
53 #define T0_FBYTE(x, n) (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)
54 #define T0_SBYTE(x) (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)
55 #define T0_INT1(x) T0_FBYTE(x, 0)
56 #define T0_INT2(x) T0_VBYTE(x, 7), T0_FBYTE(x, 0)
57 #define T0_INT3(x) T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
58 #define T0_INT4(x) T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
59 #define T0_INT5(x) T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
60
61 static const uint8_t t0_datablock[];
62
63
64 void br_ssl_hs_server_init_main(void *t0ctx);
65
66 void br_ssl_hs_server_run(void *t0ctx);
67
68
69
70 #include <stddef.h>
71 #include <string.h>
72
73 #include "inner.h"
74
75 /*
76 * This macro evaluates to a pointer to the current engine context.
77 */
78 #define ENG ((br_ssl_engine_context *)((unsigned char *)t0ctx - offsetof(br_ssl_engine_context, cpu)))
79
80
81
82
83
84 /*
85 * This macro evaluates to a pointer to the server context, under that
86 * specific name. It must be noted that since the engine context is the
87 * first field of the br_ssl_server_context structure ('eng'), then
88 * pointers values of both types are interchangeable, modulo an
89 * appropriate cast. This also means that "adresses" computed as offsets
90 * within the structure work for both kinds of context.
91 */
92 #define CTX ((br_ssl_server_context *)ENG)
93
94 /*
95 * Decrypt the pre-master secret (RSA key exchange).
96 */
97 static void
98 do_rsa_decrypt(br_ssl_server_context *ctx, int prf_id,
99 unsigned char *epms, size_t len)
100 {
101 uint32_t x;
102 unsigned char rpms[48];
103
104 /*
105 * Decrypt the PMS.
106 */
107 x = (*ctx->policy_vtable)->do_keyx(ctx->policy_vtable, epms, len);
108
109 /*
110 * Set the first two bytes to the maximum supported client
111 * protocol version. These bytes are used for version rollback
112 * detection; forceing the two bytes will make the master secret
113 * wrong if the bytes are not correct. This process is
114 * recommended by RFC 5246 (section 7.4.7.1).
115 */
116 br_enc16be(epms, ctx->client_max_version);
117
118 /*
119 * Make a random PMS and copy it above the decrypted value if the
120 * decryption failed. Note that we use a constant-time conditional
121 * copy.
122 */
123 br_hmac_drbg_generate(&ctx->eng.rng, rpms, sizeof rpms);
124 br_ccopy(x ^ 1, epms, rpms, sizeof rpms);
125
126 /*
127 * Compute master secret.
128 */
129 br_ssl_engine_compute_master(&ctx->eng, prf_id, epms, 48);
130
131 /*
132 * Clear the pre-master secret from RAM: it is normally a buffer
133 * in the context, hence potentially long-lived.
134 */
135 memset(epms, 0, len);
136 }
137
138 /*
139 * Common part for ECDH and ECDHE.
140 */
141 static void
142 ecdh_common(br_ssl_server_context *ctx, int prf_id,
143 unsigned char *cpoint, size_t cpoint_len, uint32_t ctl)
144 {
145 unsigned char rpms[80];
146 size_t pms_len;
147
148 /*
149 * The point length is supposed to be 1+2*Xlen, where Xlen is
150 * the length (in bytes) of the X coordinate, i.e. the pre-master
151 * secret. If the provided point is too large, then it is
152 * obviously incorrect (i.e. everybody can see that it is
153 * incorrect), so leaking that fact is not a problem.
154 */
155 pms_len = cpoint_len >> 1;
156 if (pms_len > sizeof rpms) {
157 pms_len = sizeof rpms;
158 ctl = 0;
159 }
160
161 /*
162 * Make a random PMS and copy it above the decrypted value if the
163 * decryption failed. Note that we use a constant-time conditional
164 * copy.
165 */
166 br_hmac_drbg_generate(&ctx->eng.rng, rpms, pms_len);
167 br_ccopy(ctl ^ 1, cpoint + 1, rpms, pms_len);
168
169 /*
170 * Compute master secret.
171 */
172 br_ssl_engine_compute_master(&ctx->eng, prf_id, cpoint + 1, pms_len);
173
174 /*
175 * Clear the pre-master secret from RAM: it is normally a buffer
176 * in the context, hence potentially long-lived.
177 */
178 memset(cpoint, 0, cpoint_len);
179 }
180
181 /*
182 * Do the ECDH key exchange (not ECDHE).
183 */
184 static void
185 do_ecdh(br_ssl_server_context *ctx, int prf_id,
186 unsigned char *cpoint, size_t cpoint_len)
187 {
188 uint32_t x;
189
190 /*
191 * Finalise the key exchange.
192 */
193 x = (*ctx->policy_vtable)->do_keyx(ctx->policy_vtable,
194 cpoint, cpoint_len);
195 ecdh_common(ctx, prf_id, cpoint, cpoint_len, x);
196 }
197
198 /*
199 * Do the full static ECDH key exchange. When this function is called,
200 * it has already been verified that the cipher suite uses ECDH (not ECDHE),
201 * and the client's public key (from its certificate) has type EC and is
202 * apt for key exchange.
203 */
204 static void
205 do_static_ecdh(br_ssl_server_context *ctx, int prf_id)
206 {
207 unsigned char cpoint[133];
208 size_t cpoint_len;
209 const br_x509_class **xc;
210 const br_x509_pkey *pk;
211
212 xc = ctx->eng.x509ctx;
213 pk = (*xc)->get_pkey(xc, NULL);
214 cpoint_len = pk->key.ec.qlen;
215 if (cpoint_len > sizeof cpoint) {
216 /*
217 * If the point is larger than our buffer then we need to
218 * restrict it. Length 2 is not a valid point length, so
219 * the ECDH will fail.
220 */
221 cpoint_len = 2;
222 }
223 memcpy(cpoint, pk->key.ec.q, cpoint_len);
224 do_ecdh(ctx, prf_id, cpoint, cpoint_len);
225 }
226
227 /*
228 * Do the ECDHE key exchange (part 1: generation of transient key, and
229 * computing of the point to send to the client). Returned value is the
230 * signature length (in bytes), or -x on error (with x being an error
231 * code). The encoded point is written in the ecdhe_point[] context buffer
232 * (length in ecdhe_point_len).
233 */
234 static int
235 do_ecdhe_part1(br_ssl_server_context *ctx, int curve)
236 {
237 int hash;
238 unsigned mask;
239 const unsigned char *order, *generator;
240 size_t olen, glen;
241 br_multihash_context mhc;
242 unsigned char head[4];
243 size_t hv_len, sig_len;
244
245 if (!((ctx->eng.iec->supported_curves >> curve) & 1)) {
246 return -BR_ERR_INVALID_ALGORITHM;
247 }
248 ctx->eng.ecdhe_curve = curve;
249
250 /*
251 * Generate our private key. We need a non-zero random value
252 * which is lower than the curve order, in a "large enough"
253 * range. We force the top bit to 0 and bottom bit to 1, which
254 * does the trick. Note that contrary to what happens in ECDSA,
255 * this is not a problem if we do not cover the full range of
256 * possible values.
257 */
258 order = ctx->eng.iec->order(curve, &olen);
259 mask = 0xFF;
260 while (mask >= order[0]) {
261 mask >>= 1;
262 }
263 br_hmac_drbg_generate(&ctx->eng.rng, ctx->ecdhe_key, olen);
264 ctx->ecdhe_key[0] &= mask;
265 ctx->ecdhe_key[olen - 1] |= 0x01;
266 ctx->ecdhe_key_len = olen;
267
268 /*
269 * Compute our ECDH point.
270 */
271 generator = ctx->eng.iec->generator(curve, &glen);
272 memcpy(ctx->eng.ecdhe_point, generator, glen);
273 ctx->eng.ecdhe_point_len = glen;
274 if (!ctx->eng.iec->mul(ctx->eng.ecdhe_point, glen,
275 ctx->ecdhe_key, olen, curve))
276 {
277 return -BR_ERR_INVALID_ALGORITHM;
278 }
279
280 /*
281 * Compute the signature.
282 */
283 br_multihash_zero(&mhc);
284 br_multihash_copyimpl(&mhc, &ctx->eng.mhash);
285 br_multihash_init(&mhc);
286 br_multihash_update(&mhc,
287 ctx->eng.client_random, sizeof ctx->eng.client_random);
288 br_multihash_update(&mhc,
289 ctx->eng.server_random, sizeof ctx->eng.server_random);
290 head[0] = 3;
291 head[1] = 0;
292 head[2] = curve;
293 head[3] = ctx->eng.ecdhe_point_len;
294 br_multihash_update(&mhc, head, sizeof head);
295 br_multihash_update(&mhc,
296 ctx->eng.ecdhe_point, ctx->eng.ecdhe_point_len);
297 hash = ctx->sign_hash_id;
298 if (hash) {
299 hv_len = br_multihash_out(&mhc, hash, ctx->eng.pad);
300 if (hv_len == 0) {
301 return -BR_ERR_INVALID_ALGORITHM;
302 }
303 } else {
304 if (!br_multihash_out(&mhc, br_md5_ID, ctx->eng.pad)
305 || !br_multihash_out(&mhc,
306 br_sha1_ID, ctx->eng.pad + 16))
307 {
308 return -BR_ERR_INVALID_ALGORITHM;
309 }
310 hv_len = 36;
311 }
312 sig_len = (*ctx->policy_vtable)->do_sign(ctx->policy_vtable,
313 hash, hv_len, ctx->eng.pad, sizeof ctx->eng.pad);
314 return sig_len ? (int)sig_len : -BR_ERR_INVALID_ALGORITHM;
315 }
316
317 /*
318 * Do the ECDHE key exchange (part 2: computation of the shared secret
319 * from the point sent by the client).
320 */
321 static void
322 do_ecdhe_part2(br_ssl_server_context *ctx, int prf_id,
323 unsigned char *cpoint, size_t cpoint_len)
324 {
325 int curve;
326 uint32_t x;
327
328 curve = ctx->eng.ecdhe_curve;
329
330 /*
331 * Finalise the key exchange.
332 */
333 x = ctx->eng.iec->mul(cpoint, cpoint_len,
334 ctx->ecdhe_key, ctx->ecdhe_key_len, curve);
335 ecdh_common(ctx, prf_id, cpoint, cpoint_len, x);
336
337 /*
338 * Clear the ECDHE private key. Forward Secrecy is achieved insofar
339 * as that key does not get stolen, so we'd better destroy it
340 * as soon as it ceases to be useful.
341 */
342 memset(ctx->ecdhe_key, 0, ctx->ecdhe_key_len);
343 }
344
345 /*
346 * Offset for hash value within the pad (when obtaining all hash values,
347 * in preparation for verification of the CertificateVerify message).
348 * Order is MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512; last value
349 * is used to get the total length.
350 */
351 static const unsigned char HASH_PAD_OFF[] = { 0, 16, 36, 64, 96, 144, 208 };
352
353 /*
354 * OID for hash functions in RSA signatures.
