@super-protocol/addons-tee 0.9.9 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (26) hide show
  1. package/bindings/amd-sev-snp-napi-rs/amd-sev-snp-napi-rs.linux-x64-gnu.node +0 -0
  2. package/bindings/amd-sev-snp-napi-rs/index.d.ts +27 -0
  3. package/bindings/amd-sev-snp-napi-rs/index.js +12 -1
  4. package/bindings/sgx-native/build/Release/sgx_native.node +0 -0
  5. package/bindings/sp-sev/.github/workflows/lint.yml +3 -3
  6. package/bindings/sp-sev/.github/workflows/test.yml +163 -2
  7. package/bindings/sp-sev/Cargo.lock +521 -281
  8. package/bindings/sp-sev/Cargo.toml +11 -11
  9. package/bindings/sp-sev/tests/api.rs +9 -6
  10. package/bindings/sp-sev/tests/certs.rs +4 -5
  11. package/bindings/sp-sev/tests/guest.rs +2 -1
  12. package/bindings/sp-sev/tests/id-block.rs +9 -5
  13. package/bindings/sp-sev/tests/snp_launch.rs +1 -1
  14. package/bindings/utils/virtee/libsev.so +0 -0
  15. package/bindings/utils/virtee/snpguest +0 -0
  16. package/dist/sgx-native-module/index.d.ts +1 -0
  17. package/dist/sgx-native-module/index.js +2 -1
  18. package/dist/sgx-native-module/pki.service.d.ts +0 -2
  19. package/dist/sgx-native-module/pki.service.js +1 -16
  20. package/dist/sgx-native-module/sev-snp-mrenclave.d.ts +1 -1
  21. package/dist/sgx-native-module/sev-snp-mrenclave.js +37 -6
  22. package/dist/sgx-native-module/sev-snp-schema.d.ts +22 -0
  23. package/dist/sgx-native-module/sev-snp-schema.js +24 -0
  24. package/dist/sgx-native-module/sev-snp.d.ts +21 -8
  25. package/dist/sgx-native-module/sev-snp.js +128 -90
  26. package/package.json +3 -2
package/bindings/sp-sev/Cargo.toml CHANGED
@@ -1,6 +1,6 @@
1
1
  [package]
2
2
  name = "sev"
3
- version = "5.0.0"
3
+ version = "6.2.1"
4
4
  authors = [
5
5
  "Nathaniel McCallum <npmccallum@redhat.com>",
6
6
  "The VirTEE Project Developers",
@@ -20,7 +20,7 @@ categories = [
20
20
  "hardware-support",
21
21
  ]
22
22
  exclude = [".gitignore", ".github/*"]
23
- rust-version = "1.80.0"
23
+ rust-version = "1.85.0"
24
24
 
25
25
  [badges]
26
26
  # See https://doc.rust-lang.org/cargo/reference/manifest.html#the-badges-section
@@ -45,20 +45,20 @@ snp = []
45
45
  crypto_nossl = ["dep:p384", "dep:rsa", "dep:sha2", "dep:x509-cert"]
46
46
 
47
47
  [target.'cfg(target_os = "linux")'.dependencies]
48
- iocuddle = "0.1"
48
+ iocuddle = "^0.1"
49
49
 
50
50
  [dependencies]
51
- openssl = { version = "0.10", optional = true }
51
+ openssl = { version = "0.10", optional = true, features = ["vendored"] }
52
52
  serde = { version = "1.0", features = ["derive"] }
53
53
  serde_bytes = "0.11"
54
- bitflags = "1.2"
54
+ bitflags = "2.9.0"
55
55
  codicon = "3.0"
56
- dirs = "5.0"
56
+ dirs = "^6.0"
57
57
  serde-big-array = "0.5.1"
58
58
  static_assertions = "^1.1.0"
59
- bitfield = "^0.15"
59
+ bitfield = "^0.19"
60
60
  uuid = { version = "^1.11", features = ["serde"] }
61
- bincode = "^1.3"
61
+ bincode = { version = "^2.0", features = ["serde"] }
62
62
  hex = "0.4.3"
63
63
  libc = "0.2.161"
64
64
  lazy_static = "1.4.0"
@@ -69,12 +69,12 @@ x509-cert = { version = "0.2.5", optional = true }
69
69
  byteorder = "1.4.3"
70
70
  base64 = "0.22.1"
71
71
  rdrand = { version = "^0.8", optional = true }
72
- reqwest = { version="0.11.10", features = ["blocking"], optional = true }
73
- tokio = {version = "1.29.1", features =["rt-multi-thread"], optional = true }
72
+ reqwest = { version = "^0.12", features = ["blocking"], optional = true }
73
+ tokio = { version = "1.29.1", features = ["rt-multi-thread"], optional = true }
74
74
 
75
75
  [target.'cfg(target_os = "linux")'.dev-dependencies]
76
76
  kvm-ioctls = ">=0.16"
77
+ kvm-bindings = "^0.11"
77
78
 
78
79
  [dev-dependencies]
79
- kvm-bindings = ">=0.9.1"
80
80
  serial_test = "3.0"
package/bindings/sp-sev/tests/api.rs CHANGED
@@ -1,13 +1,15 @@
1
1
  // SPDX-License-Identifier: Apache-2.0
2
2
 
3
3
  #[cfg(all(feature = "sev", target_os = "linux"))]
4
-
5
4
  mod sev {
6
5
  #[cfg(feature = "dangerous_hw_tests")]
7
6
  use serial_test::serial;
8
7
  #[cfg(feature = "dangerous_hw_tests")]
9
8
  use sev::cached_chain;
10
- use sev::{certs::sev::sev::Usage, firmware::host::Firmware, Build, Version};
9
+ use sev::{
10
+ certs::sev::sev::Usage,
11
+ firmware::host::{Build, Firmware, Version},
12
+ };
11
13
 
12
14
  #[cfg(feature = "dangerous_hw_tests")]
13
15
  #[cfg_attr(not(host), ignore)]
@@ -147,8 +149,8 @@ mod snp {
147
149
  reported tcb tee version: {}
148
150
  reported tcb bootloader version: {}
149
151
  state: {}",
150
- status.version.major,
151
- status.version.minor,
152
+ status.version.0,
153
+ status.version.1,
152
154
  status.build_id,
153
155
  status.guest_count,
154
156
  status.platform_tcb_version.microcode,
@@ -174,8 +176,9 @@ mod snp {
174
176
  #[cfg_attr(not(all(host, feature = "dangerous_hw_tests")), ignore)]
175
177
  #[test]
176
178
  #[serial]
177
- fn set_config() {
179
+ fn set_config_generation() {
178
180
  let mut fw: Firmware = Firmware::open().unwrap();
181
+
179
182
  fw.snp_set_config(Config::default()).unwrap();
180
183
  }
181
184
 
@@ -184,7 +187,7 @@ mod snp {
184
187
  #[serial]
185
188
  fn test_host_fw_error() {
186
189
  let mut fw: Firmware = Firmware::open().unwrap();
187
- let invalid_config = Config::new(TcbVersion::new(100, 100, 100, 100), MaskId(31));
190
+ let invalid_config = Config::new(TcbVersion::new(None, 100, 100, 100, 100), MaskId(31));
188
191
  let fw_error = fw.snp_set_config(invalid_config).unwrap_err().to_string();
189
192
  assert_eq!(fw_error, "Firmware Error Encountered: Known SEV FW Error: Status Code: 0x16: Given parameter is invalid.")
190
193
  }
package/bindings/sp-sev/tests/certs.rs CHANGED
@@ -24,6 +24,7 @@ mod sev {
24
24
 
25
25
  #[cfg(all(feature = "snp", any(feature = "openssl", feature = "crypto_nossl")))]
26
26
  mod snp {
27
+
27
28
  use sev::certs::snp::{builtin::milan, ca, Certificate, Chain, Verifiable};
28
29
 
29
30
  const TEST_MILAN_VCEK_DER: &[u8] = include_bytes!("certs_data/vcek_milan.der");
@@ -85,8 +86,7 @@ mod snp {
85
86
  let chain = Chain { ca, vek: vcek };
86
87
 
87
88
  let report_bytes = hex::decode(TEST_MILAN_ATTESTATION_REPORT).unwrap();
88
- let report: AttestationReport =
89
- unsafe { std::ptr::read(report_bytes.as_ptr() as *const _) };
89
+ let report: AttestationReport = AttestationReport::from_bytes(&report_bytes).unwrap();
90
90
 
91
91
  assert_eq!((&chain, &report).verify().ok(), Some(()));
92
92
  }
@@ -104,9 +104,8 @@ mod snp {
104
104
  let chain = Chain { ca, vek: vcek };
105
105
 
106
106
  let mut report_bytes = hex::decode(TEST_MILAN_ATTESTATION_REPORT).unwrap();
107
- report_bytes[0] ^= 0x80;
108
- let report: AttestationReport =
109
- unsafe { std::ptr::read(report_bytes.as_ptr() as *const _) };
107
+ report_bytes[21] ^= 0x80;
108
+ let report = AttestationReport::from_bytes(&report_bytes).unwrap();
110
109
 
111
110
  assert_eq!((&chain, &report).verify().ok(), None);
112
111
  }
package/bindings/sp-sev/tests/guest.rs CHANGED
@@ -27,7 +27,7 @@ fn get_ext_report() {
27
27
  #[cfg_attr(not(guest), ignore)]
28
28
  #[test]
29
29
  fn get_derived_key() {
30
- let derived_key = DerivedKey::new(false, GuestFieldSelect(1), 0, 0, 0);
30
+ let derived_key = DerivedKey::new(false, GuestFieldSelect(1), 0, 0, 0, None);
31
31
 
32
32
  let mut fw = Firmware::open().unwrap();
33
33
 
@@ -43,6 +43,7 @@ fn guest_fw_error() {
43
43
  0xFFFFFFFF,
44
44
  0xFFFFFFFF,
45
45
  0xFFFFFFFFFFFFFFFF,
46
+ Some(0xFFFFFFFFFFFFFFFF),
46
47
  );
47
48
 
48
49
  let mut fw = Firmware::open().unwrap();
package/bindings/sp-sev/tests/id-block.rs CHANGED
@@ -18,6 +18,8 @@ use sev::measurement::{
18
18
  snp::SnpLaunchDigest,
19
19
  };
20
20
 
21
+ use sev::BINCODE_CFG;
22
+
21
23
  // Testing that the appropriate id-block and key digests are being generated.
22
24
  #[test]
23
25
  fn test_id_block_and_key_digests() {
@@ -45,8 +47,8 @@ fn test_id_block_and_key_digests() {
45
47
  .unwrap();
46
48
 
47
49
  // Converting ID-block and key digests into BASE64
48
- let id_block_string =
49
- general_purpose::STANDARD.encode(bincode::serialize(&block_calculations.id_block).unwrap());
50
+ let id_block_string = general_purpose::STANDARD
51
+ .encode(bincode::encode_to_vec(block_calculations.id_block, BINCODE_CFG).unwrap());
50
52
  let id_key_digest_string = general_purpose::STANDARD
51
53
  .encode::<Vec<u8>>(block_calculations.id_key_digest.try_into().unwrap());
52
54
  let auth_key_digest_string = general_purpose::STANDARD
@@ -136,7 +138,8 @@ fn test_auth_block_generation() {
136
138
  let mut id_sig_file = fs::File::open("./tests/measurement/test_id_sig.bin").unwrap();
137
139
  let mut id_block_bytes = Vec::new();
138
140
  id_sig_file.read_to_end(&mut id_block_bytes).unwrap();
139
- let id_block_sig: SevEcdsaSig = bincode::deserialize(&id_block_bytes).unwrap();
141
+ let (id_block_sig, _): (SevEcdsaSig, usize) =
142
+ bincode::decode_from_slice(&id_block_bytes, BINCODE_CFG).unwrap();
140
143
 
141
144
  // Get author private test key from pem
142
145
  let author_ec_priv_key = load_priv_key(auth_path).unwrap();
@@ -148,7 +151,8 @@ fn test_auth_block_generation() {
148
151
  let mut auth_sig_file = fs::File::open("./tests/measurement/test_auth_sig.bin").unwrap();
149
152
  let mut auth_block_bytes = Vec::new();
150
153
  auth_sig_file.read_to_end(&mut auth_block_bytes).unwrap();
151
- let auth_block_sig: SevEcdsaSig = bincode::deserialize(&auth_block_bytes).unwrap();
154
+ let (auth_block_sig, _): (SevEcdsaSig, usize) =
155
+ bincode::decode_from_slice(&auth_block_bytes, BINCODE_CFG).unwrap();
152
156
 
153
157
  let auth_block = IdAuth::new(
154
158
  None,
@@ -160,7 +164,7 @@ fn test_auth_block_generation() {
160
164
  );
161
165
 
162
166
  // Generate Generate auth_block string
163
- let id_auth_bytes = bincode::serialize(&auth_block).unwrap();
167
+ let id_auth_bytes = bincode::encode_to_vec(auth_block, BINCODE_CFG).unwrap();
164
168
  let id_auth_str = general_purpose::STANDARD.encode(id_auth_bytes);
165
169
 
166
170
  // Comparing auth_blocks
package/bindings/sp-sev/tests/snp_launch.rs CHANGED
@@ -71,7 +71,7 @@ fn snp_launch_test() {
71
71
  let launcher = Launcher::new(vm_fd, sev).unwrap();
72
72
 
73
73
  let mut policy = GuestPolicy(0);
74
- policy.set_smt_allowed(1);
74
+ policy.set_smt_allowed(true);
75
75
  let start = Start::new(policy, [0; 16]);
76
76
 
