@inco/js 0.8.0-devnet-13 → 0.8.0-devnet-22
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +18 -76
- package/dist/cjs/advancedacl/session-key.d.ts +1 -1
- package/dist/cjs/advancedacl/session-key.js +3 -2
- package/dist/cjs/attestedcompute/attested-compute.js +5 -2
- package/dist/cjs/attesteddecrypt/attested-decrypt.d.ts +5 -1
- package/dist/cjs/attesteddecrypt/attested-decrypt.js +14 -4
- package/dist/cjs/binary.d.ts +2 -4
- package/dist/cjs/binary.js +11 -6
- package/dist/cjs/encryption/index.d.ts +1 -1
- package/dist/cjs/encryption/index.js +17 -16
- package/dist/cjs/generated/abis/lightning.d.ts +70 -17
- package/dist/cjs/generated/abis/lightning.js +44 -19
- package/dist/cjs/generated/abis/test-elist.d.ts +10 -2
- package/dist/cjs/generated/abis/test-elist.js +8 -3
- package/dist/cjs/generated/abis/verifier.d.ts +78 -4
- package/dist/cjs/generated/abis/verifier.js +49 -4
- package/dist/cjs/generated/lightning.d.ts +60 -0
- package/dist/cjs/generated/lightning.js +64 -1
- package/dist/cjs/generated/local-node.d.ts +4 -4
- package/dist/cjs/generated/local-node.js +4 -4
- package/dist/cjs/index.d.ts +1 -1
- package/dist/cjs/index.js +11 -2
- package/dist/cjs/kms/quorumClient.d.ts +5 -13
- package/dist/cjs/kms/quorumClient.js +74 -259
- package/dist/cjs/kms/quorumConsistency.d.ts +58 -0
- package/dist/cjs/kms/quorumConsistency.js +200 -0
- package/dist/cjs/kms/signatureVerification.d.ts +35 -0
- package/dist/cjs/kms/signatureVerification.js +88 -0
- package/dist/cjs/kms/thresholdPromises.d.ts +4 -3
- package/dist/cjs/kms/thresholdPromises.js +25 -15
- package/dist/cjs/lite/hadu.d.ts +1 -1
- package/dist/cjs/lite/hadu.js +3 -3
- package/dist/cjs/lite/index.d.ts +0 -2
- package/dist/cjs/lite/index.js +1 -15
- package/dist/cjs/lite/lightning.d.ts +1 -1
- package/dist/cjs/lite/lightning.js +14 -33
- package/dist/esm/advancedacl/session-key.d.ts +1 -1
- package/dist/esm/advancedacl/session-key.js +3 -2
- package/dist/esm/attestedcompute/attested-compute.js +6 -3
- package/dist/esm/attesteddecrypt/attested-decrypt.d.ts +5 -1
- package/dist/esm/attesteddecrypt/attested-decrypt.js +15 -5
- package/dist/esm/binary.d.ts +2 -4
- package/dist/esm/binary.js +11 -6
- package/dist/esm/encryption/index.d.ts +1 -1
- package/dist/esm/encryption/index.js +2 -2
- package/dist/esm/generated/abis/lightning.d.ts +70 -17
- package/dist/esm/generated/abis/lightning.js +44 -19
- package/dist/esm/generated/abis/test-elist.d.ts +10 -2
- package/dist/esm/generated/abis/test-elist.js +8 -3
- package/dist/esm/generated/abis/verifier.d.ts +78 -4
- package/dist/esm/generated/abis/verifier.js +49 -4
- package/dist/esm/generated/lightning.d.ts +60 -0
- package/dist/esm/generated/lightning.js +64 -1
- package/dist/esm/generated/local-node.d.ts +4 -4
- package/dist/esm/generated/local-node.js +4 -4
- package/dist/esm/index.d.ts +1 -1
- package/dist/esm/index.js +2 -2
- package/dist/esm/kms/quorumClient.d.ts +5 -13
- package/dist/esm/kms/quorumClient.js +74 -259
- package/dist/esm/kms/quorumConsistency.d.ts +58 -0
- package/dist/esm/kms/quorumConsistency.js +193 -0
- package/dist/esm/kms/signatureVerification.d.ts +35 -0
- package/dist/esm/kms/signatureVerification.js +84 -0
- package/dist/esm/kms/thresholdPromises.d.ts +4 -3
- package/dist/esm/kms/thresholdPromises.js +25 -15
- package/dist/esm/lite/hadu.d.ts +1 -1
- package/dist/esm/lite/hadu.js +2 -2
- package/dist/esm/lite/index.d.ts +0 -2
- package/dist/esm/lite/index.js +1 -3
- package/dist/esm/lite/lightning.d.ts +1 -1
- package/dist/esm/lite/lightning.js +8 -27
- package/dist/types/advancedacl/session-key.d.ts +1 -1
- package/dist/types/attesteddecrypt/attested-decrypt.d.ts +5 -1
- package/dist/types/binary.d.ts +2 -4
- package/dist/types/encryption/index.d.ts +1 -1
- package/dist/types/generated/abis/lightning.d.ts +70 -17
- package/dist/types/generated/abis/test-elist.d.ts +10 -2
- package/dist/types/generated/abis/verifier.d.ts +78 -4
- package/dist/types/generated/lightning.d.ts +60 -0
- package/dist/types/generated/local-node.d.ts +4 -4
- package/dist/types/index.d.ts +1 -1
- package/dist/types/kms/quorumClient.d.ts +5 -13
- package/dist/types/kms/quorumConsistency.d.ts +58 -0
- package/dist/types/kms/signatureVerification.d.ts +35 -0
- package/dist/types/kms/thresholdPromises.d.ts +4 -3
- package/dist/types/lite/hadu.d.ts +1 -1
- package/dist/types/lite/index.d.ts +0 -2
- package/dist/types/lite/lightning.d.ts +1 -1
- package/package.json +12 -12
|
@@ -2,9 +2,10 @@ import type { Address } from 'viem';
|
|
|
2
2
|
import type { DecryptionAttestation, EncryptedDecryptionAttestation } from '../attesteddecrypt/types.js';
|
|
3
3
|
import type { EncryptionScheme, SupportedFheType } from '../encryption/encryption.js';
|
|
4
4
|
import type { AttestedComputeRequest, AttestedDecryptRequest, AttestedRevealRequest } from '../generated/es/inco/kms/lite/v1/kms_service_pb.js';
|
|
5
|
-
import type { XwingKeypair } from '../lite/
|
|
5
|
+
import type { XwingKeypair } from '../lite/xwing.js';
|
|
6
6
|
import type { BackoffConfig } from '../retry.js';
|
|
7
7
|
import { type KmsClient } from './client.js';
|
|
8
|
+
import type { ViemClient } from './signatureVerification.js';
|
|
8
9
|
export declare class KmsQuorumClient {
|
|
9
10
|
private readonly kmss;
|
|
10
11
|
private readonly threshold;
|
|
@@ -29,9 +30,9 @@ export declare class KmsQuorumClient {
|
|
|
29
30
|
* @throws {Error} If KMS clients array is empty or threshold is invalid
|
|
30
31
|
*/
|
|
31
32
|
static fromKmsClients(kmsClients: KmsClient[], threshold: number): KmsQuorumClient;
|
|
32
|
-
attestedDecrypt(request: AttestedDecryptRequest, backoffConfig?: Partial<BackoffConfig>, reencryptKeypair?: XwingKeypair): Promise<(DecryptionAttestation<EncryptionScheme, SupportedFheType> | EncryptedDecryptionAttestation<EncryptionScheme, SupportedFheType>)[]>;
|
|
33
|
-
attestedCompute(request: AttestedComputeRequest, backoffConfig?: Partial<BackoffConfig>, reencryptKeypair?: XwingKeypair): Promise<DecryptionAttestation<EncryptionScheme, SupportedFheType> | EncryptedDecryptionAttestation<EncryptionScheme, SupportedFheType>>;
|
|
34
|
-
attestedReveal(request: AttestedRevealRequest, backoffConfig?: Partial<BackoffConfig
|
|
33
|
+
attestedDecrypt(request: AttestedDecryptRequest, backoffConfig?: Partial<BackoffConfig>, reencryptKeypair?: XwingKeypair, executorAddress?: Address, client?: ViemClient): Promise<(DecryptionAttestation<EncryptionScheme, SupportedFheType> | EncryptedDecryptionAttestation<EncryptionScheme, SupportedFheType>)[]>;
|
|
34
|
+
attestedCompute(request: AttestedComputeRequest, backoffConfig?: Partial<BackoffConfig>, reencryptKeypair?: XwingKeypair, executorAddress?: Address, client?: ViemClient): Promise<DecryptionAttestation<EncryptionScheme, SupportedFheType> | EncryptedDecryptionAttestation<EncryptionScheme, SupportedFheType>>;
|
|
35
|
+
attestedReveal(request: AttestedRevealRequest, backoffConfig?: Partial<BackoffConfig>, executorAddress?: Address, client?: ViemClient): Promise<(DecryptionAttestation<EncryptionScheme, SupportedFheType> | EncryptedDecryptionAttestation<EncryptionScheme, SupportedFheType>)[]>;
|
|
35
36
|
/**
|
|
36
37
|
* Generic method to execute a KMS operation across all clients with retry and threshold logic.
|
|
37
38
|
* Returns results with both the response and signer address.
|
|
@@ -48,13 +49,4 @@ export declare class KmsQuorumClient {
|
|
|
48
49
|
private buildPlaintextAttestation;
|
|
49
50
|
private buildAggregatedAttestations;
|
|
50
51
|
private buildAggregatedComputeAttestation;
|
|
51
|
-
private verifyResponseConsistency;
|
|
52
|
-
private verifyComputeResponseConsistency;
|
|
53
|
-
/**
|
|
54
|
-
* Verifies that two plaintext byte arrays are identical.
|
|
55
|
-
* Uses constant-time comparison to prevent timing side-channel attacks.
|
|
56
|
-
*/
|
|
57
|
-
private verifyPlaintextBytesConsistency;
|
|
58
|
-
private verifyPlaintextConsistency;
|
|
59
|
-
private verifyCiphertextConsistency;
|
|
60
52
|
}
|
|
@@ -1,18 +1,19 @@
|
|
|
1
1
|
import { bytesToBigInt, bytesToHex, parseHex, } from '../binary.js';
|
|
2
2
|
import { bigintToPlaintext, encryptionSchemes, } from '../encryption/encryption.js';
|
|
3
3
|
import { getHandleType } from '../handle.js';
|
|
4
|
-
import { decrypt } from '../lite/xwing.js';
|
|
5
4
|
import { retryWithBackoff } from '../retry.js';
|
|
6
5
|
import { getKmsClient } from './client.js';
|
|
6
|
+
import { verifyComputeResponseConsistency, verifyDecryptResponseConsistency, } from './quorumConsistency.js';
|
|
7
|
+
import { verifyPlaintextAttestationSignatures, verifyReencryptionAttestationSignatures, } from './signatureVerification.js';
|
|
7
8
|
import { executeWithThreshold } from './thresholdPromises.js';
|
|
8
9
|
/**
|
|
9
|
-
* Checks if the threshold is at least a majority of signers and
|
|
10
|
+
* Checks if the threshold is at least a majority of signers and throws an error if not.
|
|
11
|
+
* This is important to ensure that the quorum client provides the expected security guarantees.
|
|
10
12
|
*/
|
|
11
13
|
function checkMajorityThreshold(threshold, signerCount) {
|
|
12
14
|
const majority = Math.floor(signerCount / 2) + 1;
|
|
13
15
|
if (threshold < majority) {
|
|
14
|
-
|
|
15
|
-
`A threshold below majority weakens quorum security guarantees.`);
|
|
16
|
+
throw new Error(`Threshold (${threshold}) must be at least a majority (${majority}) of ${signerCount} signers to ensure security guarantees.`);
|
|
16
17
|
}
|
|
17
18
|
}
|
|
18
19
|
export class KmsQuorumClient {
|
|
@@ -68,7 +69,6 @@ export class KmsQuorumClient {
|
|
|
68
69
|
if (threshold < 1 || threshold > urls.length) {
|
|
69
70
|
throw new Error(`Threshold must be between 1 and ${urls.length} (number of URLs)`);
|
|
70
71
|
}
|
|
71
|
-
checkMajorityThreshold(threshold, urls.length);
|
|
72
72
|
const attesters = urls.map((url, index) => {
|
|
73
73
|
return { url, signer: signers[index] };
|
|
74
74
|
});
|
|
@@ -89,41 +89,31 @@ export class KmsQuorumClient {
|
|
|
89
89
|
if (threshold < 1 || threshold > kmsClients.length) {
|
|
90
90
|
throw new Error(`Threshold must be between 1 and ${kmsClients.length} (number of KMS clients)`);
|
|
91
91
|
}
|
|
92
|
-
checkMajorityThreshold(threshold, kmsClients.length);
|
|
93
92
|
return new KmsQuorumClient(kmsClients, threshold);
|
|
94
93
|
}
|
|
95
|
-
async attestedDecrypt(request, backoffConfig, reencryptKeypair) {
|
|
94
|
+
async attestedDecrypt(request, backoffConfig, reencryptKeypair, executorAddress, client) {
|
|
96
95
|
const thresholdResults = await this.executeKmsOperationWithThreshold(async (kms) => {
|
|
97
96
|
return await kms.client.attestedDecrypt(request);
|
|
98
97
|
}, backoffConfig);
|
|
99
|
-
// Extract responses and signers
|
|
100
|
-
const thresholdResponses = thresholdResults.map((r) => r.response);
|
|
101
|
-
const signers = thresholdResults.map((r) => r.signer);
|
|
102
98
|
// Verify that responses are consistent across quorum (plaintext or ciphertext)
|
|
103
|
-
const reference = await this.
|
|
104
|
-
return this.buildAggregatedAttestations(reference,
|
|
99
|
+
const { reference, winningResults } = await verifyDecryptResponseConsistency(thresholdResults, this.threshold, reencryptKeypair);
|
|
100
|
+
return this.buildAggregatedAttestations(reference, winningResults.map((r) => r.response), winningResults.map((r) => r.signer), executorAddress, client);
|
|
105
101
|
}
|
|
106
|
-
async attestedCompute(request, backoffConfig, reencryptKeypair) {
|
|
102
|
+
async attestedCompute(request, backoffConfig, reencryptKeypair, executorAddress, client) {
|
|
107
103
|
const thresholdResults = await this.executeKmsOperationWithThreshold(async (kms) => {
|
|
108
104
|
return await kms.client.attestedCompute(request);
|
|
109
105
|
}, backoffConfig);
|
|
110
|
-
// Extract responses and signers
|
|
111
|
-
const thresholdResponses = thresholdResults.map((r) => r.response);
|
|
112
|
-
const signers = thresholdResults.map((r) => r.signer);
|
|
113
106
|
// Verify that responses are consistent across quorum
|
|
114
|
-
const reference = await
|
|
115
|
-
return this.buildAggregatedComputeAttestation(reference,
|
|
107
|
+
const { reference, winningResults } = await verifyComputeResponseConsistency(thresholdResults, this.threshold, request, reencryptKeypair);
|
|
108
|
+
return this.buildAggregatedComputeAttestation(reference, winningResults.map((r) => r.response), winningResults.map((r) => r.signer), executorAddress, client);
|
|
116
109
|
}
|
|
117
|
-
async attestedReveal(request, backoffConfig) {
|
|
110
|
+
async attestedReveal(request, backoffConfig, executorAddress, client) {
|
|
118
111
|
const thresholdResults = await this.executeKmsOperationWithThreshold(async (kms) => {
|
|
119
112
|
return await kms.client.attestedReveal(request);
|
|
120
113
|
}, backoffConfig);
|
|
121
|
-
// Extract responses and signers
|
|
122
|
-
const thresholdResponses = thresholdResults.map((r) => r.response);
|
|
123
|
-
const signers = thresholdResults.map((r) => r.signer);
|
|
124
114
|
// Verify that responses are consistent across quorum (plaintext only for reveal)
|
|
125
|
-
const reference = await this.
