From patchwork Wed Dec 4 00:06:49 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Richter X-Patchwork-Id: 1203930 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 47SK3G6VdTz9s4Y for ; Wed, 4 Dec 2019 11:09:30 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.ibm.com Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 47SK3G4fcVzDqQh for ; Wed, 4 Dec 2019 11:09:30 +1100 (AEDT) X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=linux.ibm.com (client-ip=148.163.156.1; helo=mx0a-001b2d01.pphosted.com; envelope-from=erichte@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=linux.ibm.com Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 47SK0c2m9hzDqSD for ; Wed, 4 Dec 2019 11:07:12 +1100 (AEDT) Received: from pps.filterd (m0098394.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id xB3NWFYP005758 for ; Tue, 3 Dec 2019 19:07:10 -0500 Received: from e06smtp01.uk.ibm.com (e06smtp01.uk.ibm.com [195.75.94.97]) by mx0a-001b2d01.pphosted.com with ESMTP id 2wn3pedp7t-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 03 Dec 2019 19:07:09 -0500 Received: from localhost by e06smtp01.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Wed, 4 Dec 2019 00:07:07 -0000 Received: from b06cxnps4075.portsmouth.uk.ibm.com (9.149.109.197) by e06smtp01.uk.ibm.com (192.168.101.131) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Wed, 4 Dec 2019 00:07:06 -0000 Received: from d06av23.portsmouth.uk.ibm.com (d06av23.portsmouth.uk.ibm.com [9.149.105.59]) by b06cxnps4075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id xB4073we56426590 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 4 Dec 2019 00:07:03 GMT Received: from d06av23.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 03CFFA404D; Wed, 4 Dec 2019 00:07:03 +0000 (GMT) Received: from d06av23.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 79CA0A4051; Wed, 4 Dec 2019 00:07:01 +0000 (GMT) Received: from ceres.ibmuc.com (unknown [9.80.225.147]) by d06av23.portsmouth.uk.ibm.com (Postfix) with ESMTP; Wed, 4 Dec 2019 00:07:01 +0000 (GMT) From: Eric Richter To: skiboot@lists.ozlabs.org Date: Tue, 3 Dec 2019 18:06:49 -0600 X-Mailer: git-send-email 2.21.0 In-Reply-To: <20191204000650.28649-1-erichte@linux.ibm.com> References: <20191204000650.28649-1-erichte@linux.ibm.com> MIME-Version: 1.0 X-TM-AS-GCONF: 00 x-cbid: 19120400-4275-0000-0000-0000038AC493 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 19120400-4276-0000-0000-0000389E646D Message-Id: <20191204000650.28649-7-erichte@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.95, 18.0.572 definitions=2019-12-03_07:2019-12-02, 2019-12-03 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 priorityscore=1501 mlxscore=0 adultscore=0 impostorscore=0 suspectscore=0 bulkscore=0 lowpriorityscore=0 spamscore=0 clxscore=1015 mlxlogscore=999 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-1910280000 definitions=main-1912030171 Subject: [Skiboot] [PATCH 6/7] secvar/backend: add edk2 derived key updates processing X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nayna@linux.ibm.com, gcwilson@linux.ibm.com, erpalmer@us.ibm.com Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" From: Nayna Jain As part of secureboot key management, the scheme for key updates processing is derived from tianocore reference implementation[1]. This includes the verification of key updates signed in the form of PKCS7 structure. This patch adds the PKCS7 verification support for the signed updates processed by the user. It also adds the preprocessing code which initializes the empty non-volatile variables. This patch is still a work-in-progress, for example. it still needs to add the support for any additional post-processing steps and better failure handling. V2: - fixed memcpy based on sizeof(keylen) rather than the value - added version and compatible values to driver struct - renamed to edk2-compat V4: - added draft document for general concepts - stores PK in the tpm - empty variables don't attempt to preallocate space - many malloc->zalloc changes - removed hard coded example variables - removed most printfs, converted some to prlog - updated for new pkcs7 implementation - removed unnecessary "SecureBoot", and "SecureMode" variables, handled by devtree entry [1] https://github.com/tianocore/edk2-staging.git Signed-off-by: Nayna Jain Signed-off-by: Eric Richter --- doc/secvar/edk2.rst | 49 ++ include/secvar.h | 1 + libstb/secvar/backend/Makefile.inc | 4 +- libstb/secvar/backend/edk2-compat.c | 667 ++++++++++++++++ libstb/secvar/backend/edk2.h | 243 ++++++ libstb/secvar/test/Makefile.check | 6 +- libstb/secvar/test/edk2_test_data.h | 764 +++++++++++++++++++ libstb/secvar/test/secvar-test-edk2-compat.c | 260 +++++++ libstb/secvar/test/secvar_common_test.c | 2 + 9 files changed, 1992 insertions(+), 4 deletions(-) create mode 100644 doc/secvar/edk2.rst create mode 100644 libstb/secvar/backend/edk2-compat.c create mode 100644 libstb/secvar/backend/edk2.h create mode 100644 libstb/secvar/test/edk2_test_data.h create mode 100644 libstb/secvar/test/secvar-test-edk2-compat.c diff --git a/doc/secvar/edk2.rst b/doc/secvar/edk2.rst new file mode 100644 index 00000000..e0c29457 --- /dev/null +++ b/doc/secvar/edk2.rst @@ -0,0 +1,49 @@ +.. _secvar/edk2: + +Skiboot edk2-compatible Secure Variable Backend +=============================================== + +Overview +-------- + +The edk2 secure variable backend for skiboot borrows from edk2 concepts +such as the three key hierarchy (PK, KEK, and db), and a similar +structure. In general, variable updates must be signed with a key +of a higher level. So, updates to the db must be signed with a key stored +in the KEK; updates to the KEK must be signed with the PK. Updates to the +PK must be signed with the previous PK (if any). + +Variables are stored in the efi signature list format, and updates are a +signed variant that includes an authentication header. + +If no PK is currently enrolled, the system is considered to be in "Setup +Mode". Any key can be enrolled without signature checks. However, once a +PK is enrolled, the system switches to "User Mode", and each update must +now be signed according to the hierarchy. Furthermore, when in "User +Mode", the backend initialized the ``os-secure-mode`` device tree flag, +signaling to the kernel that we are in secure mode. + +Updates are processed sequentially, in the order that they were provided +in the update queue. If any update fails to validate, appears to be +malformed, or any other error occurs, NO updates will not be applied. +This includes updates that may have successfully applied prior to the +error. The system will continue in an error state, reporting the error +reason via the ``update-status`` device tree property. + +P9 Special Case for the Platform Key +------------------------------------ + +Due to the powerful nature of the platform key and the lack of lockable +flash, the edk2 backend will store the PK in TPM NV rather than PNOR on +P9 systems. (TODO expand on this) + +Update Status Return Codes +-------------------------- + +TODO, edk2 driver needs to actually return these properly first + + +Device Tree Bindings +-------------------- + +TODO diff --git a/include/secvar.h b/include/secvar.h index 2875c700..8b701e00 100644 --- a/include/secvar.h +++ b/include/secvar.h @@ -24,6 +24,7 @@ struct secvar_backend_driver { }; extern struct secvar_storage_driver secboot_tpm_driver; +extern struct secvar_backend_driver edk2_compatible_v1; int secvar_main(struct secvar_storage_driver, struct secvar_backend_driver); diff --git a/libstb/secvar/backend/Makefile.inc b/libstb/secvar/backend/Makefile.inc index cc1a49fa..1c1896ab 100644 --- a/libstb/secvar/backend/Makefile.inc +++ b/libstb/secvar/backend/Makefile.inc @@ -1,11 +1,11 @@ # SPDX-License-Identifier: Apache-2.0 # -*-Makefile-*- -SECVAR_BACKEND_DIR = libstb/secvar/backend +SECVAR_BACKEND_DIR = $(SRC)/libstb/secvar/backend SUBDIRS += $(SECVAR_BACKEND_DIR) -SECVAR_BACKEND_SRCS = +SECVAR_BACKEND_SRCS = edk2-compat.c SECVAR_BACKEND_OBJS = $(SECVAR_BACKEND_SRCS:%.c=%.o) SECVAR_BACKEND = $(SECVAR_BACKEND_DIR)/built-in.a diff --git a/libstb/secvar/backend/edk2-compat.c b/libstb/secvar/backend/edk2-compat.c new file mode 100644 index 00000000..8ee73dc0 --- /dev/null +++ b/libstb/secvar/backend/edk2-compat.c @@ -0,0 +1,667 @@ +// SPDX-License-Identifier: Apache-2.0 +/* Copyright 2019 IBM Corp. */ +#ifndef pr_fmt +#define pr_fmt(fmt) "EDK2_COMPAT: " fmt +#endif + +#include +#include +#include +#include +#include +#include +#include "libstb/crypto/pkcs7/pkcs7.h" +#include "edk2.h" +#include "opal-api.h" +#include "../secvar.h" +#include "../secvar_devtree.h" +#include "../secvar_tpmnv.h" +#include + +#define TPMNV_ID_EDK2_PK 0x4532504b // E2PK + +static bool setup_mode; + +/* + * Converts utf8 string to ucs2 + */ +static char *utf8_to_ucs2(const char *key, const char keylen) +{ + int i; + char *str; + str = zalloc(keylen * 2); + + for (i = 0; i < keylen*2; key++) { + str[i++] = *key; + str[i++] = '\0'; + } + return str; +} + +/* + * Returns true if key1 = key2 + */ +static bool key_equals(const char *key1, const char *key2) +{ + if (memcmp(key1, key2, strlen(key2)+1) == 0) + return true; + + return false; +} + +/** + * Returns the authority that can sign the given key update + */ +static void get_key_authority(const char *ret[3], const char *key) +{ + int i = 0; + + memset(ret, 0, sizeof(char *) * 3); + if (key_equals(key, "PK")) + ret[i++] = "PK"; + if (key_equals(key, "KEK")) + ret[i++] = "PK"; + if (key_equals(key, "db") || key_equals(key, "dbx")) { + ret[i++] = "KEK"; + ret[i++] = "PK"; + } + ret[i] = NULL; +} + +/* + * PK needs to be stored in the TPMNV space if on p9 + * We store it using the form , the + * extra secvar headers are unnecessary + */ +static int edk2_p9_load_pk(void) +{ + struct secvar_node *pkvar; + uint64_t size; + int rc; + + // Ensure it exists + rc = secvar_tpmnv_alloc(TPMNV_ID_EDK2_PK, -1); + + // Peek to get the size + rc = secvar_tpmnv_read(TPMNV_ID_EDK2_PK, &size, sizeof(size), 0); + if (rc == OPAL_EMPTY) + return 0; + else if (rc) + return -1; + + if (size > secvar_storage.max_var_size) + return OPAL_RESOURCE; + + pkvar = alloc_secvar(size); + memcpy(pkvar->var->key, "PK", 3); + pkvar->var->key_len = 3; + pkvar->var->data_size = size; + pkvar->flags |= SECVAR_FLAG_VOLATILE; + + rc = secvar_tpmnv_read(TPMNV_ID_EDK2_PK, pkvar->var->data, pkvar->var->data_size, sizeof(pkvar->var->data_size)); + if (rc) + return rc; + + list_add_tail(&variable_bank, &pkvar->link); + + return OPAL_SUCCESS; +} + +/* + * Writes the PK to the TPM. + */ +static int edk2_p9_write_pk(void) +{ + char *tmp; + int32_t tmpsize; + struct secvar_node *pkvar; + int rc; + + pkvar = find_secvar("PK", 3, &variable_bank); + + // Should not happen + if (!pkvar) + return OPAL_INTERNAL_ERROR; + + // Reset the pk flag to volatile on p9 + pkvar->flags |= SECVAR_FLAG_VOLATILE; + + tmpsize = secvar_tpmnv_size(TPMNV_ID_EDK2_PK); + if (tmpsize < 0) { + prlog(PR_ERR, "TPMNV space for PK was not allocated properly\n"); + return OPAL_RESOURCE; + } + if (tmpsize < pkvar->var->data_size + sizeof(pkvar->var->data_size)) { + prlog(PR_ERR, "TPMNV PK space is insufficient, %d < %llu\n", tmpsize, + // Cast needed because x86 compiler complains building the test + (long long unsigned) pkvar->var->data_size + sizeof(pkvar->var->data_size)); + return OPAL_RESOURCE; + } + + tmp = zalloc(tmpsize); + if (!tmp) + return OPAL_NO_MEM; + + memcpy(tmp, &pkvar->var->data_size, sizeof(pkvar->var->data_size)); + memcpy(tmp + sizeof(pkvar->var->data_size), + pkvar->var->data, + pkvar->var->data_size); + + tmpsize = pkvar->var->data_size + sizeof(pkvar->var->data_size); + + rc = secvar_tpmnv_write(TPMNV_ID_EDK2_PK, tmp, tmpsize, 0); + + free(tmp); + + return rc; +} + +/* + * Returns the size of the certificate contained in the ESL. + */ +static int get_esl_cert_size(char *buf) +{ + EFI_SIGNATURE_LIST list; + uint32_t sigsize; + + memcpy(&list, buf, sizeof(EFI_SIGNATURE_LIST)); + + sigsize = le32_to_cpu(list.SignatureListSize) - sizeof(list) + - le32_to_cpu(list.SignatureHeaderSize); + + return sigsize; +} + +/* + * Copies the certificate from the ESL into cert buffer. + */ +static int get_esl_cert(char *buf, char **cert) +{ + int sig_data_offset; + int size; + EFI_SIGNATURE_LIST list; + + memset(&list, 0, sizeof(EFI_SIGNATURE_LIST)); + memcpy(&list, buf, sizeof(EFI_SIGNATURE_LIST)); + + sig_data_offset = sizeof(list.SignatureType) + + sizeof(list.SignatureListSize) + + sizeof(list.SignatureHeaderSize) + + sizeof(list.SignatureSize) + + le32_to_cpu(list.SignatureHeaderSize) + + 16 * sizeof(uint8_t); + + size = le32_to_cpu(list.SignatureSize) - sizeof(EFI_SIGNATURE_LIST); + memcpy(*cert, buf + sig_data_offset, size); + + return 0; +} + +/* + * Extracts size of the PKCS7 signed data embedded in the + * struct Authentication 2 Descriptor Header. + */ +static int get_pkcs7_len(struct efi_variable_authentication_2 *auth) +{ + uint32_t dw_length = le32_to_cpu(auth->auth_info.hdr.dw_length); + int size; + + size = dw_length - (sizeof(auth->auth_info.hdr.dw_length) + + sizeof(auth->auth_info.hdr.w_revision) + + sizeof(auth->auth_info.hdr.w_certificate_type) + + sizeof(auth->auth_info.cert_type)); + + return size; +} + +/* + * Return the timestamp from the Authentication 2 Descriptor. + */ +static int get_timestamp_from_auth(char *data, char **timestamp) +{ + if (!timestamp) + return OPAL_PARAMETER; + + *timestamp = zalloc(sizeof(struct efi_time)); + if (!