77
77
  let mut launcher = launcher.start(start).unwrap();
package/bindings/utils/virtee/libsev.so CHANGED
Binary file
package/bindings/utils/virtee/snpguest CHANGED
Binary file
package/dist/sgx-native-module/index.d.ts CHANGED
@@ -5,4 +5,5 @@ export * from "./dcap-quote-verify.service";
5
5
  export * from "./pki.service";
6
6
  export * from "./sev-snp";
7
7
  export * from "./sev-snp-mrenclave";
8
+ export * from "./sev-snp-schema";
8
9
  export * from "../proto/AmdSevSnp";
package/dist/sgx-native-module/index.js CHANGED
@@ -21,5 +21,6 @@ __exportStar(require("./dcap-quote-verify.service"), exports);
21
21
  __exportStar(require("./pki.service"), exports);
22
22
  __exportStar(require("./sev-snp"), exports);
23
23
  __exportStar(require("./sev-snp-mrenclave"), exports);
24
+ __exportStar(require("./sev-snp-schema"), exports);
24
25
  __exportStar(require("../proto/AmdSevSnp"), exports);
25
- //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvc2d4LW5hdGl2ZS1tb2R1bGUvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7OztBQUFBLDJDQUF5QjtBQUN6QiwyQ0FBeUI7QUFDekIsb0RBQWtDO0FBQ2xDLDhEQUE0QztBQUM1QyxnREFBOEI7QUFDOUIsNENBQTBCO0FBQzFCLHNEQUFvQztBQUNwQyxxREFBbUMifQ==
26
+ //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvc2d4LW5hdGl2ZS1tb2R1bGUvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7OztBQUFBLDJDQUF5QjtBQUN6QiwyQ0FBeUI7QUFDekIsb0RBQWtDO0FBQ2xDLDhEQUE0QztBQUM1QyxnREFBOEI7QUFDOUIsNENBQTBCO0FBQzFCLHNEQUFvQztBQUNwQyxtREFBaUM7QUFDakMscURBQW1DIn0=
package/dist/sgx-native-module/pki.service.d.ts CHANGED
@@ -46,7 +46,5 @@ export type TLSCertParams = {
46
46
  export declare class PkiService {
47
47
  private readonly cryptoPrimitives;
48
48
  constructor();
49
- validateChain(certs: Buffer, format?: CertificateFormat): Promise<boolean>;
50
- validateHostname(certs: Buffer, hostnameOrIp: string, format?: CertificateFormat): Promise<boolean>;
51
49
  generateTlsCertificate(params?: TLSCertParams): Promise<TlsCertResult>;
52
50
  }
package/dist/sgx-native-module/pki.service.js CHANGED
@@ -32,21 +32,6 @@ class PkiService {
32
32
  constructor() {
33
33
  this.cryptoPrimitives = new CryptoPrimitives();
34
34
  }
35
- async validateChain(certs, format = CertificateFormat.PEM) {
36
- if (format === CertificateFormat.PEM) {
37
- this.cryptoPrimitives.VerifyCertificateChain(certs);
38
- }
39
- else {
40
- this.cryptoPrimitives.VerifyCertificateChain(certs, format.toString());
41
- }
42
- return true;
43
- }
44
- async validateHostname(certs, hostnameOrIp, format = CertificateFormat.PEM) {
45
- if (format === CertificateFormat.PEM) {
46
- return this.cryptoPrimitives.CheckHostnameOrIP(hostnameOrIp, certs);
47
- }
48
- return this.cryptoPrimitives.CheckHostnameOrIP(hostnameOrIp, certs, format.toString());
49
- }
50
35
  async generateTlsCertificate(params = {}) {
51
36
  const subject = {
52
37
  commonName: params.subject?.commonName ?? "localhost",
@@ -86,4 +71,4 @@ class PkiService {
86
71
  }
87
72
  }
88
73
  exports.PkiService = PkiService;
89
- //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicGtpLnNlcnZpY2UuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvc2d4LW5hdGl2ZS1tb2R1bGUvcGtpLnNlcnZpY2UudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEsTUFBTSxFQUFFLGdCQUFnQixFQUFFLEdBQUcsT0FBTyxDQUFDLHlEQUF5RCxDQUFDLENBQUM7QUFPaEcsSUFBWSxrQkFHWDtBQUhELFdBQVksa0JBQWtCO0lBQzFCLGlDQUFXLENBQUE7SUFDWCxpQ0FBVyxDQUFBO0FBQ2YsQ0FBQyxFQUhXLGtCQUFrQixrQ0FBbEIsa0JBQWtCLFFBRzdCO0FBRUQsSUFBWSxpQkFHWDtBQUhELFdBQVksaUJBQWlCO0lBQ3pCLGdDQUFXLENBQUE7SUFDWCxnQ0FBVyxDQUFBO0FBQ2YsQ0FBQyxFQUhXLGlCQUFpQixpQ0FBakIsaUJBQWlCLFFBRzVCO0FBRUQsSUFBWSxRQWNYO0FBZEQsV0FBWSxRQUFRO0lBQ2hCLG1DQUF1QixDQUFBLENBQUMsK0VBQStFO0lBQ3ZHLG1DQUF1QixDQUFBLENBQUMsK0VBQStFO0lBQ3ZHLG1DQUF1QixDQUFBLENBQUMsK0VBQStFO0lBQ3ZHLG1DQUF1QixDQUFBLENBQUMsK0VBQStFO0lBQ3ZHLG1DQUF1QixDQUFBLENBQUMsK0VBQStFO0lBQ3ZHLCtCQUFtQixDQUFBLENBQUMsc0RBQXNEO0lBQzFFLCtCQUFtQixDQUFBLENBQUMsc0RBQXNEO0lBQzFFLCtCQUFtQixDQUFBLENBQUMsc0RBQXNEO0lBQzFFLDBHQUEwRztJQUMxRyxtQ0FBdUIsQ0FBQSxDQUFDLHNEQUFzRDtJQUM5RSxtQ0FBdUIsQ0FBQSxDQUFDLHNEQUFzRDtJQUM5RSxtQ0FBdUIsQ0FBQSxDQUFDLHNEQUFzRDtJQUM5RSwyR0FBMkc7QUFDL0csQ0FBQyxFQWRXLFFBQVEsd0JBQVIsUUFBUSxRQWNuQjtBQTRCRCxNQUFhLFVBQVU7SUFHbkI7UUFDSSxJQUFJLENBQUMsZ0JBQWdCLEdBQUcsSUFBSSxnQkFBZ0IsRUFBRSxDQUFDO0lBQ25ELENBQUM7SUFFRCxLQUFLLENBQUMsYUFBYSxDQUFDLEtBQWEsRUFBRSxNQUFNLEdBQUcsaUJBQWlCLENBQUMsR0FBRztRQUM3RCxJQUFJLE1BQU0sS0FBSyxpQkFBaUIsQ0FBQyxHQUFHLEVBQUUsQ0FBQztZQUNuQyxJQUFJLENBQUMsZ0JBQWdCLENBQUMsc0JBQXNCLENBQUMsS0FBSyxDQUFDLENBQUM7UUFDeEQsQ0FBQzthQUFNLENBQUM7WUFDSixJQUFJLENBQUMsZ0JBQWdCLENBQUMsc0JBQXNCLENBQUMsS0FBSyxFQUFFLE1BQU0sQ0FBQyxRQUFRLEVBQUUsQ0FBQyxDQUFDO1FBQzNFLENBQUM7UUFFRCxPQUFPLElBQUksQ0FBQztJQUNoQixDQUFDO0lBRUQsS0FBSyxDQUFDLGdCQUFnQixDQUFDLEtBQWEsRUFBRSxZQUFvQixFQUFFLE1BQU0sR0FBRyxpQkFBaUIsQ0FBQyxHQUFHO1FBQ3RGLElBQUksTUFBTSxLQUFLLGlCQUFpQixDQUFDLEdBQUcsRUFBRSxDQUFDO1lBQ25DLE9BQU8sSUFBSSxDQUFDLGdCQUFnQixDQUFDLGlCQUFpQixDQUFDLFlBQVksRUFBRSxLQUFLLENBQUMsQ0FBQztRQUN4RSxDQUFDO1FBRUQsT0FBTyxJQUFJLENBQUMsZ0JBQWdCLENBQUMsaUJBQWlCLENBQUMsWUFBWSxFQUFFLEtBQUssRUFBRSxNQUFNLENBQUMsUUFBUSxFQUFFLENBQUMsQ0FBQztJQUMzRixDQUFDO0lBRUQsS0FBSyxDQUFDLHNCQUFzQixDQUFDLFNBQXdCLEVBQUU7UUFDbkQsTUFBTSxPQUFPLEdBQUc7WUFDWixVQUFVLEVBQUUsTUFBTSxDQUFDLE9BQU8sRUFBRSxVQUFVLElBQUksV0FBVztZQUNyRCxXQUFXLEVBQUUsTUFBTSxDQUFDLE9BQU8sRUFBRSxXQUFXLElBQUksSUFBSTtZQUNoRCxLQUFLLEVBQUUsTUFBTSxDQUFDLE9BQU8sRUFBRSxLQUFLLElBQUksVUFBVTtZQUMxQyxZQUFZLEVBQUUsTUFBTSxDQUFDLE9BQU8sRUFBRSxZQUFZLElBQUksVUFBVTtZQUN4RCxnQkFBZ0IsRUFBRSxNQUFNLENBQUMsT0FBTyxFQUFFLGdCQUFnQixJQUFJLGVBQWU7WUFDckUsZ0JBQWdCLEVBQUUsTUFBTSxDQUFDLE9BQU8sRUFBRSxnQkFBZ0IsSUFBSSxLQUFLO1NBQzlELENBQUM7UUFFRixNQUFNLE1BQU0sR0FBRyxNQUFNLENBQUMsTUFBTSxJQUFJLGlCQUFpQixDQUFDLEdBQUcsQ0FBQztRQUN0RCxNQUFNLE9BQU8sR0FBRyxNQUFNLENBQUMsT0FBTyxJQUFJLGtCQUFrQixDQUFDLEdBQUcsQ0FBQztRQUV6RCxJQUFJLFVBQThCLENBQUM7UUFDbkMsSUFBSSxRQUE4QixDQUFDO1FBRW5DLElBQUksT0FBTyxLQUFLLGtCQUFrQixDQUFDLEdBQUcsRUFBRSxDQUFDO1lBQ3JDLFVBQVUsR0FBRyxNQUFNLENBQUMsVUFBVSxJQUFJLElBQUksQ0FBQztRQUMzQyxDQUFDO2FBQU0sSUFBSSxPQUFPLEtBQUssa0JBQWtCLENBQUMsR0FBRyxFQUFFLENBQUM7WUFDNUMsUUFBUSxHQUFHLE1BQU0sQ0FBQyxRQUFRLElBQUksUUFBUSxDQUFDLFNBQVMsQ0FBQztRQUNyRCxDQUFDO1FBRUQsTUFBTSxTQUFTLEdBQUcsTUFBTSxDQUFDLFNBQVMsSUFBSSxLQUFLLENBQUM7UUFDNUMsTUFBTSxZQUFZLEdBQUcsTUFBTSxDQUFDLFlBQVksSUFBSSxJQUFJLENBQUM7UUFDakQsTUFBTSxJQUFJLEdBQUcsTUFBTSxDQUFDLElBQUksSUFBSSxHQUFHLENBQUM7UUFDaEMsTUFBTSxRQUFRLEdBQUcsTUFBTSxDQUFDLFFBQVEsSUFBSSxFQUFFLENBQUM7UUFDdkMsTUFBTSxHQUFHLEdBQUcsTUFBTSxDQUFDLEdBQUcsSUFBSSxFQUFFLENBQUM7UUFFN0IsT0FBTyxJQUFJLENBQUMsZ0JBQWdCLENBQUMsc0JBQXNCLENBQUM7WUFDaEQsTUFBTTtZQUNOLE9BQU87WUFDUCxPQUFPO1lBQ1AsU0FBUztZQUNULFVBQVU7WUFDVixRQUFRO1lBQ1IsWUFBWTtZQUNaLElBQUk7WUFDSixRQUFRO1lBQ1IsR0FBRztTQUNOLENBQUMsQ0FBQztJQUNQLENBQUM7Q0FDSjtBQWxFRCxnQ0FrRUMifQ==
74