|
|
126
|
-
return this.buildAggregatedAttestations(reference,
|
|
115
|
+
const { reference, winningResults } = await verifyDecryptResponseConsistency(thresholdResults, this.threshold);
|
|
116
|
+
return this.buildAggregatedAttestations(reference, winningResults.map((r) => r.response), winningResults.map((r) => r.signer), executorAddress, client);
|
|
127
117
|
}
|
|
128
118
|
/**
|
|
129
119
|
* Generic method to execute a KMS operation across all clients with retry and threshold logic.
|
|
@@ -186,9 +176,10 @@ export class KmsQuorumClient {
|
|
|
186
176
|
covalidatorSignatures,
|
|
187
177
|
};
|
|
188
178
|
}
|
|
189
|
-
buildAggregatedAttestations(reference, thresholdResponses, signers) {
|
|
179
|
+
async buildAggregatedAttestations(reference, thresholdResponses, signers, executorAddress, client) {
|
|
190
180
|
const attestationCount = reference.decryptionAttestations.length;
|
|
191
|
-
|
|
181
|
+
const results = [];
|
|
182
|
+
for (let i = 0; i < attestationCount; i++) {
|
|
192
183
|
const refAtt = reference.decryptionAttestations[i];
|
|
193
184
|
if (!refAtt.value) {
|
|
194
185
|
throw new Error('No value in attestation');
|
|
@@ -197,42 +188,56 @@ export class KmsQuorumClient {
|
|
|
197
188
|
const signatures = thresholdResponses.map((resp) => resp.decryptionAttestations[i].signature);
|
|
198
189
|
const covalidatorSignatures = this.collectAndSortSignatures(signatures, signers);
|
|
199
190
|
if (refAtt.value.case === 'plaintext') {
|
|
200
|
-
|
|
191
|
+
// Verify covalidator signatures over the plaintext attestation
|
|
192
|
+
// executorAddress and client are only undefined when using a non-real client (e.g. in tests)
|
|
193
|
+
if (executorAddress && client) {
|
|
194
|
+
await verifyPlaintextAttestationSignatures(refAtt.handle, refAtt.value.value.value, covalidatorSignatures, executorAddress, client);
|
|
195
|
+
}
|
|
196
|
+
results.push(this.buildPlaintextAttestation(refAtt, covalidatorSignatures));
|
|
201
197
|
}
|
|
202
198
|
else if (refAtt.value.case === 'reencryption') {
|
|
203
|
-
// Collect encrypted signatures and
|
|
204
|
-
const encryptedSignatures =
|
|
205
|
-
|
|
206
|
-
|
|
207
|
-
|
|
199
|
+
// Collect per-covalidator encrypted signatures and ciphertexts
|
|
200
|
+
const encryptedSignatures = [];
|
|
201
|
+
const perCovalidatorCiphertexts = [];
|
|
202
|
+
for (const resp of thresholdResponses) {
|
|
203
|
+
const attValue = resp.decryptionAttestations[i].value;
|
|
204
|
+
if (attValue?.case === 'reencryption') {
|
|
205
|
+
encryptedSignatures.push(attValue.value.encryptedSignature);
|
|
206
|
+
perCovalidatorCiphertexts.push(attValue.value.userCiphertext);
|
|
208
207
|
}
|
|
209
208
|
else {
|
|
210
|
-
throw new Error(`Expected reencryption attestation but received '${
|
|
209
|
+
throw new Error(`Expected reencryption attestation but received '${attValue?.case}'`);
|
|
211
210
|
}
|
|
212
|
-
}
|
|
211
|
+
}
|
|
213
212
|
const encryptedCovalidatorSignatures = this.collectAndSortSignatures(encryptedSignatures, signers);
|
|
213
|
+
const sortedCiphertexts = this.collectAndSortSignatures(perCovalidatorCiphertexts, signers);
|
|
214
|
+
// executorAddress and client are only undefined when using a non-real client (e.g. in tests)
|
|
215
|
+
if (executorAddress && client) {
|
|
216
|
+
await verifyReencryptionAttestationSignatures(refAtt.handle, sortedCiphertexts, encryptedCovalidatorSignatures, covalidatorSignatures, executorAddress, client);
|
|
217
|
+
}
|
|
214
218
|
const reencryption = refAtt.value.value;
|
|
215
219
|
const ct = reencryption.userCiphertext;
|
|
216
|
-
const
|
|
217
|
-
|
|
220
|
+
const handleType = getHandleType(parseHex(refAtt.handle));
|
|
221
|
+
results.push({
|
|
218
222
|
handle: refAtt.handle,
|
|
219
223
|
encryptedPlaintext: {
|
|
220
224
|
ciphertext: {
|
|
221
225
|
value: bytesToHex(ct),
|
|
222
|
-
scheme:
|
|
223
|
-
type:
|
|
226
|
+
scheme: encryptionSchemes.xwing, // EncryptionScheme: XWING
|
|
227
|
+
type: handleType,
|
|
224
228
|
},
|
|
225
229
|
},
|
|
226
230
|
encryptedSignatures: encryptedCovalidatorSignatures,
|
|
227
231
|
covalidatorSignatures,
|
|
228
|
-
};
|
|
232
|
+
});
|
|
229
233
|
}
|
|
230
234
|
else {
|
|
231
235
|
throw new Error(`Unexpected attestation type: ${refAtt.value.case}, expected 'plaintext' or 'reencryption'`);
|
|
232
236
|
}
|
|
233
|
-
}
|
|
237
|
+
}
|
|
238
|
+
return results;
|
|
234
239
|
}
|
|
235
|
-
buildAggregatedComputeAttestation(reference, thresholdResponses, signers) {
|
|
240
|
+
async buildAggregatedComputeAttestation(reference, thresholdResponses, signers, executorAddress, client) {
|
|
236
241
|
const refAtt = reference.decryptionAttestation;
|
|
237
242
|
if (!refAtt) {
|
|
238
243
|
throw new Error('No decryption attestation in reference response');
|
|
@@ -241,43 +246,58 @@ export class KmsQuorumClient {
|
|
|
241
246
|
throw new Error('No value in reference attestation');
|
|
242
247
|
}
|
|
243
248
|
// Collect signatures and sort by signer address
|
|
244
|
-
//
|
|
249
|
+
// All responses are guaranteed to have decryption attestations by verifyComputeResponseConsistency
|
|
245
250
|
const signatures = [];
|
|
246
251
|
for (const resp of thresholdResponses) {
|
|
247
252
|
const att = resp.decryptionAttestation;
|
|
248
|
-
if (att)
|
|
249
|
-
|
|
250
|
-
|
|
253
|
+
if (!att)
|
|
254
|
+
throw new Error('Missing decryption attestation in winning response');
|
|
255
|
+
signatures.push(att.signature);
|
|
251
256
|
}
|
|
252
257
|
const covalidatorSignatures = this.collectAndSortSignatures(signatures, signers);
|
|
253
258
|
if (refAtt.value.case === 'plaintext') {
|
|
259
|
+
// Verify covalidator signatures over the plaintext attestation
|
|
260
|
+
// executorAddress and client are only undefined when using a non-real client (e.g. in tests)
|
|
261
|
+
if (executorAddress && client) {
|
|
262
|
+
await verifyPlaintextAttestationSignatures(refAtt.handle, refAtt.value.value.value, covalidatorSignatures, executorAddress, client);
|
|
263
|
+
}
|
|
254
264
|
return this.buildPlaintextAttestation(refAtt, covalidatorSignatures);
|
|
255
265
|
}
|
|
256
266
|
if (refAtt.value.case === 'reencryption') {
|
|
267
|
+
// Reencryption envelope signatures are verified per-covalidator via
|
|
268
|
+
// isValidReencryptionAttestation on-chain (each has a unique digest).
|
|
257
269
|
const reencryption = refAtt.value.value;
|
|
258
270
|
const ct = reencryption.userCiphertext;
|
|
259
271
|
if (!ct) {
|
|
260
272
|
throw new Error('No ciphertext in reencryption');
|
|
261
273
|
}
|
|
262
|
-
const
|
|
263
|
-
// Collect encrypted signatures and
|
|
264
|
-
const encryptedSignatures =
|
|
274
|
+
const handleType = getHandleType(parseHex(refAtt.handle));
|
|
275
|
+
// Collect per-covalidator encrypted signatures and ciphertexts
|
|
276
|
+
const encryptedSignatures = [];
|
|
277
|
+
const perCovalidatorCiphertexts = [];
|
|
278
|
+
for (const resp of thresholdResponses) {
|
|
265
279
|
if (resp.decryptionAttestation?.value.case === 'reencryption') {
|
|
266
|
-
const
|
|
267
|
-
|
|
280
|
+
const reenc = resp.decryptionAttestation.value.value;
|
|
281
|
+
encryptedSignatures.push(reenc.encryptedSignature);
|
|
282
|
+
perCovalidatorCiphertexts.push(reenc.userCiphertext);
|
|
268
283
|
}
|
|
269
284
|
else {
|
|
270
285
|
throw new Error(`Expected reencryption attestation but received '${resp.decryptionAttestation?.value.case}'`);
|
|
271
286
|
}
|
|
272
|
-
}
|
|
287
|
+
}
|
|
273
288
|
const encryptedCovalidatorSignatures = this.collectAndSortSignatures(encryptedSignatures, signers);
|
|
289
|
+
const sortedCiphertexts = this.collectAndSortSignatures(perCovalidatorCiphertexts, signers);
|
|
290
|
+
// executorAddress and client are only undefined when using a non-real client (e.g. in tests)
|
|
291
|
+
if (executorAddress && client) {
|
|
292
|
+
await verifyReencryptionAttestationSignatures(refAtt.handle, sortedCiphertexts, encryptedCovalidatorSignatures, covalidatorSignatures, executorAddress, client);
|
|
293
|
+
}
|
|
274
294
|
return {
|
|
275
295
|
handle: refAtt.handle,
|
|
276
296
|
encryptedPlaintext: {
|
|
277
297
|
ciphertext: {
|
|
278
298
|
value: bytesToHex(ct),
|
|
279
|
-
scheme: encryptionSchemes.xwing, // EncryptionScheme:
|
|
280
|
-
type:
|
|
299
|
+
scheme: encryptionSchemes.xwing, // EncryptionScheme: XWING
|
|
300
|
+
type: handleType,
|
|
281
301
|
},
|
|
282
302
|
},
|
|
283
303
|
encryptedSignatures: encryptedCovalidatorSignatures,
|
|
@@ -286,210 +306,5 @@ export class KmsQuorumClient {
|
|
|
286
306
|
}
|
|
287
307
|
throw new Error(`Unexpected attestation type: ${refAtt.value.case}, expected 'plaintext' or 'reencryption'`);
|
|
288
308
|
}
|
|
289
|
-
async verifyResponseConsistency(thresholdResponses, reencryptKeypair) {
|
|
290
|
-
if (thresholdResponses.length === 0) {
|
|
291
|
-
throw new Error('No responses collected to verify');
|
|
292
|
-
}
|
|
293
|
-
const reference = thresholdResponses[0];
|
|
294
|
-
for (let r = 1; r < thresholdResponses.length; r++) {
|
|
295
|
-
if (thresholdResponses[r].decryptionAttestations.length !==
|
|
296
|
-
reference.decryptionAttestations.length) {
|
|
297
|
-
throw new Error('Inconsistent number of decryption attestations across KMS responses');
|
|
298
|
-
}
|
|
299
|
-
}
|
|
300
|
-
for (let i = 0; i < reference.decryptionAttestations.length; i++) {
|
|
301
|
-
const refAtt = reference.decryptionAttestations[i];
|
|
302
|
-
if (!refAtt.value) {
|
|
303
|
-
throw new Error('No value in reference attestation');
|
|
304
|
-
}
|
|
305
|
-
const refCase = refAtt.value.case;
|
|
306
|
-
// Verify that all responses have the same case (plaintext or reencryption)
|
|
307
|
-
for (let r = 1; r < thresholdResponses.length; r++) {
|
|
308
|
-
const att = thresholdResponses[r].decryptionAttestations[i];
|
|
309
|
-
if (!att.value) {
|
|
310
|
-
throw new Error('No value in attestation');
|
|
311
|
-
}
|
|
312
|
-
if (att.value.case !== refCase) {
|
|
313
|
-
throw new Error(`Inconsistent attestation types: reference has '${refCase}' but response ${r} has '${att.value.case}'`);
|
|
314
|
-
}
|
|
315
|
-
}
|
|
316
|
-
// Verify consistency based on the case
|
|
317
|
-
if (refCase === 'plaintext') {
|
|
318
|
-
this.verifyPlaintextConsistency(i, reference, thresholdResponses);
|
|
319
|
-
}
|
|
320
|
-
else if (refCase === 'reencryption') {
|
|
321
|
-
await this.verifyCiphertextConsistency(i, reference, thresholdResponses, reencryptKeypair);
|
|
322
|
-
}
|
|
323
|
-
else {
|
|
324
|
-
throw new Error(`Unexpected attestation type: ${refCase}, expected 'plaintext' or 'reencryption'`);
|
|
325
|
-
}
|
|
326
|
-
}
|
|
327
|
-
return reference;
|
|
328
|
-
}
|
|
329
|
-
async verifyComputeResponseConsistency(thresholdResponses, request, reencryptKeypair) {
|
|
330
|
-
if (thresholdResponses.length === 0) {
|
|
331
|
-
throw new Error('No responses collected to verify');
|
|
332
|
-
}
|
|
333
|
-
const reference = thresholdResponses[0];
|
|
334
|
-
const refAtt = reference.decryptionAttestation;
|
|
335
|
-
if (!refAtt) {
|
|
336
|
-
throw new Error('No decryption attestation in reference response');
|
|
337
|
-
}
|
|
338
|
-
if (!refAtt.value) {
|
|
339
|
-
throw new Error('No value in reference attestation');
|
|
340
|
-
}
|
|
341
|
-
const refCase = refAtt.value.case;
|
|
342
|
-
// Precompute reference values based on the case
|
|
343
|
-
let refBytes;
|
|
344
|
-
let refReencryption;
|
|
345
|
-
let refCt;
|
|
346
|
-
let refFheType;
|
|
347
|
-
if (refCase === 'plaintext') {
|
|
348
|
-
refBytes = refAtt.value.value.value;
|
|
349
|
-
}
|
|
350
|
-
else if (refCase === 'reencryption') {
|
|
351
|
-
refReencryption = refAtt.value.value;
|
|
352
|
-
refCt = refReencryption.userCiphertext;
|
|
353
|
-
if (!refCt) {
|
|
354
|
-
throw new Error('No ciphertext in reference reencryption');
|
|
355
|
-
}
|
|
356
|
-
refFheType = getHandleType(parseHex(refAtt.handle));
|
|
357
|
-
}
|
|
358
|
-
else {
|
|
359
|
-
throw new Error(`Unexpected attestation type: ${refCase}, expected 'plaintext' or 'reencryption'`);
|
|
360
|
-
}
|
|
361
|
-
// If no reencryptPubKey is provided in the request (or it's empty), reject reencryption attestations
|
|
362
|
-
const hasReencryptPubKey = request?.reencryptPubKey && request.reencryptPubKey.length > 0;
|
|
363
|
-
if (refCase === 'reencryption' && !hasReencryptPubKey) {
|
|
364
|
-
throw new Error("Unexpected attestation type: reencryption, expected 'plaintext'");
|
|
365
|
-
}
|
|
366
|
-
// Verify that all responses have a decryption attestation and are consistent
|
|
367
|
-
for (let r = 1; r < thresholdResponses.length; r++) {
|
|
368
|
-
const att = thresholdResponses[r].decryptionAttestation;
|
|
369
|
-
if (!att) {
|
|
370
|
-
throw new Error('No decryption attestation in response');
|
|
371
|
-
}
|
|
372
|
-
if (!att.value) {
|
|
373
|
-
throw new Error('No value in attestation');
|
|
374
|
-
}
|
|
375
|
-
if (att.value.case !== refCase) {
|
|
376
|
-
throw new Error(`Inconsistent attestation types: reference has '${refCase}' but response ${r} has '${att.value.case}'`);
|
|
377
|
-
}
|
|
378
|
-
// Verify handles match
|
|
379
|
-
if (att.handle !== refAtt.handle) {
|
|
380
|
-
throw new Error('Handles differ across KMS responses');
|
|
381
|
-
}
|
|
382
|
-
// Verify consistency based on the case
|
|
383
|
-
if (refCase === 'plaintext') {
|
|
384
|
-
if (!refBytes) {
|
|
385
|
-
throw new Error('No reference plaintext bytes to compare');
|
|
386
|
-
}
|
|
387
|
-
if (att.value.case !== 'plaintext') {
|
|
388
|
-
throw new Error('Expected plaintext attestation but received non-plaintext');
|
|
389
|
-
}
|
|
390
|
-
const bytes = att.value.value.value;
|
|
391
|
-
this.verifyPlaintextBytesConsistency(refBytes, bytes);
|
|
392
|
-
}
|
|
393
|
-
else if (refCase === 'reencryption') {
|
|
394
|
-
if (!refCt || refFheType === undefined) {
|
|
395
|
-
throw new Error('No reference reencryption data to compare');
|
|
396
|
-
}
|
|
397
|
-
if (att.value.case !== 'reencryption') {
|
|
398
|
-
throw new Error('Expected reencryption attestation but received non-reencryption');
|
|
399
|
-
}
|
|
400
|
-
const reencryption = att.value.value;
|
|
401
|
-
const ct = reencryption.userCiphertext;
|
|
402
|
-
if (!ct) {
|
|
403
|
-
throw new Error('No ciphertext in reencryption');
|
|
404
|
-
}
|
|
405
|
-
const fheType = getHandleType(parseHex(att.handle));
|
|
406
|
-
// Verify FHE type matches
|
|
407
|
-
if (fheType !== refFheType) {
|
|
408
|
-
throw new Error('FHE types differ across KMS responses');
|
|
409
|
-
}
|
|
410
|
-
// Verify handles match
|
|
411
|
-
if (att.handle !== refAtt.handle) {
|
|
412
|
-
throw new Error('Handles differ across KMS responses');
|
|
413
|
-
}
|
|
414
|
-
// If keypair provided, decrypt and verify plaintext consistency
|
|
415
|
-
if (reencryptKeypair) {
|
|
416
|
-
const refPlaintext = await decrypt(reencryptKeypair, refCt);
|
|
417
|
-
const plaintext = await decrypt(reencryptKeypair, ct);
|
|
418
|
-
this.verifyPlaintextBytesConsistency(refPlaintext, plaintext);
|
|
419
|
-
}
|
|
420
|
-
}
|
|
421
|
-
}
|
|
422
|
-
return reference;
|
|
423
|
-
}
|
|
424
|
-
/**
|
|
425
|
-
* Verifies that two plaintext byte arrays are identical.
