1 /* Automatically generated code; do not modify directly. */ 2 3 #include <stddef.h> 4 #include <stdint.h> 5 6 typedef struct { 7 uint32_t *dp; 8 uint32_t *rp; 9 const unsigned char *ip; 10 } t0_context; 11 12 static uint32_t 13 t0_parse7E_unsigned(const unsigned char **p) 14 { 15 uint32_t x; 16 17 x = 0; 18 for (;;) { 19 unsigned y; 20 21 y = *(*p) ++; 22 x = (x << 7) | (uint32_t)(y & 0x7F); 23 if (y < 0x80) { 24 return x; 25 } 26 } 27 } 28 29 static int32_t 30 t0_parse7E_signed(const unsigned char **p) 31 { 32 int neg; 33 uint32_t x; 34 35 neg = ((**p) >> 6) & 1; 36 x = (uint32_t)-neg; 37 for (;;) { 38 unsigned y; 39 40 y = *(*p) ++; 41 x = (x << 7) | (uint32_t)(y & 0x7F); 42 if (y < 0x80) { 43 if (neg) { 44 return -(int32_t)~x - 1; 45 } else { 46 return (int32_t)x; 47 } 48 } 49 } 50 } 51 52 #define T0_VBYTE(x, n) (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) | 0x80) 53 #define T0_FBYTE(x, n) (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F) 54 #define T0_SBYTE(x) (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8) 55 #define T0_INT1(x) T0_FBYTE(x, 0) 56 #define T0_INT2(x) T0_VBYTE(x, 7), T0_FBYTE(x, 0) 57 #define T0_INT3(x) T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0) 58 #define T0_INT4(x) T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0) 59 #define T0_INT5(x) T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0) 60 61 /* static const unsigned char t0_datablock[]; */ 62 63 64 void br_x509_minimal_init_main(void *t0ctx); 65 66 void br_x509_minimal_run(void *t0ctx); 67 68 69 70 #include "inner.h" 71 72 73 74 75 76 #include "inner.h" 77 78 /* 79 * Implementation Notes 80 * -------------------- 81 * 82 * The C code pushes the data by chunks; all decoding is done in the 83 * T0 code. The cert_length value is set to the certificate length when 84 * a new certificate is started; the T0 code picks it up as outer limit, 85 * and decoding functions use it to ensure that no attempt is made at 86 * reading past it. The T0 code also checks that once the certificate is 87 * decoded, there are no trailing bytes. 88 * 89 * The T0 code sets cert_length to 0 when the certificate is fully 90 * decoded. 91 * 92 * The C code must still perform two checks: 93 * 94 * -- If the certificate length is 0, then the T0 code will not be 95 * invoked at all. This invalid condition must thus be reported by the 96 * C code. 97 * 98 * -- When reaching the end of certificate, the C code must verify that 99 * the certificate length has been set to 0, thereby signaling that 100 * the T0 code properly decoded a certificate. 101 * 102 * Processing of a chain works in the following way: 103 * 104 * -- The error flag is set to a non-zero value when validation is 105 * finished. The value is either BR_ERR_X509_OK (validation is 106 * successful) or another non-zero error code. When a non-zero error 107 * code is obtained, the remaining bytes in the current certificate and 108 * the subsequent certificates (if any) are completely ignored. 109 * 110 * -- Each certificate is decoded in due course, with the following 111 * "interesting points": 112 * 113 * -- Start of the TBS: the multihash engine is reset and activated. 114 * 115 * -- Start of the issuer DN: the secondary hash engine is started, 116 * to process the encoded issuer DN. 117 * 118 * -- End of the issuer DN: the secondary hash engine is stopped. The 119 * resulting hash value is computed and then copied into the 120 * next_dn_hash[] buffer. 121 * 122 * -- Start of the subject DN: the secondary hash engine is started, 123 * to process the encoded subject DN. 124 * 125 * -- For the EE certificate only: the Common Name, if any, is matched 126 * against the expected server name. 127 * 128 * -- End of the subject DN: the secondary hash engine is stopped. The 129 * resulting hash value is computed into the pad. It is then processed: 130 * 131 * -- If this is the EE certificate, then the hash is ignored 132 * (except for direct trust processing, see later; the hash is 133 * simply left in current_dn_hash[]). 134 * 135 * -- Otherwise, the hashed subject DN is compared with the saved 136 * hash value (in saved_dn_hash[]). They must match. 137 * 138 * Either way, the next_dn_hash[] value is then copied into the 139 * saved_dn_hash[] value. Thus, at that point, saved_dn_hash[] 140 * contains the hash of the issuer DN for the current certificate, 141 * and current_dn_hash[] contains the hash of the subject DN for the 142 * current certificate. 143 * 144 * -- Public key: it is decoded into the cert_pkey[] buffer. Unknown 145 * key types are reported at that point. 146 * 147 * -- If this is the EE certificate, then the key type is compared 148 * with the expected key type (initialization parameter). The public 149 * key data is copied to ee_pkey_data[]. The key and hashed subject 150 * DN are also compared with the "direct trust" keys; if the key 151 * and DN are matched, then validation ends with a success. 152 * 153 * -- Otherwise, the saved signature (cert_sig[]) is verified 154 * against the saved TBS hash (tbs_hash[]) and that freshly 155 * decoded public key. Failure here ends validation with an error. 156 * 157 * -- Extensions: extension values are processed in due order. 158 * 159 * -- Basic Constraints: for all certificates except EE, must be 160 * present, indicate a CA, and have a path legnth compatible with 161 * the chain length so far. 162 * 163 * -- Key Usage: for the EE, if present, must allow signatures 164 * or encryption/key exchange, as required for the cipher suite. 165 * For non-EE, if present, must have the "certificate sign" bit. 166 * 167 * -- Subject Alt Name: for the EE, dNSName names are matched 168 * against the server name. Ignored for non-EE. 169 * 170 * -- Authority Key Identifier, Subject Key Identifier, Issuer 171 * Alt Name, Subject Directory Attributes, CRL Distribution Points 172 * Freshest CRL, Authority Info Access and Subject Info Access 173 * extensions are always ignored: they either contain only 174 * informative data, or they relate to revocation processing, which 175 * we explicitly do not support. 176 * 177 * -- All other extensions are ignored if non-critical. If a 178 * critical extension other than the ones above is encountered, 179 * then a failure is reported. 180 * 181 * -- End of the TBS: the multihash engine is stopped. 182 * 183 * -- Signature algorithm: the signature algorithm on the 184 * certificate is decoded. A failure is reported if that algorithm 185 * is unknown. The hashed TBS corresponding to the signature hash 186 * function is computed and stored in tbs_hash[] (if not supported, 187 * then a failure is reported). The hash OID and length are stored 188 * in cert_sig_hash_oid and cert_sig_hash_len. 189 * 190 * -- Signature value: the signature value is copied into the 191 * cert_sig[] array. 