1 /* Automatically generated code; do not modify directly. */
9 const unsigned char *ip
;
13 t0_parse7E_unsigned(const unsigned char **p
)
22 x
= (x
<< 7) | (uint32_t)(y
& 0x7F);
30 t0_parse7E_signed(const unsigned char **p
)
35 neg
= ((**p
) >> 6) & 1;
41 x
= (x
<< 7) | (uint32_t)(y
& 0x7F);
44 return -(int32_t)~x
- 1;
52 #define T0_VBYTE(x, n) (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) | 0x80)
53 #define T0_FBYTE(x, n) (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)
54 #define T0_SBYTE(x) (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)
55 #define T0_INT1(x) T0_FBYTE(x, 0)
56 #define T0_INT2(x) T0_VBYTE(x, 7), T0_FBYTE(x, 0)
57 #define T0_INT3(x) T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
58 #define T0_INT4(x) T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
59 #define T0_INT5(x) T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
61 /* static const unsigned char t0_datablock[]; */
64 void br_x509_minimal_init_main(void *t0ctx
);
66 void br_x509_minimal_run(void *t0ctx
);
79 * Implementation Notes
80 * --------------------
82 * The C code pushes the data by chunks; all decoding is done in the
83 * T0 code. The cert_length value is set to the certificate length when
84 * a new certificate is started; the T0 code picks it up as outer limit,
85 * and decoding functions use it to ensure that no attempt is made at
86 * reading past it. The T0 code also checks that once the certificate is
87 * decoded, there are no trailing bytes.
89 * The T0 code sets cert_length to 0 when the certificate is fully
92 * The C code must still perform two checks:
94 * -- If the certificate length is 0, then the T0 code will not be
95 * invoked at all. This invalid condition must thus be reported by the
98 * -- When reaching the end of certificate, the C code must verify that
99 * the certificate length has been set to 0, thereby signaling that
100 * the T0 code properly decoded a certificate.
102 * Processing of a chain works in the following way:
104 * -- The error flag is set to a non-zero value when validation is
105 * finished. The value is either BR_ERR_X509_OK (validation is
106 * successful) or another non-zero error code. When a non-zero error
107 * code is obtained, the remaining bytes in the current certificate and
108 * the subsequent certificates (if any) are completely ignored.
110 * -- Each certificate is decoded in due course, with the following
111 * "interesting points":
113 * -- Start of the TBS: the multihash engine is reset and activated.
115 * -- Start of the issuer DN: the secondary hash engine is started,
116 * to process the encoded issuer DN.
118 * -- End of the issuer DN: the secondary hash engine is stopped. The
119 * resulting hash value is computed and then copied into the
120 * next_dn_hash[] buffer.
122 * -- Start of the subject DN: the secondary hash engine is started,
123 * to process the encoded subject DN.
125 * -- For the EE certificate only: the Common Name, if any, is matched
126 * against the expected server name.
128 * -- End of the subject DN: the secondary hash engine is stopped. The
129 * resulting hash value is computed into the pad. It is then processed:
131 * -- If this is the EE certificate, then the hash is ignored
132 * (except for direct trust processing, see later; the hash is
133 * simply left in current_dn_hash[]).
135 * -- Otherwise, the hashed subject DN is compared with the saved
136 * hash value (in saved_dn_hash[]). They must match.
138 * Either way, the next_dn_hash[] value is then copied into the
139 * saved_dn_hash[] value. Thus, at that point, saved_dn_hash[]
140 * contains the hash of the issuer DN for the current certificate,
141 * and current_dn_hash[] contains the hash of the subject DN for the
142 * current certificate.
144 * -- Public key: it is decoded into the cert_pkey[] buffer. Unknown
145 * key types are reported at that point.
147 * -- If this is the EE certificate, then the key type is compared
148 * with the expected key type (initialization parameter). The public
149 * key data is copied to ee_pkey_data[]. The key and hashed subject
150 * DN are also compared with the "direct trust" keys; if the key
151 * and DN are matched, then validation ends with a success.
153 * -- Otherwise, the saved signature (cert_sig[]) is verified
154 * against the saved TBS hash (tbs_hash[]) and that freshly
155 * decoded public key. Failure here ends validation with an error.
157 * -- Extensions: extension values are processed in due order.
159 * -- Basic Constraints: for all certificates except EE, must be
160 * present, indicate a CA, and have a path legnth compatible with
161 * the chain length so far.
163 * -- Key Usage: for the EE, if present, must allow signatures
164 * or encryption/key exchange, as required for the cipher suite.
165 * For non-EE, if present, must have the "certificate sign" bit.
167 * -- Subject Alt Name: for the EE, dNSName names are matched
168 * against the server name. Ignored for non-EE.
170 * -- Authority Key Identifier, Subject Key Identifier, Issuer
171 * Alt Name, Subject Directory Attributes, CRL Distribution Points
172 * Freshest CRL, Authority Info Access and Subject Info Access
173 * extensions are always ignored: they either contain only
174 * informative data, or they relate to revocation processing, which
175 * we explicitly do not support.
177 * -- All other extensions are ignored if non-critical. If a
178 * critical extension other than the ones above is encountered,
179 * then a failure is reported.
181 * -- End of the TBS: the multihash engine is stopped.
183 * -- Signature algorithm: the signature algorithm on the
184 * certificate is decoded. A failure is reported if that algorithm
185 * is unknown. The hashed TBS corresponding to the signature hash
186 * function is computed and stored in tbs_hash[] (if not supported,
187 * then a failure is reported). The hash OID and length are stored
188 * in cert_sig_hash_oid and cert_sig_hash_len.
190 * -- Signature value: the signature value is copied into the
193 * -- Certificate end: the hashed issuer DN (saved_dn_hash[]) is
194 * looked up in the trust store (CA trust anchors only); for all
195 * that match, the signature (cert_sig[]) is verified against the
196 * anchor public key (hashed TBS is in tbs_hash[]). If one of these
197 * signatures is valid, then validation ends with a success.
199 * -- If the chain end is reached without obtaining a validation success,
200 * then validation is reported as failed.
203 #ifndef BR_USE_UNIX_TIME
204 #if defined __unix__ || defined __linux__ \
205 || defined _POSIX_SOURCE || defined _POSIX_C_SOURCE \
206 || (defined __APPLE__ && defined __MACH__)
207 #define BR_USE_UNIX_TIME 1
211 #ifndef BR_USE_WIN32_TIME
212 #if defined _WIN32 || defined _WIN64
213 #define BR_USE_WIN32_TIME 1
221 #if BR_USE_WIN32_TIME
225 void br_x509_minimal_init_main(void *ctx
);
226 void br_x509_minimal_run(void *ctx
);
228 /* see bearssl_x509.h */
230 br_x509_minimal_init(br_x509_minimal_context
*ctx
,
231 const br_hash_class
*dn_hash_impl
,
232 const br_x509_trust_anchor
*trust_anchors
, size_t trust_anchors_num
)
234 memset(ctx
, 0, sizeof *ctx
);
235 ctx
->vtable
= &br_x509_minimal_vtable
;
236 ctx
->dn_hash_impl
= dn_hash_impl
;
237 ctx
->trust_anchors
= trust_anchors
;
238 ctx
->trust_anchors_num
= trust_anchors_num
;
242 xm_start_chain(const br_x509_class
**ctx
, const char *server_name
)
244 br_x509_minimal_context
*cc
;
247 cc
= (br_x509_minimal_context
*)ctx
;
248 for (u
= 0; u
< cc
->num_name_elts
; u
++) {
249 cc
->name_elts
[u
].status
= 0;
250 cc
->name_elts
[u
].buf
[0] = 0;
252 memset(&cc
->pkey
, 0, sizeof cc
->pkey
);
255 cc
->cpu
.dp
= cc
->dp_stack
;
256 cc
->cpu
.rp
= cc
->rp_stack
;
257 br_x509_minimal_init_main(&cc
->cpu
);
258 if (server_name
== NULL
|| *server_name
== 0) {
259 cc
->server_name
= NULL
;
261 cc
->server_name
= server_name
;
266 xm_start_cert(const br_x509_class
**ctx
, uint32_t length
)
268 br_x509_minimal_context
*cc
;
270 cc
= (br_x509_minimal_context
*)ctx
;
275 cc
->err
= BR_ERR_X509_TRUNCATED
;
278 cc
->cert_length
= length
;
282 xm_append(const br_x509_class
**ctx
, const unsigned char *buf
, size_t len
)
284 br_x509_minimal_context
*cc
;
286 cc
= (br_x509_minimal_context
*)ctx
;
292 br_x509_minimal_run(&cc
->cpu
);
296 xm_end_cert(const br_x509_class
**ctx
)
298 br_x509_minimal_context
*cc
;
300 cc
= (br_x509_minimal_context
*)ctx
;
301 if (cc
->err
== 0 && cc
->cert_length
!= 0) {
302 cc
->err
= BR_ERR_X509_TRUNCATED
;
308 xm_end_chain(const br_x509_class
**ctx
)
310 br_x509_minimal_context
*cc
;
312 cc
= (br_x509_minimal_context
*)ctx
;
314 if (cc
->num_certs
== 0) {
315 cc
->err
= BR_ERR_X509_EMPTY_CHAIN
;
317 cc
->err
= BR_ERR_X509_NOT_TRUSTED
;
319 } else if (cc
->err
== BR_ERR_X509_OK
) {
322 return (unsigned)cc
->err
;
325 static const br_x509_pkey
*
326 xm_get_pkey(const br_x509_class
*const *ctx
, unsigned *usages
)
328 br_x509_minimal_context
*cc
;
330 cc
= (br_x509_minimal_context
*)ctx
;
331 if (cc
->err
== BR_ERR_X509_OK
332 || cc
->err
== BR_ERR_X509_NOT_TRUSTED
)
334 if (usages
!= NULL
) {
335 *usages
= cc
->key_usages
;
337 return &((br_x509_minimal_context
*)ctx
)->pkey
;
343 /* see bearssl_x509.h */
344 const br_x509_class br_x509_minimal_vtable
= {
345 sizeof(br_x509_minimal_context
),
354 #define CTX ((br_x509_minimal_context *)((unsigned char *)t0ctx - offsetof(br_x509_minimal_context, cpu)))
355 #define CONTEXT_NAME br_x509_minimal_context
357 #define DNHASH_LEN ((CTX->dn_hash_impl->desc >> BR_HASHDESC_OUT_OFF) & BR_HASHDESC_OUT_MASK)
360 * Hash a DN (from a trust anchor) into the provided buffer. This uses the
361 * DN hash implementation and context structure from the X.509 engine
365 hash_dn(br_x509_minimal_context
*ctx
, const void *dn
, size_t len
,
368 ctx
->dn_hash_impl
->init(&ctx
->dn_hash
.vtable
);
369 ctx
->dn_hash_impl
->update(&ctx
->dn_hash
.vtable
, dn
, len
);
370 ctx
->dn_hash_impl
->out(&ctx
->dn_hash
.vtable
, out
);
374 * Compare two big integers for equality. The integers use unsigned big-endian
375 * encoding; extra leading bytes (of value 0) are allowed.
