1 /* Automatically generated code; do not modify directly. */
9 const unsigned char *ip
;
13 t0_parse7E_unsigned(const unsigned char **p
)
22 x
= (x
<< 7) | (uint32_t)(y
& 0x7F);
30 t0_parse7E_signed(const unsigned char **p
)
35 neg
= ((**p
) >> 6) & 1;
41 x
= (x
<< 7) | (uint32_t)(y
& 0x7F);
44 return -(int32_t)~x
- 1;
52 #define T0_VBYTE(x, n) (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) | 0x80)
53 #define T0_FBYTE(x, n) (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)
54 #define T0_SBYTE(x) (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)
55 #define T0_INT1(x) T0_FBYTE(x, 0)
56 #define T0_INT2(x) T0_VBYTE(x, 7), T0_FBYTE(x, 0)
57 #define T0_INT3(x) T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
58 #define T0_INT4(x) T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
59 #define T0_INT5(x) T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
61 /* static const unsigned char t0_datablock[]; */
64 void br_x509_minimal_init_main(void *t0ctx
);
66 void br_x509_minimal_run(void *t0ctx
);
79 * Implementation Notes
80 * --------------------
82 * The C code pushes the data by chunks; all decoding is done in the
83 * T0 code. The cert_length value is set to the certificate length when
84 * a new certificate is started; the T0 code picks it up as outer limit,
85 * and decoding functions use it to ensure that no attempt is made at
86 * reading past it. The T0 code also checks that once the certificate is
87 * decoded, there are no trailing bytes.
89 * The T0 code sets cert_length to 0 when the certificate is fully
92 * The C code must still perform two checks:
94 * -- If the certificate length is 0, then the T0 code will not be
95 * invoked at all. This invalid condition must thus be reported by the
98 * -- When reaching the end of certificate, the C code must verify that
99 * the certificate length has been set to 0, thereby signaling that
100 * the T0 code properly decoded a certificate.
102 * Processing of a chain works in the following way:
104 * -- The error flag is set to a non-zero value when validation is
105 * finished. The value is either BR_ERR_X509_OK (validation is
106 * successful) or another non-zero error code. When a non-zero error
107 * code is obtained, the remaining bytes in the current certificate and
108 * the subsequent certificates (if any) are completely ignored.
110 * -- Each certificate is decoded in due course, with the following
111 * "interesting points":
113 * -- Start of the TBS: the multihash engine is reset and activated.
115 * -- Start of the issuer DN: the secondary hash engine is started,
116 * to process the encoded issuer DN.
118 * -- End of the issuer DN: the secondary hash engine is stopped. The
119 * resulting hash value is computed and then copied into the
120 * next_dn_hash[] buffer.
122 * -- Start of the subject DN: the secondary hash engine is started,
123 * to process the encoded subject DN.
125 * -- For the EE certificate only: the Common Name, if any, is matched
126 * against the expected server name.
128 * -- End of the subject DN: the secondary hash engine is stopped. The
129 * resulting hash value is computed into the pad. It is then processed:
131 * -- If this is the EE certificate, then the hash is ignored
132 * (except for direct trust processing, see later; the hash is
133 * simply left in current_dn_hash[]).
135 * -- Otherwise, the hashed subject DN is compared with the saved
136 * hash value (in saved_dn_hash[]). They must match.
138 * Either way, the next_dn_hash[] value is then copied into the
139 * saved_dn_hash[] value. Thus, at that point, saved_dn_hash[]
140 * contains the hash of the issuer DN for the current certificate,
141 * and current_dn_hash[] contains the hash of the subject DN for the
142 * current certificate.
144 * -- Public key: it is decoded into the cert_pkey[] buffer. Unknown
145 * key types are reported at that point.
147 * -- If this is the EE certificate, then the key type is compared
148 * with the expected key type (initialization parameter). The public
149 * key data is copied to ee_pkey_data[]. The key and hashed subject
150 * DN are also compared with the "direct trust" keys; if the key
151 * and DN are matched, then validation ends with a success.
153 * -- Otherwise, the saved signature (cert_sig[]) is verified
154 * against the saved TBS hash (tbs_hash[]) and that freshly
155 * decoded public key. Failure here ends validation with an error.
157 * -- Extensions: extension values are processed in due order.
159 * -- Basic Constraints: for all certificates except EE, must be
160 * present, indicate a CA, and have a path legnth compatible with
161 * the chain length so far.
163 * -- Key Usage: for the EE, if present, must allow signatures
164 * or encryption/key exchange, as required for the cipher suite.
165 * For non-EE, if present, must have the "certificate sign" bit.
167 * -- Subject Alt Name: for the EE, dNSName names are matched
168 * against the server name. Ignored for non-EE.
170 * -- Authority Key Identifier, Subject Key Identifier, Issuer
171 * Alt Name, Subject Directory Attributes, CRL Distribution Points
172 * Freshest CRL, Authority Info Access and Subject Info Access
173 * extensions are always ignored: they either contain only
174 * informative data, or they relate to revocation processing, which
175 * we explicitly do not support.
177 * -- All other extensions are ignored if non-critical. If a
178 * critical extension other than the ones above is encountered,
179 * then a failure is reported.
181 * -- End of the TBS: the multihash engine is stopped.
183 * -- Signature algorithm: the signature algorithm on the
184 * certificate is decoded. A failure is reported if that algorithm
185 * is unknown. The hashed TBS corresponding to the signature hash
186 * function is computed and stored in tbs_hash[] (if not supported,
187 * then a failure is reported). The hash OID and length are stored
188 * in cert_sig_hash_oid and cert_sig_hash_len.
190 * -- Signature value: the signature value is copied into the
193 * -- Certificate end: the hashed issuer DN (saved_dn_hash[]) is
194 * looked up in the trust store (CA trust anchors only); for all
195 * that match, the signature (cert_sig[]) is verified against the
196 * anchor public key (hashed TBS is in tbs_hash[]). If one of these
197 * signatures is valid, then validation ends with a success.
199 * -- If the chain end is reached without obtaining a validation success,
200 * then validation is reported as failed.
203 #ifndef BR_USE_UNIX_TIME
204 #if defined __unix__ || defined __linux__ \
205 || defined _POSIX_SOURCE || defined _POSIX_C_SOURCE \
206 || (defined __APPLE__ && defined __MACH__)
207 #define BR_USE_UNIX_TIME 1
211 #ifndef BR_USE_WIN32_TIME
212 #if defined _WIN32 || defined _WIN64
213 #define BR_USE_WIN32_TIME 1
221 #if BR_USE_WIN32_TIME
225 void br_x509_minimal_init_main(void *ctx
);
226 void br_x509_minimal_run(void *ctx
);
228 /* see bearssl_x509.h */
230 br_x509_minimal_init(br_x509_minimal_context
*ctx
,
231 const br_hash_class
*dn_hash_impl
,
232 const br_x509_trust_anchor
*trust_anchors
, size_t trust_anchors_num
)
234 memset(ctx
, 0, sizeof *ctx
);
235 ctx
->vtable
= &br_x509_minimal_vtable
;
236 ctx
->dn_hash_impl
= dn_hash_impl
;
237 ctx
->trust_anchors
= trust_anchors
;
238 ctx
->trust_anchors_num
= trust_anchors_num
;
242 xm_start_chain(const br_x509_class
**ctx
, const char *server_name
)
244 br_x509_minimal_context
*cc
;
247 cc
= (br_x509_minimal_context
*)ctx
;
248 for (u
= 0; u
< cc
->num_name_elts
; u
++) {
249 cc
->name_elts
[u
].status
= 0;
250 cc
->name_elts
[u
].buf
[0] = 0;
252 memset(&cc
->pkey
, 0, sizeof cc
->pkey
);
255 cc
->cpu
.dp
= cc
->dp_stack
;
256 cc
->cpu
.rp
= cc
->rp_stack
;
257 br_x509_minimal_init_main(&cc
->cpu
);
258 if (server_name
== NULL
|| *server_name
== 0) {
259 cc
->server_name
= NULL
;
261 cc
->server_name
= server_name
;
266 xm_start_cert(const br_x509_class
**ctx
, uint32_t length
)
268 br_x509_minimal_context
*cc
;
270 cc
= (br_x509_minimal_context
*)ctx
;
275 cc
->err
= BR_ERR_X509_TRUNCATED
;
278 cc
->cert_length
= length
;
282 xm_append(const br_x509_class
**ctx
, const unsigned char *buf
, size_t len
)
284 br_x509_minimal_context
*cc
;
286 cc
= (br_x509_minimal_context
*)ctx
;
292 br_x509_minimal_run(&cc
->cpu
);
296 xm_end_cert(const br_x509_class
**ctx
)
298 br_x509_minimal_context
*cc
;
300 cc
= (br_x509_minimal_context
*)ctx
;
301 if (cc
->err
== 0 && cc
->cert_length
!= 0) {
302 cc
->err
= BR_ERR_X509_TRUNCATED
;
308 xm_end_chain(const br_x509_class
**ctx
)
310 br_x509_minimal_context
*cc
;
312 cc
= (br_x509_minimal_context
*)ctx
;
314 if (cc
->num_certs
== 0) {
315 cc
->err
= BR_ERR_X509_EMPTY_CHAIN
;
317 cc
->err
= BR_ERR_X509_NOT_TRUSTED
;
319 } else if (cc
->err
== BR_ERR_X509_OK
) {
322 return (unsigned)cc
->err
;
325 static const br_x509_pkey
*
326 xm_get_pkey(const br_x509_class
*const *ctx
, unsigned *usages
)
328 br_x509_minimal_context
*cc
;
330 cc
= (br_x509_minimal_context
*)ctx
;
331 if (cc
->err
== BR_ERR_X509_OK
332 || cc
->err
== BR_ERR_X509_NOT_TRUSTED
)
334 if (usages
!= NULL
) {
335 *usages
= cc
->key_usages
;
337 return &((br_x509_minimal_context
*)ctx
)->pkey
;
343 /* see bearssl_x509.h */
344 const br_x509_class br_x509_minimal_vtable
= {
345 sizeof(br_x509_minimal_context
),
354 #define CTX ((br_x509_minimal_context *)((unsigned char *)t0ctx - offsetof(br_x509_minimal_context, cpu)))
355 #define CONTEXT_NAME br_x509_minimal_context
357 #define DNHASH_LEN ((CTX->dn_hash_impl->desc >> BR_HASHDESC_OUT_OFF) & BR_HASHDESC_OUT_MASK)
360 * Hash a DN (from a trust anchor) into the provided buffer. This uses the
361 * DN hash implementation and context structure from the X.509 engine
365 hash_dn(br_x509_minimal_context
*ctx
, const void *dn
, size_t len
,
368 ctx
->dn_hash_impl
->init(&ctx
->dn_hash
.vtable
);
369 ctx
->dn_hash_impl
->update(&ctx
->dn_hash
.vtable
, dn
, len
);
370 ctx
->dn_hash_impl
->out(&ctx
->dn_hash
.vtable
, out
);
374 * Compare two big integers for equality. The integers use unsigned big-endian
375 * encoding; extra leading bytes (of value 0) are allowed.