(*timestamp)) + return OPAL_NO_MEM; + + memcpy(*timestamp, data, sizeof(struct efi_time)); + + return 0; +} + +/* + * This function outputs the Authentication 2 Descriptor in the + * auth_buffer and returns the size of the buffer. + */ +static int get_auth_descriptor2(void *data, char **auth_buffer) +{ + struct efi_variable_authentication_2 *auth = data; + uint64_t auth_buffer_size; + int len; + + if (!auth_buffer) + return OPAL_PARAMETER; + + len = get_pkcs7_len(auth); + if (len < 0) + return OPAL_NO_MEM; + + auth_buffer_size = sizeof(auth->timestamp) + sizeof(auth->auth_info.hdr) + + sizeof(auth->auth_info.cert_type) + len; + + *auth_buffer = zalloc(auth_buffer_size); + if (!(*auth_buffer)) + return OPAL_NO_MEM; + + memcpy(*auth_buffer, data, auth_buffer_size); + + return auth_buffer_size; +} + +/* + * Initializes supported variables as empty if not loaded from + * storage. Variables are initialized as volatile if not found. + * Updates should clear this flag. + * + * Returns OPAL Error if anything fails in initialization + */ +static int edk2_compat_pre_process(void) +{ + struct secvar_node *pkvar; + struct secvar_node *kekvar; + struct secvar_node *dbvar; + struct secvar_node *dbxvar; + + // If we are on p9, we need to store the PK in write-lockable + // TPMNV space, as we determine our secure mode based on if this + // variable exists. + // NOTE: Activation of this behavior is subject to change in a later + // patch version, ideally the platform should be able to configure + // whether it wants this extra protection, or to instead store + // everything via the storage driver. + if (proc_gen == proc_gen_p9) + edk2_p9_load_pk(); + + pkvar = find_secvar("PK", 3, &variable_bank); + if (!pkvar) { + pkvar = alloc_secvar(0); + if (!pkvar) + return OPAL_NO_MEM; + + memcpy(pkvar->var->key, "PK", 3); + pkvar->var->key_len = 3; + pkvar->flags |= SECVAR_FLAG_VOLATILE; + list_add_tail(&variable_bank, &pkvar->link); + } + + kekvar = find_secvar("KEK", 4, &variable_bank); + if (!kekvar) { + kekvar = alloc_secvar(0); + if (!kekvar) + return OPAL_NO_MEM; + + memcpy(kekvar->var->key, "KEK", 4); + kekvar->var->key_len = 4; + kekvar->flags |= SECVAR_FLAG_VOLATILE; + list_add_tail(&variable_bank, &kekvar->link); + } + + dbvar = find_secvar("db", 3, &variable_bank); + if (!dbvar) { + dbvar = alloc_secvar(0); + if (!dbvar) + return OPAL_NO_MEM; + + memcpy(dbvar->var->key, "db", 3); + dbvar->var->key_len = 3; + dbvar->flags |= SECVAR_FLAG_VOLATILE; + list_add_tail(&variable_bank, &dbvar->link); + } + + dbxvar = find_secvar("dbx", 4, &variable_bank); + if (!dbxvar) { + dbxvar = alloc_secvar(0); + if (!dbxvar) + return OPAL_NO_MEM; + + memcpy(dbxvar->var->key, "dbx", 4); + dbxvar->var->key_len = 4; + dbxvar->flags |= SECVAR_FLAG_VOLATILE; + list_add_tail(&variable_bank, &dbxvar->link); + } + + return OPAL_SUCCESS; +}; + +/** + * Returns true if we are in Setup Mode + * + * Setup Mode is active if we have no PK. + * Otherwise, we are in user mode. + */ +static int is_setup_mode(void) +{ + struct secvar_node *setup; + + setup = find_secvar((char *)"PK", 3, &variable_bank); + + // Not sure why this wouldn't exist + if (!setup) + return 1; + + return !setup->var->data_size; +} + +/** + * Update the variable with the new value. + */ +static int add_to_variable_bank(struct secvar *secvar, void *data, uint64_t dsize) +{ + struct secvar_node *node; + + node = find_secvar(secvar->key, secvar->key_len, &variable_bank); + if (!node) + return OPAL_INTERNAL_ERROR; + + // Expand the secvar allocated memory if needed + if (node->size < dsize) + if (realloc_secvar(node, dsize)) + return OPAL_NO_MEM; + + node->var->data_size = dsize; + memcpy(node->var->data, data, dsize); + node->flags &= ~SECVAR_FLAG_VOLATILE; // Clear the volatile bit when updated + + return 0; +} + +/* + * Verify the PKCS7 signature on the signed data. + */ +static int verify_signature(void *auth_buffer, char *newcert, + uint64_t new_data_size, struct secvar *avar) +{ + struct efi_variable_authentication_2 *auth; + mbedtls_pkcs7 *pkcs7; + mbedtls_x509_crt x509; + char *checkpkcs7cert; + char *signing_cert; + char *x509_buf; + int len; + int signing_cert_size; + int rc; + char *errbuf; + + auth = auth_buffer; + + len = get_pkcs7_len(auth); + + pkcs7 = malloc(sizeof(struct mbedtls_pkcs7)); + mbedtls_pkcs7_init(pkcs7); + + rc = mbedtls_pkcs7_parse_der( + (const unsigned char *)auth->auth_info.cert_data, + (const unsigned int)len, pkcs7); + if (rc) { + prlog(PR_ERR, "Parsing pkcs7 failed %04x\n", rc); + goto pkcs7out; + } + + checkpkcs7cert = zalloc(2048); + mbedtls_x509_crt_info(checkpkcs7cert, 2048, "CRT:", &(pkcs7->signed_data.certs)); + prlog(PR_DEBUG, "%s \n", checkpkcs7cert); + free(checkpkcs7cert); + + prlog(PR_INFO, "Load the signing certificate from the keystore"); + + signing_cert_size = get_esl_cert_size(avar->data); + signing_cert = zalloc(signing_cert_size); + get_esl_cert(avar->data, &signing_cert); + + mbedtls_x509_crt_init(&x509); + rc = mbedtls_x509_crt_parse(&x509, signing_cert, signing_cert_size); + if(rc) { + prlog(PR_INFO, "X509 certificate parsing failed %04x\n", rc); + goto signout; + } + + x509_buf = zalloc(2048); + mbedtls_x509_crt_info(x509_buf, 2048, "CRT:", &x509); + prlog(PR_INFO, "%s \n", x509_buf); + free(x509_buf); + + rc = mbedtls_pkcs7_signed_data_verify(pkcs7, &x509, newcert, new_data_size); + + if (rc) { + errbuf = zalloc(1024); + mbedtls_strerror(rc, errbuf, 1024); + prlog(PR_INFO, "Signature Verification failed %02x %s\n", rc, errbuf); + free(errbuf); + goto signout; + } + + prlog(PR_INFO, "Signature Verification passed\n"); + +signout: + free(signing_cert); + +pkcs7out: + free(pkcs7); + + return rc; +} + + +/** + * Create the single buffer + * name || vendor guid || attributes || timestamp || newcontent + * which is submitted as signed by the user. + */ +static int get_data_to_verify(char *key, char *new_data, + uint64_t new_data_size, + char **buffer, + uint64_t *buffer_size, char *timestamp) +{ + le32 attr = cpu_to_le32(SECVAR_ATTRIBUTES); + int size = 0; + int varlen; + char *wkey; + uuid_t guid; + + if (key_equals(key, "PK") + || key_equals(key, "KEK")) + guid = EFI_GLOBAL_VARIABLE_GUID; + + if (key_equals(key, "db") + || key_equals(key, "dbx")) + guid = EFI_IMAGE_SECURITY_DATABASE_GUID; + + // Convert utf8 name to ucs2 width + varlen = strlen(key) * 2; + wkey = utf8_to_ucs2(key, strlen(key)); + + // Prepare the single buffer + *buffer_size = varlen + UUID_SIZE + sizeof(attr) + + sizeof(struct efi_time) + new_data_size; + *buffer = zalloc(*buffer_size); + + memcpy(*buffer + size, wkey, varlen); + size = size + varlen; + memcpy(*buffer + size, &guid, sizeof(guid)); + size = size + sizeof(guid); + memcpy(*buffer + size, &attr, sizeof(attr)); + size = size + sizeof(attr); + memcpy(*buffer + size, timestamp , sizeof(struct efi_time)); + size = size + sizeof(struct efi_time); + + memcpy(*buffer + size, new_data, new_data_size); + size = size + new_data_size; + + free(wkey); + + return 0; +} + +static int edk2_compat_process(void) +{ + char *auth_buffer = NULL; + uint64_t auth_buffer_size = 0; + char *timestamp = NULL; + const char *key_authority[3]; + char *newesl = NULL; + uint64_t new_data_size = 0; + char *tbhbuffer = NULL; + uint64_t tbhbuffersize = 0; + struct secvar_node *anode = NULL; + struct secvar_node *node = NULL; + int rc = 0; + int pk_updated = 0; + int i; + + setup_mode = is_setup_mode(); + + prlog(PR_INFO, "Setup mode = %d\n", setup_mode); + + /* Loop through each command in the update bank. + * If any command fails, it just loops out of the update bank. + * It should also clear the update bank. + */ + list_for_each(&update_bank, node, link) { + + /* Submitted data is auth_2 descriptor + new ESL data + * Extract the auth_2 2 descriptor + */ + prlog(PR_INFO, "update for %s\n", node->var->key); + auth_buffer_size = get_auth_descriptor2(node->var->data, &auth_buffer); + if (auth_buffer_size <= 0) + return OPAL_PARAMETER; + + if (node->var->data_size < auth_buffer_size) { + rc = OPAL_PARAMETER; + goto out; + } + + rc = get_timestamp_from_auth(auth_buffer, ×tamp); + if (rc < 0) + goto out; + + /* Calculate the size of new ESL data */ + new_data_size = node->var->data_size - auth_buffer_size; + newesl = zalloc(new_data_size); + memcpy(newesl, node->var->data + auth_buffer_size, new_data_size); + + if (!setup_mode) { + /* Prepare the data to be verified */ + rc = get_data_to_verify(node->var->key, newesl, + new_data_size, &tbhbuffer, + &tbhbuffersize, timestamp); + + /* Get the authority to verify the signature */ + get_key_authority(key_authority, node->var->key); + i = 0; + + /* Try for all the authorities that are allowed to sign. + * For eg. db/dbx can be signed by both PK or KEK + */ + while (key_authority[i] != NULL) { + prlog(PR_DEBUG, "key is %s\n", node->var->key); + prlog(PR_DEBUG, "key authority is %s\n", key_authority[i]); + anode = find_secvar(key_authority[i], strlen(key_authority[i]) + 1, + &variable_bank); + if (!anode) { + rc = OPAL_PERMISSION; + goto out; + } + if (anode->var->data_size == 0) { + rc = OPAL_PERMISSION; + goto out; + } + + /* Verify the signature */ + rc = verify_signature(auth_buffer, tbhbuffer, + tbhbuffersize, anode->var); + + /* Break if signature verification is successful */ + if (!rc) + break; + i++; + } + } + + if (rc) + goto out; + + /* + * If reached here means, signature is verified so update the + * value in the variable bank + */ + add_to_variable_bank(node->var, newesl, new_data_size); + + /* If the PK is updated, update the secure boot state of the + * system at the end of processing */ + if (key_equals(node->var->key, "PK")) { + pk_updated = 1; + setup_mode = 0; + } + } + + if (pk_updated) { + // Store the updated pk in TPMNV on p9 + if (proc_gen == proc_gen_p9) { + rc = edk2_p9_write_pk(); + prlog(PR_INFO, "edk2_p9_write rc=%d\n", rc); + } + } + +out: + if (auth_buffer) + free(auth_buffer); + if (newesl) + free(newesl); + if (tbhbuffer) + free(tbhbuffer); + if (timestamp) + free(timestamp); + + clear_bank_list(&update_bank); + + return rc; +} + +static int edk2_compat_post_process(void) +{ + if (!setup_mode) { + secvar_set_secure_mode(); + prlog(PR_INFO, "Enforcing OS secure mode\n"); + } + + return 0; +} + +static int edk2_compat_validate(struct secvar *var) +{ + + //Checks if the update is for supported + //Non-volatile secure variales + if (key_equals(var->key, "PK") + || key_equals(var->key, "KEK") + || key_equals(var->key, "db") + || key_equals(var->key, "dbx")) + return 1; + //Some more checks needs to be added: + // - check guid + // - check auth struct + // - possibly check signature? can't add but can validate + + return 0; +}; + +struct secvar_backend_driver edk2_compatible_v1 = { + .pre_process = edk2_compat_pre_process, + .process = edk2_compat_process, + .post_process = edk2_compat_post_process, + .validate = edk2_compat_validate, + .compatible = "ibm,edk2-compat-v1", +}; diff --git a/libstb/secvar/backend/edk2.h b/libstb/secvar/backend/edk2.h new file mode 100644 index 00000000..f6ab2e85 --- /dev/null +++ b/libstb/secvar/backend/edk2.h @@ -0,0 +1,243 @@ +/* Copyright (c) 2006 - 2015, Intel Corporation. All rights reserved. This + * program and the accompanying materials are licensed and made available + * under the terms and conditions of the 2-Clause BSD License which + * accompanies this distribution. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * 1. Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + * This file is derived from the following files referred from edk2-staging[1] repo + * of tianocore + * + * MdePkg/Include/Guid/GlobalVariable.h + * MdePkg/Include/Guid/WinCertificate.h + * MdePkg/Include/Uefi/UefiMultiPhase.h + * MdePkg/Include/Uefi/UefiBaseType.h + * MdePkg/Include/Guid/ImageAuthentication.h + * + * [1] https://github.com/tianocore/edk2-staging + * + * Copyright 2019 IBM Corp. + */ + +#ifndef __EDK2_H__ +#define __EDK2_H__ + +#define UUID_SIZE 16 + +typedef struct { + u8 b[UUID_SIZE]; +} uuid_t; + +#define EFI_GLOBAL_VARIABLE_GUID (uuid_t){{0x61, 0xDF, 0xe4, 0x8b, 0xca, 0x93, 0xd2, 0x11, 0xaa, \ + 0x0d, 0x00, 0xe0, 0x98, 0x03, 0x2b, 0x8c}} + +#define EFI_IMAGE_SECURITY_DATABASE_GUID (uuid_t){{0xcb, 0xb2, 0x19, 0xd7, 0x3a, 0x3d, 0x96, 0x45, \ + 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f}} + +#define SECVAR_ATTRIBUTES 39 + +/// +/// This identifies a signature based on an X.509 certificate. If the signature is an X.509 +/// certificate then verification of the signature of an image should validate the public +/// key certificate in the image using certificate path verification, up to this X.509 +/// certificate as a trusted root. The SignatureHeader size shall always be 0. The +/// SignatureSize may vary but shall always be 16 (size of the SignatureOwner component) + +/// the size of the certificate itself. +/// Note: This means that each certificate will normally be in a separate EFI_SIGNATURE_LIST. +/// + +#define EFI_CERT_RSA2048_GUID \ + (UUID_INIT) (0x3c5766e8, 0x269c, 0x4e34, 0xaa, 0x14, 0xed, 0x77, 0x6e, 0x85, 0xb3, 0xb6) + +#define EFI_CERT_TYPE_PKCS7_GUID (uuid_t){{0x9d, 0xd2, 0xaf, 0x4a, 0xdf, 0x68, 0xee, 0x49, \ + 0x8a, 0xa9, 0x34, 0x7d, 0x37, 0x56, 0x65, 0xa7}} + +#define EFI_VARIABLE_NON_VOLATILE 0x00000001 +#define EFI_VARIABLE_BOOTSERVICE_ACCESS 0x00000002 +#define EFI_VARIABLE_RUNTIME_ACCESS 0x00000004 + +/* + * Attributes of Authenticated Variable + */ +#define EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS 0x00000020 +#define EFI_VARIABLE_APPEND_WRITE 0x00000040 +/* + * NOTE: EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS is deprecated and should be + * considered reserved. + */ +#define EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS 0x00000010 + +/* + * win_certificate.w_certificate_type + */ +#define WIN_CERT_TYPE_PKCS_SIGNED_DATA 0x0002 + +#define SECURE_BOOT_MODE_ENABLE 1 +#define SECURE_BOOT_MODE_DISABLE 0 +/// +/// Depricated value definition for SetupMode variable +/// +#define SETUP_MODE 1 +#define USER_MODE 0 + +/* + * EFI Time Abstraction: + * Year: 1900 - 9999 + * Month: 1 - 12 + * Day: 1 - 31 + * Hour: 0 - 23 + * Minute: 0 - 59 + * Second: 0 - 59 + * Nanosecond: 0 - 999,999,999 + * TimeZone: -1440 to 1440 or 2047 + */ +struct efi_time { + u16 year; + u8 month; + u8 day; + u8 hour; + u8 minute; + u8 second; + u8 pad1; + u32 nanosecond; + s16 timezone; + u8 daylight; + u8 pad2; +}; +//*********************************************************************** +// Signature Database +//*********************************************************************** +/// +/// The format of a signature database. +/// +#pragma pack(1) + +typedef struct { + /// + /// An identifier which identifies the agent which added the signature to the list. + /// + uuid_t SignatureOwner; + /// + /// The format of the signature is defined by the SignatureType. + /// + unsigned char SignatureData[1]; +} EFI_SIGNATURE_DATA; + +typedef struct { + /// + /// Type of the signature. GUID signature types are defined in below. + /// + uuid_t SignatureType; + /// + /// Total size of the signature list, including this header. + /// + uint32_t SignatureListSize; + /// + /// Size of the signature header which precedes the array of signatures. + /// + uint32_t SignatureHeaderSize; + /// + /// Size of each signature. + /// + uint32_t SignatureSize; + /// + /// Header before the array of signatures. The format of this header is specified + /// by the SignatureType. + /// UINT8 SignatureHeader[SignatureHeaderSize]; + /// + /// An array of signatures. Each signature is SignatureSize bytes in length. + /// EFI_SIGNATURE_DATA Signatures[][SignatureSize]; + /// +} EFI_SIGNATURE_LIST; + + +/* + * The win_certificate structure is part of the PE/COFF specification. + */ +struct win_certificate { + /* + * The length of the entire certificate, including the length of the + * header, in bytes. + */ + u32 dw_length; + /* + * The revision level of the WIN_CERTIFICATE structure. The current + * revision level is 0x0200. + */ + u16 w_revision; + /* + * The certificate type. See WIN_CERT_TYPE_xxx for the UEFI certificate + * types. The UEFI specification reserves the range of certificate type + * values from 0x0EF0 to 0x0EFF. + */ + u16 w_certificate_type; + /* + * The following is the actual certificate. The format of + * the certificate depends on wCertificateType. + */ + /// UINT8 bCertificate[ANYSIZE_ARRAY]; +}; + +/* + * Certificate which encapsulates a GUID-specific digital signature + */ +struct win_certificate_uefi_guid { + /* + * This is the standard win_certificate header, where w_certificate_type + * is set to WIN_CERT_TYPE_EFI_GUID. + */ + struct win_certificate hdr; + /* + * This is the unique id which determines the format of the cert_data. + */ + uuid_t cert_type; + /* + * The following is the certificate data. The format of the data is + * determined by the @cert_type. If @cert_type is + * EFI_CERT_TYPE_RSA2048_SHA256_GUID, the @cert_data will be + * EFI_CERT_BLOCK_RSA_2048_SHA256 structure. + */ + u8 cert_data[1]; +}; +/* + * When the attribute EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS is set, + * then the Data buffer shall begin with an instance of a complete (and + * serialized) EFI_VARIABLE_AUTHENTICATION_2 descriptor. The descriptor shall be + * followed by the new variable value and DataSize shall reflect the combined + * size of the descriptor and the new variable value. The authentication + * descriptor is not part of the variable data and is not returned by subsequent + * calls to GetVariable(). + */ +struct efi_variable_authentication_2 { + /* + * For the TimeStamp value, components Pad1, Nanosecond, TimeZone, Daylight and + * Pad2 shall be set to 0. This means that the time shall always be expressed in GMT. + */ + struct efi_time timestamp; + /* + * Only a CertType of EFI_CERT_TYPE_PKCS7_GUID is accepted. + */ + struct win_certificate_uefi_guid auth_info; +}; + +#endif diff --git a/libstb/secvar/test/Makefile.check b/libstb/secvar/test/Makefile.check index 6dc24f1e..969b5630 100644 --- a/libstb/secvar/test/Makefile.check +++ b/libstb/secvar/test/Makefile.check @@ -29,13 +29,15 @@ $(SECVAR_TEST:%=%-check) : %-check: % $(call QTEST, RUN-TEST ,$(VALGRIND) $<, $<) @$(RM) -f secboot.img +HOSTMBEDFLAGS += -lmbedcrypto -lmbedx509 + $(SECVAR_TEST) : core/test/stubs.o $(SECVAR_TEST) : % : %.c - $(call Q, HOSTCC ,$(HOSTCC) $(HOSTCFLAGS) -O0 -g -I include -I . -I libfdt -o $@ $< core/test/stubs.o, $<) + $(call Q, HOSTCC ,$(HOSTCC) $(HOSTCFLAGS) $(HOSTMBEDFLAGS) -O0 -g -I include -I . -I libfdt -o $@ $< core/test/stubs.o, $<) $(SECVAR_TEST:%=%-gcov): %-gcov : %.c % - $(call Q, HOSTCC ,$(HOSTCC) $(HOSTCFLAGS) $(HOSTGCOVCFLAGS) -I include -I . -I libfdt -lgcov -o $@ $< core/test/stubs.o, $<) + $(call Q, HOSTCC ,$(HOSTCC) $(HOSTCFLAGS) $(HOSTGCOVCFLAGS) $(HOSTMBEDFLAGS) -I include -I . -I libfdt -lgcov -o $@ $< core/test/stubs.o, $<) -include $(wildcard libstb/secvar/test/*.d) diff --git a/libstb/secvar/test/edk2_test_data.h b/libstb/secvar/test/edk2_test_data.h new file mode 100644 index 00000000..13d4cc80 --- /dev/null +++ b/libstb/secvar/test/edk2_test_data.h @@ -0,0 +1,764 @@ +unsigned char PK_auth[] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x91, 0x04, 0x00, 0x00, 0x00, 0x02, 0xf1, 0x0e, + 0x9d, 0xd2, 0xaf, 0x4a, 0xdf, 0x68, 0xee, 0x49, 0x8a, 0xa9, 0x34, 0x7d, + 0x37, 0x56, 0x65, 0xa7, 0x30, 0x82, 0x04, 0x75, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x02, 0xa0, 0x82, 0x04, 0x66, 0x30, + 0x82, 0x04, 0x62, 0x02, 0x01, 0x01, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x09, + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x30, + 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, + 0xa0, 0x82, 0x02, 0xf4, 0x30, 0x82, 0x02, 0xf0, 0x30, 0x82, 0x01, 0xd8, + 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xec, 0x89, 0x21, 0xbe, + 0xc3, 0xb0, 0x04, 0xc6, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x0d, 0x31, 0x0b, 0x30, + 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, 0x50, 0x4b, 0x30, 0x1e, + 0x17, 0x0d, 0x31, 0x39, 0x30, 0x31, 0x31, 0x32, 0x31, 0x38, 0x35, 0x36, + 0x32, 0x39, 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x31, 0x30, 0x39, 0x31, + 0x38, 0x35, 0x36, 0x32, 0x39, 0x5a, 0x30, 0x0d, 0x31, 0x0b, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, 0x50, 0x4b, 0x30, 0x82, 0x01, + 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, + 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, + 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xee, 0xa9, 0xd0, 0x47, 0xf4, 0x2d, + 0xfd, 0xff, 0x21, 0x6f, 0x11, 0x89, 0x9d, 0x54, 0xe8, 0xb1, 0x97, 0x61, + 0x10, 0x21, 0xe1, 0x9e, 0x51, 0x09, 0x66, 0xea, 0x23, 0xdb, 0x01, 0xd3, + 0x5d, 0xa6, 0xce, 0xc5, 0x75, 0x52, 0xec, 0x2f, 0xb4, 0x1f, 0x36, 0xb4, + 0x35, 0xca, 0x30, 0xfd, 0xd9, 0xed, 0x14, 0x63, 0xa3, 0x9e, 0xc6, 0x0d, + 0xc0, 0x8d, 0xca, 0x7a, 0x1b, 0x9a, 0xcd, 0xbf, 0xb4, 0x4c, 0x21, 0x8d, + 0xe0, 0xf6, 0xbc, 0x74, 0xbc, 0xef, 0xc6, 0x8f, 0xc1, 0x81, 0x33, 0x5f, + 0x1e, 0xe6, 0xed, 0x69, 0x68, 0x49, 0x4c, 0xd7, 0x0f, 0x84, 0x70, 0xf0, + 0xf6, 0x1b, 0x07, 0x35, 0xa4, 0x09, 0xae, 0x5e, 0xdd, 0x42, 0xa2, 0x75, + 0x48, 0xd4, 0xfa, 0x3c, 0x28, 0xe7, 0xaa, 0xc9, 0x2b, 0xbf, 0xc1, 0x91, + 0x65, 0x19, 0x99, 0x3b, 0x56, 0x80, 0x1a, 0xee, 0x90, 0x43, 0xae, 0xbf, + 0x1f, 0xff, 0xd2, 0x55, 0x1d, 0x18, 0xff, 0x49, 0x38, 0xd8, 0xdc, 0x21, + 0xe1, 0x86, 0xfb, 0xf2, 0x86, 0x43, 0x37, 0x2e, 0x93, 0xe8, 0xd0, 0x41, + 0xdb, 0xc9, 0x73, 0xd8, 0x0f, 0xf5, 0x11, 0x18, 0xa9, 0x93, 0xb2, 0x87, + 0x90, 0xc2, 0x58, 0x96, 0x93, 0xff, 0x69, 0xb2, 0x05, 0xec, 0xaa, 0x0e, + 0xcc, 0xfe, 0x1a, 0x78, 0x6c, 0x31, 0xfa, 0x6b, 0x0d, 0xb6, 0xeb, 0xac, + 0xaf, 0xc9, 0xa5, 0x09, 0xbb, 0xdd, 0x01, 0x16, 0x6d, 0x31, 0x53, 0x2c, + 0xcb, 0xc1, 0x82, 0x87, 0x81, 0x99, 0x7f, 0xc1, 0xee, 0x86, 0x6a, 0xed, + 0x50, 0xfc, 0x39, 0xc1, 0x51, 0x71, 0x04, 0xe0, 0x66, 0x63, 0x6f, 0x8d, + 0x17, 0x35, 0x63, 0x56, 0x4b, 0x90, 0x20, 0x7a, 0x5f, 0xc8, 0x63, 0xee, + 0xf4, 0x82, 0xe1, 0x61, 0xbf, 0x41, 0x46, 0x04, 0xfd, 0x96, 0x46, 0x2a, + 0x8b, 0x8d, 0xa2, 0x4c, 0x82, 0xe3, 0xf0, 0x6e, 0x24, 0x8b, 0x02, 0x03, + 0x01, 0x00, 0x01, 0xa3, 0x53, 0x30, 0x51, 0x30, 0x1d, 0x06, 0x03, 0x55, + 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x14, 0xb2, 0x26, 0xdc, 0xe0, 0x99, + 0x4b, 0xb1, 0x3e, 0xc4, 0xc8, 0xeb, 0xe3, 0xc9, 0x8b, 0x69, 0x78, 0xef, + 0x55, 0xbd, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, + 0x16, 0x80, 0x14, 0x14, 0xb2, 0x26, 0xdc, 0xe0, 0x99, 0x4b, 0xb1, 0x3e, + 0xc4, 0xc8, 0xeb, 0xe3, 0xc9, 0x8b, 0x69, 0x78, 0xef, 0x55, 0xbd, 0x30, + 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, + 0x03, 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, + 0x8f, 0x4b, 0x0e, 0x4d, 0xd6, 0xed, 0x73, 0xb0, 0xe6, 0xa5, 0xcf, 0x37, + 0xed, 0x7b, 0x89, 0x82, 0xc4, 0x67, 0x95, 0x16, 0x03, 0x19, 0x3d, 0x9c, + 0xbf, 0x10, 0x8e, 0x23, 0x71, 0xcb, 0x53, 0xa2, 0xb0, 0xa1, 0x88, 0xb1, + 0x9b, 0x2e, 0x68, 0xda, 0x1e, 0x74, 0xfe, 0x32, 0x6f, 0xa1, 0xda, 0x9f, + 0x5b, 0x52, 0x6b, 0x10, 0x11, 0x48, 0x0d, 0x71, 0xec, 0x08, 0x24, 0xe5, + 0x0b, 0xb4, 0x60, 0x52, 0x47, 0x64, 0xfb, 0xf5, 0x99, 0x45, 0x15, 0xe1, + 0x35, 0x6c, 0x43, 0xe3, 0x9c, 0xeb, 0xe4, 0xfd, 0x5b, 0x91, 0x5d, 0xed, + 0xa9, 0x98, 0x13, 0x79, 0x6d, 0xcd, 0x8a, 0x8f, 0xae, 0x09, 0x42, 0xd4, + 0xa1, 0x46, 0x89, 0xd1, 0x95, 0x20, 0x27, 0x82, 0x80, 0x93, 0x3d, 0xe0, + 0x32, 0xb2, 0x07, 0x2e, 0xee, 0x89, 0xbf, 0x08, 0xca, 0x3c, 0xc5, 0xcc, + 0x1d, 0x64, 0x61, 0x4c, 0xdd, 0x26, 0x99, 0x3d, 0xee, 0x0f, 0xad, 0x14, + 0xbe, 0x8f, 0x70, 0x9e, 0xb1, 0x31, 0xd1, 0xb2, 0x7d, 0xdf, 0xbc, 0x23, + 0xc6, 0x36, 0x23, 0xfc, 0xa1, 0x77, 0xdb, 0x80, 0xaf, 0x41, 0xaf, 0xe2, + 0xb2, 0x37, 0x8c, 0x74, 0xff, 0x19, 0x04, 0x96, 0x6a, 0x40, 0x37, 0x7f, + 0x5e, 0x76, 0x9b, 0xee, 0x84, 0x7e, 0x4e, 0x2f, 0x75, 0x7d, 0x76, 0xfa, + 0x90, 0x76, 0x08, 0x41, 0x61, 0x63, 0xa4, 0x9e, 0x79, 0x2e, 0xb0, 0x52, + 0xec, 0xc7, 0xa0, 0x47, 0x16, 0x76, 0x4f, 0x01, 0xb1, 0x58, 0x67, 0xe7, + 0x59, 0x6a, 0x9a, 0xe9, 0xf8, 0x59, 0x33, 0x52, 0x98, 0x52, 0xc8, 0xb7, + 0x6f, 0xc8, 0x44, 0x52, 0x8b, 0xa2, 0x30, 0x1e, 0xb6, 0xd2, 0xc2, 0x0c, + 0x43, 0x9f, 0x13, 0x1f, 0x0f, 0xef, 0x16, 0xa6, 0xc0, 0xf7, 0x09, 0x8b, + 0x2e, 0xa7, 0x7d, 0x6a, 0x30, 0x0b, 0x09, 0xbb, 0x69, 0x2f, 0xaf, 0xe7, + 0x12, 0xe1, 0x66, 0x15, 0x31, 0x82, 0x01, 0x45, 0x30, 0x82, 0x01, 0x41, + 0x02, 0x01, 0x01, 0x30, 0x1a, 0x30, 0x0d, 0x31, 0x0b, 0x30, 0x09, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, 0x50, 0x4b, 0x02, 0x09, 0x00, 0xec, + 0x89, 0x21, 0xbe, 0xc3, 0xb0, 0x04, 0xc6, 0x30, 0x0d, 0x06, 0x09, 0x60, + 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x30, 0x0d, + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, + 0x00, 0x04, 0x82, 0x01, 0x00, 0x21, 0xa2, 0xb4, 0x87, 0x9c, 0xa0, 0xe7, + 0x62, 0x82, 0x2a, 0x50, 0x0f, 0x59, 0xf0, 0x0e, 0xe4, 0xd8, 0xf1, 0x99, + 0xa1, 0x6f, 0x70, 0x76, 0x14, 0xe6, 0x59, 0xa1, 0x7f, 0xc7, 0xf6, 0xfa, + 0x6f, 0x7d, 0x43, 0xb9, 0x4c, 0x0a, 0x6f, 0x2e, 0xc3, 0x46, 0xe5, 0xbd, + 0xea, 0xa8, 0xaa, 0x88, 