1f7cace7e9e17cad6a9ccf393b99552deaaa6309
[BearSSL] / ssl_hs_server.c
1 /* Automatically generated code; do not modify directly. */
2
3 #include <stddef.h>
4 #include <stdint.h>
5
6 typedef struct {
7 uint32_t *dp;
8 uint32_t *rp;
9 const unsigned char *ip;
10 } t0_context;
11
12 static uint32_t
13 t0_parse7E_unsigned(const unsigned char **p)
14 {
15 uint32_t x;
16
17 x = 0;
18 for (;;) {
19 unsigned y;
20
21 y = *(*p) ++;
22 x = (x << 7) | (uint32_t)(y & 0x7F);
23 if (y < 0x80) {
24 return x;
25 }
26 }
27 }
28
29 static int32_t
30 t0_parse7E_signed(const unsigned char **p)
31 {
32 int neg;
33 uint32_t x;
34
35 neg = ((**p) >> 6) & 1;
36 x = (uint32_t)-neg;
37 for (;;) {
38 unsigned y;
39
40 y = *(*p) ++;
41 x = (x << 7) | (uint32_t)(y & 0x7F);
42 if (y < 0x80) {
43 if (neg) {
44 return -(int32_t)~x - 1;
45 } else {
46 return (int32_t)x;
47 }
48 }
49 }
50 }
51
52 #define T0_VBYTE(x, n) (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) | 0x80)
53 #define T0_FBYTE(x, n) (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)
54 #define T0_SBYTE(x) (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)
55 #define T0_INT1(x) T0_FBYTE(x, 0)
56 #define T0_INT2(x) T0_VBYTE(x, 7), T0_FBYTE(x, 0)
57 #define T0_INT3(x) T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
58 #define T0_INT4(x) T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
59 #define T0_INT5(x) T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
60
61 static const uint8_t t0_datablock[];
62
63
64 void br_ssl_hs_server_init_main(void *t0ctx);
65
66 void br_ssl_hs_server_run(void *t0ctx);
67
68
69
70 #include <stddef.h>
71 #include <string.h>
72
73 #include "inner.h"
74
75 /*
76 * This macro evaluates to a pointer to the current engine context.
77 */
78 #define ENG ((br_ssl_engine_context *)((unsigned char *)t0ctx - offsetof(br_ssl_engine_context, cpu)))
79
80
81
82
83
84 /*
85 * This macro evaluates to a pointer to the server context, under that
86 * specific name. It must be noted that since the engine context is the
87 * first field of the br_ssl_server_context structure ('eng'), then
88 * pointers values of both types are interchangeable, modulo an
89 * appropriate cast. This also means that "adresses" computed as offsets
90 * within the structure work for both kinds of context.
91 */
92 #define CTX ((br_ssl_server_context *)ENG)
93
94 /*
95 * Decrypt the pre-master secret (RSA key exchange).
96 */
97 static void
98 do_rsa_decrypt(br_ssl_server_context *ctx, int prf_id,
99 unsigned char *epms, size_t len)
100 {
101 uint32_t x;
102 unsigned char rpms[48];
103
104 /*
105 * Decrypt the PMS.
106 */
107 x = (*ctx->policy_vtable)->do_keyx(ctx->policy_vtable, epms, len);
108
109 /*
110 * Set the first two bytes to the maximum supported client
111 * protocol version. These bytes are used for version rollback
112 * detection; forceing the two bytes will make the master secret
113 * wrong if the bytes are not correct. This process is
114 * recommended by RFC 5246 (section 7.4.7.1).
115 */
116 br_enc16be(epms, ctx->client_max_version);
117
118 /*
119 * Make a random PMS and copy it above the decrypted value if the
120 * decryption failed. Note that we use a constant-time conditional
121 * copy.
122 */
123 br_hmac_drbg_generate(&ctx->eng.rng, rpms, sizeof rpms);
124 br_ccopy(x ^ 1, epms, rpms, sizeof rpms);
125
126 /*
127 * Compute master secret.
128 */
129 br_ssl_engine_compute_master(&ctx->eng, prf_id, epms, 48);
130
131 /*
132 * Clear the pre-master secret from RAM: it is normally a buffer
133 * in the context, hence potentially long-lived.
134 */
135 memset(epms, 0, len);
136 }
137
138 /*
139 * Common part for ECDH and ECDHE.
140 */
141 static void
142 ecdh_common(br_ssl_server_context *ctx, int prf_id,
143 unsigned char *cpoint, size_t cpoint_len, uint32_t ctl)
144 {
145 unsigned char rpms[80];
146 size_t pms_len;
147
148 /*
149 * The point length is supposed to be 1+2*Xlen, where Xlen is
150 * the length (in bytes) of the X coordinate, i.e. the pre-master
151 * secret. If the provided point is too large, then it is
152 * obviously incorrect (i.e. everybody can see that it is
153 * incorrect), so leaking that fact is not a problem.
154 */
155 pms_len = cpoint_len >> 1;
156 if (pms_len > sizeof rpms) {
157 pms_len = sizeof rpms;
158 ctl = 0;
159 }
160
161 /*
162 * Make a random PMS and copy it above the decrypted value if the
163 * decryption failed. Note that we use a constant-time conditional
164 * copy.
165 */
166 br_hmac_drbg_generate(&ctx->eng.rng, rpms, pms_len);
167 br_ccopy(ctl ^ 1, cpoint + 1, rpms, pms_len);
168
169 /*
170 * Compute master secret.
171 */
172 br_ssl_engine_compute_master(&ctx->eng, prf_id, cpoint + 1, pms_len);
173
174 /*
175 * Clear the pre-master secret from RAM: it is normally a buffer
176 * in the context, hence potentially long-lived.
177 */
178 memset(cpoint, 0, cpoint_len);
179 }
180
181 /*
182 * Do the ECDH key exchange (not ECDHE).
183 */
184 static void
185 do_ecdh(br_ssl_server_context *ctx, int prf_id,
186 unsigned char *cpoint, size_t cpoint_len)
187 {
188 uint32_t x;
189
190 /*
191 * Finalise the key exchange.
192 */
193 x = (*ctx->policy_vtable)->do_keyx(ctx->policy_vtable,
194 cpoint, cpoint_len);
195 ecdh_common(ctx, prf_id, cpoint, cpoint_len, x);
196 }
197
198 /*
199 * Do the ECDHE key exchange (part 1: generation of transient key, and
200 * computing of the point to send to the client). Returned value is the
201 * signature length (in bytes), or -x on error (with x being an error
202 * code). The encoded point is written in the ecdhe_point[] context buffer
203 * (length in ecdhe_point_len).
204 */
205 static int
206 do_ecdhe_part1(br_ssl_server_context *ctx, int curve)
207 {
208 int hash;
209 unsigned mask;
210 const unsigned char *order, *generator;
211 size_t olen, glen;
212 br_multihash_context mhc;
213 unsigned char head[4];
214 size_t hv_len, sig_len;
215
216 if (!((ctx->eng.iec->supported_curves >> curve) & 1)) {
217 return -BR_ERR_INVALID_ALGORITHM;
218 }
219 ctx->eng.ecdhe_curve = curve;
220
221 /*
222 * Generate our private key. We need a non-zero random value
223 * which is lower than the curve order, in a "large enough"
224 * range. We force the top bit to 0 and bottom bit to 1, which
225 * does the trick. Note that contrary to what happens in ECDSA,
226 * this is not a problem if we do not cover the full range of
227 * possible values.
228 */
229 order = ctx->eng.iec->order(curve, &olen);
230 mask = 0xFF;
231 while (mask >= order[0]) {
232 mask >>= 1;
233 }
234 br_hmac_drbg_generate(&ctx->eng.rng, ctx->ecdhe_key, olen);
235 ctx->ecdhe_key[0] &= mask;
236 ctx->ecdhe_key[olen - 1] |= 0x01;
237 ctx->ecdhe_key_len = olen;
238
239 /*
240 * Compute our ECDH point.
241 */
242 generator = ctx->eng.iec->generator(curve, &glen);
243 memcpy(ctx->eng.ecdhe_point, generator, glen);
244 ctx->eng.ecdhe_point_len = glen;
245 if (!ctx->eng.iec->mul(ctx->eng.ecdhe_point, glen,
246 ctx->ecdhe_key, olen, curve))
247 {
248 return -BR_ERR_INVALID_ALGORITHM;
249 }
250
251 /*
252 * Compute the signature.