378 eqbigint(const unsigned char *b1
, size_t len1
,
379 const unsigned char *b2
, size_t len2
)
381 while (len1
> 0 && *b1
== 0) {
385 while (len2
> 0 && *b2
== 0) {
392 return memcmp(b1
, b2
, len1
) == 0;
396 * Compare two strings for equality, in a case-insensitive way. This
397 * function handles casing only for ASCII letters.
400 eqnocase(const void *s1
, const void *s2
, size_t len
)
402 const unsigned char *buf1
, *buf2
;
411 if (x1
>= 'A' && x1
<= 'Z') {
414 if (x2
>= 'A' && x2
<= 'Z') {
424 static int verify_signature(br_x509_minimal_context
*ctx
,
425 const br_x509_pkey
*pk
);
429 static const unsigned char t0_datablock
[] = {
430 0x00, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x09,
431 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x09, 0x2A, 0x86,
432 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0E, 0x09, 0x2A, 0x86, 0x48, 0x86,
433 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
434 0x01, 0x01, 0x0C, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01,
435 0x0D, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A, 0x09, 0x60, 0x86, 0x48, 0x01,
436 0x65, 0x03, 0x04, 0x02, 0x04, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03,
437 0x04, 0x02, 0x01, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02,
438 0x02, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x07,
439 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x08, 0x2A, 0x86, 0x48, 0xCE,
440 0x3D, 0x03, 0x01, 0x07, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22, 0x05, 0x2B,
441 0x81, 0x04, 0x00, 0x23, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x01,
442 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x01, 0x08, 0x2A, 0x86,
443 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D,
444 0x04, 0x03, 0x03, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x04,
445 0x03, 0x55, 0x04, 0x03, 0x00, 0x1F, 0x03, 0xFC, 0x07, 0x7F, 0x0B, 0x5E,
446 0x0F, 0x1F, 0x12, 0xFE, 0x16, 0xBF, 0x1A, 0x9F, 0x1E, 0x7E, 0x22, 0x3F,
447 0x26, 0x1E, 0x29, 0xDF, 0x00, 0x1F, 0x03, 0xFD, 0x07, 0x9F, 0x0B, 0x7E,
448 0x0F, 0x3F, 0x13, 0x1E, 0x16, 0xDF, 0x1A, 0xBF, 0x1E, 0x9E, 0x22, 0x5F,
449 0x26, 0x3E, 0x29, 0xFF, 0x03, 0x55, 0x1D, 0x13, 0x03, 0x55, 0x1D, 0x0F,
450 0x03, 0x55, 0x1D, 0x11, 0x03, 0x55, 0x1D, 0x20, 0x08, 0x2B, 0x06, 0x01,
451 0x05, 0x05, 0x07, 0x02, 0x01, 0x03, 0x55, 0x1D, 0x23, 0x03, 0x55, 0x1D,
452 0x0E, 0x03, 0x55, 0x1D, 0x12, 0x03, 0x55, 0x1D, 0x09, 0x03, 0x55, 0x1D,
453 0x1F, 0x03, 0x55, 0x1D, 0x2E, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07,
454 0x01, 0x01, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x0B
457 static const unsigned char t0_codeblock
[] = {
458 0x00, 0x01, 0x00, 0x0D, 0x00, 0x00, 0x01, 0x00, 0x10, 0x00, 0x00, 0x01,
459 0x00, 0x11, 0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x01, 0x0A,
460 0x00, 0x00, 0x24, 0x24, 0x00, 0x00, 0x01,
461 T0_INT1(BR_ERR_X509_BAD_BOOLEAN
), 0x00, 0x00, 0x01,
462 T0_INT1(BR_ERR_X509_BAD_DN
), 0x00, 0x00, 0x01,
463 T0_INT1(BR_ERR_X509_BAD_SERVER_NAME
), 0x00, 0x00, 0x01,
464 T0_INT1(BR_ERR_X509_BAD_TAG_CLASS
), 0x00, 0x00, 0x01,
465 T0_INT1(BR_ERR_X509_BAD_TAG_VALUE
), 0x00, 0x00, 0x01,
466 T0_INT1(BR_ERR_X509_BAD_TIME
), 0x00, 0x00, 0x01,
467 T0_INT1(BR_ERR_X509_CRITICAL_EXTENSION
), 0x00, 0x00, 0x01,
468 T0_INT1(BR_ERR_X509_DN_MISMATCH
), 0x00, 0x00, 0x01,
469 T0_INT1(BR_ERR_X509_EXPIRED
), 0x00, 0x00, 0x01,
470 T0_INT1(BR_ERR_X509_EXTRA_ELEMENT
), 0x00, 0x00, 0x01,
471 T0_INT1(BR_ERR_X509_FORBIDDEN_KEY_USAGE
), 0x00, 0x00, 0x01,
472 T0_INT1(BR_ERR_X509_INDEFINITE_LENGTH
), 0x00, 0x00, 0x01,
473 T0_INT1(BR_ERR_X509_INNER_TRUNC
), 0x00, 0x00, 0x01,
474 T0_INT1(BR_ERR_X509_LIMIT_EXCEEDED
), 0x00, 0x00, 0x01,
475 T0_INT1(BR_ERR_X509_NOT_CA
), 0x00, 0x00, 0x01,
476 T0_INT1(BR_ERR_X509_NOT_CONSTRUCTED
), 0x00, 0x00, 0x01,
477 T0_INT1(BR_ERR_X509_NOT_PRIMITIVE
), 0x00, 0x00, 0x01,
478 T0_INT1(BR_ERR_X509_OVERFLOW
), 0x00, 0x00, 0x01,
479 T0_INT1(BR_ERR_X509_PARTIAL_BYTE
), 0x00, 0x00, 0x01,
480 T0_INT1(BR_ERR_X509_UNEXPECTED
), 0x00, 0x00, 0x01,
481 T0_INT1(BR_ERR_X509_UNSUPPORTED
), 0x00, 0x00, 0x01,
482 T0_INT1(BR_ERR_X509_WEAK_PUBLIC_KEY
), 0x00, 0x00, 0x01,
483 T0_INT1(BR_KEYTYPE_EC
), 0x00, 0x00, 0x01, T0_INT1(BR_KEYTYPE_RSA
),
484 0x00, 0x00, 0x01, T0_INT2(offsetof(CONTEXT_NAME
, cert_length
)), 0x00,
485 0x00, 0x01, T0_INT2(offsetof(CONTEXT_NAME
, cert_sig
)), 0x00, 0x00,
486 0x01, T0_INT2(offsetof(CONTEXT_NAME
, cert_sig_hash_len
