@super-protocol/addons-tee 0.9.8 → 0.9.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/bindings/amd-sev-snp-napi-rs/amd-sev-snp-napi-rs.linux-x64-gnu.node +0 -0
- package/bindings/amd-sev-snp-napi-rs/index.d.ts +0 -27
- package/bindings/amd-sev-snp-napi-rs/index.js +1 -12
- package/bindings/sp-sev/.github/workflows/lint.yml +3 -3
- package/bindings/sp-sev/.github/workflows/test.yml +2 -163
- package/bindings/sp-sev/Cargo.lock +281 -521
- package/bindings/sp-sev/Cargo.toml +11 -11
- package/bindings/sp-sev/tests/api.rs +6 -9
- package/bindings/sp-sev/tests/certs.rs +5 -4
- package/bindings/sp-sev/tests/guest.rs +1 -2
- package/bindings/sp-sev/tests/id-block.rs +5 -9
- package/bindings/sp-sev/tests/snp_launch.rs +1 -1
- package/bindings/utils/virtee/libsev.so +0 -0
- package/bindings/utils/virtee/snpguest +0 -0
- package/dist/sgx-native-module/index.d.ts +0 -1
- package/dist/sgx-native-module/index.js +1 -2
- package/dist/sgx-native-module/sev-snp-mrenclave.d.ts +1 -1
- package/dist/sgx-native-module/sev-snp-mrenclave.js +6 -38
- package/dist/sgx-native-module/sev-snp.d.ts +9 -21
- package/dist/sgx-native-module/sev-snp.js +91 -107
- package/package.json +2 -3
- package/dist/sgx-native-module/sev-snp-schema.d.ts +0 -22
- package/dist/sgx-native-module/sev-snp-schema.js +0 -24
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
[package]
|
|
2
2
|
name = "sev"
|
|
3
|
-
version = "
|
|
3
|
+
version = "5.0.0"
|
|
4
4
|
authors = [
|
|
5
5
|
"Nathaniel McCallum <npmccallum@redhat.com>",
|
|
6
6
|
"The VirTEE Project Developers",
|
|
@@ -20,7 +20,7 @@ categories = [
|
|
|
20
20
|
"hardware-support",
|
|
21
21
|
]
|
|
22
22
|
exclude = [".gitignore", ".github/*"]
|
|
23
|
-
rust-version = "1.
|
|
23
|
+
rust-version = "1.80.0"
|
|
24
24
|
|
|
25
25
|
[badges]
|
|
26
26
|
# See https://doc.rust-lang.org/cargo/reference/manifest.html#the-badges-section
|
|
@@ -45,20 +45,20 @@ snp = []
|
|
|
45
45
|
crypto_nossl = ["dep:p384", "dep:rsa", "dep:sha2", "dep:x509-cert"]
|
|
46
46
|
|
|
47
47
|
[target.'cfg(target_os = "linux")'.dependencies]
|
|
48
|
-
iocuddle = "
|
|
48
|
+
iocuddle = "0.1"
|
|
49
49
|
|
|
50
50
|
[dependencies]
|
|
51
|
-
openssl = { version = "0.10", optional = true
|
|
51
|
+
openssl = { version = "0.10", optional = true }
|
|
52
52
|
serde = { version = "1.0", features = ["derive"] }
|
|
53
53
|
serde_bytes = "0.11"
|
|
54
|
-
bitflags = "2
|
|
54
|
+
bitflags = "1.2"
|
|
55
55
|
codicon = "3.0"
|
|
56
|
-
dirs = "
|
|
56
|
+
dirs = "5.0"
|
|
57
57
|
serde-big-array = "0.5.1"
|
|
58
58
|
static_assertions = "^1.1.0"
|
|
59
|
-
bitfield = "^0.
|
|
59
|
+
bitfield = "^0.15"
|
|
60
60
|
uuid = { version = "^1.11", features = ["serde"] }
|
|
61
|
-
bincode =
|
|
61
|
+
bincode = "^1.3"
|
|
62
62
|
hex = "0.4.3"
|
|
63
63
|
libc = "0.2.161"
|
|
64
64
|
lazy_static = "1.4.0"
|
|
@@ -69,12 +69,12 @@ x509-cert = { version = "0.2.5", optional = true }
|
|
|
69
69
|
byteorder = "1.4.3"
|
|
70
70
|
base64 = "0.22.1"
|
|
71
71
|
rdrand = { version = "^0.8", optional = true }
|
|
72
|
-
reqwest = { version
|
|
73
|
-
tokio = {
|
|
72
|
+
reqwest = { version="0.11.10", features = ["blocking"], optional = true }
|
|
73
|
+
tokio = {version = "1.29.1", features =["rt-multi-thread"], optional = true }
|
|
74
74
|
|
|
75
75
|
[target.'cfg(target_os = "linux")'.dev-dependencies]
|
|
76
76
|
kvm-ioctls = ">=0.16"
|
|
77
|
-
kvm-bindings = "^0.11"
|
|
78
77
|
|
|
79
78
|
[dev-dependencies]
|
|
79
|
+
kvm-bindings = ">=0.9.1"
|
|
80
80
|
serial_test = "3.0"
|
|
@@ -1,15 +1,13 @@
|
|
|
1
1
|
// SPDX-License-Identifier: Apache-2.0
|
|
2
2
|
|
|
3
3
|
#[cfg(all(feature = "sev", target_os = "linux"))]
|
|
4
|
+
|
|
4
5
|
mod sev {
|
|
5
6
|
#[cfg(feature = "dangerous_hw_tests")]
|
|
6
7
|
use serial_test::serial;
|
|
7
8
|
#[cfg(feature = "dangerous_hw_tests")]
|
|
8
9
|
use sev::cached_chain;
|
|
9
|
-
use sev::{
|
|
10
|
-
certs::sev::sev::Usage,
|
|
11
|
-
firmware::host::{Build, Firmware, Version},
|
|
12
|
-
};
|
|
10
|
+
use sev::{certs::sev::sev::Usage, firmware::host::Firmware, Build, Version};
|
|
13
11
|
|
|
14
12
|
#[cfg(feature = "dangerous_hw_tests")]
|
|
15
13
|
#[cfg_attr(not(host), ignore)]
|
|
@@ -149,8 +147,8 @@ mod snp {
|
|
|
149
147
|
reported tcb tee version: {}
|
|
150
148
|
reported tcb bootloader version: {}
|
|
151
149
|
state: {}",
|
|
152
|
-
status.version.
|
|
153
|
-
status.version.
|
|
150
|
+
status.version.major,
|
|
151
|
+
status.version.minor,
|
|
154
152
|
status.build_id,
|
|
155
153
|
status.guest_count,
|
|
156
154
|
status.platform_tcb_version.microcode,
|
|
@@ -176,9 +174,8 @@ mod snp {
|
|
|
176
174
|
#[cfg_attr(not(all(host, feature = "dangerous_hw_tests")), ignore)]
|
|
177
175
|
#[test]
|
|
178
176
|
#[serial]
|
|
179
|
-
fn
|
|
177
|
+
fn set_config() {
|
|
180
178
|
let mut fw: Firmware = Firmware::open().unwrap();
|
|
181
|
-
|
|
182
179
|
fw.snp_set_config(Config::default()).unwrap();
|
|
183
180
|
}
|
|
184
181
|
|
|
@@ -187,7 +184,7 @@ mod snp {
|
|
|
187
184
|
#[serial]
|
|
188
185
|
fn test_host_fw_error() {
|
|
189
186
|
let mut fw: Firmware = Firmware::open().unwrap();
|
|
190
|
-
let invalid_config = Config::new(TcbVersion::new(
|
|
187
|
+
let invalid_config = Config::new(TcbVersion::new(100, 100, 100, 100), MaskId(31));
|
|
191
188
|
let fw_error = fw.snp_set_config(invalid_config).unwrap_err().to_string();
|
|
192
189
|
assert_eq!(fw_error, "Firmware Error Encountered: Known SEV FW Error: Status Code: 0x16: Given parameter is invalid.")
|
|
193
190
|
}
|
|
@@ -24,7 +24,6 @@ mod sev {
|
|
|
24
24
|
|
|
25
25
|
#[cfg(all(feature = "snp", any(feature = "openssl", feature = "crypto_nossl")))]
|
|
26
26
|
mod snp {
|
|
27
|
-
|
|
28
27
|
use sev::certs::snp::{builtin::milan, ca, Certificate, Chain, Verifiable};
|
|
29
28
|
|
|
30
29
|
const TEST_MILAN_VCEK_DER: &[u8] = include_bytes!("certs_data/vcek_milan.der");
|
|
@@ -86,7 +85,8 @@ mod snp {
|
|
|
86
85
|
let chain = Chain { ca, vek: vcek };
|
|
87
86
|
|
|
88
87
|
let report_bytes = hex::decode(TEST_MILAN_ATTESTATION_REPORT).unwrap();
|
|
89
|
-
let report: AttestationReport =
|
|
88
|
+
let report: AttestationReport =
|
|
89
|
+
unsafe { std::ptr::read(report_bytes.as_ptr() as *const _) };
|
|
90
90
|
|
|
91
91
|
assert_eq!((&chain, &report).verify().ok(), Some(()));
|
|
92
92
|
}
|
|
@@ -104,8 +104,9 @@ mod snp {
|
|
|
104
104
|
let chain = Chain { ca, vek: vcek };
|
|
105
105
|
|
|
106
106
|
let mut report_bytes = hex::decode(TEST_MILAN_ATTESTATION_REPORT).unwrap();
|
|
107
|
-
report_bytes[
|
|
108
|
-
let report =
|
|
107
|
+
report_bytes[0] ^= 0x80;
|
|
108
|
+
let report: AttestationReport =
|
|
109
|
+
unsafe { std::ptr::read(report_bytes.as_ptr() as *const _) };
|
|
109
110
|
|
|
110
111
|
assert_eq!((&chain, &report).verify().ok(), None);
|
|
111
112
|
}
|
|
@@ -27,7 +27,7 @@ fn get_ext_report() {
|
|
|
27
27
|
#[cfg_attr(not(guest), ignore)]
|
|
28
28
|
#[test]
|
|
29
29
|
fn get_derived_key() {
|
|
30
|
-
let derived_key = DerivedKey::new(false, GuestFieldSelect(1), 0, 0, 0
|
|
30
|
+
let derived_key = DerivedKey::new(false, GuestFieldSelect(1), 0, 0, 0);
|
|
31
31
|
|
|
32
32
|
let mut fw = Firmware::open().unwrap();
|
|
33
33
|
|
|
@@ -43,7 +43,6 @@ fn guest_fw_error() {
|
|
|
43
43
|
0xFFFFFFFF,
|
|
44
44
|
0xFFFFFFFF,
|
|
45
45
|
0xFFFFFFFFFFFFFFFF,
|
|
46
|
-
Some(0xFFFFFFFFFFFFFFFF),
|
|
47
46
|
);
|
|
48
47
|
|
|
49
48
|
let mut fw = Firmware::open().unwrap();
|
|
@@ -18,8 +18,6 @@ use sev::measurement::{
|
|
|
18
18
|
snp::SnpLaunchDigest,
|
|
19
19
|
};
|
|
20
20
|
|
|
21
|
-
use sev::BINCODE_CFG;
|
|
22
|
-
|
|
23
21
|
// Testing that the appropriate id-block and key digests are being generated.