+ //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicGtpLnNlcnZpY2UuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvc2d4LW5hdGl2ZS1tb2R1bGUvcGtpLnNlcnZpY2UudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEsTUFBTSxFQUFFLGdCQUFnQixFQUFFLEdBQUcsT0FBTyxDQUFDLHlEQUF5RCxDQUFDLENBQUM7QUFPaEcsSUFBWSxrQkFHWDtBQUhELFdBQVksa0JBQWtCO0lBQzFCLGlDQUFXLENBQUE7SUFDWCxpQ0FBVyxDQUFBO0FBQ2YsQ0FBQyxFQUhXLGtCQUFrQixrQ0FBbEIsa0JBQWtCLFFBRzdCO0FBRUQsSUFBWSxpQkFHWDtBQUhELFdBQVksaUJBQWlCO0lBQ3pCLGdDQUFXLENBQUE7SUFDWCxnQ0FBVyxDQUFBO0FBQ2YsQ0FBQyxFQUhXLGlCQUFpQixpQ0FBakIsaUJBQWlCLFFBRzVCO0FBRUQsSUFBWSxRQWNYO0FBZEQsV0FBWSxRQUFRO0lBQ2hCLG1DQUF1QixDQUFBLENBQUMsK0VBQStFO0lBQ3ZHLG1DQUF1QixDQUFBLENBQUMsK0VBQStFO0lBQ3ZHLG1DQUF1QixDQUFBLENBQUMsK0VBQStFO0lBQ3ZHLG1DQUF1QixDQUFBLENBQUMsK0VBQStFO0lBQ3ZHLG1DQUF1QixDQUFBLENBQUMsK0VBQStFO0lBQ3ZHLCtCQUFtQixDQUFBLENBQUMsc0RBQXNEO0lBQzFFLCtCQUFtQixDQUFBLENBQUMsc0RBQXNEO0lBQzFFLCtCQUFtQixDQUFBLENBQUMsc0RBQXNEO0lBQzFFLDBHQUEwRztJQUMxRyxtQ0FBdUIsQ0FBQSxDQUFDLHNEQUFzRDtJQUM5RSxtQ0FBdUIsQ0FBQSxDQUFDLHNEQUFzRDtJQUM5RSxtQ0FBdUIsQ0FBQSxDQUFDLHNEQUFzRDtJQUM5RSwyR0FBMkc7QUFDL0csQ0FBQyxFQWRXLFFBQVEsd0JBQVIsUUFBUSxRQWNuQjtBQTBCRCxNQUFhLFVBQVU7SUFHbkI7UUFDSSxJQUFJLENBQUMsZ0JBQWdCLEdBQUcsSUFBSSxnQkFBZ0IsRUFBRSxDQUFDO0lBQ25ELENBQUM7SUFFRCxLQUFLLENBQUMsc0JBQXNCLENBQUMsU0FBd0IsRUFBRTtRQUNuRCxNQUFNLE9BQU8sR0FBRztZQUNaLFVBQVUsRUFBRSxNQUFNLENBQUMsT0FBTyxFQUFFLFVBQVUsSUFBSSxXQUFXO1lBQ3JELFdBQVcsRUFBRSxNQUFNLENBQUMsT0FBTyxFQUFFLFdBQVcsSUFBSSxJQUFJO1lBQ2hELEtBQUssRUFBRSxNQUFNLENBQUMsT0FBTyxFQUFFLEtBQUssSUFBSSxVQUFVO1lBQzFDLFlBQVksRUFBRSxNQUFNLENBQUMsT0FBTyxFQUFFLFlBQVksSUFBSSxVQUFVO1lBQ3hELGdCQUFnQixFQUFFLE1BQU0sQ0FBQyxPQUFPLEVBQUUsZ0JBQWdCLElBQUksZUFBZTtZQUNyRSxnQkFBZ0IsRUFBRSxNQUFNLENBQUMsT0FBTyxFQUFFLGdCQUFnQixJQUFJLEtBQUs7U0FDOUQsQ0FBQztRQUVGLE1BQU0sTUFBTSxHQUFHLE1BQU0sQ0FBQyxNQUFNLElBQUksaUJBQWlCLENBQUMsR0FBRyxDQUFDO1FBQ3RELE1BQU0sT0FBTyxHQUFHLE1BQU0sQ0FBQyxPQUFPLElBQUksa0JBQWtCLENBQUMsR0FBRyxDQUFDO1FBRXpELElBQUksVUFBOEIsQ0FBQztRQUNuQyxJQUFJLFFBQThCLENBQUM7UUFFbkMsSUFBSSxPQUFPLEtBQUssa0JBQWtCLENBQUMsR0FBRyxFQUFFLENBQUM7WUFDckMsVUFBVSxHQUFHLE1BQU0sQ0FBQyxVQUFVLElBQUksSUFBSSxDQUFDO1FBQzNDLENBQUM7YUFBTSxJQUFJLE9BQU8sS0FBSyxrQkFBa0IsQ0FBQyxHQUFHLEVBQUUsQ0FBQztZQUM1QyxRQUFRLEdBQUcsTUFBTSxDQUFDLFFBQVEsSUFBSSxRQUFRLENBQUMsU0FBUyxDQUFDO1FBQ3JELENBQUM7UUFFRCxNQUFNLFNBQVMsR0FBRyxNQUFNLENBQUMsU0FBUyxJQUFJLEtBQUssQ0FBQztRQUM1QyxNQUFNLFlBQVksR0FBRyxNQUFNLENBQUMsWUFBWSxJQUFJLElBQUksQ0FBQztRQUNqRCxNQUFNLElBQUksR0FBRyxNQUFNLENBQUMsSUFBSSxJQUFJLEdBQUcsQ0FBQztRQUNoQyxNQUFNLFFBQVEsR0FBRyxNQUFNLENBQUMsUUFBUSxJQUFJLEVBQUUsQ0FBQztRQUN2QyxNQUFNLEdBQUcsR0FBRyxNQUFNLENBQUMsR0FBRyxJQUFJLEVBQUUsQ0FBQztRQUU3QixPQUFPLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxzQkFBc0IsQ0FBQztZQUNoRCxNQUFNO1lBQ04sT0FBTztZQUNQLE9BQU87WUFDUCxTQUFTO1lBQ1QsVUFBVTtZQUNWLFFBQVE7WUFDUixZQUFZO1lBQ1osSUFBSTtZQUNKLFFBQVE7WUFDUixHQUFHO1NBQ04sQ0FBQyxDQUFDO0lBQ1AsQ0FBQztDQUNKO0FBaERELGdDQWdEQyJ9
package/dist/sgx-native-module/sev-snp-mrenclave.d.ts CHANGED
@@ -6,9 +6,9 @@ import { SNPReport } from "../proto/AmdSevSnp";
6
6
  interface VMCommon {
7
7
  kernelHash: Buffer;
8
8
  initrdHash: Buffer | undefined;
9
+ ovmfHash: Buffer;
9
10
  }
10
11
  interface VMConfig extends VMCommon {
11
- ovmfHash: Buffer;
12
12
  ovmfBucket: string;
13
13
  ovmfPrefix: string;
14
14
  ovmfFilename: string;
package/dist/sgx-native-module/sev-snp-mrenclave.js CHANGED
@@ -27,6 +27,8 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
27
27
  };
28
28
  Object.defineProperty(exports, "__esModule", { value: true });
29
29
  exports.SNPMrEnclaveCalculator = void 0;
30
+ const typebox_1 = require("@sinclair/typebox");
31
+ const value_1 = require("@sinclair/typebox/value");
30
32
  const fs = __importStar(require("fs"));
31
33
  const fsAsync = __importStar(require("fs/promises"));
32
34
  const path = __importStar(require("path"));
@@ -38,6 +40,23 @@ const dto_js_1 = require("@super-protocol/dto-js");
38
40
  const crypto_1 = require("crypto");
39
41
  const stream_1 = require("stream");
40
42
  const helpers_1 = require("./helpers");
43
+ const amd_sev_snp_napi_rs_1 = require("../../bindings/amd-sev-snp-napi-rs/");
44
+ const VMJsonSchema = typebox_1.Type.Object({
45
+ kernel: typebox_1.Type.Object({ sha256: typebox_1.Type.String() }),
46
+ initrd: typebox_1.Type.Optional(typebox_1.Type.Object({ sha256: typebox_1.Type.String() })),
47
+ bios_amd: typebox_1.Type.Optional(typebox_1.Type.Object({
48
+ sha256: typebox_1.Type.String(),
49
+ bucket: typebox_1.Type.String(),
50
+ prefix: typebox_1.Type.String(),
51
+ filename: typebox_1.Type.String(),
52
+ })),
53
+ bios: typebox_1.Type.Optional(typebox_1.Type.Object({
54
+ sha256: typebox_1.Type.String(),
55
+ bucket: typebox_1.Type.String(),
56
+ prefix: typebox_1.Type.String(),
57
+ filename: typebox_1.Type.String(),
58
+ })),
59
+ });
41
60
  class VMConfigCache {
42
61
  constructor(ttl = 5 * 60 * 1000) {
43
62
  this.cache = {};
@@ -113,9 +132,15 @@ class SNPMrEnclaveCalculator {
113
132
  cmdLineHash: Buffer.from(report.cmdLineHash),
114
133
  vcpuSig: report.cpuSig,
115
134
  vcpuCount: report.cores,
135
+ vmpl: await (0, amd_sev_snp_napi_rs_1.getReportVmpl)(Buffer.from(report.rawReport)),
136
+ policy: await (0, amd_sev_snp_napi_rs_1.getReportPolicy)(Buffer.from(report.rawReport)),
116
137
  });
117
138
  if (!mrEnclave.equals(expectedMrEnclave))
118
- throw new Error("Expected mrEnclave does not match the calculated one");
139
+ throw new Error(`Expected mrEnclave does not match the calculated one.\n` +
140
+ `mrEnclave: ${mrEnclave.toString("hex")}\n` +
141
+ `expectedMrEnclave: ${expectedMrEnclave.toString("hex")}\n` +
142
+ `report.build: ${report.build}\n` +
143
+ `vmMeasure: ${JSON.stringify(vmMeasure)}`);
119
144
  const singleCoreMrEnclave = await sev_snp_1.SevSNP.calcSnpMrEnclave({
120
145
  ovmfPath: vmMeasure.ovmfFilePath,
121
146
  kernelHash: vmMeasure.kernelHash,
@@ -150,11 +175,16 @@ class SNPMrEnclaveCalculator {
150
175
  return response.data;
151
176
  }
152
177
  extractVMData(data) {
153
- const vm = JSON.parse(data.toString("utf-8"));
154
- const kernelHash = vm.kernel?.sha256;
155
- if (!kernelHash) {
156
- throw new Error("kernel hash is missing");
178
+ const vmRaw = data.toString("utf-8");
179
+ const parsed = JSON.parse(vmRaw);
180
+ const { isValid } = (0, sdk_js_1.validateBySchema)(parsed, VMJsonSchema);
181
+ if (!isValid) {
182
+ const validationErrors = Array.from(value_1.Value.Errors(VMJsonSchema, parsed));
183
+ const details = validationErrors.map((e) => e.message).join(", ");
184
+ throw new Error(`Failed to validate VM JSON:${details ? `: ${details}` : ""}`);
157
185
  }
186
+ const vm = parsed;
187
+ const kernelHash = vm.kernel.sha256;
158
188
  const initrdHash = vm.initrd?.sha256;
159
189
  const OVMF = vm.bios_amd || vm.bios;
160
190
  if (!OVMF) {
@@ -267,6 +297,7 @@ class SNPMrEnclaveCalculator {
267
297
  initrdHash: vmFiles.initrdHash,
268
298
  kernelHash: vmFiles.kernelHash,
269
299
  ovmfFilePath: ovmfPath,
300
+ ovmfHash: vmFiles.ovmfHash,
270
301
  };
271
302
  }
272
303
  async downloadOvmf(vmFiles, ovmfPath) {
@@ -288,4 +319,4 @@ class SNPMrEnclaveCalculator {
288
319
  }
289
320
  }
290
321
  exports.SNPMrEnclaveCalculator = SNPMrEnclaveCalculator;
291