|
|
426
|
-
* Uses constant-time comparison to prevent timing side-channel attacks.
|
|
427
|
-
*/
|
|
428
|
-
verifyPlaintextBytesConsistency(refBytes, bytes) {
|
|
429
|
-
if (refBytes.length !== bytes.length) {
|
|
430
|
-
throw new Error('Plaintexts length differ across KMS responses');
|
|
431
|
-
}
|
|
432
|
-
// Compare all bytes before deciding to throw, preventing timing side-channel
|
|
433
|
-
let mismatch = 0;
|
|
434
|
-
for (let b = 0; b < refBytes.length; b++) {
|
|
435
|
-
mismatch |= refBytes[b] ^ bytes[b];
|
|
436
|
-
}
|
|
437
|
-
if (mismatch !== 0) {
|
|
438
|
-
throw new Error('Plaintexts differ across KMS responses');
|
|
439
|
-
}
|
|
440
|
-
}
|
|
441
|
-
verifyPlaintextConsistency(index, reference, thresholdResponses) {
|
|
442
|
-
const refAtt = reference.decryptionAttestations[index];
|
|
443
|
-
if (refAtt.value?.case !== 'plaintext') {
|
|
444
|
-
throw new Error('Expected plaintext attestation');
|
|
445
|
-
}
|
|
446
|
-
const refBytes = refAtt.value.value.value;
|
|
447
|
-
for (let r = 1; r < thresholdResponses.length; r++) {
|
|
448
|
-
const att = thresholdResponses[r].decryptionAttestations[index];
|
|
449
|
-
if (att.value?.case !== 'plaintext') {
|
|
450
|
-
throw new Error('Expected plaintext attestation but received non-plaintext');
|
|
451
|
-
}
|
|
452
|
-
const bytes = att.value.value.value;
|
|
453
|
-
this.verifyPlaintextBytesConsistency(refBytes, bytes);
|
|
454
|
-
}
|
|
455
|
-
}
|
|
456
|
-
async verifyCiphertextConsistency(index, reference, thresholdResponses, reencryptKeypair) {
|
|
457
|
-
const refAtt = reference.decryptionAttestations[index];
|
|
458
|
-
if (refAtt.value?.case !== 'reencryption') {
|
|
459
|
-
throw new Error('Expected reencryption attestation');
|
|
460
|
-
}
|
|
461
|
-
const refReencryption = refAtt.value.value;
|
|
462
|
-
const refCt = refReencryption.userCiphertext;
|
|
463
|
-
if (!refCt) {
|
|
464
|
-
throw new Error('No ciphertext in reference reencryption');
|
|
465
|
-
}
|
|
466
|
-
const refFheType = getHandleType(parseHex(refAtt.handle));
|
|
467
|
-
for (let r = 1; r < thresholdResponses.length; r++) {
|
|
468
|
-
const att = thresholdResponses[r].decryptionAttestations[index];
|
|
469
|
-
if (att.value?.case !== 'reencryption') {
|
|
470
|
-
throw new Error('Expected reencryption attestation but received non-reencryption');
|
|
471
|
-
}
|
|
472
|
-
const reencryption = att.value.value;
|
|
473
|
-
const ct = reencryption.userCiphertext;
|
|
474
|
-
if (!ct) {
|
|
475
|
-
throw new Error('No ciphertext in reencryption');
|
|
476
|
-
}
|
|
477
|
-
const fheType = getHandleType(parseHex(att.handle));
|
|
478
|
-
// Verify FHE type matches
|
|
479
|
-
if (fheType !== refFheType) {
|
|
480
|
-
throw new Error('FHE types differ across KMS responses');
|
|
481
|
-
}
|
|
482
|
-
// Verify handles match
|
|
483
|
-
if (att.handle !== refAtt.handle) {
|
|
484
|
-
throw new Error('Handles differ across KMS responses');
|
|
485
|
-
}
|
|
486
|
-
// If keypair provided, decrypt and verify plaintext consistency
|
|
487
|
-
if (reencryptKeypair) {
|
|
488
|
-
const refPlaintext = await decrypt(reencryptKeypair, refCt);
|
|
489
|
-
const plaintext = await decrypt(reencryptKeypair, ct);
|
|
490
|
-
this.verifyPlaintextBytesConsistency(refPlaintext, plaintext);
|
|
491
|
-
}
|
|
492
|
-
}
|
|
493
|
-
}
|
|
494
309
|
}
|
|
495
|
-
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicXVvcnVtQ2xpZW50LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL2ttcy9xdW9ydW1DbGllbnQudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBS0EsT0FBTyxFQUNMLGFBQWEsRUFDYixVQUFVLEVBQ1YsUUFBUSxHQUVULE1BQU0sY0FBYyxDQUFDO0FBTXRCLE9BQU8sRUFDTCxpQkFBaUIsRUFDakIsaUJBQWlCLEdBQ2xCLE1BQU0sNkJBQTZCLENBQUM7QUFVckMsT0FBTyxFQUFFLGFBQWEsRUFBRSxNQUFNLGNBQWMsQ0FBQztBQUU3QyxPQUFPLEVBQUUsT0FBTyxFQUFFLE1BQU0sa0JBQWtCLENBQUM7QUFFM0MsT0FBTyxFQUFFLGdCQUFnQixFQUFFLE1BQU0sYUFBYSxDQUFDO0FBQy9DLE9BQU8sRUFBRSxZQUFZLEVBQWtCLE1BQU0sYUFBYSxDQUFDO0FBQzNELE9BQU8sRUFBRSxvQkFBb0IsRUFBRSxNQUFNLHdCQUF3QixDQUFDO0FBTzlEOztHQUVHO0FBQ0gsU0FBUyxzQkFBc0IsQ0FBQyxTQUFpQixFQUFFLFdBQW1CO0lBQ3BFLE1BQU0sUUFBUSxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUMsV0FBVyxHQUFHLENBQUMsQ0FBQyxHQUFHLENBQUMsQ0FBQztJQUNqRCxJQUFJLFNBQVMsR0FBRyxRQUFRLEVBQUUsQ0FBQztRQUN6QixPQUFPLENBQUMsSUFBSSxDQUNWLGdDQUFnQyxTQUFTLDRCQUE0QixRQUFRLFFBQVEsV0FBVyxZQUFZO1lBQzFHLGdFQUFnRSxDQUNuRSxDQUFDO0lBQ0osQ0FBQztBQUNILENBQUM7QUFFRCxNQUFNLE9BQU8sZUFBZTtJQUNULElBQUksQ0FBUTtJQUNaLFNBQVMsQ0FBUztJQVFuQyxpQkFBaUI7SUFDakIsWUFDRSxrQkFBb0UsRUFDcEUsU0FBaUI7UUFFakIsSUFBSSxrQkFBa0IsQ0FBQyxNQUFNLEtBQUssQ0FBQyxFQUFFLENBQUM7WUFDcEMsTUFBTSxJQUFJLEtBQUssQ0FBQyxpREFBaUQsQ0FBQyxDQUFDO1FBQ3JFLENBQUM7UUFFRCxJQUFJLFNBQVMsR0FBRyxDQUFDLElBQUksU0FBUyxHQUFHLGtCQUFrQixDQUFDLE1BQU0sRUFBRSxDQUFDO1lBQzNELE1BQU0sSUFBSSxLQUFLLENBQ2IsbUNBQW1DLGtCQUFrQixDQUFDLE1BQU0sRUFBRSxDQUMvRCxDQUFDO1FBQ0osQ0FBQztRQUVELHNCQUFzQixDQUFDLFNBQVMsRUFBRSxrQkFBa0IsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUU3RCwyRkFBMkY7UUFDM0YsSUFDRSxrQkFBa0IsQ0FBQyxNQUFNLEdBQUcsQ0FBQztZQUM3QixpQkFBaUIsSUFBSSxrQkFBa0IsQ0FBQyxDQUFDLENBQUMsRUFDMUMsQ0FBQztZQUNELDBCQUEwQjtZQUMxQixNQUFNLFVBQVUsR0FBRyxrQkFBaUMsQ0FBQztZQUNyRCxJQUFJLENBQUMsSUFBSSxHQUFHLFVBQVUsQ0FBQyxHQUFHLENBQUMsQ0FBQyxNQUFNLEVBQUUsRUFBRSxDQUFDLENBQUM7Z0JBQ3RDLE1BQU07Z0JBQ04sTUFBTSxFQUFFLE1BQU0sQ0FBQyxhQUFhO2FBQzdCLENBQUMsQ0FBQyxDQUFDO1FBQ04sQ0FBQzthQUFNLENBQUM7WUFDTixpREFBaUQ7WUFDakQsTUFBTSxTQUFTLEdBQUcsa0JBR2YsQ0FBQztZQUNKLElBQUksQ0FBQyxJQUFJLEdBQUcsU0FBUyxDQUFDLEdBQUcsQ0FBQyxDQUFDLFFBQVEsRUFBRSxFQUFFO2dCQUNyQyxPQUFPO29CQUNMLE1BQU0sRUFBRSxZQUFZLENBQUMsUUFBUSxDQUFDLEdBQUcsRUFBRSxRQUFRLENBQUMsTUFBTSxDQUFDO29CQUNuRCxNQUFNLEVBQUUsUUFBUSxDQUFDLE1BQU07aUJBQ3hCLENBQUM7WUFDSixDQUFDLENBQUMsQ0FBQztRQUNMLENBQUM7UUFDRCxJQUFJLENBQUMsU0FBUyxHQUFHLFNBQVMsQ0FBQztJQUM3QixDQUFDO0lBRUQ7Ozs7Ozs7O09BUUc7SUFDSCxNQUFNLENBQUMsUUFBUSxDQUNiLElBQWMsRUFDZCxPQUFrQixFQUNsQixTQUFpQjtRQUVqQixJQUFJLElBQUksQ0FBQyxNQUFNLEtBQUssQ0FBQyxFQUFFLENBQUM7WUFDdEIsTUFBTSxJQUFJLEtBQUssQ0FBQyw4QkFBOEIsQ0FBQyxDQUFDO1FBQ2xELENBQUM7UUFDRCxJQUFJLE9BQU8sQ0FBQyxNQUFNLEtBQUssSUFBSSxDQUFDLE1BQU0sRUFBRSxDQUFDO1lBQ25DLE1BQU0sSUFBSSxLQUFLLENBQ2IseUJBQXlCLE9BQU8sQ0FBQyxNQUFNLG1DQUFtQyxJQUFJLENBQUMsTUFBTSxHQUFHLENBQ3pGLENBQUM7UUFDSixDQUFDO1FBRUQsSUFBSSxTQUFTLEdBQUcsQ0FBQyxJQUFJLFNBQVMsR0FBRyxJQUFJLENBQUMsTUFBTSxFQUFFLENBQUM7WUFDN0MsTUFBTSxJQUFJLEtBQUssQ0FDYixtQ0FBbUMsSUFBSSxDQUFDLE1BQU0sbUJBQW1CLENBQ2xFLENBQUM7UUFDSixDQUFDO1FBRUQsc0JBQXNCLENBQUMsU0FBUyxFQUFFLElBQUksQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUUvQyxNQUFNLFNBQVMsR0FBRyxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUMsR0FBRyxFQUFFLEtBQUssRUFBRSxFQUFFO1lBQ3hDLE9BQU8sRUFBRSxHQUFHLEVBQUUsTUFBTSxFQUFFLE9BQU8sQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDO1FBQ3pDLENBQUMsQ0FBQyxDQUFDO1FBRUgsT0FBTyxJQUFJLGVBQWUsQ0FBQyxTQUFTLEVBQUUsU0FBUyxDQUFDLENBQUM7SUFDbkQsQ0FBQztJQUVEOzs7Ozs7O09BT0c7SUFDSCxNQUFNLENBQUMsY0FBYyxDQUNuQixVQUF1QixFQUN2QixTQUFpQjtRQUVqQixJQUFJLFVBQVUsQ0FBQyxNQUFNLEtBQUssQ0FBQyxFQUFFLENBQUM7WUFDNUIsTUFBTSxJQUFJLEtBQUssQ0FBQyxxQ0FBcUMsQ0FBQyxDQUFDO1FBQ3pELENBQUM7UUFFRCxJQUFJLFNBQVMsR0FBRyxDQUFDLElBQUksU0FBUyxHQUFHLFVBQVUsQ0FBQyxNQUFNLEVBQUUsQ0FBQztZQUNuRCxNQUFNLElBQUksS0FBSyxDQUNiLG1DQUFtQyxVQUFVLENBQUMsTUFBTSwwQkFBMEIsQ0FDL0UsQ0FBQztRQUNKLENBQUM7UUFFRCxzQkFBc0IsQ0FBQyxTQUFTLEVBQUUsVUFBVSxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBRXJELE9BQU8sSUFBSSxlQUFlLENBQUMsVUFBVSxFQUFFLFNBQVMsQ0FBQyxDQUFDO0lBQ3BELENBQUM7SUFFRCxLQUFLLENBQUMsZUFBZSxDQUNuQixPQUErQixFQUMvQixhQUFzQyxFQUN0QyxnQkFBK0I7UUFPL0IsTUFBTSxnQkFBZ0IsR0FBRyxNQUFNLElBQUksQ0FBQyxnQ0FBZ0MsQ0FDbEUsS0FBSyxFQUFFLEdBQUcsRUFBRSxFQUFFO1lBQ1osT0FBTyxNQUFNLEdBQUcsQ0FBQyxNQUFNLENBQUMsZUFBZSxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQ25ELENBQUMsRUFDRCxhQUFhLENBQ2QsQ0FBQztRQUVGLGdDQUFnQztRQUNoQyxNQUFNLGtCQUFrQixHQUFHLGdCQUFnQixDQUFDLEdBQUcsQ0FDN0MsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUMsQ0FBQyxRQUFtQyxDQUM3QyxDQUFDO1FBQ0YsTUFBTSxPQUFPLEdBQUcsZ0JBQWdCLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsTUFBTSxDQUFDLENBQUM7UUFFdEQsK0VBQStFO1FBQy9FLE1BQU0sU0FBUyxHQUFHLE1BQU0sSUFBSSxDQUFDLHlCQUF5QixDQUNwRCxrQkFBa0IsRUFDbEIsZ0JBQWdCLENBQ2pCLENBQUM7UUFFRixPQUFPLElBQUksQ0FBQywyQkFBMkIsQ0FDckMsU0FBUyxFQUNULGtCQUFrQixFQUNsQixPQUFPLENBQ1IsQ0FBQztJQUNKLENBQUM7SUFFRCxLQUFLLENBQUMsZUFBZSxDQUNuQixPQUErQixFQUMvQixhQUFzQyxFQUN0QyxnQkFBK0I7UUFLL0IsTUFBTSxnQkFBZ0IsR0FBRyxNQUFNLElBQUksQ0FBQyxnQ0FBZ0MsQ0FDbEUsS0FBSyxFQUFFLEdBQUcsRUFBRSxFQUFFO1lBQ1osT0FBTyxNQUFNLEdBQUcsQ0FBQyxNQUFNLENBQUMsZUFBZSxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQ25ELENBQUMsRUFDRCxhQUFhLENBQ2QsQ0FBQztRQUVGLGdDQUFnQztRQUNoQyxNQUFNLGtCQUFrQixHQUFHLGdCQUFnQixDQUFDLEdBQUcsQ0FDN0MsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUMsQ0FBQyxRQUFtQyxDQUM3QyxDQUFDO1FBQ0YsTUFBTSxPQUFPLEdBQUcsZ0JBQWdCLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsTUFBTSxDQUFDLENBQUM7UUFFdEQscURBQXFEO1FBQ3JELE1BQU0sU0FBUyxHQUFHLE1BQU0sSUFBSSxDQUFDLGdDQUFnQyxDQUMzRCxrQkFBa0IsRUFDbEIsT0FBTyxFQUNQLGdCQUFnQixDQUNqQixDQUFDO1FBRUYsT0FBTyxJQUFJLENBQUMsaUNBQWlDLENBQzNDLFNBQVMsRUFDVCxrQkFBa0IsRUFDbEIsT0FBTyxDQUNSLENBQUM7SUFDSixDQUFDO0lBRUQsS0FBSyxDQUFDLGNBQWMsQ0FDbEIsT0FBOEIsRUFDOUIsYUFBc0M7UUFPdEMsTUFBTSxnQkFBZ0IsR0FBRyxNQUFNLElBQUksQ0FBQyxnQ0FBZ0MsQ0FDbEUsS0FBSyxFQUFFLEdBQUcsRUFBRSxFQUFFO1lBQ1osT0FBTyxNQUFNLEdBQUcsQ0FBQyxNQUFNLENBQUMsY0FBYyxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQ2xELENBQUMsRUFDRCxhQUFhLENBQ2QsQ0FBQztRQUVGLGdDQUFnQztRQUNoQyxNQUFNLGtCQUFrQixHQUFHLGdCQUFnQixDQUFDLEdBQUcsQ0FDN0MsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUMsQ0FBQyxRQUFrQyxDQUM1QyxDQUFDO1FBQ0YsTUFBTSxPQUFPLEdBQUcsZ0JBQWdCLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsTUFBTSxDQUFDLENBQUM7UUFFdEQsaUZBQWlGO1FBQ2pGLE1BQU0sU0FBUyxHQUFHLE1BQU0sSUFBSSxDQUFDLHlCQUF5QixDQUFDLGtCQUFrQixDQUFDLENBQUM7UUFFM0UsT0FBTyxJQUFJLENBQUMsMkJBQTJCLENBQ3JDLFNBQVMsRUFDVCxrQkFBa0IsRUFDbEIsT0FBTyxDQUNSLENBQUM7SUFDSixDQUFDO0lBRUQ7OztPQUdHO0lBQ0ssS0FBSyxDQUFDLGdDQUFnQyxDQUM1QyxTQUEyQyxFQUMzQyxhQUFzQztRQUV0QyxpRUFBaUU7UUFDakUsK0NBQStDO1FBQy9DLE1BQU0sUUFBUSxHQUFHLElBQUksQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLEtBQUssRUFBRSxHQUFHLEVBQUUsS0FBSyxFQUFFLEVBQUU7WUFDbEQsSUFBSSxDQUFDO2dCQUNILE1BQU0sUUFBUSxHQUFHLE1BQU0sZ0JBQWdCLENBQUMsS0FBSyxJQUFJLEVBQUU7b0JBQ2pELE9BQU8sTUFBTSxTQUFTLENBQUMsR0FBRyxDQUFDLENBQUM7Z0JBQzlCLENBQUMsRUFBRSxhQUFhLENBQUMsQ0FBQztnQkFDbEIsT0FBTyxFQUFFLFFBQVEsRUFBRSxNQUFNLEVBQUUsR0FBRyxDQUFDLE1BQU0sRUFBRSxDQUFDO1lBQzFDLENBQUM7WUFBQyxPQUFPLEtBQUssRUFBRSxDQUFDO2dCQUNmLE1BQU0sSUFBSSxLQUFLLENBQUMsY0FBYyxLQUFLLFlBQVksS0FBSyxFQUFFLENBQUMsQ0FBQztZQUMxRCxDQUFDO1FBQ0gsQ0FBQyxDQUFDLENBQUM7UUFFSCxPQUFPLE1BQU0sb0JBQW9CLENBRzlCLFFBQVEsRUFBRSxJQUFJLENBQUMsU0FBUyxDQUFDLENBQUM7SUFDL0IsQ0FBQztJQUVEOzs7T0FHRztJQUNLLHdCQUF3QixDQUM5QixVQUF3QixFQUN4QixPQUFrQjtRQUVsQixNQUFNLHFCQUFxQixHQUFHLFVBQVUsQ0FBQyxHQUFHLENBQUMsQ0FBQyxTQUFTLEVBQUUsR0FBRyxFQUFFLEVBQUUsQ0FBQyxDQUFDO1lBQ2hFLFNBQVM7WUFDVCxNQUFNLEVBQUUsT0FBTyxDQUFDLEdBQUcsQ0FBQztTQUNyQixDQUFDLENBQUMsQ0FBQztRQUVKLCtFQUErRTtRQUMvRSxxQkFBcUIsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxFQUFFLEVBQUU7WUFDbEMsTUFBTSxPQUFPLEdBQUcsTUFBTSxDQUFDLENBQUMsQ0FBQyxNQUFNLENBQUMsQ0FBQztZQUNqQyxNQUFNLE9BQU8sR0FBRyxNQUFNLENBQUMsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxDQUFDO1lBQ2pDLElBQUksT0FBTyxHQUFHLE9BQU87Z0JBQUUsT0FBTyxDQUFDLENBQUMsQ0FBQztZQUNqQyxJQUFJLE9BQU8sR0FBRyxPQUFPO2dCQUFFLE9BQU8sQ0FBQyxDQUFDO1lBQ2hDLE9BQU8sQ0FBQyxDQUFDO1FBQ1gsQ0FBQyxDQUFDLENBQUM7UUFFSCw0QkFBNEI7UUFDNUIsT0FBTyxxQkFBcUIsQ0FBQyxHQUFHLENBQUMsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsQ0FBQztJQUM3RCxDQUFDO0lBRUQ7O09BRUc7SUFDSyx5QkFBeUIsQ0FDL0IscUJBQWlELEVBQ2pELHFCQUFtQztRQUVuQyxJQUNFLENBQUMscUJBQXFCLENBQUMsS0FBSztZQUM1QixxQkFBcUIsQ0FBQyxLQUFLLENBQUMsSUFBSSxLQUFLLFdBQVcsRUFDaEQsQ0FBQztZQUNELE1BQU0sSUFBSSxLQUFLLENBQUMsZ0NBQWdDLENBQUMsQ0FBQztRQUNwRCxDQUFDO1FBRUQsTUFBTSxjQUFjLEdBQUcscUJBQXFCLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUM7UUFDL0QsTUFBTSxNQUFNLEdBQUcscUJBQXFCLENBQUMsTUFBbUIsQ0FBQztRQUN6RCxNQUFNLFVBQVUsR0FBRyxhQUFhLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDekMsTUFBTSxXQUFXLEdBQUcsYUFBYSxDQUFDLGNBQWMsQ0FBQyxDQUFDO1FBQ2xELE1BQU0sU0FBUyxHQUFHLGlCQUFpQixDQUNqQyxpQkFBaUIsQ0FBQyxLQUFLLEVBQ3ZCLFVBQThCLEVBQzlCLFdBQVcsQ0FDWixDQUFDO1FBRUYsT0FBTztZQUNMLE1BQU07WUFDTixTQUFTO1lBQ1QscUJBQXFCO1NBQ3VDLENBQUM7SUFDakUsQ0FBQztJQUVPLDJCQUEyQixDQUNqQyxTQUEyRCxFQUMzRCxrQkFBd0UsRUFDeEUsT0FBa0I7UUFLbEIsTUFBTSxnQkFBZ0IsR0FBRyxTQUFTLENBQUMsc0JBQXNCLENBQUMsTUFBTSxDQUFDO1FBQ2pFLE9BQU8sSUFBSSxLQUFLLENBQUMsZ0JBQWdCLENBQUMsQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsRUFBRSxFQUFFO1lBQzlELE1BQU0sTUFBTSxHQUFHLFNBQVMsQ0FBQyxzQkFBc0IsQ0FBQyxDQUFDLENBQUMsQ0FBQztZQUNuRCxJQUFJLENBQUMsTUFBTSxDQUFDLEtBQUssRUFBRSxDQUFDO2dCQUNsQixNQUFNLElBQUksS0FBSyxDQUFDLHlCQUF5QixDQUFDLENBQUM7WUFDN0MsQ0FBQztZQUVELGdEQUFnRDtZQUNoRCxNQUFNLFVBQVUsR0FBRyxrQkFBa0IsQ0FBQyxHQUFHLENBQ3ZDLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxJQUFJLENBQUMsc0JBQXNCLENBQUMsQ0FBQyxDQUFDLENBQUMsU0FBUyxDQUNuRCxDQUFDO1lBQ0YsTUFBTSxxQkFBcUIsR0FBRyxJQUFJLENBQUMsd0JBQXdCLENBQ3pELFVBQVUsRUFDVixPQUFPLENBQ1IsQ0FBQztZQUVGLElBQUksTUFBTSxDQUFDLEtBQUssQ0FBQyxJQUFJLEtBQUssV0FBVyxFQUFFLENBQUM7Z0JBQ3RDLE9BQU8sSUFBSSxDQUFDLHlCQUF5QixDQUFDLE1BQU0sRUFBRSxxQkFBcUIsQ0FBQyxDQUFDO1lBQ3ZFLENBQUM7aUJBQU0sSUFBSSxNQUFNLENBQUMsS0FBSyxDQUFDLElBQUksS0FBSyxjQUFjLEVBQUUsQ0FBQztnQkFDaEQsMERBQTBEO2dCQUMxRCxNQUFNLG1CQUFtQixHQUFHLGtCQUFrQixDQUFDLEdBQUcsQ0FBQyxDQUFDLElBQUksRUFBRSxFQUFFO29CQUMxRCxJQUFJLElBQUksQ0FBQyxzQkFBc0IsQ0FBQyxDQUFDLENBQUMsQ0FBQyxLQUFLLENBQUMsSUFBSSxLQUFLLGNBQWMsRUFBRSxDQUFDO3dCQUNqRSxNQUFNLFlBQVksR0FBRyxJQUFJLENBQUMsc0JBQXNCLENBQUMsQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQzt3QkFDaEUsT0FBTyxZQUFZLENBQUMsa0JBQWtCLENBQUM7b0JBQ3pDLENBQUM7eUJBQU0sQ0FBQzt3QkFDTixNQUFNLElBQUksS0FBSyxDQUNiLG1EQUFtRCxJQUFJLENBQUMsc0JBQXNCLENBQUMsQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFDLElBQUksR0FBRyxDQUNoRyxDQUFDO29CQUNKLENBQUM7Z0JBQ0gsQ0FBQyxDQUFDLENBQUM7Z0JBRUgsTUFBTSw4QkFBOEIsR0FBRyxJQUFJLENBQUMsd0JBQXdCLENBQ2xFLG1CQUFtQixFQUNuQixPQUFPLENBQ1IsQ0FBQztnQkFFRixNQUFNLFlBQVksR0FBRyxNQUFNLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQztnQkFDeEMsTUFBTSxFQUFFLEdBQUcsWUFBWSxDQUFDLGNBQWMsQ0FBQztnQkFDdkMsTUFBTSxPQUFPLEdBQUcsYUFBYSxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQztnQkFDdkQsT0FBTztvQkFDTCxNQUFNLEVBQUUsTUFBTSxDQUFDLE1BQW1CO29CQUNsQyxrQkFBa0IsRUFBRTt3QkFDbEIsVUFBVSxFQUFFOzRCQUNWLEtBQUssRUFBRSxVQUFVLENBQUMsRUFBRSxDQUFDOzRCQUNyQixNQUFNLEVBQUUsQ0FBQyxFQUFFLDBCQUEwQjs0QkFDckMsSUFBSSxFQUFFLE9BQU87eUJBQ2Q7cUJBQ3FEO29CQUN4RCxtQkFBbUIsRUFBRSw4QkFBOEI7b0JBQ25ELHFCQUFxQjtpQkFDZ0QsQ0FBQztZQUMxRSxDQUFDO2lCQUFNLENBQUM7Z0JBQ04sTUFBTSxJQUFJLEtBQUssQ0FDYixnQ0FBZ0MsTUFBTSxDQUFDLEtBQUssQ0FBQyxJQUFJLDBDQUEwQyxDQUM1RixDQUFDO1lBQ0osQ0FBQztRQUNILENBQUMsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVPLGlDQUFpQyxDQUN2QyxTQUFrQyxFQUNsQyxrQkFBNkMsRUFDN0MsT0FBa0I7UUFJbEIsTUFBTSxNQUFNLEdBQUcsU0FBUyxDQUFDLHFCQUFxQixDQUFDO1FBQy9DLElBQUksQ0FBQyxNQUFNLEVBQUUsQ0FBQztZQUNaLE1BQU0sSUFBSSxLQUFLLENBQUMsaURBQWlELENBQUMsQ0FBQztRQUNyRSxDQUFDO1FBRUQsSUFBSSxDQUFDLE1BQU0sQ0FBQyxLQUFLLEVBQUUsQ0FBQztZQUNsQixNQUFNLElBQUksS0FBSyxDQUFDLG1DQUFtQyxDQUFDLENBQUM7UUFDdkQsQ0FBQztRQUVELGdEQUFnRDtRQUNoRCwyRkFBMkY7UUFDM0YsTUFBTSxVQUFVLEdBQWlCLEVBQUUsQ0FBQztRQUNwQyxLQUFLLE1BQU0sSUFBSSxJQUFJLGtCQUFrQixFQUFFLENBQUM7WUFDdEMsTUFBTSxHQUFHLEdBQUcsSUFBSSxDQUFDLHFCQUFxQixDQUFDO1lBQ3ZDLElBQUksR0FBRyxFQUFFLENBQUM7Z0JBQ1IsVUFBVSxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsU0FBUyxDQUFDLENBQUM7WUFDakMsQ0FBQztRQUNILENBQUM7UUFDRCxNQUFNLHFCQUFxQixHQUFHLElBQUksQ0FBQyx3QkFBd0IsQ0FDekQsVUFBVSxFQUNWLE9BQU8sQ0FDUixDQUFDO1FBRUYsSUFBSSxNQUFNLENBQUMsS0FBSyxDQUFDLElBQUksS0FBSyxXQUFXLEVBQUUsQ0FBQztZQUN0QyxPQUFPLElBQUksQ0FBQyx5QkFBeUIsQ0FBQyxNQUFNLEVBQUUscUJBQXFCLENBQUMsQ0FBQztRQUN2RSxDQUFDO1FBRUQsSUFBSSxNQUFNLENBQUMsS0FBSyxDQUFDLElBQUksS0FBSyxjQUFjLEVBQUUsQ0FBQztZQUN6QyxNQUFNLFlBQVksR0FBRyxNQUFNLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQztZQUN4QyxNQUFNLEVBQUUsR0FBRyxZQUFZLENBQUMsY0FBYyxDQUFDO1lBQ3ZDLElBQUksQ0FBQyxFQUFFLEVBQUUsQ0FBQztnQkFDUixNQUFNLElBQUksS0FBSyxDQUFDLCtCQUErQixDQUFDLENBQUM7WUFDbkQsQ0FBQztZQUVELE1BQU0sT0FBTyxHQUFHLGFBQWEsQ0FBQyxRQUFRLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUM7WUFFdkQsMERBQTBEO1lBQzFELE1BQU0sbUJBQW1CLEdBQUcsa0JBQWtCLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxFQUFFLEVBQUU7Z0JBQzFELElBQUksSUFBSSxDQUFDLHFCQUFxQixFQUFFLEtBQUssQ0FBQyxJQUFJLEtBQUssY0FBYyxFQUFFLENBQUM7b0JBQzlELE1BQU0sWUFBWSxHQUFHLElBQUksQ0FBQyxxQkFBcUIsRUFBRSxLQUFLLENBQUMsS0FBSyxDQUFDO29CQUM3RCxPQUFPLFlBQVksQ0FBQyxrQkFBa0IsQ0FBQztnQkFDekMsQ0FBQztxQkFBTSxDQUFDO29CQUNOLE1BQU0sSUFBSSxLQUFLLENBQ2IsbURBQW1ELElBQUksQ0FBQyxxQkFBcUIsRUFBRSxLQUFLLENBQUMsSUFBSSxHQUFHLENBQzdGLENBQUM7Z0JBQ0osQ0FBQztZQUNILENBQUMsQ0FBQyxDQUFDO1lBRUgsTUFBTSw4QkFBOEIsR0FBRyxJQUFJLENBQUMsd0JBQXdCLENBQ2xFLG1CQUFtQixFQUNuQixPQUFPLENBQ1IsQ0FBQztZQUVGLE9BQU87Z0JBQ0wsTUFBTSxFQUFFLE1BQU0sQ0FBQyxNQUFtQjtnQkFDbEMsa0JBQWtCLEVBQUU7b0JBQ2xCLFVBQVUsRUFBRTt3QkFDVixLQUFLLEVBQUUsVUFBVSxDQUFDLEVBQUUsQ0FBQzt3QkFDckIsTUFBTSxFQUFFLGlCQUFpQixDQUFDLEtBQUssRUFBRSwwQkFBMEI7d0JBQzNELElBQUksRUFBRSxPQUFPO3FCQUNkO2lCQUNxRDtnQkFDeEQsbUJBQW1CLEVBQUUsOEJBQThCO2dCQUNuRCxxQkFBcUI7YUFDZ0QsQ0FBQztRQUMxRSxDQUFDO1FBRUQsTUFBTSxJQUFJLEtBQUssQ0FDYixnQ0FBZ0MsTUFBTSxDQUFDLEtBQUssQ0FBQyxJQUFJLDBDQUEwQyxDQUM1RixDQUFDO0lBQ0osQ0FBQztJQUVPLEtBQUssQ0FBQyx5QkFBeUIsQ0FDckMsa0JBQXdFLEVBQ3hFLGdCQUErQjtRQUUvQixJQUFJLGtCQUFrQixDQUFDLE1BQU0sS0FBSyxDQUFDLEVBQUUsQ0FBQztZQUNwQyxNQUFNLElBQUksS0FBSyxDQUFDLGtDQUFrQyxDQUFDLENBQUM7UUFDdEQsQ0FBQztRQUVELE1BQU0sU0FBUyxHQUFHLGtCQUFrQixDQUFDLENBQUMsQ0FBQyxDQUFDO1FBRXhDLEtBQUssSUFBSSxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUMsR0FBRyxrQkFBa0IsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxFQUFFLEVBQUUsQ0FBQztZQUNuRCxJQUNFLGtCQUFrQixDQUFDLENBQUMsQ0FBQyxDQUFDLHNCQUFzQixDQUFDLE1BQU07Z0JBQ25ELFNBQVMsQ0FBQyxzQkFBc0IsQ0FBQyxNQUFNLEVBQ3ZDLENBQUM7Z0JBQ0QsTUFBTSxJQUFJLEtBQUssQ0FDYixxRUFBcUUsQ0FDdEUsQ0FBQztZQUNKLENBQUM7UUFDSCxDQUFDO1FBRUQsS0FBSyxJQUFJLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQyxHQUFHLFNBQVMsQ0FBQyxzQkFBc0IsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxFQUFFLEVBQUUsQ0FBQztZQUNqRSxNQUFNLE1BQU0sR0FBRyxTQUFTLENBQUMsc0JBQXNCLENBQUMsQ0FBQyxDQUFDLENBQUM7WUFFbkQsSUFBSSxDQUFDLE1BQU0sQ0FBQyxLQUFLLEVBQUUsQ0FBQztnQkFDbEIsTUFBTSxJQUFJLEtBQUssQ0FBQyxtQ0FBbUMsQ0FBQyxDQUFDO1lBQ3ZELENBQUM7WUFFRCxNQUFNLE9BQU8sR0FBRyxNQUFNLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBQztZQUVsQywyRUFBMkU7WUFDM0UsS0FBSyxJQUFJLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQyxHQUFHLGtCQUFrQixDQUFDLE1BQU0sRUFBRSxDQUFDLEVBQUUsRUFBRSxDQUFDO2dCQUNuRCxNQUFNLEdBQUcsR0FBRyxrQkFBa0IsQ0FBQyxDQUFDLENBQUMsQ0FBQyxzQkFBc0IsQ0FBQyxDQUFDLENBQUMsQ0FBQztnQkFDNUQsSUFBSSxDQUFDLEdBQUcsQ0FBQyxLQUFLLEVBQUUsQ0FBQztvQkFDZixNQUFNLElBQUksS0FBSyxDQUFDLHlCQUF5QixDQUFDLENBQUM7Z0JBQzdDLENBQUM7Z0JBQ0QsSUFBSSxHQUFHLENBQUMsS0FBSyxDQUFDLElBQUksS0FBSyxPQUFPLEVBQUUsQ0FBQztvQkFDL0IsTUFBTSxJQUFJLEtBQUssQ0FDYixrREFBa0QsT0FBTyxrQkFBa0IsQ0FBQyxTQUFTLEdBQUcsQ0FBQyxLQUFLLENBQUMsSUFBSSxHQUFHLENBQ3ZHLENBQUM7Z0JBQ0osQ0FBQztZQUNILENBQUM7WUFFRCx1Q0FBdUM7WUFDdkMsSUFBSSxPQUFPLEtBQUssV0FBVyxFQUFFLENBQUM7Z0JBQzVCLElBQUksQ0FBQywwQkFBMEIsQ0FBQyxDQUFDLEVBQUUsU0FBUyxFQUFFLGtCQUFrQixDQUFDLENBQUM7WUFDcEUsQ0FBQztpQkFBTSxJQUFJLE9BQU8sS0FBSyxjQUFjLEVBQUUsQ0FBQztnQkFDdEMsTUFBTSxJQUFJLENBQUMsMkJBQTJCLENBQ3BDLENBQUMsRUFDRCxTQUFTLEVBQ1Qsa0JBQWtCLEVBQ2xCLGdCQUFnQixDQUNqQixDQUFDO1lBQ0osQ0FBQztpQkFBTSxDQUFDO2dCQUNOLE1BQU0sSUFBSSxLQUFLLENBQ2IsZ0NBQWdDLE9BQU8sMENBQTBDLENBQ2xGLENBQUM7WUFDSixDQUFDO1FBQ0gsQ0FBQztRQUVELE9BQU8sU0FBUyxDQUFDO0lBQ25CLENBQUM7SUFFTyxLQUFLLENBQUMsZ0NBQWdDLENBQzVDLGtCQUE2QyxFQUM3QyxPQUFnQyxFQUNoQyxnQkFBK0I7UUFFL0IsSUFBSSxrQkFBa0IsQ0FBQyxNQUFNLEtBQUssQ0FBQyxFQUFFLENBQUM7WUFDcEMsTUFBTSxJQUFJLEtBQUssQ0FBQyxrQ0FBa0MsQ0FBQyxDQUFDO1FBQ3RELENBQUM7UUFFRCxNQUFNLFNBQVMsR0FBRyxrQkFBa0IsQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUN4QyxNQUFNLE1BQU0sR0FBRyxTQUFTLENBQUMscUJBQXFCLENBQUM7UUFFL0MsSUFBSSxDQUFDLE1BQU0sRUFBRSxDQUFDO1lBQ1osTUFBTSxJQUFJLEtBQUssQ0FBQyxpREFBaUQsQ0FBQyxDQUFDO1FBQ3JFLENBQUM7UUFFRCxJQUFJLENBQUMsTUFBTSxDQUFDLEtBQUssRUFBRSxDQUFDO1lBQ2xCLE1BQU0sSUFBSSxLQUFLLENBQUMsbUNBQW1DLENBQUMsQ0FBQztRQUN2RCxDQUFDO1FBRUQsTUFBTSxPQUFPLEdBQUcsTUFBTSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUM7UUFFbEMsZ0RBQWdEO1FBQ2hELElBQUksUUFBZ0MsQ0FBQztRQUNyQyxJQUFJLGVBQWdDLENBQUM7UUFDckMsSUFBSSxLQUE2QixDQUFDO1FBQ2xDLElBQUksVUFBd0QsQ0FBQztRQUU3RCxJQUFJLE9BQU8sS0FBSyxXQUFXLEVBQUUsQ0FBQztZQUM1QixRQUFRLEdBQUcsTUFBTSxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDO1FBQ3RDLENBQUM7YUFBTSxJQUFJLE9BQU8sS0FBSyxjQUFjLEVBQUUsQ0FBQztZQUN0QyxlQUFlLEdBQUcsTUFBTSxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUM7WUFDckMsS0FBSyxHQUFHLGVBQWUsQ0FBQyxjQUFjLENBQUM7WUFDdkMsSUFBSSxDQUFDLEtBQUssRUFBRSxDQUFDO2dCQUNYLE1BQU0sSUFBSSxLQUFLLENBQUMseUNBQXlDLENBQUMsQ0FBQztZQUM3RCxDQUFDO1lBRUQsVUFBVSxHQUFHLGFBQWEsQ0FBQyxRQUFRLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUM7UUFDdEQsQ0FBQzthQUFNLENBQUM7WUFDTixNQUFNLElBQUksS0FBSyxDQUNiLGdDQUFnQyxPQUFPLDBDQUEwQyxDQUNsRixDQUFDO1FBQ0osQ0FBQztRQUVELHFHQUFxRztRQUNyRyxNQUFNLGtCQUFrQixHQUN0QixPQUFPLEVBQUUsZUFBZSxJQUFJLE9BQU8sQ0FBQyxlQUFlLENBQUMsTUFBTSxHQUFHLENBQUMsQ0FBQztRQUNqRSxJQUFJLE9BQU8sS0FBSyxjQUFjLElBQUksQ0FBQyxrQkFBa0IsRUFBRSxDQUFDO1lBQ3RELE1BQU0sSUFBSSxLQUFLLENBQ2IsaUVBQWlFLENBQ2xFLENBQUM7UUFDSixDQUFDO1FBRUQsNkVBQTZFO1FBQzdFLEtBQUssSUFBSSxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUMsR0FBRyxrQkFBa0IsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxFQUFFLEVBQUUsQ0FBQztZQUNuRCxNQUFNLEdBQUcsR0FBRyxrQkFBa0IsQ0FBQyxDQUFDLENBQUMsQ0FBQyxxQkFBcUIsQ0FBQztZQUN4RCxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUM7Z0JBQ1QsTUFBTSxJQUFJLEtBQUssQ0FBQyx1Q0FBdUMsQ0FBQyxDQUFDO1lBQzNELENBQUM7WUFFRCxJQUFJLENBQUMsR0FBRyxDQUFDLEtBQUssRUFBRSxDQUFDO2dCQUNmLE1BQU0sSUFBSSxLQUFLLENBQUMseUJBQXlCLENBQUMsQ0FBQztZQUM3QyxDQUFDO1lBRUQsSUFBSSxHQUFHLENBQUMsS0FBSyxDQUFDLElBQUksS0FBSyxPQUFPLEVBQUUsQ0FBQztnQkFDL0IsTUFBTSxJQUFJLEtBQUssQ0FDYixrREFBa0QsT0FBTyxrQkFBa0IsQ0FBQyxTQUFTLEdBQUcsQ0FBQyxLQUFLLENBQUMsSUFBSSxHQUFHLENBQ3ZHLENBQUM7WUFDSixDQUFDO1lBRUQsdUJBQXVCO1lBQ3ZCLElBQUksR0FBRyxDQUFDLE1BQU0sS0FBSyxNQUFNLENBQUMsTUFBTSxFQUFFLENBQUM7Z0JBQ2pDLE1BQU0sSUFBSSxLQUFLLENBQUMscUNBQXFDLENBQUMsQ0FBQztZQUN6RCxDQUFDO1lBRUQsdUNBQXVDO1lBQ3ZDLElBQUksT0FBTyxLQUFLLFdBQVcsRUFBRSxDQUFDO2dCQUM1QixJQUFJLENBQUMsUUFBUSxFQUFFLENBQUM7b0JBQ2QsTUFBTSxJQUFJLEtBQUssQ0FBQyx5Q0FBeUMsQ0FBQyxDQUFDO2dCQUM3RCxDQUFDO2dCQUVELElBQUksR0FBRyxDQUFDLEtBQUssQ0FBQyxJQUFJLEtBQUssV0FBVyxFQUFFLENBQUM7b0JBQ25DLE1BQU0sSUFBSSxLQUFLLENBQ2IsMkRBQTJELENBQzVELENBQUM7Z0JBQ0osQ0FBQztnQkFFRCxNQUFNLEtBQUssR0FBRyxHQUFHLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUM7Z0JBQ3BDLElBQUksQ0FBQywrQkFBK0IsQ0FBQyxRQUFRLEVBQUUsS0FBSyxDQUFDLENBQUM7WUFDeEQsQ0FBQztpQkFBTSxJQUFJLE9BQU8sS0FBSyxjQUFjLEVBQUUsQ0FBQztnQkFDdEMsSUFBSSxDQUFDLEtBQUssSUFBSSxVQUFVLEtBQUssU0FBUyxFQUFFLENBQUM7b0JBQ3ZDLE1BQU0sSUFBSSxLQUFLLENBQUMsMkNBQTJDLENBQUMsQ0FBQztnQkFDL0QsQ0FBQztnQkFFRCxJQUFJLEdBQUcsQ0FBQyxLQUFLLENBQUMsSUFBSSxLQUFLLGNBQWMsRUFBRSxDQUFDO29CQUN0QyxNQUFNLElBQUksS0FBSyxDQUNiLGlFQUFpRSxDQUNsRSxDQUFDO2dCQUNKLENBQUM7Z0JBRUQsTUFBTSxZQUFZLEdBQUcsR0FBRyxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUM7Z0JBQ3JDLE1BQU0sRUFBRSxHQUFHLFlBQVksQ0FBQyxjQUFjLENBQUM7Z0JBQ3ZDLElBQUksQ0