)), 0x00, 0x00,
487 0x01, T0_INT2(offsetof(CONTEXT_NAME
, cert_sig_hash_oid
)), 0x00, 0x00,
488 0x01, T0_INT2(offsetof(CONTEXT_NAME
, cert_sig_len
)), 0x00, 0x00, 0x01,
489 T0_INT2(offsetof(CONTEXT_NAME
, cert_signer_key_type
)), 0x00, 0x00,
490 0x01, T0_INT2(offsetof(CONTEXT_NAME
, current_dn_hash
)), 0x00, 0x00,
491 0x01, T0_INT2(offsetof(CONTEXT_NAME
, key_usages
)), 0x00, 0x00, 0x01,
492 T0_INT2(offsetof(br_x509_minimal_context
, pkey_data
)), 0x01,
493 T0_INT2(BR_X509_BUFSIZE_KEY
), 0x00, 0x00, 0x01,
494 T0_INT2(offsetof(CONTEXT_NAME
, min_rsa_size
)), 0x00, 0x00, 0x01,
495 T0_INT2(offsetof(CONTEXT_NAME
, next_dn_hash
)), 0x00, 0x00, 0x01,
496 T0_INT2(offsetof(CONTEXT_NAME
, num_certs
)), 0x00, 0x00, 0x01,
497 T0_INT2(offsetof(CONTEXT_NAME
, pad
)), 0x00, 0x00, 0x01,
498 T0_INT2(offsetof(CONTEXT_NAME
, saved_dn_hash
)), 0x00, 0x00, 0xC9, 0x71,
499 0x00, 0x00, 0x01, 0x80, 0x73, 0x00, 0x00, 0x01, 0x80, 0x7C, 0x00, 0x00,
500 0x01, 0x81, 0x02, 0x00, 0x00, 0x92, 0x05, 0x05, 0x34, 0x42, 0x01, 0x00,
501 0x00, 0x34, 0x01, 0x0A, 0x0E, 0x09, 0x01, 0x9A, 0xFF, 0xB8, 0x00, 0x0A,
502 0x00, 0x00, 0x01, 0x82, 0x19, 0x00, 0x00, 0x01, 0x82, 0x01, 0x00, 0x00,
503 0x01, 0x81, 0x68, 0x00, 0x04, 0x03, 0x00, 0x03, 0x01, 0x03, 0x02, 0x03,
504 0x03, 0x02, 0x03, 0x02, 0x01, 0x11, 0x06, 0x07, 0x02, 0x02, 0x02, 0x00,
505 0x0D, 0x04, 0x05, 0x02, 0x03, 0x02, 0x01, 0x0D, 0x00, 0x02, 0x03, 0x00,
506 0x03, 0x01, 0x25, 0x02, 0x01, 0x13, 0x3B, 0x02, 0x00, 0x0F, 0x15, 0x00,
507 0x00, 0x01, 0x81, 0x74, 0x00, 0x00, 0x05, 0x02, 0x52, 0x28, 0x00, 0x00,
508 0x06, 0x02, 0x53, 0x28, 0x00, 0x00, 0x01, 0x10, 0x77, 0x00, 0x00, 0x11,
509 0x05, 0x02, 0x56, 0x28, 0x74, 0x00, 0x00, 0x11, 0x05, 0x02, 0x56, 0x28,
510 0x75, 0x00, 0x00, 0x06, 0x02, 0x4C, 0x28, 0x00, 0x00, 0x01, 0x82, 0x11,
511 0x00, 0x00, 0x25, 0x20, 0x01, 0x08, 0x0E, 0x3B, 0x40, 0x20, 0x09, 0x00,
512 0x09, 0x03, 0x00, 0x5B, 0x2B, 0xAF, 0x39, 0xAF, 0xB3, 0x25, 0x01, 0x20,
513 0x11, 0x06, 0x11, 0x24, 0x74, 0xAD, 0xB3, 0x01, 0x02, 0x78, 0xB0, 0x01,
514 0x02, 0x12, 0x06, 0x02, 0x57, 0x28, 0x79, 0xB3, 0x01, 0x02, 0x78, 0xAE,
515 0xAF, 0xC2, 0x9C, 0x65, 0x61, 0x21, 0x16, 0xAF, 0xA7, 0x29, 0x69, 0x06,
516 0x02, 0x4B, 0x28, 0xA7, 0x29, 0x71, 0x06, 0x02, 0x4B, 0x28, 0x79, 0x02,
517 0x00, 0x06, 0x05, 0x9D, 0x03, 0x01, 0x04, 0x09, 0x9C, 0x61, 0x68, 0x21,
518 0x27, 0x05, 0x02, 0x4A, 0x28, 0x68, 0x65, 0x21, 0x16, 0xAF, 0xAF, 0x9E,
519 0x05, 0x02, 0x57, 0x28, 0xBC, 0x26, 0x06, 0x27, 0xC2, 0xA4, 0xAF, 0x63,
520 0xAA, 0x03, 0x03, 0x63, 0x3B, 0x02, 0x03, 0x09, 0x3B, 0x02, 0x03, 0x0A,
521 0xAA, 0x03, 0x04, 0x79, 0x64, 0x2A, 0x01, 0x81, 0x00, 0x09, 0x02, 0x03,
522 0x12, 0x06, 0x02, 0x58, 0x28, 0x79, 0x5A, 0x03, 0x02, 0x04, 0x3A, 0x88,
523 0x26, 0x06, 0x34, 0x9E, 0x05, 0x02, 0x57, 0x28, 0x6A, 0x26, 0x06, 0x04,
524 0x01, 0x17, 0x04, 0x12, 0x6B, 0x26, 0x06, 0x04, 0x01, 0x18, 0x04, 0x0A,
525 0x6C, 0x26, 0x06, 0x04, 0x01, 0x19, 0x04, 0x02, 0x57, 0x28, 0x03, 0x05,
526 0x79, 0xA4, 0x25, 0x03, 0x06, 0x25, 0x63, 0x34, 0x0D, 0x06, 0x02, 0x50,
527 0x28, 0xA5, 0x59, 0x03, 0x02, 0x04, 0x02, 0x57, 0x28, 0x79, 0x02, 0x00,
528 0x06, 0x21, 0x02, 0x02, 0x5A, 0x30, 0x11, 0x06, 0x08, 0x24, 0x02, 0x03,
529 0x02, 0x04, 0x1D, 0x04, 0x10, 0x59, 0x30, 0x11, 0x06, 0x08, 0x24, 0x02,
530 0x05, 0x02, 0x06, 0x1C, 0x04, 0x03, 0x57, 0x28, 0x24, 0x04, 0x24, 0x02,
531 0x02, 0x5A, 0x30, 0x11, 0x06, 0x08, 0x24, 0x02, 0x03, 0x02, 0x04, 0x23,
532 0x04, 0x10, 0x59, 0x30, 0x11, 0x06, 0x08, 0x24, 0x02, 0x05, 0x02, 0x06,
533 0x22, 0x04, 0x03, 0x57, 0x28, 0x24, 0x25, 0x06, 0x01, 0x28, 0x24, 0x01,
534 0x00, 0x03, 0x07, 0xB4, 0x01, 0x21, 0x8F, 0x01, 0x22, 0x8F, 0x25, 0x01,
535 0x23, 0x11, 0x06, 0x81, 0x26, 0x24, 0x74, 0xAD, 0xAF, 0x25, 0x06, 0x81,
536 0x1A, 0x01, 0x00, 0x03, 0x08, 0xAF, 0x9E, 0x24, 0xB3, 0x25, 0x01, 0x01,
537 0x11, 0x06, 0x04, 0xA6, 0x03, 0x08, 0xB3, 0x01, 0x04, 0x78, 0xAD, 0x70,
538 0x26, 0x06, 0x0F, 0x02, 0x00, 0x06, 0x03, 0xC3, 0x04, 0x05, 0x99, 0x01,
539 0x7F, 0x03, 0x07, 0x04, 0x80, 0x6C, 0x91, 0x26, 0x06, 0x06, 0x02, 0x00,
540 0x9B, 0x04, 0x80, 0x62, 0xC5, 0x26, 0x06, 0x11, 0x02, 0x00, 0x06, 0x09,
541 0x01, 0x00, 0x03, 0x01, 0x98, 0x03, 0x01, 0x04, 0x01, 0xC3, 0x04, 0x80,
542 0x4D, 0x73, 0x26, 0x06, 0x0A, 0x02, 0x08, 0x06, 0x03, 0x9A, 0x04, 0x01,
543 0xC3, 0x04, 0x3F, 0x6F, 0x26, 0x06, 0x03, 0xC3, 0x04, 0x38, 0xC8, 0x26,
544 0x06, 0x03, 0xC3, 0x04, 0x31, 0x90, 0x26, 0x06, 0x03, 0xC3, 0x04, 0x2A,
545 0xC6, 0x26, 0x06, 0x03, 0xC3, 0x04, 0x23, 0x7A, 0x26, 0x06, 0x03, 0xC3,