253 */
254 br_multihash_zero(&mhc);
255 br_multihash_copyimpl(&mhc, &ctx->eng.mhash);
256 br_multihash_init(&mhc);
257 br_multihash_update(&mhc,
258 ctx->eng.client_random, sizeof ctx->eng.client_random);
259 br_multihash_update(&mhc,
260 ctx->eng.server_random, sizeof ctx->eng.server_random);
261 head[0] = 3;
262 head[1] = 0;
263 head[2] = curve;
264 head[3] = ctx->eng.ecdhe_point_len;
265 br_multihash_update(&mhc, head, sizeof head);
266 br_multihash_update(&mhc,
267 ctx->eng.ecdhe_point, ctx->eng.ecdhe_point_len);
268 hash = ctx->sign_hash_id;
269 if (hash) {
270 hv_len = br_multihash_out(&mhc, hash, ctx->eng.pad);
271 if (hv_len == 0) {
272 return -BR_ERR_INVALID_ALGORITHM;
273 }
274 } else {
275 if (!br_multihash_out(&mhc, br_md5_ID, ctx->eng.pad)
276 || !br_multihash_out(&mhc,
277 br_sha1_ID, ctx->eng.pad + 16))
278 {
279 return -BR_ERR_INVALID_ALGORITHM;
280 }
281 hv_len = 36;
282 }
283 sig_len = (*ctx->policy_vtable)->do_sign(ctx->policy_vtable,
284 hash, hv_len, ctx->eng.pad, sizeof ctx->eng.pad);
285 return sig_len ? (int)sig_len : -BR_ERR_INVALID_ALGORITHM;
286 }
287
288 /*
289 * Do the ECDHE key exchange (part 2: computation of the shared secret
290 * from the point sent by the client).
291 */
292 static void
293 do_ecdhe_part2(br_ssl_server_context *ctx, int prf_id,
294 unsigned char *cpoint, size_t cpoint_len)
295 {
296 int curve;
297 uint32_t x;
298
299 curve = ctx->eng.ecdhe_curve;
300
301 /*
302 * Finalise the key exchange.
303 */
304 x = ctx->eng.iec->mul(cpoint, cpoint_len,
305 ctx->ecdhe_key, ctx->ecdhe_key_len, curve);
306 ecdh_common(ctx, prf_id, cpoint, cpoint_len, x);
307
308 /*
309 * Clear the ECDHE private key. Forward Secrecy is achieved insofar
310 * as that key does not get stolen, so we'd better destroy it
311 * as soon as it ceases to be useful.
312 */
313 memset(ctx->ecdhe_key, 0, ctx->ecdhe_key_len);
314 }
315
316
317
318 static const uint8_t t0_datablock[] = {
319 0x00, 0x00, 0x0A, 0x00, 0x24, 0x00, 0x2F, 0x01, 0x24, 0x00, 0x35, 0x02,
320 0x24, 0x00, 0x3C, 0x01, 0x44, 0x00, 0x3D, 0x02, 0x44, 0x00, 0x9C, 0x03,
321 0x04, 0x00, 0x9D, 0x04, 0x05, 0xC0, 0x03, 0x40, 0x24, 0xC0, 0x04, 0x41,
322 0x24, 0xC0, 0x05, 0x42, 0x24, 0xC0, 0x08, 0x20, 0x24, 0xC0, 0x09, 0x21,
323 0x24, 0xC0, 0x0A, 0x22, 0x24, 0xC0, 0x0D, 0x30, 0x24, 0xC0, 0x0E, 0x31,
324 0x24, 0xC0, 0x0F, 0x32, 0x24, 0xC0, 0x12, 0x10, 0x24, 0xC0, 0x13, 0x11,
325 0x24, 0xC0, 0x14, 0x12, 0x24, 0xC0, 0x23, 0x21, 0x44, 0xC0, 0x24, 0x22,
326 0x55, 0xC0, 0x25, 0x41, 0x44, 0xC0, 0x26, 0x42, 0x55, 0xC0, 0x27, 0x11,
327 0x44, 0xC0, 0x28, 0x12, 0x55, 0xC0, 0x29, 0x31, 0x44, 0xC0, 0x2A, 0x32,
328 0x55, 0xC0, 0x2B, 0x23, 0x04, 0xC0, 0x2C, 0x24, 0x05, 0xC0, 0x2D, 0x43,
329 0x04, 0xC0, 0x2E, 0x44, 0x05, 0xC0, 0x2F, 0x13, 0x04, 0xC0, 0x30, 0x14,
330 0x05, 0xC0, 0x31, 0x33, 0x04, 0xC0, 0x32, 0x34, 0x05, 0xCC, 0xA8, 0x15,
331 0x04, 0xCC, 0xA9, 0x25, 0x04, 0x00, 0x00
332 };
333
334 static const uint8_t t0_codeblock[] = {
335 0x00, 0x01, 0x00, 0x0A, 0x00, 0x00, 0x01, 0x00, 0x0D, 0x00, 0x00, 0x01,
336 0x00, 0x0E, 0x00, 0x00, 0x01, 0x00, 0x0F, 0x00, 0x00, 0x01, 0x01, 0x08,
337 0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x02, 0x08, 0x00, 0x00,
338 0x21, 0x21, 0x00, 0x00, 0x01, T0_INT1(BR_ERR_BAD_CCS), 0x00, 0x00,
339 0x01, T0_INT1(BR_ERR_BAD_FINISHED), 0x00, 0x00, 0x01,
340 T0_INT1(BR_ERR_BAD_FRAGLEN), 0x00, 0x00, 0x01,
341 T0_INT1(BR_ERR_BAD_HANDSHAKE), 0x00, 0x00, 0x01,
342 T0_INT1(BR_ERR_BAD_PARAM), 0x00, 0x00, 0x01,
343 T0_INT1(BR_ERR_BAD_SECRENEG), 0x00, 0x00, 0x01,
344 T0_INT1(BR_ERR_BAD_VERSION), 0x00, 0x00, 0x01,
345 T0_INT1(BR_ERR_LIMIT_EXCEEDED), 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OK),
346 0x00, 0x00, 0x01, T0_INT1(BR_ERR_OVERSIZED_ID), 0x00, 0x00, 0x01,
347 T0_INT1(BR_ERR_UNEXPECTED), 0x00, 0x00, 0x01,
348 T0_INT2(offsetof(br_ssl_engine_context, action)), 0x00, 0x00, 0x01,
349 T0_INT2(offsetof(br_ssl_engine_context, alert)), 0x00, 0x00, 0x01,
350 T0_INT2(offsetof(br_ssl_engine_context, application_data)), 0x00, 0x00,
351 0x01,
352 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, cipher_suite)),
353 0x00, 0x00, 0x01,
354 T0_INT2(offsetof(br_ssl_server_context, client_max_version)), 0x00,
355 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, client_random)),
356 0x00, 0x00, 0x01,
357 T0_INT2(offsetof(br_ssl_server_context, client_suites)), 0x00, 0x00,
358 0x01, T0_INT2(offsetof(br_ssl_server_context, client_suites_num)),
359 0x00, 0x00, 0x01,
360 T0_INT2(offsetof(br_ssl_engine_context, close_received)), 0x00, 0x00,
361 0x01, T0_INT2(offsetof(br_ssl_server_context, curves)), 0x00, 0x00,
362 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point)), 0x00,
363 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, ecdhe_point_len)),
364 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, flags)),
365 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_server_context, hashes)),
366 0x00, 0x00, 0x5D, 0x01,
367 T0_INT2(BR_MAX_CIPHER_SUITES * sizeof(br_suite_translated)), 0x00,
368 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, log_max_frag_len)),
369 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, pad)), 0x00,
370 0x00, 0x01,
371 T0_INT2(offsetof(br_ssl_engine_context, peer_log_max_frag_len)), 0x00,
372 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, record_type_in)),
373 0x00, 0x00, 0x01,
374 T0_INT2(offsetof(br_ssl_engine_context, record_type_out)), 0x00, 0x00,
375 0x01, T0_INT2(offsetof(br_ssl_engine_context, reneg)), 0x00, 0x00,
376 0x01, T0_INT2(offsetof(br_ssl_engine_context, saved_finished)), 0x00,