355 */
356 static const unsigned char HASH_OID_SHA1[] = {
357 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A
358 };
359
360 static const unsigned char HASH_OID_SHA224[] = {
361 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04
362 };
363
364 static const unsigned char HASH_OID_SHA256[] = {
365 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01
366 };
367
368 static const unsigned char HASH_OID_SHA384[] = {
369 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02
370 };
371
372 static const unsigned char HASH_OID_SHA512[] = {
373 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03
374 };
375
376 static const unsigned char *HASH_OID[] = {
377 HASH_OID_SHA1,
378 HASH_OID_SHA224,
379 HASH_OID_SHA256,
380 HASH_OID_SHA384,
381 HASH_OID_SHA512
382 };
383
384 /*
385 * Verify the signature in CertificateVerify. Returned value is 0 on
386 * success, or a non-zero error code. Lack of implementation of the
387 * designated signature algorithm is reported as a "bad signature"
388 * error (because it means that the peer did not honour our advertised
389 * set of supported signature algorithms).
390 */
391 static int
392 verify_CV_sig(br_ssl_server_context *ctx, size_t sig_len)
393 {
394 const br_x509_class **xc;
395 const br_x509_pkey *pk;
396 int id;
397
398 id = ctx->hash_CV_id;
399 xc = ctx->eng.x509ctx;
400 pk = (*xc)->get_pkey(xc, NULL);
401 if (pk->key_type == BR_KEYTYPE_RSA) {
402 unsigned char tmp[64];
403 const unsigned char *hash_oid;
404
405 if (id == 0) {
406 hash_oid = NULL;
407 } else {
408 hash_oid = HASH_OID[id - 2];
409 }
410 if (ctx->eng.irsavrfy == 0) {
411 return BR_ERR_BAD_SIGNATURE;
412 }
413 if (!ctx->eng.irsavrfy(ctx->eng.pad, sig_len,
414 hash_oid, ctx->hash_CV_len, &pk->key.rsa, tmp)
415 || memcmp(tmp, ctx->hash_CV, ctx->hash_CV_len) != 0)
416 {
417 return BR_ERR_BAD_SIGNATURE;
418 }
419 } else {
420 if (ctx->eng.iecdsa == 0) {
421 return BR_ERR_BAD_SIGNATURE;
422 }
423 if (!ctx->eng.iecdsa(ctx->eng.iec,
424 ctx->hash_CV, ctx->hash_CV_len,
425 &pk->key.ec, ctx->eng.pad, sig_len))
426 {
427 return BR_ERR_BAD_SIGNATURE;
428 }
429 }
430 return 0;
431 }
432
433
434
435 static const uint8_t t0_datablock[] = {
436 0x00, 0x00, 0x0A, 0x00, 0x24, 0x00, 0x2F, 0x01, 0x24, 0x00, 0x35, 0x02,
437 0x24, 0x00, 0x3C, 0x01, 0x44, 0x00, 0x3D, 0x02, 0x44, 0x00, 0x9C, 0x03,
438 0x04, 0x00, 0x9D, 0x04, 0x05, 0xC0, 0x03, 0x40, 0x24, 0xC0, 0x04, 0x41,
439 0x24, 0xC0, 0x05, 0x42, 0x24, 0xC0, 0x08, 0x20, 0x24, 0xC0, 0x09, 0x21,
440 0x24, 0xC0, 0x0A, 0x22, 0x24, 0xC0, 0x0D, 0x30, 0x24, 0xC0, 0x0E, 0x31,
441 0x24, 0xC0, 0x0F, 0x32, 0x24, 0xC0, 0x12, 0x10, 0x24, 0xC0, 0x13, 0x11,
442 0x24, 0xC0, 0x14, 0x12, 0x24, 0xC0, 0x23, 0x21, 0x44, 0xC0, 0x24, 0x22,
443 0x55, 0xC0, 0x25, 0x41, 0x44, 0xC0, 0x26, 0x42, 0x55, 0xC0, 0x27, 0x11,
444 0x44, 0xC0, 0x28, 0x12, 0x55, 0xC0, 0x29, 0x31, 0x44, 0xC0, 0x2A, 0x32,
445 0x55, 0xC0, 0x2B, 0x23, 0x04, 0xC0, 0x2C, 0x24, 0x05, 0xC0, 0x2D, 0x43,
446 0x04, 0xC0, 0x2E, 0x44, 0x05, 0xC0, 0x2F, 0x13, 0x04, 0xC0, 0x30, 0x14,
447 0x05, 0xC0, 0x31, 0x33, 0x04, 0xC0, 0x32, 0x34, 0x05, 0xCC, 0xA8, 0x15,
448 0x04, 0xCC, 0xA9, 0x25, 0x04, 0x00, 0x00
449 };
450
451 static const uint8_t t0_codeblock[] = {
452 0x00, 0x01, 0x00, 0x0B, 0x00, 0x00, 0x01, 0x00, 0x0E, 0x00, 0x00, 0x01,
453 0x00, 0x0F, 0x00, 0x00, 0x01, 0x00, 0x10, 0x00, 0x00, 0x01, 0x01, 0x08,
454 0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x02, 0x08, 0x00, 0x00,
455 0x28, 0x28, 0x00, 0x00, 0x01, T0_INT1(BR_ERR_BAD_CCS), 0x00, 0x00,
456 0x01, T0_INT1(BR_ERR_BAD_FINISHED), 0x00, 0x00, 0x01,
457 T0_INT1(BR_ERR_BAD_FRAGLEN), 0x00, 0x00, 0x01,
458 T0_INT1(BR_ERR_BAD_HANDSHAKE), 0x00, 0x00, 0x01,
459 T0_INT1(BR_ERR_BAD_PARAM), 0x00, 0x00, 0x01,
460 T0_INT1(BR_ERR_BAD_SECRENEG), 0x00, 0x00, 0x01,
461 T0_INT1(BR_ERR_BAD_SIGNATURE), 0x00, 0x00, 0x01,
462 T0_INT1(BR_ERR_BAD_VERSION), 0x00, 0x00, 0x01,
463 T0_INT1(BR_ERR_INVALID_ALGORITHM), 0x00, 0x00, 0x01,
464 T0_INT1(BR_ERR_LIMIT_EXCEEDED), 0x00, 0x00, 0x01,
465 T0_INT1(BR_ERR_NO_CLIENT_AUTH), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OK),
466 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OVERSIZED_ID), 0x00, 0x00, 0x01,
467 T0_INT1(BR_ERR_UNEXPECTED), 0x00, 0x00, 0x01,
468 T0_INT1(BR_ERR_WRONG_KEY_USAGE), 0x00, 0x00, 0x01,
469 T0_INT2(offsetof(br_ssl_engine_context, action)), 0x00, 0x00, 0x01,
470 T0_INT2(offsetof(br_ssl_engine_context, alert)), 0x00, 0x00, 0x01,
471 T0_INT2(offsetof(br_ssl_engine_context, application_data)), 0x00, 0x00,
472 0x01,
473 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, cipher_suite)),
474 0x00, 0x00, 0x01,
475 T0_INT2(offsetof(br_ssl_server_context, client_max_version)), 0x00,
476 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, client_random)),
477 0x00, 0x00, 0x01,
478 T0_INT2(offsetof(br_ssl_server_context, client_suites)), 0x00, 0x00,
479 0x01, T0_INT2(offsetof(br_ssl_server_context, client_suites_num)),
480 0x00, 0x00, 0x01,
481 T0_INT2(offsetof(br_ssl_engine_context, close_received)), 0x00, 0x00,
482 0x01, T0_INT2(offsetof(br_ssl_server_context, curves)), 0x00, 0x00,
483 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point)), 0x00,
484 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point_len)),
485 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, flags)),
486 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_server_context, hashes)),
487 0x00, 0x00, 0x75, 0x01,
488 T0_INT2(BR_MAX_CIPHER_SUITES * sizeof(br_suite_translated)), 0x00,
489 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, log_max_frag_len)),
490 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, pad)), 0x00,
491 0x00, 0x01,
492 T0_INT2(offsetof(br_ssl_engine_context, peer_log_max_frag_len)), 0x00,
493 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, record_type_in)),
494 0x00, 0x00, 0x01,
495 T0_INT2(offsetof(br_ssl_engine_context, record_type_out)), 0x00, 0x00,
496 0x01, T0_INT2(offsetof(br_ssl_engine_context, reneg)), 0x00, 0x00,
497 0x01, T0_INT2(offsetof(br_ssl_engine_context, saved_finished)), 0x00,
498 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, server_name)),
499 0x00, 0x00, 0x01,
500 T0_INT2(offsetof(br_ssl_engine_context, server_random)), 0x00, 0x00,
501 0x01,
502 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id)),
503 0x00, 0x00, 0x01,
504 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id_len)),
505 0x00, 0x00, 0x01,
506 T0_INT2(offsetof(br_ssl_engine_context, shutdown_recv)), 0x00, 0x00,
507 0x01, T0_INT2(offsetof(br_ssl_server_context, sign_hash_id)), 0x00,
508 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_buf)), 0x00,
509 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_num)), 0x00,