FBQyxFQUFFLEVBQUUsQ0FBQztvQkFDUixNQUFNLElBQUksS0FBSyxDQUFDLCtCQUErQixDQUFDLENBQUM7Z0JBQ25ELENBQUM7Z0JBQ0QsTUFBTSxPQUFPLEdBQUcsYUFBYSxDQUFDLFFBQVEsQ0FBQyxHQUFHLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQztnQkFFcEQsMEJBQTBCO2dCQUMxQixJQUFJLE9BQU8sS0FBSyxVQUFVLEVBQUUsQ0FBQztvQkFDM0IsTUFBTSxJQUFJLEtBQUssQ0FBQyx1Q0FBdUMsQ0FBQyxDQUFDO2dCQUMzRCxDQUFDO2dCQUVELHVCQUF1QjtnQkFDdkIsSUFBSSxHQUFHLENBQUMsTUFBTSxLQUFLLE1BQU0sQ0FBQyxNQUFNLEVBQUUsQ0FBQztvQkFDakMsTUFBTSxJQUFJLEtBQUssQ0FBQyxxQ0FBcUMsQ0FBQyxDQUFDO2dCQUN6RCxDQUFDO2dCQUVELGdFQUFnRTtnQkFDaEUsSUFBSSxnQkFBZ0IsRUFBRSxDQUFDO29CQUNyQixNQUFNLFlBQVksR0FBRyxNQUFNLE9BQU8sQ0FBQyxnQkFBZ0IsRUFBRSxLQUFLLENBQUMsQ0FBQztvQkFDNUQsTUFBTSxTQUFTLEdBQUcsTUFBTSxPQUFPLENBQUMsZ0JBQWdCLEVBQUUsRUFBRSxDQUFDLENBQUM7b0JBQ3RELElBQUksQ0FBQywrQkFBK0IsQ0FBQyxZQUFZLEVBQUUsU0FBUyxDQUFDLENBQUM7Z0JBQ2hFLENBQUM7WUFDSCxDQUFDO1FBQ0gsQ0FBQztRQUVELE9BQU8sU0FBUyxDQUFDO0lBQ25CLENBQUM7SUFFRDs7O09BR0c7SUFDSywrQkFBK0IsQ0FDckMsUUFBb0IsRUFDcEIsS0FBaUI7UUFFakIsSUFBSSxRQUFRLENBQUMsTUFBTSxLQUFLLEtBQUssQ0FBQyxNQUFNLEVBQUUsQ0FBQztZQUNyQyxNQUFNLElBQUksS0FBSyxDQUFDLCtDQUErQyxDQUFDLENBQUM7UUFDbkUsQ0FBQztRQUNELDZFQUE2RTtRQUM3RSxJQUFJLFFBQVEsR0FBRyxDQUFDLENBQUM7UUFDakIsS0FBSyxJQUFJLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQyxHQUFHLFFBQVEsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxFQUFFLEVBQUUsQ0FBQztZQUN6QyxRQUFRLElBQUksUUFBUSxDQUFDLENBQUMsQ0FBQyxHQUFHLEtBQUssQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUNyQyxDQUFDO1FBQ0QsSUFBSSxRQUFRLEtBQUssQ0FBQyxFQUFFLENBQUM7WUFDbkIsTUFBTSxJQUFJLEtBQUssQ0FBQyx3Q0FBd0MsQ0FBQyxDQUFDO1FBQzVELENBQUM7SUFDSCxDQUFDO0lBRU8sMEJBQTBCLENBQ2hDLEtBQWEsRUFDYixTQUEyRCxFQUMzRCxrQkFBd0U7UUFFeEUsTUFBTSxNQUFNLEdBQUcsU0FBUyxDQUFDLHNCQUFzQixDQUFDLEtBQUssQ0FBQyxDQUFDO1FBQ3ZELElBQUksTUFBTSxDQUFDLEtBQUssRUFBRSxJQUFJLEtBQUssV0FBVyxFQUFFLENBQUM7WUFDdkMsTUFBTSxJQUFJLEtBQUssQ0FBQyxnQ0FBZ0MsQ0FBQyxDQUFDO1FBQ3BELENBQUM7UUFFRCxNQUFNLFFBQVEsR0FBRyxNQUFNLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUM7UUFFMUMsS0FBSyxJQUFJLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQyxHQUFHLGtCQUFrQixDQUFDLE1BQU0sRUFBRSxDQUFDLEVBQUUsRUFBRSxDQUFDO1lBQ25ELE1BQU0sR0FBRyxHQUFHLGtCQUFrQixDQUFDLENBQUMsQ0FBQyxDQUFDLHNCQUFzQixDQUFDLEtBQUssQ0FBQyxDQUFDO1lBQ2hFLElBQUksR0FBRyxDQUFDLEtBQUssRUFBRSxJQUFJLEtBQUssV0FBVyxFQUFFLENBQUM7Z0JBQ3BDLE1BQU0sSUFBSSxLQUFLLENBQ2IsMkRBQTJELENBQzVELENBQUM7WUFDSixDQUFDO1lBRUQsTUFBTSxLQUFLLEdBQUcsR0FBRyxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDO1lBQ3BDLElBQUksQ0FBQywrQkFBK0IsQ0FBQyxRQUFRLEVBQUUsS0FBSyxDQUFDLENBQUM7UUFDeEQsQ0FBQztJQUNILENBQUM7SUFFTyxLQUFLLENBQUMsMkJBQTJCLENBQ3ZDLEtBQWEsRUFDYixTQUEyRCxFQUMzRCxrQkFBd0UsRUFDeEUsZ0JBQStCO1FBRS9CLE1BQU0sTUFBTSxHQUFHLFNBQVMsQ0FBQyxzQkFBc0IsQ0FBQyxLQUFLLENBQUMsQ0FBQztRQUN2RCxJQUFJLE1BQU0sQ0FBQyxLQUFLLEVBQUUsSUFBSSxLQUFLLGNBQWMsRUFBRSxDQUFDO1lBQzFDLE1BQU0sSUFBSSxLQUFLLENBQUMsbUNBQW1DLENBQUMsQ0FBQztRQUN2RCxDQUFDO1FBRUQsTUFBTSxlQUFlLEdBQUcsTUFBTSxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUM7UUFDM0MsTUFBTSxLQUFLLEdBQUcsZUFBZSxDQUFDLGNBQWMsQ0FBQztRQUM3QyxJQUFJLENBQUMsS0FBSyxFQUFFLENBQUM7WUFDWCxNQUFNLElBQUksS0FBSyxDQUFDLHlDQUF5QyxDQUFDLENBQUM7UUFDN0QsQ0FBQztRQUVELE1BQU0sVUFBVSxHQUFHLGFBQWEsQ0FBQyxRQUFRLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUM7UUFFMUQsS0FBSyxJQUFJLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQyxHQUFHLGtCQUFrQixDQUFDLE1BQU0sRUFBRSxDQUFDLEVBQUUsRUFBRSxDQUFDO1lBQ25ELE1BQU0sR0FBRyxHQUFHLGtCQUFrQixDQUFDLENBQUMsQ0FBQyxDQUFDLHNCQUFzQixDQUFDLEtBQUssQ0FBQyxDQUFDO1lBQ2hFLElBQUksR0FBRyxDQUFDLEtBQUssRUFBRSxJQUFJLEtBQUssY0FBYyxFQUFFLENBQUM7Z0JBQ3ZDLE1BQU0sSUFBSSxLQUFLLENBQ2IsaUVBQWlFLENBQ2xFLENBQUM7WUFDSixDQUFDO1lBRUQsTUFBTSxZQUFZLEdBQUcsR0FBRyxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUM7WUFDckMsTUFBTSxFQUFFLEdBQUcsWUFBWSxDQUFDLGNBQWMsQ0FBQztZQUN2QyxJQUFJLENBQUMsRUFBRSxFQUFFLENBQUM7Z0JBQ1IsTUFBTSxJQUFJLEtBQUssQ0FBQywrQkFBK0IsQ0FBQyxDQUFDO1lBQ25ELENBQUM7WUFDRCxNQUFNLE9BQU8sR0FBRyxhQUFhLENBQUMsUUFBUSxDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDO1lBRXBELDBCQUEwQjtZQUMxQixJQUFJLE9BQU8sS0FBSyxVQUFVLEVBQUUsQ0FBQztnQkFDM0IsTUFBTSxJQUFJLEtBQUssQ0FBQyx1Q0FBdUMsQ0FBQyxDQUFDO1lBQzNELENBQUM7WUFFRCx1QkFBdUI7WUFDdkIsSUFBSSxHQUFHLENBQUMsTUFBTSxLQUFLLE1BQU0sQ0FBQyxNQUFNLEVBQUUsQ0FBQztnQkFDakMsTUFBTSxJQUFJLEtBQUssQ0FBQyxxQ0FBcUMsQ0FBQyxDQUFDO1lBQ3pELENBQUM7WUFFRCxnRUFBZ0U7WUFDaEUsSUFBSSxnQkFBZ0IsRUFBRSxDQUFDO2dCQUNyQixNQUFNLFlBQVksR0FBRyxNQUFNLE9BQU8sQ0FBQyxnQkFBZ0IsRUFBRSxLQUFLLENBQUMsQ0FBQztnQkFDNUQsTUFBTSxTQUFTLEdBQUcsTUFBTSxPQUFPLENBQUMsZ0JBQWdCLEVBQUUsRUFBRSxDQUFDLENBQUM7Z0JBQ3RELElBQUksQ0FBQywrQkFBK0IsQ0FBQyxZQUFZLEVBQUUsU0FBUyxDQUFDLENBQUM7WUFDaEUsQ0FBQztRQUNILENBQUM7SUFDSCxDQUFDO0NBQ0YifQ==
|
|
310
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicXVvcnVtQ2xpZW50LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL2ttcy9xdW9ydW1DbGllbnQudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBS0EsT0FBTyxFQUNMLGFBQWEsRUFDYixVQUFVLEVBQ1YsUUFBUSxHQUVULE1BQU0sY0FBYyxDQUFDO0FBTXRCLE9BQU8sRUFDTCxpQkFBaUIsRUFDakIsaUJBQWlCLEdBQ2xCLE1BQU0sNkJBQTZCLENBQUM7QUFVckMsT0FBTyxFQUFFLGFBQWEsRUFBRSxNQUFNLGNBQWMsQ0FBQztBQUc3QyxPQUFPLEVBQUUsZ0JBQWdCLEVBQUUsTUFBTSxhQUFhLENBQUM7QUFDL0MsT0FBTyxFQUFFLFlBQVksRUFBa0IsTUFBTSxhQUFhLENBQUM7QUFDM0QsT0FBTyxFQUNMLGdDQUFnQyxFQUNoQyxnQ0FBZ0MsR0FDakMsTUFBTSx3QkFBd0IsQ0FBQztBQUVoQyxPQUFPLEVBQ0wsb0NBQW9DLEVBQ3BDLHVDQUF1QyxHQUN4QyxNQUFNLDRCQUE0QixDQUFDO0FBQ3BDLE9BQU8sRUFBRSxvQkFBb0IsRUFBRSxNQUFNLHdCQUF3QixDQUFDO0FBTzlEOzs7R0FHRztBQUNILFNBQVMsc0JBQXNCLENBQUMsU0FBaUIsRUFBRSxXQUFtQjtJQUNwRSxNQUFNLFFBQVEsR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLFdBQVcsR0FBRyxDQUFDLENBQUMsR0FBRyxDQUFDLENBQUM7SUFDakQsSUFBSSxTQUFTLEdBQUcsUUFBUSxFQUFFLENBQUM7UUFDekIsTUFBTSxJQUFJLEtBQUssQ0FDYixjQUFjLFNBQVMsa0NBQWtDLFFBQVEsUUFBUSxXQUFXLHlDQUF5QyxDQUM5SCxDQUFDO0lBQ0osQ0FBQztBQUNILENBQUM7QUFFRCxNQUFNLE9BQU8sZUFBZTtJQUNULElBQUksQ0FBUTtJQUNaLFNBQVMsQ0FBUztJQVFuQyxpQkFBaUI7SUFDakIsWUFDRSxrQkFBb0UsRUFDcEUsU0FBaUI7UUFFakIsSUFBSSxrQkFBa0IsQ0FBQyxNQUFNLEtBQUssQ0FBQyxFQUFFLENBQUM7WUFDcEMsTUFBTSxJQUFJLEtBQUssQ0FBQyxpREFBaUQsQ0FBQyxDQUFDO1FBQ3JFLENBQUM7UUFFRCxJQUFJLFNBQVMsR0FBRyxDQUFDLElBQUksU0FBUyxHQUFHLGtCQUFrQixDQUFDLE1BQU0sRUFBRSxDQUFDO1lBQzNELE1BQU0sSUFBSSxLQUFLLENBQ2IsbUNBQW1DLGtCQUFrQixDQUFDLE1BQU0sRUFBRSxDQUMvRCxDQUFDO1FBQ0osQ0FBQztRQUVELHNCQUFzQixDQUFDLFNBQVMsRUFBRSxrQkFBa0IsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUU3RCwyRkFBMkY7UUFDM0YsSUFDRSxrQkFBa0IsQ0FBQyxNQUFNLEdBQUcsQ0FBQztZQUM3QixpQkFBaUIsSUFBSSxrQkFBa0IsQ0FBQyxDQUFDLENBQUMsRUFDMUMsQ0FBQztZQUNELDBCQUEwQjtZQUMxQixNQUFNLFVBQVUsR0FBRyxrQkFBaUMsQ0FBQztZQUNyRCxJQUFJLENBQUMsSUFBSSxHQUFHLFVBQVUsQ0FBQyxHQUFHLENBQUMsQ0FBQyxNQUFNLEVBQUUsRUFBRSxDQUFDLENBQUM7Z0JBQ3RDLE1BQU07Z0JBQ04sTUFBTSxFQUFFLE1BQU0sQ0FBQyxhQUFhO2FBQzdCLENBQUMsQ0FBQyxDQUFDO1FBQ04sQ0FBQzthQUFNLENBQUM7WUFDTixpREFBaUQ7WUFDakQsTUFBTSxTQUFTLEdBQUcsa0JBR2YsQ0FBQztZQUNKLElBQUksQ0FBQyxJQUFJLEdBQUcsU0FBUyxDQUFDLEdBQUcsQ0FBQyxDQUFDLFFBQVEsRUFBRSxFQUFFO2dCQUNyQyxPQUFPO29CQUNMLE1BQU0sRUFBRSxZQUFZLENBQUMsUUFBUSxDQUFDLEdBQUcsRUFBRSxRQUFRLENBQUMsTUFBTSxDQUFDO29CQUNuRCxNQUFNLEVBQUUsUUFBUSxDQUFDLE1BQU07aUJBQ3hCLENBQUM7WUFDSixDQUFDLENBQUMsQ0FBQztRQUNMLENBQUM7UUFDRCxJQUFJLENBQUMsU0FBUyxHQUFHLFNBQVMsQ0FBQztJQUM3QixDQUFDO0lBRUQ7Ozs7Ozs7O09BUUc7SUFDSCxNQUFNLENBQUMsUUFBUSxDQUNiLElBQWMsRUFDZCxPQUFrQixFQUNsQixTQUFpQjtRQUVqQixJQUFJLElBQUksQ0FBQyxNQUFNLEtBQUssQ0FBQyxFQUFFLENBQUM7WUFDdEIsTUFBTSxJQUFJLEtBQUssQ0FBQyw4QkFBOEIsQ0FBQyxDQUFDO1FBQ2xELENBQUM7UUFDRCxJQUFJLE9BQU8sQ0FBQyxNQUFNLEtBQUssSUFBSSxDQUFDLE1BQU0sRUFBRSxDQUFDO1lBQ25DLE1BQU0sSUFBSSxLQUFLLENBQ2IseUJBQXlCLE9BQU8sQ0FBQyxNQUFNLG1DQUFtQyxJQUFJLENBQUMsTUFBTSxHQUFHLENBQ3pGLENBQUM7UUFDSixDQUFDO1FBRUQsSUFBSSxTQUFTLEdBQUcsQ0FBQyxJQUFJLFNBQVMsR0FBRyxJQUFJLENBQUMsTUFBTSxFQUFFLENBQUM7WUFDN0MsTUFBTSxJQUFJLEtBQUssQ0FDYixtQ0FBbUMsSUFBSSxDQUFDLE1BQU0sbUJBQW