377 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, server_name)),
378 0x00, 0x00, 0x01,
379 T0_INT2(offsetof(br_ssl_engine_context, server_random)), 0x00, 0x00,
380 0x01,
381 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id)),
382 0x00, 0x00, 0x01,
383 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, session_id_len)),
384 0x00, 0x00, 0x01,
385 T0_INT2(offsetof(br_ssl_engine_context, shutdown_recv)), 0x00, 0x00,
386 0x01, T0_INT2(offsetof(br_ssl_server_context, sign_hash_id)), 0x00,
387 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_buf)), 0x00,
388 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, suites_num)), 0x00,
389 0x00, 0x01,
390 T0_INT2(offsetof(br_ssl_engine_context, session) + offsetof(br_ssl_session_parameters, version)),
391 0x00, 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_in)),
392 0x00, 0x00, 0x01,
393 T0_INT2(offsetof(br_ssl_engine_context, version_max)), 0x00, 0x00,
394 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_min)), 0x00,
395 0x00, 0x01, T0_INT2(offsetof(br_ssl_engine_context, version_out)),
396 0x00, 0x00, 0x09, 0x22, 0x44, 0x06, 0x02, 0x50, 0x23, 0x00, 0x00, 0x01,
397 0x01, 0x00, 0x01, 0x03, 0x00, 0x7B, 0x22, 0x4A, 0x3B, 0x7F, 0x22, 0x05,
398 0x04, 0x4B, 0x01, 0x00, 0x00, 0x02, 0x00, 0x0E, 0x06, 0x02, 0x7F, 0x00,
399 0x4A, 0x04, 0x6B, 0x00, 0x06, 0x02, 0x50, 0x23, 0x00, 0x00, 0x22, 0x6C,
400 0x3B, 0x05, 0x03, 0x01, 0x0C, 0x08, 0x3B, 0x5A, 0x25, 0x81, 0x07, 0x19,
401 0x67, 0x01, 0x0C, 0x2A, 0x00, 0x00, 0x22, 0x1B, 0x01, 0x08, 0x0B, 0x3B,
402 0x48, 0x1B, 0x08, 0x00, 0x01, 0x03, 0x00, 0x01, 0x00, 0x59, 0x38, 0x24,
403 0x16, 0x2F, 0x06, 0x08, 0x02, 0x00, 0x81, 0x26, 0x03, 0x00, 0x04, 0x74,
404 0x01, 0x00, 0x81, 0x1E, 0x02, 0x00, 0x22, 0x16, 0x12, 0x06, 0x02, 0x54,
405 0x23, 0x81, 0x26, 0x04, 0x75, 0x00, 0x01, 0x00, 0x59, 0x38, 0x01, 0x16,
406 0x6A, 0x38, 0x2D, 0x81, 0x0B, 0x2C, 0x06, 0x02, 0x56, 0x23, 0x06, 0x0C,
407 0x81, 0x2C, 0x01, 0x00, 0x81, 0x29, 0x01, 0x00, 0x81, 0x0A, 0x04, 0x14,
408 0x81, 0x2C, 0x81, 0x2A, 0x81, 0x2E, 0x81, 0x2D, 0x24, 0x81, 0x0C, 0x01,
409 0x00, 0x81, 0x0A, 0x01, 0x00, 0x81, 0x29, 0x34, 0x01, 0x01, 0x59, 0x38,
410 0x01, 0x17, 0x6A, 0x38, 0x00, 0x00, 0x31, 0x31, 0x00, 0x01, 0x03, 0x00,
411 0x24, 0x16, 0x2F, 0x06, 0x05, 0x81, 0x25, 0x21, 0x04, 0x77, 0x01, 0x02,
412 0x02, 0x00, 0x81, 0x1D, 0x16, 0x2F, 0x06, 0x05, 0x81, 0x25, 0x21, 0x04,
413 0x77, 0x02, 0x00, 0x01, 0x84, 0x00, 0x08, 0x23, 0x00, 0x00, 0x63, 0x26,
414 0x3B, 0x11, 0x01, 0x01, 0x12, 0x2E, 0x00, 0x00, 0x01, 0x7F, 0x81, 0x01,
415 0x81, 0x25, 0x22, 0x01, 0x07, 0x12, 0x01, 0x00, 0x31, 0x0E, 0x06, 0x0A,
416 0x21, 0x01, 0x10, 0x12, 0x06, 0x02, 0x81, 0x1C, 0x04, 0x2E, 0x01, 0x01,
417 0x31, 0x0E, 0x06, 0x25, 0x21, 0x21, 0x6B, 0x27, 0x01, 0x01, 0x0E, 0x01,
418 0x01, 0x81, 0x04, 0x30, 0x06, 0x11, 0x24, 0x16, 0x2F, 0x06, 0x05, 0x81,
419 0x25, 0x21, 0x04, 0x77, 0x01, 0x80, 0x64, 0x81, 0x1E, 0x04, 0x04, 0x01,
420 0x00, 0x81, 0x01, 0x04, 0x03, 0x56, 0x23, 0x21, 0x04, 0xFF, 0x39, 0x01,
421 0x22, 0x03, 0x00, 0x09, 0x22, 0x44, 0x06, 0x02, 0x50, 0x23, 0x02, 0x00,
422 0x00, 0x00, 0x7C, 0x01, 0x0F, 0x12, 0x00, 0x00, 0x58, 0x27, 0x01, 0x00,
423 0x31, 0x0E, 0x06, 0x10, 0x21, 0x22, 0x01, 0x01, 0x0D, 0x06, 0x03, 0x21,
424 0x01, 0x02, 0x58, 0x38, 0x01, 0x00, 0x04, 0x22, 0x01, 0x01, 0x31, 0x0E,
425 0x06, 0x15, 0x21, 0x01, 0x00, 0x58, 0x38, 0x22, 0x01, 0x80, 0x64, 0x0E,
426 0x06, 0x05, 0x01, 0x82, 0x00, 0x08, 0x23, 0x46, 0x00, 0x04, 0x07, 0x21,
427 0x01, 0x82, 0x00, 0x08, 0x23, 0x21, 0x00, 0x00, 0x01, 0x00, 0x28, 0x06,
428 0x06, 0x33, 0x81, 0x08, 0x30, 0x04, 0x77, 0x22, 0x06, 0x04, 0x01, 0x01,
429 0x71, 0x38, 0x00, 0x00, 0x28, 0x06, 0x0B, 0x69, 0x27, 0x01, 0x14, 0x0D,
430 0x06, 0x02, 0x56, 0x23, 0x04, 0x12, 0x81, 0x25, 0x01, 0x07, 0x12, 0x22,
431 0x01, 0x02, 0x0D, 0x06, 0x06, 0x06, 0x02, 0x56, 0x23, 0x04, 0x6F, 0x21,
432 0x81, 0x1A, 0x01, 0x01, 0x0D, 0x2C, 0x30, 0x06, 0x02, 0x4C, 0x23, 0x22,
433 0x01, 0x01, 0x81, 0x20, 0x2F, 0x81, 0x0D, 0x00, 0x0A, 0x81, 0x12, 0x01,
434 0x01, 0x0E, 0x05, 0x02, 0x56, 0x23, 0x81, 0x17, 0x22, 0x03, 0x00, 0x5B,
435 0x36, 0x5C, 0x01, 0x20, 0x81, 0x0E, 0x81, 0x19, 0x22, 0x01, 0x20, 0x0F,
436 0x06, 0x02, 0x55, 0x23, 0x22, 0x70, 0x38, 0x6F, 0x3B, 0x81, 0x0E, 0x17,
437 0x03, 0x01, 0x81, 0x17, 0x81, 0x06, 0x01, 0x00, 0x03, 0x02, 0x01, 0x00,
438 0x03, 0x03, 0x65, 0x81, 0x02, 0x14, 0x31, 0x08, 0x03, 0x04, 0x03, 0x05,
439 0x22, 0x06, 0x80, 0x70, 0x81, 0x17, 0x22, 0x03, 0x06, 0x02, 0x01, 0x06,
440 0x0A, 0x22, 0x5A, 0x25, 0x0E, 0x06, 0x04, 0x01, 0x7F, 0x03, 0x03, 0x22,
441 0x01, 0x81, 0x7F, 0x0E, 0x06, 0x0A, 0x6B, 0x27, 0x06, 0x02, 0x51, 0x23,
442 0x01, 0x7F, 0x03, 0x02, 0x22, 0x01, 0x81, 0xAC, 0x00, 0x0E, 0x06, 0x11,
443 0x02, 0x00, 0x78, 0x25, 0x10, 0x02, 0x00, 0x77, 0x25, 0x0A, 0x12, 0x06,
444 0x04, 0x01, 0x7F, 0x03, 0x00, 0x81, 0x1B, 0x22, 0x44, 0x06, 0x03, 0x21,
445 0x04, 0x27, 0x01, 0x00, 0x81, 0x04, 0x06, 0x0B, 0x01, 0x02, 0x0B, 0x5D,
446 0x08, 0x02, 0x06, 0x3B, 0x36, 0x04, 0x16, 0x21, 0x02, 0x05, 0x02, 0x04,
447 0x10, 0x06, 0x02, 0x4F, 0x23, 0x02, 0x06, 0x02, 0x05, 0x36, 0x02, 0x05,
448 0x01, 0x04, 0x08, 0x03, 0x05, 0x04, 0xFF, 0x0C, 0x21, 0x01, 0x00, 0x03,
449 0x07, 0x81, 0x19, 0x81, 0x06, 0x22, 0x06, 0x0A, 0x81, 0x19, 0x05, 0x04,
450 0x01, 0x7F, 0x03, 0x07, 0x04, 0x73, 0x7D, 0x01, 0x00, 0x6D, 0x38, 0x01,
451 0x88, 0x04, 0x64, 0x36, 0x01, 0x84, 0x80, 0x80, 0x00, 0x60, 0x37, 0x22,
452 0x06, 0x80, 0x4D, 0x81, 0x17, 0x81, 0x06, 0x22, 0x06, 0x80, 0x44, 0x81,
453 0x17, 0x01, 0x00, 0x31, 0x0E, 0x06, 0x05, 0x21, 0x81, 0x11, 0x04, 0x34,