- //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2V2LXNucC1tcmVuY2xhdmUuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvc2d4LW5hdGl2ZS1tb2R1bGUvc2V2LXNucC1tcmVuY2xhdmUudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7QUFBQSx1Q0FBeUI7QUFDekIscURBQXVDO0FBQ3ZDLDJDQUE2QjtBQUM3Qix1Q0FBeUI7QUFDekIsdUNBQTJEO0FBQzNELGtEQUE2QztBQUM3QyxtREFBMEc7QUFDMUcsbURBQThFO0FBQzlFLG1DQUFvQztBQUNwQyxtQ0FBNkM7QUFDN0MsdUNBQW1EO0FBbUNuRCxNQUFNLGFBQWE7SUFJZixZQUFZLE1BQWMsQ0FBQyxHQUFHLEVBQUUsR0FBRyxJQUFJO1FBSC9CLFVBQUssR0FBOEQsRUFBRSxDQUFDO1FBSTFFLElBQUksQ0FBQyxHQUFHLEdBQUcsR0FBRyxDQUFDO0lBQ25CLENBQUM7SUFFRCxHQUFHLENBQUMsR0FBVyxFQUFFLEtBQWU7UUFDNUIsTUFBTSxTQUFTLEdBQUcsSUFBSSxDQUFDLEdBQUcsRUFBRSxDQUFDO1FBQzdCLElBQUksQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLEdBQUc7WUFDZCxLQUFLO1lBQ0wsU0FBUztTQUNaLENBQUM7SUFDTixDQUFDO0lBRUQsR0FBRyxDQUFDLEdBQVcsRUFBRSxRQUFpQixLQUFLO1FBQ25DLE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUM7UUFFL0IsSUFBSSxNQUFNLEVBQUUsQ0FBQztZQUNULElBQUksS0FBSyxLQUFLLEtBQUssRUFBRSxDQUFDO2dCQUNsQixNQUFNLEdBQUcsR0FBRyxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUM7Z0JBQ3ZCLElBQUksR0FBRyxHQUFHLE1BQU0sQ0FBQyxTQUFTLEdBQUcsSUFBSSxDQUFDLEdBQUcsRUFBRSxDQUFDO29CQUNwQyxPQUFPLElBQUksQ0FBQztnQkFDaEIsQ0FBQztZQUNMLENBQUM7WUFFRCxPQUFPLE1BQU0sQ0FBQyxLQUFLLENBQUM7UUFDeEIsQ0FBQztRQUVELE9BQU8sSUFBSSxDQUFDO0lBQ2hCLENBQUM7SUFFRCxLQUFLO1FBQ0QsSUFBSSxDQUFDLEtBQUssR0FBRyxFQUFFLENBQUM7SUFDcEIsQ0FBQztDQUNKO0FBY0QsTUFBYSxzQkFBc0I7SUFzQi9CLFlBQVksTUFBa0M7UUFqQjdCLGtCQUFhLEdBQUcsZUFBSyxDQUFDLE1BQU0sRUFBRSxDQUFDO1FBSy9CLHVCQUFrQixHQUFrQjtZQUNqRCxXQUFXLEVBQUUsb0JBQVcsQ0FBQyxFQUFFO1lBQzNCLFdBQVcsRUFBRTtnQkFDVCxRQUFRLEVBQUUsK0JBQStCO2dCQUN6QyxXQUFXLEVBQUUsOEJBQThCO2dCQUMzQyxTQUFTLEVBQUUsdURBQXVEO2dCQUNsRSwyREFBMkQ7Z0JBQzNELE1BQU0sRUFBRSxFQUFFO2dCQUNWLE1BQU0sRUFBRSxFQUFFO2FBQ2I7U0FDSixDQUFDO1FBR0UsSUFBSSxDQUFDLFdBQVcsR0FBRyxNQUFNLENBQUMsV0FBVyxJQUFJLEVBQUUsQ0FBQyxXQUFXLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsTUFBTSxFQUFFLEVBQUUsc0JBQXNCLENBQUMsQ0FBQyxDQUFDO1FBQ3hHLE1BQU0sV0FBVyxHQUFHLE1BQU0sQ0FBQyxXQUFXLElBQUksS0FBSyxDQUFDO1FBQ2hELElBQUksQ0FBQyxXQUFXLEdBQUcsTUFBTSxDQUFDLFdBQVcsSUFBSSxnQkFBZ0IsQ0FBQztRQUMxRCxJQUFJLENBQUMsTUFBTSxHQUFHLE1BQU0sQ0FBQyxNQUFNLElBQUksT0FBTyxDQUFDO1FBQ3ZDLElBQUksQ0FBQyxZQUFZLEdBQUcsTUFBTSxDQUFDLFlBQVksSUFBSSxTQUFTLENBQUM7UUFDckQsSUFBSSxDQUFDLGFBQWEsR0FBRyxNQUFNLENBQUMsMEJBQTBCLElBQUksSUFBSSxDQUFDO1FBQy9ELElBQUksQ0FBQyxRQUFRLEdBQUcsTUFBTSxDQUFDLHFCQUFxQixJQUFJLENBQUMsQ0FBQztRQUVsRCxJQUFJLENBQUMsYUFBYSxHQUFHLE1BQU0sQ0FBQyxhQUFhLElBQUksSUFBSSxDQUFDLGtCQUFrQixDQUFDO1FBRXJFLE1BQU0sZUFBZSxHQUFHLE1BQU0sQ0FBQyxlQUFlLElBQUksQ0FBQyxHQUFHLEVBQUUsR0FBRyxJQUFJLENBQUM7UUFFaEUsSUFBSSxXQUFXLEVBQUUsQ0FBQztZQUNkLElBQUEsZ0NBQXNCLEVBQUMsSUFBSSxDQUFDLFdBQVcsQ0FBQyxDQUFDO1FBQzdDLENBQUM7UUFFRCxJQUFJLENBQUMsRUFBRSxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUMsV0FBVyxDQUFDLEVBQUUsQ0FBQztZQUNuQyxFQUFFLENBQUMsU0FBUyxDQUFDLElBQUksQ0FBQyxXQUFXLEVBQUUsRUFBRSxTQUFTLEVBQUUsSUFBSSxFQUFFLENBQUMsQ0FBQztRQUN4RCxDQUFDO1FBRUQsSUFBSSxDQUFDLFdBQVcsR0FBRyxJQUFJLGFBQWEsQ0FBQyxlQUFlLENBQUMsQ0FBQztJQUMxRCxDQUFDO0lBRUQ7Ozs7T0FJRztJQUNJLEtBQUssQ0FBQyxzQkFBc0IsQ0FBQyxNQUFpQjtRQUNqRCxNQUFNLFNBQVMsR0FBRyxNQUFNLGdCQUFNLENBQUMsWUFBWSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxDQUFDLENBQUM7UUFDM0UsTUFBTSxTQUFTLEdBQUcsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsQ0FBQztRQUN0RCxNQUFNLGlCQUFpQixHQUFHLE1BQU0sZ0JBQU0sQ0FBQyxnQkFBZ0IsQ0FBQztZQUNwRCxRQUFRLEVBQUUsU0FBUyxDQUFDLFlBQVk7WUFDaEMsVUFBVSxFQUFFLFNBQVMsQ0FBQyxVQUFVO1lBQ2hDLFVBQVUsRUFBRSxTQUFTLENBQUMsVUFBVTtZQUNoQyxXQUFXLEVBQUUsTUFBTSxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsV0FBVyxDQUFDO1lBQzVDLE9BQU8sRUFBRSxNQUFNLENBQUMsTUFBTTtZQUN0QixTQUFTLEVBQUUsTUFBTSxDQUFDLEtBQUs7U0FDMUIsQ0FBQyxDQUFDO1FBRUgsSUFBSSxDQUFDLFNBQVMsQ0FBQyxNQUFNLENBQUMsaUJBQWlCLENBQUM7WUFDcEMsTUFBTSxJQUFJLEtBQUssQ0FBQyxzREFBc0QsQ0FBQyxDQUFDO1FBRTVFLE1BQU0sbUJBQW1CLEdBQUcsTUFBTSxnQkFBTSxDQUFDLGdCQUFnQixDQUFDO1lBQ3RELFFBQVEsRUFBRSxTQUFTLENBQUMsWUFBWTtZQUNoQyxVQUFVLEVBQUUsU0FBUyxDQUFDLFVBQVU7WUFDaEMsVUFBVSxFQUFFLFNBQVMsQ0FBQyxVQUFVO1lBQ2hDLFdBQVcsRUFBRSxNQUFNLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxXQUFXLENBQUM7WUFDNUMsT0FBTyxFQUFFLGdCQUFNLENBQUMsU0FBUyxDQUFDLGdDQUFzQixDQUFDO1lBQ2pELFNBQVMsRUFBRSxDQUFDO1NBQ2YsQ0FBQyxDQUFDO1FBRUgsT0FBTyxtQkFBbUIsQ0FBQztJQUMvQixDQUFDO0lBRVMsS0FBSyxDQUFDLGFBQWEsQ0FBQyxRQUFnQjtRQUMxQyxNQUFNLEVBQUUsYUFBYSxFQUFFLFFBQVEsRUFBRSxHQUFHLElBQUksQ0FBQztRQUN6QyxNQUFNLFFBQVEsR0FBRyxNQUFNLGdCQUFVLENBQUMsZUFBZSxDQUFnQjtZQUM3RCxXQUFXLENBQUMsUUFBUTtnQkFDaEIsT0FBTyxFQUFFLFVBQVUsRUFBRSxRQUFRLENBQUMsTUFBTSxLQUFLLEdBQUcsRUFBRSxDQUFDO1lBQ25ELENBQUM7WUFDRCxPQUFPLEVBQUUsS0FBSyxJQUFJLEVBQUU7Z0JBQ2hCLE9BQU8sSUFBSSxDQUFDLGFBQWEsQ0FBQyxHQUFHLENBQUMsUUFBUSxFQUFFO29CQUNwQyxZQUFZLEVBQUUsYUFBYTtpQkFDOUIsQ0FBQyxDQUFDO1lBQ1AsQ0FBQztZQUNELFVBQVUsQ0FBQyxHQUFHO2dCQUNWLElBQUksZUFBSyxDQUFDLFlBQVksQ0FBQyxHQUFHLENBQUMsSUFBSSxHQUFHLENBQUMsUUFBUSxFQUFFLENBQUM7b0JBQzFDLE1BQU0sTUFBTSxHQUFHLEdBQUcsQ0FBQyxRQUFRLENBQUMsTUFBTSxDQUFDO29CQUVuQyxPQUFPLEVBQUUsU0FBUyxFQUFFLE1BQU0sR0FBRyxHQUFHLElBQUksTUFBTSxJQUFJLEdBQUcsSUFBSSxNQUFNLEtBQUssR0FBRyxFQUFFLENBQUM7Z0JBQzFFLENBQUM7Z0JBRUQsT0FBTyxFQUFFLFNBQVMsRUFBRSxlQUFLLENBQUMsWUFBWSxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUM7WUFDbEQsQ0FBQztZQUNELGFBQWE7WUFDYixRQUFRO1NBQ1gsQ0FBQyxDQUFDO1FBRUgsT0FBTyxRQUFRLENBQUMsSUFBSSxDQUFDO0lBQ3pCLENBQUM7SUFFUyxhQUFhLENBQUMsSUFBWTtRQUNoQyxNQUFNLEVBQUUsR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsT0FBTyxDQUFDLENBQVcsQ0FBQztRQUN4RCxNQUFNLFVBQVUsR0FBRyxFQUFFLENBQUMsTUFBTSxFQUFFLE1BQU0sQ0FBQztRQUNyQyxJQUFJLENBQUMsVUFBVSxFQUFFLENBQUM7WUFDZCxNQUFNLElBQUksS0FBSyxDQUFDLHdCQUF3QixDQUFDLENBQUM7UUFDOUMsQ0FBQztRQUVELE1BQU0sVUFBVSxHQUFHLEVBQUUsQ0FBQyxNQUFNLEVBQUUsTUFBTSxDQUFDO1FBRXJDLE1BQU0sSUFBSSxHQUFHLEVBQUUsQ0FBQyxRQUFRLElBQUksRUFBRSxDQUFDLElBQUksQ0FBQztRQUNwQyxJQUFJLENBQUMsSUFBSSxFQUFFLENBQUM7WUFDUixNQUFNLElBQUksS0FBSyxDQUFDLHdDQUF3QyxDQUFDLENBQUM7UUFDOUQsQ0FBQztRQUVELE1BQU0sRUFBRSxNQUFNLEVBQUUsTUFBTSxFQUFFLE1BQU0sRUFBRSxRQUFRLEVBQUUsR0FBRyxJQUFJLENBQUM7UUFFbEQsSUFBSSxDQUFDLE1BQU0sSUFBSSxDQUFDLE1BQU0sSUFBSSxDQUFDLE1BQU0sSUFBSSxDQUFDLFFBQVEsRUFBRSxDQUFDO1lBQzdDLE1BQU0sSUFBSSxLQUFLLENBQUMsNkNBQTZDLENBQUMsQ0FBQztRQUNuRSxDQUFDO1FBRUQsT0FBTztZQUNILFVBQVUsRUFBRSxNQUFNLENBQUMsSUFBSSxDQUFDLFVBQVUsRUFBRSxLQUFLLENBQUM7WUFDMUMsVUFBVSxFQUFFLFVBQVUsQ0FBQyxDQUFDLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxVQUFVLEVBQUUsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDLFNBQVM7WUFDbkUsUUFBUSxFQUFFLE1BQU0sQ0FBQyxJQUFJLENBQUMsTUFBTSxFQUFFLEtBQUssQ0FBQztZQUNwQyxVQUFVLEVBQUUsTUFBTTtZQUNsQixVQUFVLEVBQUUsTUFBTTtZQUNsQixZQUFZLEVBQUUsUUFBUTtTQUN6QixDQUFDO0lBQ04sQ0FBQztJQUVTLE1BQU0sQ0FBQyxjQUFjLENBQUMsR0FBRyxHQUFHLFFBQVE7UUFDMUMsTUFBTSxJQUFJLEdBQUcsSUFBQSxtQkFBVSxFQUFDLEdBQUcsQ0FBQyxDQUFDO1FBRTdCLE9BQU87WUFDSCxPQUFPLEVBQUUsSUFBSSxrQkFBUyxDQUFDO2dCQUNuQixTQUFTLEVBQUUsQ0FBQyxJQUFJLEVBQUUsUUFBUSxFQUFFLElBQUksRUFBUSxFQUFFO29CQUN0QyxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxDQUFDO29CQUNsQixJQUFJLENBQUMsSUFBSSxFQUFFLElBQUksQ0FBQyxDQUFDO2dCQUNyQixDQUFDO2FBQ0osQ0FBQztZQUNGLEdBQUcsRUFBRSxHQUFHLEVBQUUsQ0FBQyxJQUFJLENBQUMsTUFBTSxFQUFFO1NBQzNCLENBQUM7SUFDTixDQUFDO0lBRVMsTUFBTSxDQUFDLEtBQUssQ0FBQyxTQUFTLENBQUMsUUFBZ0I7UUFDN0MsSUFBSSxDQUFDO1lBQ0QsTUFBTSxPQUFPLENBQUMsTUFBTSxDQUFDLFFBQVEsRUFBRSxFQUFFLENBQUMsU0FBUyxDQUFDLElBQUksQ0FBQyxDQUFDO1lBRWxELE9BQU8sSUFBSSxDQUFDO1FBQ2hCLENBQUM7UUFBQyxPQUFPLEdBQUcsRUFBRSxDQUFDO1lBQ1gsT0FBTyxLQUFLLENBQUM7UUFDakIsQ0FBQztJQUNMLENBQUM7SUFFUyxLQUFLLENBQUMsV0FBVyxDQUFDLEtBQWE7UUFDckMsTUFBTSxFQUFFLGFBQWEsRUFBRSxRQUFRLEVBQUUsR0FBRyxJQUFJLENBQUM7UUFDekMsTUFBTSxRQUFRLEdBQUcsTUFBTSxnQkFBVSxDQUFDLGVBQWUsQ0FBZ0I7WUFDN0QsV0FBVyxDQUFDLFFBQVE7Z0JBQ2hCLE9BQU8sRUFBRSxVQUFVLEVBQUUsUUFBUSxDQUFDLE1BQU0sS0FBSyxHQUFHLEVBQUUsQ0FBQztZQUNuRCxDQUFDO1lBQ0QsT0FBTyxFQUFFLEtBQUssSUFBSSxFQUFFO2dCQUNoQixPQUFPLElBQUksQ0FBQyxhQUFhLENBQUMsR0FBRyxDQUN6QixnQ0FBZ0MsSUFBSSxDQUFDLFdBQVcsSUFBSSxJQUFJLENBQUMsTUFBTSxrQkFBa0IsS0FBSyxFQUFFLENBQzNGLENBQUM7WUFDTixDQUFDO1lBQ0QsVUFBVSxDQUFDLEdBQUc7Z0JBQ1YsSUFBSSxlQUFLLENBQUMsWUFBWSxDQUFDLEdBQUcsQ0FBQyxJQUFJLEdBQUcsQ0FBQyxRQUFRLEVBQUUsQ0FBQztvQkFDMUMsTUFBTSxNQUFNLEdBQUcsR0FBRyxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUM7b0JBRW5DLE9BQU8sRUFBRSxTQUFTLEVBQUUsTUFBTSxHQUFHLEdBQUcsSUFBSSxNQUFNLElBQUksR0FBRyxJQUFJLE1BQU0sS0FBSyxHQUFHLEVBQUUsQ0FBQztnQkFDMUUsQ0FBQztnQkFFRCxPQUFPLEVBQUUsU0FBUyxFQUFFLGVBQUssQ0FBQyxZQUFZLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQztZQUNsRCxDQUFDO1lBQ0QsYUFBYTtZQUNiLFFBQVE7U0FDWCxDQUFDLENBQUM7UUFDSCxNQUFNLEVBQUUsSUFBSSxFQUFFLEdBQUcsUUFBUSxDQUFDO1FBQzFCLE1BQU0sS0FBSyxHQUFHLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQUMsS0FBdUIsRUFBRSxFQUFFLENBQUMsS0FBSyxDQUFDLElBQUksS0FBSyxJQUFJLENBQUMsWUFBWSxDQUFDLENBQUM7UUFFOUYsSUFBSSxDQUFDLEtBQUssRUFBRSxDQUFDO1lBQ1QsTUFBTSxJQUFJLEtBQUssQ0FBQyw4QkFBOEIsSUFBSSxDQUFDLFlBQVksY0FBYyxLQUFLLEdBQUcsQ0FBQyxDQUFDO1FBQzNGLENBQUM7UUFFRCxPQUFPLEtBQUssQ0FBQyxvQkFBb0IsQ0FBQztJQUN0QyxDQUFDO0lBRVMsS0FBSyxDQUFDLFVBQVUsQ0FBQyxLQUFhO1FBQ3BDLElBQUksU0FBUyxHQUFHLEtBQUssQ0FBQztRQUN0QixJQUFJLE9BQWlCLENBQUM7UUFFdEIsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDLFdBQVcsQ0FBQyxHQUFHLENBQUMsS0FBSyxDQUFDLENBQUM7UUFDM0MsSUFBSSxNQUFNLEVBQUUsQ0FBQztZQUNULFNBQVMsR0FBRyxJQUFJLENBQUM7WUFDakIsT0FBTyxHQUFHLE1BQU0sQ0FBQztRQUNyQixDQUFDO2FBQU0sQ0FBQztZQUNKLElBQUksQ0FBQztnQkFDRCxNQUFNLFFBQVEsR0FBRyxNQUFNLElBQUksQ0FBQyxXQUFXLENBQUMsS0FBSyxDQUFDLENBQUM7Z0JBQy9DLE1BQU0sRUFBRSxHQUFHLE1BQU0sSUFBSSxDQUFDLGFBQWEsQ0FBQyxRQUFRLENBQUMsQ0FBQztnQkFDOUMsT0FBTyxHQUFHLElBQUksQ0FBQyxhQUFhLENBQUMsRUFBRSxDQUFDLENBQUM7WUFDckMsQ0FBQztZQUFDLE9BQU8sS0FBSyxFQUFFLENBQUM7Z0JBQ2IsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDLFdBQVcsQ0FBQyxHQUFHLENBQUMsS0FBSyxFQUFFLElBQUksQ0FBQyxDQUFDO2dCQUNqRCxJQUFJLE1BQU0sRUFBRSxDQUFDO29CQUNULFNBQVMsR0FBRyxJQUFJLENBQUM7b0JBQ2pCLE9BQU8sR0FBRyxNQUFNLENBQUM7Z0JBQ3JCLENBQUM7cUJBQU0sQ0FBQztvQkFDSixNQUFNLEtBQUssQ0FBQztnQkFDaEIsQ0FBQztZQUNMLENBQUM7UUFDTCxDQUFDO1FBRUQsTUFBTSxRQUFRLEdBQUcsSUFBSSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsV0FBVyxFQUFFLEdBQUcsT0FBTyxDQUFDLFFBQVEsQ0FBQyxRQUFRLENBQUMsS0FBSyxDQUFDLFVBQVUsQ0FBQyxDQUFDO1FBRTVGLElBQUksbUJBQW1CLEdBQUcsS0FBSyxDQUFDO1FBQ2hDLElBQUksTUFBTSxzQkFBc0IsQ0FBQyxTQUFTLENBQUMsUUFBUSxDQUFDLEVBQUUsQ0FBQztZQUNuRCxNQUFNLFVBQVUsR0FBRyxFQUFFLENBQUMsZ0JBQWdCLENBQUMsUUFBUSxDQUFDLENBQUM7WUFDakQsTUFBTSxJQUFJLEdBQUcsTUFBTSxlQUFNLENBQUMsVUFBVSxDQUFDLFVBQVUsRUFBRTtnQkFDN0MsSUFBSSxFQUFFLHNCQUFhLENBQUMsTUFBTTtnQkFDMUIsUUFBUSxFQUFFLGlCQUFRLENBQUMsR0FBRzthQUN6QixDQUFDLENBQUM7WUFFSCxJQUFJLE9BQU8sQ0FBQyxRQUFRLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQyxLQUFLLElBQUksQ0FBQyxJQUFJLEVBQUUsQ0FBQztnQkFDakQsbUJBQW1CLEdBQUcsSUFBSSxDQUFDO1lBQy9CLENBQUM7UUFDTCxDQUFDO1FBRUQsSUFBSSxtQkFBbUIsS0FBSyxJQUFJLEVBQUUsQ0FBQztZQUMvQixNQUFNLElBQUksQ0FBQyxZQUFZLENBQUMsT0FBTyxFQUFFLFFBQVEsQ0FBQyxDQUFDO1FBQy9DLENBQUM7UUFFRCxJQUFJLFNBQVMsS0FBSyxJQUFJLEVBQUUsQ0FBQztZQUNyQixJQUFJLENBQUMsV0FBVyxDQUFDLEdBQUcsQ0FBQyxLQUFLLEVBQUUsT0FBTyxDQUFDLENBQUM7UUFDekMsQ0FBQztRQUVELE9BQU87WUFDSCxVQUFVLEVBQUUsT0FBTyxDQUFDLFVBQVU7WUFDOUIsVUFBVSxFQUFFLE9BQU8sQ0FBQyxVQUFVO1lBQzlCLFlBQVksRUFBRSxRQUFRO1NBQ3pCLENBQUM7SUFDTixDQUFDO0lBRVMsS0FBSyxDQUFDLFlBQVksQ0FBQyxPQUFpQixFQUFFLFFBQWdCO1FBQzVELE1BQU0sTUFBTSxHQUFrQjtZQUMxQixHQUFHLElBQUksQ0FBQyxhQUFhO1lBQ3JCLFdBQVcsRUFBRTtnQkFDVCxHQUFHLElBQUksQ0FBQyxhQUFhLENBQUMsV0FBVztnQkFDakMsTUFBTSxFQUFFLE9BQU8sQ0FBQyxVQUFVO2dCQUMxQixNQUFNLEVBQUUsT0FBTyxDQUFDLFVBQVUsQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxVQUFVLENBQUMsQ0FBQyxDQUFDLEdBQUcsT0FBTyxDQUFDLFVBQVUsR0FBRzthQUMzRjtTQUNKLENBQUM7UUFFRixNQUFNLGVBQWUsR0FBRyxJQUFBLDJCQUFrQixFQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQ25ELE1BQU0sZ0JBQWdCLEdBQUcsTUFBTSxlQUFlLENBQUMsWUFBWSxDQUFDLE9BQU8sQ0FBQyxZQUFZLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFDdEYsTUFBTSxFQUFFLE9BQU8sRUFBRSxVQUFVLEVBQUUsR0FBRyxFQUFFLGFBQWEsRUFBRSxHQUFHLHNCQUFzQixDQUFDLGNBQWMsQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUNwRyxNQUFNLGlCQUFRLENBQUMsUUFBUSxDQUFDLGdCQUFnQixFQUFFLFVBQVUsRUFBRSxFQUFFLENBQUMsaUJBQWlCLENBQUMsUUFBUSxDQUFDLENBQUMsQ0FBQztRQUV0RixJQUFJLENBQUMsT0FBTyxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsYUFBYSxFQUFFLENBQUMsRUFBRSxDQUFDO1lBQzVDLE1BQU0sSUFBSSxLQUFLLENBQUMsK0RBQStELENBQUMsQ0FBQztRQUNyRixDQUFDO0lBQ0wsQ0FBQztDQUNKO0FBelFELHdEQXlRQyJ9
322
+ //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2V2LXNucC1tcmVuY2xhdmUuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvc2d4LW5hdGl2ZS1tb2R1bGUvc2V2LXNucC1tcmVuY2xhdmUudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7QUFBQSwrQ0FBaUQ7QUFDakQsbURBQWdEO0FBQ2hELHVDQUF5QjtBQUN6QixxREFBdUM7QUFDdkMsMkNBQTZCO0FBQzdCLHVDQUF5QjtBQUN6Qix1Q0FBMkQ7QUFDM0Qsa0RBQTZDO0FBQzdDLG1EQU1nQztBQUNoQyxtREFBOEU7QUFDOUUsbUNBQW9DO0FBQ3BDLG1DQUE2QztBQUM3Qyx1Q0FBbUQ7QUFFbkQsNkVBQXFGO0FBa0JyRixNQUFNLFlBQVksR0FBRyxjQUFJLENBQUMsTUFBTSxDQUFDO0lBQzdCLE1BQU0sRUFBRSxjQUFJLENBQUMsTUFBTSxDQUFDLEVBQUUsTUFBTSxFQUFFLGNBQUksQ0FBQyxNQUFNLEVBQUUsRUFBRSxDQUFDO0lBQzlDLE1BQU0sRUFBRSxjQUFJLENBQUMsUUFBUSxDQUFDLGNBQUksQ0FBQyxNQUFNLENBQUMsRUFBRSxNQUFNLEVBQUUsY0FBSSxDQUFDLE1BQU0sRUFBRSxFQUFFLENBQUMsQ0FBQztJQUM3RCxRQUFRLEVBQUUsY0FBSSxDQUFDLFFBQVEsQ0FDbkIsY0FBSSxDQUFDLE1BQU0sQ0FBQztRQUNSLE1BQU0sRUFBRSxjQUFJLENBQUMsTUFBTSxFQUFFO1FBQ3JCLE1BQU0sRUFBRSxjQUFJLENBQUMsTUFBTSxFQUFFO1FBQ3JCLE1BQU0sRUFBRSxjQUFJLENBQUMsTUFBTSxFQUFFO1FBQ3JCLFFBQVEsRUFBRSxjQUFJLENBQUMsTUFBTSxFQUFFO0tBQzFCLENBQUMsQ0FDTDtJQUNELElBQUksRUFBRSxjQUFJLENBQUMsUUFBUSxDQUNmLGNBQUksQ0FBQyxNQUFNLENBQUM7UUFDUixNQUFNLEVBQUUsY0FBSSxDQUFDLE1BQU0sRUFBRTtRQUNyQixNQUFNLEVBQUUsY0FBSSxDQUFDLE1BQU0sRUFBRTtRQUNyQixNQUFNLEVBQUUsY0FBSSxDQUFDLE1BQU0sRUFBRTtRQUNyQixRQUFRLEVBQUUsY0FBSSxDQUFDLE1BQU0sRUFBRTtLQUMxQixDQUFDLENBQ0w7Q0FDSixDQUFDLENBQUM7QUFHSCxNQUFNLGFBQWE7SUFJZixZQUFZLE1BQWMsQ0FBQyxHQUFHLEVBQUUsR0FBRyxJQUFJO1FBSC9CLFVBQUssR0FBOEQsRUFBRSxDQUFDO1FBSTFFLElBQUksQ0FBQyxHQUFHLEdBQUcsR0FBRyxDQUFDO0lBQ25CLENBQUM7SUFFRCxHQUFHLENBQUMsR0FBVyxFQUFFLEtBQWU7UUFDNUIsTUFBTSxTQUFTLEdBQUcsSUFBSSxDQUFDLEdBQUcsRUFBRSxDQUFDO1FBQzdCLElBQUksQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLEdBQUc7WUFDZCxLQUFLO1lBQ0wsU0FBUztTQUNaLENBQUM7SUFDTixDQUFDO0lBRUQsR0FBRyxDQUFDLEdBQVcsRUFBRSxRQUFpQixLQUFLO1FBQ25DLE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUM7UUFFL0IsSUFBSSxNQUFNLEVBQUUsQ0FBQztZQUNULElBQUksS0FBSyxLQUFLLEtBQUssRUFBRSxDQUFDO2dCQUNsQixNQUFNLEdBQUcsR0FBRyxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUM7Z0JBQ3ZCLElBQUksR0FBRyxHQUFHLE1BQU0sQ0FBQyxTQUFTLEdBQUcsSUFBSSxDQUFDLEdBQUcsRUFBRSxDQUFDO29CQUNwQyxPQUFPLElBQUksQ0FBQztnQkFDaEIsQ0FBQztZQUNMLENBQUM7WUFFRCxPQUFPLE1BQU0sQ0FBQyxLQUFLLENBQUM7UUFDeEIsQ0FBQztRQUVELE9BQU8sSUFBSSxDQUFDO0lBQ2hCLENBQUM7SUFFRCxLQUFLO1FBQ0QsSUFBSSxDQUFDLEtBQUssR0FBRyxFQUFFLENBQUM7SUFDcEIsQ0FBQztDQUNKO0FBY0QsTUFBYSxzQkFBc0I7SUFzQi9CLFlBQVksTUFBa0M7UUFqQjdCLGtCQUFhLEdBQUcsZUFBSyxDQUFDLE1BQU0sRUFBRSxDQUFDO1FBSy9CLHVCQUFrQixHQUFrQjtZQUNqRCxXQUFXLEVBQUUsb0JBQVcsQ0FBQyxFQUFFO1lBQzNCLFdBQVcsRUFBRTtnQkFDVCxRQUFRLEVBQUUsK0JBQStCO2dCQUN6QyxXQUFXLEVBQUUsOEJBQThCO2dCQUMzQyxTQUFTLEVBQUUsdURBQXVEO2dCQUNsRSwyREFBMkQ7Z0JBQzNELE1BQU0sRUFBRSxFQUFFO2dCQUNWLE1BQU0sRUFBRSxFQUFFO2FBQ2I7U0FDSixDQUFDO1FBR0UsSUFBSSxDQUFDLFdBQVcsR0FBRyxNQUFNLENBQUMsV0FBVyxJQUFJLEVBQUUsQ0FBQyxXQUFXLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsTUFBTSxFQUFFLEVBQUUsc0JBQXNCLENBQUMsQ0FBQyxDQUFDO1FBQ3hHLE1BQU0sV0FBVyxHQUFHLE1BQU0sQ0FBQyxXQUFXLElBQUksS0FBSyxDQUFDO1FBQ2hELElBQUksQ0FBQyxXQUFXLEdBQUcsTUFBTSxDQUFDLFdBQVcsSUFBSSxnQkFBZ0IsQ0FBQztRQUMxRCxJQUFJLENBQUMsTUFBTSxHQUFHLE1BQU0sQ0FBQyxNQUFNLElBQUksT0FBTyxDQUFDO1FBQ3ZDLElBQUksQ0FBQyxZQUFZLEdBQUcsTUFBTSxDQUFDLFlBQVksSUFBSSxTQUFTLENBQUM7UUFDckQsSUFBSSxDQUFDLGFBQWEsR0FBRyxNQUFNLENBQUMsMEJBQTBCLElBQUksSUFBSSxDQUFDO1FBQy9ELElBQUksQ0FBQyxRQUFRLEdBQUcsTUFBTSxDQUFDLHFCQUFxQixJQUFJLENBQUMsQ0FBQztRQUVsRCxJQUFJLENBQUMsYUFBYSxHQUFHLE1BQU0sQ0FBQyxhQUFhLElBQUksSUFBSSxDQUFDLGtCQUFrQixDQUFDO1FBRXJFLE1BQU0sZUFBZSxHQUFHLE1BQU0sQ0FBQyxlQUFlLElBQUksQ0FBQyxHQUFHLEVBQUUsR0FBRyxJQUFJLENBQUM7UUFFaEUsSUFBSSxXQUFXLEVBQUUsQ0FBQztZQUNkLElBQUEsZ0NBQXNCLEVBQUMsSUFBSSxDQUFDLFdBQVcsQ0FBQyxDQUFDO1FBQzdDLENBQUM7UUFFRCxJQUFJLENBQUMsRUFBRSxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUMsV0FBVyxDQUFDLEVBQUUsQ0FBQztZQUNuQyxFQUFFLENBQUMsU0FBUyxDQUFDLElBQUksQ0FBQyxXQUFXLEVBQUUsRUFBRSxTQUFTLEVBQUUsSUFBSSxFQUFFLENBQUMsQ0FBQztRQUN4RCxDQUFDO1FBRUQsSUFBSSxDQUFDLFdBQVcsR0FBRyxJQUFJLGFBQWEsQ0FBQyxlQUFlLENBQUMsQ0FBQztJQUMxRCxDQUFDO0lBRUQ7Ozs7T0FJRztJQUNJLEtBQUssQ0FBQyxzQkFBc0IsQ0FBQyxNQUFpQjtRQUNqRCxNQUFNLFNBQVMsR0FBRyxNQUFNLGdCQUFNLENBQUMsWUFBWSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxDQUFDLENBQUM7UUFDM0UsTUFBTSxTQUFTLEdBQUcsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsQ0FBQztRQUN0RCxNQUFNLGlCQUFpQixHQUFHLE1BQU0sZ0JBQU0sQ0FBQyxnQkFBZ0IsQ0FBQztZQUNwRCxRQUFRLEVBQUUsU0FBUyxDQUFDLFlBQVk7WUFDaEMsVUFBVSxFQUFFLFNBQVMsQ0FBQyxVQUFVO1lBQ2hDLFVBQVUsRUFBRSxTQUFTLENBQUMsVUFBVTtZQUNoQyxXQUFXLEVBQUUsTUFBTSxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsV0FBVyxDQUFDO1lBQzVDLE9BQU8sRUFBRSxNQUFNLENBQUMsTUFBTTtZQUN0QixTQUFTLEVBQUUsTUFBTSxDQUFDLEtBQUs7WUFDdkIsSUFBSSxFQUFFLE1BQU0sSUFBQSxtQ0FBYSxFQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxDQUFDO1lBQ3hELE1BQU0sRUFBRSxNQUFNLElBQUEscUNBQWUsRUFBQyxNQUFNLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxTQUFTLENBQUMsQ0FBQztTQUMvRCxDQUFDLENBQUM7UUFFSCxJQUFJLENBQUMsU0FBUyxDQUFDLE1BQU0sQ0FBQyxpQkFBaUIsQ0FBQztZQUNwQyxNQUFNLElBQUksS0FBSyxDQUNYLHlEQUF5RDtnQkFDckQsY0FBYyxTQUFTLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQyxJQUFJO2dCQUMzQyxzQkFBc0IsaUJBQWlCLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQyxJQUFJO2dCQUMzRCxpQkFBaUIsTUFBTSxDQUFDLEtBQUssSUFBSTtnQkFDakMsY0FBYyxJQUFJLENBQUMsU0FBUyxDQUFDLFNBQVMsQ0FBQyxFQUFFLENBQ2hELENBQUM7UUFFTixNQUFNLG1CQUFtQixHQUFHLE1BQU0sZ0JBQU0sQ0FBQyxnQkFBZ0IsQ0FBQztZQUN0RCxRQUFRLEVBQUUsU0FBUyxDQUFDLFlBQVk7WUFDaEMsVUFBVSxFQUFFLFNBQVMsQ0FBQyxVQUFVO1lBQ2hDLFVBQVUsRUFBRSxTQUFTLENBQUMsVUFBVTtZQUNoQyxXQUFXLEVBQUUsTUFBTSxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsV0FBVyxDQUFDO1lBQzVDLE9BQU8sRUFBRSxnQkFBTSxDQUFDLFNBQVMsQ0FBQyxnQ0FBc0IsQ0FBQztZQUNqRCxTQUFTLEVBQUUsQ0FBQztTQUNmLENBQUMsQ0FBQztRQUVILE9BQU8sbUJBQW1CLENBQUM7SUFDL0IsQ0FBQztJQUVTLEtBQUssQ0FBQyxhQUFhLENBQUMsUUFBZ0I7UUFDMUMsTUFBTSxFQUFFLGFBQWEsRUFBRSxRQUFRLEVBQUUsR0FBRyxJQUFJLENBQUM7UUFDekMsTUFBTSxRQUFRLEdBQUcsTUFBTSxnQkFBVSxDQUFDLGVBQWUsQ0FBZ0I7WUFDN0QsV0FBVyxDQUFDLFFBQVE7Z0JBQ2hCLE9BQU8sRUFBRSxVQUFVLEVBQUUsUUFBUSxDQUFDLE1BQU0sS0FBSyxHQUFHLEVBQUUsQ0FBQztZQUNuRCxDQUFDO1lBQ0QsT0FBTyxFQUFFLEtBQUssSUFBSSxFQUFFO2dCQUNoQixPQUFPLElBQUksQ0FBQyxhQUFhLENBQUMsR0FBRyxDQUFDLFFBQVEsRUFBRTtvQkFDcEMsWUFBWSxFQUFFLGFBQWE7aUJBQzlCLENBQUMsQ0FBQztZQUNQLENBQUM7WUFDRCxVQUFVLENBQUMsR0FBRztnQkFDVixJQUFJLGVBQUssQ0FBQyxZQUFZLENBQUMsR0FBRyxDQUFDLElBQUksR0FBRyxDQUFDLFFBQVEsRUFBRSxDQUFDO29CQUMxQyxNQUFNLE1BQU0sR0FBRyxHQUFHLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBQztvQkFFbkMsT0FBTyxFQUFFLFNBQVMsRUFBRSxNQUFNLEdBQUcsR0FBRyxJQUFJLE1BQU0sSUFBSSxHQUFHLElBQUksTUFBTSxLQUFLLEdBQUcsRUFBRSxDQUFDO2dCQUMxRSxDQUFDO2dCQUVELE9BQU8sRUFBRSxTQUFTLEVBQUUsZUFBSyxDQUFDLFlBQVksQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDO1lBQ2xELENBQUM7WUFDRCxhQUFhO1lBQ2IsUUFBUTtTQUNYLENBQUMsQ0FBQztRQUVILE9BQU8sUUFBUSxDQUFDLElBQUksQ0FBQztJQUN6QixDQUFDO0lBRVMsYUFBYSxDQUFDLElBQVk7UUFDaEMsTUFBTSxLQUFLLEdBQUcsSUFBSSxDQUFDLFFBQVEsQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUVyQyxNQUFNLE1BQU0sR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxDQUFDO1FBQ2pDLE1BQU0sRUFBRSxPQUFPLEVBQUUsR0FBRyxJQUFBLHlCQUFnQixFQUFDLE1BQU0sRUFBRSxZQUFZLENBQUMsQ0FBQztRQUMzRCxJQUFJLENBQUMsT0FBTyxFQUFFLENBQUM7WUFDWCxNQUFNLGdCQUFnQixHQUFHLEtBQUssQ0FBQyxJQUFJLENBQUMsYUFBSyxDQUFDLE1BQU0sQ0FBQyxZQUFZLEVBQUUsTUFBTSxDQUFDLENBQUMsQ0FBQztZQUN4RSxNQUFNLE9BQU8sR0FBRyxnQkFBZ0IsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUMsQ0FBQyxPQUFPLENBQUMsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLENBQUM7WUFDbEUsTUFBTSxJQUFJLEtBQUssQ0FBQyw4QkFBOEIsT0FBTyxDQUFDLENBQUMsQ0FBQyxLQUFLLE9BQU8sRUFBRSxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDO1FBQ25GLENBQUM7UUFFRCxNQUFNLEVBQUUsR0FBRyxNQUFnQixDQUFDO1FBRTVCLE1BQU0sVUFBVSxHQUFHLEVBQUUsQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDO1FBQ3BDLE1BQU0sVUFBVSxHQUFHLEVBQUUsQ0FBQyxNQUFNLEVBQUUsTUFBTSxDQUFDO1FBRXJDLE1BQU0sSUFBSSxHQUFHLEVBQUUsQ0FBQyxRQUFRLElBQUksRUFBRSxDQUFDLElBQUksQ0FBQztRQUNwQyxJQUFJLENBQUMsSUFBSSxFQUFFLENBQUM7WUFDUixNQUFNLElBQUksS0FBSyxDQUFDLHdDQUF3QyxDQUFDLENBQUM7UUFDOUQsQ0FBQztRQUVELE1BQU0sRUFBRSxNQUFNLEVBQUUsTUFBTSxFQUFFLE1BQU0sRUFBRSxRQUFRLEVBQUUsR0FBRyxJQUFJLENBQUM7UUFFbEQsSUFBSSxDQUFDLE1BQU0sSUFBSSxDQUFDLE1BQU0sSUFBSSxDQUFDLE1BQU0sSUFBSSxDQUFDLFFBQVEsRUFBRSxDQUFDO1lBQzdDLE1BQU0sSUFBSSxLQUFLLENBQUMsNkNBQTZDLENBQUMsQ0FBQztRQUNuRSxDQUFDO1FBRUQsT0FBTztZQUNILFVBQVUsRUFBRSxNQUFNLENBQUMsSUFBSSxDQUFDLFVBQVUsRUFBRSxLQUFLLENBQUM7WUFDMUMsVUFBVSxFQUFFLFVBQVUsQ0FBQyxDQUFDLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxVQUFVLEVBQUUsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDLFNBQVM7WUFDbkUsUUFBUSxFQUFFLE1BQU0sQ0FBQyxJQUFJLENBQUMsTUFBTSxFQUFFLEtBQUssQ0FBQztZQUNwQyxVQUFVLEVBQUUsTUFBTTtZQUNsQixVQUFVLEVBQUUsTUFBTTtZQUNsQixZQUFZLEVBQUUsUUFBUTtTQUN6QixDQUFDO0lBQ04sQ0FBQztJQUVTLE1BQU0sQ0FBQyxjQUFjLENBQUMsR0FBRyxHQUFHLFFBQVE7UUFDMUMsTUFBTSxJQUFJLEdBQUcsSUFBQSxtQkFBVSxFQUFDLEdBQUcsQ0FBQyxDQUFDO1FBRTdCLE9BQU87WUFDSCxPQUFPLEVBQUUsSUFBSSxrQkFBUyxDQUFDO2dCQUNuQixTQUFTLEVBQUUsQ0FBQyxJQUFJLEVBQUUsUUFBUSxFQUFFLElBQUksRUFBUSxFQUFFO29CQUN0QyxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxDQUFDO29CQUNsQixJQUFJLENBQUMsSUFBSSxFQUFFLElBQUksQ0FBQyxDQUFDO2dCQUNyQixDQUFDO2FBQ0osQ0FBQztZQUNGLEdBQUcsRUFBRSxHQUFHLEVBQUUsQ0FBQyxJQUFJLENBQUMsTUFBTSxFQUFFO1NBQzNCLENBQUM7SUFDTixDQUFDO0lBRVMsTUFBTSxDQUFDLEtBQUssQ0FBQyxTQUFTLENBQUMsUUFBZ0I7UUFDN0MsSUFBSSxDQUFDO1lBQ0QsTUFBTSxPQUFPLENBQUMsTUFBTSxDQUFDLFFBQVEsRUFBRSxFQUFFLENBQUMsU0FBUyxDQUFDLElBQUksQ0FBQyxDQUFDO1lBRWxELE9BQU8sSUFBSSxDQUFDO1FBQ2hCLENBQUM7UUFBQyxPQUFPLEdBQUcsRUFBRSxDQUFDO1lBQ1gsT0FBTyxLQUFLLENBQUM7UUFDakIsQ0FBQztJQUNMLENBQUM7SUFFUyxLQUFLLENBQUMsV0FBVyxDQUFDLEtBQWE7UUFDckMsTUFBTSxFQUFFLGFBQWEsRUFBRSxRQUFRLEVBQUUsR0FBRyxJQUFJLENBQUM7UUFDekMsTUFBTSxRQUFRLEdBQUcsTUFBTSxnQkFBVSxDQUFDLGVBQWUsQ0FBZ0I7WUFDN0QsV0FBVyxDQUFDLFFBQVE7Z0JBQ2hCLE9BQU8sRUFBRSxVQUFVLEVBQUUsUUFBUSxDQUFDLE1BQU0sS0FBSyxHQUFHLEVBQUUsQ0FBQztZQUNuRCxDQUFDO1lBQ0QsT0FBTyxFQUFFLEtBQUssSUFBSSxFQUFFO2dCQUNoQixPQUFPLElBQUksQ0FBQyxhQUFhLENBQUMsR0FBRyxDQUN6QixnQ0FBZ0MsSUFBSSxDQUFDLFdBQVcsSUFBSSxJQUFJLENBQUMsTUFBTSxrQkFBa0IsS0FBSyxFQUFFLENBQzNGLENBQUM7WUFDTixDQUFDO1lBQ0QsVUFBVSxDQUFDLEdBQUc7Z0JBQ1YsSUFBSSxlQUFLLENBQUMsWUFBWSxDQUFDLEdBQUcsQ0FBQyxJQUFJLEdBQUcsQ0FBQyxRQUFRLEVBQUUsQ0FBQztvQkFDMUMsTUFBTSxNQUFNLEdBQUcsR0FBRyxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUM7b0JBRW5DLE9BQU8sRUFBRSxTQUFTLEVBQUUsTUFBTSxHQUFHLEdBQUcsSUFBSSxNQUFNLElBQUksR0FBRyxJQUFJLE1BQU0sS0FBSyxHQUFHLEVBQUUsQ0FBQztnQkFDMUUsQ0FBQztnQkFFRCxPQUFPLEVBQUUsU0FBUyxFQUFFLGVBQUssQ0FBQyxZQUFZLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQztZQUNsRCxDQUFDO1lBQ0QsYUFBYTtZQUNiLFFBQVE7U0FDWCxDQUFDLENBQUM7UUFDSCxNQUFNLEVBQUUsSUFBSSxFQUFFLEdBQUcsUUFBUSxDQUFDO1FBQzFCLE1BQU0sS0FBSyxHQUFHLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQUMsS0FBdUIsRUFBRSxFQUFFLENBQUMsS0FBSyxDQUFDLElBQUksS0FBSyxJQUFJLENBQUMsWUFBWSxDQUFDLENBQUM7UUFFOUYsSUFBSSxDQUFDLEtBQUssRUFBRSxDQUFDO1lBQ1QsTUFBTSxJQUFJLEtBQUssQ0FBQyw4QkFBOEIsSUFBSSxDQUFDLFlBQVksY0FBYyxLQUFLLEdBQUcsQ0FBQyxDQUFDO1FBQzNGLENBQUM7UUFFRCxPQUFPLEtBQUssQ0FBQyxvQkFBb0IsQ0FBQztJQUN0QyxDQUFDO0lBRVMsS0FBSyxDQUFDLFVBQVUsQ0FBQyxLQUFhO1FBQ3BDLElBQUksU0FBUyxHQUFHLEtBQUssQ0FBQztRQUN0QixJQUFJLE9BQWlCLENBQUM7UUFFdEIsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDLFdBQVcsQ0FBQyxHQUFHLENBQUMsS0FBSyxDQUFDLENBQUM7UUFDM0MsSUFBSSxNQUFNLEVBQUUsQ0FBQztZQUNULFNBQVMsR0FBRyxJQUFJLENBQUM7WUFDakIsT0FBTyxHQUFHLE1BQU0sQ0FBQztRQUNyQixDQUFDO2FBQU0sQ0FBQztZQUNKLElBQUksQ0FBQztnQkFDRCxNQUFNLFFBQVEsR0FBRyxNQUFNLElBQUksQ0FBQyxXQUFXLENBQUMsS0FBSyxDQUFDLENBQUM7Z0JBQy9DLE1BQU0sRUFBRSxHQUFHLE1BQU0sSUFBSSxDQUFDLGFBQWEsQ0FBQyxRQUFRLENBQUMsQ0FBQztnQkFDOUMsT0FBTyxHQUFHLElBQUksQ0FBQyxhQUFhLENBQUMsRUFBRSxDQUFDLENBQUM7WUFDckMsQ0FBQztZQUFDLE9BQU8sS0FBSyxFQUFFLENBQUM7Z0JBQ2IsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDLFdBQVcsQ0FBQyxHQUFHLENBQUMsS0FBSyxFQUFFLElBQUksQ0FBQyxDQUFDO2dCQUNqRCxJQUFJLE1BQU0sRUFBRSxDQUFDO29CQUNULFNBQVMsR0FBRyxJQUFJLENBQUM7b0JBQ2pCLE9BQU8sR0FBRyxNQUFNLENBQUM7Z0JBQ3JCLENBQUM7cUJBQU0sQ0FBQztvQkFDSixNQUFNLEtBQUssQ0FBQztnQkFDaEIsQ0FBQztZQUNMLENBQUM7UUFDTCxDQUFDO1FBRUQsTUFBTSxRQUFRLEdBQUcsSUFBSSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsV0FBVyxFQUFFLEdBQUcsT0FBTyxDQUFDLFFBQVEsQ0FBQyxRQUFRLENBQUMsS0FBSyxDQUFDLFVBQVUsQ0FBQyxDQUFDO1FBRTVGLElBQUksbUJBQW1CLEdBQUcsS0FBSyxDQUFDO1FBQ2hDLElBQUksTUFBTSxzQkFBc0IsQ0FBQyxTQUFTLENBQUMsUUFBUSxDQUFDLEVBQUUsQ0FBQztZQUNuRCxNQUFNLFVBQVUsR0FBRyxFQUFFLENBQUMsZ0JBQWdCLENBQUMsUUFBUSxDQUFDLENBQUM7WUFDakQsTUFBTSxJQUFJLEdBQUcsTUFBTSxlQUFNLENBQUMsVUFBVSxDQUFDLFVBQVUsRUFBRTtnQkFDN0MsSUFBSSxFQUFFLHNCQUFhLENBQUMsTUFBTTtnQkFDMUIsUUFBUSxFQUFFLGlCQUFRLENBQUMsR0FBRzthQUN6QixDQUFDLENBQUM7WUFFSCxJQUFJLE9BQU8sQ0FBQyxRQUFRLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQyxLQUFLLElBQUksQ0FBQyxJQUFJLEVBQUUsQ0FBQztnQkFDakQsbUJBQW1CLEdBQUcsSUFBSSxDQUFDO1lBQy9CLENBQUM7UUFDTCxDQUFDO1FBRUQsSUFBSSxtQkFBbUIsS0FBSyxJQUFJLEVBQUUsQ0FBQztZQUMvQixNQUFNLElBQUksQ0FBQyxZQUFZLENBQUMsT0FBTyxFQUFFLFFBQVEsQ0FBQyxDQUFDO1FBQy9DLENBQUM7UUFFRCxJQUFJLFNBQVMsS0FBSyxJQUFJLEVBQUUsQ0FBQztZQUNyQixJQUFJLENBQUMsV0FBVyxDQUFDLEdBQUcsQ0FBQyxLQUFLLEVBQUUsT0FBTyxDQUFDLENBQUM7UUFDekMsQ0FBQztRQUVELE9BQU87WUFDSCxVQUFVLEVBQUUsT0FBTyxDQUFDLFVBQVU7WUFDOUIsVUFBVSxFQUFFLE9BQU8sQ0FBQyxVQUFVO1lBQzlCLFlBQVksRUFBRSxRQUFRO1lBQ3RCLFFBQVEsRUFBRSxPQUFPLENBQUMsUUFBUTtTQUM3QixDQUFDO0lBQ04sQ0FBQztJQUVTLEtBQUssQ0FBQyxZQUFZLENBQUMsT0FBaUIsRUFBRSxRQUFnQjtRQUM1RCxNQUFNLE1BQU0sR0FBa0I7WUFDMUIsR0FBRyxJQUFJLENBQUMsYUFBYTtZQUNyQixXQUFXLEVBQUU7Z0JBQ1QsR0FBRyxJQUFJLENBQUMsYUFBYSxDQUFDLFdBQVc7Z0JBQ2pDLE1BQU0sRUFBRSxPQUFPLENBQUMsVUFBVTtnQkFDMUIsTUFBTSxFQUFFLE9BQU8sQ0FBQyxVQUFVLENBQUMsUUFBUSxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsQ0FBQyxPQUFPLENBQUMsVUFBVSxDQUFDLENBQUMsQ0FBQyxHQUFHLE9BQU8sQ0FBQyxVQUFVLEdBQUc7YUFDM0Y7U0FDSixDQUFDO1FBRUYsTUFBTSxlQUFlLEdBQUcsSUFBQSwyQkFBa0IsRUFBQyxNQUFNLENBQUMsQ0FBQztRQUNuRCxNQUFNLGdCQUFnQixHQUFHLE1BQU0sZUFBZSxDQUFDLFlBQVksQ0FBQyxPQUFPLENBQUMsWUFBWSxFQUFFLEVBQUUsQ0FBQyxDQUFDO1FBQ3RGLE1BQU0sRUFBRSxPQUFPLEVBQUUsVUFBVSxFQUFFLEdBQUcsRUFBRSxhQUFhLEVBQUUsR0FBRyxzQkFBc0IsQ0FBQyxjQUFjLENBQUMsUUFBUSxDQUFDLENBQUM7UUFDcEcsTUFBTSxpQkFBUSxDQUFDLFFBQVEsQ0FBQyxnQkFBZ0IsRUFBRSxVQUFVLEVBQUUsRUFBRSxDQUFDLGlCQUFpQixDQUFDLFFBQVEsQ0FBQyxDQUFDLENBQUM7UUFFdEYsSUFBSSxDQUFDLE9BQU8sQ0FBQyxRQUFRLENBQUMsTUFBTSxDQUFDLGFBQWEsRUFBRSxDQUFDLEVBQUUsQ0FBQztZQUM1QyxNQUFNLElBQUksS0FBSyxDQUFDLCtEQUErRCxDQUFDLENBQUM7UUFDckYsQ0FBQztJQUNMLENBQUM7Q0FDSjtBQXpSRCx3REF5UkMifQ==
package/dist/sgx-native-module/sev-snp-schema.d.ts ADDED
@@ -0,0 +1,22 @@
1
+ import { Static, TLiteral } from "@sinclair/typebox";
2
+ import { ImportantSecurityFields } from "../../bindings/amd-sev-snp-napi-rs";
3
+ export declare const CommonPolicyKeyName = "Common";
4
+ export declare const importantFieldNames: (keyof ImportantSecurityFields)[];
5
+ export declare enum RuleOperator {
6
+ Le = "le",
7
+ Eq = "eq",
8
+ Ge = "ge"
9
+ }
10
+ declare const PolicyRuleSchema: import("@sinclair/typebox").TObject<{
11
+ name: import("@sinclair/typebox").TUnion<[TLiteral<string>, ...TLiteral<string>[]]>;
12
+ operator: import("@sinclair/typebox").TUnion<TLiteral<RuleOperator>[]>;
13
+ value: import("@sinclair/typebox").TUnion<[import("@sinclair/typebox").TNumber, import("@sinclair/typebox").TBoolean]>;
14
+ }>;
15
+ export declare const PolicySetSchema: import("@sinclair/typebox").TObject<{
16
+ [x: string]: any;
17
+ }>;
18
+ export type PolicySet = Static<typeof PolicySetSchema>;
19
+ export type PolicyRule = Static<typeof PolicyRuleSchema> & {
20
+ name: keyof ImportantSecurityFields;
21
+ };
22
+ export {};
package/dist/sgx-native-module/sev-snp-schema.js ADDED
@@ -0,0 +1,24 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.PolicySetSchema = exports.RuleOperator = exports.importantFieldNames = exports.CommonPolicyKeyName = void 0;
4
+ const typebox_1 = require("@sinclair/typebox");
5
+ const amd_sev_snp_napi_rs_1 = require("../../bindings/amd-sev-snp-napi-rs");
6
+ exports.CommonPolicyKeyName = "Common";
7
+ exports.importantFieldNames = Object.keys(amd_sev_snp_napi_rs_1.IMPORTANT_SECURITY_FIELDS_DUMMY);
8
+ const importantFieldLiterals = exports.importantFieldNames.map((k) => typebox_1.Type.Literal(k));
9
+ var RuleOperator;
10
+ (function (RuleOperator) {
11
+ RuleOperator["Le"] = "le";
12
+ RuleOperator["Eq"] = "eq";
13
+ RuleOperator["Ge"] = "ge";
14
+ })(RuleOperator || (exports.RuleOperator = RuleOperator = {}));
15
+ const PolicyRuleSchema = typebox_1.Type.Object({
16
+ name: typebox_1.Type.Union(importantFieldLiterals),
17
+ operator: typebox_1.Type.Union(Object.values(RuleOperator).map((op) => typebox_1.Type.Literal(op))),
18
+ value: typebox_1.Type.Union([typebox_1.Type.Number(), typebox_1.Type.Boolean()]),
19
+ });
20
+ exports.PolicySetSchema = typebox_1.Type.Partial(typebox_1.Type.Object(Object.fromEntries([
21
+ ...Object.values(amd_sev_snp_napi_rs_1.WellKnownSnpCodeNames).map((key) => [key, typebox_1.Type.Array(PolicyRuleSchema)]),
22
+ [exports.CommonPolicyKeyName, typebox_1.Type.Array(PolicyRuleSchema)],
23
+ ])), { additionalProperties: false });
24
+ //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2V2LXNucC1zY2hlbWEuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvc2d4LW5hdGl2ZS1tb2R1bGUvc2V2LXNucC1zY2hlbWEudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEsK0NBQTJEO0FBQzNELDRFQUk0QztBQUUvQixRQUFBLG1CQUFtQixHQUFHLFFBQVEsQ0FBQztBQUUvQixRQUFBLG1CQUFtQixHQUFHLE1BQU0sQ0FBQyxJQUFJLENBQUMscURBQStCLENBQXNDLENBQUM7QUFFckgsTUFBTSxzQkFBc0IsR0FBRywyQkFBbUIsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLGNBQUksQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLENBRzVFLENBQUM7QUFFRixJQUFZLFlBSVg7QUFKRCxXQUFZLFlBQVk7SUFDcEIseUJBQVMsQ0FBQTtJQUNULHlCQUFTLENBQUE7SUFDVCx5QkFBUyxDQUFBO0FBQ2IsQ0FBQyxFQUpXLFlBQVksNEJBQVosWUFBWSxRQUl2QjtBQUVELE1BQU0sZ0JBQWdCLEdBQUcsY0FBSSxDQUFDLE1BQU0sQ0FBQztJQUNqQyxJQUFJLEVBQUUsY0FBSSxDQUFDLEtBQUssQ0FBQyxzQkFBc0IsQ0FBQztJQUN4QyxRQUFRLEVBQUUsY0FBSSxDQUFDLEtBQUssQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDLFlBQVksQ0FBQyxDQUFDLEdBQUcsQ0FBQyxDQUFDLEVBQUUsRUFBRSxFQUFFLENBQUMsY0FBSSxDQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDO0lBQy9FLEtBQUssRUFBRSxjQUFJLENBQUMsS0FBSyxDQUFDLENBQUMsY0FBSSxDQUFDLE1BQU0sRUFBRSxFQUFFLGNBQUksQ0FBQyxPQUFPLEVBQUUsQ0FBQyxDQUFDO0NBQ3JELENBQUMsQ0FBQztBQUVVLFFBQUEsZUFBZSxHQUFHLGNBQUksQ0FBQyxPQUFPLENBQ3ZDLGNBQUksQ0FBQyxNQUFNLENBQ1AsTUFBTSxDQUFDLFdBQVcsQ0FBQztJQUNmLEdBQUcsTUFBTSxDQUFDLE1BQU0sQ0FBQywyQ0FBcUIsQ0FBQyxDQUFDLEdBQUcsQ0FBQyxDQUFDLEdBQUcsRUFBRSxFQUFFLENBQUMsQ0FBQyxHQUFHLEVBQUUsY0FBSSxDQUFDLEtBQUssQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDLENBQUM7SUFDekYsQ0FBQywyQkFBbUIsRUFBRSxjQUFJLENBQUMsS0FBSyxDQUFDLGdCQUFnQixDQUFDLENBQUM7Q0FDdEQsQ0FBQyxDQUNMLEVBQ0QsRUFBRSxvQkFBb0IsRUFBRSxLQUFLLEVBQUUsQ0FDbEMsQ0FBQyJ9
package/dist/sgx-native-module/sev-snp.d.ts CHANGED
@@ -1,10 +1,7 @@
1
1
  /// <reference types="node" />
2
- import { CpuInfo } from "../../bindings/amd-sev-snp-napi-rs/";
2
+ import { CpuInfo, ImportantSecurityFields, WellKnownSnpCodeNames } from "../../bindings/amd-sev-snp-napi-rs/";