378 eqbigint(const unsigned char *b1
, size_t len1
,
379 const unsigned char *b2
, size_t len2
)
381 while (len1
> 0 && *b1
== 0) {
385 while (len2
> 0 && *b2
== 0) {
392 return memcmp(b1
, b2
, len1
) == 0;
396 * Compare two strings for equality, in a case-insensitive way. This
397 * function handles casing only for ASCII letters.
400 eqnocase(const void *s1
, const void *s2
, size_t len
)
402 const unsigned char *buf1
, *buf2
;
411 if (x1
>= 'A' && x1
<= 'Z') {
414 if (x2
>= 'A' && x2
<= 'Z') {
424 static int verify_signature(br_x509_minimal_context
*ctx
,
425 const br_x509_pkey
*pk
);
429 static const unsigned char t0_datablock
[] = {
430 0x00, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x09,
431 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x09, 0x2A, 0x86,
432 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0E, 0x09, 0x2A, 0x86, 0x48, 0x86,
433 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
434 0x01, 0x01, 0x0C, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01,
435 0x0D, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A, 0x09, 0x60, 0x86, 0x48, 0x01,
436 0x65, 0x03, 0x04, 0x02, 0x04, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
437 0x04, 0x02, 0x01, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02,
438 0x02, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x07,
439 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x08, 0x2A, 0x86, 0x48, 0xCE,
440 0x3D, 0x03, 0x01, 0x07, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22, 0x05, 0x2B,
441 0x81, 0x04, 0x00, 0x23, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x01,
442 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x01, 0x08, 0x2A, 0x86,
443 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D,
444 0x04, 0x03, 0x03, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x04,
445 0x03, 0x55, 0x04, 0x03, 0x00, 0x1F, 0x03, 0xFC, 0x07, 0x7F, 0x0B, 0x5E,
446 0x0F, 0x1F, 0x12, 0xFE, 0x16, 0xBF, 0x1A, 0x9F, 0x1E, 0x7E, 0x22, 0x3F,
447 0x26, 0x1E, 0x29, 0xDF, 0x00, 0x1F, 0x03, 0xFD, 0x07, 0x9F, 0x0B, 0x7E,
448 0x0F, 0x3F, 0x13, 0x1E, 0x16, 0xDF, 0x1A, 0xBF, 0x1E, 0x9E, 0x22, 0x5F,
449 0x26, 0x3E, 0x29, 0xFF, 0x03, 0x55, 0x1D, 0x13, 0x03, 0x55, 0x1D, 0x0F,
450 0x03, 0x55, 0x1D, 0x11, 0x03, 0x55, 0x1D, 0x23, 0x03, 0x55, 0x1D, 0x0E,
451 0x03, 0x55, 0x1D, 0x12, 0x03, 0x55, 0x1D, 0x09, 0x03, 0x55, 0x1D, 0x1F,
452 0x03, 0x55, 0x1D, 0x2E, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01,
453 0x01, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x0B
456 static const unsigned char t0_codeblock
[] = {
457 0x00, 0x01, 0x00, 0x0D, 0x00, 0x00, 0x01, 0x00, 0x10, 0x00, 0x00, 0x01,
458 0x00, 0x11, 0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x01, 0x0A,
459 0x00, 0x00, 0x24, 0x24, 0x00, 0x00, 0x01,
460 T0_INT1(BR_ERR_X509_BAD_BOOLEAN
), 0x00, 0x00, 0x01,
461 T0_INT1(BR_ERR_X509_BAD_DN
), 0x00, 0x00, 0x01,
462 T0_INT1(BR_ERR_X509_BAD_SERVER_NAME
), 0x00, 0x00, 0x01,
463 T0_INT1(BR_ERR_X509_BAD_TAG_CLASS
), 0x00, 0x00, 0x01,
464 T0_INT1(BR_ERR_X509_BAD_TAG_VALUE
), 0x00, 0x00, 0x01,
465 T0_INT1(BR_ERR_X509_BAD_TIME
), 0x00, 0x00, 0x01,
466 T0_INT1(BR_ERR_X509_CRITICAL_EXTENSION
), 0x00, 0x00, 0x01,
467 T0_INT1(BR_ERR_X509_DN_MISMATCH
), 0x00, 0x00, 0x01,
468 T0_INT1(BR_ERR_X509_EXPIRED
), 0x00, 0x00, 0x01,
469 T0_INT1(BR_ERR_X509_EXTRA_ELEMENT
), 0x00, 0x00, 0x01,
470 T0_INT1(BR_ERR_X509_FORBIDDEN_KEY_USAGE
), 0x00, 0x00, 0x01,
471 T0_INT1(BR_ERR_X509_INDEFINITE_LENGTH
), 0x00, 0x00, 0x01,
472 T0_INT1(BR_ERR_X509_INNER_TRUNC
), 0x00, 0x00, 0x01,
473 T0_INT1(BR_ERR_X509_LIMIT_EXCEEDED
), 0x00, 0x00, 0x01,
474 T0_INT1(BR_ERR_X509_NOT_CA
), 0x00, 0x00, 0x01,
475 T0_INT1(BR_ERR_X509_NOT_CONSTRUCTED
), 0x00, 0x00, 0x01,
476 T0_INT1(BR_ERR_X509_NOT_PRIMITIVE
), 0x00, 0x00, 0x01,
477 T0_INT1(BR_ERR_X509_OVERFLOW
), 0x00, 0x00, 0x01,
478 T0_INT1(BR_ERR_X509_PARTIAL_BYTE
), 0x00, 0x00, 0x01,
479 T0_INT1(BR_ERR_X509_UNEXPECTED
), 0x00, 0x00, 0x01,
480 T0_INT1(BR_ERR_X509_UNSUPPORTED
), 0x00, 0x00, 0x01,
481 T0_INT1(BR_ERR_X509_WEAK_PUBLIC_KEY
), 0x00, 0x00, 0x01,
482 T0_INT1(BR_KEYTYPE_EC
), 0x00, 0x00, 0x01, T0_INT1(BR_KEYTYPE_RSA
),
483 0x00, 0x00, 0x01, T0_INT2(offsetof(CONTEXT_NAME
, cert_length
)), 0x00,
484 0x00, 0x01, T0_INT2(offsetof(CONTEXT_NAME
, cert_sig
)), 0x00, 0x00,
485 0x01, T0_INT2(offsetof(CONTEXT_NAME
, cert_sig_hash_len
)), 0x00, 0x00,