454 0x01, 0x01, 0x31, 0x0E, 0x06, 0x05, 0x21, 0x81, 0x0F, 0x04, 0x29, 0x01,
455 0x83, 0xFE, 0x01, 0x31, 0x0E, 0x06, 0x05, 0x21, 0x81, 0x10, 0x04, 0x1C,
456 0x01, 0x0D, 0x31, 0x0E, 0x06, 0x05, 0x21, 0x81, 0x15, 0x04, 0x11, 0x01,
457 0x0A, 0x31, 0x0E, 0x06, 0x05, 0x21, 0x81, 0x16, 0x04, 0x06, 0x21, 0x81,
458 0x14, 0x01, 0x00, 0x21, 0x04, 0xFF, 0x38, 0x7D, 0x7D, 0x02, 0x01, 0x02,
459 0x03, 0x12, 0x03, 0x01, 0x02, 0x00, 0x44, 0x06, 0x09, 0x5B, 0x25, 0x79,
460 0x36, 0x01, 0x80, 0x56, 0x81, 0x03, 0x77, 0x25, 0x22, 0x02, 0x00, 0x0F,
461 0x06, 0x03, 0x21, 0x02, 0x00, 0x22, 0x01, 0x86, 0x00, 0x0A, 0x06, 0x02,
462 0x52, 0x23, 0x02, 0x00, 0x78, 0x25, 0x0A, 0x06, 0x05, 0x01, 0x80, 0x46,
463 0x81, 0x03, 0x02, 0x01, 0x06, 0x10, 0x75, 0x25, 0x02, 0x00, 0x0C, 0x06,
464 0x05, 0x21, 0x75, 0x25, 0x04, 0x04, 0x01, 0x00, 0x03, 0x01, 0x22, 0x75,
465 0x36, 0x22, 0x76, 0x36, 0x22, 0x79, 0x36, 0x01, 0x86, 0x03, 0x10, 0x03,
466 0x08, 0x02, 0x02, 0x06, 0x04, 0x01, 0x02, 0x6B, 0x38, 0x02, 0x07, 0x05,
467 0x04, 0x01, 0x28, 0x81, 0x03, 0x3A, 0x21, 0x01, 0x82, 0x01, 0x07, 0x64,
468 0x25, 0x12, 0x22, 0x64, 0x36, 0x45, 0x03, 0x09, 0x60, 0x26, 0x39, 0x12,
469 0x22, 0x60, 0x37, 0x05, 0x04, 0x01, 0x00, 0x03, 0x09, 0x02, 0x01, 0x06,
470 0x03, 0x01, 0x7F, 0x00, 0x6F, 0x01, 0x20, 0x2B, 0x5D, 0x22, 0x03, 0x05,
471 0x22, 0x02, 0x04, 0x0A, 0x06, 0x80, 0x47, 0x22, 0x25, 0x22, 0x7C, 0x02,
472 0x09, 0x05, 0x13, 0x22, 0x01, 0x0C, 0x11, 0x22, 0x01, 0x01, 0x0E, 0x3B,
473 0x01, 0x02, 0x0E, 0x30, 0x06, 0x04, 0x4B, 0x01, 0x00, 0x22, 0x02, 0x08,
474 0x05, 0x0E, 0x22, 0x01, 0x81, 0x70, 0x12, 0x01, 0x20, 0x0D, 0x06, 0x04,
475 0x4B, 0x01, 0x00, 0x22, 0x22, 0x06, 0x10, 0x02, 0x05, 0x4A, 0x36, 0x02,
476 0x05, 0x36, 0x02, 0x05, 0x01, 0x04, 0x08, 0x03, 0x05, 0x04, 0x01, 0x4B,
477 0x01, 0x04, 0x08, 0x04, 0xFF, 0x32, 0x21, 0x02, 0x05, 0x5D, 0x09, 0x01,
478 0x02, 0x11, 0x22, 0x05, 0x04, 0x01, 0x28, 0x81, 0x03, 0x5E, 0x38, 0x15,
479 0x05, 0x04, 0x01, 0x28, 0x81, 0x03, 0x01, 0x00, 0x00, 0x04, 0x81, 0x12,
480 0x01, 0x10, 0x0E, 0x05, 0x02, 0x56, 0x23, 0x5A, 0x25, 0x81, 0x24, 0x06,
481 0x19, 0x81, 0x17, 0x22, 0x01, 0x84, 0x00, 0x0F, 0x06, 0x02, 0x53, 0x23,
482 0x22, 0x03, 0x00, 0x67, 0x3B, 0x81, 0x0E, 0x02, 0x00, 0x5A, 0x25, 0x81,
483 0x07, 0x20, 0x5A, 0x25, 0x22, 0x81, 0x22, 0x3B, 0x81, 0x21, 0x03, 0x01,
484 0x03, 0x02, 0x02, 0x01, 0x02, 0x02, 0x30, 0x06, 0x17, 0x81, 0x19, 0x22,
485 0x03, 0x03, 0x67, 0x3B, 0x81, 0x0E, 0x02, 0x03, 0x5A, 0x25, 0x81, 0x07,
486 0x02, 0x02, 0x06, 0x03, 0x1F, 0x04, 0x01, 0x1D, 0x7D, 0x00, 0x00, 0x7E,
487 0x81, 0x12, 0x01, 0x14, 0x0D, 0x06, 0x02, 0x56, 0x23, 0x67, 0x01, 0x0C,
488 0x08, 0x01, 0x0C, 0x81, 0x0E, 0x7D, 0x67, 0x22, 0x01, 0x0C, 0x08, 0x01,
489 0x0C, 0x29, 0x05, 0x02, 0x4D, 0x23, 0x00, 0x02, 0x03, 0x00, 0x03, 0x01,
490 0x02, 0x00, 0x7A, 0x02, 0x01, 0x02, 0x00, 0x32, 0x22, 0x01, 0x00, 0x0E,
491 0x06, 0x02, 0x4B, 0x00, 0x81, 0x27, 0x04, 0x73, 0x00, 0x81, 0x17, 0x01,
492 0x01, 0x0D, 0x06, 0x02, 0x4E, 0x23, 0x81, 0x19, 0x22, 0x22, 0x46, 0x3B,
493 0x01, 0x05, 0x10, 0x30, 0x06, 0x02, 0x4E, 0x23, 0x01, 0x08, 0x08, 0x22,
494 0x66, 0x27, 0x0A, 0x06, 0x0D, 0x22, 0x01, 0x01, 0x3B, 0x0B, 0x35, 0x22,
495 0x66, 0x38, 0x68, 0x38, 0x04, 0x01, 0x21, 0x00, 0x00, 0x81, 0x17, 0x6B,
496 0x27, 0x01, 0x00, 0x31, 0x0E, 0x06, 0x14, 0x21, 0x01, 0x01, 0x0E, 0x05,
497 0x02, 0x51, 0x23, 0x81, 0x19, 0x06, 0x02, 0x51, 0x23, 0x01, 0x02, 0x6B,
498 0x38, 0x04, 0x2A, 0x01, 0x02, 0x31, 0x0E, 0x06, 0x21, 0x21, 0x01, 0x0D,
499 0x0E, 0x05, 0x02, 0x51, 0x23, 0x81, 0x19, 0x01, 0x0C, 0x0E, 0x05, 0x02,
500 0x51, 0x23, 0x67, 0x01, 0x0C, 0x81, 0x0E, 0x6C, 0x67, 0x01, 0x0C, 0x29,
501 0x05, 0x02, 0x51, 0x23, 0x04, 0x03, 0x51, 0x23, 0x21, 0x00, 0x00, 0x81,
502 0x17, 0x81, 0x06, 0x81, 0x17, 0x81, 0x06, 0x22, 0x06, 0x22, 0x81, 0x19,
503 0x06, 0x04, 0x81, 0x14, 0x04, 0x18, 0x81, 0x17, 0x22, 0x01, 0x81, 0x7F,
504 0x0C, 0x06, 0x0D, 0x22, 0x6D, 0x08, 0x01, 0x00, 0x3B, 0x38, 0x6D, 0x3B,
505 0x81, 0x0E, 0x04, 0x02, 0x81, 0x1F, 0x04, 0x5B, 0x7D, 0x7D, 0x00, 0x00,
506 0x81, 0x13, 0x22, 0x46, 0x06, 0x07, 0x21, 0x06, 0x02, 0x4F, 0x23, 0x04,
507 0x73, 0x00, 0x00, 0x81, 0x1A, 0x01, 0x03, 0x81, 0x18, 0x3B, 0x21, 0x3B,
508 0x00, 0x00, 0x81, 0x17, 0x81, 0x1F, 0x00, 0x02, 0x81, 0x17, 0x81, 0x06,
509 0x01, 0x00, 0x64, 0x36, 0x81, 0x17, 0x81, 0x06, 0x22, 0x06, 0x34, 0x81,
510 0x19, 0x03, 0x00, 0x81, 0x19, 0x03, 0x01, 0x02, 0x00, 0x01, 0x02, 0x10,
511 0x02, 0x00, 0x01, 0x06, 0x0C, 0x12, 0x02, 0x01, 0x01, 0x01, 0x0E, 0x02,
512 0x01, 0x01, 0x03, 0x0E, 0x30, 0x12, 0x06, 0x11, 0x64, 0x25, 0x01, 0x01,
513 0x02, 0x01, 0x49, 0x01, 0x02, 0x0B, 0x02, 0x00, 0x08, 0x0B, 0x30, 0x64,
514 0x36, 0x04, 0x49, 0x7D, 0x7D, 0x00, 0x00, 0x81, 0x17, 0x81, 0x06, 0x81,
515 0x17, 0x81, 0x06, 0x01, 0x00, 0x60, 0x37, 0x22, 0x06, 0x16, 0x81, 0x17,
516 0x22, 0x01, 0x20, 0x0A, 0x06, 0x0B, 0x01, 0x01, 0x3B, 0x0B, 0x60, 0x26,
517 0x30, 0x60, 0x37, 0x04, 0x01, 0x21, 0x04, 0x67, 0x7D, 0x7D, 0x00, 0x00,
518 0x01, 0x02, 0x7A, 0x81, 0x1A, 0x01, 0x08, 0x0B, 0x81, 0x1A, 0x08, 0x00,
519 0x00, 0x01, 0x03, 0x7A, 0x81, 0x1A, 0x01, 0x08, 0x0B, 0x81, 0x1A, 0x08,
520 0x01, 0x08, 0x0B, 0x81, 0x1A, 0x08, 0x00, 0x00, 0x01, 0x01, 0x7A, 0x81,
521 0x1A, 0x00, 0x00, 0x33, 0x22, 0x44, 0x05, 0x01, 0x00, 0x21, 0x81, 0x27,
522 0x04, 0x75, 0x02, 0x03, 0x00, 0x74, 0x27, 0x03, 0x01, 0x01, 0x00, 0x22,
523 0x02, 0x01, 0x0A, 0x06, 0x10, 0x22, 0x01, 0x01, 0x0B, 0x73, 0x08, 0x25,
524 0x02, 0x00, 0x0E, 0x06, 0x01, 0x00, 0x48, 0x04, 0x6A, 0x21, 0x01, 0x7F,
525 0x00, 0x00, 0x24, 0x16, 0x2F, 0x06, 0x05, 0x81, 0x25, 0x21, 0x04, 0x77,
526 0x01, 0x16, 0x6A, 0x38, 0x01, 0x00, 0x81, 0x33, 0x01, 0x00, 0x81, 0x32,