510 0x00, 0x01,
511 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, version)),
512 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_in)),
513 0x00, 0x00, 0x01,
514 T0_INT2(offsetof(br_ssl_engine_context, version_max)), 0x00, 0x00,
515 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_min)), 0x00,
516 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_out)),
517 0x00, 0x00, 0x09, 0x29, 0x58, 0x06, 0x02, 0x64, 0x2A, 0x00, 0x00, 0x01,
518 0x01, 0x00, 0x01, 0x03, 0x00, 0x93, 0x29, 0x5E, 0x46, 0x97, 0x29, 0x05,
519 0x04, 0x5F, 0x01, 0x00, 0x00, 0x02, 0x00, 0x0F, 0x06, 0x02, 0x97, 0x00,
520 0x5E, 0x04, 0x6B, 0x00, 0x06, 0x02, 0x64, 0x2A, 0x00, 0x00, 0x29, 0x84,
521 0x46, 0x05, 0x03, 0x01, 0x0C, 0x08, 0x46, 0x72, 0x2D, 0x9F, 0x1C, 0x7F,
522 0x01, 0x0C, 0x32, 0x00, 0x00, 0x29, 0x21, 0x01, 0x08, 0x0C, 0x46, 0x5C,
523 0x21, 0x08, 0x00, 0x01, 0x03, 0x00, 0x01, 0x00, 0x71, 0x41, 0x2B, 0x19,
524 0x37, 0x06, 0x07, 0x02, 0x00, 0xC5, 0x03, 0x00, 0x04, 0x75, 0x01, 0x00,
525 0xBD, 0x02, 0x00, 0x29, 0x19, 0x13, 0x06, 0x02, 0x6B, 0x2A, 0xC5, 0x04,
526 0x76, 0x00, 0x01, 0x00, 0x71, 0x41, 0x01, 0x16, 0x82, 0x41, 0x35, 0xA7,
527 0x34, 0x06, 0x02, 0x6D, 0x2A, 0x06, 0x0A, 0xCC, 0x01, 0x00, 0xC8, 0x01,
528 0x00, 0xA3, 0x04, 0x80, 0x46, 0xCC, 0xC9, 0x28, 0xCE, 0x4D, 0x06, 0x01,
529 0xCA, 0xCD, 0x2B, 0x4D, 0x06, 0x31, 0x01, 0x00, 0xA4, 0x29, 0x58, 0x06,
530 0x0F, 0x01, 0x02, 0x9C, 0x05, 0x02, 0x36, 0x2A, 0x28, 0xA8, 0xA6, 0x29,
531 0xBE, 0x28, 0x04, 0x19, 0x29, 0x5A, 0x06, 0x0B, 0x28, 0x01, 0x02, 0x9C,
532 0x05, 0x02, 0x6A, 0x2A, 0xA8, 0x04, 0x0A, 0xAA, 0x29, 0x05, 0x04, 0x28,
533 0xA2, 0x04, 0x02, 0xA9, 0xA5, 0x04, 0x01, 0xA8, 0x01, 0x00, 0xA3, 0x01,
534 0x00, 0xC8, 0x3D, 0x01, 0x01, 0x71, 0x41, 0x01, 0x17, 0x82, 0x41, 0x00,
535 0x00, 0x39, 0x39, 0x00, 0x01, 0x03, 0x00, 0x2B, 0x19, 0x37, 0x06, 0x04,
536 0xC4, 0x28, 0x04, 0x78, 0x01, 0x02, 0x02, 0x00, 0xBC, 0x19, 0x37, 0x06,
537 0x04, 0xC4, 0x28, 0x04, 0x78, 0x02, 0x00, 0x01, 0x84, 0x00, 0x08, 0x2A,
538 0x00, 0x00, 0x7B, 0x2E, 0x46, 0x12, 0x01, 0x01, 0x13, 0x36, 0x00, 0x00,
539 0x01, 0x7F, 0x99, 0xC4, 0x29, 0x01, 0x07, 0x13, 0x01, 0x00, 0x39, 0x0F,
540 0x06, 0x09, 0x28, 0x01, 0x10, 0x13, 0x06, 0x01, 0xBB, 0x04, 0x2A, 0x01,
541 0x01, 0x39, 0x0F, 0x06, 0x21, 0x28, 0x28, 0x83, 0x2F, 0x01, 0x01, 0x0F,
542 0x01, 0x01, 0x9C, 0x38, 0x06, 0x0F, 0x2B, 0x19, 0x37, 0x06, 0x04, 0xC4,
543 0x28, 0x04, 0x78, 0x01, 0x80, 0x64, 0xBD, 0x04, 0x03, 0x01, 0x00, 0x99,
544 0x04, 0x03, 0x6D, 0x2A, 0x28, 0x04, 0x40, 0x01, 0x29, 0x03, 0x00, 0x09,
545 0x29, 0x58, 0x06, 0x02, 0x64, 0x2A, 0x02, 0x00, 0x00, 0x00, 0x94, 0x01,
546 0x0F, 0x13, 0x00, 0x00, 0x70, 0x2F, 0x01, 0x00, 0x39, 0x0F, 0x06, 0x10,
547 0x28, 0x29, 0x01, 0x01, 0x0E, 0x06, 0x03, 0x28, 0x01, 0x02, 0x70, 0x41,
548 0x01, 0x00, 0x04, 0x22, 0x01, 0x01, 0x39, 0x0F, 0x06, 0x15, 0x28, 0x01,
549 0x00, 0x70, 0x41, 0x29, 0x01, 0x80, 0x64, 0x0F, 0x06, 0x05, 0x01, 0x82,
550 0x00, 0x08, 0x2A, 0x5A, 0x00, 0x04, 0x07, 0x28, 0x01, 0x82, 0x00, 0x08,
551 0x2A, 0x28, 0x00, 0x00, 0x01, 0x00, 0x30, 0x06, 0x05, 0x3C, 0xA0, 0x38,
552 0x04, 0x78, 0x29, 0x06, 0x04, 0x01, 0x01, 0x89, 0x41, 0x00, 0x00, 0x01,
553 0x1F, 0x13, 0x01, 0x12, 0x0F, 0x05, 0x02, 0x6E, 0x2A, 0x72, 0x2D, 0x29,
554 0xC0, 0x05, 0x02, 0x6D, 0x2A, 0x9F, 0x27, 0x00, 0x00, 0x30, 0x06, 0x0B,
555 0x81, 0x2F, 0x01, 0x14, 0x0E, 0x06, 0x02, 0x6D, 0x2A, 0x04, 0x11, 0xC4,
556 0x01, 0x07, 0x13, 0x29, 0x01, 0x02, 0x0E, 0x06, 0x06, 0x06, 0x02, 0x6D,
557 0x2A, 0x04, 0x70, 0x28, 0xB9, 0x01, 0x01, 0x0E, 0x34, 0x38, 0x06, 0x02,
558 0x60, 0x2A, 0x29, 0x01, 0x01, 0xBF, 0x37, 0xAB, 0x00, 0x01, 0xB0, 0x01,
559 0x0B, 0x0F, 0x05, 0x02, 0x6D, 0x2A, 0x29, 0x01, 0x03, 0x0F, 0x06, 0x08,
560 0xB7, 0x06, 0x02, 0x64, 0x2A, 0x46, 0x28, 0x00, 0x46, 0x57, 0xB7, 0x9E,
561 0x29, 0x06, 0x23, 0xB7, 0x9E, 0x29, 0x56, 0x29, 0x06, 0x18, 0x29, 0x01,
562 0x82, 0x00, 0x10, 0x06, 0x05, 0x01, 0x82, 0x00, 0x04, 0x01, 0x29, 0x03,
563 0x00, 0x7F, 0x02, 0x00, 0xAC, 0x02, 0x00, 0x53, 0x04, 0x65, 0x95, 0x54,
564 0x04, 0x5A, 0x95, 0x95, 0x55, 0x29, 0x06, 0x02, 0x36, 0x00, 0x28, 0x2C,
565 0x00, 0x02, 0x29, 0x01, 0x20, 0x13, 0x05, 0x02, 0x6E, 0x2A, 0x01, 0x0F,
566 0x13, 0x03, 0x00, 0xA6, 0x8D, 0x2D, 0x01, 0x86, 0x03, 0x11, 0x06, 0x23,
567 0xB6, 0x29, 0x01, 0x81, 0x7F, 0x13, 0x5C, 0x01, 0x01, 0x12, 0x02, 0x00,
568 0x0F, 0x05, 0x02, 0x66, 0x2A, 0x01, 0x08, 0x12, 0x29, 0x01, 0x02, 0x0B,
569 0x39, 0x01, 0x06, 0x10, 0x38, 0x06, 0x02, 0x68, 0x2A, 0x04, 0x0D, 0x02,
570 0x00, 0x01, 0x01, 0x0F, 0x06, 0x04, 0x01, 0x00, 0x04, 0x02, 0x01, 0x02,
571 0x20, 0x05, 0x02, 0x68, 0x2A, 0xB6, 0x29, 0x03, 0x01, 0x29, 0x01, 0x84,
572 0x00, 0x10, 0x06, 0x02, 0x69, 0x2A, 0x7F, 0x46, 0xAC, 0x02, 0x01, 0x50,
573 0x29, 0x06, 0x01, 0x2A, 0x28, 0x95, 0x00, 0x00, 0x1D, 0xB0, 0x01, 0x0F,
574 0x0F, 0x05, 0x02, 0x6D, 0x2A, 0x00, 0x0A, 0xB0, 0x01, 0x01, 0x0F, 0x05,
575 0x02, 0x6D, 0x2A, 0xB6, 0x29, 0x03, 0x00, 0x73, 0x3F, 0x74, 0x01, 0x20,
576 0xAC, 0xB8, 0x29, 0x01, 0x20, 0x10, 0x06, 0x02, 0x6C, 0x2A, 0x29, 0x88,
577 0x41, 0x87, 0x46, 0xAC, 0x1A, 0x03, 0x01, 0xB6, 0x9E, 0x01, 0x00, 0x03,
578 0x02, 0x01, 0x00, 0x03, 0x03, 0x7D, 0x9A, 0x17, 0x39, 0x08, 0x03, 0x04,
579 0x03, 0x05, 0x29, 0x06, 0x80, 0x6D, 0xB6, 0x29, 0x03, 0x06, 0x02, 0x01,
580 0x06, 0x0A, 0x29, 0x72, 0x2D, 0x0F, 0x06, 0x04, 0x01, 0x7F, 0x03, 0x03,
581 0x29, 0x01, 0x81, 0x7F, 0x0F, 0x06, 0x0A, 0x83, 0x2F, 0x06, 0x02, 0x65,
582 0x2A, 0x01, 0x7F, 0x03, 0x02, 0x29, 0x01, 0x81, 0xAC, 0x00, 0x0F, 0x06,
583 0x11, 0x02, 0x00, 0x90, 0x2D, 0x11, 0x02, 0x00, 0x8F, 0x2D, 0x0B, 0x13,
584 0x06, 0x04, 0x01, 0x7F, 0x03, 0x00, 0xBA, 0x29, 0x58, 0x06, 0x03, 0x28,
585 0x04, 0x26, 0x01, 0x00, 0x9C, 0x06, 0x0B, 0x01, 0x02, 0x0C, 0x75, 0x08,
586 0x02, 0x06, 0x46, 0x3F, 0x04, 0x16, 0x28, 0x02, 0x05, 0x02, 0x04, 0x11,
587 0x06, 0x02, 0x63, 0x2A, 0x02, 0x06, 0x02, 0x05, 0x3F, 0x02, 0x05, 0x01,
588 0x04, 0x08, 0x03, 0x05, 0x04, 0xFF, 0x0F, 0x28, 0x01, 0x00, 0x03, 0x07,
589 0xB8, 0x9E, 0x29, 0x06, 0x09, 0xB8, 0x05, 0x04, 0x01, 0x7F, 0x03, 0x07,
590 0x04, 0x74, 0x95, 0x01, 0x00, 0x85, 0x41, 0x01, 0x88, 0x04, 0x7C, 0x3F,
591 0x01, 0x84, 0x80, 0x80, 0x00, 0x78, 0x40, 0x29, 0x06, 0x80, 0x42, 0xB6,
592 0x9E, 0x29, 0x06, 0x3C, 0xB6, 0x01, 0x00, 0x39, 0x0F, 0x06, 0x04, 0x28,
593 0xAF, 0x04, 0x2F, 0x01, 0x01, 0x39, 0x0F, 0x06, 0x04, 0x28, 0xAD, 0x04,
594 0x25, 0x01, 0x83, 0xFE, 0x01, 0x39, 0x0F, 0x06, 0x04, 0x28, 0xAE, 0x04,
595 0x19, 0x01, 0x0D, 0x39, 0x0F, 0x06, 0x04, 0x28, 0xB4, 0x04, 0x0F, 0x01,
596 0x0A, 0x39, 0x0F, 0x06, 0x04, 0x28, 0xB5, 0x04, 0x05, 0x28, 0xB2, 0x01,
597 0x00, 0x28, 0x04, 0x41, 0x95, 0x95, 0x02, 0x01, 0x02, 0x03, 0x13, 0x03,
598 0x01, 0x02, 0x00, 0x58, 0x06, 0x08, 0x73, 0x2D, 0x91, 0x3F, 0x01, 0x80,