0x09, 0x99, 0x93, 0xb5, 0x31, 0x41, 0x3e, 0x30, + 0xdb, 0x2f, 0xad, 0x34, 0x45, 0x84, 0xaa, 0xac, 0xd5, 0xa0, 0x1a, 0x16, + 0x55, 0x7c, 0x12, 0xa9, 0x24, 0x0e, 0x5b, 0xc1, 0x28, 0x4b, 0x77, 0x70, + 0x6f, 0xc3, 0x7a, 0xf5, 0x98, 0x32, 0xe2, 0x0d, 0x24, 0x87, 0x70, 0x65, + 0x0c, 0xb1, 0x72, 0x3f, 0xde, 0x07, 0xcb, 0x35, 0x1b, 0x88, 0x0e, 0x4c, + 0x3b, 0x18, 0x65, 0x0e, 0x6c, 0xa9, 0x99, 0x5d, 0xa0, 0x13, 0x99, 0xaa, + 0x91, 0xc4, 0xbd, 0x1a, 0x77, 0x47, 0x2d, 0x0d, 0x0c, 0xda, 0x82, 0xd6, + 0x29, 0xc2, 0x08, 0x3c, 0x7e, 0x2a, 0x3b, 0x38, 0x99, 0x44, 0x51, 0xb1, + 0x41, 0x86, 0xb7, 0xe3, 0x31, 0xe4, 0x0c, 0x1b, 0xb4, 0xfb, 0x53, 0x7b, + 0xb1, 0x32, 0x04, 0x02, 0x40, 0x26, 0xfa, 0x67, 0xfa, 0xc0, 0xb5, 0x9a, + 0xd7, 0x86, 0x33, 0xfa, 0x5a, 0x88, 0x78, 0xf4, 0x45, 0x07, 0xdb, 0x6c, + 0x91, 0x4a, 0x4d, 0x61, 0x4a, 0x8f, 0x14, 0x63, 0x2a, 0x4a, 0xc9, 0x37, + 0x1c, 0xf3, 0xb0, 0x87, 0xd1, 0x1b, 0x10, 0xe2, 0x1e, 0x9b, 0x7b, 0xd6, + 0x44, 0xf2, 0x09, 0x88, 0xdc, 0x82, 0x52, 0x35, 0xec, 0xd7, 0x76, 0xc0, + 0xcc, 0xb4, 0x90, 0x66, 0x29, 0xd5, 0x18, 0xf9, 0xb3, 0x44, 0x70, 0x94, + 0x80, 0x10, 0xd0, 0x33, 0x7e, 0xfa, 0xe7, 0xfc, 0x6b, 0x3e, 0x81, 0x64, + 0xdb, 0xaa, 0x2f, 0x9f, 0x18, 0xc1, 0xae, 0x4a, 0x50, 0x59, 0x9f, 0xd4, + 0x1a, 0x3f, 0xc3, 0x08, 0x08, 0x1c, 0xbf, 0x61, 0xe7, 0xa1, 0x59, 0xc0, + 0xa5, 0xe4, 0x94, 0xa7, 0x4a, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, + 0x72, 0x20, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x03, 0x00, + 0x00, 0x11, 0x11, 0x11, 0x11, 0x22, 0x22, 0x33, 0x33, 0x44, 0x44, 0x12, + 0x34, 0x56, 0x78, 0x9a, 0xbc, 0x30, 0x82, 0x02, 0xf0, 0x30, 0x82, 0x01, + 0xd8, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xec, 0x89, 0x21, + 0xbe, 0xc3, 0xb0, 0x04, 0xc6, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x0d, 0x31, 0x0b, + 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, 0x50, 0x4b, 0x30, + 0x1e, 0x17, 0x0d, 0x31, 0x39, 0x30, 0x31, 0x31, 0x32, 0x31, 0x38, 0x35, + 0x36, 0x32, 0x39, 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x31, 0x30, 0x39, + 0x31, 0x38, 0x35, 0x36, 0x32, 0x39, 0x5a, 0x30, 0x0d, 0x31, 0x0b, 0x30, + 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, 0x50, 0x4b, 0x30, 0x82, + 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, + 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, + 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xee, 0xa9, 0xd0, 0x47, 0xf4, + 0x2d, 0xfd, 0xff, 0x21, 0x6f, 0x11, 0x89, 0x9d, 0x54, 0xe8, 0xb1, 0x97, + 0x61, 0x10, 0x21, 0xe1, 0x9e, 0x51, 0x09, 0x66, 0xea, 0x23, 0xdb, 0x01, + 0xd3, 0x5d, 0xa6, 0xce, 0xc5, 0x75, 0x52, 0xec, 0x2f, 0xb4, 0x1f, 0x36, + 0xb4, 0x35, 0xca, 0x30, 0xfd, 0xd9, 0xed, 0x14, 0x63, 0xa3, 0x9e, 0xc6, + 0x0d, 0xc0, 0x8d, 0xca, 0x7a, 0x1b, 0x9a, 0xcd, 0xbf, 0xb4, 0x4c, 0x21, + 0x8d, 0xe0, 0xf6, 0xbc, 0x74, 0xbc, 0xef, 0xc6, 0x8f, 0xc1, 0x81, 0x33, + 0x5f, 0x1e, 0xe6, 0xed, 0x69, 0x68, 0x49, 0x4c, 0xd7, 0x0f, 0x84, 0x70, + 0xf0, 0xf6, 0x1b, 0x07, 0x35, 0xa4, 0x09, 0xae, 0x5e, 0xdd, 0x42, 0xa2, + 0x75, 0x48, 0xd4, 0xfa, 0x3c, 0x28, 0xe7, 0xaa, 0xc9, 0x2b, 0xbf, 0xc1, + 0x91, 0x65, 0x19, 0x99, 0x3b, 0x56, 0x80, 0x1a, 0xee, 0x90, 0x43, 0xae, + 0xbf, 0x1f, 0xff, 0xd2, 0x55, 0x1d, 0x18, 0xff, 0x49, 0x38, 0xd8, 0xdc, + 0x21, 0xe1, 0x86, 0xfb, 0xf2, 0x86, 0x43, 0x37, 0x2e, 0x93, 0xe8, 0xd0, + 0x41, 0xdb, 0xc9, 0x73, 0xd8, 0x0f, 0xf5, 0x11, 0x18, 0xa9, 0x93, 0xb2, + 0x87, 0x90, 0xc2, 0x58, 0x96, 0x93, 0xff, 0x69, 0xb2, 0x05, 0xec, 0xaa, + 0x0e, 0xcc, 0xfe, 0x1a, 0x78, 0x6c, 0x31, 0xfa, 0x6b, 0x0d, 0xb6, 0xeb, + 0xac, 0xaf, 0xc9, 0xa5, 0x09, 0xbb, 0xdd, 0x01, 0x16, 0x6d, 0x31, 0x53, + 0x2c, 0xcb, 0xc1, 0x82, 0x87, 0x81, 0x99, 0x7f, 0xc1, 0xee, 0x86, 0x6a, + 0xed, 0x50, 0xfc, 0x39, 0xc1, 0x51, 0x71, 0x04, 0xe0, 0x66, 0x63, 0x6f, + 0x8d, 0x17, 0x35, 0x63, 0x56, 0x4b, 0x90, 0x20, 0x7a, 0x5f, 0xc8, 0x63, + 0xee, 0xf4, 0x82, 0xe1, 0x61, 0xbf, 0x41, 0x46, 0x04, 0xfd, 0x96, 0x46, + 0x2a, 0x8b, 0x8d, 0xa2, 0x4c, 0x82, 0xe3, 0xf0, 0x6e, 0x24, 0x8b, 0x02, + 0x03, 0x01, 0x00, 0x01, 0xa3, 0x53, 0x30, 0x51, 0x30, 0x1d, 0x06, 0x03, + 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x14, 0xb2, 0x26, 0xdc, 0xe0, + 0x99, 0x4b, 0xb1, 0x3e, 0xc4, 0xc8, 0xeb, 0xe3, 0xc9, 0x8b, 0x69, 0x78, + 0xef, 0x55, 0xbd, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, + 0x30, 0x16, 0x80, 0x14, 0x14, 0xb2, 0x26, 0xdc, 0xe0, 0x99, 0x4b, 0xb1, + 0x3e, 0xc4, 0xc8, 0xeb, 0xe3, 0xc9, 0x8b, 0x69, 0x78, 0xef, 0x55, 0xbd, + 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, + 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, + 0x00, 0x8f, 0x4b, 0x0e, 0x4d, 0xd6, 0xed, 0x73, 0xb0, 0xe6, 0xa5, 0xcf, + 0x37, 0xed, 0x7b, 0x89, 0x82, 0xc4, 0x67, 0x95, 0x16, 0x03, 0x19, 0x3d, + 0x9c, 0xbf, 0x10, 0x8e, 0x23, 0x71, 0xcb, 0x53, 0xa2, 0xb0, 0xa1, 0x88, + 0xb1, 0x9b, 0x2e, 0x68, 0xda, 0x1e, 0x74, 0xfe, 0x32, 0x6f, 0xa1, 0xda, + 0x9f, 0x5b, 0x52, 0x6b, 0x10, 0x11, 0x48, 0x0d, 0x71, 0xec, 0x08, 0x24, + 0xe5, 0x0b, 0xb4, 0x60, 0x52, 0x47, 0x64, 0xfb, 0xf5, 0x99, 0x45, 0x15, + 0xe1, 0x35, 0x6c, 0x43, 0xe3, 0x9c, 0xeb, 0xe4, 0xfd, 0x5b, 0x91, 0x5d, + 0xed, 0xa9, 0x98, 0x13, 0x79, 0x6d, 0xcd, 0x8a, 0x8f, 0xae, 0x09, 0x42, + 0xd4, 0xa1, 0x46, 0x89, 0xd1, 0x95, 0x20, 0x27, 0x82, 0x80, 0x93, 0x3d, + 0xe0, 0x32, 0xb2, 0x07, 0x2e, 0xee, 0x89, 0xbf, 0x08, 0xca, 0x3c, 0xc5, + 0xcc, 0x1d, 0x64, 0x61, 0x4c, 0xdd, 0x26, 0x99, 0x3d, 0xee, 0x0f, 0xad, + 0x14, 0xbe, 0x8f, 0x70, 0x9e, 0xb1, 0x31, 0xd1, 0xb2, 0x7d, 0xdf, 0xbc, + 0x23, 0xc6, 0x36, 0x23, 0xfc, 0xa1, 0x77, 0xdb, 0x80, 0xaf, 0x41, 0xaf, + 0xe2, 0xb2, 0x37, 0x8c, 0x74, 0xff, 0x19, 0x04, 0x96, 0x6a, 0x40, 0x37, + 0x7f, 0x5e, 0x76, 0x9b, 0xee, 0x84, 0x7e, 0x4e, 0x2f, 0x75, 0x7d, 0x76, + 0xfa, 0x90, 0x76, 0x08, 0x41, 0x61, 0x63, 0xa4, 0x9e, 0x79, 0x2e, 0xb0, + 0x52, 0xec, 0xc7, 0xa0, 0x47, 0x16, 0x76, 0x4f, 0x01, 0xb1, 0x58, 0x67, + 0xe7, 0x59, 0x6a, 0x9a, 0xe9, 0xf8, 0x59, 0x33, 0x52, 0x98, 0x52, 0xc8, + 0xb7, 0x6f, 0xc8, 0x44, 0x52, 0x8b, 0xa2, 0x30, 0x1e, 0xb6, 0xd2, 0xc2, + 0x0c, 0x43, 0x9f, 0x13, 0x1f, 0x0f, 0xef, 0x16, 0xa6, 0xc0, 0xf7, 0x09, + 0x8b, 0x2e, 0xa7, 0x7d, 0x6a, 0x30, 0x0b, 0x09, 0xbb, 0x69, 0x2f, 0xaf, + 0xe7, 0x12, 0xe1, 0x66, 0x15, +}; +unsigned int PK_auth_len = 1985; + +unsigned char ValidKEK_auth[] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x91, 0x04, 0x00, 0x00, 0x00, 0x02, 0xf1, 0x0e, + 0x9d, 0xd2, 0xaf, 0x4a, 0xdf, 0x68, 0xee, 0x49, 0x8a, 0xa9, 0x34, 0x7d, + 0x37, 0x56, 0x65, 0xa7, 0x30, 0x82, 0x04, 0x75, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x02, 0xa0, 0x82, 0x04, 0x66, 0x30, + 0x82, 0x04, 0x62, 0x02, 0x01, 0x01, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x09, + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x30, + 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, + 0xa0, 0x82, 0x02, 0xf4, 0x30, 0x82, 0x02, 0xf0, 0x30, 0x82, 0x01, 0xd8, + 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xec, 0x89, 0x21, 0xbe, + 0xc3, 0xb0, 0x04, 0xc6, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x0d, 0x31, 0x0b, 0x30, + 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, 0x50, 0x4b, 0x30, 0x1e, + 0x17, 0x0d, 0x31, 0x39, 0x30, 0x31, 0x31, 0x32, 0x31, 0x38, 0x35, 0x36, + 0x32, 0x39, 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x31, 0x30, 0x39, 0x31, + 0x38, 0x35, 0x36, 0x32, 0x39, 0x5a, 0x30, 0x0d, 0x31, 0x0b, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, 0x50, 0x4b, 0x30, 0x82, 0x01, + 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, + 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, + 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xee, 0xa9, 0xd0, 0x47, 0xf4, 0x2d, + 0xfd, 0xff, 0x21, 0x6f, 0x11, 0x89, 0x9d, 0x54, 0xe8, 0xb1, 0x97, 0x61, + 0x10, 0x21, 0xe1, 0x9e, 0x51, 0x09, 0x66, 0xea, 0x23, 0xdb, 0x01, 0xd3, + 0x5d, 0xa6, 0xce, 0xc5, 0x75, 0x52, 0xec, 0x2f, 0xb4, 0x1f, 0x36, 0xb4, + 0x35, 0xca, 0x30, 0xfd, 0xd9, 0xed, 0x14, 0x63, 0xa3, 0x9e, 0xc6, 0x0d, + 0xc0, 0x8d, 0xca, 0x7a, 0x1b, 0x9a, 0xcd, 0xbf, 0xb4, 0x4c, 0x21, 0x8d, + 0xe0, 0xf6, 0xbc, 0x74, 0xbc, 0xef, 0xc6, 0x8f, 0xc1, 0x81, 0x33, 0x5f, + 0x1e, 0xe6, 0xed, 0x69, 0x68, 0x49, 0x4c, 0xd7, 0x0f, 0x84, 0x70, 0xf0, + 0xf6, 0x1b, 0x07, 0x35, 0xa4, 0x09, 0xae, 0x5e, 0xdd, 0x42, 0xa2, 0x75, + 0x48, 0xd4, 0xfa, 0x3c, 0x28, 0xe7, 0xaa, 0xc9, 0x2b, 0xbf, 0xc1, 0x91, + 0x65, 0x19, 0x99, 0x3b, 0x56, 0x80, 0x1a, 0xee, 0x90, 0x43, 0xae, 0xbf, + 0x1f, 0xff, 0xd2, 0x55, 0x1d, 0x18, 0xff, 0x49, 0x38, 0xd8, 0xdc, 0x21, + 0xe1, 0x86, 0xfb, 0xf2, 0x86, 0x43, 0x37, 0x2e, 0x93, 0xe8, 0xd0, 0x41, + 0xdb, 0xc9, 0x73, 0xd8, 0x0f, 0xf5, 0x11, 0x18, 0xa9, 0x93, 0xb2, 0x87, + 0x90, 0xc2, 0x58, 0x96, 0x93, 0xff, 0x69, 0xb2, 0x05, 0xec, 0xaa, 0x0e, + 0xcc, 0xfe, 0x1a, 0x78, 0x6c, 0x31, 0xfa, 0x6b, 0x0d, 0xb6, 0xeb, 0xac, + 0xaf, 0xc9, 0xa5, 0x09, 0xbb, 0xdd, 0x01, 0x16, 0x6d, 0x31, 0x53, 0x2c, + 0xcb, 0xc1, 0x82, 0x87, 0x81, 0x99, 0x7f, 0xc1, 0xee, 0x86, 0x6a, 0xed, + 0x50, 0xfc, 0x39, 0xc1, 0x51, 0x71, 0x04, 0xe0, 0x66, 0x63, 0x6f, 0x8d, + 0x17, 0x35, 0x63, 0x56, 0x4b, 0x90, 0x20, 0x7a, 0x5f, 0xc8, 0x63, 0xee, + 0xf4, 0x82, 0xe1, 0x61, 0xbf, 0x41, 0x46, 0x04, 0xfd, 0x96, 0x46, 0x2a, + 0x8b, 0x8d, 0xa2, 0x4c, 0x82, 0xe3, 0xf0, 0x6e, 0x24, 0x8b, 0x02, 0x03, + 0x01, 0x00, 0x01, 0xa3, 0x53, 0x30, 0x51, 0x30, 0x1d, 0x06, 0x03, 0x55, + 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x14, 0xb2, 0x26, 0xdc, 0xe0, 0x99, + 0x4b, 0xb1, 0x3e, 0xc4, 0xc8, 0xeb, 0xe3, 0xc9, 0x8b, 0x69, 0x78, 0xef, + 0x55, 0xbd, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, + 0x16, 0x80, 0x14, 0x14, 0xb2, 0x26, 0xdc, 0xe0, 0x99, 0x4b, 0xb1, 0x3e, + 0xc4, 0xc8, 0xeb, 0xe3, 0xc9, 0x8b, 0x69, 0x78, 0xef, 0x55, 0xbd, 0x30, + 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, + 0x03, 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, + 0x8f, 0x4b, 0x0e, 0x4d, 0xd6, 0xed, 0x73, 0xb0, 0xe6, 0xa5, 0xcf, 0x37, + 0xed, 0x7b, 0x89, 0x82, 0xc4, 0x67, 0x95, 0x16, 0x03, 0x19, 0x3d, 0x9c, + 0xbf, 0x10, 0x8e, 0x23, 0x71, 0xcb, 0x53, 0xa2, 0xb0, 0xa1, 0x88, 0xb1, + 0x9b, 0x2e, 0x68, 0xda, 0x1e, 0x74, 0xfe, 0x32, 0x6f, 0xa1, 0xda, 0x9f, + 0x5b, 0x52, 0x6b, 0x10, 0x11, 0x48, 0x0d, 0x71, 0xec, 0x08, 0x24, 0xe5, + 0x0b, 0xb4, 0x60, 0x52, 0x47, 0x64, 0xfb, 0xf5, 0x99, 0x45, 0x15, 0xe1, + 0x35, 0x6c, 0x43, 0xe3, 0x9c, 0xeb, 0xe4, 0xfd, 0x5b, 0x91, 0x5d, 0xed, + 0xa9, 0x98, 0x13, 0x79, 0x6d, 0xcd, 0x8a, 0x8f, 0xae, 0x09, 0x42, 0xd4, + 0xa1, 0x46, 0x89, 0xd1, 0x95, 0x20, 0x27, 0x82, 0x80, 0x93, 0x3d, 0xe0, + 0x32, 0xb2, 0x07, 0x2e, 0xee, 0x89, 0xbf, 0x08, 0xca, 0x3c, 0xc5, 0xcc, + 0x1d, 0x64, 0x61, 0x4c, 0xdd, 0x26, 0x99, 0x3d, 0xee, 0x0f, 0xad, 0x14, + 0xbe, 0x8f, 0x70, 0x9e, 0xb1, 0x31, 0xd1, 0xb2, 0x7d, 0xdf, 0xbc, 0x23, + 0xc6, 0x36, 0x23, 0xfc, 0xa1, 0x77, 0xdb, 0x80, 0xaf, 0x41, 0xaf, 0xe2, + 0xb2, 0x37, 0x8c, 0x74, 0xff, 0x19, 0x04, 0x96, 0x6a, 0x40, 0x37, 0x7f, + 0x5e, 0x76, 0x9b, 0xee, 0x84, 0x7e, 0x4e, 0x2f, 0x75, 0x7d, 0x76, 0xfa, + 0x90, 0x76, 0x08, 0x41, 0x61, 0x63, 0xa4, 0x9e, 0x79, 0x2e, 0xb0, 0x52, + 0xec, 0xc7, 0xa0, 0x47, 0x16, 0x76, 0x4f, 0x01, 0xb1, 0x58, 0x67, 0xe7, + 0x59, 0x6a, 0x9a, 0xe9, 0xf8, 0x59, 0x33, 0x52, 0x98, 0x52, 0xc8, 0xb7, + 0x6f, 0xc8, 0x44, 0x52, 0x8b, 0xa2, 0x30, 0x1e, 0xb6, 0xd2, 0xc2, 0x0c, + 0x43, 0x9f, 0x13, 0x1f, 0x0f, 0xef, 0x16, 0xa6, 0xc0, 0xf7, 0x09, 0x8b, + 0x2e, 0xa7, 0x7d, 0x6a, 0x30, 0x0b, 0x09, 0xbb, 0x69, 0x2f, 0xaf, 0xe7, + 0x12, 0xe1, 0x66, 0x15, 0x31, 0x82, 0x01, 0x45, 0x30, 0x82, 0x01, 0x41, + 0x02, 0x01, 0x01, 0x30, 0x1a, 0x30, 0x0d, 0x31, 0x0b, 0x30, 0x09, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, 0x50, 0x4b, 0x02, 0x09, 0x00, 0xec, + 0x89, 0x21, 0xbe, 0xc3, 0xb0, 0x04, 0xc6, 0x30, 0x0d, 0x06, 0x09, 0x60, + 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x30, 0x0d, + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, + 0x00, 0x04, 0x82, 0x01, 0x00, 0xbf, 0xe8, 0x0c, 0x4c, 0x32, 0x9a, 0x6e, + 0x05, 0x20, 0x92, 0xa5, 0x65, 0x4e, 0xc3, 0x46, 0x24, 0x8d, 0xaf, 0x84, + 0xd5, 0xe6, 0x43, 0xa0, 0x12, 0xa1, 0x4b, 0x98, 0x71, 0x5e, 0xe6, 0xed, + 0x2c, 0x1d, 0x83, 0xeb, 0x67, 0xb5, 0x85, 0x57, 0xce, 0x1a, 0x01, 0x20, + 0x2b, 0x79, 0xe0, 0x07, 0x8f, 0x25, 0x8e, 0xf4, 0xdf, 0x17, 0x83, 0xe6, + 0x4f, 0xf0, 0xba, 0x98, 0xb7, 0xc4, 0x82, 0xae, 0x8b, 0x63, 0xa0, 0x77, + 0x6b, 0xe2, 0x63, 0x36, 0x0a, 0xce, 0x7c, 0x0a, 0xb9, 0x25, 0xa7, 0xf6, + 0x26, 0x06, 0x40, 0x49, 0xeb, 0x40, 0x7b, 0xff, 0xb0, 0xc7, 0xf6, 0xd2, + 0x7f, 0x5e, 0x17, 0xf5, 0x28, 0x37, 0x0d, 0x82, 0x32, 0x22, 0xfb, 0xdd, + 0x52, 0x00, 0xc4, 0x63, 0xda, 0x4c, 0x81, 0x88, 0xc3, 0xda, 0x36, 0x40, + 0x18, 0xea, 0x8e, 0x6e, 0x2f, 0xeb, 0xc1, 0xb7, 0x69, 0x0d, 0xe3, 0xd6, + 0xda, 0xca, 0x10, 0xac, 0x88, 0x4a, 0x88, 0x13, 0xfe, 0x93, 0x48, 0xf5, + 0x00, 0x6e, 0x98, 0xb4, 0x9c, 0xc9, 0x24, 0xfc, 0xfb, 0x6a, 0x72, 0x40, + 0x76, 0x79, 0x10, 0x5c, 0xa1, 0x96, 0x95, 0x15, 0x7e, 0x6d, 0x07, 0x2c, + 0x02, 0xb1, 0xf8, 0xa9, 0x07, 0x1a, 0xba, 0x67, 0xc5, 0x7d, 0x6a, 0xdf, + 0x0c, 0xa1, 0xee, 0x6f, 0xbc, 0xac, 0x8e, 0xee, 0x43, 0x1f, 0xb2, 0xac, + 