1CLENBQ2xFLENBQUM7UUFDSixDQUFDO1FBRUQsTUFBTSxTQUFTLEdBQUcsSUFBSSxDQUFDLEdBQUcsQ0FBQyxDQUFDLEdBQUcsRUFBRSxLQUFLLEVBQUUsRUFBRTtZQUN4QyxPQUFPLEVBQUUsR0FBRyxFQUFFLE1BQU0sRUFBRSxPQUFPLENBQUMsS0FBSyxDQUFDLEVBQUUsQ0FBQztRQUN6QyxDQUFDLENBQUMsQ0FBQztRQUVILE9BQU8sSUFBSSxlQUFlLENBQUMsU0FBUyxFQUFFLFNBQVMsQ0FBQyxDQUFDO0lBQ25ELENBQUM7SUFFRDs7Ozs7OztPQU9HO0lBQ0gsTUFBTSxDQUFDLGNBQWMsQ0FDbkIsVUFBdUIsRUFDdkIsU0FBaUI7UUFFakIsSUFBSSxVQUFVLENBQUMsTUFBTSxLQUFLLENBQUMsRUFBRSxDQUFDO1lBQzVCLE1BQU0sSUFBSSxLQUFLLENBQUMscUNBQXFDLENBQUMsQ0FBQztRQUN6RCxDQUFDO1FBRUQsSUFBSSxTQUFTLEdBQUcsQ0FBQyxJQUFJLFNBQVMsR0FBRyxVQUFVLENBQUMsTUFBTSxFQUFFLENBQUM7WUFDbkQsTUFBTSxJQUFJLEtBQUssQ0FDYixtQ0FBbUMsVUFBVSxDQUFDLE1BQU0sMEJBQTBCLENBQy9FLENBQUM7UUFDSixDQUFDO1FBRUQsT0FBTyxJQUFJLGVBQWUsQ0FBQyxVQUFVLEVBQUUsU0FBUyxDQUFDLENBQUM7SUFDcEQsQ0FBQztJQUVELEtBQUssQ0FBQyxlQUFlLENBQ25CLE9BQStCLEVBQy9CLGFBQXNDLEVBQ3RDLGdCQUErQixFQUMvQixlQUF5QixFQUN6QixNQUFtQjtRQU9uQixNQUFNLGdCQUFnQixHQUFHLE1BQU0sSUFBSSxDQUFDLGdDQUFnQyxDQUNsRSxLQUFLLEVBQUUsR0FBRyxFQUFFLEVBQUU7WUFDWixPQUFPLE1BQU0sR0FBRyxDQUFDLE1BQU0sQ0FBQyxlQUFlLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDbkQsQ0FBQyxFQUNELGFBQWEsQ0FDZCxDQUFDO1FBRUYsK0VBQStFO1FBQy9FLE1BQU0sRUFBRSxTQUFTLEVBQUUsY0FBYyxFQUFFLEdBQ2pDLE1BQU0sZ0NBQWdDLENBQ3BDLGdCQUdFLEVBQ0YsSUFBSSxDQUFDLFNBQVMsRUFDZCxnQkFBZ0IsQ0FDakIsQ0FBQztRQUVKLE9BQU8sSUFBSSxDQUFDLDJCQUEyQixDQUNyQyxTQUFTLEVBQ1QsY0FBYyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxFQUNyQyxjQUFjLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsTUFBTSxDQUFDLEVBQ25DLGVBQWUsRUFDZixNQUFNLENBQ1AsQ0FBQztJQUNKLENBQUM7SUFFRCxLQUFLLENBQUMsZUFBZSxDQUNuQixPQUErQixFQUMvQixhQUFzQyxFQUN0QyxnQkFBK0IsRUFDL0IsZUFBeUIsRUFDekIsTUFBbUI7UUFLbkIsTUFBTSxnQkFBZ0IsR0FBRyxNQUFNLElBQUksQ0FBQyxnQ0FBZ0MsQ0FDbEUsS0FBSyxFQUFFLEdBQUcsRUFBRSxFQUFFO1lBQ1osT0FBTyxNQUFNLEdBQUcsQ0FBQyxNQUFNLENBQUMsZUFBZSxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQ25ELENBQUMsRUFDRCxhQUFhLENBQ2QsQ0FBQztRQUVGLHFEQUFxRDtRQUNyRCxNQUFNLEVBQUUsU0FBUyxFQUFFLGNBQWMsRUFBRSxHQUNqQyxNQUFNLGdDQUFnQyxDQUNwQyxnQkFHRSxFQUNGLElBQUksQ0FBQyxTQUFTLEVBQ2QsT0FBTyxFQUNQLGdCQUFnQixDQUNqQixDQUFDO1FBRUosT0FBTyxJQUFJLENBQUMsaUNBQWlDLENBQzNDLFNBQVMsRUFDVCxjQUFjLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsUUFBUSxDQUFDLEVBQ3JDLGNBQWMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUMsQ0FBQyxNQUFNLENBQUMsRUFDbkMsZUFBZSxFQUNmLE1BQU0sQ0FDUCxDQUFDO0lBQ0osQ0FBQztJQUVELEtBQUssQ0FBQyxjQUFjLENBQ2xCLE9BQThCLEVBQzlCLGFBQXNDLEVBQ3RDLGVBQXlCLEVBQ3pCLE1BQW1CO1FBT25CLE1BQU0sZ0JBQWdCLEdBQUcsTUFBTSxJQUFJLENBQUMsZ0NBQWdDLENBQ2xFLEtBQUssRUFBRSxHQUFHLEVBQUUsRUFBRTtZQUNaLE9BQU8sTUFBTSxHQUFHLENBQUMsTUFBTSxDQUFDLGNBQWMsQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUNsRCxDQUFDLEVBQ0QsYUFBYSxDQUNkLENBQUM7UUFFRixpRkFBaUY7UUFDakYsTUFBTSxFQUFFLFNBQVMsRUFBRSxjQUFjLEVBQUUsR0FDakMsTUFBTSxnQ0FBZ0MsQ0FDcEMsZ0JBR0UsRUFDRixJQUFJLENBQUMsU0FBUyxDQUNmLENBQUM7UUFFSixPQUFPLElBQUksQ0FBQywyQkFBMkIsQ0FDckMsU0FBUyxFQUNULGNBQWMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUMsQ0FBQyxRQUFRLENBQUMsRUFDckMsY0FBYyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxFQUNuQyxlQUFlLEVBQ2YsTUFBTSxDQUNQLENBQUM7SUFDSixDQUFDO0lBRUQ7OztPQUdHO0lBQ0ssS0FBSyxDQUFDLGdDQUFnQyxDQUM1QyxTQUEyQyxFQUMzQyxhQUFzQztRQUV0QyxpRUFBaUU7UUFDakUsK0NBQStDO1FBQy9DLE1BQU0sUUFBUSxHQUFHLElBQUksQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLEtBQUssRUFBRSxHQUFHLEVBQUUsS0FBSyxFQUFFLEVBQUU7WUFDbEQsSUFBSSxDQUFDO2dCQUNILE1BQU0sUUFBUSxHQUFHLE1BQU0sZ0JBQWdCLENBQUMsS0FBSyxJQUFJLEVBQUU7b0JBQ2pELE9BQU8sTUFBTSxTQUFTLENBQUMsR0FBRyxDQUFDLENBQUM7Z0JBQzlCLENBQUMsRUFBRSxhQUFhLENBQUMsQ0FBQztnQkFDbEIsT0FBTyxFQUFFLFFBQVEsRUFBRSxNQUFNLEVBQUUsR0FBRyxDQUFDLE1BQU0sRUFBRSxDQUFDO1lBQzFDLENBQUM7WUFBQyxPQUFPLEtBQUssRUFBRSxDQUFDO2dCQUNmLE1BQU0sSUFBSSxLQUFLLENBQUMsY0FBYyxLQUFLLFlBQVksS0FBSyxFQUFFLENBQUMsQ0FBQztZQUMxRCxDQUFDO1FBQ0gsQ0FBQyxDQUFDLENBQUM7UUFFSCxPQUFPLE1BQU0sb0JBQW9CLENBRzlCLFFBQVEsRUFBRSxJQUFJLENBQUMsU0FBUyxDQUFDLENBQUM7SUFDL0IsQ0FBQztJQUVEOzs7T0FHRztJQUNLLHdCQUF3QixDQUM5QixVQUF3QixFQUN4QixPQUFrQjtRQUVsQixNQUFNLHFCQUFxQixHQUFHLFVBQVUsQ0FBQyxHQUFHLENBQUMsQ0FBQyxTQUFTLEVBQUUsR0FBRyxFQUFFLEVBQUUsQ0FBQyxDQUFDO1lBQ2hFLFNBQVM7WUFDVCxNQUFNLEVBQUUsT0FBTyxDQUFDLEdBQUcsQ0FBQztTQUNyQixDQUFDLENBQUMsQ0FBQztRQUVKLCtFQUErRTtRQUMvRSxxQkFBcUIsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxFQUFFLEVBQUU7WUFDbEMsTUFBTSxPQUFPLEdBQUcsTUFBTSxDQUFDLENBQUMsQ0FBQyxNQUFNLENBQUMsQ0FBQztZQUNqQyxNQUFNLE9BQU8sR0FBRyxNQUFNLENBQUMsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxDQUFDO1lBQ2pDLElBQUksT0FBTyxHQUFHLE9BQU87Z0JBQUUsT0FBTyxDQUFDLENBQUMsQ0FBQztZQUNqQyxJQUFJLE9BQU8sR0FBRyxPQUFPO2dCQUFFLE9BQU8sQ0FBQyxDQUFDO1lBQ2hDLE9BQU8sQ0FBQyxDQUFDO1FBQ1gsQ0FBQyxDQUFDLENBQUM7UUFFSCw0QkFBNEI7UUFDNUIsT0FBTyxxQkFBcUIsQ0FBQyxHQUFHLENBQUMsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsQ0FBQztJQUM3RCxDQUFDO0lBRUQ7O09BRUc7SUFDSyx5QkFBeUIsQ0FDL0IscUJBQWlELEVBQ2pELHFCQUFtQztRQUVuQyxJQUNFLENBQUMscUJBQXFCLENBQUMsS0FBSztZQUM1QixxQkFBcUIsQ0FBQyxLQUFLLENBQUMsSUFBSSxLQUFLLFdBQVcsRUFDaEQsQ0FBQztZQUNELE1BQU0sSUFBSSxLQUFLLENBQUMsZ0NBQWdDLENBQUMsQ0FBQztRQUNwRCxDQUFDO1FBRUQsTUFBTSxjQUFjLEdBQUcscUJBQXFCLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUM7UUFDL0QsTUFBTSxNQUFNLEdBQUcscUJBQXFCLENBQUMsTUFBbUIsQ0FBQztRQUN6RCxNQUFNLFVBQVUsR0FBRyxhQUFhLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDekMsTUFBTSxXQUFXLEdBQUcsYUFBYSxDQUFDLGNBQWMsQ0FBQyxDQUFDO1FBQ2xELE1BQU0sU0FBUyxHQUFHLGlCQUFpQixDQUNqQyxpQkFBaUIsQ0FBQyxLQUFLLEVBQ3ZCLFVBQThCLEVBQzlCLFdBQVcsQ0FDWixDQUFDO1FBRUYsT0FBTztZQUNMLE1BQU07WUFDTixTQUFTO1lBQ1QscUJBQXFCO1NBQ3VDLENBQUM7SUFDakUsQ0FBQztJQUVPLEtBQUssQ0FBQywyQkFBMkIsQ0FDdkMsU0FBMkQsRUFDM0Qsa0JBQXdFLEVBQ3hFLE9BQWtCLEVBQ2xCLGVBQXlCLEVBQ3pCLE1BQW1CO1FBT25CLE1BQU0sZ0JBQWdCLEdBQUcsU0FBUyxDQUFDLHNCQUFzQixDQUFDLE1BQU0sQ0FBQztRQUNqRSxNQUFNLE9BQU8sR0FHUCxFQUFFLENBQUM7UUFFVCxLQUFLLElBQUksQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDLEdBQUcsZ0JBQWdCLEVBQUUsQ0FBQyxFQUFFLEVBQUUsQ0FBQztZQUMxQyxNQUFNLE1BQU0sR0FBRyxTQUFTLENBQUMsc0JBQXNCLENBQUMsQ0FBQyxDQUFDLENBQUM7WUFDbkQsSUFBSSxDQUFDLE1BQU0sQ0FBQyxLQUFLLEVBQUUsQ0FBQztnQkFDbEIsTUFBTSxJQUFJLEtBQUssQ0FBQyx5QkFBeUIsQ0FBQyxDQUFDO1lBQzdDLENBQUM7WUFFRCxnREFBZ0Q7WUFDaEQsTUFBTSxVQUFVLEdBQUcsa0JBQWtCLENBQUMsR0FBRyxDQUN2QyxDQUFDLElBQUksRUFBRSxFQUFFLENBQUMsSUFBSSxDQUFDLHNCQUFzQixDQUFDLENBQUMsQ0FBQyxDQUFDLFNBQVMsQ0FDbkQsQ0FBQztZQUNGLE1BQU0scUJBQXFCLEdBQUcsSUFBSSxDQUFDLHdCQUF3QixDQUN6RCxVQUFVLEVBQ1YsT0FBTyxDQUNSLENBQUM7WUFFRixJQUFJLE1BQU0sQ0FBQyxLQUFLLENBQUMsSUFBSSxLQUFLLFdBQVcsRUFBRSxDQUFDO2dCQUN0QywrREFBK0Q7Z0JBQy9ELDZGQUE2RjtnQkFDN0YsSUFBSSxlQUFlLElBQUksTUFBTSxFQUFFLENBQUM7b0JBQzlCLE1BQU0sb0NBQW9DLENBQ3hDLE1BQU0sQ0FBQyxNQUFNLEVBQ2IsTUFBTSxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsS0FBSyxFQUN4QixxQkFBcUIsRUFDckIsZUFBZSxFQUNmLE1BQU0sQ0FDUCxDQUFDO2dCQUNKLENBQUM7Z0JBQ0QsT0FBTyxDQUFDLElBQUksQ0FDVixJQUFJLENBQUMseUJBQXlCLENBQUMsTUFBTSxFQUFFLHFCQUFxQixDQUFDLENBQzlELENBQUM7WUFDSixDQUFDO2lCQUFNLElBQUksTUFBTSxDQUFDLEtBQUssQ0FBQyxJQUFJLEtBQUssY0FBYyxFQUFFLENBQUM7Z0JBQ2hELCtEQUErRDtnQkFDL0QsTUFBTSxtQkFBbUIsR0FBaUIsRUFBRSxDQUFDO2dCQUM3QyxNQUFNLHlCQUF5QixHQUFpQixFQUFFLENBQUM7Z0JBQ25ELEtBQUssTUFBTSxJQUFJLElBQUksa0JBQWtCLEVBQUUsQ0FBQztvQkFDdEMsTUFBTSxRQUFRLEdBQUcsSUFBSSxDQUFDLHNCQUFzQixDQUFDLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQztvQkFDdEQsSUFBSSxRQUFRLEVBQUUsSUFBSSxLQUFLLGNBQWMsRUFBRSxDQUFDO3dCQUN0QyxtQkFBbUIsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQyxrQkFBa0IsQ0FBQyxDQUFDO3dCQUM1RCx5QkFBeUIsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQyxjQUFjLENBQUMsQ0FBQztvQkFDaEUsQ0FBQzt5QkFBTSxDQUFDO3dCQUNOLE1BQU0sSUFBSSxLQUFLLENBQ2IsbURBQW1ELFFBQVEsRUFBRSxJQUFJLEdBQUcsQ0FDckUsQ0FBQztvQkFDSixDQUFDO2dCQUNILENBQUM7Z0JBRUQsTUFBTSw4QkFBOEIsR0FBRyxJQUFJLENBQUMsd0JBQXdCLENBQ2xFLG1CQUFtQixFQUNuQixPQUFPLENBQ1IsQ0FBQztnQkFFRixNQUFNLGlCQUFpQixHQUFHLElBQUksQ0FBQyx3QkFBd0IsQ0FDckQseUJBQXlCLEVBQ3pCLE9BQU8sQ0FDUixDQUFDO2dCQUVGLDZGQUE2RjtnQkFDN0YsSUFBSSxlQUFlLElBQUksTUFBTSxFQUFFLENBQUM7b0JBQzlCLE1BQU0sdUNBQXVDLENBQzNDLE1BQU0sQ0FBQyxNQUFNLEVBQ2IsaUJBQWlCLEVBQ2pCLDhCQUE4QixFQUM5QixxQkFBcUIsRUFDckIsZUFBZSxFQUNmLE1BQU0sQ0FDUCxDQUFDO2dCQUNKLENBQUM7Z0JBRUQsTUFBTSxZQUFZLEdBQUcsTUFBTSxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUM7Z0JBQ3hDLE1BQU0sRUFBRSxHQUFHLFlBQVksQ0FBQyxjQUFjLENBQUM7Z0JBQ3ZDLE1BQU0sVUFBVSxHQUFHLGFBQWEsQ0FBQyxRQUFRLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUM7Z0JBQzFELE9BQU8sQ0FBQyxJQUFJLENBQUM7b0JBQ1gsTUFBTSxFQUFFLE1BQU0sQ0FBQyxNQUFtQjtvQkFDbEMsa0JBQWtCLEVBQUU7d0JBQ2xCLFVBQVUsRUFBRTs0QkFDVixLQUFLLEVBQUUsVUFBVSxDQUFDLEVBQUUsQ0FBQzs0QkFDckIsTUFBTSxFQUFFLGlCQUFpQixDQUFDLEtBQUssRUFBRSwwQkFBMEI7NEJBQzNELElBQUksRUFBRSxVQUE4Qjt5QkFDckM7cUJBQ3FEO29CQUN4RCxtQkFBbUIsRUFBRSw4QkFBOEI7b0JBQ25ELHFCQUFxQjtpQkFJdEIsQ0FBQyxDQUFDO1lBQ0wsQ0FBQztpQkFBTSxDQUFDO2dCQUNOLE1BQU0sSUFBSSxLQUFLLENBQ2IsZ0NBQWdDLE1BQU0sQ0FBQyxLQUFLLENBQUMsSUFBSSwwQ0FBMEMsQ0FDNUYsQ0FBQztZQUNKLENBQUM7UUFDSCxDQUFDO1FBRUQsT0FBTyxPQUFPLENBQUM7SUFDakIsQ0FBQztJQUVPLEtBQUssQ0FBQyxpQ0FBaUMsQ0FDN0MsU0FBa0MsRUFDbEMsa0JBQTZDLEVBQzdDLE9BQWtCLEVBQ2xCLGVBQXlCLEVBQ3pCLE1BQW1CO1FBS25CLE1BQU0sTUFBTSxHQUFHLFNBQVMsQ0FBQyxxQkFBcUIsQ0FBQztRQUMvQyxJQUFJLENBQUMsTUFBTSxFQUFFLENBQUM7WUFDWixNQUFNLElBQUksS0FBSyxDQUFDLGlEQUFpRCxDQUFDLENBQUM7UUFDckUsQ0FBQztRQUVELElBQUksQ0FBQyxNQUFNLENBQUMsS0FBSyxFQUFFLENBQUM7WUFDbEIsTUFBTSxJQUFJLEtBQUssQ0FBQyxtQ0FBbUMsQ0FBQyxDQUFDO1FBQ3ZELENBQUM7UUFFRCxnREFBZ0Q7UUFDaEQsbUdBQW1HO1FBQ25HLE1BQU0sVUFBVSxHQUFpQixFQUFFLENBQUM7UUFDcEMsS0FBSyxNQUFNLElBQUksSUFBSSxrQkFBa0IsRUFBRSxDQUFDO1lBQ3RDLE1BQU0sR0FBRyxHQUFHLElBQUksQ0FBQyxxQkFBcUIsQ0FBQztZQUN2QyxJQUFJLENBQUMsR0FBRztnQkFDTixNQUFNLElBQUksS0FBSyxDQUFDLG9EQUFvRCxDQUFDLENBQUM7WUFDeEUsVUFBVSxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsU0FBUyxDQUFDLENBQUM7UUFDakMsQ0FBQztRQUNELE1BQU0scUJBQXFCLEdBQUcsSUFBSSxDQUFDLHdCQUF3QixDQUN6RCxVQUFVLEVBQ1YsT0FBTyxDQUNSLENBQUM7UUFFRixJQUFJLE1BQU0sQ0FBQyxLQUFLLENBQUMsSUFBSSxLQUFLLFdBQVcsRUFBRSxDQUFDO1lBQ3RDLCtEQUErRDtZQUMvRCw2RkFBNkY7WUFDN0YsSUFBSSxlQUFlLElBQUksTUFBTSxFQUFFLENBQUM7Z0JBQzlCLE1BQU0sb0NBQW9DLENBQ3hDLE1BQU0sQ0FBQyxNQUFNLEVBQ2IsTUFBTSxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsS0FBSyxFQUN4QixxQkFBcUIsRUFDckIsZUFBZSxFQUNmLE1BQU0sQ0FDUCxDQUFDO1lBQ0osQ0FBQztZQUNELE9BQU8sSUFBSSxDQUFDLHlCQUF5QixDQUFDLE1BQU0sRUFBRSxxQkFBcUIsQ0FBQyxDQUFDO1FBQ3ZFLENBQUM7UUFFRCxJQUFJLE1BQU0sQ0FBQyxLQUFLLENBQUMsSUFBSSxLQUFLLGNBQWMsRUFBRSxDQUFDO1lBQ3pDLG9FQUFvRTtZQUNwRSxzRUFBc0U7WUFFdEUsTUFBTSxZQUFZLEdBQUcsTUFBTSxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUM7WUFDeEMsTUFBTSxFQUFFLEdBQUcsWUFBWSxDQUFDLGNBQWMsQ0FBQztZQUN2QyxJQUFJLENBQUMsRUFBRSxFQUFFLENBQUM7Z0JBQ1IsTUFBTSxJQUFJLEtBQUssQ0FBQywrQkFBK0IsQ0FBQyxDQUFDO1lBQ25ELENBQUM7WUFFRCxNQUFNLFVBQVUsR0FBRyxhQUFhLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDO1lBRTFELCtEQUErRDtZQUMvRCxNQUFNLG1CQUFtQixHQUFpQixFQUFFLENBQUM7WUFDN0MsTUFBTSx5QkFBeUIsR0FBaUIsRUFBRSxDQUFDO1lBQ25ELEtBQUssTUFBTSxJQUFJLElBQUksa0JBQWtCLEVBQUUsQ0FBQztnQkFDdEMsSUFBSSxJQUFJLENBQUMscUJBQXFCLEVBQUUsS0FBSyxDQUFDLElBQUksS0FBSyxjQUFjLEVBQUUsQ0FBQztvQkFDOUQsTUFBTSxLQUFLLEdBQUcsSUFBSSxDQUFDLHFCQUFxQixDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUM7b0JBQ3JELG1CQUFtQixDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsa0JBQWtCLENBQUMsQ0FBQztvQkFDbkQseUJBQXlCLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxjQUFjLENBQUMsQ0FBQztnQkFDdkQsQ0FBQztxQkFBTSxDQUFDO29CQUNOLE1BQU0sSUFBSSxLQUFLLENBQ2IsbURBQW1ELElBQUksQ0FBQyxxQkFBcUIsRUFBRSxLQUFLLENBQUMsSUFBSSxHQUFHLENBQzdGLENBQUM7Z0JBQ0osQ0FBQztZQUNILENBQUM7WUFFRCxNQUFNLDhCQUE4QixHQUFHLElBQUksQ0FBQyx3QkFBd0IsQ0FDbEUsbUJBQW1CLEVBQ25CLE9BQU8sQ0FDUixDQUFDO1lBRUYsTUFBTSxpQkFBaUIsR0FBRyxJQUFJLENBQUMsd0JBQXdCLENBQ3JELHlCQUF5QixFQUN6QixPQUFPLENBQ1IsQ0FBQztZQUVGLDZGQUE2RjtZQUM3RixJQUFJLGVBQWUsSUFBSSxNQUFNLEVBQUUsQ0FBQztnQkFDOUIsTUFBTSx1Q0FBdUMsQ0FDM0MsTUFBTSxDQUFDLE1BQU0sRUFDYixpQkFBaUIsRUFDakIsOEJBQThCLEVBQzlCLHFCQUFxQixFQUNyQixlQUFlLEVBQ2YsTUFBTSxDQUNQLENBQUM7WUFDSixDQUFDO1lBRUQsT0FBTztnQkFDTCxNQUFNLEVBQUUsTUFBTSxDQUFDLE1BQW1CO2dCQUNsQyxrQkFBa0IsRUFBRTtvQkFDbEIsVUFBVSxFQUFFO3dCQUNWLEtBQUssRUFBRSxVQUFVLENBQUMsRUFBRSxDQUFDO3dCQUNyQixNQUFNLEVBQUUsaUJBQWlCLENBQUMsS0FBSyxFQUFFLDBCQUEwQjt3QkFDM0QsSUFBSSxFQUFFLFVBQThCO3FCQUNyQztpQkFDcUQ7Z0JBQ3hELG1CQUFtQixFQUFFLDhCQUE4QjtnQkFDbkQscUJBQXFCO2FBQ2dELENBQUM7UUFDMUUsQ0FBQztRQUVELE1BQU0sSUFBSSxLQUFLLENBQ2IsZ0NBQWdDLE1BQU0sQ0FBQyxLQUFLLENBQUMsSUFBSSwwQ0FBMEMsQ0FDNUYsQ0FBQztJQUNKLENBQUM7Q0FDRiJ9
|
|
@@ -0,0 +1,58 @@
|
|
|
1
|
+
import type { Address } from 'viem';
|
|
2
|
+
import type { AttestedComputeRequest, AttestedComputeResponse, AttestedDecryptResponse, AttestedRevealResponse, DecryptionAttestation as ProtoDecryptionAttestation } from '../generated/es/inco/kms/lite/v1/kms_service_pb.js';
|
|
3
|
+
import type { XwingKeypair } from '../lite/xwing.js';
|
|
4
|
+
/**
|
|
5
|
+
* Computes a canonical key for a single attestation.
|
|
6
|
+
* For plaintext/reencryption+keypair, the key is handle:hex(value).
|
|
7
|
+
* For reencryption without a keypair (XWing ciphertexts are non-deterministic),
|
|
8
|
+
* falls back to handle:op-type as a structural stand-in.
|
|
9
|
+
*/
|
|
10
|
+
export declare function computeAttestationKey(att: ProtoDecryptionAttestation, reencryptKeypair?: XwingKeypair): Promise<string>;
|
|
11
|
+
/**
|
|
12
|
+
* Validates that all responses in a winning bucket have the same attestation
|
|
13
|
+
* count and types as the quorum-elected reference (bucket[0]).
|
|
14
|
+
*/
|
|
15
|
+
export declare function validateDecryptResponseStructure<T extends AttestedDecryptResponse | AttestedRevealResponse>(bucket: Array<{
|
|
16
|
+
response: T;
|
|
17
|
+
signer: Address;
|
|
18
|
+
}>): void;
|
|
19
|
+
/**
|
|
20
|
+
* Validates that all responses in a winning bucket have a decryption
|
|
21
|
+
* attestation with the same case as the quorum-elected reference (bucket[0]),
|
|
22
|
+
* and that the case is consistent with the request's reencryptPubKey.
|
|
23
|
+
*/
|
|
24
|
+
export declare function validateComputeResponseStructure(bucket: Array<{
|
|
25
|
+
response: AttestedComputeResponse;
|
|
26
|
+
signer: Address;
|
|
27
|
+
}>, request?: AttestedComputeRequest): void;
|
|
28
|
+
/**
|
|
29
|
+
* Verifies decrypt/reveal response consistency using hash-bucket voting.
|
|
30
|
+
* Collects all N responses, buckets them by content key, and returns the
|
|
31
|
+
* winning bucket (the first one with >= threshold votes).
|
|
32
|
+
*
|
|
33
|
+
* This is robust against a faulty first-responding node: even if responses[0]
|
|
34
|
+
* disagrees, a quorum of agreeing responses will form a winning bucket.
|
|
35
|
+
*/
|
|
36
|
+
export declare function verifyDecryptResponseConsistency<T extends AttestedDecryptResponse | AttestedRevealResponse>(allResults: Array<{
|
|
37
|
+
response: T;
|
|
38
|
+
signer: Address;
|
|
39
|
+
}>, threshold: number, reencryptKeypair?: XwingKeypair): Promise<{
|
|
40
|
+
reference: T;
|
|
41
|
+
winningResults: Array<{
|
|
42
|
+
response: T;
|
|
43
|
+
signer: Address;
|
|
44
|
+
}>;
|
|
45
|
+
}>;
|
|
46
|
+
/**
|
|
47
|
+
* Verifies compute response consistency using hash-bucket voting.
|
|
48
|
+
*/
|
|
49
|
+
export declare function verifyComputeResponseConsistency(allResults: Array<{
|
|
50
|
+
response: AttestedComputeResponse;
|
|
51
|
+
signer: Address;
|
|
52
|
+
}>, threshold: number, request?: AttestedComputeRequest, reencryptKeypair?: XwingKeypair): Promise<{
|
|
53
|
+
reference: AttestedComputeResponse;
|
|
54
|
+
winningResults: Array<{
|
|
55
|
+
response: AttestedComputeResponse;
|
|
56
|
+
signer: Address;
|
|
57
|
+
}>;
|
|
58
|
+
}>;
|