@super-protocol/addons-tee 0.8.16 → 0.8.17-beta.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -1
- package/bindings/amd-sev-snp-napi-rs/amd-sev-snp-napi-rs.linux-x64-gnu.node +0 -0
- package/bindings/amd-sev-snp-napi-rs/index.d.ts +24 -0
- package/bindings/amd-sev-snp-napi-rs/index.js +328 -0
- package/bindings/amd-sev-snp-napi-rs/package-lock.json +40 -0
- package/bindings/amd-sev-snp-napi-rs/package.json +31 -0
- package/bindings/sgx-native/build/Release/sgx_native.node +0 -0
- package/bindings/utils/virtee/LICENSE +201 -0
- package/bindings/utils/virtee/libsev.so +0 -0
- package/bindings/utils/virtee/snpguest +0 -0
- package/dist/sgx-native-module/consts.d.ts +1 -1
- package/dist/sgx-native-module/consts.js +4 -4
- package/dist/sgx-native-module/dcap-quote-verify.service.js +1 -1
- package/dist/sgx-native-module/enclave.service.d.ts +5 -4
- package/dist/sgx-native-module/enclave.service.js +1 -1
- package/dist/sgx-native-module/errors.js +1 -1
- package/dist/sgx-native-module/index.d.ts +2 -0
- package/dist/sgx-native-module/index.js +3 -1
- package/dist/sgx-native-module/pki.service.d.ts +2 -2
- package/dist/sgx-native-module/pki.service.js +4 -4
- package/dist/sgx-native-module/sev-snp-mrenclave.d.ts +63 -0
- package/dist/sgx-native-module/sev-snp-mrenclave.js +290 -0
- package/dist/sgx-native-module/sev-snp.d.ts +133 -0
- package/dist/sgx-native-module/sev-snp.js +533 -0
- package/package.json +21 -14
- package/dist/sgx-native-module/sgx-tests.d.ts +0 -1
- package/dist/sgx-native-module/sgx-tests.js +0 -114
- package/dist/sgx-native-module/tdx-tests.d.ts +0 -1
- package/dist/sgx-native-module/tdx-tests.js +0 -64
|
@@ -32,4 +32,4 @@ class DcapQuoteVerifyService {
|
|
|
32
32
|
}
|
|
33
33
|
}
|
|
34
34
|
exports.DcapQuoteVerifyService = DcapQuoteVerifyService;
|
|
35
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
35
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZGNhcC1xdW90ZS12ZXJpZnkuc2VydmljZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9zZ3gtbmF0aXZlLW1vZHVsZS9kY2FwLXF1b3RlLXZlcmlmeS5zZXJ2aWNlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLE1BQU0sRUFBRSxzQkFBc0IsRUFBRSxHQUFHLE9BQU8sQ0FBQyx5REFBeUQsQ0FBQyxDQUFDO0FBQ3RHLHFDQUFnRTtBQUNoRSxxQ0FBc0g7QUFRdEgsTUFBYSxzQkFBc0I7SUFHL0I7UUFDSSxJQUFJLENBQUMsYUFBYSxHQUFHLElBQUksc0JBQXNCLEVBQUUsQ0FBQztJQUN0RCxDQUFDO0lBRUQsS0FBSyxDQUFDLG9CQUFvQixDQUFDLFlBQW9CO1FBQzNDLElBQUksQ0FBQyxZQUFZLEVBQUUsTUFBTSxFQUFFLENBQUM7WUFDeEIsTUFBTSxJQUFJLCtDQUFzQyxDQUFDLG1CQUFtQixDQUFDLENBQUM7UUFDMUUsQ0FBQztRQUVELE9BQU8sSUFBSSxDQUFDLGFBQWEsQ0FBQyxvQkFBb0IsQ0FBQyxZQUFZLENBQUMsQ0FBQztJQUNqRSxDQUFDO0lBRUQsS0FBSyxDQUFDLDRCQUE0QixDQUFDLEtBQWEsRUFBRSxhQUF1QjtRQUNyRSxhQUFhLEdBQUcsYUFBYSxJQUFJLEtBQUssQ0FBQztRQUV2QyxJQUFJLENBQUMsS0FBSyxFQUFFLE1BQU0sRUFBRSxDQUFDO1lBQ2pCLE1BQU0sSUFBSSwrQ0FBc0MsQ0FBQyxhQUFhLENBQUMsQ0FBQztRQUNwRSxDQUFDO1FBRUQsTUFBTSxZQUFZLEdBQUcsSUFBSSxDQUFDLGFBQWEsQ0FBQyxlQUFlLENBQUMsS0FBSyxDQUFDLENBQUM7UUFDL0QsSUFBSSxhQUFhLElBQUksWUFBWSxDQUFDLFVBQVUsS0FBSyxnQkFBTyxDQUFDLGFBQWEsRUFBRSxDQUFDO1lBQ3JFLE1BQU0sSUFBSSxxQ0FBNEIsQ0FBQyxZQUFZLENBQUMsQ0FBQztRQUN6RCxDQUFDO1FBQ0QsSUFBSSxZQUFZLENBQUMsa0JBQWtCLEtBQUssQ0FBQyxFQUFFLENBQUM7WUFDeEMsTUFBTSxJQUFJLDZCQUFvQixDQUFDLFlBQVksQ0FBQyxrQkFBa0IsQ0FBQyxDQUFDO1FBQ3BFLENBQUM7SUFDTCxDQUFDO0lBRUQsS0FBSyxDQUFDLGdCQUFnQixDQUFDLFFBQWdCO1FBQ25DLE9BQU8sSUFBSSxDQUFDLGFBQWEsQ0FBQyxnQkFBZ0IsQ0FBQyxRQUFRLENBQUMsQ0FBQztJQUN6RCxDQUFDO0NBQ0o7QUFsQ0Qsd0RBa0NDIn0=
|
|
@@ -1,7 +1,8 @@
|
|
|
1
1
|
/// <reference types="node" />
|
|
2
|
+
/// <reference types="node" />
|
|
2
3
|
import { Readable } from "stream";
|
|
3
4
|
import { KeyType, KeyPolicy } from "./consts";
|
|
4
|
-
export
|
|
5
|
+
export type TeeDeviceInfoType = {
|
|
5
6
|
cpus: Array<{
|
|
6
7
|
vendorId: string;
|
|
7
8
|
cpuFamily: number;
|
|
@@ -16,16 +17,16 @@ export declare type TeeDeviceInfoType = {
|
|
|
16
17
|
totalPhysicalCores: number;
|
|
17
18
|
totalLogicalCores: number;
|
|
18
19
|
};
|
|
19
|
-
export
|
|
20
|
+
export type TeeRunCpuBenchmarkType = {
|
|
20
21
|
cpuScore: number;
|
|
21
22
|
cpuBenchmark: string;
|
|
22
23
|
cpuCoresCount: number;
|
|
23
24
|
};
|
|
24
|
-
export
|
|
25
|
+
export type TeeRunMemoryBenchmarkType = {
|
|
25
26
|
memBandwidth: number;
|
|
26
27
|
memСonfirmedSize: number;
|
|
27
28
|
};
|
|
28
|
-
export
|
|
29
|
+
export type TeeGetKeyResult = {
|
|
29
30
|
key: Buffer;
|
|
30
31
|
request: Buffer;
|
|
31
32
|
};
|
|
@@ -208,4 +208,4 @@ class EnclaveService {
|
|
|
208
208
|
}
|
|
209
209
|
}
|
|
210
210
|
exports.EnclaveService = EnclaveService;
|
|
211
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
211
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZW5jbGF2ZS5zZXJ2aWNlLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL3NneC1uYXRpdmUtbW9kdWxlL2VuY2xhdmUuc2VydmljZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSxNQUFNLEVBQUUsV0FBVyxFQUFFLGtCQUFrQixFQUFFLEdBQUcsT0FBTyxDQUFDLHlEQUF5RCxDQUFDLENBQUM7QUFDL0csbUNBQWlEO0FBQ2pELDJCQUF1RTtBQUN2RSwyQkFBNEI7QUFDNUIsK0JBQTRCO0FBQzVCLG1DQUF1RDtBQUd2RCxvQ0FBb0M7QUFDcEMsTUFBTSxPQUFPLEdBQUcsSUFBSSxDQUFDO0FBbURyQixNQUFNLGtCQUFrQixHQUFHLENBQUMsU0FBUyxHQUFHLE9BQU8sRUFBYSxFQUFFO0lBQzFELE1BQU0sYUFBYSxHQUFHO1FBQ2xCLEdBQUcsRUFBRSxNQUFNLENBQUMsS0FBSyxDQUFDLFNBQVMsQ0FBQztRQUM1QixPQUFPLEVBQUUsQ0FBQztLQUNiLENBQUM7SUFFRixPQUFPLElBQUksa0JBQVMsQ0FBQztRQUNqQixVQUFVLEVBQUUsS0FBSztRQUVqQixLQUFLLEVBQUUsQ0FBQyxRQUFRLEVBQUUsRUFBRTtZQUNoQixRQUFRLENBQUMsSUFBSSxFQUFFLGFBQWEsQ0FBQyxHQUFHLENBQUMsUUFBUSxDQUFDLENBQUMsRUFBRSxhQUFhLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQztZQUNyRSxhQUFhLENBQUMsR0FBRyxHQUFHLE1BQU0sQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUM7WUFDcEMsYUFBYSxDQUFDLE9BQU8sR0FBRyxDQUFDLENBQUM7UUFDOUIsQ0FBQztRQUNELFNBQVMsRUFBRSxVQUFVLEtBQUssRUFBRSxRQUFRLEVBQUUsUUFBUTtZQUMxQyxJQUFJLEtBQUssQ0FBQyxNQUFNLEdBQUcsYUFBYSxDQUFDLE9BQU8sR0FBRyxTQUFTLEVBQUUsQ0FBQztnQkFDbkQsTUFBTSxNQUFNLEdBQUcsS0FBSyxDQUFDLElBQUksQ0FBQyxhQUFhLENBQUMsR0FBRyxFQUFFLGFBQWEsQ0FBQyxPQUFPLENBQUMsQ0FBQztnQkFDcEUsYUFBYSxDQUFDLE9BQU8sSUFBSSxNQUFNLENBQUM7WUFDcEMsQ0FBQztpQkFBTSxDQUFDO2dCQUNKLE1BQU0sU0FBUyxHQUFHLE1BQU0sQ0FBQyxNQUFNLENBQUMsQ0FBQyxhQUFhLENBQUMsR0FBRyxDQUFDLFFBQVEsQ0FBQyxDQUFDLEVBQUUsYUFBYSxDQUFDLE9BQU8sQ0FBQyxFQUFFLEtBQUssQ0FBQyxDQUFDLENBQUM7Z0JBQy9GLGFBQWEsQ0FBQyxPQUFPLEdBQUcsQ0FBQyxDQUFDO2dCQUMxQixJQUFJLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxDQUFDO1lBQ3pCLENBQUM7WUFDRCxRQUFRLENBQUMsSUFBSSxFQUFFLElBQUksQ0FBQyxDQUFDO1FBQ3pCLENBQUM7S0FDSixDQUFDLENBQUM7QUFDUCxDQUFDLENBQUM7QUFFRixNQUFhLGNBQWM7SUFHdkIsWUFBNkIsWUFBWSxJQUFBLFdBQU0sR0FBRTtRQUFwQixjQUFTLEdBQVQsU0FBUyxDQUFXO1FBQzdDLElBQUksQ0FBQyxHQUFHLEdBQUcsSUFBSSxXQUFXLEVBQUUsQ0FBQztJQUNqQyxDQUFDO0lBRUQ7Ozs7Ozs7T0FPRztJQUNILEtBQUssQ0FBQyxZQUFZLENBQUMsSUFBYSxFQUFFLE1BQWlCLEVBQUUsZUFBd0I7UUFDekUsSUFBSSxDQUFDLGVBQWUsRUFBRSxDQUFDO1lBQ25CLGVBQWUsR0FBRyxNQUFNLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDO1FBQ3RDLENBQUM7UUFFRCxPQUFPLElBQUksQ0FBQyxHQUFHLENBQUMsTUFBTSxDQUFDLElBQUksRUFBRSxNQUFNLEVBQVUsZUFBZSxDQUFDLENBQUM7SUFDbEUsQ0FBQztJQUVEOzs7O09BSUc7SUFDSCxLQUFLLENBQUMsaUJBQWlCLENBQUMsZUFBdUI7UUFDM0MsT0FBTyxJQUFJLENBQUMsR0FBRyxDQUFDLGlCQUFpQixDQUFDLGVBQWUsQ0FBQyxDQUFDO0lBQ3ZELENBQUM7SUFFRDs7O09BR0c7SUFDSCxLQUFLLENBQUMsZ0JBQWdCO1FBQ2xCLE9BQU8sSUFBSSxDQUFDLEdBQUcsQ0FBQyxhQUFhLEVBQUUsQ0FBQztJQUNwQyxDQUFDO0lBRUQ7Ozs7T0FJRztJQUNILEtBQUssQ0FBQyx3QkFBd0IsQ0FBQyxpQkFBeUI7UUFDcEQsT0FBTyxJQUFJLENBQUMsR0FBRyxDQUFDLGVBQWUsQ0FBQyxpQkFBaUIsQ0FBQyxDQUFDO0lBQ3ZELENBQUM7SUFFRDs7OztPQUlHO0lBQ0gsS0FBSyxDQUFDLDJCQUEyQixDQUFDLDRCQUFvQztRQUNsRSxPQUFPLElBQUksQ0FBQyxHQUFHLENBQUMsa0JBQWtCLENBQUMsNEJBQTRCLENBQUMsQ0FBQztJQUNyRSxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0gsS0FBSyxDQUFDLHlCQUF5QixDQUMzQixRQUFnQixFQUNoQixXQUFxQixFQUNyQixTQUFpQjtRQUVqQixNQUFNLFdBQVcsR0FBRyxJQUFBLFdBQUksRUFBQyxJQUFJLENBQUMsU0FBUyxFQUFFLFNBQVMsR0FBRyxJQUFBLG9CQUFXLEVBQUMsRUFBRSxDQUFDLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQyxHQUFHLE1BQU0sQ0FBQyxDQUFDO1FBRS9GLE1BQU0sY0FBYyxHQUNoQixTQUFTLENBQUMsTUFBTSxLQUFLLEVBQUU7WUFDbkIsQ0FBQyxDQUFDLElBQUEsbUJBQVUsRUFBQyxRQUFRLEVBQUUsU0FBUyxDQUFDLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxDQUFDLE1BQU0sRUFBRSxDQUFDLEtBQUssQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDO1lBQ3pFLENBQUMsQ0FBQyxTQUFTLENBQUM7UUFFcEIsSUFBSSxNQUFNLEdBQStCLElBQUksQ0FBQztRQUU5QyxJQUFJLENBQUM7WUFDRCxNQUFNLEdBQXdCLElBQUksa0JBQWtCLENBQUMsV0FBVyxFQUFFLFFBQVEsRUFBRSxjQUFjLEVBQUUsSUFBSSxDQUFDLENBQUM7WUFDbEcsSUFBSSxTQUFTLEdBQUcsQ0FBQyxDQUFDO1lBQ2xCLElBQUksV0FBVyxHQUFHLE9BQU8sQ0FBQztZQUMxQixJQUFJLE9BQU8sQ0FBQyxHQUFHLENBQUMsMkNBQTJDLENBQUMsRUFBRSxDQUFDO2dCQUMzRCxXQUFXLEdBQUcsUUFBUSxDQUFDLE9BQU8sQ0FBQyxHQUFHLENBQUMsMkNBQTJDLENBQUMsQ0FBQyxDQUFDO1lBQ3JGLENBQUM7WUFDRCxJQUFJLGVBQWUsR0FBRyxDQUFDLENBQUM7WUFDeEIsTUFBTSxhQUFhLEdBQUcsRUFBRSxDQUFDO1lBRXpCLElBQUksS0FBSyxFQUFFLE1BQU0sS0FBSyxJQUFJLFdBQVcsQ0FBQyxJQUFJLENBQUMsa0JBQWtCLENBQUMsV0FBVyxDQUFDLENBQUMsRUFBRSxDQUFDO2dCQUMxRSxJQUFJLENBQUMsS0FBSyxDQUFDLE1BQU0sRUFBRSxDQUFDO29CQUNoQixzQ0FBc0M7b0JBQ3RDLFNBQVM7Z0JBQ2IsQ0FBQztnQkFFRCxNQUFNLFdBQVcsR0FBRyxNQUFNLE1BQU0sQ0FBQyxLQUFLLENBQUMsU0FBUyxFQUFFLEtBQUssQ0FBQyxDQUFDO2dCQUV6RCxJQUFJLFdBQVcsS0FBSyxLQUFLLENBQUMsTUFBTSxFQUFFLENBQUM7b0JBQy9CLE1BQU0sSUFBSSxLQUFLLENBQ1gsaUJBQWlCLEtBQUssQ0FBQyxNQUFNLHNCQUFzQixRQUFRLElBQUksV0FBVyxrQkFBa0IsV0FBVyxRQUFRLENBQ2xILENBQUM7Z0JBQ04sQ0FBQztnQkFFRCxTQUFTLElBQUksV0FBVyxDQUFDO2dCQUV6QixJQUFJLGVBQWUsSUFBSSxlQUFlLEVBQUUsR0FBRyxhQUFhLEVBQUUsQ0FBQztvQkFDdkQsTUFBTSxNQUFNLENBQUMsS0FBSyxFQUFFLENBQUM7Z0JBQ3pCLENBQUM7WUFDTCxDQUFDO1lBRUQsTUFBTSxNQUFNLENBQUMsS0FBSyxFQUFFLENBQUM7WUFFckIsT0FBTztnQkFDSCxRQUFRLEVBQUUsV0FBVztnQkFDckIsUUFBUSxFQUFFLENBQUMsTUFBTSxhQUFVLENBQUMsSUFBSSxDQUFDLFdBQVcsQ0FBQyxDQUFDLENBQUMsSUFBSTtnQkFDbkQsV0FBVyxFQUFFLFNBQVM7YUFDekIsQ0FBQztRQUNOLENBQUM7UUFBQyxPQUFPLEtBQUssRUFBRSxDQUFDO1lBQ2IsSUFBSSxNQUFNLEVBQUUsQ0FBQztnQkFDVCxNQUFNLE1BQU0sQ0FBQyxLQUFLLEVBQUUsQ0FBQztnQkFFckIsTUFBTSxhQUFVLENBQUMsRUFBRSxDQUFDLFdBQVcsRUFBRTtvQkFDN0IsU0FBUyxFQUFFLElBQUk7b0JBQ2YsS0FBSyxFQUFFLElBQUk7aUJBQ2QsQ0FBQyxDQUFDO1lBQ1AsQ0FBQztZQUVELE1BQU0sS0FBSyxDQUFDO1FBQ2hCLENBQUM7SUFDTCxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0gsS0FBSyxDQUFDLHdCQUF3QixDQUMxQixRQUFnQixFQUNoQixXQUFxQixFQUNyQixTQUFpQjtRQUVqQixNQUFNLFdBQVcsR0FBRyxJQUFBLFdBQUksRUFBQyxJQUFJLENBQUMsU0FBUyxFQUFFLFNBQVMsR0FBRyxJQUFBLG9CQUFXLEVBQUMsRUFBRSxDQUFDLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQyxHQUFHLE1BQU0sQ0FBQyxDQUFDO1FBRS9GLE1BQU0sY0FBYyxHQUNoQixTQUFTLENBQUMsTUFBTSxLQUFLLEVBQUU7WUFDbkIsQ0FBQyxDQUFDLElBQUEsbUJBQVUsRUFBQyxRQUFRLEVBQUUsU0FBUyxDQUFDLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxDQUFDLE1BQU0sRUFBRSxDQUFDLEtBQUssQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDO1lBQ3pFLENBQUMsQ0FBQyxTQUFTLENBQUM7UUFFcEIsSUFBSSxLQUFLLEdBQStCLElBQUksQ0FBQztRQUU3QyxJQUFJLENBQUM7WUFDRCxNQUFNLGFBQWEsR0FBRyxJQUFBLHNCQUFpQixFQUFDLFdBQVcsQ0FBQyxDQUFDO1lBRXJELE1BQU0saUJBQVEsQ0FBQyxRQUFRLENBQUMsV0FBVyxFQUFFLGFBQWEsQ0FBQyxDQUFDO1lBRXBELEtBQUssR0FBd0IsSUFBSSxrQkFBa0IsQ0FBQyxXQUFXLEVBQUUsUUFBUSxFQUFFLGNBQWMsRUFBRSxLQUFLLENBQUMsQ0FBQztZQUNsRyxNQUFNLGdCQUFnQixHQUFHLEtBQUssQ0FBQyxJQUFJLEVBQUUsQ0FBQztZQUN0QyxNQUFNLGFBQWEsR0FBRyxPQUFPLEdBQUcsQ0FBQyxDQUFDO1lBQ2xDLElBQUksU0FBUyxHQUFHLEtBQUssQ0FBQztZQUN0QixJQUFJLE1BQU0sR0FBRyxDQUFDLENBQUM7WUFDZixJQUFJLGNBQWMsR0FBRyxNQUFNLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDO1lBRXJDLE1BQU0sZUFBZSxHQUFHLElBQUksaUJBQVEsQ0FBQztnQkFDakMsSUFBSSxFQUFFLEtBQUssV0FBVyxXQUFtQjtvQkFDckMsSUFBSSxTQUFTLElBQUksQ0FBQyxjQUFjLENBQUMsTUFBTSxFQUFFLENBQUM7d0JBQ3RDLElBQUksS0FBSyxFQUFFLENBQUM7NEJBQ1IsTUFBTSxLQUFLLENBQUMsS0FBSyxFQUFFLENBQUM7d0JBQ3hCLENBQUM7d0JBRUQsT0FBTyxJQUFJLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxDQUFDO29CQUMzQixDQUFDO29CQUVELElBQUksVUFBVSxHQUFHLGNBQWMsQ0FBQztvQkFDaEMsSUFBSSxnQkFBZ0IsR0FBRyxXQUFXLEdBQUcsVUFBVSxDQUFDLE1BQU0sQ0FBQztvQkFFdkQsT0FBTyxDQUFDLFNBQVMsSUFBSSxnQkFBZ0IsR0FBRyxDQUFDLEVBQUUsQ0FBQzt3QkFDeEMsTUFBTSxLQUFLLEdBQUcsTUFBTSxLQUFNLENBQUMsSUFBSSxDQUFDLE1BQU0sRUFBRSxhQUFhLENBQUMsQ0FBQzt3QkFFdkQsSUFBSSxDQUFDLEtBQUssRUFBRSxNQUFNLEVBQUUsQ0FBQzs0QkFDakIsU0FBUyxHQUFHLElBQUksQ0FBQzs0QkFDakIsTUFBTTt3QkFDVixDQUFDO3dCQUVELFVBQVUsR0FBRyxNQUFNLENBQUMsTUFBTSxDQUFDLENBQUMsVUFBVSxFQUFFLEtBQUssQ0FBQyxDQUFDLENBQUM7d0JBQ2hELE1BQU0sSUFBSSxLQUFLLENBQUMsTUFBTSxDQUFDO3dCQUN2QixnQkFBZ0IsSUFBSSxLQUFLLENBQUMsTUFBTSxDQUFDO3dCQUVqQyxJQUFJLEtBQUssQ0FBQyxNQUFNLEdBQUcsYUFBYSxFQUFFLENBQUM7NEJBQy9CLFNBQVMsR0FBRyxJQUFJLENBQUM7NEJBQ2pCLE1BQU07d0JBQ1YsQ0FBQztvQkFDTCxDQUFDO29CQUVELGNBQWMsR0FBRyxVQUFVLENBQUMsS0FBSyxDQUFDLFdBQVcsQ0FBQyxDQUFDO29CQUUvQyxJQUFJLENBQUMsSUFBSSxDQUFDLFVBQVUsQ0FBQyxLQUFLLENBQUMsQ0FBQyxFQUFFLFdBQVcsQ0FBQyxDQUFDLENBQUM7Z0JBQ2hELENBQUM7YUFDSixDQUFDLENBQUM7WUFFSCxPQUFPO2dCQUNILFFBQVEsRUFBRSxXQUFXO2dCQUNyQixVQUFVLEVBQUUsZUFBZTtnQkFDM0IsUUFBUSxFQUFFLGdCQUFnQjthQUM3QixDQUFDO1FBQ04sQ0FBQztRQUFDLE9BQU8sS0FBSyxFQUFFLENBQUM7WUFDYixNQUFNLGFBQVUsQ0FBQyxFQUFFLENBQUMsV0FBVyxFQUFFO2dCQUM3QixTQUFTLEVBQUUsSUFBSTtnQkFDZixLQUFLLEVBQUUsSUFBSTthQUNkLENBQUMsQ0FBQztZQUVILElBQUksS0FBSyxFQUFFLENBQUM7Z0JBQ1IsTUFBTSxLQUFLLENBQUMsS0FBSyxFQUFFLENBQUM7WUFDeEIsQ0FBQztZQUVELE1BQU0sS0FBSyxDQUFDO1FBQ2hCLENBQUM7SUFDTCxDQUFDO0NBQ0o7QUEzTkQsd0NBMk5DIn0=