192 * 193 * -- Certificate end: the hashed issuer DN (saved_dn_hash[]) is 194 * looked up in the trust store (CA trust anchors only); for all 195 * that match, the signature (cert_sig[]) is verified against the 196 * anchor public key (hashed TBS is in tbs_hash[]). If one of these 197 * signatures is valid, then validation ends with a success. 198 * 199 * -- If the chain end is reached without obtaining a validation success, 200 * then validation is reported as failed. 201 */ 202 203 #if BR_USE_UNIX_TIME 204 #include <time.h> 205 #endif 206 207 #if BR_USE_WIN32_TIME 208 #include <windows.h> 209 #endif 210 211 /* 212 * The T0 compiler will produce these prototypes declarations in the 213 * header. 214 * 215 void br_x509_minimal_init_main(void *ctx); 216 void br_x509_minimal_run(void *ctx); 217 */ 218 219 /* see bearssl_x509.h */ 220 void 221 br_x509_minimal_init(br_x509_minimal_context *ctx, 222 const br_hash_class *dn_hash_impl, 223 const br_x509_trust_anchor *trust_anchors, size_t trust_anchors_num) 224 { 225 memset(ctx, 0, sizeof *ctx); 226 ctx->vtable = &br_x509_minimal_vtable; 227 ctx->dn_hash_impl = dn_hash_impl; 228 ctx->trust_anchors = trust_anchors; 229 ctx->trust_anchors_num = trust_anchors_num; 230 } 231 232 static void 233 xm_start_chain(const br_x509_class **ctx, const char *server_name) 234 { 235 br_x509_minimal_context *cc; 236 size_t u; 237 238 cc = (br_x509_minimal_context *)(void *)ctx; 239 for (u = 0; u < cc->num_name_elts; u ++) { 240 cc->name_elts[u].status = 0; 241 cc->name_elts[u].buf[0] = 0; 242 } 243 memset(&cc->pkey, 0, sizeof cc->pkey); 244 cc->num_certs = 0; 245 cc->err = 0; 246 cc->cpu.dp = cc->dp_stack; 247 cc->cpu.rp = cc->rp_stack; 248 br_x509_minimal_init_main(&cc->cpu); 249 if (server_name == NULL || *server_name == 0) { 250 cc->server_name = NULL; 251 } else { 252 cc->server_name = server_name; 253 } 254 } 255 256 static void 257 xm_start_cert(const br_x509_class **ctx, uint32_t length) 258 { 259 br_x509_minimal_context *cc; 260 261 cc = (br_x509_minimal_context *)(void *)ctx; 262 if (cc->err != 0) { 263 return; 264 } 265 if (length == 0) { 266 cc->err = BR_ERR_X509_TRUNCATED; 267 return; 268 } 269 cc->cert_length = length; 270 } 271 272 static void 273 xm_append(const br_x509_class **ctx, const unsigned char *buf, size_t len) 274 { 275 br_x509_minimal_context *cc; 276 277 cc = (br_x509_minimal_context *)(void *)ctx; 278 if (cc->err != 0) { 279 return; 280 } 281 cc->hbuf = buf; 282 cc->hlen = len; 283 br_x509_minimal_run(&cc->cpu); 284 } 285 286 static void 287 xm_end_cert(const br_x509_class **ctx) 288 { 289 br_x509_minimal_context *cc; 290 291 cc = (br_x509_minimal_context *)(void *)ctx; 292 if (cc->err == 0 && cc->cert_length != 0) { 293 cc->err = BR_ERR_X509_TRUNCATED; 294 } 295 cc->num_certs ++; 296 } 297 298 static unsigned 299 xm_end_chain(const br_x509_class **ctx) 300 { 301 br_x509_minimal_context *cc; 302 303 cc = (br_x509_minimal_context *)(void *)ctx; 304 if (cc->err == 0) { 305 if (cc->num_certs == 0) { 306 cc->err = BR_ERR_X509_EMPTY_CHAIN; 307 } else { 308 cc->err = BR_ERR_X509_NOT_TRUSTED; 309 } 310 } else if (cc->err == BR_ERR_X509_OK) { 311 return 0; 312 } 313 return (unsigned)cc->err; 314 } 315 316 static const br_x509_pkey * 317 xm_get_pkey(const br_x509_class *const *ctx, unsigned *usages) 318 { 319 br_x509_minimal_context *cc; 320 321 cc = (br_x509_minimal_context *)(void *)ctx; 322 if (cc->err == BR_ERR_X509_OK 323 || cc->err == BR_ERR_X509_NOT_TRUSTED) 324 { 325 if (usages != NULL) { 326 *usages = cc->key_usages; 327 } 328 return &((br_x509_minimal_context *)(void *)ctx)->pkey; 329 } else { 330 return NULL; 331 } 332 } 333 334 /* see bearssl_x509.h */ 335 const br_x509_class br_x509_minimal_vtable = { 336 sizeof(br_x509_minimal_context), 337 xm_start_chain, 338 xm_start_cert, 339 xm_append, 340 xm_end_cert, 341 xm_end_chain, 342 xm_get_pkey 343 }; 344 345 #define CTX ((br_x509_minimal_context *)(void *)((unsigned char *)t0ctx - offsetof(br_x509_minimal_context, cpu))) 346 #define CONTEXT_NAME br_x509_minimal_context 347 348 #define DNHASH_LEN ((CTX->dn_hash_impl->desc >> BR_HASHDESC_OUT_OFF) & BR_HASHDESC_OUT_MASK) 349 350 /* 351 * Hash a DN (from a trust anchor) into the provided buffer. This uses the 352 * DN hash implementation and context structure from the X.509 engine 353 * context. 354 */ 355 static void 356 hash_dn(br_x509_minimal_context *ctx, const void *dn, size_t len, 357 unsigned char *out) 358 { 359 ctx->dn_hash_impl->init(&ctx->dn_hash.vtable); 360 ctx->dn_hash_impl->update(&ctx->dn_hash.vtable, dn, len); 361 ctx->dn_hash_impl->out(&ctx->dn_hash.vtable, out); 362 } 363 364 /* 365 * Compare two big integers for equality. The integers use unsigned big-endian 366 * encoding; extra leading bytes (of value 0) are allowed. 367 */ 368 static int 369 eqbigint(const unsigned char *b1, size_t len1, 370 const unsigned char *b2, size_t len2) 371 { 372 while (len1 > 0 && *b1 == 0) { 373 b1 ++; 374 len1 --; 375 } 376 while (len2 > 0 && *b2 == 0) { 377 b2 ++; 378 len2 --; 379 } 380 if (len1 != len2) { 381 return 0; 382 } 383 return memcmp(b1, b2, len1) == 0; 384 } 385 386 /* 387 * Compare two strings for equality, in a case-insensitive way. This 388 * function handles casing only for ASCII letters. 389 */ 390 static int 391 eqnocase(const void *s1, const void *s2, size_t len) 392 { 393 const unsigned char *buf1, *buf2; 394 395 buf1 = s1; 396 buf2 = s2; 397 while (len -- > 0) { 398 int x1, x2; 399 400 x1 = *buf1 ++; 401 x2 = *buf2 ++; 402 if (x1 >= 'A' && x1 <= 'Z') { 403 x1 += 'a' - 'A'; 404 } 405 if (x2 >= 'A' && x2 <= 'Z') { 406 x2 += 'a' - 'A'; 407 } 408 if (x1 != x2) { 409 return 0; 410 } 411 } 412 return 1; 413 } 414 415 static int verify_signature(br_x509_minimal_context *ctx, 416 const br_x509_pkey *pk); 417 418 419 420 static const unsigned char t0_datablock[] = { 421 0x00, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x09, 422 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05, 0x09, 0x2A, 0x86, 423 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0E, 0x09, 0x2A, 0x86, 0x48, 0x86, 424 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 425 0x01, 0x01, 0x0C, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 426 0x0D, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A, 0x09, 0x60, 0x86, 0x48, 0x01, 427 0x65, 0x03, 0x04, 0x02, 0x04, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 428 0x04, 0x02, 0x01, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 