599 0x56, 0x9B, 0x8F, 0x2D, 0x29, 0x02, 0x00, 0x10, 0x06, 0x03, 0x28, 0x02,
600 0x00, 0x29, 0x01, 0x86, 0x00, 0x0B, 0x06, 0x02, 0x67, 0x2A, 0x02, 0x00,
601 0x90, 0x2D, 0x0B, 0x06, 0x04, 0x01, 0x80, 0x46, 0x9B, 0x02, 0x01, 0x06,
602 0x10, 0x8D, 0x2D, 0x02, 0x00, 0x0D, 0x06, 0x05, 0x28, 0x8D, 0x2D, 0x04,
603 0x04, 0x01, 0x00, 0x03, 0x01, 0x29, 0x8D, 0x3F, 0x29, 0x8E, 0x3F, 0x29,
604 0x91, 0x3F, 0x01, 0x86, 0x03, 0x11, 0x03, 0x08, 0x02, 0x02, 0x06, 0x04,
605 0x01, 0x02, 0x83, 0x41, 0x02, 0x07, 0x05, 0x03, 0x01, 0x28, 0x9B, 0x43,
606 0x28, 0x01, 0x82, 0x01, 0x07, 0x7C, 0x2D, 0x13, 0x29, 0x7C, 0x3F, 0x29,
607 0x01, 0x81, 0x7F, 0x13, 0x59, 0x36, 0x46, 0x01, 0x08, 0x12, 0x59, 0x01,
608 0x02, 0x13, 0x38, 0x01, 0x0C, 0x0C, 0x03, 0x09, 0x78, 0x2E, 0x42, 0x13,
609 0x29, 0x78, 0x40, 0x05, 0x04, 0x01, 0x00, 0x03, 0x09, 0x02, 0x01, 0x06,
610 0x03, 0x01, 0x7F, 0x00, 0x87, 0x01, 0x20, 0x33, 0x01, 0x20, 0x88, 0x41,
611 0x75, 0x29, 0x03, 0x05, 0x29, 0x02, 0x04, 0x0B, 0x06, 0x80, 0x49, 0x29,
612 0x2D, 0x29, 0x94, 0x29, 0x01, 0x0C, 0x12, 0x29, 0x01, 0x01, 0x0F, 0x46,
613 0x01, 0x02, 0x0F, 0x38, 0x06, 0x0A, 0x29, 0x02, 0x09, 0x13, 0x05, 0x04,
614 0x5F, 0x01, 0x00, 0x29, 0x02, 0x08, 0x05, 0x0E, 0x29, 0x01, 0x81, 0x70,
615 0x13, 0x01, 0x20, 0x0E, 0x06, 0x04, 0x5F, 0x01, 0x00, 0x29, 0x29, 0x06,
616 0x10, 0x02, 0x05, 0x5E, 0x3F, 0x02, 0x05, 0x3F, 0x02, 0x05, 0x01, 0x04,
617 0x08, 0x03, 0x05, 0x04, 0x01, 0x5F, 0x01, 0x04, 0x08, 0x04, 0xFF, 0x30,
618 0x28, 0x02, 0x05, 0x75, 0x09, 0x01, 0x02, 0x12, 0x29, 0x05, 0x03, 0x01,
619 0x28, 0x9B, 0x76, 0x41, 0x18, 0x05, 0x03, 0x01, 0x28, 0x9B, 0x01, 0x00,
620 0x00, 0x00, 0xAA, 0xA9, 0x00, 0x04, 0x72, 0x2D, 0xC3, 0x06, 0x16, 0xB6,
621 0x29, 0x01, 0x84, 0x00, 0x10, 0x06, 0x02, 0x69, 0x2A, 0x29, 0x03, 0x00,
622 0x7F, 0x46, 0xAC, 0x02, 0x00, 0x72, 0x2D, 0x9F, 0x26, 0x72, 0x2D, 0x29,
623 0xC1, 0x46, 0xC0, 0x03, 0x01, 0x03, 0x02, 0x02, 0x01, 0x02, 0x02, 0x38,
624 0x06, 0x14, 0xB8, 0x29, 0x03, 0x03, 0x7F, 0x46, 0xAC, 0x02, 0x03, 0x72,
625 0x2D, 0x9F, 0x02, 0x02, 0x06, 0x03, 0x25, 0x04, 0x01, 0x23, 0x95, 0x00,
626 0x00, 0xB0, 0x01, 0x10, 0x0F, 0x05, 0x02, 0x6D, 0x2A, 0x00, 0x00, 0x96,
627 0xB0, 0x01, 0x14, 0x0E, 0x06, 0x02, 0x6D, 0x2A, 0x7F, 0x01, 0x0C, 0x08,
628 0x01, 0x0C, 0xAC, 0x95, 0x7F, 0x29, 0x01, 0x0C, 0x08, 0x01, 0x0C, 0x31,
629 0x05, 0x02, 0x61, 0x2A, 0x00, 0x02, 0x03, 0x00, 0x03, 0x01, 0x02, 0x00,
630 0x92, 0x02, 0x01, 0x02, 0x00, 0x3B, 0x29, 0x01, 0x00, 0x0F, 0x06, 0x02,
631 0x5F, 0x00, 0xC6, 0x04, 0x74, 0x00, 0xB6, 0x01, 0x01, 0x0E, 0x06, 0x02,
632 0x62, 0x2A, 0xB8, 0x29, 0x29, 0x5A, 0x46, 0x01, 0x05, 0x11, 0x38, 0x06,
633 0x02, 0x62, 0x2A, 0x01, 0x08, 0x08, 0x29, 0x7E, 0x2F, 0x0B, 0x06, 0x0D,
634 0x29, 0x01, 0x01, 0x46, 0x0C, 0x3E, 0x29, 0x7E, 0x41, 0x80, 0x41, 0x04,
635 0x01, 0x28, 0x00, 0x00, 0xB6, 0x83, 0x2F, 0x01, 0x00, 0x39, 0x0F, 0x06,
636 0x13, 0x28, 0x01, 0x01, 0x0F, 0x05, 0x02, 0x65, 0x2A, 0xB8, 0x06, 0x02,
637 0x65, 0x2A, 0x01, 0x02, 0x83, 0x41, 0x04, 0x28, 0x01, 0x02, 0x39, 0x0F,
638 0x06, 0x1F, 0x28, 0x01, 0x0D, 0x0F, 0x05, 0x02, 0x65, 0x2A, 0xB8, 0x01,
639 0x0C, 0x0F, 0x05, 0x02, 0x65, 0x2A, 0x7F, 0x01, 0x0C, 0xAC, 0x84, 0x7F,
640 0x01, 0x0C, 0x31, 0x05, 0x02, 0x65, 0x2A, 0x04, 0x03, 0x65, 0x2A, 0x28,
641 0x00, 0x00, 0xB6, 0x9E, 0xB6, 0x9E, 0x29, 0x06, 0x1D, 0xB8, 0x06, 0x03,
642 0xB2, 0x04, 0x15, 0xB6, 0x29, 0x01, 0x81, 0x7F, 0x0D, 0x06, 0x0C, 0x29,
643 0x85, 0x08, 0x01, 0x00, 0x46, 0x41, 0x85, 0x46, 0xAC, 0x04, 0x01, 0xBE,
644 0x04, 0x60, 0x95, 0x95, 0x00, 0x00, 0xB1, 0x29, 0x5A, 0x06, 0x07, 0x28,
645 0x06, 0x02, 0x63, 0x2A, 0x04, 0x74, 0x00, 0x00, 0xB9, 0x01, 0x03, 0xB7,
646 0x46, 0x28, 0x46, 0x00, 0x00, 0xB6, 0xBE, 0x00, 0x03, 0x01, 0x00, 0x03,
647 0x00, 0xB6, 0x9E, 0x29, 0x06, 0x32, 0xB8, 0x03, 0x01, 0xB8, 0x03, 0x02,
648 0x02, 0x01, 0x01, 0x02, 0x11, 0x02, 0x01, 0x01, 0x06, 0x0D, 0x13, 0x02,
649 0x02, 0x01, 0x01, 0x0F, 0x02, 0x02, 0x01, 0x03, 0x0F, 0x38, 0x13, 0x06,
650 0x11, 0x02, 0x00, 0x01, 0x01, 0x02, 0x02, 0x5D, 0x01, 0x02, 0x0C, 0x02,
651 0x01, 0x08, 0x0C, 0x38, 0x03, 0x00, 0x04, 0x4B, 0x95, 0x02, 0x00, 0x00,
652 0x00, 0xB6, 0x9E, 0xB3, 0x7C, 0x3F, 0x95, 0x00, 0x00, 0xB6, 0x9E, 0xB6,
653 0x9E, 0x01, 0x00, 0x78, 0x40, 0x29, 0x06, 0x15, 0xB6, 0x29, 0x01, 0x20,
654 0x0B, 0x06, 0x0B, 0x01, 0x01, 0x46, 0x0C, 0x78, 0x2E, 0x38, 0x78, 0x40,
655 0x04, 0x01, 0x28, 0x04, 0x68, 0x95, 0x95, 0x00, 0x00, 0x01, 0x02, 0x92,
656 0xB9, 0x01, 0x08, 0x0C, 0xB9, 0x08, 0x00, 0x00, 0x01, 0x03, 0x92, 0xB9,
657 0x01, 0x08, 0x0C, 0xB9, 0x08, 0x01, 0x08, 0x0C, 0xB9, 0x08, 0x00, 0x00,
658 0x01, 0x01, 0x92, 0xB9, 0x00, 0x00, 0x3C, 0x29, 0x58, 0x05, 0x01, 0x00,
659 0x28, 0xC6, 0x04, 0x76, 0x02, 0x03, 0x00, 0x8C, 0x2F, 0x03, 0x01, 0x01,
660 0x00, 0x29, 0x02, 0x01, 0x0B, 0x06, 0x10, 0x29, 0x01, 0x01, 0x0C, 0x8B,
661 0x08, 0x2D, 0x02, 0x00, 0x0F, 0x06, 0x01, 0x00, 0x5C, 0x04, 0x6A, 0x28,
662 0x01, 0x7F, 0x00, 0x00, 0x2B, 0x19, 0x37, 0x06, 0x04, 0xC4, 0x28, 0x04,
663 0x78, 0x01, 0x16, 0x82, 0x41, 0x01, 0x00, 0xD7, 0x01, 0x00, 0xD6, 0x2B,
664 0x01, 0x17, 0x82, 0x41, 0x00, 0x00, 0x01, 0x15, 0x82, 0x41, 0x46, 0x52,
665 0x28, 0x52, 0x28, 0x2B, 0x00, 0x00, 0x01, 0x01, 0x46, 0xBC, 0x00, 0x00,
666 0x46, 0x39, 0x92, 0x46, 0x29, 0x06, 0x05, 0xB9, 0x28, 0x5D, 0x04, 0x78,
667 0x28, 0x00, 0x02, 0x03, 0x00, 0x72, 0x2D, 0x94, 0x03, 0x01, 0x02, 0x01,
668 0x01, 0x0F, 0x13, 0x02, 0x01, 0x01, 0x04, 0x12, 0x01, 0x0F, 0x13, 0x02,
669 0x01, 0x01, 0x08, 0x12, 0x01, 0x0F, 0x13, 0x01, 0x00, 0x39, 0x0F, 0x06,
670 0x10, 0x28, 0x01, 0x00, 0x01, 0x18, 0x02, 0x00, 0x06, 0x03, 0x49, 0x04,
671 0x01, 0x4A, 0x04, 0x80, 0x68, 0x01, 0x01, 0x39, 0x0F, 0x06, 0x10, 0x28,
672 0x01, 0x01, 0x01, 0x10, 0x02, 0x00, 0x06, 0x03, 0x49, 0x04, 0x01, 0x4A,
673 0x04, 0x80, 0x52, 0x01, 0x02, 0x39, 0x0F, 0x06, 0x0F, 0x28, 0x01, 0x01,
674 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x49, 0x04, 0x01, 0x4A, 0x04, 0x3D,
675 0x01, 0x03, 0x39, 0x0F, 0x06, 0x0E, 0x28, 0x28, 0x01, 0x10, 0x02, 0x00,
676 0x06, 0x03, 0x47, 0x04, 0x01, 0x48, 0x04, 0x29, 0x01, 0x04, 0x39, 0x0F,
677 0x06, 0x0E, 0x28, 0x28, 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x47, 0x04,
678 0x01, 0x48, 0x04, 0x15, 0x01, 0x05, 0x39, 0x0F, 0x06, 0x0C, 0x28, 0x28,
679 0x02, 0x00, 0x06, 0x03, 0x4B, 0x04, 0x01, 0x4C, 0x04, 0x03, 0x64, 0x2A,
680 0x28, 0x00, 0x00, 0x94, 0x01, 0x0C, 0x12, 0x01, 0x02, 0x10, 0x00, 0x00,
681 0x94, 0x01, 0x0C, 0x12, 0x29, 0x5B, 0x46, 0x01, 0x03, 0x0B, 0x13, 0x00,
682 0x00, 0x94, 0x01, 0x0C, 0x12, 0x01, 0x01, 0x0F, 0x00, 0x00, 0x94, 0x01,
683 0x0C, 0x12, 0x5A, 0x00, 0x00, 0x1B, 0x01, 0x00, 0x6F, 0x2F, 0x29, 0x06,
684 0x1F, 0x01, 0x01, 0x39, 0x0F, 0x06, 0x06, 0x28, 0x01, 0x00, 0x98, 0x04,
685 0x11, 0x01, 0x02, 0x39, 0x0F, 0x06, 0x0A, 0x28, 0x71, 0x2F, 0x06, 0x03,