0xaf, 0x43, 0x67, 0xef, 0x6e, 0xac, 0x7a, 0x72, 0x85, 0xb3, 0x64, 0x93, + 0xde, 0x16, 0x13, 0x10, 0xd9, 0x98, 0x13, 0xec, 0x71, 0xb0, 0xef, 0x67, + 0x7d, 0x0c, 0x10, 0xde, 0x98, 0xe0, 0xc7, 0x56, 0x00, 0xbf, 0x21, 0x38, + 0x99, 0x2f, 0xf6, 0x52, 0x9b, 0x7e, 0x44, 0xd7, 0x85, 0x49, 0xd1, 0x2b, + 0x4f, 0xcb, 0x6e, 0x9d, 0x63, 0x93, 0xe0, 0xd2, 0xcb, 0x8b, 0x28, 0xb6, + 0x43, 0xc6, 0x12, 0x1f, 0xd6, 0x94, 0xad, 0xc7, 0xf2, 0xa1, 0x59, 0xc0, + 0xa5, 0xe4, 0x94, 0xa7, 0x4a, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, + 0x72, 0x22, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x03, 0x00, + 0x00, 0x11, 0x11, 0x11, 0x11, 0x22, 0x22, 0x33, 0x33, 0x44, 0x44, 0x12, + 0x34, 0x56, 0x78, 0x9a, 0xbc, 0x30, 0x82, 0x02, 0xf2, 0x30, 0x82, 0x01, + 0xda, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 0xfe, 0xdd, 0x2e, + 0xec, 0xe0, 0x22, 0xdd, 0xf9, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x0e, 0x31, 0x0c, + 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x03, 0x4b, 0x45, 0x4b, + 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x39, 0x30, 0x31, 0x31, 0x32, 0x31, 0x38, + 0x35, 0x36, 0x33, 0x31, 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x31, 0x30, + 0x39, 0x31, 0x38, 0x35, 0x36, 0x33, 0x31, 0x5a, 0x30, 0x0e, 0x31, 0x0c, + 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x03, 0x4b, 0x45, 0x4b, + 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, + 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xd1, 0xf8, 0xab, + 0xdb, 0xc2, 0xf5, 0x51, 0xde, 0x7b, 0x9f, 0x28, 0xff, 0xae, 0xdb, 0xa5, + 0xbf, 0x73, 0x63, 0x99, 0x5e, 0x04, 0xa5, 0x9d, 0xfd, 0xcd, 0x24, 0x2e, + 0xdd, 0x0b, 0x02, 0x88, 0xe9, 0x71, 0x7b, 0xf2, 0x89, 0x90, 0xae, 0xaf, + 0x0d, 0xa0, 0x68, 0x4d, 0x31, 0x1b, 0x30, 0xe8, 0x19, 0x2e, 0xfc, 0x33, + 0x8f, 0xee, 0x6d, 0x2a, 0x0a, 0x09, 0x42, 0x34, 0xc1, 0x40, 0xa8, 0xe8, + 0xb6, 0xc7, 0x92, 0x5d, 0xa5, 0x96, 0x14, 0xd7, 0xaf, 0x8c, 0x71, 0x6b, + 0x4e, 0x7d, 0x6e, 0xfa, 0x73, 0x1c, 0x40, 0x4c, 0x05, 0x9e, 0xfa, 0xb2, + 0x4c, 0x8c, 0xcb, 0x9d, 0xe2, 0xa9, 0x04, 0x01, 0x91, 0x5b, 0xbf, 0xff, + 0x85, 0x54, 0x2a, 0x65, 0x96, 0x84, 0x6f, 0xfa, 0x99, 0x1c, 0x9e, 0xe0, + 0x77, 0x68, 0x4d, 0x58, 0x2a, 0xc7, 0xc0, 0x8f, 0x71, 0x5a, 0x8f, 0xa9, + 0xff, 0x44, 0xed, 0xf7, 0xe4, 0x47, 0xd8, 0x4c, 0x9c, 0xf4, 0x78, 0xa0, + 0xb3, 0x37, 0xaf, 0x43, 0x0b, 0x03, 0x6f, 0xe4, 0xe1, 0x2d, 0x52, 0x0b, + 0x4b, 0x62, 0xc6, 0x2f, 0xe3, 0xfc, 0x32, 0xf2, 0xe2, 0x11, 0x1c, 0xac, + 0xdf, 0x5a, 0xe8, 0xdd, 0x55, 0x65, 0xa4, 0x6f, 0x61, 0xb7, 0x0f, 0x1c, + 0xc6, 0x08, 0x2a, 0xaf, 0x5d, 0x36, 0x50, 0x06, 0x7b, 0x49, 0xa0, 0x8b, + 0x1c, 0x93, 0xdc, 0x72, 0x69, 0x7b, 0xf1, 0xcc, 0xee, 0xa4, 0xe8, 0xd0, + 0x7b, 0x5f, 0x61, 0xbc, 0xbe, 0x20, 0xfb, 0x0b, 0xaa, 0x54, 0xf6, 0xe0, + 0x13, 0xad, 0xe8, 0x96, 0x53, 0x6a, 0xa9, 0x4b, 0xa1, 0xcf, 0x56, 0x10, + 0xbc, 0x2a, 0x09, 0xc9, 0x0a, 0xcc, 0x8d, 0x20, 0xdd, 0x4d, 0x14, 0xc7, + 0x08, 0xab, 0xc1, 0xc3, 0xaf, 0x0b, 0x35, 0x40, 0x57, 0x34, 0x97, 0x3b, + 0xa2, 0x2d, 0xa3, 0x46, 0xc1, 0x30, 0x14, 0x88, 0xa8, 0x74, 0x79, 0xdd, + 0xb1, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x53, 0x30, 0x51, 0x30, 0x1d, + 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xd7, 0x75, 0xfc, + 0xed, 0xb7, 0xc8, 0xb5, 0xf8, 0x7d, 0x28, 0xc5, 0x13, 0x34, 0xcd, 0x0b, + 0xbe, 0x57, 0x0d, 0x94, 0xa8, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, + 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xd7, 0x75, 0xfc, 0xed, 0xb7, 0xc8, + 0xb5, 0xf8, 0x7d, 0x28, 0xc5, 0x13, 0x34, 0xcd, 0x0b, 0xbe, 0x57, 0x0d, + 0x94, 0xa8, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, + 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, + 0x01, 0x01, 0x00, 0x58, 0xd2, 0x25, 0xa3, 0xe6, 0xaa, 0xb9, 0x56, 0x67, + 0xc3, 0xa6, 0x4b, 0x88, 0x99, 0xfe, 0xde, 0xc6, 0x16, 0x4c, 0x43, 0x1b, + 0xb8, 0xea, 0xe3, 0x77, 0xc4, 0xe4, 0x66, 0x15, 0x9f, 0x92, 0x6d, 0xe3, + 0x7f, 0x3c, 0xac, 0x88, 0x8b, 0xb9, 0xc5, 0x5c, 0x39, 0x4f, 0x02, 0x75, + 0x5a, 0x3d, 0xc5, 0xaf, 0xad, 0x8f, 0x32, 0xd4, 0x5a, 0x44, 0xc8, 0xcb, + 0x1f, 0x40, 0xa1, 0x44, 0xef, 0xa8, 0x2a, 0xa4, 0x0d, 0x7a, 0x25, 0xe1, + 0x6c, 0x09, 0x4b, 0x96, 0x6a, 0x73, 0x0f, 0xe0, 0x9b, 0x0e, 0x26, 0xff, + 0x61, 0x96, 0xc4, 0xb6, 0x10, 0xe1, 0x90, 0x36, 0xfd, 0x96, 0xb5, 0x90, + 0xb0, 0x76, 0xed, 0xc2, 0x17, 0xc0, 0xfe, 0xd4, 0x38, 0xff, 0x7f, 0xc3, + 0xa0, 0x88, 0x60, 0xe8, 0x27, 0x10, 0x34, 0x35, 0x93, 0x59, 0xcb, 0x12, + 0xe5, 0x25, 0xaf, 0x2d, 0x1d, 0x7d, 0x3f, 0x16, 0x95, 0x71, 0x57, 0x8e, + 0x3f, 0xc2, 0xad, 0x8e, 0xc4, 0x0e, 0xe1, 0xed, 0x46, 0xf9, 0xd7, 0x07, + 0x85, 0xb3, 0x05, 0xbe, 0xf1, 0x4c, 0xba, 0xf1, 0x34, 0xe5, 0xd5, 0x26, + 0x9b, 0x6c, 0x15, 0x9e, 0x35, 0xa2, 0xd5, 0x81, 0x09, 0x36, 0x05, 0xa6, + 0x99, 0x1f, 0xa2, 0x17, 0x35, 0x3a, 0x38, 0x18, 0x52, 0x44, 0xcf, 0x22, + 0xb3, 0x69, 0xba, 0x07, 0x74, 0x48, 0x1c, 0x8e, 0x4c, 0xa7, 0xb0, 0xc2, + 0x65, 0x6c, 0x1d, 0x30, 0xe2, 0x82, 0xc2, 0x35, 0x60, 0x25, 0xf2, 0xb1, + 0x05, 0x18, 0x0a, 0x73, 0x87, 0x27, 0xee, 0x6e, 0xc2, 0x5f, 0xff, 0xd8, + 0xfc, 0x77, 0x06, 0x2e, 0x3d, 0x4f, 0xa1, 0x14, 0x04, 0x5d, 0xae, 0x38, + 0x28, 0xf9, 0x3d, 0x82, 0x5f, 0xc6, 0xd0, 0x31, 0x21, 0x88, 0xda, 0x7f, + 0x78, 0xe3, 0xb7, 0xed, 0x52, 0x37, 0xf4, 0x29, 0x08, 0x88, 0x50, 0x54, + 0x56, 0x67, 0xc0, 0xe1, 0xf4, 0xe7, 0xcf, +}; +unsigned int ValidKEK_auth_len = 1987; + +unsigned char InvalidKEK_auth[] = { + 0x00, 0x00 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00 , + 0x91, 0x04 , 0x00 , 0x00 , 0x00 , 0x02 , 0xf1 , 0x0e , 0x9d , 0xd2 , 0xaf , 0x4a , 0xdf , 0x68 , 0xee , 0x49 , + 0x8a, 0xa9 , 0x34 , 0x7d , 0x37 , 0x56 , 0x65 , 0xa7 , 0x30 , 0x82 , 0x04 , 0x75 , 0x06 , 0x09 , 0x2a , 0x86 , + 0x48, 0x86 , 0xf7 , 0x0d , 0x01 , 0x07 , 0x02 , 0xa0 , 0x82 , 0x04 , 0x66 , 0x30 , 0x82 , 0x04 , 0x62 , 0x02 , + 0x01, 0x01 , 0x31 , 0x0f , 0x30 , 0x0d , 0x06 , 0x09 , 0x60 , 0x86 , 0x48 , 0x01 , 0x65 , 0x03 , 0x04 , 0x02 , + 0x01, 0x05 , 0x00 , 0x30 , 0x0b , 0x06 , 0x09 , 0x2a , 0x86 , 0x48 , 0x86 , 0xf7 , 0x0d , 0x01 , 0x07 , 0x01 , + 0xa0, 0x82 , 0x02 , 0xf4 , 0x30 , 0x82 , 0x02 , 0xf0 , 0x30 , 0x82 , 0x01 , 0xd8 , 0xa0 , 0x03 , 0x02 , 0x01 , + 0x02, 0x02 , 0x09 , 0x00 , 0xec , 0x89 , 0x21 , 0xbe , 0xc3 , 0xb0 , 0x04 , 0xc6 , 0x30 , 0x0d , 0x06 , 0x09 , + 0x2a, 0x86 , 0x48 , 0x86 , 0xf7 , 0x0d , 0x01 , 0x01 , 0x0b , 0x05 , 0x00 , 0x30 , 0x0d , 0x31 , 0x0b , 0x30 , + 0x09, 0x06 , 0x03 , 0x55 , 0x04 , 0x03 , 0x0c , 0x02 , 0x50 , 0x4b , 0x30 , 0x1e , 0x17 , 0x0d , 0x31 , 0x39 , + 0x30, 0x31 , 0x31 , 0x32 , 0x31 , 0x38 , 0x35 , 0x36 , 0x32 , 0x39 , 0x5a , 0x17 , 0x0d , 0x32 , 0x39 , 0x30 , + 0x31, 0x30 , 0x39 , 0x31 , 0x38 , 0x35 , 0x36 , 0x32 , 0x39 , 0x5a , 0x30 , 0x0d , 0x31 , 0x0b , 0x30 , 0x09 , + 0x06, 0x03 , 0x55 , 0x04 , 0x03 , 0x0c , 0x02 , 0x50 , 0x4b , 0x30 , 0x82 , 0x01 , 0x22 , 0x30 , 0x0d , 0x06 , + 0x09, 0x2a , 0x86 , 0x48 , 0x86 , 0xf7 , 0x0d , 0x01 , 0x01 , 0x01 , 0x05 , 0x00 , 0x03 , 0x82 , 0x01 , 0x0f , + 0x00, 0x30 , 0x82 , 0x01 , 0x0a , 0x02 , 0x82 , 0x01 , 0x01 , 0x00 , 0xee , 0xa9 , 0xd0 , 0x47 , 0xf4 , 0x2d , + 0xfd, 0xff , 0x21 , 0x6f , 0x11 , 0x89 , 0x9d , 0x54 , 0xe8 , 0xb1 , 0x97 , 0x61 , 0x10 , 0x21 , 0xe1 , 0x9e , + 0x51, 0x09 , 0x66 , 0xea , 0x23 , 0xdb , 0x01 , 0xd3 , 0x5d , 0xa6 , 0xce , 0xc5 , 0x75 , 0x52 , 0xec , 0x2f , + 0xb4, 0x1f , 0x36 , 0xb4 , 0x35 , 0xca , 0x30 , 0xfd , 0xd9 , 0xed , 0x14 , 0x63 , 0xa3 , 0x9e , 0xc6 , 0x0d , + 0xc0, 0x8d , 0xca , 0x7a , 0x1b , 0x9a , 0xcd , 0xbf , 0xb4 , 0x4c , 0x21 , 0x8d , 0xe0 , 0xf6 , 0xbc , 0x74 , + 0xbc, 0xef , 0xc6 , 0x8f , 0xc1 , 0x81 , 0x33 , 0x5f , 0x1e , 0xe6 , 0xed , 0x69 , 0x68 , 0x49 , 0x4c , 0xd7 , + 0x0f, 0x84 , 0x70 , 0xf0 , 0xf6 , 0x1b , 0x07 , 0x35 , 0xa4 , 0x09 , 0xae , 0x5e , 0xdd , 0x42 , 0xa2 , 0x75 , + 0x48, 0xd4 , 0xfa , 0x3c , 0x28 , 0xe7 , 0xaa , 0xc9 , 0x2b , 0xbf , 0xc1 , 0x91 , 0x65 , 0x19 , 0x99 , 0x3b , + 0x56, 0x80 , 0x1a , 0xee , 0x90 , 0x43 , 0xae , 0xbf , 0x1f , 0xff , 0xd2 , 0x55 , 0x1d , 0x18 , 0xff , 0x49 , + 0x38, 0xd8 , 0xdc , 0x21 , 0xe1 , 0x86 , 0xfb , 0xf2 , 0x86 , 0x43 , 0x37 , 0x2e , 0x93 , 0xe8 , 0xd0 , 0x41 , + 0xdb, 0xc9 , 0x73 , 0xd8 , 0x0f , 0xf5 , 0x11 , 0x18 , 0xa9 , 0x93 , 0xb2 , 0x87 , 0x90 , 0xc2 , 0x58 , 0x96 , + 0x93, 0xff , 0x69 , 0xb2 , 0x05 , 0xec , 0xaa , 0x0e , 0xcc , 0xfe , 0x1a , 0x78 , 0x6c , 0x31 , 0xfa , 0x6b , + 0x0d, 0xb6 , 0xeb , 0xac , 0xaf , 0xc9 , 0xa5 , 0x09 , 0xbb , 0xdd , 0x01 , 0x16 , 0x6d , 0x31 , 0x53 , 0x2c , + 0xcb, 0xc1 , 0x82 , 0x87 , 0x81 , 0x99 , 0x7f , 0xc1 , 0xee , 0x86 , 0x6a , 0xed , 0x50 , 0xfc , 0x39 , 0xc1 , + 0x51, 0x71 , 0x04 , 0xe0 , 0x66 , 0x63 , 0x6f , 0x8d , 0x17 , 0x35 , 0x63 , 0x56 , 0x4b , 0x90 , 0x20 , 0x7a , + 0x5f, 0xc8 , 0x63 , 0xee , 0xf4 , 0x82 , 0xe1 , 0x61 , 0xbf , 0x41 , 0x46 , 0x04 , 0xfd , 0x96 , 0x46 , 0x2a , + 0x8b, 0x8d , 0xa2 , 0x4c , 0x82 , 0xe3 , 0xf0 , 0x6e , 0x24 , 0x8b , 0x02 , 0x03 , 0x01 , 0x00 , 0x01 , 0xa3 , + 0x53, 0x30 , 0x51 , 0x30 , 0x1d , 0x06 , 0x03 , 0x55 , 0x1d , 0x0e , 0x04 , 0x16 , 0x04 , 0x14 , 0x14 , 0xb2 , + 0x26, 0xdc , 0xe0 , 0x99 , 0x4b , 0xb1 , 0x3e , 0xc4 , 0xc8 , 0xeb , 0xe3 , 0xc9 , 0x8b , 0x69 , 0x78 , 0xef , + 0x55, 0xbd , 0x30 , 0x1f , 0x06 , 0x03 , 0x55 , 0x1d , 0x23 , 0x04 , 0x18 , 0x30 , 0x16 , 0x80 , 0x14 , 0x14 , + 0xb2, 0x26 , 0xdc , 0xe0 , 0x99 , 0x4b , 0xb1 , 0x3e , 0xc4 , 0xc8 , 0xeb , 0xe3 , 0xc9 , 0x8b , 0x69 , 0x78 , + 0xef, 0x55 , 0xbd , 0x30 , 0x0f , 0x06 , 0x03 , 0x55 , 0x1d , 0x13 , 0x01 , 0x01 , 0xff , 0x04 , 0x05 , 0x30 , + 0x03, 0x01 , 0x01 , 0xff , 0x30 , 0x0d , 0x06 , 0x09 , 0x2a , 0x86 , 0x48 , 0x86 , 0xf7 , 0x0d , 0x01 , 0x01 , + 0x0b, 0x05 , 0x00 , 0x03 , 0x82 , 0x01 , 0x01 , 0x00 , 0x8f , 0x4b , 0x0e , 0x4d , 0xd6 , 0xed , 0x73 , 0xb0 , + 0xe6, 0xa5 , 0xcf , 0x37 , 0xed , 0x7b , 0x89 , 0x82 , 0xc4 , 0x67 , 0x95 , 0x16 , 0x03 , 0x19 , 0x3d , 0x9c , + 0xbf, 0x10 , 0x8e , 0x23 , 0x71 , 0xcb , 0x53 , 0xa2 , 0xb0 , 0xa1 , 0x88 , 0xb1 , 0x9b , 0x2e , 0x68 , 0xda , + 0x1e, 0x74 , 0xfe , 0x32 , 0x6f , 0xa1 , 0xda , 0x9f , 0x5b , 0x52 , 0x6b , 0x10 , 0x11 , 0x48 , 0x0d , 0x71 , + 0xec, 0x08 , 0x24 , 0xe5 , 0x0b , 0xb4 , 0x60 , 0x52 , 0x47 , 0x64 , 0xfb , 0xf5 , 0x99 , 0x45 , 0x15 , 0xe1 , + 0x35, 0x6c , 0x43 , 0xe3 , 0x9c , 0xeb , 0xe4 , 0xfd , 0x5b , 0x91 , 0x5d , 0xed , 0xa9 , 0x98 , 0x13 , 0x79 , + 0x6d, 0xcd , 0x8a , 0x8f , 0xae , 0x09 , 0x42 , 0xd4 , 0xa1 , 0x46 , 0x89 , 0xd1 , 0x95 , 0x20 , 0x27 , 0x82 , + 0x80, 0x93 , 0x3d , 0xe0 , 0x32 , 0xb2 , 0x07 , 0x2e , 0xee , 0x89 , 0xbf , 0x08 , 0xca , 0x3c , 0xc5 , 0xcc , + 0x1d, 0x64 , 0x61 , 0x4c , 0xdd , 0x26 , 0x99 , 0x3d , 0xee , 0x0f , 0xad , 0x14 , 0xbe , 0x8f , 0x70 , 0x9e , + 0xb1, 0x31 , 0xd1 , 0xb2 , 0x7d , 0xdf , 0xbc , 0x23 , 0xc6 , 0x36 , 0x23 , 0xfc , 0xa1 , 0x77 , 0xdb , 0x80 , + 0xaf, 0x41 , 0xaf , 0xe2 , 0xb2 , 0x37 , 0x8c , 0x74 , 0xff , 0x19 , 0x04 , 0x96 , 0x6a , 0x40 , 0x37 , 0x7f , + 0x5e, 0x76 , 0x9b , 0xee , 0x84 , 0x7e , 0x4e , 0x2f , 0x75 , 0x7d , 0x76 , 0xfa , 0x90 , 0x76 , 0x08 , 0x41 , + 0x61, 0x63 , 0xa4 , 0x9e , 0x79 , 0x2e , 0xb0 , 0x52 , 0xec , 0xc7 , 0xa0 , 0x47 , 0x16 , 0x76 , 0x4f , 0x01 , + 0xb1, 0x58 , 0x67 , 0xe7 , 0x59 , 0x6a , 0x9a , 0xe9 , 0xf8 , 0x59 , 0x33 , 0x52 , 0x98 , 0x52 , 0xc8 , 0xb7 , + 0x6f, 0xc8 , 0x44 , 0x52 , 0x8b , 0xa2 , 0x30 , 0x1e , 0xb6 , 0xd2 , 0xc2 , 0x0c , 0x43 , 0x9f , 0x13 , 0x1f , + 0x0f, 0xef , 0x16 , 0xa6 , 0xc0 , 0xf7 , 0x09 , 0x8b , 0x2e , 0xa7 , 0x7d , 0x6a , 0x30 , 0x0b , 0x09 , 0xbb , + 0x69, 0x2f , 0xaf , 0xe7 , 0x12 , 0xe1 , 0x66 , 0x15 , 0x31 , 0x82 , 0x01 , 0x45 , 0x30 , 0x82 , 0x01 , 0x41 , + 0x02, 0x01 , 0x01 , 0x30 , 0x1a , 0x30 , 0x0d , 0x31 , 0x0b , 0x30 , 0x09 , 0x06 , 0x03 , 0x55 , 0x04 , 0x03 , + 0x0c, 0x02 , 0x50 , 0x4b , 0x02 , 0x09 , 0x00 , 0xec , 0x89 , 0x21 , 0xbe , 0xc3 , 0xb0 , 0x04 , 0xc6 , 0x30 , + 0x0d, 0x06 , 0x09 , 0x60 , 0x86 , 0x48 , 0x01 , 0x65 , 0x03 , 0x04 , 0x02 , 0x01 , 0x05 , 0x00 , 0x30 , 0x0d , + 0x06, 0x09 , 0x2a , 0x86 , 0x48 , 0x86 , 0xf7 , 0x0d , 0x01 , 0x01 , 0x01 , 0x05 , 0x00 , 0x04 , 0x82 , 0x01 , + 0x00, 0x0d , 0x5c , 0x86 , 0xe2 , 0xe1 , 0x7e , 0x1c , 0x1d , 0x8a , 0x4b , 0x57 , 0xd8 , 0x68 , 0x78 , 0x34 , + 0x8b, 0xd9 , 0xaa , 0xc5 , 0x67 , 0xbc , 0xf4 , 0x9f , 0x16 , 0xfe , 0x2c , 0xba , 0x5b , 0xe3 , 0x35 , 0x9a , + 0xb1, 0xec , 0x57 , 0x12 , 0x26 , 0x1f , 0x5b , 0xd0 , 0x15 , 0x28 , 0x25 , 0xa9 , 0x09 , 0xd9 , 0x1a , 0x56 , + 0xe7, 0xb2 , 0xd1 , 0x04 , 0x0f , 0x83 , 0x70 , 0x99 , 0xff , 0x6f , 0x5f , 0xa4 , 0x89 , 0x91 , 0xa9 , 0x2a , + 0xe7, 0xb0 , 0x30 , 0xbd , 0x07 , 0xcf , 0x8d , 0x93 , 0xd2 , 0x5a , 0xf0 , 0x16 , 0x13 , 0x7c , 0xc3 , 0xef , + 0x27, 0xbb , 0x4d , 0x72 , 0x04 , 0x9f , 0xbb , 0x49 , 0xf3 , 0x7c , 0x18 , 0x1a , 0xcd , 0x12 , 0x99 , 0xea , + 0x3a, 0x41 , 0x0a , 0xa1 , 0x55 , 0x74 , 0xa3 , 0x30 , 0x17 , 0xfd , 0x4e , 0x8d , 0x4a , 0x3d , 0x5f , 0x0f , + 0x08, 0x7c , 0x1a , 0x39 , 0xc5 , 0xc4 , 0xd7 , 0xb6 , 0xf6 , 0x3b , 0xa7 , 0x3e , 0x6c , 0x68 , 0xf9 , 0x69 , + 0xcd, 0x7a , 0x47 , 0x43 , 0xc5 , 0x68 , 0x56 , 0x74 , 0xde , 0x4c , 0x38 , 0xf5 , 