429 0x02, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x07, 430 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x08, 0x2A, 0x86, 0x48, 0xCE, 431 0x3D, 0x03, 0x01, 0x07, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22, 0x05, 0x2B, 432 0x81, 0x04, 0x00, 0x23, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x01, 433 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x01, 0x08, 0x2A, 0x86, 434 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 435 0x04, 0x03, 0x03, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x04, 436 0x03, 0x55, 0x04, 0x03, 0x00, 0x1F, 0x03, 0xFC, 0x07, 0x7F, 0x0B, 0x5E, 437 0x0F, 0x1F, 0x12, 0xFE, 0x16, 0xBF, 0x1A, 0x9F, 0x1E, 0x7E, 0x22, 0x3F, 438 0x26, 0x1E, 0x29, 0xDF, 0x00, 0x1F, 0x03, 0xFD, 0x07, 0x9F, 0x0B, 0x7E, 439 0x0F, 0x3F, 0x13, 0x1E, 0x16, 0xDF, 0x1A, 0xBF, 0x1E, 0x9E, 0x22, 0x5F, 440 0x26, 0x3E, 0x29, 0xFF, 0x03, 0x55, 0x1D, 0x13, 0x03, 0x55, 0x1D, 0x0F, 441 0x03, 0x55, 0x1D, 0x11, 0x03, 0x55, 0x1D, 0x20, 0x08, 0x2B, 0x06, 0x01, 442 0x05, 0x05, 0x07, 0x02, 0x01, 0x03, 0x55, 0x1D, 0x23, 0x03, 0x55, 0x1D, 443 0x0E, 0x03, 0x55, 0x1D, 0x12, 0x03, 0x55, 0x1D, 0x09, 0x03, 0x55, 0x1D, 444 0x1F, 0x03, 0x55, 0x1D, 0x2E, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 445 0x01, 0x01, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x01, 0x0B 446 }; 447 448 static const unsigned char t0_codeblock[] = { 449 0x00, 0x01, 0x00, 0x0D, 0x00, 0x00, 0x01, 0x00, 0x10, 0x00, 0x00, 0x01, 450 0x00, 0x11, 0x00, 0x00, 0x01, 0x01, 0x09, 0x00, 0x00, 0x01, 0x01, 0x0A, 451 0x00, 0x00, 0x24, 0x24, 0x00, 0x00, 0x01, 452 T0_INT1(BR_ERR_X509_BAD_BOOLEAN), 0x00, 0x00, 0x01, 453 T0_INT1(BR_ERR_X509_BAD_DN), 0x00, 0x00, 0x01, 454 T0_INT1(BR_ERR_X509_BAD_SERVER_NAME), 0x00, 0x00, 0x01, 455 T0_INT1(BR_ERR_X509_BAD_TAG_CLASS), 0x00, 0x00, 0x01, 456 T0_INT1(BR_ERR_X509_BAD_TAG_VALUE), 0x00, 0x00, 0x01, 457 T0_INT1(BR_ERR_X509_BAD_TIME), 0x00, 0x00, 0x01, 458 T0_INT1(BR_ERR_X509_CRITICAL_EXTENSION), 0x00, 0x00, 0x01, 459 T0_INT1(BR_ERR_X509_DN_MISMATCH), 0x00, 0x00, 0x01, 460 T0_INT1(BR_ERR_X509_EXPIRED), 0x00, 0x00, 0x01, 461 T0_INT1(BR_ERR_X509_EXTRA_ELEMENT), 0x00, 0x00, 0x01, 462 T0_INT1(BR_ERR_X509_FORBIDDEN_KEY_USAGE), 0x00, 0x00, 0x01, 463 T0_INT1(BR_ERR_X509_INDEFINITE_LENGTH), 0x00, 0x00, 0x01, 464 T0_INT1(BR_ERR_X509_INNER_TRUNC), 0x00, 0x00, 0x01, 465 T0_INT1(BR_ERR_X509_LIMIT_EXCEEDED), 0x00, 0x00, 0x01, 466 T0_INT1(BR_ERR_X509_NOT_CA), 0x00, 0x00, 0x01, 467 T0_INT1(BR_ERR_X509_NOT_CONSTRUCTED), 0x00, 0x00, 0x01, 468 T0_INT1(BR_ERR_X509_NOT_PRIMITIVE), 0x00, 0x00, 0x01, 469 T0_INT1(BR_ERR_X509_OVERFLOW), 0x00, 0x00, 0x01, 470 T0_INT1(BR_ERR_X509_PARTIAL_BYTE), 0x00, 0x00, 0x01, 471 T0_INT1(BR_ERR_X509_UNEXPECTED), 0x00, 0x00, 0x01, 472 T0_INT1(BR_ERR_X509_UNSUPPORTED), 0x00, 0x00, 0x01, 473 T0_INT1(BR_ERR_X509_WEAK_PUBLIC_KEY), 0x00, 0x00, 0x01, 474 T0_INT1(BR_KEYTYPE_EC), 0x00, 0x00, 0x01, T0_INT1(BR_KEYTYPE_RSA), 475 0x00, 0x00, 0x01, T0_INT2(offsetof(CONTEXT_NAME, cert_length)), 0x00, 476 0x00, 0x01, T0_INT2(offsetof(CONTEXT_NAME, cert_sig)), 0x00, 0x00, 477 0x01, T0_INT2(offsetof(CONTEXT_NAME, cert_sig_hash_len)), 0x00, 0x00, 478 0x01, T0_INT2(offsetof(CONTEXT_NAME, cert_sig_hash_oid)), 0x00, 0x00, 479 0x01, T0_INT2(offsetof(CONTEXT_NAME, cert_sig_len)), 0x00, 0x00, 0x01, 480 T0_INT2(offsetof(CONTEXT_NAME, cert_signer_key_type)), 0x00, 0x00, 481 0x01, T0_INT2(offsetof(CONTEXT_NAME, current_dn_hash)), 0x00, 0x00, 482 0x01, T0_INT2(offsetof(CONTEXT_NAME, key_usages)), 0x00, 0x00, 0x01, 483 T0_INT2(offsetof(br_x509_minimal_context, pkey_data)), 0x01, 484 T0_INT2(BR_X509_BUFSIZE_KEY), 0x00, 0x00, 0x01, 485 T0_INT2(offsetof(CONTEXT_NAME, min_rsa_size)), 0x00, 0x00, 0x01, 486 T0_INT2(offsetof(CONTEXT_NAME, next_dn_hash)), 0x00, 0x00, 0x01, 487 T0_INT2(offsetof(CONTEXT_NAME, num_certs)), 0x00, 0x00, 0x01, 488 T0_INT2(offsetof(CONTEXT_NAME, pad)), 0x00, 0x00, 0x01, 489 T0_INT2(offsetof(CONTEXT_NAME, saved_dn_hash)), 0x00, 0x00, 0xC9, 0x71, 490 0x00, 0x00, 0x01, 0x80, 0x73, 0x00, 0x00, 0x01, 0x80, 0x7C, 0x00, 0x00, 491 0x01, 0x81, 0x02, 0x00, 0x00, 0x92, 0x05, 0x05, 0x34, 0x42, 0x01, 0x00, 492 0x00, 0x34, 0x01, 0x0A, 0x0E, 0x09, 0x01, 0x9A, 0xFF, 0xB8, 0x00, 0x0A, 493 0x00, 0x00, 0x01, 0x82, 0x19, 0x00, 0x00, 0x01, 0x82, 0x01, 0x00, 0x00, 494 0x01, 0x81, 0x68, 0x00, 0x04, 0x03, 0x00, 0x03, 0x01, 0x03, 0x02, 0x03, 495 0x03, 0x02, 0x03, 0x02, 0x01, 0x11, 0x06, 0x07, 0x02, 0x02, 0x02, 0x00, 496 0x0D, 0x04, 0x05, 0x02, 0x03, 0x02, 0x01, 0x0D, 0x00, 0x02, 0x03, 0x00, 497 0x03, 0x01, 0x25, 0x02, 0x01, 0x13, 0x3B, 0x02, 0x00, 0x0F, 0x15, 0x00, 498 0x00, 0x01, 0x81, 0x74, 0x00, 0x00, 0x05, 0x02, 0x52, 0x28, 0x00, 0x00, 499 0x06, 0x02, 0x53, 0x28, 0x00, 0x00, 0x01, 0x10, 0x77, 0x00, 0x00, 0x11, 500 0x05, 0x02, 0x56, 0x28, 0x74, 0x00, 0x00, 0x11, 0x05, 0x02, 0x56, 0x28, 501 0x75, 0x00, 0x00, 0x06, 0x02, 0x4C, 0x28, 0x00, 0x00, 0x01, 0x82, 0x11, 502 0x00, 0x00, 0x25, 0x20, 0x01, 0x08, 0x0E, 0x3B, 0x40, 0x20, 0x09, 0x00, 503 0x09, 0x03, 0x00, 0x5B, 0x2B, 0xAF, 0x39, 0xAF, 0xB3, 0x25, 0x01, 0x20, 504 0x11, 0x06, 0x11, 0x24, 0x74, 0xAD, 0xB3, 0x01, 0x02, 0x78, 0xB0, 0x01, 505 0x02, 0x12, 0x06, 0x02, 0x57, 0x28, 0x79, 0xB3, 0x01, 0x02, 0x78, 0xAE, 506 0xAF, 0xC2, 0x9C, 0x65, 0x61, 0x21, 0x16, 0xAF, 0xA7, 0x29, 0x69, 0x06, 507 0x02, 0x4B, 0x28, 0xA7, 0x29, 0x71, 0x06, 0x02, 0x4B, 0x28, 0x79, 0x02, 508 0x00, 0x06, 0x05, 0x9D, 0x03, 0x01, 0x04, 0x09, 0x9C, 0x61, 0x68, 0x21, 509 0x27, 0x05, 0x02, 0x4A, 0x28, 0x68, 0x65, 0x21, 0x16, 0xAF, 0xAF, 0x9E, 510 0x05, 0x02, 0x57, 0x28, 0xBC, 0x26, 0x06, 0x27, 0xC2, 0xA4, 0xAF, 0x63, 511 0xAA, 0x03, 0x03, 0x63, 0x3B, 0x02, 0x03, 0x09, 0x3B, 0x02, 0x03, 0x0A, 512 0xAA, 0x03, 0x04, 0x79, 0x64, 0x2A, 0x01, 0x81, 0x00, 0x09, 0x02, 0x03, 513 0x12, 0x06, 0x02, 0x58, 0x28, 0x79, 0x5A, 0x03, 0x02, 0x04, 0x3A, 0x88, 514 0x26, 0x06, 0x34, 0x9E, 0x05, 0x02, 0x57, 0x28, 0x6A, 0x26, 0x06, 0x04, 515 0x01, 0x17, 0x04, 0x12, 0x6B, 0x26, 0x06, 0x04, 0x01, 0x18, 0x04, 0x0A, 516 0x6C, 0x26, 0x06, 0x04, 0x01, 0x19, 0x04, 0x02, 0x57, 0x28, 0x03, 0x05, 517 0x79, 0xA4, 0x25, 0x03, 0x06, 0x25, 0x63, 0x34, 0x0D, 0x06, 0x02, 0x50, 518 0x28, 0xA5, 0x59, 0x03, 0x02, 0x04, 0x02, 0x57, 0x28, 0x79, 0x02, 0x00, 519 0x06, 0x21, 0x02, 0x02, 0x5A, 0x30, 0x11, 0x06, 0x08, 0x24, 0x02, 0x03, 520 0x02, 0x04, 0x1D, 0x04, 0x10, 0x59, 0x30, 0x11, 0x06, 0x08, 0x24, 0x02, 521 0x05, 0x02, 0x06, 0x1C, 0x04, 0x03, 0x57, 0x28, 0x24, 0x04, 0x24, 0x02, 522 0x02, 0x5A, 0x30, 0x11, 0x06, 0x08, 0x24, 0x02, 0x03, 0x02, 0x04, 0x23, 523 0x04, 0x10, 0x59, 0x30, 0x11, 0x06, 0x08, 0x24, 0x02, 0x05, 0x02, 0x06, 524 0x22, 0x04, 0x03, 0x57, 0x28, 0x24, 0x25, 0x06, 0x01, 0x28, 0x24, 0x01, 525 0x00, 0x03, 