686 0x01, 0x10, 0x38, 0x04, 0x01, 0x28, 0x04, 0x01, 0x28, 0x77, 0x2F, 0x05,
687 0x33, 0x30, 0x06, 0x30, 0x81, 0x2F, 0x01, 0x14, 0x39, 0x0F, 0x06, 0x06,
688 0x28, 0x01, 0x02, 0x38, 0x04, 0x22, 0x01, 0x15, 0x39, 0x0F, 0x06, 0x09,
689 0x28, 0xA1, 0x06, 0x03, 0x01, 0x7F, 0x98, 0x04, 0x13, 0x01, 0x16, 0x39,
690 0x0F, 0x06, 0x06, 0x28, 0x01, 0x01, 0x38, 0x04, 0x07, 0x28, 0x01, 0x04,
691 0x38, 0x01, 0x00, 0x28, 0x19, 0x06, 0x03, 0x01, 0x08, 0x38, 0x00, 0x00,
692 0x1B, 0x29, 0x05, 0x0F, 0x30, 0x06, 0x0C, 0x81, 0x2F, 0x01, 0x15, 0x0F,
693 0x06, 0x04, 0x28, 0xA1, 0x04, 0x01, 0x22, 0x00, 0x00, 0xC4, 0x01, 0x07,
694 0x13, 0x01, 0x01, 0x10, 0x06, 0x02, 0x6D, 0x2A, 0x00, 0x01, 0x03, 0x00,
695 0x2B, 0x19, 0x06, 0x05, 0x02, 0x00, 0x82, 0x41, 0x00, 0xC4, 0x28, 0x04,
696 0x74, 0x00, 0x01, 0x14, 0xC7, 0x01, 0x01, 0xD7, 0x2B, 0x29, 0x01, 0x00,
697 0xBF, 0x01, 0x16, 0xC7, 0xCB, 0x2B, 0x00, 0x00, 0x01, 0x0B, 0xD7, 0x4E,
698 0x29, 0x29, 0x01, 0x03, 0x08, 0xD6, 0xD6, 0x14, 0x29, 0x58, 0x06, 0x02,
699 0x28, 0x00, 0xD6, 0x1E, 0x29, 0x06, 0x05, 0x7F, 0x46, 0xCF, 0x04, 0x77,
700 0x28, 0x04, 0x6C, 0x00, 0x01, 0x00, 0xD1, 0x8D, 0x2D, 0x01, 0x86, 0x03,
701 0x11, 0x06, 0x05, 0x5E, 0x01, 0x00, 0xD2, 0x08, 0x4D, 0x08, 0x01, 0x03,
702 0x08, 0x01, 0x0D, 0xD7, 0xD6, 0x01, 0x00, 0xD1, 0xD7, 0x01, 0x01, 0xD1,
703 0x28, 0x8D, 0x2D, 0x01, 0x86, 0x03, 0x11, 0x06, 0x08, 0x01, 0x00, 0xD2,
704 0xD5, 0x01, 0x01, 0xD2, 0x28, 0x4D, 0xD5, 0x16, 0x15, 0x29, 0x58, 0x06,
705 0x02, 0x28, 0x00, 0xD5, 0x1F, 0x29, 0x06, 0x05, 0x7F, 0x46, 0xCF, 0x04,
706 0x77, 0x28, 0x04, 0x6C, 0x00, 0x96, 0x01, 0x14, 0xD7, 0x01, 0x0C, 0xD6,
707 0x7F, 0x01, 0x0C, 0xCF, 0x00, 0x03, 0x03, 0x00, 0x01, 0x02, 0xD7, 0x01,
708 0x80, 0x46, 0x83, 0x2F, 0x01, 0x02, 0x0F, 0x06, 0x0C, 0x02, 0x00, 0x06,
709 0x04, 0x01, 0x05, 0x04, 0x02, 0x01, 0x1D, 0x04, 0x02, 0x01, 0x00, 0x03,
710 0x01, 0x80, 0x2F, 0x06, 0x04, 0x01, 0x05, 0x04, 0x02, 0x01, 0x00, 0x03,
711 0x02, 0x02, 0x01, 0x02, 0x02, 0x08, 0x29, 0x06, 0x03, 0x01, 0x02, 0x08,
712 0x08, 0xD6, 0x8D, 0x2D, 0xD5, 0x86, 0x01, 0x04, 0x17, 0x86, 0x01, 0x04,
713 0x08, 0x01, 0x1C, 0x33, 0x86, 0x01, 0x20, 0xCF, 0x01, 0x20, 0xD7, 0x87,
714 0x01, 0x20, 0xCF, 0x72, 0x2D, 0xD5, 0x01, 0x00, 0xD7, 0x02, 0x01, 0x02,
715 0x02, 0x08, 0x29, 0x06, 0x29, 0xD5, 0x02, 0x01, 0x29, 0x06, 0x10, 0x01,
716 0x83, 0xFE, 0x01, 0xD5, 0x01, 0x04, 0x09, 0x29, 0xD5, 0x5D, 0x84, 0x46,
717 0xD0, 0x04, 0x01, 0x28, 0x02, 0x02, 0x06, 0x0C, 0x01, 0x01, 0xD5, 0x01,
718 0x01, 0xD5, 0x80, 0x2F, 0x01, 0x08, 0x09, 0xD7, 0x04, 0x01, 0x28, 0x00,
719 0x00, 0x01, 0x0E, 0xD7, 0x01, 0x00, 0xD6, 0x00, 0x03, 0x72, 0x2D, 0xC1,
720 0x05, 0x01, 0x00, 0x78, 0x2E, 0x01, 0x00, 0x9A, 0x12, 0x01, 0x01, 0x13,
721 0x5A, 0x06, 0x03, 0x5C, 0x04, 0x75, 0x03, 0x00, 0x28, 0x02, 0x00, 0x24,
722 0x29, 0x58, 0x06, 0x02, 0x36, 0x2A, 0x03, 0x01, 0x8D, 0x2D, 0x01, 0x86,
723 0x03, 0x11, 0x03, 0x02, 0x01, 0x0C, 0xD7, 0x02, 0x01, 0x7A, 0x2F, 0x08,
724 0x02, 0x02, 0x01, 0x02, 0x13, 0x08, 0x01, 0x06, 0x08, 0xD6, 0x01, 0x03,
725 0xD7, 0x02, 0x00, 0xD5, 0x79, 0x7A, 0x2F, 0xD0, 0x02, 0x02, 0x06, 0x0D,
726 0x8A, 0x2F, 0xD7, 0x72, 0x2D, 0xC2, 0x01, 0x01, 0x0C, 0x01, 0x03, 0x08,
727 0xD7, 0x02, 0x01, 0xD5, 0x7F, 0x02, 0x01, 0xCF, 0x00, 0x00, 0x51, 0x29,
728 0x01, 0x00, 0x0F, 0x06, 0x02, 0x5F, 0x00, 0xC4, 0x28, 0x04, 0x73, 0x00,
729 0x29, 0xD7, 0xCF, 0x00, 0x00, 0x01, 0x00, 0x72, 0x2D, 0xC0, 0x06, 0x0C,
730 0x5E, 0x39, 0x06, 0x08, 0x01, 0x80, 0x41, 0xD7, 0x01, 0x80, 0x42, 0xD7,
731 0x45, 0x06, 0x07, 0x5C, 0x39, 0x06, 0x03, 0x01, 0x01, 0xD7, 0x44, 0x06,
732 0x08, 0x5C, 0x39, 0x06, 0x04, 0x01, 0x80, 0x40, 0xD7, 0x46, 0x28, 0x00,
733 0x01, 0x01, 0x00, 0x03, 0x00, 0x45, 0x44, 0x38, 0x05, 0x14, 0x01, 0x01,
734 0x01, 0x80, 0x7C, 0xD3, 0x03, 0x00, 0x01, 0x03, 0x01, 0x80, 0x7C, 0xD3,
735 0x02, 0x00, 0x08, 0x46, 0x28, 0x00, 0x45, 0x06, 0x07, 0x01, 0x01, 0x43,
736 0x28, 0xD3, 0x03, 0x00, 0x44, 0x06, 0x0A, 0x01, 0x03, 0x43, 0x28, 0xD3,
737 0x02, 0x00, 0x08, 0x03, 0x00, 0x28, 0x02, 0x00, 0x00, 0x00, 0x01, 0x00,
738 0x01, 0x04, 0xD4, 0x01, 0x05, 0xD4, 0x01, 0x06, 0xD4, 0x01, 0x03, 0xD4,
739 0x01, 0x02, 0xD4, 0x0A, 0x5F, 0x00, 0x01, 0x03, 0x00, 0x39, 0x01, 0x01,
740 0x02, 0x00, 0x0C, 0x13, 0x05, 0x01, 0x00, 0x5E, 0x01, 0x03, 0x3A, 0x06,
741 0x07, 0x02, 0x00, 0xD7, 0x01, 0x02, 0x3A, 0xD7, 0x00, 0x00, 0x29, 0x01,
742 0x08, 0x4F, 0xD7, 0xD7, 0x00, 0x00, 0x29, 0x01, 0x10, 0x4F, 0xD7, 0xD5,
743 0x00, 0x00, 0x29, 0x52, 0x06, 0x02, 0x28, 0x00, 0xC4, 0x28, 0x04, 0x76
744 };
745
746 static const uint16_t t0_caddr[] = {
747 0,
748 5,
749 10,
750 15,
751 20,
752 25,
753 30,
754 35,
755 39,
756 43,
757 47,
758 51,
759 55,
760 59,
761 63,
762 67,
763 71,
764 75,
765 79,
766 83,
767 87,
768 91,
769 95,
770 99,
771 104,
772 109,
773 114,
774 119,
775 124,
776 129,
777 134,
778 139,
779 144,
780 149,
781 154,
782 159,
783 164,
784 169,
785 175,
786 180,
787 185,
788 190,
789 195,
790 200,
791 205,
792 210,
793 215,
794 220,
795 225,
796 230,
797 235,
798 240,
799 245,
800 250,
801 255,
802 260,
803 265,
804 270,
805 275,
806 284,
807 288,
808 313,
809 319,
810 338,
811 349,
812 383,
813 490,
814 494,
815 527,
816 537,
817 605,
818 619,
819 625,
820 685,
821 704,
822 726,
823 775,
824 851,
825 953,
826 964,
827 1511,
828 1515,
829 1582,
830 1592,
831 1623,
832 1647,
833 1693,
834 1763,
835 1803,
836 1817,
837 1826,
838 1830,
839 1894,
840 1902,
841 1938,
842 1949,
843 1965,
844 1971,
845 1982,
846 2017,
847 2043,
848 2055,
849 2061,
850 2076,
851 2232,
852 2241,
853 2254,
854 2263,
855 2270,
856 2373,
857 2394,
858 2407,
859 2423,
860 2441,
861 2473,
862 2546,
863 2559,
864 2698,
865 2706,
866 2803,
867 2817,
868 2822,
869 2866,
870 2923,
871 2944,
872 2971,
873 2979,
874 2987
875 };
876
877 #define T0_INTERPRETED 88
878
879 #define T0_ENTER(ip, rp, slot) do { \
880 const unsigned char *t0_newip; \
881 uint32_t t0_lnum; \
882 t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \
883 t0_lnum = t0_parse7E_unsigned(&t0_newip); \
884 (rp) += t0_lnum; \
885 *((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \
886 (ip) = t0_newip; \
887 } while (0)
888
889 #define T0_DEFENTRY(name, slot) \
890 void \
891 name(void *ctx) \
892 { \
893 t0_context *t0ctx = ctx; \
894 t0ctx->ip = &t0_codeblock[0]; \
895 T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \
896 }
897
898 T0_DEFENTRY(br_ssl_hs_server_init_main, 157)
899
900 #define T0_NEXT(t0ipp) (*(*(t0ipp)) ++)
901
902 void
903 br_ssl_hs_server_run(void *t0ctx)
904 {
905 uint32_t *dp, *rp;
906 const unsigned char *ip;
907
908 #define T0_LOCAL(x) (*(rp - 2 - (x)))
909 #define T0_POP() (*-- dp)
910 #define T0_POPi() (*(int32_t *)(-- dp))
911 #define T0_PEEK(x) (*(dp - 1 - (x)))