546 0x04, 0x1C, 0x85, 0x26, 0x06, 0x03, 0xC3, 0x04, 0x15, 0x6E, 0x26, 0x06,
547 0x03, 0xC3, 0x04, 0x0E, 0xC7, 0x26, 0x06, 0x03, 0xC3, 0x04, 0x07, 0x02,
548 0x08, 0x06, 0x02, 0x49, 0x28, 0xC3, 0x79, 0x79, 0x04, 0xFE, 0x62, 0x79,
549 0x79, 0x04, 0x08, 0x01, 0x7F, 0x11, 0x05, 0x02, 0x56, 0x28, 0x24, 0x79,
550 0x3A, 0x02, 0x00, 0x06, 0x08, 0x02, 0x01, 0x3C, 0x2F, 0x05, 0x02, 0x45,
551 0x28, 0x02, 0x00, 0x06, 0x01, 0x17, 0x02, 0x00, 0x02, 0x07, 0x2F, 0x05,
552 0x02, 0x51, 0x28, 0xB3, 0x76, 0xAD, 0x9E, 0x06, 0x80, 0x77, 0xBD, 0x26,
553 0x06, 0x07, 0x01, 0x02, 0x5A, 0x8A, 0x04, 0x80, 0x5E, 0xBE, 0x26, 0x06,
554 0x07, 0x01, 0x03, 0x5A, 0x8B, 0x04, 0x80, 0x53, 0xBF, 0x26, 0x06, 0x07,
555 0x01, 0x04, 0x5A, 0x8C, 0x04, 0x80, 0x48, 0xC0, 0x26, 0x06, 0x06, 0x01,
556 0x05, 0x5A, 0x8D, 0x04, 0x3E, 0xC1, 0x26, 0x06, 0x06, 0x01, 0x06, 0x5A,
557 0x8E, 0x04, 0x34, 0x7F, 0x26, 0x06, 0x06, 0x01, 0x02, 0x59, 0x8A, 0x04,
558 0x2A, 0x80, 0x26, 0x06, 0x06, 0x01, 0x03, 0x59, 0x8B, 0x04, 0x20, 0x81,
559 0x26, 0x06, 0x06, 0x01, 0x04, 0x59, 0x8C, 0x04, 0x16, 0x82, 0x26, 0x06,
560 0x06, 0x01, 0x05, 0x59, 0x8D, 0x04, 0x0C, 0x83, 0x26, 0x06, 0x06, 0x01,
561 0x06, 0x59, 0x8E, 0x04, 0x02, 0x57, 0x28, 0x5E, 0x35, 0x60, 0x37, 0x1B,
562 0x25, 0x05, 0x02, 0x57, 0x28, 0x5D, 0x37, 0x04, 0x02, 0x57, 0x28, 0xC2,
563 0xA4, 0x25, 0x01, T0_INT2(BR_X509_BUFSIZE_SIG
), 0x12, 0x06, 0x02, 0x50,
564 0x28, 0x25, 0x5F, 0x35, 0x5C, 0xA5, 0x79, 0x79, 0x01, 0x00, 0x5B, 0x36,
565 0x18, 0x00, 0x00, 0x01, 0x30, 0x0A, 0x25, 0x01, 0x00, 0x01, 0x09, 0x72,
566 0x05, 0x02, 0x48, 0x28, 0x00, 0x00, 0x30, 0x30, 0x00, 0x00, 0x01, 0x81,
567 0x08, 0x00, 0x00, 0x01, 0x81, 0x10, 0x00, 0x00, 0x01, 0x81, 0x19, 0x00,
568 0x00, 0x01, 0x81, 0x22, 0x00, 0x00, 0x01, 0x81, 0x2B, 0x00, 0x01, 0x7E,
569 0x01, 0x01, 0x11, 0x3B, 0x01, 0x83, 0xFD, 0x7F, 0x11, 0x15, 0x06, 0x03,
570 0x3B, 0x24, 0x00, 0x3B, 0x25, 0x03, 0x00, 0x25, 0xCA, 0x05, 0x04, 0x42,
571 0x01, 0x00, 0x00, 0x25, 0x01, 0x81, 0x00, 0x0D, 0x06, 0x04, 0x96, 0x04,
572 0x80, 0x49, 0x25, 0x01, 0x90, 0x00, 0x0D, 0x06, 0x0F, 0x01, 0x06, 0x14,
573 0x01, 0x81, 0x40, 0x2F, 0x96, 0x02, 0x00, 0x01, 0x00, 0x97, 0x04, 0x33,
574 0x25, 0x01, 0x83, 0xFF, 0x7F, 0x0D, 0x06, 0x14, 0x01, 0x0C, 0x14, 0x01,
575 0x81, 0x60, 0x2F, 0x96, 0x02, 0x00, 0x01, 0x06, 0x97, 0x02, 0x00, 0x01,
576 0x00, 0x97, 0x04, 0x17, 0x01, 0x12, 0x14, 0x01, 0x81, 0x70, 0x2F, 0x96,
577 0x02, 0x00, 0x01, 0x0C, 0x97, 0x02, 0x00, 0x01, 0x06, 0x97, 0x02, 0x00,
578 0x01, 0x00, 0x97, 0x00, 0x00, 0x01, 0x82, 0x15, 0x00, 0x00, 0x25, 0x01,
579 0x83, 0xB0, 0x00, 0x01, 0x83, 0xB7, 0x7F, 0x72, 0x00, 0x00, 0x01, 0x81,
580 0x34, 0x00, 0x00, 0x01, 0x80, 0x6B, 0x00, 0x00, 0x01, 0x81, 0x78, 0x00,
581 0x00, 0x01, 0x3D, 0x00, 0x00, 0x01, 0x80, 0x43, 0x00, 0x00, 0x01, 0x80,
582 0x4D, 0x00, 0x00, 0x01, 0x80, 0x57, 0x00, 0x00, 0x01, 0x80, 0x61, 0x00,
583 0x00, 0x30, 0x11, 0x06, 0x04, 0x42, 0xAD, 0xC2, 0xB4, 0x00, 0x00, 0x01,
584 0x82, 0x09, 0x00, 0x00, 0x01, 0x81, 0x6C, 0x00, 0x00, 0x25, 0x01, 0x83,
585 0xB8, 0x00, 0x01, 0x83, 0xBF, 0x7F, 0x72, 0x00, 0x00, 0x01, 0x30, 0x62,
586 0x37, 0x01, 0x7F, 0x7C, 0x19, 0x01, 0x00, 0x7C, 0x19, 0x04, 0x7A, 0x00,
587 0x01, 0x81, 0x38, 0x00, 0x01, 0x7E, 0x0D, 0x06, 0x02, 0x4F, 0x28, 0x25,
588 0x03, 0x00, 0x0A, 0x02, 0x00, 0x00, 0x00, 0x30, 0x25, 0x3F, 0x3B, 0x01,
589 0x82, 0x00, 0x13, 0x2F, 0x06, 0x04, 0x42, 0x01, 0x00, 0x00, 0x30, 0x67,
590 0x09, 0x37, 0x40, 0x00, 0x00, 0x14, 0x01, 0x3F, 0x15, 0x01, 0x81, 0x00,
591 0x2F, 0x96, 0x00, 0x02, 0x01, 0x00, 0x03, 0x00, 0xAF, 0x25, 0x06, 0x80,
592 0x59, 0xB3, 0x01, 0x20, 0x30, 0x11, 0x06, 0x17, 0x24, 0x74, 0xAD, 0x9E,
593 0x24, 0x01, 0x7F, 0x2E, 0x03, 0x01, 0xB3, 0x01, 0x20, 0x77, 0xAD, 0xB2,
594 0x02, 0x01, 0x1F, 0x79, 0x79, 0x04, 0x38, 0x01, 0x21, 0x30, 0x11, 0x06,
595 0x08, 0x24, 0x75, 0xB6, 0x01, 0x01, 0x1E, 0x04, 0x2A, 0x01, 0x22, 0x30,
596 0x11, 0x06, 0x11, 0x24, 0x75, 0xB6, 0x25, 0x06, 0x06, 0x2C, 0x02, 0x00,
597 0x2F, 0x03, 0x00, 0x01, 0x02, 0x1E, 0x04, 0x13, 0x01, 0x26, 0x30, 0x11,
598 0x06, 0x08, 0x24, 0x75, 0xB6, 0x01, 0x06, 0x1E, 0x04, 0x05, 0x42, 0xAE,
599 0x01, 0x00, 0x24, 0x04, 0xFF, 0x23, 0x79, 0x02, 0x00, 0x00, 0x00, 0xAF,
600 0xB4, 0x25, 0x01, 0x01, 0x11, 0x06, 0x08, 0xA6, 0x05, 0x02, 0x51, 0x28,
601 0xB4, 0x04, 0x02, 0x51, 0x28, 0x25, 0x01, 0x02, 0x11, 0x06, 0x0C, 0x24,
602 0x75, 0xB0, 0x66, 0x2B, 0x41, 0x0D, 0x06, 0x02, 0x51, 0x28, 0xB4, 0x01,
603 0x7F, 0x10, 0x06, 0x02, 0x56, 0x28, 0x24, 0x79, 0x00, 0x00, 0xAF, 0x25,