0x07, 0xB4, 0x01, 0x21, 0x8F, 0x01, 0x22, 0x8F, 0x25, 0x01, 526 0x23, 0x11, 0x06, 0x81, 0x26, 0x24, 0x74, 0xAD, 0xAF, 0x25, 0x06, 0x81, 527 0x1A, 0x01, 0x00, 0x03, 0x08, 0xAF, 0x9E, 0x24, 0xB3, 0x25, 0x01, 0x01, 528 0x11, 0x06, 0x04, 0xA6, 0x03, 0x08, 0xB3, 0x01, 0x04, 0x78, 0xAD, 0x70, 529 0x26, 0x06, 0x0F, 0x02, 0x00, 0x06, 0x03, 0xC3, 0x04, 0x05, 0x99, 0x01, 530 0x7F, 0x03, 0x07, 0x04, 0x80, 0x6C, 0x91, 0x26, 0x06, 0x06, 0x02, 0x00, 531 0x9B, 0x04, 0x80, 0x62, 0xC5, 0x26, 0x06, 0x11, 0x02, 0x00, 0x06, 0x09, 532 0x01, 0x00, 0x03, 0x01, 0x98, 0x03, 0x01, 0x04, 0x01, 0xC3, 0x04, 0x80, 533 0x4D, 0x73, 0x26, 0x06, 0x0A, 0x02, 0x08, 0x06, 0x03, 0x9A, 0x04, 0x01, 534 0xC3, 0x04, 0x3F, 0x6F, 0x26, 0x06, 0x03, 0xC3, 0x04, 0x38, 0xC8, 0x26, 535 0x06, 0x03, 0xC3, 0x04, 0x31, 0x90, 0x26, 0x06, 0x03, 0xC3, 0x04, 0x2A, 536 0xC6, 0x26, 0x06, 0x03, 0xC3, 0x04, 0x23, 0x7A, 0x26, 0x06, 0x03, 0xC3, 537 0x04, 0x1C, 0x85, 0x26, 0x06, 0x03, 0xC3, 0x04, 0x15, 0x6E, 0x26, 0x06, 538 0x03, 0xC3, 0x04, 0x0E, 0xC7, 0x26, 0x06, 0x03, 0xC3, 0x04, 0x07, 0x02, 539 0x08, 0x06, 0x02, 0x49, 0x28, 0xC3, 0x79, 0x79, 0x04, 0xFE, 0x62, 0x79, 540 0x79, 0x04, 0x08, 0x01, 0x7F, 0x11, 0x05, 0x02, 0x56, 0x28, 0x24, 0x79, 541 0x3A, 0x02, 0x00, 0x06, 0x08, 0x02, 0x01, 0x3C, 0x2F, 0x05, 0x02, 0x45, 542 0x28, 0x02, 0x00, 0x06, 0x01, 0x17, 0x02, 0x00, 0x02, 0x07, 0x2F, 0x05, 543 0x02, 0x51, 0x28, 0xB3, 0x76, 0xAD, 0x9E, 0x06, 0x80, 0x77, 0xBD, 0x26, 544 0x06, 0x07, 0x01, 0x02, 0x5A, 0x8A, 0x04, 0x80, 0x5E, 0xBE, 0x26, 0x06, 545 0x07, 0x01, 0x03, 0x5A, 0x8B, 0x04, 0x80, 0x53, 0xBF, 0x26, 0x06, 0x07, 546 0x01, 0x04, 0x5A, 0x8C, 0x04, 0x80, 0x48, 0xC0, 0x26, 0x06, 0x06, 0x01, 547 0x05, 0x5A, 0x8D, 0x04, 0x3E, 0xC1, 0x26, 0x06, 0x06, 0x01, 0x06, 0x5A, 548 0x8E, 0x04, 0x34, 0x7F, 0x26, 0x06, 0x06, 0x01, 0x02, 0x59, 0x8A, 0x04, 549 0x2A, 0x80, 0x26, 0x06, 0x06, 0x01, 0x03, 0x59, 0x8B, 0x04, 0x20, 0x81, 550 0x26, 0x06, 0x06, 0x01, 0x04, 0x59, 0x8C, 0x04, 0x16, 0x82, 0x26, 0x06, 551 0x06, 0x01, 0x05, 0x59, 0x8D, 0x04, 0x0C, 0x83, 0x26, 0x06, 0x06, 0x01, 552 0x06, 0x59, 0x8E, 0x04, 0x02, 0x57, 0x28, 0x5E, 0x35, 0x60, 0x37, 0x1B, 553 0x25, 0x05, 0x02, 0x57, 0x28, 0x5D, 0x37, 0x04, 0x02, 0x57, 0x28, 0xC2, 554 0xA4, 0x25, 0x01, T0_INT2(BR_X509_BUFSIZE_SIG), 0x12, 0x06, 0x02, 0x50, 555 0x28, 0x25, 0x5F, 0x35, 0x5C, 0xA5, 0x79, 0x79, 0x01, 0x00, 0x5B, 0x36, 556 0x18, 0x00, 0x00, 0x01, 0x30, 0x0A, 0x25, 0x01, 0x00, 0x01, 0x09, 0x72, 557 0x05, 0x02, 0x48, 0x28, 0x00, 0x00, 0x30, 0x30, 0x00, 0x00, 0x01, 0x81, 558 0x08, 0x00, 0x00, 0x01, 0x81, 0x10, 0x00, 0x00, 0x01, 0x81, 0x19, 0x00, 559 0x00, 0x01, 0x81, 0x22, 0x00, 0x00, 0x01, 0x81, 0x2B, 0x00, 0x01, 0x7E, 560 0x01, 0x01, 0x11, 0x3B, 0x01, 0x83, 0xFD, 0x7F, 0x11, 0x15, 0x06, 0x03, 561 0x3B, 0x24, 0x00, 0x3B, 0x25, 0x03, 0x00, 0x25, 0xCA, 0x05, 0x04, 0x42, 562 0x01, 0x00, 0x00, 0x25, 0x01, 0x81, 0x00, 0x0D, 0x06, 0x04, 0x96, 0x04, 563 0x80, 0x49, 0x25, 0x01, 0x90, 0x00, 0x0D, 0x06, 0x0F, 0x01, 0x06, 0x14, 564 0x01, 0x81, 0x40, 0x2F, 0x96, 0x02, 0x00, 0x01, 0x00, 0x97, 0x04, 0x33, 565 0x25, 0x01, 0x83, 0xFF, 0x7F, 0x0D, 0x06, 0x14, 0x01, 0x0C, 0x14, 0x01, 566 0x81, 0x60, 0x2F, 0x96, 0x02, 0x00, 0x01, 0x06, 0x97, 0x02, 0x00, 0x01, 567 0x00, 0x97, 0x04, 0x17, 0x01, 0x12, 0x14, 0x01, 0x81, 0x70, 0x2F, 0x96, 568 0x02, 0x00, 0x01, 0x0C, 0x97, 0x02, 0x00, 0x01, 0x06, 0x97, 0x02, 0x00, 569 0x01, 0x00, 0x97, 0x00, 0x00, 0x01, 0x82, 0x15, 0x00, 0x00, 0x25, 0x01, 570 0x83, 0xB0, 0x00, 0x01, 0x83, 0xB7, 0x7F, 0x72, 0x00, 0x00, 0x01, 0x81, 571 0x34, 0x00, 0x00, 0x01, 0x80, 0x6B, 0x00, 0x00, 0x01, 0x81, 0x78, 0x00, 572 0x00, 0x01, 0x3D, 0x00, 0x00, 0x01, 0x80, 0x43, 0x00, 0x00, 0x01, 0x80, 573 0x4D, 0x00, 0x00, 0x01, 0x80, 0x57, 0x00, 0x00, 0x01, 0x80, 0x61, 0x00, 574 0x00, 0x30, 0x11, 0x06, 0x04, 0x42, 0xAD, 0xC2, 0xB4, 0x00, 0x00, 0x01, 575 0x82, 0x09, 0x00, 0x00, 0x01, 0x81, 0x6C, 0x00, 0x00, 0x25, 0x01, 0x83, 576 0xB8, 0x00, 0x01, 0x83, 0xBF, 0x7F, 0x72, 0x00, 0x00, 0x01, 0x30, 0x62, 577 0x37, 0x01, 0x7F, 0x7C, 0x19, 0x01, 0x00, 0x7C, 0x19, 0x04, 0x7A, 0x00, 578 0x01, 0x81, 0x38, 0x00, 0x01, 0x7E, 0x0D, 0x06, 0x02, 0x4F, 0x28, 0x25, 579 0x03, 0x00, 0x0A, 0x02, 0x00, 0x00, 0x00, 0x30, 0x25, 0x3F, 0x3B, 0x01, 580 0x82, 0x00, 0x13, 0x2F, 0x06, 0x04, 0x42, 0x01, 0x00, 0x00, 0x30, 0x67, 581 0x09, 0x37, 0x40, 0x00, 0x00, 0x14, 0x01, 0x3F, 0x15, 0x01, 0x81, 0x00, 582 0x2F, 0x96, 0x00, 0x02, 0x01, 0x00, 0x03, 0x00, 0xAF, 0x25, 0x06, 0x80, 583 0x59, 0xB3, 0x01, 0x20, 0x30, 0x11, 0x06, 0x17, 0x24, 0x74, 0xAD, 0x9E, 584 0x24, 0x01, 0x7F, 0x2E, 0x03, 0x01, 0xB3, 0x01, 0x20, 0x77, 0xAD, 0xB2, 585 0x02, 0x01, 0x1F, 0x79, 0x79, 0x04, 0x38, 0x01, 0x21, 0x30, 0x11, 0x06, 586 0x08, 0x24, 0x75, 0xB6, 0x01, 0x01, 0x1E, 0x04, 0x2A, 0x01, 0x22, 0x30, 587 0x11, 0x06, 0x11, 0x24, 0x75, 0xB6, 0x25, 0x06, 0x06, 0x2C, 0x02, 0x00, 588 0x2F, 0x03, 0x00, 0x01, 0x02, 0x1E, 0x04, 0x13, 0x01, 0x26, 0x30, 0x11, 589 0x06, 0x08, 0x24, 0x75, 0xB6, 0x01, 0x06, 0x1E, 0x04, 0x05, 0x42, 0xAE, 590 0x01, 0x00, 0x24, 0x04, 0xFF, 0x23, 0x79, 0x02, 0x00, 0x00, 0x00, 0xAF, 591 0xB4, 0x25, 0x01, 0x01, 0x11, 0x06, 0x08, 0xA6, 0x05, 0x02, 0x51, 0x28, 592 0xB4, 0x04, 0x02, 0x51, 0x28, 0x25, 0x01, 0x02, 0x11, 0x06, 0x0C, 0x24, 593 0x75, 0xB0, 0x66, 0x2B, 0x41, 0x0D, 0x06, 0x02, 0x51, 0x28, 0xB4, 0x01, 594 0x7F, 0x10, 0x06, 0x02, 0x56, 0x28, 0x24, 0x79, 0x00, 0x00, 0xAF, 0x25, 595 0x06, 0x1A, 0xAF, 0x9E, 0x24, 0x25, 0x06, 0x11, 0xAF, 0x25, 0x06, 0x0C, 596 0xAF, 0x9E, 0x24, 0x89, 0x26, 0x05, 0x02, 0x49, 0x28, 0xC2, 0x04, 0x71, 597 0x79, 0x79, 0x04, 0x63, 0x79, 0x00, 0x02, 0x03, 0x00, 0xB3, 0x01, 0x03, 598 0x78, 0xAD, 0xBA, 0x03, 0x01, 0x02, 0x01, 0x01, 0x07, 0x12, 0x06, 0x02, 599 0x56, 0x28, 0x25, 0x01, 0x00, 0x30, 0x11, 0x06, 0x05, 0x24, 0x4D, 0x28, 600 0x04, 0x15, 0x01, 0x01, 0x30, 0x11, 0x06, 0x0A, 0x24, 0xBA, 0x02, 0x01, 601 0x14, 0x02, 0x01, 0x0E, 0x04, 0x05, 0x24, 0xBA, 0x01, 0x00, 0x24, 0x02, 602 0x00, 0x06, 0x19, 0x01, 0x00, 0x30, 0x01, 0x38, 0x15, 0x06, 0x03, 0x01, 603 0x10, 0x2F, 0x3B, 0x01, 0x81, 0x40, 0x15, 0x06, 0x03, 0x01, 0x20, 0x2F, 604 0x62, 0x37, 0x04, 0x07, 0x01, 0x04, 0x15, 0x05, 0x02, 0x4D, 0x28, 0xC2, 605 0x00, 0x00, 0x38, 0xAF, 0xC2, 0x1A, 0x00, 0x03, 0x01, 0x00, 0x03, 0x00, 606 0x38, 0xAF, 0x25, 0x06, 0x30, 0xB3, 0x01, 0x11, 0x77, 0xAD, 0x25, 0x05, 607 0x02, 0x44, 0x28, 0x25, 0x06, 0x20, 0xAF, 0x9E, 0x24, 0x87, 0x26, 0x03, 608 0x01, 0x01, 0x00, 0x2E, 0x03, 0x02, 0xB2, 0x25, 0x02, 0x01, 0x15, 0x06, 609 0x07, 0x2C, 0x06, 0x04, 0x01, 0x7F, 0x03, 0x00, 0x02, 0x02, 0x1F, 0x79, 610 0x04, 0x5D, 0x79, 0x04, 0x4D, 0x79, 0x1A, 0x02, 0x00, 0x00, 0x00, 0xB3, 611 0x01, 0x06, 0x78, 0xB1, 0x00, 0x00, 0xB8, 0x86, 0x06, 0x0E, 0x3B, 0x25, 612 0x05, 0x06, 0x42, 0x01, 0x00, 0x01, 0x00, 0x00, 