|
|
@@ -59,4 +59,4 @@ class PkiServiceError extends Error {
|
|
|
59
59
|
}
|
|
60
60
|
}
|
|
61
61
|
exports.PkiServiceError = PkiServiceError;
|
|
62
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
62
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZXJyb3JzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL3NneC1uYXRpdmUtbW9kdWxlL2Vycm9ycy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSxxQ0FBZ0U7QUFFaEUsTUFBYSxzQ0FBdUMsU0FBUSxLQUFLO0lBQzdELFlBQVksR0FBWTtRQUNwQixLQUFLLENBQUMsR0FBRyxDQUFDLENBQUM7UUFDWCxJQUFJLENBQUMsSUFBSSxHQUFHLHNDQUFzQyxDQUFDLElBQUksQ0FBQztJQUM1RCxDQUFDO0NBQ0o7QUFMRCx3RkFLQztBQUVELE1BQWEsb0JBQXFCLFNBQVEsc0NBQXNDO0lBRTVFLFlBQTRCLFlBQW9CO1FBQzVDLEtBQUssRUFBRSxDQUFDO1FBRGdCLGlCQUFZLEdBQVosWUFBWSxDQUFRO1FBRHpDLGtCQUFhLEdBQUcsS0FBSyxDQUFDO1FBR3pCLElBQUksQ0FBQyxZQUFZLEdBQUcsWUFBWSxDQUFDO1FBQ2pDLElBQUksQ0FBQyxhQUFhLEdBQUcsS0FBSyxDQUFDO1FBRTNCLFFBQVEsWUFBWSxFQUFFLENBQUM7WUFDbkIsS0FBSyxNQUFNO2dCQUNQLElBQUksQ0FBQyxPQUFPLEdBQUc7NEZBQzZELENBQUM7Z0JBQzdFLE1BQU07WUFDVixLQUFLLE1BQU0sQ0FBQztZQUNaLEtBQUssTUFBTSxDQUFDO1lBQ1osS0FBSyxNQUFNO2dCQUNQLElBQUksQ0FBQyxPQUFPLEdBQUc7b0ZBQ3FELENBQUM7Z0JBQ3JFLE1BQU07WUFDVixLQUFLLE1BQU0sQ0FBQztZQUNaLEtBQUssTUFBTTtnQkFDUCxJQUFJLENBQUMsT0FBTyxHQUFHOzZIQUM4RixDQUFDO2dCQUM5RyxNQUFNO1lBQ1Y7Z0JBQ0ksSUFBSSxDQUFDLGFBQWEsR0FBRyxJQUFJLENBQUM7Z0JBQzFCLElBQUksQ0FBQyxPQUFPLEdBQUcscURBQXFELE1BQU0sQ0FBQyxZQUFZLENBQUMsQ0FBQyxRQUFRLENBQUMsRUFBRSxDQUFDLEVBQUUsQ0FBQztnQkFDeEcsTUFBTTtRQUNkLENBQUM7SUFDTCxDQUFDO0NBQ0o7QUE3QkQsb0RBNkJDO0FBRUQsTUFBYSw0QkFBNkIsU0FBUSxzQ0FBc0M7SUFDcEYsWUFBNEIsWUFBeUM7UUFDakUsS0FBSyxFQUFFLENBQUM7UUFEZ0IsaUJBQVksR0FBWixZQUFZLENBQTZCO1FBRWpFLElBQUksQ0FBQyxZQUFZLEdBQUcsWUFBWSxDQUFDO1FBQ2pDLElBQUksQ0FBQyxPQUFPLEdBQUcsc0NBQXNDLENBQUM7UUFDdEQsSUFBSSxZQUFZLENBQUMsVUFBVSxLQUFLLGdCQUFPLENBQUMsYUFBYSxFQUFFLENBQUM7WUFDcEQsSUFBSSxDQUFDLE9BQU8sR0FBRyw4REFBOEQsQ0FBQztRQUNsRixDQUFDO0lBQ0wsQ0FBQztDQUNKO0FBVEQsb0VBU0M7QUFFRCxNQUFhLGVBQWdCLFNBQVEsS0FBSztJQUN0QyxZQUFZLEdBQVk7UUFDcEIsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDO1FBQ1gsSUFBSSxDQUFDLElBQUksR0FBRyxlQUFlLENBQUMsSUFBSSxDQUFDO0lBQ3JDLENBQUM7Q0FDSjtBQUxELDBDQUtDIn0=
|
|
@@ -19,4 +19,6 @@ __exportStar(require("./errors"), exports);
|
|
|
19
19
|
__exportStar(require("./enclave.service"), exports);
|
|
20
20
|
__exportStar(require("./dcap-quote-verify.service"), exports);
|
|
21
21
|
__exportStar(require("./pki.service"), exports);
|
|
22
|
-
|
|
22
|
+
__exportStar(require("./sev-snp"), exports);
|
|
23
|
+
__exportStar(require("./sev-snp-mrenclave"), exports);
|
|
24
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvc2d4LW5hdGl2ZS1tb2R1bGUvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7OztBQUFBLDJDQUF5QjtBQUN6QiwyQ0FBeUI7QUFDekIsb0RBQWtDO0FBQ2xDLDhEQUE0QztBQUM1QyxnREFBOEI7QUFDOUIsNENBQTBCO0FBQzFCLHNEQUFvQyJ9
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
/// <reference types="node" />
|
|
2
|
-
export
|
|
2
|
+
export type TlsCertResult = {
|
|
3
3
|
key: Buffer;
|
|
4
4
|
cert: Buffer;
|
|
5
5
|
};
|
|
@@ -24,7 +24,7 @@ export declare enum ECPCurve {
|
|
|
24
24
|
SECP224K1 = "SECP224K1" /*!< Domain parameters for 224-bit "Koblitz" curve. */,
|
|
25
25
|
SECP256K1 = "SECP256K1" /*!< Domain parameters for 256-bit "Koblitz" curve. */
|
|
26
26
|
}
|
|
27
|
-
export
|
|
27
|
+
export type TLSCertParams = {
|
|
28
28
|
format?: CertificateFormat;
|
|
29
29
|
subject?: {
|
|
30
30
|
commonName?: string;
|
|
@@ -6,12 +6,12 @@ var CertificateKeyType;
|
|
|
6
6
|
(function (CertificateKeyType) {
|
|
7
7
|
CertificateKeyType["RSA"] = "RSA";
|
|
8
8
|
CertificateKeyType["ECP"] = "ECP";
|
|
9
|
-
})(CertificateKeyType
|
|
9
|
+
})(CertificateKeyType || (exports.CertificateKeyType = CertificateKeyType = {}));
|
|
10
10
|
var CertificateFormat;
|
|
11
11
|
(function (CertificateFormat) {
|
|
12
12
|
CertificateFormat["PEM"] = "PEM";
|
|
13
13
|
CertificateFormat["DER"] = "DER";
|
|
14
|
-
})(CertificateFormat
|
|
14
|
+
})(CertificateFormat || (exports.CertificateFormat = CertificateFormat = {}));
|
|
15
15
|
var ECPCurve;
|
|
16
16
|
(function (ECPCurve) {
|
|
17
17
|
ECPCurve["SECP192R1"] = "SECP192R1"; /*!< Domain parameters for the 192-bit curve defined by FIPS 186-4 and SEC1. */
|
|
@@ -27,7 +27,7 @@ var ECPCurve;
|
|
|
27
27
|
ECPCurve["SECP224K1"] = "SECP224K1"; /*!< Domain parameters for 224-bit "Koblitz" curve. */
|
|
28
28
|
ECPCurve["SECP256K1"] = "SECP256K1"; /*!< Domain parameters for 256-bit "Koblitz" curve. */
|
|
29
29
|
// @TODO: MBEDTLS NOT SUPPORT EXRPORT CURVE448 = "CURVE448", /*!< Domain parameters for Curve448. */
|
|
30
|
-
})(ECPCurve
|
|
30
|
+
})(ECPCurve || (exports.ECPCurve = ECPCurve = {}));
|
|
31
31
|
class PkiService {
|
|
32
32
|
constructor() {
|
|
33
33
|
this.cryptoPrimitives = new CryptoPrimitives();
|
|
@@ -86,4 +86,4 @@ class PkiService {
|
|
|
86
86
|
}
|
|
87
87
|
}
|
|
88
88
|
exports.PkiService = PkiService;
|
|
89
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
89