486 0x01, T0_INT2(offsetof(CONTEXT_NAME
, cert_sig_hash_oid
)), 0x00, 0x00,
487 0x01, T0_INT2(offsetof(CONTEXT_NAME
, cert_sig_len
)), 0x00, 0x00, 0x01,
488 T0_INT2(offsetof(CONTEXT_NAME
, cert_signer_key_type
)), 0x00, 0x00,
489 0x01, T0_INT2(offsetof(CONTEXT_NAME
, current_dn_hash
)), 0x00, 0x00,
490 0x01, T0_INT2(offsetof(CONTEXT_NAME
, key_usages
)), 0x00, 0x00, 0x01,
491 T0_INT2(offsetof(br_x509_minimal_context
, pkey_data
)), 0x01,
492 T0_INT2(BR_X509_BUFSIZE_KEY
), 0x00, 0x00, 0x01,
493 T0_INT2(offsetof(CONTEXT_NAME
, min_rsa_size
)), 0x00, 0x00, 0x01,
494 T0_INT2(offsetof(CONTEXT_NAME
, next_dn_hash
)), 0x00, 0x00, 0x01,
495 T0_INT2(offsetof(CONTEXT_NAME
, num_certs
)), 0x00, 0x00, 0x01,
496 T0_INT2(offsetof(CONTEXT_NAME
, pad
)), 0x00, 0x00, 0x01,
497 T0_INT2(offsetof(CONTEXT_NAME
, saved_dn_hash
)), 0x00, 0x00, 0xC6, 0x71,
498 0x00, 0x00, 0x01, 0x80, 0x73, 0x00, 0x00, 0x01, 0x80, 0x7C, 0x00, 0x00,
499 0x01, 0x81, 0x02, 0x00, 0x00, 0x90, 0x05, 0x05, 0x34, 0x42, 0x01, 0x00,
500 0x00, 0x34, 0x01, 0x0A, 0x0E, 0x09, 0x01, 0x9A, 0xFF, 0xB8, 0x00, 0x0A,
501 0x00, 0x00, 0x01, 0x82, 0x0C, 0x00, 0x00, 0x01, 0x81, 0x74, 0x00, 0x00,
502 0x01, 0x81, 0x68, 0x00, 0x04, 0x03, 0x00, 0x03, 0x01, 0x03, 0x02, 0x03,
503 0x03, 0x02, 0x03, 0x02, 0x01, 0x11, 0x06, 0x07, 0x02, 0x02, 0x02, 0x00,
504 0x0D, 0x04, 0x05, 0x02, 0x03, 0x02, 0x01, 0x0D, 0x00, 0x02, 0x03, 0x00,
505 0x03, 0x01, 0x25, 0x02, 0x01, 0x13, 0x3B, 0x02, 0x00, 0x0F, 0x15, 0x00,
506 0x00, 0x05, 0x02, 0x52, 0x28, 0x00, 0x00, 0x06, 0x02, 0x53, 0x28, 0x00,
507 0x00, 0x01, 0x10, 0x76, 0x00, 0x00, 0x11, 0x05, 0x02, 0x56, 0x28, 0x73,
508 0x00, 0x00, 0x11, 0x05, 0x02, 0x56, 0x28, 0x74, 0x00, 0x00, 0x06, 0x02,
509 0x4C, 0x28, 0x00, 0x00, 0x01, 0x82, 0x04, 0x00, 0x00, 0x25, 0x20, 0x01,
510 0x08, 0x0E, 0x3B, 0x40, 0x20, 0x09, 0x00, 0x09, 0x03, 0x00, 0x5B, 0x2B,
511 0xAC, 0x39, 0xAC, 0xB0, 0x25, 0x01, 0x20, 0x11, 0x06, 0x11, 0x24, 0x73,
512 0xAA, 0xB0, 0x01, 0x02, 0x77, 0xAD, 0x01, 0x02, 0x12, 0x06, 0x02, 0x57,
513 0x28, 0x78, 0xB0, 0x01, 0x02, 0x77, 0xAB, 0xAC, 0xBF, 0x99, 0x65, 0x61,
514 0x21, 0x16, 0xAC, 0xA4, 0x29, 0x69, 0x06, 0x02, 0x4B, 0x28, 0xA4, 0x29,
515 0x71, 0x06, 0x02, 0x4B, 0x28, 0x78, 0x02, 0x00, 0x06, 0x05, 0x9A, 0x03,
516 0x01, 0x04, 0x09, 0x99, 0x61, 0x68, 0x21, 0x27, 0x05, 0x02, 0x4A, 0x28,
517 0x68, 0x65, 0x21, 0x16, 0xAC, 0xAC, 0x9B, 0x05, 0x02, 0x57, 0x28, 0xB9,
518 0x26, 0x06, 0x27, 0xBF, 0xA1, 0xAC, 0x63, 0xA7, 0x03, 0x03, 0x63, 0x3B,
519 0x02, 0x03, 0x09, 0x3B, 0x02, 0x03, 0x0A, 0xA7, 0x03, 0x04, 0x78, 0x64,
520 0x2A, 0x01, 0x81, 0x00, 0x09, 0x02, 0x03, 0x12, 0x06, 0x02, 0x58, 0x28,
521 0x78, 0x5A, 0x03, 0x02, 0x04, 0x3A, 0x87, 0x26, 0x06, 0x34, 0x9B, 0x05,
522 0x02, 0x57, 0x28, 0x6A, 0x26, 0x06, 0x04, 0x01, 0x17, 0x04, 0x12, 0x6B,
523 0x26, 0x06, 0x04, 0x01, 0x18, 0x04, 0x0A, 0x6C, 0x26, 0x06, 0x04, 0x01,
524 0x19, 0x04, 0x02, 0x57, 0x28, 0x03, 0x05, 0x78, 0xA1, 0x25, 0x03, 0x06,
525 0x25, 0x63, 0x34, 0x0D, 0x06, 0x02, 0x50, 0x28, 0xA2, 0x59, 0x03, 0x02,
526 0x04, 0x02, 0x57, 0x28, 0x78, 0x02, 0x00, 0x06, 0x21, 0x02, 0x02, 0x5A,
527 0x30, 0x11, 0x06, 0x08, 0x24, 0x02, 0x03, 0x02, 0x04, 0x1D, 0x04, 0x10,
528 0x59, 0x30, 0x11, 0x06, 0x08, 0x24, 0x02, 0x05, 0x02, 0x06, 0x1C, 0x04,
529 0x03, 0x57, 0x28, 0x24, 0x04, 0x24, 0x02, 0x02, 0x5A, 0x30, 0x11, 0x06,
530 0x08, 0x24, 0x02, 0x03, 0x02, 0x04, 0x23, 0x04, 0x10, 0x59, 0x30, 0x11,
531 0x06, 0x08, 0x24, 0x02, 0x05, 0x02, 0x06, 0x22, 0x04, 0x03, 0x57, 0x28,
532 0x24, 0x25, 0x06, 0x01, 0x28, 0x24, 0x01, 0x00, 0x03, 0x07, 0xB1, 0x01,
533 0x21, 0x8D, 0x01, 0x22, 0x8D, 0x25, 0x01, 0x23, 0x11, 0x06, 0x81, 0x17,
534 0x24, 0x73, 0xAA, 0xAC, 0x25, 0x06, 0x81, 0x0B, 0x01, 0x00, 0x03, 0x08,
535 0xAC, 0x9B, 0x24, 0xB0, 0x25, 0x01, 0x01, 0x11, 0x06, 0x04, 0xA3, 0x03,
536 0x08, 0xB0, 0x01, 0x04, 0x77, 0xAA, 0x70, 0x26, 0x06, 0x0F, 0x02, 0x00,
537 0x06, 0x03, 0xC0, 0x04, 0x05, 0x97, 0x01, 0x7F, 0x03, 0x07, 0x04, 0x80,
538 0x5D, 0x8F, 0x26, 0x06, 0x06, 0x02, 0x00, 0x98, 0x04, 0x80, 0x53, 0xC2,
539 0x26, 0x06, 0x10, 0x02, 0x00, 0x06, 0x09, 0x01, 0x00, 0x03, 0x01, 0x96,
540 0x03, 0x01, 0x04, 0x01, 0xC0, 0x04, 0x3F, 0x6F, 0x26, 0x06, 0x03, 0xC0,
541 0x04, 0x38, 0xC5, 0x26, 0x06, 0x03, 0xC0, 0x04, 0x31, 0x8E, 0x26, 0x06,
542 0x03, 0xC0, 0x04, 0x2A, 0xC3, 0x26, 0x06, 0x03, 0xC0, 0x04, 0x23, 0x79,
543 0x26, 0x06, 0x03, 0xC0, 0x04, 0x1C, 0x84, 0x26, 0x06, 0x03, 0xC0, 0x04,