|
|
24
22
|
#[test]
|
|
25
23
|
fn test_id_block_and_key_digests() {
|
|
@@ -47,8 +45,8 @@ fn test_id_block_and_key_digests() {
|
|
|
47
45
|
.unwrap();
|
|
48
46
|
|
|
49
47
|
// Converting ID-block and key digests into BASE64
|
|
50
|
-
let id_block_string =
|
|
51
|
-
.encode(bincode::
|
|
48
|
+
let id_block_string =
|
|
49
|
+
general_purpose::STANDARD.encode(bincode::serialize(&block_calculations.id_block).unwrap());
|
|
52
50
|
let id_key_digest_string = general_purpose::STANDARD
|
|
53
51
|
.encode::<Vec<u8>>(block_calculations.id_key_digest.try_into().unwrap());
|
|
54
52
|
let auth_key_digest_string = general_purpose::STANDARD
|
|
@@ -138,8 +136,7 @@ fn test_auth_block_generation() {
|
|
|
138
136
|
let mut id_sig_file = fs::File::open("./tests/measurement/test_id_sig.bin").unwrap();
|
|
139
137
|
let mut id_block_bytes = Vec::new();
|
|
140
138
|
id_sig_file.read_to_end(&mut id_block_bytes).unwrap();
|
|
141
|
-
let
|
|
142
|
-
bincode::decode_from_slice(&id_block_bytes, BINCODE_CFG).unwrap();
|
|
139
|
+
let id_block_sig: SevEcdsaSig = bincode::deserialize(&id_block_bytes).unwrap();
|
|
143
140
|
|
|
144
141
|
// Get author private test key from pem
|
|
145
142
|
let author_ec_priv_key = load_priv_key(auth_path).unwrap();
|
|
@@ -151,8 +148,7 @@ fn test_auth_block_generation() {
|
|
|
151
148
|
let mut auth_sig_file = fs::File::open("./tests/measurement/test_auth_sig.bin").unwrap();
|
|
152
149
|
let mut auth_block_bytes = Vec::new();
|
|
153
150
|
auth_sig_file.read_to_end(&mut auth_block_bytes).unwrap();
|
|
154
|
-
let
|
|
155
|
-
bincode::decode_from_slice(&auth_block_bytes, BINCODE_CFG).unwrap();
|
|
151
|
+
let auth_block_sig: SevEcdsaSig = bincode::deserialize(&auth_block_bytes).unwrap();
|
|
156
152
|
|
|
157
153
|
let auth_block = IdAuth::new(
|
|
158
154
|
None,
|
|
@@ -164,7 +160,7 @@ fn test_auth_block_generation() {
|
|
|
164
160
|
);
|
|
165
161
|
|
|
166
162
|
// Generate Generate auth_block string
|
|
167
|
-
let id_auth_bytes = bincode::
|
|
163
|
+
let id_auth_bytes = bincode::serialize(&auth_block).unwrap();
|
|
168
164
|
let id_auth_str = general_purpose::STANDARD.encode(id_auth_bytes);
|
|
169
165
|
|
|
170
166
|
// Comparing auth_blocks
|
|
@@ -71,7 +71,7 @@ fn snp_launch_test() {
|
|
|
71
71
|
let launcher = Launcher::new(vm_fd, sev).unwrap();
|
|
72
72
|
|
|
73
73
|
let mut policy = GuestPolicy(0);
|
|
74
|
-
policy.set_smt_allowed(
|
|
74
|
+
policy.set_smt_allowed(1);
|
|
75
75
|
let start = Start::new(policy, [0; 16]);
|
|
76
76
|
|
|
77
77
|
let mut launcher = launcher.start(start).unwrap();
|
|
Binary file
|
|
Binary file
|
|
@@ -21,6 +21,5 @@ __exportStar(require("./dcap-quote-verify.service"), exports);
|
|
|
21
21
|
__exportStar(require("./pki.service"), exports);
|
|
22
22
|
__exportStar(require("./sev-snp"), exports);
|
|
23
23
|
__exportStar(require("./sev-snp-mrenclave"), exports);
|
|
24
|
-
__exportStar(require("./sev-snp-schema"), exports);
|
|
25
24
|
__exportStar(require("../proto/AmdSevSnp"), exports);
|
|
26
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
25
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvc2d4LW5hdGl2ZS1tb2R1bGUvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7OztBQUFBLDJDQUF5QjtBQUN6QiwyQ0FBeUI7QUFDekIsb0RBQWtDO0FBQ2xDLDhEQUE0QztBQUM1QyxnREFBOEI7QUFDOUIsNENBQTBCO0FBQzFCLHNEQUFvQztBQUNwQyxxREFBbUMifQ==
|
|
@@ -6,9 +6,9 @@ import { SNPReport } from "../proto/AmdSevSnp";
|
|
|
6
6
|
interface VMCommon {
|
|
7
7
|
kernelHash: Buffer;
|
|
8
8
|
initrdHash: Buffer | undefined;
|
|
9
|
-
ovmfHash: Buffer;
|
|
10
9
|
}
|
|
11
10
|
interface VMConfig extends VMCommon {
|
|
11
|
+
ovmfHash: Buffer;
|
|
12
12
|
ovmfBucket: string;
|
|
13
13
|
ovmfPrefix: string;
|
|
14
14
|
ovmfFilename: string;
|
|
@@ -27,8 +27,6 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
27
27
|
};
|
|
28
28
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
29
29
|
exports.SNPMrEnclaveCalculator = void 0;
|
|
30
|
-
const typebox_1 = require("@sinclair/typebox");
|
|
31
|
-
const value_1 = require("@sinclair/typebox/value");
|
|
32
30
|
const fs = __importStar(require("fs"));
|
|
33
31
|
const fsAsync = __importStar(require("fs/promises"));
|
|
34
32
|
const path = __importStar(require("path"));
|
|
@@ -40,23 +38,6 @@ const dto_js_1 = require("@super-protocol/dto-js");
|
|
|
40
38
|
const crypto_1 = require("crypto");
|
|
41
39
|
const stream_1 = require("stream");
|
|
42
40
|
const helpers_1 = require("./helpers");
|
|
43
|
-
const amd_sev_snp_napi_rs_1 = require("../../bindings/amd-sev-snp-napi-rs/");
|
|
44
|
-
const VMJsonSchema = typebox_1.Type.Object({
|
|
45
|
-
kernel: typebox_1.Type.Object({ sha256: typebox_1.Type.String() }),
|
|
46
|
-
initrd: typebox_1.Type.Optional(typebox_1.Type.Object({ sha256: typebox_1.Type.String() })),
|
|
47
|
-
bios_amd: typebox_1.Type.Optional(typebox_1.Type.Object({
|
|
48
|
-
sha256: typebox_1.Type.String(),
|
|
49
|
-
bucket: typebox_1.Type.String(),
|
|
50
|
-
prefix: typebox_1.Type.String(),
|
|
51
|
-
filename: typebox_1.Type.String(),
|
|
52
|
-
})),
|
|
53
|
-
bios: typebox_1.Type.Optional(typebox_1.Type.Object({
|
|
54
|
-
sha256: typebox_1.Type.String(),
|
|
55
|
-
bucket: typebox_1.Type.String(),
|
|
56
|
-
prefix: typebox_1.Type.String(),
|
|
57
|
-
filename: typebox_1.Type.String(),
|
|
58
|
-
})),
|
|
59
|
-
});
|
|
60
41
|
class VMConfigCache {
|
|
61
42
|
constructor(ttl = 5 * 60 * 1000) {
|
|
62
43
|
this.cache = {};
|
|
@@ -132,15 +113,9 @@ class SNPMrEnclaveCalculator {
|
|
|
132
113
|
cmdLineHash: Buffer.from(report.cmdLineHash),
|
|
133
114
|
vcpuSig: report.cpuSig,
|
|
134
115
|
vcpuCount: report.cores,
|
|
135
|
-
vmpl: await (0, amd_sev_snp_napi_rs_1.getReportVmpl)(Buffer.from(report.rawReport)),
|
|
136
|
-
policy: await (0, amd_sev_snp_napi_rs_1.getReportPolicy)(Buffer.from(report.rawReport)),
|
|
137
116
|
});
|
|
138
117
|
if (!mrEnclave.equals(expectedMrEnclave))
|
|
139
|
-
throw new Error(
|
|
140
|
-
`mrEnclave: ${mrEnclave.toString("hex")}\n` +
|
|
141
|
-