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicGtpLnNlcnZpY2UuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvc2d4LW5hdGl2ZS1tb2R1bGUvcGtpLnNlcnZpY2UudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEsTUFBTSxFQUFFLGdCQUFnQixFQUFFLEdBQUcsT0FBTyxDQUFDLHlEQUF5RCxDQUFDLENBQUM7QUFPaEcsSUFBWSxrQkFHWDtBQUhELFdBQVksa0JBQWtCO0lBQzFCLGlDQUFXLENBQUE7SUFDWCxpQ0FBVyxDQUFBO0FBQ2YsQ0FBQyxFQUhXLGtCQUFrQixrQ0FBbEIsa0JBQWtCLFFBRzdCO0FBRUQsSUFBWSxpQkFHWDtBQUhELFdBQVksaUJBQWlCO0lBQ3pCLGdDQUFXLENBQUE7SUFDWCxnQ0FBVyxDQUFBO0FBQ2YsQ0FBQyxFQUhXLGlCQUFpQixpQ0FBakIsaUJBQWlCLFFBRzVCO0FBRUQsSUFBWSxRQWNYO0FBZEQsV0FBWSxRQUFRO0lBQ2hCLG1DQUF1QixDQUFBLENBQUMsK0VBQStFO0lBQ3ZHLG1DQUF1QixDQUFBLENBQUMsK0VBQStFO0lBQ3ZHLG1DQUF1QixDQUFBLENBQUMsK0VBQStFO0lBQ3ZHLG1DQUF1QixDQUFBLENBQUMsK0VBQStFO0lBQ3ZHLG1DQUF1QixDQUFBLENBQUMsK0VBQStFO0lBQ3ZHLCtCQUFtQixDQUFBLENBQUMsc0RBQXNEO0lBQzFFLCtCQUFtQixDQUFBLENBQUMsc0RBQXNEO0lBQzFFLCtCQUFtQixDQUFBLENBQUMsc0RBQXNEO0lBQzFFLDBHQUEwRztJQUMxRyxtQ0FBdUIsQ0FBQSxDQUFDLHNEQUFzRDtJQUM5RSxtQ0FBdUIsQ0FBQSxDQUFDLHNEQUFzRDtJQUM5RSxtQ0FBdUIsQ0FBQSxDQUFDLHNEQUFzRDtJQUM5RSwyR0FBMkc7QUFDL0csQ0FBQyxFQWRXLFFBQVEsd0JBQVIsUUFBUSxRQWNuQjtBQTRCRCxNQUFhLFVBQVU7SUFHbkI7UUFDSSxJQUFJLENBQUMsZ0JBQWdCLEdBQUcsSUFBSSxnQkFBZ0IsRUFBRSxDQUFDO0lBQ25ELENBQUM7SUFFRCxLQUFLLENBQUMsYUFBYSxDQUFDLEtBQWEsRUFBRSxNQUFNLEdBQUcsaUJBQWlCLENBQUMsR0FBRztRQUM3RCxJQUFJLE1BQU0sS0FBSyxpQkFBaUIsQ0FBQyxHQUFHLEVBQUUsQ0FBQztZQUNuQyxJQUFJLENBQUMsZ0JBQWdCLENBQUMsc0JBQXNCLENBQUMsS0FBSyxDQUFDLENBQUM7UUFDeEQsQ0FBQzthQUFNLENBQUM7WUFDSixJQUFJLENBQUMsZ0JBQWdCLENBQUMsc0JBQXNCLENBQUMsS0FBSyxFQUFFLE1BQU0sQ0FBQyxRQUFRLEVBQUUsQ0FBQyxDQUFDO1FBQzNFLENBQUM7UUFFRCxPQUFPLElBQUksQ0FBQztJQUNoQixDQUFDO0lBRUQsS0FBSyxDQUFDLGdCQUFnQixDQUFDLEtBQWEsRUFBRSxZQUFvQixFQUFFLE1BQU0sR0FBRyxpQkFBaUIsQ0FBQyxHQUFHO1FBQ3RGLElBQUksTUFBTSxLQUFLLGlCQUFpQixDQUFDLEdBQUcsRUFBRSxDQUFDO1lBQ25DLE9BQU8sSUFBSSxDQUFDLGdCQUFnQixDQUFDLGlCQUFpQixDQUFDLFlBQVksRUFBRSxLQUFLLENBQUMsQ0FBQztRQUN4RSxDQUFDO1FBRUQsT0FBTyxJQUFJLENBQUMsZ0JBQWdCLENBQUMsaUJBQWlCLENBQUMsWUFBWSxFQUFFLEtBQUssRUFBRSxNQUFNLENBQUMsUUFBUSxFQUFFLENBQUMsQ0FBQztJQUMzRixDQUFDO0lBRUQsS0FBSyxDQUFDLHNCQUFzQixDQUFDLFNBQXdCLEVBQUU7UUFDbkQsTUFBTSxPQUFPLEdBQUc7WUFDWixVQUFVLEVBQUUsTUFBTSxDQUFDLE9BQU8sRUFBRSxVQUFVLElBQUksV0FBVztZQUNyRCxXQUFXLEVBQUUsTUFBTSxDQUFDLE9BQU8sRUFBRSxXQUFXLElBQUksSUFBSTtZQUNoRCxLQUFLLEVBQUUsTUFBTSxDQUFDLE9BQU8sRUFBRSxLQUFLLElBQUksVUFBVTtZQUMxQyxZQUFZLEVBQUUsTUFBTSxDQUFDLE9BQU8sRUFBRSxZQUFZLElBQUksVUFBVTtZQUN4RCxnQkFBZ0IsRUFBRSxNQUFNLENBQUMsT0FBTyxFQUFFLGdCQUFnQixJQUFJLGVBQWU7WUFDckUsZ0JBQWdCLEVBQUUsTUFBTSxDQUFDLE9BQU8sRUFBRSxnQkFBZ0IsSUFBSSxLQUFLO1NBQzlELENBQUM7UUFFRixNQUFNLE1BQU0sR0FBRyxNQUFNLENBQUMsTUFBTSxJQUFJLGlCQUFpQixDQUFDLEdBQUcsQ0FBQztRQUN0RCxNQUFNLE9BQU8sR0FBRyxNQUFNLENBQUMsT0FBTyxJQUFJLGtCQUFrQixDQUFDLEdBQUcsQ0FBQztRQUV6RCxJQUFJLFVBQThCLENBQUM7UUFDbkMsSUFBSSxRQUE4QixDQUFDO1FBRW5DLElBQUksT0FBTyxLQUFLLGtCQUFrQixDQUFDLEdBQUcsRUFBRSxDQUFDO1lBQ3JDLFVBQVUsR0FBRyxNQUFNLENBQUMsVUFBVSxJQUFJLElBQUksQ0FBQztRQUMzQyxDQUFDO2FBQU0sSUFBSSxPQUFPLEtBQUssa0JBQWtCLENBQUMsR0FBRyxFQUFFLENBQUM7WUFDNUMsUUFBUSxHQUFHLE1BQU0sQ0FBQyxRQUFRLElBQUksUUFBUSxDQUFDLFNBQVMsQ0FBQztRQUNyRCxDQUFDO1FBRUQsTUFBTSxTQUFTLEdBQUcsTUFBTSxDQUFDLFNBQVMsSUFBSSxLQUFLLENBQUM7UUFDNUMsTUFBTSxZQUFZLEdBQUcsTUFBTSxDQUFDLFlBQVksSUFBSSxJQUFJLENBQUM7UUFDakQsTUFBTSxJQUFJLEdBQUcsTUFBTSxDQUFDLElBQUksSUFBSSxHQUFHLENBQUM7UUFDaEMsTUFBTSxRQUFRLEdBQUcsTUFBTSxDQUFDLFFBQVEsSUFBSSxFQUFFLENBQUM7UUFDdkMsTUFBTSxHQUFHLEdBQUcsTUFBTSxDQUFDLEdBQUcsSUFBSSxFQUFFLENBQUM7UUFFN0IsT0FBTyxJQUFJLENBQUMsZ0JBQWdCLENBQUMsc0JBQXNCLENBQUM7WUFDaEQsTUFBTTtZQUNOLE9BQU87WUFDUCxPQUFPO1lBQ1AsU0FBUztZQUNULFVBQVU7WUFDVixRQUFRO1lBQ1IsWUFBWTtZQUNaLElBQUk7WUFDSixRQUFRO1lBQ1IsR0FBRztTQUNOLENBQUMsQ0FBQztJQUNQLENBQUM7Q0FDSjtBQWxFRCxnQ0FrRUMifQ==
|
|
@@ -0,0 +1,63 @@
|
|
|
1
|
+
/// <reference types="node" />
|
|
2
|
+
/// <reference types="node" />
|
|
3
|
+
import { SNPReport } from "./sev-snp";
|
|
4
|
+
import { StorageType, StorageAccessCredentials } from "@super-protocol/dto-js";
|
|
5
|
+
import { Transform } from "stream";
|
|
6
|
+
interface VMCommon {
|
|
7
|
+
kernelHash: Buffer;
|
|
8
|
+
initrdHash: Buffer | undefined;
|
|
9
|
+
}
|
|
10
|
+
interface VMConfig extends VMCommon {
|
|
11
|
+
ovmfHash: Buffer;
|
|
12
|
+
ovmfBucket: string;
|
|
13
|
+
ovmfPrefix: string;
|
|
14
|
+
ovmfFilename: string;
|
|
15
|
+
}
|
|
16
|
+
interface VMMeasure extends VMCommon {
|
|
17
|
+
ovmfFilePath: string;
|
|
18
|
+
}
|
|
19
|
+
export type StorageAccessCredentialsInput = Omit<StorageAccessCredentials, "bucket" | "prefix">;
|
|
20
|
+
export interface SNPMrEnclaveCalculatorArgs {
|
|
21
|
+
cacheFolder?: string;
|
|
22
|
+
rmPrevCache?: boolean;
|
|
23
|
+
vmRepoOwner?: string;
|
|
24
|
+
vmRepo?: string;
|
|
25
|
+
releaseAsset?: string;
|
|
26
|
+
downloadAssetRetryInterval?: number;
|
|
27
|
+
downloadAssetRetryMax?: number;
|
|
28
|
+
storageCredentials?: StorageAccessCredentialsInput;
|
|
29
|
+
storageType?: StorageType;
|
|
30
|
+
cacheRecordsTTL?: number;
|
|
31
|
+
}
|
|
32
|
+
export declare class SNPMrEnclaveCalculator {
|
|
33
|
+
private readonly cacheFolder;
|
|
34
|
+
private readonly vmRepoOwner;
|
|
35
|
+
private readonly vmRepo;
|
|
36
|
+
private readonly releaseAsset;
|
|
37
|
+
private readonly axiosInstance;
|
|
38
|
+
private readonly retryInterval;
|
|
39
|
+
private readonly retryMax;
|
|
40
|
+
private readonly storageCredentials;
|
|
41
|
+
private readonly storageType;
|
|
42
|
+
private readonly vmInfoCache;
|
|
43
|
+
private readonly defaultCredentials;
|
|
44
|
+
constructor(config: SNPMrEnclaveCalculatorArgs);
|
|
45
|
+
private clearFileCache;
|
|
46
|
+
/**
|
|
47
|
+
* The method allows to obtain expected mrenclave if the virtual machine for which the report is
|
|
48
|
+
* submitted was running on one core and a Milan processor
|
|
49
|
+
* @param report - @see CalcSnpMrEnclaveParams
|
|
50
|
+
*/
|
|
51
|
+
getSingleCoreMrEnclave(report: SNPReport): Promise<Buffer>;
|
|
52
|
+
protected downloadAsset(assetUrl: string): Promise<Buffer>;
|
|
53
|
+
protected extractVMData(data: Buffer): VMConfig;
|
|
54
|
+
protected static calcHashStream(alg?: string): {
|
|
55
|
+
process: Transform;
|
|
56
|
+
get: () => Buffer;
|
|
57
|
+
};
|
|
58
|
+
protected static fileExist(filePath: string): Promise<boolean>;
|
|