0xB8, 0x6D, 0x04, 0x08, 613 0x92, 0x06, 0x05, 0x24, 0x01, 0x00, 0x04, 0x00, 0x00, 0x00, 0xB9, 0x86, 614 0x06, 0x0E, 0x3B, 0x25, 0x05, 0x06, 0x42, 0x01, 0x00, 0x01, 0x00, 0x00, 615 0xB9, 0x6D, 0x04, 0x08, 0x92, 0x06, 0x05, 0x24, 0x01, 0x00, 0x04, 0x00, 616 0x00, 0x00, 0xBA, 0x25, 0x01, 0x81, 0x00, 0x0D, 0x06, 0x04, 0x00, 0x04, 617 0x80, 0x55, 0x25, 0x01, 0x81, 0x40, 0x0D, 0x06, 0x07, 0x24, 0x01, 0x00, 618 0x00, 0x04, 0x80, 0x47, 0x25, 0x01, 0x81, 0x60, 0x0D, 0x06, 0x0E, 0x01, 619 0x1F, 0x15, 0x01, 0x01, 0xA3, 0x01, 0x81, 0x00, 0x01, 0x8F, 0x7F, 0x04, 620 0x32, 0x25, 0x01, 0x81, 0x70, 0x0D, 0x06, 0x0F, 0x01, 0x0F, 0x15, 0x01, 621 0x02, 0xA3, 0x01, 0x90, 0x00, 0x01, 0x83, 0xFF, 0x7F, 0x04, 0x1C, 0x25, 622 0x01, 0x81, 0x78, 0x0D, 0x06, 0x11, 0x01, 0x07, 0x15, 0x01, 0x03, 0xA3, 623 0x01, 0x84, 0x80, 0x00, 0x01, 0x80, 0xC3, 0xFF, 0x7F, 0x04, 0x04, 0x24, 624 0x01, 0x00, 0x00, 0x72, 0x05, 0x03, 0x24, 0x01, 0x00, 0x00, 0x00, 0x3B, 625 0x25, 0x05, 0x06, 0x42, 0x01, 0x00, 0x01, 0x7F, 0x00, 0xBA, 0x34, 0x25, 626 0x3D, 0x06, 0x03, 0x3B, 0x24, 0x00, 0x01, 0x06, 0x0E, 0x3B, 0x25, 0x01, 627 0x06, 0x14, 0x01, 0x02, 0x10, 0x06, 0x04, 0x42, 0x01, 0x7F, 0x00, 0x01, 628 0x3F, 0x15, 0x09, 0x00, 0x00, 0x25, 0x06, 0x06, 0x0B, 0xA2, 0x34, 0x41, 629 0x04, 0x77, 0x24, 0x25, 0x00, 0x00, 0xB3, 0x01, 0x03, 0x78, 0xAD, 0xBA, 630 0x06, 0x02, 0x55, 0x28, 0x00, 0x00, 0x3B, 0x25, 0x06, 0x07, 0x31, 0x25, 631 0x06, 0x01, 0x19, 0x04, 0x76, 0x42, 0x00, 0x00, 0x01, 0x01, 0x78, 0xAC, 632 0x01, 0x01, 0x10, 0x06, 0x02, 0x43, 0x28, 0xBA, 0x3E, 0x00, 0x04, 0xB3, 633 0x25, 0x01, 0x17, 0x01, 0x18, 0x72, 0x05, 0x02, 0x48, 0x28, 0x01, 0x18, 634 0x11, 0x03, 0x00, 0x75, 0xAD, 0xA8, 0x02, 0x00, 0x06, 0x0C, 0x01, 0x80, 635 0x64, 0x08, 0x03, 0x01, 0xA8, 0x02, 0x01, 0x09, 0x04, 0x0E, 0x25, 0x01, 636 0x32, 0x0D, 0x06, 0x04, 0x01, 0x80, 0x64, 0x09, 0x01, 0x8E, 0x6C, 0x09, 637 0x03, 0x01, 0x02, 0x01, 0x01, 0x82, 0x6D, 0x08, 0x02, 0x01, 0x01, 0x03, 638 0x09, 0x01, 0x04, 0x0C, 0x09, 0x02, 0x01, 0x01, 0x80, 0x63, 0x09, 0x01, 639 0x80, 0x64, 0x0C, 0x0A, 0x02, 0x01, 0x01, 0x83, 0x0F, 0x09, 0x01, 0x83, 640 0x10, 0x0C, 0x09, 0x03, 0x03, 0x01, 0x01, 0x01, 0x0C, 0xA9, 0x41, 0x01, 641 0x01, 0x0E, 0x02, 0x01, 0x01, 0x04, 0x07, 0x3F, 0x02, 0x01, 0x01, 0x80, 642 0x64, 0x07, 0x3E, 0x02, 0x01, 0x01, 0x83, 0x10, 0x07, 0x3F, 0x2F, 0x15, 643 0x06, 0x03, 0x01, 0x18, 0x09, 0x94, 0x09, 0x7B, 0x25, 0x01, 0x05, 0x14, 644 0x02, 0x03, 0x09, 0x03, 0x03, 0x01, 0x1F, 0x15, 0x01, 0x01, 0x3B, 0xA9, 645 0x02, 0x03, 0x09, 0x41, 0x03, 0x03, 0x01, 0x00, 0x01, 0x17, 0xA9, 0x01, 646 0x9C, 0x10, 0x08, 0x03, 0x02, 0x01, 0x00, 0x01, 0x3B, 0xA9, 0x01, 0x3C, 647 0x08, 0x02, 0x02, 0x09, 0x03, 0x02, 0x01, 0x00, 0x01, 0x3C, 0xA9, 0x02, 648 0x02, 0x09, 0x03, 0x02, 0xBA, 0x25, 0x01, 0x2E, 0x11, 0x06, 0x0D, 0x24, 649 0xBA, 0x25, 0x01, 0x30, 0x01, 0x39, 0x72, 0x06, 0x03, 0x24, 0x04, 0x74, 650 0x01, 0x80, 0x5A, 0x10, 0x06, 0x02, 0x48, 0x28, 0x79, 0x02, 0x03, 0x02, 651 0x02, 0x00, 0x01, 0xBA, 0x7D, 0x01, 0x0A, 0x08, 0x03, 0x00, 0xBA, 0x7D, 652 0x02, 0x00, 0x09, 0x00, 0x02, 0x03, 0x00, 0x03, 0x01, 0xA8, 0x25, 0x02, 653 0x01, 0x02, 0x00, 0x72, 0x05, 0x02, 0x48, 0x28, 0x00, 0x00, 0x34, 0xB3, 654 0x01, 0x02, 0x78, 0x0B, 0xAB, 0x00, 0x03, 0x25, 0x03, 0x00, 0x03, 0x01, 655 0x03, 0x02, 0xAD, 0xBA, 0x25, 0x01, 0x81, 0x00, 0x13, 0x06, 0x02, 0x54, 656 0x28, 0x25, 0x01, 0x00, 0x11, 0x06, 0x0B, 0x24, 0x25, 0x05, 0x04, 0x24, 657 0x01, 0x00, 0x00, 0xBA, 0x04, 0x6F, 0x02, 0x01, 0x25, 0x05, 0x02, 0x50, 658 0x28, 0x41, 0x03, 0x01, 0x02, 0x02, 0x37, 0x02, 0x02, 0x40, 0x03, 0x02, 659 0x25, 0x06, 0x03, 0xBA, 0x04, 0x68, 0x24, 0x02, 0x00, 0x02, 0x01, 0x0A, 660 0x00, 0x01, 0xBA, 0x25, 0x01, 0x81, 0x00, 0x0D, 0x06, 0x01, 0x00, 0x01, 661 0x81, 0x00, 0x0A, 0x25, 0x05, 0x02, 0x4E, 0x28, 0x03, 0x00, 0x01, 0x00, 662 0x02, 0x00, 0x01, 0x00, 0x12, 0x06, 0x19, 0x02, 0x00, 0x41, 0x03, 0x00, 663 0x25, 0x01, 0x83, 0xFF, 0xFF, 0x7F, 0x12, 0x06, 0x02, 0x4F, 0x28, 0x01, 664 0x08, 0x0E, 0x3B, 0xBA, 0x34, 0x09, 0x04, 0x60, 0x00, 0x00, 0xAC, 0x95, 665 0x00, 0x00, 0xAD, 0xC2, 0x00, 0x00, 0xB3, 0x76, 0xAD, 0x00, 0x01, 0xAD, 666 0x25, 0x05, 0x02, 0x54, 0x28, 0xBA, 0x25, 0x01, 0x81, 0x00, 0x13, 0x06, 667 0x02, 0x54, 0x28, 0x03, 0x00, 0x25, 0x06, 0x16, 0xBA, 0x02, 0x00, 0x25, 668 0x01, 0x87, 0xFF, 0xFF, 0x7F, 0x13, 0x06, 0x02, 0x54, 0x28, 0x01, 0x08, 669 0x0E, 0x09, 0x03, 0x00, 0x04, 0x67, 0x24, 0x02, 0x00, 0x00, 0x00, 0xAD, 670 0x25, 0x01, 0x81, 0x7F, 0x12, 0x06, 0x08, 0xC2, 0x01, 0x00, 0x67, 0x37, 671 0x01, 0x00, 0x00, 0x25, 0x67, 0x37, 0x67, 0x40, 0xA5, 0x01, 0x7F, 0x00, 672 0x00, 0xB3, 0x01, 0x0C, 0x30, 0x11, 0x06, 0x05, 0x24, 0x75, 0xB6, 0x04, 673 0x3E, 0x01, 0x12, 0x30, 0x11, 0x06, 0x05, 0x24, 0x75, 0xB7, 0x04, 0x33, 674 0x01, 0x13, 0x30, 0x11, 0x06, 0x05, 0x24, 0x75, 0xB7, 0x04, 0x28, 0x01, 675 0x14, 0x30, 0x11, 0x06, 0x05, 0x24, 0x75, 0xB7, 0x04, 0x1D, 0x01, 0x16, 676 0x30, 0x11, 0x06, 0x05, 0x24, 0x75, 0xB7, 0x04, 0x12, 0x01, 0x1E, 0x30, 677 0x11, 0x06, 0x05, 0x24, 0x75, 0xB5, 0x04, 0x07, 0x42, 0xAE, 0x01, 0x00, 678 0x01, 0x00, 0x24, 0x00, 0x01, 0xBA, 0x03, 0x00, 0x02, 0x00, 0x01, 0x05, 679 0x14, 0x01, 0x01, 0x15, 0x2D, 0x02, 0x00, 0x01, 0x06, 0x14, 0x25, 0x01, 680 0x01, 0x15, 0x06, 0x02, 0x46, 0x28, 0x01, 0x04, 0x0E, 0x02, 0x00, 0x01, 681 0x1F, 0x15, 0x25, 0x01, 0x1F, 0x11, 0x06, 0x02, 0x47, 0x28, 0x09, 0x00, 682 0x00, 0x25, 0x05, 0x05, 0x01, 0x00, 0x01, 0x7F, 0x00, 0xB3, 0x00, 0x01, 683 0xAD, 0x25, 0x05, 0x05, 0x67, 0x37, 0x01, 0x7F, 0x00, 0x01, 0x01, 0x03, 684 0x00, 0x9F, 0x25, 0x01, 0x83, 0xFF, 0x7E, 0x11, 0x06, 0x16, 0x24, 0x25, 685 0x06, 0x10, 0xA0, 0x25, 0x05, 0x05, 0x24, 0xC2, 0x01, 0x00, 0x00, 0x02, 686 0x00, 0x84, 0x03, 0x00, 0x04, 0x6D, 0x04, 0x1B, 0x25, 0x05, 0x05, 0x24, 687 0xC2, 0x01, 0x00, 0x00, 0x02, 0x00, 0x84, 0x03, 0x00, 0x25, 0x06, 0x0B, 688 0x9F, 0x25, 0x05, 0x05, 0x24, 0xC2, 0x01, 0x00, 0x00, 0x04, 0x6D, 0x24, 689 0x02, 0x00, 0x25, 0x05, 0x01, 0x00, 0x41, 0x67, 0x37, 0x01, 0x7F, 0x00, 690 0x01, 0xAD, 0x01, 0x01, 0x03, 0x00, 0x25, 0x06, 0x10, 0xA1, 0x25, 0x05, 691 0x05, 0x24, 0xC2, 0x01, 0x00, 0x00, 0x02, 0x00, 0x84, 0x03, 0x00, 0x04, 692 0x6D, 0x24, 0x02, 0x00, 0x25, 0x05, 0x01, 0x00, 0x41, 0x67, 0x37, 0x01, 693 0x7F, 0x00, 0x01, 0xAD, 0x01, 0x01, 0x03, 0x00, 0x25, 0x06, 0x10, 0xBA, 694 0x25, 0x05, 0x05, 0x24, 0xC2, 0x01, 0x00, 0x00, 0x02, 0x00, 0x84, 0x03, 695 0x00, 0x04, 0x6D, 0x24, 0x02, 0x00, 0x25, 0x05, 0x01, 0x00, 0x41, 0x67, 696 0x37, 0x01, 0x7F, 0x00, 0x00, 0xBA, 0x01, 0x08, 0x0E, 0x3B, 0xBA, 0x34, 697 0x09, 0x00, 0x00, 0xBA, 0x3B, 0xBA, 0x01, 0x08, 0x0E, 0x34, 0x09, 0x00, 698 0x00, 0x25, 0x05, 0x02, 0x4F, 0x28, 0x41, 0xBB, 0x00, 0x00, 0x32, 0x25, 699 0x01, 0x00, 0x13, 0x06, 0x01, 0x00, 0x24, 0x19, 0x04, 0x74, 0x00, 0x01, 700 0x01, 