544 0x15, 0x6E, 0x26, 0x06, 0x03, 0xC0, 0x04, 0x0E, 0xC4, 0x26, 0x06, 0x03,
545 0xC0, 0x04, 0x07, 0x02, 0x08, 0x06, 0x02, 0x49, 0x28, 0xC0, 0x78, 0x78,
546 0x04, 0xFE, 0x71, 0x78, 0x78, 0x04, 0x08, 0x01, 0x7F, 0x11, 0x05, 0x02,
547 0x56, 0x28, 0x24, 0x78, 0x3A, 0x02, 0x00, 0x06, 0x08, 0x02, 0x01, 0x3C,
548 0x2F, 0x05, 0x02, 0x45, 0x28, 0x02, 0x00, 0x06, 0x01, 0x17, 0x02, 0x00,
549 0x02, 0x07, 0x2F, 0x05, 0x02, 0x51, 0x28, 0xB0, 0x75, 0xAA, 0x9B, 0x06,
550 0x80, 0x77, 0xBA, 0x26, 0x06, 0x07, 0x01, 0x02, 0x5A, 0x88, 0x04, 0x80,
551 0x5E, 0xBB, 0x26, 0x06, 0x07, 0x01, 0x03, 0x5A, 0x89, 0x04, 0x80, 0x53,
552 0xBC, 0x26, 0x06, 0x07, 0x01, 0x04, 0x5A, 0x8A, 0x04, 0x80, 0x48, 0xBD,
553 0x26, 0x06, 0x06, 0x01, 0x05, 0x5A, 0x8B, 0x04, 0x3E, 0xBE, 0x26, 0x06,
554 0x06, 0x01, 0x06, 0x5A, 0x8C, 0x04, 0x34, 0x7E, 0x26, 0x06, 0x06, 0x01,
555 0x02, 0x59, 0x88, 0x04, 0x2A, 0x7F, 0x26, 0x06, 0x06, 0x01, 0x03, 0x59,
556 0x89, 0x04, 0x20, 0x80, 0x26, 0x06, 0x06, 0x01, 0x04, 0x59, 0x8A, 0x04,
557 0x16, 0x81, 0x26, 0x06, 0x06, 0x01, 0x05, 0x59, 0x8B, 0x04, 0x0C, 0x82,
558 0x26, 0x06, 0x06, 0x01, 0x06, 0x59, 0x8C, 0x04, 0x02, 0x57, 0x28, 0x5E,
559 0x35, 0x60, 0x37, 0x1B, 0x25, 0x05, 0x02, 0x57, 0x28, 0x5D, 0x37, 0x04,
560 0x02, 0x57, 0x28, 0xBF, 0xA1, 0x25, 0x01, T0_INT2(BR_X509_BUFSIZE_SIG
),
561 0x12, 0x06, 0x02, 0x50, 0x28, 0x25, 0x5F, 0x35, 0x5C, 0xA2, 0x78, 0x78,
562 0x01, 0x00, 0x5B, 0x36, 0x18, 0x00, 0x00, 0x01, 0x30, 0x0A, 0x25, 0x01,
563 0x00, 0x01, 0x09, 0x72, 0x05, 0x02, 0x48, 0x28, 0x00, 0x00, 0x30, 0x30,
564 0x00, 0x00, 0x01, 0x81, 0x08, 0x00, 0x00, 0x01, 0x81, 0x10, 0x00, 0x00,
565 0x01, 0x81, 0x19, 0x00, 0x00, 0x01, 0x81, 0x22, 0x00, 0x00, 0x01, 0x81,
566 0x2B, 0x00, 0x01, 0x7D, 0x01, 0x01, 0x11, 0x3B, 0x01, 0x83, 0xFD, 0x7F,
567 0x11, 0x15, 0x06, 0x03, 0x3B, 0x24, 0x00, 0x3B, 0x25, 0x03, 0x00, 0x25,
568 0xC7, 0x05, 0x04, 0x42, 0x01, 0x00, 0x00, 0x25, 0x01, 0x81, 0x00, 0x0D,
569 0x06, 0x04, 0x94, 0x04, 0x80, 0x49, 0x25, 0x01, 0x90, 0x00, 0x0D, 0x06,
570 0x0F, 0x01, 0x06, 0x14, 0x01, 0x81, 0x40, 0x2F, 0x94, 0x02, 0x00, 0x01,
571 0x00, 0x95, 0x04, 0x33, 0x25, 0x01, 0x83, 0xFF, 0x7F, 0x0D, 0x06, 0x14,
572 0x01, 0x0C, 0x14, 0x01, 0x81, 0x60, 0x2F, 0x94, 0x02, 0x00, 0x01, 0x06,
573 0x95, 0x02, 0x00, 0x01, 0x00, 0x95, 0x04, 0x17, 0x01, 0x12, 0x14, 0x01,
574 0x81, 0x70, 0x2F, 0x94, 0x02, 0x00, 0x01, 0x0C, 0x95, 0x02, 0x00, 0x01,
575 0x06, 0x95, 0x02, 0x00, 0x01, 0x00, 0x95, 0x00, 0x00, 0x01, 0x82, 0x08,
576 0x00, 0x00, 0x25, 0x01, 0x83, 0xB0, 0x00, 0x01, 0x83, 0xB7, 0x7F, 0x72,
577 0x00, 0x00, 0x01, 0x81, 0x34, 0x00, 0x00, 0x01, 0x80, 0x6B, 0x00, 0x00,
578 0x01, 0x3D, 0x00, 0x00, 0x01, 0x80, 0x43, 0x00, 0x00, 0x01, 0x80, 0x4D,
579 0x00, 0x00, 0x01, 0x80, 0x57, 0x00, 0x00, 0x01, 0x80, 0x61, 0x00, 0x00,
580 0x30, 0x11, 0x06, 0x04, 0x42, 0xAA, 0xBF, 0xB1, 0x00, 0x00, 0x01, 0x81,
581 0x7C, 0x00, 0x00, 0x01, 0x81, 0x6C, 0x00, 0x00, 0x25, 0x01, 0x83, 0xB8,
582 0x00, 0x01, 0x83, 0xBF, 0x7F, 0x72, 0x00, 0x00, 0x01, 0x30, 0x62, 0x37,
583 0x01, 0x7F, 0x7B, 0x19, 0x01, 0x00, 0x7B, 0x19, 0x04, 0x7A, 0x00, 0x01,
584 0x81, 0x38, 0x00, 0x01, 0x7D, 0x0D, 0x06, 0x02, 0x4F, 0x28, 0x25, 0x03,
585 0x00, 0x0A, 0x02, 0x00, 0x00, 0x00, 0x30, 0x25, 0x3F, 0x3B, 0x01, 0x82,
586 0x00, 0x13, 0x2F, 0x06, 0x04, 0x42, 0x01, 0x00, 0x00, 0x30, 0x67, 0x09,
587 0x37, 0x40, 0x00, 0x00, 0x14, 0x01, 0x3F, 0x15, 0x01, 0x81, 0x00, 0x2F,
588 0x94, 0x00, 0x02, 0x01, 0x00, 0x03, 0x00, 0xAC, 0x25, 0x06, 0x80, 0x59,
589 0xB0, 0x01, 0x20, 0x30, 0x11, 0x06, 0x17, 0x24, 0x73, 0xAA, 0x9B, 0x24,
590 0x01, 0x7F, 0x2E, 0x03, 0x01, 0xB0, 0x01, 0x20, 0x76, 0xAA, 0xAF, 0x02,
591 0x01, 0x1F, 0x78, 0x78, 0x04, 0x38, 0x01, 0x21, 0x30, 0x11, 0x06, 0x08,
592 0x24, 0x74, 0xB3, 0x01, 0x01, 0x1E, 0x04, 0x2A, 0x01, 0x22, 0x30, 0x11,
593 0x06, 0x11, 0x24, 0x74, 0xB3, 0x25, 0x06, 0x06, 0x2C, 0x02, 0x00, 0x2F,
594 0x03, 0x00, 0x01, 0x02, 0x1E, 0x04, 0x13, 0x01, 0x26, 0x30, 0x11, 0x06,
595 0x08, 0x24, 0x74, 0xB3, 0x01, 0x06, 0x1E, 0x04, 0x05, 0x42, 0xAB, 0x01,
596 0x00, 0x24, 0x04, 0xFF, 0x23, 0x78, 0x02, 0x00, 0x00, 0x00, 0xAC, 0xB1,
597 0x25, 0x01, 0x01, 0x11, 0x06, 0x08, 0xA3, 0x05, 0x02, 0x51, 0x28, 0xB1,
598 0x04, 0x02, 0x51, 0x28, 0x25, 0x01, 0x02, 0x11, 0x06, 0x0C, 0x24, 0x74,
599 0xAD, 0x66, 0x2B, 0x41, 0x0D, 0x06, 0x02, 0x51, 0x28, 0xB1, 0x01, 0x7F,
600 0x10, 0x06, 0x02, 0x56, 0x28, 0x24, 0x78, 0x00, 0x02, 0x03, 0x00, 0xB0,