`expectedMrEnclave: ${expectedMrEnclave.toString("hex")}\n` +
|
|
142
|
-
`report.build: ${report.build}\n` +
|
|
143
|
-
`vmMeasure: ${JSON.stringify(vmMeasure)}`);
|
|
118
|
+
throw new Error("Expected mrEnclave does not match the calculated one");
|
|
144
119
|
const singleCoreMrEnclave = await sev_snp_1.SevSNP.calcSnpMrEnclave({
|
|
145
120
|
ovmfPath: vmMeasure.ovmfFilePath,
|
|
146
121
|
kernelHash: vmMeasure.kernelHash,
|
|
@@ -175,17 +150,11 @@ class SNPMrEnclaveCalculator {
|
|
|
175
150
|
return response.data;
|
|
176
151
|
}
|
|
177
152
|
extractVMData(data) {
|
|
178
|
-
const
|
|
179
|
-
const
|
|
180
|
-
|
|
181
|
-
|
|
182
|
-
const validationErrors = Array.from(value_1.Value.Errors(VMJsonSchema, parsed));
|
|
183
|
-
if (validationErrors.length > 0) {
|
|
184
|
-
throw new Error(`Failed to validate VM JSON: ${validationErrors.map((e) => e.message).join(", ")}`);
|
|
185
|
-
}
|
|
153
|
+
const vm = JSON.parse(data.toString("utf-8"));
|
|
154
|
+
const kernelHash = vm.kernel?.sha256;
|
|
155
|
+
if (!kernelHash) {
|
|
156
|
+
throw new Error("kernel hash is missing");
|
|
186
157
|
}
|
|
187
|
-
const vm = parsed;
|
|
188
|
-
const kernelHash = vm.kernel.sha256;
|
|
189
158
|
const initrdHash = vm.initrd?.sha256;
|
|
190
159
|
const OVMF = vm.bios_amd || vm.bios;
|
|
191
160
|
if (!OVMF) {
|
|
@@ -298,7 +267,6 @@ class SNPMrEnclaveCalculator {
|
|
|
298
267
|
initrdHash: vmFiles.initrdHash,
|
|
299
268
|
kernelHash: vmFiles.kernelHash,
|
|
300
269
|
ovmfFilePath: ovmfPath,
|
|
301
|
-
ovmfHash: vmFiles.ovmfHash,
|
|
302
270
|
};
|
|
303
271
|
}
|
|
304
272
|
async downloadOvmf(vmFiles, ovmfPath) {
|
|
@@ -320,4 +288,4 @@ class SNPMrEnclaveCalculator {
|
|
|
320
288
|
}
|
|
321
289
|
}
|
|
322
290
|
exports.SNPMrEnclaveCalculator = SNPMrEnclaveCalculator;
|
|
323
|
-
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2V2LXNucC1tcmVuY2xhdmUuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvc2d4LW5hdGl2ZS1tb2R1bGUvc2V2LXNucC1tcmVuY2xhdmUudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7QUFBQSwrQ0FBaUQ7QUFDakQsbURBQWdEO0FBQ2hELHVDQUF5QjtBQUN6QixxREFBdUM7QUFDdkMsMkNBQTZCO0FBQzdCLHVDQUF5QjtBQUN6Qix1Q0FBMkQ7QUFDM0Qsa0RBQTZDO0FBQzdDLG1EQU1nQztBQUNoQyxtREFBOEU7QUFDOUUsbUNBQW9DO0FBQ3BDLG1DQUE2QztBQUM3Qyx1Q0FBbUQ7QUFFbkQsNkVBQXFGO0FBa0JyRixNQUFNLFlBQVksR0FBRyxjQUFJLENBQUMsTUFBTSxDQUFDO0lBQzdCLE1BQU0sRUFBRSxjQUFJLENBQUMsTUFBTSxDQUFDLEVBQUUsTUFBTSxFQUFFLGNBQUksQ0FBQyxNQUFNLEVBQUUsRUFBRSxDQUFDO0lBQzlDLE1BQU0sRUFBRSxjQUFJLENBQUMsUUFBUSxDQUFDLGNBQUksQ0FBQyxNQUFNLENBQUMsRUFBRSxNQUFNLEVBQUUsY0FBSSxDQUFDLE1BQU0sRUFBRSxFQUFFLENBQUMsQ0FBQztJQUM3RCxRQUFRLEVBQUUsY0FBSSxDQUFDLFFBQVEsQ0FDbkIsY0FBSSxDQUFDLE1BQU0sQ0FBQztRQUNSLE1BQU0sRUFBRSxjQUFJLENBQUMsTUFBTSxFQUFFO1FBQ3JCLE1BQU0sRUFBRSxjQUFJLENBQUMsTUFBTSxFQUFFO1FBQ3JCLE1BQU0sRUFBRSxjQUFJLENBQUMsTUFBTSxFQUFFO1FBQ3JCLFFBQVEsRUFBRSxjQUFJLENBQUMsTUFBTSxFQUFFO0tBQzFCLENBQUMsQ0FDTDtJQUNELElBQUksRUFBRSxjQUFJLENBQUMsUUFBUSxDQUNmLGNBQUksQ0FBQyxNQUFNLENBQUM7UUFDUixNQUFNLEVBQUUsY0FBSSxDQUFDLE1BQU0sRUFBRTtRQUNyQixNQUFNLEVBQUUsY0FBSSxDQUFDLE1BQU0sRUFBRTtRQUNyQixNQUFNLEVBQUUsY0FBSSxDQUFDLE1BQU0sRUFBRTtRQUNyQixRQUFRLEVBQUUsY0FBSSxDQUFDLE1BQU0sRUFBRTtLQUMxQixDQUFDLENBQ0w7Q0FDSixDQUFDLENBQUM7QUFHSCxNQUFNLGFBQWE7SUFJZixZQUFZLE1BQWMsQ0FBQyxHQUFHLEVBQUUsR0FBRyxJQUFJO1FBSC9CLFVBQUssR0FBOEQsRUFBRSxDQUFDO1FBSTFFLElBQUksQ0FBQyxHQUFHLEdBQUcsR0FBRyxDQUFDO0lBQ25CLENBQUM7SUFFRCxHQUFHLENBQUMsR0FBVyxFQUFFLEtBQWU7UUFDNUIsTUFBTSxTQUFTLEdBQUcsSUFBSSxDQUFDLEdBQUcsRUFBRSxDQUFDO1FBQzdCLElBQUksQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLEdBQUc7WUFDZCxLQUFLO1lBQ0wsU0FBUztTQUNaLENBQUM7SUFDTixDQUFDO0lBRUQsR0FBRyxDQUFDLEdBQVcsRUFBRSxRQUFpQixLQUFLO1FBQ25DLE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUM7UUFFL0IsSUFBSSxNQUFNLEVBQUUsQ0FBQztZQUNULElBQUksS0FBSyxLQUFLLEtBQUssRUFBRSxDQUFDO2dCQUNsQixNQUFNLEdBQUcsR0FBRyxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUM7Z0JBQ3ZCLElBQUksR0FBRyxHQUFHLE1BQU0sQ0FBQyxTQUFTLEdBQUcsSUFBSSxDQUFDLEdBQUcsRUFBRSxDQUFDO29CQUNwQyxPQUFPLElBQUksQ0FBQztnQkFDaEIsQ0FBQztZQUNMLENBQUM7WUFFRCxPQUFPLE1BQU0sQ0FBQyxLQUFLLENBQUM7UUFDeEIsQ0FBQztRQUVELE9BQU8sSUFBSSxDQUFDO0lBQ2hCLENBQUM7SUFFRCxLQUFLO1FBQ0QsSUFBSSxDQUFDLEtBQUssR0FBRyxFQUFFLENBQUM7SUFDcEIsQ0FBQztDQUNKO0FBY0QsTUFBYSxzQkFBc0I7SUFzQi9CLFlBQVksTUFBa0M7UUFqQjdCLGtCQUFhLEdBQUcsZUFBSyxDQUFDLE1BQU0sRUFBRSxDQUFDO1FBSy9CLHVCQUFrQixHQUFrQjtZQUNqRCxXQUFXLEVBQUUsb0JBQVcsQ0FBQyxFQUFFO1lBQzNCLFdBQVcsRUFBRTtnQkFDVCxRQUFRLEVBQUUsK0JBQStCO2dCQUN6QyxXQUFXLEVBQUUsOEJBQThCO2dCQUMzQyxTQUFTLEVBQUUsdURBQXVEO2dCQUNsRSwyREFBMkQ7Z0JBQzNELE1BQU0sRUFBRSxFQUFFO2dCQUNWLE1BQU0sRUFBRSxFQUFFO2FBQ2I7U0FDSixDQUFDO1FBR0UsSUFBSSxDQUFDLFdBQVcsR0FBRyxNQUFNLENBQUMsV0FBVyxJQUFJLEVBQUUsQ0FBQyxXQUFXLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsTUFBTSxFQUFFLEVBQUUsc0JBQXNCLENBQUMsQ0FBQyxDQUFDO1FBQ3hHLE1BQU0sV0FBVyxHQUFHLE1BQU0sQ0FBQyxXQUFXLElBQUksS0FBSyxDQUFDO1FBQ2hELElBQUksQ0FBQyxXQUFXLEdBQUcsTUFBTSxDQUFDLFdBQVcsSUFBSSxnQkFBZ0IsQ0FBQztRQUMxRCxJQUFJLENBQUMsTUFBTSxHQUFHLE1BQU0sQ0FBQyxNQUFNLElBQUksT0FBTyxDQUFDO1FBQ3ZDLElBQUksQ0FBQyxZQUFZLEdBQUcsTUFBTSxDQUFDLFlBQVksSUFBSSxTQUFTLENBQUM7UUFDckQsSUFBSSxDQUFDLGFBQWEsR0FBRyxNQUFNLENBQUMsMEJBQTBCLElBQUksSUFBSSxDQUFDO1FBQy9ELElBQUksQ0FBQyxRQUFRLEdBQUcsTUFBTSxDQUFDLHFCQUFxQixJQUFJLENBQUMsQ0FBQztRQUVsRCxJQUFJLENBQUMsYUFBYSxHQUFHLE1BQU0sQ0FBQyxhQUFhLElBQUksSUFBSSxDQUFDLGtCQUFrQixDQUFDO1FBRXJFLE1BQU0sZUFBZSxHQUFHLE1BQU0sQ0FBQyxlQUFlLElBQUksQ0FBQyxHQUFHLEVBQUUsR0FBRyxJQUFJLENBQUM7UUFFaEUsSUFBSSxXQUFXLEVBQUUsQ0FBQztZQUNkLElBQUEsZ0NBQXNCLEVBQUMsSUFBSSxDQUFDLFdBQVcsQ0FBQyxDQUFDO1FBQzdDLENBQUM7UUFFRCxJQUFJLENBQUMsRUFBRSxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUMsV0FBVyxDQUFDLEVBQUUsQ0FBQztZQUNuQyxFQUFFLENBQUMsU0FBUyxDQUFDLElBQUksQ0FBQyxXQUFXLEVBQUUsRUFBRSxTQUFTLEVBQUUsSUFBSSxFQUFFLENBQUMsQ0FBQztRQUN4RCxDQUFDO1FBRUQsSUFBSSxDQUFDLFdBQVcsR0FBRyxJQUFJLGFBQWEsQ0FBQyxlQUFlLENBQUMsQ0FBQztJQUMxRCxDQUFDO0lBRUQ7Ozs7T0FJRztJQUNJLEtBQUssQ0FBQyxzQkFBc0IsQ0FBQyxNQUFpQjtRQUNqRCxNQUFNLFNBQVMsR0FBRyxNQUFNLGdCQUFNLENBQUMsWUFBWSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxDQUFDLENBQUM7UUFDM0UsTUFBTSxTQUFTLEdBQUcsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsQ0FBQztRQUN0RCxNQUFNLGlCQUFpQixHQUFHLE1BQU0sZ0JBQU0sQ0FBQyxnQkFBZ0IsQ0FBQztZQUNwRCxRQUFRLEVBQUUsU0FBUyxDQUFDLFlBQVk7WUFDaEMsVUFBVSxFQUFFLFNBQVMsQ0FBQyxVQUFVO1lBQ2hDLFVBQVUsRUFBRSxTQUFTLENBQUMsVUFBVTtZQUNoQyxXQUFXLEVBQUUsTUFBTSxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsV0FBVyxDQUFDO1lBQzVDLE9BQU8sRUFBRSxNQUFNLENBQUMsTUFBTTtZQUN0QixTQUFTLEVBQUUsTUFBTSxDQUFDLEtBQUs7WUFDdkIsSUFBSSxFQUFFLE1BQU0sSUFBQSxtQ0FBYSxFQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxDQUFDO1lBQ3hELE1BQU0sRUFBRSxNQUFNLElBQUEscUNBQWUsRUFBQyxNQUFNLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxTQUFTLENBQUMsQ0FBQztTQUMvRCxDQUFDLENBQUM7UUFFSCxJQUFJLENBQUMsU0FBUyxDQUFDLE1BQU0sQ0FBQyxpQkFBaUIsQ0FBQztZQUNwQyxNQUFNLElBQUksS0FBSyxDQUNYLHlEQUF5RDtnQkFDckQsY0FBYyxTQUFTLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQyxJQUFJO2dCQUMzQyxzQkFBc0IsaUJBQWlCLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQyxJQUFJO2dCQUMzRCxpQkFBaUIsTUFBTSxDQUFDLEtBQUssSUFBSTtnQkFDakMsY0FBYyxJQUFJLENBQUMsU0FBUyxDQUFDLFNBQVMsQ0FBQyxFQUFFLENBQ2hELENBQUM7UUFFTixNQUFNLG1CQUFtQixHQUFHLE1BQU0sZ0JBQU0sQ0FBQyxnQkFBZ0IsQ0FBQztZQUN0RCxRQUFRLEVBQUUsU0FBUyxDQUFDLFlBQVk7WUFDaEMsVUFBVSxFQUFFLFNBQVMsQ0FBQyxVQUFVO1lBQ2hDLFVBQVUsRUFBRSxTQUFTLENBQUMsVUFBVTtZQUNoQyxXQUFXLEVBQUUsTUFBTSxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsV0FBVyxDQUFDO1lBQzVDLE9BQU8sRUFBRSxnQkFBTSxDQUFDLFNBQVMsQ0FBQyxnQ0FBc0IsQ0FBQztZQUNqRCxTQUFTLEVBQUUsQ0FBQztTQUNmLENBQUMsQ0FBQztRQUVILE9BQU8sbUJBQW1CLENBQUM7SUFDL0IsQ0FBQztJQUVTLEtBQUssQ0FBQyxhQUFhLENBQUMsUUFBZ0I7UUFDMUMsTUFBTSxFQUFFLGFBQWEsRUFBRSxRQUFRLEVBQUUsR0FBRyxJQUFJLENBQUM7UUFDekMsTUFBTSxRQUFRLEdBQUcsTUFBTSxnQkFBVSxDQUFDLGVBQWUsQ0FBZ0I7WUFDN0QsV0FBVyxDQUFDLFFBQVE7Z0JBQ2hCLE9BQU8sRUFBRSxVQUFVLEVBQUUsUUFBUSxDQUFDLE1BQU0sS0FBSyxHQUFHLEVBQUUsQ0FBQztZQUNuRCxDQUFDO1lBQ0QsT0FBTyxFQUFFLEtBQUssSUFBSSxFQUFFO2dCQUNoQixPQUFPLElBQUksQ0FBQyxhQUFhLENBQUMsR0FBRyxDQUFDLFFBQVEsRUFBRTtvQkFDcEMsWUFBWSxFQUFFLGFBQWE7aUJBQzlCLENBQUMsQ0FBQztZQUNQLENBQUM7WUFDRCxVQUFVLENBQUMsR0FBRztnQkFDVixJQUFJLGVBQUssQ0FBQyxZQUFZLENBQUMsR0FBRyxDQUFDLElBQUksR0FBRyxDQUFDLFFBQVEsRUFBRSxDQUFDO29CQUMxQyxNQUFNLE1BQU0sR0FBRyxHQUFHLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBQztvQkFFbkMsT0FBTyxFQUFFLFNBQVMsRUFBRSxNQUFNLEdBQUcsR0FBRyxJQUFJLE1BQU0sSUFBSSxHQUFHLElBQUksTUFBTSxLQUFLLEdBQUcsRUFBRSxDQUFDO2dCQUMxRSxDQUFDO2dCQUVELE9BQU8sRUFBRSxTQUFTLEVBQUUsZUFBSyxDQUFDLFlBQVksQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDO1lBQ2xELENBQUM7WUFDRCxhQUFhO1lBQ2IsUUFBUTtTQUNYLENBQUMsQ0FBQztRQUVILE9BQU8sUUFBUSxDQUFDLElBQUksQ0FBQztJQUN6QixDQUFDO0lBRVMsYUFBYSxDQUFDLElBQVk7UUFDaEMsTUFBTSxLQUFLLEdBQUcsSUFBSSxDQUFDLFFBQVEsQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUVyQyxNQUFNLE1BQU0sR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxDQUFDO1FBQ2pDLE1BQU0sRUFBRSxPQUFPLEVBQUUsR0FBRyxJQUFBLHlCQUFnQixFQUFDLE1BQU0sRUFBRSxZQUFZLENBQUMsQ0FBQztRQUMzRCxJQUFJLENBQUMsT0FBTyxFQUFFLENBQUM7WUFDWCxNQUFNLGdCQUFnQixHQUFHLEtBQUssQ0FBQyxJQUFJLENBQUMsYUFBSyxDQUFDLE1BQU0sQ0FBQyxZQUFZLEVBQUUsTUFBTSxDQUFDLENBQUMsQ0FBQztZQUN4RSxJQUFJLGdCQUFnQixDQUFDLE1BQU0sR0FBRyxDQUFDLEVBQUUsQ0FBQztnQkFDOUIsTUFBTSxJQUFJLEtBQUssQ0FBQywrQkFBK0IsZ0JBQWdCLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsT0FBTyxDQUFDLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsQ0FBQztZQUN4RyxDQUFDO1FBQ0wsQ0FBQztRQUVELE1BQU0sRUFBRSxHQUFHLE1BQWdCLENBQUM7UUFFNUIsTUFBTSxVQUFVLEdBQUcsRUFBRSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUM7UUFDcEMsTUFBTSxVQUFVLEdBQUcsRUFBRSxDQUFDLE1BQU0sRUFBRSxNQUFNLENBQUM7UUFFckMsTUFBTSxJQUFJLEdBQUcsRUFBRSxDQUFDLFFBQVEsSUFBSSxFQUFFLENBQUMsSUFBSSxDQUFDO1FBQ3BDLElBQUksQ0FBQyxJQUFJLEVBQUUsQ0FBQztZQUNSLE1BQU0sSUFBSSxLQUFLLENBQUMsd0NBQXdDLENBQUMsQ0FBQztRQUM5RCxDQUFDO1FBRUQsTUFBTSxFQUFFLE1BQU0sRUFBRSxNQUFNLEVBQUUsTUFBTSxFQUFFLFFBQVEsRUFBRSxHQUFHLElBQUksQ0FBQztRQUVsRCxJQUFJLENBQUMsTUFBTSxJQUFJLENBQUMsTUFBTSxJQUFJLENBQUMsTUFBTSxJQUFJLENBQUMsUUFBUSxFQUFFLENBQUM7WUFDN0MsTUFBTSxJQUFJLEtBQUssQ0FBQyw2Q0FBNkMsQ0FBQyxDQUFDO1FBQ25FLENBQUM7UUFFRCxPQUFPO1lBQ0gsVUFBVSxFQUFFLE1BQU0sQ0FBQyxJQUFJLENBQUMsVUFBVSxFQUFFLEtBQUssQ0FBQztZQUMxQyxVQUFVLEVBQUUsVUFBVSxDQUFDLENBQUMsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLFVBQVUsRUFBRSxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUMsU0FBUztZQUNuRSxRQUFRLEVBQUUsTUFBTSxDQUFDLElBQUksQ0FBQyxNQUFNLEVBQUUsS0FBSyxDQUFDO1lBQ3BDLFVBQVUsRUFBRSxNQUFNO1lBQ2xCLFVBQVUsRUFBRSxNQUFNO1lBQ2xCLFlBQVksRUFBRSxRQUFRO1NBQ3pCLENBQUM7SUFDTixDQUFDO0lBRVMsTUFBTSxDQUFDLGNBQWMsQ0FBQyxHQUFHLEdBQUcsUUFBUTtRQUMxQyxNQUFNLElBQUksR0FBRyxJQUFBLG1CQUFVLEVBQUMsR0FBRyxDQUFDLENBQUM7UUFFN0IsT0FBTztZQUNILE9BQU8sRUFBRSxJQUFJLGtCQUFTLENBQUM7Z0JBQ25CLFNBQVMsRUFBRSxDQUFDLElBQUksRUFBRSxRQUFRLEVBQUUsSUFBSSxFQUFRLEVBQUU7b0JBQ3RDLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQUM7b0JBQ2xCLElBQUksQ0FBQyxJQUFJLEVBQUUsSUFBSSxDQUFDLENBQUM7Z0JBQ3JCLENBQUM7YUFDSixDQUFDO1lBQ0YsR0FBRyxFQUFFLEdBQUcsRUFBRSxDQUFDLElBQUksQ0FBQyxNQUFNLEVBQUU7U0FDM0IsQ0FBQztJQUNOLENBQUM7SUFFUyxNQUFNLENBQUMsS0FBSyxDQUFDLFNBQVMsQ0FBQyxRQUFnQjtRQUM3QyxJQUFJLENBQUM7WUFDRCxNQUFNLE9BQU8sQ0FBQyxNQUFNLENBQUMsUUFBUSxFQUFFLEVBQUUsQ0FBQyxTQUFTLENBQUMsSUFBSSxDQUFDLENBQUM7WUFFbEQsT0FBTyxJQUFJLENBQUM7UUFDaEIsQ0FBQztRQUFDLE9BQU8sR0FBRyxFQUFFLENBQUM7WUFDWCxPQUFPLEtBQUssQ0FBQztRQUNqQixDQUFDO0lBQ0wsQ0FBQztJQUVTLEtBQUssQ0FBQyxXQUFXLENBQUMsS0FBYTtRQUNyQyxNQUFNLEVBQUUsYUFBYSxFQUFFLFFBQVEsRUFBRSxHQUFHLElBQUksQ0FBQztRQUN6QyxNQUFNLFFBQVEsR0FBRyxNQUFNLGdCQUFVLENBQUMsZUFBZSxDQUFnQjtZQUM3RCxXQUFXLENBQUMsUUFBUTtnQkFDaEIsT0FBTyxFQUFFLFVBQVUsRUFBRSxRQUFRLENBQUMsTUFBTSxLQUFLLEdBQUcsRUFBRSxDQUFDO1lBQ25ELENBQUM7WUFDRCxPQUFPLEVBQUUsS0FBSyxJQUFJLEVBQUU7Z0JBQ2hCLE9BQU8sSUFBSSxDQUFDLGFBQWEsQ0FBQyxHQUFHLENBQ3pCLGdDQUFnQyxJQUFJLENBQUMsV0FBVyxJQUFJLElBQUksQ0FBQyxNQUFNLGtCQUFrQixLQUFLLEVBQUUsQ0FDM0YsQ0FBQztZQUNOLENBQUM7WUFDRCxVQUFVLENBQUMsR0FBRztnQkFDVixJQUFJLGVBQUssQ0FBQyxZQUFZLENBQUMsR0FBRyxDQUFDLElBQUksR0FBRyxDQUFDLFFBQVEsRUFBRSxDQUFDO29CQUMxQyxNQUFNLE1BQU0sR0FBRyxHQUFHLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBQztvQkFFbkMsT0FBTyxFQUFFLFNBQVMsRUFBRSxNQUFNLEdBQUcsR0FBRyxJQUFJLE1BQU0sSUFBSSxHQUFHLElBQUksTUFBTSxLQUFLLEdBQUcsRUFBRSxDQUFDO2dCQUMxRSxDQUFDO2dCQUVELE9BQU8sRUFBRSxTQUFTLEVBQUUsZUFBSyxDQUFDLFlBQVksQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDO1lBQ2xELENBQUM7WUFDRCxhQUFhO1lBQ2IsUUFBUTtTQUNYLENBQUMsQ0FBQztRQUNILE1BQU0sRUFBRSxJQUFJLEVBQUUsR0FBRyxRQUFRLENBQUM7UUFDMUIsTUFBTSxLQUFLLEdBQUcsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FBQyxLQUF1QixFQUFFLEVBQUUsQ0FBQyxLQUFLLENBQUMsSUFBSSxLQUFLLElBQUksQ0FBQyxZQUFZLENBQUMsQ0FBQztRQUU5RixJQUFJLENBQUMsS0FBSyxFQUFFLENBQUM7WUFDVCxNQUFNLElBQUksS0FBSyxDQUFDLDhCQUE4QixJQUFJLENBQUMsWUFBWSxjQUFjLEtBQUssR0FBRyxDQUFDLENBQUM7UUFDM0YsQ0FBQztRQUVELE9BQU8sS0FBSyxDQUFDLG9CQUFvQixDQUFDO0lBQ3RDLENBQUM7SUFFUyxLQUFLLENBQUMsVUFBVSxDQUFDLEtBQWE7UUFDcEMsSUFBSSxTQUFTLEdBQUcsS0FBSyxDQUFDO1FBQ3RCLElBQUksT0FBaUIsQ0FBQztRQUV0QixNQUFNLE1BQU0sR0FBRyxJQUFJLENBQUMsV0FBVyxDQUFDLEdBQUcsQ0FBQyxLQUFLLENBQUMsQ0FBQztRQUMzQyxJQUFJLE1BQU0sRUFBRSxDQUFDO1lBQ1QsU0FBUyxHQUFHLElBQUksQ0FBQztZQUNqQixPQUFPLEdBQUcsTUFBTSxDQUFDO1FBQ3JCLENBQUM7YUFBTSxDQUFDO1lBQ0osSUFBSSxDQUFDO2dCQUNELE1BQU0sUUFBUSxHQUFHLE1BQU0sSUFBSSxDQUFDLFdBQVcsQ0FBQyxLQUFLLENBQUMsQ0FBQztnQkFDL0MsTUFBTSxFQUFFLEdBQUcsTUFBTSxJQUFJLENBQUMsYUFBYSxDQUFDLFFBQVEsQ0FBQyxDQUFDO2dCQUM5QyxPQUFPLEdBQUcsSUFBSSxDQUFDLGFBQWEsQ0FBQyxFQUFFLENBQUMsQ0FBQztZQUNyQyxDQUFDO1lBQUMsT0FBTyxLQUFLLEVBQUUsQ0FBQztnQkFDYixNQUFNLE1BQU0sR0FBRyxJQUFJLENBQUMsV0FBVyxDQUFDLEdBQUcsQ0FBQyxLQUFLLEVBQUUsSUFBSSxDQUFDLENBQUM7Z0JBQ2pELElBQUksTUFBTSxFQUFFLENBQUM7b0JBQ1QsU0FBUyxHQUFHLElBQUksQ0FBQztvQkFDakIsT0FBTyxHQUFHLE1BQU0sQ0FBQztnQkFDckIsQ0FBQztxQkFBTSxDQUFDO29CQUNKLE1BQU0sS0FBSyxDQUFDO2dCQUNoQixDQUFDO1lBQ0wsQ0FBQztRQUNMLENBQUM7UUFFRCxNQUFNLFFBQVEsR0FBRyxJQUFJLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxXQUFXLEVBQUUsR0FBRyxPQUFPLENBQUMsUUFBUSxDQUFDLFFBQVEsQ0FBQyxLQUFLLENBQUMsVUFBVSxDQUFDLENBQUM7UUFFNUYsSUFBSSxtQkFBbUIsR0FBRyxLQUFLLENBQUM7UUFDaEMsSUFBSSxNQUFNLHNCQUFzQixDQUFDLFNBQVMsQ0FBQyxRQUFRLENBQUMsRUFBRSxDQUFDO1lBQ25ELE1BQU0sVUFBVSxHQUFHLEVBQUUsQ0FBQyxnQkFBZ0IsQ0FBQyxRQUFRLENBQUMsQ0FBQztZQUNqRCxNQUFNLElBQUksR0FBRyxNQUFNLGVBQU0sQ0FBQyxVQUFVLENBQUMsVUFBVSxFQUFFO2dCQUM3QyxJQUFJLEVBQUUsc0JBQWEsQ0FBQyxNQUFNO2dCQUMxQixRQUFRLEVBQUUsaUJBQVEsQ0FBQyxHQUFHO2FBQ3pCLENBQUMsQ0FBQztZQUVILElBQUksT0FBTyxDQUFDLFFBQVEsQ0FBQyxRQUFRLENBQUMsS0FBSyxDQUFDLEtBQUssSUFBSSxDQUFDLElBQUksRUFBRSxDQUFDO2dCQUNqRCxtQkFBbUIsR0FBRyxJQUFJLENBQUM7WUFDL0IsQ0FBQztRQUNMLENBQUM7UUFFRCxJQUFJLG1CQUFtQixLQUFLLElBQUksRUFBRSxDQUFDO1lBQy9CLE1BQU0sSUFBSSxDQUFDLFlBQVksQ0FBQyxPQUFPLEVBQUUsUUFBUSxDQUFDLENBQUM7UUFDL0MsQ0FBQztRQUVELElBQUksU0FBUyxLQUFLLElBQUksRUFBRSxDQUFDO1lBQ3JCLElBQUksQ0FBQyxXQUFXLENBQUMsR0FBRyxDQUFDLEtBQUssRUFBRSxPQUFPLENBQUMsQ0FBQztRQUN6QyxDQUFDO1FBRUQsT0FBTztZQUNILFVBQVUsRUFBRSxPQUFPLENBQUMsVUFBVTtZQUM5QixVQUFVLEVBQUUsT0FBTyxDQUFDLFVBQVU7WUFDOUIsWUFBWSxFQUFFLFFBQVE7WUFDdEIsUUFBUSxFQUFFLE9BQU8sQ0FBQyxRQUFRO1NBQzdCLENBQUM7SUFDTixDQUFDO0lBRVMsS0FBSyxDQUFDLFlBQVksQ0FBQyxPQUFpQixFQUFFLFFBQWdCO1FBQzVELE1BQU0sTUFBTSxHQUFrQjtZQUMxQixHQUFHLElBQUksQ0FBQyxhQUFhO1lBQ3JCLFdBQVcsRUFBRTtnQkFDVCxHQUFHLElBQUksQ0FBQyxhQUFhLENBQUMsV0FBVztnQkFDakMsTUFBTSxFQUFFLE9BQU8sQ0FBQyxVQUFVO2dCQUMxQixNQUFNLEVBQUUsT0FBTyxDQUFDLFVBQVUsQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxVQUFVLENBQUMsQ0FBQyxDQUFDLEdBQUcsT0FBTyxDQUFDLFVBQVUsR0FBRzthQUMzRjtTQUNKLENBQUM7UUFFRixNQUFNLGVBQWUsR0FBRyxJQUFBLDJCQUFrQixFQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQ25ELE1BQU0sZ0JBQWdCLEdBQUcsTUFBTSxlQUFlLENBQUMsWUFBWSxDQUFDLE9BQU8sQ0FBQyxZQUFZLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFDdEYsTUFBTSxFQUFFLE9BQU8sRUFBRSxVQUFVLEVBQUUsR0FBRyxFQUFFLGFBQWEsRUFBRSxHQUFHLHNCQUFzQixDQUFDLGNBQWMsQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUNwRyxNQUFNLGlCQUFRLENBQUMsUUFBUSxDQUFDLGdCQUFnQixFQUFFLFVBQVUsRUFBRSxFQUFFLENBQUMsaUJBQWlCLENBQUMsUUFBUSxDQUFDLENBQUMsQ0FBQztRQUV0RixJQUFJLENBQUMsT0FBTyxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsYUFBYSxFQUFFLENBQUMsRUFBRSxDQUFDO1lBQzVDLE1BQU0sSUFBSSxLQUFLLENBQUMsK0RBQStELENBQUMsQ0FBQztRQUNyRixDQUFDO0lBQ0wsQ0FBQztDQUNKO0FBMVJELHdEQTBSQyJ9
|
|
291
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2V2LXNucC1tcmVuY2xhdmUuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvc2d4LW5hdGl2ZS1tb2R1bGUvc2V2LXNucC1tcmVuY2xhdmUudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7QUFBQSx1Q0FBeUI7QUFDekIscURBQXVDO0FBQ3ZDLDJDQUE2QjtBQUM3Qix1Q0FBeUI7QUFDekIsdUNBQTJEO0FBQzNELGtEQUE2QztBQUM3QyxtREFBMEc7QUFDMUcsbURBQThFO0FBQzlFLG1DQUFvQztBQUNwQyxtQ0FBNkM7QUFDN0MsdUNBQW1EO0FBbUNuRCxNQUFNLGFBQWE7SUFJZixZQUFZLE1BQWMsQ0FBQyxHQUFHLEVBQUUsR0FBRyxJQUFJO1FBSC9CLFVBQUssR0FBOEQsRUFBRSxDQUFDO1FBSTFFLElBQUksQ0FBQyxHQUFHLEdBQUcsR0FBRyxDQUFDO0lBQ25CLENBQUM7SUFFRCxHQUFHLENBQUMsR0FBVyxFQUFFLEtBQWU7UUFDNUIsTUFBTSxTQUFTLEdBQUcsSUFBSSxDQUFDLEdBQUcsRUFBRSxDQUFDO1FBQzdCLElBQUksQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLEdBQUc7WUFDZCxLQUFLO1lBQ0wsU0FBUztTQUNaLENBQUM7SUFDTixDQUFDO0lBRUQsR0FBRyxDQUFDLEdBQVcsRUFBRSxRQUFpQixLQUFLO1FBQ25DLE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUM7UUFFL0IsSUFBSSxNQUFNLEVBQUUsQ0FBQztZQUNULElBQUksS0FBSyxLQUFLLEtBQUssRUFBRSxDQUFDO2dCQUNsQixNQUFNLEdBQUcsR0FBRyxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUM7Z0JBQ3ZCLElBQUksR0FBRyxHQUFHLE1BQU0sQ0FBQyxTQUFTLEdBQUcsSUFBSSxDQUFDLEdBQUcsRUFBRSxDQUFDO29CQUNwQyxPQUFPLElBQUksQ0FBQztnQkFDaEIsQ0FBQztZQUNMLENBQUM7WUFFRCxPQUFPLE1BQU0sQ0FBQyxLQUFLLENBQUM7UUFDeEIsQ0FBQztRQUVELE9BQU8sSUFBSSxDQUFDO0lBQ2hCLENBQUM7SUFFRCxLQUFLO1FBQ0QsSUFBSSxDQUFDLEtBQUssR0FBRyxFQUFFLENBQUM7SUFDcEIsQ0FBQztDQUNKO0FBY0QsTUFBYSxzQkFBc0I7SUFzQi9CLFlBQVksTUFBa0M7UUFqQjdCLGtCQUFhLEdBQUcsZUFBSyxDQUFDLE1BQU0sRUFBRSxDQUFDO1FBSy9CLHVCQUFrQixHQUFrQjtZQUNqRCxXQUFXLEVBQUUsb0JBQVcsQ0FBQyxFQUFFO1lBQzNCLFdBQVcsRUFBRTtnQkFDVCxRQUFRLEVBQUUsK0JBQStCO2dCQUN6QyxXQUFXLEVBQUUsOEJBQThCO2dCQUMzQyxTQUFTLEVBQUUsdURBQXVEO2dCQUNsRSwyREFBMkQ7Z0JBQzNELE1BQU0sRUFBRSxFQUFFO2dCQUNWLE1BQU0sRUFBRSxFQUFFO2FBQ2I7U0FDSixDQUFDO1FBR0UsSUFBSSxDQUFDLFdBQVcsR0FBRyxNQUFNLENBQUMsV0FBVyxJQUFJLEVBQUUsQ0FBQyxXQUFXLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsTUFBTSxFQUFFLEVBQUUsc0JBQXNCLENBQUMsQ0FBQyxDQUFDO1FBQ3hHLE1BQU0sV0FBVyxHQUFHLE1BQU0sQ0FBQyxXQUFXLElBQUksS0FBSyxDQUFDO1FBQ2hELElBQUksQ0FBQyxXQUFXLEdBQUcsTUFBTSxDQUFDLFdBQVcsSUFBSSxnQkFBZ0IsQ0FBQztRQUMxRCxJQUFJLENBQUMsTUFBTSxHQUFHLE1BQU0sQ0FBQyxNQUFNLElBQUksT0FBTyxDQUFDO1FBQ3ZDLElBQUksQ0FBQyxZQUFZLEdBQUcsTUFBTSxDQUFDLFlBQVksSUFBSSxTQUFTLENBQUM7UUFDckQsSUFBSSxDQUFDLGFBQWEsR0FBRyxNQUFNLENBQUMsMEJBQTBCLElBQUksSUFBSSxDQUFDO1FBQy9ELElBQUksQ0FBQyxRQUFRLEdBQUcsTUFBTSxDQUFDLHFCQUFxQixJQUFJLENBQUMsQ0FBQztRQUVsRCxJQUFJLENBQUMsYUFBYSxHQUFHLE1BQU0sQ0FBQyxhQUFhLElBQUksSUFBSSxDQUFDLGtCQUFrQixDQUFDO1FBRXJFLE1BQU0sZUFBZSxHQUFHLE1BQU0sQ0FBQyxlQUFlLElBQUksQ0FBQyxHQUFHLEVBQUUsR0FBRyxJQUFJLENBQUM7UUFFaEUsSUFBSSxXQUFXLEVBQUUsQ0FBQztZQUNkLElBQUEsZ0NBQXNCLEVBQUMsSUFBSSxDQUFDLFdBQVcsQ0FBQyxDQUFDO1FBQzdDLENBQUM7UUFFRCxJQUFJLENBQUMsRUFBRSxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUMsV0FBVyxDQUFDLEVBQUUsQ0FBQztZQUNuQyxFQUFFLENBQUMsU0FBUyxDQUFDLElBQUksQ0FBQyxXQUFXLEVBQUUsRUFBRSxTQUFTLEVBQUUsSUFBSSxFQUFFLENBQUMsQ0FBQztRQUN4RCxDQUFDO1FBRUQsSUFBSSxDQUFDLFdBQVcsR0FBRyxJQUFJLGFBQWEsQ0FBQyxlQUFlLENBQUMsQ0FBQztJQUMxRCxDQUFDO0lBRUQ7Ozs7T0FJRztJQUNJLEtBQUssQ0FBQyxzQkFBc0IsQ0FBQyxNQUFpQjtRQUNqRCxNQUFNLFNBQVMsR0FBRyxNQUFNLGdCQUFNLENBQUMsWUFBWSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxDQUFDLENBQUM7UUFDM0UsTUFBTSxTQUFTLEdBQUcsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsQ0FBQztRQUN0RCxNQUFNLGlCQUFpQixHQUFHLE1BQU0sZ0JBQU0sQ0FBQyxnQkFBZ0IsQ0FBQztZQUNwRCxRQUFRLEVBQUUsU0FBUyxDQUFDLFlBQVk7WUFDaEMsVUFBVSxFQUFFLFNBQVMsQ0FBQyxVQUFVO1lBQ2hDLFVBQVUsRUFBRSxTQUFTLENBQUMsVUFBVTtZQUNoQyxXQUFXLEVBQUUsTUFBTSxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsV0FBVyxDQUFDO1lBQzVDLE9BQU8sRUFBRSxNQUFNLENBQUMsTUFBTTtZQUN0QixTQUFTLEVBQUUsTUFBTSxDQUFDLEtBQUs7U0FDMUIsQ0FBQyxDQUFDO1FBRUgsSUFBSSxDQUFDLFNBQVMsQ0FBQyxNQUFNLENBQUMsaUJBQWlCLENBQUM7WUFDcEMsTUFBTSxJQUFJLEtBQUssQ0FBQyxzREFBc0QsQ0FBQyxDQUFDO1FBRTVFLE1BQU0sbUJBQW1CLEdBQUcsTUFBTSxnQkFBTSxDQUFDLGdCQUFnQixDQUFDO1lBQ3RELFFBQVEsRUFBRSxTQUFTLENBQUMsWUFBWTtZQUNoQyxVQUFVLEVBQUUsU0FBUyxDQUFDLFVBQVU7WUFDaEMsVUFBVSxFQUFFLFNBQVMsQ0FBQyxVQUFVO1lBQ2hDLFdBQVcsRUFBRSxNQUFNLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxXQUFXLENBQUM7WUFDNUMsT0FBTyxFQUFFLGdCQUFNLENBQUMsU0FBUyxDQUFDLGdDQUFzQixDQUFDO1lBQ2pELFNBQVMsRUFBRSxDQUFDO1NBQ2YsQ0FBQyxDQUFDO1FBRUgsT0FBTyxtQkFBbUIsQ0FBQztJQUMvQixDQUFDO0lBRVMsS0FBSyxDQUFDLGFBQWEsQ0FBQyxRQUFnQjtRQUMxQyxNQUFNLEVBQUUsYUFBYSxFQUFFLFFBQVEsRUFBRSxHQUFHLElBQUksQ0FBQztRQUN6QyxNQUFNLFFBQVEsR0FBRyxNQUFNLGdCQUFVLENBQUMsZUFBZSxDQUFnQjtZQUM3RCxXQUFXLENBQUMsUUFBUTtnQkFDaEIsT0FBTyxFQUFFLFVBQVUsRUFBRSxRQUFRLENBQUMsTUFBTSxLQUFLLEdBQUcsRUFBRSxDQUFDO1lBQ25ELENBQUM7WUFDRCxPQUFPLEVBQUUsS0FBSyxJQUFJLEVBQUU7Z0JBQ2hCLE9BQU8sSUFBSSxDQUFDLGFBQWEsQ0FBQyxHQUFHLENBQUMsUUFBUSxFQUFFO29CQUNwQyxZQUFZLEVBQUUsYUFBYTtpQkFDOUIsQ0FBQyxDQUFDO1lBQ1AsQ0FBQztZQUNELFVBQVUsQ0FBQyxHQUFHO2dCQUNWLElBQUksZUFBSyxDQUFDLFlBQVksQ0FBQyxHQUFHLENBQUMsSUFBSSxHQUFHLENBQUMsUUFBUSxFQUFFLENBQUM7b0JBQzFDLE1BQU0sTUFBTSxHQUFHLEdBQUcsQ0FBQyxRQUFRLENBQUMsTUFBTSxDQUFDO29CQUVuQyxPQUFPLEVBQUUsU0FBUyxFQUFFLE1BQU0sR0FBRyxHQUFHLElBQUksTUFBTSxJQUFJLEdBQUcsSUFBSSxNQUFNLEtBQUssR0FBRyxFQUFFLENBQUM7Z0JBQzFFLENBQUM7Z0JBRUQsT0FBTyxFQUFFLFNBQVMsRUFBRSxlQUFLLENBQUMsWUFBWSxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUM7WUFDbEQsQ0FBQztZQUNELGFBQWE7WUFDYixRQUFRO1NBQ1gsQ0FBQyxDQUFDO1FBRUgsT0FBTyxRQUFRLENBQUMsSUFBSSxDQUFDO0lBQ3pCLENBQUM7SUFFUyxhQUFhLENBQUMsSUFBWTtRQUNoQyxNQUFNLEVBQUUsR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsT0FBTyxDQUFDLENBQVcsQ0FBQztRQUN4RCxNQUFNLFVBQVUsR0FBRyxFQUFFLENBQUMsTUFBTSxFQUFFLE1BQU0sQ0FBQztRQUNyQyxJQUFJLENBQUMsVUFBVSxFQUFFLENBQUM7WUFDZCxNQUFNLElBQUksS0FBSyxDQUFDLHdCQUF3QixDQUFDLENBQUM7UUFDOUMsQ0FBQztRQUVELE1BQU0sVUFBVSxHQUFHLEVBQUUsQ0FBQyxNQUFNLEVBQUUsTUFBTSxDQUFDO1FBRXJDLE1BQU0sSUFBSSxHQUFHLEVBQUUsQ0FBQyxRQUFRLElBQUksRUFBRSxDQUFDLElBQUksQ0FBQztRQUNwQyxJQUFJLENBQUMsSUFBSSxFQUFFLENBQUM7WUFDUixNQUFNLElBQUksS0FBSyxDQUFDLHdDQUF3QyxDQUFDLENBQUM7UUFDOUQsQ0FBQztRQUVELE1BQU0sRUFBRSxNQUFNLEVBQUUsTUFBTSxFQUFFLE1BQU0sRUFBRSxRQUFRLEVBQUUsR0FBRyxJQUFJLENBQUM7UUFFbEQsSUFBSSxDQUFDLE1BQU0sSUFBSSxDQUFDLE1BQU0sSUFBSSxDQUFDLE1BQU0sSUFBSSxDQUFDLFFBQVEsRUFBRSxDQUFDO1lBQzdDLE1BQU0sSUFBSSxLQUFLLENBQUMsNkNBQTZDLENBQUMsQ0FBQztRQUNuRSxDQUFDO1FBRUQsT0FBTztZQUNILFVBQVUsRUFBRSxNQUFNLENBQUMsSUFBSSxDQUFDLFVBQVUsRUFBRSxLQUFLLENBQUM7WUFDMUMsVUFBVSxFQUFFLFVBQVUsQ0FBQyxDQUFDLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxVQUFVLEVBQUUsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDLFNBQVM7WUFDbkUsUUFBUSxFQUFFLE1BQU0sQ0FBQyxJQUFJLENBQUMsTUFBTSxFQUFFLEtBQUssQ0FBQztZQUNwQyxVQUFVLEVBQUUsTUFBTTtZQUNsQixVQUFVLEVBQUUsTUFBTTtZQUNsQixZQUFZLEVBQUUsUUFBUTtTQUN6QixDQUFDO0lBQ04sQ0FBQztJQUVTLE1BQU0sQ0FBQyxjQUFjLENBQUMsR0FBRyxHQUFHLFFBQVE7UUFDMUMsTUFBTSxJQUFJLEdBQUcsSUFBQSxtQkFBVSxFQUFDLEdBQUcsQ0FBQyxDQUFDO1FBRTdCLE9BQU87WUFDSCxPQUFPLEVBQUUsSUFBSSxrQkFBUyxDQUFDO2dCQUNuQixTQUFTLEVBQUUsQ0FBQyxJQUFJLEVBQUUsUUFBUSxFQUFFLElBQUksRUFBUSxFQUFFO29CQUN0QyxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxDQUFDO29CQUNsQixJQUFJLENBQUMsSUFBSSxFQUFFLElBQUksQ0FBQyxDQUFDO2dCQUNyQixDQUFDO2FBQ0osQ0FBQztZQUNGLEdBQUcsRUFBRSxHQUFHLEVBQUUsQ0FBQyxJQUFJLENBQUMsTUFBTSxFQUFFO1NBQzNCLENBQUM7SUFDTixDQUFDO0lBRVMsTUFBTSxDQUFDLEtBQUssQ0FBQyxTQUFTLENBQUMsUUFBZ0I7UUFDN0MsSUFBSSxDQUFDO1lBQ0QsTUFBTSxPQUFPLENBQUMsTUFBTSxDQUFDLFFBQVEsRUFBRSxFQUFFLENBQUMsU0FBUyxDQUFDLElBQUksQ0FBQyxDQUFDO1lBRWxELE9BQU8sSUFBSSxDQUFDO1FBQ2hCLENBQUM7UUFBQyxPQUFPLEdBQUcsRUFBRSxDQUFDO1lBQ1gsT0FBTyxLQUFLLENBQUM7UUFDakIsQ0FBQztJQUNMLENBQUM7SUFFUyxLQUFLLENBQUMsV0FBVyxDQUFDLEtBQWE7UUFDckMsTUFBTSxFQUFFLGFBQWEsRUFBRSxRQUFRLEVBQUUsR0FBRyxJQUFJLENBQUM7UUFDekMsTUFBTSxRQUFRLEdBQUcsTUFBTSxnQkFBVSxDQUFDLGVBQWUsQ0FBZ0I7WUFDN0QsV0FBVyxDQUFDLFFBQVE7Z0JBQ2hCLE9BQU8sRUFBRSxVQUFVLEVBQUUsUUFBUSxDQUFDLE1BQU0sS0FBSyxHQUFHLEVBQUUsQ0FBQztZQUNuRCxDQUFDO1lBQ0QsT0FBTyxFQUFFLEtBQUssSUFBSSxFQUFFO2dCQUNoQixPQUFPLElBQUksQ0FBQyxhQUFhLENBQUMsR0FBRyxDQUN6QixnQ0FBZ0MsSUFBSSxDQUFDLFdBQVcsSUFBSSxJQUFJLENBQUMsTUFBTSxrQkFBa0IsS0FBSyxFQUFFLENBQzNGLENBQUM7WUFDTixDQUFDO1lBQ0QsVUFBVSxDQUFDLEdBQUc7Z0JBQ1YsSUFBSSxlQUFLLENBQUMsWUFBWSxDQUFDLEdBQUcsQ0FBQyxJQUFJLEdBQUcsQ0FBQyxRQUFRLEVBQUUsQ0FBQztvQkFDMUMsTUFBTSxNQUFNLEdBQUcsR0FBRyxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUM7b0JBRW5DLE9BQU8sRUFBRSxTQUFTLEVBQUUsTUFBTSxHQUFHLEdBQUcsSUFBSSxNQUFNLElBQUksR0FBRyxJQUFJLE1BQU0sS0FBSyxHQUFHLEVBQUUsQ0FBQztnQkFDMUUsQ0FBQztnQkFFRCxPQUFPLEVBQUUsU0FBUyxFQUFFLGVBQUssQ0FBQyxZQUFZLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQztZQUNsRCxDQUFDO1lBQ0QsYUFBYTtZQUNiLFFBQVE7U0FDWCxDQUFDLENBQUM7UUFDSCxNQUFNLEVBQUUsSUFBSSxFQUFFLEdBQUcsUUFBUSxDQUFDO1FBQzFCLE1BQU0sS0FBSyxHQUFHLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQUMsS0FBdUIsRUFBRSxFQUFFLENBQUMsS0FBSyxDQUFDLElBQUksS0FBSyxJQUFJLENBQUMsWUFBWSxDQUFDLENBQUM7UUFFOUYsSUFBSSxDQUFDLEtBQUssRUFBRSxDQUFDO1lBQ1QsTUFBTSxJQUFJLEtBQUssQ0FBQyw4QkFBOEIsSUFBSSxDQUFDLFlBQVksY0FBYyxLQUFLLEdBQUcsQ0FBQyxDQUFDO1FBQzNGLENBQUM7UUFFRCxPQUFPLEtBQUssQ0FBQyxvQkFBb0IsQ0FBQztJQUN0QyxDQUFDO0lBRVMsS0FBSyxDQUFDLFVBQVUsQ0FBQyxLQUFhO1FBQ3BDLElBQUksU0FBUyxHQUFHLEtBQUssQ0FBQztRQUN0QixJQUFJLE9BQWlCLENBQUM7UUFFdEIsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDLFdBQVcsQ0FBQyxHQUFHLENBQUMsS0FBSyxDQUFDLENBQUM7UUFDM0MsSUFBSSxNQUFNLEVBQUUsQ0FBQztZQUNULFNBQVMsR0FBRyxJQUFJLENBQUM7WUFDakIsT0FBTyxHQUFHLE1BQU0sQ0FBQztRQUNyQixDQUFDO2FBQU0sQ0FBQztZQUNKLElBQUksQ0FBQztnQkFDRCxNQUFNLFFBQVEsR0FBRyxNQUFNLElBQUksQ0FBQyxXQUFXLENBQUMsS0FBSyxDQUFDLENBQUM7Z0JBQy9DLE1BQU0sRUFBRSxHQUFHLE1BQU0sSUFBSSxDQUFDLGFBQWEsQ0FBQyxRQUFRLENBQUMsQ0FBQztnQkFDOUMsT0FBTyxHQUFHLElBQUksQ0FBQyxhQUFhLENBQUMsRUFBRSxDQUFDLENBQUM7WUFDckMsQ0FBQztZQUFDLE9BQU8sS0FBSyxFQUFFLENBQUM7Z0JBQ2IsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDLFdBQVcsQ0FBQyxHQUFHLENBQUMsS0FBSyxFQUFFLElBQUksQ0FBQyxDQUFDO2dCQUNqRCxJQUFJLE1BQU0sRUFBRSxDQUFDO29CQUNULFNBQVMsR0FBRyxJQUFJLENBQUM7b0JBQ2pCLE9BQU8sR0FBRyxNQUFNLENBQUM7Z0JBQ3JCLENBQUM7cUJBQU0sQ0FBQztvQkFDSixNQUFNLEtBQUssQ0FBQztnQkFDaEIsQ0FBQztZQUNMLENBQUM7UUFDTCxDQUFDO1FBRUQsTUFBTSxRQUFRLEdBQUcsSUFBSSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsV0FBVyxFQUFFLEdBQUcsT0FBTyxDQUFDLFFBQVEsQ0FBQyxRQUFRLENBQUMsS0FBSyxDQUFDLFVBQVUsQ0FBQyxDQUFDO1FBRTVGLElBQUksbUJBQW1CLEdBQUcsS0FBSyxDQUFDO1FBQ2hDLElBQUksTUFBTSxzQkFBc0IsQ0FBQyxTQUFTLENBQUMsUUFBUSxDQUFDLEVBQUUsQ0FBQztZQUNuRCxNQUFNLFVBQVUsR0FBRyxFQUFFLENBQUMsZ0JBQWdCLENBQUMsUUFBUSxDQUFDLENBQUM7WUFDakQsTUFBTSxJQUFJLEdBQUcsTUFBTSxlQUFNLENBQUMsVUFBVSxDQUFDLFVBQVUsRUFBRTtnQkFDN0MsSUFBSSxFQUFFLHNCQUFhLENBQUMsTUFBTTtnQkFDMUIsUUFBUSxFQUFFLGlCQUFRLENBQUMsR0FBRzthQUN6QixDQUFDLENBQUM7WUFFSCxJQUFJLE9BQU8sQ0FBQyxRQUFRLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQyxLQUFLLElBQUksQ0FBQyxJQUFJLEVBQUUsQ0FBQztnQkFDakQsbUJBQW1CLEdBQUcsSUFBSSxDQUFDO1lBQy9CLENBQUM7UUFDTCxDQUFDO1FBRUQsSUFBSSxtQkFBbUIsS0FBSyxJQUFJLEVBQUUsQ0FBQztZQUMvQixNQUFNLElBQUksQ0FBQyxZQUFZLENBQUMsT0FBTyxFQUFFLFFBQVEsQ0FBQyxDQUFDO1FBQy9DLENBQUM7UUFFRCxJQUFJLFNBQVMsS0FBSyxJQUFJLEVBQUUsQ0FBQztZQUNyQixJQUFJLENBQUMsV0FBVyxDQUFDLEdBQUcsQ0FBQyxLQUFLLEVBQUUsT0FBTyxDQUFDLENBQUM7UUFDekMsQ0FBQztRQUVELE9BQU87WUFDSCxVQUFVLEVBQUUsT0FBTyxDQUFDLFVBQVU7WUFDOUIsVUFBVSxFQUFFLE9BQU8sQ0FBQyxVQUFVO1lBQzlCLFlBQVksRUFBRSxRQUFRO1NBQ3pCLENBQUM7SUFDTixDQUFDO0lBRVMsS0FBSyxDQUFDLFlBQVksQ0FBQyxPQUFpQixFQUFFLFFBQWdCO1FBQzVELE1BQU0sTUFBTSxHQUFrQjtZQUMxQixHQUFHLElBQUksQ0FBQyxhQUFhO1lBQ3JCLFdBQVcsRUFBRTtnQkFDVCxHQUFHLElBQUksQ0FBQyxhQUFhLENBQUMsV0FBVztnQkFDakMsTUFBTSxFQUFFLE9BQU8sQ0FBQyxVQUFVO2dCQUMxQixNQUFNLEVBQUUsT0FBTyxDQUFDLFVBQVUsQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxVQUFVLENBQUMsQ0FBQyxDQUFDLEdBQUcsT0FBTyxDQUFDLFVBQVUsR0FBRzthQUMzRjtTQUNKLENBQUM7UUFFRixNQUFNLGVBQWUsR0FBRyxJQUFBLDJCQUFrQixFQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQ25ELE1BQU0sZ0JBQWdCLEdBQUcsTUFBTSxlQUFlLENBQUMsWUFBWSxDQUFDLE9BQU8sQ0FBQyxZQUFZLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFDdEYsTUFBTSxFQUFFLE9BQU8sRUFBRSxVQUFVLEVBQUUsR0FBRyxFQUFFLGFBQWEsRUFBRSxHQUFHLHNCQUFzQixDQUFDLGNBQWMsQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUNwRyxNQUFNLGlCQUFRLENBQUMsUUFBUSxDQUFDLGdCQUFnQixFQUFFLFVBQVUsRUFBRSxFQUFFLENBQUMsaUJBQWlCLENBQUMsUUFBUSxDQUFDLENBQUMsQ0FBQztRQUV0RixJQUFJLENBQUMsT0FBTyxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsYUFBYSxFQUFFLENBQUMsRUFBRSxDQUFDO1lBQzVDLE1BQU0sSUFBSSxLQUFLLENBQUMsK0RBQStELENBQUMsQ0FBQztRQUNyRixDQUFDO0lBQ0wsQ0FBQztDQUNKO0FBelFELHdEQXlRQyJ9
|
|
@@ -1,7 +1,10 @@
|
|
|
1
1
|
/// <reference types="node" />
|
|
2
|
-
import { CpuInfo
|
|
2
|
+
import { CpuInfo } from "../../bindings/amd-sev-snp-napi-rs/";
|
|
3
3
|
import { SnpCert, SevSnpCertificateFormat, SNPReport, SNPReportWithChain } from "../proto/AmdSevSnp";
|
|
4
|
-
|
|
4
|
+
export declare enum SupportedAmdSevSnpGenerations {
|
|
5
|
+
Milan = "Milan",
|
|
6
|
+
Genoa = "Genoa"
|
|
7
|
+
}
|
|
5
8
|
export interface CalcSnpMrEnclaveParams {
|
|
6
9
|
ovmfPath: string;
|
|
7
10
|
kernelHash: Buffer;
|
|
@@ -17,6 +20,8 @@ export declare const EMPTY_INITRD_SHA256_HASH: Buffer;
|
|
|
17
20
|
export type ArkHashes = {
|
|
18
21
|
[key: string]: Buffer;
|
|
19
22
|
};
|
|
23
|
+
export declare const ARK_MILAN = "-----BEGIN CERTIFICATE-----\nMIIGYzCCBBKgAwIBAgIDAQAAMEYGCSqGSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAIC\nBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAICBQCiAwIBMKMDAgEBMHsxFDAS\nBgNVBAsMC0VuZ2luZWVyaW5nMQswCQYDVQQGEwJVUzEUMBIGA1UEBwwLU2FudGEg\nQ2xhcmExCzAJBgNVBAgMAkNBMR8wHQYDVQQKDBZBZHZhbmNlZCBNaWNybyBEZXZp\nY2VzMRIwEAYDVQQDDAlBUkstTWlsYW4wHhcNMjAxMDIyMTcyMzA1WhcNNDUxMDIy\nMTcyMzA1WjB7MRQwEgYDVQQLDAtFbmdpbmVlcmluZzELMAkGA1UEBhMCVVMxFDAS\nBgNVBAcMC1NhbnRhIENsYXJhMQswCQYDVQQIDAJDQTEfMB0GA1UECgwWQWR2YW5j\nZWQgTWljcm8gRGV2aWNlczESMBAGA1UEAwwJQVJLLU1pbGFuMIICIjANBgkqhkiG\n9w0BAQEFAAOCAg8AMIICCgKCAgEA0Ld52RJOdeiJlqK2JdsVmD7FktuotWwX1fNg\nW41XY9Xz1HEhSUmhLz9Cu9DHRlvgJSNxbeYYsnJfvyjx1MfU0V5tkKiU1EesNFta\n1kTA0szNisdYc9isqk7mXT5+KfGRbfc4V/9zRIcE8jlHN61S1ju8X93+6dxDUrG2\nSzxqJ4BhqyYmUDruPXJSX4vUc01P7j98MpqOS95rORdGHeI52Naz5m2B+O+vjsC0\n60d37jY9LFeuOP4Meri8qgfi2S5kKqg/aF6aPtuAZQVR7u3KFYXP59XmJgtcog05\ngmI0T/OitLhuzVvpZcLph0odh/1IPXqx3+MnjD97A7fXpqGd/y8KxX7jksTEzAOg\nbKAeam3lm+3yKIcTYMlsRMXPcjNbIvmsBykD//xSniusuHBkgnlENEWx1UcbQQrs\n+gVDkuVPhsnzIRNgYvM48Y+7LGiJYnrmE8xcrexekBxrva2V9TJQqnN3Q53kt5vi\nQi3+gCfmkwC0F0tirIZbLkXPrPwzZ0M9eNxhIySb2npJfgnqz55I0u33wh4r0ZNQ\neTGfw03MBUtyuzGesGkcw+loqMaq1qR4tjGbPYxCvpCq7+OgpCCoMNit2uLo9M18\nfHz10lOMT8nWAUvRZFzteXCm+7PHdYPlmQwUw3LvenJ/ILXoQPHfbkH0CyPfhl1j\nWhJFZasCAwEAAaN+MHwwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSFrBrRQ/fI\nrFXUxR1BSKvVeErUUzAPBgNVHRMBAf8EBTADAQH/MDoGA1UdHwQzMDEwL6AtoCuG\nKWh0dHBzOi8va2RzaW50Zi5hbWQuY29tL3ZjZWsvdjEvTWlsYW4vY3JsMEYGCSqG\nSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAICBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZI\nAWUDBAICBQCiAwIBMKMDAgEBA4ICAQC6m0kDp6zv4Ojfgy+zleehsx6ol0ocgVel\nETobpx+EuCsqVFRPK1jZ1sp/lyd9+0fQ0r66n7kagRk4Ca39g66WGTJMeJdqYriw\nSTjjDCKVPSesWXYPVAyDhmP5n2v+BYipZWhpvqpaiO+EGK5IBP+578QeW/sSokrK\ndHaLAxG2LhZxj9aF73fqC7OAJZ5aPonw4RE299FVarh1Tx2eT3wSgkDgutCTB1Yq\nzT5DuwvAe+co2CIVIzMDamYuSFjPN0BCgojl7V+bTou7dMsqIu/TW/rPCX9/EUcp\nKGKqPQ3P+N9r1hjEFY1plBg93t53OOo49GNI+V1zvXPLI6xIFVsh+mto2RtgEX/e\npmMKTNN6psW88qg7c1hTWtN6MbRuQ0vm+O+/2tKBF2h8THb94OvvHHoFDpbCELlq\nHnIYhxy0YKXGyaW1NjfULxrrmxVW4wcn5E8GddmvNa6yYm8scJagEi13mhGu4Jqh\n3QU3sf8iUSUr09xQDwHtOQUVIqx4maBZPBtSMf+qUDtjXSSq8lfWcd8bLr9mdsUn\nJZJ0+tuPMKmBnSH860llKk+VpVQsgqbzDIvOLvD6W1Umq25boxCYJ+TuBoa4s+HH\nCViAvgT9kf/rBq1d+ivj6skkHxuzcxbk1xv6ZGxrteJxVH7KlX7YRdZ6eARKwLe4\nAFZEAwoKCQ==\n-----END CERTIFICATE-----";
|
|
24
|
+
export declare const ARK_GENOA = "-----BEGIN CERTIFICATE-----\nMIIGYzCCBBKgAwIBAgIDAgAAMEYGCSqGSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAIC\nBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAICBQCiAwIBMKMDAgEBMHsxFDAS\nBgNVBAsMC0VuZ2luZWVyaW5nMQswCQYDVQQGEwJVUzEUMBIGA1UEBwwLU2FudGEg\nQ2xhcmExCzAJBgNVBAgMAkNBMR8wHQYDVQQKDBZBZHZhbmNlZCBNaWNybyBEZXZp\nY2VzMRIwEAYDVQQDDAlBUkstR2Vub2EwHhcNMjIwMTI2MTUzNDM3WhcNNDcwMTI2\nMTUzNDM3WjB7MRQwEgYDVQQLDAtFbmdpbmVlcmluZzELMAkGA1UEBhMCVVMxFDAS\nBgNVBAcMC1NhbnRhIENsYXJhMQswCQYDVQQIDAJDQTEfMB0GA1UECgwWQWR2YW5j\nZWQgTWljcm8gRGV2aWNlczESMBAGA1UEAwwJQVJLLUdlbm9hMIICIjANBgkqhkiG\n9w0BAQEFAAOCAg8AMIICCgKCAgEA3Cd95S/uFOuRIskW9vz9VDBF69NDQF79oRhL\n/L2PVQGhK3YdfEBgpF/JiwWFBsT/fXDhzA01p3LkcT/7LdjcRfKXjHl+0Qq/M4dZ\nkh6QDoUeKzNBLDcBKDDGWo3v35NyrxbA1DnkYwUKU5AAk4P94tKXLp80oxt84ahy\nHoLmc/LqsGsp+oq1Bz4PPsYLwTG4iMKVaaT90/oZ4I8oibSru92vJhlqWO27d/Rx\nc3iUMyhNeGToOvgx/iUo4gGpG61NDpkEUvIzuKcaMx8IdTpWg2DF6SwF0IgVMffn\nvtJmA68BwJNWo1E4PLJdaPfBifcJpuBFwNVQIPQEVX3aP89HJSp8YbY9lySS6PlV\nEqTBBtaQmi4ATGmMR+n2K/e+JAhU2Gj7jIpJhOkdH9firQDnmlA2SFfJ/Cc0mGNz\nW9RmIhyOUnNFoclmkRhl3/AQU5Ys9Qsan1jT/EiyT+pCpmnA+y9edvhDCbOG8F2o\nxHGRdTBkylungrkXJGYiwGrR8kaiqv7NN8QhOBMqYjcbrkEr0f8QMKklIS5ruOfq\nlLMCBw8JLB3LkjpWgtD7OpxkzSsohN47Uom86RY6lp72g8eXHP1qYrnvhzaG1S70\nvw6OkbaaC9EjiH/uHgAJQGxon7u0Q7xgoREWA/e7JcBQwLg80Hq/sbRuqesxz7wB\nWSY254cCAwEAAaN+MHwwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSfXfn+Ddjz\nWtAzGiXvgSlPvjGoWzAPBgNVHRMBAf8EBTADAQH/MDoGA1UdHwQzMDEwL6AtoCuG\nKWh0dHBzOi8va2RzaW50Zi5hbWQuY29tL3ZjZWsvdjEvR2Vub2EvY3JsMEYGCSqG\nSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAICBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZI\nAWUDBAICBQCiAwIBMKMDAgEBA4ICAQAdIlPBC7DQmvH7kjlOznFx3i21SzOPDs5L\n7SgFjMC9rR07292GQCA7Z7Ulq97JQaWeD2ofGGse5swj4OQfKfVv/zaJUFjvosZO\nnfZ63epu8MjWgBSXJg5QE/Al0zRsZsp53DBTdA+Uv/s33fexdenT1mpKYzhIg/cK\ntz4oMxq8JKWJ8Po1CXLzKcfrTphjlbkh8AVKMXeBd2SpM33B1YP4g1BOdk013kqb\n7bRHZ1iB2JHG5cMKKbwRCSAAGHLTzASgDcXr9Fp7Z3liDhGu/ci1opGmkp12QNiJ\nuBbkTU+xDZHm5X8Jm99BX7NEpzlOwIVR8ClgBDyuBkBC2ljtr3ZSaUIYj2xuyWN9\n5KFY49nWxcz90CFa3Hzmy4zMQmBe9dVyls5eL5p9bkXcgRMDTbgmVZiAf4afe8DL\ndmQcYcMFQbHhgVzMiyZHGJgcCrQmA7MkTwEIds1wx/HzMcwU4qqNBAoZV7oeIIPx\ndqFXfPqHqiRlEbRDfX1TG5NFVaeByX0GyH6jzYVuezETzruaky6fp2bl2bczxPE8\nHdS38ijiJmm9vl50RGUeOAXjSuInGR4bsRufeGPB9peTa9BcBOeTWzstqTUB/F/q\naZCIZKr4X6TyfUuSDz/1JDAGl+lxdM0P9+lLaP9NahQjHCVf0zf1c1salVuGFk2w\n/wMz1R1BHg==\n-----END CERTIFICATE-----";
|
|
20
25
|
export declare function getDefaultArkHashes(): ArkHashes;
|
|
21
26
|
export declare class SevSNP {
|
|
22
27
|
static serializeSNPReport(report: SNPReportWithChain): Buffer;
|
|
@@ -28,9 +33,8 @@ export declare class SevSNP {
|
|
|
28
33
|
/**
|
|
29
34
|
* Method for generation AMD SEV-SNP Report
|
|
30
35
|
* @param userData - The data that will be included in the report and will be signed
|
|
31
|
-
* @param vmpl - Optional VMPL value to pass to the firmware when requesting a report (default: 0)
|
|
32
36
|
*/
|
|
33
|
-
static generateSNPReport(userData: Buffer
|
|
37
|
+
static generateSNPReport(userData: Buffer): Promise<SNPReport>;
|
|
34
38
|
/**
|
|
35
39
|
* Method for fetch certificates from AMD KDS
|
|
36
40
|
* @param report - report generated by the `generateSNPReport` method
|
|
@@ -60,7 +64,7 @@ export declare class SevSNP {
|
|
|
60
64
|
stdout: string;
|
|
61
65
|
stderr: string;
|
|
62
66
|
}>;
|
|
63
|
-
static getCertHash(cert:
|
|
67
|
+
static getCertHash(cert: SnpCert): Buffer;
|
|
64
68
|
protected static isValidArk(ARK: SnpCert, trustedHashes: ArkHashes): boolean;
|
|
65
69
|
/**
|
|
66
70
|
* AMD SEV-SNP verification method
|
|
@@ -107,20 +111,4 @@ export declare class SevSNP {
|
|
|
107
111
|
* @param cpuInfo - Structure containing family, model and stepping @see CpuInfo
|
|
108
112
|
*/
|
|
109
113
|
static getCpuSig(cpuInfo: CpuInfo): number;
|
|
110
|
-
static getReportImportantSecurityFields(report: Buffer): Promise<ImportantSecurityFields>;
|
|
111
|
-
static getReportCpuInfo(report: Buffer): Promise<CpuInfo>;
|
|
112
|
-
static getCpuGeneration(cpuInfo: CpuInfo): Promise<WellKnownSnpCodeNames>;
|
|
113
|
-
/**
|
|
114
|
-
* Parse and validate policy
|
|
115
|
-
* @param input - Raw policy as json-text or object
|
|
116
|
-
*/
|
|
117
|
-
static parsePolicySet(input: string | Record<string, unknown>): PolicySet;
|
|
118
|
-
private static checkRule;
|
|
119
|
-
/**
|
|
120
|
-
* Verify SNP report against a PolicySet.
|
|
121
|
-
* Throws an error if any rule fails.
|
|
122
|
-
* @param report - SNPReport
|
|
123
|
-
* @param policySet - PolicySet containing rules
|
|
124
|
-
*/
|
|
125
|
-
static verifyPolicy(report: Buffer, policySet: PolicySet): Promise<void>;
|
|
126
114
|
}
|