912 #define T0_PEEKi(x) (*(int32_t *)(dp - 1 - (x)))
913 #define T0_PUSH(v) do { *dp = (v); dp ++; } while (0)
914 #define T0_PUSHi(v) do { *(int32_t *)dp = (v); dp ++; } while (0)
915 #define T0_RPOP() (*-- rp)
916 #define T0_RPOPi() (*(int32_t *)(-- rp))
917 #define T0_RPUSH(v) do { *rp = (v); rp ++; } while (0)
918 #define T0_RPUSHi(v) do { *(int32_t *)rp = (v); rp ++; } while (0)
919 #define T0_ROLL(x) do { \
920 size_t t0len = (size_t)(x); \
921 uint32_t t0tmp = *(dp - 1 - t0len); \
922 memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \
923 *(dp - 1) = t0tmp; \
924 } while (0)
925 #define T0_SWAP() do { \
926 uint32_t t0tmp = *(dp - 2); \
927 *(dp - 2) = *(dp - 1); \
928 *(dp - 1) = t0tmp; \
929 } while (0)
930 #define T0_ROT() do { \
931 uint32_t t0tmp = *(dp - 3); \
932 *(dp - 3) = *(dp - 2); \
933 *(dp - 2) = *(dp - 1); \
934 *(dp - 1) = t0tmp; \
935 } while (0)
936 #define T0_NROT() do { \
937 uint32_t t0tmp = *(dp - 1); \
938 *(dp - 1) = *(dp - 2); \
939 *(dp - 2) = *(dp - 3); \
940 *(dp - 3) = t0tmp; \
941 } while (0)
942 #define T0_PICK(x) do { \
943 uint32_t t0depth = (x); \
944 T0_PUSH(T0_PEEK(t0depth)); \
945 } while (0)
946 #define T0_CO() do { \
947 goto t0_exit; \
948 } while (0)
949 #define T0_RET() goto t0_next
950
951 dp = ((t0_context *)t0ctx)->dp;
952 rp = ((t0_context *)t0ctx)->rp;
953 ip = ((t0_context *)t0ctx)->ip;
954 goto t0_next;
955 for (;;) {
956 uint32_t t0x;
957
958 t0_next:
959 t0x = T0_NEXT(&ip);
960 if (t0x < T0_INTERPRETED) {
961 switch (t0x) {
962 int32_t t0off;
963
964 case 0: /* ret */
965 t0x = T0_RPOP();
966 rp -= (t0x >> 16);
967 t0x &= 0xFFFF;
968 if (t0x == 0) {
969 ip = NULL;
970 goto t0_exit;
971 }
972 ip = &t0_codeblock[t0x];
973 break;
974 case 1: /* literal constant */
975 T0_PUSHi(t0_parse7E_signed(&ip));
976 break;
977 case 2: /* read local */
978 T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip)));
979 break;
980 case 3: /* write local */
981 T0_LOCAL(t0_parse7E_unsigned(&ip)) = T0_POP();
982 break;
983 case 4: /* jump */
984 t0off = t0_parse7E_signed(&ip);
985 ip += t0off;
986 break;
987 case 5: /* jump if */
988 t0off = t0_parse7E_signed(&ip);
989 if (T0_POP()) {
990 ip += t0off;
991 }
992 break;
993 case 6: /* jump if not */
994 t0off = t0_parse7E_signed(&ip);
995 if (!T0_POP()) {
996 ip += t0off;
997 }
998 break;
999 case 7: {
1000 /* * */
1001
1002 uint32_t b = T0_POP();
1003 uint32_t a = T0_POP();
1004 T0_PUSH(a * b);
1005
1006 }
1007 break;
1008 case 8: {
1009 /* + */
1010
1011 uint32_t b = T0_POP();
1012 uint32_t a = T0_POP();
1013 T0_PUSH(a + b);
1014
1015 }
1016 break;
1017 case 9: {
1018 /* - */
1019
1020 uint32_t b = T0_POP();
1021 uint32_t a = T0_POP();
1022 T0_PUSH(a - b);
1023
1024 }
1025 break;
1026 case 10: {
1027 /* -rot */
1028 T0_NROT();
1029 }
1030 break;
1031 case 11: {
1032 /* < */
1033
1034 int32_t b = T0_POPi();
1035 int32_t a = T0_POPi();
1036 T0_PUSH(-(uint32_t)(a < b));
1037
1038 }
1039 break;
1040 case 12: {
1041 /* << */
1042
1043 int c = (int)T0_POPi();
1044 uint32_t x = T0_POP();
1045 T0_PUSH(x << c);
1046
1047 }
1048 break;
1049 case 13: {
1050 /* <= */
1051
1052 int32_t b = T0_POPi();
1053 int32_t a = T0_POPi();
1054 T0_PUSH(-(uint32_t)(a <= b));
1055
1056 }
1057 break;
1058 case 14: {
1059 /* <> */
1060
1061 uint32_t b = T0_POP();
1062 uint32_t a = T0_POP();
1063 T0_PUSH(-(uint32_t)(a != b));
1064
1065 }
1066 break;
1067 case 15: {
1068 /* = */
1069
1070 uint32_t b = T0_POP();
1071 uint32_t a = T0_POP();
1072 T0_PUSH(-(uint32_t)(a == b));
1073
1074 }
1075 break;
1076 case 16: {
1077 /* > */
1078
1079 int32_t b = T0_POPi();
1080 int32_t a = T0_POPi();
1081 T0_PUSH(-(uint32_t)(a > b));
1082
1083 }
1084 break;
1085 case 17: {
1086 /* >= */
1087
1088 int32_t b = T0_POPi();
1089 int32_t a = T0_POPi();
1090 T0_PUSH(-(uint32_t)(a >= b));
1091
1092 }
1093 break;
1094 case 18: {
1095 /* >> */
1096
1097 int c = (int)T0_POPi();
1098 int32_t x = T0_POPi();
1099 T0_PUSHi(x >> c);
1100
1101 }
1102 break;
1103 case 19: {
1104 /* and */
1105
1106 uint32_t b = T0_POP();
1107 uint32_t a = T0_POP();
1108 T0_PUSH(a & b);
1109
1110 }
1111 break;
1112 case 20: {
1113 /* begin-cert */
1114
1115 if (ENG->chain_len == 0) {
1116 T0_PUSHi(-1);
1117 } else {
1118 ENG->cert_cur = ENG->chain->data;
1119 ENG->cert_len = ENG->chain->data_len;
1120 ENG->chain ++;
1121 ENG->chain_len --;
1122 T0_PUSH(ENG->cert_len);
1123 }
1124
1125 }
1126 break;
1127 case 21: {
1128 /* begin-ta-name */
1129
1130 const br_x500_name *dn;
1131 if (CTX->cur_dn_index >= CTX->num_tas) {
1132 T0_PUSHi(-1);
1133 } else {
1134 if (CTX->ta_names == NULL) {
1135 dn = &CTX->tas[CTX->cur_dn_index].dn;
1136 } else {
1137 dn = &CTX->ta_names[CTX->cur_dn_index];
1138 }
1139 CTX->cur_dn_index ++;
1140 CTX->cur_dn = dn->data;
1141 CTX->cur_dn_len = dn->len;
1142 T0_PUSH(CTX->cur_dn_len);
1143 }
1144
1145 }
1146 break;
1147 case 22: {
1148 /* begin-ta-name-list */
1149
1150 CTX->cur_dn_index = 0;
1151
1152 }
1153 break;
1154 case 23: {
1155 /* bzero */
1156
1157 size_t len = (size_t)T0_POP();
1158 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
1159 memset(addr, 0, len);
1160
1161 }
1162 break;
1163 case 24: {
1164 /* call-policy-handler */
1165
1166 int x;
1167 br_ssl_server_choices choices;
1168
1169 x = (*CTX->policy_vtable)->choose(
1170 CTX->policy_vtable, CTX, &choices);
1171 ENG->session.cipher_suite = choices.cipher_suite;
1172 CTX->sign_hash_id = choices.hash_id;
1173 ENG->chain = choices.chain;
1174 ENG->chain_len = choices.chain_len;
1175 T0_PUSHi(-(x != 0));
1176
1177 }
1178 break;
1179 case 25: {
1180 /* can-output? */
1181
1182 T0_PUSHi(-(ENG->hlen_out > 0));
1183
1184 }
1185 break;
1186 case 26: {
1187 /* check-resume */
1188
1189 if (ENG->session.session_id_len == 32
1190 && CTX->cache_vtable != NULL && (*CTX->cache_vtable)->load(
1191 CTX->cache_vtable, CTX, &ENG->session))
1192 {
1193 T0_PUSHi(-1);
1194 } else {
1195 T0_PUSH(0);
1196 }
1197
1198 }
1199 break;
1200 case 27: {
1201 /* co */
1202 T0_CO();
1203 }
1204 break;
1205 case 28: {
1206 /* compute-Finished-inner */
1207
1208 int prf_id = T0_POP();
1209 int from_client = T0_POPi();
1210 unsigned char seed[48];
1211 size_t seed_len;
1212
1213 br_tls_prf_impl prf = br_ssl_engine_get_PRF(ENG, prf_id);
1214 if (ENG->session.version >= BR_TLS12) {
1215 seed_len = br_multihash_out(&ENG->mhash, prf_id, seed);
1216 } else {
1217 br_multihash_out(&ENG->mhash, br_md5_ID, seed);
1218 br_multihash_out(&ENG->mhash, br_sha1_ID, seed + 16);
1219 seed_len = 36;
1220 }
1221 prf(ENG->pad, 12, ENG->session.master_secret,
1222 sizeof ENG->session.master_secret,
1223 from_client ? "client finished" : "server finished",
1224 seed, seed_len);