601 0x01, 0x03, 0x77, 0xAA, 0xB7, 0x03, 0x01, 0x02, 0x01, 0x01, 0x07, 0x12,
602 0x06, 0x02, 0x56, 0x28, 0x25, 0x01, 0x00, 0x30, 0x11, 0x06, 0x05, 0x24,
603 0x4D, 0x28, 0x04, 0x15, 0x01, 0x01, 0x30, 0x11, 0x06, 0x0A, 0x24, 0xB7,
604 0x02, 0x01, 0x14, 0x02, 0x01, 0x0E, 0x04, 0x05, 0x24, 0xB7, 0x01, 0x00,
605 0x24, 0x02, 0x00, 0x06, 0x19, 0x01, 0x00, 0x30, 0x01, 0x38, 0x15, 0x06,
606 0x03, 0x01, 0x10, 0x2F, 0x3B, 0x01, 0x81, 0x40, 0x15, 0x06, 0x03, 0x01,
607 0x20, 0x2F, 0x62, 0x37, 0x04, 0x07, 0x01, 0x04, 0x15, 0x05, 0x02, 0x4D,
608 0x28, 0xBF, 0x00, 0x00, 0x38, 0xAC, 0xBF, 0x1A, 0x00, 0x03, 0x01, 0x00,
609 0x03, 0x00, 0x38, 0xAC, 0x25, 0x06, 0x30, 0xB0, 0x01, 0x11, 0x76, 0xAA,
610 0x25, 0x05, 0x02, 0x44, 0x28, 0x25, 0x06, 0x20, 0xAC, 0x9B, 0x24, 0x86,
611 0x26, 0x03, 0x01, 0x01, 0x00, 0x2E, 0x03, 0x02, 0xAF, 0x25, 0x02, 0x01,
612 0x15, 0x06, 0x07, 0x2C, 0x06, 0x04, 0x01, 0x7F, 0x03, 0x00, 0x02, 0x02,
613 0x1F, 0x78, 0x04, 0x5D, 0x78, 0x04, 0x4D, 0x78, 0x1A, 0x02, 0x00, 0x00,
614 0x00, 0xB0, 0x01, 0x06, 0x77, 0xAE, 0x00, 0x00, 0xB5, 0x85, 0x06, 0x0E,
615 0x3B, 0x25, 0x05, 0x06, 0x42, 0x01, 0x00, 0x01, 0x00, 0x00, 0xB5, 0x6D,
616 0x04, 0x08, 0x90, 0x06, 0x05, 0x24, 0x01, 0x00, 0x04, 0x00, 0x00, 0x00,
617 0xB6, 0x85, 0x06, 0x0E, 0x3B, 0x25, 0x05, 0x06, 0x42, 0x01, 0x00, 0x01,
618 0x00, 0x00, 0xB6, 0x6D, 0x04, 0x08, 0x90, 0x06, 0x05, 0x24, 0x01, 0x00,
619 0x04, 0x00, 0x00, 0x00, 0xB7, 0x25, 0x01, 0x81, 0x00, 0x0D, 0x06, 0x04,
620 0x00, 0x04, 0x80, 0x55, 0x25, 0x01, 0x81, 0x40, 0x0D, 0x06, 0x07, 0x24,
621 0x01, 0x00, 0x00, 0x04, 0x80, 0x47, 0x25, 0x01, 0x81, 0x60, 0x0D, 0x06,
622 0x0E, 0x01, 0x1F, 0x15, 0x01, 0x01, 0xA0, 0x01, 0x81, 0x00, 0x01, 0x8F,
623 0x7F, 0x04, 0x32, 0x25, 0x01, 0x81, 0x70, 0x0D, 0x06, 0x0F, 0x01, 0x0F,
624 0x15, 0x01, 0x02, 0xA0, 0x01, 0x90, 0x00, 0x01, 0x83, 0xFF, 0x7F, 0x04,
625 0x1C, 0x25, 0x01, 0x81, 0x78, 0x0D, 0x06, 0x11, 0x01, 0x07, 0x15, 0x01,
626 0x03, 0xA0, 0x01, 0x84, 0x80, 0x00, 0x01, 0x80, 0xC3, 0xFF, 0x7F, 0x04,
627 0x04, 0x24, 0x01, 0x00, 0x00, 0x72, 0x05, 0x03, 0x24, 0x01, 0x00, 0x00,
628 0x00, 0x3B, 0x25, 0x05, 0x06, 0x42, 0x01, 0x00, 0x01, 0x7F, 0x00, 0xB7,
629 0x34, 0x25, 0x3D, 0x06, 0x03, 0x3B, 0x24, 0x00, 0x01, 0x06, 0x0E, 0x3B,
630 0x25, 0x01, 0x06, 0x14, 0x01, 0x02, 0x10, 0x06, 0x04, 0x42, 0x01, 0x7F,
631 0x00, 0x01, 0x3F, 0x15, 0x09, 0x00, 0x00, 0x25, 0x06, 0x06, 0x0B, 0x9F,
632 0x34, 0x41, 0x04, 0x77, 0x24, 0x25, 0x00, 0x00, 0xB0, 0x01, 0x03, 0x77,
633 0xAA, 0xB7, 0x06, 0x02, 0x55, 0x28, 0x00, 0x00, 0x3B, 0x25, 0x06, 0x07,
634 0x31, 0x25, 0x06, 0x01, 0x19, 0x04, 0x76, 0x42, 0x00, 0x00, 0x01, 0x01,
635 0x77, 0xA9, 0x01, 0x01, 0x10, 0x06, 0x02, 0x43, 0x28, 0xB7, 0x3E, 0x00,
636 0x04, 0xB0, 0x25, 0x01, 0x17, 0x01, 0x18, 0x72, 0x05, 0x02, 0x48, 0x28,
637 0x01, 0x18, 0x11, 0x03, 0x00, 0x74, 0xAA, 0xA5, 0x02, 0x00, 0x06, 0x0C,
638 0x01, 0x80, 0x64, 0x08, 0x03, 0x01, 0xA5, 0x02, 0x01, 0x09, 0x04, 0x0E,
639 0x25, 0x01, 0x32, 0x0D, 0x06, 0x04, 0x01, 0x80, 0x64, 0x09, 0x01, 0x8E,
640 0x6C, 0x09, 0x03, 0x01, 0x02, 0x01, 0x01, 0x82, 0x6D, 0x08, 0x02, 0x01,
641 0x01, 0x03, 0x09, 0x01, 0x04, 0x0C, 0x09, 0x02, 0x01, 0x01, 0x80, 0x63,
642 0x09, 0x01, 0x80, 0x64, 0x0C, 0x0A, 0x02, 0x01, 0x01, 0x83, 0x0F, 0x09,
643 0x01, 0x83, 0x10, 0x0C, 0x09, 0x03, 0x03, 0x01, 0x01, 0x01, 0x0C, 0xA6,
644 0x41, 0x01, 0x01, 0x0E, 0x02, 0x01, 0x01, 0x04, 0x07, 0x3F, 0x02, 0x01,
645 0x01, 0x80, 0x64, 0x07, 0x3E, 0x02, 0x01, 0x01, 0x83, 0x10, 0x07, 0x3F,
646 0x2F, 0x15, 0x06, 0x03, 0x01, 0x18, 0x09, 0x92, 0x09, 0x7A, 0x25, 0x01,
647 0x05, 0x14, 0x02, 0x03, 0x09, 0x03, 0x03, 0x01, 0x1F, 0x15, 0x01, 0x01,
648 0x3B, 0xA6, 0x02, 0x03, 0x09, 0x41, 0x03, 0x03, 0x01, 0x00, 0x01, 0x17,
649 0xA6, 0x01, 0x9C, 0x10, 0x08, 0x03, 0x02, 0x01, 0x00, 0x01, 0x3B, 0xA6,
650 0x01, 0x3C, 0x08, 0x02, 0x02, 0x09, 0x03, 0x02, 0x01, 0x00, 0x01, 0x3C,
651 0xA6, 0x02, 0x02, 0x09, 0x03, 0x02, 0xB7, 0x25, 0x01, 0x2E, 0x11, 0x06,
652 0x0D, 0x24, 0xB7, 0x25, 0x01, 0x30, 0x01, 0x39, 0x72, 0x06, 0x03, 0x24,
653 0x04, 0x74, 0x01, 0x80, 0x5A, 0x10, 0x06, 0x02, 0x48, 0x28, 0x78, 0x02,
654 0x03, 0x02, 0x02, 0x00, 0x01, 0xB7, 0x7C, 0x01, 0x0A, 0x08, 0x03, 0x00,
655 0xB7, 0x7C, 0x02, 0x00, 0x09, 0x00, 0x02, 0x03, 0x00, 0x03, 0x01, 0xA5,
656 0x25, 0x02, 0x01, 0x02, 0x00, 0x72, 0x05, 0x02, 0x48, 0x28, 0x00, 0x00,
657 0x34, 0xB0, 0x01, 0x02, 0x77, 0x0B, 0xA8, 0x00, 0x03, 0x25, 0x03, 0x00,