527 0x24, 0x01, 0x17, 0x6A, 0x38, 0x00, 0x00, 0x01, 0x15, 0x6A, 0x38, 0x3B,
528 0x43, 0x21, 0x43, 0x21, 0x24, 0x00, 0x00, 0x01, 0x01, 0x3B, 0x81, 0x1D,
529 0x00, 0x00, 0x3B, 0x31, 0x7A, 0x3B, 0x22, 0x06, 0x06, 0x81, 0x1A, 0x21,
530 0x49, 0x04, 0x77, 0x21, 0x00, 0x02, 0x03, 0x00, 0x5A, 0x25, 0x7C, 0x03,
531 0x01, 0x02, 0x01, 0x01, 0x0F, 0x12, 0x02, 0x01, 0x01, 0x04, 0x11, 0x01,
532 0x0F, 0x12, 0x02, 0x01, 0x01, 0x08, 0x11, 0x01, 0x0F, 0x12, 0x01, 0x00,
533 0x31, 0x0E, 0x06, 0x10, 0x21, 0x01, 0x00, 0x01, 0x18, 0x02, 0x00, 0x06,
534 0x03, 0x3E, 0x04, 0x01, 0x3F, 0x04, 0x80, 0x56, 0x01, 0x01, 0x31, 0x0E,
535 0x06, 0x10, 0x21, 0x01, 0x01, 0x01, 0x10, 0x02, 0x00, 0x06, 0x03, 0x3E,
536 0x04, 0x01, 0x3F, 0x04, 0x80, 0x40, 0x01, 0x02, 0x31, 0x0E, 0x06, 0x0F,
537 0x21, 0x01, 0x01, 0x01, 0x20, 0x02, 0x00, 0x06, 0x03, 0x3E, 0x04, 0x01,
538 0x3F, 0x04, 0x2B, 0x01, 0x03, 0x31, 0x0E, 0x06, 0x0E, 0x21, 0x21, 0x01,
539 0x10, 0x02, 0x00, 0x06, 0x03, 0x3C, 0x04, 0x01, 0x3D, 0x04, 0x17, 0x01,
540 0x04, 0x31, 0x0E, 0x06, 0x0E, 0x21, 0x21, 0x01, 0x20, 0x02, 0x00, 0x06,
541 0x03, 0x3C, 0x04, 0x01, 0x3D, 0x04, 0x03, 0x50, 0x23, 0x21, 0x00, 0x00,
542 0x7C, 0x01, 0x0C, 0x11, 0x01, 0x02, 0x0F, 0x00, 0x00, 0x7C, 0x01, 0x0C,
543 0x11, 0x22, 0x47, 0x3B, 0x01, 0x03, 0x0A, 0x12, 0x00, 0x00, 0x7C, 0x01,
544 0x0C, 0x11, 0x01, 0x01, 0x0E, 0x00, 0x00, 0x7C, 0x01, 0x0C, 0x11, 0x46,
545 0x00, 0x00, 0x18, 0x01, 0x00, 0x57, 0x27, 0x22, 0x06, 0x20, 0x01, 0x01,
546 0x31, 0x0E, 0x06, 0x07, 0x21, 0x01, 0x00, 0x81, 0x00, 0x04, 0x11, 0x01,
547 0x02, 0x31, 0x0E, 0x06, 0x0A, 0x21, 0x59, 0x27, 0x06, 0x03, 0x01, 0x10,
548 0x30, 0x04, 0x01, 0x21, 0x04, 0x01, 0x21, 0x5F, 0x27, 0x05, 0x35, 0x28,
549 0x06, 0x32, 0x69, 0x27, 0x01, 0x14, 0x31, 0x0E, 0x06, 0x06, 0x21, 0x01,
550 0x02, 0x30, 0x04, 0x24, 0x01, 0x15, 0x31, 0x0E, 0x06, 0x0B, 0x21, 0x81,
551 0x09, 0x06, 0x04, 0x01, 0x7F, 0x81, 0x00, 0x04, 0x13, 0x01, 0x16, 0x31,
552 0x0E, 0x06, 0x06, 0x21, 0x01, 0x01, 0x30, 0x04, 0x07, 0x21, 0x01, 0x04,
553 0x30, 0x01, 0x00, 0x21, 0x16, 0x06, 0x03, 0x01, 0x08, 0x30, 0x00, 0x00,
554 0x18, 0x22, 0x05, 0x10, 0x28, 0x06, 0x0D, 0x69, 0x27, 0x01, 0x15, 0x0E,
555 0x06, 0x05, 0x21, 0x81, 0x09, 0x04, 0x01, 0x1C, 0x00, 0x00, 0x81, 0x25,
556 0x01, 0x07, 0x12, 0x01, 0x01, 0x0F, 0x06, 0x02, 0x56, 0x23, 0x00, 0x01,
557 0x03, 0x00, 0x24, 0x16, 0x06, 0x05, 0x02, 0x00, 0x6A, 0x38, 0x00, 0x81,
558 0x25, 0x21, 0x04, 0x73, 0x00, 0x01, 0x14, 0x81, 0x28, 0x01, 0x01, 0x81,
559 0x33, 0x24, 0x22, 0x01, 0x00, 0x81, 0x20, 0x01, 0x16, 0x81, 0x28, 0x81,
560 0x2B, 0x24, 0x00, 0x00, 0x01, 0x0B, 0x81, 0x33, 0x40, 0x22, 0x01, 0x03,
561 0x08, 0x81, 0x32, 0x81, 0x32, 0x13, 0x22, 0x44, 0x06, 0x02, 0x21, 0x00,
562 0x81, 0x32, 0x1A, 0x22, 0x06, 0x06, 0x67, 0x3B, 0x81, 0x2F, 0x04, 0x76,
563 0x21, 0x04, 0x6A, 0x00, 0x7E, 0x01, 0x14, 0x81, 0x33, 0x01, 0x0C, 0x81,
564 0x32, 0x67, 0x01, 0x0C, 0x81, 0x2F, 0x00, 0x03, 0x03, 0x00, 0x01, 0x02,
565 0x81, 0x33, 0x01, 0x80, 0x46, 0x6B, 0x27, 0x01, 0x02, 0x0E, 0x06, 0x0C,
566 0x02, 0x00, 0x06, 0x04, 0x01, 0x05, 0x04, 0x02, 0x01, 0x1D, 0x04, 0x02,
567 0x01, 0x00, 0x03, 0x01, 0x68, 0x27, 0x06, 0x04, 0x01, 0x05, 0x04, 0x02,
568 0x01, 0x00, 0x03, 0x02, 0x02, 0x01, 0x02, 0x02, 0x08, 0x22, 0x06, 0x03,
569 0x01, 0x02, 0x08, 0x08, 0x81, 0x32, 0x75, 0x25, 0x81, 0x31, 0x6E, 0x01,
570 0x04, 0x14, 0x6E, 0x01, 0x04, 0x08, 0x01, 0x1C, 0x2B, 0x6E, 0x01, 0x20,
571 0x81, 0x2F, 0x01, 0x20, 0x81, 0x33, 0x6F, 0x01, 0x20, 0x81, 0x2F, 0x5A,
572 0x25, 0x81, 0x31, 0x01, 0x00, 0x81, 0x33, 0x02, 0x01, 0x02, 0x02, 0x08,
573 0x22, 0x06, 0x30, 0x81, 0x31, 0x02, 0x01, 0x22, 0x06, 0x13, 0x01, 0x83,
574 0xFE, 0x01, 0x81, 0x31, 0x01, 0x04, 0x09, 0x22, 0x81, 0x31, 0x49, 0x6C,
575 0x3B, 0x81, 0x30, 0x04, 0x01, 0x21, 0x02, 0x02, 0x06, 0x0F, 0x01, 0x01,
576 0x81, 0x31, 0x01, 0x01, 0x81, 0x31, 0x68, 0x27, 0x01, 0x08, 0x09, 0x81,
577 0x33, 0x04, 0x01, 0x21, 0x00, 0x00, 0x01, 0x0E, 0x81, 0x33, 0x01, 0x00,
578 0x81, 0x32, 0x00, 0x03, 0x5A, 0x25, 0x81, 0x22, 0x05, 0x01, 0x00, 0x60,
579 0x26, 0x01, 0x00, 0x81, 0x02, 0x11, 0x01, 0x01, 0x12, 0x46, 0x06, 0x03,
580 0x48, 0x04, 0x74, 0x03, 0x00, 0x21, 0x02, 0x00, 0x1E, 0x22, 0x44, 0x06,
581 0x02, 0x2E, 0x23, 0x03, 0x01, 0x75, 0x25, 0x01, 0x86, 0x03, 0x10, 0x03,
582 0x02, 0x01, 0x0C, 0x81, 0x33, 0x02, 0x01, 0x62, 0x27, 0x08, 0x02, 0x02,
583 0x01, 0x02, 0x12, 0x08, 0x01, 0x06, 0x08, 0x81, 0x32, 0x01, 0x03, 0x81,
584 0x33, 0x02, 0x00, 0x81, 0x31, 0x61, 0x62, 0x27, 0x81, 0x30, 0x02, 0x02,
585 0x06, 0x10, 0x72, 0x27, 0x81, 0x33, 0x5A, 0x25, 0x81, 0x23, 0x01, 0x01,
586 0x0B, 0x01, 0x03, 0x08, 0x81, 0x33, 0x02, 0x01, 0x81, 0x31, 0x67, 0x02,
587 0x01, 0x81, 0x2F, 0x00, 0x00, 0x42, 0x22, 0x01, 0x00, 0x0E, 0x06, 0x02,
588 0x4B, 0x00, 0x81, 0x25, 0x21, 0x04, 0x72, 0x00, 0x22, 0x81, 0x33, 0x81,
589 0x2F, 0x00, 0x00, 0x22, 0x01, 0x08, 0x41, 0x81, 0x33, 0x81, 0x33, 0x00,
590 0x00, 0x22, 0x01, 0x10, 0x41, 0x81, 0x33, 0x81, 0x31, 0x00, 0x00, 0x22,
591 0x43, 0x06, 0x02, 0x21, 0x00, 0x81, 0x25, 0x21, 0x04, 0x75
592 };
593
594 static const uint16_t t0_caddr[] = {
595 0,
596 5,
597 10,
598 15,
599 20,
600 25,
601 30,
602 35,
603 39,
604 43,
605 47,
606 51,
607 55,
608 59,
609 63,
610 67,
611 71,
612 75,
613 79,
614 83,
615 88,
616 93,
617 98,
618 103,
619 108,
620 113,
621 118,
622 123,
623 128,
624 133,
625 138,
626 143,
627 148,
628 153,
629 159,
630 164,
631 169,
632 174,
633 179,
634 184,
635 189,
636 194,
637 199,
638 204,
639 209,
640 214,
641 219,
642 224,
643 229,
644 234,
645 239,
646 244,
647 249,
648 254,
649 259,
650 268,
651 272,
652 297,
653 303,
654 323,