604 0x06, 0x1A, 0xAF, 0x9E, 0x24, 0x25, 0x06, 0x11, 0xAF, 0x25, 0x06, 0x0C,
605 0xAF, 0x9E, 0x24, 0x89, 0x26, 0x05, 0x02, 0x49, 0x28, 0xC2, 0x04, 0x71,
606 0x79, 0x79, 0x04, 0x63, 0x79, 0x00, 0x02, 0x03, 0x00, 0xB3, 0x01, 0x03,
607 0x78, 0xAD, 0xBA, 0x03, 0x01, 0x02, 0x01, 0x01, 0x07, 0x12, 0x06, 0x02,
608 0x56, 0x28, 0x25, 0x01, 0x00, 0x30, 0x11, 0x06, 0x05, 0x24, 0x4D, 0x28,
609 0x04, 0x15, 0x01, 0x01, 0x30, 0x11, 0x06, 0x0A, 0x24, 0xBA, 0x02, 0x01,
610 0x14, 0x02, 0x01, 0x0E, 0x04, 0x05, 0x24, 0xBA, 0x01, 0x00, 0x24, 0x02,
611 0x00, 0x06, 0x19, 0x01, 0x00, 0x30, 0x01, 0x38, 0x15, 0x06, 0x03, 0x01,
612 0x10, 0x2F, 0x3B, 0x01, 0x81, 0x40, 0x15, 0x06, 0x03, 0x01, 0x20, 0x2F,
613 0x62, 0x37, 0x04, 0x07, 0x01, 0x04, 0x15, 0x05, 0x02, 0x4D, 0x28, 0xC2,
614 0x00, 0x00, 0x38, 0xAF, 0xC2, 0x1A, 0x00, 0x03, 0x01, 0x00, 0x03, 0x00,
615 0x38, 0xAF, 0x25, 0x06, 0x30, 0xB3, 0x01, 0x11, 0x77, 0xAD, 0x25, 0x05,
616 0x02, 0x44, 0x28, 0x25, 0x06, 0x20, 0xAF, 0x9E, 0x24, 0x87, 0x26, 0x03,
617 0x01, 0x01, 0x00, 0x2E, 0x03, 0x02, 0xB2, 0x25, 0x02, 0x01, 0x15, 0x06,
618 0x07, 0x2C, 0x06, 0x04, 0x01, 0x7F, 0x03, 0x00, 0x02, 0x02, 0x1F, 0x79,
619 0x04, 0x5D, 0x79, 0x04, 0x4D, 0x79, 0x1A, 0x02, 0x00, 0x00, 0x00, 0xB3,
620 0x01, 0x06, 0x78, 0xB1, 0x00, 0x00, 0xB8, 0x86, 0x06, 0x0E, 0x3B, 0x25,
621 0x05, 0x06, 0x42, 0x01, 0x00, 0x01, 0x00, 0x00, 0xB8, 0x6D, 0x04, 0x08,
622 0x92, 0x06, 0x05, 0x24, 0x01, 0x00, 0x04, 0x00, 0x00, 0x00, 0xB9, 0x86,
623 0x06, 0x0E, 0x3B, 0x25, 0x05, 0x06, 0x42, 0x01, 0x00, 0x01, 0x00, 0x00,
624 0xB9, 0x6D, 0x04, 0x08, 0x92, 0x06, 0x05, 0x24, 0x01, 0x00, 0x04, 0x00,
625 0x00, 0x00, 0xBA, 0x25, 0x01, 0x81, 0x00, 0x0D, 0x06, 0x04, 0x00, 0x04,
626 0x80, 0x55, 0x25, 0x01, 0x81, 0x40, 0x0D, 0x06, 0x07, 0x24, 0x01, 0x00,
627 0x00, 0x04, 0x80, 0x47, 0x25, 0x01, 0x81, 0x60, 0x0D, 0x06, 0x0E, 0x01,
628 0x1F, 0x15, 0x01, 0x01, 0xA3, 0x01, 0x81, 0x00, 0x01, 0x8F, 0x7F, 0x04,
629 0x32, 0x25, 0x01, 0x81, 0x70, 0x0D, 0x06, 0x0F, 0x01, 0x0F, 0x15, 0x01,
630 0x02, 0xA3, 0x01, 0x90, 0x00, 0x01, 0x83, 0xFF, 0x7F, 0x04, 0x1C, 0x25,
631 0x01, 0x81, 0x78, 0x0D, 0x06, 0x11, 0x01, 0x07, 0x15, 0x01, 0x03, 0xA3,
632 0x01, 0x84, 0x80, 0x00, 0x01, 0x80, 0xC3, 0xFF, 0x7F, 0x04, 0x04, 0x24,
633 0x01, 0x00, 0x00, 0x72, 0x05, 0x03, 0x24, 0x01, 0x00, 0x00, 0x00, 0x3B,
634 0x25, 0x05, 0x06, 0x42, 0x01, 0x00, 0x01, 0x7F, 0x00, 0xBA, 0x34, 0x25,
635 0x3D, 0x06, 0x03, 0x3B, 0x24, 0x00, 0x01, 0x06, 0x0E, 0x3B, 0x25, 0x01,
636 0x06, 0x14, 0x01, 0x02, 0x10, 0x06, 0x04, 0x42, 0x01, 0x7F, 0x00, 0x01,
637 0x3F, 0x15, 0x09, 0x00, 0x00, 0x25, 0x06, 0x06, 0x0B, 0xA2, 0x34, 0x41,
638 0x04, 0x77, 0x24, 0x25, 0x00, 0x00, 0xB3, 0x01, 0x03, 0x78, 0xAD, 0xBA,
639 0x06, 0x02, 0x55, 0x28, 0x00, 0x00, 0x3B, 0x25, 0x06, 0x07, 0x31, 0x25,
640 0x06, 0x01, 0x19, 0x04, 0x76, 0x42, 0x00, 0x00, 0x01, 0x01, 0x78, 0xAC,
641 0x01, 0x01, 0x10, 0x06, 0x02, 0x43, 0x28, 0xBA, 0x3E, 0x00, 0x04, 0xB3,
642 0x25, 0x01, 0x17, 0x01, 0x18, 0x72, 0x05, 0x02, 0x48, 0x28, 0x01, 0x18,
643 0x11, 0x03, 0x00, 0x75, 0xAD, 0xA8, 0x02, 0x00, 0x06, 0x0C, 0x01, 0x80,
644 0x64, 0x08, 0x03, 0x01, 0xA8, 0x02, 0x01, 0x09, 0x04, 0x0E, 0x25, 0x01,
645 0x32, 0x0D, 0x06, 0x04, 0x01, 0x80, 0x64, 0x09, 0x01, 0x8E, 0x6C, 0x09,
646 0x03, 0x01, 0x02, 0x01, 0x01, 0x82, 0x6D, 0x08, 0x02, 0x01, 0x01, 0x03,
647 0x09, 0x01, 0x04, 0x0C, 0x09, 0x02, 0x01, 0x01, 0x80, 0x63, 0x09, 0x01,
648 0x80, 0x64, 0x0C, 0x0A, 0x02, 0x01, 0x01, 0x83, 0x0F, 0x09, 0x01, 0x83,
649 0x10, 0x0C, 0x09, 0x03, 0x03, 0x01, 0x01, 0x01, 0x0C, 0xA9, 0x41, 0x01,
650 0x01, 0x0E, 0x02, 0x01, 0x01, 0x04, 0x07, 0x3F, 0x02, 0x01, 0x01, 0x80,
651 0x64, 0x07, 0x3E, 0x02, 0x01, 0x01, 0x83, 0x10, 0x07, 0x3F, 0x2F, 0x15,
652 0x06, 0x03, 0x01, 0x18, 0x09, 0x94, 0x09, 0x7B, 0x25, 0x01, 0x05, 0x14,
653 0x02, 0x03, 0x09, 0x03, 0x03, 0x01, 0x1F, 0x15, 0x01, 0x01, 0x3B, 0xA9,
654 0x02, 0x03, 0x09, 0x41, 0x03, 0x03, 0x01, 0x00, 0x01, 0x17, 0xA9, 0x01,
655 0x9C, 0x10, 0x08, 0x03, 0x02, 0x01, 0x00, 0x01, 0x3B, 0xA9, 0x01, 0x3C,
656 0x08, 0x02, 0x02, 0x09, 0x03, 0x02, 0x01, 0x00, 0x01, 0x3C, 0xA9, 0x02,
657 0x02, 0x09, 0x03, 0x02, 0xBA, 0x25, 0x01, 0x2E, 0x11, 0x06, 0x0D, 0x24,
658 0xBA, 0x25, 0x01, 0x30, 0x01, 0x39, 0x72, 0x06, 0x03, 0x24, 0x04, 0x74,
659 0x01, 0x80, 0x5A, 0x10, 0x06, 0x02, 0x48, 0x28, 0x79, 0x02, 0x03, 0x02,
660 0x02, 0x00, 0x01, 0xBA, 0x7D, 0x01, 0x0A, 0x08, 0x03, 0x00, 0xBA, 0x7D,
661 0x02, 0x00, 0x09, 0x00, 0x02, 0x03, 0x00, 0x03, 0x01, 0xA8, 0x25, 0x02,