658 0x03, 0x01, 0x03, 0x02, 0xAA, 0xB7, 0x25, 0x01, 0x81, 0x00, 0x13, 0x06,
659 0x02, 0x54, 0x28, 0x25, 0x01, 0x00, 0x11, 0x06, 0x0B, 0x24, 0x25, 0x05,
660 0x04, 0x24, 0x01, 0x00, 0x00, 0xB7, 0x04, 0x6F, 0x02, 0x01, 0x25, 0x05,
661 0x02, 0x50, 0x28, 0x41, 0x03, 0x01, 0x02, 0x02, 0x37, 0x02, 0x02, 0x40,
662 0x03, 0x02, 0x25, 0x06, 0x03, 0xB7, 0x04, 0x68, 0x24, 0x02, 0x00, 0x02,
663 0x01, 0x0A, 0x00, 0x01, 0xB7, 0x25, 0x01, 0x81, 0x00, 0x0D, 0x06, 0x01,
664 0x00, 0x01, 0x81, 0x00, 0x0A, 0x25, 0x05, 0x02, 0x4E, 0x28, 0x03, 0x00,
665 0x01, 0x00, 0x02, 0x00, 0x01, 0x00, 0x12, 0x06, 0x19, 0x02, 0x00, 0x41,
666 0x03, 0x00, 0x25, 0x01, 0x83, 0xFF, 0xFF, 0x7F, 0x12, 0x06, 0x02, 0x4F,
667 0x28, 0x01, 0x08, 0x0E, 0x3B, 0xB7, 0x34, 0x09, 0x04, 0x60, 0x00, 0x00,
668 0xA9, 0x93, 0x00, 0x00, 0xAA, 0xBF, 0x00, 0x00, 0xB0, 0x75, 0xAA, 0x00,
669 0x01, 0xAA, 0x25, 0x05, 0x02, 0x54, 0x28, 0xB7, 0x25, 0x01, 0x81, 0x00,
670 0x13, 0x06, 0x02, 0x54, 0x28, 0x03, 0x00, 0x25, 0x06, 0x16, 0xB7, 0x02,
671 0x00, 0x25, 0x01, 0x87, 0xFF, 0xFF, 0x7F, 0x13, 0x06, 0x02, 0x54, 0x28,
672 0x01, 0x08, 0x0E, 0x09, 0x03, 0x00, 0x04, 0x67, 0x24, 0x02, 0x00, 0x00,
673 0x00, 0xAA, 0x25, 0x01, 0x81, 0x7F, 0x12, 0x06, 0x08, 0xBF, 0x01, 0x00,
674 0x67, 0x37, 0x01, 0x00, 0x00, 0x25, 0x67, 0x37, 0x67, 0x40, 0xA2, 0x01,
675 0x7F, 0x00, 0x00, 0xB0, 0x01, 0x0C, 0x30, 0x11, 0x06, 0x05, 0x24, 0x74,
676 0xB3, 0x04, 0x3E, 0x01, 0x12, 0x30, 0x11, 0x06, 0x05, 0x24, 0x74, 0xB4,
677 0x04, 0x33, 0x01, 0x13, 0x30, 0x11, 0x06, 0x05, 0x24, 0x74, 0xB4, 0x04,
678 0x28, 0x01, 0x14, 0x30, 0x11, 0x06, 0x05, 0x24, 0x74, 0xB4, 0x04, 0x1D,
679 0x01, 0x16, 0x30, 0x11, 0x06, 0x05, 0x24, 0x74, 0xB4, 0x04, 0x12, 0x01,
680 0x1E, 0x30, 0x11, 0x06, 0x05, 0x24, 0x74, 0xB2, 0x04, 0x07, 0x42, 0xAB,
681 0x01, 0x00, 0x01, 0x00, 0x24, 0x00, 0x01, 0xB7, 0x03, 0x00, 0x02, 0x00,
682 0x01, 0x05, 0x14, 0x01, 0x01, 0x15, 0x2D, 0x02, 0x00, 0x01, 0x06, 0x14,
683 0x25, 0x01, 0x01, 0x15, 0x06, 0x02, 0x46, 0x28, 0x01, 0x04, 0x0E, 0x02,
684 0x00, 0x01, 0x1F, 0x15, 0x25, 0x01, 0x1F, 0x11, 0x06, 0x02, 0x47, 0x28,
685 0x09, 0x00, 0x00, 0x25, 0x05, 0x05, 0x01, 0x00, 0x01, 0x7F, 0x00, 0xB0,
686 0x00, 0x01, 0xAA, 0x25, 0x05, 0x05, 0x67, 0x37, 0x01, 0x7F, 0x00, 0x01,
687 0x01, 0x03, 0x00, 0x9C, 0x25, 0x01, 0x83, 0xFF, 0x7E, 0x11, 0x06, 0x16,
688 0x24, 0x25, 0x06, 0x10, 0x9D, 0x25, 0x05, 0x05, 0x24, 0xBF, 0x01, 0x00,
689 0x00, 0x02, 0x00, 0x83, 0x03, 0x00, 0x04, 0x6D, 0x04, 0x1B, 0x25, 0x05,
690 0x05, 0x24, 0xBF, 0x01, 0x00, 0x00, 0x02, 0x00, 0x83, 0x03, 0x00, 0x25,
691 0x06, 0x0B, 0x9C, 0x25, 0x05, 0x05, 0x24, 0xBF, 0x01, 0x00, 0x00, 0x04,
692 0x6D, 0x24, 0x02, 0x00, 0x25, 0x05, 0x01, 0x00, 0x41, 0x67, 0x37, 0x01,
693 0x7F, 0x00, 0x01, 0xAA, 0x01, 0x01, 0x03, 0x00, 0x25, 0x06, 0x10, 0x9E,
694 0x25, 0x05, 0x05, 0x24, 0xBF, 0x01, 0x00, 0x00, 0x02, 0x00, 0x83, 0x03,
695 0x00, 0x04, 0x6D, 0x24, 0x02, 0x00, 0x25, 0x05, 0x01, 0x00, 0x41, 0x67,
696 0x37, 0x01, 0x7F, 0x00, 0x01, 0xAA, 0x01, 0x01, 0x03, 0x00, 0x25, 0x06,
697 0x10, 0xB7, 0x25, 0x05, 0x05, 0x24, 0xBF, 0x01, 0x00, 0x00, 0x02, 0x00,
698 0x83, 0x03, 0x00, 0x04, 0x6D, 0x24, 0x02, 0x00, 0x25, 0x05, 0x01, 0x00,
699 0x41, 0x67, 0x37, 0x01, 0x7F, 0x00, 0x00, 0xB7, 0x01, 0x08, 0x0E, 0x3B,
700 0xB7, 0x34, 0x09, 0x00, 0x00, 0xB7, 0x3B, 0xB7, 0x01, 0x08, 0x0E, 0x34,
701 0x09, 0x00, 0x00, 0x25, 0x05, 0x02, 0x4F, 0x28, 0x41, 0xB8, 0x00, 0x00,
702 0x32, 0x25, 0x01, 0x00, 0x13, 0x06, 0x01, 0x00, 0x24, 0x19, 0x04, 0x74,
703 0x00, 0x01, 0x01, 0x00, 0x00, 0x01, 0x0B, 0x00, 0x00, 0x01, 0x15, 0x00,
704 0x00, 0x01, 0x1F, 0x00, 0x00, 0x01, 0x29, 0x00, 0x00, 0x01, 0x33, 0x00,
705 0x00, 0xC0, 0x24, 0x00, 0x00, 0x25, 0x06, 0x07, 0xC1, 0x25, 0x06, 0x01,
706 0x19, 0x04, 0x76, 0x00, 0x00, 0x01, 0x00, 0x30, 0x31, 0x0B, 0x42, 0x00,
707 0x00, 0x01, 0x81, 0x70, 0x00, 0x00, 0x01, 0x82, 0x00, 0x00, 0x00, 0x01,
708 0x82, 0x15, 0x00, 0x00, 0x01, 0x81, 0x78, 0x00, 0x00, 0x01, 0x03, 0x33,
709 0x01, 0x03, 0x33, 0x00, 0x00, 0x25, 0x01, 0x83, 0xFB, 0x50, 0x01, 0x83,
710 0xFD, 0x5F, 0x72, 0x06, 0x04, 0x24, 0x01, 0x00, 0x00, 0x25, 0x01, 0x83,
711 0xB0, 0x00, 0x01, 0x83, 0xBF, 0x7F, 0x72, 0x06, 0x04, 0x24, 0x01, 0x00,
712 0x00, 0x01, 0x83, 0xFF, 0x7F, 0x15, 0x01, 0x83, 0xFF, 0x7E, 0x0D, 0x00
715 static const uint16_t t0_caddr
[] = {
857 #define T0_INTERPRETED 61
859 #define T0_ENTER(ip, rp, slot) do { \
860 const unsigned char *t0_newip; \
862 t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \
863 t0_lnum = t0_parse7E_unsigned(&t0_newip); \
865 *((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \
869 #define T0_DEFENTRY(name, slot) \
873 t0_context *t0ctx = ctx; \
874 t0ctx->ip = &t0_codeblock[0]; \
875 T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \
878 T0_DEFENTRY(br_x509_minimal_init_main
, 145)
880 #define T0_NEXT(t0ipp) (*(*(t0ipp)) ++)
883 br_x509_minimal_run(void *t0ctx
)
886 const unsigned char *ip
;
888 #define T0_LOCAL(x) (*(rp - 2 - (x)))
889 #define T0_POP() (*-- dp)
890 #define T0_POPi() (*(int32_t *)(-- dp))
891 #define T0_PEEK(x) (*(dp - 1 - (x)))
892 #define T0_PEEKi(x) (*(int32_t *)(dp - 1 - (x)))
893 #define T0_PUSH(v) do { *dp = (v); dp ++; } while (0)
894 #define T0_PUSHi(v) do { *(int32_t *)dp = (v); dp ++; } while (0)
895 #define T0_RPOP() (*-- rp)
896 #define T0_RPOPi() (*(int32_t *)(-- rp))
897 #define T0_RPUSH(v) do { *rp = (v); rp ++; } while (0)
898 #define T0_RPUSHi(v) do { *(int32_t *)rp = (v); rp ++; } while (0)
899 #define T0_ROLL(x) do { \
900 size_t t0len = (size_t)(x); \
901 uint32_t t0tmp = *(dp - 1 - t0len); \
902 memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \
905 #define T0_SWAP() do { \
906 uint32_t t0tmp = *(dp - 2); \
907 *(dp - 2) = *(dp - 1); \
910 #define T0_ROT() do { \
911 uint32_t t0tmp = *(dp - 3); \
912 *(dp - 3) = *(dp - 2); \
913 *(dp - 2) = *(dp - 1); \
916 #define T0_NROT() do { \
917 uint32_t t0tmp = *(dp - 1); \
918 *(dp - 1) = *(dp - 2); \
919 *(dp - 2) = *(dp - 3); \
922 #define T0_PICK(x) do { \
923 uint32_t t0depth = (x); \
924 T0_PUSH(T0_PEEK(t0depth)); \
926 #define T0_CO() do { \
929 #define T0_RET() goto t0_next
931 dp
= ((t0_context
*)t0ctx
)->dp
;
932 rp
= ((t0_context
*)t0ctx
)->rp
;
933 ip
= ((t0_context
*)t0ctx
)->ip
;
940 if (t0x
< T0_INTERPRETED
) {
952 ip
= &t0_codeblock
[t0x
];
954 case 1: /* literal constant */
955 T0_PUSHi(t0_parse7E_signed(&ip
));
957 case 2: /* read local */
958 T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip
)));
960 case 3: /* write local */
961 T0_LOCAL(t0_parse7E_unsigned(&ip
)) = T0_POP();
964 t0off
= t0_parse7E_signed(&ip
);
967 case 5: /* jump if */
968 t0off
= t0_parse7E_signed(&ip
);
973 case 6: /* jump if not */
974 t0off
= t0_parse7E_signed(&ip
);
982 int32_t b
= T0_POPi();
983 int32_t a
= T0_POPi();
991 uint32_t b
= T0_POP();
992 uint32_t a
= T0_POP();
1000 uint32_t b
= T0_POP();
1001 uint32_t a
= T0_POP();
1009 uint32_t b
= T0_POP();
1010 uint32_t a
= T0_POP();
1023 int32_t b
= T0_POPi();
1024 int32_t a
= T0_POPi();
1032 int32_t b
= T0_POPi();
1033 int32_t a
= T0_POPi();
1034 T0_PUSH(-(uint32_t)(a
< b
));
1041 int c
= (int)T0_POPi();
1042 uint32_t x
= T0_POP();
1050 int32_t b
= T0_POPi();
1051 int32_t a
= T0_POPi();
1052 T0_PUSH(-(uint32_t)(a
<= b
));
1059 uint32_t b
= T0_POP();
1060 uint32_t a
= T0_POP();
1061 T0_PUSH(-(uint32_t)(a
!= b
));
1068 uint32_t b
= T0_POP();
1069 uint32_t a
= T0_POP();
1070 T0_PUSH(-(uint32_t)(a
== b
));
1077 int32_t b
= T0_POPi();
1078 int32_t a
= T0_POPi();
1079 T0_PUSH(-(uint32_t)(a
> b
));
1086 int32_t b
= T0_POPi();
1087 int32_t a
= T0_POPi();
1088 T0_PUSH(-(uint32_t)(a
>= b
));
1095 int c
= (int)T0_POPi();
1096 int32_t x
= T0_POPi();
1104 uint32_t b
= T0_POP();
1105 uint32_t a
= T0_POP();
1113 size_t len
= T0_POP();
1114 unsigned char *src
= (unsigned char *)CTX
+ T0_POP();
1115 unsigned char *dst
= (unsigned char *)CTX
+ T0_POP();
1116 memcpy(dst
, src
, len
);
1121 /* check-direct-trust */
1125 for (u
= 0; u
< CTX
->trust_anchors_num
; u
++) {
1126 const br_x509_trust_anchor
*ta
;
1127 unsigned char hashed_DN
[64];
1130 ta
= &CTX
->trust_anchors
[u
];
1131 if (ta
->flags
& BR_X509_TA_CA
) {
1134 hash_dn(CTX
, ta
->dn
.data
, ta
->dn
.len
, hashed_DN
);
1135 if (memcmp(hashed_DN
, CTX
->current_dn_hash
, DNHASH_LEN
)) {
1138 kt
= CTX
->pkey
.key_type
;
1139 if ((ta
->pkey
.key_type
& 0x0F) != kt
) {
1144 case BR_KEYTYPE_RSA
:
1145 if (!eqbigint(CTX
->pkey
.key
.rsa
.n
,
1146 CTX
->pkey
.key
.rsa
.nlen
,
1148 ta
->pkey
.key
.rsa
.nlen
)
1149 || !eqbigint(CTX
->pkey
.key
.rsa
.e
,
1150 CTX
->pkey
.key
.rsa
.elen
,
1152 ta
->pkey
.key
.rsa
.elen
))
1159 if (CTX
->pkey
.key
.ec
.curve
!= ta
->pkey
.key
.ec
.curve
1160 || CTX
->pkey
.key
.ec
.qlen
!= ta
->pkey
.key
.ec
.qlen
1161 || memcmp(CTX
->pkey
.key
.ec
.q
,
1163 ta
->pkey
.key
.ec
.qlen
) != 0)
1174 * Direct trust match!