1225
1226 }
1227 break;
1228 case 29: {
1229 /* compute-hash-CV */
1230
1231 int i;
1232
1233 for (i = 1; i <= 6; i ++) {
1234 br_multihash_out(&ENG->mhash, i,
1235 ENG->pad + HASH_PAD_OFF[i - 1]);
1236 }
1237
1238 }
1239 break;
1240 case 30: {
1241 /* copy-cert-chunk */
1242
1243 size_t clen;
1244
1245 clen = ENG->cert_len;
1246 if (clen > sizeof ENG->pad) {
1247 clen = sizeof ENG->pad;
1248 }
1249 memcpy(ENG->pad, ENG->cert_cur, clen);
1250 ENG->cert_cur += clen;
1251 ENG->cert_len -= clen;
1252 T0_PUSH(clen);
1253
1254 }
1255 break;
1256 case 31: {
1257 /* copy-dn-chunk */
1258
1259 size_t clen;
1260
1261 clen = CTX->cur_dn_len;
1262 if (clen > sizeof ENG->pad) {
1263 clen = sizeof ENG->pad;
1264 }
1265 memcpy(ENG->pad, CTX->cur_dn, clen);
1266 CTX->cur_dn += clen;
1267 CTX->cur_dn_len -= clen;
1268 T0_PUSH(clen);
1269
1270 }
1271 break;
1272 case 32: {
1273 /* copy-hash-CV */
1274
1275 int id = T0_POP();
1276 size_t off, len;
1277
1278 if (id == 0) {
1279 off = 0;
1280 len = 36;
1281 } else {
1282 if (br_multihash_getimpl(&ENG->mhash, id) == 0) {
1283 T0_PUSH(0);
1284 T0_RET();
1285 }
1286 off = HASH_PAD_OFF[id - 1];
1287 len = HASH_PAD_OFF[id] - off;
1288 }
1289 memcpy(CTX->hash_CV, ENG->pad + off, len);
1290 CTX->hash_CV_len = len;
1291 CTX->hash_CV_id = id;
1292 T0_PUSHi(-1);
1293
1294 }
1295 break;
1296 case 33: {
1297 /* data-get8 */
1298
1299 size_t addr = T0_POP();
1300 T0_PUSH(t0_datablock[addr]);
1301
1302 }
1303 break;
1304 case 34: {
1305 /* discard-input */
1306
1307 ENG->hlen_in = 0;
1308
1309 }
1310 break;
1311 case 35: {
1312 /* do-ecdh */
1313
1314 int prf_id = T0_POPi();
1315 size_t len = T0_POP();
1316 do_ecdh(CTX, prf_id, ENG->pad, len);
1317
1318 }
1319 break;
1320 case 36: {
1321 /* do-ecdhe-part1 */
1322
1323 int curve = T0_POPi();
1324 T0_PUSHi(do_ecdhe_part1(CTX, curve));
1325
1326 }
1327 break;
1328 case 37: {
1329 /* do-ecdhe-part2 */
1330
1331 int prf_id = T0_POPi();
1332 size_t len = T0_POP();
1333 do_ecdhe_part2(CTX, prf_id, ENG->pad, len);
1334
1335 }
1336 break;
1337 case 38: {
1338 /* do-rsa-decrypt */
1339
1340 int prf_id = T0_POPi();
1341 size_t len = T0_POP();
1342 do_rsa_decrypt(CTX, prf_id, ENG->pad, len);
1343
1344 }
1345 break;
1346 case 39: {
1347 /* do-static-ecdh */
1348
1349 do_static_ecdh(CTX, T0_POP());
1350
1351 }
1352 break;
1353 case 40: {
1354 /* drop */
1355 (void)T0_POP();
1356 }
1357 break;
1358 case 41: {
1359 /* dup */
1360 T0_PUSH(T0_PEEK(0));
1361 }
1362 break;
1363 case 42: {
1364 /* fail */
1365
1366 br_ssl_engine_fail(ENG, (int)T0_POPi());
1367 T0_CO();
1368
1369 }
1370 break;
1371 case 43: {
1372 /* flush-record */
1373
1374 br_ssl_engine_flush_record(ENG);
1375
1376 }
1377 break;
1378 case 44: {
1379 /* get-key-type-usages */
1380
1381 const br_x509_class *xc;
1382 const br_x509_pkey *pk;
1383 unsigned usages;
1384
1385 xc = *(ENG->x509ctx);
1386 pk = xc->get_pkey(ENG->x509ctx, &usages);
1387 if (pk == NULL) {
1388 T0_PUSH(0);
1389 } else {
1390 T0_PUSH(pk->key_type | usages);
1391 }
1392
1393 }
1394 break;
1395 case 45: {
1396 /* get16 */
1397
1398 size_t addr = (size_t)T0_POP();
1399 T0_PUSH(*(uint16_t *)((unsigned char *)ENG + addr));
1400
1401 }
1402 break;
1403 case 46: {
1404 /* get32 */
1405
1406 size_t addr = (size_t)T0_POP();
1407 T0_PUSH(*(uint32_t *)((unsigned char *)ENG + addr));
1408
1409 }
1410 break;
1411 case 47: {
1412 /* get8 */
1413
1414 size_t addr = (size_t)T0_POP();
1415 T0_PUSH(*((unsigned char *)ENG + addr));
1416
1417 }
1418 break;
1419 case 48: {
1420 /* has-input? */
1421
1422 T0_PUSHi(-(ENG->hlen_in != 0));
1423
1424 }
1425 break;
1426 case 49: {
1427 /* memcmp */
1428
1429 size_t len = (size_t)T0_POP();
1430 void *addr2 = (unsigned char *)ENG + (size_t)T0_POP();
1431 void *addr1 = (unsigned char *)ENG + (size_t)T0_POP();
1432 int x = memcmp(addr1, addr2, len);
1433 T0_PUSH((uint32_t)-(x == 0));
1434
1435 }
1436 break;
1437 case 50: {
1438 /* memcpy */
1439
1440 size_t len = (size_t)T0_POP();
1441 void *src = (unsigned char *)ENG + (size_t)T0_POP();
1442 void *dst = (unsigned char *)ENG + (size_t)T0_POP();
1443 memcpy(dst, src, len);
1444
1445 }
1446 break;
1447 case 51: {
1448 /* mkrand */
1449
1450 size_t len = (size_t)T0_POP();
1451 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
1452 br_hmac_drbg_generate(&ENG->rng, addr, len);
1453
1454 }
1455 break;
1456 case 52: {
1457 /* more-incoming-bytes? */
1458
1459 T0_PUSHi(ENG->hlen_in != 0 || !br_ssl_engine_recvrec_finished(ENG));
1460
1461 }
1462 break;
1463 case 53: {
1464 /* multihash-init */
1465
1466 br_multihash_init(&ENG->mhash);
1467
1468 }
1469 break;
1470 case 54: {
1471 /* neg */
1472
1473 uint32_t a = T0_POP();
1474 T0_PUSH(-a);
1475
1476 }
1477 break;
1478 case 55: {
1479 /* not */
1480
1481 uint32_t a = T0_POP();
1482 T0_PUSH(~a);
1483
1484 }
1485 break;
1486 case 56: {
1487 /* or */
1488
1489 uint32_t b = T0_POP();
1490 uint32_t a = T0_POP();
1491 T0_PUSH(a | b);
1492
1493 }
1494 break;
1495 case 57: {
1496 /* over */
1497 T0_PUSH(T0_PEEK(1));
1498 }
1499 break;
1500 case 58: {
1501 /* pick */
1502 T0_PICK(T0_POP());
1503 }
1504 break;
1505 case 59: {
1506 /* read-chunk-native */
1507
1508 size_t clen = ENG->hlen_in;
1509 if (clen > 0) {
1510 uint32_t addr, len;
1511
1512 len = T0_POP();
1513 addr = T0_POP();
1514 if ((size_t)len < clen) {
1515 clen = (size_t)len;
1516 }
1517 memcpy((unsigned char *)ENG + addr, ENG->hbuf_in, clen);
1518 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1519 br_multihash_update(&ENG->mhash, ENG->hbuf_in, clen);
1520 }
1521 T0_PUSH(addr + (uint32_t)clen);
1522 T0_PUSH(len - (uint32_t)clen);
1523 ENG->hbuf_in += clen;
1524 ENG->hlen_in -= clen;
1525 }
1526
1527 }
1528 break;
1529 case 60: {
1530 /* read8-native */
1531
1532 if (ENG->hlen_in > 0) {
1533 unsigned char x;
1534
1535 x = *ENG->hbuf_in ++;
1536 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1537 br_multihash_update(&ENG->mhash, &x, 1);
1538 }
1539 T0_PUSH(x);
1540 ENG->hlen_in --;
1541 } else {
1542 T0_PUSHi(-1);
1543 }
1544
1545 }
1546 break;
1547 case 61: {
1548 /* save-session */
1549
1550 if (CTX->cache_vtable != NULL) {
1551 (*CTX->cache_vtable)->save(
1552 CTX->cache_vtable, CTX, &ENG->session);
1553 }
1554
1555 }
1556 break;
1557 case 62: {
1558 /* set-max-frag-len */
1559
1560 size_t max_frag_len = T0_POP();
1561
1562 br_ssl_engine_new_max_frag_len(ENG, max_frag_len);
1563
1564 /*
1565 * We must adjust our own output limit. Since we call this only
1566 * after receiving a ClientHello and before beginning to send
1567 * the ServerHello, the next output record should be empty at
1568 * that point, so we can use max_frag_len as a limit.