662 0x01, 0x02, 0x00, 0x72, 0x05, 0x02, 0x48, 0x28, 0x00, 0x00, 0x34, 0xB3,
663 0x01, 0x02, 0x78, 0x0B, 0xAB, 0x00, 0x03, 0x25, 0x03, 0x00, 0x03, 0x01,
664 0x03, 0x02, 0xAD, 0xBA, 0x25, 0x01, 0x81, 0x00, 0x13, 0x06, 0x02, 0x54,
665 0x28, 0x25, 0x01, 0x00, 0x11, 0x06, 0x0B, 0x24, 0x25, 0x05, 0x04, 0x24,
666 0x01, 0x00, 0x00, 0xBA, 0x04, 0x6F, 0x02, 0x01, 0x25, 0x05, 0x02, 0x50,
667 0x28, 0x41, 0x03, 0x01, 0x02, 0x02, 0x37, 0x02, 0x02, 0x40, 0x03, 0x02,
668 0x25, 0x06, 0x03, 0xBA, 0x04, 0x68, 0x24, 0x02, 0x00, 0x02, 0x01, 0x0A,
669 0x00, 0x01, 0xBA, 0x25, 0x01, 0x81, 0x00, 0x0D, 0x06, 0x01, 0x00, 0x01,
670 0x81, 0x00, 0x0A, 0x25, 0x05, 0x02, 0x4E, 0x28, 0x03, 0x00, 0x01, 0x00,
671 0x02, 0x00, 0x01, 0x00, 0x12, 0x06, 0x19, 0x02, 0x00, 0x41, 0x03, 0x00,
672 0x25, 0x01, 0x83, 0xFF, 0xFF, 0x7F, 0x12, 0x06, 0x02, 0x4F, 0x28, 0x01,
673 0x08, 0x0E, 0x3B, 0xBA, 0x34, 0x09, 0x04, 0x60, 0x00, 0x00, 0xAC, 0x95,
674 0x00, 0x00, 0xAD, 0xC2, 0x00, 0x00, 0xB3, 0x76, 0xAD, 0x00, 0x01, 0xAD,
675 0x25, 0x05, 0x02, 0x54, 0x28, 0xBA, 0x25, 0x01, 0x81, 0x00, 0x13, 0x06,
676 0x02, 0x54, 0x28, 0x03, 0x00, 0x25, 0x06, 0x16, 0xBA, 0x02, 0x00, 0x25,
677 0x01, 0x87, 0xFF, 0xFF, 0x7F, 0x13, 0x06, 0x02, 0x54, 0x28, 0x01, 0x08,
678 0x0E, 0x09, 0x03, 0x00, 0x04, 0x67, 0x24, 0x02, 0x00, 0x00, 0x00, 0xAD,
679 0x25, 0x01, 0x81, 0x7F, 0x12, 0x06, 0x08, 0xC2, 0x01, 0x00, 0x67, 0x37,
680 0x01, 0x00, 0x00, 0x25, 0x67, 0x37, 0x67, 0x40, 0xA5, 0x01, 0x7F, 0x00,
681 0x00, 0xB3, 0x01, 0x0C, 0x30, 0x11, 0x06, 0x05, 0x24, 0x75, 0xB6, 0x04,
682 0x3E, 0x01, 0x12, 0x30, 0x11, 0x06, 0x05, 0x24, 0x75, 0xB7, 0x04, 0x33,
683 0x01, 0x13, 0x30, 0x11, 0x06, 0x05, 0x24, 0x75, 0xB7, 0x04, 0x28, 0x01,
684 0x14, 0x30, 0x11, 0x06, 0x05, 0x24, 0x75, 0xB7, 0x04, 0x1D, 0x01, 0x16,
685 0x30, 0x11, 0x06, 0x05, 0x24, 0x75, 0xB7, 0x04, 0x12, 0x01, 0x1E, 0x30,
686 0x11, 0x06, 0x05, 0x24, 0x75, 0xB5, 0x04, 0x07, 0x42, 0xAE, 0x01, 0x00,
687 0x01, 0x00, 0x24, 0x00, 0x01, 0xBA, 0x03, 0x00, 0x02, 0x00, 0x01, 0x05,
688 0x14, 0x01, 0x01, 0x15, 0x2D, 0x02, 0x00, 0x01, 0x06, 0x14, 0x25, 0x01,
689 0x01, 0x15, 0x06, 0x02, 0x46, 0x28, 0x01, 0x04, 0x0E, 0x02, 0x00, 0x01,
690 0x1F, 0x15, 0x25, 0x01, 0x1F, 0x11, 0x06, 0x02, 0x47, 0x28, 0x09, 0x00,
691 0x00, 0x25, 0x05, 0x05, 0x01, 0x00, 0x01, 0x7F, 0x00, 0xB3, 0x00, 0x01,
692 0xAD, 0x25, 0x05, 0x05, 0x67, 0x37, 0x01, 0x7F, 0x00, 0x01, 0x01, 0x03,
693 0x00, 0x9F, 0x25, 0x01, 0x83, 0xFF, 0x7E, 0x11, 0x06, 0x16, 0x24, 0x25,
694 0x06, 0x10, 0xA0, 0x25, 0x05, 0x05, 0x24, 0xC2, 0x01, 0x00, 0x00, 0x02,
695 0x00, 0x84, 0x03, 0x00, 0x04, 0x6D, 0x04, 0x1B, 0x25, 0x05, 0x05, 0x24,
696 0xC2, 0x01, 0x00, 0x00, 0x02, 0x00, 0x84, 0x03, 0x00, 0x25, 0x06, 0x0B,
697 0x9F, 0x25, 0x05, 0x05, 0x24, 0xC2, 0x01, 0x00, 0x00, 0x04, 0x6D, 0x24,
698 0x02, 0x00, 0x25, 0x05, 0x01, 0x00, 0x41, 0x67, 0x37, 0x01, 0x7F, 0x00,
699 0x01, 0xAD, 0x01, 0x01, 0x03, 0x00, 0x25, 0x06, 0x10, 0xA1, 0x25, 0x05,
700 0x05, 0x24, 0xC2, 0x01, 0x00, 0x00, 0x02, 0x00, 0x84, 0x03, 0x00, 0x04,
701 0x6D, 0x24, 0x02, 0x00, 0x25, 0x05, 0x01, 0x00, 0x41, 0x67, 0x37, 0x01,
702 0x7F, 0x00, 0x01, 0xAD, 0x01, 0x01, 0x03, 0x00, 0x25, 0x06, 0x10, 0xBA,
703 0x25, 0x05, 0x05, 0x24, 0xC2, 0x01, 0x00, 0x00, 0x02, 0x00, 0x84, 0x03,
704 0x00, 0x04, 0x6D, 0x24, 0x02, 0x00, 0x25, 0x05, 0x01, 0x00, 0x41, 0x67,
705 0x37, 0x01, 0x7F, 0x00, 0x00, 0xBA, 0x01, 0x08, 0x0E, 0x3B, 0xBA, 0x34,
706 0x09, 0x00, 0x00, 0xBA, 0x3B, 0xBA, 0x01, 0x08, 0x0E, 0x34, 0x09, 0x00,
707 0x00, 0x25, 0x05, 0x02, 0x4F, 0x28, 0x41, 0xBB, 0x00, 0x00, 0x32, 0x25,
708 0x01, 0x00, 0x13, 0x06, 0x01, 0x00, 0x24, 0x19, 0x04, 0x74, 0x00, 0x01,
709 0x01, 0x00, 0x00, 0x01, 0x0B, 0x00, 0x00, 0x01, 0x15, 0x00, 0x00, 0x01,
710 0x1F, 0x00, 0x00, 0x01, 0x29, 0x00, 0x00, 0x01, 0x33, 0x00, 0x00, 0xC3,
711 0x24, 0x00, 0x00, 0x25, 0x06, 0x07, 0xC4, 0x25, 0x06, 0x01, 0x19, 0x04,
712 0x76, 0x00, 0x00, 0x01, 0x00, 0x30, 0x31, 0x0B, 0x42, 0x00, 0x00, 0x01,
713 0x81, 0x70, 0x00, 0x00, 0x01, 0x82, 0x0D, 0x00, 0x00, 0x01, 0x82, 0x22,
714 0x00, 0x00, 0x01, 0x82, 0x05, 0x00, 0x00, 0x01, 0x03, 0x33, 0x01, 0x03,
715 0x33, 0x00, 0x00, 0x25, 0x01, 0x83, 0xFB, 0x50, 0x01, 0x83, 0xFD, 0x5F,
716 0x72, 0x06, 0x04, 0x24, 0x01, 0x00, 0x00, 0x25, 0x01, 0x83, 0xB0, 0x00,
717 0x01, 0x83, 0xBF, 0x7F, 0x72, 0x06, 0x04, 0x24, 0x01, 0x00, 0x00, 0x01,
718 0x83, 0xFF, 0x7F, 0x15, 0x01, 0x83, 0xFF, 0x7E, 0x0D, 0x00
721 static const uint16_t t0_caddr
[] = {
866 #define T0_INTERPRETED 61
868 #define T0_ENTER(ip, rp, slot) do { \