0x6d , 0xf6 , 0x96 , 0xac , + 0xf3, 0x5c , 0x6a , 0xc9 , 0x7d , 0x45 , 0x44 , 0x4e , 0x98 , 0xcc , 0xd9 , 0xbe , 0x5f , 0xbd , 0xa3 , 0x0a , + 0x34, 0x0e , 0x53 , 0x4b , 0x08 , 0x93 , 0x8b , 0xf9 , 0x46 , 0x49 , 0xca , 0x6a , 0x98 , 0x26 , 0x90 , 0x86 , + 0x51, 0xee , 0x24 , 0x2f , 0xcb , 0xa0 , 0x7f , 0x94 , 0xd8 , 0x6d , 0xee , 0x58 , 0xf9 , 0xe3 , 0x4e , 0x6d , + 0xaf, 0xa2 , 0x00 , 0xb6 , 0xeb , 0x70 , 0x8c , 0x9d , 0x90 , 0xfe , 0x58 , 0xdd , 0x48 , 0xf6 , 0x99 , 0x09 , + 0x41, 0xdd , 0xde , 0x7c , 0xae , 0xd7 , 0x8c , 0x57 , 0x4e , 0x47 , 0x79 , 0x38 , 0x03 , 0x42 , 0xeb , 0xb4 , + 0x2d, 0xb8 , 0x9e , 0xcf , 0x58 , 0xa4 , 0x32 , 0x00 , 0x2a , 0x66 , 0x4e , 0xf5 , 0xde , 0x96 , 0x9b , 0x60 , + 0xc7, 0xc5 , 0xcf , 0xe2 , 0xa2 , 0x9b , 0x0f , 0x39 , 0x64 , 0x13 , 0x12 , 0x41 , 0x77 , 0xb2 , 0xd2 , 0x50 , + 0x5c, 0xa1 , 0x59 , 0xc0 , 0xa5 , 0xe4 , 0x94 , 0xa7 , 0x4a , 0x87 , 0xb5 , 0xab , 0x15 , 0x5c , 0x2b , 0xf0 , + 0x72, 0x22 , 0x03 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00 , 0x06 , 0x03 , 0x00 , 0x00 , 0x11 , 0x11 , 0x11 , + 0x11, 0x22 , 0x22 , 0x33 , 0x33 , 0x44 , 0x44 , 0x12 , 0x34 , 0x56 , 0x78 , 0x9a , 0xbc , 0x30 , 0x82 , 0x02 , + 0xf2, 0x30 , 0x82 , 0x01 , 0xda , 0xa0 , 0x03 , 0x02 , 0x01 , 0x02 , 0x02 , 0x09 , 0x00 , 0xfe , 0xdd , 0x2e , + 0xec, 0xe0 , 0x22 , 0xdd , 0xf9 , 0x30 , 0x0d , 0x06 , 0x09 , 0x2a , 0x86 , 0x48 , 0x86 , 0xf7 , 0x0d , 0x01 , + 0x01, 0x0b , 0x05 , 0x00 , 0x30 , 0x0e , 0x31 , 0x0c , 0x30 , 0x0a , 0x06 , 0x03 , 0x55 , 0x04 , 0x03 , 0x0c , + 0x03, 0x4b , 0x45 , 0x4b , 0x30 , 0x1e , 0x17 , 0x0d , 0x31 , 0x39 , 0x30 , 0x31 , 0x31 , 0x32 , 0x31 , 0x38 , + 0x35, 0x36 , 0x33 , 0x31 , 0x5a , 0x17 , 0x0d , 0x32 , 0x39 , 0x30 , 0x31 , 0x30 , 0x39 , 0x31 , 0x38 , 0x35 , + 0x36, 0x33 , 0x31 , 0x5a , 0x30 , 0x0e , 0x31 , 0x0c , 0x30 , 0x0a , 0x06 , 0x03 , 0x55 , 0x04 , 0x03 , 0x0c , + 0x03, 0x4b , 0x45 , 0x4b , 0x30 , 0x82 , 0x01 , 0x22 , 0x30 , 0x0d , 0x06 , 0x09 , 0x2a , 0x86 , 0x48 , 0x86 , + 0xf7, 0x0d , 0x01 , 0x01 , 0x01 , 0x05 , 0x00 , 0x03 , 0x82 , 0x01 , 0x0f , 0x00 , 0x30 , 0x82 , 0x01 , 0x0a , + 0x02, 0x82 , 0x01 , 0x01 , 0x00 , 0xd1 , 0xf8 , 0xab , 0xdb , 0xc2 , 0xf5 , 0x51 , 0xde , 0x7b , 0x9f , 0x28 , + 0xff, 0xae , 0xdb , 0xa5 , 0xbf , 0x73 , 0x63 , 0x99 , 0x5e , 0x04 , 0xa5 , 0x9d , 0xfd , 0xcd , 0x24 , 0x2e , + 0xdd, 0x0b , 0x02 , 0x88 , 0xe9 , 0x71 , 0x7b , 0xf2 , 0x89 , 0x90 , 0xae , 0xaf , 0x0d , 0xa0 , 0x68 , 0x4d , + 0x31, 0x1b , 0x30 , 0xe8 , 0x19 , 0x2e , 0xfc , 0x33 , 0x8f , 0xee , 0x6d , 0x2a , 0x0a , 0x09 , 0x42 , 0x34 , + 0xc1, 0x40 , 0xa8 , 0xe8 , 0xb6 , 0xc7 , 0x92 , 0x5d , 0xa5 , 0x96 , 0x14 , 0xd7 , 0xaf , 0x8c , 0x71 , 0x6b , + 0x4e, 0x7d , 0x6e , 0xfa , 0x73 , 0x1c , 0x40 , 0x4c , 0x05 , 0x9e , 0xfa , 0xb2 , 0x4c , 0x8c , 0xcb , 0x9d , + 0xe2, 0xa9 , 0x04 , 0x01 , 0x91 , 0x5b , 0xbf , 0xff , 0x85 , 0x54 , 0x2a , 0x65 , 0x96 , 0x84 , 0x6f , 0xfa , + 0x99, 0x1c , 0x9e , 0xe0 , 0x77 , 0x68 , 0x4d , 0x58 , 0x2a , 0xc7 , 0xc0 , 0x8f , 0x71 , 0x5a , 0x8f , 0xa9 , + 0xff, 0x44 , 0xed , 0xf7 , 0xe4 , 0x47 , 0xd8 , 0x4c , 0x9c , 0xf4 , 0x78 , 0xa0 , 0xb3 , 0x37 , 0xaf , 0x43 , + 0x0b, 0x03 , 0x6f , 0xe4 , 0xe1 , 0x2d , 0x52 , 0x0b , 0x4b , 0x62 , 0xc6 , 0x2f , 0xe3 , 0xfc , 0x32 , 0xf2 , + 0xe2, 0x11 , 0x1c , 0xac , 0xdf , 0x5a , 0xe8 , 0xdd , 0x55 , 0x65 , 0xa4 , 0x6f , 0x61 , 0xb7 , 0x0f , 0x1c , + 0xc6, 0x08 , 0x2a , 0xaf , 0x5d , 0x36 , 0x50 , 0x06 , 0x7b , 0x49 , 0xa0 , 0x8b , 0x1c , 0x93 , 0xdc , 0x72 , + 0x69, 0x7b , 0xf1 , 0xcc , 0xee , 0xa4 , 0xe8 , 0xd0 , 0x7b , 0x5f , 0x61 , 0xbc , 0xbe , 0x20 , 0xfb , 0x0b , + 0xaa, 0x54 , 0xf6 , 0xe0 , 0x13 , 0xad , 0xe8 , 0x96 , 0x53 , 0x6a , 0xa9 , 0x4b , 0xa1 , 0xcf , 0x56 , 0x10 , + 0xbc, 0x2a , 0x09 , 0xc9 , 0x0a , 0xcc , 0x8d , 0x20 , 0xdd , 0x4d , 0x14 , 0xc7 , 0x08 , 0xab , 0xc1 , 0xc3 , + 0xaf, 0x0b , 0x35 , 0x40 , 0x57 , 0x34 , 0x97 , 0x3b , 0xa2 , 0x2d , 0xa3 , 0x46 , 0xc1 , 0x30 , 0x14 , 0x88 , + 0xa8, 0x74 , 0x79 , 0xdd , 0xb1 , 0x02 , 0x03 , 0x01 , 0x00 , 0x01 , 0xa3 , 0x53 , 0x30 , 0x51 , 0x30 , 0x1d , + 0x06, 0x03 , 0x55 , 0x1d , 0x0e , 0x04 , 0x16 , 0x04 , 0x14 , 0xd7 , 0x75 , 0xfc , 0xed , 0xb7 , 0xc8 , 0xb5 , + 0xf8, 0x7d , 0x28 , 0xc5 , 0x13 , 0x34 , 0xcd , 0x0b , 0xbe , 0x57 , 0x0d , 0x94 , 0xa8 , 0x30 , 0x1f , 0x06 , + 0x03, 0x55 , 0x1d , 0x23 , 0x04 , 0x18 , 0x30 , 0x16 , 0x80 , 0x14 , 0xd7 , 0x75 , 0xfc , 0xed , 0xb7 , 0xc8 , + 0xb5, 0xf8 , 0x7d , 0x28 , 0xc5 , 0x13 , 0x34 , 0xcd , 0x0b , 0xbe , 0x57 , 0x0d , 0x94 , 0xa8 , 0x30 , 0x0f , + 0x06, 0x03 , 0x55 , 0x1d , 0x13 , 0x01 , 0x01 , 0xff , 0x04 , 0x05 , 0x30 , 0x03 , 0x01 , 0x01 , 0xff , 0x30 , + 0x0d, 0x06 , 0x09 , 0x2a , 0x86 , 0x48 , 0x86 , 0xf7 , 0x0d , 0x01 , 0x01 , 0x0b , 0x05 , 0x00 , 0x03 , 0x82 , + 0x01, 0x01 , 0x00 , 0x58 , 0xd2 , 0x25 , 0xa3 , 0xe6 , 0xaa , 0xb9 , 0x56 , 0x67 , 0xc3 , 0xa6 , 0x4b , 0x88 , + 0x99, 0xfe , 0xde , 0xc6 , 0x16 , 0x4c , 0x43 , 0x1b , 0xb8 , 0xea , 0xe3 , 0x77 , 0xc4 , 0xe4 , 0x66 , 0x15 , + 0x9f, 0x92 , 0x6d , 0xe3 , 0x7f , 0x3c , 0xac , 0x88 , 0x8b , 0xb9 , 0xc5 , 0x5c , 0x39 , 0x4f , 0x02 , 0x75 , + 0x5a, 0x3d , 0xc5 , 0xaf , 0xad , 0x8f , 0x32 , 0xd4 , 0x5a , 0x44 , 0xc8 , 0xcb , 0x1f , 0x40 , 0xa1 , 0x44 , + 0xef, 0xa8 , 0x2a , 0xa4 , 0x0d , 0x7a , 0x25 , 0xe1 , 0x6c , 0x09 , 0x4b , 0x96 , 0x6a , 0x73 , 0x0f , 0xe0 , + 0x9b, 0x0e , 0x26 , 0xff , 0x61 , 0x96 , 0xc4 , 0xb6 , 0x10 , 0xe1 , 0x90 , 0x36 , 0xfd , 0x96 , 0xb5 , 0x90 , + 0xb0, 0x76 , 0xed , 0xc2 , 0x17 , 0xc0 , 0xfe , 0xd4 , 0x38 , 0xff , 0x7f , 0xc3 , 0xa0 , 0x88 , 0x60 , 0xe8 , + 0x27, 0x10 , 0x34 , 0x35 , 0x93 , 0x59 , 0xcb , 0x12 , 0xe5 , 0x25 , 0xaf , 0x2d , 0x1d , 0x7d , 0x3f , 0x16 , + 0x95, 0x71 , 0x57 , 0x8e , 0x3f , 0xc2 , 0xad , 0x8e , 0xc4 , 0x0e , 0xe1 , 0xed , 0x46 , 0xf9 , 0xd7 , 0x07 , + 0x85, 0xb3 , 0x05 , 0xbe , 0xf1 , 0x4c , 0xba , 0xf1 , 0x34 , 0xe5 , 0xd5 , 0x26 , 0x9b , 0x6c , 0x15 , 0x9e , + 0x35, 0xa2 , 0xd5 , 0x81 , 0x09 , 0x36 , 0x05 , 0xa6 , 0x99 , 0x1f , 0xa2 , 0x17 , 0x35 , 0x3a , 0x38 , 0x18 , + 0x52, 0x44 , 0xcf , 0x22 , 0xb3 , 0x69 , 0xba , 0x07 , 0x74 , 0x48 , 0x1c , 0x8e , 0x4c , 0xa7 , 0xb0 , 0xc2 , + 0x65, 0x6c , 0x1d , 0x30 , 0xe2 , 0x82 , 0xc2 , 0x35 , 0x60 , 0x25 , 0xf2 , 0xb1 , 0x05 , 0x18 , 0x0a , 0x73 , + 0x87, 0x27 , 0xee , 0x6e , 0xc2 , 0x5f , 0xff , 0xd8 , 0xfc , 0x77 , 0x06 , 0x2e , 0x3d , 0x4f , 0xa1 , 0x14 , + 0x04, 0x5d , 0xae , 0x38 , 0x28 , 0xf9 , 0x3d , 0x82 , 0x5f , 0xc6 , 0xd0 , 0x31 , 0x21 , 0x88 , 0xda , 0x7f , + 0x78, 0xe3 , 0xb7 , 0xed , 0x52 , 0x37 , 0xf4 , 0x29 , 0x08 , 0x88 , 0x50 , 0x54 , 0x56 , 0x67 , 0xc0 , 0xe1 , + 0xf4, 0xe7 , 0xcf }; + +unsigned char DB_auth[] = { + 0xe3 ,0x07 ,0x0b ,0x19 ,0x0a ,0x1a ,0x35 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 , + 0x94 ,0x04 ,0x00 ,0x00 ,0x00 ,0x02 ,0xf1 ,0x0e ,0x9d ,0xd2 ,0xaf ,0x4a ,0xdf ,0x68 ,0xee ,0x49 , + 0x8a ,0xa9 ,0x34 ,0x7d ,0x37 ,0x56 ,0x65 ,0xa7 ,0x30 ,0x82 ,0x04 ,0x78 ,0x06 ,0x09 ,0x2a ,0x86 , + 0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x07 ,0x02 ,0xa0 ,0x82 ,0x04 ,0x69 ,0x30 ,0x82 ,0x04 ,0x65 ,0x02 , + 0x01 ,0x01 ,0x31 ,0x0f ,0x30 ,0x0d ,0x06 ,0x09 ,0x60 ,0x86 ,0x48 ,0x01 ,0x65 ,0x03 ,0x04 ,0x02 , + 0x01 ,0x05 ,0x00 ,0x30 ,0x0b ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x07 ,0x01 , + 0xa0 ,0x82 ,0x02 ,0xf6 ,0x30 ,0x82 ,0x02 ,0xf2 ,0x30 ,0x82 ,0x01 ,0xda ,0xa0 ,0x03 ,0x02 ,0x01 , + 0x02 ,0x02 ,0x09 ,0x00 ,0xfe ,0xdd ,0x2e ,0xec ,0xe0 ,0x22 ,0xdd ,0xf9 ,0x30 ,0x0d ,0x06 ,0x09 , + 0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x30 ,0x0e ,0x31 ,0x0c ,0x30 , + 0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 ,0x0c ,0x03 ,0x4b ,0x45 ,0x4b ,0x30 ,0x1e ,0x17 ,0x0d ,0x31 , + 0x39 ,0x30 ,0x31 ,0x31 ,0x32 ,0x31 ,0x38 ,0x35 ,0x36 ,0x33 ,0x31 ,0x5a ,0x17 ,0x0d ,0x32 ,0x39 , + 0x30 ,0x31 ,0x30 ,0x39 ,0x31 ,0x38 ,0x35 ,0x36 ,0x33 ,0x31 ,0x5a ,0x30 ,0x0e ,0x31 ,0x0c ,0x30 , + 0x0a ,0x06 ,0x03 ,0x55 ,0x04 ,0x03 ,0x0c ,0x03 ,0x4b ,0x45 ,0x4b ,0x30 ,0x82 ,0x01 ,0x22 ,0x30 , + 0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x01 ,0x05 ,0x00 ,0x03 ,0x82 , + 0x01 ,0x0f ,0x00 ,0x30 ,0x82 ,0x01 ,0x0a ,0x02 ,0x82 ,0x01 ,0x01 ,0x00 ,0xd1 ,0xf8 ,0xab ,0xdb , + 0xc2 ,0xf5 ,0x51 ,0xde ,0x7b ,0x9f ,0x28 ,0xff ,0xae ,0xdb ,0xa5 ,0xbf ,0x73 ,0x63 ,0x99 ,0x5e , + 0x04 ,0xa5 ,0x9d ,0xfd ,0xcd ,0x24 ,0x2e ,0xdd ,0x0b ,0x02 ,0x88 ,0xe9 ,0x71 ,0x7b ,0xf2 ,0x89 , + 0x90 ,0xae ,0xaf ,0x0d ,0xa0 ,0x68 ,0x4d ,0x31 ,0x1b ,0x30 ,0xe8 ,0x19 ,0x2e ,0xfc ,0x33 ,0x8f , + 0xee ,0x6d ,0x2a ,0x0a ,0x09 ,0x42 ,0x34 ,0xc1 ,0x40 ,0xa8 ,0xe8 ,0xb6 ,0xc7 ,0x92 ,0x5d ,0xa5 , + 0x96 ,0x14 ,0xd7 ,0xaf ,0x8c ,0x71 ,0x6b ,0x4e ,0x7d ,0x6e ,0xfa ,0x73 ,0x1c ,0x40 ,0x4c ,0x05 , + 0x9e ,0xfa ,0xb2 ,0x4c ,0x8c ,0xcb ,0x9d ,0xe2 ,0xa9 ,0x04 ,0x01 ,0x91 ,0x5b ,0xbf ,0xff ,0x85 , + 0x54 ,0x2a ,0x65 ,0x96 ,0x84 ,0x6f ,0xfa ,0x99 ,0x1c ,0x9e ,0xe0 ,0x77 ,0x68 ,0x4d ,0x58 ,0x2a , + 0xc7 ,0xc0 ,0x8f ,0x71 ,0x5a ,0x8f ,0xa9 ,0xff ,0x44 ,0xed ,0xf7 ,0xe4 ,0x47 ,0xd8 ,0x4c ,0x9c , + 0xf4 ,0x78 ,0xa0 ,0xb3 ,0x37 ,0xaf ,0x43 ,0x0b ,0x03 ,0x6f ,0xe4 ,0xe1 ,0x2d ,0x52 ,0x0b ,0x4b , + 0x62 ,0xc6 ,0x2f ,0xe3 ,0xfc ,0x32 ,0xf2 ,0xe2 ,0x11 ,0x1c ,0xac ,0xdf ,0x5a ,0xe8 ,0xdd ,0x55 , + 0x65 ,0xa4 ,0x6f ,0x61 ,0xb7 ,0x0f ,0x1c ,0xc6 ,0x08 ,0x2a ,0xaf ,0x5d ,0x36 ,0x50 ,0x06 ,0x7b , + 0x49 ,0xa0 ,0x8b ,0x1c ,0x93 ,0xdc ,0x72 ,0x69 ,0x7b ,0xf1 ,0xcc ,0xee ,0xa4 ,0xe8 ,0xd0 ,0x7b , + 0x5f ,0x61 ,0xbc ,0xbe ,0x20 ,0xfb ,0x0b ,0xaa ,0x54 ,0xf6 ,0xe0 ,0x13 ,0xad ,0xe8 ,0x96 ,0x53 , + 0x6a ,0xa9 ,0x4b ,0xa1 ,0xcf ,0x56 ,0x10 ,0xbc ,0x2a ,0x09 ,0xc9 ,0x0a ,0xcc ,0x8d ,0x20 ,0xdd , + 0x4d ,0x14 ,0xc7 ,0x08 ,0xab ,0xc1 ,0xc3 ,0xaf ,0x0b ,0x35 ,0x40 ,0x57 ,0x34 ,0x97 ,0x3b ,0xa2 , + 0x2d ,0xa3 ,0x46 ,0xc1 ,0x30 ,0x14 ,0x88 ,0xa8 ,0x74 ,0x79 ,0xdd ,0xb1 ,0x02 ,0x03 ,0x01 ,0x00 , + 0x01 ,0xa3 ,0x53 ,0x30 ,0x51 ,0x30 ,0x1d ,0x06 ,0x03 ,0x55 ,0x1d ,0x0e ,0x04 ,0x16 ,0x04 ,0x14 , + 0xd7 ,0x75 ,0xfc ,0xed ,0xb7 ,0xc8 ,0xb5 ,0xf8 ,0x7d ,0x28 ,0xc5 ,0x13 ,0x34 ,0xcd ,0x0b ,0xbe , + 0x57 ,0x0d ,0x94 ,0xa8 ,0x30 ,0x1f ,0x06 ,0x03 ,0x55 ,0x1d ,0x23 ,0x04 ,0x18 ,0x30 ,0x16 ,0x80 , + 0x14 ,0xd7 ,0x75 ,0xfc ,0xed ,0xb7 ,0xc8 ,0xb5 ,0xf8 ,0x7d ,0x28 ,0xc5 ,0x13 ,0x34 ,0xcd ,0x0b , + 0xbe ,0x57 ,0x0d ,0x94 ,0xa8 ,0x30 ,0x0f ,0x06 ,0x03 ,0x55 ,0x1d ,0x13 ,0x01 ,0x01 ,0xff ,0x04 , + 0x05 ,0x30 ,0x03 ,0x01 ,0x01 ,0xff ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d , + 0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x03 ,0x82 ,0x01 ,0x01 ,0x00 ,0x58 ,0xd2 ,0x25 ,0xa3 ,0xe6 ,0xaa , + 0xb9 ,0x56 ,0x67 ,0xc3 ,0xa6 ,0x4b ,0x88 ,0x99 ,0xfe ,0xde ,0xc6 ,0x16 ,0x4c ,0x43 ,0x1b ,0xb8 , + 0xea ,0xe3 ,0x77 ,0xc4 ,0xe4 ,0x66 ,0x15 ,0x9f ,0x92 ,0x6d ,0xe3 ,0x7f ,0x3c ,0xac ,0x88 ,0x8b , + 0xb9 ,0xc5 ,0x5c ,0x39 ,0x4f ,0x02 ,0x75 ,0x5a ,0x3d ,0xc5 ,0xaf ,0xad ,0x8f ,0x32 ,0xd4 ,0x5a , + 0x44 ,0xc8 ,0xcb ,0x1f ,0x40 ,0xa1 ,0x44 ,0xef ,0xa8 ,0x2a ,0xa4 ,0x0d ,0x7a ,0x25 ,0xe1 ,0x6c , + 0x09 ,0x4b ,0x96 ,0x6a ,0x73 ,0x0f ,0xe0 ,0x9b ,0x0e ,0x26 ,0xff ,0x61 ,0x96 ,0xc4 ,0xb6 ,0x10 , + 0xe1 ,0x90 ,0x36 ,0xfd ,0x96 ,0xb5 ,0x90 ,0xb0 ,0x76 ,0xed ,0xc2 ,0x17 ,0xc0 ,0xfe ,0xd4 ,0x38 , + 0xff ,0x7f ,0xc3 ,0xa0 ,0x88 ,0x60 ,0xe8 ,0x27 ,0x10 ,0x34 ,0x35 ,0x93 ,0x59 ,0xcb ,0x12 ,0xe5 , + 0x25 ,0xaf ,0x2d ,0x1d ,0x7d ,0x3f ,0x16 ,0x95 ,0x71 ,0x57 ,0x8e ,0x3f ,0xc2 ,0xad ,0x8e ,0xc4 , + 0x0e ,0xe1 ,0xed ,0x46 ,0xf9 ,0xd7 ,0x07 ,0x85 ,0xb3 ,0x05 ,0xbe ,0xf1 ,0x4c ,0xba ,0xf1 ,0x34 , + 0xe5 ,0xd5 ,0x26 ,0x9b ,0x6c ,0x15 ,0x9e ,0x35 ,0xa2 ,0xd5 ,0x81 ,0x09 ,0x36 ,0x05 ,0xa6 ,0x99 , + 0x1f ,0xa2 ,0x17 ,0x35 ,0x3a ,0x38 ,0x18 ,0x52 ,0x44 ,0xcf ,0x22 ,0xb3 ,0x69 ,0xba ,0x07 ,0x74 , + 0x48 ,0x1c ,0x8e ,0x4c ,0xa7 ,0xb0 ,0xc2 ,0x65 ,0x6c ,0x1d ,0x30 ,0xe2 ,0x82 ,0xc2 ,0x35 ,0x60 , + 0x25 ,0xf2 ,0xb1 ,0x05 ,0x18 ,0x0a ,0x73 ,0x87 ,0x27 ,0xee ,0x6e ,0xc2 ,0x5f ,0xff ,0xd8 ,0xfc , + 0x77 ,0x06 ,0x2e ,0x3d ,0x4f ,0xa1 ,0x14 ,0x04 ,0x5d ,0xae ,0x38 ,0x28 ,0xf9 ,0x3d ,0x82 ,0x5f , + 0xc6 ,0xd0 ,0x31 ,0x21 ,0x88 ,0xda ,0x7f ,0x78 ,0xe3 ,0xb7 ,0xed ,0x52 ,0x37 ,0xf4 ,0x29 ,0x08 , + 0x88 ,0x50 ,0x54 ,0x56 ,0x67 ,0xc0 ,0xe1 ,0xf4 ,0xe7 ,0xcf ,0x31 ,0x82 ,0x01 ,0x46 ,0x30 ,0x82 , + 0x01 ,0x42 ,0x02 ,0x01 ,0x01 ,0x30 ,0x1b ,0x30 ,0x0e ,0x31 ,0x0c ,0x30 ,0x0a ,0x06 ,0x03 ,0x55 , + 0x04 ,0x03 ,0x0c ,0x03 ,0x4b ,0x45 ,0x4b ,0x02 ,0x09 ,0x00 ,0xfe ,0xdd ,0x2e ,0xec ,0xe0 ,0x22 , + 0xdd ,0xf9 ,0x30 ,0x0d ,0x06 ,0x09 ,0x60 ,0x86 ,0x48 ,0x01 ,0x65 ,0x03 ,0x04 ,0x02 ,0x01 ,0x05 , + 0x00 ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x01 ,0x05 ,0x00 , + 0x04 ,0x82 ,0x01 ,0x00 ,0x28 ,0x9f ,0xc0 ,0xf5 ,0x52 ,0x8b ,0x45 ,0x8a ,0xaf ,0x43 ,0x39 ,0xd9 , + 0x39 ,0x1d ,0xde ,0x1f ,0x20 ,0x82 ,0x44 ,0x08 ,0xf7 ,0x68 ,0x02 ,0x17 ,0xdb ,0x9f ,0xdf ,0x1e , + 0x2d ,0x88 ,0x6a ,0x9b ,0xe8 ,0xb1 ,0xbb ,0x8f ,0x0b ,0xe1 ,0x45 ,0x64 ,0xf3 ,0xb7 ,0xae ,0x90 , + 0x69 ,0x5c ,0xa7 ,0x0c ,0x98 ,0xb2 ,0x09 ,0x77 ,0xda ,0x24 ,0x1d ,0x01 ,0x94 ,0x1f ,0x95 ,0xbf , + 0x77 ,0xe5 ,0x0e ,0xe4 ,0xd4 ,0x5b ,0x89 ,0x9b ,0xa2 ,0x87 ,0x97 ,0x41 ,0xd4 ,0xb4 ,0xae ,0xb4 , + 0x47 ,0x8a ,0x6e ,0x3f ,0x6b ,0xe7 ,0x8c ,0x04 ,0x04 ,0x0e ,0x27 ,0xcd ,0x4a ,0xd6 ,0x65 ,0x72 , + 0x26 ,0x91 ,0xc9 ,0xb0 ,0x51 ,0x2d ,0x1e ,0x19 ,0xb8 ,0x85 ,0xef ,0x63 ,0x23 ,0xd7 ,0xde ,0x26 , + 0x3d ,0xdb ,0x59 ,0x18 ,0xd3 ,0x80 ,0xc0 ,0xdf ,0xde ,0xe9 ,0x6d ,0x7a ,0xd4 ,0x19 ,0x83 ,0x60 , + 0x96 ,0xe8 ,0x3e ,0xb7 ,0x9a ,0xf5 ,0x69 ,0xe1 ,0xc9 ,0x57 ,0xa6 ,0xad ,0x7f ,0x23 ,0x2f ,0xdd , + 0x5e ,0x15 ,0x38 ,0xc3 ,0x18 ,0xc8 ,0x0a ,0x5d ,0x8e ,0xe9 ,0x6c ,0x20 ,0xad ,0x12 ,0x47 ,0xc9 , + 0x67 ,0x15 ,0xb7 ,0x72 ,0x43 ,0x3e ,0x16 ,0x77 ,0xa6 ,0x2f ,0x72 ,0xfe ,0x34 ,0x45 ,0x2d ,0xa1 , + 0x53 ,0xeb ,0x9e ,0xc4 ,0xfd ,0x2c ,0xf5 ,0x58 ,0xac ,0x05 ,0xbc ,0x57 ,0xd4 ,0xbe ,0x3d ,0xcd , + 0x97 ,0x1d ,0xc5 ,0x14 ,0x29 ,0x17 ,0x19 ,0x4d ,0x0d ,0x2b ,0x28 ,0x87 ,0x14 ,0x02 ,0x1b ,0x6b , + 0x0e ,0xfd ,0x55 ,0xdd ,0x95 ,0x99 ,0x4c ,0xc4 ,0x0c ,0xb3 ,0x68 ,0x1d ,0x71 ,0x64 ,0x1f ,0x48 , + 0xab ,0x34 ,0xa5 ,0xa5 ,0xb7 ,0x1e ,0xb7 ,0xac ,0x86 ,0x2e ,0x0e ,0x7f ,0xb9 ,0xb9 ,0x10 ,0x72 , + 0x76 ,0x07 ,0x8d ,0x6f ,0xc9 ,0xe5 ,0x14 ,0x6e ,0xef ,0x04 ,0x7f ,0xad ,0x33 ,0x98 ,0xf2 ,0x13 , + 0x5c ,0x12 ,0xf1 ,0x48 ,0xa1 ,0x59 ,0xc0 ,0xa5 ,0xe4 ,0x94 ,0xa7 ,0x4a ,0x87 ,0xb5 ,0xab ,0x15 , + 0x5c ,0x2b ,0xf0 ,0x72 ,0x20 ,0x03 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x04 ,0x03 ,0x00 ,0x00 , + 0x11 ,0x11 ,0x11 ,0x11 ,0x22 ,0x22 ,0x33 ,0x33 ,0x44 ,0x44 ,0x12 ,0x34 ,0x56 ,0x78 ,0x9a ,0xbc , + 0x30 ,0x82 ,0x02 ,0xf0 ,0x30 ,0x82 ,0x01 ,0xd8 ,0xa0 ,0x03 ,0x02 ,0x01 ,0x02 ,0x02 ,0x09 ,0x00 , + 0x89 ,0x65 ,0xe1 ,0xbe ,0x1d ,0x33 ,0xea ,0xb7 ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 , + 0xf7 ,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x30 ,0x0d ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 , + 0x04 ,0x03 ,0x0c ,0x02 ,0x44 ,0x42 ,0x30 ,0x1e ,0x17 ,0x0d ,0x31 ,0x39 ,0x30 ,0x31 ,0x31 ,0x32 , + 0x31 ,0x38 ,0x35 ,0x36 ,0x32 ,0x39 ,0x5a ,0x17 ,0x0d ,0x32 ,0x39 ,0x30 ,0x31 ,0x30 ,0x39 ,0x31 , + 0x38 ,0x35 ,0x36 ,0x32 ,0x39 ,0x5a ,0x30 ,0x0d ,0x31 ,0x0b ,0x30 ,0x09 ,0x06 ,0x03 ,0x55 ,0x04 , + 0x03 ,0x0c ,0x02 ,0x44 ,0x42 ,0x30 ,0x82 ,0x01 ,0x22 ,0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 , + 0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x01 ,0x05 ,0x00 ,0x03 ,0x82 ,0x01 ,0x0f ,0x00 ,0x30 ,0x82 ,0x01 , + 0x0a ,0x02 ,0x82 ,0x01 ,0x01 ,0x00 ,0xce ,0x70 ,0xf2 ,0x2d ,0xa0 ,0x56 ,0xac ,0xc0 ,0xc0 ,0x33 , + 0x9a ,0xa6 ,0x2c ,0x89 ,0x3c ,0x88 ,0xa9 ,0x9c ,0x67 ,0xaf ,0xeb ,0x0d ,0x44 ,0x7b ,0xe7 ,0x85 , + 0xf1 ,0x3d ,0xc4 ,0x71 ,0xdd ,0xb4 ,0xa7 ,0x51 ,0xac ,0x87 ,0xfa ,0x85 ,0xf0 ,0x3c ,0x80 ,0x0a , + 0x33 ,0x43 ,0x02 ,0xd6 ,0xa8 ,0x59 ,0xe3 ,0xc3 ,0x42 ,0x22 ,0xe0 ,0x0c ,0xbc ,0xc7 ,0x02 ,0x60 , + 0xff ,0x09 ,0x81 ,0x1c ,0x73 ,0x76 ,0x22 ,0x29 ,0xb8 ,0x67 ,0x2a ,0x76 ,0x17 ,0xd2 ,0x9a ,0x33 , + 0x78 ,0x6d ,0x40 ,0x60 ,0x24 ,0x07 ,0xfb ,0x1f ,0xf6 ,0xf5 ,0xb2 ,0xac ,0x44 ,0x77 ,0xd2 ,0x5e , + 0x9d ,0xd7 ,0x24 ,0xe2 ,0x6e ,0xa1 ,0xf2 ,0xb8 ,0x08 ,0x18 ,0x61 ,0x77 ,0x83 ,0xe8 ,0x82 ,0x72 , + 0x6d ,0xf6 ,0xb3 ,0x98 ,0x39 ,0x43 ,0xb8 ,0xaa ,0x97 ,0x03 ,0xc7 ,0x68 ,0x2e ,0x1d ,0xf8 ,0xaf , + 0x75 ,0xad ,0x9e ,0x18 ,0x48 ,0xa3 ,0x24 ,0x3e ,0x04 ,0x30 ,0xe2 ,0xa7 ,0x30 ,0xf7 ,0xf7 ,0xb3 , + 0x05 ,0xac ,0x11 ,0xf4 ,0x20 ,0x47 ,0x36 ,0xcf ,0xca ,0xe0 ,0x8c ,0x52 ,0x0d ,0x4b ,0x30 ,0xf0 , + 0x7e ,0x6f ,0x48 ,0x83 ,0xe1 ,0xb9 ,0xd1 ,0x1d ,0x27 ,0x5d ,0xd3 ,0x10 ,0x9d ,0x63 ,0xdb ,0xe0 , + 0x87 ,0x53 ,0x75 ,0xae ,0xdd ,0xc0 ,0x6c ,0x89 ,0x33 ,0xeb ,0x3e ,0x87 ,0x33 ,0x58 ,0x11 ,0xe5 , + 0x04 ,0xcd ,0xeb ,0x8e ,0xfe ,0x48 ,0x7b ,0xd1 ,0x37 ,0xb4 ,0x41 ,0x9a ,0x3b ,0xab ,0x99 ,0x03 , + 0xfc ,0x72 ,0x4f ,0x39 ,0xb2 ,0x0c ,0x34 ,0x7d ,0x4f ,0xa7 ,0x5e ,0x8b ,0x1e ,0x13 ,0xea ,0xab , + 0x37 ,0x28 ,0x34 ,0x6a ,0x91 ,0xb9 ,0x21 ,0x79 ,0x1b ,0x82 ,0xc0 ,0x61 ,0x4d ,0xb7 ,0xa0 ,0xc5 , + 0x73 ,0xe7 ,0x11 ,0x75 ,0x88 ,0x41 ,0x36 ,0xf7 ,0x55 ,0x94 ,0x87 ,0x6e ,0x25 ,0x82 ,0xf7 ,0xf9 , + 0xcf ,0xc3 ,0x3c ,0x24 ,0xa2 ,0xcb ,0x02 ,0x03 ,0x01 ,0x00 ,0x01 ,0xa3 ,0x53 ,0x30 ,0x51 ,0x30 , + 0x1d ,0x06 ,0x03 ,0x55 ,0x1d ,0x0e ,0x04 ,0x16 ,0x04 ,0x14 ,0xe6 ,0xb8 ,0x4e ,0x62 ,0xdb ,0xbd , + 0x98 ,0x8a ,0xbb ,0xfd ,0xa0 ,0x08 ,0x35 ,0x5a ,0xa6 ,0xa0 ,0x80 ,0x01 ,0xc5 ,0x8c ,0x30 ,0x1f , + 0x06 ,0x03 ,0x55 ,0x1d ,0x23 ,0x04 ,0x18 ,0x30 ,0x16 ,0x80 ,0x14 ,0xe6 ,0xb8 ,0x4e ,0x62 ,0xdb , + 0xbd ,0x98 ,0x8a ,0xbb ,0xfd ,0xa0 ,0x08 ,0x35 ,0x5a ,0xa6 ,0xa0 ,0x80 ,0x01 ,0xc5 ,0x8c ,0x30 , + 0x0f ,0x06 ,0x03 ,0x55 ,0x1d ,0x13 ,0x01 ,0x01 ,0xff ,0x04 ,0x05 ,0x30 ,0x03 ,0x01 ,0x01 ,0xff , + 0x30 ,0x0d ,0x06 ,0x09 ,0x2a ,0x86 ,0x48 ,0x86 ,0xf7 ,0x0d ,0x01 ,0x01 ,0x0b ,0x05 ,0x00 ,0x03 , + 0x82 ,0x01 ,0x01 ,0x00 ,0x6e ,0xb3 ,0x79 ,0x61 ,0xeb ,0xa5 ,0xa6 ,0x6b ,0x77 ,0xcd ,0x6a ,0x76 , + 0xb7 ,0xbf ,0x86 ,0xcf ,0x4c ,0xa2 ,0xa5 ,0xa5 ,0x01 ,0xb7 ,0xb7 ,0x61 ,0x71 ,0x85 ,0x92 ,0x02 , + 0xee ,0x5a ,0xaa ,0xd7 ,0x4a ,0xcf ,0x87 ,0x2a ,0xa2 ,0x70 ,0x8c ,0x49 ,0xe9 ,0x05 ,0x49 ,0x46 , + 0x3d ,0xc1 ,0xe6 ,0xe9 ,0x59 ,0x95 ,0xd4 ,0xc8 ,0x0e ,0xb6 ,0x6d ,0x01 ,0xfb ,0x74 ,0x01 ,0x69 , + 0xb2 ,0xb4 ,0x9b ,0xe8 ,0x2c ,0x99 ,0xb3 ,0x96 ,0x7f ,0xd9 ,0x96 ,0xa6 ,0x28 ,0x02 ,0x10 ,0x07 , + 0x6a ,0xc2 ,0x19 ,0x27 ,0x63 ,0x9c ,0x35 ,0x0a ,0x9a ,0xda ,0x5c ,0x9c ,0x91 ,0xb5 ,0xc6 ,0xe5 , + 0x7c ,0x64 ,0x76 ,0x07 ,0xf6 ,0x56 ,0x7a ,0xf0 ,0xf6 ,0x09 ,0xaf ,0x3b ,0x4b ,0x40 ,0xd6 ,0x80 , + 0xd5 ,0x3e ,0x7f ,0xea ,0x11 ,0xe4 ,0xe1 ,0x78 ,0xac ,0x1e ,0x4b ,0xc4 ,0xdf ,0xb9 ,0xd6 ,0x5f , + 0x68 ,0xba ,0x77 ,0x40 ,0xf5 ,0x1d ,0xb7 ,0x35 ,0xaf ,0xcd ,0x37 ,0xc4 ,0xc9 ,0xb4 ,0x22 ,0x37 , + 0xac ,0x2d ,0xf3 ,0xc3 ,0xf7 ,0x94 ,0x74 ,0x70 ,0xfc ,0xc8 ,0x13 ,0xb2 ,0xdf ,0x98 ,0xa1 ,0x9c , + 0x10 ,0xba ,0x14 ,0x34 ,0xb5 ,0x1b ,0x4a ,0x50 ,0x00 ,0x22 ,0x83 ,0x88 ,0x79 ,0x1e ,0xac ,0xa4 , + 0xe4 ,0x6f ,0xbf ,0x96 ,0x8e ,0xf1 ,0x20 ,0x53 ,0x60 ,0x9d ,0x63 ,0x74 ,0x40 ,0x30 ,0x72 ,0x5e , + 0x56 ,0x75 ,0xf3 ,0x0b ,0x60 ,0x6a ,0xe8 ,0xab ,0x45 ,0x81 ,0xe9 ,0x7b ,0x32 ,0x31 ,0x5b ,0x28 , + 0x3e ,0xc1 ,0x96 ,0x9f ,0x28 ,0x2d ,0x74 ,0xbe ,0xfb ,0x4d ,0xe1 ,0x15 ,0x21 ,0x5a ,0x89 ,0xde , + 0x02 ,0x0f ,0x83 ,0x18 ,0x33 ,0xa4 ,0x0e ,0x58 ,0x20 ,0xaa ,0xea ,0xcf ,0xb0 ,0xbc ,0x35 ,0xfa , + 0x0c ,0x8a ,0x2d ,0x66 ,0xfa ,0x2a ,0xc6 ,0xae ,0xe0 ,0x07 ,0x99 ,0xfa ,0xb3 ,0x44 ,0x61 ,0x61 , + 0x60 ,0x6e ,0xd4 ,0x70 }; + +unsigned char IllformatKEK_auth[] = { + 0xe3, 0x07, 0x0b, 0x13, 0x0a, 0x28, 0x36, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x94, 0x04, 0x00, 0x00, 0x00, 0x02, 0xf1, 0x0e, + 0x9d, 0xd2, 0xaf, 0x4a, 0xdf, 0x68, 0xee, 0x49, 0x8a, 0xa9, 0x34, 0x7d, + 0x37, 0x56, 0x65, 0xa7, 0x30, 0x82, 0x04, 0x78, 0x02, 0x01, 0x01, 0x31, + 0x0f, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, + 0x02, 0x01, 0x05, 0x00, 0x30, 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x07, 0x01, 0xa0, 0x82, 0x02, 0xff, 0x30, 0x82, 0x02, + 0xfb, 0x30, 0x82, 0x01, 0xe3, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x14, + 0x65, 0x75, 0x53, 0x72, 0x12, 0x66, 0xdd, 0x35, 0x15, 0x7c, 0xe8, 0x6c, + 0x53, 0x88, 0xd2, 0x01, 0x81, 0x62, 0xe7, 0x36, 0x30, 0x0d, 0x06, 0x09, + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, + 0x0d, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, + 0x50, 0x4b, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x39, 0x31, 0x31, 0x31, 0x39, + 0x31, 0x36, 0x34, 0x30, 0x35, 0x32, 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x31, + 0x31, 0x31, 0x36, 0x31, 0x36, 0x34, 0x30, 0x35, 0x32, 0x5a, 0x30, 0x0d, + 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, 0x50, + 0x4b, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, + 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xd0, 0xe5, + 0xb4, 0x7c, 0x37, 0xec, 0x22, 0xf1, 0xae, 0x68, 0xf8, 0x50, 0xcd, 0x00, + 0xb6, 0xa9, 0xc8, 0x56, 0x47, 0xe1, 0x2f, 0xdc, 0xd0, 0x48, 0x9a, 0x18, + 0x01, 0x59, 0xa1, 0x02, 0x02, 0xd4, 0x2c, 0xbd, 0x46, 0x28, 0xa2, 0x6b, + 0x27, 0x5e, 0xa4, 0x53, 0x6d, 0x17, 0xd5, 0x8f, 0x8d, 0x56, 0x9e, 0xf3, + 0x79, 0x4d, 0x74, 0x1c, 0xb5, 0xff, 0xb5, 0x50, 0xf2, 0x50, 0x7d, 0x2d, + 0x13, 0x1c, 0x4f, 0xd9, 0xf7, 0x2c, 0x25, 0x42, 0xa1, 0xcb, 0x91, 0x8e, + 0x10, 0x43, 0x1f, 0xac, 0x14, 0x23, 0x6b, 0x40, 0x40, 0xa5, 0x48, 0x40, + 0x34, 0xdd, 0x40, 0xdf, 0xc3, 0x29, 0x2a, 0xc3, 0x38, 0xcc, 0x6b, 0x00, + 0xa3, 0xac, 0x63, 0x03, 0x38, 0x75, 0x59, 0xab, 0x5c, 0xbc, 0x98, 0x44, + 0xf6, 0x2c, 0xd5, 0x9d, 0x11, 0x2f, 0xae, 0x2f, 0x11, 0xeb, 0x4d, 0xc4, + 0xbd, 0x86, 0xe0, 0xe9, 0xbb, 0x8d, 0x46, 0x62, 0xbd, 0x33, 0xf4, 0xf4, + 0x78, 0x32, 0xda, 0xcf, 0xd3, 0x35, 0x13, 0x95, 0x55, 0x39, 0xc0, 0x10, + 0x9d, 0xcb, 0x98, 0xa9, 0x6a, 0x31, 0x2e, 0x6b, 0xcb, 0xc8, 0x9a, 0xc6, + 0xaa, 0x48, 0xd6, 0x6e, 0xf3, 0xc0, 0x4b, 0x57, 0x06, 0x51, 0xa3, 0xad, + 0x82, 0xe7, 0xeb, 0x8c, 0x40, 0x64, 0x32, 0xf1, 0xee, 0x1e, 0xe4, 0xae, + 0x81, 0x06, 0x5b, 0x6a, 0x06, 0xbc, 0x96, 0xfc, 0xe6, 0xbc, 0x62, 0x0b, + 0x02, 0x8d, 0x27, 0xa2, 0x9c, 0x44, 0x5e, 0x9e, 0x60, 0x35, 0xa2, 0xc2, + 0x2e, 0xfe, 0x34, 0x53, 0xd8, 0x31, 0xe4, 0xca, 0xa1, 0xb3, 0x99, 0x11, + 0xd5, 0xd3, 0x1b, 0x00, 0x76, 0x8a, 0x2d, 0x9a, 0x94, 0xdc, 0x43, 0xdd, + 0xb0, 0x14, 0x41, 0xb3, 0x70, 0x56, 0x85, 0x31, 0x01, 0x6b, 0xf6, 0x82, + 0x9a, 0x8a, 0x89, 0x5e, 0x72, 0xfe, 0xec, 0x53, 0x04, 0x16, 0x79, 0xa0, + 0xb3, 0xfd, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x53, 0x30, 0x51, 0x30, + 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x50, 0x70, + 0xbe, 0x22, 0xf9, 0x09, 0xbf, 0xce, 0x96, 0x5a, 0xb6, 0xe7, 0xdb, 0x1a, + 0xa4, 0x5f, 0x84, 0xbf, 0x2c, 0x5b, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, + 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x50, 0x70, 0xbe, 0x22, 0xf9, + 0x09, 0xbf, 0xce, 0x96, 0x5a, 0xb6, 0xe7, 0xdb, 0x1a, 0xa4, 0x5f, 0x84, + 0xbf, 0x2c, 0x5b, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, + 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, + 0x82, 0x01, 0x01, 0x00, 0xcd, 0xca, 0xa3, 0xd4, 0xc9, 0x11, 0xdf, 0x4f, + 0x42, 0x13, 0xdf, 0xcd, 0x5a, 0x13, 0x07, 0x47, 0x16, 0xae, 0x6b, 0xb2, + 0xca, 0xec, 0x70, 0x71, 0x45, 0x5c, 0x61, 0x29, 0x17, 0x63, 0x2c, 0xe9, + 0x75, 0x6f, 0x8a, 0xb7, 0xd5, 0x8d, 0xc8, 0x23, 0x2e, 0xe2, 0x39, 0x1b, + 0xf3, 0x1a, 0xb1, 0xec, 0xf4, 0xc4, 0x88, 0x5a, 0xfe, 0xe2, 0x97, 0x3f, + 0xcb, 0x86, 0x22, 0x8e, 0x58, 0x99, 0x5d, 0x83, 0x46, 0xad, 0x97, 0xbe, + 0x11, 0x13, 0xf0, 0x4b, 0x64, 0x8c, 0x22, 0xca, 0x1f, 0xa4, 0x5d, 0xd7, + 0xf2, 0xc0, 0xc7, 0x1e, 0x57, 0x97, 0x51, 0x26, 0x8d, 0x2b, 0xbb, 0x32, + 0x0e, 0x52, 0xa0, 0xdc, 0xde, 0x4f, 0x85, 0x6e, 0x48, 0xe5, 0x0d, 0xf0, + 0x9e, 0xad, 0xa2, 0xda, 0x69, 0xe0, 0x71, 0x06, 0x63, 0xb1, 0x82, 0x20, + 0xcc, 0x55, 0x08, 0x2f, 0x1b, 0xf9, 0x0b, 0xdd, 0xda, 0xa4, 0xe0, 0xfe, + 0xd6, 0xc2, 0xc3, 0xf1, 0xf8, 0xe1, 0x14, 0xf6, 0xd3, 0xbc, 0x82, 0x53, + 0x06, 0xca, 0xf6, 0x4e, 0x40, 0x88, 0x50, 0x51, 0x33, 0xe2, 0x2a, 0x8b, + 0xa6, 0x1a, 0x37, 0x89, 0xa7, 0xbf, 0x35, 0x2c, 0x4b, 0xf5, 0x7d, 0xc9, + 0x6a, 0x59, 0xb8, 0x62, 0x23, 0x16, 0xf1, 0xd7, 0x2d, 0x67, 0x2d, 0xae, + 0x52, 0x5e, 0x7d, 0x5f, 0xf6, 0x77, 0x9a, 0xed, 0x9c, 0xd0, 0xbd, 0x85, + 0x11, 0xf7, 0xd6, 0x13, 0xbd, 0x49, 0x55, 0x66, 0xc5, 0xa7, 0x88, 0xee, + 0xb3, 0x52, 0x39, 0x43, 0xfa, 0x9e, 0x43, 0xe4, 0x0b, 0x8f, 0xad, 0x7e, + 0x6c, 0xb8, 0xf5, 0x27, 0x7d, 0x29, 0x7b, 0xb1, 0x1a, 0xb3, 0x24, 0x8a, + 0xff, 0xfe, 0x3f, 0x17, 0xfe, 0x17, 0xb7, 0x20, 0x0a, 0xb5, 0x98, 0x32, + 0x72, 0x55, 0xd4, 0xfa, 0x94, 0x09, 0x28, 0xdf, 0x67, 0xc9, 0x61, 0x90, + 0xab, 0x03, 0x79, 0xcf, 0x00, 0xa1, 0x0a, 0x4c, 0x31, 0x82, 0x01, 0x50, + 0x30, 0x82, 0x01, 0x4c, 0x02, 0x01, 0x01, 0x30, 0x25, 0x30, 0x0d, 0x31, + 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x02, 0x50, 0x4b, + 0x02, 0x14, 0x65, 0x75, 0x53, 0x72, 0x12, 0x66, 0xdd, 0x35, 0x15, 0x7c, + 0xe8, 0x6c, 0x53, 0x88, 0xd2, 0x01, 0x81, 0x62, 0xe7, 0x36, 0x30, 0x0d, + 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, + 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, + 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 0x01, 0x00, 0xca, 0x5f, 0x9a, 0xc7, + 0x7d, 0xc6, 0x89, 0xab, 0xec, 0x1c, 0xc6, 0xdd, 0x79, 0xf7, 0xee, 0x53, + 0xbd, 0xc4, 0xed, 0x59, 0x82, 0xa0, 0xe1, 0x98, 0x86, 0x20, 0xd0, 0xac, + 0x76, 0x45, 0x44, 0x0e, 0x20, 0xf9, 0x96, 0xf5, 0xcf, 0x60, 0x43, 0x3a, + 0x05, 0x31, 0xf8, 0xe4, 0x6b, 0x75, 0xe3, 0x11, 0x8f, 0x9b, 0x4b, 0x4a, + 0xd9, 0x60, 0xc2, 0x03, 0xdf, 0x06, 0xef, 0x3c, 0x85, 0x03, 0x81, 0x61, + 0x6a, 0x0f, 0xa4, 0x72, 0x02, 0xf9, 0x3a, 0x25, 0xa7, 0x7e, 0xf5, 0x6c, + 0x36, 0x02, 0x6c, 0x47, 0x3e, 0x8d, 0x27, 0x5e, 0x79, 0xc6, 0xaa, 0x67, + 0x74, 0x6a, 0x77, 0x0f, 0x21, 0x95, 0x0d, 0xfe, 0xa2, 0x90, 0x2a, 0x54, + 0x90, 0xff, 0x3d, 0x6a, 0x5d, 0x4d, 0x43, 0xa5, 0xa3, 0xd1, 0x04, 0xcb, + 0x75, 0xd1, 0x2a, 0xf5, 0xa7, 0x27, 0x1e, 0x74, 0xbd, 0xef, 0x47, 0xae, + 0xb5, 0x42, 0xb5, 0x24, 0x9f, 0xc0, 0x01, 0x9b, 0xca, 0x7e, 0xda, 0xa9, + 0x76, 0x7c, 0xf1, 0x2e, 0x43, 0xdc, 0x6c, 0x21, 0x1c, 0x7e, 0xe2, 0x6b, + 0x2b, 0x1a, 0x41, 0x00, 0x95, 0xbe, 0x8a, 0xb9, 0x88, 0x6f, 0x2b, 0xaf, + 0x64, 0x75, 0xb8, 0xa1, 0xe6, 0xf5, 0x03, 0x8a, 0x7f, 0xd9, 0x7d, 0x94, + 0x36, 0xa4, 0x37, 0xba, 0xaa, 0xc1, 0xb1, 0xae, 