1176 CTX
->err
= BR_ERR_X509_OK
;
1183 /* check-trust-anchor-CA */
1187 for (u
= 0; u
< CTX
->trust_anchors_num
; u
++) {
1188 const br_x509_trust_anchor
*ta
;
1189 unsigned char hashed_DN
[64];
1191 ta
= &CTX
->trust_anchors
[u
];
1192 if (!(ta
->flags
& BR_X509_TA_CA
)) {
1195 hash_dn(CTX
, ta
->dn
.data
, ta
->dn
.len
, hashed_DN
);
1196 if (memcmp(hashed_DN
, CTX
->saved_dn_hash
, DNHASH_LEN
)) {
1199 if (verify_signature(CTX
, &ta
->pkey
) == 0) {
1200 CTX
->err
= BR_ERR_X509_OK
;
1213 /* compute-dn-hash */
1215 CTX
->dn_hash_impl
->out(&CTX
->dn_hash
.vtable
, CTX
->current_dn_hash
);
1216 CTX
->do_dn_hash
= 0;
1221 /* compute-tbs-hash */
1225 len
= br_multihash_out(&CTX
->mhash
, id
, CTX
->tbs_hash
);
1231 /* copy-ee-ec-pkey */
1233 size_t qlen
= T0_POP();
1234 uint32_t curve
= T0_POP();
1235 memcpy(CTX
->ee_pkey_data
, CTX
->pkey_data
, qlen
);
1236 CTX
->pkey
.key_type
= BR_KEYTYPE_EC
;
1237 CTX
->pkey
.key
.ec
.curve
= curve
;
1238 CTX
->pkey
.key
.ec
.q
= CTX
->ee_pkey_data
;
1239 CTX
->pkey
.key
.ec
.qlen
= qlen
;
1244 /* copy-ee-rsa-pkey */
1246 size_t elen
= T0_POP();
1247 size_t nlen
= T0_POP();
1248 memcpy(CTX
->ee_pkey_data
, CTX
->pkey_data
, nlen
+ elen
);
1249 CTX
->pkey
.key_type
= BR_KEYTYPE_RSA
;
1250 CTX
->pkey
.key
.rsa
.n
= CTX
->ee_pkey_data
;
1251 CTX
->pkey
.key
.rsa
.nlen
= nlen
;
1252 CTX
->pkey
.key
.rsa
.e
= CTX
->ee_pkey_data
+ nlen
;
1253 CTX
->pkey
.key
.rsa
.elen
= elen
;
1260 unsigned tag
= T0_POP();
1261 unsigned ok
= T0_POP();
1265 for (u
= 0; u
< CTX
->num_name_elts
; u
++) {
1266 br_name_element
*ne
;
1268 ne
= &CTX
->name_elts
[u
];
1269 if (ne
->status
== 0 && ne
->oid
[0] == 0 && ne
->oid
[1] == tag
) {
1270 if (ok
&& ne
->len
> len
) {
1271 memcpy(ne
->buf
, CTX
->pad
+ 1, len
);
1284 /* copy-name-element */
1287 int32_t off
= T0_POPi();
1291 br_name_element
*ne
= &CTX
->name_elts
[off
];
1295 if (len
< ne
->len
) {
1296 memcpy(ne
->buf
, CTX
->pad
+ 1, len
);
1312 size_t addr
= T0_POP();
1313 T0_PUSH(t0_datablock
[addr
]);
1318 /* dn-hash-length */
1320 T0_PUSH(DNHASH_LEN
);
1327 size_t qlen
= T0_POP();
1328 int curve
= T0_POP();
1331 pk
.key_type
= BR_KEYTYPE_EC
;
1332 pk
.key
.ec
.curve
= curve
;
1333 pk
.key
.ec
.q
= CTX
->pkey_data
;
1334 pk
.key
.ec
.qlen
= qlen
;
1335 T0_PUSH(verify_signature(CTX
, &pk
));
1342 size_t elen
= T0_POP();
1343 size_t nlen
= T0_POP();
1346 pk
.key_type
= BR_KEYTYPE_RSA
;
1347 pk
.key
.rsa
.n
= CTX
->pkey_data
;
1348 pk
.key
.rsa
.nlen
= nlen
;
1349 pk
.key
.rsa
.e
= CTX
->pkey_data
+ nlen
;
1350 pk
.key
.rsa
.elen
= elen
;
1351 T0_PUSH(verify_signature(CTX
, &pk
));
1362 T0_PUSH(T0_PEEK(0));
1368 const unsigned char *a2
= &t0_datablock
[T0_POP()];
1369 const unsigned char *a1
= &CTX
->pad
[0];
1373 x
= -(memcmp(a1
+ 1, a2
+ 1, len
) == 0);
1377 T0_PUSH((uint32_t)x
);
1384 size_t len
= T0_POP();
1385 const unsigned char *a2
= (const unsigned char *)CTX
+ T0_POP();
1386 const unsigned char *a1
= (const unsigned char *)CTX
+ T0_POP();
1387 T0_PUSHi(-(memcmp(a1
, a2
, len
) == 0));
1394 CTX
->err
= T0_POPi();
1400 /* get-system-date */
1402 if (CTX
->days
== 0 && CTX
->seconds
== 0) {
1403 #if BR_USE_UNIX_TIME
1404 time_t x
= time(NULL
);
1406 T0_PUSH((uint32_t)(x
/ 86400) + 719528);
1407 T0_PUSH((uint32_t)(x
% 86400));
1408 #elif BR_USE_WIN32_TIME
1412 GetSystemTimeAsFileTime(&ft
);
1413 x
= ((uint64_t)ft
.dwHighDateTime
<< 32)
1414 + (uint64_t)ft
.dwLowDateTime
;
1416 T0_PUSH((uint32_t)(x
/ 86400) + 584754);
1417 T0_PUSH((uint32_t)(x
% 86400));
1419 CTX
->err
= BR_ERR_X509_TIME_UNKNOWN
;
1424 T0_PUSH(CTX
->seconds
);
1432 uint32_t addr
= T0_POP();
1433 T0_PUSH(*(uint16_t *)((unsigned char *)CTX
+ addr
));
1440 uint32_t addr
= T0_POP();
1441 T0_PUSH(*(uint32_t *)((unsigned char *)CTX
+ addr
));
1446 /* match-server-name */
1450 if (CTX
->server_name
== NULL
) {
1454 n1
= strlen(CTX
->server_name
);
1456 if (n1
== n2
&& eqnocase(&CTX
->pad
[1], CTX
->server_name
, n1
)) {
1460 if (n2
>= 2 && CTX
->pad
[1] == '*' && CTX
->pad
[2] == '.') {
1464 while (u
< n1
&& CTX
->server_name
[u
] != '.') {
1470 && eqnocase(&CTX
->pad
[3], CTX
->server_name
+ u
, n1
))
1483 uint32_t a
= T0_POP();
1489 /* offset-name-element */
1491 unsigned san
= T0_POP();
1494 for (u
= 0; u
< CTX
->num_name_elts
; u
++) {
1495 if (CTX
->name_elts
[u
].status
== 0) {
1496 const unsigned char *oid
;
1499 oid
= CTX
->name_elts
[u
].oid
;
1501 if (oid
[0] != 0 || oid
[1] != 0) {
1509 if (len
!= 0 && len
== CTX
->pad
[0]
1510 && memcmp(oid
+ off
+ 1,
1511 CTX
->pad
+ 1, len
) == 0)
1525 uint32_t b
= T0_POP();
1526 uint32_t a
= T0_POP();
1533 T0_PUSH(T0_PEEK(1));
1537 /* read-blob-inner */
1539 uint32_t len
= T0_POP();
1540 uint32_t addr
= T0_POP();
1541 size_t clen
= CTX
->hlen
;
1546 memcpy((unsigned char *)CTX
+ addr
, CTX
->hbuf
, clen
);
1548 if (CTX
->do_mhash
) {
1549 br_multihash_update(&CTX
->mhash
, CTX
->hbuf
, clen
);
1551 if (CTX
->do_dn_hash
) {
1552 CTX
->dn_hash_impl
->update(
1553 &CTX
->dn_hash
.vtable
, CTX
->hbuf
, clen
);
1557 T0_PUSH(addr
+ clen
);
1558 T0_PUSH(len
- clen
);
1565 if (CTX
->hlen
== 0) {
1568 unsigned char x
= *CTX
->hbuf
++;
1569 if (CTX
->do_mhash
) {
1570 br_multihash_update(&CTX
->mhash
, &x
, 1);
1572 if (CTX
->do_dn_hash
) {
1573 CTX
->dn_hash_impl
->update(&CTX
->dn_hash
.vtable
, &x
, 1);
1594 uint32_t addr
= T0_POP();
1595 *(uint16_t *)((unsigned char *)CTX
+ addr
) = T0_POP();
1602 uint32_t addr
= T0_POP();
1603 *(uint32_t *)((unsigned char *)CTX
+ addr
) = T0_POP();
1610 uint32_t addr
= T0_POP();
1611 *((unsigned char *)CTX
+ addr
) = (unsigned char)T0_POP();
1618 CTX
->dn_hash_impl
->init(&CTX
->dn_hash
.vtable
);
1619 CTX
->do_dn_hash
= 1;
1624 /* start-tbs-hash */
1626 br_multihash_init(&CTX
->mhash
);
1644 /* zero-server-name */
1646 T0_PUSHi(-(CTX
->server_name
== NULL
));
1653 T0_ENTER(ip
, rp
, t0x
);
1657 ((t0_context
*)t0ctx
)->dp
= dp
;
1658 ((t0_context
*)t0ctx
)->rp
= rp
;
1659 ((t0_context
*)t0ctx
)->ip
= ip
;
1665 * Verify the signature on the certificate with the provided public key.
1666 * This function checks the public key type with regards to the expected
1667 * type. Returned value is either 0 on success, or a non-zero error code.
1670 verify_signature(br_x509_minimal_context
*ctx
, const br_x509_pkey
*pk
)
1674 kt
= ctx
->cert_signer_key_type
;
1675 if ((pk
->key_type
& 0x0F) != kt
) {
1676 return BR_ERR_X509_WRONG_KEY_TYPE
;
1679 unsigned char tmp
[64];
1681 case BR_KEYTYPE_RSA
:
1682 if (ctx
->irsa
== 0) {
1683 return BR_ERR_X509_UNSUPPORTED
;
1685 if (!ctx
->irsa(ctx
->cert_sig
, ctx
->cert_sig_len
,
1686 &t0_datablock
[ctx
->cert_sig_hash_oid
],
1687 ctx
->cert_sig_hash_len
, &pk
->key
.rsa
, tmp
))
1689 return BR_ERR_X509_BAD_SIGNATURE
;
1691 if (memcmp(ctx
->tbs_hash
, tmp
, ctx
->cert_sig_hash_len
) != 0) {
1692 return BR_ERR_X509_BAD_SIGNATURE
;
1697 if (ctx
->iecdsa
== 0) {
1698 return BR_ERR_X509_UNSUPPORTED
;
1700 if (!ctx
->iecdsa(ctx
->iec
, ctx
->tbs_hash
,
1701 ctx
->cert_sig_hash_len
, &pk
->key
.ec
,
1702 ctx
->cert_sig
, ctx
->cert_sig_len
))
1704 return BR_ERR_X509_BAD_SIGNATURE
;
1709 return BR_ERR_X509_UNSUPPORTED
;