655 334,
656 371,
657 431,
658 435,
659 471,
660 481,
661 557,
662 571,
663 577,
664 637,
665 657,
666 710,
667 1263,
668 1348,
669 1381,
670 1406,
671 1454,
672 1528,
673 1577,
674 1592,
675 1603,
676 1609,
677 1680,
678 1721,
679 1734,
680 1753,
681 1760,
682 1772,
683 1807,
684 1836,
685 1848,
686 1855,
687 1871,
688 2009,
689 2018,
690 2031,
691 2040,
692 2047,
693 2153,
694 2175,
695 2189,
696 2206,
697 2229,
698 2265,
699 2281,
700 2435,
701 2445,
702 2554,
703 2569,
704 2576,
705 2586,
706 2596
707 };
708
709 #define T0_INTERPRETED 68
710
711 #define T0_ENTER(ip, rp, slot) do { \
712 const unsigned char *t0_newip; \
713 uint32_t t0_lnum; \
714 t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \
715 t0_lnum = t0_parse7E_unsigned(&t0_newip); \
716 (rp) += t0_lnum; \
717 *((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \
718 (ip) = t0_newip; \
719 } while (0)
720
721 #define T0_DEFENTRY(name, slot) \
722 void \
723 name(void *ctx) \
724 { \
725 t0_context *t0ctx = ctx; \
726 t0ctx->ip = &t0_codeblock[0]; \
727 T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \
728 }
729
730 T0_DEFENTRY(br_ssl_hs_server_init_main, 133)
731
732 void
733 br_ssl_hs_server_run(void *t0ctx)
734 {
735 uint32_t *dp, *rp;
736 const unsigned char *ip;
737
738 #define T0_LOCAL(x) (*(rp - 2 - (x)))
739 #define T0_POP() (*-- dp)
740 #define T0_POPi() (*(int32_t *)(-- dp))
741 #define T0_PEEK(x) (*(dp - 1 - (x)))
742 #define T0_PEEKi(x) (*(int32_t *)(dp - 1 - (x)))
743 #define T0_PUSH(v) do { *dp = (v); dp ++; } while (0)
744 #define T0_PUSHi(v) do { *(int32_t *)dp = (v); dp ++; } while (0)
745 #define T0_RPOP() (*-- rp)
746 #define T0_RPOPi() (*(int32_t *)(-- rp))
747 #define T0_RPUSH(v) do { *rp = (v); rp ++; } while (0)
748 #define T0_RPUSHi(v) do { *(int32_t *)rp = (v); rp ++; } while (0)
749 #define T0_ROLL(x) do { \
750 size_t t0len = (size_t)(x); \
751 uint32_t t0tmp = *(dp - 1 - t0len); \
752 memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \
753 *(dp - 1) = t0tmp; \
754 } while (0)
755 #define T0_SWAP() do { \
756 uint32_t t0tmp = *(dp - 2); \
757 *(dp - 2) = *(dp - 1); \
758 *(dp - 1) = t0tmp; \
759 } while (0)
760 #define T0_ROT() do { \
761 uint32_t t0tmp = *(dp - 3); \
762 *(dp - 3) = *(dp - 2); \
763 *(dp - 2) = *(dp - 1); \
764 *(dp - 1) = t0tmp; \
765 } while (0)
766 #define T0_NROT() do { \
767 uint32_t t0tmp = *(dp - 1); \
768 *(dp - 1) = *(dp - 2); \
769 *(dp - 2) = *(dp - 3); \
770 *(dp - 3) = t0tmp; \
771 } while (0)
772 #define T0_PICK(x) do { \
773 uint32_t t0depth = (x); \
774 T0_PUSH(T0_PEEK(t0depth)); \
775 } while (0)
776 #define T0_CO() do { \
777 goto t0_exit; \
778 } while (0)
779 #define T0_RET() break
780
781 dp = ((t0_context *)t0ctx)->dp;
782 rp = ((t0_context *)t0ctx)->rp;
783 ip = ((t0_context *)t0ctx)->ip;
784 for (;;) {
785 uint32_t t0x;
786
787 t0x = t0_parse7E_unsigned(&ip);
788 if (t0x < T0_INTERPRETED) {
789 switch (t0x) {
790 int32_t t0off;
791
792 case 0: /* ret */
793 t0x = T0_RPOP();
794 rp -= (t0x >> 16);
795 t0x &= 0xFFFF;
796 if (t0x == 0) {
797 ip = NULL;
798 goto t0_exit;
799 }
800 ip = &t0_codeblock[t0x];
801 break;
802 case 1: /* literal constant */
803 T0_PUSHi(t0_parse7E_signed(&ip));
804 break;
805 case 2: /* read local */
806 T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip)));
807 break;
808 case 3: /* write local */
809 T0_LOCAL(t0_parse7E_unsigned(&ip)) = T0_POP();
810 break;
811 case 4: /* jump */
812 t0off = t0_parse7E_signed(&ip);
813 ip += t0off;
814 break;
815 case 5: /* jump if */
816 t0off = t0_parse7E_signed(&ip);
817 if (T0_POP()) {
818 ip += t0off;
819 }
820 break;
821 case 6: /* jump if not */
822 t0off = t0_parse7E_signed(&ip);
823 if (!T0_POP()) {
824 ip += t0off;
825 }
826 break;
827 case 7: {
828 /* * */
829
830 uint32_t b = T0_POP();
831 uint32_t a = T0_POP();
832 T0_PUSH(a * b);
833
834 }
835 break;
836 case 8: {
837 /* + */
838
839 uint32_t b = T0_POP();
840 uint32_t a = T0_POP();
841 T0_PUSH(a + b);
842
843 }
844 break;
845 case 9: {
846 /* - */
847
848 uint32_t b = T0_POP();
849 uint32_t a = T0_POP();
850 T0_PUSH(a - b);
851
852 }
853 break;
854 case 10: {
855 /* < */
856
857 int32_t b = T0_POPi();
858 int32_t a = T0_POPi();
859 T0_PUSH(-(uint32_t)(a < b));
860
861 }
862 break;
863 case 11: {
864 /* << */
865
866 int c = (int)T0_POPi();
867 uint32_t x = T0_POP();
868 T0_PUSH(x << c);
869
870 }
871 break;
872 case 12: {
873 /* <= */
874
875 int32_t b = T0_POPi();
876 int32_t a = T0_POPi();
877 T0_PUSH(-(uint32_t)(a <= b));
878
879 }
880 break;
881 case 13: {
882 /* <> */
883
884 uint32_t b = T0_POP();
885 uint32_t a = T0_POP();
886 T0_PUSH(-(uint32_t)(a != b));
887
888 }
889 break;
890 case 14: {
891 /* = */
892
893 uint32_t b = T0_POP();
894 uint32_t a = T0_POP();
895 T0_PUSH(-(uint32_t)(a == b));
896
897 }
898 break;
899 case 15: {
900 /* > */
901
902 int32_t b = T0_POPi();
903 int32_t a = T0_POPi();
904 T0_PUSH(-(uint32_t)(a > b));
905
906 }
907 break;
908 case 16: {
909 /* >= */
910
911 int32_t b = T0_POPi();
912 int32_t a = T0_POPi();
913 T0_PUSH(-(uint32_t)(a >= b));
914
915 }
916 break;
917 case 17: {
918 /* >> */
919
920 int c = (int)T0_POPi();
921 int32_t x = T0_POPi();
922 T0_PUSHi(x >> c);
923
924 }
925 break;
926 case 18: {
927 /* and */
928
929 uint32_t b = T0_POP();
930 uint32_t a = T0_POP();
931 T0_PUSH(a & b);
932
933 }
934 break;
935 case 19: {
936 /* begin-cert */
937
938 if (CTX->chain_len == 0) {
939 T0_PUSHi(-1);
940 } else {
941 CTX->cert_cur = CTX->chain->data;
942 CTX->cert_len = CTX->chain->data_len;