869 const unsigned char *t0_newip; \
871 t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \
872 t0_lnum = t0_parse7E_unsigned(&t0_newip); \
874 *((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \
878 #define T0_DEFENTRY(name, slot) \
882 t0_context *t0ctx = ctx; \
883 t0ctx->ip = &t0_codeblock[0]; \
884 T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \
887 T0_DEFENTRY(br_x509_minimal_init_main
, 147)
889 #define T0_NEXT(t0ipp) (*(*(t0ipp)) ++)
892 br_x509_minimal_run(void *t0ctx
)
895 const unsigned char *ip
;
897 #define T0_LOCAL(x) (*(rp - 2 - (x)))
898 #define T0_POP() (*-- dp)
899 #define T0_POPi() (*(int32_t *)(-- dp))
900 #define T0_PEEK(x) (*(dp - 1 - (x)))
901 #define T0_PEEKi(x) (*(int32_t *)(dp - 1 - (x)))
902 #define T0_PUSH(v) do { *dp = (v); dp ++; } while (0)
903 #define T0_PUSHi(v) do { *(int32_t *)dp = (v); dp ++; } while (0)
904 #define T0_RPOP() (*-- rp)
905 #define T0_RPOPi() (*(int32_t *)(-- rp))
906 #define T0_RPUSH(v) do { *rp = (v); rp ++; } while (0)
907 #define T0_RPUSHi(v) do { *(int32_t *)rp = (v); rp ++; } while (0)
908 #define T0_ROLL(x) do { \
909 size_t t0len = (size_t)(x); \
910 uint32_t t0tmp = *(dp - 1 - t0len); \
911 memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \
914 #define T0_SWAP() do { \
915 uint32_t t0tmp = *(dp - 2); \
916 *(dp - 2) = *(dp - 1); \
919 #define T0_ROT() do { \
920 uint32_t t0tmp = *(dp - 3); \
921 *(dp - 3) = *(dp - 2); \
922 *(dp - 2) = *(dp - 1); \
925 #define T0_NROT() do { \
926 uint32_t t0tmp = *(dp - 1); \
927 *(dp - 1) = *(dp - 2); \
928 *(dp - 2) = *(dp - 3); \
931 #define T0_PICK(x) do { \
932 uint32_t t0depth = (x); \
933 T0_PUSH(T0_PEEK(t0depth)); \
935 #define T0_CO() do { \
938 #define T0_RET() goto t0_next
940 dp
= ((t0_context
*)t0ctx
)->dp
;
941 rp
= ((t0_context
*)t0ctx
)->rp
;
942 ip
= ((t0_context
*)t0ctx
)->ip
;
949 if (t0x
< T0_INTERPRETED
) {
961 ip
= &t0_codeblock
[t0x
];
963 case 1: /* literal constant */
964 T0_PUSHi(t0_parse7E_signed(&ip
));
966 case 2: /* read local */
967 T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip
)));
969 case 3: /* write local */
970 T0_LOCAL(t0_parse7E_unsigned(&ip
)) = T0_POP();
973 t0off
= t0_parse7E_signed(&ip
);
976 case 5: /* jump if */
977 t0off
= t0_parse7E_signed(&ip
);
982 case 6: /* jump if not */
983 t0off
= t0_parse7E_signed(&ip
);
991 int32_t b
= T0_POPi();
992 int32_t a
= T0_POPi();
1000 uint32_t b
= T0_POP();
1001 uint32_t a
= T0_POP();
1009 uint32_t b
= T0_POP();
1010 uint32_t a
= T0_POP();
1018 uint32_t b
= T0_POP();
1019 uint32_t a
= T0_POP();
1032 int32_t b
= T0_POPi();
1033 int32_t a
= T0_POPi();
1041 int32_t b
= T0_POPi();
1042 int32_t a
= T0_POPi();
1043 T0_PUSH(-(uint32_t)(a
< b
));
1050 int c
= (int)T0_POPi();
1051 uint32_t x
= T0_POP();
1059 int32_t b
= T0_POPi();
1060 int32_t a
= T0_POPi();
1061 T0_PUSH(-(uint32_t)(a
<= b
));
1068 uint32_t b
= T0_POP();
1069 uint32_t a
= T0_POP();
1070 T0_PUSH(-(uint32_t)(a
!= b
));
1077 uint32_t b
= T0_POP();
1078 uint32_t a
= T0_POP();
1079 T0_PUSH(-(uint32_t)(a
== b
));
1086 int32_t b
= T0_POPi();
1087 int32_t a
= T0_POPi();
1088 T0_PUSH(-(uint32_t)(a
> b
));
1095 int32_t b
= T0_POPi();
1096 int32_t a
= T0_POPi();
1097 T0_PUSH(-(uint32_t)(a
>= b
));
1104 int c
= (int)T0_POPi();
1105 int32_t x
= T0_POPi();
1113 uint32_t b
= T0_POP();
1114 uint32_t a
= T0_POP();
1122 size_t len
= T0_POP();
1123 unsigned char *src
= (unsigned char *)CTX
+ T0_POP();
1124 unsigned char *dst
= (unsigned char *)CTX
+ T0_POP();
1125 memcpy(dst
, src
, len
);
1130 /* check-direct-trust */
1134 for (u
= 0; u
< CTX
->trust_anchors_num
; u
++) {
1135 const br_x509_trust_anchor
*ta
;
1136 unsigned char hashed_DN
[64];
1139 ta
= &CTX
->trust_anchors
[u
];
1140 if (ta
->flags
& BR_X509_TA_CA
) {
1143 hash_dn(CTX
, ta
->dn
.data
, ta
->dn
.len
, hashed_DN
);
1144 if (memcmp(hashed_DN
, CTX
->current_dn_hash
, DNHASH_LEN
)) {
1147 kt
= CTX
->pkey
.key_type
;
1148 if ((ta
->pkey
.key_type
& 0x0F) != kt
) {
1153 case BR_KEYTYPE_RSA
:
1154 if (!eqbigint(CTX
->pkey
.key
.rsa
.n
,
1155 CTX
->pkey
.key
.rsa
.nlen
,
1157 ta
->pkey
.key
.rsa
.nlen
)
1158 || !eqbigint(CTX
->pkey
.key
.rsa
.e
,
1159 CTX
->pkey
.key
.rsa
.elen
,
1161 ta
->pkey
.key
.rsa
.elen
))
1168 if (CTX
->pkey
.key
.ec
.curve
!= ta
->pkey
.key
.ec
.curve
1169 || CTX
->pkey
.key
.ec
.qlen
!= ta
->pkey
.key
.ec
.qlen
1170 || memcmp(CTX
->pkey
.key
.ec
.q
,
1172 ta
->pkey
.key
.ec
.qlen
) != 0)
1183 * Direct trust match!