59
|
+
protected getAssetUrl(build: string): Promise<string>;
|
|
60
|
+
protected downloadVM(build: string): Promise<VMMeasure>;
|
|
61
|
+
protected downloadOvmf(vmFiles: VMConfig, ovmfPath: string): Promise<void>;
|
|
62
|
+
}
|
|
63
|
+
export {};
|
|
@@ -0,0 +1,290 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || function (mod) {
|
|
19
|
+
if (mod && mod.__esModule) return mod;
|
|
20
|
+
var result = {};
|
|
21
|
+
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
|
|
22
|
+
__setModuleDefault(result, mod);
|
|
23
|
+
return result;
|
|
24
|
+
};
|
|
25
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
26
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
27
|
+
};
|
|
28
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
29
|
+
exports.SNPMrEnclaveCalculator = void 0;
|
|
30
|
+
const fs = __importStar(require("fs"));
|
|
31
|
+
const fsAsync = __importStar(require("fs/promises"));
|
|
32
|
+
const path = __importStar(require("path"));
|
|
33
|
+
const os = __importStar(require("os"));
|
|
34
|
+
const sev_snp_1 = require("./sev-snp");
|
|
35
|
+
const axios_1 = __importDefault(require("axios"));
|
|
36
|
+
const sdk_js_1 = require("@super-protocol/sdk-js");
|
|
37
|
+
const dto_js_1 = require("@super-protocol/dto-js");
|
|
38
|
+
const crypto_1 = require("crypto");
|
|
39
|
+
const stream_1 = require("stream");
|
|
40
|
+
class VMConfigCache {
|
|
41
|
+
constructor(ttl = 5 * 60 * 1000) {
|
|
42
|
+
this.cache = {};
|
|
43
|
+
this.ttl = ttl;
|
|
44
|
+
}
|
|
45
|
+
set(key, value) {
|
|
46
|
+
const timestamp = Date.now();
|
|
47
|
+
this.cache[key] = {
|
|
48
|
+
value,
|
|
49
|
+
timestamp,
|
|
50
|
+
};
|
|
51
|
+
}
|
|
52
|
+
get(key, force = false) {
|
|
53
|
+
const record = this.cache[key];
|
|
54
|
+
if (record) {
|
|
55
|
+
if (force === false) {
|
|
56
|
+
const now = Date.now();
|
|
57
|
+
if (now - record.timestamp > this.ttl) {
|
|
58
|
+
return null;
|
|
59
|
+
}
|
|
60
|
+
}
|
|
61
|
+
return record.value;
|
|
62
|
+
}
|
|
63
|
+
return null;
|
|
64
|
+
}
|
|
65
|
+
clear() {
|
|
66
|
+
this.cache = {};
|
|
67
|
+
}
|
|
68
|
+
}
|
|
69
|
+
class SNPMrEnclaveCalculator {
|
|
70
|
+
constructor(config) {
|
|
71
|
+
this.axiosInstance = axios_1.default.create();
|
|
72
|
+
this.defaultCredentials = {
|
|
73
|
+
token: "1UXqNMwov41q9TgHmyopNg5q2giQ8aTdh1gjKWKjfbWPFrcrnhenp6QZfd5ukyVnYXDx9Cok6RtnQMMnXmoZPrSUMNGZGF9KuLCzvRNmQYHowX14C2xAxtJeH6VCuNX39ist4bRE9L5VT3k41frDVh3cG1gZvsqh4EaDeaJyV6U4xVaqXqULnSb9PozqU97VVLWhfwdnj6XgUM59Wzq7yo7vn8RxwSyn8H74TEiLNGUPPA3frsYZuoqWQkNzbiYev5ByWeLro1TXo7DogD4WALCKfEmpwHs9j9rsX5WZvvZ13ourTiuZp5vTTZkByB2ibxUJqkSoZSpCNVtmDToNVKkMREVySe",
|
|
74
|
+
};
|
|
75
|
+
this.cacheFolder = config.cacheFolder || fs.mkdtempSync(path.join(os.tmpdir(), "snp-mrenclave-cache-"));
|
|
76
|
+
const rmPrevCache = config.rmPrevCache ?? false;
|
|
77
|
+
this.vmRepoOwner = config.vmRepoOwner || "Super-Protocol";
|
|
78
|
+
this.vmRepo = config.vmRepo || "sp-vm";
|
|
79
|
+
this.releaseAsset = config.releaseAsset || "vm.json";
|
|
80
|
+
this.retryInterval = config.downloadAssetRetryInterval ?? 1000;
|
|
81
|
+
this.retryMax = config.downloadAssetRetryMax ?? 3;
|
|
82
|
+
if ((config.storageCredentials && !config.storageType) || (!config.storageCredentials && config.storageType)) {
|
|
83
|
+
throw new Error("Both the StorageCredentials and StorageType parameters must either be passed or not passed");
|
|
84
|
+
}
|
|
85
|
+
this.storageCredentials = config.storageCredentials ?? this.defaultCredentials;
|
|
86
|
+
this.storageType = config.storageType ?? dto_js_1.StorageType.StorJ;
|
|
87
|
+
const cacheRecordsTTL = config.cacheRecordsTTL ?? 5 * 60 * 1000;
|
|
88
|
+
if (rmPrevCache && fs.existsSync(this.cacheFolder)) {
|
|
89
|
+
this.clearFileCache();
|
|
90
|
+
}
|
|
91
|
+
if (!fs.existsSync(this.cacheFolder)) {
|
|
92
|
+
fs.mkdirSync(this.cacheFolder, { recursive: true });
|
|
93
|
+
}
|
|
94
|
+
this.vmInfoCache = new VMConfigCache(cacheRecordsTTL);
|
|
95
|
+
}
|
|
96
|
+
clearFileCache() {
|
|
97
|
+
fs.rmSync(this.cacheFolder, {
|
|
98
|
+
recursive: true,
|
|
99
|
+
force: true,
|
|
100
|
+
});
|
|
101
|
+
}
|
|
102
|
+
/**
|
|
103
|
+
* The method allows to obtain expected mrenclave if the virtual machine for which the report is
|
|
104
|
+
* submitted was running on one core and a Milan processor
|
|
105
|
+
* @param report - @see CalcSnpMrEnclaveParams
|
|
106
|
+
*/
|
|
107
|
+
async getSingleCoreMrEnclave(report) {
|
|
108
|
+
const mrEnclave = await sev_snp_1.SevSNP.getMrEnclave(report.report);
|
|
109
|
+
const vmMeasure = await this.downloadVM(report.build);
|
|
110
|
+
const expectedMrEnclave = await sev_snp_1.SevSNP.calcSnpMrEnclave({
|
|
111
|
+
ovmfPath: vmMeasure.ovmfFilePath,
|
|
112
|
+
kernelHash: vmMeasure.kernelHash,
|
|
113
|
+
initrdHash: vmMeasure.initrdHash,
|
|
114
|
+
cmdLineHash: report.cmdLineHash,
|
|
115
|
+
vcpuSig: report.cpuSig,
|
|
116
|
+
vcpuCount: report.cores,
|
|
117
|
+
});
|
|
118
|
+
if (!mrEnclave.equals(expectedMrEnclave))
|
|
119
|
+
throw new Error("Expected mrEnclave does not match the calculated one");
|
|
120
|
+
const singleCoreMrEnclave = await sev_snp_1.SevSNP.calcSnpMrEnclave({
|
|
121
|
+
ovmfPath: vmMeasure.ovmfFilePath,
|
|
122
|
+
kernelHash: vmMeasure.kernelHash,
|
|
123
|
+
initrdHash: vmMeasure.initrdHash,
|
|
124
|
+
cmdLineHash: report.cmdLineHash,
|
|
125
|
+
vcpuSig: sev_snp_1.SevSNP.getCpuSig(sev_snp_1.AMD_EPYC_MILAN_CPUINFO),
|
|
126
|
+
vcpuCount: 1,
|
|
127
|
+
});
|
|
128
|
+
return singleCoreMrEnclave;
|
|
129
|
+
}
|
|
130
|
+
async downloadAsset(assetUrl) {
|
|
131
|
+
const { retryInterval, retryMax } = this;
|
|
132
|
+
const response = await sdk_js_1.helpers.tryWithInterval({
|
|
133
|
+
checkResult(response) {
|
|
134
|
+
return { isResultOk: response.status === 200 };
|
|
135
|
+
},
|
|
136
|
+
handler: async () => {
|
|
137
|
+
return this.axiosInstance.get(assetUrl, {
|
|
138
|
+
responseType: "arraybuffer",
|
|
139
|
+
});
|
|
140
|
+
},
|
|
141
|
+
checkError(err) {
|
|
142
|
+