943 CTX->chain ++;
944 CTX->chain_len --;
945 T0_PUSH(CTX->cert_len);
946 }
947
948 }
949 break;
950 case 20: {
951 /* bzero */
952
953 size_t len = (size_t)T0_POP();
954 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
955 memset(addr, 0, len);
956
957 }
958 break;
959 case 21: {
960 /* call-policy-handler */
961
962 int x;
963 br_ssl_server_choices choices;
964
965 x = (*CTX->policy_vtable)->choose(
966 CTX->policy_vtable, CTX, &choices);
967 ENG->session.cipher_suite = choices.cipher_suite;
968 CTX->sign_hash_id = choices.hash_id;
969 CTX->chain = choices.chain;
970 CTX->chain_len = choices.chain_len;
971 T0_PUSHi(-(x != 0));
972
973 }
974 break;
975 case 22: {
976 /* can-output? */
977
978 T0_PUSHi(-(ENG->hlen_out > 0));
979
980 }
981 break;
982 case 23: {
983 /* check-resume */
984
985 if (ENG->session.session_id_len == 32
986 && CTX->cache_vtable != NULL && (*CTX->cache_vtable)->load(
987 CTX->cache_vtable, CTX, &ENG->session))
988 {
989 T0_PUSHi(-1);
990 } else {
991 T0_PUSH(0);
992 }
993
994 }
995 break;
996 case 24: {
997 /* co */
998 T0_CO();
999 }
1000 break;
1001 case 25: {
1002 /* compute-Finished-inner */
1003
1004 int prf_id = T0_POP();
1005 int from_client = T0_POPi();
1006 unsigned char seed[48];
1007 size_t seed_len;
1008
1009 br_tls_prf_impl prf = br_ssl_engine_get_PRF(ENG, prf_id);
1010 if (ENG->session.version >= BR_TLS12) {
1011 seed_len = br_multihash_out(&ENG->mhash, prf_id, seed);
1012 } else {
1013 br_multihash_out(&ENG->mhash, br_md5_ID, seed);
1014 br_multihash_out(&ENG->mhash, br_sha1_ID, seed + 16);
1015 seed_len = 36;
1016 }
1017 prf(ENG->pad, 12, ENG->session.master_secret,
1018 sizeof ENG->session.master_secret,
1019 from_client ? "client finished" : "server finished",
1020 seed, seed_len);
1021
1022 }
1023 break;
1024 case 26: {
1025 /* copy-cert-chunk */
1026
1027 size_t clen;
1028
1029 clen = CTX->cert_len;
1030 if (clen > sizeof ENG->pad) {
1031 clen = sizeof ENG->pad;
1032 }
1033 memcpy(ENG->pad, CTX->cert_cur, clen);
1034 CTX->cert_cur += clen;
1035 CTX->cert_len -= clen;
1036 T0_PUSH(clen);
1037
1038 }
1039 break;
1040 case 27: {
1041 /* data-get8 */
1042
1043 size_t addr = T0_POP();
1044 T0_PUSH(t0_datablock[addr]);
1045
1046 }
1047 break;
1048 case 28: {
1049 /* discard-input */
1050
1051 ENG->hlen_in = 0;
1052
1053 }
1054 break;
1055 case 29: {
1056 /* do-ecdh */
1057
1058 int prf_id = T0_POPi();
1059 size_t len = T0_POP();
1060 do_ecdh(CTX, prf_id, ENG->pad, len);
1061
1062 }
1063 break;
1064 case 30: {
1065 /* do-ecdhe-part1 */
1066
1067 int curve = T0_POPi();
1068 T0_PUSHi(do_ecdhe_part1(CTX, curve));
1069
1070 }
1071 break;
1072 case 31: {
1073 /* do-ecdhe-part2 */
1074
1075 int prf_id = T0_POPi();
1076 size_t len = T0_POP();
1077 do_ecdhe_part2(CTX, prf_id, ENG->pad, len);
1078
1079 }
1080 break;
1081 case 32: {
1082 /* do-rsa-decrypt */
1083
1084 int prf_id = T0_POPi();
1085 size_t len = T0_POP();
1086 do_rsa_decrypt(CTX, prf_id, ENG->pad, len);
1087
1088 }
1089 break;
1090 case 33: {
1091 /* drop */
1092 (void)T0_POP();
1093 }
1094 break;
1095 case 34: {
1096 /* dup */
1097 T0_PUSH(T0_PEEK(0));
1098 }
1099 break;
1100 case 35: {
1101 /* fail */
1102
1103 br_ssl_engine_fail(ENG, (int)T0_POPi());
1104 T0_CO();
1105
1106 }
1107 break;
1108 case 36: {
1109 /* flush-record */
1110
1111 br_ssl_engine_flush_record(ENG);
1112
1113 }
1114 break;
1115 case 37: {
1116 /* get16 */
1117
1118 size_t addr = (size_t)T0_POP();
1119 T0_PUSH(*(uint16_t *)((unsigned char *)ENG + addr));
1120
1121 }
1122 break;
1123 case 38: {
1124 /* get32 */
1125
1126 size_t addr = (size_t)T0_POP();
1127 T0_PUSH(*(uint32_t *)((unsigned char *)ENG + addr));
1128
1129 }
1130 break;
1131 case 39: {
1132 /* get8 */
1133
1134 size_t addr = (size_t)T0_POP();
1135 T0_PUSH(*((unsigned char *)ENG + addr));
1136
1137 }
1138 break;
1139 case 40: {
1140 /* has-input? */
1141
1142 T0_PUSHi(-(ENG->hlen_in != 0));
1143
1144 }
1145 break;
1146 case 41: {
1147 /* memcmp */
1148
1149 size_t len = (size_t)T0_POP();
1150 void *addr2 = (unsigned char *)ENG + (size_t)T0_POP();
1151 void *addr1 = (unsigned char *)ENG + (size_t)T0_POP();
1152 int x = memcmp(addr1, addr2, len);
1153 T0_PUSH((uint32_t)-(x == 0));
1154
1155 }
1156 break;
1157 case 42: {
1158 /* memcpy */
1159
1160 size_t len = (size_t)T0_POP();
1161 void *src = (unsigned char *)ENG + (size_t)T0_POP();
1162 void *dst = (unsigned char *)ENG + (size_t)T0_POP();
1163 memcpy(dst, src, len);
1164
1165 }
1166 break;
1167 case 43: {
1168 /* mkrand */
1169
1170 size_t len = (size_t)T0_POP();
1171 void *addr = (unsigned char *)ENG + (size_t)T0_POP();
1172 br_hmac_drbg_generate(&ENG->rng, addr, len);
1173
1174 }
1175 break;
1176 case 44: {
1177 /* more-incoming-bytes? */
1178
1179 T0_PUSHi(ENG->hlen_in != 0 || !br_ssl_engine_recvrec_finished(ENG));
1180
1181 }
1182 break;
1183 case 45: {
1184 /* multihash-init */
1185
1186 br_multihash_init(&ENG->mhash);
1187
1188 }
1189 break;
1190 case 46: {
1191 /* neg */
1192
1193 uint32_t a = T0_POP();
1194 T0_PUSH(-a);
1195
1196 }
1197 break;
1198 case 47: {
1199 /* not */
1200
1201 uint32_t a = T0_POP();
1202 T0_PUSH(~a);
1203
1204 }
1205 break;
1206 case 48: {
1207 /* or */
1208
1209 uint32_t b = T0_POP();
1210 uint32_t a = T0_POP();
1211 T0_PUSH(a | b);
1212
1213 }
1214 break;
1215 case 49: {
1216 /* over */
1217 T0_PUSH(T0_PEEK(1));
1218 }
1219 break;
1220 case 50: {
1221 /* read-chunk-native */
1222
1223 size_t clen = ENG->hlen_in;
1224 if (clen > 0) {
1225 uint32_t addr, len;
1226
1227 len = T0_POP();
1228 addr = T0_POP();