0xe6, 0xbf, 0x32, 0x79, + 0x2e, 0x27, 0xbf, 0xfd, 0x41, 0x98, 0x3d, 0xe3, 0x6e, 0x25, 0x0a, 0xaf, + 0xfd, 0x37, 0xef, 0x68, 0xc3, 0xdc, 0xb9, 0x9c, 0xa0, 0xb9, 0xa4, 0x92, + 0x01, 0xfb, 0x87, 0x18, 0x89, 0xf2, 0xc7, 0x8e, 0xb1, 0xdb, 0x4b, 0xf0, + 0xca, 0xf6, 0x1e, 0x8c, 0x19, 0x82, 0xa8, 0x1e, 0xe9, 0xfc, 0x12, 0xdd, + 0xe2, 0x57, 0x5f, 0x1b, 0xe2, 0xd9, 0x63, 0xbb, 0x16, 0x99, 0x46, 0x03, + 0x8c, 0x09, 0x9a, 0xd5, 0x87, 0x32, 0x9c, 0x57, 0x84, 0xd9, 0xf4, 0x0f, + 0xa1, 0x59, 0xc0, 0xa5, 0xe4, 0x94, 0xa7, 0x4a, 0x87, 0xb5, 0xab, 0x15, + 0x5c, 0x2b, 0xf0, 0x72, 0x2d, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x11, 0x03, 0x00, 0x00, 0x11, 0x11, 0x11, 0x11, 0x22, 0x22, 0x33, 0x33, + 0x44, 0x44, 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0x30, 0x82, 0x02, 0xfd, + 0x30, 0x82, 0x01, 0xe5, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x14, 0x35, + 0xa7, 0x5b, 0x54, 0x85, 0x3a, 0x10, 0xbd, 0x95, 0xed, 0x28, 0xda, 0x7e, + 0xc5, 0x26, 0x7d, 0xb7, 0xc5, 0x9c, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x0e, + 0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x03, 0x4b, + 0x45, 0x4b, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x39, 0x31, 0x31, 0x31, 0x39, + 0x31, 0x36, 0x34, 0x30, 0x35, 0x34, 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x31, + 0x31, 0x31, 0x36, 0x31, 0x36, 0x34, 0x30, 0x35, 0x34, 0x5a, 0x30, 0x0e, + 0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x03, 0x4b, + 0x45, 0x4b, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, + 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc9, + 0x9e, 0x2a, 0x8a, 0x23, 0x86, 0xe1, 0x81, 0xff, 0xeb, 0x0f, 0x4d, 0x9a, + 0xf9, 0x67, 0x63, 0xb4, 0x8a, 0x43, 0x12, 0x7d, 0xf8, 0x27, 0x32, 0x9f, + 0xd8, 0xcd, 0x88, 0xd8, 0xf3, 0x28, 0xa8, 0x7a, 0xb8, 0xdf, 0x5f, 0x23, + 0xcc, 0x8a, 0x02, 0x4f, 0xe3, 0xc1, 0xe6, 0x5d, 0xbe, 0x68, 0xeb, 0x15, + 0x8c, 0x8d, 0x15, 0x1d, 0xd6, 0x4e, 0x4f, 0xe2, 0x77, 0xc3, 0xb0, 0x1d, + 0x9c, 0x46, 0xa8, 0x14, 0x9f, 0x6e, 0x30, 0x0f, 0x88, 0x0a, 0x6d, 0xa7, + 0x88, 0x8a, 0xeb, 0xa8, 0xcf, 0xe9, 0xb7, 0x12, 0xc8, 0x40, 0x09, 0xa1, + 0xe9, 0x0a, 0xc6, 0xe4, 0x55, 0xf4, 0x30, 0x85, 0x5d, 0x25, 0x4b, 0x4c, + 0xf8, 0x37, 0xf5, 0x94, 0x38, 0x20, 0x21, 0x54, 0x29, 0xe1, 0xd8, 0xdf, + 0x36, 0xf4, 0xad, 0xaa, 0x1c, 0x90, 0x82, 0xbf, 0xfa, 0x3e, 0xcc, 0xf9, + 0x6a, 0x04, 0x59, 0xa6, 0xf8, 0xb4, 0x22, 0x11, 0x60, 0xcf, 0xa7, 0x41, + 0x6b, 0xce, 0x0e, 0xdf, 0xfa, 0xa6, 0x39, 0x6a, 0x6f, 0x27, 0x7e, 0x13, + 0x44, 0x23, 0xc5, 0x2b, 0x6d, 0x76, 0xb6, 0x1c, 0x5c, 0x4d, 0x07, 0x1a, + 0x53, 0x23, 0x39, 0x65, 0x3b, 0x10, 0xfc, 0xd3, 0x7d, 0x50, 0xb4, 0x13, + 0x62, 0x0d, 0x0f, 0x11, 0x50, 0x1d, 0x9f, 0x25, 0x00, 0xff, 0x9f, 0x8c, + 0xb8, 0x57, 0x45, 0x67, 0x6a, 0x41, 0x2f, 0x6b, 0xff, 0x8f, 0x12, 0x04, + 0x0c, 0xcd, 0xf9, 0xf4, 0x92, 0x0a, 0xea, 0xf6, 0x48, 0x38, 0x4a, 0x9f, + 0xdf, 0x92, 0xb4, 0x84, 0xcf, 0x49, 0x6e, 0xb5, 0x88, 0x7d, 0x7b, 0x33, + 0x86, 0xc3, 0x84, 0x08, 0x08, 0x8b, 0x16, 0x9f, 0x4d, 0x82, 0xb5, 0x15, + 0x03, 0x7e, 0x98, 0x4a, 0xb8, 0xe4, 0xee, 0xf6, 0x01, 0xea, 0x0e, 0x9f, + 0x41, 0x91, 0x2c, 0x37, 0xf2, 0xab, 0xaf, 0xa0, 0x85, 0x9c, 0x31, 0xfa, + 0x3f, 0xe9, 0x33, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x53, 0x30, 0x51, + 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x88, + 0xf1, 0x79, 0xea, 0xd8, 0xf9, 0xbe, 0xc7, 0x96, 0x92, 0xa9, 0x08, 0xf3, + 0x75, 0x67, 0x6f, 0xf8, 0x42, 0x0f, 0xc4, 0x30, 0x1f, 0x06, 0x03, 0x55, + 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x88, 0xf1, 0x79, 0xea, + 0xd8, 0xf9, 0xbe, 0xc7, 0x96, 0x92, 0xa9, 0x08, 0xf3, 0x75, 0x67, 0x6f, + 0xf8, 0x42, 0x0f, 0xc4, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, + 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, + 0x03, 0x82, 0x01, 0x01, 0x00, 0x70, 0xec, 0x6a, 0x52, 0x39, 0xb8, 0xe4, + 0x5e, 0x05, 0xbb, 0xef, 0x4b, 0x8d, 0xfa, 0xb8, 0x3d, 0xc0, 0x11, 0x32, + 0xda, 0xe8, 0x51, 0xfd, 0x70, 0x93, 0x0e, 0x90, 0x01, 0x16, 0x78, 0x39, + 0xb6, 0xc5, 0x03, 0x13, 0x93, 0xb1, 0x5d, 0x76, 0xb9, 0x16, 0xcd, 0xfb, + 0x50, 0x43, 0x67, 0x0b, 0xa1, 0x5a, 0x8f, 0x01, 0xdf, 0x98, 0xbf, 0x9c, + 0xaa, 0x04, 0xf3, 0x2d, 0xeb, 0x3d, 0x8c, 0x7c, 0x0d, 0xcd, 0x41, 0x30, + 0x89, 0x47, 0xd4, 0x50, 0x36, 0x8f, 0x44, 0x8e, 0x63, 0x9d, 0x0d, 0x16, + 0x39, 0xf0, 0xf9, 0x42, 0xac, 0x50, 0x79, 0x0e, 0xa1, 0xe4, 0x96, 0x3b, + 0x23, 0xf1, 0x7c, 0xe4, 0x9a, 0xc3, 0x9a, 0x35, 0x6f, 0x83, 0xb1, 0x78, + 0x24, 0xf4, 0x07, 0xdd, 0x38, 0xa1, 0x54, 0xe3, 0x39, 0x3e, 0x86, 0x67, + 0x19, 0xe4, 0xb8, 0x2b, 0x87, 0xf9, 0x9e, 0x78, 0x7f, 0x8c, 0x8f, 0xf2, + 0x64, 0x75, 0xc2, 0x93, 0xd2, 0x18, 0xf9, 0x6d, 0xdc, 0x6e, 0x18, 0x27, + 0xfe, 0x49, 0xce, 0x96, 0x7b, 0xb4, 0x17, 0xd8, 0xbc, 0x19, 0x81, 0x9a, + 0x18, 0x31, 0xbd, 0x78, 0xdb, 0xcd, 0xca, 0x08, 0xe2, 0x54, 0x7d, 0x15, + 0xc5, 0x79, 0x97, 0xbf, 0xab, 0x14, 0xdf, 0x61, 0x10, 0x1d, 0x1c, 0xae, + 0x10, 0x00, 0x0c, 0x06, 0x8b, 0x72, 0xdc, 0xff, 0xbe, 0xf7, 0x1f, 0xac, + 0x9c, 0x87, 0x36, 0x47, 0x72, 0x1f, 0x7f, 0x61, 0x3c, 0xee, 0xc8, 0x2b, + 0xaa, 0x24, 0x58, 0x93, 0xdb, 0x71, 0x47, 0x81, 0xeb, 0xa5, 0x42, 0xfc, + 0x61, 0x2a, 0xf1, 0x70, 0xab, 0xdc, 0xe8, 0x94, 0x10, 0xcc, 0x0e, 0xb8, + 0xea, 0xaa, 0x1e, 0x62, 0xb4, 0x10, 0xc6, 0xa2, 0x25, 0xe7, 0x21, 0xff, + 0x71, 0x61, 0x04, 0xad, 0x54, 0x7c, 0x60, 0x60, 0x56, 0x4a, 0x0d, 0x1d, + 0x2d, 0x9e, 0x7c, 0x59, 0x4b, 0x8a, 0x40, 0xd3, 0x76, +}; +unsigned int IllformatKEK_auth_len = 2001; diff --git a/libstb/secvar/test/secvar-test-edk2-compat.c b/libstb/secvar/test/secvar-test-edk2-compat.c new file mode 100644 index 00000000..72bc0366 --- /dev/null +++ b/libstb/secvar/test/secvar-test-edk2-compat.c @@ -0,0 +1,260 @@ +/* Copyright 2019 IBM Corp. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + * implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "secvar_common_test.c" +#include "../backend/edk2-compat.c" +#include "../secvar_util.c" +#include "../secvar_tpmnv.c" +#include "../../crypto/pkcs7/pkcs7.c" +#include +#include "edk2_test_data.h" + +const char *secvar_test_name = "edk2-compat"; + +struct platform platform; + +// Change to TSS-intercepting wrappers +#define ARBITRARY_TPMNV_SIZE 2048 +char *secboot_buffer; +static int secboot_read(void *dst, uint32_t src, uint32_t len) +{ + (void) src; // Don't need to use offset here + memcpy(dst, secboot_buffer, len); + return 0; +} + +static int secboot_write(uint32_t dst, void *src, uint32_t len) +{ + (void) dst; + memcpy(secboot_buffer, src, len); + return 0; +} + +int secvar_set_secure_mode(void) { return 0; }; + +int run_test() +{ + int rc = -1; + struct secvar_node *tmp; + int keksize; + int dbsize; + + // Check pre-process creates the empty variables + ASSERT(0 == list_length(&variable_bank)); + rc = edk2_compat_pre_process(); + ASSERT(OPAL_SUCCESS == rc); + ASSERT(4 == list_length(&variable_bank)); + + // Add PK to update and .process() + printf("Add PK"); + tmp = alloc_secvar(PK_auth_len); + memcpy(tmp->var->key, "PK", 3); + tmp->var->key_len = 3; + memcpy(tmp->var->data, PK_auth, PK_auth_len); + tmp->var->data_size = PK_auth_len; + list_add_tail(&update_bank, &tmp->link); + ASSERT(1 == list_length(&update_bank)); + + rc = edk2_compat_process(); + ASSERT(OPAL_SUCCESS == rc); + ASSERT(4 == list_length(&variable_bank)); + ASSERT(0 == list_length(&update_bank)); + tmp = find_secvar("PK", 3, &variable_bank); + ASSERT(NULL != tmp); + ASSERT(0 != tmp->var->data_size); + ASSERT(PK_auth_len > tmp->var->data_size); // esl should be smaller without auth + ASSERT(!is_setup_mode()); + + // Add db, should fail with no KEK + printf("Add db"); + dbsize = sizeof(DB_auth); + tmp = alloc_secvar(dbsize); + memcpy(tmp->var->key, "db", 3); + tmp->var->key_len = 3; + memcpy(tmp->var->data, DB_auth, dbsize); + tmp->var->data_size = dbsize; + list_add_tail(&update_bank, &tmp->link); + ASSERT(1 == list_length(&update_bank)); + + rc = edk2_compat_process(); + ASSERT(OPAL_SUCCESS != rc); + ASSERT(4 == list_length(&variable_bank)); + ASSERT(0 == list_length(&update_bank)); + tmp = find_secvar("db", 3, &variable_bank); + ASSERT(NULL != tmp); + ASSERT(0 == tmp->var->data_size); // Should still be empty + + printf("Add KEK"); + // Add valid KEK, .process(), should succeed + + tmp = alloc_secvar(ValidKEK_auth_len); + memcpy(tmp->var->key, "KEK", 4); + tmp->var->key_len = 4; + memcpy(tmp->var->data, ValidKEK_auth, ValidKEK_auth_len); + tmp->var->data_size = ValidKEK_auth_len; + list_add_tail(&update_bank, &tmp->link); + ASSERT(1 == list_length(&update_bank)); + + rc = edk2_compat_process(); + ASSERT(OPAL_SUCCESS == rc); + ASSERT(4 == list_length(&variable_bank)); + ASSERT(0 == list_length(&update_bank)); + tmp = find_secvar("KEK", 4, &variable_bank); + ASSERT(NULL != tmp); + ASSERT(0 != tmp->var->data_size); + + // Add db, .process(), should succeed + printf("Add db again\n"); + dbsize = sizeof(DB_auth); + tmp = alloc_secvar(dbsize); + memcpy(tmp->var->key, "db", 3); + tmp->var->key_len = 3; + memcpy(tmp->var->data, DB_auth, dbsize); + tmp->var->data_size = dbsize; + list_add_tail(&update_bank, &tmp->link); + ASSERT(1 == list_length(&update_bank)); + + rc = edk2_compat_process(); + ASSERT(OPAL_SUCCESS == rc); + ASSERT(4 == list_length(&variable_bank)); + ASSERT(0 == list_length(&update_bank)); + tmp = find_secvar("db", 3, &variable_bank); + printf("tmp is %s\n", tmp->var->key); + ASSERT(NULL != tmp); + ASSERT(0 != tmp->var->data_size); + + // Add invalid KEK, .process(), should fail + printf("Add invalid KEK\n"); + keksize = sizeof(InvalidKEK_auth); + tmp = alloc_secvar(keksize); + memcpy(tmp->var->key, "KEK", 4); + tmp->var->key_len = 4; + memcpy(tmp->var->data, InvalidKEK_auth, keksize); + tmp->var->data_size = keksize; + list_add_tail(&update_bank, &tmp->link); + ASSERT(1 == list_length(&update_bank)); + + rc = edk2_compat_process(); + ASSERT(OPAL_SUCCESS != rc); + ASSERT(4 == list_length(&variable_bank)); + ASSERT(0 == list_length(&update_bank)); + tmp = find_secvar("KEK", 4, &variable_bank); + ASSERT(NULL != tmp); + ASSERT(0 != tmp->var->data_size); + + // Add ill formatted KEK, .process(), should fail + printf("Add invalid KEK\n"); + keksize = sizeof(IllformatKEK_auth); + tmp = alloc_secvar(keksize); + memcpy(tmp->var->key, "KEK", 4); + tmp->var->key_len = 4; + memcpy(tmp->var->data, IllformatKEK_auth, keksize); + tmp->var->data_size = keksize; + list_add_tail(&update_bank, &tmp->link); + ASSERT(1 == list_length(&update_bank)); + + rc = edk2_compat_process(); + ASSERT(OPAL_SUCCESS != rc); + ASSERT(4 == list_length(&variable_bank)); + ASSERT(0 == list_length(&update_bank)); + tmp = find_secvar("KEK", 4, &variable_bank); + ASSERT(NULL != tmp); + ASSERT(0 != tmp->var->data_size); + + return 0; +} + +static int run_edk2_tpmnv_test(void) +{ + int size, rc; + char *tmp; + + size = secvar_tpmnv_size(TPMNV_ID_EDK2_PK); + ASSERT(size > 0); + ASSERT(size < 1024); + tmp = malloc(size); + rc = secvar_tpmnv_read(TPMNV_ID_EDK2_PK, tmp, size, 0); + ASSERT(OPAL_SUCCESS == rc); + // memcmp here? + + free(tmp); + tmp = NULL; // Going to reuse this pointer later... + + clear_bank_list(&variable_bank); + ASSERT(0 == list_length(&variable_bank)); + + rc = edk2_p9_load_pk(); + ASSERT(OPAL_SUCCESS == rc); + ASSERT(1 == list_length(&variable_bank)); + + // Now lets double check that write is working... + memset(secboot_buffer, 0, ARBITRARY_TPMNV_SIZE); + + rc = edk2_p9_write_pk(); + ASSERT(OPAL_SUCCESS == rc); + + for (tmp = secboot_buffer; + tmp <= secboot_buffer + ARBITRARY_TPMNV_SIZE; + tmp++) + if (*tmp != '\0') + return 0; // Something was written + + // Buffer was still empty + return 1; +} + +int main(void) +{ + int rc; + + list_head_init(&variable_bank); + list_head_init(&update_bank); + + secvar_storage.max_var_size = 4096; + + // Run as a generic platform using whatever storage + proc_gen = 0; + rc = run_test(); + if (rc) + goto out_bank; + + clear_bank_list(&variable_bank); + clear_bank_list(&update_bank); + ASSERT(0 == list_length(&variable_bank)); + ASSERT(0 == list_length(&update_bank)); + printf("PASSED FIRST TEST\n"); + + // Run as "p9" and use the TPM for pk + // TODO: Change to TSS stubs when this matters + platform.secboot_read = secboot_read; + platform.secboot_write = secboot_write; + secboot_buffer = zalloc(ARBITRARY_TPMNV_SIZE); + + proc_gen = proc_gen_p9; + rc = run_test(); + if (rc) + goto out; + + // Check that PK was actually written to "TPM" and load it + rc = run_edk2_tpmnv_test(); + +out: + free(secboot_buffer); +out_bank: + clear_bank_list(&variable_bank); + clear_bank_list(&update_bank); + + return rc; +} diff --git a/libstb/secvar/test/secvar_common_test.c b/libstb/secvar/test/secvar_common_test.c index fbc23145..13371bd6 100644 --- a/libstb/secvar/test/secvar_common_test.c +++ b/libstb/secvar/test/secvar_common_test.c @@ -4,6 +4,8 @@ #define SECBOOT_FILE "secboot.img" #define SECBOOT_SIZE 128000 +#define HAVE_LITTLE_ENDIAN 1 + #include #include #include