0x00, 0x00, 0x01, 0x0B, 0x00, 0x00, 0x01, 0x15, 0x00, 0x00, 0x01, 701 0x1F, 0x00, 0x00, 0x01, 0x29, 0x00, 0x00, 0x01, 0x33, 0x00, 0x00, 0xC3, 702 0x24, 0x00, 0x00, 0x25, 0x06, 0x07, 0xC4, 0x25, 0x06, 0x01, 0x19, 0x04, 703 0x76, 0x00, 0x00, 0x01, 0x00, 0x30, 0x31, 0x0B, 0x42, 0x00, 0x00, 0x01, 704 0x81, 0x70, 0x00, 0x00, 0x01, 0x82, 0x0D, 0x00, 0x00, 0x01, 0x82, 0x22, 705 0x00, 0x00, 0x01, 0x82, 0x05, 0x00, 0x00, 0x01, 0x03, 0x33, 0x01, 0x03, 706 0x33, 0x00, 0x00, 0x25, 0x01, 0x83, 0xFB, 0x50, 0x01, 0x83, 0xFD, 0x5F, 707 0x72, 0x06, 0x04, 0x24, 0x01, 0x00, 0x00, 0x25, 0x01, 0x83, 0xB0, 0x00, 708 0x01, 0x83, 0xBF, 0x7F, 0x72, 0x06, 0x04, 0x24, 0x01, 0x00, 0x00, 0x01, 709 0x83, 0xFF, 0x7F, 0x15, 0x01, 0x83, 0xFF, 0x7E, 0x0D, 0x00 710 }; 711 712 static const uint16_t t0_caddr[] = { 713 0, 714 5, 715 10, 716 15, 717 20, 718 25, 719 29, 720 33, 721 37, 722 41, 723 45, 724 49, 725 53, 726 57, 727 61, 728 65, 729 69, 730 73, 731 77, 732 81, 733 85, 734 89, 735 93, 736 97, 737 101, 738 105, 739 109, 740 113, 741 117, 742 121, 743 125, 744 130, 745 135, 746 140, 747 145, 748 150, 749 155, 750 160, 751 165, 752 173, 753 178, 754 183, 755 188, 756 193, 757 198, 758 202, 759 207, 760 212, 761 217, 762 238, 763 243, 764 248, 765 253, 766 282, 767 297, 768 302, 769 308, 770 314, 771 319, 772 327, 773 335, 774 341, 775 346, 776 357, 777 992, 778 1007, 779 1011, 780 1016, 781 1021, 782 1026, 783 1031, 784 1036, 785 1150, 786 1155, 787 1167, 788 1172, 789 1177, 790 1182, 791 1186, 792 1191, 793 1196, 794 1201, 795 1206, 796 1216, 797 1221, 798 1226, 799 1238, 800 1253, 801 1258, 802 1272, 803 1294, 804 1305, 805 1408, 806 1455, 807 1488, 808 1579, 809 1585, 810 1648, 811 1655, 812 1683, 813 1711, 814 1816, 815 1858, 816 1871, 817 1883, 818 1897, 819 1912, 820 2132, 821 2146, 822 2163, 823 2172, 824 2239, 825 2295, 826 2299, 827 2303, 828 2308, 829 2356, 830 2382, 831 2458, 832 2502, 833 2513, 834 2598, 835 2636, 836 2674, 837 2684, 838 2694, 839 2703, 840 2716, 841 2720, 842 2724, 843 2728, 844 2732, 845 2736, 846 2740, 847 2744, 848 2756, 849 2764, 850 2769, 851 2774, 852 2779, 853 2784, 854 2792 855 }; 856 857 #define T0_INTERPRETED 61 858 859 #define T0_ENTER(ip, rp, slot) do { \ 860 const unsigned char *t0_newip; \ 861 uint32_t t0_lnum; \ 862 t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \ 863 t0_lnum = t0_parse7E_unsigned(&t0_newip); \ 864 (rp) += t0_lnum; \ 865 *((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \ 866 (ip) = t0_newip; \ 867 } while (0) 868 869 #define T0_DEFENTRY(name, slot) \ 870 void \ 871 name(void *ctx) \ 872 { \ 873 t0_context *t0ctx = ctx; \ 874 t0ctx->ip = &t0_codeblock[0]; \ 875 T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \ 876 } 877 878 T0_DEFENTRY(br_x509_minimal_init_main, 147) 879 880 #define T0_NEXT(t0ipp) (*(*(t0ipp)) ++) 881 882 void 883 br_x509_minimal_run(void *t0ctx) 884 { 885 uint32_t *dp, *rp; 886 const unsigned char *ip; 887 888 #define T0_LOCAL(x) (*(rp - 2 - (x))) 889 #define T0_POP() (*-- dp) 890 #define T0_POPi() (*(int32_t *)(-- dp)) 891 #define T0_PEEK(x) (*(dp - 1 - (x))) 892 #define T0_PEEKi(x) (*(int32_t *)(dp - 1 - (x))) 893 #define T0_PUSH(v) do { *dp = (v); dp ++; } while (0) 894 #define T0_PUSHi(v) do { *(int32_t *)dp = (v); dp ++; } while (0) 895 #define T0_RPOP() (*-- rp) 896 #define T0_RPOPi() (*(int32_t *)(-- rp)) 897 #define T0_RPUSH(v) do { *rp = (v); rp ++; } while (0) 898 #define T0_RPUSHi(v) do { *(int32_t *)rp = (v); rp ++; } while (0) 899 #define T0_ROLL(x) do { \ 900 size_t t0len = (size_t)(x); \ 901 uint32_t t0tmp = *(dp - 1 - t0len); \ 902 memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \ 903 *(dp - 1) = t0tmp; \ 904 } while (0) 905 #define T0_SWAP() do { \ 906 uint32_t t0tmp = *(dp - 2); \ 907 *(dp - 2) = *(dp - 1); \ 908 *(dp - 1) = t0tmp; \ 909 } while (0) 910 #define T0_ROT() do { \ 911 uint32_t t0tmp = *(dp - 3); \ 912 *(dp - 3) = *(dp - 2); \ 913 *(dp - 2) = *(dp - 1); \ 914 *(dp - 1) = t0tmp; \ 915 } while (0) 916 #define T0_NROT() do { \ 917 uint32_t t0tmp = *(dp - 1); \ 918 *(dp - 1) = *(dp - 2); \ 919 *(dp - 2) = *(dp - 3); \ 920 *(dp - 3) = t0tmp; \ 921 } while (0) 922 #define T0_PICK(x) do { \ 923 uint32_t t0depth = (x); \ 924 T0_PUSH(T0_PEEK(t0depth)); \ 925 } while (0) 926 #define T0_CO() do { \ 927 goto t0_exit; \ 928 } while (0) 929 #define T0_RET() goto t0_next 930 931 dp = ((t0_context *)t0ctx)->dp; 932 rp = ((t0_context *)t0ctx)->rp; 933 ip = ((t0_context *)t0ctx)->ip; 934 goto t0_next; 935 for (;;) { 936 uint32_t t0x; 937 938 t0_next: 939 t0x = T0_NEXT(&ip); 940 if (t0x < T0_INTERPRETED) { 941 switch (t0x) { 942 int32_t t0off; 943 944 case 0: /* ret */ 945 t0x = T0_RPOP(); 946 rp -= (t0x >> 16); 947 t0x &= 0xFFFF; 948 if (t0x == 0) { 949 ip = NULL; 950 goto t0_exit; 951 } 952 ip = &t0_codeblock[t0x]; 953 break; 954 case 1: /* literal constant */ 955 T0_PUSHi(t0_parse7E_signed(&ip)); 956 break; 957 case 2: /* read local */ 958 T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip))); 959 break; 960 case 3: /* write local */ 961 T0_LOCAL(t0_parse7E_unsigned(&ip)) = T0_POP(); 962 break; 963 case 4: /* jump */ 964 t0off = t0_parse7E_signed(&ip); 965 ip += t0off; 966 break; 967 case 5: /* jump if */ 968 t0off = t0_parse7E_signed(&ip); 969 if (T0_POP()) { 970 ip += t0off; 971 } 972 break; 973 case 6: /* jump if not */ 974 t0off = t0_parse7E_signed(&ip); 975 if (!T0_POP()) { 976 ip += t0off; 977 } 978 break; 979 case 7: { 980 /* %25 */ 981 982 int32_t b = T0_POPi(); 983 int32_t a = T0_POPi(); 984 T0_PUSHi(a % b); 985 986 } 987 break; 988 case 8: { 989 /* * */ 990 991 uint32_t b = T0_POP(); 992 uint32_t a = T0_POP(); 993 T0_PUSH(a * b); 994 995 } 996 break; 997 case 9: { 998 /* + */ 999 1000 uint32_t b = T0_POP(); 1001 uint32_t a = T0_POP(); 1002 T0_PUSH(a + b); 1003 1004 } 1005 break; 1006 case 10: { 1007 /* - */ 1008 1009 uint32_t b = T0_POP(); 1010 uint32_t a = T0_POP(); 1011 T0_PUSH(a - b); 1012 1013 } 1014 break; 1015 case 11: { 1016 /* -rot */ 1017 T0_NROT(); 1018 } 1019 break; 1020 case 12: { 1021 /* / */ 1022 1023 int32_t b = T0_POPi(); 1024 int32_t a = T0_POPi(); 1025 T0_PUSHi(a / b); 1026 1027 } 1028 break; 1029 case 13: { 1030 /* < */ 1031 1032 int32_t b = T0_POPi(); 1033 int32_t a = T0_POPi(); 1034 T0_PUSH(-(uint32_t)(a < b)); 1035 1036 } 1037 break; 1038 case 14: { 1039 /* << */ 1040 1041 int c = (int)T0_POPi(); 1042 uint32_t x = T0_POP(); 1043 T0_PUSH(x << c); 1044 1045 } 1046 break; 1047 case 15: { 1048 /* <= */ 1049 1050 int32_t b = T0_POPi(); 1051 int32_t a = T0_POPi(); 1052 T0_PUSH(-(uint32_t)(a <= b)); 1053 1054 } 1055 break; 1056 case 16: { 1057 /* <> */ 1058 1059 uint32_t b = T0_POP(); 1060 uint32_t