1229 if ((size_t)len < clen) {
1230 clen = (size_t)len;
1231 }
1232 memcpy((unsigned char *)ENG + addr, ENG->hbuf_in, clen);
1233 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1234 br_multihash_update(&ENG->mhash, ENG->hbuf_in, clen);
1235 }
1236 T0_PUSH(addr + (uint32_t)clen);
1237 T0_PUSH(len - (uint32_t)clen);
1238 ENG->hbuf_in += clen;
1239 ENG->hlen_in -= clen;
1240 }
1241
1242 }
1243 break;
1244 case 51: {
1245 /* read8-native */
1246
1247 if (ENG->hlen_in > 0) {
1248 unsigned char x;
1249
1250 x = *ENG->hbuf_in ++;
1251 if (ENG->record_type_in == BR_SSL_HANDSHAKE) {
1252 br_multihash_update(&ENG->mhash, &x, 1);
1253 }
1254 T0_PUSH(x);
1255 ENG->hlen_in --;
1256 } else {
1257 T0_PUSHi(-1);
1258 }
1259
1260 }
1261 break;
1262 case 52: {
1263 /* save-session */
1264
1265 if (CTX->cache_vtable != NULL) {
1266 (*CTX->cache_vtable)->save(
1267 CTX->cache_vtable, CTX, &ENG->session);
1268 }
1269
1270 }
1271 break;
1272 case 53: {
1273 /* set-max-frag-len */
1274
1275 size_t max_frag_len = T0_POP();
1276
1277 br_ssl_engine_new_max_frag_len(ENG, max_frag_len);
1278
1279 /*
1280 * We must adjust our own output limit. Since we call this only
1281 * after receiving a ClientHello and before beginning to send
1282 * the ServerHello, the next output record should be empty at
1283 * that point, so we can use max_frag_len as a limit.
1284 */
1285 if (ENG->hlen_out > max_frag_len) {
1286 ENG->hlen_out = max_frag_len;
1287 }
1288
1289 }
1290 break;
1291 case 54: {
1292 /* set16 */
1293
1294 size_t addr = (size_t)T0_POP();
1295 *(uint16_t *)((unsigned char *)ENG + addr) = (uint16_t)T0_POP();
1296
1297 }
1298 break;
1299 case 55: {
1300 /* set32 */
1301
1302 size_t addr = (size_t)T0_POP();
1303 *(uint32_t *)((unsigned char *)ENG + addr) = (uint32_t)T0_POP();
1304
1305 }
1306 break;
1307 case 56: {
1308 /* set8 */
1309
1310 size_t addr = (size_t)T0_POP();
1311 *((unsigned char *)ENG + addr) = (unsigned char)T0_POP();
1312
1313 }
1314 break;
1315 case 57: {
1316 /* supported-curves */
1317
1318 uint32_t x = ENG->iec == NULL ? 0 : ENG->iec->supported_curves;
1319 T0_PUSH(x);
1320
1321 }
1322 break;
1323 case 58: {
1324 /* supported-hash-functions */
1325
1326 int i;
1327 unsigned x, num;
1328
1329 x = 0;
1330 num = 0;
1331 for (i = br_sha1_ID; i <= br_sha512_ID; i ++) {
1332 if (br_multihash_getimpl(&ENG->mhash, i)) {
1333 x |= 1U << i;
1334 num ++;
1335 }
1336 }
1337 T0_PUSH(x);
1338 T0_PUSH(num);
1339
1340 }
1341 break;
1342 case 59: {
1343 /* swap */
1344 T0_SWAP();
1345 }
1346 break;
1347 case 60: {
1348 /* switch-aesgcm-in */
1349
1350 int is_client, prf_id;
1351 unsigned cipher_key_len;
1352
1353 cipher_key_len = T0_POP();
1354 prf_id = T0_POP();
1355 is_client = T0_POP();
1356 br_ssl_engine_switch_gcm_in(ENG, is_client, prf_id,
1357 ENG->iaes_ctr, cipher_key_len);
1358
1359 }
1360 break;
1361 case 61: {
1362 /* switch-aesgcm-out */
1363
1364 int is_client, prf_id;
1365 unsigned cipher_key_len;
1366
1367 cipher_key_len = T0_POP();
1368 prf_id = T0_POP();
1369 is_client = T0_POP();
1370 br_ssl_engine_switch_gcm_out(ENG, is_client, prf_id,
1371 ENG->iaes_ctr, cipher_key_len);
1372
1373 }
1374 break;
1375 case 62: {
1376 /* switch-cbc-in */
1377
1378 int is_client, prf_id, mac_id, aes;
1379 unsigned cipher_key_len;
1380
1381 cipher_key_len = T0_POP();
1382 aes = T0_POP();
1383 mac_id = T0_POP();
1384 prf_id = T0_POP();
1385 is_client = T0_POP();
1386 br_ssl_engine_switch_cbc_in(ENG, is_client, prf_id, mac_id,
1387 aes ? ENG->iaes_cbcdec : ENG->ides_cbcdec, cipher_key_len);
1388
1389 }
1390 break;
1391 case 63: {
1392 /* switch-cbc-out */
1393
1394 int is_client, prf_id, mac_id, aes;
1395 unsigned cipher_key_len;
1396
1397 cipher_key_len = T0_POP();
1398 aes = T0_POP();
1399 mac_id = T0_POP();
1400 prf_id = T0_POP();
1401 is_client = T0_POP();
1402 br_ssl_engine_switch_cbc_out(ENG, is_client, prf_id, mac_id,
1403 aes ? ENG->iaes_cbcenc : ENG->ides_cbcenc, cipher_key_len);
1404
1405 }
1406 break;
1407 case 64: {
1408 /* total-chain-length */
1409
1410 size_t u;
1411 uint32_t total;
1412
1413 total = 0;
1414 for (u = 0; u < CTX->chain_len; u ++) {
1415 total += 3 + (uint32_t)CTX->chain[u].data_len;
1416 }
1417 T0_PUSH(total);
1418
1419 }
1420 break;
1421 case 65: {
1422 /* u>> */
1423
1424 int c = (int)T0_POPi();
1425 uint32_t x = T0_POP();
1426 T0_PUSH(x >> c);
1427
1428 }
1429 break;
1430 case 66: {
1431 /* write-blob-chunk */
1432
1433 size_t clen = ENG->hlen_out;
1434 if (clen > 0) {
1435 uint32_t addr, len;
1436
1437 len = T0_POP();
1438 addr = T0_POP();
1439 if ((size_t)len < clen) {
1440 clen = (size_t)len;
1441 }
1442 memcpy(ENG->hbuf_out, (unsigned char *)ENG + addr, clen);
1443 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1444 br_multihash_update(&ENG->mhash, ENG->hbuf_out, clen);
1445 }
1446 T0_PUSH(addr + (uint32_t)clen);
1447 T0_PUSH(len - (uint32_t)clen);
1448 ENG->hbuf_out += clen;
1449 ENG->hlen_out -= clen;
1450 }
1451
1452 }
1453 break;
1454 case 67: {
1455 /* write8-native */
1456
1457 unsigned char x;
1458
1459 x = (unsigned char)T0_POP();
1460 if (ENG->hlen_out > 0) {
1461 if (ENG->record_type_out == BR_SSL_HANDSHAKE) {
1462 br_multihash_update(&ENG->mhash, &x, 1);
1463 }
1464 *ENG->hbuf_out ++ = x;
1465 ENG->hlen_out --;
1466 T0_PUSHi(-1);
1467 } else {
1468 T0_PUSHi(0);
1469 }
1470
1471 }
1472 break;
1473 }
1474
1475 } else {
1476 T0_ENTER(ip, rp, t0x);
1477 }
1478 }
1479 t0_exit:
1480 ((t0_context *)t0ctx)->dp = dp;
1481 ((t0_context *)t0ctx)->rp = rp;
1482 ((t0_context *)t0ctx)->ip = ip;
1483 }