1569 */
1570 if (ENG->hlen_out > max_frag_len) {
1571 ENG->hlen_out = max_frag_len;
1572 }
1573
1574 }
1575 break;
1576 case 63: {
1577 /* set16 */
1578
1579 size_t addr = (size_t)T0_POP();
1580 *(uint16_t *)((unsigned char *)ENG + addr) = (uint16_t)T0_POP();
1581
1582 }
1583 break;
1584 case 64: {
1585 /* set32 */
1586
1587 size_t addr = (size_t)T0_POP();
1588 *(uint32_t *)((unsigned char *)ENG + addr) = (uint32_t)T0_POP();
1589
1590 }
1591 break;
1592 case 65: {
1593 /* set8 */
1594
1595 size_t addr = (size_t)T0_POP();
1596 *((unsigned char *)ENG + addr) = (unsigned char)T0_POP();
1597
1598 }
1599 break;
1600 case 66: {
1601 /* supported-curves */
1602
1603 uint32_t x = ENG->iec == NULL ? 0 : ENG->iec->supported_curves;
1604 T0_PUSH(x);
1605
1606 }
1607 break;
1608 case 67: {
1609 /* supported-hash-functions */
1610
1611 int i;
1612 unsigned x, num;
1613
1614 x = 0;
1615 num = 0;
1616 for (i = br_sha1_ID; i <= br_sha512_ID; i ++) {
1617 if (br_multihash_getimpl(&ENG->mhash, i)) {
1618 x |= 1U << i;
1619 num ++;
1620 }
1621 }
1622 T0_PUSH(x);
1623 T0_PUSH(num);
1624
1625 }
1626 break;
1627 case 68: {
1628 /* supports-ecdsa? */
1629
1630 T0_PUSHi(-(ENG->iecdsa != 0));
1631
1632 }
1633 break;
1634 case 69: {
1635 /* supports-rsa-sign? */
1636
1637 T0_PUSHi(-(ENG->irsavrfy != 0));
1638
1639 }
1640 break;
1641 case 70: {
1642 /* swap */
1643 T0_SWAP();
1644 }
1645 break;
1646 case 71: {
1647 /* switch-aesgcm-in */
1648
1649 int is_client, prf_id;
1650 unsigned cipher_key_len;
1651
1652 cipher_key_len = T0_POP();
1653 prf_id = T0_POP();
1654 is_client = T0_POP();
1655 br_ssl_engine_switch_gcm_in(ENG, is_client, prf_id,
1656 ENG->iaes_ctr, cipher_key_len);
1657
1658 }
1659 break;
1660 case 72: {
1661 /* switch-aesgcm-out */
1662
1663 int is_client, prf_id;
1664 unsigned cipher_key_len;
1665
1666 cipher_key_len = T0_POP();
1667 prf_id = T0_POP();
1668 is_client = T0_POP();
1669 br_ssl_engine_switch_gcm_out(ENG, is_client, prf_id,
1670 ENG->iaes_ctr, cipher_key_len);
1671
1672 }
1673 break;
1674 case 73: {
1675 /* switch-cbc-in */
1676
1677 int is_client, prf_id, mac_id, aes;
1678 unsigned cipher_key_len;
1679
1680 cipher_key_len = T0_POP();
1681 aes = T0_POP();
1682 mac_id = T0_POP();
1683 prf_id = T0_POP();
1684 is_client = T0_POP();
1685 br_ssl_engine_switch_cbc_in(ENG, is_client, prf_id, mac_id,
1686 aes ? ENG->iaes_cbcdec : ENG->ides_cbcdec, cipher_key_len);
1687
1688 }
1689 break;
1690 case 74: {
1691 /* switch-cbc-out */
1692
1693 int is_client, prf_id, mac_id, aes;
1694 unsigned cipher_key_len;
1695
1696 cipher_key_len = T0_POP();
1697 aes = T0_POP();
1698 mac_id = T0_POP();
1699 prf_id = T0_POP();
1700 is_client = T0_POP();
1701 br_ssl_engine_switch_cbc_out(ENG, is_client, prf_id, mac_id,
1702 aes ? ENG->iaes_cbcenc : ENG->ides_cbcenc, cipher_key_len);
1703
1704 }
1705 break;
1706 case 75: {
1707 /* switch-chapol-in */
1708
1709 int is_client, prf_id;
1710
1711 prf_id = T0_POP();
1712 is_client = T0_POP();
1713 br_ssl_engine_switch_chapol_in(ENG, is_client, prf_id);
1714
1715 }
1716 break;
1717 case 76: {
1718 /* switch-chapol-out */
1719
1720 int is_client, prf_id;
1721
1722 prf_id = T0_POP();
1723 is_client = T0_POP();
1724 br_ssl_engine_switch_chapol_out(ENG, is_client, prf_id);
1725
1726 }
1727 break;
1728 case 77: {
1729 /* ta-names-total-length */
1730
1731 size_t u, len;
1732
1733 len = 0;
1734 if (CTX->ta_names != NULL) {
1735 for (u = 0; u < CTX->num_tas; u ++) {
1736 len += CTX->ta_names[u].len + 2;
1737 }
1738 } else if (CTX->tas != NULL) {
1739 for (u = 0; u < CTX->num_tas; u ++) {
1740 len += CTX->tas[u].dn.len + 2;
1741 }
1742 }
1743 T0_PUSH(len);
1744
1745 }
1746 break;
1747 case 78: {
1748 /* total-chain-length */
1749
1750 size_t u;
1751 uint32_t total;
1752
1753 total = 0;
1754 for (u = 0; u < ENG->chain_len; u ++) {
1755 total += 3 + (uint32_t)ENG->chain[u].data_len;
1756 }
1757 T0_PUSH(total);
1758
1759 }
1760 break;
1761 case 79: {
1762 /* u>> */
1763
1764 int c = (int)T0_POPi();
1765 uint32_t x = T0_POP();
1766 T0_PUSH(x >> c);
1767
1768 }
1769 break;
1770 case 80: {
1771 /* verify-CV-sig */
1772
1773 int err;
1774
1775 err = verify_CV_sig(CTX, T0_POP());
1776 T0_PUSHi(err);
1777
1778 }
1779 break;
1780 case 81: {
1781 /* write-blob-chunk */
1782
1783 size_t clen = ENG->hlen_out;
1784 if (clen > 0) {
1785 uint32_t addr, len;
1786
1787 len = T0_POP();
1788 addr = T0_POP();
1789 if ((size_t)len < clen) {
1790 clen = (size_t)len;
1791 }
1792 memcpy(ENG->hbuf_out, (unsigned char *)ENG + addr, clen);
1793 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1794 br_multihash_update(&ENG->mhash, ENG->hbuf_out, clen);
1795 }
1796 T0_PUSH(addr + (uint32_t)clen);
1797 T0_PUSH(len - (uint32_t)clen);
1798 ENG->hbuf_out += clen;
1799 ENG->hlen_out -= clen;
1800 }
1801
1802 }
1803 break;
1804 case 82: {
1805 /* write8-native */
1806
1807 unsigned char x;
1808
1809 x = (unsigned char)T0_POP();
1810 if (ENG->hlen_out > 0) {
1811 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1812 br_multihash_update(&ENG->mhash, &x, 1);
1813 }
1814 *ENG->hbuf_out ++ = x;
1815 ENG->hlen_out --;
1816 T0_PUSHi(-1);
1817 } else {
1818 T0_PUSHi(0);
1819 }
1820
1821 }
1822 break;
1823 case 83: {
1824 /* x509-append */
1825
1826 const br_x509_class *xc;
1827 size_t len;
1828
1829 xc = *(ENG->x509ctx);
1830 len = T0_POP();
1831 xc->append(ENG->x509ctx, ENG->pad, len);
1832
1833 }
1834 break;
1835 case 84: {
1836 /* x509-end-cert */
1837
1838 const br_x509_class *xc;
1839
1840 xc = *(ENG->x509ctx);
1841 xc->end_cert(ENG->x509ctx);
1842
1843 }
1844 break;
1845 case 85: {
1846 /* x509-end-chain */
1847
1848 const br_x509_class *xc;
1849
1850 xc = *(ENG->x509ctx);
1851 T0_PUSH(xc->end_chain(ENG->x509ctx));
1852
1853 }
1854 break;
1855 case 86: {
1856 /* x509-start-cert */
1857
1858 const br_x509_class *xc;
1859
1860 xc = *(ENG->x509ctx);
1861 xc->start_cert(ENG->x509ctx, T0_POP());
1862
1863 }
1864 break;
1865 case 87: {
1866 /* x509-start-chain */
1867
1868 const br_x509_class *xc;
1869 uint32_t bc;
1870
1871 bc = T0_POP();
1872 xc = *(ENG->x509ctx);
1873 xc->start_chain(ENG->x509ctx, bc ? ENG->server_name : NULL);
1874
1875 }
1876 break;
1877 }
1878
1879 } else {
1880 T0_ENTER(ip, rp, t0x);
1881 }
1882 }
1883 t0_exit:
1884 ((t0_context *)t0ctx)->dp = dp;
1885 ((t0_context *)t0ctx)->rp = rp;
1886 ((t0_context *)t0ctx)->ip = ip;
1887 }
The BearSSL library and tools.