a = T0_POP(); 1061 T0_PUSH(-(uint32_t)(a != b)); 1062 1063 } 1064 break; 1065 case 17: { 1066 /* = */ 1067 1068 uint32_t b = T0_POP(); 1069 uint32_t a = T0_POP(); 1070 T0_PUSH(-(uint32_t)(a == b)); 1071 1072 } 1073 break; 1074 case 18: { 1075 /* > */ 1076 1077 int32_t b = T0_POPi(); 1078 int32_t a = T0_POPi(); 1079 T0_PUSH(-(uint32_t)(a > b)); 1080 1081 } 1082 break; 1083 case 19: { 1084 /* >= */ 1085 1086 int32_t b = T0_POPi(); 1087 int32_t a = T0_POPi(); 1088 T0_PUSH(-(uint32_t)(a >= b)); 1089 1090 } 1091 break; 1092 case 20: { 1093 /* >> */ 1094 1095 int c = (int)T0_POPi(); 1096 int32_t x = T0_POPi(); 1097 T0_PUSHi(x >> c); 1098 1099 } 1100 break; 1101 case 21: { 1102 /* and */ 1103 1104 uint32_t b = T0_POP(); 1105 uint32_t a = T0_POP(); 1106 T0_PUSH(a & b); 1107 1108 } 1109 break; 1110 case 22: { 1111 /* blobcopy */ 1112 1113 size_t len = T0_POP(); 1114 unsigned char *src = (unsigned char *)CTX + T0_POP(); 1115 unsigned char *dst = (unsigned char *)CTX + T0_POP(); 1116 memcpy(dst, src, len); 1117 1118 } 1119 break; 1120 case 23: { 1121 /* check-direct-trust */ 1122 1123 size_t u; 1124 1125 for (u = 0; u < CTX->trust_anchors_num; u ++) { 1126 const br_x509_trust_anchor *ta; 1127 unsigned char hashed_DN[64]; 1128 int kt; 1129 1130 ta = &CTX->trust_anchors[u]; 1131 if (ta->flags & BR_X509_TA_CA) { 1132 continue; 1133 } 1134 hash_dn(CTX, ta->dn.data, ta->dn.len, hashed_DN); 1135 if (memcmp(hashed_DN, CTX->current_dn_hash, DNHASH_LEN)) { 1136 continue; 1137 } 1138 kt = CTX->pkey.key_type; 1139 if ((ta->pkey.key_type & 0x0F) != kt) { 1140 continue; 1141 } 1142 switch (kt) { 1143 1144 case BR_KEYTYPE_RSA: 1145 if (!eqbigint(CTX->pkey.key.rsa.n, 1146 CTX->pkey.key.rsa.nlen, 1147 ta->pkey.key.rsa.n, 1148 ta->pkey.key.rsa.nlen) 1149 || !eqbigint(CTX->pkey.key.rsa.e, 1150 CTX->pkey.key.rsa.elen, 1151 ta->pkey.key.rsa.e, 1152 ta->pkey.key.rsa.elen)) 1153 { 1154 continue; 1155 } 1156 break; 1157 1158 case BR_KEYTYPE_EC: 1159 if (CTX->pkey.key.ec.curve != ta->pkey.key.ec.curve 1160 || CTX->pkey.key.ec.qlen != ta->pkey.key.ec.qlen 1161 || memcmp(CTX->pkey.key.ec.q, 1162 ta->pkey.key.ec.q, 1163 ta->pkey.key.ec.qlen) != 0) 1164 { 1165 continue; 1166 } 1167 break; 1168 1169 default: 1170 continue; 1171 } 1172 1173 /* 1174 * Direct trust match! 1175 */ 1176 CTX->err = BR_ERR_X509_OK; 1177 T0_CO(); 1178 } 1179 1180 } 1181 break; 1182 case 24: { 1183 /* check-trust-anchor-CA */ 1184 1185 size_t u; 1186 1187 for (u = 0; u < CTX->trust_anchors_num; u ++) { 1188 const br_x509_trust_anchor *ta; 1189 unsigned char hashed_DN[64]; 1190 1191 ta = &CTX->trust_anchors[u]; 1192 if (!(ta->flags & BR_X509_TA_CA)) { 1193 continue; 1194 } 1195 hash_dn(CTX, ta->dn.data, ta->dn.len, hashed_DN); 1196 if (memcmp(hashed_DN, CTX->saved_dn_hash, DNHASH_LEN)) { 1197 continue; 1198 } 1199 if (verify_signature(CTX, &ta->pkey) == 0) { 1200 CTX->err = BR_ERR_X509_OK; 1201 T0_CO(); 1202 } 1203 } 1204 1205 } 1206 break; 1207 case 25: { 1208 /* co */ 1209 T0_CO(); 1210 } 1211 break; 1212 case 26: { 1213 /* compute-dn-hash */ 1214 1215 CTX->dn_hash_impl->out(&CTX->dn_hash.vtable, CTX->current_dn_hash); 1216 CTX->do_dn_hash = 0; 1217 1218 } 1219 break; 1220 case 27: { 1221 /* compute-tbs-hash */ 1222 1223 int id = T0_POPi(); 1224 size_t len; 1225 len = br_multihash_out(&CTX->mhash, id, CTX->tbs_hash); 1226 T0_PUSH(len); 1227 1228 } 1229 break; 1230 case 28: { 1231 /* copy-ee-ec-pkey */ 1232 1233 size_t qlen = T0_POP(); 1234 uint32_t curve = T0_POP(); 1235 memcpy(CTX->ee_pkey_data, CTX->pkey_data, qlen); 1236 CTX->pkey.key_type = BR_KEYTYPE_EC; 1237 CTX->pkey.key.ec.curve = curve; 1238 CTX->pkey.key.ec.q = CTX->ee_pkey_data; 1239 CTX->pkey.key.ec.qlen = qlen; 1240 1241 } 1242 break; 1243 case 29: { 1244 /* copy-ee-rsa-pkey */ 1245 1246 size_t elen = T0_POP(); 1247 size_t nlen = T0_POP(); 1248 memcpy(CTX->ee_pkey_data, CTX->pkey_data, nlen + elen); 1249 CTX->pkey.key_type = BR_KEYTYPE_RSA; 1250 CTX->pkey.key.rsa.n = CTX->ee_pkey_data; 1251 CTX->pkey.key.rsa.nlen = nlen; 1252 CTX->pkey.key.rsa.e = CTX->ee_pkey_data + nlen; 1253 CTX->pkey.key.rsa.elen = elen; 1254 1255 } 1256 break; 1257 case 30: { 1258 /* copy-name-SAN */ 1259 1260 unsigned tag = T0_POP(); 1261 unsigned ok = T0_POP(); 1262 size_t u, len; 1263 1264 len = CTX->pad[0]; 1265 for (u = 0; u < CTX->num_name_elts; u ++) { 1266 br_name_element *ne; 1267 1268 ne = &CTX->name_elts[u]; 1269 if (ne->status == 0 && ne->oid[0] == 0 && ne->oid[1] == tag) { 1270 if (ok && ne->len > len) { 1271 memcpy(ne->buf, CTX->pad + 1, len); 1272 ne->buf[len] = 0; 1273 ne->status = 1; 1274 } else { 1275 ne->status = -1; 1276 } 1277 break; 1278 } 1279 } 1280 1281 } 1282 break; 1283 case 31: { 1284 /* copy-name-element */ 1285 1286 size_t len; 1287 int32_t off = T0_POPi(); 1288 int ok = T0_POPi(); 1289 1290 if (off >= 0) { 1291 br_name_element *ne = &CTX->name_elts[off]; 1292 1293 if (ok) { 1294 len = CTX->pad[0]; 1295 if (len < ne->len) { 1296 memcpy(ne->buf, CTX->pad + 1, len); 1297 ne->buf[len] = 0; 1298 ne->status = 1; 1299 } else { 1300 ne->status = -1; 1301 } 1302 } else { 1303 ne->status = -1; 1304 } 1305 } 1306 1307 } 1308 break; 1309 case 32: { 1310 /* data-get8 */ 1311 1312 size_t addr = T0_POP(); 1313 T0_PUSH(t0_datablock[addr]); 1314 1315 } 1316 break; 1317 case 33: { 1318 /* dn-hash-length */ 1319 1320 T0_PUSH(DNHASH_LEN); 1321 1322 } 1323 break; 1324 case 34: { 1325 /* do-ecdsa-vrfy */ 1326 1327 size_t qlen = T0_POP(); 1328 int curve = T0_POP(); 1329 br_x509_pkey pk; 1330 1331 pk.key_type = BR_KEYTYPE_EC; 1332 pk.key.ec.curve = curve; 1333 pk.key.ec.q = CTX->pkey_data; 1334 pk.key.ec.qlen = qlen; 1335 T0_PUSH(verify_signature(CTX, &pk)); 1336 1337 } 1338 break; 1339 case 35: { 1340 /* do-rsa-vrfy */ 1341 1342 size_t elen = T0_POP(); 1343 size_t nlen = T0_POP(); 1344 br_x509_pkey pk; 1345 1346 pk.key_type = BR_KEYTYPE_RSA; 1347 pk.key.rsa.n = CTX->pkey_data; 1348 pk.key.rsa.nlen = nlen; 1349 pk.key.rsa.e = CTX->pkey_data + nlen; 1350 pk.key.rsa.elen = elen; 1351 T0_PUSH(verify_signature(CTX, &pk)); 1352 1353 } 1354 break; 1355 case 36: { 1356 /* drop */ 1357 (void)T0_POP(); 1358 } 1359 break; 1360 case 37: { 1361 /* dup */ 1362 T0_PUSH(T0_PEEK(0)); 1363 } 1364 break; 1365 case 38: { 1366 /* eqOID */ 1367 1368 const unsigned char *a2 = &t0_datablock[T0_POP()]; 1369 const unsigned char *a1 = &CTX->pad[0]; 1370 size_t len = a1[0]; 1371 int x; 1372 if (len == a2[0]) { 1373 x = -(memcmp(a1 + 1, a2 + 1, len) == 0); 1374 } else { 1375 x = 0; 1376 } 1377 T0_PUSH((uint32_t)x); 1378 1379 } 1380 break; 1381 case 39: { 1382 /* eqblob */ 1383 1384 size_t len = T0_POP(); 1385 const unsigned char *a2 = (const unsigned char *)CTX + T0_POP(); 