3
3
  import { SnpCert, SevSnpCertificateFormat, SNPReport, SNPReportWithChain } from "../proto/AmdSevSnp";
4
- export declare enum SupportedAmdSevSnpGenerations {
5
- Milan = "Milan",
6
- Genoa = "Genoa"
7
- }
4
+ import { PolicySet } from "./sev-snp-schema";
8
5
  export interface CalcSnpMrEnclaveParams {
9
6
  ovmfPath: string;
10
7
  kernelHash: Buffer;
@@ -20,8 +17,6 @@ export declare const EMPTY_INITRD_SHA256_HASH: Buffer;
20
17
  export type ArkHashes = {
21
18
  [key: string]: Buffer;
22
19
  };
23
- export declare const ARK_MILAN = "-----BEGIN CERTIFICATE-----\nMIIGYzCCBBKgAwIBAgIDAQAAMEYGCSqGSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAIC\nBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAICBQCiAwIBMKMDAgEBMHsxFDAS\nBgNVBAsMC0VuZ2luZWVyaW5nMQswCQYDVQQGEwJVUzEUMBIGA1UEBwwLU2FudGEg\nQ2xhcmExCzAJBgNVBAgMAkNBMR8wHQYDVQQKDBZBZHZhbmNlZCBNaWNybyBEZXZp\nY2VzMRIwEAYDVQQDDAlBUkstTWlsYW4wHhcNMjAxMDIyMTcyMzA1WhcNNDUxMDIy\nMTcyMzA1WjB7MRQwEgYDVQQLDAtFbmdpbmVlcmluZzELMAkGA1UEBhMCVVMxFDAS\nBgNVBAcMC1NhbnRhIENsYXJhMQswCQYDVQQIDAJDQTEfMB0GA1UECgwWQWR2YW5j\nZWQgTWljcm8gRGV2aWNlczESMBAGA1UEAwwJQVJLLU1pbGFuMIICIjANBgkqhkiG\n9w0BAQEFAAOCAg8AMIICCgKCAgEA0Ld52RJOdeiJlqK2JdsVmD7FktuotWwX1fNg\nW41XY9Xz1HEhSUmhLz9Cu9DHRlvgJSNxbeYYsnJfvyjx1MfU0V5tkKiU1EesNFta\n1kTA0szNisdYc9isqk7mXT5+KfGRbfc4V/9zRIcE8jlHN61S1ju8X93+6dxDUrG2\nSzxqJ4BhqyYmUDruPXJSX4vUc01P7j98MpqOS95rORdGHeI52Naz5m2B+O+vjsC0\n60d37jY9LFeuOP4Meri8qgfi2S5kKqg/aF6aPtuAZQVR7u3KFYXP59XmJgtcog05\ngmI0T/OitLhuzVvpZcLph0odh/1IPXqx3+MnjD97A7fXpqGd/y8KxX7jksTEzAOg\nbKAeam3lm+3yKIcTYMlsRMXPcjNbIvmsBykD//xSniusuHBkgnlENEWx1UcbQQrs\n+gVDkuVPhsnzIRNgYvM48Y+7LGiJYnrmE8xcrexekBxrva2V9TJQqnN3Q53kt5vi\nQi3+gCfmkwC0F0tirIZbLkXPrPwzZ0M9eNxhIySb2npJfgnqz55I0u33wh4r0ZNQ\neTGfw03MBUtyuzGesGkcw+loqMaq1qR4tjGbPYxCvpCq7+OgpCCoMNit2uLo9M18\nfHz10lOMT8nWAUvRZFzteXCm+7PHdYPlmQwUw3LvenJ/ILXoQPHfbkH0CyPfhl1j\nWhJFZasCAwEAAaN+MHwwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSFrBrRQ/fI\nrFXUxR1BSKvVeErUUzAPBgNVHRMBAf8EBTADAQH/MDoGA1UdHwQzMDEwL6AtoCuG\nKWh0dHBzOi8va2RzaW50Zi5hbWQuY29tL3ZjZWsvdjEvTWlsYW4vY3JsMEYGCSqG\nSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAICBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZI\nAWUDBAICBQCiAwIBMKMDAgEBA4ICAQC6m0kDp6zv4Ojfgy+zleehsx6ol0ocgVel\nETobpx+EuCsqVFRPK1jZ1sp/lyd9+0fQ0r66n7kagRk4Ca39g66WGTJMeJdqYriw\nSTjjDCKVPSesWXYPVAyDhmP5n2v+BYipZWhpvqpaiO+EGK5IBP+578QeW/sSokrK\ndHaLAxG2LhZxj9aF73fqC7OAJZ5aPonw4RE299FVarh1Tx2eT3wSgkDgutCTB1Yq\nzT5DuwvAe+co2CIVIzMDamYuSFjPN0BCgojl7V+bTou7dMsqIu/TW/rPCX9/EUcp\nKGKqPQ3P+N9r1hjEFY1plBg93t53OOo49GNI+V1zvXPLI6xIFVsh+mto2RtgEX/e\npmMKTNN6psW88qg7c1hTWtN6MbRuQ0vm+O+/2tKBF2h8THb94OvvHHoFDpbCELlq\nHnIYhxy0YKXGyaW1NjfULxrrmxVW4wcn5E8GddmvNa6yYm8scJagEi13mhGu4Jqh\n3QU3sf8iUSUr09xQDwHtOQUVIqx4maBZPBtSMf+qUDtjXSSq8lfWcd8bLr9mdsUn\nJZJ0+tuPMKmBnSH860llKk+VpVQsgqbzDIvOLvD6W1Umq25boxCYJ+TuBoa4s+HH\nCViAvgT9kf/rBq1d+ivj6skkHxuzcxbk1xv6ZGxrteJxVH7KlX7YRdZ6eARKwLe4\nAFZEAwoKCQ==\n-----END CERTIFICATE-----";
24
- export declare const ARK_GENOA = "-----BEGIN CERTIFICATE-----\nMIIGYzCCBBKgAwIBAgIDAgAAMEYGCSqGSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAIC\nBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAICBQCiAwIBMKMDAgEBMHsxFDAS\nBgNVBAsMC0VuZ2luZWVyaW5nMQswCQYDVQQGEwJVUzEUMBIGA1UEBwwLU2FudGEg\nQ2xhcmExCzAJBgNVBAgMAkNBMR8wHQYDVQQKDBZBZHZhbmNlZCBNaWNybyBEZXZp\nY2VzMRIwEAYDVQQDDAlBUkstR2Vub2EwHhcNMjIwMTI2MTUzNDM3WhcNNDcwMTI2\nMTUzNDM3WjB7MRQwEgYDVQQLDAtFbmdpbmVlcmluZzELMAkGA1UEBhMCVVMxFDAS\nBgNVBAcMC1NhbnRhIENsYXJhMQswCQYDVQQIDAJDQTEfMB0GA1UECgwWQWR2YW5j\nZWQgTWljcm8gRGV2aWNlczESMBAGA1UEAwwJQVJLLUdlbm9hMIICIjANBgkqhkiG\n9w0BAQEFAAOCAg8AMIICCgKCAgEA3Cd95S/uFOuRIskW9vz9VDBF69NDQF79oRhL\n/L2PVQGhK3YdfEBgpF/JiwWFBsT/fXDhzA01p3LkcT/7LdjcRfKXjHl+0Qq/M4dZ\nkh6QDoUeKzNBLDcBKDDGWo3v35NyrxbA1DnkYwUKU5AAk4P94tKXLp80oxt84ahy\nHoLmc/LqsGsp+oq1Bz4PPsYLwTG4iMKVaaT90/oZ4I8oibSru92vJhlqWO27d/Rx\nc3iUMyhNeGToOvgx/iUo4gGpG61NDpkEUvIzuKcaMx8IdTpWg2DF6SwF0IgVMffn\nvtJmA68BwJNWo1E4PLJdaPfBifcJpuBFwNVQIPQEVX3aP89HJSp8YbY9lySS6PlV\nEqTBBtaQmi4ATGmMR+n2K/e+JAhU2Gj7jIpJhOkdH9firQDnmlA2SFfJ/Cc0mGNz\nW9RmIhyOUnNFoclmkRhl3/AQU5Ys9Qsan1jT/EiyT+pCpmnA+y9edvhDCbOG8F2o\nxHGRdTBkylungrkXJGYiwGrR8kaiqv7NN8QhOBMqYjcbrkEr0f8QMKklIS5ruOfq\nlLMCBw8JLB3LkjpWgtD7OpxkzSsohN47Uom86RY6lp72g8eXHP1qYrnvhzaG1S70\nvw6OkbaaC9EjiH/uHgAJQGxon7u0Q7xgoREWA/e7JcBQwLg80Hq/sbRuqesxz7wB\nWSY254cCAwEAAaN+MHwwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSfXfn+Ddjz\nWtAzGiXvgSlPvjGoWzAPBgNVHRMBAf8EBTADAQH/MDoGA1UdHwQzMDEwL6AtoCuG\nKWh0dHBzOi8va2RzaW50Zi5hbWQuY29tL3ZjZWsvdjEvR2Vub2EvY3JsMEYGCSqG\nSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAICBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZI\nAWUDBAICBQCiAwIBMKMDAgEBA4ICAQAdIlPBC7DQmvH7kjlOznFx3i21SzOPDs5L\n7SgFjMC9rR07292GQCA7Z7Ulq97JQaWeD2ofGGse5swj4OQfKfVv/zaJUFjvosZO\nnfZ63epu8MjWgBSXJg5QE/Al0zRsZsp53DBTdA+Uv/s33fexdenT1mpKYzhIg/cK\ntz4oMxq8JKWJ8Po1CXLzKcfrTphjlbkh8AVKMXeBd2SpM33B1YP4g1BOdk013kqb\n7bRHZ1iB2JHG5cMKKbwRCSAAGHLTzASgDcXr9Fp7Z3liDhGu/ci1opGmkp12QNiJ\nuBbkTU+xDZHm5X8Jm99BX7NEpzlOwIVR8ClgBDyuBkBC2ljtr3ZSaUIYj2xuyWN9\n5KFY49nWxcz90CFa3Hzmy4zMQmBe9dVyls5eL5p9bkXcgRMDTbgmVZiAf4afe8DL\ndmQcYcMFQbHhgVzMiyZHGJgcCrQmA7MkTwEIds1wx/HzMcwU4qqNBAoZV7oeIIPx\ndqFXfPqHqiRlEbRDfX1TG5NFVaeByX0GyH6jzYVuezETzruaky6fp2bl2bczxPE8\nHdS38ijiJmm9vl50RGUeOAXjSuInGR4bsRufeGPB9peTa9BcBOeTWzstqTUB/F/q\naZCIZKr4X6TyfUuSDz/1JDAGl+lxdM0P9+lLaP9NahQjHCVf0zf1c1salVuGFk2w\n/wMz1R1BHg==\n-----END CERTIFICATE-----";
25
20
  export declare function getDefaultArkHashes(): ArkHashes;
26
21
  export declare class SevSNP {
27
22
  static serializeSNPReport(report: SNPReportWithChain): Buffer;
@@ -33,8 +28,9 @@ export declare class SevSNP {
33
28
  /**
34
29
  * Method for generation AMD SEV-SNP Report
35
30
  * @param userData - The data that will be included in the report and will be signed
31
+ * @param vmpl - Optional VMPL value to pass to the firmware when requesting a report (default: 0)
36
32
  */
37
- static generateSNPReport(userData: Buffer): Promise<SNPReport>;
33
+ static generateSNPReport(userData: Buffer, vmpl?: number): Promise<SNPReport>;
38
34
  /**
39
35
  * Method for fetch certificates from AMD KDS
40
36
  * @param report - report generated by the `generateSNPReport` method
@@ -45,6 +41,7 @@ export declare class SevSNP {
45
41
  retryMax?: number;
46
42
  retryInterval?: number;
47
43
  certFormat?: SevSnpCertificateFormat;
44
+ httpTimeoutMs?: number;
48
45
  }): Promise<SnpCert[]>;
49
46
  /**
50
47
  * Method for generation AMD SEV-SNP Report and fetching certificates
@@ -111,4 +108,20 @@ export declare class SevSNP {
111
108
  * @param cpuInfo - Structure containing family, model and stepping @see CpuInfo
112
109
  */
113
110
  static getCpuSig(cpuInfo: CpuInfo): number;
111
+ static getReportImportantSecurityFields(report: Buffer): Promise<ImportantSecurityFields>;
112
+ static getReportCpuInfo(report: Buffer): Promise<CpuInfo>;
113
+ static getCpuGeneration(cpuInfo: CpuInfo): Promise<WellKnownSnpCodeNames>;
114
+ /**
115
+ * Parse and validate policy
116
+ * @param input - Raw policy as json-text or object
117
+ */
118
+ static parsePolicySet(input: string | Record<string, unknown>): PolicySet;
119
+ private static checkRule;
120
+ /**
121
+ * Verify SNP report against a PolicySet.
122
+ * Throws an error if any rule fails.
123
+ * @param report - SNPReport
124
+ * @param policySet - PolicySet containing rules
125
+ */
126
+ static verifyPolicy(report: Buffer, policySet: PolicySet): Promise<void>;
114
127
  }