if (axios_1.default.isAxiosError(err) && err.response) {
|
|
143
|
+
const status = err.response.status;
|
|
144
|
+
return { retryable: status < 400 || status >= 500 || status === 429 };
|
|
145
|
+
}
|
|
146
|
+
return { retryable: axios_1.default.isAxiosError(err) };
|
|
147
|
+
},
|
|
148
|
+
retryInterval,
|
|
149
|
+
retryMax,
|
|
150
|
+
});
|
|
151
|
+
return response.data;
|
|
152
|
+
}
|
|
153
|
+
extractVMData(data) {
|
|
154
|
+
const vm = JSON.parse(data.toString("utf-8"));
|
|
155
|
+
const kernelHash = vm.kernel?.sha256;
|
|
156
|
+
if (!kernelHash) {
|
|
157
|
+
throw new Error("kernel hash is missing");
|
|
158
|
+
}
|
|
159
|
+
const initrdHash = vm.initrd?.sha256;
|
|
160
|
+
const OVMF = vm.bios_amd || vm.bios;
|
|
161
|
+
if (!OVMF) {
|
|
162
|
+
throw new Error("Neither bios_amd nor bios is available");
|
|
163
|
+
}
|
|
164
|
+
const { sha256, bucket, prefix, filename } = OVMF;
|
|
165
|
+
if (!sha256 || !bucket || !prefix || !filename) {
|
|
166
|
+
throw new Error("Missing one or more required fields in OVMF");
|
|
167
|
+
}
|
|
168
|
+
return {
|
|
169
|
+
kernelHash: Buffer.from(kernelHash, "hex"),
|
|
170
|
+
initrdHash: initrdHash ? Buffer.from(initrdHash, "hex") : undefined,
|
|
171
|
+
ovmfHash: Buffer.from(sha256, "hex"),
|
|
172
|
+
ovmfBucket: bucket,
|
|
173
|
+
ovmfPrefix: prefix,
|
|
174
|
+
ovmfFilename: filename,
|
|
175
|
+
};
|
|
176
|
+
}
|
|
177
|
+
static calcHashStream(alg = "sha256") {
|
|
178
|
+
const hash = (0, crypto_1.createHash)(alg);
|
|
179
|
+
return {
|
|
180
|
+
process: new stream_1.Transform({
|
|
181
|
+
transform: (data, encoding, done) => {
|
|
182
|
+
hash.update(data);
|
|
183
|
+
done(null, data);
|
|
184
|
+
},
|
|
185
|
+
}),
|
|
186
|
+
get: () => hash.digest(),
|
|
187
|
+
};
|
|
188
|
+
}
|
|
189
|
+
static async fileExist(filePath) {
|
|
190
|
+
try {
|
|
191
|
+
await fsAsync.access(filePath);
|
|
192
|
+
return true;
|
|
193
|
+
}
|
|
194
|
+
catch (err) {
|
|
195
|
+
return false;
|
|
196
|
+
}
|
|
197
|
+
}
|
|
198
|
+
async getAssetUrl(build) {
|
|
199
|
+
const { retryInterval, retryMax } = this;
|
|
200
|
+
const response = await sdk_js_1.helpers.tryWithInterval({
|
|
201
|
+
checkResult(response) {
|
|
202
|
+
return { isResultOk: response.status === 200 };
|
|
203
|
+
},
|
|
204
|
+
handler: async () => {
|
|
205
|
+
return this.axiosInstance.get(`https://api.github.com/repos/${this.vmRepoOwner}/${this.vmRepo}/releases/tags/${build}`);
|
|
206
|
+
},
|
|
207
|
+
checkError(err) {
|
|
208
|
+
if (axios_1.default.isAxiosError(err) && err.response) {
|
|
209
|
+
const status = err.response.status;
|
|
210
|
+
return { retryable: status < 400 || status >= 500 || status === 429 };
|
|
211
|
+
}
|
|
212
|
+
return { retryable: axios_1.default.isAxiosError(err) };
|
|
213
|
+
},
|
|
214
|
+
retryInterval,
|
|
215
|
+
retryMax,
|
|
216
|
+
});
|
|
217
|
+
const { data } = response;
|
|
218
|
+
const asset = data.assets.find((asset) => asset.name === this.releaseAsset);
|
|
219
|
+
return asset.browser_download_url;
|
|
220
|
+
}
|
|
221
|
+
async downloadVM(build) {
|
|
222
|
+
let fromCache = false;
|
|
223
|
+
let vmFiles;
|
|
224
|
+
const vmInfo = this.vmInfoCache.get(build);
|
|
225
|
+
if (vmInfo) {
|
|
226
|
+
fromCache = true;
|
|
227
|
+
vmFiles = vmInfo;
|
|
228
|
+
}
|
|
229
|
+
else {
|
|
230
|
+
try {
|
|
231
|
+
const assetUrl = await this.getAssetUrl(build);
|
|
232
|
+
const vm = await this.downloadAsset(assetUrl);
|
|
233
|
+
vmFiles = this.extractVMData(vm);
|
|
234
|
+
}
|
|
235
|
+
catch (error) {
|
|
236
|
+
const vmInfo = this.vmInfoCache.get(build, true);
|
|
237
|
+
if (vmInfo) {
|
|
238
|
+
fromCache = true;
|
|
239
|
+
vmFiles = vmInfo;
|
|
240
|
+
}
|
|
241
|
+
else {
|
|
242
|
+
throw error;
|
|
243
|
+
}
|
|
244
|
+
}
|
|
245
|
+
}
|
|
246
|
+
const ovmfPath = path.join(this.cacheFolder, `${vmFiles.ovmfHash.toString("hex")}_OVMF.fd`);
|
|
247
|
+
let fileExistAndCorrect = false;
|
|
248
|
+
if (await SNPMrEnclaveCalculator.fileExist(ovmfPath)) {
|
|
249
|
+
const fileStream = fs.createReadStream(ovmfPath);
|
|
250
|
+
const hash = await sdk_js_1.Crypto.createHash(fileStream, {
|
|
251
|
+
algo: dto_js_1.HashAlgorithm.SHA256,
|
|
252
|
+
encoding: dto_js_1.Encoding.hex,
|
|
253
|
+
});
|
|
254
|
+
if (vmFiles.ovmfHash.toString("hex") === hash.hash) {
|
|
255
|
+
fileExistAndCorrect = true;
|
|
256
|
+
}
|
|
257
|
+
}
|
|
258
|
+
if (fileExistAndCorrect !== true) {
|
|
259
|
+
await this.downloadOvmf(vmFiles, ovmfPath);
|
|
260
|
+
}
|
|
261
|
+
if (fromCache !== true) {
|
|
262
|
+
this.vmInfoCache.set(build, vmFiles);
|
|
263
|
+
}
|
|
264
|
+
return {
|
|
265
|
+
initrdHash: vmFiles.initrdHash,
|
|
266
|
+
kernelHash: vmFiles.kernelHash,
|
|
267
|
+
ovmfFilePath: ovmfPath,
|
|
268
|
+
};
|
|
269
|
+
}
|
|
270
|
+
async downloadOvmf(vmFiles, ovmfPath) {
|
|
271
|
+
const credentials = {
|
|
272
|
+
...this.storageCredentials,
|
|
273
|
+
bucket: vmFiles.ovmfBucket,
|
|
274
|
+
prefix: vmFiles.ovmfPrefix.endsWith("/") ? vmFiles.ovmfPrefix : `${vmFiles.ovmfPrefix}/`,
|
|
275
|
+
};
|
|
276
|
+
const access = {
|
|
277
|
+
storageType: this.storageType,
|
|
278
|
+
credentials,
|
|
279
|
+
};
|
|
280
|
+
const storageProvider = (0, sdk_js_1.getStorageProvider)(access);
|
|
281
|
+
const downloaderStream = await storageProvider.downloadFile(vmFiles.ovmfFilename, {});
|
|
282
|
+
const { process: hashStream, get: getStreamHash } = SNPMrEnclaveCalculator.calcHashStream("sha256");
|
|
283
|
+
await stream_1.promises.pipeline(downloaderStream, hashStream, fs.createWriteStream(ovmfPath));
|
|
284
|
+
if (!vmFiles.ovmfHash.equals(getStreamHash())) {
|
|
285
|
+
throw new Error("The downloaded OVMF-file does not match the expected checksum");
|
|
286
|
+
}
|
|
287
|
+
}
|
|
288
|
+
}
|
|
289
|
+
exports.SNPMrEnclaveCalculator = SNPMrEnclaveCalculator;
|
|
290
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2V2LXNucC1tcmVuY2xhdmUuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvc2d4LW5hdGl2ZS1tb2R1bGUvc2V2LXNucC1tcmVuY2xhdmUudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7QUFBQSx1Q0FBeUI7QUFDekIscURBQXVDO0FBQ3ZDLDJDQUE2QjtBQUM3Qix1Q0FBeUI7QUFDekIsdUNBQXNFO0FBQ3RFLGtEQUE2QztBQUM3QyxtREFBMEc7QUFDMUcsbURBTWdDO0FBQ2hDLG1DQUFvQztBQUNwQyxtQ0FBNkM7QUFrQzdDLE1BQU0sYUFBYTtJQUlmLFlBQVksTUFBYyxDQUFDLEdBQUcsRUFBRSxHQUFHLElBQUk7UUFIL0IsVUFBSyxHQUE4RCxFQUFFLENBQUM7UUFJMUUsSUFBSSxDQUFDLEdBQUcsR0FBRyxHQUFHLENBQUM7SUFDbkIsQ0FBQztJQUVELEdBQUcsQ0FBQyxHQUFXLEVBQUUsS0FBZTtRQUM1QixNQUFNLFNBQVMsR0FBRyxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUM7UUFDN0IsSUFBSSxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsR0FBRztZQUNkLEtBQUs7WUFDTCxTQUFTO1NBQ1osQ0FBQztJQUNOLENBQUM7SUFFRCxHQUFHLENBQUMsR0FBVyxFQUFFLFFBQWlCLEtBQUs7UUFDbkMsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQztRQUUvQixJQUFJLE1BQU0sRUFBRSxDQUFDO1lBQ1QsSUFBSSxLQUFLLEtBQUssS0FBSyxFQUFFLENBQUM7Z0JBQ2xCLE1BQU0sR0FBRyxHQUFHLElBQUksQ0FBQyxHQUFHLEVBQUUsQ0FBQztnQkFDdkIsSUFBSSxHQUFHLEdBQUcsTUFBTSxDQUFDLFNBQVMsR0FBRyxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUM7b0JBQ3BDLE9BQU8sSUFBSSxDQUFDO2dCQUNoQixDQUFDO1lBQ0wsQ0FBQztZQUVELE9BQU8sTUFBTSxDQUFDLEtBQUssQ0FBQztRQUN4QixDQUFDO1FBRUQsT0FBTyxJQUFJLENBQUM7SUFDaEIsQ0FBQztJQUVELEtBQUs7UUFDRCxJQUFJLENBQUMsS0FBSyxHQUFHLEVBQUUsQ0FBQztJQUNwQixDQUFDO0NBQ0o7QUFpQkQsTUFBYSxzQkFBc0I7SUFlL0IsWUFBWSxNQUFrQztRQVY3QixrQkFBYSxHQUFHLGVBQUssQ0FBQyxNQUFNLEVBQUUsQ0FBQztRQU0vQix1QkFBa0IsR0FBZ0Q7WUFDL0UsS0FBSyxFQUFFLGdXQUFnVztTQUMxVyxDQUFDO1FBR0UsSUFBSSxDQUFDLFdBQVcsR0FBRyxNQUFNLENBQUMsV0FBVyxJQUFJLEVBQUUsQ0FBQyxXQUFXLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsTUFBTSxFQUFFLEVBQUUsc0JBQXNCLENBQUMsQ0FBQyxDQUFDO1FBQ3hHLE1BQU0sV0FBVyxHQUFHLE1BQU0sQ0FBQyxXQUFXLElBQUksS0FBSyxDQUFDO1FBQ2hELElBQUksQ0FBQyxXQUFXLEdBQUcsTUFBTSxDQUFDLFdBQVcsSUFBSSxnQkFBZ0IsQ0FBQztRQUMxRCxJQUFJLENBQUMsTUFBTSxHQUFHLE1BQU0sQ0FBQyxNQUFNLElBQUksT0FBTyxDQUFDO1FBQ3ZDLElBQUksQ0FBQyxZQUFZLEdBQUcsTUFBTSxDQUFDLFlBQVksSUFBSSxTQUFTLENBQUM7UUFDckQsSUFBSSxDQUFDLGFBQWEsR0FBRyxNQUFNLENBQUMsMEJBQTBCLElBQUksSUFBSSxDQUFDO1FBQy9ELElBQUksQ0FBQyxRQUFRLEdBQUcsTUFBTSxDQUFDLHFCQUFxQixJQUFJLENBQUMsQ0FBQztRQUVsRCxJQUFJLENBQUMsTUFBTSxDQUFDLGtCQUFrQixJQUFJLENBQUMsTUFBTSxDQUFDLFdBQVcsQ0FBQyxJQUFJLENBQUMsQ0FBQyxNQUFNLENBQUMsa0JBQWtCLElBQUksTUFBTSxDQUFDLFdBQVcsQ0FBQyxFQUFFLENBQUM7WUFDM0csTUFBTSxJQUFJLEtBQUssQ0FDWCw0RkFBNEYsQ0FDL0YsQ0FBQztRQUNOLENBQUM7UUFFRCxJQUFJLENBQUMsa0JBQWtCLEdBQUcsTUFBTSxDQUFDLGtCQUFrQixJQUFJLElBQUksQ0FBQyxrQkFBa0IsQ0FBQztRQUMvRSxJQUFJLENBQUMsV0FBVyxHQUFHLE1BQU0sQ0FBQyxXQUFXLElBQUksb0JBQVcsQ0FBQyxLQUFLLENBQUM7UUFFM0QsTUFBTSxlQUFlLEdBQUcsTUFBTSxDQUFDLGVBQWUsSUFBSSxDQUFDLEdBQUcsRUFBRSxHQUFHLElBQUksQ0FBQztRQUVoRSxJQUFJLFdBQVcsSUFBSSxFQUFFLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyxXQUFXLENBQUMsRUFBRSxDQUFDO1lBQ2pELElBQUksQ0FBQyxjQUFjLEVBQUUsQ0FBQztRQUMxQixDQUFDO1FBRUQsSUFBSSxDQUFDLEVBQUUsQ0FBQyxVQUFVLENBQUMsSUFBSSxDQUFDLFdBQVcsQ0FBQyxFQUFFLENBQUM7WUFDbkMsRUFBRSxDQUFDLFNBQVMsQ0FBQyxJQUFJLENBQUMsV0FBVyxFQUFFLEVBQUUsU0FBUyxFQUFFLElBQUksRUFBRSxDQUFDLENBQUM7UUFDeEQsQ0FBQztRQUVELElBQUksQ0FBQyxXQUFXLEdBQUcsSUFBSSxhQUFhLENBQUMsZUFBZSxDQUFDLENBQUM7SUFDMUQsQ0FBQztJQUVPLGNBQWM7UUFDbEIsRUFBRSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsV0FBVyxFQUFFO1lBQ3hCLFNBQVMsRUFBRSxJQUFJO1lBQ2YsS0FBSyxFQUFFLElBQUk7U0FDZCxDQUFDLENBQUM7SUFDUCxDQUFDO0lBRUQ7Ozs7T0FJRztJQUNJLEtBQUssQ0FBQyxzQkFBc0IsQ0FBQyxNQUFpQjtRQUNqRCxNQUFNLFNBQVMsR0FBRyxNQUFNLGdCQUFNLENBQUMsWUFBWSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUMzRCxNQUFNLFNBQVMsR0FBRyxNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsTUFBTSxDQUFDLEtBQUssQ0FBQyxDQUFDO1FBQ3RELE1BQU0saUJBQWlCLEdBQUcsTUFBTSxnQkFBTSxDQUFDLGdCQUFnQixDQUFDO1lBQ3BELFFBQVEsRUFBRSxTQUFTLENBQUMsWUFBWTtZQUNoQyxVQUFVLEVBQUUsU0FBUyxDQUFDLFVBQVU7WUFDaEMsVUFBVSxFQUFFLFNBQVMsQ0FBQyxVQUFVO1lBQ2hDLFdBQVcsRUFBRSxNQUFNLENBQUMsV0FBVztZQUMvQixPQUFPLEVBQUUsTUFBTSxDQUFDLE1BQU07WUFDdEIsU0FBUyxFQUFFLE1BQU0sQ0FBQyxLQUFLO1NBQzFCLENBQUMsQ0FBQztRQUVILElBQUksQ0FBQyxTQUFTLENBQUMsTUFBTSxDQUFDLGlCQUFpQixDQUFDO1lBQ3BDLE1BQU0sSUFBSSxLQUFLLENBQUMsc0RBQXNELENBQUMsQ0FBQztRQUU1RSxNQUFNLG1CQUFtQixHQUFHLE1BQU0sZ0JBQU0sQ0FBQyxnQkFBZ0IsQ0FBQztZQUN0RCxRQUFRLEVBQUUsU0FBUyxDQUFDLFlBQVk7WUFDaEMsVUFBVSxFQUFFLFNBQVMsQ0FBQyxVQUFVO1lBQ2hDLFVBQVUsRUFBRSxTQUFTLENBQUMsVUFBVTtZQUNoQyxXQUFXLEVBQUUsTUFBTSxDQUFDLFdBQVc7WUFDL0IsT0FBTyxFQUFFLGdCQUFNLENBQUMsU0FBUyxDQUFDLGdDQUFzQixDQUFDO1lBQ2pELFNBQVMsRUFBRSxDQUFDO1NBQ2YsQ0FBQyxDQUFDO1FBRUgsT0FBTyxtQkFBbUIsQ0FBQztJQUMvQixDQUFDO0lBRVMsS0FBSyxDQUFDLGFBQWEsQ0FBQyxRQUFnQjtRQUMxQyxNQUFNLEVBQUUsYUFBYSxFQUFFLFFBQVEsRUFBRSxHQUFHLElBQUksQ0FBQztRQUN6QyxNQUFNLFFBQVEsR0FBRyxNQUFNLGdCQUFVLENBQUMsZUFBZSxDQUFnQjtZQUM3RCxXQUFXLENBQUMsUUFBUTtnQkFDaEIsT0FBTyxFQUFFLFVBQVUsRUFBRSxRQUFRLENBQUMsTUFBTSxLQUFLLEdBQUcsRUFBRSxDQUFDO1lBQ25ELENBQUM7WUFDRCxPQUFPLEVBQUUsS0FBSyxJQUFJLEVBQUU7Z0JBQ2hCLE9BQU8sSUFBSSxDQUFDLGFBQWEsQ0FBQyxHQUFHLENBQUMsUUFBUSxFQUFFO29CQUNwQyxZQUFZLEVBQUUsYUFBYTtpQkFDOUIsQ0FBQyxDQUFDO1lBQ1AsQ0FBQztZQUNELFVBQVUsQ0FBQyxHQUFHO2dCQUNWLElBQUksZUFBSyxDQUFDLFlBQVksQ0FBQyxHQUFHLENBQUMsSUFBSSxHQUFHLENBQUMsUUFBUSxFQUFFLENBQUM7b0JBQzFDLE1BQU0sTUFBTSxHQUFHLEdBQUcsQ0FBQyxRQUFRLENBQUMsTUFBTSxDQUFDO29CQUVuQyxPQUFPLEVBQUUsU0FBUyxFQUFFLE1BQU0sR0FBRyxHQUFHLElBQUksTUFBTSxJQUFJLEdBQUcsSUFBSSxNQUFNLEtBQUssR0FBRyxFQUFFLENBQUM7Z0JBQzFFLENBQUM7Z0JBRUQsT0FBTyxFQUFFLFNBQVMsRUFBRSxlQUFLLENBQUMsWUFBWSxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUM7WUFDbEQsQ0FBQztZQUNELGFBQWE7WUFDYixRQUFRO1NBQ1gsQ0FBQyxDQUFDO1FBRUgsT0FBTyxRQUFRLENBQUMsSUFBSSxDQUFDO0lBQ3pCLENBQUM7SUFFUyxhQUFhLENBQUMsSUFBWTtRQUNoQyxNQUFNLEVBQUUsR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsT0FBTyxDQUFDLENBQVcsQ0FBQztRQUN4RCxNQUFNLFVBQVUsR0FBRyxFQUFFLENBQUMsTUFBTSxFQUFFLE1BQU0sQ0FBQztRQUNyQyxJQUFJLENBQUMsVUFBVSxFQUFFLENBQUM7WUFDZCxNQUFNLElBQUksS0FBSyxDQUFDLHdCQUF3QixDQUFDLENBQUM7UUFDOUMsQ0FBQztRQUVELE1BQU0sVUFBVSxHQUFHLEVBQUUsQ0FBQyxNQUFNLEVBQUUsTUFBTSxDQUFDO1FBRXJDLE1BQU0sSUFBSSxHQUFHLEVBQUUsQ0FBQyxRQUFRLElBQUksRUFBRSxDQUFDLElBQUksQ0FBQztRQUNwQyxJQUFJLENBQUMsSUFBSSxFQUFFLENBQUM7WUFDUixNQUFNLElBQUksS0FBSyxDQUFDLHdDQUF3QyxDQUFDLENBQUM7UUFDOUQsQ0FBQztRQUVELE1BQU0sRUFBRSxNQUFNLEVBQUUsTUFBTSxFQUFFLE1BQU0sRUFBRSxRQUFRLEVBQUUsR0FBRyxJQUFJLENBQUM7UUFFbEQsSUFBSSxDQUFDLE1BQU0sSUFBSSxDQUFDLE1BQU0sSUFBSSxDQUFDLE1BQU0sSUFBSSxDQUFDLFFBQVEsRUFBRSxDQUFDO1lBQzdDLE1BQU0sSUFBSSxLQUFLLENBQUMsNkNBQTZDLENBQUMsQ0FBQztRQUNuRSxDQUFDO1FBRUQsT0FBTztZQUNILFVBQVUsRUFBRSxNQUFNLENBQUMsSUFBSSxDQUFDLFVBQVUsRUFBRSxLQUFLLENBQUM7WUFDMUMsVUFBVSxFQUFFLFVBQVUsQ0FBQyxDQUFDLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxVQUFVLEVBQUUsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDLFNBQVM7WUFDbkUsUUFBUSxFQUFFLE1BQU0sQ0FBQyxJQUFJLENBQUMsTUFBTSxFQUFFLEtBQUssQ0FBQztZQUNwQyxVQUFVLEVBQUUsTUFBTTtZQUNsQixVQUFVLEVBQUUsTUFBTTtZQUNsQixZQUFZLEVBQUUsUUFBUTtTQUN6QixDQUFDO0lBQ04sQ0FBQztJQUVTLE1BQU0sQ0FBQyxjQUFjLENBQUMsR0FBRyxHQUFHLFFBQVE7UUFDMUMsTUFBTSxJQUFJLEdBQUcsSUFBQSxtQkFBVSxFQUFDLEdBQUcsQ0FBQyxDQUFDO1FBRTdCLE9BQU87WUFDSCxPQUFPLEVBQUUsSUFBSSxrQkFBUyxDQUFDO2dCQUNuQixTQUFTLEVBQUUsQ0FBQyxJQUFJLEVBQUUsUUFBUSxFQUFFLElBQUksRUFBUSxFQUFFO29CQUN0QyxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxDQUFDO29CQUNsQixJQUFJLENBQUMsSUFBSSxFQUFFLElBQUksQ0FBQyxDQUFDO2dCQUNyQixDQUFDO2FBQ0osQ0FBQztZQUNGLEdBQUcsRUFBRSxHQUFHLEVBQUUsQ0FBQyxJQUFJLENBQUMsTUFBTSxFQUFFO1NBQzNCLENBQUM7SUFDTixDQUFDO0lBRVMsTUFBTSxDQUFDLEtBQUssQ0FBQyxTQUFTLENBQUMsUUFBZ0I7UUFDN0MsSUFBSSxDQUFDO1lBQ0QsTUFBTSxPQUFPLENBQUMsTUFBTSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1lBRS9CLE9BQU8sSUFBSSxDQUFDO1FBQ2hCLENBQUM7UUFBQyxPQUFPLEdBQUcsRUFBRSxDQUFDO1lBQ1gsT0FBTyxLQUFLLENBQUM7UUFDakIsQ0FBQztJQUNMLENBQUM7SUFFUyxLQUFLLENBQUMsV0FBVyxDQUFDLEtBQWE7UUFDckMsTUFBTSxFQUFFLGFBQWEsRUFBRSxRQUFRLEVBQUUsR0FBRyxJQUFJLENBQUM7UUFDekMsTUFBTSxRQUFRLEdBQUcsTUFBTSxnQkFBVSxDQUFDLGVBQWUsQ0FBZ0I7WUFDN0QsV0FBVyxDQUFDLFFBQVE7Z0JBQ2hCLE9BQU8sRUFBRSxVQUFVLEVBQUUsUUFBUSxDQUFDLE1BQU0sS0FBSyxHQUFHLEVBQUUsQ0FBQztZQUNuRCxDQUFDO1lBQ0QsT0FBTyxFQUFFLEtBQUssSUFBSSxFQUFFO2dCQUNoQixPQUFPLElBQUksQ0FBQyxhQUFhLENBQUMsR0FBRyxDQUN6QixnQ0FBZ0MsSUFBSSxDQUFDLFdBQVcsSUFBSSxJQUFJLENBQUMsTUFBTSxrQkFBa0IsS0FBSyxFQUFFLENBQzNGLENBQUM7WUFDTixDQUFDO1lBQ0QsVUFBVSxDQUFDLEdBQUc7Z0JBQ1YsSUFBSSxlQUFLLENBQUMsWUFBWSxDQUFDLEdBQUcsQ0FBQyxJQUFJLEdBQUcsQ0FBQyxRQUFRLEVBQUUsQ0FBQztvQkFDMUMsTUFBTSxNQUFNLEdBQUcsR0FBRyxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUM7b0JBRW5DLE9BQU8sRUFBRSxTQUFTLEVBQUUsTUFBTSxHQUFHLEdBQUcsSUFBSSxNQUFNLElBQUksR0FBRyxJQUFJLE1BQU0sS0FBSyxHQUFHLEVBQUUsQ0FBQztnQkFDMUUsQ0FBQztnQkFFRCxPQUFPLEVBQUUsU0FBUyxFQUFFLGVBQUssQ0FBQyxZQUFZLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQztZQUNsRCxDQUFDO1lBQ0QsYUFBYTtZQUNiLFFBQVE7U0FDWCxDQUFDLENBQUM7UUFDSCxNQUFNLEVBQUUsSUFBSSxFQUFFLEdBQUcsUUFBUSxDQUFDO1FBQzFCLE1BQU0sS0FBSyxHQUFHLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQUMsS0FBdUIsRUFBRSxFQUFFLENBQUMsS0FBSyxDQUFDLElBQUksS0FBSyxJQUFJLENBQUMsWUFBWSxDQUFDLENBQUM7UUFFOUYsT0FBTyxLQUFLLENBQUMsb0JBQW9CLENBQUM7SUFDdEMsQ0FBQztJQUVTLEtBQUssQ0FBQyxVQUFVLENBQUMsS0FBYTtRQUNwQyxJQUFJLFNBQVMsR0FBRyxLQUFLLENBQUM7UUFDdEIsSUFBSSxPQUFpQixDQUFDO1FBRXRCLE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxXQUFXLENBQUMsR0FBRyxDQUFDLEtBQUssQ0FBQyxDQUFDO1FBQzNDLElBQUksTUFBTSxFQUFFLENBQUM7WUFDVCxTQUFTLEdBQUcsSUFBSSxDQUFDO1lBQ2pCLE9BQU8sR0FBRyxNQUFNLENBQUM7UUFDckIsQ0FBQzthQUFNLENBQUM7WUFDSixJQUFJLENBQUM7Z0JBQ0QsTUFBTSxRQUFRLEdBQUcsTUFBTSxJQUFJLENBQUMsV0FBVyxDQUFDLEtBQUssQ0FBQyxDQUFDO2dCQUMvQyxNQUFNLEVBQUUsR0FBRyxNQUFNLElBQUksQ0FBQyxhQUFhLENBQUMsUUFBUSxDQUFDLENBQUM7Z0JBQzlDLE9BQU8sR0FBRyxJQUFJLENBQUMsYUFBYSxDQUFDLEVBQUUsQ0FBQyxDQUFDO1lBQ3JDLENBQUM7WUFBQyxPQUFPLEtBQUssRUFBRSxDQUFDO2dCQUNiLE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxXQUFXLENBQUMsR0FBRyxDQUFDLEtBQUssRUFBRSxJQUFJLENBQUMsQ0FBQztnQkFDakQsSUFBSSxNQUFNLEVBQUUsQ0FBQztvQkFDVCxTQUFTLEdBQUcsSUFBSSxDQUFDO29CQUNqQixPQUFPLEdBQUcsTUFBTSxDQUFDO2dCQUNyQixDQUFDO3FCQUFNLENBQUM7b0JBQ0osTUFBTSxLQUFLLENBQUM7Z0JBQ2hCLENBQUM7WUFDTCxDQUFDO1FBQ0wsQ0FBQztRQUVELE1BQU0sUUFBUSxHQUFHLElBQUksQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLFdBQVcsRUFBRSxHQUFHLE9BQU8sQ0FBQyxRQUFRLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQyxVQUFVLENBQUMsQ0FBQztRQUU1RixJQUFJLG1CQUFtQixHQUFHLEtBQUssQ0FBQztRQUNoQyxJQUFJLE1BQU0sc0JBQXNCLENBQUMsU0FBUyxDQUFDLFFBQVEsQ0FBQyxFQUFFLENBQUM7WUFDbkQsTUFBTSxVQUFVLEdBQUcsRUFBRSxDQUFDLGdCQUFnQixDQUFDLFFBQVEsQ0FBQyxDQUFDO1lBQ2pELE1BQU0sSUFBSSxHQUFHLE1BQU0sZUFBTSxDQUFDLFVBQVUsQ0FBQyxVQUFVLEVBQUU7Z0JBQzdDLElBQUksRUFBRSxzQkFBYSxDQUFDLE1BQU07Z0JBQzFCLFFBQVEsRUFBRSxpQkFBUSxDQUFDLEdBQUc7YUFDekIsQ0FBQyxDQUFDO1lBRUgsSUFBSSxPQUFPLENBQUMsUUFBUSxDQUFDLFFBQVEsQ0FBQyxLQUFLLENBQUMsS0FBSyxJQUFJLENBQUMsSUFBSSxFQUFFLENBQUM7Z0JBQ2pELG1CQUFtQixHQUFHLElBQUksQ0FBQztZQUMvQixDQUFDO1FBQ0wsQ0FBQztRQUVELElBQUksbUJBQW1CLEtBQUssSUFBSSxFQUFFLENBQUM7WUFDL0IsTUFBTSxJQUFJLENBQUMsWUFBWSxDQUFDLE9BQU8sRUFBRSxRQUFRLENBQUMsQ0FBQztRQUMvQyxDQUFDO1FBRUQsSUFBSSxTQUFTLEtBQUssSUFBSSxFQUFFLENBQUM7WUFDckIsSUFBSSxDQUFDLFdBQVcsQ0FBQyxHQUFHLENBQUMsS0FBSyxFQUFFLE9BQU8sQ0FBQyxDQUFDO1FBQ3pDLENBQUM7UUFFRCxPQUFPO1lBQ0gsVUFBVSxFQUFFLE9BQU8sQ0FBQyxVQUFVO1lBQzlCLFVBQVUsRUFBRSxPQUFPLENBQUMsVUFBVTtZQUM5QixZQUFZLEVBQUUsUUFBUTtTQUN6QixDQUFDO0lBQ04sQ0FBQztJQUVTLEtBQUssQ0FBQyxZQUFZLENBQUMsT0FBaUIsRUFBRSxRQUFnQjtRQUM1RCxNQUFNLFdBQVcsR0FBNkI7WUFDMUMsR0FBRyxJQUFJLENBQUMsa0JBQWtCO1lBQzFCLE1BQU0sRUFBRSxPQUFPLENBQUMsVUFBVTtZQUMxQixNQUFNLEVBQUUsT0FBTyxDQUFDLFVBQVUsQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxVQUFVLENBQUMsQ0FBQyxDQUFDLEdBQUcsT0FBTyxDQUFDLFVBQVUsR0FBRztTQUMzRixDQUFDO1FBRUYsTUFBTSxNQUFNLEdBQWtCO1lBQzFCLFdBQVcsRUFBRSxJQUFJLENBQUMsV0FBVztZQUM3QixXQUFXO1NBQ2QsQ0FBQztRQUVGLE1BQU0sZUFBZSxHQUFHLElBQUEsMkJBQWtCLEVBQUMsTUFBTSxDQUFDLENBQUM7UUFDbkQsTUFBTSxnQkFBZ0IsR0FBRyxNQUFNLGVBQWUsQ0FBQyxZQUFZLENBQUMsT0FBTyxDQUFDLFlBQVksRUFBRSxFQUFFLENBQUMsQ0FBQztRQUN0RixNQUFNLEVBQUUsT0FBTyxFQUFFLFVBQVUsRUFBRSxHQUFHLEVBQUUsYUFBYSxFQUFFLEdBQUcsc0JBQXNCLENBQUMsY0FBYyxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQ3BHLE1BQU0saUJBQVEsQ0FBQyxRQUFRLENBQUMsZ0JBQWdCLEVBQUUsVUFBVSxFQUFFLEVBQUUsQ0FBQyxpQkFBaUIsQ0FBQyxRQUFRLENBQUMsQ0FBQyxDQUFDO1FBRXRGLElBQUksQ0FBQyxPQUFPLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBQyxhQUFhLEVBQUUsQ0FBQyxFQUFFLENBQUM7WUFDNUMsTUFBTSxJQUFJLEtBQUssQ0FBQywrREFBK0QsQ0FBQyxDQUFDO1FBQ3JGLENBQUM7SUFDTCxDQUFDO0NBQ0o7QUE5UUQsd0RBOFFDIn0=
|