1386 const unsigned char *a1 = (const unsigned char *)CTX + T0_POP(); 1387 T0_PUSHi(-(memcmp(a1, a2, len) == 0)); 1388 1389 } 1390 break; 1391 case 40: { 1392 /* fail */ 1393 1394 CTX->err = T0_POPi(); 1395 T0_CO(); 1396 1397 } 1398 break; 1399 case 41: { 1400 /* get-system-date */ 1401 1402 if (CTX->days == 0 && CTX->seconds == 0) { 1403 #if BR_USE_UNIX_TIME 1404 time_t x = time(NULL); 1405 1406 T0_PUSH((uint32_t)(x / 86400) + 719528); 1407 T0_PUSH((uint32_t)(x % 86400)); 1408 #elif BR_USE_WIN32_TIME 1409 FILETIME ft; 1410 uint64_t x; 1411 1412 GetSystemTimeAsFileTime(&ft); 1413 x = ((uint64_t)ft.dwHighDateTime << 32) 1414 + (uint64_t)ft.dwLowDateTime; 1415 x = (x / 10000000); 1416 T0_PUSH((uint32_t)(x / 86400) + 584754); 1417 T0_PUSH((uint32_t)(x % 86400)); 1418 #else 1419 CTX->err = BR_ERR_X509_TIME_UNKNOWN; 1420 T0_CO(); 1421 #endif 1422 } else { 1423 T0_PUSH(CTX->days); 1424 T0_PUSH(CTX->seconds); 1425 } 1426 1427 } 1428 break; 1429 case 42: { 1430 /* get16 */ 1431 1432 uint32_t addr = T0_POP(); 1433 T0_PUSH(*(uint16_t *)(void *)((unsigned char *)CTX + addr)); 1434 1435 } 1436 break; 1437 case 43: { 1438 /* get32 */ 1439 1440 uint32_t addr = T0_POP(); 1441 T0_PUSH(*(uint32_t *)(void *)((unsigned char *)CTX + addr)); 1442 1443 } 1444 break; 1445 case 44: { 1446 /* match-server-name */ 1447 1448 size_t n1, n2; 1449 1450 if (CTX->server_name == NULL) { 1451 T0_PUSH(0); 1452 T0_RET(); 1453 } 1454 n1 = strlen(CTX->server_name); 1455 n2 = CTX->pad[0]; 1456 if (n1 == n2 && eqnocase(&CTX->pad[1], CTX->server_name, n1)) { 1457 T0_PUSHi(-1); 1458 T0_RET(); 1459 } 1460 if (n2 >= 2 && CTX->pad[1] == '*' && CTX->pad[2] == '.') { 1461 size_t u; 1462 1463 u = 0; 1464 while (u < n1 && CTX->server_name[u] != '.') { 1465 u ++; 1466 } 1467 u ++; 1468 n1 -= u; 1469 if ((n2 - 2) == n1 1470 && eqnocase(&CTX->pad[3], CTX->server_name + u, n1)) 1471 { 1472 T0_PUSHi(-1); 1473 T0_RET(); 1474 } 1475 } 1476 T0_PUSH(0); 1477 1478 } 1479 break; 1480 case 45: { 1481 /* neg */ 1482 1483 uint32_t a = T0_POP(); 1484 T0_PUSH(-a); 1485 1486 } 1487 break; 1488 case 46: { 1489 /* offset-name-element */ 1490 1491 unsigned san = T0_POP(); 1492 size_t u; 1493 1494 for (u = 0; u < CTX->num_name_elts; u ++) { 1495 if (CTX->name_elts[u].status == 0) { 1496 const unsigned char *oid; 1497 size_t len, off; 1498 1499 oid = CTX->name_elts[u].oid; 1500 if (san) { 1501 if (oid[0] != 0 || oid[1] != 0) { 1502 continue; 1503 } 1504 off = 2; 1505 } else { 1506 off = 0; 1507 } 1508 len = oid[off]; 1509 if (len != 0 && len == CTX->pad[0] 1510 && memcmp(oid + off + 1, 1511 CTX->pad + 1, len) == 0) 1512 { 1513 T0_PUSH(u); 1514 T0_RET(); 1515 } 1516 } 1517 } 1518 T0_PUSHi(-1); 1519 1520 } 1521 break; 1522 case 47: { 1523 /* or */ 1524 1525 uint32_t b = T0_POP(); 1526 uint32_t a = T0_POP(); 1527 T0_PUSH(a | b); 1528 1529 } 1530 break; 1531 case 48: { 1532 /* over */ 1533 T0_PUSH(T0_PEEK(1)); 1534 } 1535 break; 1536 case 49: { 1537 /* read-blob-inner */ 1538 1539 uint32_t len = T0_POP(); 1540 uint32_t addr = T0_POP(); 1541 size_t clen = CTX->hlen; 1542 if (clen > len) { 1543 clen = (size_t)len; 1544 } 1545 if (addr != 0) { 1546 memcpy((unsigned char *)CTX + addr, CTX->hbuf, clen); 1547 } 1548 if (CTX->do_mhash) { 1549 br_multihash_update(&CTX->mhash, CTX->hbuf, clen); 1550 } 1551 if (CTX->do_dn_hash) { 1552 CTX->dn_hash_impl->update( 1553 &CTX->dn_hash.vtable, CTX->hbuf, clen); 1554 } 1555 CTX->hbuf += clen; 1556 CTX->hlen -= clen; 1557 T0_PUSH(addr + clen); 1558 T0_PUSH(len - clen); 1559 1560 } 1561 break; 1562 case 50: { 1563 /* read8-low */ 1564 1565 if (CTX->hlen == 0) { 1566 T0_PUSHi(-1); 1567 } else { 1568 unsigned char x = *CTX->hbuf ++; 1569 if (CTX->do_mhash) { 1570 br_multihash_update(&CTX->mhash, &x, 1); 1571 } 1572 if (CTX->do_dn_hash) { 1573 CTX->dn_hash_impl->update(&CTX->dn_hash.vtable, &x, 1); 1574 } 1575 CTX->hlen --; 1576 T0_PUSH(x); 1577 } 1578 1579 } 1580 break; 1581 case 51: { 1582 /* roll */ 1583 T0_ROLL(T0_POP()); 1584 } 1585 break; 1586 case 52: { 1587 /* rot */ 1588 T0_ROT(); 1589 } 1590 break; 1591 case 53: { 1592 /* set16 */ 1593 1594 uint32_t addr = T0_POP(); 1595 *(uint16_t *)(void *)((unsigned char *)CTX + addr) = T0_POP(); 1596 1597 } 1598 break; 1599 case 54: { 1600 /* set32 */ 1601 1602 uint32_t addr = T0_POP(); 1603 *(uint32_t *)(void *)((unsigned char *)CTX + addr) = T0_POP(); 1604 1605 } 1606 break; 1607 case 55: { 1608 /* set8 */ 1609 1610 uint32_t addr = T0_POP(); 1611 *((unsigned char *)CTX + addr) = (unsigned char)T0_POP(); 1612 1613 } 1614 break; 1615 case 56: { 1616 /* start-dn-hash */ 1617 1618 CTX->dn_hash_impl->init(&CTX->dn_hash.vtable); 1619 CTX->do_dn_hash = 1; 1620 1621 } 1622 break; 1623 case 57: { 1624 /* start-tbs-hash */ 1625 1626 br_multihash_init(&CTX->mhash); 1627 CTX->do_mhash = 1; 1628 1629 } 1630 break; 1631 case 58: { 1632 /* stop-tbs-hash */ 1633 1634 CTX->do_mhash = 0; 1635 1636 } 1637 break; 1638 case 59: { 1639 /* swap */ 1640 T0_SWAP(); 1641 } 1642 break; 1643 case 60: { 1644 /* zero-server-name */ 1645 1646 T0_PUSHi(-(CTX->server_name == NULL)); 1647 1648 } 1649 break; 1650 } 1651 1652 } else { 1653 T0_ENTER(ip, rp, t0x); 1654 } 1655 } 1656 t0_exit: 1657 ((t0_context *)t0ctx)->dp = dp; 1658 ((t0_context *)t0ctx)->rp = rp; 1659 ((t0_context *)t0ctx)->ip = ip; 1660 } 1661 1662 1663 1664 /* 1665 * Verify the signature on the certificate with the provided public key. 1666 * This function checks the public key type with regards to the expected 1667 * type. Returned value is either 0 on success, or a non-zero error code. 1668 */ 1669 static int 1670 verify_signature(br_x509_minimal_context *ctx, const br_x509_pkey *pk) 1671 { 1672 int kt; 1673 1674 kt = ctx->cert_signer_key_type; 1675 if ((pk->key_type & 0x0F) != kt) { 1676 return BR_ERR_X509_WRONG_KEY_TYPE; 1677 } 1678 switch (kt) { 1679 unsigned char tmp[64]; 1680 1681 case BR_KEYTYPE_RSA: 1682 if (ctx->irsa == 0) { 1683 return BR_ERR_X509_UNSUPPORTED; 1684 } 1685 if (!ctx->irsa(ctx->cert_sig, ctx->cert_sig_len, 1686 &t0_datablock[ctx->cert_sig_hash_oid], 1687 ctx->cert_sig_hash_len, &pk->key.rsa, tmp)) 1688 { 1689 return BR_ERR_X509_BAD_SIGNATURE; 1690 } 1691 if (memcmp(ctx->tbs_hash, tmp, ctx->cert_sig_hash_len) != 0) { 1692 return BR_ERR_X509_BAD_SIGNATURE; 1693 } 1694 return 0; 1695 1696 case BR_KEYTYPE_EC: 1697 if (ctx->iecdsa == 0) { 1698 return BR_ERR_X509_UNSUPPORTED; 1699 } 1700 if (!ctx->iecdsa(ctx->iec, ctx->tbs_hash, 1701 ctx->cert_sig_hash_len, &pk->key.ec, 1702 ctx->cert_sig, ctx->cert_sig_len)) 1703 { 1704 return BR_ERR_X509_BAD_SIGNATURE; 1705 } 1706 return 0; 1707 1708 default: 1709 return BR_ERR_X509_UNSUPPORTED; 1710 } 1711 } 1712 1713 1714