1185 CTX
->err
= BR_ERR_X509_OK
;
1192 /* check-trust-anchor-CA */
1196 for (u
= 0; u
< CTX
->trust_anchors_num
; u
++) {
1197 const br_x509_trust_anchor
*ta
;
1198 unsigned char hashed_DN
[64];
1200 ta
= &CTX
->trust_anchors
[u
];
1201 if (!(ta
->flags
& BR_X509_TA_CA
)) {
1204 hash_dn(CTX
, ta
->dn
.data
, ta
->dn
.len
, hashed_DN
);
1205 if (memcmp(hashed_DN
, CTX
->saved_dn_hash
, DNHASH_LEN
)) {
1208 if (verify_signature(CTX
, &ta
->pkey
) == 0) {
1209 CTX
->err
= BR_ERR_X509_OK
;
1222 /* compute-dn-hash */
1224 CTX
->dn_hash_impl
->out(&CTX
->dn_hash
.vtable
, CTX
->current_dn_hash
);
1225 CTX
->do_dn_hash
= 0;
1230 /* compute-tbs-hash */
1234 len
= br_multihash_out(&CTX
->mhash
, id
, CTX
->tbs_hash
);
1240 /* copy-ee-ec-pkey */
1242 size_t qlen
= T0_POP();
1243 uint32_t curve
= T0_POP();
1244 memcpy(CTX
->ee_pkey_data
, CTX
->pkey_data
, qlen
);
1245 CTX
->pkey
.key_type
= BR_KEYTYPE_EC
;
1246 CTX
->pkey
.key
.ec
.curve
= curve
;
1247 CTX
->pkey
.key
.ec
.q
= CTX
->ee_pkey_data
;
1248 CTX
->pkey
.key
.ec
.qlen
= qlen
;
1253 /* copy-ee-rsa-pkey */
1255 size_t elen
= T0_POP();
1256 size_t nlen
= T0_POP();
1257 memcpy(CTX
->ee_pkey_data
, CTX
->pkey_data
, nlen
+ elen
);
1258 CTX
->pkey
.key_type
= BR_KEYTYPE_RSA
;
1259 CTX
->pkey
.key
.rsa
.n
= CTX
->ee_pkey_data
;
1260 CTX
->pkey
.key
.rsa
.nlen
= nlen
;
1261 CTX
->pkey
.key
.rsa
.e
= CTX
->ee_pkey_data
+ nlen
;
1262 CTX
->pkey
.key
.rsa
.elen
= elen
;
1269 unsigned tag
= T0_POP();
1270 unsigned ok
= T0_POP();
1274 for (u
= 0; u
< CTX
->num_name_elts
; u
++) {
1275 br_name_element
*ne
;
1277 ne
= &CTX
->name_elts
[u
];
1278 if (ne
->status
== 0 && ne
->oid
[0] == 0 && ne
->oid
[1] == tag
) {
1279 if (ok
&& ne
->len
> len
) {
1280 memcpy(ne
->buf
, CTX
->pad
+ 1, len
);
1293 /* copy-name-element */
1296 int32_t off
= T0_POPi();
1300 br_name_element
*ne
= &CTX
->name_elts
[off
];
1304 if (len
< ne
->len
) {
1305 memcpy(ne
->buf
, CTX
->pad
+ 1, len
);
1321 size_t addr
= T0_POP();
1322 T0_PUSH(t0_datablock
[addr
]);
1327 /* dn-hash-length */
1329 T0_PUSH(DNHASH_LEN
);
1336 size_t qlen
= T0_POP();
1337 int curve
= T0_POP();
1340 pk
.key_type
= BR_KEYTYPE_EC
;
1341 pk
.key
.ec
.curve
= curve
;
1342 pk
.key
.ec
.q
= CTX
->pkey_data
;
1343 pk
.key
.ec
.qlen
= qlen
;
1344 T0_PUSH(verify_signature(CTX
, &pk
));
1351 size_t elen
= T0_POP();
1352 size_t nlen
= T0_POP();
1355 pk
.key_type
= BR_KEYTYPE_RSA
;
1356 pk
.key
.rsa
.n
= CTX
->pkey_data
;
1357 pk
.key
.rsa
.nlen
= nlen
;
1358 pk
.key
.rsa
.e
= CTX
->pkey_data
+ nlen
;
1359 pk
.key
.rsa
.elen
= elen
;
1360 T0_PUSH(verify_signature(CTX
, &pk
));
1371 T0_PUSH(T0_PEEK(0));
1377 const unsigned char *a2
= &t0_datablock
[T0_POP()];
1378 const unsigned char *a1
= &CTX
->pad
[0];
1382 x
= -(memcmp(a1
+ 1, a2
+ 1, len
) == 0);
1386 T0_PUSH((uint32_t)x
);
1393 size_t len
= T0_POP();
1394 const unsigned char *a2
= (const unsigned char *)CTX
+ T0_POP();
1395 const unsigned char *a1
= (const unsigned char *)CTX
+ T0_POP();
1396 T0_PUSHi(-(memcmp(a1
, a2
, len
) == 0));
1403 CTX
->err
= T0_POPi();
1409 /* get-system-date */
1411 if (CTX
->days
== 0 && CTX
->seconds
== 0) {
1412 #if BR_USE_UNIX_TIME
1413 time_t x
= time(NULL
);
1415 T0_PUSH((uint32_t)(x
/ 86400) + 719528);
1416 T0_PUSH((uint32_t)(x
% 86400));
1417 #elif BR_USE_WIN32_TIME
1421 GetSystemTimeAsFileTime(&ft
);
1422 x
= ((uint64_t)ft
.dwHighDateTime
<< 32)
1423 + (uint64_t)ft
.dwLowDateTime
;
1425 T0_PUSH((uint32_t)(x
/ 86400) + 584754);
1426 T0_PUSH((uint32_t)(x
% 86400));
1428 CTX
->err
= BR_ERR_X509_TIME_UNKNOWN
;
1433 T0_PUSH(CTX
->seconds
);
1441 uint32_t addr
= T0_POP();
1442 T0_PUSH(*(uint16_t *)((unsigned char *)CTX
+ addr
));
1449 uint32_t addr
= T0_POP();
1450 T0_PUSH(*(uint32_t *)((unsigned char *)CTX
+ addr
));
1455 /* match-server-name */
1459 if (CTX
->server_name
== NULL
) {
1463 n1
= strlen(CTX
->server_name
);
1465 if (n1
== n2
&& eqnocase(&CTX
->pad
[1], CTX
->server_name
, n1
)) {
1469 if (n2
>= 2 && CTX
->pad
[1] == '*' && CTX
->pad
[2] == '.') {
1473 while (u
< n1
&& CTX
->server_name
[u
] != '.') {
1479 && eqnocase(&CTX
->pad
[3], CTX
->server_name
+ u
, n1
))
1492 uint32_t a
= T0_POP();
1498 /* offset-name-element */
1500 unsigned san
= T0_POP();
1503 for (u
= 0; u
< CTX
->num_name_elts
; u
++) {
1504 if (CTX
->name_elts
[u
].status
== 0) {
1505 const unsigned char *oid
;
1508 oid
= CTX
->name_elts
[u
].oid
;
1510 if (oid
[0] != 0 || oid
[1] != 0) {
1518 if (len
!= 0 && len
== CTX
->pad
[0]
1519 && memcmp(oid
+ off
+ 1,
1520 CTX
->pad
+ 1, len
) == 0)
1534 uint32_t b
= T0_POP();
1535 uint32_t a
= T0_POP();
1542 T0_PUSH(T0_PEEK(1));
1546 /* read-blob-inner */
1548 uint32_t len
= T0_POP();
1549 uint32_t addr
= T0_POP();
1550 size_t clen
= CTX
->hlen
;
1555 memcpy((unsigned char *)CTX
+ addr
, CTX
->hbuf
, clen
);
1557 if (CTX
->do_mhash
) {
1558 br_multihash_update(&CTX
->mhash
, CTX
->hbuf
, clen
);
1560 if (CTX
->do_dn_hash
) {
1561 CTX
->dn_hash_impl
->update(
1562 &CTX
->dn_hash
.vtable
, CTX
->hbuf
, clen
);
1566 T0_PUSH(addr
+ clen
);
1567 T0_PUSH(len
- clen
);
1574 if (CTX
->hlen
== 0) {
1577 unsigned char x
= *CTX
->hbuf
++;
1578 if (CTX
->do_mhash
) {
1579 br_multihash_update(&CTX
->mhash
, &x
, 1);
1581 if (CTX
->do_dn_hash
) {
1582 CTX
->dn_hash_impl
->update(&CTX
->dn_hash
.vtable
, &x
, 1);
1603 uint32_t addr
= T0_POP();
1604 *(uint16_t *)((unsigned char *)CTX
+ addr
) = T0_POP();
1611 uint32_t addr
= T0_POP();
1612 *(uint32_t *)((unsigned char *)CTX
+ addr
) = T0_POP();
1619 uint32_t addr
= T0_POP();
1620 *((unsigned char *)CTX
+ addr
) = (unsigned char)T0_POP();
1627 CTX
->dn_hash_impl
->init(&CTX
->dn_hash
.vtable
);
1628 CTX
->do_dn_hash
= 1;
1633 /* start-tbs-hash */
1635 br_multihash_init(&CTX
->mhash
);
1653 /* zero-server-name */
1655 T0_PUSHi(-(CTX
->server_name
== NULL
));
1662 T0_ENTER(ip
, rp
, t0x
);
1666 ((t0_context
*)t0ctx
)->dp
= dp
;
1667 ((t0_context
*)t0ctx
)->rp
= rp
;
1668 ((t0_context
*)t0ctx
)->ip
= ip
;
1674 * Verify the signature on the certificate with the provided public key.
1675 * This function checks the public key type with regards to the expected
1676 * type. Returned value is either 0 on success, or a non-zero error code.
1679 verify_signature(br_x509_minimal_context
*ctx
, const br_x509_pkey
*pk
)
1683 kt
= ctx
->cert_signer_key_type
;
1684 if ((pk
->key_type
& 0x0F) != kt
) {
1685 return BR_ERR_X509_WRONG_KEY_TYPE
;
1688 unsigned char tmp
[64];
1690 case BR_KEYTYPE_RSA
:
1691 if (ctx
->irsa
== 0) {
1692 return BR_ERR_X509_UNSUPPORTED
;
1694 if (!ctx
->irsa(ctx
->cert_sig
, ctx
->cert_sig_len
,
1695 &t0_datablock
[ctx
->cert_sig_hash_oid
],
1696 ctx
->cert_sig_hash_len
, &pk
->key
.rsa
, tmp
))
1698 return BR_ERR_X509_BAD_SIGNATURE
;
1700 if (memcmp(ctx
->tbs_hash
, tmp
, ctx
->cert_sig_hash_len
) != 0) {
1701 return BR_ERR_X509_BAD_SIGNATURE
;
1706 if (ctx
->iecdsa
== 0) {
1707 return BR_ERR_X509_UNSUPPORTED
;
1709 if (!ctx
->iecdsa(ctx
->iec
, ctx
->tbs_hash
,
1710 ctx
->cert_sig_hash_len
, &pk
->key
.ec
,
1711 ctx
->cert_sig
, ctx
->cert_sig_len
))
1713 return BR_ERR_X509_BAD_SIGNATURE
;
1718 return BR_ERR_X509_UNSUPPORTED
;